openbsd
21 months agodrm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
jsg [Fri, 13 Jan 2023 01:32:39 +0000 (01:32 +0000)]
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()

From Dan Carpenter
20a07570c1667a48fe50fdfa59f4ece57775b69a in linux-6.1.y/6.1.5
3792fc508c095abd84b10ceae12bd773e61fdc36 in mainline linux

21 months agoadd acpi_video_report_nolcd() for 6.1.5 drm
jsg [Fri, 13 Jan 2023 01:27:41 +0000 (01:27 +0000)]
add acpi_video_report_nolcd() for 6.1.5 drm

21 months agoDisable double width and height escape sequences under SMALL_KERNEL.
nicm [Thu, 12 Jan 2023 20:39:37 +0000 (20:39 +0000)]
Disable double width and height escape sequences under SMALL_KERNEL.

ok miod

21 months agofree(NULL) has been allowed in the kernel since 5.4; remove checks.
miod [Thu, 12 Jan 2023 20:13:28 +0000 (20:13 +0000)]
free(NULL) has been allowed in the kernel since 5.4; remove checks.

21 months agoUpdate luna88k boot procedure; help & tweaks jmc@
miod [Thu, 12 Jan 2023 19:37:53 +0000 (19:37 +0000)]
Update luna88k boot procedure; help & tweaks jmc@

21 months agoHave tmux recognise pasted texts wrapped in bracket paste sequences,
nicm [Thu, 12 Jan 2023 18:49:11 +0000 (18:49 +0000)]
Have tmux recognise pasted texts wrapped in bracket paste sequences,
rather than only forwarding them to the program inside. From Andrew
Onyshchuk in GitHub issue 3431.

21 months agoSplit rde_filterstate_prep() into three functions.
claudio [Thu, 12 Jan 2023 17:35:51 +0000 (17:35 +0000)]
Split rde_filterstate_prep() into three functions.
- rde_filterstate_init(): initialize a filterstate to default values
- rde_filterstate_copy(): copy from a filterstate into a new state object
- rde_filterstate_prep(): set filtersate based on prefix passed as argument.

This makes the code a bit easier to read.
OK tb@

21 months agoOn '!', drop into a proper ksh(1) instead of a limited sh(1) lacking
kn [Thu, 12 Jan 2023 15:03:23 +0000 (15:03 +0000)]
On '!', drop into a proper ksh(1) instead of a limited sh(1) lacking
arithmetic expression `(( ... ))' and more.

OK deraadt

21 months agodiff from sobrado to use a full argument name for -s: after some discussion
jmc [Thu, 12 Jan 2023 14:08:39 +0000 (14:08 +0000)]
diff from sobrado to use a full argument name for -s: after some discussion
we used "signal", as per pkill/pgrep; also lift the descriptive text
from kill.1 to clarify that both signal name and number are accepted;

ok sobrado job

21 months agoBinding the accept socket in TCP input relies on the fact that the
bluhm [Thu, 12 Jan 2023 13:09:47 +0000 (13:09 +0000)]
Binding the accept socket in TCP input relies on the fact that the
listen port is not bound to port 0.  With a matching pf divert-to
rule this assumption is no longer true and could crash the kernel
with kassert.  In both pf and stack drop TCP packets with destination
port 0 before they can do harm.
OK sashan@ claudio@

21 months agoremove outdated "expected to be compliant"
jsg [Thu, 12 Jan 2023 12:56:07 +0000 (12:56 +0000)]
remove outdated "expected to be compliant"
ok miod@ kn@ deraadt@

21 months agoAdd CBT (cursor back tab) sequence, from Crystal Kolipe kolipe.c at
nicm [Thu, 12 Jan 2023 12:34:06 +0000 (12:34 +0000)]
Add CBT (cursor back tab) sequence, from Crystal Kolipe kolipe.c at
exoticsilicon dot com.

ok miod

21 months agoAdd aixterm bright colour sequences (SGR 90-97 and 100-107). From
nicm [Thu, 12 Jan 2023 12:28:08 +0000 (12:28 +0000)]
Add aixterm bright colour sequences (SGR 90-97 and 100-107). From
Crystal Kolipe kolipe.c at exoticsilicon dot com.

