anton [Tue, 12 Oct 2021 05:42:39 +0000 (05:42 +0000)]
quote sudo and handle arguments
job [Mon, 11 Oct 2021 17:32:27 +0000 (17:32 +0000)]
Fold bgpsec cert & traditional certs into same test
job [Mon, 11 Oct 2021 16:55:18 +0000 (16:55 +0000)]
Improve BGpsec regress test
job [Mon, 11 Oct 2021 16:50:03 +0000 (16:50 +0000)]
Add support for BGPsec Router Certificates (RFC 8209)
BGPsec router keys are extracted from RPKI certificates and
emitted via the JSON output in base64 encoded form.
OK tb@ claudio@
claudio [Mon, 11 Oct 2021 16:06:36 +0000 (16:06 +0000)]
base64_encode() should not add any newlines into the output. Because
of this switch from EVP_EncodeUpdate() plus complexity to the much
simpler use of calling EVP_EncodeBlock() directly.
OK job@
deraadt [Mon, 11 Oct 2021 14:32:26 +0000 (14:32 +0000)]
does not need arpa/nameser.h
deraadt [Mon, 11 Oct 2021 14:28:26 +0000 (14:28 +0000)]
avoid arpa/nameser.h by improving the inet_pton/gethostbyaddr code to
use struct in6_addr + struct in_addr instead of a char buffer.
ok millert
nicm [Mon, 11 Oct 2021 13:27:50 +0000 (13:27 +0000)]
Make positions hidden by overlays range-based rather than character-based,
from Anindya Mukherjee.
nicm [Mon, 11 Oct 2021 10:55:30 +0000 (10:55 +0000)]
Add -e flag to set environment for popup, from Alexis Hildebrandt in
GitHub issue 2924.
stsp [Mon, 11 Oct 2021 09:39:29 +0000 (09:39 +0000)]
iwm(4) supports 40MHz channels now. Update man page CAVEATS accordingly.
stsp [Mon, 11 Oct 2021 09:03:22 +0000 (09:03 +0000)]
Add support for 802.11n 40MHz channels to the iwm(4) driver.
According to 11n MCS index tables our maximum data rate is now
300 Mbit/s at MCS 15, excluding protocol overhead. I have measured
up to 200Mbit/s of effective throughput on clean 5GHz channels.
The driver enables use of 40MHz channels automatically as long as the
access point announces support for such channels in its beacons.
In case 40MHz transmissions fail we ask firmware to retry with a
20MHz transmission.
There is no integration with ifconfig yet, so use of 40MHz is not yet
displayed there. In the meantime, tcpdump(8) can be used to check if
the current access point supports 40MHz:
tcpdump -n -i iwm0 -v -y IEEE802_11_RADIO -s 4096 type mgt and subtype beacon
Channel width is displayed in the HT operation information element, where
a 40MHz channels looks like this: htop=<40MHz chan X:Y ...>
Tested:
7260: florian, bcallah
7265: landry
8260: bket
8265: stsp, abieber, Matthias Schmidt, Josh Rickmar, empee on mastodon
9560: stsp
stsp [Mon, 11 Oct 2021 09:02:01 +0000 (09:02 +0000)]
Monitor 20/40 MHz channel width changes in beacons sent by our access point
and notify drivers when the channel width has changed.
stsp [Mon, 11 Oct 2021 09:01:05 +0000 (09:01 +0000)]
Add support for 40MHz channels to net80211 RA.
For the moment we use either the 40MHz rate set or the 20 MHz one,
depending on whether our peer supports 40MHz channels.
If this turns out to be suboptimal we could probe the 40MHz and 20MHz
rate sets separately to detect which one works better.
