openbsd
2 years agodrm/amdgpu: explicitly check for s0ix when evicting resources
jsg [Fri, 13 May 2022 03:24:22 +0000 (03:24 +0000)]
drm/amdgpu: explicitly check for s0ix when evicting resources

From Mario Limonciello
22b80bff17261427a5e152e537c3ec76fb356aec in linux 5.15.y/5.15.39
e53d9665ab003df0ece8f869fcd3c2bbbecf7190 in mainline linux

2 years agodrm/amdgpu: unify BO evicting method in amdgpu_ttm
jsg [Fri, 13 May 2022 03:20:30 +0000 (03:20 +0000)]
drm/amdgpu: unify BO evicting method in amdgpu_ttm

From Nirmoy Das
90253ae21c6b55532abad261e3a7dfa809c3bae9 in linux 5.15.y/5.15.39
58144d283712c9e80e528e001af6ac5aeee71af2 in mainline linux

2 years agodrm/amdgpu: do not use passthrough mode in Xen dom0
jsg [Fri, 13 May 2022 03:17:30 +0000 (03:17 +0000)]
drm/amdgpu: do not use passthrough mode in Xen dom0

From Marek Marczykowski-Gorecki
1a78d8fe6606aabcbdecef1745446f5a923a8e0a in linux 5.15.y/5.15.39
19965d8259fdabc6806da92adda49684f5bcbec5 in mainline linux

2 years agodrm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT
jsg [Fri, 13 May 2022 03:13:31 +0000 (03:13 +0000)]
drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT

From Harry Wentland
c10bab89a1bea395b2f6970529e38bef54ebf792 in linux 5.15.y/5.15.39
3dfe85fa87b2a26bdbd292b66653bba065cf9941 in mainline linux

2 years agoadd xen.h for 5.15.39 drm
jsg [Fri, 13 May 2022 03:05:05 +0000 (03:05 +0000)]
add xen.h for 5.15.39 drm

2 years agoFollow the recent change that the unit of `imgsize' argument of
yasuoka [Fri, 13 May 2022 00:17:20 +0000 (00:17 +0000)]
Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB.  Also change the arguement's type from
long to uint64_t that is preferred.

ok dv

2 years agoadd login.conf.d to mtree, from Raf Czlonka, ok deraadt
sthen [Thu, 12 May 2022 22:13:06 +0000 (22:13 +0000)]
add login.conf.d to mtree, from Raf Czlonka, ok deraadt

2 years agoFix setting of HT/VHT bits in rate flags of the iwx(4) Tx command.
stsp [Thu, 12 May 2022 21:33:31 +0000 (21:33 +0000)]
Fix setting of HT/VHT bits in rate flags of the iwx(4) Tx command.

Firmware can panic if rate flags ask for HT frames in VHT mode.
Version -67 seems to be ignoring what we set here and works either way.
But -66 and below were unhappy on my AX210 device.

Found while investing a bug report by Guilherme M. Schroeder
Fix tested on AX210 and AX200.

2 years agoadd /etc/login.conf.d/* to /etc/changelist, ok deraadt
sthen [Thu, 12 May 2022 20:45:01 +0000 (20:45 +0000)]
add /etc/login.conf.d/* to /etc/changelist, ok deraadt

2 years agoCall the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().
jsing [Thu, 12 May 2022 20:06:46 +0000 (20:06 +0000)]
Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().

In asn1_item_ex_d2i_choice(), only call the ASN1_OP_D2I_PRE callback after
allocation has occurred via ASN1_item_ex_new(). This matches the sequence
handling code and the documentation.

Discussed with tb@

2 years agoSmall readability tweak suggested by jsing
tb [Thu, 12 May 2022 20:00:06 +0000 (20:00 +0000)]
Small readability tweak suggested by jsing

2 years agoEnable X509v3_asid_subset() tests now that they no longer segfault.
tb [Thu, 12 May 2022 19:58:45 +0000 (19:58 +0000)]
Enable X509v3_asid_subset() tests now that they no longer segfault.

