kettenis [Mon, 9 Jan 2023 14:36:38 +0000 (14:36 +0000)]
Implement --execute-only (and turn --no-execute-only from a no-op into an
options that does the opposite).
Note that this option is likely to be ineffective without changes to the
linker scripts. A change that adjusts the hppa linker scripts will follow
shortly. Other architectures will need some work.
ok deraadt@
deraadt [Mon, 9 Jan 2023 14:14:26 +0000 (14:14 +0000)]
Whoa, that clean target is insane. If someone does a make build,
pf gets disabled. Comment it out, that will need to be rethought.
nicm [Mon, 9 Jan 2023 14:12:41 +0000 (14:12 +0000)]
Fix behaviour with \007 (used the wrong tree for last change).
kettenis [Mon, 9 Jan 2023 13:52:42 +0000 (13:52 +0000)]
Rewrite the hppa assembly code to avoid reads from .text, by using the
standard PIC magic. This makes the code similar to what we already use
for rcrt0.o. This makes it ready for execute-only.
Build C code using -fno-jump-tables to make it ready for execute-only.
ok deraadt@, miod@
kettenis [Mon, 9 Jan 2023 13:45:55 +0000 (13:45 +0000)]
In preparation for upcoming execute-only support, change the magic branch
instruction used by __canonicalize_funcptr_for_compare() from "bl" into "b".
This allows __canonicalize_funcptr_for_compare() to execute the branch
instead of decoding the instruction to find the address of _dl_bind().
This is the first step in the transition to a new ABI. Once an updated
ld.so has been installed, we can change __canonicalize_funcptr_for_compare()
(which lives in libgcc) and rebuild everything with a new libgcc. Only
then we can actually make ld.so executable-only.
ok deraadt@, miod@
anton [Mon, 9 Jan 2023 11:50:01 +0000 (11:50 +0000)]
Fix the syscallwx target which is affected by both mimmutable(2) and
xonly by using a new gadget routine written in assembler with the sole
purpose of issuing a syscall. Since it needs to be copied to wx memory,
place it in the rodata section.
miod [Mon, 9 Jan 2023 11:18:44 +0000 (11:18 +0000)]
Use PROT_EXEC when servicing instruction faults.
ok aoyama@
sashan [Mon, 9 Jan 2023 10:21:40 +0000 (10:21 +0000)]
yet another set of regression tests for pf(4). Unlike tests
found in pf_forward the tests in pf_policy use local bound
traffic to provide simple testing of various pf features.
The initial commit brings few tests using icmp echo to
test anchor rules.
anton@ helped a lot to improve pf_policy/Makefile
OK anton@
nicm [Mon, 9 Jan 2023 07:57:14 +0000 (07:57 +0000)]
Accept \007 as terminator to OSC 10 or 11.
nicm [Mon, 9 Jan 2023 07:48:12 +0000 (07:48 +0000)]
Correct length of replies to primary and secondary DAs so as not to send
a stray trailing NUL byte. From Crystal Kolipe.
ok deraadt miod
anton [Mon, 9 Jan 2023 06:34:02 +0000 (06:34 +0000)]
Sanitize the inherited environment by removing LC_ALL, missed in previous.
