openbsd
3 years agopass the uint64_t dst ethernet address from ether_input to bridges.
dlg [Fri, 5 Mar 2021 06:44:09 +0000 (06:44 +0000)]
pass the uint64_t dst ethernet address from ether_input to bridges.

tested on amd64 and sparc64.

3 years agoansi
jsg [Fri, 5 Mar 2021 06:01:13 +0000 (06:01 +0000)]
ansi

3 years agoansi
jsg [Fri, 5 Mar 2021 05:30:44 +0000 (05:30 +0000)]
ansi

3 years agowork with 64bit ethernet addresses in ether_input().
dlg [Fri, 5 Mar 2021 03:51:41 +0000 (03:51 +0000)]
work with 64bit ethernet addresses in ether_input().

this applies the tricks with addresses from veb and etherbridge
code to the normal ethernet input processing. it basically loads
the destination address from the packet and the interface ethernet
address into uint64_ts for comparison.

tested by hrvoje popovski and chris cappuccio
tested here on amd64, arm64, and sparc64
ok claudio@ jmatthew@

3 years agoImprove readability of softc accesses.
patrick [Fri, 5 Mar 2021 01:16:55 +0000 (01:16 +0000)]
Improve readability of softc accesses.

3 years agoIntroduce an IOVA allocator instead of mapping pages 1:1. Mapping pages 1:1
patrick [Fri, 5 Mar 2021 00:55:45 +0000 (00:55 +0000)]
Introduce an IOVA allocator instead of mapping pages 1:1.  Mapping pages 1:1
obviously reduces the overhead of IOVA allocation, but instead you have the
problem of doubly mapped pages, and making sure a page is only unmapped once
the last user is gone.  My initial attempt, modeled after apldart(4), calls
the allocator for each segment.  Unfortunately this introduces a performance
penalty which reduces performance from around 700 Mbit/s to about 20 Mbit/s,
or even less, in a simple single stream tcpbench scenario.  Most mbufs from
userland seem to have at least 3 segments.  Calculating the needed IOVA space
upfront reduces this penalty.  IOVA allocation overhead could be reduced once
and for all if it is possible to reserve IOVA during bus_dmamap_create(9), as
it is only called upon creation and basically never for each DMA cycle.  This
needs some more thought.

With this we now put the pressure on the PTED pools instead.  Additionally, but
not part of this diff, percpu pools for the PTEDs seem to reduce the overhead
for that single stream tcpbench scenario to 0.3%.  Right now this means we're
hitting a different bottleneck, not related to the IOMMU.  The next bottleneck
will be discovered once forwarding is unlocked.  Though it should be possible
to benchmark the current implementation, and different designs, using a cycles
counter.

With IOVA allocation it's not easily possible to correlate memory passed to
bus_dmamem_map(9) with memory passed to bus_dmamap_load(9).  So far my code
try to use the same cachability attributes as the kenrel uses for its userland
mappings.  For the devices we support, there seems to be no need so far.  If
this ever gives us any trouble in the feature, I'll have a look and fix it.

While drivers should call bus_dmamap_unload(9) before bus_dmamap_destroy(9),
the API explicitly states that bus_dmamap_destroy(9) should unload the map
if it is still loaded.  Hence we need to do exactly that.  I actually have
found one network driver which behaves that way, and the developer intends
to change the network driver's behaviour.

3 years agoExtend the commented code that shows which additional mappings are needed,
patrick [Fri, 5 Mar 2021 00:18:26 +0000 (00:18 +0000)]
Extend the commented code that shows which additional mappings are needed,
or which regions need to be reserved.  As it turns out, a region we should
not map is the PCIe address space.  Making a PCIe device try to do DMA to
an address in PCIe address space will obviously not make its way to SMMU
and host memory.  We'll probably have to add an API for that.

3 years agoRemove -g from CFLAGS. This was accidentally added with the last commit.
tobhe [Thu, 4 Mar 2021 22:27:13 +0000 (22:27 +0000)]
Remove -g from CFLAGS. This was accidentally added with the last commit.

