openbsd
2 years agoMake sure that only one roa softreconfig runner is run at any time.
claudio [Wed, 31 Aug 2022 11:25:36 +0000 (11:25 +0000)]
Make sure that only one roa softreconfig runner is run at any time.
If a run takes to long drop the current update and wait for the next update.
OK benno@

2 years agoRemove now unused and unreferenced disktab.h.
krw [Wed, 31 Aug 2022 11:04:41 +0000 (11:04 +0000)]
Remove now unused and unreferenced disktab.h.

2 years agoWhitespace fixes.
krw [Wed, 31 Aug 2022 10:46:33 +0000 (10:46 +0000)]
Whitespace fixes.

2 years agoSome missing return checks
tb [Wed, 31 Aug 2022 09:39:59 +0000 (09:39 +0000)]
Some missing return checks

2 years agoAvoid some buffer overflows in ecdsatest
tb [Wed, 31 Aug 2022 09:38:00 +0000 (09:38 +0000)]
Avoid some buffer overflows in ecdsatest

The ASN.1 encoding of the modified ECDSA signature can grow in size due to
padding of the ASN.1 integers. Instead of reusing the same signature buffer
freshly allocate it. Avoids some buffer overflows caught by ASAN.

2 years agoRevert previous. Committed the wrong version of the diff.
tb [Wed, 31 Aug 2022 09:36:46 +0000 (09:36 +0000)]
Revert previous. Committed the wrong version of the diff.

2 years agoAvoid some buffer overflows in ecdsatest
tb [Wed, 31 Aug 2022 09:33:39 +0000 (09:33 +0000)]
Avoid some buffer overflows in ecdsatest

The ASN.1 encoding of the modified ECDSA signature can grow in size due to
padding of the ASN.1 integers. Instead of reusing the same signature buffer
freshly allocate it. Avoids some buffer overflows caught by ASAN.

2 years agoIntroduce a function to trylock a page instead of duplicating the logic.
mpi [Wed, 31 Aug 2022 09:26:04 +0000 (09:26 +0000)]
Introduce a function to trylock a page instead of duplicating the logic.

Stolen from NetBSD.

ok jsg@

2 years agoRemove "force CHS" remnants. LBA uber alles.
krw [Wed, 31 Aug 2022 09:20:57 +0000 (09:20 +0000)]
Remove "force CHS" remnants. LBA uber alles.

Mildly sad noises from Nick.

ok miod@ mlarkin@

2 years agoRewrite the searchrange end calculation routine.
martijn [Wed, 31 Aug 2022 09:19:22 +0000 (09:19 +0000)]
Rewrite the searchrange end calculation routine.
The old one had a bug which allowed it to move backwards on overlapping
regions and also didn't always returned the optimal end position.

OK tb@

2 years agoLock vmobjlock then check u_flags & UVM_VNODE_VALID in uvn_attach
gnezdo [Wed, 31 Aug 2022 09:07:35 +0000 (09:07 +0000)]
Lock vmobjlock then check u_flags & UVM_VNODE_VALID in uvn_attach

This is a continuation of this commit:
"Always acquire the `vmobjlock' before incrementing an object's reference."

Unfortuantely this created a race found by syzkaller manifesting as:

panic: kernel diagnostic assertion "uvn->u_obj.uo_refs == 0" failed:
file "sys/uvm/uvm_vnode.c", line 234

ok mpi@

Reported-by: syzbot+dd2d2684ad2818c927da@syzkaller.appspotmail.com
2 years agoIf a partition both starts and ends beyond the end of the unit
krw [Wed, 31 Aug 2022 08:35:07 +0000 (08:35 +0000)]
If a partition both starts and ends beyond the end of the unit
only warn about the start.

ok millert@

2 years agoFix window size report, from Vincent Bernat.
nicm [Wed, 31 Aug 2022 08:07:05 +0000 (08:07 +0000)]
Fix window size report, from Vincent Bernat.

2 years agoSync the supported hardware list with armv7.html.
fcambus [Wed, 31 Aug 2022 07:25:45 +0000 (07:25 +0000)]
Sync the supported hardware list with armv7.html.

OK jsg@

2 years agoSwitch loop bounds from size_t to int in check_hosts()
tb [Wed, 31 Aug 2022 07:15:31 +0000 (07:15 +0000)]
Switch loop bounds from size_t to int in check_hosts()

sk_num() can return a negative value, in which case the upper bound is
SIZE_MAX, which results in a very long for loop.

