openbsd
16 months agoInline sm3_local.h in sm3.c.
jsing [Sat, 8 Jul 2023 06:36:55 +0000 (06:36 +0000)]
Inline sm3_local.h in sm3.c.

sm3_local.h is not really a local header, just another layer of indirection
that cannot be included by anything other than sm3.c. As such, include it
directly instead.

No change in generated assembly.

16 months agoHide symbols in sm3
beck [Sat, 8 Jul 2023 06:13:08 +0000 (06:13 +0000)]
Hide symbols in sm3

ok tb@ jsing@

16 months agounbreak build when namespaced, file was here in my tree but didn't manage
beck [Sat, 8 Jul 2023 06:04:33 +0000 (06:04 +0000)]
unbreak build when namespaced, file was here in my tree but didn't manage
to cvs add

16 months agoadd ietp(4);
jmc [Sat, 8 Jul 2023 05:35:24 +0000 (05:35 +0000)]
add ietp(4);

16 months agoAdd ietp driver for Elantech I2C touchpads
jcs [Sat, 8 Jul 2023 02:43:02 +0000 (02:43 +0000)]
Add ietp driver for Elantech I2C touchpads

From Vladimir Serbinenko

16 months agoImplement route reference counting mockup poperly in rtable regress.
bluhm [Fri, 7 Jul 2023 20:38:17 +0000 (20:38 +0000)]
Implement route reference counting mockup poperly in rtable regress.
This allows to change rtable implementation in kernel without
breaking test.

16 months agoupstream portable fix for ocsp_test
bcook [Fri, 7 Jul 2023 19:54:36 +0000 (19:54 +0000)]
upstream portable fix for ocsp_test

16 months agoKeep mbuf header field ph_mss during loopback TCP with LRO/TSO.
bluhm [Fri, 7 Jul 2023 19:45:26 +0000 (19:45 +0000)]
Keep mbuf header field ph_mss during loopback TCP with LRO/TSO.

When M_TCP_TSO is preserved, also keep ph_mss.  In lo(4) this logic
was missing.  This may be relevant only for weird pf configs that
forward from loopback.

OK mvs@ jan@

16 months agoUnbreak the namespace build after a broken mk.conf and tool misfire had
beck [Fri, 7 Jul 2023 19:37:52 +0000 (19:37 +0000)]
Unbreak the namespace build after a broken mk.conf and tool misfire had
me aliasing symbols not in the headers I was procesing.

This unbreaks the namespace build so it will pass again

ok tb@

16 months agoMissing bit to make ld.bfd actually emit PT_OPENBSD_NOBTCFI.
pascal [Fri, 7 Jul 2023 17:23:03 +0000 (17:23 +0000)]
Missing bit to make ld.bfd actually emit PT_OPENBSD_NOBTCFI.

ok deraadt@

16 months agoAdd clocks for the RK3588 PWM controllers.
patrick [Fri, 7 Jul 2023 16:53:39 +0000 (16:53 +0000)]
Add clocks for the RK3588 PWM controllers.

ok kettenis@

16 months agoAdd clocks for the RK3588 I2C controllers.
patrick [Fri, 7 Jul 2023 16:52:57 +0000 (16:52 +0000)]
Add clocks for the RK3588 I2C controllers.

ok kettenis@

16 months agoAdd resets for the RK3588 USB 3.0 controllers.
patrick [Fri, 7 Jul 2023 16:52:09 +0000 (16:52 +0000)]
Add resets for the RK3588 USB 3.0 controllers.

ok kettenis@

16 months agoExpand the counters in struct mbstat from u_short to u_long. Use
bluhm [Fri, 7 Jul 2023 16:27:46 +0000 (16:27 +0000)]
Expand the counters in struct mbstat from u_short to u_long.  Use
malloc(9) memory instead of kernel stack for sysctl kern.mbstat.

from yasuoka@; chunk missed in previous commit; OK claudio@ tb@

16 months agoProvide optimised bn_mulw() for riscv64.
jsing [Fri, 7 Jul 2023 16:10:32 +0000 (16:10 +0000)]
Provide optimised bn_mulw() for riscv64.

This provides a 1.5-2x performance gain for BN multiplication, with a
similar improvement being seen for RSA operations.