3 years agoDerive config netmask from address pool if not explicitly configured.
tobhe [Thu, 4 Mar 2021 22:20:24 +0000 (22:20 +0000)]
Derive config netmask from address pool if not explicitly configured.

ok markus@

3 years agoTurns out the cores on Apple's M1 SoC only support 8-bit ASIDs.
kettenis [Thu, 4 Mar 2021 18:36:52 +0000 (18:36 +0000)]
Turns out the cores on Apple's M1 SoC only support 8-bit ASIDs.
Thank you Apple (not)!

Add an initial attempt to support such systems.  This isn't good enough
since the kernel will hang once you create more than 127 processes.
But it makes things work reasonably well until you reach that limit
which is good enough to build things on the machine itself.

ok patrick@

3 years agoPrint feature that indicates a CPU core supports 16-bit ASIDs.
kettenis [Thu, 4 Mar 2021 18:32:52 +0000 (18:32 +0000)]
Print feature that indicates a CPU core supports 16-bit ASIDs.

ok patrick@

3 years agonew sentence, new line;
jmc [Thu, 4 Mar 2021 17:03:42 +0000 (17:03 +0000)]
new sentence, new line;

3 years agoTweak whitespace and adjust prototypes.
visa [Thu, 4 Mar 2021 16:44:07 +0000 (16:44 +0000)]
Tweak whitespace and adjust prototypes.

3 years agoCombine octeon_pcibusvar.h into octeon_pcibus.c to reduce scatter.
visa [Thu, 4 Mar 2021 16:34:47 +0000 (16:34 +0000)]
Combine octeon_pcibusvar.h into octeon_pcibus.c to reduce scatter.

3 years agoAdd two error checks for strdup for consistency.
tb [Thu, 4 Mar 2021 15:44:13 +0000 (15:44 +0000)]
Add two error checks for strdup for consistency.

ok claudio

3 years agotypo in comment
tb [Thu, 4 Mar 2021 15:43:18 +0000 (15:43 +0000)]
typo in comment

3 years agoUpdate clock interrupt count atomically.
visa [Thu, 4 Mar 2021 15:38:06 +0000 (15:38 +0000)]
Update clock interrupt count atomically.

This avoids errors that can arise when multiple cores update the
variable at the same time.

3 years agoLast commit was done from a non-clean tree. Revert one line that broke
claudio [Thu, 4 Mar 2021 15:35:39 +0000 (15:35 +0000)]
Last commit was done from a non-clean tree. Revert one line that broke
everything. Oups.

3 years agoUpdate TAL files to offical versions that include a https:// URL for the
claudio [Thu, 4 Mar 2021 14:29:02 +0000 (14:29 +0000)]
Update TAL files to offical versions that include a https:// URL for the
trust anchor. rpki-client will then use the https:// URL first and fall
back to rsync if the https request failed.
OK job@ tb@

3 years agoUnify the out of memory errors here as well.
claudio [Thu, 4 Mar 2021 14:24:54 +0000 (14:24 +0000)]
Unify the out of memory errors here as well.

3 years agoUse the same way to error out in out of memory situation.
claudio [Thu, 4 Mar 2021 14:24:17 +0000 (14:24 +0000)]
Use the same way to error out in out of memory situation.
Just use 'err(1, NULL);' there is no need to include the type of function
that failed since it is still impossible to locate the right call.
Just use a debugger in that case.
OK tb@ deraadt@

3 years agoan -> and
tb [Thu, 4 Mar 2021 14:16:21 +0000 (14:16 +0000)]
an -> and

3 years agozap whitespace on three lines
tb [Thu, 4 Mar 2021 14:15:47 +0000 (14:15 +0000)]
zap whitespace on three lines

3 years agoReplace NOTREACHED with actuall errx() calls. I managed to return from
claudio [Thu, 4 Mar 2021 14:04:47 +0000 (14:04 +0000)]
Replace NOTREACHED with actuall errx() calls. I managed to return from
the proc_xyz() function at least in two occastions and it is not that
trivial to realize what goes wrong.

