jsing [Mon, 15 Feb 2021 17:57:58 +0000 (17:57 +0000)]
Only print the certificate file once on verifification failure.
Noted by Steffen Ullrich.
ok tb@
nicm [Mon, 15 Feb 2021 14:22:35 +0000 (14:22 +0000)]
Make SGR 6 (rapid blink) the same as SGR 5 (blink) and make SGR 21 to
the same as SGR 4:2, it is an old alternative. GitHub issue 2567.
krw [Mon, 15 Feb 2021 14:20:11 +0000 (14:20 +0000)]
Rework tick_msg() to make messages displayed during startup more
reliable and consistant.
Eliminate unused time_t parameter since we only tick during the first
link_timeout seconds. Replace it with 'action' parameter to clearly
indicated what tick_msg() is supposed to do.
Fix issuance of '\n' before log_debug() messages. Properly
reinitialize static variables.
Use more precise 'timespec' timers, hewing to idiom suggested by
cheloha@.
mpi [Mon, 15 Feb 2021 12:12:54 +0000 (12:12 +0000)]
Fix double unlock in uvmfault_anonget().
Reported by and ok jsg@
mglocker [Mon, 15 Feb 2021 11:26:00 +0000 (11:26 +0000)]
Back-out USB data toggle fix for HID devices, since we received multiple
reports about broken devices, e.g. for ukbd(4) and fido(4).
ok mpi@
dlg [Mon, 15 Feb 2021 11:09:22 +0000 (11:09 +0000)]
ProxyJump takes "none" to disable processing like ProxyCommand does
ok djm@ jmc@
nicm [Mon, 15 Feb 2021 09:39:37 +0000 (09:39 +0000)]
Support X11 colour names and some other variations for OSC 10/11, also
add OSC 110 and 111. GitHub issue 2567.
mpi [Mon, 15 Feb 2021 09:35:59 +0000 (09:35 +0000)]
Move single_thread_set() out of KERNEL_LOCK().
Use the SCHED_LOCK() to ensure `ps_thread' isn't being modified by a sibling
when entering tsleep(9) w/o KERNEL_LOCK().
ok visa@
semarie [Mon, 15 Feb 2021 07:06:03 +0000 (07:06 +0000)]
distrib: arm64: avoid customization in mr.fs target
arm64 ramdisk has customization in mr.fs target, in order to create
usr/mdec/pine64 and usr/mdec/rpi directories (files will be copied
inside them by runlist.sh).
uses MKDIR directive to create these directories instead of.
it put back mr.fs target identical to others archs.
ok deraadt@
deraadt [Mon, 15 Feb 2021 06:59:03 +0000 (06:59 +0000)]
Things are too tight. Retaining even those two symbols is too much.
When dealing with install floppies, the Makefiles will need to carry
some differences.
dlg [Mon, 15 Feb 2021 03:42:00 +0000 (03:42 +0000)]
move the rearming of the cq after the refill of the rq.
this is the only real diff we have left outstanding on a box that
experienced rx lockups. since adding this change it's been happy
for the last 4 weeks and counting so far.
ok jmatthew@
kettenis [Sun, 14 Feb 2021 19:24:38 +0000 (19:24 +0000)]
Enable clocks and adjust for removal of subnodes in upstream Linux
device trees.
kettenis [Sun, 14 Feb 2021 19:23:58 +0000 (19:23 +0000)]
Enable clocks.
kettenis [Sun, 14 Feb 2021 19:22:44 +0000 (19:22 +0000)]
Raise match priority to beat syscon(4).
Use the right clock for the Cortex-A7 cores.
Support CPU clocks and remove exclock_cpuspeed().
ok patrick@
kettenis [Sun, 14 Feb 2021 17:21:16 +0000 (17:21 +0000)]
regen
kettenis [Sun, 14 Feb 2021 17:20:47 +0000 (17:20 +0000)]
Add a few more devices that show up on the Apple M1 mini.
ok patrick@, deraadt@
semarie [Sun, 14 Feb 2021 17:14:42 +0000 (17:14 +0000)]
distrib: restore rdsetroot -x usage (extract the disk.fs image) on stripped bsd.rd
It passes options to keep rd_root_size and rd_root_image symbols while
stripping. These symbols are the ones used by rdsetroot to insert or
extract disk image into RAMDISK.
ok danj@ deraadt@
semarie [Sun, 14 Feb 2021 17:11:02 +0000 (17:11 +0000)]
distrib: use ${MACHINE} instead of hardcoded value
ok deraadt@
mortimer [Sun, 14 Feb 2021 16:16:02 +0000 (16:16 +0000)]
Shuffle how lldb register contexts are built.
