openbsd
8 months agoThere is no way to implement the INKERNEL() macro on sparc64.
claudio [Tue, 13 Feb 2024 09:29:39 +0000 (09:29 +0000)]
There is no way to implement the INKERNEL() macro on sparc64.
It was set to just 1 since the dawn of sparc64 support. It is
time to accept the fact and remove all INKERNEL() checks.
OK miod@ mpi@

8 months agozlib: sync with base
tb [Tue, 13 Feb 2024 08:26:56 +0000 (08:26 +0000)]
zlib: sync with base

8 months agoPull in z_off64_t handling from upstream
tb [Tue, 13 Feb 2024 08:26:26 +0000 (08:26 +0000)]
Pull in z_off64_t handling from upstream

Since we don't define Z_LARGE64, we continue to define z_off64_t to z_off_t
and all the other changes are no-ops for OpenBSD.

ok kettenis millert

8 months agoAdd two new values for the destroy-unattached option to destroy sessions
nicm [Tue, 13 Feb 2024 08:10:23 +0000 (08:10 +0000)]
Add two new values for the destroy-unattached option to destroy sessions
only if they are not members of sessions groups, from Mark Huang, GitHub
issue 3806.

8 months agoDo not allow paste into panes which have exited, from Romain Francoise
nicm [Tue, 13 Feb 2024 08:03:50 +0000 (08:03 +0000)]
Do not allow paste into panes which have exited, from Romain Francoise
in GitHub issue 3830.

8 months agofix off-by-one in bounds test
jsg [Tue, 13 Feb 2024 02:14:25 +0000 (02:14 +0000)]
fix off-by-one in bounds test

found by "buffer overflow 'mvacc_cpu_freqs' 13 <= 13" smatch error
ok miod@

8 months agoPass protosw instead of domain structure to soalloc() to get real
mvs [Mon, 12 Feb 2024 22:48:27 +0000 (22:48 +0000)]
Pass protosw instead of domain structure to soalloc() to get real
`pr_type'. The corresponding domain is referenced as `pr_domain'.
Otherwise dp->dom_protosw->pr_type of inet sockets always points
to inetsw[0].

ok bluhm

8 months agokernel: disable hardclock() on secondary CPUs
cheloha [Mon, 12 Feb 2024 22:07:33 +0000 (22:07 +0000)]
kernel: disable hardclock() on secondary CPUs

There is no useful work left for secondary CPUs to do in hardclock().
Disable cq_hardclock on secondary CPUs and remove the now-unnecessary
early-return from hardclock().

This change reduces every system's normal clock interrupt rate by
(HZ - HZ/10) per secondary CPU.  For example, an 8-core machine
with a HZ=100 kernel should see its clock interrupt rate drop from
~1600 to ~960.

Thread: https://marc.info/?l=openbsd-tech&m=170750140915898&w=2

ok kettenis@

8 months agoadd Allwinner H616 support (and errata fix)
uaa [Mon, 12 Feb 2024 21:37:25 +0000 (21:37 +0000)]
add Allwinner H616 support (and errata fix)

ok kettenis@

8 months agoAdd showfilename set option
job [Mon, 12 Feb 2024 16:42:42 +0000 (16:42 +0000)]
Add showfilename set option

Pressing control-G all the time to understand 'what file is in what
window' might be tedious. Instead, offer a configurable option
(default off) to display the file name in the lower left corner.

OK millert@ otto@

8 months agoFix tuple & string comparisons in maps.
mpi [Mon, 12 Feb 2024 15:12:09 +0000 (15:12 +0000)]
Fix tuple & string comparisons in maps.

8 months agoTrailing spaces
mpi [Mon, 12 Feb 2024 15:11:06 +0000 (15:11 +0000)]
Trailing spaces

8 months agoRevert the change that enables retpoline PLTs by default. While these
kettenis [Mon, 12 Feb 2024 10:46:10 +0000 (10:46 +0000)]
Revert the change that enables retpoline PLTs by default.  While these
provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective.  Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.

ok deraadt@

8 months agoIntel and AMD use different cpuid bits for MSR_PRED_CMD IBPB
jsg [Mon, 12 Feb 2024 02:57:14 +0000 (02:57 +0000)]
Intel and AMD use different cpuid bits for MSR_PRED_CMD IBPB
ok guenther@

