openbsd
2 weeks agoGet trust anchor via unbound-checkconf(8)
kn [Wed, 9 Oct 2024 15:42:56 +0000 (15:42 +0000)]
Get trust anchor via unbound-checkconf(8)

This tool knows our default config path and '-o auto-trust-anchor-file'
prints the actually set path, if any, regardless of whether exists.

Use that to generate it rather than a best-effort grep/hardcoded path.

OK sthen

2 weeks agoAdd regress test that sends a SIGSTOP to a child whit its mainproc gone.
claudio [Wed, 9 Oct 2024 12:59:59 +0000 (12:59 +0000)]
Add regress test that sends a SIGSTOP to a child whit its mainproc gone.
Right now this fails since dowait6() depends on ps_mainproc for this.

2 weeks agoRemove SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER
tb [Wed, 9 Oct 2024 10:27:52 +0000 (10:27 +0000)]
Remove SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER

Nothing uses this and it collides with ALPN

2 weeks agoMake it possible to configure tcp md5 and ipsec on rtr as well
claudio [Wed, 9 Oct 2024 10:01:29 +0000 (10:01 +0000)]
Make it possible to configure tcp md5 and ipsec on rtr as well

Single out the auth_config yacc rules. Even though this requires an
extra merge_auth_conf() function to handle manual IPsec setups but
even with that this seems like a net gain.

There is no rtr cache that does tcp md5 on OpenBSD so those bits remain
untested for now.
OK tb@

2 weeks agoClear ps_xsig when continuing after a PS_TRACED stop.
claudio [Wed, 9 Oct 2024 08:58:19 +0000 (08:58 +0000)]
Clear ps_xsig when continuing after a PS_TRACED stop.

Also remove the ps_xsig handling in setrunnable() it is in the wrong spot
and causes signals to be delivered over and over again.

Attaching to an already stopped process is affected by this. The SIGSTOP
sent by ptrace is now ignored in ptsignal() and as a result gdb will hang
in wait4() until a SIGCONT is delivered to the process. After that all
works as usual.

OK mpi@

2 weeks agoConvert prsignal() into a real function
claudio [Wed, 9 Oct 2024 08:39:49 +0000 (08:39 +0000)]
Convert prsignal() into a real function

Also do not use ps_mainproc as the thread the signal is send to. Sending
a signal to ps_mainproc may not work reliably if it already exited. Use
TAILQ_FIRST(&pr->ps_threads) instead but first check that the process has
not yet entered exit1().

OK mpi@

2 weeks agoAdd missing alert descriptions (taken from RFC 8446)
tb [Wed, 9 Oct 2024 08:22:28 +0000 (08:22 +0000)]
Add missing alert descriptions (taken from RFC 8446)

This is so gross...

2 weeks agoAdd missing alerts to SSL_alert_desc_string{,_long}()
tb [Wed, 9 Oct 2024 08:01:39 +0000 (08:01 +0000)]
Add missing alerts to SSL_alert_desc_string{,_long}()

ok beck

2 weeks agoAdd missing alert errors and error strings
tb [Wed, 9 Oct 2024 08:00:29 +0000 (08:00 +0000)]
Add missing alert errors and error strings

For every TLS alert there needs a corresponding error with error code
having an offset of SSL_AD_REASON_OFFSET (aka 1000), otherwise the error
stack fails to set the reason correctly.

ok beck

2 weeks agoAppease mandoc -Tlint
tb [Wed, 9 Oct 2024 07:25:35 +0000 (07:25 +0000)]
Appease mandoc -Tlint

2 weeks agoAdd .Xr to pkg_check-version(1) in packages-specs(7), as pkg_check-version(1)
semarie [Wed, 9 Oct 2024 07:22:13 +0000 (07:22 +0000)]
Add .Xr to pkg_check-version(1) in packages-specs(7), as pkg_check-version(1)
can be used to verify the ordering of package names.

ok tb@

3 weeks agocorrect indentation
jsg [Wed, 9 Oct 2024 01:52:11 +0000 (01:52 +0000)]
correct indentation

3 weeks agomake attachments use pre-existing activate functions; ok deraadt@
jsg [Wed, 9 Oct 2024 00:38:25 +0000 (00:38 +0000)]
make attachments use pre-existing activate functions; ok deraadt@

