kettenis [Sun, 2 May 2021 21:47:51 +0000 (21:47 +0000)]
Initialize per-CPU pointer register earlier.
ok patrick@
drahn [Sun, 2 May 2021 20:08:49 +0000 (20:08 +0000)]
riscv64, fix HANDLE_ERROR
the CERROR handling code had a gross mistake in that that it didn't
continue processing the code after the macro if no error occurred.
ok kettenis@
krw [Sun, 2 May 2021 20:07:14 +0000 (20:07 +0000)]
Try harder to ensure there are no GPT revenants after
choosing MBR partitioning.
drahn [Sun, 2 May 2021 20:01:51 +0000 (20:01 +0000)]
riscv64 openssl config
copied from other 64 bit arch
ok jsg@
kettenis [Sun, 2 May 2021 19:43:16 +0000 (19:43 +0000)]
We need to set the dirty bit whenever we add write permission
otherwise a write will still fault on hardware that doesn't implement
hardware updates for these bits.
ok drahn@
krw [Sun, 2 May 2021 19:16:48 +0000 (19:16 +0000)]
Shuffle some code to eliminate get_address(), bring interface_state() and
initialize_interface() logic into closer alignment, and try harder to
initialize link_state at start up.
tb [Sun, 2 May 2021 18:10:32 +0000 (18:10 +0000)]
Prevent future internal use of some #defines
After jsing's recent commits, SSL3_CC_{READ,WRITE,CLIENT,SERVER}
and the derived SSL3_CHANGE_CIPHER_{CLIENT,SERVER}_{READ,WRITE}
are no longer used by LibreSSL and should never be used again.
discussed with jsing
jsing [Sun, 2 May 2021 17:46:58 +0000 (17:46 +0000)]
Clean up tls1_change_cipher_state().
Replace flag gymnastics at call sites with separate read and write,
functions which call the common code. Condition on s->server instead of
using SSL_ST_ACCEPT, for consistency and more readable code.
ok inoguchi@ tb@
jsing [Sun, 2 May 2021 17:28:33 +0000 (17:28 +0000)]
In the TLSv1.2 server, set up the key block after sending the CCS.
This avoids calling into the key block setup code multiple times and makes
the server code consistent with the client.
ok inoguchi@ tb@
jsing [Sun, 2 May 2021 17:18:10 +0000 (17:18 +0000)]
Clean up dtls1_reset_seq_numbers().
Rather than doing flag gymnastics, split dtls1_reset_seq_numbers() into
separate read and write functions. Move the calls of these functions into
tls1_change_cipher_state() so they directly follow the change of cipher
state in the record layer, which avoids having to duplicate the calls in
the client and server.
ok inoguchi@ tb@
jsing [Sun, 2 May 2021 16:00:33 +0000 (16:00 +0000)]
Ensure that handshake hash is non-NULL in tls1_transcript_hash_value().
There are several paths where a subtle bug could result in
tls1_transcript_hash_value() being called with a NULL handshake hash - add
an explicit check for this case. As noted by tb@, due to the wonders of
the libcrypto EVP APIs, combined with integer promotion, we already have
a NULL check - this one is just more obvious.
ok tb@
jsing [Sun, 2 May 2021 15:57:29 +0000 (15:57 +0000)]
Harden tls12_finished_verify_data() by checking master key length.
Require master key length to be greater than zero if we're asked to derive
verify data for a finished or peer finished message.
ok tb@
jsing [Sun, 2 May 2021 15:55:29 +0000 (15:55 +0000)]
Stop deriving peer finished twice for TLSv1.2.
We already derive the peer finished in ssl3_do_change_cipher_spec(), which
DTLS relies on. In the case of TLS we've been doing it twice - once in
ssl3_get_message() and once in ssl3_do_change_cipher_spec().
ok tb@
tb [Sun, 2 May 2021 15:33:33 +0000 (15:33 +0000)]
Make TS_compute_imprint a bit more robust.
