patrick [Tue, 8 Nov 2022 19:42:10 +0000 (19:42 +0000)]
Add qcpmicgpio(4), a driver for the GPIO block inside the Qualcomm PMICs.
This driver is not completed yet, but good enough to be worked on in-tree.
ok kettenis@
patrick [Tue, 8 Nov 2022 19:40:08 +0000 (19:40 +0000)]
Add qcpmic(4), a driver for the SPMI-connected PMICs found on Qualcomm SoCs,
which are used on the Lenovo x13s.
This is mostly a shim. The work for the actual blocks inside the PMICs
occurs in the children.
ok kettenis@
dlg [Tue, 8 Nov 2022 19:38:34 +0000 (19:38 +0000)]
don't keep track of how many vcpus are currently running.
the number is never read anywhere, and i'm not sure what value that
number has anyway.
mlarkin@ agrees
patrick [Tue, 8 Nov 2022 19:34:54 +0000 (19:34 +0000)]
Add qcspmi(4), a driver for the SPMI PMIC Arbiter found on Qualcomm SoCs,
which is used on the Lenovo x13s.
As soon as we gain a driver for the Power Domain Controller (PDC) that acts
as a shim towards the GIC, we can switch out the timeout for proper IRQs.
ok kettenis@
tobhe [Tue, 8 Nov 2022 19:19:08 +0000 (19:19 +0000)]
Rename out to err to conform with standard naming scheme.
dlg [Tue, 8 Nov 2022 19:18:47 +0000 (19:18 +0000)]
further speed up delivery of interrupts to a running vcpu.
this records which physical cpu a vcpu is running on. this is used
by the code that marks a vcpu as having a pending interrupt to check
if the vcpu is currently running. if it thinks the vcpu is running,
it sends a nop IPI to the physical cpu it is running on to trigger
a vmexit, which in turn runs interrupt handling in the guest.
ok mlarkin@
robert [Tue, 8 Nov 2022 19:17:58 +0000 (19:17 +0000)]
allow the KERN_AUTOCONF_SERIAL sysctl in pledge'd processes
ok deraadt@
tobhe [Tue, 8 Nov 2022 19:17:05 +0000 (19:17 +0000)]
Fix leak of pk if EVP_PKEY_set1_DSA() fails.
Found with CodeChecker
ok jsing@
cheloha [Tue, 8 Nov 2022 19:09:53 +0000 (19:09 +0000)]
timeout(9): remove unused, undocumented timeout_in_nsec() interface
The kernel is not quite ready for timeout_in_nsec(). Remove it and
kclock_nanotime(). Both are unused.
Prompted by jsg@.
ok kn@
tobhe [Tue, 8 Nov 2022 19:07:34 +0000 (19:07 +0000)]
Enable gpiobl(4)
tobhe [Tue, 8 Nov 2022 19:06:57 +0000 (19:06 +0000)]
Add gpiobl(4), a driver for gpio controlled display backlights. This will
allow us to turn off the screen on Apple Silicon laptops until we have a
proper display controller driver.
ok kettenis@ patrick@
kn [Tue, 8 Nov 2022 18:47:58 +0000 (18:47 +0000)]
Use four spaces not tabs on line break
kn [Tue, 8 Nov 2022 18:43:22 +0000 (18:43 +0000)]
Document ifc_list immutability
Move up to comment explaining different locks to account for all structs.
OK millert mvs
kettenis [Tue, 8 Nov 2022 18:28:10 +0000 (18:28 +0000)]
Implement alternative mailbox handling mechanism required by newer firmware.
ok patrick@
cheloha [Tue, 8 Nov 2022 18:17:51 +0000 (18:17 +0000)]
tc_setclock: don't print a warning if tc_windup() rejects inittodr(9) time
During resume, it isn't necessarily a problem if the UTC time we get
from inittodr(9) lags behind the system UTC clock. In particular, if
the active timecounter's frequency is low enough, tc_delta() might not
overflow across a brief suspend.