Instead of using #if defined(__arch__) to include / exclude the entire contents
of the NativeRegisterContext implementations, use a single NativeRegisterContextOpenBSD_arch
which includes the right arch specific register context, and provides a dummy implementation
for unsupported architectures.
This allows building lldb on architectures which do not have a register context implementation
so it can be used as a remote client.
ok patrick@
anton [Sun, 14 Feb 2021 14:41:35 +0000 (14:41 +0000)]
Postpone installation of the periodic sensor task until at least one
device has connected.
anton [Sun, 14 Feb 2021 14:40:38 +0000 (14:40 +0000)]
Bail out earlier during attach if no devices are paired with the
receiver.
anton [Sun, 14 Feb 2021 14:39:25 +0000 (14:39 +0000)]
Enumerate all features supported by a device on connect.
Should help diagnose various reports regarding missing battery sensors.
kettenis [Sun, 14 Feb 2021 13:39:24 +0000 (13:39 +0000)]
Introduce variables to deal with bit layout differences in the UFSTAT
register. Use 32-bit reads and writes to access the URXH and UTXH
registers. They're documented as 32-bit registers in the Exynos 4 and
Exynos 5 User Manuals and accessing URXH with an 8-bit read triggers a
fault on Apple's M1 SoC.
ok patrick@
kettenis [Sun, 14 Feb 2021 10:57:40 +0000 (10:57 +0000)]
Recent device trees have the syscon-reboot and syscon-poweroff nodes as
children of the node claimed by expower(4). That node also fained a
"syscon" compatible in the process. Deal with these changes,
ok patrick@
jsg [Sun, 14 Feb 2021 03:42:55 +0000 (03:42 +0000)]
correct drm work flush behaviour
Don't set taskq to system_wq in INIT_WORK(). Test if taskq pointer is
non-NULL before calling taskq_barrier() in flush functions.
fixes a black screen on boot problem with 5.10.y drm using nano x1
bisected by jcs@ to
'drm/i915: Always flush the active worker before returning from the wait'
mortimer [Sat, 13 Feb 2021 21:33:54 +0000 (21:33 +0000)]
Cleanup lldb amd64 support.
- Remove watchpoint support since we do not support hardware watchpoints.
- Support floating point regsisters in the ReadAll/WriteAll interface.
- Standardize the sizes used in GerGPRSize() and GetFPRSize() to correspond
to the sizes we get from ptrace.
- Fix the r/w of the mmx registers to map onto the st fp registers instead
of xmm registers.
- Normalize some variable names to be architecture neutral.
ok patrick@
semarie [Sat, 13 Feb 2021 18:52:08 +0000 (18:52 +0000)]
distrib: remove .comment section systematically
remove this section as part of crunchgen generated commands.
it avoids calling "strip -R .comment" for some but not all architectures.
ok deraadt@ danj@
semarie [Sat, 13 Feb 2021 18:48:23 +0000 (18:48 +0000)]
distrib: remove .SUNW_ctf only on kernels
the .SUNW_ctf section is added by ctfstrip(1), which is only used for kernels.
ok deraadt@ danj@
semarie [Sat, 13 Feb 2021 18:46:52 +0000 (18:46 +0000)]
distrib: merge "cp a b; strip b" to "objcopy -S a b"
ok deraadt@ danj@
semarie [Sat, 13 Feb 2021 18:44:17 +0000 (18:44 +0000)]
distrib: remove duplicate strip(1) calls
"strip -R section" command run "strip" (without option) as well.
there is no need to call both.
(binaries checked with sha1)
original diff from danj@
ok deraadt@
semarie [Sat, 13 Feb 2021 18:41:52 +0000 (18:41 +0000)]
distrib: merge objcopy -Sg and strip commands
in the command "objcopy -Sg", the -g option (STRIP_DEBUG) overrides
the -S option (STRIP_ALL). so it is the same as "objcopy -g".
"strip" command without option is doing STRIP_ALL.
merge the both commands to "objcopy -S"
ok deraadt@ danj@
semarie [Sat, 13 Feb 2021 18:39:40 +0000 (18:39 +0000)]
distrib: remove STRIPOPTS variable from alpha and sparc64 Makefile
ok deraadt@ danj@
visa [Sat, 13 Feb 2021 17:12:38 +0000 (17:12 +0000)]
Revise cnmac(4)'s address filter setup
Set up the DMAC filter in one go instead of doing it separately for
unicast and multicast DMACs. This attempts to make the code a little
more readable. The setup should now run a bit faster as well because
it now does fewer register accesses.