Instead of using the output parameters directly, null them out at the
beginning and work with local variables which are only assigned to the
output parameters on success. This way we avoid leaking stale pointers
back to the caller.
requested/ok jsing
deraadt [Sun, 2 May 2021 15:15:44 +0000 (15:15 +0000)]
Improve documentation. Try to explain the various inputs that result in
a rewritten resolv.conf, and without being too precise, the order they will
be in the file
discussed with florian and jmc
martijn [Sun, 2 May 2021 14:39:05 +0000 (14:39 +0000)]
Fix having hostnames in the listen on statement. Regression introduced in
r1.39. Issue originally reported by Anton Kasimov via rob@.
OK claudio@
mvs [Sun, 2 May 2021 14:22:05 +0000 (14:22 +0000)]
Do soreserve() before `kp' allocation. This simplifies error path. The
same was done for route_attach().
Also do soisconnected() after `kp' is fully initialized. This chair
movement affects nothing for PF_KEY sockets but makes code more
consistent.
ok bluhm@ mpi@
lum [Sun, 2 May 2021 14:13:17 +0000 (14:13 +0000)]
dired-shell-command is listed in the man page under 'DIRED KEY
BINDINGS' but not under 'DIRED COMMANDS'. Add it in.
kettenis [Sun, 2 May 2021 08:15:23 +0000 (08:15 +0000)]
Initialize the per-CPU pointer register early.
ok drahn@
espie [Sun, 2 May 2021 06:13:57 +0000 (06:13 +0000)]
explain what FETCH_CMD should support in a bit more detail
jsg [Sun, 2 May 2021 04:21:13 +0000 (04:21 +0000)]
fix logic error in boot()
ok deraadt@
kettenis [Sat, 1 May 2021 20:07:01 +0000 (20:07 +0000)]
Remove NetBSDisms that crept into the arm64 version of this file.
ok gnezdo@
kettenis [Sat, 1 May 2021 20:04:33 +0000 (20:04 +0000)]
Actually, that variable needs to be a u_int8_t pointer.
This is what was tested, but I forgot to commit a file.
martijn [Sat, 1 May 2021 16:55:14 +0000 (16:55 +0000)]
Expand the regress test quite a bit to make sure no new regressions are
introduced by the previous libagentx commit. There's a few of the new tests
failing, mark those as such.
martijn [Sat, 1 May 2021 16:44:17 +0000 (16:44 +0000)]
Refactor varbind OID parsing into their indices. Simplifies the code by
about 40 LoC and fixes a potential out of bounds read.
Bug found by bluhm@ on arm64 regress
OK bluhm@
gnezdo [Sat, 1 May 2021 16:18:58 +0000 (16:18 +0000)]
Removed unused SYSCTL_INT_UNBOUNDED (no use planned)
Added a comment for SYSCTL_INT_READONLY.
OK mvs@
gnezdo [Sat, 1 May 2021 16:18:28 +0000 (16:18 +0000)]
Update the remaining SYSCTL_INT_READONLY cases
OK mvs@
mvs [Sat, 1 May 2021 16:13:12 +0000 (16:13 +0000)]
Implement per-socket `so_lock' rwlock(9) and use it to protect routing
(PF_ROUTE) sockets. This can be done because we have no cases where one
thread should lock two sockets simultaneously.
Against the previous version rtm_senddesync_timer() execution was moved
to process context.
Also this time `so_lock' used for routing sockets only but in the future
it will be used to other socket types too.
tested by claudio@
ok claudio@ bluhm@
visa [Sat, 1 May 2021 16:10:29 +0000 (16:10 +0000)]
Retire OpenBSD/sgi.
OK deraadt@
deraadt [Sat, 1 May 2021 14:47:15 +0000 (14:47 +0000)]
sync
bcook [Sat, 1 May 2021 14:15:57 +0000 (14:15 +0000)]
bump to LibreSSL 3.4.0 in -current
tb [Sat, 1 May 2021 13:16:30 +0000 (13:16 +0000)]
Plug leak in c2i_ASN1_OBJECT
When using the object reuse facility of c2i_ASN1_OBJECT, the dynamically
allocated strings a may contain are set to NULL, so we must free them
beforehand. Also clear the flag, because that's what OpenSSL chose to do.
