openbsd
2 years agoPrepare to provide OPENSSL_cleanup.
jsing [Sat, 3 Sep 2022 17:47:47 +0000 (17:47 +0000)]
Prepare to provide OPENSSL_cleanup.

OPENSSL_cleanup() cleans up and deallocates memory in use by the library.
There are a couple of use cases for this, primarily related to memory
leak testing. This will not be called automatically in LibreSSL, which
means that OpenSSL's OPENSSL_NO_INIT_ATEXIT is implied. If code wants to
clean up then they need to explicitly call this themselves.

ok tb@

2 years agoNew test coverage for RC4
tb [Sat, 3 Sep 2022 17:43:14 +0000 (17:43 +0000)]
New test coverage for RC4

From Joshua Sing

2 years agoStop using CBIGNUM_it internal to libcrypto.
jsing [Sat, 3 Sep 2022 16:01:23 +0000 (16:01 +0000)]
Stop using CBIGNUM_it internal to libcrypto.

CBIGNUM_it is supposed to be the "clear bignum" or "secure" bignum - that
is one which zeros its memory after use and ensures that the constant time
flags are set... in LibreSSL we always do both of these things for BIGNUMs,
so just use BIGNUM_it instead.

ok tb@

2 years ago- rework the -f text to read better; ok job
jmc [Sat, 3 Sep 2022 15:59:04 +0000 (15:59 +0000)]
- rework the -f text to read better; ok job
- while here, wrap a long line

2 years agoRemove -lncurses from LDADD. It is not used. Also add DPADD line.
claudio [Sat, 3 Sep 2022 15:58:40 +0000 (15:58 +0000)]
Remove -lncurses from LDADD. It is not used. Also add DPADD line.
OK deraadt@

2 years agoAllow ikbd(4) to become the console keyboard.
kettenis [Sat, 3 Sep 2022 15:48:16 +0000 (15:48 +0000)]
Allow ikbd(4) to become the console keyboard.

ok miod@

2 years agoFix passing explicit stage files
kn [Sat, 3 Sep 2022 15:46:20 +0000 (15:46 +0000)]
Fix passing explicit stage files

Every platform ought to set `stages', `stage1' and optionally `stage2'
in md_init(), otherwise passing explicit files results won't work as
`stages' is zero-initialised and no default path is set:

# installboot -nv wd0 ./ofwboot
usage: installboot [-nv] [-r root] disk [stage1]
installboot [-nv] -p disk

This is correct synopsis and ought to work, but macppc_installboot.c
(others, too) has an empty md_init().  Set stage bits to fix this:

# ./obj/installboot -nv wd0 ./ofwboot
Using / as root
would install bootstrap on /dev/rwd0c
using first-stage ./ofwboot
would copy ./ofwboot to /tmp/installboot.Ymmm6QU8OJ/ofwboot

Using `stage1' leads to a bit more cleanup since early MI installboot.c
handles `-r', i.e. write_filesystem() no longer has needs to do the
fileprefix() dance itself.

This makes regress/usr.sbin/installboot pass on macppc (while being lucky
or carrying miod's fix for the kernel disklabel race manifesting on vnd).

OK gkoehler

2 years agoAllow suspend with root on sdmmc(4).
kettenis [Sat, 3 Sep 2022 15:29:43 +0000 (15:29 +0000)]
Allow suspend with root on sdmmc(4).

ok deraadt@

2 years agoClarify warning
job [Sat, 3 Sep 2022 15:13:44 +0000 (15:13 +0000)]
Clarify warning

2 years agoWhen divert-reply is used, keep some pf states after pcb is dropped if
yasuoka [Sat, 3 Sep 2022 14:57:54 +0000 (14:57 +0000)]
When divert-reply is used, keep some pf states after pcb is dropped if
its local address is translated, to prevent its source port from being
reused.  regress test by blumn.

ok blumn

2 years agoDon't doublecheck whether the RSC eContent Resourceblock contains inherit elements
job [Sat, 3 Sep 2022 14:41:47 +0000 (14:41 +0000)]
Don't doublecheck whether the RSC eContent Resourceblock contains inherit elements

The RSC ASN.1 templates make it impossible to pass an RFC3779-style inherit option
because of the use of ConstrainedIPAddressFamily and ConstrainedASIdentifiers.