miod [Mon, 9 Jan 2023 06:04:14 +0000 (06:04 +0000)]
Handle possible PROT_EXEC fault if PROT_READ fails; needed to cope with
kern_exec.c 1.241
jsg [Mon, 9 Jan 2023 04:32:29 +0000 (04:32 +0000)]
drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics
From Evan Quan
54b6a040f38075711751c61b2300a8ce7cb1741f in linux-6.1.y/6.1.4
e73fc71e8f015d61f3adca7659cb209fd5117aa5 in mainline linux
jsg [Mon, 9 Jan 2023 04:30:22 +0000 (04:30 +0000)]
drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34
From Evan Quan
0b865bcd7a084e9cbf171ad3b240bf40058fd985 in linux-6.1.y/6.1.4
272b981416f8be0180c4d8066f90635fa7c1c501 in mainline linux
jsg [Mon, 9 Jan 2023 04:28:04 +0000 (04:28 +0000)]
drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping
From Evan Quan
789c4804d7aed7094845da4a0ebf7099a503f8ba in linux-6.1.y/6.1.4
e0607c10ebf551a654c3577fc74b4bf5533e1cea in mainline linux
jsg [Mon, 9 Jan 2023 04:26:30 +0000 (04:26 +0000)]
drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping
From Evan Quan
1cfd678e2f070fd2f005dc6e12c180ff1a1b5843 in linux-6.1.y/6.1.4
592cd24a08763975c75be850a7d4e461bfd353bf in mainline linux
jsg [Mon, 9 Jan 2023 04:24:23 +0000 (04:24 +0000)]
drm/i915/migrate: Account for the reserved_space
From Chris Wilson
6e6d577cd90b27a98ce9f06ed96bca7b59d210f0 in linux-6.1.y/6.1.4
31a2e6cbe8a4eb0d1650fff4b77872b744e14a62 in mainline linux
jsg [Mon, 9 Jan 2023 04:22:46 +0000 (04:22 +0000)]
drm/i915: improve the catch-all evict to handle lock contention
From Matthew Auld
ea62bd769994d6f18bd265cc156e6182a288c880 in linux-6.1.y/6.1.4
3f882f2d4f689627c1566c2c92087bc3ff734953 in mainline linux
jsg [Mon, 9 Jan 2023 04:19:25 +0000 (04:19 +0000)]
drm/amdgpu: make display pinning more flexible (v2)
From Alex Deucher
52beaa0938ad33f3ee848c22935af967e3cce005 in linux-6.1.y/6.1.4
81d0bcf9900932633d270d5bc4a54ff599c6ebdb in mainline linux
jsg [Mon, 9 Jan 2023 04:17:50 +0000 (04:17 +0000)]
drm/amdgpu: handle polaris10/11 overlap asics (v2)
From Alex Deucher
9724e6950ef902abd6abc5b5dfacca4b5125ba75 in linux-6.1.y/6.1.4
1d4624cd72b912b2680c08d0be48338a1629a858 in mainline linux
jsg [Mon, 9 Jan 2023 04:15:53 +0000 (04:15 +0000)]
drm/amd/display: Add DCN314 display SG Support
From Yifan Zhang
3038224f5617bb4628170b29661645138f884292 in linux-6.1.y/6.1.4
fe6872adb05e85bde38f2cdec01a0f4cfb826998 in mainline linux
jsg [Mon, 9 Jan 2023 04:13:33 +0000 (04:13 +0000)]
drm/i915/ttm: consider CCS for backup objects
From Matthew Auld
218f8fe668240f2ec95dcb000f61904dcdc83271 in linux-6.1.y/6.1.4
ad0fca2dceeab8fdd8e1135f4b4ef2dc46c2ead9 in mainline linux
jsg [Mon, 9 Jan 2023 04:11:31 +0000 (04:11 +0000)]
drm/i915/dsi: fix VBT send packet port selection for dual link DSI
From Mikko Kovanen
556a7e74af59048bf73777b25395cf90be9b377f in linux-6.1.y/6.1.4
f9cdf4130671d767071607d0a7568c9bd36a68d0 in mainline linux
jsg [Mon, 9 Jan 2023 04:09:22 +0000 (04:09 +0000)]
drm/connector: send hotplug uevent on connector cleanup
From Simon Ser
d988f0bcf579b4bcb0b7aba217a882ec150bcc2a in linux-6.1.y/6.1.4
6fdc2d490ea1369d17afd7e6eb66fecc5b7209bc in mainline linux
jsg [Mon, 9 Jan 2023 04:07:06 +0000 (04:07 +0000)]
drm/amdgpu: fix mmhub register base coding error
From Yang Wang
51c107f91bf1d49fdd1538e46770e6f146f40267 in linux-6.1.y/6.1.4
347fafe0eb46df941965c355c77ce480e4d49f1f in mainline linux
jsg [Mon, 9 Jan 2023 04:04:57 +0000 (04:04 +0000)]
drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings
From Evan Quan
ed00567b170fc461d8755003e5cf4e0b008aff90 in linux-6.1.y/6.1.4
32a7819ff8e25375c7515aaae5cfcb8c44a461b7 in mainline linux
jsg [Mon, 9 Jan 2023 04:03:10 +0000 (04:03 +0000)]
drm/amd/pm: update SMU13.0.0 reported maximum shader clock
From Evan Quan
9d455cb89dc576f752beebcadc823511882fb321 in linux-6.1.y/6.1.4
7a18e089eff02f17eaee49fc18641f5d16a8284b in mainline linux
jsg [Mon, 9 Jan 2023 04:01:17 +0000 (04:01 +0000)]
drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0
From Tim Huang
a354a9e3fc3b5475b80395a3015644e26352223f in linux-6.1.y/6.1.4
8660495a9c5b9afeec4cc006b3b75178f0fb2f10 in mainline linux
jsg [Mon, 9 Jan 2023 03:59:28 +0000 (03:59 +0000)]
drm/amdgpu: skip MES for S0ix as well since it's part of GFX
From Alex Deucher
33a3b7fad8273e7bcbef0f456c2070be8adcad45 in linux-6.1.y/6.1.4
afa6646b1c5d3affd541f76bd7476e4b835a9174 in mainline linux
dlg [Mon, 9 Jan 2023 03:39:14 +0000 (03:39 +0000)]
flesh out ifiq_enqueue
dlg [Mon, 9 Jan 2023 03:37:44 +0000 (03:37 +0000)]
count the number times a packet was dropped by bpf as fdrops.
