openbsd
16 months agouse refcnt API for multicast addresses, add tracepoint:refcnt:ethmulti probe
kn [Thu, 6 Jul 2023 19:46:53 +0000 (19:46 +0000)]
use refcnt API for multicast addresses, add tracepoint:refcnt:ethmulti probe

Replace hand-rolled reference counting with refcnt_init(9) and hook it up
with a new dt(4) probe.

OK mvs
Feedback OK bluhm

16 months agooops, an extra PT_ snuck in; spotted by guenther
deraadt [Thu, 6 Jul 2023 16:45:30 +0000 (16:45 +0000)]
oops, an extra PT_ snuck in; spotted by guenther

16 months agoConvert ecpk_print_explicit_parameters() to bn_printf()
tb [Thu, 6 Jul 2023 15:18:02 +0000 (15:18 +0000)]
Convert ecpk_print_explicit_parameters() to bn_printf()

This eliminates a few stupid dances the horrible ASN1_bn_print() API
required.

ok jsing

16 months agobn_print: remove unused bio, plug leak
tb [Thu, 6 Jul 2023 15:11:21 +0000 (15:11 +0000)]
bn_print: remove unused bio, plug leak

16 months agoAdd regress coverage for bn_printf
tb [Thu, 6 Jul 2023 15:08:54 +0000 (15:08 +0000)]
Add regress coverage for bn_printf

This must be one of the ugliest tests I've ever written, but I can't think
of a better way of doing it.

16 months agoAdd bn_printf(), a replacement for ASN1_bn_print()
tb [Thu, 6 Jul 2023 14:37:39 +0000 (14:37 +0000)]
Add bn_printf(), a replacement for ASN1_bn_print()

ASN1_bn_print() will be removed in an upcoming bump. This adds an internal
API that covers the same functionality but doesn't require that the caller
pass in a sufficiently large scratch space that ASN1_bn_print() may or may
not use. In addition, this takes a format string, which allows us to ditch
some extra dances.

ok jsing

16 months agoadd support for starting at a given timestamp/ISO8601 time
espie [Thu, 6 Jul 2023 10:57:03 +0000 (10:57 +0000)]
add support for starting at a given timestamp/ISO8601 time

16 months agoif panic() is meant, use panic()
jasper [Thu, 6 Jul 2023 10:53:11 +0000 (10:53 +0000)]
if panic() is meant, use panic()

ok mpi@

16 months agonew options (boilerplate progressmeter options)
espie [Thu, 6 Jul 2023 10:43:37 +0000 (10:43 +0000)]
new options (boilerplate progressmeter options)
and also the ability to specify a timestamp as a subset of ISO8601

16 months agoUse mtx_init() to initialize stack-based mutexes
visa [Thu, 6 Jul 2023 10:17:43 +0000 (10:17 +0000)]
Use mtx_init() to initialize stack-based mutexes

mtx_init() ensures the mutex' lock_object has static storage duration.
This makes it safe to re-enable WITNESS with stack-based mutexes.

OK bluhm@ miod@

16 months agoClear knotes when finishing wseventvar
visa [Thu, 6 Jul 2023 10:16:58 +0000 (10:16 +0000)]
Clear knotes when finishing wseventvar

When finishing a wseventvar in wsevent_fini(), clear the klist.
Otherwise knotes can be left dangling, which can crash the kernel.

In general, klist_invalidate() should happen after vdevgone() in order
to avoid a race with kevent registration. However, the current wscons
drivers clear the wsevent pointer (sc->sc_base.me_evp) before calling
wsevent_fini(). This prevents the drivers from registering new kevents.

Prompted by a report by Peter J. Philipp on bugs@

OK mvs@ miod@

16 months agoDocument PS_CHROOT, and upcoming PS_NOBTCFI flags
deraadt [Thu, 6 Jul 2023 10:07:09 +0000 (10:07 +0000)]
Document PS_CHROOT, and upcoming PS_NOBTCFI flags

16 months agodocument NOBTCFI similar to WXNEEDED
deraadt [Thu, 6 Jul 2023 10:02:23 +0000 (10:02 +0000)]
document NOBTCFI similar to WXNEEDED

16 months agouse symbolic name PF_X instead of 1, pointed out by kettenis
deraadt [Thu, 6 Jul 2023 10:01:15 +0000 (10:01 +0000)]
use symbolic name PF_X instead of 1, pointed out by kettenis

