krw [Thu, 3 Jun 2021 15:05:55 +0000 (15:05 +0000)]
Recognize the Apple APFS GPT partition types seen on Apple M1 boxen.
ok kettenis@
deraadt [Thu, 3 Jun 2021 13:38:18 +0000 (13:38 +0000)]
(man page also)
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
deraadt [Thu, 3 Jun 2021 13:19:45 +0000 (13:19 +0000)]
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
deraadt [Thu, 3 Jun 2021 13:14:03 +0000 (13:14 +0000)]
typo
otto [Thu, 3 Jun 2021 06:42:03 +0000 (06:42 +0000)]
For 4k sector disks, the minimum frag size is 4k. For a 2G fs
that delivers too few inodes to hold a src tree. So adjust the
density for partitions on a 4k disk if fragsize and density are not
passed on the command line. This is kind of a hack, since we do not
have a way to signal the desired # of inodes from the install script.
ok kettenis@ krw@
dlg [Thu, 3 Jun 2021 04:47:54 +0000 (04:47 +0000)]
ip6_input_if used the ip6_hdr pointer uninitted after i refactored it.
i did test this, but i guess i was lucky. very lucky.
Coverity CID
1505114
dlg [Thu, 3 Jun 2021 01:55:52 +0000 (01:55 +0000)]
remember if the ipv4 header checksum is ok.
if a bridge checks the ip header before the network stack, then we
can remember it was ok when the bridge checks it so the ip stack
doesnt have to.
ok claudio@ mvs@
krw [Wed, 2 Jun 2021 22:44:26 +0000 (22:44 +0000)]
Use the same logic in all copies of gpt_chk_mbr(), relaxing the
media length check to allow EFI GPT partitions to be smaller that
the entire disk.
Consistently use GPTSECTOR instead of randomly tossing in some
literal '1's.
ok kettenis@
sashan [Wed, 2 Jun 2021 21:49:31 +0000 (21:49 +0000)]
With parallel execution of pf_test() two packets may try to update the same
state in pfsync(4) queue. pfsync_q_ins() takes that race into account with one
exception: the KASSERT() at line 2352. That KASSERT() needs to be removed.
2346 void
2347 pfsync_q_ins(struct pf_state *st, int q)
2348 {
2349 struct pfsync_softc *sc = pfsyncif;
2350 size_t nlen, sc_len;
2351
2352 KASSERT(st->sync_state == PFSYNC_S_NONE);
2353
2354 #if defined(PFSYNC_DEBUG)
2355 if (sc->sc_len < PFSYNC_MINPKT)
2356 panic("pfsync pkt len is too low %zd", sc->sc_len);
2357 #endif
2358 do {
2359 mtx_enter(&sc->sc_mtx[q]);
2360
2361 /*
2362 * If two threads are competing to insert the same state, then
2363 * there must be just single winner.
2364 */
2365 if (st->sync_state != PFSYNC_S_NONE) {
2366 mtx_leave(&sc->sc_mtx[q]);
2367 break;
2368 }
OK bluhm@
kettenis [Wed, 2 Jun 2021 21:41:38 +0000 (21:41 +0000)]
Linux folks introduced "10gbase-r" since it is "more correct" and we're
starting to see firmware that uses this instead of the "10gbase-kr" that
was used before to describe the PHYs. So recognize both and treat that
the same.
ok deraadt@, patrick@
kettenis [Wed, 2 Jun 2021 19:38:14 +0000 (19:38 +0000)]
Avoid spinning on the kernel lock with interrupts disabled.
ok gkoehler@
patrick [Wed, 2 Jun 2021 19:16:11 +0000 (19:16 +0000)]
When processing a received packet, only sync the amount of bytes
mcx(4) told us has arrived. The DMA map's mapsize on RX packets
is the length of the allocated buffer. For mcx(4), this can be
more than around 9000 bytes, as each buffer will be at least as
big as the maximum supported MTU. There's no need to sync the
whole buffer, if it's only a small packet.