From Richard Levitte OpenSSL 1.1.1
65b88a75921533ada8b465bc8d5c0817ad927947
ok inoguchi
tb [Sat, 1 May 2021 13:13:45 +0000 (13:13 +0000)]
Prevent double free in int_TS_RESP_verify_token
If TS_compute_imprint fails after md_alg was allocated, there will be a
double free in its caller. Obvious fix is to null out the output
parameter md_alg just like it's already done for imprint and imprint_len.
From Pauli Dale, OpenSSL 1.1.1,
a3dea76f742896b7d75a0c0529c0af1e628bd853
ok inoguchi jsing
kettenis [Sat, 1 May 2021 12:29:05 +0000 (12:29 +0000)]
Implement early console functionality based on available SBI calls.
While these calls are part of the legacy extensions and deprecated, they
are really useful for debugging purposes.
ok jsg@
florian [Sat, 1 May 2021 11:53:24 +0000 (11:53 +0000)]
In singel user mode / is mounted ro. Just warn if we can't create
the control socket instead of fatal().
OK deraadt
florian [Sat, 1 May 2021 11:53:06 +0000 (11:53 +0000)]
Allow running in single user mode where /var/empty doesn't exist by
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
florian [Sat, 1 May 2021 11:52:36 +0000 (11:52 +0000)]
In singel user mode / is mounted ro. Just warn if we can't create
the control socket instead of fatal().
OK deraadt
florian [Sat, 1 May 2021 11:51:59 +0000 (11:51 +0000)]
Allow running in single user mode where /var/empty doesn't exist by
switching from chroot("/var/empty") to unveil("/", "").
This is just an extra pair of suspenders since these processes
pledge(2) to not access the filesystem.
OK deraadt
jmc [Sat, 1 May 2021 06:02:32 +0000 (06:02 +0000)]
update currency exchange rates;
jsg [Sat, 1 May 2021 03:15:30 +0000 (03:15 +0000)]
KERNEL_LOCK/UNLOCK() was pushed into trapsignal() last August
jsg [Sat, 1 May 2021 03:03:15 +0000 (03:03 +0000)]
use sival_ptr instead of sival_int for breakpoint and illegal inst
For breakpoints stval will have a vaddr. For illegal instructions stval
may be as large as a register or the widest instruction.
Also avoid using an uninitialised variable for stval.
ok mlarkin@ drahn@
jsg [Sat, 1 May 2021 01:00:41 +0000 (01:00 +0000)]
regen llvm man pages from rst with
cd /usr/src/gnu/llvm/llvm/docs
gmake -f Makefile.sphinx man
cd /usr/src/gnu/llvm/clang/docs
gmake -f Makefile.sphinx man
cmake -DLLVM_ENABLE_SPHINX=ON -DLLDB_INCLUDE_TESTS=OFF /usr/src/gnu/llvm/lldb/
make docs-lldb-man
jsg [Sat, 1 May 2021 00:43:12 +0000 (00:43 +0000)]
arvm7 -> armv7
deraadt [Sat, 1 May 2021 00:22:33 +0000 (00:22 +0000)]
variable has to be a pointer after last change
jsg [Fri, 30 Apr 2021 23:00:38 +0000 (23:00 +0000)]
make timer/intc cd_name match config
ok kettenis@ mlarkin@
jsing [Fri, 30 Apr 2021 19:26:44 +0000 (19:26 +0000)]
Clean up and harden TLSv1.2 master key derivation.
The master key and its length are only stored in one location, so it makes
no sense to handle these outside of the derivation function (the current
'out' argument is unused). This simplifies the various call sites.