CID 153997

ok jsing

2 years agoCheck return values in ssl_print_tmp_key()
tb [Wed, 31 Aug 2022 07:12:30 +0000 (07:12 +0000)]
Check return values in ssl_print_tmp_key()

Use EVP_PKEY_get0_EC_KEY() instead of the get1 version to avoid an
EVP_PKEY_free(). Check return values: if either EVP_PKEY_get0_EC_KEY()
or EC_KEY_get0_group() fail, a NULL dereference occurs.

CID 43289

ok jsing

2 years agoAvoid potential NULL dereference in ssl_set_pkey()
tb [Wed, 31 Aug 2022 06:51:36 +0000 (06:51 +0000)]
Avoid potential NULL dereference in ssl_set_pkey()

Switch from X509_get_pubkey() to X509_get0_pubkey() to avoid an unnecessary
EVP_PKEY_free(). Check the return values of X509_get0_pubkey() and
EVP_PKEY_copy_parameters(). If the former returns NULL, the latter will
dereference NULL.

CID 25020

ok jsing

2 years agobackport Xr fix
jsg [Wed, 31 Aug 2022 06:23:06 +0000 (06:23 +0000)]
backport Xr fix
ok djm@

2 years agowhitespace
djm [Wed, 31 Aug 2022 02:56:40 +0000 (02:56 +0000)]
whitespace

2 years agoRefine the change in rev 1.125: the UVM mitigation for CoW faulting
guenther [Wed, 31 Aug 2022 01:27:04 +0000 (01:27 +0000)]
Refine the change in rev 1.125: the UVM mitigation for CoW faulting
when multiple CPUs are running threads in the process is only needed
when there can be multiple CPUs, so save a fault on SP builds.

ok miod@ mpi@

2 years agostray tab
tb [Tue, 30 Aug 2022 23:41:53 +0000 (23:41 +0000)]
stray tab

2 years agowhitespace
tb [Tue, 30 Aug 2022 23:40:37 +0000 (23:40 +0000)]
whitespace

2 years agoAdd ASPA regress bits
job [Tue, 30 Aug 2022 22:48:16 +0000 (22:48 +0000)]
Add ASPA regress bits

2 years agoAvoid dead assignment
tb [Tue, 30 Aug 2022 22:42:32 +0000 (22:42 +0000)]
Avoid dead assignment

2 years agoCheck HMAC() return value to avoid a later use of uninitialized
tb [Tue, 30 Aug 2022 20:40:14 +0000 (20:40 +0000)]
Check HMAC() return value to avoid a later use of uninitialized

CID 25421

2 years agoRemove a commented-out sk_push that has been hanging around for > 20 years
tb [Tue, 30 Aug 2022 20:20:02 +0000 (20:20 +0000)]
Remove a commented-out sk_push that has been hanging around for > 20 years

2 years agoremove an unused argument of ixgbe_rx_checksum()
benno [Tue, 30 Aug 2022 19:52:58 +0000 (19:52 +0000)]
remove an unused argument of ixgbe_rx_checksum()
ok mbuhl@

2 years agoSyzkaller found a missing input validation in pipex mppe keylenbits.
bluhm [Tue, 30 Aug 2022 19:42:29 +0000 (19:42 +0000)]
Syzkaller found a missing input validation in pipex mppe keylenbits.
Reported-by: syzbot+2eca95b271d07ab91b43@syzkaller.appspotmail.com
tested yasuoka@; OK mvs@ yasuoka@

2 years agochacha20_poly1305_cleanup() should return 1
tb [Tue, 30 Aug 2022 19:33:26 +0000 (19:33 +0000)]
chacha20_poly1305_cleanup() should return 1

Otherwise EVP_CIPHER_CTX_cleanup() leaks, as spotted by the ASAN CI.

ok jsing

2 years agoAdd support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)
job [Tue, 30 Aug 2022 18:56:49 +0000 (18:56 +0000)]
Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

2 years agoSwitch nexthop hash to a RB tree.
claudio [Tue, 30 Aug 2022 18:50:21 +0000 (18:50 +0000)]
Switch nexthop hash to a RB tree.
OK benno@

2 years agoNuke disktab.h references in preparation for nuking disktab.h.
krw [Tue, 30 Aug 2022 18:50:06 +0000 (18:50 +0000)]
Nuke disktab.h references in preparation for nuking disktab.h.

disktab.h has not been used or useful for a looooong time.

