openbsd
18 months agoadd support for loading files from the EFI System Partition.
dlg [Tue, 18 Apr 2023 23:11:56 +0000 (23:11 +0000)]
add support for loading files from the EFI System Partition.

this means you can put a bsd.rd next to BOOTAA64.EFI and go "boot
esp0a:bsd.rd" (assuming bsd.rd is in the root of the boot partition).

cool! krw@
ok kettenis@ patrick@

18 months agoHoist identical privilege checks in in_ioctl*()
kn [Tue, 18 Apr 2023 22:20:16 +0000 (22:20 +0000)]
Hoist identical privilege checks in in_ioctl*()

All cases do the same check as first step, so merge it before the switch
and before grapping exclusive locks.

OK mvs

18 months agoRemove kernel lock from ifa_ifwithaddr() and ifa_ifwithdstaddr().
mvs [Tue, 18 Apr 2023 22:01:23 +0000 (22:01 +0000)]
Remove kernel lock from ifa_ifwithaddr() and ifa_ifwithdstaddr().
Netlock protects `if_list', `ifa_list' and returned `ifa' dereference,
so put netlock assertion within.

Please note, rtable_setsource() doesn't destroy data pointed by
`ar_source'. This is the `ifa_addr' data belongs to `ifa' and exclusive
netlock is required to destroy it. So the kernel lock is not required
within rt_setsource(). Take netlock by rt_setsource() caller to make
`ifa' dereference safe.

Suggestions and ok by bluhm@

18 months agoDocument `ifnetlist' locking.
mvs [Tue, 18 Apr 2023 22:00:19 +0000 (22:00 +0000)]
Document `ifnetlist' locking.

We use both kernel and net lock for protect `ifnetlist'. This means we
do modification with both locks held, but for read-only access only one
lock required. Some places doing `ifnetlist' foreach loop are protected
by kernel lock and context switch can't be introduced there. This is the
exception, so "XXXSMP:" comment added.

Proposed and ok by bluhm@

18 months agoMap MSI-X in addition to MSI and INTx on xhci(4). On Qemu apparently
patrick [Tue, 18 Apr 2023 21:22:00 +0000 (21:22 +0000)]
Map MSI-X in addition to MSI and INTx on xhci(4).  On Qemu apparently
the xHCI controller does not support MSIs, but does support MSI-X.  With
this diff running on Qemu/arm64 we switch over from shared INTx to device-
specific MSI-X interrupts.

Tested by and ok phessler@
ok dlg@

18 months agoSkip all tests that need internet connection unless they have it.
bluhm [Tue, 18 Apr 2023 19:41:50 +0000 (19:41 +0000)]
Skip all tests that need internet connection unless they have it.
Run reachability ping only once.  Fix clean files and always run
make obj.  Do not suppress messages from redirectchain test.

18 months agoUse NULL, not 0 for pointers and use an explicit comparison against NULL.
tb [Tue, 18 Apr 2023 18:29:32 +0000 (18:29 +0000)]
Use NULL, not 0 for pointers and use an explicit comparison against NULL.

18 months agoDefine net lock assertions for building kernel code in regress.
bluhm [Tue, 18 Apr 2023 16:57:44 +0000 (16:57 +0000)]
Define net lock assertions for building kernel code in regress.

18 months agoectest: Remove #if 1
tb [Tue, 18 Apr 2023 15:28:17 +0000 (15:28 +0000)]
ectest: Remove #if 1

18 months agoUnifdef OPENSSL_NO_EC_NISTP_64_GCC_128
tb [Tue, 18 Apr 2023 15:20:34 +0000 (15:20 +0000)]
Unifdef OPENSSL_NO_EC_NISTP_64_GCC_128

18 months agoRemove prototypes under OPENSSL_NO_EC_NISTP_64_GCC_128
tb [Tue, 18 Apr 2023 15:14:46 +0000 (15:14 +0000)]
Remove prototypes under OPENSSL_NO_EC_NISTP_64_GCC_128

The code was deleted a while back, the prototypes remained. We had
OPENSSL_NO_EC_NISTP_64_GCC_128 in opensslfeatures.h since forever.