16 months agoRemove symbols already declared in the public header
tb [Fri, 7 Jul 2023 16:04:57 +0000 (16:04 +0000)]
Remove symbols already declared in the public header

ok bcook beck jsing

16 months agoProvide a libcrypto Makefile.inc for riscv64.
jsing [Fri, 7 Jul 2023 15:51:03 +0000 (15:51 +0000)]
Provide a libcrypto Makefile.inc for riscv64.

This is currently no different from the existing behaviour and just pulls
in the C code that would have previously been built. However, it means that
OPENSSL_NO_ASM is no longer being defined by the main libcrypto Makefile,
which in turn will allow us to implement assembly optimisations.

16 months agoIgnore CVS directories for easier git + CVS coexistence.
tobhe [Fri, 7 Jul 2023 15:44:54 +0000 (15:44 +0000)]
Ignore CVS directories for easier git + CVS coexistence.

ok bluhm@ stsp@

16 months agoImplement SHA1_{Update,Transform,Final}() directly in sha1.c.
jsing [Fri, 7 Jul 2023 15:09:45 +0000 (15:09 +0000)]
Implement SHA1_{Update,Transform,Final}() directly in sha1.c.

Copy the update, transform and final functions from md32_common.h, manually
expanding the macros for SHA1. This will allow for further clean up to
occur.

No change in generated assembly.

16 months agoClean up alignment handling for SHA-256.
jsing [Fri, 7 Jul 2023 15:06:50 +0000 (15:06 +0000)]
Clean up alignment handling for SHA-256.

If input data is 32 bit aligned use be32toh() directly, otherwise use
crypto_load_be32toh(), cleaning up all of the HOST_c2l() usage.

ok beck@

16 months agoClean up SHA-256 input handling and round macros.
jsing [Fri, 7 Jul 2023 15:03:55 +0000 (15:03 +0000)]
Clean up SHA-256 input handling and round macros.

Avoid reach around and initialisation outside of the macro, cleaning up
the call sites to remove the initialisation.

ok beck@

16 months agoswap link-auth filter arguments
op [Fri, 7 Jul 2023 14:52:00 +0000 (14:52 +0000)]
swap link-auth filter arguments

Fields which can contain a '|' character are kept last to avoid
ambiguities so move result before username; link-auth was likely forgot
in r1.61 of lka_filter.c when the same treatment was applied to other
events.

Discovered after a report on -portable due to filter-rspamd crashing.

ok millert@

16 months agoRemove unused SHA-256 implementation.
jsing [Fri, 7 Jul 2023 14:32:41 +0000 (14:32 +0000)]
Remove unused SHA-256 implementation.

ok beck@

16 months agoExpand the counters in struct mbstat from u_short to u_long.
yasuoka [Fri, 7 Jul 2023 14:17:34 +0000 (14:17 +0000)]
Expand the counters in struct mbstat from u_short to u_long.

ok blumn mvs

16 months agoHide symbols in hkdf, evp, err, ecdsa, and ec
beck [Fri, 7 Jul 2023 13:54:45 +0000 (13:54 +0000)]
Hide symbols in hkdf, evp, err, ecdsa, and ec

(part 2 of commit)

ok jsing@

16 months agoHide symbols in hkdf, evp, err, ecdsa and ec
beck [Fri, 7 Jul 2023 13:53:52 +0000 (13:53 +0000)]
Hide symbols in hkdf, evp, err, ecdsa and ec

ok jsing@

16 months agoHide symbols in lhash, pem, and rc2
beck [Fri, 7 Jul 2023 13:40:44 +0000 (13:40 +0000)]
Hide symbols in lhash, pem, and rc2

ok jsing@

16 months agoRemove softdep from example fstab file
job [Fri, 7 Jul 2023 13:21:28 +0000 (13:21 +0000)]
Remove softdep from example fstab file

16 months agoHit idea with the loving mallet of knfmt
beck [Fri, 7 Jul 2023 12:51:58 +0000 (12:51 +0000)]
Hit idea with the loving mallet of knfmt

ok knfmt

16 months agohide symbols in sm, rand, and poly1305
beck [Fri, 7 Jul 2023 12:01:32 +0000 (12:01 +0000)]
hide symbols in sm, rand, and poly1305

ok jsing@

16 months agoThe per-VQ MSI-X interrupt handler needs to sync DMA mappings in the
patrick [Fri, 7 Jul 2023 10:23:39 +0000 (10:23 +0000)]
The per-VQ MSI-X interrupt handler needs to sync DMA mappings in the
same way that the shared interrupt handler does.  This is one of the
requirements of virtio_dequeue(), as specified in its comment above.