3 years agoRemove NOTREACHED marker, it should be obvious when the code is:
claudio [Thu, 4 Mar 2021 14:02:34 +0000 (14:02 +0000)]
Remove NOTREACHED marker, it should be obvious when the code is:
exit(rc);
/* NOTREACHED */

3 years agoSimply ignore errors from tls_close(). ftp(1) does the same and it seems
claudio [Thu, 4 Mar 2021 14:00:26 +0000 (14:00 +0000)]
Simply ignore errors from tls_close(). ftp(1) does the same and it seems
too many servers out there fail to properly close the TLS session which
results in unneccessary warnings like
  TLS close: EOF without close notify
Result of a discussion with job@ and tb@

3 years agoImplement a https client as a sub-process for rpki-client. This code will
claudio [Thu, 4 Mar 2021 13:01:41 +0000 (13:01 +0000)]
Implement a https client as a sub-process for rpki-client. This code will
be used to fetch TA certs and later on for RRDP. Kind of unreached for now
since the default TAL files don't include https URI.
The http client is fully asynchronous and can handle multiple downloads at
the same time. This code was based on the http client in ftp(1).
OK tb@, job@

3 years agoAdd sys/queue.h to the include list since imsg.h needs it. Currently
claudio [Thu, 4 Mar 2021 10:56:47 +0000 (10:56 +0000)]
Add sys/queue.h to the include list since imsg.h needs it. Currently
net/route.h pulls this is as a side-effect.
OK krw@

3 years agowarn about proper usage of Lst_Destroy.
espie [Thu, 4 Mar 2021 09:45:31 +0000 (09:45 +0000)]
warn about proper usage of Lst_Destroy.

as noticed by jsg@

3 years agobetter if I commit the version which actually includes the header ;)
espie [Thu, 4 Mar 2021 09:34:30 +0000 (09:34 +0000)]
better if I commit the version which actually includes the header ;)

3 years agosomehow I forgot to add copyright and to include the right prototypes.
espie [Thu, 4 Mar 2021 09:32:49 +0000 (09:32 +0000)]
somehow I forgot to add copyright and to include the right prototypes.
No actual code change (checked with cmp)

3 years agoMerge issignal() and CURSIG() in preparation for turning it mp-safe.
mpi [Thu, 4 Mar 2021 09:02:37 +0000 (09:02 +0000)]
Merge issignal() and CURSIG() in preparation for turning it mp-safe.

This makes appear some redundant & racy checks.

ok semarie@

3 years agoModify `uvmexp.swpgonly' atomically, required for uvm_fault() w/o KERNEL_LOCK()
mpi [Thu, 4 Mar 2021 09:00:03 +0000 (09:00 +0000)]
Modify `uvmexp.swpgonly' atomically, required for uvm_fault() w/o KERNEL_LOCK()

ok kettenis@

3 years agoBring back previous fix for UVM vnode deadlock.
mpi [Thu, 4 Mar 2021 08:38:48 +0000 (08:38 +0000)]
Bring back previous fix for UVM vnode deadlock.

tb@ reports that refaulting when there's contention on the vnode makes
firefox start very slowly on his machine.  To revisit when the fault
handler will be unlocked.

ok anton@

Original commit message:

Fix a deadlock between uvn_io() and uvn_flush(). While faulting on a
page backed by a vnode, uvn_io() will end up being called in order to
populate newly allocated pages using I/O on the backing vnode. Before
performing the I/O, newly allocated pages are flagged as busy by
uvn_get(), that is before uvn_io() tries to lock the vnode. Such pages
could then end up being flushed by uvn_flush() which already has
acquired the vnode lock. Since such pages are flagged as busy,
uvn_flush() will wait for them to be flagged as not busy. This will
never happens as uvn_io() cannot make progress until the vnode lock is
released.

Instead, grab the vnode lock before allocating and flagging pages as
busy in uvn_get(). This does extend the scope in uvn_get() in which the
vnode is locked but resolves the deadlock.

ok mpi@

Reported-by: syzbot+e63407b35dff08dbee02@syzkaller.appspotmail.com
3 years agoremove extra argument to printf
jsg [Thu, 4 Mar 2021 07:46:26 +0000 (07:46 +0000)]
remove extra argument to printf

3 years agoNotice when link-timeout expires even if istty(STDERR) hints that dhclient has
krw [Thu, 4 Mar 2021 02:00:42 +0000 (02:00 +0000)]
Notice when link-timeout expires even if istty(STDERR) hints that dhclient has
already gone daemon. Sometimes it's just that 2>/dev/null or something has
been done.

Should fix problem with sysupgrade when an interface (e.g. a wired interface that
has no cable plugged in) never comes up.