OK tb@

2 years agoIntroduce x509_any_inherit() for objects which may not have inherit elements
job [Sat, 3 Sep 2022 14:40:09 +0000 (14:40 +0000)]
Introduce x509_any_inherit() for objects which may not have inherit elements

Unify conformance checking of Trust Anchors, ROAs, ASPAs, RSCs - none of which
may have any 'inherit' elements in the RFC 3779 IP/AS Resources extension of
the X509 certificate.

OK tb@

2 years agoAdd a new keyword to template files, 'raid', to allow the auto
krw [Sat, 3 Sep 2022 13:59:25 +0000 (13:59 +0000)]
Add a new keyword to template files, 'raid', to allow the auto
allocation of RAID partitions.

Make both 'raid' and 'swap' keywords case insensitive.

Suggested by kn@

ok kn@ miod@

2 years agoAdd the repoid of the cert in the cert struct. This way it is possible
claudio [Sat, 3 Sep 2022 13:30:27 +0000 (13:30 +0000)]
Add the repoid of the cert in the cert struct. This way it is possible
to track the parent repository id of a publication point.
Nomenclature is confusing but not much we can do here.
OK tb@ job@

2 years agoFix socket splicing between inet and inet6 sockets broken by PRU_CONTROL
mvs [Sat, 3 Sep 2022 13:29:33 +0000 (13:29 +0000)]
Fix socket splicing between inet and inet6 sockets broken by PRU_CONTROL
request splitting to (*pru_control)().

ok bluhm@

2 years agoAllow multiple X.509 locations
tb [Sat, 3 Sep 2022 13:06:15 +0000 (13:06 +0000)]
Allow multiple X.509 locations

While currently everyone only uses a single location, the spec allows for
multiple locations ordered by preference. While rpki-client does not
support more than one location this should not be a fatal error. Instead,
pick the first location and warn if there are more than one.

ok job

2 years agoMove non-inheritance check for BGPsec certs into cert_parse_pre()
tb [Sat, 3 Sep 2022 13:01:43 +0000 (13:01 +0000)]
Move non-inheritance check for BGPsec certs into cert_parse_pre()

ok claudio job (as part of a larger diff)

2 years agoregen
mbuhl [Sat, 3 Sep 2022 12:35:29 +0000 (12:35 +0000)]
regen

2 years agoadd the sendmmsg syscall that allows sending multiple msghdrs at
mbuhl [Sat, 3 Sep 2022 12:33:44 +0000 (12:33 +0000)]
add the sendmmsg syscall that allows sending multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, bluhm@.
OK bluhm@

2 years agoClarify timeout/deadline
job [Sat, 3 Sep 2022 11:01:55 +0000 (11:01 +0000)]
Clarify timeout/deadline

2 years agoMove the repo lookup into queue_from_mft()
claudio [Sat, 3 Sep 2022 09:22:25 +0000 (09:22 +0000)]
Move the repo lookup into queue_from_mft()
OK tb@

2 years agoAdd apldcms(4), a driver for the touchpad on M2 laptops. This driver
kettenis [Sat, 3 Sep 2022 08:44:56 +0000 (08:44 +0000)]
Add apldcms(4), a driver for the touchpad on M2 laptops.  This driver
needs firmware that is provided on the ESP by the Asahi installer and
copied into /etc/firmware/apple by the OpenBSD installer.

ok tobhe@

2 years agoCopy Apple touchpad firmware on machines that need it.
kettenis [Sat, 3 Sep 2022 08:37:36 +0000 (08:37 +0000)]
Copy Apple touchpad firmware on machines that need it.

ok kn@, deraadt@

2 years agoFix the failing libm/rint regress test by adding ieee754 implementations
mbuhl [Sat, 3 Sep 2022 08:26:05 +0000 (08:26 +0000)]
Fix the failing libm/rint regress test by adding ieee754 implementations
for the rounding functions.
Input from kettenis@,
OK miod@