discussed with jsing

18 months agoImplement a basic flowspec print function. It is not 100% compatible
claudio [Tue, 18 Apr 2023 14:11:54 +0000 (14:11 +0000)]
Implement a basic flowspec print function. It is not 100% compatible
with the parser but that is for a later time to fix.
OK tb@

18 months agoRewrite some ugly for loops
tb [Tue, 18 Apr 2023 13:31:14 +0000 (13:31 +0000)]
Rewrite some ugly for loops

This fixes a few KNF issues and ugly line wrapping by using a local
version of nitems(); fix two bsearch() on top.

ok claudio

18 months agoResolve namerefs in packages. Fixes legacy interrupts on machines that use
kettenis [Tue, 18 Apr 2023 12:39:32 +0000 (12:39 +0000)]
Resolve namerefs in packages.  Fixes legacy interrupts on machines that use
PNP0C0F PCI interrupt link devices.

ok patrick@

18 months agoImplement the parser bits to process flowspec rules. Heavily inspired by
claudio [Tue, 18 Apr 2023 12:11:27 +0000 (12:11 +0000)]
Implement the parser bits to process flowspec rules. Heavily inspired by
pfctl, in bgpd flowspec rules are written like pf rules (with a few
exceptions / extensions). As a result not all flowspec features are
available but that is OK.
OK tb@

18 months agoI somehow overlooked four more missing void...
tb [Tue, 18 Apr 2023 10:27:38 +0000 (10:27 +0000)]
I somehow overlooked four more missing void...

18 months agoRename 'art_root' structure member `source' to `ar_source' to be in
mvs [Tue, 18 Apr 2023 10:19:16 +0000 (10:19 +0000)]
Rename 'art_root' structure member `source' to `ar_source' to be in
accordance with all other 'art_root' structure members.

Proposed by bluhm@

ok bluhm@ kn@

18 months agoAdd another check to com probe
jsg [Tue, 18 Apr 2023 09:58:06 +0000 (09:58 +0000)]
Add another check to com probe

With this bentley@'s Steam Deck no longer attaches these:
com0 at isa0 port 0x3f8/8 irq 4: ns8250, no fifo
com1 at isa0 port 0x2f8/8 irq 3: ns8250, no fifo
com2 at isa0 port 0x3e8/8 irq 5: ns8250, no fifo

From Matthias Drochner in NetBSD rev 1.154
ok kettenis@

18 months agoIf rcode is SERVFAIL, there is no need to look at the packet.
florian [Tue, 18 Apr 2023 09:57:51 +0000 (09:57 +0000)]
If rcode is SERVFAIL, there is no need to look at the packet.

This pulls the check for rcode up, before we check if the answer
packet has sensible length. Since we are not touching the packet at
all, we don't care about the size and don't need to log if the size is
wrong from a DNS perspective.

With asr error reporting improved in the previous commit, this
probably gets rid of all "bad packet: too short" messages.

OK semarie

18 months agoImprove asr error handling.
florian [Tue, 18 Apr 2023 09:57:08 +0000 (09:57 +0000)]
Improve asr error handling.

When an upstream nameserver is not available asr is not synthesizing a
SERVFAIL rcode (duh), but sets ar_errno. When we need SERVFAIL further
down,we need to set the rcode ourselves.

While here, don't complain about a too short packet when asr already
told us that resolving did not work out in check_dns64_done.

OK semarie

18 months agoCall sysctl_dumpentry() with shared netlock. It performs read-only
mvs [Tue, 18 Apr 2023 09:56:54 +0000 (09:56 +0000)]
Call sysctl_dumpentry() with shared netlock. It performs read-only
access to netlock protected data. Please note, kernel lock is still
taken, as required by rtable_getsource() or BFD subsystem.

ok kn@ bluhm@

18 months agoCall sysctl_iflist() with shared netlock. It performs read-only access
mvs [Tue, 18 Apr 2023 09:55:34 +0000 (09:55 +0000)]
Call sysctl_iflist() with shared netlock. It performs read-only access
to netlock protected data.

