jsg [Thu, 6 Jan 2022 01:40:19 +0000 (01:40 +0000)]
drm/amdgpu: add support for IP discovery gc_info table v2
From Alex Deucher
b8553330a07749e488d143b5704adf1042fd7c0a in linux 5.10.y/5.10.90
5e713c6afa34c0fd6f113bf7bb1c2847172d7b20 in mainline linux
jsg [Thu, 6 Jan 2022 01:37:46 +0000 (01:37 +0000)]
drm/amdgpu: When the VCN(1.0) block is suspended, powergating is explicitly enabled
From chen gong
28863ffe21ff711d5109e3c208676258bdec3a1f in linux 5.10.y/5.10.90
b7865173cf6ae59942e2c69326a06e1c1df5ecf6 in mainline linux
jsg [Thu, 6 Jan 2022 01:14:15 +0000 (01:14 +0000)]
unstub amdgpu_gem_force_release()
djm [Wed, 5 Jan 2022 21:54:37 +0000 (21:54 +0000)]
add a comment so I don't make this mistake again
djm [Wed, 5 Jan 2022 21:50:00 +0000 (21:50 +0000)]
fix cut-and-pasto in error message
deraadt [Wed, 5 Jan 2022 21:45:27 +0000 (21:45 +0000)]
no longer needed
millert [Wed, 5 Jan 2022 20:57:27 +0000 (20:57 +0000)]
funopen(): change seekfn argument to use off_t, not fpos_t
On BSD, fpos_t is typedef'd to off_t but some systems use a struct.
This means fpos_t is not a portable function argument or return value.
Both FreeBSD and the Linux libbsd funopen() have switched to off_t
for this--we should too. From Joe Nelson. OK deraadt@
tb [Wed, 5 Jan 2022 20:52:14 +0000 (20:52 +0000)]
Prepare to provide DSA_bits()
Used by Qt5 and Qt6 and slightly reduces the patching in there.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:48:44 +0000 (20:48 +0000)]
Prepare to provide BIO_set_retry_reason()
Needed by freerdp.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:44:12 +0000 (20:44 +0000)]
Prepare to provide a number of RSA accessors
This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:39:04 +0000 (20:39 +0000)]
Prepare to provide ECDSA_SIG_get0_{r,s}()
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:36:29 +0000 (20:36 +0000)]
Prepare to provide DH_get_length()
Will be needed by openssl(1) dhparam.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:33:49 +0000 (20:33 +0000)]
Prepare to provide DSA_get0_{p,q,g,{priv,pub}_key}()
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:30:16 +0000 (20:30 +0000)]
Prepare to provide DH_get0_{p,q,g,{priv,pub}_key}()
These are accessors that allow getting one specific DH member. They are
less error prone than the current getters DH_get0_{pqg,key}(). They
are used by many ports and will also be used in base for this reason.
Who can remember whether the pub_key or the priv_key goes first in
DH_get0_key()?
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:22:26 +0000 (20:22 +0000)]
Prepare to provide BIO_set_next().
This will be needed in libssl and freerdp after the next bump.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 20:18:19 +0000 (20:18 +0000)]
Prepare to provide X509_{set,get}_verify() and X509_STORE_get_verify_cb()
as well as the X509_STORE_CTX_verify_cb and X509_STORE_CTX_verify_fn types
This will fix the X509_STORE_set_verify_func macro which is currently
broken, as pointed out by schwarze.
ok inoguchi jsing
kettenis [Wed, 5 Jan 2022 18:54:20 +0000 (18:54 +0000)]
Use "bus-range" property to initialize the bus number configuration of
the bridge when present on FDT platforms. Needed on platforms like the
Apple M1 to make sure the PCI bus numbers match the IOMMU setup required
by the device tree.
ok patrick@
deraadt [Wed, 5 Jan 2022 18:34:23 +0000 (18:34 +0000)]
increase lifetime of wtmp, since it is annoyingly short
discussed with millert
tb [Wed, 5 Jan 2022 18:01:27 +0000 (18:01 +0000)]
Unindent a few lines of code and avoid shadowed variables.
tb [Wed, 5 Jan 2022 17:55:33 +0000 (17:55 +0000)]
Rename {c,p}_{min,max} into {child,parent}_{min,max}
guenther [Wed, 5 Jan 2022 17:53:44 +0000 (17:53 +0000)]
Remove kbind(2)'s restriction that a target buffer not cross page
boundaries: hppa has 8-byte PLT entries that sometimes do that.