Without the DMA sync, it will not see a new entry on the ring and
return.  Since the interrupt is edge-triggered there won't be another
one and we'll get stuck.

ok dv@

16 months agoReplace HOST_l2c() with htob32() or crypto_store_htobe32().
jsing [Fri, 7 Jul 2023 10:22:28 +0000 (10:22 +0000)]
Replace HOST_l2c() with htob32() or crypto_store_htobe32().

ok beck@

16 months agoKeep more information about the established LPI around, so that we can use
patrick [Fri, 7 Jul 2023 10:11:39 +0000 (10:11 +0000)]
Keep more information about the established LPI around, so that we can use
targeted invalidation through INV instead of flushing the whole cache through
INVALL.  Having this information enables us to send DISCARD, which clears the
mapping from the ITT.  This seems to be necessary to make the Hetzner VM's ITS
happy when we try to disestablish and re-establish an LPI.

This also moves the LPI table completely into agintc(4), as LPIs are global to
an agintc(4) and especially with multiple agintcmsi(4) they should be unique.

Tested by claudio@
ok kettenis@

16 months agoRename RSA_eay_* to rsa_*.
jsing [Fri, 7 Jul 2023 10:11:23 +0000 (10:11 +0000)]
Rename RSA_eay_* to rsa_*.

Rename all of the RSA_eay_* functions to rsa_*, as well as changing the
method name (and naming). Reorder things slightly so that we can remove
all of the prototypes for static functions.

ok tb@

16 months agoUse "llu%" for printing the uint64_t fields in tcpcb.
yasuoka [Fri, 7 Jul 2023 09:15:13 +0000 (09:15 +0000)]
Use "llu%" for printing the uint64_t fields in tcpcb.

ok blumn

16 months agoEnable reading RSA-PSS certificates
tb [Fri, 7 Jul 2023 08:53:55 +0000 (08:53 +0000)]
Enable reading RSA-PSS certificates

ok beck jsing

16 months agoAdd a few more JH7110 clocks.
kettenis [Fri, 7 Jul 2023 08:43:47 +0000 (08:43 +0000)]
Add a few more JH7110 clocks.

ok jsing@

16 months agoHit rc2 with the loving mallet of knfmt.
beck [Fri, 7 Jul 2023 08:29:37 +0000 (08:29 +0000)]
Hit rc2 with the loving mallet of knfmt.

ok tb@

16 months agoFix path MTU discovery for TCP LRO/TSO when forwarding.
bluhm [Fri, 7 Jul 2023 08:05:02 +0000 (08:05 +0000)]
Fix path MTU discovery for TCP LRO/TSO when forwarding.

When doing LRO (Large Receive Offload), the drivers, currently ix(4)
and lo(4) only, record an upper bound of the size of the original
packets in ph_mss.  When sending, either stack or hardware must
chop the packets with TSO (TCP Segmentation Offload) to that size.
That means we have to call tcp_if_output_tso() before ifp->if_output().
Put that logic into if_output_tso() to avoid code duplication.  As
TCP packets on the wire do not get larger that way, path MTU discovery
should still work.

tested by and OK jan@

16 months agoAdd test coverage for leading zero octet dance
tb [Fri, 7 Jul 2023 07:47:25 +0000 (07:47 +0000)]
Add test coverage for leading zero octet dance

16 months agofixup for MS compilers
bcook [Fri, 7 Jul 2023 07:44:59 +0000 (07:44 +0000)]
fixup for MS compilers

16 months agoAdd support for multiple batteries to acpithinkpad setchargestart and
claudio [Fri, 7 Jul 2023 07:37:59 +0000 (07:37 +0000)]
Add support for multiple batteries to acpithinkpad setchargestart and
setchargestop. With this laptops like x270 or x240 properly set the
thresholds for both batteries.
Tested by kn@ and jmatthew@
OK kettenis@

16 months agoHide symbols in ts
beck [Fri, 7 Jul 2023 07:25:21 +0000 (07:25 +0000)]
Hide symbols in ts

ok jsing@

16 months agoUse an unsigned long long and corresponding formats
tb [Fri, 7 Jul 2023 07:04:24 +0000 (07:04 +0000)]
Use an unsigned long long and corresponding formats

Fixes build on 32 bit.