8 months agoRetpolines are an anti-pattern for IBT, so we need to shift protecting
guenther [Mon, 12 Feb 2024 01:18:17 +0000 (01:18 +0000)]
Retpolines are an anti-pattern for IBT, so we need to shift protecting
userspace from cross-process BTI to the kernel.  Have each CPU track
the last pmap run on in userspace and the last vmm VCPU in guest-mode
and use the IBPB msr to flush predictors right before running in
userspace on a different pmap or entering guest-mode on a different
VCPU.  Codepatch-nop the userspace bits and conditionalize the vmm
bits to keep working if IBPB isn't supported.

ok deraadt@ kettenis@

8 months agoEnable disk encryption in unattended installations
kn [Sun, 11 Feb 2024 21:56:10 +0000 (21:56 +0000)]
Enable disk encryption in unattended installations

Interactively keeps using bioctl(8)'s own prompt, in unattended mode
ask_passphrase() ensures non-empty responses or fails.

Unlike user passwords, autoinstall(8) only supports plaintext passphrases:
    Encrypt the root disk with a (p)assphrase or (k)eydisk = passphrase
    New passphrase = secret
Make sure to trust the install network or use a pre-configured key disk:
    Encrypt the root disk with a (p)assphrase or (k)eydisk = keydisk
    Which disk contains the key disk = sd2
    Which sd2 partition is the key disk = a

initial diff from Chris Narkiewicz
OK afresh1
Feedback sthen

8 months agoRelease `sb_mtx' mutex(9) before sbunlock().
mvs [Sun, 11 Feb 2024 21:36:49 +0000 (21:36 +0000)]
Release `sb_mtx' mutex(9) before sbunlock().

ok bluhm

8 months agoRemove needless includes of netinet6/ip6_var.h header in userland.
bluhm [Sun, 11 Feb 2024 21:29:12 +0000 (21:29 +0000)]
Remove needless includes of netinet6/ip6_var.h header in userland.

OK millert@

8 months agoUse `sb_mtx' instead of `inp_mtx' in receive path for inet sockets.
mvs [Sun, 11 Feb 2024 18:14:26 +0000 (18:14 +0000)]
Use `sb_mtx' instead of `inp_mtx' in receive path for inet sockets.

In soreceve(), we only touch `so_rcv' socket buffer, which has it's own
`sb_mtx' mutex(9) for protection. So, we can avoid solock() in this
path - it's enough to hold `sb_mtx' in soreceive() and around
corresponding sbappend*(). But not right now :)

This time we use shared netlock for some inet sockets in the soreceive()
path. To protect `so_rcv' buffer we use `inp_mtx' mutex(9) and the
pru_lock() to acquire this mutex(9) in socket layer. But the `inp_mtx'
mutex belongs to the PCB. We initialize socket before PCB, tcp(4)
sockets could exist without PCB, so use `sb_mtx' mutex(9) to protect
sockbuf stuff.

This diff mechanically replaces `inp_mtx' by `sb_mtx' in the receive
path. Only for sockets which already use `inp_mtx'. All other sockets
left as is. They will be converted later.

Since the `sb_mtx' is optional, the new SB_MTXLOCK flag introduced. If
this flag is set on `sb_flags', the `sb_mtx' mutex(9) should be taken.
New sb_mtx_lock() and sb_mtx_unlock() was introduced to hide this check.
They are temporary and will be replaced by mtx_enter() when all this
area will be converted to `sb_mtx' mutex(9).

Also, the new sbmtxassertlocked() function introduced to throw
corresponding assertion for SB_MTXLOCK marked buffers. This time only
sbappendaddr() calls it. This function is also temporary and will be
replaced by MTX_ASSERT_LOCKED() later.

ok bluhm

8 months agoFix potential out-of-bounds array access.
kettenis [Sun, 11 Feb 2024 16:01:09 +0000 (16:01 +0000)]
Fix potential out-of-bounds array access.

Found by smatch, reported by and ok jsg@

8 months agounify smtpd and makemap table parser
op [Sun, 11 Feb 2024 09:24:26 +0000 (09:24 +0000)]
unify smtpd and makemap table parser

These are supposed to parse the same file format but have subtle
difference in the handling of comments, continuation lines and escaping.