ok dlg@ jmatthew@
patrick [Wed, 2 Jun 2021 19:11:02 +0000 (19:11 +0000)]
Correctly calculate number of PRPL entries we have to sync by adding
brackets to manage operator precedence. Otherwise we'd attempt to sync
more than needed, which doesn't cause issues, but it's still wrong.
ok dlg@ jmatthew@
deraadt [Wed, 2 Jun 2021 18:44:16 +0000 (18:44 +0000)]
sync
schwarze [Wed, 2 Jun 2021 18:27:36 +0000 (18:27 +0000)]
In -W style mode, check .Xr links along the full manpath because
that is more useful for validating manuals of non-base software.
Nothing changes in -W all mode: by default for -T lint, we still
assume we want to check base system conventions, including usually
not wanting to link to non-base manual pages.
The use case, a partial idea how to handle it, and a preliminary
patch was originally presented by kn@, then refined by me.
Final patch tested and OK'ed by kn@.
schwarze [Wed, 2 Jun 2021 17:36:59 +0000 (17:36 +0000)]
test private use areas some more as they have proven fragile
schwarze [Wed, 2 Jun 2021 16:35:25 +0000 (16:35 +0000)]
Cleanup:
1. Move invalid two-byte sequences after valid ones
and make their descriptions easier to understand.
2. Replace the wrong and confusing expression "middle byte"
with the correct term "start byte".
3. Add test lines for U+EFFFF and U+F0000.
4. Replace the unhelpful word "strange" with more descriptive terms.
Arguably, nothing about this (or maybe everything?) is strange.
kettenis [Wed, 2 Jun 2021 16:12:18 +0000 (16:12 +0000)]
Add GPT support; stolen from i386_installboot.c.
ok krw@, deraadt@
kettenis [Wed, 2 Jun 2021 15:31:15 +0000 (15:31 +0000)]
Add support for booting from disks with 4k sectors. Inspired by the
code we already have for amd64, but changed to use EFI memory allocation
interfaces as some implementations seem to insist on page-aligned memory.
ok krw@
schwarze [Wed, 2 Jun 2021 15:07:42 +0000 (15:07 +0000)]
The wcwidth(3) of Plane 15 and Plane 16 Private Use Characters
was changed from 0 to 1. Adjust the test results accordingly.
Issue reported by bluhm@.
dv [Wed, 2 Jun 2021 14:40:46 +0000 (14:40 +0000)]
vmd(8): allow locking a randomly assigned lladdr
Provide a default value of a zero'd mac address so a user can still
specify the interface should be "locked" (only transmitting ethernet
packets with a matching source address). vmd will assign a random
address at vm launch.
As an example, this is now valid:
vm "name" {
interface {
locked lladdr
}
...
}
From Martin Vahlensieck
ok claudio@
visa [Wed, 2 Jun 2021 13:56:28 +0000 (13:56 +0000)]
Enable pool cache on knote pool
Use the pool cache to reduce the overhead of memory management in
function kqueue_register().
When EV_ADD is given, kqueue_register() pre-allocates a knote to avoid
potential sleeping in the middle of the critical section that spans
from knote lookup to insertion. However, the pre-allocation is useless
if the lookup finds a matching knote.
The cost of knote allocation will become significant with kqueue-based
poll(2) and select(2) because the frequency of allocation will increase.
Most of the cost appears to come from the locking inside the pool.
The pool cache amortizes it by using CPU-local caches of free knotes
as buffers.
OK dlg@ mpi@
mvs [Wed, 2 Jun 2021 11:31:10 +0000 (11:31 +0000)]
regen
mvs [Wed, 2 Jun 2021 11:30:23 +0000 (11:30 +0000)]
Unlock setrtable(2). Local copy of `ps_rtableid' used to make checks
consistent.
ok mpi@
martijn [Wed, 2 Jun 2021 08:41:16 +0000 (08:41 +0000)]
The getnext_indexoid tests now pass
martijn [Wed, 2 Jun 2021 08:40:09 +0000 (08:40 +0000)]
agentx_context_object_nfind had its ax_oid_cmp arguments swapped.