ok kettenis@
tb [Wed, 5 Jan 2022 17:53:42 +0000 (17:53 +0000)]
Two minor KNF tweaks
tb [Wed, 5 Jan 2022 17:52:28 +0000 (17:52 +0000)]
Use child_aor and parent_aor instead of aorc and aorp
suggested by jsing
tb [Wed, 5 Jan 2022 17:51:30 +0000 (17:51 +0000)]
Rename fp and fc into parent_af and child_af for readability.
suggested by jsing
tb [Wed, 5 Jan 2022 17:49:39 +0000 (17:49 +0000)]
Globally rename all IPAddressFamily *f into af since this is slightly
more readable.
Repeated complaints by jsing
tb [Wed, 5 Jan 2022 17:46:44 +0000 (17:46 +0000)]
Add a helper function to turn unchecked (but sound) use of
sk_find + sk_value into something easier to follow and swallow.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 17:44:30 +0000 (17:44 +0000)]
Hoist IPAddressFamily_cmp() to the other IPAddressFamily functions.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 17:43:04 +0000 (17:43 +0000)]
Call x a cert for readability.
tb [Wed, 5 Jan 2022 17:41:41 +0000 (17:41 +0000)]
Now that i is free, rename j to i for use as loop variable in
various loops in addr_validate_path_internal().
jmc [Wed, 5 Jan 2022 17:39:24 +0000 (17:39 +0000)]
adjust Xr for fw_update to section 8;
ok afresh sthen deraadt
tb [Wed, 5 Jan 2022 17:38:14 +0000 (17:38 +0000)]
In addr_validate_path_internal() rename i to depth because that's
what it is.
tb [Wed, 5 Jan 2022 17:36:32 +0000 (17:36 +0000)]
Turn the validation_err() macro into a function
validation_err() is an ugly macro with side effects and a goto in it.
At the cost of a few lines of code we can turn this into a function
where the side effects are explicit and ret is now explicitly set in
the main body of addr_validate_path_internal().
We get to a point where it is halfway possible to reason about the
convoluted control flow in this function.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 17:27:40 +0000 (17:27 +0000)]
Move variable declarations in X509v3_addr_canonize() to the top of
the function and unindent some code.
ok inoguchi jsing
jsing [Wed, 5 Jan 2022 17:10:59 +0000 (17:10 +0000)]
Revise for tls13_key_share rename.
jsing [Wed, 5 Jan 2022 17:10:02 +0000 (17:10 +0000)]
Rename tls13_key_share to tls_key_share.
In preparation to use the key share code in both the TLSv1.3 and legacy
stacks, rename tls13_key_share to tls_key_share, moving it into the shared
handshake struct. Further changes will then allow the legacy stack to make
use of the same code for ephemeral key exchange.
ok inoguchi@ tb@
stsp [Wed, 5 Jan 2022 17:06:20 +0000 (17:06 +0000)]
Remove unused function arguments in iwm/iwx interrupt handlers.
pointed out by + ok millert@
tb [Wed, 5 Jan 2022 17:01:06 +0000 (17:01 +0000)]
Switch snmpd(8) to using EVP_Digest{Init,Final}_ex() and drop a no
longer needed EVP_MD_CTX_reset().
ok martijn
deraadt [Wed, 5 Jan 2022 16:46:55 +0000 (16:46 +0000)]
sync
deraadt [Wed, 5 Jan 2022 16:46:11 +0000 (16:46 +0000)]
Compensate for i386 pcitag_t union
ok jsg kettenis
tb [Wed, 5 Jan 2022 16:41:42 +0000 (16:41 +0000)]
Add error checking for EVP_Digest* to snmpd(8).
ok martijn
tb [Wed, 5 Jan 2022 16:41:07 +0000 (16:41 +0000)]
Add error checking for EVP_Digest*() to snmp(1).
ok martijn
deraadt [Wed, 5 Jan 2022 16:35:33 +0000 (16:35 +0000)]
Use new shell-based fw_update(8)
with afresh1
stsp [Wed, 5 Jan 2022 16:33:42 +0000 (16:33 +0000)]
In iwx(4), fix wrong pointer assignment in iwx_bar_frame_release().
This bug caused the driver to read block ack request information sent
by firmware from the wrong offset. The driver flushes buffered frames
and moves its Rx block ack window based on this information. Possible
consequences of this bug are packet loss or even stalled traffic if
the Rx BA window gets out of sync between driver and firmware. Though
this effect might get cancelled out when the driver re-syncs the BA
window in its regular Rx code path.