The same applies to use of the short guard interval (SGI), which is
either always on or off at the moment. Again, probing for this could
be added later if needed.
anton [Mon, 11 Oct 2021 05:46:42 +0000 (05:46 +0000)]
quote sudo and handle arguments
anton [Mon, 11 Oct 2021 05:46:14 +0000 (05:46 +0000)]
Invoke ${SUDO} before env(1) and not the other way around. Otherwise,
the OBJDIR environment variable will not necesarily be preserved.
anton [Mon, 11 Oct 2021 05:45:43 +0000 (05:45 +0000)]
Replace poor man's synchronization primitive (i.e. sleep) with a
wait-until-condition-is-true loop in the hopes of making these tests
less flaky.
ok benno@
job [Sun, 10 Oct 2021 22:04:33 +0000 (22:04 +0000)]
Remove unused variable
job [Sun, 10 Oct 2021 21:57:43 +0000 (21:57 +0000)]
Make style consistent and remove an unused code path
OK tb@
kettenis [Sun, 10 Oct 2021 21:54:50 +0000 (21:54 +0000)]
Don't advertise MSI support if we don't have an MSI interrupt controller.
ok patrick@
kettenis [Sun, 10 Oct 2021 16:23:17 +0000 (16:23 +0000)]
Only check whether we have an MSI interrupt controller when we try to
establish an MSI or MSI-X interrupt. Fixes establishing legacy INTx
interrupts on machines without a (usable) MSI interrupt controller.
ok patrick@
kettenis [Sun, 10 Oct 2021 16:20:37 +0000 (16:20 +0000)]
Apparently it is possible for firmware to indicate that SMCCC_VERSION is
implemented but have that call return NOT_SUPPORTED. Makes no sense,
but the SMCCC standard documents this and tells us to treat this as v1.0.
Change the code accordingly. Turn a few checks that should always be true
into KASSERTs to keep the control flow simple.
ok patrick@
cheloha [Sun, 10 Oct 2021 15:57:25 +0000 (15:57 +0000)]
head(1): validate all line count arguments
We need to validate all line count option arguments, not just the last
such argument found.
While here, switch to the default strtonum(3) error message format:
<argument-name> is <errstr>: <argument-string>
Thread: https://marc.info/?l=openbsd-tech&m=
163383023212104&w=2
ok millert@
krw [Sun, 10 Oct 2021 15:34:21 +0000 (15:34 +0000)]
No need to assign dl.d_nsectors to disk.dk_sectors twice.
Two statements on one line may have seemed clever but now it's
just confusing.
No functional change.
halex [Sat, 9 Oct 2021 21:38:00 +0000 (21:38 +0000)]
In ksh(1) emacs search-history mode, emitting a NUL character causes
invalid matches and unexpected behaviour.
Fix this by instead making a NUL character abort the search-history mode,
leaving the handling of said input to the "ordinary" command editing.
ok tb@
deraadt [Sat, 9 Oct 2021 18:43:49 +0000 (18:43 +0000)]
delete unneccessary arpa/nameser.h includes
ok millert
tobias [Sat, 9 Oct 2021 15:27:18 +0000 (15:27 +0000)]
Merge upstream bug fixes
- Switch http to https for upstream URL
- Fix buffer sizes and lesskey parser functions
- Fix integer overflow in bracket match function
- Fix prompt hiding feature (CTRL + P)
ok deraadt, millert
deraadt [Sat, 9 Oct 2021 14:47:02 +0000 (14:47 +0000)]
placing the same vnd underneath a vnd (with VNDIOCSET) is a lock violation,
but other circumstances are also bad, so let's block all vnd on top of vnd.
While here, fix some toctou multiple-copyin of the path, and restructure
the ioctl defer all softc updates to the end.
ok mpi
dtucker [Sat, 9 Oct 2021 10:52:42 +0000 (10:52 +0000)]
Document that CASignatureAlgorithms, ExposeAuthInfo and PubkeyAuthOptions
can be used in a Match block. Patch from eehakkin via github PR#277.
jmatthew [Sat, 9 Oct 2021 08:38:13 +0000 (08:38 +0000)]
No need to enable bus mastering, it's already done for us.
from Brad
deraadt [Sat, 9 Oct 2021 01:01:07 +0000 (01:01 +0000)]
grow media for additional firmwares
jmc [Fri, 8 Oct 2021 14:14:31 +0000 (14:14 +0000)]
remove extra .El;
jmc [Fri, 8 Oct 2021 14:12:58 +0000 (14:12 +0000)]
group the SO_PEERCRED text more logically and mark it read only;
diff from chohag jtan com
ok claudio
sdk [Fri, 8 Oct 2021 13:52:28 +0000 (13:52 +0000)]
Fix typo s/excepts/expects/
ok by solene@ and jmc@
diff sent by hagen@sdf.org, thanks
stsp [Fri, 8 Oct 2021 09:22:10 +0000 (09:22 +0000)]
Revert my previous commit to ieee80211_node.c (CVS commit Hne35XgzezGa9zmv).