guenther [Mon, 9 Jan 2023 02:12:13 +0000 (02:12 +0000)]
setthrname() should return EINVAL, not ENAMETOOLONG, when the
input is too long.
ok mpi@
jsg [Mon, 9 Jan 2023 00:56:36 +0000 (00:56 +0000)]
disklabel appeared in tahoe
ok krw@
daniel [Mon, 9 Jan 2023 00:22:47 +0000 (00:22 +0000)]
restore NetBSD RCS ID
Looks like this was removed in rev 1.85 without comment (which may have
been unintentional).
ok stsp@
nicm [Sun, 8 Jan 2023 23:34:46 +0000 (23:34 +0000)]
Fix parsing of optional arguments so that and accept a - starting an
argument.
nicm [Sun, 8 Jan 2023 22:17:04 +0000 (22:17 +0000)]
Have client return 1 if process is interrupted to an input pane.
nicm [Sun, 8 Jan 2023 22:15:30 +0000 (22:15 +0000)]
Restore code to handle wcwidth failure so that unknown codepoints still
do the most likely right thing. GitHub issue 3427, patch based on an
diff from Jesse Luehrs in GitHub issue 3003.
nicm [Sun, 8 Jan 2023 21:00:01 +0000 (21:00 +0000)]
Quotes are now required in select-layout example.
dv [Sun, 8 Jan 2023 19:57:17 +0000 (19:57 +0000)]
vmd(8): add thread names to vm process.
ok guenther@.
deraadt [Sun, 8 Jan 2023 18:02:56 +0000 (18:02 +0000)]
sync
mvs [Sun, 8 Jan 2023 10:26:36 +0000 (10:26 +0000)]
Use NULL instead 0 for pointer initialization.
jmc [Sun, 8 Jan 2023 08:27:17 +0000 (08:27 +0000)]
- tweak the text relating to -w
- sync usage() and SYNOPSIS
ok ratchov
ratchov [Sun, 8 Jan 2023 06:58:07 +0000 (06:58 +0000)]
Add -w option to display variables periodically
The purpose of -w is to monitor underruns without triggering long
kernel code-paths (ex. fork and exec of new audioctl process) that may
cause additional underruns than the ones being monitored.
ok chehola, edd
anton [Sun, 8 Jan 2023 06:56:01 +0000 (06:56 +0000)]
Due to xonly on arm64 it is no longer possible to read the testfly routine.
Put it in the rodata section allowing it to be copied. Note that testfly is
never executed directly but only after placing it in a separate chunk of memory
allowing its permissions to be mutated.
anton [Sun, 8 Jan 2023 06:55:18 +0000 (06:55 +0000)]
cope with recent thread name changes
anton [Sun, 8 Jan 2023 06:54:51 +0000 (06:54 +0000)]
Rename argument funcidx_swid to func_idx as it does not include any software id.
No functional change.
guenther [Sun, 8 Jan 2023 04:54:50 +0000 (04:54 +0000)]
Add getthrname(2) manpage
ok jmc@ schwarze@
deraadt [Sat, 7 Jan 2023 19:56:38 +0000 (19:56 +0000)]
sync
miod [Sat, 7 Jan 2023 17:29:37 +0000 (17:29 +0000)]
Bring back a local copystr() declaration, as copy{in,out} still make us of it
but its body is in locore.
jsing [Sat, 7 Jan 2023 16:17:29 +0000 (16:17 +0000)]
Rewrite/simplify BN_free().
