openbsd
9 months agocount if_enqueue/ifq_enqueue errors as oqdrops.
dlg [Tue, 19 Mar 2024 03:49:11 +0000 (03:49 +0000)]
count if_enqueue/ifq_enqueue errors as oqdrops.

this helps narrow down where some "output failures" on sec interfaces
occur.

based on discussion with jason tubnor

9 months agoImplement Spectre-V4 mitigations. The only real effect of this change is
kettenis [Mon, 18 Mar 2024 21:57:22 +0000 (21:57 +0000)]
Implement Spectre-V4 mitigations.  The only real effect of this change is
that we now make a firmware call to enable the mitigations if the
firmware tells us mitigations are implemented and needed.  But according
to the specification these mitigations should be enabled by default.
The open source TF-A implementation only implements mitigations for older
Cortex-A76 cores.  Newer Cortex-A76 revisions are not vulnerable and as
far as I can tell we only support SoCs with the newer cores.

ok patrick@

9 months agoPass PHY OF node to the MII layer for use by PHY drivers.
patrick [Mon, 18 Mar 2024 21:37:44 +0000 (21:37 +0000)]
Pass PHY OF node to the MII layer for use by PHY drivers.

9 months agoReduce dmesg spam and only print about resource conflicts for resources
kettenis [Mon, 18 Mar 2024 21:20:46 +0000 (21:20 +0000)]
Reduce dmesg spam and only print about resource conflicts for resources
that are actually enabled.

ok dlg@, deraadt@

9 months agoAdd support for the new layout of the CCSIDR_EL1 register that was
kettenis [Mon, 18 Mar 2024 18:35:21 +0000 (18:35 +0000)]
Add support for the new layout of the CCSIDR_EL1 register that was
introduced in Armv8.3 when the CCIDX feature is advertised.  This
makes us properly detect the cache size on newer CPU cores like
Neoverse N2, at least when emulated by QEMU.

ok jsg@

9 months agoTypecast char argument to isxdigit() to unsigned char since isxdigit()
claudio [Mon, 18 Mar 2024 14:54:52 +0000 (14:54 +0000)]
Typecast char argument to isxdigit() to unsigned char since isxdigit()
only works that way correctly.
OK deraadt@

9 months agoDouble PEER_DESCR_LEN to 64 characters since 32 is a bit on the short side.
claudio [Mon, 18 Mar 2024 10:49:24 +0000 (10:49 +0000)]
Double PEER_DESCR_LEN to 64 characters since 32 is a bit on the short side.
OK sthen@, deraadt@, dlg@, tb@

9 months agoUse same markup for origin-set arguments as for roa-set. The maxlen argument
claudio [Mon, 18 Mar 2024 10:16:50 +0000 (10:16 +0000)]
Use same markup for origin-set arguments as for roa-set. The maxlen argument
is optional.
OK tb@

9 months agofix markup of _PATH_DEFPATH (Li -> Dv); ok jmc
op [Mon, 18 Mar 2024 08:50:54 +0000 (08:50 +0000)]
fix markup of _PATH_DEFPATH (Li -> Dv); ok jmc

9 months agoimprove the MDA documentation
op [Mon, 18 Mar 2024 08:48:50 +0000 (08:48 +0000)]
improve the MDA documentation

 - add a pointer to the section when documenting the `mda' keyword
 - rename the section to MDA COMMANDS
 - document also what happens when the MDA doesn't exit with status 0
 - add the missing environment variables
 - sort the variables
 - minor other tweaks to the text

with several improvements from jmc, ok jmc

9 months agoexpose per port information via kstats.
dlg [Mon, 18 Mar 2024 06:14:50 +0000 (06:14 +0000)]
expose per port information via kstats.

the most interesting information exposed here is the number of times
a port changes state according to the lacp state machine. if a port
is flapping, it's hard to see if you only look at the current state.
getting a count of changes over time makes problems a lot more
visible and therefore fixable.

this also exposes counters around how the lacp protocol packets.
all of these can be useful when trying to line up behaviors with
another system (eg, a switch).

ok jmatthew@

9 months agouse high bits from the mbuf flowid to pick a port to transmit on.
dlg [Mon, 18 Mar 2024 06:05:23 +0000 (06:05 +0000)]
use high bits from the mbuf flowid to pick a port to transmit on.

a port here is a physical interface used by an aggr.

this leaves the low bits for a physical interface to use to pick a
tx ring. without this, aggr used low bits for port selection, which
takes bits away from the ring selection, which can lead to uneven
distribution of packets over tx rings.

ive been running this in production for well over a year now.