OK bluhm@
martijn [Wed, 2 Jun 2021 08:32:22 +0000 (08:32 +0000)]
Make the hints at the bottom row sticky by turning the knobs toggles.
Specifically this effects ^G, help and order.
While here also document the 'h' character.
Initial inspiration and diff from Anindya Mukherjee (anindya49 <at> hotmail
<dot> com)
OK bluhm@
dlg [Wed, 2 Jun 2021 07:46:22 +0000 (07:46 +0000)]
whitespace tweaks, no functional change.
semarie [Wed, 2 Jun 2021 07:32:34 +0000 (07:32 +0000)]
add regress test for RTLD_NODELETE support
semarie [Wed, 2 Jun 2021 07:29:03 +0000 (07:29 +0000)]
add RTLD_NODELETE support
if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.
ok kettenis@ on previous version
with help from and ok guenther@
diff partially inspired from a diff from brad@
dlg [Wed, 2 Jun 2021 01:37:10 +0000 (01:37 +0000)]
only read the if_bpf pointer once.
dlg [Wed, 2 Jun 2021 01:36:10 +0000 (01:36 +0000)]
tpmr_input is called in an smr crit section, so it doesnt need its own.
this simplifies the code a little bit.
dlg [Wed, 2 Jun 2021 01:30:30 +0000 (01:30 +0000)]
read the tpmr if_flags once in tpmr_input so link flags apply consistently.
this avoids IFF_LINK1 getting set by another cpu halfway through
tpmr_input. if LINK1 is not set when a packet enters a tpmr pair
it skips ip/pf checks, but if it is then set then only pf is run
against it. this way you either get the ip checks and pf when the
packet enters and leaves tpmr, or you dont get the ip and pf checks
at all.
dlg [Wed, 2 Jun 2021 00:44:18 +0000 (00:44 +0000)]
use ipv4_check and ipv6_check to well, check ip headers before running pf.
unlike bridge(4), these checks are only run when the packet is
entering the veb/tpmr topology. the assumption is that only valid
IP packets end up inside the topology so we don't have to check
them when they're leaving.
ok bluhm@ sashan@
dlg [Wed, 2 Jun 2021 00:40:51 +0000 (00:40 +0000)]
use ipv4_check and ipv6_check provided by the network stacks.
this removes the duplication of the check code, and lets the v6
code in particular pick up a lot more sanity checks around valid
addresses on the wire.
ok bluhm@ sashan@
cheloha [Wed, 2 Jun 2021 00:39:25 +0000 (00:39 +0000)]
kernel: introduce per-CPU panic(9) message buffers
Add a 512-byte buffer (ci_panicbuf) to each cpu_info struct on each
platform for use by panic(9). The first panic on a given CPU writes
its message to this buffer. Subsequent panics on a given CPU print
the panic message to the console but do not modify the buffer. This
aids debugging in two cases:
- If 2+ CPUs panic simultaneously there is no risk of garbled messages
in the panic buffer.
- If a CPU panics and then the operator causes a second panic while
using ddb(4), the operator can still recall the first failure on
a particular CPU.
Misc. changes to support this bigger change:
- Set panicstr atomically to identify the first CPU to reach panic().
- Tweak db_show_panic_cmd() to print all panic messages across all
CPUs. Prefix the first panic with an asterisk ('*').
- Prefer db_printf() to printf() during a panic if we have it.
Apparently it disturbs less global state.
- On amd64, tweak fault() to write the local panic buffer. This needs
more work.
Prompted by bluhm@ and deraadt@. Mostly written by deraadt@.
Discussed with bluhm@, deraadt@ and kettenis@.