ok miod

21 months agoAdd some missing cursor movement and scrolling escape sequences that are
nicm [Thu, 12 Jan 2023 12:23:40 +0000 (12:23 +0000)]
Add some missing cursor movement and scrolling escape sequences that are
supported by xterm. From Crystal Kolipe kolipe.c at exoticsilicon dot
com.

ok miod

21 months agoUse solock() instead solock_shared() within sys_getsockopt(). Otherwise
mvs [Thu, 12 Jan 2023 10:59:36 +0000 (10:59 +0000)]
Use solock() instead solock_shared() within sys_getsockopt(). Otherwise
we acquiring kernel lock with mutex(9) held. This partially reverts
rev 1.205 of sys/kern/uipc_syscalls.c. Shared solock() is still fine for
getsockname(2) and getpeername(2).

Reported-by: syzbot+00a4824cb1b6a214c7d6@syzkaller.appspotmail.com
ok kn@ claudio@

21 months agoIn build_aspath() be more careful in the len == 0 case. For len == 0
claudio [Thu, 12 Jan 2023 08:47:07 +0000 (08:47 +0000)]
In build_aspath() be more careful in the len == 0 case. For len == 0
aspath->data should not be touched so just exit early.
While there also initalize source_as correctly in the rev case. This
does not matter here but is more correct.
Problem noticed by anton@
OK tb@

21 months agoUse proper sparc64 illtrap instruction as text sections filler, rather than
miod [Thu, 12 Jan 2023 07:25:29 +0000 (07:25 +0000)]
Use proper sparc64 illtrap instruction as text sections filler, rather than
the x86 one.

21 months agoFix trivial stack buf oflow
miod [Thu, 12 Jan 2023 07:18:25 +0000 (07:18 +0000)]
Fix trivial stack buf oflow

21 months agoCompiling kernel with witness option failed since drm update. Do
bluhm [Thu, 12 Jan 2023 00:27:26 +0000 (00:27 +0000)]
Compiling kernel with witness option failed since drm update.  Do
not define struct rwlock variable within function, witness needs
global access.
OK jsg@

21 months agoImplement X-only mappings on sun4u by not letting the dtlb miss handler
miod [Wed, 11 Jan 2023 19:57:17 +0000 (19:57 +0000)]
Implement X-only mappings on sun4u by not letting the dtlb miss handler
allow ttes with the "exec only" bit; joint work with deraadt@, unfortunately
no effect on sun4v due to the lack of software bits in ttes to fit an
"exec only" bit.

ok deraadt@ kettenis@

21 months agobe very paranoid like other architectures and force no-jump-tables
deraadt [Wed, 11 Jan 2023 17:16:33 +0000 (17:16 +0000)]
be very paranoid like other architectures and force no-jump-tables
came up in two seperate conversations with miod and kettenis

21 months agoAdd the validation state to the filterstate struct.
claudio [Wed, 11 Jan 2023 17:10:25 +0000 (17:10 +0000)]
Add the validation state to the filterstate struct.
Removes vstate argument from rde_filter().
Rename prefix_vstate() to prefix_roa_vstate().
OK tb@

21 months agoblock --execute-only on mips64 & sparc64 during the upcoming transition.
deraadt [Wed, 11 Jan 2023 17:00:20 +0000 (17:00 +0000)]
block --execute-only on mips64 & sparc64 during the upcoming transition.
a seatbelt, because libc build corruption is too painful.

21 months agobased upon inspection of obj/*.S ...
deraadt [Wed, 11 Jan 2023 16:36:44 +0000 (16:36 +0000)]
based upon inspection of obj/*.S ...
temporarily force sparc64 libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.

21 months agoput LD_SCRIPT in the canonical location
deraadt [Wed, 11 Jan 2023 16:33:36 +0000 (16:33 +0000)]
put LD_SCRIPT in the canonical location

21 months agoAdd ld.so linker scripts on the remaining platforms.
miod [Wed, 11 Jan 2023 16:31:46 +0000 (16:31 +0000)]
Add ld.so linker scripts on the remaining platforms.