If derivation fails for some reason, fail hard rather than continuing on
and hoping that something deals with this correctly later.
ok inoguchi@ tb@
drahn [Fri, 30 Apr 2021 16:13:00 +0000 (16:13 +0000)]
Fix linkage error due to fp* functions.
ok kettenis@
bluhm [Fri, 30 Apr 2021 13:52:48 +0000 (13:52 +0000)]
Rearrange the implementation of bounded sysctl. The primitive
functions are sysctl_int() and sysctl_rdint(). This brings us back
the 4.4BSD implementation. Then sysctl_int_bounded() builds the
magic for range checks on top. sysctl_bounded_arr() is a wrapper
around it to support multiple variables.
Introduce macros that describe the meaning of the magic boundary
values. Use these macros in obvious places.
input and OK gnezdo@ mvs@
jmc [Fri, 30 Apr 2021 13:52:12 +0000 (13:52 +0000)]
add arch to Dt lines;
visa [Fri, 30 Apr 2021 13:25:24 +0000 (13:25 +0000)]
Add zqclock(4), a driver for Zynq-7000 clocks.
Input and OK kettenis@
visa [Fri, 30 Apr 2021 13:20:14 +0000 (13:20 +0000)]
Add zqreset(4), a driver for Zynq-7000 resets.
Input and OK kettenis@
jsg [Fri, 30 Apr 2021 13:13:31 +0000 (13:13 +0000)]
remove now unused elf.h
jsg [Fri, 30 Apr 2021 12:57:29 +0000 (12:57 +0000)]
remove FreeBSD derived riscv cpu ident
print the mvendorid marchid mimpid values from sbi instead of
using hardcoded values
continue printing riscv,isa and copy it to cpu_model so it
will show up in sysctl
ok kettenis@
jsg [Fri, 30 Apr 2021 08:54:15 +0000 (08:54 +0000)]
reduce diff to current arm64
ok mlarkin@
jsg [Fri, 30 Apr 2021 06:29:19 +0000 (06:29 +0000)]
fix newlines for devices attaching to cpu
djm [Fri, 30 Apr 2021 04:29:53 +0000 (04:29 +0000)]
a little debugging in the main mux process for status confirmation
failures in multiplexed sessions
dtucker [Fri, 30 Apr 2021 04:02:52 +0000 (04:02 +0000)]
Remove now-unused skey function prototypes leftover from skey removal.
jsg [Fri, 30 Apr 2021 03:17:08 +0000 (03:17 +0000)]
remove commented arm console init lines
deraadt [Fri, 30 Apr 2021 02:06:22 +0000 (02:06 +0000)]
When terminating via pledge_fail() stop all threads, before issuing a
(delayed action) sigabort() and disabling all syscalls for this process
(ie. all threads). This resulted in multiple-threads crashing over top
of themselves, and a poor debugging experience. We keep using sigabort()
rather than sigexit(), to keep the debugging process good.
Diagnosed from a report from brynet, and followup discussion with many.
drahn [Fri, 30 Apr 2021 00:25:52 +0000 (00:25 +0000)]
Fix line swap resulting in misplaced ',' causing build error.
dv [Thu, 29 Apr 2021 23:27:10 +0000 (23:27 +0000)]
Linting: remove duplicate struct definition (plus whitespace)
"sure" mlarkin@
stsp [Thu, 29 Apr 2021 21:43:46 +0000 (21:43 +0000)]
Make iwn, iwm, and iwx keep track of beacon parameters at run-time.
- HT protection settings (this was already implemented)
- ERP (11g) protection setting
- short slottime setting
- short preamble setting
- EDCA (QoS) parameters
All of these parameters are communicated in beacons and hardware is
now kept up-to-date with them.
Prompted by a problem report from Christian Ehrhardt regarding ERP.