Sending frames from ieee80211_node_join_bss() won't work as expected.
I missed that IEEE80211_SEND_MGMT() calls if_start() immediately after
queueing the management frame. This means the probe request is being
sent in a state where, while ic_bss represents our new AP, the driver
did not yet have a chance to move the device over to our new AP.
The auth request for the new AP is sent from ieee80211_newstate() which
runs after the driver has reconfigured the device. If want to send a
probe request to the new AP then we would need to send it at that point,
before the auth frame gets sent.
claudio [Fri, 8 Oct 2021 08:34:09 +0000 (08:34 +0000)]
curproc can't be NULL here. So simplify code accordingly.
OK mpi@
kn [Fri, 8 Oct 2021 06:37:39 +0000 (06:37 +0000)]
Add tags for command aliases
Make ":tnew" work, i.e. bring the reader to the definition of the full
"new-window" command aliased as "new" just like ":tnew-window" would.
OK nicm
anton [Thu, 7 Oct 2021 15:20:35 +0000 (15:20 +0000)]
honor objdir
jcs [Thu, 7 Oct 2021 14:47:32 +0000 (14:47 +0000)]
Print the name of the symbol that can't be resolved when using
LD_DEBUG
ok mpi, kn
robert [Thu, 7 Oct 2021 14:11:32 +0000 (14:11 +0000)]
remove quirks for ALC887 because they were only causing trouble on my
machine at least; let's see how others are; ok ratchov@
kettenis [Thu, 7 Oct 2021 13:34:20 +0000 (13:34 +0000)]
Use correct index variable.
pointed out by patrick@ (with the help of clang)
ok patrick@
visa [Thu, 7 Oct 2021 13:08:17 +0000 (13:08 +0000)]
Remove unused TLB routines.
job [Thu, 7 Oct 2021 12:59:29 +0000 (12:59 +0000)]
Make sure BGPsec router certs don't have a SIA
OK claudio@
visa [Thu, 7 Oct 2021 12:40:16 +0000 (12:40 +0000)]
Remove struct members that were used by the R4000 EoP workaround.
visa [Thu, 7 Oct 2021 12:32:10 +0000 (12:32 +0000)]
Use tabs instead of spaces.
visa [Thu, 7 Oct 2021 12:31:03 +0000 (12:31 +0000)]
Remove a stale comment.
stsp [Thu, 7 Oct 2021 12:26:09 +0000 (12:26 +0000)]
Send a probe request to our new AP when we are about to roam to it.
Tested by fkr on iwx ax200/ax201 and myself on iwm 8265.
Also tested by florian and bket as part of a larger diff.
ok mpi@
claudio [Thu, 7 Oct 2021 11:35:30 +0000 (11:35 +0000)]
Call normalize_dn() on the newly added namespace so that later compares
with normalized basedns work. Seems all other DN attributes in parse.y
pass through normalize_dn() so this seems to be the last one missing out.
With this configs using capitalized namespace DN like o=OpenBSD,c=CA
will actually work.
OK kn@ gsoares@
claudio [Thu, 7 Oct 2021 11:32:36 +0000 (11:32 +0000)]
Change host() error check to the more simple for of != 1.
Host() return 1 on success and 0 or -1 on failure.
OK kn@ gsoares@
job [Thu, 7 Oct 2021 11:18:54 +0000 (11:18 +0000)]
Clarify error message
OK benno@
claudio [Thu, 7 Oct 2021 10:34:39 +0000 (10:34 +0000)]
Replace the ugly openssl11 hack for the missing ASN1_time_parse() and
ASN1_time_tm_cmp() functions with another hack that is considerably
more horrible but also less intrusive.
mpi [Thu, 7 Oct 2021 08:51:00 +0000 (08:51 +0000)]
Remove the assertion that `curproc' must be SONPROC if found on the sleepqueue.