Reported by claudio

16 months agoMop up remaining uses of ASN1_bn_print()
tb [Fri, 7 Jul 2023 06:59:18 +0000 (06:59 +0000)]
Mop up remaining uses of ASN1_bn_print()

This removes lots of silly buffers and will allow us to make this API
go away.

ok jsing

16 months agoInsert leading octet if high bit of first nibble is 1
tb [Fri, 7 Jul 2023 06:41:59 +0000 (06:41 +0000)]
Insert leading octet if high bit of first nibble is 1

The reason the function this replaces is called ASN1_bn_print() is that it
actually prints a representation of the ASN.1 encoding.

ok jsing

16 months agoOne source file per line.
jsing [Fri, 7 Jul 2023 06:10:14 +0000 (06:10 +0000)]
One source file per line.

16 months agoregen
jsg [Fri, 7 Jul 2023 03:50:46 +0000 (03:50 +0000)]
regen

16 months agoadd more Intel 13G TBT PCIE ids
jsg [Fri, 7 Jul 2023 03:50:02 +0000 (03:50 +0000)]
add more Intel 13G TBT PCIE ids

from Volker Schlecht's Framework 13 dmesg and
13th Generation Intel Core Processors
Datasheet, Volume 2 of 2, Doc. No.: 764981, Rev.: 1.2

16 months agoAdjust perl unveil test to test the right thing
afresh1 [Fri, 7 Jul 2023 02:07:35 +0000 (02:07 +0000)]
Adjust perl unveil test to test the right thing

Normal users can't write to /dev/random, so the -w test would always
fail for root and succeed for everyone else no matter what unveil
did.  Testing with a temp file at least gives consistent results
no matter the user, even if I don't completely understand why the
-w and -r test results are different.

Noticed by bluhm@

16 months agotimeout_hardclock_update: enter timeout_mutex before reading uptime clock
cheloha [Thu, 6 Jul 2023 23:24:37 +0000 (23:24 +0000)]
timeout_hardclock_update: enter timeout_mutex before reading uptime clock

We have no way of knowing how long we will spin before entering
timeout_mutex.  Enter timeout_mutex first, then wait until just before
we start dumping kclock buckets to read the uptime clock.

16 months agominleft and maxsign are u_int so cast appropriately. Prompted by
dtucker [Thu, 6 Jul 2023 22:17:59 +0000 (22:17 +0000)]
minleft and maxsign are u_int so cast appropriately. Prompted by
github PR#410, ok deraadt.

16 months agoRectify -s lie
kn [Thu, 6 Jul 2023 21:08:50 +0000 (21:08 +0000)]
Rectify -s lie

-s to read passphrases from stdin can indeed be used for creation.

OK jmc

16 months agomissed refcnt_init_trace in NAME
kn [Thu, 6 Jul 2023 20:53:53 +0000 (20:53 +0000)]
missed refcnt_init_trace in NAME

16 months agoDocument dt(4)'s refcnt_init_trace
kn [Thu, 6 Jul 2023 20:51:31 +0000 (20:51 +0000)]
Document dt(4)'s refcnt_init_trace

"yes please" mvs
Input jca

16 months ago- fix voltage range defined by base2 and delta2 works correctly
uaa [Thu, 6 Jul 2023 20:02:36 +0000 (20:02 +0000)]
- fix voltage range defined by base2 and delta2 works correctly
- fix AXP209 dcdc3 vmask value
- always use vmask for voltage setting (especially for AXP209 ldo2/ldo5)
- add AXP305 support

ok kettenis@

16 months agoadding regression tests:
sashan [Thu, 6 Jul 2023 19:55:57 +0000 (19:55 +0000)]
adding regression tests:
    to verify limit on tickets progam can retrieve
    by DIOCXGETRULES. Ad

    tests which verify DIOCXEND works as expected, that program
    can release ticket obtained by earlier call to DIOCGETRULES

improvements from anton@

OK anton@, bluhm@

16 months agouse refcnt API for multicast addresses, add tracepoint:refcnt:ethmulti probe
kn [Thu, 6 Jul 2023 19:46:53 +0000 (19:46 +0000)]
use refcnt API for multicast addresses, add tracepoint:refcnt:ethmulti probe

