deraadt [Sun, 15 May 2022 03:54:07 +0000 (03:54 +0000)]
gcc insists the decl for veb_ports_free also use inline
dlg [Sun, 15 May 2022 03:18:41 +0000 (03:18 +0000)]
avoid calling if_enqueue from an smr critical section.
claudio@ is right that as a rule of thumb it is a bad idea to call
arbitrary code from an smr crit section because the scope of what
is called is very hard to keep in your head. in this particular
case sashan@ points out that if_enqueue can call vport handlers,
which calls if_vinput, which will push a packet into the network
stack, which will call pf and try to take an rwlock. you can't sleep
in an smr crit section.
SMRs in this situation are protecting references to ports in the
list of span and actual ports attached to a veb. when we needed to
send a packet to an unknown unicast, broadcast, or multicast packet
the code would SMR_TAILQ_FOREACH over all the ports, duplicating
the mbuf and calling if_enqueue against the port. span port handling
is basically the same, but we unconditionally send to them.
this replaces the SMR_TAILQ with maps (arrays) of ports. the veb
port map data structure contains a struct refcnt and the number of
ports. the forwarding paths use an SMR crit section to get a reference
to the map, increase the refcnt, and then leaves the smr crit section
before iterating over the array of ports in the map. after the
iteration it releases the refcnt.
this does add a couple of atomic ops in the forwarding path, but
only in the uncommon case (most packets are (should be) to known
unicast addresses), and it's only one set of ops for all ports
instead of ops per port. the known unicast case follows this pattern
too.
reported by Barbaros Bilek on bugs@
fix tested by me and hrvoje popovski
ok claudio@ sashan@ bluhm@ (who also did a lot of the initial analysis)
jmatthew [Sun, 15 May 2022 01:28:27 +0000 (01:28 +0000)]
add StarTech USG5GA30 to the device list
from Brad
tb [Sat, 14 May 2022 17:58:11 +0000 (17:58 +0000)]
Add the two length tests. Can't currently run them because we need an
echo server.
kettenis [Sat, 14 May 2022 15:25:57 +0000 (15:25 +0000)]
uvm_km_valloc(9), uvm_km_valloc_try(9), uvm_km_valloc_wait(9) and
uvm_km_valloc_align(9) are no longer used. Remove these functions.
ok mpi@
cheloha [Sat, 14 May 2022 14:52:20 +0000 (14:52 +0000)]
librthread: validate timespec inputs with timespecisvalid(3)
ok millert@
tobhe [Sat, 14 May 2022 09:46:15 +0000 (09:46 +0000)]
When receiving a PADO offer, clear stored tags from previous PADO packets.
Keeping and combining tags from multiple previous packets could result in
a single accumulated reply overrunning mbuf size limits. Also make sure
the tag size fields are reset to 0 if allocation fails.
Add size check on mbuf cluster allocation and fail if more than MCLBYTES
are requested.
From NetBSD.
tested by naddy@
ok bluhm@
denis [Sat, 14 May 2022 07:22:10 +0000 (07:22 +0000)]
Document usage of tunneladdr
Input and OK dlg@ and jmc@
stsp [Sat, 14 May 2022 05:48:44 +0000 (05:48 +0000)]
Remove unused buf_dma member from struct iwx_rx_ring.
Spotted by waddlesplash from haiku-os.org
stsp [Sat, 14 May 2022 05:47:04 +0000 (05:47 +0000)]
Remove unused buf_dma member from struct iwm_rx_ring.
Spotted by waddlesplash from haiku-os.org
stsp [Sat, 14 May 2022 05:42:39 +0000 (05:42 +0000)]
Fix iwx_ampdu_rx_stop() for multiple Rx BA sessions.
Marking a TID in the bitmask needs |=, not the = operator, duh.
As a result our ba_task only stopped one session even though multiple
sessions were supposed to be stopped. Now driver and firmware had
become out of sync in their tracking of Rx BA session state, and
firmware crashed with sysassert 0x00004472 when the driver later
attempted to start an already active Rx BA session again.
Problem reported by Anton Kasimov.