3 weeks agoRelax DMA restrictions on ehci(4) and xhci(4) controllers that can do
kettenis [Tue, 8 Oct 2024 19:42:31 +0000 (19:42 +0000)]
Relax DMA restrictions on ehci(4) and xhci(4) controllers that can do
64-bit DMA.

ok mpi@, mlarkin@

3 weeks agoAdd the BUS_DMA_64BIT flag to bus_dmamem_alloc(9) calls since NVMe devices
kettenis [Tue, 8 Oct 2024 19:41:23 +0000 (19:41 +0000)]
Add the BUS_DMA_64BIT flag to bus_dmamem_alloc(9) calls since NVMe devices
can do 64-bit DMA.

ok mpi@, mlarkin@

3 weeks agoMake bus_dmamem_alloc(9) recognize the BUS_DMA_64BIT flag and interpret
kettenis [Tue, 8 Oct 2024 19:40:00 +0000 (19:40 +0000)]
Make bus_dmamem_alloc(9) recognize the BUS_DMA_64BIT flag and interpret
it as a request for memory without any DMA restrictions, which means that
the call is allowed to allocate memory above the 4GB boundary on amd64.

ok mpi@, mlarkin@

3 weeks agoExtend the socket handover from parent to rtr process to also include teardown
claudio [Tue, 8 Oct 2024 12:28:09 +0000 (12:28 +0000)]
Extend the socket handover from parent to rtr process to also include teardown

This is needed to support tcp md5sum and ipsec auth for rtr.
OK tb@

3 weeks agoReplace ps_oppid (old parent pid) with ps_opptr (a pointer to the old parent process...
claudio [Tue, 8 Oct 2024 12:02:24 +0000 (12:02 +0000)]
Replace ps_oppid (old parent pid) with ps_opptr (a pointer to the old parent process struct).

This simplifies some code and removes the no need to call prfind in
process_untrace().
OK mpi@

3 weeks agoMove common code to update the proc runtime into tuagg_add_runtime().
claudio [Tue, 8 Oct 2024 11:57:59 +0000 (11:57 +0000)]
Move common code to update the proc runtime into tuagg_add_runtime().

OK mpi@ kn@

3 weeks agoDraw pane status line on the correct line when at the bottom, fixes
nicm [Tue, 8 Oct 2024 09:40:50 +0000 (09:40 +0000)]
Draw pane status line on the correct line when at the bottom, fixes
issues if the window size is smaller than the entire terminal. GitHub
issue 3943.

3 weeks agoAdjust lock requirements for ps_pptr, ps_ppid and ps_oppid.
claudio [Tue, 8 Oct 2024 09:05:40 +0000 (09:05 +0000)]
Adjust lock requirements for ps_pptr, ps_ppid and ps_oppid.

ps_pptr, ps_ppid and ps_oppid require the KERNEL_LOCK and the process mutex
to be modified. At the same time either KERNEL_LOCK or process mutex needs
to be taken to read the values.

This is needed to further unlock ptsignal().
OK kettenis@, mvs@

3 weeks agoPut the prompt cursor attributes into the status line screen and use
nicm [Tue, 8 Oct 2024 06:29:44 +0000 (06:29 +0000)]
Put the prompt cursor attributes into the status line screen and use
that rather than updating the current screen (since there might not be
one).

3 weeks agoremove unused struct
jsg [Tue, 8 Oct 2024 05:28:11 +0000 (05:28 +0000)]
remove unused struct

3 weeks agoremove unused ffs_checkoverlap() ext2fs_checkoverlap(); ok miod@
jsg [Tue, 8 Oct 2024 02:58:26 +0000 (02:58 +0000)]
remove unused ffs_checkoverlap() ext2fs_checkoverlap(); ok miod@

3 weeks agoremove unused uvm_pause(); ok miod@
jsg [Tue, 8 Oct 2024 02:29:10 +0000 (02:29 +0000)]
remove unused uvm_pause(); ok miod@