9 months agoDo UNP_CONNECTING and UNP_BINDING flags check in uipc_listen() and
mvs [Sun, 17 Mar 2024 19:47:08 +0000 (19:47 +0000)]
Do UNP_CONNECTING and UNP_BINDING flags check in uipc_listen() and
return EINVAL if set. This prevents concurrent solisten() thread to make
this socket listening while socket is unlocked.

Reported-by: syzbot+4acfcd73d15382a3e7cf@syzkaller.appspotmail.com
ok mpi

9 months agoThe feature is called SSBS instead of SBSS.
kettenis [Sun, 17 Mar 2024 13:05:40 +0000 (13:05 +0000)]
The feature is called SSBS instead of SBSS.

9 months agoAnnotate RSA-PSS SHA parameter encoding as wrong
tb [Sun, 17 Mar 2024 07:10:00 +0000 (07:10 +0000)]
Annotate RSA-PSS SHA parameter encoding as wrong

A historic blunderfest in the ASN.1 module for RSA-PSS led to very
confusing text in various RFCs. davidben and my current reading of
this is that parameters for SHA-* should be encoded as an ASN.1 NULL
rather than omitted. The use of X509_ALGOR_set_evp_md() leads to them
being omitted, and is therefore counter to the specification (but
allowed. We should fix this. For now, leave a reminder.

See https://boringssl-review.googlesource.com/c/boringssl/+/67088
for a lot more details.

ok davidben

9 months agoUse VERW to mitigate the RFDS (Register File Data Sampling) vulnerability
guenther [Sun, 17 Mar 2024 05:49:41 +0000 (05:49 +0000)]
Use VERW to mitigate the RFDS (Register File Data Sampling) vulnerability
present in Intel Atom CPUs, reordering some ASM in return-to-userspace and
start/resume-vmx-guest to reduce the number of kernel values still live in
registers when VERW is used.  This mitigation requires updated firmware which
has affected CPUs report RFDS_CLEAR in dmesg.

Firmware packaging by jsg@ and sthen@
Logic for interpreting intel's flags by jsg@ after lots of discussion
   between him, deraadt@, and I
ok deraadt@

9 months agoRemove unused enum rsc_resourceblock_tag
tb [Sun, 17 Mar 2024 01:44:59 +0000 (01:44 +0000)]
Remove unused enum rsc_resourceblock_tag

This was used in rsc.c prior to the switch to ASN.1 templates.

ok job

9 months agoSome PHYs need board-specific initializations, e.g. to correctly configure
patrick [Sun, 17 Mar 2024 00:06:43 +0000 (00:06 +0000)]
Some PHYs need board-specific initializations, e.g. to correctly configure
LED settings, which might be stored in the marvell,reg-init property.  With
these applied, the LEDs on the SolidRun ClearFog CN9130 Base work correctly.

ok kettenis@

9 months agoRemove ugly parens and thereby fix KNF
tb [Sat, 16 Mar 2024 21:42:20 +0000 (21:42 +0000)]
Remove ugly parens and thereby fix KNF

9 months agoSet the HCR_API and HCR_APK bits in the HCR_EL2 when CPUs boot in EL2.
kettenis [Sat, 16 Mar 2024 20:46:28 +0000 (20:46 +0000)]
Set the HCR_API and HCR_APK bits in the HCR_EL2 when CPUs boot in EL2.
Otherwise using PAC instructions in EL1 will trigger a trap into EL2
that we don't handle.

ok jsg@, deraadt@

9 months agoFix signed integer overflow in bnrand()
tb [Sat, 16 Mar 2024 20:42:33 +0000 (20:42 +0000)]
Fix signed integer overflow in bnrand()

If more bits than INT_MAX - 7 are requested, the calculation of number
of bytes required to store the bignum triggers undefined behavior due to
signed integer overflow. This will typically result in bytes becoming
negative which will then make malloc() fail. If the ulimit should be
high enough to make malloc() succeed, there is a bad out of bounds write
in case bottom is set (an odd number was requested).