Converge both to the simpler smtpd parser which doesn't handle
continuation lines nor escaping, and support comments only at the start
of the line.

improvements and ok millert@

8 months agosync with src
tb [Sun, 11 Feb 2024 08:40:37 +0000 (08:40 +0000)]
sync with src

8 months agolibz: more windows ifdef turd shining from upstream
tb [Sun, 11 Feb 2024 08:40:06 +0000 (08:40 +0000)]
libz: more windows ifdef turd shining from upstream

8 months agorecue -> reduce (in comment); from andrius v
jmc [Sun, 11 Feb 2024 06:40:46 +0000 (06:40 +0000)]
recue -> reduce (in comment); from andrius v

8 months agoIn pkg-config, accept both "CFlags:" and "Cflags:"
gkoehler [Sun, 11 Feb 2024 03:57:10 +0000 (03:57 +0000)]
In pkg-config, accept both "CFlags:" and "Cflags:"

matthieu@ noticed that "pkg-config libpkgconf --cflags" failed because
libpkgconf.pc has "CFlags:" with upper-case 'F', but we accepted only
"Cflags:" with lower-case 'f'.  freedesktop.org's pkg-config accepts
both "C[Ff]lags", but is otherwise sensitive to case.

Accept "CFlags" by mapping it to "Cflags" when reading the file.  Fail
if the file has more than one "C[Ff]lags".

ok millert@ matthieu@

8 months agofirefall -> firewall, from Joel Carnat
jsg [Sun, 11 Feb 2024 01:31:28 +0000 (01:31 +0000)]
firefall -> firewall, from Joel Carnat

8 months agoRemove include netinet6/ip6_var.h from netinet/in_pcb.h.
bluhm [Sun, 11 Feb 2024 01:27:45 +0000 (01:27 +0000)]
Remove include netinet6/ip6_var.h from netinet/in_pcb.h.

OK mvs@

8 months agolibexpat minor bump to 14.1
bluhm [Sun, 11 Feb 2024 01:26:17 +0000 (01:26 +0000)]
libexpat minor bump to 14.1

8 months agoUpdate libexpat regress to version 2.6.0.
bluhm [Sun, 11 Feb 2024 01:01:32 +0000 (01:01 +0000)]
Update libexpat regress to version 2.6.0.

8 months agoUpdate libexpat to version 2.6.0.
bluhm [Sun, 11 Feb 2024 00:56:28 +0000 (00:56 +0000)]
Update libexpat to version 2.6.0.

This fixes CVE-2023-52425.  OpenBSD is not affected by CVE-2023-52426.
Relevant for OpenBSD are security fixes #789 #814, bug fixes #753
#812 #813, other changes #771 #788 #764 #765, and examples, docs,
compiler warnings, clang-tidy, tests.  Only a minor library bump
is necessary, this has been discussed with tb@ guenther@ kettenis@.

OK deraadt@

8 months agogrow arm64 iso media again
deraadt [Sat, 10 Feb 2024 16:47:46 +0000 (16:47 +0000)]
grow arm64 iso media again

8 months agoIf anything goes wrong with reading the 'sysctl hw.ucomnames', act
deraadt [Sat, 10 Feb 2024 15:29:04 +0000 (15:29 +0000)]
If anything goes wrong with reading the 'sysctl hw.ucomnames', act
like it is the empty string, rather than considering it an error.
ok krw

8 months agoOn kernels without ucom(4) support, 'sysctl hw.ucomnames' should return
deraadt [Sat, 10 Feb 2024 15:28:16 +0000 (15:28 +0000)]
On kernels without ucom(4) support, 'sysctl hw.ucomnames' should return
the empty string, rather than error.
ok krw

8 months agoPrevent use of uninitialized byte in vmd's mmio decoder.
dv [Sat, 10 Feb 2024 12:31:16 +0000 (12:31 +0000)]
Prevent use of uninitialized byte in vmd's mmio decoder.

The mmio code isn't wired in, but if the ModRM decode fails, byte
may be used with an uninitialized value. Properly return an error,
but initialize the byte variable as well.

Found by smatch, reported by and ok jsg@.