3 weeks agoset activate for ufshci_acpi and ufshci_fdt
jsg [Tue, 8 Oct 2024 00:46:29 +0000 (00:46 +0000)]
set activate for ufshci_acpi and ufshci_fdt

tested by mglocker@ with pci, acpi and fdt attachments
ok mglocker@ deraadt@

3 weeks agoapply the CVE-2024-8508 fix from unbound (put a limit on resources used
sthen [Tue, 8 Oct 2024 00:21:08 +0000 (00:21 +0000)]
apply the CVE-2024-8508 fix from unbound (put a limit on resources used
for handling DNS compression). OK florian

3 weeks agoWhen acme-client is run with -v, show the account URI from the Location
sthen [Mon, 7 Oct 2024 23:47:00 +0000 (23:47 +0000)]
When acme-client is run with -v, show the account URI from the Location
header sent by the server in response to the newAccount API call (used for
every cert request). This is useful if you want to set a CAA DNS record
restricting issuance to a specific user account, rather than just "all of
$whichever_acme_CA".  ok florian

3 weeks agoRemove VMFUNC feature detection and tracking.
dv [Mon, 7 Oct 2024 20:30:17 +0000 (20:30 +0000)]
Remove VMFUNC feature detection and tracking.

vmm(4) doesn't use the VMX VMFUNC instruction.

ok mlarkin@

3 weeks agouse the Ox macro instead of "OpenBSD";
jmc [Mon, 7 Oct 2024 15:57:15 +0000 (15:57 +0000)]
use the Ox macro instead of "OpenBSD";

3 weeks agoTweak genassym code generation to force preprocessor conditional directives
miod [Mon, 7 Oct 2024 15:41:46 +0000 (15:41 +0000)]
Tweak genassym code generation to force preprocessor conditional directives
to always be put inside functions.

This allows such statements to appear anywhere in assym.cf; without this
change they would require at least one `export' or `define' stanza to occur
first.

Problem noticed by & ok jsg@

3 weeks agomerge unbound 1.21.1
sthen [Mon, 7 Oct 2024 15:38:21 +0000 (15:38 +0000)]
merge unbound 1.21.1

3 weeks agoFix unbound CVE-2024-8508, put a limit on resources used for handling
sthen [Mon, 7 Oct 2024 15:35:11 +0000 (15:35 +0000)]
Fix unbound CVE-2024-8508, put a limit on resources used for handling
DNS compression. OK florian

From unbound 1.21.1 (rest will be merged shortly).

3 weeks agoAdd comment accidentally omitted on commit
tb [Mon, 7 Oct 2024 14:45:33 +0000 (14:45 +0000)]
Add comment accidentally omitted on commit

3 weeks agoupdate crl number draft link
tb [Mon, 7 Oct 2024 14:21:51 +0000 (14:21 +0000)]
update crl number draft link

3 weeks agoAdd a multithreaded test for SIGSTOP and SIGCONT behaviour.
claudio [Mon, 7 Oct 2024 14:01:12 +0000 (14:01 +0000)]
Add a multithreaded test for SIGSTOP and SIGCONT behaviour.

This actually installs a SIGTSTP handler which then triggers a SIGSTOP.
Currently unlinked since both SIGSTOP and SIGCONT delivery is busted.

3 weeks agoadd UQ_ALWAYS_OPEN for another PixArt mouse
sthen [Mon, 7 Oct 2024 13:27:13 +0000 (13:27 +0000)]
add UQ_ALWAYS_OPEN for another PixArt mouse

3 weeks agosync
sthen [Mon, 7 Oct 2024 13:26:32 +0000 (13:26 +0000)]
sync

3 weeks agoadd another PixArt mouse, to be used in quirks
sthen [Mon, 7 Oct 2024 13:26:18 +0000 (13:26 +0000)]
add another PixArt mouse, to be used in quirks

3 weeks agoThe two usual use cases are sysupgrade and sysupgrade -s, jumping
deraadt [Mon, 7 Oct 2024 13:21:53 +0000 (13:21 +0000)]
The two usual use cases are sysupgrade and sysupgrade -s, jumping
forward to the same key, or the key+.1.  But sometimes you want to
update an older machine far forward (either with -s, or with -R), and
the required key might not exist on-disk.  Since getting the key isn't
automated, people make some poor decisions to get the key.  Previous
to 7.6 the situation was worse, (and obviously older releases will have
the old sysupgrade script, though you can copy this one to those machines
and it will work, but please do that securely..)
Moving forward this improves the workflow: a new set of keybundles
(signed by older keys) have been made available so that sysupgrade
can securely and automatically download the required key.
ok job tb beck sthen

3 weeks agoAdd prompt-cursor-colour and prompt-cursor-style to set the style of the
nicm [Mon, 7 Oct 2024 12:58:36 +0000 (12:58 +0000)]
Add prompt-cursor-colour and prompt-cursor-style to set the style of the
cursor in the command prompt and remove the emulated cursor, from
Alexander Arch in GitHub issue 4170.