On jsing's request this does not deal with another bug which we could
catch with a similar check due to BN_bn2bin() failing later on as the
number of words in a BIGNUM is some fraction of INT_MAX.

ok jsing

9 months agobtrace(8): cache ELF symbols in sorted array
cheloha [Sat, 16 Mar 2024 17:42:37 +0000 (17:42 +0000)]
btrace(8): cache ELF symbols in sorted array

Currently, every kelf_snprintsym() call performs a linear search
through the .symtab for a symbol matching the given PC.  The search is
expensive and seems to be a major source of dropped profiling events.

Storing all STT_FUNC .symtab entries and their names in a sorted array
cuts search time from O(n) to O(lg n).  In practice, the faster
lookups seem to dramatically reduce the profiling drop rate.

With tweaks from mpi@.

Thread: https://marc.info/?l=openbsd-tech&m=170830125132105&w=2

ok mpi@

9 months agorecognise Cortex-A520AE (Hayes AE), Cortex-A720AE (Hunter AE)
jsg [Sat, 16 Mar 2024 09:15:04 +0000 (09:15 +0000)]
recognise Cortex-A520AE (Hayes AE), Cortex-A720AE (Hunter AE)

9 months agoadd -S to usage();
jmc [Sat, 16 Mar 2024 06:29:36 +0000 (06:29 +0000)]
add -S to usage();

9 months agoMove RPKI Trust Anchor constraints from etc set to base
job [Sat, 16 Mar 2024 05:18:01 +0000 (05:18 +0000)]
Move RPKI Trust Anchor constraints from etc set to base

The cadence of updates being applied to the RPKI Trust Anchor constraints
seems sufficiently low, while the required understanding of context to make
educated decisions quite high, so centralized coordination of updates through
tech@openbsd.org is more appropriate.

requested by & OK deraadt@, OK tb@

9 months agowhois: trim output after ">>> Last update of WHOIS database:"
millert [Sat, 16 Mar 2024 02:00:31 +0000 (02:00 +0000)]
whois: trim output after ">>> Last update of WHOIS database:"
Currently, whois(1) displays the full output it receives from the
server.  With this change, any text after a line starting with ">>>
Last update of WHOIS database:" is dropped.  This trims a lot of
useless text that would otherwise cause the data you care about to
scroll off the screen.  From FreeBSD.  OK deraadt@

9 months agoadd some initial documentation regarding MDAs
op [Fri, 15 Mar 2024 21:56:22 +0000 (21:56 +0000)]
add some initial documentation regarding MDAs

this adds some initial commentary for how MDAs should behave and
in what environment they are executed.

diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de) with
some tweaks from Richard Toohey and me.

ok gilles@

9 months agoset ORIGINAL_RECIPIENT in the environment of mda scripts
op [Fri, 15 Mar 2024 21:52:20 +0000 (21:52 +0000)]
set ORIGINAL_RECIPIENT in the environment of mda scripts

mostly for compatibility with postfix since some mdas (like
public-inbox) make use of it.

diff from Philipp (philipp+openbsd [at] bureaucracy [dot] de)
ok gilles@

9 months agozlib: sync with src
tb [Fri, 15 Mar 2024 21:32:54 +0000 (21:32 +0000)]
zlib: sync with src

9 months agozlib: sync with upstream
tb [Fri, 15 Mar 2024 21:32:21 +0000 (21:32 +0000)]
zlib: sync with upstream

More Windows #ifdef shuffling. Only one change relevant for OpenBSD:
Make deflateBound() more conservative and handle Z_STREAM_END.

9 months agoIgnore ADDBA requests if we are not ready to receive data frames.
stsp [Fri, 15 Mar 2024 17:45:36 +0000 (17:45 +0000)]
Ignore ADDBA requests if we are not ready to receive data frames.

This prevents potential firmware errors in Intel wifi drivers when APs
send an ADDBA request before the driver's state machine has settled
into RUN state.
The driver's addba task would race the driver's newstate task, and the
hardware would see an incorrect sequence of commands.

Ignoring an early ADDBA request is harmless. The AP will retry later.