2 years agoRewrite and fix X509v3_asid_subset()
tb [Thu, 12 May 2022 19:56:43 +0000 (19:56 +0000)]
Rewrite and fix X509v3_asid_subset()

X509v3_asid_subset() assumes that both asnum and rdi are present while
they are both marked OPTIONAL in RFC 3779, 3.2.3. It will crash if
either one is missing. In RPKI land RDI is a MUST NOT use (e.g, RFC
6487, 4.8.11), so this API is currently useless (and seemingly unused).

Pick apart an ugly logical pipeline and implement this check in a
readable fashion.

ok jsing

2 years agoRename asn1_enc_free() to asn1_enc_cleanup().
jsing [Thu, 12 May 2022 19:55:58 +0000 (19:55 +0000)]
Rename asn1_enc_free() to asn1_enc_cleanup().

This function does not actually free an ASN1_ENCODING, which are embedded
in a struct.

Name suggested by tb@

2 years agoRewrite asn1_item_ex_d2i_choice() using CBS.
jsing [Thu, 12 May 2022 19:52:31 +0000 (19:52 +0000)]
Rewrite asn1_item_ex_d2i_choice() using CBS.

Now that combine no longer exists, we can also free and reallocate.

ok tb@

2 years agoRewrite asn1_enc_save() using CBS.
jsing [Thu, 12 May 2022 19:33:19 +0000 (19:33 +0000)]
Rewrite asn1_enc_save() using CBS.

Rework and clean up other asn1_enc_* related functions while here.

ok tb@

2 years agoUse freezero() with ASN1_ENCODING.
jsing [Thu, 12 May 2022 19:24:38 +0000 (19:24 +0000)]
Use freezero() with ASN1_ENCODING.

While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().

ok deraadt@ tb@

2 years agoRemove ASN1_AFLG_BROKEN.
jsing [Thu, 12 May 2022 19:11:14 +0000 (19:11 +0000)]
Remove ASN1_AFLG_BROKEN.

This workaround was used by ASN1_BROKEN_SEQUENCE, which existed for
NETSCAPE_ENCRYPTED_PKEY. Remove the workaround since the only consumer
has already been removed.

ok tb@

2 years agoyet another stupid shadowed variable, thx sthen@
espie [Thu, 12 May 2022 17:01:01 +0000 (17:01 +0000)]
yet another stupid shadowed variable, thx sthen@

2 years agoDuring coredumps only a single thread should be active, check this
claudio [Thu, 12 May 2022 16:29:58 +0000 (16:29 +0000)]
During coredumps only a single thread should be active, check this
by checking that it is a single threaded process or that ps_single is set.
OK mpi@

2 years agoDrop old powerpc flags from the build of clang
gkoehler [Thu, 12 May 2022 15:51:23 +0000 (15:51 +0000)]
Drop old powerpc flags from the build of clang

Drop NOPIE_FLAGS = -fPIE and change CFLAGS on powerpc to be the same
as on other arches.

ok deraadt@ kettenis@

2 years agoexplicitly write LRU in a comment so that it's easier to find ;)
espie [Thu, 12 May 2022 14:21:06 +0000 (14:21 +0000)]
explicitly write LRU in a comment so that it's easier to find ;)

2 years agoAnd the man page change too.
krw [Thu, 12 May 2022 14:10:05 +0000 (14:10 +0000)]
And the man page change too.

2 years agoConvert `fd_cmask' and `fd_refcnt' types from u_short to 32 bit types.
mvs [Thu, 12 May 2022 13:33:09 +0000 (13:33 +0000)]
Convert `fd_cmask' and `fd_refcnt' types from u_short to 32 bit types.

`fd_cmask' and `fd_refcnt' are 16 bit variables which are protected by
different locks and could be not MP independent on all architectures.
`fd_cmask' modifications already protected by fd_lock' rwlock(9), but
actually we do all access to both variables with kernel lock held. So
convert them both before make `fd_cmask' access without kernel when
umask(2) will be unlocked.

Proposed by bluhm@.

ok deraadt@ bluhm@

2 years agokqueue: Fix race condition in knote_remove()
visa [Thu, 12 May 2022 13:33:00 +0000 (13:33 +0000)]
kqueue: Fix race condition in knote_remove()

Always fetch the knlist array pointer at the start of every iteration
in knote_remove(). This prevents the use of a stale pointer after
another thread has simultaneously reallocated the kq_knlist array.