21 months agotemporarily force hppa libcrypto to be built --no-execute-only because
deraadt [Wed, 11 Jan 2023 16:25:13 +0000 (16:25 +0000)]
temporarily force hppa libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
ok miod

21 months agoforce-disable jump tables in ld.so building on sparc64, to ease the
deraadt [Wed, 11 Jan 2023 16:21:32 +0000 (16:21 +0000)]
force-disable jump tables in ld.so building on sparc64, to ease the
exonly transition for people building through an upcoming commit series

21 months agothe kernel on mips64 (octeon, loongson) is in good enough shape to run
deraadt [Wed, 11 Jan 2023 15:14:01 +0000 (15:14 +0000)]
the kernel on mips64 (octeon, loongson) is in good enough shape to run
--execute-only ld.so (meaning FLAGS (1) on the LOAD line for the text
segment, in the ld.script).  the linker, when using built-in linker scripts,
is not ready yet for other libraries / binaries..

21 months agodo not need --execute-only anymore, it is now the default
deraadt [Wed, 11 Jan 2023 14:38:09 +0000 (14:38 +0000)]
do not need --execute-only anymore, it is now the default

21 months agoarm64 and riscv64 can now do --execute-only by default
deraadt [Wed, 11 Jan 2023 14:33:33 +0000 (14:33 +0000)]
arm64 and riscv64 can now do --execute-only by default
ok kettenis

21 months agohppa can switch over to --execute-only by default.
deraadt [Wed, 11 Jan 2023 14:30:47 +0000 (14:30 +0000)]
hppa can switch over to --execute-only by default.
ok kettenis

21 months agoAdd a somewhat extensive unittest for ASPA validation functionality.
claudio [Wed, 11 Jan 2023 13:55:08 +0000 (13:55 +0000)]
Add a somewhat extensive unittest for ASPA validation functionality.

21 months agoAdd ASPA validation functions to the RDE.
claudio [Wed, 11 Jan 2023 13:53:17 +0000 (13:53 +0000)]
Add ASPA validation functions to the RDE.

This implements ASPA validation based on the current draft. Implementing
this showed various weaknesses in the current ASPA draft which I hope to
fix in the near future.

Unlike the algorithm specified in the draft our version validates the
AS_PATH attribute in a single path doing one or two lookups depending on
the sessions BGP role.

The code is not yet hooked up into the RDE (see the NOTYET blocks).
Missing are reload logic, bgpctl integration and the loading of the
merged ASPA set from the rtr process.

OK tb@

21 months agoRemove rasops_isgray, this is no longer used. From Crystal Kolipe
nicm [Wed, 11 Jan 2023 12:47:04 +0000 (12:47 +0000)]
Remove rasops_isgray, this is no longer used. From Crystal Kolipe
kolipe.c at exoticsilicon dot com.

ok miod

21 months agoMake sure we also remove read access in pmap_page_ro() when the new
kettenis [Wed, 11 Jan 2023 11:10:25 +0000 (11:10 +0000)]
Make sure we also remove read access in pmap_page_ro() when the new
permissions only allow execution.  Make sure we completely invalidate
the PTE if the intersection between the old and new permissions is the
empty set.

ok deraadt@, mpi@

21 months agoMake sure we also remove read access in pmap_page_ro() when the new
kettenis [Wed, 11 Jan 2023 11:09:17 +0000 (11:09 +0000)]
Make sure we also remove read access in pmap_page_ro() when the new
permissions only allow execution.  Make sure we completely invalidate
the PTE if the intersection between the old and new permissions is the
empty set.

ok drahn@, deraadt@, mpi@

21 months agomake REGRESS_CLEANUP consistent with REGRESS_CLEANUP found
sashan [Wed, 11 Jan 2023 08:11:07 +0000 (08:11 +0000)]
make REGRESS_CLEANUP consistent with REGRESS_CLEANUP found
in pf_state/Makefile.

discussed with anton@

OK anton@

21 months agoclamp the minimum buffer lengths and number of inflight requests too
djm [Wed, 11 Jan 2023 05:39:38 +0000 (05:39 +0000)]
clamp the minimum buffer lengths and number of inflight requests too

21 months agoignore bogus upload/download buffer lengths in the limits extension
djm [Wed, 11 Jan 2023 05:36:50 +0000 (05:36 +0000)]
ignore bogus upload/download buffer lengths in the limits extension

21 months agoClean up and simplify BIGNUM handling in DSA code.
jsing [Wed, 11 Jan 2023 04:39:42 +0000 (04:39 +0000)]
Clean up and simplify BIGNUM handling in DSA code.