3 weeks agorpki-client: add small unit test for the sequence number
tb [Mon, 7 Oct 2024 12:27:27 +0000 (12:27 +0000)]
rpki-client: add small unit test for the sequence number

got this wrong too many times, let's make sure this is right.

3 weeks agorpki-client: fix validity interval check
tb [Mon, 7 Oct 2024 12:19:52 +0000 (12:19 +0000)]
rpki-client: fix validity interval check

The language in RFC 5280, section 4.1.2.5 includes the end points of the
validity interval.

Reported by Tom Harrison

ok claudio job

3 weeks agorpki-client: fix seqnum upper bound
tb [Mon, 7 Oct 2024 12:18:31 +0000 (12:18 +0000)]
rpki-client: fix seqnum upper bound

An ASN1_INTEGER doesn't contain the ASN.1 encoding in its data. It contains
a BIGNUM. In particular, there's no padding octet for integers with the top
bit of the top octet set. Do the check the dumb way and check all the parts
individually: non-negative, not larger than 20 octets and bit 159 not set.

Reported by Tom Harrison

ok claudio job

3 weeks agoAdd initial-repeat-time option to allow the first repeat time to be
nicm [Mon, 7 Oct 2024 08:50:47 +0000 (08:50 +0000)]
Add initial-repeat-time option to allow the first repeat time to be
increased and later reduced, from David le Blanc in GitHub issue 4164.

3 weeks agoAdd support for AX88772D.
kevlo [Mon, 7 Oct 2024 07:35:40 +0000 (07:35 +0000)]
Add support for AX88772D.

AX88772D is a USB 2.0 device.  It is very similar to AX88179A overall.
The most significant difference is that AX88179A supports 1000Mbps speeds
while AX88772D does not.

grammer fix from jmc@

ok miod@

3 weeks agodrm/amd/display: Validate backlight caps are sane
jsg [Mon, 7 Oct 2024 05:30:12 +0000 (05:30 +0000)]
drm/amd/display: Validate backlight caps are sane

From Mario Limonciello
c886061bbdd1f37190939b11926055413e86a56c in linux-6.6.y/6.6.54
327e62f47eb57ae5ff63de82b0815557104e439a in mainline linux

3 weeks agodrm/amd/display: Round calculated vtotal
jsg [Mon, 7 Oct 2024 05:28:20 +0000 (05:28 +0000)]
drm/amd/display: Round calculated vtotal

From Robin Chen
9ce1ee22dc6829175ec2dfd74d78d79eb20e0732 in linux-6.6.y/6.6.54
c03fca619fc687338a3b6511fdbed94096abdf79 in mainline linux

3 weeks agodrm/amd/display: Add HDMI DSC native YCbCr422 support
jsg [Mon, 7 Oct 2024 05:25:26 +0000 (05:25 +0000)]
drm/amd/display: Add HDMI DSC native YCbCr422 support

From Leo Ma
55fcbe5f60865717479a9d6a8d8d076c8f443759 in linux-6.6.y/6.6.54
07bfa9cdbf3cd2daadfaaba0601f126f45951ffa in mainline linux

3 weeks agodrm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination
jsg [Mon, 7 Oct 2024 05:23:13 +0000 (05:23 +0000)]
drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination

From Fangzhi Zuo
b5d38f1d4acb3a0aa0763d4d70bec6c9cf51300c in linux-6.6.y/6.6.54
4437936c6b696b98f3fe1d8679a2788c41b4df77 in mainline linux

3 weeks agodrm/radeon/evergreen_cs: fix int overflow errors in cs track offsets
jsg [Mon, 7 Oct 2024 05:20:34 +0000 (05:20 +0000)]
drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets

From Nikita Zhandarovich
fa94d60546d2ba8c55f3c87483404162f1fbe863 in linux-6.6.y/6.6.54
3fbaf475a5b8361ebee7da18964db809e37518b7 in mainline linux

3 weeks agodrm/amd/amdgpu: Properly tune the size of struct
jsg [Mon, 7 Oct 2024 05:17:14 +0000 (05:17 +0000)]
drm/amd/amdgpu: Properly tune the size of struct

From WangYuli
8e7760ed234f55f28dfd68254d08c9d0527dd766 in linux-6.6.y/6.6.54
0cee47cde41e22712c034ae961076067d4ac13a0 in mainline linux

3 weeks agodrm/radeon: properly handle vbios fake edid sizing
jsg [Mon, 7 Oct 2024 05:14:50 +0000 (05:14 +0000)]
drm/radeon: properly handle vbios fake edid sizing

From Alex Deucher
de67850b401946dc683103d11d7814ae5611750e in linux-6.6.y/6.6.54
17c6baff3d5f65c8da164137a58742541a060b2f in mainline linux

3 weeks agodrm/amdgpu: properly handle vbios fake edid sizing
jsg [Mon, 7 Oct 2024 05:12:00 +0000 (05:12 +0000)]
drm/amdgpu: properly handle vbios fake edid sizing

From Alex Deucher
78b9e10b3bd1bb04c40f9f12b899951a6904772b in linux-6.6.y/6.6.54
8155566a26b8d6c1dd914f06a0c652e4e2f2adf1 in mainline linux

3 weeks agodrm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
jsg [Mon, 7 Oct 2024 05:02:58 +0000 (05:02 +0000)]
drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func

From Srinivasan Shanmugam
ddf9ff244d704e1903533f7be377615ed34b83e7 in linux-6.6.y/6.6.54
08ae395ea22fb3d9b318c8bde28c0dfd2f5fa4d2 in mainline linux

3 weeks agodrop redundant AF attach ioctl
kn [Mon, 7 Oct 2024 04:29:01 +0000 (04:29 +0000)]
drop redundant AF attach ioctl

SIOCAIFADDR_IN6 to configure an IPv6 address does everything SIOCIFAFATTACH
does, i.e. it enables IPv6 on the interface if not done so already.

vm.conf(5) 'local inet6' works as before.

OK mlarkin

3 weeks agoinclude proc.h to fix APMDEBUG build
jsg [Mon, 7 Oct 2024 01:31:22 +0000 (01:31 +0000)]
include proc.h to fix APMDEBUG build

3 weeks agoFix the rx refill timeout to only refill rings that are currently empty.
jmatthew [Sun, 6 Oct 2024 23:43:18 +0000 (23:43 +0000)]
Fix the rx refill timeout to only refill rings that are currently empty.
This is normally how the timeout works, but in this driver it's complicated
by the use of separate rx and ag rings.

This prevents the refill timeout from operating on a ring concurrently
with an rx interrupt, which leads to corruption and crashes as experienced
by bluhm@

ok dlg@
earlier version tested by and ok bluhm@

3 weeks agoremove unused DEBUG_PLEDGE lines; ok deraadt@
jsg [Sun, 6 Oct 2024 23:39:24 +0000 (23:39 +0000)]
remove unused DEBUG_PLEDGE lines; ok deraadt@

3 weeks agoTurn off finite field (a.k.a modp) Diffie-Hellman key exchange in sshd
djm [Sun, 6 Oct 2024 23:37:17 +0000 (23:37 +0000)]
Turn off finite field (a.k.a modp) Diffie-Hellman key exchange in sshd
by default. Specifically, this removes the diffie-hellman-group* and
diffie-hellman-group-exchange-* methods. The client is unchanged and
continues to support these methods by default.

Finite field Diffie Hellman is slow and computationally expensive for
the same security level as Elliptic Curve DH or PQ key agreement while
offering no redeeming advantages.