ok tb@
jsing [Sat, 7 Jan 2023 16:13:46 +0000 (16:13 +0000)]
Flip BN_clear_free() and BN_free()
All of our BIGNUMs are cleared when we free them - move the code to
BN_free() and have BN_clear_free() call BN_free(), rather than the other
way around.
ok tb@
jsing [Sat, 7 Jan 2023 16:09:18 +0000 (16:09 +0000)]
Use calloc() in BN_new(), rather than malloc() and then manually zeroing.
ok tb@
deraadt [Sat, 7 Jan 2023 16:01:58 +0000 (16:01 +0000)]
accept --executable-only on aarch64, riscv64, and mips64 because the
linker is creating correct binaries. There can also be problems with
compilers generating incorrect data-inside-text, but those (so far minor)
issues are being resolved seperately.
ok kettenis
deraadt [Sat, 7 Jan 2023 15:20:27 +0000 (15:20 +0000)]
sync
jsing [Sat, 7 Jan 2023 14:30:57 +0000 (14:30 +0000)]
Fix previous.
stsp [Sat, 7 Jan 2023 12:34:29 +0000 (12:34 +0000)]
fix firmware filename typo in iwx(4) man page: ao -> a0
stsp [Sat, 7 Jan 2023 11:09:16 +0000 (11:09 +0000)]
Make net80211 drop beacons received on secondary HT/VHT channels.
Prevents iwm firmware panics and makes association work with 11ac APs
which transmit beacons on channels other than their primary channel.
We would use the wrong channel in such cases, and iwm would request
a bogus channel configuration, which made the firmware unhappy.
Tested by myself on iwm 8265 and florian on iwm 9260.
This issue did likely affect iwx devices, too.
ok mpi@
kettenis [Sat, 7 Jan 2023 10:09:34 +0000 (10:09 +0000)]
The PA-RISC architecture supports execute-only mappings by using a
"remain at privilege level 3" gateway page. Make use of this.
ok deraadt@, miod@
asou [Sat, 7 Jan 2023 06:40:21 +0000 (06:40 +0000)]
The maximum length of the value is extended to 64k bytes.
ok yasuoka
guenther [Sat, 7 Jan 2023 05:26:40 +0000 (05:26 +0000)]
Add argument and return support for {get,set}thrname()
guenther [Sat, 7 Jan 2023 05:25:39 +0000 (05:25 +0000)]
regen
guenther [Sat, 7 Jan 2023 05:24:58 +0000 (05:24 +0000)]
Add {get,set}thrname(2) for putting thread names in the kernel and
exposed in a new field returned by sysctl(KERN_PROC). Update
pthread_{get,set}_name_np(3) to use the syscalls. Show them, when
set, in ps -H and top -H output.
libc and libpthread minor bumps
ok mpi@, mvs@, deraadt@
tb [Fri, 6 Jan 2023 19:25:20 +0000 (19:25 +0000)]
tlsfuzzer: hook up new connection abort tests while skipping the NST
tests for TLSv1.3 since that's not currently handled.
miod [Fri, 6 Jan 2023 19:23:53 +0000 (19:23 +0000)]
Use copyin32() to fetch a faulting instruction rather than short-circuit it
with a comment saying that we really ought to use copyin* here.
miod [Fri, 6 Jan 2023 19:12:12 +0000 (19:12 +0000)]
Oops, forgot to cvs rm
miod [Fri, 6 Jan 2023 19:10:18 +0000 (19:10 +0000)]
Remove copystr(9), unless used internally by copy{in,out}str.
miod [Fri, 6 Jan 2023 19:08:36 +0000 (19:08 +0000)]
Replace last user of copystr() with strlcpy(). NFCI
miod [Fri, 6 Jan 2023 19:07:17 +0000 (19:07 +0000)]
Remove no longer needed and quite worthless header.
miod [Fri, 6 Jan 2023 19:05:46 +0000 (19:05 +0000)]
Remove unused local variables as well as the dependency on <machine/nvm.h>.
sashan [Fri, 6 Jan 2023 17:44:33 +0000 (17:44 +0000)]
PF_ANCHOR_STACK_MAX is insufficient protection against stack overflow.
On amd64 stack overflows for anchor rule with depth ~30. The tricky
thing is the 'safe' depth varies depending on kind of packet processed
by pf_match_rule(). For example for local outbound TCP packet stack
overflows when recursion if pf_match_rule() reaches depth 24.