This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks
before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls
BN_free() instead of BN_clear_free() (which does the same thing).

Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the
BN_CTX that is already available.

ok tb@

21 months agoSimplify BIGNUM handling in dsa_builtin_keygen().
jsing [Wed, 11 Jan 2023 04:35:26 +0000 (04:35 +0000)]
Simplify BIGNUM handling in dsa_builtin_keygen().

Rather than having complicated "attempt to reuse" dances, always allocate
priv_key/pub_key, then free and assign on success.

ok tb@

21 months agoReplace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().
jsing [Wed, 11 Jan 2023 04:26:24 +0000 (04:26 +0000)]
Replace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().

Currently, BN_lshift1() and BN_rshift1() are separate implementations
that are intended to be faster since the shift is known (and only one bit
crosses a word boundary). However, with the rewrite of BN_lshift() and
BN_rshift(), they are either slower or only minimally faster (depending
on architecture).

Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that
call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and
BN_rshift() call the same inlined implementation. This results in a single
implementation and BN_lshift1()/BN_rshift1() that out perform the previous
versions (in part due to compiler optimisation).

Now that none of the original code exists, replace the license and
copyright for this file.

ok tb@

21 months agoUse 64-bit page table entries on octeon
visa [Wed, 11 Jan 2023 03:28:42 +0000 (03:28 +0000)]
Use 64-bit page table entries on octeon

This (over-)compensates for the frame bit reduction related to the
TLB read inhibit support. However, the memory overhead of page tables
is increased.

OK miod@

21 months agoEnable TLB read inhibit on OCTEON Plus and newer SoCs.
visa [Wed, 11 Jan 2023 03:20:52 +0000 (03:20 +0000)]
Enable TLB read inhibit on OCTEON Plus and newer SoCs.

OK deraadt@

21 months agoAdd TLB bypass for instruction emulation
visa [Wed, 11 Jan 2023 03:19:52 +0000 (03:19 +0000)]
Add TLB bypass for instruction emulation

copyinsn() fetches a userland instruction through the direct map.
This lets emulation work with execute-only virtual memory mappings.

OK deraadt@

21 months agoAdd MIPS64r2 TLB read inhibit support
visa [Wed, 11 Jan 2023 03:17:56 +0000 (03:17 +0000)]
Add MIPS64r2 TLB read inhibit support

OK deraadt@ miod@

21 months agoi386/machdep.c: revert revisions 1.659 and 1.660
cheloha [Wed, 11 Jan 2023 02:49:34 +0000 (02:49 +0000)]
i386/machdep.c: revert revisions 1.659 and 1.660

"put it back" kettenis@

21 months agoremove whitespace at EOL from code extracted from SUPERCOP
djm [Wed, 11 Jan 2023 02:13:52 +0000 (02:13 +0000)]
remove whitespace at EOL from code extracted from SUPERCOP

21 months agoAdd retguard to amd64 syscalls.
mortimer [Wed, 11 Jan 2023 01:55:17 +0000 (01:55 +0000)]
Add retguard to amd64 syscalls.

Since we got rid of padded syscalls we have enough registers to do this.

ok deraadt@ ok kettenis@

21 months agorewrite this test to use a multiplexed ssh session so we can control
djm [Wed, 11 Jan 2023 00:51:27 +0000 (00:51 +0000)]
rewrite this test to use a multiplexed ssh session so we can control
its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable

21 months agoSwitch scp from using pipes to a socketpair for communication with
millert [Tue, 10 Jan 2023 23:22:15 +0000 (23:22 +0000)]
Switch scp from using pipes to a socketpair for communication with
it's ssh sub-processes.  We no longer need to reserve two descriptors
to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main().
Based on an original diff from djm@.  OK deraadt@ djm@