If `curproc' finds itself on the sleepqueue inside wakeup(9) it is obviously
being executed. Such wakeup(9) currently happens inside the critical section
of the SCHED_LOCK(), generally before cpu_switchto(). However `p_stat' is
changed many operations before cpu_switchto() and the KASSERT() isn't helpful
at catching real bugs.
One example of this is a call to rwsleep() that calls wakeup() via rw_exit()
before sleep_finish(), contented futex(2) triggers that a lot.
Another example are dt(4)'s scheduler TRACEPOINT() in setrunqueue() and
mi_switch().
Suggested by and ok kettenis@
claudio [Thu, 7 Oct 2021 08:36:17 +0000 (08:36 +0000)]
Rework X509 verification a bit. Remove the store and instead pass in
the chain for certificates via X509_STORE_CTX_set0_trusted_stack().
To make this work alter build_chains() to also return the root TA.
Factor out get_crl() from build_crls() and use it to fetch the crl
when validating roas. The crl now sets its expire time in struct crl
and this can be used to set the expire time of a ROA entry.
This simplifies proc_parser_roa() a fair bit and results in less calls
to mktime() (which is a surprisingly complex function).
OK tb@
claudio [Thu, 7 Oct 2021 08:30:39 +0000 (08:30 +0000)]
Add x509_get_expire() to extract the not-after time from a certificate
as a epoch time_t. Store the expire time for certs, crls will follow after.
OK tb@
claudio [Thu, 7 Oct 2021 08:28:45 +0000 (08:28 +0000)]
mktime() may not properly set errno on error. Just use errx() instead.
Noticed by benno@, OK tb@
claudio [Thu, 7 Oct 2021 08:21:22 +0000 (08:21 +0000)]
trapsignal() can be called without KERNEL_LOCK, adjust code accordingly.
OK mpi@
stsp [Thu, 7 Oct 2021 08:15:04 +0000 (08:15 +0000)]
Make our old BSSID available to iwm_newstate() when roaming.
ic_bss->ni_bssid has already been overwritten once we enter
iwm_newstate() to perform the state transitions necessary for
roaming to our new access point (RUN->AUTH->ASSOC->RUN).
We do however use the BSSID in commands sent to firmware.
Cache our BSSID in struct iwm_node such that firmware commands
keep using the old BSSID while we are still tearing things down.
Switch to the new BSSID only once we start back up in iwm_auth().
This should be consistent from the firmware's point of view.
ok mpi@
nicm [Thu, 7 Oct 2021 07:53:31 +0000 (07:53 +0000)]
Add a missing El, from Alexis Hildebrandt in GitHub issue 2918.
nicm [Thu, 7 Oct 2021 07:52:13 +0000 (07:52 +0000)]
Handle splitw -I correctly when used from an attached client, GitHub
issue 2917.
jsg [Thu, 7 Oct 2021 03:44:00 +0000 (03:44 +0000)]
drm/i915/request: fix early tracepoints
From Matthew Auld
d35d95e8b9da638d27bce9552262e0c486138343 in linux 5.10.y/5.10.71
c83ff0186401169eb27ce5057d820b7a863455c3 in mainline linux
jsg [Thu, 7 Oct 2021 03:42:00 +0000 (03:42 +0000)]
drm/amdgpu: correct initial cp_hqd_quantum for gfx9
From Hawking Zhang
9f382e1edf90ae03be43dbd4976c2a332cd7ce2d in linux 5.10.y/5.10.71
9f52c25f59b504a29dda42d83ac1e24d2af535d4 in mainline linux
jsg [Thu, 7 Oct 2021 03:39:35 +0000 (03:39 +0000)]
drm/amd/display: Pass PCI deviceid into DC
From Charlene Liu
c331fad63b6d527193ae8b7c056b2f10fef53c81 in linux 5.10.y/5.10.71
d942856865c733ff60450de9691af796ad71d7bc in mainline linux
bluhm [Wed, 6 Oct 2021 22:59:23 +0000 (22:59 +0000)]
This regress uses vnd devices to create a softraid volume. Raid levels
RAID 0, RAID 1, RAID 5, CRYPTO, CONCAT, RAID 1 + CRYPTO are created.