ok kn@ bluhm@

18 months agoCall sysctl_ifnames() with shared netlock. It performs read-only access
mvs [Tue, 18 Apr 2023 09:54:53 +0000 (09:54 +0000)]
Call sysctl_ifnames() with shared netlock. It performs read-only access
to netlock protected data.

ok kn@ bluhm@

18 months agoMove x509.h inclusion into alphabetical order
tb [Tue, 18 Apr 2023 09:10:44 +0000 (09:10 +0000)]
Move x509.h inclusion into alphabetical order

18 months agochangelist: remove dhclient(8) files
semarie [Tue, 18 Apr 2023 08:50:37 +0000 (08:50 +0000)]
changelist: remove dhclient(8) files

as currently dhclient(8) is a (sort of) alias to "ifconfig inet autoconf", these
files aren't used anymore.

ok tb@

18 months agochangelist: add unbound-control files
semarie [Tue, 18 Apr 2023 08:48:17 +0000 (08:48 +0000)]
changelist: add unbound-control files

ok tb@

18 months agoBring includes into canonical order
tb [Tue, 18 Apr 2023 08:47:28 +0000 (08:47 +0000)]
Bring includes into canonical order

Requested by jsing

18 months agoSigh cvs... Also drop OPENSSL_NO_DEPRECATED from ec.h
tb [Tue, 18 Apr 2023 08:46:08 +0000 (08:46 +0000)]
Sigh cvs... Also drop OPENSSL_NO_DEPRECATED from ec.h

18 months agoSupport upstreamed AP806/CP110 bindings in mvtemp(4). Apparently older EDK2
patrick [Tue, 18 Apr 2023 08:35:02 +0000 (08:35 +0000)]
Support upstreamed AP806/CP110 bindings in mvtemp(4).  Apparently older EDK2
versions shipped bindings compatible with the Armada 380, but when the ARM64
SoCs were upstreamed from the vendor fork to Linux, those apparently were
adjusted.

With this diff mvtemp(4) now tries and use the parent as syscon regmap in case
the legacy binding cannot be used.  Furthermore this adds some initialization
as apparently the new EDK2 does less of that work during bootup.

Noticed by mbuhl@ who's running an updated EDK2 on the MACCHIATObin.
ok kettenis@

18 months agoMove some includes out of OPENSSL_NO_DEPRECATED
tb [Tue, 18 Apr 2023 08:33:43 +0000 (08:33 +0000)]
Move some includes out of OPENSSL_NO_DEPRECATED

Some headers were included conditionally on OPENSSL_NO_DEPRECATED in hopes
that eventually the mess of everything includes everything will magically
resolve itself. Of course everyone would end up building openssl with
OPENSSL_NO_DEPRECATED over time... Right.

Surprisingly, the ecosystem has come to rely on these implicit inclusions,
so about two dozen ports would fail to build because of this. Patching this
would be easy but really not worth the effort.

ok jsing

18 months agoectest: drop a broken #if 0 /* optional */ piece of code
tb [Tue, 18 Apr 2023 08:17:49 +0000 (08:17 +0000)]
ectest: drop a broken #if 0 /* optional */ piece of code

This places a point at infinity and then fails. Fix some wacky indentation
in the vicinity.

18 months agoec_point_conversion: drop test for sect571k1
tb [Tue, 18 Apr 2023 08:05:18 +0000 (08:05 +0000)]
ec_point_conversion: drop test for sect571k1

Maybe it should be replaced by another test, although P-256 seems enough.

18 months agoectest: drop some gross unused macros
tb [Tue, 18 Apr 2023 07:56:58 +0000 (07:56 +0000)]
ectest: drop some gross unused macros

18 months agoectest: unifdef OPENSSL_NO_EC2M
tb [Tue, 18 Apr 2023 07:54:42 +0000 (07:54 +0000)]
ectest: unifdef OPENSSL_NO_EC2M

18 months agoI reversed flowspec_cmp() so adjust the code here as well.
claudio [Tue, 18 Apr 2023 06:41:00 +0000 (06:41 +0000)]
I reversed flowspec_cmp() so adjust the code here as well.
Reminded by anton@

18 months agotweak a printf for an unhandled clock in rkclock_get_frequency.
dlg [Tue, 18 Apr 2023 05:28:41 +0000 (05:28 +0000)]
tweak a printf for an unhandled clock in rkclock_get_frequency.

this makes rkclock_get_frequency more like rkclock_set_frequency.