Thanks to Johannes Berg from Intel who looked up the meaning
of sysassert code 0x00004472 for me.
guenther [Sat, 14 May 2022 05:06:32 +0000 (05:06 +0000)]
Use fseeko() instead of fseek() inside libc, as the latter just
calls the former with a loss of range. Mark fseek symbol as
deprecated to block accidental use in the future.
ok millert@ deraadt@
dv [Fri, 13 May 2022 18:19:32 +0000 (18:19 +0000)]
vmm: add additional fault type, fixing vm receive
After vmm(4)/vmd(8) "receive" a vm via vmctl(8), vmd on Intel hosts
was incorrectly identifying the fault type for nested page fault
exits and resetting the vm. This commit adds a new fault type to
signify the page fault was serviced in vmm and any exit to userland
does not require an assist.
ok mlarkin@
dv [Fri, 13 May 2022 16:46:34 +0000 (16:46 +0000)]
fix typos in comments
No functional change. Pointed out by Martin Vahlensieck.
tb [Fri, 13 May 2022 16:39:58 +0000 (16:39 +0000)]
Tweak regress in such a way that it would have caught the bug in
d2i_ASN1_OBJECT() fixed in a_object.c r1.48.
from jsing
tb [Fri, 13 May 2022 16:32:10 +0000 (16:32 +0000)]
Fix d2i_ASN1_OBJECT()
Due to a confusion of two CBS, the API would incorrectly advance the
*der_in pointer, resulting in a DER parse failure.
Issue reported by Aram Sargsyan
ok jsing
florian [Fri, 13 May 2022 15:48:29 +0000 (15:48 +0000)]
Update to nsd 4.5.0
OK sthen
espie [Fri, 13 May 2022 15:39:14 +0000 (15:39 +0000)]
Catch the termcap exception if there's a problem looking the terminal up.
It's just a progressmeter after all, there's no reason to error out instead
of simply devolving to "no progress meter".
(as noticed working with one of my students, Matthieu Fourre, whose
emulator or setup was somehow passing an "xterm-kitty" string)
anton [Fri, 13 May 2022 15:32:49 +0000 (15:32 +0000)]
Output the relevant time specs before the assertion, in the hopes of
figuring out why this occasionally fails.
claudio [Fri, 13 May 2022 15:32:00 +0000 (15:32 +0000)]
Use the process ps_mtx to protect the process sigacts structure.
With this cursig(), postsig() and trapsignal() become safe to be called
without KERNEL_LOCK. As a side-effect sleep with PCATCH no longer needs
the KERNEL_LOCK either. Since sending a signal can happen from interrupt
context raise the ps_mtx IPL to high.
Feedback from mpi@ and kettenis@
OK kettenis@
sthen [Fri, 13 May 2022 13:20:16 +0000 (13:20 +0000)]
If $KERNEL_DIR.tgz exists, reorder_kernel updates the destination for
logged stdout output, but forgot to handle stderr. Fix that so that
the error log includes stderr output in that case (otherwise the log
is usually empty). From Lauri Tirkkonen, plus comment adjusted. ok tb
stsp [Fri, 13 May 2022 08:48:40 +0000 (08:48 +0000)]
Show the iwx(4) firmware filename if 'ifconfig iwx0 debug' is active.
This should help with diagnosing device matching bugs. The matching
logic has become increasingly complex. Knowing which firmware file
was selected is useful information which cannot be inferred from the
PCI device ID alone anymore.
stsp [Fri, 13 May 2022 08:31:23 +0000 (08:31 +0000)]
add so-a0-hr-b0 to list for firmware files used by iwx(4)
djm [Fri, 13 May 2022 06:31:50 +0000 (06:31 +0000)]
arrange for scp, when in sftp mode, to not ftruncate(3) files early
previous behavious of unconditionally truncating the destination file
would cause "scp ~/foo localhost:" and "scp localhost:foo ~/" to
delete all the contents of their destination.
spotted by solene@ sthen@, also bz3431; ok dtucker@
tb [Fri, 13 May 2022 06:18:21 +0000 (06:18 +0000)]
Fix unused bits handling for ip addresses
If ASN1_STRING_FLAG_BITS_LEFT is set, only the lower three bits of the
flags represent the unused bits. Other flags have nothing to with
lengths, so stop interpreting them as such and throwing strange errors.
ok claudio
stsp [Fri, 13 May 2022 05:06:56 +0000 (05:06 +0000)]
Make iwx(4) load a0-hr-b0 firmware on AX211 devices which require it.