Problem reported and debug info from kettenis@, Jean-Philippe Luigi, Thomas L. and
Markus Lude. Thanks!

3 years agoNever automatically rewrite perl/dist/Devel-PPPort/t/01_test.t
afresh1 [Thu, 4 Mar 2021 01:13:11 +0000 (01:13 +0000)]
Never automatically rewrite perl/dist/Devel-PPPort/t/01_test.t

We are never going to update the files that generate this test and
the interaction with "cvs up" means we can accidentally hit it when
they hange between releases but permissions when building the system
prevent us from writing the update and breaks the build.

Found by naddy@, krw@, and deraadt@

3 years agooff by one
jsg [Wed, 3 Mar 2021 23:58:28 +0000 (23:58 +0000)]
off by one
ok claudio@ deraadt@

3 years agodon't sshbuf_get_u32() into an enum; reported by goetze AT
djm [Wed, 3 Mar 2021 22:41:49 +0000 (22:41 +0000)]
don't sshbuf_get_u32() into an enum; reported by goetze AT
dovetail.com via bz3269

3 years agoFree sc_vroute on shutdown.
tobhe [Wed, 3 Mar 2021 22:18:00 +0000 (22:18 +0000)]
Free sc_vroute on shutdown.

3 years agoRemove bogus (and pointless) pmap_activate(9) call.
kettenis [Wed, 3 Mar 2021 21:47:27 +0000 (21:47 +0000)]
Remove bogus (and pointless) pmap_activate(9) call.

ok drahn@

3 years agotypo in other_hostkeys_message() display output, ok djm
sthen [Wed, 3 Mar 2021 21:40:16 +0000 (21:40 +0000)]
typo in other_hostkeys_message() display output, ok djm

3 years agos/byte/character
martijn [Wed, 3 Mar 2021 20:15:54 +0000 (20:15 +0000)]
s/byte/character

Discussed with claudio@
Feedback jmc@

3 years agoAdd a configurable button mapping for tap gestures on touchpads.
bru [Wed, 3 Mar 2021 19:44:37 +0000 (19:44 +0000)]
Add a configurable button mapping for tap gestures on touchpads.

Thanks to RJ Johnson for this work!

ok mpi@

3 years agosndiod: Move MTC/MMC state to its own global structure
ratchov [Wed, 3 Mar 2021 10:19:06 +0000 (10:19 +0000)]
sndiod: Move MTC/MMC state to its own global structure

3 years agosndiod: Move MIDI control endpoint to opt structure
ratchov [Wed, 3 Mar 2021 10:13:06 +0000 (10:13 +0000)]
sndiod: Move MIDI control endpoint to opt structure

No behavior change.

3 years agosndiod: Move controls out of the device structure
ratchov [Wed, 3 Mar 2021 10:00:27 +0000 (10:00 +0000)]
sndiod: Move controls out of the device structure

Moving to a global server-wide controls list is necessary to expose
controls that are not associated to a particular device (ex. a device
selector).

The current hack to use the device-side sioctl_desc->addr variable as
client-side key can't work anymore. So, we use a unique dynamically
allocated ctl->addr key; this is much cleaner. A new "scope" enum
(with two "void *" arguments) is used to determine what the control
does control. This adds flexibility and allows to easily add new
control types that are not associated to devices.

No behavior change.

3 years agosndioctl: Flush stdout before polling
ratchov [Wed, 3 Mar 2021 09:40:43 +0000 (09:40 +0000)]
sndioctl: Flush stdout before polling

If stdout is not flushed, output is not seen by programs using
sndioctl through a pipe (ex. "sndioctl -m | cat" displays nothing).

Patch from Erico Nogueira <ericonr@disroot.org>, idea
from Duncan Overbruck <mail@duncano.de>

3 years agoUnveil only /etc/resolv.conf and /etc/resolv.conf.new not /etc/
kn [Wed, 3 Mar 2021 09:32:11 +0000 (09:32 +0000)]
Unveil only /etc/resolv.conf and /etc/resolv.conf.new not /etc/

Unveiling the entire directory stems from earlier development cycles
and is by no means required now, only the two files are created,
read from and written to.