18 months agoadd the emmc clocks on rk3568 (and rk3566)
dlg [Tue, 18 Apr 2023 05:27:04 +0000 (05:27 +0000)]
add the emmc clocks on rk3568 (and rk3566)

18 months agoRemove unused variables FSDISKTYPE that point at non-existant
krw [Mon, 17 Apr 2023 22:28:51 +0000 (22:28 +0000)]
Remove unused variables FSDISKTYPE that point at non-existant
'install' disktab entries.

No functional change.

18 months agoSkip binary curves in ec_point_conversion
tb [Mon, 17 Apr 2023 21:00:35 +0000 (21:00 +0000)]
Skip binary curves in ec_point_conversion

18 months agoReverse the polarity of flowspec_cmp() so it works better with our
claudio [Mon, 17 Apr 2023 20:54:57 +0000 (20:54 +0000)]
Reverse the polarity of flowspec_cmp() so it works better with our
RB trees. Mainly RB_FOREACH() walks form RB_MIN to RB_MAX so the most
preferred entry should be at RB_MIN.
OK tb@

18 months agoSwitch all ec tests to using dynamic linking
tb [Mon, 17 Apr 2023 20:41:02 +0000 (20:41 +0000)]
Switch all ec tests to using dynamic linking

This only requires very minor changes and simplifies testing quite a bit.
Some of the changes can be undone after the next bump.

18 months agoSimplify Makefile
tb [Mon, 17 Apr 2023 20:36:08 +0000 (20:36 +0000)]
Simplify Makefile

18 months agoDrop GF2m tests
tb [Mon, 17 Apr 2023 19:56:39 +0000 (19:56 +0000)]
Drop GF2m tests

The code they test will go away soon.

18 months agoAllow overriding the bc implementation used in run-bc
tb [Mon, 17 Apr 2023 19:51:05 +0000 (19:51 +0000)]
Allow overriding the bc implementation used in run-bc

While base bc is great, it uses libcrypto's BIGNUM implementation.
This implies that the independent verification of the bn_test isn't
as independent as it should be.

With this commit, run-bc picks up bn-gh if it is installed. This appears
to work on amd64, arm64 and sparc64 (where gbc is busted). I will send
PRs to the regress maintainers once I will have tested this a bit more
thoroughly. Committing this early since I juggle way too many diffs
already.

18 months agoFix typo
tb [Mon, 17 Apr 2023 19:37:18 +0000 (19:37 +0000)]
Fix typo

18 months agoIgnore the user keys range when checking if a key is Unicode.
nicm [Mon, 17 Apr 2023 18:22:24 +0000 (18:22 +0000)]
Ignore the user keys range when checking if a key is Unicode.

18 months agoMake -mbranch-protection=bti the default on OpenBSD.
kettenis [Mon, 17 Apr 2023 18:10:26 +0000 (18:10 +0000)]
Make -mbranch-protection=bti the default on OpenBSD.

ok deraadt@

18 months agoIt seems silly to use progname for version, just always say tmux.
nicm [Mon, 17 Apr 2023 18:00:19 +0000 (18:00 +0000)]
It seems silly to use progname for version, just always say tmux.

18 months agoMake the check if printing is allowed the same as writing which is less
nicm [Mon, 17 Apr 2023 17:58:35 +0000 (17:58 +0000)]
Make the check if printing is allowed the same as writing which is less
confusing.

18 months agoDiscard mouse sequences that have the right form but actually are
nicm [Mon, 17 Apr 2023 17:57:35 +0000 (17:57 +0000)]
Discard mouse sequences that have the right form but actually are
invalid (for example have column zero rather than one).