16 months agoteach the BFD tools how to handle NOBTCFI, quite similar to WXNEEDED
deraadt [Thu, 6 Jul 2023 09:52:37 +0000 (09:52 +0000)]
teach the BFD tools how to handle NOBTCFI, quite similar to WXNEEDED
ok kettenis

16 months agoUse correct variable to check for successful allocation.
patrick [Thu, 6 Jul 2023 09:40:36 +0000 (09:40 +0000)]
Use correct variable to check for successful allocation.

ok kettenis@

16 months agoConvert tcp_now() time counter to 64 bit.
bluhm [Thu, 6 Jul 2023 09:15:23 +0000 (09:15 +0000)]
Convert tcp_now() time counter to 64 bit.

After changing tcp now tick to milliseconds, 32 bits will wrap
around after 49 days of uptime.  That may be a problem in some
places of our stack.  Better use a 64 bit counter.

As timestamp option is 32 bit in TCP protocol, use the lower 32 bit
there.  There are casts to 32 bits that should behave correctly.

Start with random 63 bit offset to avoid uptime leakage.  2^63
milliseconds result in 2.9*10^8 years of possible uptime.

OK yasuoka@

16 months agosync
deraadt [Thu, 6 Jul 2023 08:48:03 +0000 (08:48 +0000)]
sync

16 months agoRegister a mapping of dwge interfaces to ofw nodes/phandles.
jmatthew [Thu, 6 Jul 2023 08:32:37 +0000 (08:32 +0000)]
Register a mapping of dwge interfaces to ofw nodes/phandles.

ok kettenis@

16 months agostart moving a few files to use v5.36;
espie [Thu, 6 Jul 2023 08:29:26 +0000 (08:29 +0000)]
start moving a few files to use v5.36;
(this went through a full bulk)

16 months agounifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo
beck [Thu, 6 Jul 2023 07:56:32 +0000 (07:56 +0000)]
unifdef the LIBRESSL_HAS_TLS1_3_[CLIENT|SERVER] goo

And remove the tendrils. This was useful for transition but we are now
well past this.

16 months agoremove during-development special cases for MNT_WXALLOWED and chrome and
deraadt [Thu, 6 Jul 2023 07:49:52 +0000 (07:49 +0000)]
remove during-development special cases for MNT_WXALLOWED and chrome and
IBT/BTI, because many more things are about to work correctly

16 months agosysctl(2) is now sysctl(3), in particular it does not access name[0] in
deraadt [Thu, 6 Jul 2023 07:47:04 +0000 (07:47 +0000)]
sysctl(2) is now sysctl(3), in particular it does not access name[0] in
userland.  This test should have been written with a signal handler to
be accurate..  Anyways, stop using syscall() to work around that
ok kettenis

16 months agosyscall(2) regress will eventually be pointless, and untestable also
deraadt [Thu, 6 Jul 2023 07:45:56 +0000 (07:45 +0000)]
syscall(2) regress will eventually be pointless, and untestable also
ok kettenis

16 months agomoving acpiioctl to a different file than acpiopen is not going to work
deraadt [Thu, 6 Jul 2023 06:58:07 +0000 (06:58 +0000)]
moving acpiioctl to a different file than acpiopen is not going to work
for ramdisks.  noticed by anton.
this must be reconsidered.

16 months agodefine OPENSSL_NO_DTLS1_1 since we no longer have that either.
beck [Thu, 6 Jul 2023 06:38:01 +0000 (06:38 +0000)]
define OPENSSL_NO_DTLS1_1 since we no longer have that either.

ok tb@

16 months agoAdd missing entry for gelf_update_ehdr in the list of functions that
jasper [Thu, 6 Jul 2023 06:25:49 +0000 (06:25 +0000)]
Add missing entry for gelf_update_ehdr in the list of functions that
update an existing header.

ok jmc@

16 months agoDefine the 'standard' OPENSSL_NO_BLAHBLAH's for no tls 1.0 or 1.1
beck [Thu, 6 Jul 2023 06:15:36 +0000 (06:15 +0000)]
Define the 'standard' OPENSSL_NO_BLAHBLAH's for no tls 1.0 or 1.1

We have no tls 1.0 or 1.1 or methods for them.