8 months agoclean sshd random relinking kit; ok miod@
naddy [Sat, 10 Feb 2024 11:28:52 +0000 (11:28 +0000)]
clean sshd random relinking kit; ok miod@

8 months agofix off-by-one when printing fr_arg
jsg [Sat, 10 Feb 2024 07:10:13 +0000 (07:10 +0000)]
fix off-by-one when printing fr_arg

found by "buffer overflow 'fp64->fr_arg' 6 <= 6" smatch error
ok miod@ claudio@

8 months agolibz: sync with base
tb [Sat, 10 Feb 2024 06:10:41 +0000 (06:10 +0000)]
libz: sync with base

8 months agolibz: sync with upstream
tb [Sat, 10 Feb 2024 06:10:04 +0000 (06:10 +0000)]
libz: sync with upstream

- fix type of local variable in deflate_stored()
- more Windows compat shuffling
- wrap overlong line in gzread

8 months agoFix locked address interfaces in vmd(8).
dv [Sat, 10 Feb 2024 02:19:12 +0000 (02:19 +0000)]
Fix locked address interfaces in vmd(8).

Before comparing the amount of bytes read to the size of a packet
struct, make sure the fd being read was actually the packet injection
pipe(2). Locked address interfaces force using the same copy-based
approach used for the internal dhcp service for "local" interfaces
but were accidentally being treated as reads from the pipe(2) and
not the tap.

This broke networking for any locked address interfaces in vmd(8).

Reported by and ok kn@

8 months agoSet vmd virtio device fds to -1 on close after fork.
dv [Sat, 10 Feb 2024 02:10:41 +0000 (02:10 +0000)]
Set vmd virtio device fds to -1 on close after fork.

After the recent vmd(8) commit to clean up file descriptor lifecycles,
virtio disks with multiple file descriptors (QCOW2 images with at
least one base) would fail to initialize when booted with a network
device.

Use the new fd closing routine in the vm process for virtio devices
to close the device fds and set to -1, removing buggy copying and
closing of fds.

Additionally, close the vm/device sync and async channels when
closing a device's fds.

Issue reported by and ok kn@

8 months agopull in another upstream tweak for windows
tb [Fri, 9 Feb 2024 19:15:53 +0000 (19:15 +0000)]
pull in another upstream tweak for windows

8 months agodt(4): move interval/profile entry points to dedicated clockintr callback
cheloha [Fri, 9 Feb 2024 17:42:18 +0000 (17:42 +0000)]
dt(4): move interval/profile entry points to dedicated clockintr callback

To improve the utility of dt(4)'s interval and profile probes we need
to move the probe entry points from the fixed-frequency hardclock() to
a dedicated clock interrupt callback so that the probes can fire at
arbitrary frequencies.

- Remove entry points for interval/profile probes from hardclock().

- Merge dt_prov_profile_enter(), dt_prov_interval_enter(), and
  dt_prov_profile_fire() into one function, dt_clock().  This is
  the now-unified callback for interval/profile probes.  dt_clock()
  will consume multiple events during a single execution if it is
  delayed, but on platforms with high quality interrupt clocks this
  should be rare.

- Each struct dt_pcb gets its own clockintr handle, dp_clockintr.

- In struct dt_pcb, replace dp_maxtick/dp_nticks with dp_nsecs,
  the PCB's sampling period.  Aynchronous probes must initialize
  dp_nsecs to a non-zero value during dtpv_alloc().

- In struct dt_pcb, replace dp_cpuid with dp_cpu so that
  dt_ioctl_record_start() knows where to bind the PCB's
  dp_clockintr.

- dt_ioctl_record_start() binds, staggers, and starts all
  interval/profile PCBs on the given dt_softc.  Each dp_clockintr
  is given a reference to its enclosing PCB so that dt_clock()
  doesn't need to search for it.  The staggering sort-of simulates
  the current behavior under hardclock().

- dt_ioctl_record_stop() unbinds all interval/profile PCBs.  The
  CL_BARRIER ensures that dp_clockintr's PCB reference is not in
  use by dt_clock() so that the PCB may be safely freed upon
  return from dt_ioctl_record_stop().  Blocking while holding
  dt_lock is not ideal, but in practice blocking in this spot is
  rare and dt_clock() completes quickly on all but the oldest
  hardware.  An extremely unlucky thread could block for every
  interval/profile PCB on the softc, but this is implausible.

DT_FA_PROFILE values are up-to-date for amd64, i386, and macppc.
Somebody with the right hardware needs to check-and-maybe-fix the
values on octeon, powerpc64, and sparc64.

Joint effort with mpi@.