Remove the misleading warning message. The code is behaving as
intended, just not in a way I anticipated when I added the warning
message a few years ago.
Discovered by kettenis@. Root cause isolated with kettenis@.
Link: https://marc.info/?l=openbsd-tech&m=166790845619897&w=2
ok mlarkin@ kettenis@
mlarkin [Tue, 8 Nov 2022 18:08:43 +0000 (18:08 +0000)]
vmm(4): remove locking in vmm_intr_pending
Removes a lock around an atomic write; this lock was causing slowdowns
since the lock being requested is nearly always unavailable because it
is held while the VM is running.
Noticed by claudio@, help from mpi@, dlg@ and claudio@.
ok dv
kn [Tue, 8 Nov 2022 17:57:47 +0000 (17:57 +0000)]
Unlock SIOCIFGCLONERS
ifconfig(8) -C is the only user in base and the if_clone_attach() comment
explains how this list is being built during autoconf(9).
After that it is only ever read. Multiple threads may traverse the list in
parallel and reading the `int' count is atomic.
OK mvs
kn [Tue, 8 Nov 2022 17:57:14 +0000 (17:57 +0000)]
Push kernel lock inside ifioctl_get()
After this mechanical move, I can unlock the individual SIOCG* in there.
OK mvs
cheloha [Tue, 8 Nov 2022 17:56:38 +0000 (17:56 +0000)]
arm64: switch to clockintr(9)
Switch arm64 to the clockintr(9) subsystem.
- Remove the custom per-CPU clock interrupt schedule from agtimer(4).
- Remove the custom randomized statclock() pieces from agtimer(4).
- Add agtimer_rearm(), agtimer_trigger(), and wire up agtimer_intrclock.
There is one wart:
- The AArch64 spec says that a value written to CNTV_TVAL_EL0 is
"treated as a signed 32-bit integer" [1]. kettenis@ doesn't know
what to make of this. I'm capping the value at INT32_MAX for
now. It's possible I am misreading this, though.
Tested by kettenis@ on his Apple M1 mini. Tested by me on my
Raspberry Pi 4B.
Link: https://marc.info/?l=openbsd-tech&m=166776342503304&w=2
[1] "Arm Architecture Reference Manual for A-profile architecture"
issue I.a, section D17.11.27 ("CNTV_TVAL_EL0").
ok kettenis@
kn [Tue, 8 Nov 2022 17:53:01 +0000 (17:53 +0000)]
fix indent
krw [Tue, 8 Nov 2022 17:52:11 +0000 (17:52 +0000)]
Nuke unused variable 'freesectors'.
cheloha [Tue, 8 Nov 2022 17:34:12 +0000 (17:34 +0000)]
amd64: switch to clockintr(9)
Switch amd64 to the clockintr(9) subsystem. There are lots of little
changes, but the bigs ones are listed here.
When using the local apic timer:
- Run the timer in one-shot mode.
- lapic_delay() is gone. We can't use it to delay(9) when running
the timer in one-shot mode.
- Add a randomized statclock(); stathz = hz.
- Add support for switching to profhz when profiling is enabled;
profhz = stathz * 10.
When using the i8254/mc146818:
- i8254's clockintr() no longer has a monopoly on hardclock().
- mc146818's rtcintr() no longer has a monopoly on statclock().
- In profiling mode, the statclock() will drift very slightly
because (profhz = 1024) does not divide evenly into one billion.
We could avoid this by setting (profhz = 512) instead and
programming the RTC to run at that rate.
Early revisions reviewed by mlarkin@. Extensively tested by mlarkin@
on a variety of physical and virtual hardware. Additional testing
from dv@ and jmc@.
Link: https://marc.info/?l=openbsd-tech&m=166776339203279&w=2
ok kettenis@ mlarkin@
jsing [Tue, 8 Nov 2022 17:07:17 +0000 (17:07 +0000)]
Refactor/split ED25519_keypair.