Spotted by Christian Ehrhardt.
afresh1 [Wed, 5 Jan 2022 16:32:46 +0000 (16:32 +0000)]
Commit the correct version of fw_update
Sigh.
afresh1 [Wed, 5 Jan 2022 16:28:19 +0000 (16:28 +0000)]
Add the shell based fw_update and updated man page
This allows installing firmware from the installer without having
to wait to boot into a live system.
commit deraadt@
deraadt [Wed, 5 Jan 2022 16:24:29 +0000 (16:24 +0000)]
We are moving back to a shell-script based fw_update, written in such a
way that the install script can also run it. This allows earlier retrieval
of downloaded firmwares, based upon patterns found in dmesg.
many iterations of this in snaps for about a month.
espie [Wed, 5 Jan 2022 14:50:03 +0000 (14:50 +0000)]
formatting nit, noticed by jmc@, thx!
inoguchi [Wed, 5 Jan 2022 13:41:12 +0000 (13:41 +0000)]
Wrap long lines and add some braces
martijn [Wed, 5 Jan 2022 13:27:04 +0000 (13:27 +0000)]
Use LC_CTYPE instead of LC_ALL.
Makes regress pass when LC_CTYPE is set.
Found by and OK tb@
inoguchi [Wed, 5 Jan 2022 12:51:49 +0000 (12:51 +0000)]
Check function return value
inoguchi [Wed, 5 Jan 2022 11:38:19 +0000 (11:38 +0000)]
Checking pointer variable with NULL
claudio [Wed, 5 Jan 2022 11:07:35 +0000 (11:07 +0000)]
Switch proc_parser_root_cert() to not pass the entity but instead the
file, pkey and tal id. This is the last proc_parser function that needed
to be converted.
OK job@
tb [Wed, 5 Jan 2022 11:01:59 +0000 (11:01 +0000)]
dhcpd: straightforward conversion to HMAC_CTX on the heap, similar
to what was done in spamd a while back.
ok florian
tb [Wed, 5 Jan 2022 11:00:49 +0000 (11:00 +0000)]
snmpd: Straightforward conversion to EVP_* on the heap.
It would be nice if someone added error checking for the EVP_Digest*
calls.
tested by & ok martijn
tb [Wed, 5 Jan 2022 10:59:21 +0000 (10:59 +0000)]
Straightforward conversion to EVP_* on the heap.
ok martijn
inoguchi [Wed, 5 Jan 2022 10:33:36 +0000 (10:33 +0000)]
Use calloc instead of malloc
suggested by tb@
inoguchi [Wed, 5 Jan 2022 10:29:08 +0000 (10:29 +0000)]
Check NULL first and unindent the rest of the code
suggested by tb@
inoguchi [Wed, 5 Jan 2022 10:01:39 +0000 (10:01 +0000)]
Convert openssl(1) cms option handling
Just applying new option handling and no functional changes.
Referred to verify.c and using 'verify_shared_options'.
ok and comments from jsing@ and tb@
jsing [Wed, 5 Jan 2022 09:59:39 +0000 (09:59 +0000)]
Provide regress for SSL public APIs.
This will largely test curly and inconsistent APIs that are not covered by
other regress tests. Currently, this tests the wonder that is
SSL_get_peer_cert_chain().
espie [Wed, 5 Jan 2022 09:19:15 +0000 (09:19 +0000)]
document -m
djm [Wed, 5 Jan 2022 08:25:05 +0000 (08:25 +0000)]
select all RSA hostkey algorithms for UpdateHostkeys tests, not just
RSA-SHA1
tb [Wed, 5 Jan 2022 07:50:40 +0000 (07:50 +0000)]
Remove bandaid to work around expected range_should_be_prefix() problem.
tb [Wed, 5 Jan 2022 07:47:15 +0000 (07:47 +0000)]
Remove a bogus memcmp in range_should_be_prefix()
range_should_be_prefix() currently always fails. The reason for this
is that OpenSSL commit
42d7d7dd incorrectly moved a memcmp() out of
an assertion. As a consequence, the library emits and accepts
incorrectly encoded ipAddrBlock extensions since it will never detect
ranges that MUST be encoded as a prefix according to RFC 3779, 2.2.3.7.