Reported by zxystd from the OpenIntelWireless project, thanks!

ok phessler@

9 months agoBackout "Move code into new stop_watchdog()"
kn [Fri, 15 Mar 2024 17:31:21 +0000 (17:31 +0000)]
Backout "Move code into new stop_watchdog()"

An upgrade stalled on me, either my testing was flawed or my diff is...
Having stop_watchdog() is fine, but calling it in a different place has
is apparently too subtle for me to get right.

9 months agoMove code into new stop_watchdog()
kn [Fri, 15 Mar 2024 16:29:32 +0000 (16:29 +0000)]
Move code into new stop_watchdog()

We have {reset,start}_watchdog() which are only used in unattended upgrade
code, but stopping the background timer is done inline for all upgrades,
incl. interactive ones.

Relocate it out of the very end of do_upgrade() right after its only caller
and limit it to unattended upgrades to match where/how the timer is started.

OK afresh1

9 months agoAccording to errata AC03_CPU_12, AmpereOne needs the loopy branches with a
kettenis [Fri, 15 Mar 2024 13:26:09 +0000 (13:26 +0000)]
According to errata AC03_CPU_12, AmpereOne needs the loopy branches with a
loop count of 11 to mitigate Spectre-BHB.  And it seems Cortex-A57 was
missed when Spectre-BHB mitigation support was added, so add it here as
well.

ok jsg@

9 months agowhitespace
tb [Fri, 15 Mar 2024 05:14:16 +0000 (05:14 +0000)]
whitespace

9 months agoLog which of the constraints files triggered a violation
job [Fri, 15 Mar 2024 03:38:59 +0000 (03:38 +0000)]
Log which of the constraints files triggered a violation

Requested by Ties de Kock (RIPE NCC)

OK tb@

9 months agoAdd missing Nm entries for OBJ_NAME_do_all*
tb [Thu, 14 Mar 2024 23:54:55 +0000 (23:54 +0000)]
Add missing Nm entries for OBJ_NAME_do_all*

9 months agoMark up X509_STORE_get1_objects()
tb [Thu, 14 Mar 2024 22:19:12 +0000 (22:19 +0000)]
Mark up X509_STORE_get1_objects()

9 months agoAdd back a .Pp
tb [Thu, 14 Mar 2024 22:09:40 +0000 (22:09 +0000)]
Add back a .Pp

9 months agoChange log and regress test for expat billion laughs attack.
bluhm [Thu, 14 Mar 2024 19:37:40 +0000 (19:37 +0000)]
Change log and regress test for expat billion laughs attack.

9 months agoCerry-pick fix for CVE-2024-28757 from libexpat.
bluhm [Thu, 14 Mar 2024 17:35:37 +0000 (17:35 +0000)]
Cerry-pick fix for CVE-2024-28757 from libexpat.

Detect billion laughs attack with isolated external parser.
github commit 1d50b80cf31de87750103656f6eb693746854aa8

OK deraadt@

9 months agoHook up the btcfi test.
kettenis [Thu, 14 Mar 2024 14:29:03 +0000 (14:29 +0000)]
Hook up the btcfi test.

9 months agoClarify how literal IPv6 addresses can be used in -J mode
job [Thu, 14 Mar 2024 06:23:14 +0000 (06:23 +0000)]
Clarify how literal IPv6 addresses can be used in -J mode

OK djm@

9 months agoRevert "btrace(8): cache ELF .symtab, .strtab entries in sorted array"
cheloha [Thu, 14 Mar 2024 00:54:54 +0000 (00:54 +0000)]
Revert "btrace(8): cache ELF .symtab, .strtab entries in sorted array"

"No it's not okay." mpi@

9 months agoExpose BTI support to userland.
kettenis [Wed, 13 Mar 2024 14:57:08 +0000 (14:57 +0000)]
Expose BTI support to userland.

ok deraadt@

9 months agoenable POOL_DEBUG after 7.5 release
bluhm [Wed, 13 Mar 2024 14:43:31 +0000 (14:43 +0000)]
enable POOL_DEBUG after 7.5 release
OK deraadt@

9 months agoFix potential NULL pointer dereference in dt(4).
bluhm [Wed, 13 Mar 2024 13:13:57 +0000 (13:13 +0000)]
Fix potential NULL pointer dereference in dt(4).