Replace hand-rolled reference counting with refcnt_init(9) and hook it up
with a new dt(4) probe.

OK mvs
Feedback OK bluhm

16 months agooops, an extra PT_ snuck in; spotted by guenther
deraadt [Thu, 6 Jul 2023 16:45:30 +0000 (16:45 +0000)]
oops, an extra PT_ snuck in; spotted by guenther

16 months agoConvert ecpk_print_explicit_parameters() to bn_printf()
tb [Thu, 6 Jul 2023 15:18:02 +0000 (15:18 +0000)]
Convert ecpk_print_explicit_parameters() to bn_printf()

This eliminates a few stupid dances the horrible ASN1_bn_print() API
required.

ok jsing

16 months agobn_print: remove unused bio, plug leak
tb [Thu, 6 Jul 2023 15:11:21 +0000 (15:11 +0000)]
bn_print: remove unused bio, plug leak

16 months agoAdd regress coverage for bn_printf
tb [Thu, 6 Jul 2023 15:08:54 +0000 (15:08 +0000)]
Add regress coverage for bn_printf

This must be one of the ugliest tests I've ever written, but I can't think
of a better way of doing it.

16 months agoAdd bn_printf(), a replacement for ASN1_bn_print()
tb [Thu, 6 Jul 2023 14:37:39 +0000 (14:37 +0000)]
Add bn_printf(), a replacement for ASN1_bn_print()

ASN1_bn_print() will be removed in an upcoming bump. This adds an internal
API that covers the same functionality but doesn't require that the caller
pass in a sufficiently large scratch space that ASN1_bn_print() may or may
not use. In addition, this takes a format string, which allows us to ditch
some extra dances.

ok jsing

16 months agoadd support for starting at a given timestamp/ISO8601 time
espie [Thu, 6 Jul 2023 10:57:03 +0000 (10:57 +0000)]
add support for starting at a given timestamp/ISO8601 time

16 months agoif panic() is meant, use panic()
jasper [Thu, 6 Jul 2023 10:53:11 +0000 (10:53 +0000)]
if panic() is meant, use panic()

ok mpi@

16 months agonew options (boilerplate progressmeter options)
espie [Thu, 6 Jul 2023 10:43:37 +0000 (10:43 +0000)]
new options (boilerplate progressmeter options)
and also the ability to specify a timestamp as a subset of ISO8601

16 months agoUse mtx_init() to initialize stack-based mutexes
visa [Thu, 6 Jul 2023 10:17:43 +0000 (10:17 +0000)]
Use mtx_init() to initialize stack-based mutexes

mtx_init() ensures the mutex' lock_object has static storage duration.
This makes it safe to re-enable WITNESS with stack-based mutexes.

OK bluhm@ miod@

16 months agoClear knotes when finishing wseventvar
visa [Thu, 6 Jul 2023 10:16:58 +0000 (10:16 +0000)]
Clear knotes when finishing wseventvar

When finishing a wseventvar in wsevent_fini(), clear the klist.
Otherwise knotes can be left dangling, which can crash the kernel.

In general, klist_invalidate() should happen after vdevgone() in order
to avoid a race with kevent registration. However, the current wscons
drivers clear the wsevent pointer (sc->sc_base.me_evp) before calling
wsevent_fini(). This prevents the drivers from registering new kevents.