Reported and tested by and OK jsing@

2 years agoConsider BUFPAGES_DEFICIT in swap_shortage.
mpi [Thu, 12 May 2022 12:49:31 +0000 (12:49 +0000)]
Consider BUFPAGES_DEFICIT in swap_shortage.

ok beck@

2 years agoIntroduce uvm_pagedequeue() to reduce code duplication.
mpi [Thu, 12 May 2022 12:48:36 +0000 (12:48 +0000)]
Introduce uvm_pagedequeue() to reduce code duplication.

ok kettenis@

2 years agoBump IWX_UCODE_SECT_MAX to allow all new AX210/AX211 fw images to be parsed
stsp [Thu, 12 May 2022 12:29:28 +0000 (12:29 +0000)]
Bump IWX_UCODE_SECT_MAX to allow all new AX210/AX211 fw images to be parsed
successfully. Else we get "iwx0: firmware parse error 22, section type 19"
while trying to load iwx-so-a0-gf-a0-67 and iwx-so-a0-gf4-a0-67.

2 years agoAdd missing AX210/AX211 devices to the device ID matching table.
stsp [Thu, 12 May 2022 11:37:57 +0000 (11:37 +0000)]
Add missing AX210/AX211 devices to the device ID matching table.
The driver will now actually match on all those new devices, as intended.

Reported by Guilherme M. Schroeder

2 years agoPrevent '-u' when operating on GPT formatted disks, as the
krw [Thu, 12 May 2022 11:04:27 +0000 (11:04 +0000)]
Prevent '-u' when operating on GPT formatted disks, as the
equivalent 'update' editing command already is.

Avoids the destruction of the GPT when the preventative MBR
is overwritten with the default MBR.

ok deraadt@

2 years agoRemove verify callback
tb [Thu, 12 May 2022 10:53:59 +0000 (10:53 +0000)]
Remove verify callback

It is no longer possible to build rpki-client with LibreSSL < 3.5 or with
OpenSSL built with OPENSSL_NO_RFC3779, so this compat code can be retired.

ok claudio job

2 years agonuke tabs
tb [Thu, 12 May 2022 10:50:12 +0000 (10:50 +0000)]
nuke tabs

2 years agoAlign parsing of ipAddrBlock with autnomousSysNum
tb [Thu, 12 May 2022 10:49:22 +0000 (10:49 +0000)]
Align parsing of ipAddrBlock with autnomousSysNum

We now do one allocation per address family instead of one per prefix or
range.

ok claudio

2 years agoAdd a few more testcases for X509v3_asid_subset()
tb [Thu, 12 May 2022 10:12:18 +0000 (10:12 +0000)]
Add a few more testcases for X509v3_asid_subset()

2 years agoTidy up IP handling
tb [Thu, 12 May 2022 08:53:33 +0000 (08:53 +0000)]
Tidy up IP handling

Populate struct ip in the leaf functions instead of handing it through
several layers and copying it along the way. Pass in the afi instead of
letting struct ip carry it.

ok claudio

2 years agoRefactor parsing of autonomousSysNum. Adjust code so that the allocation
claudio [Thu, 12 May 2022 07:45:27 +0000 (07:45 +0000)]
Refactor parsing of autonomousSysNum. Adjust code so that the allocation
needed for append_as() is done upfront.
OK tb@

2 years agoditch the ...
espie [Thu, 12 May 2022 04:41:43 +0000 (04:41 +0000)]
ditch the ...

2 years agoVerify MFT and GBR objects only carry RFC 3779 extensions set to 'inherit'
job [Wed, 11 May 2022 21:19:06 +0000 (21:19 +0000)]
Verify MFT and GBR objects only carry RFC 3779 extensions set to 'inherit'

OK claudio@ tb@

2 years agoZap stray space
tb [Wed, 11 May 2022 18:48:35 +0000 (18:48 +0000)]
Zap stray space

2 years agoMark pw_error as __dead in prototype to match the function definition.
millert [Wed, 11 May 2022 17:23:56 +0000 (17:23 +0000)]
Mark pw_error as __dead in prototype to match the function definition.
From Matthew Martin.