2 years agouse past tense for history;
jmc [Sat, 3 Sep 2022 06:55:01 +0000 (06:55 +0000)]
use past tense for history;

2 years agosync with arm64.html
jsg [Sat, 3 Sep 2022 05:44:04 +0000 (05:44 +0000)]
sync with arm64.html

2 years agoMake rc_configtest behave like rc_pre and rc_post; i.e. don't define a default
ajacoutot [Fri, 2 Sep 2022 22:11:57 +0000 (22:11 +0000)]
Make rc_configtest behave like rc_pre and rc_post; i.e. don't define a default
function (each rc.d script is supposed to define its own if wanted).
This way, we can filter out the "configtest" action depending on whether the
function exists or not.
Adapt documentation.

tweak/ok kn@

2 years agoIntroduce a deadline timer that aborts all repository syncs.
claudio [Fri, 2 Sep 2022 21:56:45 +0000 (21:56 +0000)]
Introduce a deadline timer that aborts all repository syncs.
With this rpki-client has a chance to still finish and produce an output
even when a CA is excessivly slow and holds back progress.
With and OK benno@ tb@ and job@

2 years agovmd(8): compute i8254 read-back command latch from singular timestamp
cheloha [Fri, 2 Sep 2022 21:33:51 +0000 (21:33 +0000)]
vmd(8): compute i8254 read-back command latch from singular timestamp

The intent of the i8254 read-back command is (most likely) to permit
simultaneously latching two or three counters at once along with their
statuses.

To simulate this, we should compute olatch from one timestamp per
read-back command, not one timestamp per counter.

Improved with a tweak by dv@.

Link: https://marc.info/?l=openbsd-tech&m=166213670605453&w=2
ok dv@ mlarkin@

2 years agoConstify nam2blk[], chrtoblktbl[] and octeon devmap[].
miod [Fri, 2 Sep 2022 20:06:55 +0000 (20:06 +0000)]
Constify nam2blk[], chrtoblktbl[] and octeon devmap[].
ok mpi@ millert@

2 years agoFix over long lines
claudio [Fri, 2 Sep 2022 19:14:04 +0000 (19:14 +0000)]
Fix over long lines
OK tb@ job@

2 years agoUse the abort commands when a repo timeout happens. This is cleaner
claudio [Fri, 2 Sep 2022 19:10:36 +0000 (19:10 +0000)]
Use the abort commands when a repo timeout happens. This is cleaner
then just failing the repo fetch but leaving the backends running.
OK tb@

2 years agoImplement RRDP_ABORT, a message to abort a inflight RRDP request.
claudio [Fri, 2 Sep 2022 18:37:17 +0000 (18:37 +0000)]
Implement RRDP_ABORT, a message to abort a inflight RRDP request.
The abort is done in a way that waits for any inflight files or http
requests to finish before removing the rrdp state and before sending
the rrdp done message indicating failure.
OK tb@ and benno@

2 years agorrdp_new() need not return the struct
tb [Fri, 2 Sep 2022 18:08:43 +0000 (18:08 +0000)]
rrdp_new() need not return the struct

The only caller does nothing with it.

with/ok claudio

2 years agoFirst attempt at supporting audio on machines with multiple speakers.
kettenis [Fri, 2 Sep 2022 17:54:42 +0000 (17:54 +0000)]
First attempt at supporting audio on machines with multiple speakers.
Probably needs more work as the device tree bindings evolve.
Note that speakers are currently disabled in the device tree for all
Apple Silicon machines except for the Mac mini.

2 years agovmm(4): add tracepoint for in/out handler.
dv [Fri, 2 Sep 2022 17:46:37 +0000 (17:46 +0000)]
vmm(4): add tracepoint for in/out handler.