Tested on CN5020, CN6120 and CN7130.
tobhe [Sat, 13 Feb 2021 16:14:12 +0000 (16:14 +0000)]
Add dynamic address configuration for roadwarrior clients.
The new 'iface' config option can be used to specify an interface
for the virtual addresses received from the peer.
Routes are automatically added based on the configured flows.
Input from sthen@ and claudio@
ok patrick@
jmc [Sat, 13 Feb 2021 08:07:48 +0000 (08:07 +0000)]
-h does not display version; from larry hynes
jmc [Sat, 13 Feb 2021 08:05:57 +0000 (08:05 +0000)]
readability fixes; from larry hynes
jmc [Sat, 13 Feb 2021 07:59:54 +0000 (07:59 +0000)]
various readability fixes; from larry hynes
mlarkin [Sat, 13 Feb 2021 07:56:26 +0000 (07:56 +0000)]
Fix some wrong comments and KNF/long line wraps
mlarkin [Sat, 13 Feb 2021 07:55:38 +0000 (07:55 +0000)]
Fix a comment
mlarkin [Sat, 13 Feb 2021 07:47:37 +0000 (07:47 +0000)]
Remove trailing whitespace
No code/functional change
mlarkin [Sat, 13 Feb 2021 07:46:44 +0000 (07:46 +0000)]
Remove trailing whitespace
No code/functional change
jmc [Sat, 13 Feb 2021 07:37:13 +0000 (07:37 +0000)]
various readability fixes; from larry hynes
jmc [Sat, 13 Feb 2021 07:28:50 +0000 (07:28 +0000)]
add some missing articles; from larry hynes
jmc [Sat, 13 Feb 2021 07:26:18 +0000 (07:26 +0000)]
readability fix; from larry hynes
jmc [Sat, 13 Feb 2021 07:20:49 +0000 (07:20 +0000)]
comma swap; from larry hynes
jsg [Sat, 13 Feb 2021 02:29:39 +0000 (02:29 +0000)]
change documented drm nodes to /dev/dri/ and mention powerpc64
tobhe [Fri, 12 Feb 2021 19:30:34 +0000 (19:30 +0000)]
Fix local and peer addresses in policy lookup for dangling SAs
after ikectl reload.
ok patrick@
deraadt [Fri, 12 Feb 2021 19:01:45 +0000 (19:01 +0000)]
sync
deraadt [Fri, 12 Feb 2021 17:03:51 +0000 (17:03 +0000)]
Some people still argue that rand(3) and random(3) have suitable deterministic
use cases, so explain the situation a bit more. Since the 80's, I estimate
around 5 algorithm changes, so any chosen seed is unrepeatable UB.
+The deterministic sequence algorithm changed a number of times since
+original development, is underspecified, and should not be relied upon to
+remain consistent between platforms and over time.
ok jmc kettenis
patrick [Fri, 12 Feb 2021 16:16:10 +0000 (16:16 +0000)]
pf_remove_divert_state() is an entry point into pf, modifying the pf state
table. Hence we have to grab both the pf lock and the pf state lock.
Found by dlg@
ok bluhm@ sashan@
sthen [Fri, 12 Feb 2021 14:20:15 +0000 (14:20 +0000)]
Xr to ssl(8) which has clues about EC key generation that are still useful
to acme-client users.
sthen [Fri, 12 Feb 2021 14:19:11 +0000 (14:19 +0000)]
Tweak ssl(8)'s text about EC generation. Streamline by using "ecparam
-genkey" rather than separately generating parameters and key. Give a
clue that some CAs accept only prime256v1. Show the user where to stop
if they're just generating a private key for acme-client and therefore
don't need to generate a csr or cert manually. Add xr to acme-client(1)
suggest by tb@.
ok jmc tb
bluhm [Fri, 12 Feb 2021 13:48:31 +0000 (13:48 +0000)]
Fix null pointer dereference in pf_route6(). Embedding scope into
addresses that come from pf cannot be right, so remove the code.