When initializing the profiling probes, check if we sucessfully
allocated the probe, before registering it.  This avoids a NULL
pointer dereference when probe allocation has failed.

from Christian Ludwig

9 months agoMake the attach-session description clearer - do not mention creating a
nicm [Wed, 13 Mar 2024 11:25:50 +0000 (11:25 +0000)]
Make the attach-session description clearer - do not mention creating a
client which is not important, explicitly say the session must exist,
and mention new-session and new-session -A. Prompted by Theo.

9 months agoAdd endbr64/bti instruction at the start of the gadget, otherwise we'll
kettenis [Wed, 13 Mar 2024 11:18:42 +0000 (11:18 +0000)]
Add endbr64/bti instruction at the start of the gadget, otherwise we'll
get a SIGILL when the gadget gets call.  Fix the instruction that sets
the syscall number on arm64.

ok anton@, deraadt@

9 months agomail(1) is very sensitive to spacing in the header, and sometimes
deraadt [Wed, 13 Mar 2024 10:02:37 +0000 (10:02 +0000)]
mail(1) is very sensitive to spacing in the header, and sometimes
when we manually edit this file we forget that.
noticed by naddy

9 months agoAdd regress test showing that OpenBSD IPv6 fragment reassembly is
bluhm [Tue, 12 Mar 2024 21:31:29 +0000 (21:31 +0000)]
Add regress test showing that OpenBSD IPv6 fragment reassembly is
not affected by FreeBSD-SA-23:06.ipv6 security advisory.  Scapy
test frag6_oversize.py reassembles fragments of a packet too big
to fit.  Test frag6_unfragsize.py also plays games with ECN bits
and hop-by-hop extension header to check overflow protection.  ICMP6
parameter problem responses are expected.  As pf does not generate
such ICMP6 error packets, these tests are only run with frag6_input()
in the IPv6 stack.

9 months agobtrace(8): cache ELF .symtab, .strtab entries in sorted array
cheloha [Tue, 12 Mar 2024 17:22:24 +0000 (17:22 +0000)]
btrace(8): cache ELF .symtab, .strtab entries in sorted array

Currently, every kelf_snprintsym() call performs a linear search
through the .symtab for a matching symbol.  The search is very
costly and causes btrace(8) to drop a lot of profiling events.

Storing the STT_FUNC .symtab entries and their corresponding .strtab
entries in a sorted array cuts the lookup cost from O(n) to O(lg n).
Lower overhead reduces the drop rate for profiling events.

With tweaks from mpi@.

Thread: https://marc.info/?l=openbsd-tech&m=170830125132105&w=2

probably ok mpi@

9 months agoConfigure the signal on the CLKOUT pin of the YT8531 PHY when we're
kettenis [Tue, 12 Mar 2024 16:26:46 +0000 (16:26 +0000)]
Configure the signal on the CLKOUT pin of the YT8531 PHY when we're
instructed to do so by the device tree.

ok patrick@

9 months agoAdd regress for cross-origin HTTP redirection
job [Tue, 12 Mar 2024 16:03:56 +0000 (16:03 +0000)]
Add regress for cross-origin HTTP redirection

9 months agoEnforce same-origin policy for HTTP redirects
job [Tue, 12 Mar 2024 16:02:30 +0000 (16:02 +0000)]
Enforce same-origin policy for HTTP redirects

Isolate resources from different RRDP servers to avoid
inappropriately increasing resource consumption for both
RRDP clients and the referenced server.

OK claudio@ tb@

9 months agoFix the "fake" frame that we create alongside the trapframe. This fixes
kettenis [Tue, 12 Mar 2024 13:32:53 +0000 (13:32 +0000)]
Fix the "fake" frame that we create alongside the trapframe. This fixes
backtraces through trap franes.  Adjust the code that prints backtraces
in ddb as the old code now tries to access a userland address.

ok mpi@

9 months agodrm/amd/display: Add monitor patch for specific eDP
jsg [Tue, 12 Mar 2024 05:46:09 +0000 (05:46 +0000)]
drm/amd/display: Add monitor patch for specific eDP

From Ryan Lin
82dacc26e15cbac7f64a30ad4bc2c414f78eaa8f in linux-6.6.y/6.6.21
b7cdccc6a849568775f738b1e233f751a8fed013 in mainline linux

9 months agodrm/buddy: fix range bias
jsg [Tue, 12 Mar 2024 05:42:37 +0000 (05:42 +0000)]
drm/buddy: fix range bias