Firmware for these devices was added in iwx-firmware-20220110p0.
On Linux these devices may show up as "AX201", even though they belong
to the AX210 hardware family. Intel's driver can be confusing at times.
Tested by Guilherme M. Schroeder, who previously had a non-working device.
jsg [Fri, 13 May 2022 04:23:46 +0000 (04:23 +0000)]
reduce diff to linux
jsg [Fri, 13 May 2022 03:32:08 +0000 (03:32 +0000)]
drm/amdgpu: Ensure HDA function is suspended before ASIC reset
From Kai-Heng Feng
94ca25aed1234eaab273da94f548bf6f52ea2f7a in linux 5.15.y/5.15.39
887f75cfd0da44c19dda93b2ff9e70ca8792cdc1 in mainline linux
jsg [Fri, 13 May 2022 03:28:25 +0000 (03:28 +0000)]
drm/amdgpu: don't set s3 and s0ix at the same time
From Mario Limonciello
060102fbd92d2d514c4a4da71d555cf9b7d65faa in linux 5.15.y/5.15.39
eac4c54bf7f17fb4681b85e5fe383b74d6261a2b in mainline linux
jsg [Fri, 13 May 2022 03:24:22 +0000 (03:24 +0000)]
drm/amdgpu: explicitly check for s0ix when evicting resources
From Mario Limonciello
22b80bff17261427a5e152e537c3ec76fb356aec in linux 5.15.y/5.15.39
e53d9665ab003df0ece8f869fcd3c2bbbecf7190 in mainline linux
jsg [Fri, 13 May 2022 03:20:30 +0000 (03:20 +0000)]
drm/amdgpu: unify BO evicting method in amdgpu_ttm
From Nirmoy Das
90253ae21c6b55532abad261e3a7dfa809c3bae9 in linux 5.15.y/5.15.39
58144d283712c9e80e528e001af6ac5aeee71af2 in mainline linux
jsg [Fri, 13 May 2022 03:17:30 +0000 (03:17 +0000)]
drm/amdgpu: do not use passthrough mode in Xen dom0
From Marek Marczykowski-Gorecki
1a78d8fe6606aabcbdecef1745446f5a923a8e0a in linux 5.15.y/5.15.39
19965d8259fdabc6806da92adda49684f5bcbec5 in mainline linux
jsg [Fri, 13 May 2022 03:13:31 +0000 (03:13 +0000)]
drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT
From Harry Wentland
c10bab89a1bea395b2f6970529e38bef54ebf792 in linux 5.15.y/5.15.39
3dfe85fa87b2a26bdbd292b66653bba065cf9941 in mainline linux
jsg [Fri, 13 May 2022 03:05:05 +0000 (03:05 +0000)]
add xen.h for 5.15.39 drm
yasuoka [Fri, 13 May 2022 00:17:20 +0000 (00:17 +0000)]
Follow the recent change that the unit of `imgsize' argument of
create_imagefile() became MB. Also change the arguement's type from
long to uint64_t that is preferred.
ok dv
sthen [Thu, 12 May 2022 22:13:06 +0000 (22:13 +0000)]
add login.conf.d to mtree, from Raf Czlonka, ok deraadt
stsp [Thu, 12 May 2022 21:33:31 +0000 (21:33 +0000)]
Fix setting of HT/VHT bits in rate flags of the iwx(4) Tx command.
Firmware can panic if rate flags ask for HT frames in VHT mode.
Version -67 seems to be ignoring what we set here and works either way.
But -66 and below were unhappy on my AX210 device.