Coverity CID
1501718
OK dlg@ claudio@
sthen [Fri, 12 Feb 2021 12:16:53 +0000 (12:16 +0000)]
Sync cert.pem with Mozilla NSS root CAs, except "GeoTrust Global CA", ok tb@
Notably this update removes various old Symantec roots (GeoTrust,
thawte, VeriSign) that were set in NSS to be distrusted on 1/1/2021.
Nobody should have been using these for years; only certain subCAs
signed by these were valid in NSS in that time due to an exemption:
https://wiki.mozilla.org/CA/Additional_Trust_Changes#Symantec
Notably Apple's "Apple IST CA 2 - G1" which is still in use for
some endpoints (it is cross signed by another CA too but these
endpoints are publishing the GeoTrust intermediate cert).
So for now I have skipped removal of "GeoTrust Global CA" to avoid
affecting these sites. Debian ran into this when they updated their
cert database and had to back this part out, affected sites are
not reachable on Android Firefox and maybe other newer Firefoxes.
Some sites that were affected have moved to a different CA in the
last few days but others, notably api.push.apple.com, remain
(I can only guess that there is a complicated problem involved,
possibly cert pinning on old devices - the clock is ticking though
as this expires in May 2022 anyway ;)
Additions:
/C=RO/O=CERTSIGN SA/OU=certSIGN ROOT CA G2
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-
23584497/CN=e-Szigno Root CA 2017
/C=KR/O=NAVER BUSINESS PLATFORM Corp./CN=NAVER Global Root Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P256 Certification Authority
/C=US/ST=Illinois/L=Chicago/O=Trustwave Holdings, Inc./CN=Trustwave Global ECC P384 Certification Authority
Removals:
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use only/CN=GeoTrust Primary Certification Authority - G3
/C=TW/O=Government Root Certification Authority
/C=LU/O=LuxTrust S.A./CN=LuxTrust Global Root 2
/C=US/O=thawte, Inc./OU=(c) 2007 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G2
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2008 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G4
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE WISeKey Global Root GA CA
otto [Fri, 12 Feb 2021 12:03:39 +0000 (12:03 +0000)]
A few more flag combo's to test
jsg [Fri, 12 Feb 2021 10:28:55 +0000 (10:28 +0000)]
sync
jsg [Fri, 12 Feb 2021 10:26:33 +0000 (10:26 +0000)]
create /dev/ drm nodes with the same names as linux
This was proposed by Emil Velikov to simplify libdrm and will remove the
need for some patches in ports.
/dev/drm0 -> /dev/dri/card0
/dev/drmR128 -> /dev/dri/renderD128
The previous names will remain for a period of time and will later be
removed. Major and minor numbers remain the same.
libdrm will not be changed to use the new names until known privsep
and sandbox use has been updated to allow the new names.
ok deraadt@
deraadt [Fri, 12 Feb 2021 08:17:33 +0000 (08:17 +0000)]
do not need 66 keys anymore
nicm [Fri, 12 Feb 2021 06:52:48 +0000 (06:52 +0000)]
Do not care about the server socket closing if exiting anyway.
djm [Fri, 12 Feb 2021 03:49:09 +0000 (03:49 +0000)]
sftp: add missing lsetstat@openssh.com documentation
patch from Mike Frysinger
djm [Fri, 12 Feb 2021 03:14:18 +0000 (03:14 +0000)]
factor SSH_AGENT_CONSTRAIN_EXTENSION parsing into its own function
and remove an unused variable; ok dtucker@
patrick [Thu, 11 Feb 2021 23:55:48 +0000 (23:55 +0000)]
Call exuart(4) early attach on arm64.
ok kettenis@
patrick [Thu, 11 Feb 2021 23:54:40 +0000 (23:54 +0000)]
Enable exuart(4).
ok kettenis@
patrick [Thu, 11 Feb 2021 23:53:42 +0000 (23:53 +0000)]
Don't hardcode com(4)'s major number in exuart(4).
ok kettenis@
tobhe [Thu, 11 Feb 2021 22:02:41 +0000 (22:02 +0000)]
Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.
ok markus@
bluhm [Thu, 11 Feb 2021 21:09:56 +0000 (21:09 +0000)]
More route-to fallout in pfctl regress.
mvs [Thu, 11 Feb 2021 20:28:57 +0000 (20:28 +0000)]
sbdrop(): use NULL instead of 0 in pointer assignment
ok bluhm@
mvs [Thu, 11 Feb 2021 20:28:01 +0000 (20:28 +0000)]
We link `ifp' to `if_list' before we perform if_attachsetup(). It is not
fully initialized because we initialize `if_groups' after linking. It's
not triggered because if_attach() and if_unit(9) are serialized by
kernel lock and `ifp' is often filled by nulls. Move `if_groups'
initialization to if_attach_common() to prevent this.
ok bluhm@ claudio@ deraadt@
bluhm [Thu, 11 Feb 2021 19:41:05 +0000 (19:41 +0000)]
Link isakmpd dynamically. Mount /usr on NFS via IPsec does not
work anyway. Dynamic binaries help building errata, reduce disk
usage and make ROP harder. Also remove an unused bsd.subdir.mk
include.