Detailed historical research by jsg@.

ok jsg@ deraadt@

2 years agoRemove struct ifnet's unused if_switchport member
kn [Tue, 30 Aug 2022 18:23:58 +0000 (18:23 +0000)]
Remove struct ifnet's unused if_switchport member

This is a switch(4) left-over.

Even though it is defined under _KERNEL, a few ports do define it and
include <net/if_var.h>, so this removal warrants a REVISION bump for all
potential ports consumers (once ports bulk machines run on a snapshot
containing this commit).

OK mvs

2 years agoPlug leak of BIO in tls13_quic_init()
tb [Tue, 30 Aug 2022 18:23:40 +0000 (18:23 +0000)]
Plug leak of BIO in tls13_quic_init()

If rbio and wbio are the same, SSL_free() only frees one BIO, so the
BIO_up_ref() before SSL_set_bio() leads to a leak.

ok jsing

2 years agoRemove now unused search variable. Missed in previous.
martijn [Tue, 30 Aug 2022 17:37:03 +0000 (17:37 +0000)]
Remove now unused search variable. Missed in previous.

OK tb@

2 years agoRemove the downwards check for overlapping regions when the subtree flag is
martijn [Tue, 30 Aug 2022 17:33:20 +0000 (17:33 +0000)]
Remove the downwards check for overlapping regions when the subtree flag is
set.

There's a bit of inverted logic in there and this feature will probably get
in the way of the blocklist feature (and maybe others)

OK tb@

2 years agoInitial support for mmio assist for vmm(4)
dv [Tue, 30 Aug 2022 17:09:21 +0000 (17:09 +0000)]
Initial support for mmio assist for vmm(4)

Provide the basic information required for a userland assist in
emulating instructions touching mmio regions, sending as much
information as is provided by the host hardware.

No decode or assist provided at the moment by vmd(8).

ok mlarkin@

2 years agoRemove long unused WARN_REFERENCES macro; idea guenther@, ok jsg@ jca@
miod [Tue, 30 Aug 2022 16:26:29 +0000 (16:26 +0000)]
Remove long unused WARN_REFERENCES macro; idea guenther@, ok jsg@ jca@

2 years agoFix uninitialized variable after the switch to (*pru_send); found the hard
miod [Tue, 30 Aug 2022 16:24:16 +0000 (16:24 +0000)]
Fix uninitialized variable after the switch to (*pru_send); found the hard
way on alpha.
ok bluhm@ mvs@

2 years agoUse BUFSIZ instead of PATH_MAX. Since it doesn't anything with a file
yasuoka [Tue, 30 Aug 2022 16:06:09 +0000 (16:06 +0000)]
Use BUFSIZ instead of PATH_MAX.  Since it doesn't anything with a file
system path.  input from claudio

ok tb claudio

2 years agoAdd missing #include <sys/queue.h>
claudio [Tue, 30 Aug 2022 16:00:21 +0000 (16:00 +0000)]
Add missing #include <sys/queue.h>

2 years agoGive a string which length is multiple of 4 to b64_pton() since the
yasuoka [Tue, 30 Aug 2022 15:57:19 +0000 (15:57 +0000)]
Give a string which length is multiple of 4 to b64_pton() since the
function assumes that the input ends at end of 24-bit group.

ok tb claudio

2 years agocopy over av_oid_end.bo_n instead of av_oid.bo_n bytes when copying over
martijn [Tue, 30 Aug 2022 14:54:18 +0000 (14:54 +0000)]
copy over av_oid_end.bo_n instead of av_oid.bo_n bytes when copying over
the searchrange end oid.

OK tb@

2 years agoAvoid leak in proxy_parse_uri()
tb [Tue, 30 Aug 2022 14:33:26 +0000 (14:33 +0000)]
Avoid leak in proxy_parse_uri()

with/ok claudio

2 years agoReshuffle and cleanup the includes a little bit.
claudio [Tue, 30 Aug 2022 12:49:13 +0000 (12:49 +0000)]
Reshuffle and cleanup the includes a little bit.