These "in theory" will make things that check the openssl #ifdef
soup for all the floating eyeballs make the correct decisions, or
if they do not they at least can not blame us.

ok tb@

16 months agobig update to pfsync to try and clean up locking in particular.
dlg [Thu, 6 Jul 2023 04:55:04 +0000 (04:55 +0000)]
big update to pfsync to try and clean up locking in particular.

moving pf forward has been a real struggle, and pfsync has been a
constant source of pain. we have been papering over the problems
for a while now, but it reached the point that it needed a fundamental
restructure, which is what this diff is.

the big headliner changes in this diff are:

- pfsync specific locks

this is the whole reason for this diff.

rather than rely on NET_LOCK or KERNEL_LOCK or whatever, pfsync now
has it's own locks to protect it's internal data structures. this
is important because pfsync runs a bunch of timeouts and tasks to
push pfsync packets out on the wire, or when it's handling requests
generated by incoming pfsync packets, both of which happen outside
pf itself running. having pfsync specific locks around pfsync data
structures makes the mutations of these data structures a lot more
explicit and auditable.

- partitioning

to enable future parallelisation of the network stack, this rewrite
includes support for pfsync to partition states into different "slices".
these slices run independently, ie, the states collected by one slice
are serialised into a separate packet to the states collected and
serialised by another slice.

states are mapped to pfsync slices based on the pf state hash, which
is the same hash that the rest of the network stack and multiq
hardware uses.

- no more pfsync called from netisr

pfsync used to be called from netisr to try and bundle packets, but now
that there's multiple pfsync slices this doesnt make sense. instead it
uses tasks in softnet tqs.

- improved bulk transfer handling

there's shiny new state machines around both the bulk transmit and
receive handling. pfsync used to do horrible things to carp demotion
counters, but now it is very predictable and returns the counters back
where they started.

- better tdb handling

the tdb handling was pretty hairy, but hrvoje has kicked this around
a lot with ipsec and sasyncd and we've found and fixed a bunch of
issues as a result of that testing.

- mpsafe pf state purges

this was committed previously, but because the locks pfsync relied on
weren't clear this just caused a ton of bugs. as part of this diff it's
now reliable, and moves a big chunk of work out from under KERNEL_LOCK,
which in turn improves the responsiveness and throughput of a firewall
even if you're not using pfsync.

there's a bunch of other little changes along the way, but the above are
the big ones.

hrvoje has done performance testing with this diff and notes a big
improvement when pfsync is not in use. performance when pfsync is
enabled is about the same, but im hoping the slices means we can scale
along with pf as it improves.

lots (months) of testing by me and hrvoje on pfsync boxes
tests and ok sashan@
deraadt@ says this is a good time to put it in

16 months agodrm/amd/display: Ensure vmin and vmax adjust for DCE
jsg [Thu, 6 Jul 2023 04:20:00 +0000 (04:20 +0000)]
drm/amd/display: Ensure vmin and vmax adjust for DCE

From Rodrigo Siqueira
c50065a3927932cd9baf3d5c94c91b58c31200d5 in linux-6.1.y/6.1.38
2820433be2a33beb44b13b367e155cf221f29610 in mainline linux

16 months agodrm/amdgpu: Validate VM ioctl flags.
jsg [Thu, 6 Jul 2023 04:18:04 +0000 (04:18 +0000)]
drm/amdgpu: Validate VM ioctl flags.

From Bas Nieuwenhuizen
9d0b2afadfd71e9bedd593358bd7ac4701e46477 in linux-6.1.y/6.1.38
a2b308044dcaca8d3e580959a4f867a1d5c37fac in mainline linux

16 months agodrm/amd/display: Do not update DRR while BW optimizations pending
jsg [Thu, 6 Jul 2023 04:16:28 +0000 (04:16 +0000)]
drm/amd/display: Do not update DRR while BW optimizations pending

From Aric Cyr
a905b0b318ad7d37c3041573454129923e0a0723 in linux-6.1.y/6.1.38
32953485c558cecf08f33fbfa251e80e44cef981 in mainline linux

16 months agodrm/amd/display: Remove optimization for VRR updates
jsg [Thu, 6 Jul 2023 04:13:52 +0000 (04:13 +0000)]
drm/amd/display: Remove optimization for VRR updates

From Alvin Lee
dd6d6f9d47aebf50713fb857f91402a1c6c3131c in linux-6.1.y/6.1.38
3442f4e0e55555d14b099c17382453fdfd2508d5 in mainline linux

16 months agoPerl tests expect executable permission on source files to match
bluhm [Wed, 5 Jul 2023 21:38:22 +0000 (21:38 +0000)]
Perl tests expect executable permission on source files to match
the Perl distribution.  Fix them in obj directory during test run.
This seems easier than to fiddle with permissions in CVS.