ECDH has been specified for the SSH protocol for 15 years and some
form of ECDH has been the default key exchange in OpenSSH for the last
14 years.

ok markus@

3 weeks agoremove unneeded includes and defines; ok miod@
jsg [Sun, 6 Oct 2024 22:47:38 +0000 (22:47 +0000)]
remove unneeded includes and defines; ok miod@

3 weeks agouse rdmsr_safe() instead of rdmsr() for probing feature
semarie [Sun, 6 Oct 2024 16:24:02 +0000 (16:24 +0000)]
use rdmsr_safe() instead of rdmsr() for probing feature

the second could raise general protection fault on non-existant MSR

fix with help of jsg@
ok dv@

3 weeks agonew opt-in PATCH_QUIET aka. patch(1) -s; OK tb
kn [Sun, 6 Oct 2024 10:24:52 +0000 (10:24 +0000)]
new opt-in PATCH_QUIET aka. patch(1) -s;  OK tb

3 weeks agoTry to stay near the same line in modes if the current one is removed.
nicm [Sun, 6 Oct 2024 09:30:22 +0000 (09:30 +0000)]
Try to stay near the same line in modes if the current one is removed.

3 weeks agoremove unused axppmic_rsb_cd, axppmic at rsb uses axppmic_cd
jsg [Sun, 6 Oct 2024 03:46:48 +0000 (03:46 +0000)]
remove unused axppmic_rsb_cd, axppmic at rsb uses axppmic_cd

3 weeks agoremove unused sched_cost_load variable
jsg [Sun, 6 Oct 2024 01:50:56 +0000 (01:50 +0000)]
remove unused sched_cost_load variable

3 weeks agoremove unused wi_usb_cd, wi at usb uses wi_cd
jsg [Sun, 6 Oct 2024 01:28:39 +0000 (01:28 +0000)]
remove unused wi_usb_cd, wi at usb uses wi_cd

3 weeks agoremove unused atw_beacon_len_adjust variable
jsg [Sun, 6 Oct 2024 01:12:15 +0000 (01:12 +0000)]
remove unused atw_beacon_len_adjust variable

3 weeks agoSeperate -> Separate
jsg [Sun, 6 Oct 2024 00:13:42 +0000 (00:13 +0000)]
Seperate -> Separate

3 weeks agoMake scaling available for normal mice, too; not just for touchpads.
chrisz [Sat, 5 Oct 2024 13:27:16 +0000 (13:27 +0000)]
Make scaling available for normal mice, too; not just for touchpads.
Add reverse_scrolling to the manpage.

ok bru@

3 weeks agoSend focus events to pane when entering or leaving popup, GitHub issue
nicm [Sat, 5 Oct 2024 12:10:16 +0000 (12:10 +0000)]
Send focus events to pane when entering or leaving popup, GitHub issue
3991.

3 weeks agoremove unneeded includes
jsg [Sat, 5 Oct 2024 09:54:39 +0000 (09:54 +0000)]
remove unneeded includes

3 weeks agoerror on long locator lines, don't overflow buffers
jsg [Sat, 5 Oct 2024 01:07:38 +0000 (01:07 +0000)]
error on long locator lines, don't overflow buffers
found with afl, feedback and ok millert@

3 weeks agoRemove some debugging left behind.
nicm [Sat, 5 Oct 2024 00:35:35 +0000 (00:35 +0000)]
Remove some debugging left behind.

3 weeks agoAdd copy-mode-position-format to configure the position indicator.
nicm [Sat, 5 Oct 2024 00:32:55 +0000 (00:32 +0000)]
Add copy-mode-position-format to configure the position indicator.

3 weeks agoDocument missing window-layout-changed hook.
nicm [Fri, 4 Oct 2024 22:36:11 +0000 (22:36 +0000)]
Document missing window-layout-changed hook.

3 weeks agoAllow boot loader to run as AMD SEV guest on QEMU with EFI.
bluhm [Fri, 4 Oct 2024 22:21:28 +0000 (22:21 +0000)]
Allow boot loader to run as AMD SEV guest on QEMU with EFI.

When efibooting amd64, the boot loader rewrites the page table built
by EFI firmware to ensure that there are no read-only mappings.
The rewrite is needed for some HP EFI BIOS, that maps computrace
section read-only.
When efibooting on SEV enabled QEMU, we would have to ensure the
crypt bit is set when changing page tables.  However, there is no
need for the HP workaround when booting on QEMU (or any other VM),
so just do not modify the page table, when SEV gest mode is detected.

from Sebastian Sturm; via hshoexer@; OK kettenis@

3 weeks agoAllow kernel boot on QEMU with AMD SEV.
bluhm [Fri, 4 Oct 2024 21:15:52 +0000 (21:15 +0000)]
Allow kernel boot on QEMU with AMD SEV.