Found while investing a bug report by Guilherme M. Schroeder
Fix tested on AX210 and AX200.
sthen [Thu, 12 May 2022 20:45:01 +0000 (20:45 +0000)]
add /etc/login.conf.d/* to /etc/changelist, ok deraadt
jsing [Thu, 12 May 2022 20:06:46 +0000 (20:06 +0000)]
Call the ASN1_OP_D2I_PRE callback after ASN1_item_ex_new().
In asn1_item_ex_d2i_choice(), only call the ASN1_OP_D2I_PRE callback after
allocation has occurred via ASN1_item_ex_new(). This matches the sequence
handling code and the documentation.
Discussed with tb@
tb [Thu, 12 May 2022 20:00:06 +0000 (20:00 +0000)]
Small readability tweak suggested by jsing
tb [Thu, 12 May 2022 19:58:45 +0000 (19:58 +0000)]
Enable X509v3_asid_subset() tests now that they no longer segfault.
tb [Thu, 12 May 2022 19:56:43 +0000 (19:56 +0000)]
Rewrite and fix X509v3_asid_subset()
X509v3_asid_subset() assumes that both asnum and rdi are present while
they are both marked OPTIONAL in RFC 3779, 3.2.3. It will crash if
either one is missing. In RPKI land RDI is a MUST NOT use (e.g, RFC
6487, 4.8.11), so this API is currently useless (and seemingly unused).
Pick apart an ugly logical pipeline and implement this check in a
readable fashion.
ok jsing
jsing [Thu, 12 May 2022 19:55:58 +0000 (19:55 +0000)]
Rename asn1_enc_free() to asn1_enc_cleanup().
This function does not actually free an ASN1_ENCODING, which are embedded
in a struct.
Name suggested by tb@
jsing [Thu, 12 May 2022 19:52:31 +0000 (19:52 +0000)]
Rewrite asn1_item_ex_d2i_choice() using CBS.
Now that combine no longer exists, we can also free and reallocate.
ok tb@
jsing [Thu, 12 May 2022 19:33:19 +0000 (19:33 +0000)]
Rewrite asn1_enc_save() using CBS.
Rework and clean up other asn1_enc_* related functions while here.
ok tb@
jsing [Thu, 12 May 2022 19:24:38 +0000 (19:24 +0000)]
Use freezero() with ASN1_ENCODING.
While ASN1_ENCODING is currently only used with types that should only
contain public information, we assume that ASN.1 may contain sensitive
information, hence use freezero() here instead of free().
ok deraadt@ tb@
jsing [Thu, 12 May 2022 19:11:14 +0000 (19:11 +0000)]
Remove ASN1_AFLG_BROKEN.
This workaround was used by ASN1_BROKEN_SEQUENCE, which existed for
NETSCAPE_ENCRYPTED_PKEY. Remove the workaround since the only consumer
has already been removed.
ok tb@
espie [Thu, 12 May 2022 17:01:01 +0000 (17:01 +0000)]
yet another stupid shadowed variable, thx sthen@
claudio [Thu, 12 May 2022 16:29:58 +0000 (16:29 +0000)]
During coredumps only a single thread should be active, check this
by checking that it is a single threaded process or that ps_single is set.
OK mpi@
gkoehler [Thu, 12 May 2022 15:51:23 +0000 (15:51 +0000)]
Drop old powerpc flags from the build of clang
Drop NOPIE_FLAGS = -fPIE and change CFLAGS on powerpc to be the same
as on other arches.
ok deraadt@ kettenis@
espie [Thu, 12 May 2022 14:21:06 +0000 (14:21 +0000)]
explicitly write LRU in a comment so that it's easier to find ;)
krw [Thu, 12 May 2022 14:10:05 +0000 (14:10 +0000)]
And the man page change too.
mvs [Thu, 12 May 2022 13:33:09 +0000 (13:33 +0000)]
Convert `fd_cmask' and `fd_refcnt' types from u_short to 32 bit types.
`fd_cmask' and `fd_refcnt' are 16 bit variables which are protected by
different locks and could be not MP independent on all architectures.
`fd_cmask' modifications already protected by fd_lock' rwlock(9), but
actually we do all access to both variables with kernel lock held. So
convert them both before make `fd_cmask' access without kernel when
umask(2) will be unlocked.