2 years agoIn RRDP mode it is possible that a file in the validated cache dir is
claudio [Tue, 30 Aug 2022 12:45:13 +0000 (12:45 +0000)]
In RRDP mode it is possible that a file in the validated cache dir is
no longer valid while the newer file in the .rrdp directory is not (yet)
valid. In this case do not copy the old file over the newer file.
RRDP has no method to identiy inconsistent repos (unlike rsync) so if
the wrong file is put in .rrdp it is not noticed appart from the
verification process failing for that file.
OK tb@ job@

2 years agoRefactor internet PCB lookup function. Rename in_pcbhashlookup()
bluhm [Tue, 30 Aug 2022 11:53:03 +0000 (11:53 +0000)]
Refactor internet PCB lookup function.  Rename in_pcbhashlookup()
so the public API is in_pcblookup() and in_pcblookup_listen().  For
internal use introduce in_pcbhash_insert() and in_pcbhash_lookup()
to avoid code duplication.  Routing domain is unsigned, change the
type to u_int.
OK mvs@

2 years agoProtect the receive socket buffer in UDP input with per PCB mutex.
bluhm [Tue, 30 Aug 2022 09:35:24 +0000 (09:35 +0000)]
Protect the receive socket buffer in UDP input with per PCB mutex.
OK claudio@ mvs@

2 years agoPlug memory leak in X509_REQ_print_ex()
tb [Tue, 30 Aug 2022 08:45:06 +0000 (08:45 +0000)]
Plug memory leak in X509_REQ_print_ex()

CID 356353

ok jsing

2 years agoMove duplicated code to free swap resources into its own function.
mpi [Tue, 30 Aug 2022 08:30:58 +0000 (08:30 +0000)]
Move duplicated code to free swap resources into its own function.

ok mlarkin@

2 years agosync to libunbound 1.16.2; heavy lifting by sthen
florian [Tue, 30 Aug 2022 05:46:50 +0000 (05:46 +0000)]
sync to libunbound 1.16.2; heavy lifting by sthen

2 years agooverriden -> overridden;
jmc [Tue, 30 Aug 2022 05:40:28 +0000 (05:40 +0000)]
overriden -> overridden;

2 years agoFix growth check in compress(1)/gzip(1)
tb [Mon, 29 Aug 2022 19:42:01 +0000 (19:42 +0000)]
Fix growth check in compress(1)/gzip(1)

If a compressed file is larger than its expanded version, compress(1) and
gzip(1) don't compress unless -f is given. As found by gkoehler, the check
is not quite correct for very small files or files with sufficiently random
data. Fix the check so that slight growth still triggers the check.

ok millert

2 years agoPrint warning when a GPT partition start or end is outside the
krw [Mon, 29 Aug 2022 19:39:10 +0000 (19:39 +0000)]
Print warning when a GPT partition start or end is outside the
usable LBA area of the device the GPT is currently inhabiting.

Makes GPT display as informative as MBR display.

In passing, eliminate possible underflow in partition size
calculation.

ok deraadt@

2 years agoWhen using logger(1), also log the message to standard error so we don't
ajacoutot [Mon, 29 Aug 2022 19:37:32 +0000 (19:37 +0000)]
When using logger(1), also log the message to standard error so we don't
have to check syslog when running in debug mode (`-d').

2 years agoUse rc_configtest.
ajacoutot [Mon, 29 Aug 2022 19:14:25 +0000 (19:14 +0000)]
Use rc_configtest.

2 years agoIntroduce the rc_configtest() function.
ajacoutot [Mon, 29 Aug 2022 19:14:02 +0000 (19:14 +0000)]
Introduce the rc_configtest() function.
By default it just returns "0" but can be overriden by rc.d scripts to check
that the daemon configuration is valid when running "start", "reload" and
"restart".

2 years agoExamine RAID-1C-specific softraid(4) meta-data when checking for
stsp [Mon, 29 Aug 2022 19:01:52 +0000 (19:01 +0000)]
Examine RAID-1C-specific softraid(4) meta-data when checking for
a key disk which is associated with a RAID-1C volume.

ok jsing@, style tweak + ok kn@

2 years agosoftraid: make verbose messages -n/nowrite aware
kn [Mon, 29 Aug 2022 18:54:43 +0000 (18:54 +0000)]
softraid: make verbose messages -n/nowrite aware

Using installboot(8) in dry-run mode aka. -vn (verbose + nowrite) and first
reading "would install" followed by an "installing" made me uneasy.