21 months agoUse atomic ops on the set of used segment registers
gkoehler [Tue, 10 Jan 2023 21:27:12 +0000 (21:27 +0000)]
Use atomic ops on the set of used segment registers

Each pmap sets a bit in usedsr to claim 16 unique VSIDs for its
segment registers. Use atomic_cas_uint to set this bit (checking that
the other cpu didn't steal it) and atomic_clearbits_int to clear it.
Stop using splvm.

ok miod@

21 months agohppa ld.so works with executable-only text (non-readable)
deraadt [Tue, 10 Jan 2023 21:22:39 +0000 (21:22 +0000)]
hppa ld.so works with executable-only text (non-readable)

21 months agooops, fix a bad edit in previous;
jmc [Tue, 10 Jan 2023 21:10:37 +0000 (21:10 +0000)]
oops, fix a bad edit in previous;

21 months agoFix device name in the MIDI control section
ratchov [Tue, 10 Jan 2023 20:48:34 +0000 (20:48 +0000)]
Fix device name in the MIDI control section

For MMC to work, the MIDI sequencer must send MMC to subdevices
registered with -tslave.

From Dirk-Wilhelm Peters <peters at schwertfisch.de>, thanks.

21 months agolike hppa, sparc64 will need gcc's jump tables option disabled to
deraadt [Tue, 10 Jan 2023 18:05:59 +0000 (18:05 +0000)]
like hppa, sparc64 will need gcc's jump tables option disabled to
allow execute-only binaries
ok miod

21 months agoIn pmap_bootstrap, when importing the PROM translations into the kernel pmap,
miod [Tue, 10 Jan 2023 17:38:10 +0000 (17:38 +0000)]
In pmap_bootstrap, when importing the PROM translations into the kernel pmap,
be sure to clear all software bits from the TTEs, for these bits will have
different meanings in OpenBSD.

Tested on a large set of sun4u and sun4v systems of different eras to not
cause any regression, should be safe enough.

21 months agoSwitch the luna88k boot loader to the MI boot code, to ease future maintainence
miod [Tue, 10 Jan 2023 17:10:57 +0000 (17:10 +0000)]
Switch the luna88k boot loader to the MI boot code, to ease future maintainence
of it. Crank version to 0.8.
ok aoyama@

21 months agoEnable the fine-grained fault type computation code added in 1.117 on all
miod [Tue, 10 Jan 2023 17:04:01 +0000 (17:04 +0000)]
Enable the fine-grained fault type computation code added in 1.117 on all
mips64 processors, not only Octeon; needed to cope with xonly mappings.

21 months agoSwitch to console before suspending in DUMBFB mode. Fixes frame buffer corruption
tobhe [Tue, 10 Jan 2023 16:33:18 +0000 (16:33 +0000)]
Switch to console before suspending in DUMBFB mode. Fixes frame buffer corruption
and a few other bugs/races after wakeup on Apple Silicon laptops and Lenovo x13s.

ok kettenis@ deraadt@

21 months agoAdd short options for --foreground and --preserve-status
job [Tue, 10 Jan 2023 14:19:12 +0000 (14:19 +0000)]
Add short options for --foreground and --preserve-status

Align with upcoming POSIX spec: https://www.austingroupbugs.net/view.php?id=1586

OK jmc@

21 months agoImprove timestamp printing in filemode
job [Tue, 10 Jan 2023 13:26:34 +0000 (13:26 +0000)]
Improve timestamp printing in filemode

OK claudio@

21 months agorhe -> the from Crystal Kolipe
tb [Tue, 10 Jan 2023 12:47:19 +0000 (12:47 +0000)]
rhe -> the from Crystal Kolipe

21 months agopurge unhooked wx_syscall files
anton [Tue, 10 Jan 2023 12:19:18 +0000 (12:19 +0000)]
purge unhooked wx_syscall files

21 months agoRetire wx_syscall regress tests, they have been failing since the
anton [Tue, 10 Jan 2023 12:17:00 +0000 (12:17 +0000)]
Retire wx_syscall regress tests, they have been failing since the
introduction of mimmutable(2) and also needs to cope with xonly on some
architectures by now. There's already the syscallwx target in
regress/usr.bin/lastcomm which does the same thing but also ensures that
the expected code path is reached by looking at accounting records.