Borne from a discussion on tech@ about making panic(9) more MP-safe:
https://marc.info/?l=openbsd-tech&m=
162086462316143&w=2
ok kettenis@, visa@, bluhm@, deraadt@
dlg [Wed, 2 Jun 2021 00:27:03 +0000 (00:27 +0000)]
don't init a pointer just to immediately set it again.
this is in ip6_input_if just before ipv6_check returns the pointer
we end up using.
pointed out by bluhm@
dlg [Wed, 2 Jun 2021 00:20:50 +0000 (00:20 +0000)]
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection
in bridge, veb, and tpmr.
ok bluhm@ sashan@
dtucker [Wed, 2 Jun 2021 00:17:45 +0000 (00:17 +0000)]
Merge back shell portability changes bringing it back in sync with
-portable.
dlg [Wed, 2 Jun 2021 00:09:57 +0000 (00:09 +0000)]
factor out the code that does basic sanity checks on ipv4 headers.
this will allow these checks to be reused by bridge (where they're
currently duplicated), veb, and tpmr.
ok bluhm@ sashan@
dtucker [Tue, 1 Jun 2021 23:56:20 +0000 (23:56 +0000)]
Use a default value for $OPENSSL, allowing it to be overridden.
Do the same in the PuTTY tests since it's needed there and not exported
by test-exec.sh.
krw [Tue, 1 Jun 2021 22:54:43 +0000 (22:54 +0000)]
Make spoofed disklabel boundstart and boundend default to the bounds
of the usable LBA range defined by the GPT header. And then shrink
them to the bounds of the first OpenBSD partition if one is found.
While here simplify the logic, eliminate some superfluous variables
and reduce use of magic numbers.
Improvement suggested by sobrado@ ok kettenis@
guenther [Tue, 1 Jun 2021 21:12:11 +0000 (21:12 +0000)]
Don't clear the cpu's bit in the old pmap's pm_cpus until we're off
the old one and set it in the new pmap's pm_cpus before loading
%cr3 with the new value. In particular, do neither if %cr3 isn't
changing.
This eliminates a window where, when switching between threads in
a single a process, the pmap wouldn't have this cpu's bit set even
though we didn't change %cr3. With more of uvm unlocked, it was
possible for another cpu to update the page tables but not see a
need to send an IPI to this cpu, leading to crashes when TLB entries
that should have been invalidated were used.
malloc_duel testing by abluhm@
ok abluhm@ kettenis@ mlarkin@
tobhe [Tue, 1 Jun 2021 20:57:12 +0000 (20:57 +0000)]
Remember flow routes in addition to host routes and delete
them explicitly on shutdown. Store netmask in route queue
to fix cleanup of 0/1 routes. Sending delete messages
without mask doesn't work reliably.
ok patrick@
tb [Tue, 1 Jun 2021 20:26:11 +0000 (20:26 +0000)]
Update RFC reference. RFC 4366 was obsoleted by RFC 6066.
tb [Tue, 1 Jun 2021 20:14:17 +0000 (20:14 +0000)]
Avoid sending a trailing dot in SNI as a client
While an FQDN includes a trailing dot for the zero-length label of
the root, SNI explicitly does not contain it. Contrary to other TLS
implementations, our tlsext_sni_is_valid_hostname() rejects a trailing
dot. The result is that LibreSSL TLS servers encountering an SNI with
trailing dot abort the connection with an illegal_parameter alert.
This fixes an issue reported by danj in nc(1) and by sthen in ftp(1).
DNS cluebat from florian.
ok jsing
tb [Tue, 1 Jun 2021 19:49:17 +0000 (19:49 +0000)]
Remove unnecessary cast in free.
ok jsing
stsp [Tue, 1 Jun 2021 18:03:56 +0000 (18:03 +0000)]
Revert iwm(4) firmware updates for now; robert@ reports stalled Tx on 9260
mvs [Tue, 1 Jun 2021 14:23:34 +0000 (14:23 +0000)]
Check `so_state' in rtm_senddesync() and return if SS_ISCONNECTED or
SS_CANTRCVMORE bits are set.