The volume disk is then mounted and stressed a little bit.
jeremy [Wed, 6 Oct 2021 21:14:39 +0000 (21:14 +0000)]
Remove Ruby 2.6 mentions
claudio [Wed, 6 Oct 2021 15:46:03 +0000 (15:46 +0000)]
Change sendsig() interface so that the MD code does not need to access
data from struct process anymore. This changes how siginfo and onstack
are accessed and make sendsig() more MP friendly.
With and OK semarie@ OK kettenis@
deraadt [Wed, 6 Oct 2021 14:49:08 +0000 (14:49 +0000)]
sync
espie [Wed, 6 Oct 2021 14:24:17 +0000 (14:24 +0000)]
we now pass that test
espie [Wed, 6 Oct 2021 14:23:50 +0000 (14:23 +0000)]
fix for the XXX-warning warning... have the test be a bit more specific
for the really bizarre case where we would end up having several update
paths.
stsp [Wed, 6 Oct 2021 13:36:47 +0000 (13:36 +0000)]
Allow AUTH->AUTH state transitions in the iwm(4) and iwx(4) drivers again.
AUTH->AUTH state transitions happen if the access point uses band-steering.
This was originally implemented to fix interop with some Aruba APs, and
was probably broken by my recent CVS commit XeKkqPoaUCklmgtC ("prevent
attempts to transition towards the same state").
ok mpi@
stsp [Wed, 6 Oct 2021 13:35:55 +0000 (13:35 +0000)]
Make sure iwm(4) uses the HT frame format only for data frames.
Non-data frames are not supposed to use HT.
This change is for code correctness and does not fix any known issue.
And it applies only if the Tx rate has been fixed for testing purposes
with a command such as 'ifconfig iwm0 media HT-MCS13 mode 11n'.
ok mpi@
visa [Wed, 6 Oct 2021 12:50:10 +0000 (12:50 +0000)]
Add openbsd,dma-constraint property to /chosen node on armv7
On the Zynq-7000, the DMA constraint has to be adjusted because many
bus masters are unable to access the lowest part of RAM.
OK patrick@ kettenis@
bluhm [Wed, 6 Oct 2021 12:43:14 +0000 (12:43 +0000)]
GCC 4.2.1 does not support nullptr, use traditional NULL.
Linker requires explicit libpthread.
nicm [Wed, 6 Oct 2021 10:33:12 +0000 (10:33 +0000)]
Do not reset cursor to default if it has never been changed, fixes
problem reported by naddy.
claudio [Wed, 6 Oct 2021 08:29:41 +0000 (08:29 +0000)]
X509_STORE_CTX_init() allows the store to be NULL on init. Add checks
for a NULL ctx->ctx in the lookup functions using X509_STORE_CTX.
This affects X509_STORE_get1_certs(), X509_STORE_get1_crls(),
X509_STORE_CTX_get1_issuer() and X509_STORE_get_by_subject().
With this X509_verify_cert() no longer crashes with a NULL store.
With and OK tb@
florian [Wed, 6 Oct 2021 06:14:08 +0000 (06:14 +0000)]
Remove autoconfprivacy deprecation warning.
OK deraadt
djm [Wed, 6 Oct 2021 03:35:13 +0000 (03:35 +0000)]
use libc SHA256 functions; make this work when compiled !WITH_OPENSSL
deraadt [Wed, 6 Oct 2021 00:42:46 +0000 (00:42 +0000)]
annotate sys/param.h uses as required, and pull in standard userland
.h files as required.... preparing for a potential future when sys/proc.h
might be more clean...
do not touch the MD .c files yet, the dragons remain full of fire
deraadt [Wed, 6 Oct 2021 00:40:39 +0000 (00:40 +0000)]
annotate all required sys/param.h uses with what they bring into scope,
and delete all others. use PATH_MAX and other standardized symbols instead
of prehistoric kernel-only names, create local MINIMUM/MAXIMUM macros where
required, and directly include standard userland .h files as required.
nicm [Tue, 5 Oct 2021 20:15:16 +0000 (20:15 +0000)]
Fix some warnings.