The return -1 from this memcmp() indicates to the callers that the
range should be expressed as a range, so callers must check beforehand
that min <= max to be able to fail. Thus, remove this memcmp() and
add a check to make_addressRange(), the only caller that didn't already
ensure that min <= max.
This fixes the noisy output in regress/lib/libcrypto/x509/rfc3779.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 07:37:01 +0000 (07:37 +0000)]
Polish X509v3_addr_subset() a bit
Use child and parent instead of a and b. Split unrelated checks. Use
accessors and assign to local variables to avoid ugly line wrapping.
Declare vriables up front instead of mixing declarations with
assignments from function returns.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 07:29:47 +0000 (07:29 +0000)]
Readability tweaks in addr_contains()
Assign to local variables to avoid ugly line wrapping.
ok inoguchi jsing
tb [Wed, 5 Jan 2022 07:28:41 +0000 (07:28 +0000)]
Fix a bug in addr_contains() introduced in OpenSSL commit
be71c372
by returning 0 instead of -1 on extract_min_max() failure. Callers
would interpret -1 as success of addr_contains().
ok inoguchi jsing
dlg [Wed, 5 Jan 2022 05:53:03 +0000 (05:53 +0000)]
add a basic printer for EAPOL packets.
EAPOL turns out to be a little container for a bunch of other types
of packets, including EAP for use with vanilla 802.1X, a kind of
capability announcement thing, and MACsec Key Agreement.
it's not worth adding a separately file for such a small chunk of
functionality, and it seems specific to ethernet. parsers/printers
for the sub protocols can come later if needed.
ok deraadt@ visa@
dlg [Wed, 5 Jan 2022 05:47:53 +0000 (05:47 +0000)]
ethertypes.h has now added the missing ethertypes we're looking at here.
dlg [Wed, 5 Jan 2022 05:46:18 +0000 (05:46 +0000)]
fix some more -Wunused-but-set-variable
dlg [Wed, 5 Jan 2022 05:41:25 +0000 (05:41 +0000)]
fix another -Wunused-but-set-variable
dlg [Wed, 5 Jan 2022 05:37:37 +0000 (05:37 +0000)]
more -Wunused-but-set-variable fixes
dlg [Wed, 5 Jan 2022 05:36:37 +0000 (05:36 +0000)]
clean up another -Wunused-but-set-variable thing
dlg [Wed, 5 Jan 2022 05:35:19 +0000 (05:35 +0000)]
clean up some -Wunused-but-set-variable.
this file had it's own verison of TCHECK, but also not. not the best.
dlg [Wed, 5 Jan 2022 05:33:14 +0000 (05:33 +0000)]
fix some -Wunused-but-set-variable stuff.
dlg [Wed, 5 Jan 2022 05:29:54 +0000 (05:29 +0000)]
silence a -Wunused-but-set-variable
dlg [Wed, 5 Jan 2022 05:19:22 +0000 (05:19 +0000)]
add NSH and NHRP ethertypes, mostly for tcpdump stuff.
ok deraadt@
dlg [Wed, 5 Jan 2022 05:18:24 +0000 (05:18 +0000)]
rename ETHERTYPE_PAE to ETHERTYPE_EAPOL.
everyone else seems to use ETHERTYPE_EAPOL, and as a bonus it also
appears to be more correct.
ok deraadt@ stsp@
djm [Wed, 5 Jan 2022 04:56:15 +0000 (04:56 +0000)]
regress test both sshsig message hash algorithms, possible now because
the algorithm is controllable via the CLI
djm [Wed, 5 Jan 2022 04:50:11 +0000 (04:50 +0000)]
allow selection of hash at sshsig signing time; code already supported
either sha512 (default) or sha256, but plumbing wasn't there
mostly by Linus Nordberg
djm [Wed, 5 Jan 2022 04:27:54 +0000 (04:27 +0000)]
add missing -O option to usage() for ssh-keygen -Y sign;
from Linus Nordberg
djm [Wed, 5 Jan 2022 04:27:01 +0000 (04:27 +0000)]
move sig_process_opts() to before sig_sign(); no functional code change
djm [Wed, 5 Jan 2022 04:10:39 +0000 (04:10 +0000)]
regression test for find-principals NULL deref; from Fabian Stelzer
guenther [Wed, 5 Jan 2022 04:10:36 +0000 (04:10 +0000)]
Delete 'emul' keyword: it's been just returned 'native' for a long time
ok jsg@ deraadt@
djm [Wed, 5 Jan 2022 04:02:42 +0000 (04:02 +0000)]
NULL deref when using find-principals when matching an allowed_signers
line that contains a namespace restriction, but no restriction
specified on the command-line; report and fix from Fabian Stelzer
dlg [Wed, 5 Jan 2022 03:53:26 +0000 (03:53 +0000)]
use the index provided by the txcompletion descriptor in txeof.