Proposed by bluhm@.
ok deraadt@ bluhm@
visa [Thu, 12 May 2022 13:33:00 +0000 (13:33 +0000)]
kqueue: Fix race condition in knote_remove()
Always fetch the knlist array pointer at the start of every iteration
in knote_remove(). This prevents the use of a stale pointer after
another thread has simultaneously reallocated the kq_knlist array.
Reported and tested by and OK jsing@
mpi [Thu, 12 May 2022 12:49:31 +0000 (12:49 +0000)]
Consider BUFPAGES_DEFICIT in swap_shortage.
ok beck@
mpi [Thu, 12 May 2022 12:48:36 +0000 (12:48 +0000)]
Introduce uvm_pagedequeue() to reduce code duplication.
ok kettenis@
stsp [Thu, 12 May 2022 12:29:28 +0000 (12:29 +0000)]
Bump IWX_UCODE_SECT_MAX to allow all new AX210/AX211 fw images to be parsed
successfully. Else we get "iwx0: firmware parse error 22, section type 19"
while trying to load iwx-so-a0-gf-a0-67 and iwx-so-a0-gf4-a0-67.
stsp [Thu, 12 May 2022 11:37:57 +0000 (11:37 +0000)]
Add missing AX210/AX211 devices to the device ID matching table.
The driver will now actually match on all those new devices, as intended.
Reported by Guilherme M. Schroeder
krw [Thu, 12 May 2022 11:04:27 +0000 (11:04 +0000)]
Prevent '-u' when operating on GPT formatted disks, as the
equivalent 'update' editing command already is.
Avoids the destruction of the GPT when the preventative MBR
is overwritten with the default MBR.
ok deraadt@
tb [Thu, 12 May 2022 10:53:59 +0000 (10:53 +0000)]
Remove verify callback
It is no longer possible to build rpki-client with LibreSSL < 3.5 or with
OpenSSL built with OPENSSL_NO_RFC3779, so this compat code can be retired.
ok claudio job
tb [Thu, 12 May 2022 10:50:12 +0000 (10:50 +0000)]
nuke tabs
tb [Thu, 12 May 2022 10:49:22 +0000 (10:49 +0000)]
Align parsing of ipAddrBlock with autnomousSysNum
We now do one allocation per address family instead of one per prefix or
range.
ok claudio
tb [Thu, 12 May 2022 10:12:18 +0000 (10:12 +0000)]
Add a few more testcases for X509v3_asid_subset()
tb [Thu, 12 May 2022 08:53:33 +0000 (08:53 +0000)]
Tidy up IP handling
Populate struct ip in the leaf functions instead of handing it through
several layers and copying it along the way. Pass in the afi instead of
letting struct ip carry it.
ok claudio
claudio [Thu, 12 May 2022 07:45:27 +0000 (07:45 +0000)]
Refactor parsing of autonomousSysNum. Adjust code so that the allocation
needed for append_as() is done upfront.
OK tb@
espie [Thu, 12 May 2022 04:41:43 +0000 (04:41 +0000)]
ditch the ...
job [Wed, 11 May 2022 21:19:06 +0000 (21:19 +0000)]
Verify MFT and GBR objects only carry RFC 3779 extensions set to 'inherit'
OK claudio@ tb@
tb [Wed, 11 May 2022 18:48:35 +0000 (18:48 +0000)]
Zap stray space
millert [Wed, 11 May 2022 17:23:56 +0000 (17:23 +0000)]
Mark pw_error as __dead in prototype to match the function definition.
From Matthew Martin.
espie [Wed, 11 May 2022 17:17:35 +0000 (17:17 +0000)]
fix quirks timestamp display: it's done somewhat early, before we decide
whether we update or not, so we need to decorate the update_info with
the signer timestamp. It's the only place where an update_info actually
needs that stuff.
tb [Wed, 11 May 2022 16:13:05 +0000 (16:13 +0000)]
Cache X509v3 extensions as soon as we have a cert
X509 API functions such as X509_check_ca() or X509_get_extension_flags()
can't be used reliably unless we know that X509v3 extensions are cached.
Otherwise they try to cache the extensions themselves but can't report
possible errors sensibly. They carry on and may return nonsense.