The first check required to prevent timeout_add(9) reschedule
`rop_timeout', otherwise timeout_del_barrier(9) can't help us.
The second check is for the case when shutdown(2) with SHUT_RD argument
occurred on this socket and we should not receive anything include
RTM_DESYNC packets.
ok claudio@
stsp [Tue, 1 Jun 2021 13:21:08 +0000 (13:21 +0000)]
Switch iwm(4) to new firmware images available in iwm-firmware-
20210512.
This updates firmware for 3165, 3168, 7265, 8260, 8265, 9260, 9560 devices.
Other devices did not receive firmware updates from Intel.
New firmware images should contain revelant fixes for fragattacks:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html
Running fw_update(1) may be required before rebooting into a new kernel.
sysupgrade(8) will take care of this.
When reporting issues (I am sure there will be new "fatal firmware errors"
for some people) please enable 'ifconfig iwm0 debug', reproduce the error
once more, and include the full dmesg in your bug report.
Important changes required for new firmware:
- Support new variants of several existing firmware commands just
because Intel loves adding new features and changing the commands.
- Implement the 'clear persistence bit' workaround for 9k devices to
avoid potential issues during suspend/resume.
- Recognize Mobile Country Code update notifications for the regulatory
domain, like iwx(4) does.
- Handle PHY context updates more like the Linux iwlwifi driver does.
Some devices need an add/remove dance if the band has changed.
- For 9560, configure SoC latency parameters after booting firmware.
- Handle critical temperature notifications by shutting the device down.
- Use only antenna B for single-antenna Tx on 9k devices (matches what
Linux and FreeBSD do; Likely only matters if Bluetooth is active, but
who knows, Git logs and comments are the only documentation we have).
Other small fixes:
- Fix various scan command parameters. Some fixes were taken from iwx(4).
- Don't send probe requests when scanning passive channels. Experimentation
has shown that this will make 9k devices crash after associating to an AP.
This same fix does not seem to work on iwx(4) devices, where active scan
is disabled for the same reason, and it is not yet clear why.
- Fix firmware reloading after parsing the firmware image has failed.
- Flushing Tx rings will fail if the AP disappears. Don't make any noise
about that in dmesg, instead gracefully reset the device and continue.
Tested:
7260: florian
3168: kevlo
7265: stsp, mlarkin
8260: bket
8265: stsp, benno
9560: stsp, steven
mvs [Tue, 1 Jun 2021 13:13:10 +0000 (13:13 +0000)]
Introduce the new test which enforces unp_gc() run and close
unreferenced descriptors.
ok bluhm@
stsp [Tue, 1 Jun 2021 12:33:54 +0000 (12:33 +0000)]
Fix iwx(4) firmware reloading after a failure to parse the firmware file.
Noticed by Peter N. M. Hansteen
This issue will also be fixed in iwm(4) soon, along with a firmware update.
dlg [Tue, 1 Jun 2021 09:57:11 +0000 (09:57 +0000)]
a couple of minor whitespace tweaks. no functional change.
am i a pf hacker now?
jsg [Tue, 1 Jun 2021 02:59:01 +0000 (02:59 +0000)]
amd64 U-Boot arch code should be ARCH_X86_64 not ARCH_IA64
jsg [Tue, 1 Jun 2021 02:13:15 +0000 (02:13 +0000)]
list aarch64 as a valid arch
from Leon Fischer
deraadt [Tue, 1 Jun 2021 01:43:59 +0000 (01:43 +0000)]
sync
mglocker [Mon, 31 May 2021 21:06:48 +0000 (21:06 +0000)]
Change the behavior of the UVIDEO_FLAG_REATTACH flag to attach an
unsupported device to uvideo(4), but not to video(1), instead of just
keeping it unmatched. Also uvideo(4) will print a message about the
device not being supported.
ok mpi@
millert [Mon, 31 May 2021 19:54:04 +0000 (19:54 +0000)]
auth_call(3) no longer uses secure_path(3)
This updates the manual to match the change made in 2019.