18 months agoDrop two useless READMEs
tb [Mon, 17 Apr 2023 17:38:08 +0000 (17:38 +0000)]
Drop two useless READMEs

"go ahead" jsing

18 months agofix buffer overflow in displaymatch(); ok/tweak tb@
op [Mon, 17 Apr 2023 15:18:25 +0000 (15:18 +0000)]
fix buffer overflow in displaymatch(); ok/tweak tb@

18 months agoSkip sect* curve checks
tb [Mon, 17 Apr 2023 15:11:00 +0000 (15:11 +0000)]
Skip sect* curve checks

GF2m curves will go away soon. This reduces the pile of diffs in my jungle
a tiny little bit.

18 months agoIndent interface and disk listings
kn [Mon, 17 Apr 2023 13:59:16 +0000 (13:59 +0000)]
Indent interface and disk listings

'?' output to list available answers could better distuingish from questions
and other lines, like sets selection does with four leading spaces.

OK deraadt

18 months agoConvert all users of parse_number() to also process the next element
claudio [Mon, 17 Apr 2023 13:48:31 +0000 (13:48 +0000)]
Convert all users of parse_number() to also process the next element
like it was done for communities. Again a fair amount of token tables
disappear.
OK tb@

18 months agoc_zlib.c needs bio_local.h with -DZLIB.
tb [Mon, 17 Apr 2023 13:18:00 +0000 (13:18 +0000)]
c_zlib.c needs bio_local.h with -DZLIB.

Apparently nobody tried to compile libcrypto with ZLI since Jan 2022.
Maybe this means that we can unifdef -U ZLIB or maybe not...

18 months agoTweak indent and use named registers.
jsing [Mon, 17 Apr 2023 12:51:09 +0000 (12:51 +0000)]
Tweak indent and use named registers.

No functional change.

18 months agoIn parse_prefix and parse_addr only touch the addr if the functions is
claudio [Mon, 17 Apr 2023 12:48:38 +0000 (12:48 +0000)]
In parse_prefix and parse_addr only touch the addr if the functions is
successful. Do not clear it all the time since that breaks the ANYTOKEN
fallback since it resets the just set address on the next argument.
OK tb@

18 months agoHook sha3 up to build.
jsing [Mon, 17 Apr 2023 12:46:36 +0000 (12:46 +0000)]
Hook sha3 up to build.

ok tb@

18 months agoMove BN_bn2mpi()/BN_mpi2bn() into bn_convert.c
jsing [Mon, 17 Apr 2023 12:36:59 +0000 (12:36 +0000)]
Move BN_bn2mpi()/BN_mpi2bn() into bn_convert.c

18 months agoPassing argv as tripple indirect pointer to match_token() is just strange.
claudio [Mon, 17 Apr 2023 11:02:40 +0000 (11:02 +0000)]
Passing argv as tripple indirect pointer to match_token() is just strange.
Instead pass argc and argv as value and return the consumed number of
arguments in argsused (normally 1).
OK tb@

18 months agoRework how communities are parsed. Use tha fact that argv and argc are
claudio [Mon, 17 Apr 2023 10:23:32 +0000 (10:23 +0000)]
Rework how communities are parsed. Use tha fact that argv and argc are
available inside match_token() and peek and consume argv[1] and for
ext-communities also argv[2].
OK tb@

18 months agofix a few dobeep_msgs() calls: a space is already added between the arguments
op [Mon, 17 Apr 2023 10:11:30 +0000 (10:11 +0000)]
fix a few dobeep_msgs() calls: a space is already added between the arguments

ok tb@

18 months agoadd doindent() prototype at the start of the file; forgotten in previous
op [Mon, 17 Apr 2023 09:53:08 +0000 (09:53 +0000)]
add doindent() prototype at the start of the file; forgotten in previous

18 months agoresurrect mg' no-tab-mode
op [Mon, 17 Apr 2023 09:49:04 +0000 (09:49 +0000)]
resurrect mg' no-tab-mode

It's a mode that makes mg insert spaces up to the next tab stop upon
pressing TAB, along with the various tweaks needed in other places so
for e.g. auto-indent-mode also uses spaces.