An old trick is to call X509_check_purpose() with a purpose of -1 which
is a wrapper around the internal x509v3_cache_extensions() that allows
error checking. Do this when we have a new cert. This way the API
functions affected by this can be relied upon. Another nice side effect
of doing this is that with LibreSSL we then know that the RFC 3779
extensions are in canonical form.
ok beck claudio
job [Wed, 11 May 2022 14:42:01 +0000 (14:42 +0000)]
In filemode check whether ROA & RSC resources are properly contained
with and OK tb@ claudio@
espie [Wed, 11 May 2022 11:18:04 +0000 (11:18 +0000)]
tweak header
espie [Wed, 11 May 2022 09:55:41 +0000 (09:55 +0000)]
locate yields information in sorted order (of course)
so I can show a percentage of cached names already handled.
espie [Wed, 11 May 2022 09:47:23 +0000 (09:47 +0000)]
gc old stats code I no longer use
optimize archive reading slightly: read one less header
if we skip things, and we don't need to check wanted for
emptiness if it didn't change.
tb [Wed, 11 May 2022 09:40:00 +0000 (09:40 +0000)]
Fix doc comment of sbgp_asrange()
tb [Wed, 11 May 2022 09:07:04 +0000 (09:07 +0000)]
Move sbgp_addr() down to the other sbgp_addr_* functions.
ok claudio job
tb [Wed, 11 May 2022 08:59:00 +0000 (08:59 +0000)]
Deserialize ASIdentifiers in libcrypto
Let the RFC 3779 code in libcrypto do its job: deserialize the ASIdentifiers
extension using X509V3_EXT_d2i() and then simply walk the returned struct.
This replaces quite a bit of low level ASN.1 fiddling with much simpler
reaching into structs with names that have some meaning.
Additionally, RFC 6487, 4.8.10 forbids RDI entries, so throw an error
instead of ignoring them.
ok claudio
espie [Wed, 11 May 2022 07:51:47 +0000 (07:51 +0000)]
move a bit of code in a separate sub, fix indentation, add some comments
that explain some of the more complicated stuff going on now
kevlo [Wed, 11 May 2022 06:14:15 +0000 (06:14 +0000)]
Use hardware routine for PHY reset and always accept the PHY that's present.
The previously used software reset routine wasn't sufficient to reset the PHY
if the bootloader hadn't left the device in an initialized state.
From FreeBSD.
Bug reported and the fix tested by daniel@
sashan [Tue, 10 May 2022 23:12:25 +0000 (23:12 +0000)]
move memory allocations in pfr_add_tables() out of
NET_LOCK()/PF_LOCK() scope. bluhm@ helped a lot
to put this diff into shape.
OK bluhm@
solene [Tue, 10 May 2022 22:18:06 +0000 (22:18 +0000)]
make the CPU frequency scaling duration relative to the load
in the pre-change behavior, if the CPU frequency is raised, it will stay up
for 5 cycles minimum (with one cycle being run every 100ms).
With this change, the time to keep the frequency raised is incremented at
each cycle up to 5. This mean short load need triggering the frequency
increase will last less than the current minimum of 500ms.
this only affect the automatic mode when on battery, extending the battery
life for most interactive use scenarios and idling loads.
tested by many with good results
ok ketennis@
kettenis [Tue, 10 May 2022 20:23:57 +0000 (20:23 +0000)]
Prevent out-of-bounds array access with binaries that use unsupported
relocations.
ok guenther@
tb [Tue, 10 May 2022 19:44:29 +0000 (19:44 +0000)]
Add a BUGS section to describe the problem of potential lies and
indicating a workaround.
input/ok jsing
tb [Tue, 10 May 2022 19:42:52 +0000 (19:42 +0000)]
X509_check_ca() has 5 return values but still can't fail
The values 0, 1, 3, 4, 5 all have some meaning, none of which is failure.
If caching of X509v3 extensions fails, returning X509_V_ERR_UNSPECIFIED,
i.e., 1 is a bad idea since that means the cert is a CA with appropriate
basic constraints. Revert to OpenSSL behavior which is to ignore failure
to cache extensions at the risk of reporting lies.