16 months agoHide symbols in asn1 and bio
beck [Wed, 5 Jul 2023 21:23:36 +0000 (21:23 +0000)]
Hide symbols in asn1 and bio

ok jsing@

16 months agoupstream hidden file #include_next workaround for MS C compilers
bcook [Wed, 5 Jul 2023 21:14:54 +0000 (21:14 +0000)]
upstream hidden file #include_next workaround for MS C compilers

ok beck@, tb@

16 months agodon't return in a void function
bcook [Wed, 5 Jul 2023 20:56:29 +0000 (20:56 +0000)]
don't return in a void function

ok tb@

16 months agoMerge bio.h patch from libressl-portable
tb [Wed, 5 Jul 2023 19:25:01 +0000 (19:25 +0000)]
Merge bio.h patch from libressl-portable

ok beck@

16 months agoMove acpiioctl to acpi_x86.c, it is only used up on i386 and amd64.
tobhe [Wed, 5 Jul 2023 18:51:55 +0000 (18:51 +0000)]
Move acpiioctl to acpi_x86.c, it is only used up on i386 and amd64.

ok kettenis@ deraadt@

16 months agoHandle fixed-link configuration in the device tree.
jmatthew [Wed, 5 Jul 2023 18:48:49 +0000 (18:48 +0000)]
Handle fixed-link configuration in the device tree.

If fixed-link is present, populate the interface baudrate, link status
(full duplex or half duplex) and media type, and then call the statch
handler to apply that config to the MAC.  If fixed-link is specified
then do not attach a phy.

Note that phy lookup and reset still occurs in case the device tree
still uses the deprecated snps,reset-gpio properties.

Based on if_dwqe_fdt.c v1.11 and dwqe.c v1.8.
Tested on a Banana Pi R1 (aka Lamobo R1), which has its dwge interface
connected directly to an ethernet switch.

ok kettenis@

16 months agoIt isn't portable to use stderr (or std{in,out}) in file-scope
guenther [Wed, 5 Jul 2023 18:45:14 +0000 (18:45 +0000)]
It isn't portable to use stderr (or std{in,out}) in file-scope
initializers as they are not required to be compile-time constants.
So, intialize these global variables at the top of main().

ok miod@ deraadt@ yasuoka@ millert@

16 months agoThe hypercall page populated with instructions by the hypervisor is not IBT
anton [Wed, 5 Jul 2023 18:23:10 +0000 (18:23 +0000)]
The hypercall page populated with instructions by the hypervisor is not IBT
compatible due to lack of endbr64. Replace the indirect call with a new
hv_hypercall_trampoline() routine which jumps to the hypercall page without any
indirection.

Allows me to boot OpenBSD using Hyper-V on Windows 11 again.

ok guenther@

16 months agoFix off-by-one in the MSI-X interrupt establish loop that always tried to
patrick [Wed, 5 Jul 2023 18:11:08 +0000 (18:11 +0000)]
Fix off-by-one in the MSI-X interrupt establish loop that always tried to
establish one more interrupt than would be needed for per-VQ IRQs. This
meant even though there were enough MSI-X vectors available this path could
fail, roll back previously established interrupts and switch to shared IRQs
as a fallback.

ok dv@

16 months agowhitespace
tb [Wed, 5 Jul 2023 17:36:19 +0000 (17:36 +0000)]
whitespace

16 months agoCorrect formatting
beck [Wed, 5 Jul 2023 17:32:51 +0000 (17:32 +0000)]
Correct formatting

ok jsing@

16 months agoAvoid undefined behavior in tlsexttest
tb [Wed, 5 Jul 2023 17:30:14 +0000 (17:30 +0000)]
Avoid undefined behavior in tlsexttest

An empty array cannot be initialized and it is an incomplete type, so the
sizeof() operator can't be applied to it. Therefore initialize it with a
zero byte and replace sizeof() use with lengths.