This brings in ED25519_keypair_from_seed() from BoringSSL commit
c034e2d3ce16, which ED25519_keypair then wraps. This reduces differences
between us and BoringSSL.
jsing [Tue, 8 Nov 2022 17:01:57 +0000 (17:01 +0000)]
Change function argument to reduce differences with BoringSSL.
kettenis [Tue, 8 Nov 2022 16:53:40 +0000 (16:53 +0000)]
Extent the current suspend/resume implementation to include support for
parking CPUs in a WFE/WFI loop.
ok deraadt@, mlarkin@
jsing [Tue, 8 Nov 2022 16:50:29 +0000 (16:50 +0000)]
Remove pointless loops.
From BoringSSL
997c706d43504.
tb [Tue, 8 Nov 2022 16:48:28 +0000 (16:48 +0000)]
Avoid signed integer overflow in i2c_ASN1_BIT_STRING()
If the length of the bitstring is INT_MAX, adding 1 to it is undefined
behavior, so error out before doing so.
Based on BoringSSL
eeb3333f by davidben
ok beck joshua
sashan [Tue, 8 Nov 2022 16:20:26 +0000 (16:20 +0000)]
This diff fixes panic tripped by KASSERT(st->sync_state == PFSYNC_S_NONE)
found in pfsync_insert_state(). It is caused by two packets which happen
to belong to the same session. Think of UDP stream or two TCP SYN packets
transmitted almost simultaneously. The first such packet wins a state lock
and inserts state to table. The second packet waits for state lock
as a reader. As soon as the first packet is done with state creation
it drops the lock and is going to sent S_INS message to its peer via
pfsync. The second update meanwhile obtains the state lock as a reader.
It finds a state created by the first packet. Later the second packet
also finds out the state needs to be updated, because sync_state
is still set to PFSYNC_S_NONE. The second packet puts state to snapshot
list marking it as S_UPD. All this happens before the first packet has
a chance to make a progress. Think of the first packet loses cpu after
dropping a write lock. Once the first packet gets running again it
trips KASSERT() because sync_state is set to S_UPD.
tested by hrvoje@
OK dlg@
kn [Tue, 8 Nov 2022 15:20:24 +0000 (15:20 +0000)]
Push kernel lock into ifioctl_get()
Another mechanical diff without semantic changes to avoid churn in actual
unlocking diffs.
OK mpi
cheloha [Tue, 8 Nov 2022 14:54:47 +0000 (14:54 +0000)]
acpihpet(4): disable/reenable acpihpet_delay() during suspend/resume
We can't use the HPET to delay(9) after we halt it during suspend.
Disable acpihpet_delay() before we halt the HPET and reenable it after
we restart the HPET during resume.
ok mlarkin@
cheloha [Tue, 8 Nov 2022 14:49:20 +0000 (14:49 +0000)]
i386: add delay_fini()
Not all of the clocks with a delay(9) implementation necessarily keep
ticking across suspend/resume. We need a clean way to reverse
delay_init() during suspend when those clocks stop ticking.
Hence, delay_fini(). delay_fini() resets delay_func() to
i8254_delay() if the given function pointer is the active delay(9)
implementation.
ok mlarkin@
cheloha [Tue, 8 Nov 2022 14:46:51 +0000 (14:46 +0000)]
amd64: add delay_fini()
Not all of the clocks with a delay(9) implementation necessarily keep
ticking across suspend/resume. We need a clean way to reverse
delay_init() during suspend when those clocks stop ticking.
Hence, delay_fini(). delay_fini() resets delay_func() to
i8254_delay() if the given function pointer is the active delay(9)
implementation.
ok mlarkin@
beck [Tue, 8 Nov 2022 14:42:42 +0000 (14:42 +0000)]
Add missing $OpenBSD$
kn [Tue, 8 Nov 2022 14:05:41 +0000 (14:05 +0000)]
Skip softraid(4) keydisks silently
Logging the presence of a keydisk the same way offline data chunks are
logged seems unjustified:
Offline data chunks mean the softraid volume is degraded and installboot(8)
should be rerun when they're online.