Tested:
iwn 6205: stsp, Josh Grosse
iwm 7265: trondd
iwm 8265: stsp, Matthias Schmidt
iwm 9260: phessler
iwx ax200: stsp, jmc, gnezdo
mvs [Thu, 29 Apr 2021 20:13:25 +0000 (20:13 +0000)]
Remove netlock assertions from UNIX sockets layer.
ok bluhm@
drahn [Thu, 29 Apr 2021 20:00:18 +0000 (20:00 +0000)]
riscv64 libkvm support
copied from aarch64 with minimal changes
drahn [Thu, 29 Apr 2021 19:21:31 +0000 (19:21 +0000)]
riscv64 share/mk
Add riscv64 to the list of PIE/static PIE and clang architectures.
drahn [Thu, 29 Apr 2021 18:48:30 +0000 (18:48 +0000)]
*** empty log message ***
drahn [Thu, 29 Apr 2021 18:39:53 +0000 (18:39 +0000)]
riscv64 libc
asm defines, copied from aarch64.
drahn [Thu, 29 Apr 2021 18:37:19 +0000 (18:37 +0000)]
riscv64 libc
Makefile.inc was missed in previous commit
ok kettenis@
drahn [Thu, 29 Apr 2021 18:33:36 +0000 (18:33 +0000)]
riscv64 libc, more pieces.
largely derived from aarch64 code.
usertc.c taken from hppa
with cleanup to Symbols.list and tfork_thread.S
Further cleanup and enhancement will be performed in-tree.
ok kettenis@
dv [Thu, 29 Apr 2021 18:23:07 +0000 (18:23 +0000)]
Use relative reference URIs in Location header on directory redirects.
This adds support for front-ending httpd(8) with a TLS-terminating
gateway like relayd(8) that forwards unencrypted http traffic.
Previously httpd(8) would use a full URL in the Location header in 301
redirects when a user-agent requests a directory but without the
trailing '/'. If the user-agent originally connected with https, this
caused the redirected url to be http.
This change conforms to RFC7231 section 7.1.2.
Reported by Vincent Lee.
OK claudio@
kettenis [Thu, 29 Apr 2021 17:19:18 +0000 (17:19 +0000)]
Clean up <machine/ieeefp.h> and make sure the rounding mode bits match the
hardware. Implement fp[gs]etround(3) and fp[gs]etsticky(3) and tweak
the fp[gs]etmask(3) implementation to provide the right weak symbols.
This implementation deliberately ignores the additional
"round to nearest, away from zero" as this interface is derived from
i386-specific code and the i387 FPU doesn't implement such a rounding
mode. This is a legacy API and code should use <fenv.h> instead.
ok drahn@
bluhm [Thu, 29 Apr 2021 15:34:22 +0000 (15:34 +0000)]
Revert part of the previous uvm_km_zalloc(9) to km_alloc(9) commit.
The chunk with mapping for pm_pdir_intel causes crashes for sthen@
and bluhm@. i386 pagedaemon panic: kernel diagnostic assertion
"pg->wire_count == 0" failed: file "/usr/src/sys/uvm/uvm_page.c",
line 1265
One of my 8 CPU 3 GB RAM machines can reproduce it when building
clang with make -j 9. This commit hides the underlying bug.
OK mpi@
kettenis [Thu, 29 Apr 2021 15:12:14 +0000 (15:12 +0000)]
Replace uvm_km_alloc(9) calls with km_alloc(9) calls. Make the copied ROM
contents executable using pmap_kenter_pa(9) since uvm stops us from doing
so using higher-level interfaces (for good reasons).
Maintaining W^X of course!
ok mpi@
bluhm [Thu, 29 Apr 2021 13:39:22 +0000 (13:39 +0000)]
Extend the fork and exit test with threads. Simultaneously kill
30 processes with 30 threads each.
visa [Thu, 29 Apr 2021 12:49:19 +0000 (12:49 +0000)]
Remove unused RM7000 ICR handling.
jsg [Thu, 29 Apr 2021 11:32:20 +0000 (11:32 +0000)]
descend into arch/riscv64
jsg [Thu, 29 Apr 2021 11:29:05 +0000 (11:29 +0000)]
add riscv64 efibind.h
ok drahn@ kettenis@
jsg [Thu, 29 Apr 2021 05:53:51 +0000 (05:53 +0000)]
regen
jsg [Thu, 29 Apr 2021 05:51:57 +0000 (05:51 +0000)]
add RISCV
drahn [Thu, 29 Apr 2021 05:32:01 +0000 (05:32 +0000)]
riscv64 clang support.