OK deraadt florian semarie

3 years agoremove unreachable and unneeded code
jsg [Wed, 3 Mar 2021 09:06:20 +0000 (09:06 +0000)]
remove unreachable and unneeded code
ok martijn@

3 years agoneeds FILE*; from Mike Frysinger
djm [Wed, 3 Mar 2021 08:42:52 +0000 (08:42 +0000)]
needs FILE*; from Mike Frysinger

3 years agooff by one in array bounds tests
jsg [Wed, 3 Mar 2021 01:27:54 +0000 (01:27 +0000)]
off by one in array bounds tests
ok mlarkin@

3 years agoclean up span ports as span ports, not bridge ports.
dlg [Wed, 3 Mar 2021 00:00:03 +0000 (00:00 +0000)]
clean up span ports as span ports, not bridge ports.

the visible result of this is that span ports aren't made promisc
like bridge ports. when cleaning up a span port, trying to take
promisc off it screwed up the refs, and it makes the underlying
interface not able to be promisc when it should be promisc.

found by dave voutila

3 years agofix an assert in veb_p_ioctl() that failed when called by a span port.
dlg [Tue, 2 Mar 2021 23:40:06 +0000 (23:40 +0000)]
fix an assert in veb_p_ioctl() that failed when called by a span port.

veb_p_ioctl() is used by both veb bridge and veb span ports, but
it had an assert to check that it was being called by a veb bridge
port. this extends the check so using it on a span port doesnt cause
a panic.

found by dave voutila

3 years agoRead general and touchpad-specific wsmouse settings separately.
bru [Tue, 2 Mar 2021 22:35:19 +0000 (22:35 +0000)]
Read general and touchpad-specific wsmouse settings separately.
Correct the identification of the device type when reading the
touchpad parameters fails.

ok jcs@

3 years agoFix size computation in replace_repeat() for special_case REPEAT_WITH_Q.
millert [Tue, 2 Mar 2021 20:41:42 +0000 (20:41 +0000)]
Fix size computation in replace_repeat() for special_case REPEAT_WITH_Q.
This resulted in the NUL terminator being written to the end of the
buffer which was not the same as the end of the string.  That in
turn caused garbage bytes from malloc() to be processed.  Also
change the NUL termination to be less error prone by writing the
NUL immediately after the last byte copied.  OK sthen@

3 years agoIt is now possible to define single value variables in the startup file:
lum [Tue, 2 Mar 2021 19:50:52 +0000 (19:50 +0000)]
It is now possible to define single value variables in the startup file:

(define myfile d.txt)

And use them like:

(find-file myfile)

3 years agoOnly attach a fully configured bpf filter to a network interface.
florian [Tue, 2 Mar 2021 19:20:13 +0000 (19:20 +0000)]
Only attach a fully configured bpf filter to a network interface.
I'm worried we could see packets we shouldn't during a small time window.

3 years agoinclude of netinet/in.h here is incorrect, because net/route.h will pull
deraadt [Tue, 2 Mar 2021 17:50:41 +0000 (17:50 +0000)]
include of netinet/in.h here is incorrect, because net/route.h will pull
excessive types into scope.
ok claudio

3 years agodocument ENOTSUP wxallowed/wxneeded behaviour more clearly; ok kurt
deraadt [Tue, 2 Mar 2021 17:43:04 +0000 (17:43 +0000)]
document ENOTSUP wxallowed/wxneeded behaviour more clearly; ok kurt

3 years agoMust include netinet/in.h before netinet/ip.h or bad things happen.
claudio [Tue, 2 Mar 2021 17:39:26 +0000 (17:39 +0000)]
Must include netinet/in.h before netinet/ip.h or bad things happen.

3 years agoSeparate variable declaration and assignment.
jsing [Tue, 2 Mar 2021 17:26:25 +0000 (17:26 +0000)]
Separate variable declaration and assignment.

Requested by tb@

3 years agoReplace two handrolled tls12_record_protection_engaged().
jsing [Tue, 2 Mar 2021 17:24:37 +0000 (17:24 +0000)]
Replace two handrolled tls12_record_protection_engaged().

Noted by tb@

3 years agoMove key/IV length checks closer to usage sites.
jsing [Tue, 2 Mar 2021 17:18:59 +0000 (17:18 +0000)]
Move key/IV length checks closer to usage sites.

Also add explicit checks against EVP_CIPHER_iv_length() and
EVP_CIPHER_key_length().