Since no return value can indicate failure, we can't fix this in
X509_check_ca() itself. Application code will have to call (and check)
the magic X509_check_purpose(x, -1, -1) to ensure extensions are cached,
then X509_check_ca() can't lie.
ok jsing
tb [Tue, 10 May 2022 19:27:21 +0000 (19:27 +0000)]
If Ruby 3.1 isn't available, try to fall back to Ruby 3.0 so that
regress on bluhm's test machines have a chance to pass on slower
architectures while package builds catch up.
jsing [Tue, 10 May 2022 18:40:06 +0000 (18:40 +0000)]
Rewrite asn1_item_ex_d2i() using CBS.
This requires a few wrappers to call into some non-CBS functions, however
we can now remove the asn1_d2i_ex_primitive() wrapper as there are no
longer any non-CBS callers.
ok tb@
kettenis [Tue, 10 May 2022 18:04:50 +0000 (18:04 +0000)]
Convert KVA allocation to km_alloc(9).
ok mpi@
bluhm [Tue, 10 May 2022 16:56:16 +0000 (16:56 +0000)]
Our read/write lock implementation was not fair to writers. When
multiple IP forwarding threads were processing packets and holding
the shared net lock, the exclusive net lock was blocked permanently.
This could result in ping times well above 10 seconds.
Add the RWLOCK_WRWANT bit to the check mask of readers. Then they
cannot grab the lock if a writer is also waiting. This logic was
already present in revision 1.3, but got lost during refactoring.
When exiting the lock, there exists a race when the RWLOCK_WRWANT
bit gets deleted. Add a comment that was present until revision
1.8 to document it. The race itself is not easy to fix and had no
impact during testing.
OK sashan@
tb [Tue, 10 May 2022 16:43:53 +0000 (16:43 +0000)]
Fix a couple of typos in doc comments, bunch of KNF (whitespace) tweaks
tb [Tue, 10 May 2022 16:17:07 +0000 (16:17 +0000)]
Deserialize IPAddrBlocks in libcrypto
Let the RFC 3779 code in libcrypto do its job: deserialize the IPAddrBlocks
extension using X509V3_EXT_d2i() and then simply walk the returned struct.
This replaces quite a bit of low level ASN.1 fiddling with much simpler
reaching into structs with names that have some meaning.
ok claudio
tb [Tue, 10 May 2022 15:45:04 +0000 (15:45 +0000)]
Fix leaks due to incorrect early returns rather than proper cleanup.
ok claudio job
job [Tue, 10 May 2022 10:52:09 +0000 (10:52 +0000)]
Confirm the absense of the Basic Constraints extension in non-CA certs
with and OK tb@
bluhm [Tue, 10 May 2022 09:42:32 +0000 (09:42 +0000)]
The tests no-symlink and oldlib2 pass now. Do not expect failure.
stsp [Tue, 10 May 2022 09:11:44 +0000 (09:11 +0000)]
Fix reading of the MAC address on AX210 devices.
wrong MAC address issue spotted by jsg@ and kevlo@
ok kevlo@
stsp [Tue, 10 May 2022 08:20:36 +0000 (08:20 +0000)]
Make run(4) attach to RT5372 devices.
Patch by molotov31337 on tech@
stsp [Tue, 10 May 2022 08:20:07 +0000 (08:20 +0000)]
regen
stsp [Tue, 10 May 2022 08:19:51 +0000 (08:19 +0000)]
add USB device ID of RT5372 for run(4); patch by molotov31337 on tech@
tb [Tue, 10 May 2022 07:41:37 +0000 (07:41 +0000)]
Validate RSC filenames
Factor out POSIX portable filename check into a new valid_filename() and
rename the previous valid_filename() to valid_mft_filename(). Fixes and
supersedes imcomplete checks in the RSC code. Avoids truncation via
strndup() in case of embedded NULs.
input/ok claudio
job [Tue, 10 May 2022 07:28:43 +0000 (07:28 +0000)]
Improve control flow readability by removing 'else if' stanzas
OK tb@ claudio@