Thread: https://marc.info/?l=openbsd-tech&m=170629371821879&w=2

ok mpi@

8 months agoclockintr: add clockintr_unbind()
cheloha [Fri, 9 Feb 2024 16:52:58 +0000 (16:52 +0000)]
clockintr: add clockintr_unbind()

The clockintr_unbind() function cancels any pending execution of the
given clock interrupt object's callback and severs the binding between
the object and its host CPU.  Upon return from clockintr_unbind(), the
clock interrupt object may be rebound with a call to clockintr_bind().

The optional CL_BARRIER flag tells clockintr_unbind() to block if the
clockintr's callback function is executing at the moment of the call.
This is useful when the clockintr's arg is a shared reference and the
caller needs to be certain the reference is inactive.

Now that clockintrs can be bound and unbound repeatedly, there is more
room for error.  To help catch programmer errors, clockintr_unbind()
sets cl_queue to NULL.  Calls to other API functions after a clockintr
is unbound will then fault on a NULL dereference.  clockintr_bind()
also KASSERTs that cl_queue is NULL to ensure the clockintr is not
already bound.  These checks are not perfect, but they do catch some
common errors.

With input from mpi@.

Thread: https://marc.info/?l=openbsd-tech&m=170629367121800&w=2

ok mpi@

8 months agovmx(4): add missing NVLAN checks
jan [Fri, 9 Feb 2024 15:22:41 +0000 (15:22 +0000)]
vmx(4): add missing NVLAN checks

ok bluhm@

8 months agoclockintr: refactor clockintr_cancel() into clockintr_cancel_locked()
cheloha [Fri, 9 Feb 2024 15:06:23 +0000 (15:06 +0000)]
clockintr: refactor clockintr_cancel() into clockintr_cancel_locked()

Move the mutex-protected portions of clockintr_cancel() into a separate
function, clockintr_cancel_locked(), so that the code can be reused by
other callers.

Thread: https://marc.info/?l=openbsd-tech&m=170629367121800&w=2

ok mpi@

8 months agoInclude sys/lock.h to make qwx(4) compile with GENERIC kernel.
bluhm [Fri, 9 Feb 2024 14:57:36 +0000 (14:57 +0000)]
Include sys/lock.h to make qwx(4) compile with GENERIC kernel.

OK stsp@

8 months agoOnly debug log dhcp packet info if packet is found.
dv [Fri, 9 Feb 2024 14:52:39 +0000 (14:52 +0000)]
Only debug log dhcp packet info if packet is found.

No functional change. vmd(8) was being chatty and incorrect.

8 months agoTuck vmd's i8253 reset debug logs behind DPRINTF.
dv [Fri, 9 Feb 2024 14:35:47 +0000 (14:35 +0000)]
Tuck vmd's i8253 reset debug logs behind DPRINTF.

It's super chatty and pollutes verbose logging.

8 months agoimplement qwx_dp_process_rxdma_err()
stsp [Fri, 9 Feb 2024 14:11:00 +0000 (14:11 +0000)]
implement qwx_dp_process_rxdma_err()

8 months agoimplement qwx_dp_rx_process_wbm_err()
stsp [Fri, 9 Feb 2024 14:09:19 +0000 (14:09 +0000)]
implement qwx_dp_rx_process_wbm_err()

8 months agoimplement qwx_dp_process_reo_status()
stsp [Fri, 9 Feb 2024 14:07:27 +0000 (14:07 +0000)]
implement qwx_dp_process_reo_status()

8 months agoimplement qwx_dp_process_rx_err()
stsp [Fri, 9 Feb 2024 14:05:48 +0000 (14:05 +0000)]
implement qwx_dp_process_rx_err()

8 months agoRoute cache function returns hit or miss.
bluhm [Fri, 9 Feb 2024 14:02:11 +0000 (14:02 +0000)]
Route cache function returns hit or miss.

The route_cache() function can easily return whether it was a cache
hit or miss.  Then the logic to perform a route lookup gets a bit
simpler.  Some more complicated if (ro->ro_rt == NULL) checks still
exist elsewhere.
Also use route cache in in_pcbselsrc() instead of filling struct
route manually.

OK claudio@

8 months agoBump release
job [Fri, 9 Feb 2024 13:49:41 +0000 (13:49 +0000)]
Bump release

OK tb@

8 months agoConvert the bgplg html pages to HTML5.
claudio [Fri, 9 Feb 2024 12:56:53 +0000 (12:56 +0000)]
Convert the bgplg html pages to HTML5.