OK deraadt@
jcs [Mon, 31 May 2021 18:30:11 +0000 (18:30 +0000)]
add an -R flag to dump the raw report descriptor bytes for parsing
with other tools
man page help from jmc
ok anton
tb [Mon, 31 May 2021 17:39:24 +0000 (17:39 +0000)]
Revert previous. bluhm noted that it causes a regress failure.
tobhe [Mon, 31 May 2021 17:10:14 +0000 (17:10 +0000)]
Don't fail hard in ikev2_cp_fixaddr() if no address pool is found.
Fixes a bug where no flows are loaded when a single config address without
pool is configured.
ok patrick@
bluhm [Mon, 31 May 2021 16:56:27 +0000 (16:56 +0000)]
Since our unix receive queue got longer, the test run-t_sendrecv
did not terminate anymore on some machines. The test counts 100
send errors before it finishes. NetBSD has added sched_yield() in
the receiver loop to trigger the errors on the sender side. Although
not perfect, it works for me. Get current t_sendrecv.c from NetBSD.
tobhe [Mon, 31 May 2021 16:54:45 +0000 (16:54 +0000)]
Prevent address underflow with /32 config address prefix.
Only skip .0 address if the pool is big enough.
ok patrick@
jan [Mon, 31 May 2021 16:18:01 +0000 (16:18 +0000)]
Convert K&R function definitions to modern C.
OK naddy@, millert@
jsg [Mon, 31 May 2021 13:44:04 +0000 (13:44 +0000)]
call drmbackoff() on powerpc64 as well
ok kettenis@
visa [Mon, 31 May 2021 12:45:33 +0000 (12:45 +0000)]
Redefine ADJFREQ_MIN to avoid undefined behaviour (when not using -fwrapv)
Change the definition of ADJFREQ_MIN so that it does not shift
a negative value. Such shifting is undefined in standard C.
This came up when cross-compiling the kernel using ports clang.
The shifting becomes defined when compiling with option -fwrapv.
Base clang enables this option by default.
OK naddy@ cheloha@
stsp [Mon, 31 May 2021 08:43:07 +0000 (08:43 +0000)]
Avoid "mac clock not ready" panic in iwx(4).
The same change was just made in iwm(4):
The point of iwm_nic_assert_locked() is to verify that iwm_nic_lock() has
been called somewhere up in the call stack. Checking our own lock counter
is sufficient for this purpose.
If locking the device worked then these registers had the expected state at
that time and our lock counter was incremented. Apparently if the device runs
into some issue later the state of these registers may change and trigger
these panics. Instead we want to handle such failures gracefully and reset
the device.
problem reported by steven@
ok kettenis@
stsp [Mon, 31 May 2021 08:40:41 +0000 (08:40 +0000)]
Avoid "mac clock not ready" panic in iwm(4).
The point of iwm_nic_assert_locked() is to verify that iwm_nic_lock() has
been called somewhere up in the call stack. Checking our own lock counter
is sufficient for this purpose.
If locking the device worked then these registers had the expected state at
that time and our lock counter was incremented. Apparently if the device runs
into some issue later the state of these registers may change and trigger
these panics. Instead we want to handle such failures gracefully and reset
the device.
problem reported by steven@
ok kettenis@
djm [Mon, 31 May 2021 06:48:42 +0000 (06:48 +0000)]
Hash challenge supplied by client during FIDO key enrollment prior to
passing it to libfido2, which does expect a hash.