Inserts a new static dt(4) tracepoint in vmm(4) to report details
on in/out instructions (direction, port, and data).

ok mlarkin@

2 years agoextra newline
claudio [Fri, 2 Sep 2022 17:39:51 +0000 (17:39 +0000)]
extra newline

2 years agoAdd a callback for setting the TDM slot used by an audio codec.
kettenis [Fri, 2 Sep 2022 16:53:28 +0000 (16:53 +0000)]
Add a callback for setting the TDM slot used by an audio codec.
Implement this callback in tascodec(4) such that we can pick the audio
channel that it outputs.  This will override the default which is to
downmix stereo input from TDM channels 0 and 1 to mono output.

ok ratchov@

2 years agoRewrite RMD-160 tests to be table-driven.
tb [Fri, 2 Sep 2022 15:45:52 +0000 (15:45 +0000)]
Rewrite RMD-160 tests to be table-driven.

From Joshua Sing

2 years agowc(1): accelerate word counting
cheloha [Fri, 2 Sep 2022 15:21:40 +0000 (15:21 +0000)]
wc(1): accelerate word counting

wc(1) counts a word whenever a whitespace byte is followed by a
non-whitespace byte.  Because the state machine transition occurs
within the space of a single byte we don't need to use getline(3).

Counting words in a big buffer with read(2) is much faster.  The
overhead varies with the length of a line, but for files with 60-100
byte lines, word counting is about twice as fast when we avoid
getline(3).  In the pathological case where each line is a single
byte, word counting is about ten times as fast when we avoid
getline(3).

Link1: https://marc.info/?l=openbsd-tech&m=163715995626532&w=2
Link2: https://marc.info/?l=openbsd-tech&m=165956826103639&w=2

"Seems reasonable." deraadt@

2 years agoMove mkpath logic after checking for 'noop' to prevent creation of directories in...
job [Fri, 2 Sep 2022 15:09:19 +0000 (15:09 +0000)]
Move mkpath logic after checking for 'noop' to prevent creation of directories in -n mode

OK claudio@

2 years agoDon't ignore an OpenBSD GPT partition just because the GPT says
krw [Fri, 2 Sep 2022 14:18:47 +0000 (14:18 +0000)]
Don't ignore an OpenBSD GPT partition just because the GPT says
it extends beyond the edge of the disk the GPT currently
inhabits. We only care if enough of it is addressable that a
disklabel is accessible.

Brings GPT handling of 'OpenBSD partitions extending too far'
into line with the MBR handling of the same situation.

2 years agoFix TSO large receive offloading in ix(4).
jan [Fri, 2 Sep 2022 14:08:09 +0000 (14:08 +0000)]
Fix TSO large receive offloading in ix(4).

Without this diff it might happen that content of different
TCP connection get mixed up, when reading coalesced buffers
from the receive ring.

Thanks, for a lot of testing effort to mbuhl.

OK mbuhl@

2 years agoRetire the old crap. Thanks, Joshua
tb [Fri, 2 Sep 2022 13:46:23 +0000 (13:46 +0000)]
Retire the old crap. Thanks, Joshua

2 years agoUnhook the old md4 and md5 tests
tb [Fri, 2 Sep 2022 13:45:18 +0000 (13:45 +0000)]
Unhook the old md4 and md5 tests

2 years agoLink new md test to regress.
tb [Fri, 2 Sep 2022 13:38:56 +0000 (13:38 +0000)]
Link new md test to regress.

2 years agoNew md4/md5 regress tests
tb [Fri, 2 Sep 2022 13:34:48 +0000 (13:34 +0000)]
New md4/md5 regress tests

These exercise MD4 and MD5 with the test vectors from RFCs 1320 and 1321.

From Joshua Sing <joshua () hypera ! dev>

2 years agoregen
mbuhl [Fri, 2 Sep 2022 13:23:33 +0000 (13:23 +0000)]
regen

2 years agoAdd two const
tb [Fri, 2 Sep 2022 13:23:05 +0000 (13:23 +0000)]
Add two const

2 years agoMake test tables static const and fix a style nit
tb [Fri, 2 Sep 2022 13:21:32 +0000 (13:21 +0000)]
Make test tables static const and fix a style nit

2 years agoEnable apldc(4), apldchidev(4), apldckbd(4) and aplrtk(4) here as well.
kettenis [Fri, 2 Sep 2022 13:20:46 +0000 (13:20 +0000)]
Enable apldc(4), apldchidev(4), apldckbd(4) and aplrtk(4) here as well.