Prompted by a report by Peter J. Philipp on bugs@

OK mvs@ miod@

16 months agoDocument PS_CHROOT, and upcoming PS_NOBTCFI flags
deraadt [Thu, 6 Jul 2023 10:07:09 +0000 (10:07 +0000)]
Document PS_CHROOT, and upcoming PS_NOBTCFI flags

16 months agodocument NOBTCFI similar to WXNEEDED
deraadt [Thu, 6 Jul 2023 10:02:23 +0000 (10:02 +0000)]
document NOBTCFI similar to WXNEEDED

16 months agouse symbolic name PF_X instead of 1, pointed out by kettenis
deraadt [Thu, 6 Jul 2023 10:01:15 +0000 (10:01 +0000)]
use symbolic name PF_X instead of 1, pointed out by kettenis

16 months agoteach the BFD tools how to handle NOBTCFI, quite similar to WXNEEDED
deraadt [Thu, 6 Jul 2023 09:52:37 +0000 (09:52 +0000)]
teach the BFD tools how to handle NOBTCFI, quite similar to WXNEEDED
ok kettenis

16 months agoUse correct variable to check for successful allocation.
patrick [Thu, 6 Jul 2023 09:40:36 +0000 (09:40 +0000)]
Use correct variable to check for successful allocation.

ok kettenis@

16 months agoConvert tcp_now() time counter to 64 bit.
bluhm [Thu, 6 Jul 2023 09:15:23 +0000 (09:15 +0000)]
Convert tcp_now() time counter to 64 bit.

After changing tcp now tick to milliseconds, 32 bits will wrap
around after 49 days of uptime.  That may be a problem in some
places of our stack.  Better use a 64 bit counter.

As timestamp option is 32 bit in TCP protocol, use the lower 32 bit
there.  There are casts to 32 bits that should behave correctly.

Start with random 63 bit offset to avoid uptime leakage.  2^63
milliseconds result in 2.9*10^8 years of possible uptime.

OK yasuoka@

16 months agosync
deraadt [Thu, 6 Jul 2023 08:48:03 +0000 (08:48 +0000)]
sync

16 months agoRegister a mapping of dwge interfaces to ofw nodes/phandles.
jmatthew [Thu, 6 Jul 2023 08:32:37 +0000 (08:32 +0000)]
Register a mapping of dwge interfaces to ofw nodes/phandles.

ok kettenis@

16 months agostart moving a few files to use v5.36;
espie [Thu, 6 Jul 2023 08:29:26 +0000 (08:29 +0000)]
start moving a few files to use v5.36;
(this went through a full bulk)

16 months agounifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo
beck [Thu, 6 Jul 2023 07:56:32 +0000 (07:56 +0000)]
unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo

And remove the tendrils. This was useful for transition but we are now
well past this.

16 months agoremove during-development special cases for MNT_WXALLOWED and chrome and
deraadt [Thu, 6 Jul 2023 07:49:52 +0000 (07:49 +0000)]
remove during-development special cases for MNT_WXALLOWED and chrome and
IBT/BTI, because many more things are about to work correctly

16 months agosysctl(2) is now sysctl(3), in particular it does not access name[0] in
deraadt [Thu, 6 Jul 2023 07:47:04 +0000 (07:47 +0000)]
sysctl(2) is now sysctl(3), in particular it does not access name[0] in
userland.  This test should have been written with a signal handler to
be accurate..  Anyways, stop using syscall() to work around that
ok kettenis

16 months agosyscall(2) regress will eventually be pointless, and untestable also
deraadt [Thu, 6 Jul 2023 07:45:56 +0000 (07:45 +0000)]
syscall(2) regress will eventually be pointless, and untestable also
ok kettenis

16 months agomoving acpiioctl to a different file than acpiopen is not going to work
deraadt [Thu, 6 Jul 2023 06:58:07 +0000 (06:58 +0000)]
moving acpiioctl to a different file than acpiopen is not going to work
for ramdisks.  noticed by anton.
this must be reconsidered.

16 months agodefine OPENSSL_NO_DTLS1_1 since we no longer have that either.
beck [Thu, 6 Jul 2023 06:38:01 +0000 (06:38 +0000)]
define OPENSSL_NO_DTLS1_1 since we no longer have that either.

ok tb@

16 months agoAdd missing entry for gelf_update_ehdr in the list of functions that
jasper [Thu, 6 Jul 2023 06:25:49 +0000 (06:25 +0000)]
Add missing entry for gelf_update_ehdr in the list of functions that
update an existing header.

ok jmc@

16 months agoDefine the 'standard' OPENSSL_NO_BLAHBLAH's for no tls 1.0 or 1.1
beck [Thu, 6 Jul 2023 06:15:36 +0000 (06:15 +0000)]
Define the 'standard' OPENSSL_NO_BLAHBLAH's for no tls 1.0 or 1.1

We have no tls 1.0 or 1.1 or methods for them.