There is no effect for users who are simply generating FIDO keys using
ssh-keygen - by default we generate a random 256 bit challenge, but
people building attestation workflows around our tools should now have
a more consistent experience (esp. fewer failures when they fail to
guess the magic 32-byte challenge length requirement).
ok markus@
dlg [Mon, 31 May 2021 04:48:35 +0000 (04:48 +0000)]
make nvme_read8 and write8 less clever.
hopefully big endian still works.
dlg [Mon, 31 May 2021 04:13:42 +0000 (04:13 +0000)]
try to get rid of a weird comma on the alpns attach line.
"makes sense" jmatthew@
bluhm [Sun, 30 May 2021 21:01:27 +0000 (21:01 +0000)]
Declare all struct protosw as constant.
OK mvs@
jcs [Sun, 30 May 2021 19:54:52 +0000 (19:54 +0000)]
add hid_get_report_desc_data() to access the raw report descriptor
data without needing to export the report_desc struct definition.
suggested by and ok anton@
kettenis [Sun, 30 May 2021 19:02:30 +0000 (19:02 +0000)]
Fix overlap check in autoalloc code; ending_sector is the sector after the
OpenBSD area of the disk so it is fine if a "foreign" partition starts at
ending_sector.
ok krw@, otto@
kettenis [Sun, 30 May 2021 18:57:22 +0000 (18:57 +0000)]
Add initial support for installing on a disk with a GPT. Mostly taken from
amd64. This makes the installer recognize an OpenBSD partition such that
the installation will proceed if such a partition is found.
ok krw@, deraadt@
visa [Sun, 30 May 2021 15:08:08 +0000 (15:08 +0000)]
Include <sys/mutex.h> and <sys/queue.h> earlier in powerpc* pmap.h
to avoid hidden header dependencies.
OK jsg@ deraadt@
visa [Sun, 30 May 2021 15:06:53 +0000 (15:06 +0000)]
Include <sys/queue.h> to avoid a hidden header dependency.
OK jsg@ deraadt@
visa [Sun, 30 May 2021 15:05:32 +0000 (15:05 +0000)]
Include <sys/mutex.h> to avoid a hidden header dependency.
OK jsg@ deraadt@
deraadt [Sun, 30 May 2021 13:39:14 +0000 (13:39 +0000)]
sync
jmc [Sun, 30 May 2021 12:26:04 +0000 (12:26 +0000)]
sort SEE ALSO;
jsg [Sun, 30 May 2021 03:18:38 +0000 (03:18 +0000)]
recognise ALC294
jsg [Sun, 30 May 2021 02:54:36 +0000 (02:54 +0000)]
match on Intel 500 Series LP HDA
The ASUS ZenBook S UX393EA HDA device has a multimedia subclass of audio
instead of the expected subclass of HD audio, so add 500 Series LP HDA
to the list of devices.
Fix suggested by and ok brynet@
Reported and tested by Peter N. M. Hansteen
jsg [Sun, 30 May 2021 02:24:43 +0000 (02:24 +0000)]
decode multimedia class
deraadt [Sat, 29 May 2021 13:57:23 +0000 (13:57 +0000)]
sync
bluhm [Sat, 29 May 2021 10:35:56 +0000 (10:35 +0000)]
The cephes test vectors for tanh(3) in our libm fail on most
architectures. On i386 they pass as the 80387 FPU uses 10 byte
numbers internaly. But with standard 8 byte IEEE numbers, the monot
double precision test fails.
Relax the precision requirement for tanh(3), it is good enough.
OK martynas@
kettenis [Sat, 29 May 2021 08:50:07 +0000 (08:50 +0000)]
Enable aplns(4).
kettenis [Sat, 29 May 2021 08:37:53 +0000 (08:37 +0000)]
aplspmi(4) and aplpmu(4)
kettenis [Sat, 29 May 2021 08:10:11 +0000 (08:10 +0000)]
Remove support for the hibernate queue. Allocating this queue would
overwrite the registers pointing at the normal IO queue and break things.
ok dlg@, patrick@
kettenis [Sat, 29 May 2021 08:07:43 +0000 (08:07 +0000)]
Only allocate the "hibernate" queue when HIBERNATE support is being built.