OK sthen@ mvs@ deraadt@ tobhe@ patrick@
deraadt [Thu, 11 Feb 2021 17:02:39 +0000 (17:02 +0000)]
When clang was changed to -fcommon, perl's P_hash_{seed,state} variables
moved into BSS in the .o, with padding rules following the types -- they
are both char[]. Since P_hash_seed is (system-dependent) not a multiple of 8,
P_hash_state gets layed out misaligned, which sucks because the hash functions
demand 64-bit alignment for both variables. There is the possibility of using
misalignment macros, but this is not cheap. Could also use kernel-trap fault
repair, but the performance would really suck for something so crucial.
The correct fix would be for upstream to declare these types as uint64[],
we have requested that in https://github.com/Perl/perl5/issues/18555
In the meantime, carry a diff to roundup P_hash_seed to 64-bit alignment so that
P_hash_state will land aligned.
ok afresh1
stsp [Thu, 11 Feb 2021 16:22:06 +0000 (16:22 +0000)]
Add missing break in switch statement of rge_activate().
CID
1501716
ok kevlo@
and mestre@ had the same diff
visa [Thu, 11 Feb 2021 14:44:13 +0000 (14:44 +0000)]
Leave out gp initialization from kernel entry on mips64
On OpenBSD/mips64, the kernel is compiled with -mno-abicalls. This
disables gp-relative addressing and essentially makes gp a spare
register in the kernel. Hence it is unnecessary to initialize gp when
entering the kernel. The _gp symbol is not needed either.
Suggested by miod@
otto [Thu, 11 Feb 2021 13:40:28 +0000 (13:40 +0000)]
"proc: table is full" actually means thread table is full; ok mpi@ sthen@
claudio [Thu, 11 Feb 2021 12:08:21 +0000 (12:08 +0000)]
In the various open functions reduce the fdplock() to only span over the
function which need the lock (falloc, fdinsert, fdremove). In most cases
it is not correct to hold the lock while calling VFS functions or e.g.
closef since those aquire or release long lived VFS locks.
OK visa@ mvs@
mestre [Thu, 11 Feb 2021 11:57:32 +0000 (11:57 +0000)]
Initialize var since it's used in a condition a little bit afterwards.
CID
1501713
ok jmatthew@
anton [Thu, 11 Feb 2021 11:03:57 +0000 (11:03 +0000)]
Initialize the stack local device id variable correctly.
CID
1501705
patrick [Thu, 11 Feb 2021 10:41:19 +0000 (10:41 +0000)]
Swap faddr/laddr and fport/lport arguments in call to stoeplitz_ipXport().
Technically the whole point of the stoeplitz API is that it's symmetric,
meaning that the order of addresses and ports doesn't matter and will produce
the same hash value.
Coverity CID
1501717
ok dlg@
nicm [Thu, 11 Feb 2021 09:39:29 +0000 (09:39 +0000)]
Add a couple of helper functions, and flush imsgs on exit.
nicm [Thu, 11 Feb 2021 09:03:38 +0000 (09:03 +0000)]
O_TRUNC is needed in case file exists.
nicm [Thu, 11 Feb 2021 08:28:45 +0000 (08:28 +0000)]
Move file handling protocol stuff all into file.c so it can be reused
more easily.
anton [Thu, 11 Feb 2021 07:26:03 +0000 (07:26 +0000)]
Make room for handling of HID++ 1.0 devices. No functional change.
anton [Thu, 11 Feb 2021 07:24:50 +0000 (07:24 +0000)]
Use idx suffix consistently.
anton [Thu, 11 Feb 2021 07:23:48 +0000 (07:23 +0000)]
Remove unused software id macro.
anton [Thu, 11 Feb 2021 07:22:21 +0000 (07:22 +0000)]
Fold long line.
anton [Thu, 11 Feb 2021 06:56:49 +0000 (06:56 +0000)]
Stop uhidpp from claiming all report ids, instead only claim the
necessary ones. Solves a regression introduced with the arrival of
uhidpp causing some Logitech HID devices from attaching to its
appropriate driver.