Slightly tweaked version of a patch by inoguchi in portable.
Discussed with bcook, beck, kettenis

16 months agoMop up last uses of ECDHerror() and ECDSAerror()
tb [Wed, 5 Jul 2023 17:10:10 +0000 (17:10 +0000)]
Mop up last uses of ECDHerror() and ECDSAerror()

ok jsing

16 months agoHide symbols in chacha
beck [Wed, 5 Jul 2023 16:17:19 +0000 (16:17 +0000)]
Hide symbols in chacha

ok jsing@

16 months agobackport the implementation of ranges::find{, _if, _if_not}
robert [Wed, 5 Jul 2023 15:34:52 +0000 (15:34 +0000)]
backport the implementation of ranges::find{, _if, _if_not}

this will be required by future chromium releases

From ee0f8c4010309a25c95115a9f727a02741e2de48 Mon Sep 17 00:00:00 2001
From: Nikolas Klauser <nikolasklauser@berlin.de>
Date: Sat, 12 Mar 2022 01:45:35 +0100
Subject: [PATCH] [libc++][ranges] Implement ranges::find{, _if, _if_not}

ok tb@

16 months agoMake softdep mounts a no-op
beck [Wed, 5 Jul 2023 15:13:28 +0000 (15:13 +0000)]
Make softdep mounts a no-op

Softdep is a significant impediment to progressing in the vfs layer
so we plan to get it out of the way. It is too clever for us to
continue maintaining as it is.

ok kettenis@ kn@ tobhe@ and most of the g2k23 room except bluhm@

16 months agoAdd iwm/iwx background scan task to the queue which it will be deleted from.
stsp [Wed, 5 Jul 2023 15:07:28 +0000 (15:07 +0000)]
Add iwm/iwx background scan task to the queue which it will be deleted from.

The corresponding task_add and task_del calls were operating on different
queues by mistake. Background scan tasks should now get cancelled properly
during driver state transitions.

ok mvs@

16 months agoOne more ECDSAerror goes.
tb [Wed, 5 Jul 2023 14:41:18 +0000 (14:41 +0000)]
One more ECDSAerror goes.

16 months agoECDHerror() and ECDSAerror will go away
tb [Wed, 5 Jul 2023 14:39:05 +0000 (14:39 +0000)]
ECDHerror() and ECDSAerror will go away

Move some trivial ones to ECerror().

discussed with jsing

16 months agoAdjust the public declaration of OpenSSLDie to use a portable
bcook [Wed, 5 Jul 2023 13:06:06 +0000 (13:06 +0000)]
Adjust the public declaration of OpenSSLDie to use a portable
method of indicating that the function does not return.

ok tb@

16 months agoDrop an incorrect part from a comment
tb [Wed, 5 Jul 2023 13:01:44 +0000 (13:01 +0000)]
Drop an incorrect part from a comment

16 months agoDrop kernel lock before panic to avoid WITNESS report during fault
kn [Wed, 5 Jul 2023 12:58:55 +0000 (12:58 +0000)]
Drop kernel lock before panic to avoid WITNESS report during fault

holding a spinlock, eg. malloc's malloc_mutex in "Data modified on freelist ..."
triggers "acquiring blockable sleep lock with spinlock or critical section held"
since kpageflttrap() grabs the kernel lock before fault() to serialise multiple
threds/faults avoid interleaved console text.

But fault() immediately sets the per-CPU panic string, so the kernel lock does
not really help here.

Use 'show panic' to recover from garbled console text if need be, as usual.
The i386 equivalent does not use the kernel lock, either.

OK bluhm kettenis

16 months agoMissing . in comment
tb [Wed, 5 Jul 2023 12:56:52 +0000 (12:56 +0000)]
Missing . in comment

16 months agoFix #includes
tb [Wed, 5 Jul 2023 12:54:46 +0000 (12:54 +0000)]
Fix #includes

16 months agoRemove local prototypes for public API (?!)
tb [Wed, 5 Jul 2023 12:51:11 +0000 (12:51 +0000)]
Remove local prototypes for public API (?!)

16 months agoImprove BN_bn2bin() error check for readability
tb [Wed, 5 Jul 2023 12:49:42 +0000 (12:49 +0000)]
Improve BN_bn2bin() error check for readability

16 months agoMerge ECDH code that will stay into ecdh.c
tb [Wed, 5 Jul 2023 12:31:14 +0000 (12:31 +0000)]
Merge ECDH code that will stay into ecdh.c

16 months agoMove ECDSA_size() to a more sensible place in this file
tb [Wed, 5 Jul 2023 12:27:36 +0000 (12:27 +0000)]
Move ECDSA_size() to a more sensible place in this file