21 months agodisable jump tables by default on hppa because they are incompatible
deraadt [Tue, 10 Jan 2023 12:07:34 +0000 (12:07 +0000)]
disable jump tables by default on hppa because they are incompatible
with --execute-only in the linker
ok kettenis

21 months agocreate infrastructure so that jump tables on/off can be tweaked by an
deraadt [Tue, 10 Jan 2023 12:06:18 +0000 (12:06 +0000)]
create infrastructure so that jump tables on/off can be tweaked by an
architecture by changing JUMP_TABLES_DEFAULT
ok kettenis

21 months agoThe uvm_swap_data_lock mutex can now be taken without holding the kernel
kettenis [Tue, 10 Jan 2023 11:18:47 +0000 (11:18 +0000)]
The uvm_swap_data_lock mutex can now be taken without holding the kernel
lock.  So it needs IPL_MPFLOOR to prevent lock ordering issues.

ok jca@

21 months agoRewrite BN_lshift()
jsing [Tue, 10 Jan 2023 04:13:22 +0000 (04:13 +0000)]
Rewrite BN_lshift()

This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time. Basic
benchmarking shows a performance gain on modern 64 bit architectures.

ok tb@

21 months agoHide WAITPKG cpu feature from vmm(4) guests.
dv [Tue, 10 Jan 2023 01:09:14 +0000 (01:09 +0000)]
Hide WAITPKG cpu feature from vmm(4) guests.

Alder Lake and similar-era Intel platforms introduced new userland
wait instructions. Since vmm was passing this cpuid bit into guests,
some would attempt TPAUSE instructions and trigger invalid instruction
exceptions because VMX requires additional configuration to support
emulation.

This also adds WAITPKG to i386 and amd64 cpu feature identification.

Input from anton@, cheloha@, and guenther@. Tested by jmatthew@.

OK deraadt.

21 months agoi386: identifycpu(): only calibrate_cyclecounter() on primary CPU
cheloha [Tue, 10 Jan 2023 01:01:18 +0000 (01:01 +0000)]
i386: identifycpu(): only calibrate_cyclecounter() on primary CPU

On i386 during identifycpu(), we call calibrate_cyclecounter() for every
CPU in the system.  This is pointless: every new call clobbers the cpuspeed
measured during the prior call.  It is also extremely slow: every call to
calibrate_cyclecounter() takes about 1 second.

Instead, let's only call calibrate_cyclecounter() once, on the primary CPU.
Multiprocessor i386 machines will now boot much faster.

ok deraadt@

21 months agoi386: identifycpu(): don't print cpuspeed after calibrate_cyclecounter()
cheloha [Tue, 10 Jan 2023 00:49:45 +0000 (00:49 +0000)]
i386: identifycpu(): don't print cpuspeed after calibrate_cyclecounter()

The cpuspeed set during calibrate_cyclecounter() is a bogomips measurement.
It isn't an authoritative (nominal) frequency, so we shouldn't print it out
when identifying each CPU.  As an added bonus, this also removes some noise
when diffing i386 dmesgs.

ok deraadt@

21 months agoChange the __canonicalize_funcptr_for_compare() implementation to stop
kettenis [Mon, 9 Jan 2023 21:18:47 +0000 (21:18 +0000)]
Change the __canonicalize_funcptr_for_compare() implementation to stop
trying to read a branch instruction and decode it to extract the address
of the ld.so resolver function.  Instead, directly execute that branch
instruction.