this replaces the use of a register in txeof to figure out how much
of the ring has been completed by the hardware. that register isn't
reset when an interface is taken down and brought up again, which
messes with the calculations of free slots on the ring, which in
turn messes up the ability to transmit packets.
this means the watchdog can't know where the hardware is up to
anymore, so just restartthe chip if the watchdog fires.
it seems to be important to start the tx ring in msk_init on the
0th ring entry that we use to reset the high address value to 0.
we still fill the 0th descriptor, but we let the first msk_start
call post it for us when a packet goes on the ring.
a slight tweak and ok jmatthew@
visa [Wed, 5 Jan 2022 03:32:43 +0000 (03:32 +0000)]
Add mpfclock(4), a driver for the PolarFire SoC MSS clock controller.
OK kettenis@
jsg [Wed, 5 Jan 2022 02:00:55 +0000 (02:00 +0000)]
remove unused defines
ok gnezdo@
kettenis [Tue, 4 Jan 2022 20:55:48 +0000 (20:55 +0000)]
Future-proof by adding some proposed compatible strings to match on.
tb [Tue, 4 Jan 2022 20:52:34 +0000 (20:52 +0000)]
Readability tweaks in the print helper i2r_IPAddressOrRanges.
Assign repeated nested expressions to local variables and avoid some
awkward line wrapping.
deraadt [Tue, 4 Jan 2022 20:43:44 +0000 (20:43 +0000)]
struct pci_matchid is useful an upcoming userland program that wants
to includes pcivar.h because it inspects vid/pid tables
deraadt [Tue, 4 Jan 2022 20:41:42 +0000 (20:41 +0000)]
hide more things behind _KERNEL, in case userland manages to include
this file
tb [Tue, 4 Jan 2022 20:40:43 +0000 (20:40 +0000)]
Consistently name variables with a _len suffix instead of mixing
things like prefixlen, afi_length, etc.
suggested by jsing
tb [Tue, 4 Jan 2022 20:33:02 +0000 (20:33 +0000)]
Only check the parent to be canonical once we know it is non-NULL.
suggested by jsing during review
tb [Tue, 4 Jan 2022 20:30:30 +0000 (20:30 +0000)]
Refactor extract_min_max()
extract_min_max() crammed all the work in two return statements
inside a switch. Make this more readable by splitting out the
extraction of the min and max as BIT STRINGs from an addressPrefix
or an addressRange and once that's done expanding them to raw
addresses.
ok inoguchi jsing
tb [Tue, 4 Jan 2022 20:23:05 +0000 (20:23 +0000)]
Remove checks that are duplicated in extract_min_max()
The NULL checks and the checks that aor->type is reasonable are already
performed in extract_min_max(), so it is unnecessary to repeat them
in X509v3_addr_get_range()
ok inoguchi jsing
deraadt [Tue, 4 Jan 2022 20:21:14 +0000 (20:21 +0000)]
sync
tb [Tue, 4 Jan 2022 20:21:04 +0000 (20:21 +0000)]
Make X509v3_addr_get_range() readable.
Instead of checking everything in a single if statement, group the
checks according to their purposes.
ok inoguchi jsing
tb [Tue, 4 Jan 2022 20:17:07 +0000 (20:17 +0000)]
Add a length check to make_addressPrefix()
Make the callers pass in the afi so that make_addressPrefix() can check
prefixlen to be reasonable. If the afi is anything else than IPv4 or
IPv6, cap its length at the length needed for IPv6. This way we avoid
arbitrary out-of-bounds reads if the caller decides to pass in something
stupid.
ok inoguchi jsing
tb [Tue, 4 Jan 2022 20:04:38 +0000 (20:04 +0000)]
Remove some dead code
IPAddressRange_new() populates both its min and max members, so
they won't ever be NULL and will never need to be allocated.
ok inoguchi jsing
tb [Tue, 4 Jan 2022 20:02:22 +0000 (20:02 +0000)]
Drop a pointless NULL check
IPAddressOrRange_new() instantiates a choice type, so we need to
allocate one member of the union ourselves, so aor->u.addressPrefix
will always be NULL.
ok inoguchi jsing