From Matthew Auld
5e476625fa8a36d7483ec3396a2bd124c2c02066 in linux-6.6.y/6.6.21
f41900e4a6ef019d64a70394b0e0c3bd048d4ec8 in mainline linux

9 months agoRevert "drm/amd/pm: resolve reboot exception for si oland"
jsg [Tue, 12 Mar 2024 05:40:37 +0000 (05:40 +0000)]
Revert "drm/amd/pm: resolve reboot exception for si oland"

From Alex Deucher
baac292852c0e347626fb5436916947188e5838f in linux-6.6.y/6.6.21
955558030954b9637b41c97b730f9b38c92ac488 in mainline linux

9 months agoCorrect handling of cpuid(0xd) subleaves, carefully hiding bits and
guenther [Tue, 12 Mar 2024 02:31:15 +0000 (02:31 +0000)]
Correct handling of cpuid(0xd) subleaves, carefully hiding bits and
sizes that the host does not intend to expose, but do expose xsaveopt
and xgetbv(1).

ok dv@

9 months agomoving on to 7.5-current
deraadt [Tue, 12 Mar 2024 01:20:30 +0000 (01:20 +0000)]
moving on to 7.5-current

9 months agoapply https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-1931.diff to
sthen [Mon, 11 Mar 2024 16:35:48 +0000 (16:35 +0000)]
apply https://nlnetlabs.nl/downloads/unbound/patch_CVE-2024-1931.diff to
unbound, fixing an indefinite loop that could be triggered by a client
against an unbound server where the (non-default) configuration "ede: yes"
is used.

https://nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt

ok florian@

9 months agoopenssh-9.7
djm [Mon, 11 Mar 2024 04:59:47 +0000 (04:59 +0000)]
openssh-9.7

9 months agoInvalidating the D-cache after disabling it turned out to be a bad idea
kettenis [Sun, 10 Mar 2024 15:37:54 +0000 (15:37 +0000)]
Invalidating the D-cache after disabling it turned out to be a bad idea
and broke Allwinner SoCs with Cortex-A7 cores.  So skip that and also
invalidate the I-cache before disabling it.  This seems to work better
on a wide range of boards.

ok deraadt@, jmatthew@

9 months agodisable POOL_DEBUG for release
jsg [Sun, 10 Mar 2024 13:25:10 +0000 (13:25 +0000)]
disable POOL_DEBUG for release
ok deraadt@

9 months agoEnsure that qwx(4) clears the OACTIVE flag when Tx rings have space again.
stsp [Sat, 9 Mar 2024 23:29:53 +0000 (23:29 +0000)]
Ensure that qwx(4) clears the OACTIVE flag when Tx rings have space again.

Issue found and fix tested by dv@

9 months agoavoid logging in signal handler by converting mainloop to ppoll()
djm [Sat, 9 Mar 2024 05:12:13 +0000 (05:12 +0000)]
avoid logging in signal handler by converting mainloop to ppoll()
bz3670, reported by Ben Hamilton; ok dtucker@

9 months agoskip more whitespace, fixes find-principals on allowed_signers
djm [Fri, 8 Mar 2024 22:16:32 +0000 (22:16 +0000)]
skip more whitespace, fixes find-principals on allowed_signers
files with blank lines; reported by Wiktor Kwapisiewicz

9 months agoMake sure copyoutstr() invoked with a length of zero returns ENAMETOOLONG.
miod [Fri, 8 Mar 2024 16:18:53 +0000 (16:18 +0000)]
Make sure copyoutstr() invoked with a length of zero returns ENAMETOOLONG.

This bug has been present in that file since the very beginning, more than
28 years ago.

9 months agoInvoke ProxyCommand that uses stderr redirection via $TEST_SHELL.
dtucker [Fri, 8 Mar 2024 11:34:10 +0000 (11:34 +0000)]
Invoke ProxyCommand that uses stderr redirection via $TEST_SHELL.
Fixes test when run by a user whose login shell is tcsh.  Found by
vinschen at redhat.com.