Thanks to <naszy at poczta dot fm> and Peter Kane <pwkane at gmail dot com>
for reporting and trying out diffs.
ok mglocker@
anton [Thu, 11 Feb 2021 06:55:10 +0000 (06:55 +0000)]
Add uhidev_unset_report_dev(), doing the opposite of
uhidev_set_report_dev(). Needed by some upcoming changes to uhidpp.
ok mglocker@
anton [Thu, 11 Feb 2021 06:53:44 +0000 (06:53 +0000)]
If uhidev_set_report_dev() already have been invoked for the given
report id, there's no point in trying to find a matching sub device.
ok mglocker@
tb [Thu, 11 Feb 2021 04:56:43 +0000 (04:56 +0000)]
KNF
deraadt [Thu, 11 Feb 2021 04:08:17 +0000 (04:08 +0000)]
sync
tobhe [Wed, 10 Feb 2021 22:25:54 +0000 (22:25 +0000)]
Delay deletion of IKE SAs on rekey when stickyaddress is enabled to make
sure peers can keep their previously assigned addresses.
ok patrick@
espie [Wed, 10 Feb 2021 22:04:14 +0000 (22:04 +0000)]
rephrase example in a more consistent way
kettenis [Wed, 10 Feb 2021 20:51:27 +0000 (20:51 +0000)]
Add a instruction barrier between writing CCSELR_EL1 and reading CCSIDR_EL1
to guarantee that we read the cache parameters of the cache we just selected.
The required ISB instruction is present in the examples in the ARM ARM.
Fixes the the report on the cores in Apple's M1 SoC.
ok patrick@
bluhm [Wed, 10 Feb 2021 18:28:06 +0000 (18:28 +0000)]
If pf changes the routing table when sending packets, the kernel
could get stuck in an endless recursion during TCP path MTU discovery.
Create a dynamic host route in ip_output() that can be used by
tcp_mtudisc() to store the MTU.
Reported by Peter Mueller and Sebastian Sturm
OK claudio@
claudio [Wed, 10 Feb 2021 16:37:29 +0000 (16:37 +0000)]
Add med test, this no longer fails in -current
bluhm [Wed, 10 Feb 2021 14:45:27 +0000 (14:45 +0000)]
Use the same check in kernel and ifconfig for group names. ifconfig
delete group does not need name sanitation. The kernel will just
report that it does not exist.
OK deraadt@ gnezdo@ anton@ mvs@ claudio@
bluhm [Wed, 10 Feb 2021 14:41:53 +0000 (14:41 +0000)]
Interface group names must fit into IFNAMSIZ and be unique. But
the kernel made the unique check before trunkating with strlcpy().
So there could be two interface groups with the same name. The kif
is created by a name lookup. The trunkated names are equal, so
there was only one kif owned by both groups. When the groups got
destroyed, the single kif was removed twice from the RB tree.
Check length of group name before doing the unique check.
The empty group name was allowed and is now invalid.
Reported-by: syzbot+f47e8296ebd559f9bbff@syzkaller.appspotmail.com
OK deraadt@ gnezdo@ anton@ mvs@ claudio@
mvs [Wed, 10 Feb 2021 13:38:46 +0000 (13:38 +0000)]
Remove `sc_dead' logic from pppac(4). It is used to prevent
pppac_ioctl() be called on dying pppac(4) interface. But now if_detach()
makes dying `ifp' inaccessible and waits for references which are in-use
in ioctl(2) path. This logic is not required anymore. Also if_detach()
was moved before klist_invalidate() to prevent the case while
pppac_qstart() bump `sc_rsel'.
ok yasuoka@
espie [Wed, 10 Feb 2021 12:44:13 +0000 (12:44 +0000)]
as usual, stuff got removed without updating the documentation
GC www/drupal7 description
mvs [Wed, 10 Feb 2021 08:20:09 +0000 (08:20 +0000)]
Move UNIX domain sockets out of kernel lock. The new `unp_lock' rwlock(9)
used as solock()'s backend to protect the whole layer.
With feedback from mpi@.
ok bluhm@ claudio@
nicm [Wed, 10 Feb 2021 07:17:07 +0000 (07:17 +0000)]
Use ~/.tmux.conf as an example rather than /etc/passwd, suggested by
deraadt@.