Offline keydisks just means the user unplugged their USB key or so and
installboot must never touch them anyway, so the absence of keydisks is
meaningless to installboot -- it should never touch them.
So a) drop the "is keydisk - skipping" message and b) hoist the keydisk
check before the offline check so as to avoid "not online - skipping"
messages for offline keydisks.
kettenis [Tue, 8 Nov 2022 14:01:13 +0000 (14:01 +0000)]
Move definitions for CNTV_CTL_EL0 to armreg.h.
ok mpi@, jsg@, phessler@, patrick@
deraadt [Tue, 8 Nov 2022 13:47:22 +0000 (13:47 +0000)]
In the new scheme, the main executable object needs to be marked
nodelete, so that _dl_relro() will immutable it's relro.
tb [Tue, 8 Nov 2022 13:01:53 +0000 (13:01 +0000)]
rpki-client regress: fix build after beck's libcrypto time changes
tobhe [Tue, 8 Nov 2022 12:59:36 +0000 (12:59 +0000)]
Fix leak of pk if EVP_PKEY_set1_RSA() fails.
Found with CodeChecker
feedback and ok tb@
beck [Tue, 8 Nov 2022 12:56:00 +0000 (12:56 +0000)]
Replace the old OpenSSL julian date stuff with BoringSSL's
OpenSSL dealt with time conversion using a classical julian
day scheme. BoringSSL got rid of it and uses only a julian
style calculation for seconds since the POSIX time epoch.
This changes libressl to use the seconds calculation exculusively
instead of a mix of the julian day based conversions and the
system time conversions to and from time_t to tm.
ok tb@ jsing@
dv [Tue, 8 Nov 2022 12:41:00 +0000 (12:41 +0000)]
whitespace fix in debug printf, no functional change.
kn [Tue, 8 Nov 2022 12:11:13 +0000 (12:11 +0000)]
Document network-boot-arguments for sparc64 diskless(8)
The Oracle OpenBoot 4.x Administration Guide[0] documents a few useful
options for network boot.
Basically, either
{ok} setenv network-boot-arguments tftp-retries=0
{ok} boot net ...
or
{ok} boot net:tftp-retries=0 ...
Newer machines like the T4-2 using OpenBoot 4.38.16 also support BOOTP/DHCP
besides RARP: "dhcp,hostname=puffy" works as expected on my
T4-2, but "boot-filename" and "boot-retries" remain unsupported on this
particular machine despite being documented in the guide.
0: https://docs.oracle.com/cd/E63648_01/html/E63649/gpvll.html#scrolltoc
OK miod
kn [Tue, 8 Nov 2022 12:08:53 +0000 (12:08 +0000)]
Make "prepare filesystem" softraid aware, fix arm64 softraid install
On EFI platforms, 'installboot -p' on a softraid volume will only prepare
the filesysem inside the volume and leave physical softraid chunks untouched
which leaves you with unbootable chunks.
The current workaround is to prepare chunks manually (see regress).
Fix it in the same spirit the actual "install" already works in softraid.c.
This is what mlarkin has already been tested in a combined diff with the
MD -> MI softraid merge bits from the previous commit.
Works fine on amd64, arm64 and sparc64 upgrades and installations.
OK jsing
patrick [Tue, 8 Nov 2022 11:51:34 +0000 (11:51 +0000)]
Implement reading/writing/configuring pins in qcgpio(4). The code has
mostly been there, it only needed to be hooked up to our infrastructure.
With this I can e.g. correctly see the lid state on the x13s.
ok kettenis@
kettenis [Tue, 8 Nov 2022 11:40:47 +0000 (11:40 +0000)]
Sprinkle some #ifdef MULTIPROCESSOR to make non-MP kernels build again.
kn [Tue, 8 Nov 2022 11:25:01 +0000 (11:25 +0000)]
Push kernel lock down into ifioctl()
This is a mechanical diff without semantical changes, locking ioctls
individually inside ifioctl() rather than all of them around it.
This allows us to unlock ioctls one by one.