9 months agoDisable LRO in ix(4) on sparc64 by default
jan [Thu, 7 Mar 2024 17:09:02 +0000 (17:09 +0000)]
Disable LRO in ix(4) on sparc64 by default

As discussed on icb, we disables this here for a stable ix(4) in the 7.5
release to avoid buggy behavior.

ok claudio@, deraadt@

9 months agoIn _bus_dmamap_load_mbuf() ensure that for large mbuf m_len values
claudio [Thu, 7 Mar 2024 15:01:53 +0000 (15:01 +0000)]
In _bus_dmamap_load_mbuf() ensure that for large mbuf m_len values
the incr value is rounded to the page boundary. This can happen when
m_defrag() packs a TSO packet into one big mbuf cluster.

Also fix _bus_dmamap_load_uio() which has the same min(buflen, NBPG); logic.
bus_dmamap_load_uio() is unsued and will be removed after unlock.
OK miod@ bluhm@ kettenis@

9 months agoFix possible double free in error path of ixgbe_rxeof.
claudio [Thu, 7 Mar 2024 14:49:47 +0000 (14:49 +0000)]
Fix possible double free in error path of ixgbe_rxeof.

If fmp is not-NULL then the buf is part of the mbuf chain of fmp. So
only m_freem either fmp or buf but clear both values.

Also clear the M_PKTHDR flag if buf aka mp is not the first buffer in the
chain.

Double free found by bluhm@
OK bluhm@ jan@

9 months agoEnable dwxe(4)
kevlo [Thu, 7 Mar 2024 01:05:07 +0000 (01:05 +0000)]
Enable dwxe(4)

ok kettenis@, deraadt@

9 months agoSupport Allwinner D1's ethernet controller clocks and reset.
kevlo [Thu, 7 Mar 2024 01:04:16 +0000 (01:04 +0000)]
Support Allwinner D1's ethernet controller clocks and reset.

ok kettenis@, deraadt@

9 months agoCheck for the right flag to fix split-window -p, from Bryan Childs.
nicm [Wed, 6 Mar 2024 21:32:39 +0000 (21:32 +0000)]
Check for the right flag to fix split-window -p, from Bryan Childs.

9 months agoAdd SPI clocks for other 64-bit Rockchip SoCs.
kettenis [Wed, 6 Mar 2024 14:55:22 +0000 (14:55 +0000)]
Add SPI clocks for other 64-bit Rockchip SoCs.

ok jsg@, deraadt@

9 months agoClarify ownership in X509_STORE_add_lookup()
tb [Wed, 6 Mar 2024 10:07:47 +0000 (10:07 +0000)]
Clarify ownership in X509_STORE_add_lookup()

Whether an X509_LOOKUP with given method already exists or not, this API
returns an internal pointer that must not be freed.

9 months agoPOSIX defines inet_ntoa, not inet_aton.
bentley [Wed, 6 Mar 2024 07:29:37 +0000 (07:29 +0000)]
POSIX defines inet_ntoa, not inet_aton.

ok deraadt@ jmc@

9 months agoregen
jsg [Wed, 6 Mar 2024 07:01:53 +0000 (07:01 +0000)]
regen

9 months agoadd AMD Instinct MI300 device ids
jsg [Wed, 6 Mar 2024 07:01:24 +0000 (07:01 +0000)]
add AMD Instinct MI300 device ids

9 months agoadd missing Ev macro; from mail at lukasneukom ch
jmc [Wed, 6 Mar 2024 06:26:22 +0000 (06:26 +0000)]
add missing Ev macro; from mail at lukasneukom ch

9 months agofix memory leak in mux proxy mode when requesting forwarding.
djm [Wed, 6 Mar 2024 02:59:59 +0000 (02:59 +0000)]
fix memory leak in mux proxy mode when requesting forwarding.

found by RASU JSC, reported by Maks Mishin in GHPR#467

9 months agosync
tb [Wed, 6 Mar 2024 02:35:01 +0000 (02:35 +0000)]
sync

9 months agoRemove CRL method API documentation
tb [Wed, 6 Mar 2024 02:34:14 +0000 (02:34 +0000)]
Remove CRL method API documentation

9 months agowrap a few PKCS#11-specific bits in ENABLE_PKCS11
djm [Wed, 6 Mar 2024 00:31:04 +0000 (00:31 +0000)]
wrap a few PKCS#11-specific bits in ENABLE_PKCS11