This is effectively a C runtime ABI change.  In order to cross this if
you are building from source, make sure you install an updated ld.so
first.

ok deraadt@

21 months agoSet the default for machdep.lidaction to 1 like on amd64.
kettenis [Mon, 9 Jan 2023 20:32:21 +0000 (20:32 +0000)]
Set the default for machdep.lidaction to 1 like on amd64.

ok tobhe@, deraadt@

21 months agoImplement suspend on lid close.
kettenis [Mon, 9 Jan 2023 20:29:35 +0000 (20:29 +0000)]
Implement suspend on lid close.

ok tobhe@, deraadt@

21 months agoGenerate the "combreloc" scripts for the new linker script template as well.
kettenis [Mon, 9 Jan 2023 18:58:13 +0000 (18:58 +0000)]
Generate the "combreloc" scripts for the new linker script template as well.

ok deraadt@

21 months agotweak text for USE_NOEXECONLY
sthen [Mon, 9 Jan 2023 17:41:03 +0000 (17:41 +0000)]
tweak text for USE_NOEXECONLY

21 months agodocument USE_NOEXECONLY
sthen [Mon, 9 Jan 2023 17:17:55 +0000 (17:17 +0000)]
document USE_NOEXECONLY

21 months agoshorten SYNOPSIS from three versions to two (me) then one (ratchov),
jmc [Mon, 9 Jan 2023 17:13:46 +0000 (17:13 +0000)]
shorten SYNOPSIS from three versions to two (me) then one (ratchov),
plus all the cleanup that goes with;

ok ratchov

21 months agoDIAGNOSTIC is redundant with KASSERT, remove it. From Crystal Kolipe.
nicm [Mon, 9 Jan 2023 15:49:36 +0000 (15:49 +0000)]
DIAGNOSTIC is redundant with KASSERT, remove it. From Crystal Kolipe.

ok guenther

21 months agoAllwinner hardware sucks! The ARM generic timer on the A64 has a bug
kettenis [Mon, 9 Jan 2023 15:22:53 +0000 (15:22 +0000)]
Allwinner hardware sucks!  The ARM generic timer on the A64 has a bug
where the bottom 9 bits of the counter register can't be trusted if any of
the higher bits are rolling over.  This is an unpublished errata so the
details aren't known.  Adopt the same workaround that Linux has.

This will disable the userland timecounter support on hardware affected
by the hardware.  We will need a similar workaround in libc to restore
that functionality.

tested by semarie@
ok cheloha@

21 months agoriscv64 ld.so is ready to be xonly
deraadt [Mon, 9 Jan 2023 15:05:49 +0000 (15:05 +0000)]
riscv64 ld.so is ready to be xonly
ok kettenis

21 months agoAdjust the hppa linker scripts to order .rodata (and other sections
kettenis [Mon, 9 Jan 2023 14:40:48 +0000 (14:40 +0000)]
Adjust the hppa linker scripts to order .rodata (and other sections
classified as read-only) before .text.  This makes it possible to make
.text execute-only as it no longer contains the ELF program headers.

This is achieved by forking the ELF linker script template.  Adding another
level of conditionals to the existing ELF linker script template would be
utter madness.

ok deraadt@

21 months agoImplement --execute-only (and turn --no-execute-only from a no-op into an
kettenis [Mon, 9 Jan 2023 14:36:38 +0000 (14:36 +0000)]
Implement --execute-only (and turn --no-execute-only from a no-op into an
options that does the opposite).

Note that this option is likely to be ineffective without changes to the
linker scripts.  A change that adjusts the hppa linker scripts will follow
shortly.  Other architectures will need some work.

ok deraadt@

21 months agoWhoa, that clean target is insane. If someone does a make build,
deraadt [Mon, 9 Jan 2023 14:14:26 +0000 (14:14 +0000)]
Whoa, that clean target is insane.  If someone does a make build,
pf gets disabled.  Comment it out, that will need to be rethought.

21 months agoFix behaviour with \007 (used the wrong tree for last change).
nicm [Mon, 9 Jan 2023 14:12:41 +0000 (14:12 +0000)]
Fix behaviour with \007 (used the wrong tree for last change).

21 months agoRewrite the hppa assembly code to avoid reads from .text, by using the
kettenis [Mon, 9 Jan 2023 13:52:42 +0000 (13:52 +0000)]
Rewrite the hppa assembly code to avoid reads from .text, by using the
standard PIC magic.  This makes the code similar to what we already use
for rcrt0.o.  This makes it ready for execute-only.