OK mpi
mpi [Tue, 8 Nov 2022 11:06:41 +0000 (11:06 +0000)]
Regen
mpi [Tue, 8 Nov 2022 11:05:57 +0000 (11:05 +0000)]
Mark mmap(2), munmap(2) and mprotect(2) as NOLOCK.
Accesses to data structures used by these syscalls are serialized by the
VM map lock with the exception of file mappings which are still protected
by the KERNEL_LOCK().
Unlocking this set of syscalls improves most of userland workloads.
Tested by many including robert@ (since 2 years), mlarkin@, kn@, sdk@,
jca@, aoyama@, naddy@, Scott Bennett and others. Thanks to all!
Joint work with kn@.
ok robert@, aja@, kettenis@, kn@, deraadt@, beck@
nicm [Tue, 8 Nov 2022 10:04:31 +0000 (10:04 +0000)]
Fix C-S-Tab without extended keys, from Aaron Jensen.
tb [Tue, 8 Nov 2022 08:15:39 +0000 (08:15 +0000)]
stray space
deraadt [Tue, 8 Nov 2022 06:55:53 +0000 (06:55 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for riscv64, tested by jca
deraadt [Tue, 8 Nov 2022 06:47:31 +0000 (06:47 +0000)]
Instead of unmapping boot.text, and then a future allocation could land in
the gap, mmap a fresh MAP_FIXED MAP_ANON PROT_NONE and make it immutable
for good measure
ok guenther kettenis
joshua [Mon, 7 Nov 2022 23:09:25 +0000 (23:09 +0000)]
Wrap long lines
ok jsing@
joshua [Mon, 7 Nov 2022 23:04:25 +0000 (23:04 +0000)]
Move variables above code
ok jsing@
mbuhl [Mon, 7 Nov 2022 22:48:35 +0000 (22:48 +0000)]
Fix a memory leak in the error path of rde_dump_ctx_new.
ctx is leaked in case of an allocation in prefix_dump_new,
prefix_dump_subtree, rib_dump_new, or rib_dump_subtree fails.
Found by CodeChecker.
OK claudio@
tobhe [Mon, 7 Nov 2022 22:39:52 +0000 (22:39 +0000)]
Free objects that were dynamically allocated in libcrypto with OPENSSL_free().
When linking against libressl, OPENSSL_malloc() is just a wrapper around malloc()
so regular free() is safe. Other implementations allow switching to a different
allocator where free() could result in a possible heap corruption.
Report and initial fix by dropk1ck (gh #92)
ok tb@
mbuhl [Mon, 7 Nov 2022 22:39:13 +0000 (22:39 +0000)]
Fix theoretical access to garbage stack memory in pfkey_reply for
bgpd and ldpd.
Found by CodeChecker.
OK claudio@
deraadt [Mon, 7 Nov 2022 21:12:57 +0000 (21:12 +0000)]
Missed an ALIGN (which I will admit I do not understand, this is voodoo)
deraadt [Mon, 7 Nov 2022 20:41:38 +0000 (20:41 +0000)]
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
Similar changes for other architectures coming after more testing.
ok kettenis and guenther seemed to like it also
patrick [Mon, 7 Nov 2022 20:28:23 +0000 (20:28 +0000)]
The gpiokeys(4) 'label' property seems to be optional. If we don't have
any, don't try and print it, and especially don't error out.
Tested on Lenovo x13s (myself) and Pinebook Poop (kn@)
ok kn@
patrick [Mon, 7 Nov 2022 20:15:44 +0000 (20:15 +0000)]
Add support for the PCIe controller on the Qualcomm SC8280XP. Thankfully
UEFI already initializes those, so we can simply just make use of that.
That said, the ctrl/dbi region isn't the first in the register list, so
instead try and look it up first and use it if available. Furthermore,
the ATU region isn't part of the ctrl/dbi region, so if we are able to
retrieve a separate reg for the ATU, use that instead. Some reshuffling
is necessary to make that work.