This makes the NVMe storage on the Apple M1 machines actually work!
ok patrick@, dlg@
cheloha [Sat, 29 May 2021 01:32:49 +0000 (01:32 +0000)]
timeout.h: remove API documentation comment
Details about using the timeout API can be found in the timeout.9
manpage. We don't need this comment.
ok mvs@
tobhe [Fri, 28 May 2021 21:09:01 +0000 (21:09 +0000)]
Fix build and disable dhtest for sntrup761x25519. The test assumes a
symmetric KE and does not work with this method.
tb [Fri, 28 May 2021 18:45:09 +0000 (18:45 +0000)]
typo: baring -> barring
tobhe [Fri, 28 May 2021 18:01:39 +0000 (18:01 +0000)]
Add experimental post-quantum hybrid key exchange method
based on Streamlined NTRU Prime (coupled with X25519).
The sntrup761 implementation is imported from OpenSSH.
It is public domain code originally distributed as part
of the SUPERCOP cryptography benchmark suite
(https://bench.cr.yp.to/supercop.html).
The method is not part of the default proposal, but can
be enabled with 'ikesa group sntrup761x25519'.
ok markus@ patrick@
visa [Fri, 28 May 2021 16:33:36 +0000 (16:33 +0000)]
Remove CPU and node id fields that were used with SGI Origin.
visa [Fri, 28 May 2021 16:24:53 +0000 (16:24 +0000)]
Add f_modify and f_process callbacks to socket filterops.
This makes kqueue use the extended callback interface with socket event
filters. Now one level of nested kernel locking is avoided, and the
callbacks run without splhigh().
The filterops no longer check NOTE_SUBMIT, and use a fixed locking
pattern instead. The f_event routines are always called with solock(),
whereas f_modify and f_process are always called without the lock.
OK mpi@
visa [Fri, 28 May 2021 15:52:11 +0000 (15:52 +0000)]
Add cad(4), a driver for Cadence GEM.
This initial revision targets the Zynq-7000, where the GEM implements
single transmit and receive queues with 32-bit DMA addresses. The driver
uses receive checksum offload, but transmit checksum offload is disabled
because of a hardware quirk. Also, the hardware's receive path is prone
to getting stuck if input cannot be handled quickly enough. The driver
attempts to recover by restarting the receiver when no input has been
seen for a while.
OK kettenis@
tb [Fri, 28 May 2021 15:16:43 +0000 (15:16 +0000)]
Silence a clang warning on loss of precision
When converting a long or long long to a double, there may be loss
of precision and clang >= 10 warns about this unless there is a cast.
Add casts to silence this warning - the code is designed to handle
precisely this loss of precision, so this is harmless.
From CheriBSD via FreeBSD
ok millert
patrick [Fri, 28 May 2021 13:08:37 +0000 (13:08 +0000)]
Schedule timeout a little bit sooner. Doing this once every minute isn't
going to hurt, but might save you if you run the machine badly into swap.
Proposed by kettenis@
patrick [Fri, 28 May 2021 13:04:42 +0000 (13:04 +0000)]
Enable imxdog(4)
ok kettenis@
patrick [Fri, 28 May 2021 13:03:55 +0000 (13:03 +0000)]
Once i.MX's watchdog is enabled, it can never be disabled. Some 64-bit
i.MX machines with a recent U-Boot come up with the watchdog enabled, so
we have to regularly ping it to make sure the watchdog doesn't reset us.
The watchdog's timeout can be configured in 0.5s steps to a maximum of
128s. Set it to the maximum, and schedule a timeout which reloads the
counter every 120s.
This only needs to be done if the watchdog is enabled when we boot up.
Tested on Cubox-i (armv7) and MNT Reform (arm64)
ok kettenis@