Build C code using -fno-jump-tables to make it ready for execute-only.

ok deraadt@, miod@

21 months agoIn preparation for upcoming execute-only support, change the magic branch
kettenis [Mon, 9 Jan 2023 13:45:55 +0000 (13:45 +0000)]
In preparation for upcoming execute-only support, change the magic branch
instruction used by __canonicalize_funcptr_for_compare() from "bl" into "b".
This allows __canonicalize_funcptr_for_compare() to execute the branch
instead of decoding the instruction to find the address of _dl_bind().

This is the first step in the transition to a new ABI.  Once an updated
ld.so has been installed, we can change __canonicalize_funcptr_for_compare()
(which lives in libgcc) and rebuild everything with a new libgcc.  Only
then we can actually make ld.so executable-only.

ok deraadt@, miod@

21 months agoFix the syscallwx target which is affected by both mimmutable(2) and
anton [Mon, 9 Jan 2023 11:50:01 +0000 (11:50 +0000)]
Fix the syscallwx target which is affected by both mimmutable(2) and
xonly by using a new gadget routine written in assembler with the sole
purpose of issuing a syscall. Since it needs to be copied to wx memory,
place it in the rodata section.

21 months agoUse PROT_EXEC when servicing instruction faults.
miod [Mon, 9 Jan 2023 11:18:44 +0000 (11:18 +0000)]
Use PROT_EXEC when servicing instruction faults.
ok aoyama@

21 months agoyet another set of regression tests for pf(4). Unlike tests
sashan [Mon, 9 Jan 2023 10:21:40 +0000 (10:21 +0000)]
yet another set of regression tests for pf(4). Unlike tests
found in pf_forward the tests in pf_policy use local bound
traffic to provide simple testing of various pf features.
The initial commit brings few tests using icmp echo to
test anchor rules.

anton@ helped a lot to improve pf_policy/Makefile

OK anton@

21 months agoAccept \007 as terminator to OSC 10 or 11.
nicm [Mon, 9 Jan 2023 07:57:14 +0000 (07:57 +0000)]
Accept \007 as terminator to OSC 10 or 11.

21 months agoCorrect length of replies to primary and secondary DAs so as not to send
nicm [Mon, 9 Jan 2023 07:48:12 +0000 (07:48 +0000)]
Correct length of replies to primary and secondary DAs so as not to send
a stray trailing NUL byte. From Crystal Kolipe.

ok deraadt miod

21 months agoSanitize the inherited environment by removing LC_ALL, missed in previous.
anton [Mon, 9 Jan 2023 06:34:02 +0000 (06:34 +0000)]
Sanitize the inherited environment by removing LC_ALL, missed in previous.

21 months agoHandle possible PROT_EXEC fault if PROT_READ fails; needed to cope with
miod [Mon, 9 Jan 2023 06:04:14 +0000 (06:04 +0000)]
Handle possible PROT_EXEC fault if PROT_READ fails; needed to cope with
kern_exec.c 1.241

21 months agodrm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics
jsg [Mon, 9 Jan 2023 04:32:29 +0000 (04:32 +0000)]
drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics

From Evan Quan
54b6a040f38075711751c61b2300a8ce7cb1741f in linux-6.1.y/6.1.4
e73fc71e8f015d61f3adca7659cb209fd5117aa5 in mainline linux

21 months agodrm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34
jsg [Mon, 9 Jan 2023 04:30:22 +0000 (04:30 +0000)]
drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34

From Evan Quan
0b865bcd7a084e9cbf171ad3b240bf40058fd985 in linux-6.1.y/6.1.4
272b981416f8be0180c4d8066f90635fa7c1c501 in mainline linux

21 months agodrm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping
jsg [Mon, 9 Jan 2023 04:28:04 +0000 (04:28 +0000)]
drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping

From Evan Quan
789c4804d7aed7094845da4a0ebf7099a503f8ba in linux-6.1.y/6.1.4
e0607c10ebf551a654c3577fc74b4bf5533e1cea in mainline linux

21 months agodrm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping
jsg [Mon, 9 Jan 2023 04:26:30 +0000 (04:26 +0000)]
drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping

From Evan Quan
1cfd678e2f070fd2f005dc6e12c180ff1a1b5843 in linux-6.1.y/6.1.4
592cd24a08763975c75be850a7d4e461bfd353bf in mainline linux