When booting an OpenBSD kernel on Linux QEMU with SEV enabled, the
hypervisor does not forward the SME feature, only the SEV bit is
set.  Therefore do not depend on SME when checking for SEV guest
mode in locore0.

from Sebastian Sturm; via hshoexer@; OK jsg@

3 weeks agoAdd -y flag to disable confirmation prompts in modes, GitHub issue 4152.
nicm [Fri, 4 Oct 2024 19:16:13 +0000 (19:16 +0000)]
Add -y flag to disable confirmation prompts in modes, GitHub issue 4152.

3 weeks agoRemove unused SIGEMT.
miod [Fri, 4 Oct 2024 19:00:27 +0000 (19:00 +0000)]
Remove unused SIGEMT.

3 weeks agoIncrease psp(4) timeouts.
bluhm [Fri, 4 Oct 2024 16:58:26 +0000 (16:58 +0000)]
Increase psp(4) timeouts.

On EPYC 9124 psp(4) seems to need more to time to respond.  Otherwise
it will not attach.  Increase timeouts for both polling during
autoconf and interrupt during normal operation.

from hshoexer@ OK mlarkin@

3 weeks agoDo not translate BSpace as Unicode, GitHub issue 4156.
nicm [Fri, 4 Oct 2024 14:55:17 +0000 (14:55 +0000)]
Do not translate BSpace as Unicode, GitHub issue 4156.

3 weeks agoRemove two MHI LOOPBACK channels, there's no need to match them.
kevlo [Fri, 4 Oct 2024 07:46:33 +0000 (07:46 +0000)]
Remove two MHI LOOPBACK channels, there's no need to match them.

Also move PCI ops registration ahead.  That way the ops will be registered
if any subsequent operations within the case processing require the ops to

See Linux commit fbb2a14afe00a5691b43cd19c946472e59e16fc6 and
515bcdf587f9911f2d5de51524cb7e048d295052

ok stsp@

3 weeks agoRework of copy mode commands ("send-keys -X") to parse the arguments so
nicm [Fri, 4 Oct 2024 07:03:08 +0000 (07:03 +0000)]
Rework of copy mode commands ("send-keys -X") to parse the arguments so
that flags may be detected propertly rather than just looking for
strings ("-O" and so on). Also add -C and -P flags to the copy commands:
-C prevents the commands from sending the text to the clipboard and -P
prevents them from adding the text as a paste buffer.

Note some of the default key bindings change to add "--" and any similar
custom key bindings using "send-keys -X" may need a similar change.

GitHub issue 4153.

3 weeks agoAs with other multiqueue drivers, print the number of queues we set up
jmatthew [Fri, 4 Oct 2024 06:37:22 +0000 (06:37 +0000)]
As with other multiqueue drivers, print the number of queues we set up
along with the interrupt and ethernet address details.

ok dlg@

3 weeks agoExpose {T,R}X desc trail and add link_enabled field to prepare VF
yasuoka [Fri, 4 Oct 2024 05:22:10 +0000 (05:22 +0000)]
Expose {T,R}X desc trail and add link_enabled field to prepare VF
support.  diff from naito.yuichiro at gmail.com

ok jan jmatthew

3 weeks agoIn rucheck() sum up the tusage from all threads to get the real current
claudio [Thu, 3 Oct 2024 10:20:05 +0000 (10:20 +0000)]
In rucheck() sum up the tusage from all threads to get the real current
runtime of the process. Also this no longer needs the SCHED_LOCK().
OK mpi@

3 weeks agoFix the clock_gettime() handler for pthread_getcpuclockid() to
claudio [Thu, 3 Oct 2024 10:18:29 +0000 (10:18 +0000)]
Fix the clock_gettime() handler for pthread_getcpuclockid() to
use the proper way to read tu_runtime.
OK mpi@

3 weeks agovio: Increase rx mbuf size with lro
sf [Thu, 3 Oct 2024 08:59:49 +0000 (08:59 +0000)]
vio: Increase rx mbuf size with lro

bluhm found that using bigger rx mbufs helps tcp splice performance if
lro is enabled. Use 4k in that case.