2 years agofix quirks timestamp display: it's done somewhat early, before we decide
espie [Wed, 11 May 2022 17:17:35 +0000 (17:17 +0000)]
fix quirks timestamp display: it's done somewhat early, before we decide
whether we update or not, so we need to decorate the update_info with
the signer timestamp. It's the only place where an update_info actually
needs that stuff.

2 years agoCache X509v3 extensions as soon as we have a cert
tb [Wed, 11 May 2022 16:13:05 +0000 (16:13 +0000)]
Cache X509v3 extensions as soon as we have a cert

X509 API functions such as X509_check_ca() or X509_get_extension_flags()
can't be used reliably unless we know that X509v3 extensions are cached.
Otherwise they try to cache the extensions themselves but can't report
possible errors sensibly. They carry on and may return nonsense.

An old trick is to call X509_check_purpose() with a purpose of -1 which
is a wrapper around the internal x509v3_cache_extensions() that allows
error checking. Do this when we have a new cert. This way the API
functions affected by this can be relied upon. Another nice side effect
of doing this is that with LibreSSL we then know that the RFC 3779
extensions are in canonical form.

ok beck claudio

2 years agoIn filemode check whether ROA & RSC resources are properly contained
job [Wed, 11 May 2022 14:42:01 +0000 (14:42 +0000)]
In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

2 years agotweak header
espie [Wed, 11 May 2022 11:18:04 +0000 (11:18 +0000)]
tweak header

2 years agolocate yields information in sorted order (of course)
espie [Wed, 11 May 2022 09:55:41 +0000 (09:55 +0000)]
locate yields information in sorted order (of course)
so I can show a percentage of cached names already handled.

2 years agogc old stats code I no longer use
espie [Wed, 11 May 2022 09:47:23 +0000 (09:47 +0000)]
gc old stats code I no longer use

optimize archive reading slightly: read one less header
if we skip things, and we don't need to check wanted for
emptiness if it didn't change.

2 years agoFix doc comment of sbgp_asrange()
tb [Wed, 11 May 2022 09:40:00 +0000 (09:40 +0000)]
Fix doc comment of sbgp_asrange()

2 years agoMove sbgp_addr() down to the other sbgp_addr_* functions.
tb [Wed, 11 May 2022 09:07:04 +0000 (09:07 +0000)]
Move sbgp_addr() down to the other sbgp_addr_* functions.

ok claudio job

2 years agoDeserialize ASIdentifiers in libcrypto
tb [Wed, 11 May 2022 08:59:00 +0000 (08:59 +0000)]
Deserialize ASIdentifiers in libcrypto

Let the RFC 3779 code in libcrypto do its job: deserialize the ASIdentifiers
extension using X509V3_EXT_d2i() and then simply walk the returned struct.
This replaces quite a bit of low level ASN.1 fiddling with much simpler
reaching into structs with names that have some meaning.

Additionally, RFC 6487, 4.8.10 forbids RDI entries, so throw an error
instead of ignoring them.

ok claudio

2 years agomove a bit of code in a separate sub, fix indentation, add some comments
espie [Wed, 11 May 2022 07:51:47 +0000 (07:51 +0000)]
move a bit of code in a separate sub, fix indentation, add some comments
that explain some of the more complicated stuff going on now

2 years agoUse hardware routine for PHY reset and always accept the PHY that's present.
kevlo [Wed, 11 May 2022 06:14:15 +0000 (06:14 +0000)]
Use hardware routine for PHY reset and always accept the PHY that's present.

The previously used software reset routine wasn't sufficient to reset the PHY
if the bootloader hadn't left the device in an initialized state.
From FreeBSD.

Bug reported and the fix tested by daniel@

2 years agomove memory allocations in pfr_add_tables() out of
sashan [Tue, 10 May 2022 23:12:25 +0000 (23:12 +0000)]
move memory allocations in pfr_add_tables() out of
NET_LOCK()/PF_LOCK() scope. bluhm@ helped a lot
to put this diff into shape.