2 years agoadd the recvmmsg syscall that allows receiving multiple msghdrs at
mbuhl [Fri, 2 Sep 2022 13:18:06 +0000 (13:18 +0000)]
add the recvmmsg syscall that allows receiving multiple msghdrs at
once. libc, man page, and regress parts to come.
With input from jca@, guenther@, bluhm@.
OK bluhm@

2 years agoMove PRU_CONTROL request to (*pru_control)().
mvs [Fri, 2 Sep 2022 13:12:31 +0000 (13:12 +0000)]
Move PRU_CONTROL request to (*pru_control)().

The 'proc *' arg is not used for PRU_CONTROL request, so remove it from
pru_control() wrapper.

Split out {tcp,udp}6_usrreqs from {tcp,udp}_usrreqs and use them for
inet6 case.

ok guenther@ bluhm@

2 years agoRework the rsync proc code. Use a proper queue of requests and enforce
claudio [Fri, 2 Sep 2022 13:04:16 +0000 (13:04 +0000)]
Rework the rsync proc code. Use a proper queue of requests and enforce
the limit on that queue instead of stopping to read new messages.
This is needed to implement an abort request.
"There is not enough RB_TREE in this diff" tb@

2 years agoReduce differences to amd64.
mlarkin [Fri, 2 Sep 2022 12:46:18 +0000 (12:46 +0000)]
Reduce differences to amd64.

ok kettenis

2 years agoNuke TEMPLATE variable and just do it, like amd64/ramdisk_cd does.
krw [Fri, 2 Sep 2022 12:40:02 +0000 (12:40 +0000)]
Nuke TEMPLATE variable and just do it, like amd64/ramdisk_cd does.

ok deraadt@

2 years agoNuke variable partlba that is set but not used.
krw [Fri, 2 Sep 2022 12:28:12 +0000 (12:28 +0000)]
Nuke variable partlba that is set but not used.

2 years agoRelax GTP header validity check by allowing 1 sector size usable
krw [Fri, 2 Sep 2022 12:24:26 +0000 (12:24 +0000)]
Relax GTP header validity check by allowing 1 sector size usable
LBA area (gh_lba_start == gh_lba_end) and allowing either or both
of gh_lba_start and gh_lba_end to exceed the size of the disk the
GPT currently inhabits.

Reduces false negatives and inappropriate fall through to MBR
spoofing and allows repair of otherwise valid GPT.

2 years agoSimplify and clean up the ecdsa test a little. Use stdio instead of BIO
tb [Fri, 2 Sep 2022 11:47:25 +0000 (11:47 +0000)]
Simplify and clean up the ecdsa test a little. Use stdio instead of BIO
for output, use 'err' as a label and avoid some silly repetitions.

2 years agoRetire old SHA tests
tb [Fri, 2 Sep 2022 11:18:09 +0000 (11:18 +0000)]
Retire old SHA tests

The old tests were incomplete, some of them had no license and the code
quality was questionable. The new tests by Joshua Sing cover what they
did (and additionally SHA-224 and SHA-384). Many thanks!

2 years agoUnhook old SHA tests
tb [Fri, 2 Sep 2022 11:16:03 +0000 (11:16 +0000)]
Unhook old SHA tests

2 years agoAdd tests for 1 million repeated "a"
tb [Fri, 2 Sep 2022 11:13:34 +0000 (11:13 +0000)]
Add tests for 1 million repeated "a"

From Joshua Sing

2 years agosync
jsg [Fri, 2 Sep 2022 10:41:05 +0000 (10:41 +0000)]
sync

2 years agodrm/i915: Add new ADL-S pci id
jsg [Fri, 2 Sep 2022 10:39:31 +0000 (10:39 +0000)]
drm/i915: Add new ADL-S pci id

From Jose Roberto de Souza
in drm-intel-next

2 years agoregen
jsg [Fri, 2 Sep 2022 10:34:43 +0000 (10:34 +0000)]
regen

2 years agosync Intel ADL-S devices with Mesa git
jsg [Fri, 2 Sep 2022 10:34:07 +0000 (10:34 +0000)]
sync Intel ADL-S devices with Mesa git
adds 0x468b, removes 0x4691

2 years agoNow that boot blocks are able to parse ufs2, there is no need to force ufs1
miod [Fri, 2 Sep 2022 10:16:51 +0000 (10:16 +0000)]
Now that boot blocks are able to parse ufs2, there is no need to force ufs1
for the / file system. Brings landisk into the wonderful world of y2k38
compliance.