With several fixes from review integrated.
ok patrick@
millert [Thu, 29 Apr 2021 01:57:00 +0000 (01:57 +0000)]
Remove extraneous for() likely caused by copy & paste.
From trondd, OK pjanzen@
deraadt [Thu, 29 Apr 2021 00:47:53 +0000 (00:47 +0000)]
Use a universally understood example time (with AM, which is even easier
to understand)
from Edgar Pettijohn
deraadt [Thu, 29 Apr 2021 00:04:06 +0000 (00:04 +0000)]
sync
drahn [Wed, 28 Apr 2021 22:56:22 +0000 (22:56 +0000)]
Build libcompiler_rt for riscv64
ok kettenis@
drahn [Wed, 28 Apr 2021 22:45:33 +0000 (22:45 +0000)]
Enable libunwind on riscv64
getWCookie() is an OpenBSD addition that is needed on new architectures.
ok kettenis@
bluhm [Wed, 28 Apr 2021 21:21:44 +0000 (21:21 +0000)]
Use mq_delist() to fetch the ARP mbuf hold queue once and feed the
mbuf list to if_output().
OK sashan@ mvs@
deraadt [Wed, 28 Apr 2021 20:05:47 +0000 (20:05 +0000)]
sync
deraadt [Wed, 28 Apr 2021 19:33:38 +0000 (19:33 +0000)]
sync
ratchov [Wed, 28 Apr 2021 19:12:53 +0000 (19:12 +0000)]
Add sndio.pc file for pkg-config, mostly from brad@
ok and help from espie@
drahn [Wed, 28 Apr 2021 19:01:00 +0000 (19:01 +0000)]
riscv64 efiboot bootloader
Ported from arm64 with changes for riscv64.
Initial effort by Mickael Torres, with additional updates
ACPI api removed per request
ok kettenis@
bluhm [Wed, 28 Apr 2021 17:59:53 +0000 (17:59 +0000)]
To hunt kernel bugs during exit, terminate processes simultaneously.
Fork 300 children that sleep. Kill them together as process group.
Sleeping can optionally be done with individual memory layout by
executing sleep(1).
tb [Wed, 28 Apr 2021 17:53:34 +0000 (17:53 +0000)]
Revert "Handle X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE in new
verifier." (r1.27). While this may have "fixed" one corner case, it
broke expectations of Perl Net::SSLeay and Ruby OpenSSL regression
tests.
ok bcook
tb [Wed, 28 Apr 2021 17:44:35 +0000 (17:44 +0000)]
Use "new" vmctl syntax in the example.
kettenis [Wed, 28 Apr 2021 15:38:59 +0000 (15:38 +0000)]
Implement __flt_rounds() for RISC-V. RISC-V is "interesting" since it
implements a variation on the traditional "to nearest" rounding mode that
rounds away from zero when tied. The upcoming C2x includes support for that
and LLVM already implements this so provide an implementation that matches
our system compiler.
ok drahn@
drahn [Wed, 28 Apr 2021 15:28:54 +0000 (15:28 +0000)]
riscv64 libc setjmp functions,
Based on arm64 versions
this implementation is missing jmpxor security enhancement.
Good enough deraadt@
drahn [Wed, 28 Apr 2021 15:16:26 +0000 (15:16 +0000)]
riscv64 ld.so
derived from arm64
go ahead deraadt@
jsg [Wed, 28 Apr 2021 15:15:37 +0000 (15:15 +0000)]
build eeprom on riscv64
jsg [Wed, 28 Apr 2021 15:11:27 +0000 (15:11 +0000)]
descend into riscv64 dirs
ok deraadt@
jsg [Wed, 28 Apr 2021 14:45:08 +0000 (14:45 +0000)]
add a Makefile for riscv64 man8
jsg [Wed, 28 Apr 2021 14:29:50 +0000 (14:29 +0000)]
recognise riscv64 as a valid arch in mandoc
ok jmc@ deraadt@