These "in theory" will make things that check the openssl #ifdef
soup for all the floating eyeballs make the correct decisions, or
if they do not they at least can not blame us.

ok tb@

16 months agobig update to pfsync to try and clean up locking in particular.
dlg [Thu, 6 Jul 2023 04:55:04 +0000 (04:55 +0000)]
big update to pfsync to try and clean up locking in particular.

moving pf forward has been a real struggle, and pfsync has been a
constant source of pain. we have been papering over the problems
for a while now, but it reached the point that it needed a fundamental
restructure, which is what this diff is.

the big headliner changes in this diff are:

- pfsync specific locks

this is the whole reason for this diff.

rather than rely on NET_LOCK or KERNEL_LOCK or whatever, pfsync now
has it's own locks to protect it's internal data structures. this
is important because pfsync runs a bunch of timeouts and tasks to
push pfsync packets out on the wire, or when it's handling requests
generated by incoming pfsync packets, both of which happen outside
pf itself running. having pfsync specific locks around pfsync data
structures makes the mutations of these data structures a lot more
explicit and auditable.

- partitioning

to enable future parallelisation of the network stack, this rewrite
includes support for pfsync to partition states into different "slices".
these slices run independently, ie, the states collected by one slice
are serialised into a separate packet to the states collected and
serialised by another slice.

states are mapped to pfsync slices based on the pf state hash, which
is the same hash that the rest of the network stack and multiq
hardware uses.

- no more pfsync called from netisr

pfsync used to be called from netisr to try and bundle packets, but now
that there's multiple pfsync slices this doesnt make sense. instead it
uses tasks in softnet tqs.

- improved bulk transfer handling

there's shiny new state machines around both the bulk transmit and
receive handling. pfsync used to do horrible things to carp demotion
counters, but now it is very predictable and returns the counters back
where they started.

- better tdb handling

the tdb handling was pretty hairy, but hrvoje has kicked this around
a lot with ipsec and sasyncd and we've found and fixed a bunch of
issues as a result of that testing.

- mpsafe pf state purges

this was committed previously, but because the locks pfsync relied on
weren't clear this just caused a ton of bugs. as part of this diff it's
now reliable, and moves a big chunk of work out from under KERNEL_LOCK,
which in turn improves the responsiveness and throughput of a firewall
even if you're not using pfsync.

there's a bunch of other little changes along the way, but the above are
the big ones.

hrvoje has done performance testing with this diff and notes a big
improvement when pfsync is not in use. performance when pfsync is
enabled is about the same, but im hoping the slices means we can scale
along with pf as it improves.

lots (months) of testing by me and hrvoje on pfsync boxes
tests and ok sashan@
deraadt@ says this is a good time to put it in

16 months agodrm/amd/display: Ensure vmin and vmax adjust for DCE
jsg [Thu, 6 Jul 2023 04:20:00 +0000 (04:20 +0000)]
drm/amd/display: Ensure vmin and vmax adjust for DCE

From Rodrigo Siqueira
c50065a3927932cd9baf3d5c94c91b58c31200d5 in linux-6.1.y/6.1.38
2820433be2a33beb44b13b367e155cf221f29610 in mainline linux

16 months agodrm/amdgpu: Validate VM ioctl flags.
jsg [Thu, 6 Jul 2023 04:18:04 +0000 (04:18 +0000)]
drm/amdgpu: Validate VM ioctl flags.