16 months agoMerge ECDSA code that will stay into ecdsa.c
tb [Wed, 5 Jul 2023 12:18:21 +0000 (12:18 +0000)]
Merge ECDSA code that will stay into ecdsa.c

discussed with jsing

16 months agoDocument DIOCXEND in pf(4) manpage.
sashan [Wed, 5 Jul 2023 12:00:01 +0000 (12:00 +0000)]
Document DIOCXEND in pf(4) manpage.
With many improvements from jmc@ and kn@

OK jmc@, kn@ deraadt@

16 months agoRename ecs_local.h into ecdsa_local.h
tb [Wed, 5 Jul 2023 11:37:45 +0000 (11:37 +0000)]
Rename ecs_local.h into ecdsa_local.h

16 months agoMake variables in prototypes match function declarations
tb [Wed, 5 Jul 2023 11:28:50 +0000 (11:28 +0000)]
Make variables in prototypes match function declarations

16 months agoImplement support for the GPIOs on the JH7110. Makes it possible to reboot
kettenis [Wed, 5 Jul 2023 11:07:36 +0000 (11:07 +0000)]
Implement support for the GPIOs on the JH7110.  Makes it possible to reboot
the VisionFive 2 from OpenBSD.

ok jsing@

16 months agodrm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
jsg [Wed, 5 Jul 2023 10:41:57 +0000 (10:41 +0000)]
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl

From Min Li
1af1cd7be370b08694d8752c97325fe51fdab6aa in linux-6.1.y/6.1.36
982b173a6c6d9472730c3116051977e05d17c8c5 in mainline linux

16 months agodrm/amd/display: fix the system hang while disable PSR
jsg [Wed, 5 Jul 2023 10:40:14 +0000 (10:40 +0000)]
drm/amd/display: fix the system hang while disable PSR

From Tom Chung
9bcac453890bf2c0ab5a7cefb407c0a9d6cbc4cb in linux-6.1.y/6.1.36
ea2062dd1f0384ae1b136d333ee4ced15bedae38 in mainline linux

16 months agodrm/amd/display: Add wrapper to call planes and stream update
jsg [Wed, 5 Jul 2023 10:38:11 +0000 (10:38 +0000)]
drm/amd/display: Add wrapper to call planes and stream update

From Rodrigo Siqueira
e538342002cbe468224f71b7ae116586e55c1134 in linux-6.1.y/6.1.36
81f743a08f3b214638aa389e252ae5e6c3592e7c in mainline linux

16 months agodrm/amd/display: Use dc_update_planes_and_stream
jsg [Wed, 5 Jul 2023 10:36:28 +0000 (10:36 +0000)]
drm/amd/display: Use dc_update_planes_and_stream

From Rodrigo Siqueira
8d855bc67630fa2b17855d85de61b9cd4300e3ad in linux-6.1.y/6.1.36
f7511289821ffccc07579406d6ab520aa11049f5 in mainline linux

16 months agoThey may have fixed the cache coherency problems in the JH7110, but it is
kettenis [Wed, 5 Jul 2023 09:25:55 +0000 (09:25 +0000)]
They may have fixed the cache coherency problems in the JH7110, but it is
still criplled as the SD/MMC controllers only do 32-bit DMA.

ok jsing@

16 months agoDrop useless ossl_ prefixes
tb [Wed, 5 Jul 2023 08:39:40 +0000 (08:39 +0000)]
Drop useless ossl_ prefixes

discussed with jsing

16 months agoSuspend from suspend_taskq in apmioctl.
tobhe [Wed, 5 Jul 2023 08:26:56 +0000 (08:26 +0000)]
Suspend from suspend_taskq in apmioctl.

ok kettenis@

16 months agoremove unused armv7 max_processes global
jsg [Wed, 5 Jul 2023 08:15:34 +0000 (08:15 +0000)]
remove unused armv7 max_processes global
ok miod@

16 months agoSimplify and clarify the description of auto allocation.
krw [Wed, 5 Jul 2023 08:05:04 +0000 (08:05 +0000)]
Simplify and clarify the description of auto allocation.

Tweaks and ok jmc@

16 months agoRestore (R)esize functionality to sparc64 disklabel(8).
krw [Wed, 5 Jul 2023 07:28:10 +0000 (07:28 +0000)]
Restore (R)esize functionality to sparc64 disklabel(8).

Empty or FS_UNUSED partitions don't intrude into the OpenBSD area
of a disk and therefore should not disable partition resizing.