Requested by tb@ during review.

ok tb@

3 years agoFix indentation of switch / case. No binary change.
florian [Tue, 2 Mar 2021 17:17:15 +0000 (17:17 +0000)]
Fix indentation of switch / case. No binary change.

3 years agoAdd tls12_record_protection_unused() and call from CCS functions.
jsing [Tue, 2 Mar 2021 17:16:44 +0000 (17:16 +0000)]
Add tls12_record_protection_unused() and call from CCS functions.

This moves the check closer to where a leak could occur and checks all
pointers in the struct.

Suggested by tb@ during review.

ok tb@

3 years agosatisfy older gcc with poor warning generation
deraadt [Tue, 2 Mar 2021 17:11:28 +0000 (17:11 +0000)]
satisfy older gcc with poor warning generation

3 years agorequires netinet/in.h
deraadt [Tue, 2 Mar 2021 16:39:46 +0000 (16:39 +0000)]
requires netinet/in.h

3 years agoRename local variable 'cur_time' in set_timeout() to 'now' like
krw [Tue, 2 Mar 2021 16:17:26 +0000 (16:17 +0000)]
Rename local variable 'cur_time' in set_timeout() to 'now' like
all the other struct timespec variables holding the current time.

3 years agoFix misleading indentation in SSL_get_error()
tb [Tue, 2 Mar 2021 15:43:12 +0000 (15:43 +0000)]
Fix misleading indentation in SSL_get_error()

3 years agoThis diff soaks up the user input while the the maximum character
lum [Tue, 2 Mar 2021 15:03:35 +0000 (15:03 +0000)]
This diff soaks up the user input while the the maximum character
length boundary is crossed in the minbuffer and allows the user to see
the error message and respond accordingly.  The goto named "null"
changed to "skipkey" as per Emil Engler's suggestion on tech@.

3 years agoEliminate redundant checks for expired leases in ifi->leasedb. Simply
krw [Tue, 2 Mar 2021 14:32:14 +0000 (14:32 +0000)]
Eliminate redundant checks for expired leases in ifi->leasedb. Simply
toss expired leases when writing the list to disk. And write the list
to disk before using a lease from it. Just make sure ifi->active
isn't tossed.

3 years agoUpdate logging with comments made by florian@ some time ago (i've not
lum [Tue, 2 Mar 2021 13:06:50 +0000 (13:06 +0000)]
Update logging with comments made by florian@ some time ago (i've not
updated logging to $HOME, but will do so). Also include mglog_misc()
which takes formatted input from Joachim Wiberg's mg. Thankyou both.

3 years agosndiod: Allow alternative devices to support different modes.
edd [Tue, 2 Mar 2021 12:15:46 +0000 (12:15 +0000)]
sndiod: Allow alternative devices to support different modes.

Currently sndiod does not allow you to use alternative devices (-F
devices) which support only a subset of the modes of the main (-f)
device.

For example, if you do `sndiod -f rsnd/0 -F rsnd/1` and:
 - rsnd/0 is full-duplex (rec + play).
 - rsnd/1 is play-only.

Then you will be unable to use rsnd/1 as sndiod deems it incompatible
and refuses to use it (similarly if rsnd/1 is record-only).

This is annoying. It means if you want to use a record-only or play-only
device, you will either have to kill sndiod and restart it specifying
only that device (`sndiod -f rsnd/1` for the above example), or failing
that, downgrade the functionality of the main device (`-m play`).

This diff (a joint effort between ratchov@ and myself) makes mixing
devices with different modes possible. It does this by making both
recording and playing available for all devices, even if the underlying
hardware doesn't support both modes.

For example, if I try to record from a play-only device, then recording
will succeed, but the captured PCM data will be pure silence. Similarly,
if I try to play to a record-only device, then the audio stream will
disappear into the ether.

This is mostly a no-op for sndiod in the default configuration (except
that play-only devices now accept recording clients). If you use
alternative devices (-F), then it's possible for a record-only device to
be found first, which may be confusing if you just want to hear sound.
We can only assume that if you deviate from defaults, then you know what
you are doing.

With guidance from, and OK ratchov@, thanks!