From Bas Nieuwenhuizen
9d0b2afadfd71e9bedd593358bd7ac4701e46477 in linux-6.1.y/6.1.38
a2b308044dcaca8d3e580959a4f867a1d5c37fac in mainline linux

16 months agodrm/amd/display: Do not update DRR while BW optimizations pending
jsg [Thu, 6 Jul 2023 04:16:28 +0000 (04:16 +0000)]
drm/amd/display: Do not update DRR while BW optimizations pending

From Aric Cyr
a905b0b318ad7d37c3041573454129923e0a0723 in linux-6.1.y/6.1.38
32953485c558cecf08f33fbfa251e80e44cef981 in mainline linux

16 months agodrm/amd/display: Remove optimization for VRR updates
jsg [Thu, 6 Jul 2023 04:13:52 +0000 (04:13 +0000)]
drm/amd/display: Remove optimization for VRR updates

From Alvin Lee
dd6d6f9d47aebf50713fb857f91402a1c6c3131c in linux-6.1.y/6.1.38
3442f4e0e55555d14b099c17382453fdfd2508d5 in mainline linux

16 months agoPerl tests expect executable permission on source files to match
bluhm [Wed, 5 Jul 2023 21:38:22 +0000 (21:38 +0000)]
Perl tests expect executable permission on source files to match
the Perl distribution.  Fix them in obj directory during test run.
This seems easier than to fiddle with permissions in CVS.

16 months agoHide symbols in asn1 and bio
beck [Wed, 5 Jul 2023 21:23:36 +0000 (21:23 +0000)]
Hide symbols in asn1 and bio

ok jsing@

16 months agoupstream hidden file #include_next workaround for MS C compilers
bcook [Wed, 5 Jul 2023 21:14:54 +0000 (21:14 +0000)]
upstream hidden file #include_next workaround for MS C compilers

ok beck@, tb@

16 months agodon't return in a void function
bcook [Wed, 5 Jul 2023 20:56:29 +0000 (20:56 +0000)]
don't return in a void function

ok tb@

16 months agoMerge bio.h patch from libressl-portable
tb [Wed, 5 Jul 2023 19:25:01 +0000 (19:25 +0000)]
Merge bio.h patch from libressl-portable

ok beck@

16 months agoMove acpiioctl to acpi_x86.c, it is only used up on i386 and amd64.
tobhe [Wed, 5 Jul 2023 18:51:55 +0000 (18:51 +0000)]
Move acpiioctl to acpi_x86.c, it is only used up on i386 and amd64.

ok kettenis@ deraadt@

16 months agoHandle fixed-link configuration in the device tree.
jmatthew [Wed, 5 Jul 2023 18:48:49 +0000 (18:48 +0000)]
Handle fixed-link configuration in the device tree.

If fixed-link is present, populate the interface baudrate, link status
(full duplex or half duplex) and media type, and then call the statch
handler to apply that config to the MAC.  If fixed-link is specified
then do not attach a phy.

Note that phy lookup and reset still occurs in case the device tree
still uses the deprecated snps,reset-gpio properties.

Based on if_dwqe_fdt.c v1.11 and dwqe.c v1.8.
Tested on a Banana Pi R1 (aka Lamobo R1), which has its dwge interface
connected directly to an ethernet switch.

ok kettenis@

16 months agoIt isn't portable to use stderr (or std{in,out}) in file-scope
guenther [Wed, 5 Jul 2023 18:45:14 +0000 (18:45 +0000)]
It isn't portable to use stderr (or std{in,out}) in file-scope
initializers as they are not required to be compile-time constants.
So, intialize these global variables at the top of main().

ok miod@ deraadt@ yasuoka@ millert@

16 months agoThe hypercall page populated with instructions by the hypervisor is not IBT
anton [Wed, 5 Jul 2023 18:23:10 +0000 (18:23 +0000)]
The hypercall page populated with instructions by the hypervisor is not IBT
compatible due to lack of endbr64. Replace the indirect call with a new
hv_hypercall_trampoline() routine which jumps to the hypercall page without any
indirection.

Allows me to boot OpenBSD using Hyper-V on Windows 11 again.

ok guenther@

16 months agoFix off-by-one in the MSI-X interrupt establish loop that always tried to
patrick [Wed, 5 Jul 2023 18:11:08 +0000 (18:11 +0000)]
Fix off-by-one in the MSI-X interrupt establish loop that always tried to
establish one more interrupt than would be needed for per-VQ IRQs. This
meant even though there were enough MSI-X vectors available this path could
fail, roll back previously established interrupts and switch to shared IRQs
as a fallback.

ok dv@