This is not just an unifdef NOTAB: even under no-tab-mode mg should
consider literal TAB characters wide up to the next tab stop, while the
hidden code considered hard tabs to be just control character (i.e. ^I)
with width of two columns.  I'm also introducing the helper function
doindent() in utils.c to de-obfuscate the insertion of tabs/spaces until
the given column.

ok tb@

18 months agoUse C99 initializers for the default_pctx and mark it static const
tb [Mon, 17 Apr 2023 08:43:16 +0000 (08:43 +0000)]
Use C99 initializers for the default_pctx and mark it static const

18 months agoAdd basic flowspec regress test.
claudio [Mon, 17 Apr 2023 08:02:55 +0000 (08:02 +0000)]
Add basic flowspec regress test.

18 months agoImplement a basic API to work with flowspec NLRI.
claudio [Mon, 17 Apr 2023 08:02:21 +0000 (08:02 +0000)]
Implement a basic API to work with flowspec NLRI.

Flowspec is excessivly flexible and large so there is no way to convert
the flowspec data into a struct bgpd_addr and it is better to keep it in
wireformat and add a few functions to validate and extract information
from the NLRI encoding.
OK tb@

18 months agoAdd missing const qualifiers to the v3_* externs
tb [Mon, 17 Apr 2023 06:46:19 +0000 (06:46 +0000)]
Add missing const qualifiers to the v3_* externs

ok jsing

18 months agoFix whitespace in DHparam_print_fp()
tb [Mon, 17 Apr 2023 05:57:17 +0000 (05:57 +0000)]
Fix whitespace in DHparam_print_fp()

18 months agoRemove now unused dh_prn.c
tb [Mon, 17 Apr 2023 05:54:41 +0000 (05:54 +0000)]
Remove now unused dh_prn.c

18 months agoDrop dh_prn.c
tb [Mon, 17 Apr 2023 05:54:20 +0000 (05:54 +0000)]
Drop dh_prn.c

18 months agoMove DHparam_print_fp() next to DHparam_print()
tb [Mon, 17 Apr 2023 05:51:16 +0000 (05:51 +0000)]
Move DHparam_print_fp() next to DHparam_print()

As usual with the fp suffix, the former wraps the latter with a file BIO.
There is no reason for this function to be in a separate file.

18 months agoremove bad Pp;
jmc [Mon, 17 Apr 2023 05:45:06 +0000 (05:45 +0000)]
remove bad Pp;
(sorry, otto, for not spotting in the updated diff)

18 months agofix a macro and tweak punctuation;
jmc [Mon, 17 Apr 2023 05:43:12 +0000 (05:43 +0000)]
fix a macro and tweak punctuation;

18 months agodrm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()
jsg [Mon, 17 Apr 2023 05:38:17 +0000 (05:38 +0000)]
drm/i915: Split icl_color_commit_noarm() from skl_color_commit_noarm()

From Ville Syrjala
726825297dd6aaa2d91daf7c1c2fd030859cc6cb in linux-6.1.y/6.1.24
76b767d4d1cd052e455cf18e06929e8b2b70101d in mainline linux

18 months agodrm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR
jsg [Mon, 17 Apr 2023 05:35:37 +0000 (05:35 +0000)]
drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR

From Ville Syrjala
64244a900ddff4abd4c894dcfa9ea7df898ad1eb in linux-6.1.y/6.1.24
05ca98523481aa687c5a8dce8939fec539632153 in mainline linux

18 months agodrm/i915/dp_mst: Fix payload removal during output disabling
jsg [Mon, 17 Apr 2023 05:32:30 +0000 (05:32 +0000)]
drm/i915/dp_mst: Fix payload removal during output disabling

From Imre Deak
1297278ce23977853afeac7bfb65e42450a722dd in linux-6.1.y/6.1.24
eb50912ec931913e70640cecf75cb993fd26995f in mainline linux

18 months agodrm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()
jsg [Mon, 17 Apr 2023 05:29:45 +0000 (05:29 +0000)]
drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload()

From Imre Deak
0c64d72fd3f21ac9d0da186809394d9593090ce7 in linux-6.1.y/6.1.24
e761cc20946a0094df71cb31a565a6a0d03bd8be in mainline linux

18 months agodrm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset
jsg [Mon, 17 Apr 2023 05:21:13 +0000 (05:21 +0000)]
drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset

From Tim Huang
62de38c8201d853b130fc54ddbfab748180053e2 in linux-6.1.y/6.1.24
e11c775030c5585370fda43035204bb5fa23b139 in mainline linux

18 months agodrm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume
jsg [Mon, 17 Apr 2023 05:19:09 +0000 (05:19 +0000)]
drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume

From Alex Deucher
73ca74fc7ab6c1679c3b2720579c0c20b73a9764 in linux-6.1.y/6.1.24
2a7798ea7390fd78f191c9e9bf68f5581d3b4a02 in mainline linux

18 months agodrm/amd/display: Clear MST topology if it fails to resume
jsg [Mon, 17 Apr 2023 05:17:20 +0000 (05:17 +0000)]
drm/amd/display: Clear MST topology if it fails to resume

From Roman Li
245525543f48cd9eabd2964d8931043e9e3c31cf in linux-6.1.y/6.1.24
3f6752b4de41896c7f1609b1585db2080e8150d8 in mainline linux

18 months agodrm/i915: fix race condition UAF in i915_perf_add_config_ioctl
jsg [Mon, 17 Apr 2023 05:15:40 +0000 (05:15 +0000)]
drm/i915: fix race condition UAF in i915_perf_add_config_ioctl

From Min Li
240b1502708858b5e3f10b6dc5ca3f148a322fef in linux-6.1.y/6.1.24
dc30c011469165d57af9adac5baff7d767d20e5c in mainline linux

18 months agodrm/i915: Fix context runtime accounting
jsg [Mon, 17 Apr 2023 05:13:20 +0000 (05:13 +0000)]
drm/i915: Fix context runtime accounting

From Tvrtko Ursulin
4e29fb89f771316caed9e4d166213b10dd49eb2e in linux-6.1.y/6.1.24
dc3421560a67361442f33ec962fc6dd48895a0df in mainline linux

18 months agofix double word
jsg [Mon, 17 Apr 2023 04:46:04 +0000 (04:46 +0000)]
fix double word

18 months agoOops, ramdisk case should be -fcf-protection=none
deraadt [Mon, 17 Apr 2023 01:14:24 +0000 (01:14 +0000)]
Oops, ramdisk case should be -fcf-protection=none
spotted by brynet

18 months agoEnable Indirect Branch Tracking (IBT) for the kernel
jsg [Mon, 17 Apr 2023 00:42:04 +0000 (00:42 +0000)]
Enable Indirect Branch Tracking (IBT) for the kernel

endbr64 (f3 0f 1e fa) is placed at valid targets of an indirect jmp or
call.  A nop on older machines.  When IBT is enabled, an indirect jmp or
call with no endbr will trigger a control protection trap.

IBT is present on Intel Tiger Lake (Core gen 11) and later.

with and ok deraadt@

18 months agoFor future userland IBT, the sigcode needs to start with a endbr64.
deraadt [Mon, 17 Apr 2023 00:14:59 +0000 (00:14 +0000)]
For future userland IBT, the sigcode needs to start with a endbr64.
This is simpler than clearing the cet_u bits in the kernel.
ok guenther, kettenis

18 months agoThe bootblocks are 32-bit binaries which use the ENTRY() macros which now
deraadt [Mon, 17 Apr 2023 00:05:35 +0000 (00:05 +0000)]
The bootblocks are 32-bit binaries which use the ENTRY() macros which now
include endbr64 macros.  That's not going to work, so use the simple method
of -Dendbr64= to remove them from the instruction stream.
ok kettenis guenther

18 months agoIDTVEC_NOALIGN() was the incorrect way to create a label in two places,
deraadt [Mon, 17 Apr 2023 00:03:59 +0000 (00:03 +0000)]
IDTVEC_NOALIGN() was the incorrect way to create a label in two places,
use GENTRY() instead.  Also add two endbr64 which cannot be supplied by
macros
ok guenther

18 months agoAdd endbr64 instructions to most of the ENTRY() macros.
deraadt [Mon, 17 Apr 2023 00:02:14 +0000 (00:02 +0000)]
Add endbr64 instructions to most of the ENTRY() macros.
The IDTVEC() and KIDTVEC() macros also get a endbr64, and therefore we need
to change the way that vectors are aliased with a new IDTVEC_ALIAS() macro.
with guenther, jsg