Encountered by claudio@

16 months agofw_update is in section 8 not 1
jsg [Wed, 5 Jul 2023 01:21:51 +0000 (01:21 +0000)]
fw_update is in section 8 not 1

16 months agoIntroduce SBL_WAIT and SBL_NOINTR sbwait() flags.
mvs [Tue, 4 Jul 2023 22:28:24 +0000 (22:28 +0000)]
Introduce SBL_WAIT and SBL_NOINTR sbwait() flags.

This refactoring is another step to make standalone socket buffers
locking. sblock() uses M_WAITOK and M_NOWAIT flags passed as the third
argument together with the SB_NOINTR flag on the `sb_flags' to control
sleep behaviour. To perform uninterruptible acquisition, SB_NOINTR flag
should be set before sblock() call. `sb_flags' modification requires to
hold solock() around sblock()/sbunlock() that makes standalone call
impossible.

Also `sb_flags' modifications outside sblock()/sbunlock() makes
uninterruptible acquisition code huge enough. This time only sorflush()
does this (and forgets to restore SB_NOINTR flag, so shutdown(SHUT_RDWR)
call permanently modifies socket locking behaviour) and this looks not
the big problem. But with the standalone socket buffer locking it will
be many such places, so this huge construction is unwanted.

Introduce new SBL_NOINTR flag passed as third sblock() argument. The
sblock() acquisition will be uninterruptible when existing SB_NOINTR
flag is set on `sb_flags' or SBL_NOINTR was passed.

The M_WAITOK and M_NOWAIT flags belongs to malloc(9). It has no M_NOINTR
flag and there is no reason to introduce it. So for consistency reasons
introduce new SBL_WAIT and use it together with SBL_NOINTR instead of
M_WAITOK and M_NOINTR respectively.

ok bluhm

16 months agofavor hw.ncpuonline; ok bluhm@
anton [Tue, 4 Jul 2023 19:01:46 +0000 (19:01 +0000)]
favor hw.ncpuonline; ok bluhm@

16 months agoamd64: cpu_info: rearrange members, keep ci_mds_tmp 32-byte aligned
cheloha [Tue, 4 Jul 2023 17:29:32 +0000 (17:29 +0000)]
amd64: cpu_info: rearrange members, keep ci_mds_tmp 32-byte aligned

ci_mds_tmp needs to be 32-byte aligned, otherwise we trip a CTASSERT
in amd64/cpu.c and break kernel compilation.  However, ci_mds_tmp's
32-byte alignment is at risk: the size of schedstate_percpu is about
to change.

Move ci_curproc and ci_schedstate up just after ci_mds_buf.  This puts
ci_mds_tmp at page offset 64 with no structs ahead of it in cpu_info.
With this arrangement it should remain 32-byte aligned without much
effort.

With input from guenther@.

ok guenther@

16 months agoAvoid outputting invalid signatures
tb [Tue, 4 Jul 2023 15:09:31 +0000 (15:09 +0000)]
Avoid outputting invalid signatures

The caller can provide an r which will be added to the ECDSA_SIG unchecked.
This can happen via ECDSA_{,do_}sign_ex() or ECDSA_sign_setup() or else via
a custom sign_sig() handler. Therefore add a check that it is in the bounds
required.

Since k was long thrown away, there's no way to check kinv, so it needs to
be trusted. Misdesigned APIs that will output garbage everywhere...

ok jsing

16 months agoClean up ECDSA verification
tb [Tue, 4 Jul 2023 14:59:32 +0000 (14:59 +0000)]
Clean up ECDSA verification

Use variable names that correspond more closely to the standard. Use an
additional variable for s^-1 for readability. Annotate the code with
the corresponding steps from FIPS 186-5.

ok jsing

16 months agoECDSA signing: annotate code with steps corresponding to FIPS 185-6.
tb [Tue, 4 Jul 2023 14:57:05 +0000 (14:57 +0000)]
ECDSA signing: annotate code with steps corresponding to FIPS 185-6.

ok jsing

16 months agouse local assignment to $ENV{TZ} like we do for signal handlers
espie [Tue, 4 Jul 2023 14:41:26 +0000 (14:41 +0000)]
use local assignment to $ENV{TZ} like we do for signal handlers

16 months agoInstead of waiting for the inbound item to show up in the interrupt
patrick [Tue, 4 Jul 2023 14:32:21 +0000 (14:32 +0000)]
Instead of waiting for the inbound item to show up in the interrupt
handler, allocate it ourselves.  The firmware doesn't seem to mind
that it's us doing the allocation.  This fixes a splassert, because
the code that retrieves the item reaches through the shared memory
driver, which acquires the hardware mutex, which in turn mallocs.