Tested on my Lenovo x13s and the MacchiatoBin
ok kettenis@
schwarze [Mon, 7 Nov 2022 19:42:24 +0000 (19:42 +0000)]
White space KNF, no code change:
- line breaking and indentation in three struct declarations
- removal of trailing whitespace
Found while working on /usr/src/regress/lib/libcrypto/man/check_complete.pl .
OK tb@
patrick [Mon, 7 Nov 2022 19:07:31 +0000 (19:07 +0000)]
The ARM SMMUv2 does actually support #iommu-cells = <2>, where the second
cell is used as a mask for SMR to match a number of IDs. So far we have
asserted that it's always 1, so loosen the restriction and pass both cells
instead of only the sid.
ok kettenis@
kettenis [Mon, 7 Nov 2022 18:56:20 +0000 (18:56 +0000)]
Implement the "halt" IPI.
ok patrick@
tb [Mon, 7 Nov 2022 18:55:35 +0000 (18:55 +0000)]
Rework OpenSSL regress binding a bit to prepare for an upcoming beck
diff.
joshua [Mon, 7 Nov 2022 17:42:08 +0000 (17:42 +0000)]
Link aes/ to regress
joshua [Mon, 7 Nov 2022 17:41:40 +0000 (17:41 +0000)]
Add regress coverage for AES
ok tb@
dlg [Mon, 7 Nov 2022 16:35:11 +0000 (16:35 +0000)]
revert "move pf_purge out from under the kernel lock".
hrvoje popovski showed me pfsync blowing up with this. im backing
it out quickly in case something else at the hackathon makes it
harder to do later.
kn@ agrees
job [Mon, 7 Nov 2022 16:23:32 +0000 (16:23 +0000)]
Simplify use of strrchr()
with and OK tb@
kn [Mon, 7 Nov 2022 15:56:09 +0000 (15:56 +0000)]
Merge duplicate MD code into MI sr_open_chunk()
It does not have the prettiest signature, but nicely folds identical copies
into softraid.c, which then allows us to reuse sr_open_chunk() yet again in
an upcoming diff to make -p softraid aware (fixes arm64 installations).
Regress keeps passing.
Works fine on amd64, arm64 and sparc64.
"looks fine" mlarkin for whom this unbreaks a fresh arm64 softraid install
kn [Mon, 7 Nov 2022 15:55:56 +0000 (15:55 +0000)]
Use variable and shorter logic for NFS check
No need to hardcode a parent path if we can reuse an existing variable for
the specific path that is in being used.
Negate the file system type in df(1) so the `|| exit 1' can be dropped
in favour of the errexit option, as is done for everything else in there.
Clarify the comment how this is intentionally NOT logged, i.e. the test
happens before the error trap/syslog/logfile handling.
OK millert
jmc [Mon, 7 Nov 2022 15:32:24 +0000 (15:32 +0000)]
remove one more reference to tcp/slowhz;
while here, wrap some long lines;
robert [Mon, 7 Nov 2022 14:25:44 +0000 (14:25 +0000)]
introduce a new kern.autoconf_serial sysctl that can be used by userland
to monitor state changes of the kernel device tree
input from dnd ok dlg@, deraadt@
deraadt [Mon, 7 Nov 2022 13:19:38 +0000 (13:19 +0000)]
sync
dlg [Mon, 7 Nov 2022 12:56:38 +0000 (12:56 +0000)]
move pf_purge out from under the kernel lock and avoid the hogging cpu
this also avoids holding NET_LOCK too long.
the main change is done by running the purge tasks in systqmp instead
of systq. the pf state list was recently reworked so iteration over
the state can be done without blocking insertions.
however, scanning a lot of states can still take a lot of time, so
this also makes the state list scanner yield if it has spent too
much time running.
the other purge tasks for source nodes, rules, and fragments have
been moved to their own timeout/task pair to simplify the time
accounting.
in my environment, before this change pf purges often took 10 to
50ms. the softclock thread runs next to it often took a similar
amount of time, presumably because they ended up spinning waiting
for each other. after this change the pf_purges are more like 6 to
12ms, and dont block softclock. most of the variability in the runs
now seems to come from contention on the net lock.