OK bluhm@

2 years agomake the CPU frequency scaling duration relative to the load
solene [Tue, 10 May 2022 22:18:06 +0000 (22:18 +0000)]
make the CPU frequency scaling duration relative to the load

in the pre-change behavior, if the CPU frequency is raised, it will stay up
for 5 cycles minimum (with one cycle being run every 100ms).
With this change, the time to keep the frequency raised is incremented at
each cycle up to 5. This mean short load need triggering the frequency
increase will last less than the current minimum of 500ms.

this only affect the automatic mode when on battery, extending the battery
life for most interactive use scenarios and idling loads.

tested by many with good results
ok ketennis@

2 years agoPrevent out-of-bounds array access with binaries that use unsupported
kettenis [Tue, 10 May 2022 20:23:57 +0000 (20:23 +0000)]
Prevent out-of-bounds array access with binaries that use unsupported
relocations.

ok guenther@

2 years agoAdd a BUGS section to describe the problem of potential lies and
tb [Tue, 10 May 2022 19:44:29 +0000 (19:44 +0000)]
Add a BUGS section to describe the problem of potential lies and
indicating a workaround.

input/ok jsing

2 years agoX509_check_ca() has 5 return values but still can't fail
tb [Tue, 10 May 2022 19:42:52 +0000 (19:42 +0000)]
X509_check_ca() has 5 return values but still can't fail

The values 0, 1, 3, 4, 5 all have some meaning, none of which is failure.
If caching of X509v3 extensions fails, returning X509_V_ERR_UNSPECIFIED,
i.e., 1 is a bad idea since that means the cert is a CA with appropriate
basic constraints. Revert to OpenSSL behavior which is to ignore failure
to cache extensions at the risk of reporting lies.

Since no return value can indicate failure, we can't fix this in
X509_check_ca() itself. Application code will have to call (and check)
the magic X509_check_purpose(x, -1, -1) to ensure extensions are cached,
then X509_check_ca() can't lie.

ok jsing

2 years agoIf Ruby 3.1 isn't available, try to fall back to Ruby 3.0 so that
tb [Tue, 10 May 2022 19:27:21 +0000 (19:27 +0000)]
If Ruby 3.1 isn't available, try to fall back to Ruby 3.0 so that
regress on bluhm's test machines have a chance to pass on slower
architectures while package builds catch up.

2 years agoRewrite asn1_item_ex_d2i() using CBS.
jsing [Tue, 10 May 2022 18:40:06 +0000 (18:40 +0000)]
Rewrite asn1_item_ex_d2i() using CBS.

This requires a few wrappers to call into some non-CBS functions, however
we can now remove the asn1_d2i_ex_primitive() wrapper as there are no
longer any non-CBS callers.

ok tb@

2 years agoConvert KVA allocation to km_alloc(9).
kettenis [Tue, 10 May 2022 18:04:50 +0000 (18:04 +0000)]
Convert KVA allocation to km_alloc(9).

ok mpi@

2 years agoOur read/write lock implementation was not fair to writers. When
bluhm [Tue, 10 May 2022 16:56:16 +0000 (16:56 +0000)]
Our read/write lock implementation was not fair to writers.  When
multiple IP forwarding threads were processing packets and holding
the shared net lock, the exclusive net lock was blocked permanently.
This could result in ping times well above 10 seconds.
Add the RWLOCK_WRWANT bit to the check mask of readers.  Then they
cannot grab the lock if a writer is also waiting.  This logic was
already present in revision 1.3, but got lost during refactoring.
When exiting the lock, there exists a race when the RWLOCK_WRWANT
bit gets deleted.  Add a comment that was present until revision
1.8 to document it.  The race itself is not easy to fix and had no
impact during testing.
OK sashan@

2 years agoFix a couple of typos in doc comments, bunch of KNF (whitespace) tweaks
tb [Tue, 10 May 2022 16:43:53 +0000 (16:43 +0000)]
Fix a couple of typos in doc comments, bunch of KNF (whitespace) tweaks

2 years agoDeserialize IPAddrBlocks in libcrypto
tb [Tue, 10 May 2022 16:17:07 +0000 (16:17 +0000)]
Deserialize IPAddrBlocks in libcrypto

Let the RFC 3779 code in libcrypto do its job: deserialize the IPAddrBlocks
extension using X509V3_EXT_d2i() and then simply walk the returned struct.
This replaces quite a bit of low level ASN.1 fiddling with much simpler
reaching into structs with names that have some meaning.