3 years agoMake unveiling the lease directory a warning instead of a fatal error
florian [Tue, 2 Mar 2021 12:03:50 +0000 (12:03 +0000)]
Make unveiling the lease directory a warning instead of a fatal error
when the lease directory does not exist.
This means that dhcpleased(8) will no longer request a previously
configured IP address from the dhcp server and will fall back to
DHCPDISCOVER which requests any IP address from the dhcp server.

This likely makes diskless(8) work with dhcpleased(8).

A normal diskless(8) setup has only / mounted via nfs when
dhcpleased(8) starts. /var exists but nothing is mounted there yet,
meaning /var/db/dhcpleased does not exist so lease files are disabled.
dhcpleased(8) sends a DHCPDISCOVER to request any IP address but since
the dhcp server has (very likely) a 'fixed-address' configured we get
the same IP back that is already configured.

If /var/db/dhcpleased/ exists on / (and /var is *NOT* mounted later)
in a diskless(8) setup, care must be taken that the root file system is
not shared between machines.

If /var/db/dhcpleased/ exists on / and /var on NFS is mounted over
this later bad things probably happen. This is a configuration error
and must befixed.

discussed with deraadt@

Actuall tests on existing diskless(8) setups would be appreciated.

3 years agoBetter unveil error messages; requested by deraadt some time ago.
florian [Tue, 2 Mar 2021 12:01:39 +0000 (12:01 +0000)]
Better unveil error messages; requested by deraadt some time ago.

3 years agoDo not use NULL active window; also do not leak window name. GitHub
nicm [Tue, 2 Mar 2021 11:00:38 +0000 (11:00 +0000)]
Do not use NULL active window; also do not leak window name. GitHub
issue 2590 from Chester Liu.

3 years agofinish GC old unintuitive interface
espie [Tue, 2 Mar 2021 10:59:20 +0000 (10:59 +0000)]
finish GC old unintuitive interface
now handle_continue and find_window_size are fully separated.

3 years agoDrop support for popups where the content is provided directly to tmux
nicm [Tue, 2 Mar 2021 10:56:45 +0000 (10:56 +0000)]
Drop support for popups where the content is provided directly to tmux
(which does not have many practical uses) and only support running a
program in the popup. display-popup is now simpler and can accept
multiple arguments to avoid escaping problems (like the other commands).

3 years agoFix the deadlock between uvn_io() and uvn_flush() by restarting the fault.
mpi [Tue, 2 Mar 2021 10:12:37 +0000 (10:12 +0000)]
Fix the deadlock between uvn_io() and uvn_flush() by restarting the fault.

Do not allow a faulting thread to sleep on a contended vnode lock to prevent
lock ordering issues with upcoming per-uobj lock.

ok anton@

Reported-by: syzbot+e63407b35dff08dbee02@syzkaller.appspotmail.com
3 years agoRevert the fix for the deadlock between uvn_io() and uvn_flush().
mpi [Tue, 2 Mar 2021 10:09:20 +0000 (10:09 +0000)]
Revert the fix for the deadlock between uvn_io() and uvn_flush().

This fix (ab)use the vnode lock to serialize access to some fields of
the corresponding pages associated with UVM vnode object and this will
create new deadlocks with the introduction of a per-uobj lock.

ok anton@

3 years agoIntroduce 'rde evaluate all' a mode to work around path hiding in IXP
claudio [Tue, 2 Mar 2021 09:45:07 +0000 (09:45 +0000)]
Introduce 'rde evaluate all' a mode to work around path hiding in IXP
route-server environments.

By default only the best path is sent to peers and if that path is filtered
then the path is hidden for that peer. On route-servers this is sometimes
not desried. For this 'rde evaluate all' will cause the evaluation process
to fall back to alternate routes and will redistribute the first non-filtered
path to the peer. This is very similar to per-peer RIBs but accomplishes
the same effect without the massive increase in memory usage. Compared to
the default mode this requires more CPU resources but it is probably less
than what per-peer RIBs would require.

'rde evaluate all' can be set and reset globally, on groups and on idividual
neighbors. It is not limited to route-server configs but route loops are
possible if not properly used.

OK benno@

3 years agoThere is no longer the need to mkpathat(), the main process runs now from
claudio [Tue, 2 Mar 2021 09:23:59 +0000 (09:23 +0000)]
There is no longer the need to mkpathat(), the main process runs now from
the cachedir.