Instead of lowering PF_ANCHOR_STACK_MAX to 20 and hoping it will
be enough on all platforms and for all packets I'd like to stop
calling pf_match_rule() recursively. This commit brings back
pf_anchor_stackframe array we used to have back in 2017. It also
revives patrick@'s idea to pre-allocate stack frame arrays
from per-cpu.
OK kn@
claudio [Fri, 6 Jan 2023 16:06:43 +0000 (16:06 +0000)]
Rework the main <-> parser/filemode communication protocol a bit.
Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.
OK tb@
kn [Fri, 6 Jan 2023 14:35:34 +0000 (14:35 +0000)]
Clean up struct nd_opts, use nd6_options() function local variables
nd_opts_search is really the next option, so call it next_opt.
nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle,
so zap the former and use the latter to stop.
Finally drop the useless struct members, all under _KERNEL.
OK claudio
kn [Fri, 6 Jan 2023 14:32:55 +0000 (14:32 +0000)]
Inline nd6_option() helper, remove indirections
Move the function body into the while loop, merge identical variables,
pull the `invalid' label out of the loop and straighten `skip' into the
`skip1' label.
Merging nd6_option() into nd6_options() is now much clearer after the
previous clean up.
nd_opts_{search,last,done} are now clearly "private" to n6_options() and
can be cleaned up from struct nd_opts next.
OK claudio
kn [Fri, 6 Jan 2023 14:29:47 +0000 (14:29 +0000)]
Clarify nd6_option() return semantics
nd_opts_last is set only once in nd6_options() during struct init and
guaranteed non-NULL as it is set to the function's argument *opt which
is passed in as (struct_ptr + 1) in both callers.
nd6_option(), the internal helper, returns a pointer to the next option
or NULL, which means either "no option, ok" or "invalid option, fail".
Failure is signaled through nd_opts_last being NULL after nd6_option()
returned, which only happens if nd6_option() zeroed the whole *ndopts.
Move the two cases under mnemonic labels and zap the now obviously
redundant bzero() call in nd6_options().
OK claudio
kn [Fri, 6 Jan 2023 14:24:36 +0000 (14:24 +0000)]
Simplify nd6_options() initialise logic
nd_opts_{search,last,done} are exlusively used in the internal option
handling machinery; the only two nd6_options() callers only use
nd_opts_{src,tgt}_lladdr.
nd6_options() always zeroes and initialises the caller's struct nd_opts.
If icmp6len is zero, i.e. if there are no ICMP6 header options left,
everything inside *ndopts is zero, except nd_opts_done=1 which is not
used by the callers.
Set the internal nd_opts_{search,last,done} members only when needed.
OK claudio
kn [Fri, 6 Jan 2023 14:17:15 +0000 (14:17 +0000)]
Merge common code into new nd6_dad_destroy()
The current code wrt. stopping DAD for and removing a particular IP from
the list is flawed.
Introduce a single nd6_dad_destroy() to the cleanup, so that there's
only one place to fix.
This is just a mechanical deduplication without significant behaviour
change; in case a duplicated address was found, RTM_CHGADDRATTR now goes
out before cleanup, which should be no problem.
The nd6_dad_create() pendant could be done as well, but the end of
nd6_dad_start() is currently the only place where a new IP/DAD entry is
set up, so little gain besides function name symmetry.
OK claudio
tb [Fri, 6 Jan 2023 13:26:57 +0000 (13:26 +0000)]
sync with rpki-client 'more dastardly white spaces' commit
deraadt [Fri, 6 Jan 2023 13:22:00 +0000 (13:22 +0000)]
more dastardly white spaces
tb [Fri, 6 Jan 2023 13:19:43 +0000 (13:19 +0000)]
Zap trailing tabs
dtucker [Fri, 6 Jan 2023 12:33:33 +0000 (12:33 +0000)]
When OpenSSL is not available, skip parts of percent test that require it.
Based on github pr#368 from ren mingshuai.
dtucker [Fri, 6 Jan 2023 08:50:33 +0000 (08:50 +0000)]
Save debug logs from ssh for debugging purposes.
jmc [Fri, 6 Jan 2023 08:44:11 +0000 (08:44 +0000)]
tweak previous; ok djm
djm [Fri, 6 Jan 2023 08:07:39 +0000 (08:07 +0000)]
regression test for ChannelTimeout
djm [Fri, 6 Jan 2023 07:18:18 +0000 (07:18 +0000)]
fix typo in verbose logging
nicm [Fri, 6 Jan 2023 07:09:27 +0000 (07:09 +0000)]
If a pane is killed, cancel reading from the file. GitHub issue 3422.
djm [Fri, 6 Jan 2023 02:59:50 +0000 (02:59 +0000)]
unit tests for misc.c:ptimeout_* API
djm [Fri, 6 Jan 2023 02:47:18 +0000 (02:47 +0000)]
Implement channel inactivity timeouts
This adds a sshd_config ChannelTimeouts directive that allows channels that
have not seen traffic in a configurable interval to be automatically closed.