From Clemens Gößnitzer (clemens (at) goessnitzer.info)
Looks good to bentley@

8 months agoStruct layout of qwx_softc should not depend on NBPFILTER.
bluhm [Fri, 9 Feb 2024 12:50:10 +0000 (12:50 +0000)]
Struct layout of qwx_softc should not depend on NBPFILTER.

Due to a missing #include "bpfilter.h", the size of struct qwx_softc
varied in different object files.  This made the kernel crash on
arm64.  To make debugging core dumps and libkvm easier, kernel
object layout should not depend on kernel config.  Remove #if
NBPFILTER > 0 from struct definition.

problem analysis kettenis@
OK deraadt@ stsp@

8 months agobio_dump: add a test that prints all values of a single byte
tb [Fri, 9 Feb 2024 12:48:32 +0000 (12:48 +0000)]
bio_dump: add a test that prints all values of a single byte

8 months agoavoid uninitialised var use if qwx_core_fetch_bdf() errors
jsg [Fri, 9 Feb 2024 12:45:10 +0000 (12:45 +0000)]
avoid uninitialised var use if qwx_core_fetch_bdf() errors
ok stsp@

8 months agoDon't assume MPPE-{Send,Recv}-Keys are used only for MS-CHAP (or
yasuoka [Fri, 9 Feb 2024 11:59:23 +0000 (11:59 +0000)]
Don't assume MPPE-{Send,Recv}-Keys are used only for MS-CHAP (or
16 bytes length).  initial diff from markus

8 months agoqwx pci code must include bpfilter.h, too; spotted by kettenis
stsp [Fri, 9 Feb 2024 11:24:52 +0000 (11:24 +0000)]
qwx pci code must include bpfilter.h, too; spotted by kettenis

8 months agoEnable igc(4) on sparc64.
bluhm [Fri, 9 Feb 2024 11:05:22 +0000 (11:05 +0000)]
Enable igc(4) on sparc64.
OK deraadt@ jan@

8 months agomake ifconfig display the Tx rate selected by qwx firmware
stsp [Fri, 9 Feb 2024 09:59:01 +0000 (09:59 +0000)]
make ifconfig display the Tx rate selected by qwx firmware

8 months agoadd missing node reference counting to qwx's Tx completion path
stsp [Fri, 9 Feb 2024 09:55:17 +0000 (09:55 +0000)]
add missing node reference counting to qwx's Tx completion path

8 months agoremove qwx debug prints for management frame events we are already handling
stsp [Fri, 9 Feb 2024 09:53:50 +0000 (09:53 +0000)]
remove qwx debug prints for management frame events we are already handling

8 months agozlib: sync with upstream
tb [Fri, 9 Feb 2024 09:53:05 +0000 (09:53 +0000)]
zlib: sync with upstream

8 months agoExpand the set of ciphers, MACs and KEX methods in the PuTTY interop tests.
dtucker [Fri, 9 Feb 2024 08:56:59 +0000 (08:56 +0000)]
Expand the set of ciphers, MACs and KEX methods in the PuTTY interop tests.

8 months agoFactor out PuTTY setup and call when needed.
dtucker [Fri, 9 Feb 2024 08:47:42 +0000 (08:47 +0000)]
Factor out PuTTY setup and call when needed.

This allows us to avoid PuTTY key setup when it's not needed, which
speeds up the overall test run by a couple of percent.

8 months agoRefactor some functions to prepare accounting support.
yasuoka [Fri, 9 Feb 2024 07:46:32 +0000 (07:46 +0000)]
Refactor some functions to prepare accounting support.

8 months agoRemove a useless EVP_MD_CTX_init() call
tb [Fri, 9 Feb 2024 07:43:52 +0000 (07:43 +0000)]
Remove a useless EVP_MD_CTX_init() call

The hash was just created with EVP_MD_CTX_new(), so we memset a calloced
piece of memory to 0.

8 months agoAdd nochroot parameter to module_drop_privilege() so that modules can
yasuoka [Fri, 9 Feb 2024 07:41:32 +0000 (07:41 +0000)]
Add nochroot parameter to module_drop_privilege() so that modules can
use unveil(2) instead of chroot(2) if need.