2 years agoAdd UFS2 support, with libsa for boot and with a specific ufs-and-ufs2-in-one
miod [Fri, 2 Sep 2022 10:15:35 +0000 (10:15 +0000)]
Add UFS2 support, with libsa for boot and with a specific ufs-and-ufs2-in-one
flavour for xxboot, due to its size constraints.

2 years agoAdd ufs2 to the list of filesystem, for the sake of boot blocks which do not
miod [Fri, 2 Sep 2022 10:14:02 +0000 (10:14 +0000)]
Add ufs2 to the list of filesystem, for the sake of boot blocks which do not
provide an explicit list of files to build in libsa.

2 years agoRemove non-_KERNEL code path for division by zero. This will allow the
miod [Fri, 2 Sep 2022 10:12:46 +0000 (10:12 +0000)]
Remove non-_KERNEL code path for division by zero. This will allow the
bootblocks to shrink a little.

2 years agoWrite /etc/resolv.conf in a more atomic manner.
florian [Fri, 2 Sep 2022 09:39:55 +0000 (09:39 +0000)]
Write /etc/resolv.conf in a more atomic manner.

There were few reports were /etc/resolv.conf would lose user-managed
lines, possibly caused by a system crash.

While here add a call to fsync(2) which might also help.

input otto
input & OK deraadt, kn

2 years agoGet the retguard region's phys address from pmap, instead of using linker
mlarkin [Fri, 2 Sep 2022 09:02:37 +0000 (09:02 +0000)]
Get the retguard region's phys address from pmap, instead of using linker
script symbols. This is needed since we don't have those symbols on all
archs where we want hibernate.

ok kettenis, and input and help from miod.

2 years agoAdd softraid(4) RAID 1C boot support
kn [Fri, 2 Sep 2022 08:13:03 +0000 (08:13 +0000)]
Add softraid(4) RAID 1C boot support

Equivalent of sys/arch/arm64/stand/efiboot/softraid_arm64.c r1.4:
(commitid: Ka484R3swI5xSRWO) "Add softraid(4) RAID 1C boot support".

Tell the boot loader to decrypt 1C like C volumes and check the number of
disks in 1C like in 1C volumes -- no new code rquired.

Tested on T4-2 guest domains
"Looks reasonable" kettenis
OK stsp

NB: While kernel and boot loader support root on softraid on sparc64,
installboot(8) still needs a pending fix for installations on multi-chunk
softraid volumes.  Until then, the usual installation process will fail on
1C volumes and requires manual fixup.

2 years agoAdopt a terser specification of an MBR partition table of
krw [Fri, 2 Sep 2022 07:46:03 +0000 (07:46 +0000)]
Adopt a terser specification of an MBR partition table of
64 zeros, suggested by miod@ a while ago.

ok mlarkin@

2 years agoMake newer mime type definitions take precedence over existing ones.
benno [Fri, 2 Sep 2022 07:38:14 +0000 (07:38 +0000)]
Make newer mime type definitions take precedence over existing ones.

Patch from Ben Fuller <ben -AT- bvnf -DOT- space>,
helped along by florian@
ok florian@ and some mumblings from claudio who does not want okays in httpd.