Different timeouts may be applied to session, X11, agent and TCP forwarding
channels.
Note: this only affects channels over an opened SSH connection and not
the connection itself. Most clients close the connection when their channels
go away, with a notable exception being ssh(1) in multiplexing mode.
ok markus dtucker
djm [Fri, 6 Jan 2023 02:42:34 +0000 (02:42 +0000)]
Add channel_set_xtype()
This sets an "extended" channel type after channel creation (e.g.
"session:subsystem:sftp") that will be used for setting channel inactivity
timeouts.
ok markus dtucker
djm [Fri, 6 Jan 2023 02:41:49 +0000 (02:41 +0000)]
tweak channel ctype names
These are now used by sshd_config:ChannelTimeouts to specify timeouts by
channel type, so force them all to use a similar format without whitespace.
ok dtucker markus
djm [Fri, 6 Jan 2023 02:39:59 +0000 (02:39 +0000)]
Add channel_force_close()
This will forcibly close an open channel by simulating read/write errors,
draining the IO buffers and calling the detach function.
Previously the detach function was only ever called during channel garbage
collection, but there was no way to signal the user of a channel (e.g.
session.c) that its channel was being closed deliberately (vs. by the
usual state-machine logic). So this adds an extra "force" argument to the
channel cleanup callback to indicate this condition.
ok markus dtucker
djm [Fri, 6 Jan 2023 02:38:23 +0000 (02:38 +0000)]
replace manual poll/ppoll timeout math with ptimeout API
feedback markus / ok markus dtucker
djm [Fri, 6 Jan 2023 02:37:04 +0000 (02:37 +0000)]
add ptimeout API for keeping track of poll/ppoll timeouts;
ok dtucker markus
dlg [Thu, 5 Jan 2023 23:44:35 +0000 (23:44 +0000)]
more consistently name pf_state * variables "st".
pf_state ** are generally called "stp" now too.
discussed with and ok sashan@
deraadt [Thu, 5 Jan 2023 22:17:43 +0000 (22:17 +0000)]
do not blow up if NOMAN is set
deraadt [Thu, 5 Jan 2023 21:39:57 +0000 (21:39 +0000)]
after a few trap.c were fixed to fault with the right access, the
signal trampoline can now be PROT_EXEC (without PROT_READ) everywhere
ok kettenis
kettenis [Thu, 5 Jan 2023 20:35:44 +0000 (20:35 +0000)]
The access type for a prefetch abort should not include PROT_READ,
otherwise faults on executable pages mapped only as PROT_EXEC will
not work.
ok deraadt@
kettenis [Thu, 5 Jan 2023 18:55:04 +0000 (18:55 +0000)]
Add a dummy --no-execute-only option for compatibility with ld.lld.
This will allow ports people to sprinkle -Wl,--no-execute-only across the
ports tree when necessary without having to distinguish between ld.bfd and
ld.lld arcitectures.
ok deraadt@, sthen@
sashan [Thu, 5 Jan 2023 10:06:58 +0000 (10:06 +0000)]
pfctl fails to add addresses to undefined/inactive table
pfr_add_tables() function must set PFR_TFLAG_ACTIVE flag
to table which is attached to rule. This will then allow
pfr_add_addrs() to populate the table with addresses.
without this pair of pfctl(8) commands fails as follows:
# echo 'pass from <foo> to any' |pfctl -f -
# pfctl -t foo -T add 192.168.1.0/24
pfctl: Table does not exist
OK mbuhl@
djm [Thu, 5 Jan 2023 05:49:13 +0000 (05:49 +0000)]
suppress "Connection closed" message when in quiet mode
jsing [Thu, 5 Jan 2023 04:51:13 +0000 (04:51 +0000)]
Rewrite BN_rshift()
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time.
Basic benchmarking shows a performance gain on modern 64 bit architectures,
while there is a decrease on legacy 32 bit architectures (i386),
particularly for the zero bit shift case (which is now handled in the
same code path).
ok tb@