8 months agoUpstream Linux finally settled on the compatible for the JH7100 Ethernet
kettenis [Thu, 8 Feb 2024 20:50:34 +0000 (20:50 +0000)]
Upstream Linux finally settled on the compatible for the JH7100 Ethernet
MAC.  Keep the preliminary one for now since the upstream device tree
doesn't include the USB controller yet.

ok miod@

8 months agoOops, commited wrong version of CLEANFILES in previous.
miod [Thu, 8 Feb 2024 20:30:54 +0000 (20:30 +0000)]
Oops, commited wrong version of CLEANFILES in previous.

8 months agoFeed more generated files to the clean target; joint work with naddy@
miod [Thu, 8 Feb 2024 20:28:53 +0000 (20:28 +0000)]
Feed more generated files to the clean target; joint work with naddy@

8 months agoinfcover: print size_t with %zu. from upstream
tb [Thu, 8 Feb 2024 17:49:27 +0000 (17:49 +0000)]
infcover: print size_t with %zu. from upstream

8 months agoAdd tests to make sure that snmpd adheres to the RFC2578 section 7.1
martijn [Thu, 8 Feb 2024 17:38:41 +0000 (17:38 +0000)]
Add tests to make sure that snmpd adheres to the RFC2578 section 7.1
octet string primitive limitations. The integer based ones are
restricted by the AgentX protocol and can't be tested.

8 months agoRFC2578 section 7.1 specifies the ranges and in the case of opaque the
martijn [Thu, 8 Feb 2024 17:34:09 +0000 (17:34 +0000)]
RFC2578 section 7.1 specifies the ranges and in the case of opaque the
format to which the values need to adhere. Implement checks, so that we
don't send illegal values to the client.

OK tb@

8 months agoNo that we load MIB files at snmpd start-up chances that the sleep build
martijn [Thu, 8 Feb 2024 17:09:51 +0000 (17:09 +0000)]
No that we load MIB files at snmpd start-up chances that the sleep build
into the regress test don't suffice anymore for slow regress machines.
(Ab)use the agentx socket (which gets created after all the MIB files
have been parsed) to detect if snmpd is available. For now we poll at
0.1s intervals for a total of 100 tries.

found by and earlier diff tested by and OK anton@

8 months agorepair QWX_DEBUG build
stsp [Thu, 8 Feb 2024 14:36:22 +0000 (14:36 +0000)]
repair QWX_DEBUG build

8 months agoimplement qwx_dp_tx_process_htt_tx_complete()
stsp [Thu, 8 Feb 2024 14:35:07 +0000 (14:35 +0000)]
implement qwx_dp_tx_process_htt_tx_complete()

8 months agofix qwx_dp_shadow_start_timer()
stsp [Thu, 8 Feb 2024 14:33:40 +0000 (14:33 +0000)]
fix qwx_dp_shadow_start_timer()

We must count all Tx attempts in order to avoid the Tx shadow
timeout handler resetting Tx ring pointers when it shouldn't.

8 months agoremove qwx(4) dp_tx debug prints which should not have been committed
stsp [Thu, 8 Feb 2024 14:31:53 +0000 (14:31 +0000)]
remove qwx(4) dp_tx debug prints which should not have been committed

8 months agoldo bits need to be shifted
jsg [Thu, 8 Feb 2024 13:00:21 +0000 (13:00 +0000)]
ldo bits need to be shifted

found by "'(data & (3 << 4)) == 1' is always false" smatch warning
tested by kettenis@ on VisionFive 2 1.2A and jmatthew@ on 1.3B
ok kettenis@

8 months agohandle qwx(4) firmware roaming events
stsp [Thu, 8 Feb 2024 11:23:33 +0000 (11:23 +0000)]
handle qwx(4) firmware roaming events

Gets rid of 'qwx_wmi_tlv_op_rx: unsupported event id 0xb001' in dmesg.
However, roaming does not work yet because the driver's newstate handler
does not handle resulting state transitions.

8 months agomark full qwx(4) Tx queues, such that the OACTIVE mechanism will be used
stsp [Thu, 8 Feb 2024 11:20:29 +0000 (11:20 +0000)]
mark full qwx(4) Tx queues, such that the OACTIVE mechanism will be used

Not quite tested yet. It is very hard to fill the queues at present
because Tx operation will freeze when we try. To be investigated next.