Also fix confusion in rx dmamap segment count. Even with lro/tso, we
only put unfragmented mbufs into the rx queue. Therefore we only need
max. 2 segments, one for the mbuf and one for the separate header for
legacy virtio devices.

OK bluhm@

3 weeks agoRemove the unused field_mod_func from EC_GROUP
tb [Thu, 3 Oct 2024 06:24:07 +0000 (06:24 +0000)]
Remove the unused field_mod_func from EC_GROUP

This was only used by the NIST method. For all other group methods it's
an uninitialized pointer (as EC_GROUP_new() still uses the malloc + set
all members to 0 idiom).

ok jsing

3 weeks agoImprove fix for shifted keys so it works for all the keys it should,
nicm [Thu, 3 Oct 2024 05:41:59 +0000 (05:41 +0000)]
Improve fix for shifted keys so it works for all the keys it should,
Stanislav Kljuhhin in GitHub issue 4146.

3 weeks agoMake EC{,PK}PARAMETERS_it static
tb [Thu, 3 Oct 2024 05:07:49 +0000 (05:07 +0000)]
Make EC{,PK}PARAMETERS_it static

They aren't used outside of this file.

3 weeks agoWe've left release mode. Time to re-enable POOL_DEBUG
tb [Thu, 3 Oct 2024 04:39:09 +0000 (04:39 +0000)]
We've left release mode. Time to re-enable POOL_DEBUG

ok deraadt

3 weeks agoFix ASN1_INTEGER_to_BN() misuse
tb [Thu, 3 Oct 2024 04:20:28 +0000 (04:20 +0000)]
Fix ASN1_INTEGER_to_BN() misuse

Same issue/leak as for BN_to_ASN1_INTEGER(). Stop reusing the elliptic
curve parameters a and b for order and cofacter. It's confusing.

ok jsing

3 weeks agoSwitch field_bits to be an int
tb [Thu, 3 Oct 2024 04:17:05 +0000 (04:17 +0000)]
Switch field_bits to be an int

ok jsing

3 weeks agoFix BN_to_ASN1_INTEGER() misuse
tb [Thu, 3 Oct 2024 04:15:52 +0000 (04:15 +0000)]
Fix BN_to_ASN1_INTEGER() misuse

You can either let this API reuse an existing ASN1_INTEGER or you can let
it allocate a new one. If you try to do both at the same time, you'll leak.

ok jsing

3 weeks agoProvide OPENSSL_INIT_NO_ATEXIT noop
tb [Thu, 3 Oct 2024 03:47:40 +0000 (03:47 +0000)]
Provide OPENSSL_INIT_NO_ATEXIT noop

The brilliant idea of installing a fragile non-idempotent cleanup atexit
handler as a library has bitten many people over time. This gets particularly
exciting when you can't control who dlopens the lib first (don't we all love
Python bindings) or if you are in a threaded context. Fake OpenSSL clones
chose not to do this but now get to carry a noop flag since people start
opting out of this madness (there's a good old tradition at work here).

ok beck joshua jsing millert miod

3 weeks agoX509V3_EXT_get_nid.3: indicate what nid means
tb [Thu, 3 Oct 2024 03:31:47 +0000 (03:31 +0000)]
X509V3_EXT_get_nid.3: indicate what nid means

3 weeks agoImprove the heuristic for detecting i2c devices. On the x1e some of the
kettenis [Wed, 2 Oct 2024 21:21:32 +0000 (21:21 +0000)]
Improve the heuristic for detecting i2c devices.  On the x1e some of the
USB controllers have an I2cSerialBusV2() (possibly defining a connection
to some sort of eUSB2 to USB2 redriver chip) but are not i2c devices
themselves.  So check if a device has MMIO resources and assume it isn't
a proper i2c device if it has those.  Makes the Type-A ports on my
vivobook work in acpi mode.

ok patrick@, mlarkin@

3 weeks agoamd64: implement a pmap_shootept() for non-MP kernels.
dv [Wed, 2 Oct 2024 18:18:27 +0000 (18:18 +0000)]
amd64: implement a pmap_shootept() for non-MP kernels.

Simplifies some of the recent INVEPT changes and mirrors the design
of other pmap tlb shootdown functions that provide simplified non-MP
implementations.

ok mlarkin@