18 months agocompile regular kernels with -fcf-protection=branch, and ramdisks with
deraadt [Sun, 16 Apr 2023 23:57:59 +0000 (23:57 +0000)]
compile regular kernels with -fcf-protection=branch, and ramdisks with
-fcf-protection=none, regardless of what the compiler default is.
-fcf-protection=branch puts endbr64 instructions on functions which could
be reached indirectly.
ok guenther kettenis

18 months agoFix previous: add a missing and
tb [Sun, 16 Apr 2023 23:19:28 +0000 (23:19 +0000)]
Fix previous: add a missing and

18 months agoclockintr: add shadow copy of running clock interrupt to clockintr_queue
cheloha [Sun, 16 Apr 2023 21:19:26 +0000 (21:19 +0000)]
clockintr: add shadow copy of running clock interrupt to clockintr_queue

cq_shadow is a private copy of the running clock interrupt passed to
cl_func() during the dispatch loop.  It resembles the real clockintr
object, though the two are distinct (hence "shadow").  A private copy
is useful for two reasons:

1. Scheduling operations performed on cq_shadow (advance, cancel,
   schedule) are recorded as requests with the CLST_SHADOW_PENDING
   flag and are normally performed on the real clockintr when cl_func()
   returns.  However, if an outside thread performs a scheduling
   operation on the real clockintr while cl_func() is running, the
   CLST_IGNORE_SHADOW flag is set and any scheduling operations
   requested by the running clock interrupt are ignored.

   The upshot of this arrangement is that outside scheduling operations
   have priority over those requested by the running clock interrupt.
   Because there is no race, periodic clock interrupts can now be safely
   stopped without employing the serialization mechanisms needed to safely
   stop periodic timeouts or tasks.

2. &cq->cq_shadow is a unique address, so most clockintr_* API calls
   made while cl_func() is running now don't need to enter/leave
   cq_mtx: the API can recognize when it is being called in the midst
   of clockintr_dispatch().

Tested by mlarkin@.  With input from dlg@.

In particular, dlg@ expressed some design concerns but then stopped
responding.  I have changes planned to address some of the concerns.
I think if we hit a wall with the current clockintr design we could
change the allocation scheme without too much suffering.  I don't
anticipate there being more than ~20 distinct clock interrupts.

18 months agoif (actually... when) the compiler is flipped to do BTI/ENDBR by default,
deraadt [Sun, 16 Apr 2023 19:57:01 +0000 (19:57 +0000)]
if (actually... when) the compiler is flipped to do BTI/ENDBR by default,
the install media would grow too much, so use the same strategy as we
for stack protector and other things: disable them, just on the install
media
ok kettenis

18 months agoDump (leak) info using utrace(2) and compile the code always in
otto [Sun, 16 Apr 2023 19:46:17 +0000 (19:46 +0000)]
Dump (leak) info using utrace(2) and compile the code always in
except for bootblocks. This way we have built-in leak detecction
always (if enable by malloc flags). See man pages for details.

18 months agoAdd a -u label option to print selected utrace records, used by upcoming
otto [Sun, 16 Apr 2023 19:42:40 +0000 (19:42 +0000)]
Add a -u label option to print selected utrace records, used by upcoming
malloc (leak) dump fucntion. ok semarie@

18 months agoGarbage collect the now unused obfuscating macro string_stack_free()
tb [Sun, 16 Apr 2023 19:16:32 +0000 (19:16 +0000)]
Garbage collect the now unused obfuscating macro string_stack_free()

18 months agoInline the three uses of string_stack_free()
tb [Sun, 16 Apr 2023 19:15:31 +0000 (19:15 +0000)]
Inline the three uses of string_stack_free()

sk_OPENSSL_STRING_pop_free() is much more explicit and isn't that much
more complicated. x509_util.c can also use it directly...

No binary change

18 months agoRemove the now unused vpm_int.h
tb [Sun, 16 Apr 2023 18:50:28 +0000 (18:50 +0000)]
Remove the now unused vpm_int.h