8 months agofix use of uninitialized variable m in qwx_dp_rx_reap_mon_status_ring()
stsp [Thu, 8 Feb 2024 11:16:49 +0000 (11:16 +0000)]
fix use of uninitialized variable m in qwx_dp_rx_reap_mon_status_ring()

Found by jsg@

8 months agofix uninitialized return from qwx_qmi_load_file_target_mem()
stsp [Thu, 8 Feb 2024 11:13:01 +0000 (11:13 +0000)]
fix uninitialized return from qwx_qmi_load_file_target_mem()

Fortunately this case could only be reached with an empty firmware file.

Found by jsg@

8 months agohandle fragmented mbuf DMA segments in the qwx(4) Tx path
stsp [Thu, 8 Feb 2024 11:09:53 +0000 (11:09 +0000)]
handle fragmented mbuf DMA segments in the qwx(4) Tx path

Fixes qwx0: failed to map Tx buffer: 27

8 months agoset the mbuf length for received data frames in qwx(4)
stsp [Thu, 8 Feb 2024 11:06:50 +0000 (11:06 +0000)]
set the mbuf length for received data frames in qwx(4)

Fixes CCMP decryption errors in the Rx path.

8 months agosync
deraadt [Thu, 8 Feb 2024 02:22:42 +0000 (02:22 +0000)]
sync

8 months agocorrect size in ipv6 address comparison
jsg [Thu, 8 Feb 2024 00:15:53 +0000 (00:15 +0000)]
correct size in ipv6 address comparison

found by "'&a->sin6_addr' too small (16 vs 28)" smatch error
ok jca@

8 months agocorrect size in mac address comparison
jsg [Thu, 8 Feb 2024 00:05:46 +0000 (00:05 +0000)]
correct size in mac address comparison

found by "'(selbs->ni_macaddr)' too small (6 vs 32)" smatch error
ok stsp@ jca@ phessler@

8 months agofix off-by-one in bounds test
jsg [Thu, 8 Feb 2024 00:00:16 +0000 (00:00 +0000)]
fix off-by-one in bounds test

found by "buffer overflow 'sc->sc_pins[i]->funcs' 10 <= 10" smatch error
ok miod@ kettenis@

8 months agofix anchortypes bounds test
jsg [Wed, 7 Feb 2024 23:53:44 +0000 (23:53 +0000)]
fix anchortypes bounds test

found by "buffer overflow 'anchortypes' 10 <= 12" smatch error
feedback and ok sashan@, ok miod@ on an earlier version

8 months agoAdd missing #ifdef INET6 to fix ramdisk build.
bluhm [Wed, 7 Feb 2024 23:52:20 +0000 (23:52 +0000)]
Add missing #ifdef INET6 to fix ramdisk build.

8 months agoUse the route generation number also for IPv6.
bluhm [Wed, 7 Feb 2024 23:40:40 +0000 (23:40 +0000)]
Use the route generation number also for IPv6.

Implement route6_cache() to check whether the cached route is still
valid and otherwise fill caching parameter of struct route_in6.
Also count cache hits and misses in netstat.  in_pcbrtentry() uses
route cache now.

OK claudio@

8 months agoAdd Allwinner H616 support.
kettenis [Wed, 7 Feb 2024 22:35:08 +0000 (22:35 +0000)]
Add Allwinner H616 support.

ok uaa@

8 months agoAdd Allwinner H616 support.
kettenis [Wed, 7 Feb 2024 22:34:39 +0000 (22:34 +0000)]
Add Allwinner H616 support.

ok uaa@

8 months agoadd allwinner H616 support
uaa [Wed, 7 Feb 2024 22:00:38 +0000 (22:00 +0000)]
add allwinner H616 support

ok kettenis@

8 months agoAdd and install the zonenow.tab file.
millert [Wed, 7 Feb 2024 21:24:58 +0000 (21:24 +0000)]
Add and install the zonenow.tab file.
This is a table where each row stands for a timezone where civil
timestamps are predicted to agree from now on.

8 months agoUse tlb_flush() rather than complete invalidation in pmap_set_modify().
miod [Wed, 7 Feb 2024 20:54:53 +0000 (20:54 +0000)]
Use tlb_flush() rather than complete invalidation in pmap_set_modify().
This has been missed in 1.68.