ok kettenis@

16 months agoThis diff limits the number of transactions/tickets
sashan [Tue, 4 Jul 2023 14:23:38 +0000 (14:23 +0000)]
This diff limits the number of transactions/tickets
pf_open_trans() can issue for each clone of /dev/pf
to 512. The pf_open_trans() is currently being used
by DIOCGETRULES ioctl(2). The limit avoids processes
to consume all kernel memory by asking DIOCGETRULES
for more tickets. If DIOCGETRULES hits the limit, then
the application will see EBUSY error.

This diff was fine tuned with feedback from cluadio@,
deraadt@ and kn@.

OK kn@

16 months agostop saying the format is "simple" there are so many annotations.
espie [Tue, 4 Jul 2023 14:08:30 +0000 (14:08 +0000)]
stop saying the format is "simple" there are so many annotations.
"straightforward" is a better description at this point.

16 months agoadd some more fluff to documentation
espie [Tue, 4 Jul 2023 14:03:16 +0000 (14:03 +0000)]
add some more fluff to documentation

16 months agoexplain why NO_TS_IN_PLIST exists
espie [Tue, 4 Jul 2023 14:00:18 +0000 (14:00 +0000)]
explain why NO_TS_IN_PLIST exists

16 months agofix some very minor syntactic nits
espie [Tue, 4 Jul 2023 13:58:01 +0000 (13:58 +0000)]
fix some very minor syntactic nits

16 months agoCheck for interface type ethernet before call ether_brport_isset()
jan [Tue, 4 Jul 2023 13:37:47 +0000 (13:37 +0000)]
Check for interface type ethernet before call ether_brport_isset()

Pointed out by bluhm.

ok bluhm@

16 months agoenable dwqe(4)
kettenis [Tue, 4 Jul 2023 13:04:08 +0000 (13:04 +0000)]
enable dwqe(4)

16 months agoAdd StarFive JH7110 support.
kettenis [Tue, 4 Jul 2023 12:58:42 +0000 (12:58 +0000)]
Add StarFive JH7110 support.
Based on an initial diff from jsing@

ok jsing@, patrick@

16 months agoHandle rx error.
kettenis [Tue, 4 Jul 2023 12:48:42 +0000 (12:48 +0000)]
Handle rx error.

ok jsing@, patrick@

16 months agoconsistenly name instruction defines
jasper [Tue, 4 Jul 2023 12:27:44 +0000 (12:27 +0000)]
consistenly name instruction defines

16 months agoUnbreak kprobes. Since LLVM emits endbr64 instructions for IBT, dt could no
jasper [Tue, 4 Jul 2023 12:20:10 +0000 (12:20 +0000)]
Unbreak kprobes. Since LLVM emits endbr64 instructions for IBT, dt could no
longer identify function boundaries and as such no kprobes were found anymore.
Adjust the parser accordingly.

ok mpi@

16 months agoThe recent change to DIOCGETRULE allows applications which
sashan [Tue, 4 Jul 2023 11:34:19 +0000 (11:34 +0000)]
The recent change to DIOCGETRULE allows applications which
periodically read rules from pf(4) to consume all kernel
memory. The bug has been discovered and root caused by florian@.
In this particular case it was snmpd(8) what ate all kernel
memory.

This commit introduces DIOCXEND to pf(4) so applications such
as snmpd(8) and systat(1) to close ticket/transaction when
they are done with fetching the rules. This change also
updates snmpd(8) and systat(1) to use newly introduced
DIOCXEND ioctl(2).

OK claudio@, deraadt@, kn@

16 months agoRun Perl tests from our regress tree. It needs a Perl obj directory
bluhm [Tue, 4 Jul 2023 11:27:13 +0000 (11:27 +0000)]
Run Perl tests from our regress tree.  It needs a Perl obj directory
with Makefile.  To create the test environment, use the
Makefile.bsd-wrapper in /usr/src/gnu/usr.bin/perl and build Perl
there if it does not exist.  This allows to test Perl easily and
in a consistent manner.  Do not link tests to regress tree due to
this reach around and the combination of build and test.

16 months agoremove prototypes for removed functions
jsg [Tue, 4 Jul 2023 11:14:00 +0000 (11:14 +0000)]
remove prototypes for removed functions