2 years agoopenpty() family of functions use /dev/ptm PTMGET to open a master+slave fd
deraadt [Fri, 2 Sep 2022 07:37:57 +0000 (07:37 +0000)]
openpty() family of functions use /dev/ptm PTMGET to open a master+slave fd
pair, and also provides their names.  Internally, 3 NDINIT+namei operations
access /dev/[tp]ty[p-zP-T][0-9a-zA-Z], of these 2 followed unveil restrictions.
I argue if you unveil /dev/ptm, (and not the 372 other nodes), you still want
openpty() to provide you with working fd's, and the names, which the caller
will probably never open manually, because the fd's are given.
So change all NDINIT to use KERNELPATH, bypassing unveil.
ok semarie

2 years agoThe sysORTable doesn't have 10 entries anymore.
martijn [Fri, 2 Sep 2022 07:07:45 +0000 (07:07 +0000)]
The sysORTable doesn't have 10 entries anymore.
Adjust the test for now to -Cr4, which isn't exactly in the spirit of the
test but fixes things for now.

Now that we have agentx I should write a backend with more predictable
output to make regress more stable.

pointed out by anton@

2 years agoUse a shorter system call invocation template for system calls in the range
miod [Fri, 2 Sep 2022 06:19:04 +0000 (06:19 +0000)]
Use a shorter system call invocation template for system calls in the range
0-127, where immediate addressing can be used to load the system call number
in r0, rather than performing a memory load using pc-relative addressing.

No functional change, but rm(1) runs a couple cycles faster per file now.

2 years agosk-usbhid: fix key_lookup() on tokens with built-in UV
djm [Fri, 2 Sep 2022 04:20:02 +0000 (04:20 +0000)]
sk-usbhid: fix key_lookup() on tokens with built-in UV

explicitly test whether the token performs built-in UV (e.g. biometric
tokens) and enable UV in that case. From Pedro Martelletto via GHPR#388

2 years agoZap IRR RFC reference for the 'bgpctl irrfilter' command which was deprecated in 6.6
job [Thu, 1 Sep 2022 22:24:40 +0000 (22:24 +0000)]
Zap IRR RFC reference for the 'bgpctl irrfilter' command which was deprecated in 6.6

2 years agovmm(4): send all port io emulation to userland
dv [Thu, 1 Sep 2022 22:01:40 +0000 (22:01 +0000)]
vmm(4): send all port io emulation to userland

Simplify things by sending any io exits from IN/OUT instructions
to userland instead of trying to emulate anything in the kernel.
vmm was sending most pertinent exits to vmd anyways, so this
functionally changes little.

An added benefit is this solves an issue reported by tb@ where i386
OpenBSD guests would probe for a pc keyboard repeatedly and cause
excessive vm exits. (The emulation in vmm was not properly handling
these port reads.)

While here, make the assignment of the VEI_DIR_{IN,OUT} enum values
not assume the underlying integer the compiler may assign.

ok mlarkin@

2 years agowhitespace
mlarkin [Thu, 1 Sep 2022 21:50:19 +0000 (21:50 +0000)]
whitespace

2 years agoAdd forest (-f) mode
job [Thu, 1 Sep 2022 21:15:54 +0000 (21:15 +0000)]
Add forest (-f) mode

In -f mode group & display parent/child process relationships using ASCII art.

Borrows heavily from Brian Somers' work on FreeBSD ps(1).

With input from deraadt@ and tb@

OK benno@ claudio@

2 years agougly whitespace
tb [Thu, 1 Sep 2022 20:36:25 +0000 (20:36 +0000)]
ugly whitespace

2 years agoMove PRU_CONNECT2 request to (*pru_connect2)().
mvs [Thu, 1 Sep 2022 18:21:22 +0000 (18:21 +0000)]
Move PRU_CONNECT2 request to (*pru_connect2)().

ok bluhm@

2 years agosync
sthen [Thu, 1 Sep 2022 18:18:24 +0000 (18:18 +0000)]
sync

2 years agochange part of entry description for tf from "cat" to "C/A/T";
jmc [Thu, 1 Sep 2022 18:15:04 +0000 (18:15 +0000)]
change part of entry description for tf from "cat" to "C/A/T";
from josiah frentsos

2 years agoFill the gaps for armv7, powerpc64 and riscv64
kn [Thu, 1 Sep 2022 17:23:36 +0000 (17:23 +0000)]
Fill the gaps for armv7, powerpc64 and riscv64

These still fail early on due to the opendev(3)/diskmap(4) race condition,
so only hook them up after the kernel is fixed.