ok claudio

2 years agoFix leaks due to incorrect early returns rather than proper cleanup.
tb [Tue, 10 May 2022 15:45:04 +0000 (15:45 +0000)]
Fix leaks due to incorrect early returns rather than proper cleanup.

ok claudio job

2 years agoConfirm the absense of the Basic Constraints extension in non-CA certs
job [Tue, 10 May 2022 10:52:09 +0000 (10:52 +0000)]
Confirm the absense of the Basic Constraints extension in non-CA certs

with and OK tb@

2 years agoThe tests no-symlink and oldlib2 pass now. Do not expect failure.
bluhm [Tue, 10 May 2022 09:42:32 +0000 (09:42 +0000)]
The tests no-symlink and oldlib2 pass now.  Do not expect failure.

2 years agoFix reading of the MAC address on AX210 devices.
stsp [Tue, 10 May 2022 09:11:44 +0000 (09:11 +0000)]
Fix reading of the MAC address on AX210 devices.

wrong MAC address issue spotted by jsg@ and kevlo@
ok kevlo@

2 years agoMake run(4) attach to RT5372 devices.
stsp [Tue, 10 May 2022 08:20:36 +0000 (08:20 +0000)]
Make run(4) attach to RT5372 devices.
Patch by molotov31337 on tech@

2 years agoregen
stsp [Tue, 10 May 2022 08:20:07 +0000 (08:20 +0000)]
regen

2 years agoadd USB device ID of RT5372 for run(4); patch by molotov31337 on tech@
stsp [Tue, 10 May 2022 08:19:51 +0000 (08:19 +0000)]
add USB device ID of RT5372 for run(4); patch by molotov31337 on tech@

2 years agoValidate RSC filenames
tb [Tue, 10 May 2022 07:41:37 +0000 (07:41 +0000)]
Validate RSC filenames

Factor out POSIX portable filename check into a new valid_filename() and
rename the previous valid_filename() to valid_mft_filename().  Fixes and
supersedes imcomplete checks in the RSC code. Avoids truncation via
strndup() in case of embedded NULs.

input/ok claudio

2 years agoImprove control flow readability by removing 'else if' stanzas
job [Tue, 10 May 2022 07:28:43 +0000 (07:28 +0000)]
Improve control flow readability by removing 'else if' stanzas

OK tb@ claudio@

2 years agoupdate the iwx entry;
jmc [Tue, 10 May 2022 05:30:33 +0000 (05:30 +0000)]
update the iwx entry;

2 years agospelling
jsg [Tue, 10 May 2022 05:25:57 +0000 (05:25 +0000)]
spelling
from Ted Bullock

2 years agoRemove ASN.1 combining.
jsing [Tue, 10 May 2022 05:19:22 +0000 (05:19 +0000)]
Remove ASN.1 combining.

This was an option used to combine ASN.1 into a single structure, which was
only ever used by DSAPublicKey and X509_ATTRIBUTE. Since they no longer use
it we can mop this up and simplify all of the related code.

ok tb@

2 years agoAlign fdisk with the logic used in the kernel and allow the
krw [Tue, 10 May 2022 00:56:27 +0000 (00:56 +0000)]
Align fdisk with the logic used in the kernel and allow the
protective EFI GPT partition to be in MBR partitions 0-3, not
just the default partition 0.

2 years agodelete ftplist2 (the old ftplist IP address). We've talked loudly about a
deraadt [Mon, 9 May 2022 22:43:57 +0000 (22:43 +0000)]
delete ftplist2 (the old ftplist IP address). We've talked loudly about a
more distributed way of doing something smart and failovery, but this
annotation in the script isn't helping.

2 years agoIn a couple places, use set -m to cause subshells to gain process
deraadt [Mon, 9 May 2022 22:42:53 +0000 (22:42 +0000)]
In a couple places, use set -m to cause subshells to gain process
groups, and then kill the process group instead of the ksh pid. Some
of these processes contain sleep, which kept running, and in some
cases retained stderr (or other fd) and confused parent processes.
In some cases, add manual wait.  Finally, store the pid (nee pgrp)
in /tmp/xxpid files rather than variables, since there is a bit
of recursion and sub-shell confusion happening, and we have confused
ourselves at least twice with these pid variables not being in scope.
ok beck, with florian, ok kn
In snaps for almost a week.  A few more tweaks may come in a while.