Luckily, nothing was written in dry-run mode, it's just that the
softraid specific code fails to honour -n/nowrite.

So make sure it does and pull the printf out of `if (!nowrite)' so we
see the "would install" messages in dry-run mode in the first place.

Output diff for root on CRYPTO softraid on biosboot(8/amd64) to illustrate:

    -# installboot -nv sd1
    +# ./obj/installboot -nv sd1
     would install bootstrap on /dev/rsd1c
     using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
     sd1: softraid volume with 1 disk(s)
    +sd1: would install boot loader on softraid volume
     /usr/mdec/boot is 6 blocks x 16384 bytes
    -sd0a: installing boot blocks on /dev/rsd0c, part offset 144
    +sd0a: would install boot blocks on /dev/rsd0c, part offset 144
     master boot record (MBR) at sector 0
      partition 3: type 0xA6 offset 64 size 488392001
     /usr/mdec/biosboot will be written at sector 64

OK jsing

2 years agomissing period
tb [Mon, 29 Aug 2022 18:54:06 +0000 (18:54 +0000)]
missing period

2 years agoHook up installboot(8) tests on i386
kn [Mon, 29 Aug 2022 18:42:28 +0000 (18:42 +0000)]
Hook up installboot(8) tests on i386

Passes like amd64 as both use MBR/biosboot(8) at the moment.

2 years agoSimplify load_skiplist()
tb [Mon, 29 Aug 2022 18:28:35 +0000 (18:28 +0000)]
Simplify load_skiplist()

Instead of copy-pasting valid_uri(), we can call the real thing. That's
also not ideal since we actually check for an FQDN, but it's a bit
simpler.

ok claudio

2 years agoAdjust rde_decide_test.c since struct aspath changed.
claudio [Mon, 29 Aug 2022 18:20:32 +0000 (18:20 +0000)]
Adjust rde_decide_test.c since struct aspath changed.

2 years agoaspath_refs is gone, adjust code
claudio [Mon, 29 Aug 2022 18:19:21 +0000 (18:19 +0000)]
aspath_refs is gone, adjust code

2 years agoInstead of a global aspath cache copy the aspath attribute per rde_aspath
claudio [Mon, 29 Aug 2022 18:18:55 +0000 (18:18 +0000)]
Instead of a global aspath cache copy the aspath attribute per rde_aspath
struct. It uses a bit more memory but improves performance a lot on really
big systems because aspath_get() becomes a very hot function.
OK tb@

2 years agoClean up a couple of log lines.
martijn [Mon, 29 Aug 2022 18:10:48 +0000 (18:10 +0000)]
Clean up a couple of log lines.

OK tb@

2 years agoAllow overlapping regions (if subtree claim flag is set) when the backends
martijn [Mon, 29 Aug 2022 18:05:08 +0000 (18:05 +0000)]
Allow overlapping regions (if subtree claim flag is set) when the backends
are identical.

OK tb@

2 years agoUse fatal("%s", __func__); instead of fatal("function_name");
claudio [Mon, 29 Aug 2022 18:04:51 +0000 (18:04 +0000)]
Use fatal("%s", __func__); instead of fatal("function_name");
OK tb@

2 years agoMake sure oidbuf is initialized when we hit the overlap case.
martijn [Mon, 29 Aug 2022 18:02:37 +0000 (18:02 +0000)]
Make sure oidbuf is initialized when we hit the overlap case.

OK tb@

2 years agoFix integer overflows in iwm(4) and iwx(4) firmware file parsers.
stsp [Mon, 29 Aug 2022 17:59:12 +0000 (17:59 +0000)]
Fix integer overflows in iwm(4) and iwx(4) firmware file parsers.

Found by hshoexer and gerhard@, and reported to me by Christian Ehrhardt.

ok gerhard@

2 years agoNot all binaries in /sbin are static...
deraadt [Mon, 29 Aug 2022 17:24:56 +0000 (17:24 +0000)]
Not all binaries in /sbin are static...