tested by me sthen@ chris@
ok sashan@ kn@ claudio@
tb [Mon, 7 Nov 2022 12:36:21 +0000 (12:36 +0000)]
Fix whitespace. Looks like I was a pig 3 years ago...
dv [Mon, 7 Nov 2022 12:29:12 +0000 (12:29 +0000)]
vmm(4): set RAX guest register state based on VMCB
The read/write register routines for SVM didn't acknowledge RAX in
the VMCB as the de facto RAX state. When writing gprs, vmm should
update RAX in the VMCB. When reading, it should be setting the guest
regs state based on the VMCB.
Needed for proper mmio emulation in userland.
ok mlarkin@
jsing [Mon, 7 Nov 2022 11:58:45 +0000 (11:58 +0000)]
Rewrite TLSv1.2 key exporter.
Replace the grotty TLSv1.2 key exporter with a cleaner version that uses
CBB and CBS.
ok tb@
jsing [Mon, 7 Nov 2022 11:53:39 +0000 (11:53 +0000)]
Move tls13_exporter() code.
It makes more sense to have tls13_exporter() in tls13_key_schedule.c,
rather than tls13_lib.c
ok tb@
mbuhl [Mon, 7 Nov 2022 11:33:24 +0000 (11:33 +0000)]
Fix some spelling errors.
OK claudio@
yasuoka [Mon, 7 Nov 2022 11:22:55 +0000 (11:22 +0000)]
Modify TCP receive buffer size auto scaling to use the smoothed RTT
(SRTT) instead of the timestamp option. Since the timestamp option is
disabled on some OSs (eg. Windows) or dropped by some
firewalls/routers, in such a case the window size had been fixed at
16KB, this limits throughput at very low on high latency networks.
Also replace "tcp_now" from 2HZ tick counter to binuptime in
milliseconds to calculate the SRTT better.
tested by krw matthieu jmatthew dlg djm stu stsp
ok claudio
kn [Mon, 7 Nov 2022 11:03:14 +0000 (11:03 +0000)]
Set up logger(1) traps earlier to catch logfile setup failures
If /usr is mounted read-only, kernel relinking fails silently without any
log trace:
# /usr/libexec/reorder_kernel
/usr/libexec/reorder_kernel[35]: cannot create /usr/share/relink/kernel/GENERIC.MP/relink.log: Read-only file system
This stderr line does not show up anywhere because init(8) redirects stdout
and stderr to /dev/null, executes rc(8) which inherits it and thus executes
reorder_kernel with both streams discarded.
So install the error handler first, then try to set up a log file.
Introduce ERRMSG to provide error messages to users, i.e. not say
"see .../relink.log" when creating this file is what failed:
# ksh ./reorder_kernel.sh
./reorder_kernel.sh[40]: cannot create /usr/share/relink/kernel/GENERIC.MP/relink.log: Read-only file system
# tail -n1 /var/log/message # or xconsole(1)
Nov 7 10:51:00 eru reorder_kernel.sh: failed
OK tb
kn [Mon, 7 Nov 2022 10:45:39 +0000 (10:45 +0000)]
Run the ND6 expiry timer without kernel lock
Added in 2017 to
Reduce contention on the NET_LOCK() by moving the nd6 address expiration
task to the `softnettq`.
This should no longer be needed thanks to sys/net/if.c r1.652 in 2022:
Activate parallel IP forwarding. Start 4 softnet tasks. Limit the
usage to the number of CPUs.
Nothing in nd6_expire() or nd6_expire_timer_update() requires protection by
the kernel lock.
The interface list and per-interface address lists remain protected by the
net lock.