9 months agomatch on Intel Meteor Lake U/H/U-Type4
jsg [Wed, 6 Mar 2024 00:11:25 +0000 (00:11 +0000)]
match on Intel Meteor Lake U/H/U-Type4
ok deraadt@ kettenis@

9 months agoregen
jsg [Wed, 6 Mar 2024 00:05:49 +0000 (00:05 +0000)]
regen

9 months agoadd Intel Meteor Lake U/H/U-Type4 ids
jsg [Wed, 6 Mar 2024 00:05:18 +0000 (00:05 +0000)]
add Intel Meteor Lake U/H/U-Type4 ids

from:
Intel Core Ultra Processor
Datasheet, Volume 1 of 2, Doc. No.: 792044, Rev.: 002

Mesa iris_pci_ids.h

ok deraadt@ kettenis@

9 months agolh_<type>_error() is no longer implemented as a macro
tb [Tue, 5 Mar 2024 22:15:29 +0000 (22:15 +0000)]
lh_<type>_error() is no longer implemented as a macro

9 months agoprune clang13 libLLVM; OK sthen
kn [Tue, 5 Mar 2024 19:47:58 +0000 (19:47 +0000)]
prune clang13 libLLVM;  OK sthen

9 months agoUgly workaround to let this compile again on non-clang platforms.
miod [Tue, 5 Mar 2024 19:27:47 +0000 (19:27 +0000)]
Ugly workaround to let this compile again on non-clang platforms.

9 months agoRemove GOST documentation
tb [Tue, 5 Mar 2024 19:21:31 +0000 (19:21 +0000)]
Remove GOST documentation

9 months agobackup disklabel for softraid(4) chunks
kn [Tue, 5 Mar 2024 18:54:29 +0000 (18:54 +0000)]
backup disklabel for softraid(4) chunks

Extend "Check for changes to the disklabels of mounted disks" to those that
host online softraid volumes, e.g installations with root inside CRYPTO sd0a
(and EFI System partition on sd0i).

That produces /var/backup/disklabel.sd0.current, previously missing in such
setups;  noticed after someone dd(1)ed miniroot onto sd0 by accident and had
no disklabel(8) backup to restore.

Feedback OK bluhm

9 months agoRevert m_defrag() mbuf alignment to IP header.
bluhm [Tue, 5 Mar 2024 18:52:41 +0000 (18:52 +0000)]
Revert m_defrag() mbuf alignment to IP header.

m_defrag() is intended as last resort to make DMA transfers to the
hardware.  Therefore page alingment is more important than IP header
alignment.  The reason, why the mbuf returned by m_defrag() was
switched to IP header alingment, was that ether_extract_headers()
failed in em(4) driver with TSO on sparc64.  This has been fixed
by using memcpy().

The alignment change in m_defrag() is too late in the 7.5 relaese
process.  It may affect several drivers on different architectures.
Bus dmamap for ixl(4) on sun4v expects page alignment.  Such alignment
issues and TSO mbuf mapping for IOMMU need more thought.

OK deraadt@

9 months agoTighten up BTCFI by flipping the bits that make PACIASP and PACIBSP
kettenis [Tue, 5 Mar 2024 18:42:20 +0000 (18:42 +0000)]
Tighten up BTCFI by flipping the bits that make PACIASP and PACIBSP
behave like BTI c instead of BTI jc.

ok deraadt@, tobhe@

9 months agosync
tb [Tue, 5 Mar 2024 18:31:13 +0000 (18:31 +0000)]
sync

9 months agoRemove ASN1_time_parse documentation
tb [Tue, 5 Mar 2024 18:30:40 +0000 (18:30 +0000)]
Remove ASN1_time_parse documentation

9 months agoConvert `t_lock', `r_keypair_lock' and `c_lock' rwlock(9)s to
mvs [Tue, 5 Mar 2024 17:48:01 +0000 (17:48 +0000)]
Convert `t_lock', `r_keypair_lock' and `c_lock' rwlock(9)s to
corresponding mutex(9)es.

ifq_start() and following wg_qstart() could be called from software
interrupt context if bandwidth control is enabled in pf.conf(5). Remove
sleep points provided by rwlock(9)s from wg(4) output start routine.

looks ok claudio

9 months agosync
tb [Tue, 5 Mar 2024 17:22:49 +0000 (17:22 +0000)]
sync