deraadt [Tue, 5 Oct 2021 18:33:01 +0000 (18:33 +0000)]
sync
deraadt [Tue, 5 Oct 2021 18:32:46 +0000 (18:32 +0000)]
wd(4) support
ok kettenis
deraadt [Tue, 5 Oct 2021 18:32:27 +0000 (18:32 +0000)]
cleanup conf.c, and bring in wd(4) support
ok kettenis
anton [Tue, 5 Oct 2021 17:42:05 +0000 (17:42 +0000)]
add missing sudo
anton [Tue, 5 Oct 2021 17:41:31 +0000 (17:41 +0000)]
add missing sudo
anton [Tue, 5 Oct 2021 17:41:03 +0000 (17:41 +0000)]
fix stderr redirect
anton [Tue, 5 Oct 2021 17:40:40 +0000 (17:40 +0000)]
add missing sudo
anton [Tue, 5 Oct 2021 17:40:08 +0000 (17:40 +0000)]
add missing sudo and handle arguments
nicm [Tue, 5 Oct 2021 17:23:13 +0000 (17:23 +0000)]
Set mouse_x and mouse_y on the status line, GitHub issue 2913.
mpi [Tue, 5 Oct 2021 15:37:21 +0000 (15:37 +0000)]
Unref/free amaps before grabbing the KERNEL_LOCK().
This is possible now that amaps & anons are protected by a per-map rwlock.
Tested by many as part of a bigger diff.
ok kettenis@
nicm [Tue, 5 Oct 2021 12:49:37 +0000 (12:49 +0000)]
Make send-keys without any arguments send the key it is bound to (if
any). GitHub issue 2904.
nicm [Tue, 5 Oct 2021 12:46:02 +0000 (12:46 +0000)]
Separate "very visible" flag from blinking flag, it should not affect
DECSCUSR. GitHub issue 2891.
nicm [Tue, 5 Oct 2021 12:45:02 +0000 (12:45 +0000)]
Do not try to use NULL time values.
bluhm [Tue, 5 Oct 2021 11:45:26 +0000 (11:45 +0000)]
Cleanup the error handling in ipsec ipip_output() and consistently
goto drop instead of return. An ENOBUFS should be EINVAL in IPv6
case. Also use combined packet and byte counter.
OK sthen@ dlg@
bluhm [Tue, 5 Oct 2021 11:34:34 +0000 (11:34 +0000)]
Move setting ipsec mtu into a function. The NULL and invalid check
in ipsec_common_ctlinput() is not necessary, the loop in ipsec_set_mtu()
does that anyway. udpencap_ctlinput() did not work for bundled SA,
this also needs the loop in ipsec_set_mtu().
OK sthen@
job [Tue, 5 Oct 2021 11:23:16 +0000 (11:23 +0000)]
Add BGPsec router certificate to rpki-client regress
job [Tue, 5 Oct 2021 11:20:46 +0000 (11:20 +0000)]
Add rudimentary support for BGPsec router certificates
OK claudio@
stsp [Tue, 5 Oct 2021 10:34:36 +0000 (10:34 +0000)]
Fix iwm(4) performance drop after roaming between APs in 11n mode.
Stop BA sessions directly in iwm_run_stop() and disable Tx agg queues
when leaving RUN state. Otherwise Tx agg queues do not work properly
after switching APs and Tx performance drops to about 2 Mbit/s with
excessive retries being reported to RA.
Tested:
7260: florian
8260: bket
8265: stsp
9260: florian
9560: stsp
claudio [Tue, 5 Oct 2021 08:38:19 +0000 (08:38 +0000)]
For now the signal returned in cursig() is only set in p_siglist.
Simplify the code and remove the now unused CLRSIG() macro.
OK mpi@
anton [Tue, 5 Oct 2021 08:08:58 +0000 (08:08 +0000)]
add missing sudo
claudio [Tue, 5 Oct 2021 07:22:21 +0000 (07:22 +0000)]
Remove some extra spaces
jmc [Tue, 5 Oct 2021 06:02:18 +0000 (06:02 +0000)]
tx aggregation is now supported; ok stsp