2 years agoPut printing the EFI memory map behind and #ifdef.
kettenis [Mon, 29 Aug 2022 17:13:57 +0000 (17:13 +0000)]
Put printing the EFI memory map behind and #ifdef.

ok deraadt@

2 years agoMention installation using the framebuffer console on armv7.
fcambus [Mon, 29 Aug 2022 17:05:38 +0000 (17:05 +0000)]
Mention installation using the framebuffer console on armv7.

It is possible to install OpenBSD/armv7 using the framebuffer console on
systems supporting the simplefb(4) driver, such as the Cubieboard2.

OK miod@

2 years agoDynamically link these /sbin daemons: dhcpleased, mountd, nfsd, pflogd,
deraadt [Mon, 29 Aug 2022 17:00:29 +0000 (17:00 +0000)]
Dynamically link these /sbin daemons: dhcpleased, mountd, nfsd, pflogd,
resolvd, slaacd, unwind.
The mitigation story is way better: syscalls are in a randomly located
libc, and every syscall stub is randomly located inside that due to
random relinking.  As opposed to fixed offset inside a release binary.
There is one known consequence: /usr nfs mounting must use statically
configured IP addresses.
ok kettenis florian, others

2 years agoIf ld.so loading fails inside execve, uprintf a message to report this
deraadt [Mon, 29 Aug 2022 16:53:46 +0000 (16:53 +0000)]
If ld.so loading fails inside execve, uprintf a message to report this
before the SIGABRT kills the process.  This clarifies the failure mode
(and resolution to take) when a dynamic executable is run while /usr
isn't mounted.  ok miod kettenis

2 years agoSwitch the DB of communities collections to a RB tree instead of an
claudio [Mon, 29 Aug 2022 16:44:47 +0000 (16:44 +0000)]
Switch the DB of communities collections to a RB tree instead of an
undersized hash table.
OK tb@

2 years agoSwitch rde_aspath to a RB tree instead of a hash table.
claudio [Mon, 29 Aug 2022 16:43:07 +0000 (16:43 +0000)]
Switch rde_aspath to a RB tree instead of a hash table.
OK tb@

2 years agomerge updates
sthen [Mon, 29 Aug 2022 16:04:59 +0000 (16:04 +0000)]
merge updates

2 years agoimport unbound 1.16.2, ok florian@ tb@ also tested by Alex Holst
sthen [Mon, 29 Aug 2022 16:03:46 +0000 (16:03 +0000)]
import unbound 1.16.2, ok florian@ tb@ also tested by Alex Holst

2 years agoWork around MSI and INTx issues on Qualcomm SC8280XP. This makes the NVMe
kettenis [Mon, 29 Aug 2022 15:42:25 +0000 (15:42 +0000)]
Work around MSI and INTx issues on Qualcomm SC8280XP.  This makes the NVMe
work on the Lenovo x13s.

ok dv@

2 years agoregen
kettenis [Mon, 29 Aug 2022 15:40:26 +0000 (15:40 +0000)]
regen

2 years agoAdd Qualcomm SC8280XP PCIe.
kettenis [Mon, 29 Aug 2022 15:39:55 +0000 (15:39 +0000)]
Add Qualcomm SC8280XP PCIe.

ok dv@

2 years agoreport pending update and withdraw routes in the show neighbor output.
claudio [Mon, 29 Aug 2022 14:58:15 +0000 (14:58 +0000)]
report pending update and withdraw routes in the show neighbor output.
OK tb@

2 years agoExport pending update and withdraw as part of struct peer_stats.
claudio [Mon, 29 Aug 2022 14:57:27 +0000 (14:57 +0000)]
Export pending update and withdraw as part of struct peer_stats.
OK tb@

2 years agoDo not calculate the output protocol checksum in the IP input path.
bluhm [Mon, 29 Aug 2022 14:43:56 +0000 (14:43 +0000)]
Do not calculate the output protocol checksum in the IP input path.
This logic was introduced in 2013 when pf checksum fixup was
temporarily removed.  After restoring the pf bahavior in 2016, it
should not be necessary anymore.
OK claudio@

2 years agoWhen there are two overlapping regions handled by the same backend we might
martijn [Mon, 29 Aug 2022 13:25:18 +0000 (13:25 +0000)]
When there are two overlapping regions handled by the same backend we might
traverse back in the tree; Make sure this doesn't happen.

OK tb@

2 years agoWhen a backend disappears while handling a request, make sure that the
martijn [Mon, 29 Aug 2022 13:23:32 +0000 (13:23 +0000)]
When a backend disappears while handling a request, make sure that the
outstanding requests are handled by the next backend, instead of leaking
memory.