Tests by Hrvoje
OK mpi
deraadt [Mon, 7 Nov 2022 10:35:26 +0000 (10:35 +0000)]
dtors were broken by trying to reuse DF_1_NODELETE to hint that this
library would never unload, and could be immutable. Pass a seperate
flag for our purposes
Noticed from regress tests by anton, ok kettenis
krw [Mon, 7 Nov 2022 10:33:22 +0000 (10:33 +0000)]
Rename unreferenced field d_drivedata to smoke out any well
hidden uses.
krw [Mon, 7 Nov 2022 10:21:17 +0000 (10:21 +0000)]
Nuke last references to d_drivedata.
dtucker [Mon, 7 Nov 2022 10:09:28 +0000 (10:09 +0000)]
The IdentityFile option in ssh_config can also be used to specify a
public key file, as documented in ssh.1 for the -i option. Document this
also for IdentityFile in ssh_config.5, for documentation completeness.
From laalsaas at systemli.org via portable github PR#352, ok jmc@ djm@
dtucker [Mon, 7 Nov 2022 10:05:38 +0000 (10:05 +0000)]
Remove some set but otherwise unused variables, spotted in -portable by
clang 16's -Wunused-but-set-variable. ok djm@
dtucker [Mon, 7 Nov 2022 10:02:59 +0000 (10:02 +0000)]
Check for and disallow MaxStartups values less than or equal to zero
during config parsing, rather than faling later at runtime. bz#3489,
ok djm@
mpi [Mon, 7 Nov 2022 09:43:04 +0000 (09:43 +0000)]
Implement db_write_text/bytes() which add support for ddb(4)'s breakpoints.
Based on a diff from gerhard@, ok kettenis@
job [Mon, 7 Nov 2022 09:18:14 +0000 (09:18 +0000)]
Confirm Path Length is absent in the Basic Constraints extension
OK tb@
djm [Mon, 7 Nov 2022 04:04:40 +0000 (04:04 +0000)]
fix parsing of hex cert expiry time; was checking whether the
start time began with "0x", not the expiry time.
from Ed Maste
dtucker [Mon, 7 Nov 2022 02:21:21 +0000 (02:21 +0000)]
Import regenerated moduli.
dtucker [Mon, 7 Nov 2022 01:53:01 +0000 (01:53 +0000)]
Fix typo. From pablomh via -portable github PR#344.
guenther [Mon, 7 Nov 2022 01:41:57 +0000 (01:41 +0000)]
In kpageflttrap(), validate a non-NULL pcb_onfault against an array
of permitted addresses, done via .nofault* sections that end up in
the linked kernel's rodata.
ok deraadt@ kettenis@
kn [Sun, 6 Nov 2022 21:34:01 +0000 (21:34 +0000)]
Constify pfsync_acts[]; OK dlg
kn [Sun, 6 Nov 2022 21:32:54 +0000 (21:32 +0000)]
Skip MD post-install bits on upgrades
Upgrades are noiser on macppc (and loongson and octeon) than on other
architectures because boot firmware changes and/or tips to complete an
OpenBSD installation are always printed, even though they are not needed
after an upgrade.
OK deraadt
dlg [Sun, 6 Nov 2022 21:31:24 +0000 (21:31 +0000)]
get rid of pfsync_state_export.
it wraps pf_state_export and has the same arguments and return type.
pfsync can just call pf_state_export instead.
ok clang
jmc [Sun, 6 Nov 2022 20:15:44 +0000 (20:15 +0000)]
remove unneccessary Pp after Sh;
krw [Sun, 6 Nov 2022 20:03:48 +0000 (20:03 +0000)]
Nuke some 'set but not used' pathlen variables.
ok beck@
deraadt [Sun, 6 Nov 2022 19:28:48 +0000 (19:28 +0000)]
At present, mprotect(2) may reduce permissions on immutable pages marked
PROT_READ | PROT_WRITE to the less permissive PROT_READ. This one-way
operation is permitted for an introductory period to observe how software
uses this mechanism. It may change to require explicit mutable region
annotation with __attribute__((section(".openbsd.mutable"))) and explicit
calls to mimmutable().
^^^ Decided we'll do that for now, since we've only discovered one program
trying to be clever so far (chrome is trying to do something smart, and
mimmutable makes it even better)
discussed with kettenis and robert