2 years agoupdate iwx(4) man page in light of AX210/AX211 support
stsp [Mon, 9 May 2022 22:02:31 +0000 (22:02 +0000)]
update iwx(4) man page in light of AX210/AX211 support

2 years agoAdd support for AX210/AX211 devices to iwx(4).
stsp [Mon, 9 May 2022 21:57:26 +0000 (21:57 +0000)]
Add support for AX210/AX211 devices to iwx(4).

Firmware is available in fw_update(8) as of iwx-firmware-20220110.

Tested for regressions on AX200/AX201 by jmc, kettenis, and myself.

Tested on AX210 by abieber (framework laptop) and myself, both using
a device which loads ty-ao-gf-a0 firmware.
AX210/AX211 devices which load the following firmware files should
work but could not yet be tested due to lack of hardware:
iwx-so-a0-gf-a0-67, iwx-so-a0-gf4-a0-67, iwx-so-a0-jf-b0-64

2 years agoMention in the "proto icmp" section that standard stateful rules (i.e. the
sthen [Mon, 9 May 2022 21:48:00 +0000 (21:48 +0000)]
Mention in the "proto icmp" section that standard stateful rules (i.e. the
default type of PF rule) don't allow ICMP responses unless they match an
existing state - tweak "keep state (sloppy)" to suggest from the first
sentence of the paragraph that it affects more than TCP. ok sashan@ bluhm@

2 years agopf.conf(5) should mention impact of sloppy state handling on ICMP
sashan [Mon, 9 May 2022 20:29:23 +0000 (20:29 +0000)]
pf.conf(5) should mention impact of sloppy state handling on ICMP

OK @bluhm

2 years agoProtect sbappendaddr() in divert_packet() with kernel lock. With
bluhm [Mon, 9 May 2022 19:33:46 +0000 (19:33 +0000)]
Protect sbappendaddr() in divert_packet() with kernel lock.  With
divert-packet rules pf calls directly from IP layer to protocol
layer.  As the former has only shared net lock, additional protection
against parallel access is needed.  Kernel lock is a temporary
workaround until the socket layer is MP safe.
discussed with kettenis@ mvs@

2 years agoSimplify X509_ATTRIBUTE ASN.1 encoding.
jsing [Mon, 9 May 2022 19:19:33 +0000 (19:19 +0000)]
Simplify X509_ATTRIBUTE ASN.1 encoding.

For some unknown historical reason, X509_ATTRIBUTE allows for a single
ASN.1 value or an ASN.1 SET OF, rather than requiring an ASN.1 SET OF.
Simplify encoding and remove support for single values - this is similar
to OpenSSL e20b57270dec.

This removes the last use of COMBINE in the ASN.1 decoder.

ok tb@

2 years agoAdd RSC regress bits
job [Mon, 9 May 2022 17:20:25 +0000 (17:20 +0000)]
Add RSC regress bits

2 years agoDrop prototype of currently nonexistent function.
tb [Mon, 9 May 2022 17:19:32 +0000 (17:19 +0000)]
Drop prototype of currently nonexistent function.

2 years agoCommit file missed in previous.
tb [Mon, 9 May 2022 17:13:06 +0000 (17:13 +0000)]
Commit file missed in previous.

2 years agoAdd preliminary support for decoding RSC objects in filemode
job [Mon, 9 May 2022 17:02:34 +0000 (17:02 +0000)]
Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
  3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
  the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

2 years agoReplace a stray 0xA6 with DOSPTYP_OPENBSD. Tweak a ">= 2" to more
krw [Mon, 9 May 2022 15:09:50 +0000 (15:09 +0000)]
Replace a stray 0xA6 with DOSPTYP_OPENBSD. Tweak a ">= 2" to more
obvious "> 1".  Use easier to spot 'ask_yn() == 0' instead of
'!ask_yn()'.

No functional change.