OK tb@

2 years agoLet snmpd check a response package against the requested searchrange end.
martijn [Mon, 29 Aug 2022 13:19:05 +0000 (13:19 +0000)]
Let snmpd check a response package against the requested searchrange end.

If the returned OID is beyond the searchrange end we have two cases:
- If the backend supports searchranges (agentx) we generate a GENERR and
  close the connection.
- If the backend doesn't support searchranges (legacy and maybe a future
  snmp proxy) we simply fix-up the result.

OK tb@

2 years agoFix a case where EndOfMibView wasn't honoured.
martijn [Mon, 29 Aug 2022 12:17:24 +0000 (12:17 +0000)]
Fix a case where EndOfMibView wasn't honoured.

OK tb@

2 years agomount /usr earlier, to satisfy dynamically-linked daemons in /sbin better
deraadt [Mon, 29 Aug 2022 11:51:05 +0000 (11:51 +0000)]
mount /usr earlier, to satisfy dynamically-linked daemons in /sbin better
(there will be more soon)

2 years agoUse a rwlock and a mutex to serialize access to global swap variables.
mpi [Mon, 29 Aug 2022 11:09:31 +0000 (11:09 +0000)]
Use a rwlock and a mutex to serialize access to global swap variables.

Adapted from NetBSD by tb@.

ok tb@, kn@

2 years agoSendmsg could crash in tcp_output due to a missing check after the
mbuhl [Mon, 29 Aug 2022 09:50:38 +0000 (09:50 +0000)]
Sendmsg could crash in tcp_output due to a missing check after the
introduction of tcp_send.
OK mvs@, bluhm@, gnezdo@
Reported-by: syzbot+e859fd353c90eeac26f8@syzkaller.appspotmail.com
2 years agoMove PRU_RCVOOB request to (*pru_rcvoob)().
mvs [Mon, 29 Aug 2022 08:08:17 +0000 (08:08 +0000)]
Move PRU_RCVOOB request to (*pru_rcvoob)().

ok bluhm@

2 years agoUse struct refcnt for interface address reference counting.
bluhm [Mon, 29 Aug 2022 07:51:45 +0000 (07:51 +0000)]
Use struct refcnt for interface address reference counting.
There was a crash due to use after free of the ifa although it is
ref counted.  As ifa_refcnt was a simple integer increment, there
may be a path where multiple CPUs access it concurrently.  So change
to struct refcnt which is MP safe and provides dt(4) leak debugging.
Link level address for IPsec enc(4) and various MPLS interfaces is
special.  There ifa is part of struct sc.  Use refcount anyway and
add a panic to detect use after free.
bug report stsp@; OK mvs@

2 years agoremove unused macppc headers
jsg [Mon, 29 Aug 2022 07:35:40 +0000 (07:35 +0000)]
remove unused macppc headers
ok miod@ mpi@ gnezdo@

2 years agoPrint warning when an MBR partition starts or extends past the
krw [Mon, 29 Aug 2022 07:19:14 +0000 (07:19 +0000)]
Print warning when an MBR partition starts or extends past the
end of the device the MBR is currently inhabiting.

Prompted by some interesting MBR's from France, verbiage
suggestion from deraadt@, ok miod@

2 years agoProvide ERR_R_INIT_FAIL.
jsing [Mon, 29 Aug 2022 06:49:24 +0000 (06:49 +0000)]
Provide ERR_R_INIT_FAIL.

Needed for an upcoming change.

ok tb@

2 years agoProvide ASN1_R_TYPE_NOT_PRIMITIVE.
jsing [Mon, 29 Aug 2022 06:48:58 +0000 (06:48 +0000)]
Provide ASN1_R_TYPE_NOT_PRIMITIVE.

Needed for an upcoming change.

ok tb@

2 years agostatic const, not const static
jsg [Mon, 29 Aug 2022 06:08:03 +0000 (06:08 +0000)]
static const, not const static

c99 6.11.5:
"The placement of a storage-class specifier other than at the beginning
of the declaration specifiers in a declaration is an obsolescent
feature."

ok miod@ tb@

2 years agosync
jsg [Mon, 29 Aug 2022 05:31:16 +0000 (05:31 +0000)]
sync