3 years agoAdd missing RCS marker
kn [Tue, 2 Mar 2021 09:18:58 +0000 (09:18 +0000)]
Add missing RCS marker

3 years agoDo not unveil unused unwind socket under SMALL
kn [Tue, 2 Mar 2021 09:17:10 +0000 (09:17 +0000)]
Do not unveil unused unwind socket under SMALL

Remove unused STARTUP_WAIT_TIMO (since import),
add missing space to error message.

3 years agoOpen both the cachedir and outputdir early and use fchdir(2) to
claudio [Tue, 2 Mar 2021 09:08:59 +0000 (09:08 +0000)]
Open both the cachedir and outputdir early and use fchdir(2) to
switch between the two.
OK deraadt@ job@

3 years agoWhen building the chain of the intermediate certificates do not include the
claudio [Tue, 2 Mar 2021 09:00:46 +0000 (09:00 +0000)]
When building the chain of the intermediate certificates do not include the
root node (which should be a trust anchor). Trust anchors where added to
the X509_store and having them in the chain is kind of wrong and confuse
the new libressl X509 validator.
OK tb@

3 years agoremove ts_print() prototype function was removed in rev 1.100
jsg [Tue, 2 Mar 2021 05:34:20 +0000 (05:34 +0000)]
remove ts_print() prototype function was removed in rev 1.100

3 years agoremove uneeded md5.h include
jsg [Tue, 2 Mar 2021 04:10:07 +0000 (04:10 +0000)]
remove uneeded md5.h include
ok florian@

3 years agoIncrease the size of iov in pfkey_sa() to be large enough for all
jsg [Tue, 2 Mar 2021 03:31:25 +0000 (03:31 +0000)]
Increase the size of iov in pfkey_sa() to be large enough for all
possible options.

ok tobhe@

3 years agodon't read past the end of an array
jsg [Tue, 2 Mar 2021 02:56:22 +0000 (02:56 +0000)]
don't read past the end of an array
ok mvs@ mlarkin@

3 years agoopenssh-8.5
djm [Tue, 2 Mar 2021 01:48:18 +0000 (01:48 +0000)]
openssh-8.5

3 years agoDo *not* delay while waiting for IOTLB invalidation to complete. A 1ms
patrick [Tue, 2 Mar 2021 01:34:43 +0000 (01:34 +0000)]
Do *not* delay while waiting for IOTLB invalidation to complete.  A 1ms
delay is awful in a hot path, and the SMMU is actually quite quick on
invalidation, so simply removing the delay is worth a thousand roses.

Found with mental support from dlg@ (and btrace)

3 years agooff by one in bounds test
jsg [Tue, 2 Mar 2021 00:39:57 +0000 (00:39 +0000)]
off by one in bounds test
ok sthen@ millert@

3 years agosync for perl 5.32.1
afresh1 [Mon, 1 Mar 2021 23:26:45 +0000 (23:26 +0000)]
sync for perl 5.32.1

3 years agoApply pre-built unicore patch, remove excess files - perl-5.32.1
afresh1 [Mon, 1 Mar 2021 23:23:17 +0000 (23:23 +0000)]
Apply pre-built unicore patch, remove excess files - perl-5.32.1

OK sthen@

3 years agoApply local patches, remove excess files - perl-5.32.1
afresh1 [Mon, 1 Mar 2021 23:21:24 +0000 (23:21 +0000)]
Apply local patches, remove excess files - perl-5.32.1

OK sthen@

3 years agoFix merge issues, remove excess files - match perl-5.32.1 dist
afresh1 [Mon, 1 Mar 2021 23:19:42 +0000 (23:19 +0000)]
Fix merge issues, remove excess files - match perl-5.32.1 dist

OK sthen@

3 years agoImport perl-5.32.1
afresh1 [Mon, 1 Mar 2021 23:14:32 +0000 (23:14 +0000)]
Import perl-5.32.1

OK sthen@

3 years agoUpdate the MSI addresses for the Armada 8040. This chunk will only be
patrick [Mon, 1 Mar 2021 21:38:20 +0000 (21:38 +0000)]
Update the MSI addresses for the Armada 8040.  This chunk will only be
there until we have a proper way of making the MSI pages available.