2 years agoRevert "Replace selwakeup() with KNOTE() in pipe and socket event activation."
visa [Mon, 9 May 2022 14:49:55 +0000 (14:49 +0000)]
Revert "Replace selwakeup() with KNOTE() in pipe and socket event activation."

The commit caused hangs with NFS.

Reported by ajacoutot@ and naddy@

2 years agoregen
stsp [Mon, 9 May 2022 12:28:27 +0000 (12:28 +0000)]
regen

2 years agoadd another iwx(4) product ID (presumably AX211, marketing name differs)
stsp [Mon, 9 May 2022 12:27:40 +0000 (12:27 +0000)]
add another iwx(4) product ID (presumably AX211, marketing name differs)

2 years agodrm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
jsg [Mon, 9 May 2022 09:05:48 +0000 (09:05 +0000)]
drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses

From Imre Deak
4e308b21bc16231c90112d839859c9e38f7ef986 in linux 5.15.y/5.15.38
4ae4dd2e26fdfebf0b8c6af6c325383eadfefdb4 in mainline linux

2 years agodrm/i915: Check EDID for HDR static metadata when choosing blc
jsg [Mon, 9 May 2022 09:00:01 +0000 (09:00 +0000)]
drm/i915: Check EDID for HDR static metadata when choosing blc

From Jouni Hogander
67434e132b8c9d3fb59f0bc27da6d0a0488cf92b in linux 5.15.y/5.15.38
c05d8332f5d23fa3b521911cbe55a2b67fb21248 in mainline linux

2 years agodrm/amd/display: Fix memory leak in dcn21_clock_source_create
jsg [Mon, 9 May 2022 08:57:21 +0000 (08:57 +0000)]
drm/amd/display: Fix memory leak in dcn21_clock_source_create

From Miaoqian Lin
815b847af99d8b78131174fa1c32da0195c70e4c in linux 5.15.y/5.15.38
65e54987508b6f0771f56bdfa3ee1926d52785ae in mainline linux

2 years agodrm/amdkfd: Fix GWS queue count
jsg [Mon, 9 May 2022 08:54:36 +0000 (08:54 +0000)]
drm/amdkfd: Fix GWS queue count

From David Yat Sin
ce9be3baec9b58b3f6e4c721e6498ecfc37e5834 in linux 5.15.y/5.15.38
7c6b6e18c890f30965b0589b0a57645e1dbccfde in mainline linux

2 years agoshadowing variables is a bad idea (thanks Anton, this fixes regress)
espie [Mon, 9 May 2022 08:29:04 +0000 (08:29 +0000)]
shadowing variables is a bad idea (thanks Anton, this fixes regress)
also fix a logic error (that's very unlikely to happen outside of broken
scenarios, but we still want to have things work correctly in that
context)

2 years agoRemove errant apostrophe. From haruyama at queen-ml org.
dtucker [Mon, 9 May 2022 08:25:27 +0000 (08:25 +0000)]
Remove errant apostrophe.  From haruyama at queen-ml org.

2 years agoAllow existing -U (use agent) flag to work with "-Y sign" operations,
djm [Mon, 9 May 2022 03:09:53 +0000 (03:09 +0000)]
Allow existing -U (use agent) flag to work with "-Y sign" operations,
where it will be interpreted to require that the private keys is
hosted in an agent; bz3429, suggested by Adam Szkoda; ok dtucker@

2 years agoSoftware we import from outside tends to bloat faster than software we
deraadt [Sun, 8 May 2022 23:54:10 +0000 (23:54 +0000)]
Software we import from outside tends to bloat faster than software we
write ourselves.  This is a sad fact.  libz just did this to us, again.
I don't care to hunt for reasons or justifications because it is an
endless battle.
Therefore this tiny (floppy) media can no longer include the TZ files.
Because some other architectures also have tight media, we have an
install script mechanism to cope with this -- when they are missing, it
asks the timezone question later, after the base set is installed with
the files)

2 years agoimprove error message when 'ssh-keygen -Y sign' is unable to load a
djm [Sun, 8 May 2022 22:58:35 +0000 (22:58 +0000)]
improve error message when 'ssh-keygen -Y sign' is unable to load a
private key; bz3429, reported by Adam Szkoda ok dtucker@