Note to self: some distrib/${MACHINE}/ramdisk/install.md pass explicit
newfs(8) flags -- this might be needed here;  test once all the relevant
kernel and installboot(8) bugs are squashed and this regress suite can be
run normally.

2 years agowhitespace
mlarkin [Thu, 1 Sep 2022 17:07:09 +0000 (17:07 +0000)]
whitespace

2 years agod_bbsize and d_sbsize are entirely absent from the tree.
krw [Thu, 1 Sep 2022 15:48:51 +0000 (15:48 +0000)]
d_bbsize and d_sbsize are entirely absent from the tree.

Rename them d_spare2 and d_spare3.

ok otto@ as part of larger diff

2 years agofix unveil(2) in vmctl(8), unix socket needs :w:
benno [Thu, 1 Sep 2022 15:43:07 +0000 (15:43 +0000)]
fix unveil(2) in vmctl(8), unix socket needs :w:
ok mestre@ martijn@

2 years agoUpdate awk to Aug 30, 2022 version.
millert [Thu, 1 Sep 2022 15:21:28 +0000 (15:21 +0000)]
Update awk to Aug 30, 2022 version.
Various leaks and use-after-free issues plugged/fixed.

2 years agoCheck sk_SSL_CIPHER_push() return value
tb [Thu, 1 Sep 2022 15:19:16 +0000 (15:19 +0000)]
Check sk_SSL_CIPHER_push() return value

CID 24797

ok jsing

2 years agoAdd privilege separation to snmpd.
martijn [Thu, 1 Sep 2022 14:34:17 +0000 (14:34 +0000)]
Add privilege separation to snmpd.

This uses the just imported snmpd_metrics as a new (agentx-based) backend.
Snmpd(8) executes all files in /usr/libexec/snmpd and treats regions
registered by these binaries as authorative, so that no other agentx
backends can overwrite them. The snmpe process is now pledged
"stdio recvfd inet unix".

This removes quite a few entries from the sysORTable, but the current
entries are non-compliant anyway and should be completely revisisted at a
later time.

Reduces the time for a full walk by about a factor of 4, bringing us close
to the original speed before application.c was introduced.

General design discussed with claudio@
Tested by and OK sthen
Release build test and OK tb@

2 years agoadd checks that unveil() is doing the right thing irt. bind() and connect()
benno [Thu, 1 Sep 2022 14:23:25 +0000 (14:23 +0000)]
add checks that unveil() is doing the right thing irt. bind() and connect()

2 years agoHook up snmpd_metrics
martijn [Thu, 1 Sep 2022 14:22:55 +0000 (14:22 +0000)]
Hook up snmpd_metrics

OK tb@, sthen@

2 years agoImport snmpd_metrics.
martijn [Thu, 1 Sep 2022 14:20:32 +0000 (14:20 +0000)]
Import snmpd_metrics.

This contains snmpd's mib.c (and friends) adjusted for libagentx.
This standalone binary is to be used by snmpd to achieve privilege
separation.

If people need net-snmpd, but want some of the base snmpd metrics they can
start this binary as a normal daemon and connect to net-snmpd's agentx
socket.

Tested, Feedback, and OK sthen@
Release build test, and OK tb@

2 years agoLink sha test to regress
tb [Thu, 1 Sep 2022 14:03:29 +0000 (14:03 +0000)]
Link sha test to regress

2 years agoAdd a nicely licensed, table-driven test for SHA
tb [Thu, 1 Sep 2022 14:02:41 +0000 (14:02 +0000)]
Add a nicely licensed, table-driven test for SHA

This tests covers the NIST vectors for SHA-{1,224,256,384,256} and will
soon be able to replace the old SHA tests entirely.

From Joshua Sing <joshua () hypera ! dev>

2 years agoDrop support for unused attributes 'bs' (d_bbsize) and 'sb'
krw [Thu, 1 Sep 2022 13:56:21 +0000 (13:56 +0000)]
Drop support for unused attributes 'bs' (d_bbsize) and 'sb'
(d_sbsize).

ok otto@ as part of larger diff