openbsd
10 months agoactually remove it, pointed out by jsg
deraadt [Wed, 13 Dec 2023 02:42:36 +0000 (02:42 +0000)]
actually remove it, pointed out by jsg

10 months agoanother syscall(2) removal chunk got lost
deraadt [Wed, 13 Dec 2023 02:31:15 +0000 (02:31 +0000)]
another syscall(2) removal chunk got lost

10 months agofiledescriptor -> file descriptor
jsg [Wed, 13 Dec 2023 00:37:42 +0000 (00:37 +0000)]
filedescriptor -> file descriptor

10 months agotwo syscall(2) removal chunks got lost
deraadt [Tue, 12 Dec 2023 23:43:35 +0000 (23:43 +0000)]
two syscall(2) removal chunks got lost

10 months agoMake -o less special, drop -o '' support, always use last value
kn [Tue, 12 Dec 2023 22:00:43 +0000 (22:00 +0000)]
Make -o less special, drop -o '' support, always use last value

ftp(1) says -o is about a single file/URL, but option handling takes the
empty string as "reset previous -o value", which makes little sense, is
undocumented and counter-intuitively works as if no -o was specified.

OK millert

10 months agoThe OID inside snmpTrapOID is of type NOTIFICATION-TYPE, which does not
martijn [Tue, 12 Dec 2023 20:18:39 +0000 (20:18 +0000)]
The OID inside snmpTrapOID is of type NOTIFICATION-TYPE, which does not
have a zero appended.

OK tb@

10 months agoDo a bitter cleanup after the config defined objects on shutdown.
martijn [Tue, 12 Dec 2023 20:15:49 +0000 (20:15 +0000)]
Do a bitter cleanup after the config defined objects on shutdown.

OK tb@

10 months agoput pinsyscalls(2) into the "always" group
deraadt [Tue, 12 Dec 2023 17:43:10 +0000 (17:43 +0000)]
put pinsyscalls(2) into the "always" group

10 months agorepair type for 2nd arg of read(2)
deraadt [Tue, 12 Dec 2023 17:39:14 +0000 (17:39 +0000)]
repair type for 2nd arg of read(2)

10 months agoio_read_buf() abused the ibuf internal rpos which is no longer allowed.
claudio [Tue, 12 Dec 2023 15:54:18 +0000 (15:54 +0000)]
io_read_buf() abused the ibuf internal rpos which is no longer allowed.
This is now just a simple wrapper around ibuf_get().
OK tb@

10 months agoibuf_getdata() abuses the rpos from the ibuf. This is no longer allowed
claudio [Tue, 12 Dec 2023 15:52:58 +0000 (15:52 +0000)]
ibuf_getdata() abuses the rpos from the ibuf. This is no longer allowed
and breaks because ibuf_seek() now uses rpos itself. Now this is just
ibuf_get_ibuf() with an extra allocation done.
OK tobhe@ tb@

10 months agoSync
claudio [Tue, 12 Dec 2023 15:50:39 +0000 (15:50 +0000)]
Sync

10 months agoMove ibuf API from imsg_init.3 to ibuf_add.3
claudio [Tue, 12 Dec 2023 15:49:21 +0000 (15:49 +0000)]
Move ibuf API from imsg_init.3 to ibuf_add.3

Document all new functions added and adjust examples in imsg_init.3
to follow the new way of handling messages.
OK tb@

10 months agoExtend imsg and ibuf API with useful getter methods
claudio [Tue, 12 Dec 2023 15:47:40 +0000 (15:47 +0000)]
Extend imsg and ibuf API with useful getter methods

For ibufs:
- various getters for ibufs (ibuf_get* and ibuf_skip)
- additional ibuf set/add functions that don't alter byte order
- ibuf_truncate and ibuf_rewind
- ibuf_from_buffer and ibuf_from_ibuf to populate a reader ibuf
- a getter for the msgbuf queuelen

For imsg:
- various getters for imsg (especially imsg_get_data() which can be used
  in most cases as a simple one call api with all error checks).
  All the imsg.hdr fields can also be accessed by getters.
- The imsg data is now actually an ibuf but the old imsg.data pointer is
  kept for now to not break every imsg application.
- Introduce imsg_forward to simply forward a message from one channel to
  an other (used in the control socket code).

Since this requires a major bump take the oportunity to also cleanup some
function signatures to use size_t for length fields. Also internal data
structures are removed from the public header.

With and OK tb@

10 months agoTo avoid kbind(2) becoming a powerful gadget, it is called inline to a
deraadt [Tue, 12 Dec 2023 15:44:00 +0000 (15:44 +0000)]
To avoid kbind(2) becoming a powerful gadget, it is called inline to a
function.  Therefore we cannot create a precise pinsyscall label.  Instead
create a duplicate entry (using inline asm) to force the kernel's pinsyscall
code to skip validation, rather than labelling it illegal.  kbind(2) remains
safe because it self-protects by checking its calling address.
ok kettenis

10 months agosync
deraadt [Tue, 12 Dec 2023 15:41:47 +0000 (15:41 +0000)]
sync

10 months agocrank libc major because syscall(2) was removed
deraadt [Tue, 12 Dec 2023 15:41:24 +0000 (15:41 +0000)]
crank libc major because syscall(2) was removed

10 months agosync
deraadt [Tue, 12 Dec 2023 15:38:15 +0000 (15:38 +0000)]
sync

10 months agosync
deraadt [Tue, 12 Dec 2023 15:32:58 +0000 (15:32 +0000)]
sync

10 months agoremove support for syscall(2) -- the "indirection system call" because
deraadt [Tue, 12 Dec 2023 15:30:55 +0000 (15:30 +0000)]
remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards.  This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go".  "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen

10 months agoslyle(9) fix. No functional changes.
mvs [Tue, 12 Dec 2023 12:38:52 +0000 (12:38 +0000)]
slyle(9) fix. No functional changes.

10 months agoThe sigtramp was calling sigreturn(2), and upon failure exit(2), which
deraadt [Tue, 12 Dec 2023 07:37:20 +0000 (07:37 +0000)]
The sigtramp was calling sigreturn(2), and upon failure exit(2), which
doesn't make sense anymore.  It is better to just issue an illegal
instruction.
ok kettenis, with some misgivings about inconsistant approaches between
architectures.
In the future we could change sigreturn(2) to never return an exit code,
but always just terminate the process.  We stopped this system call
from being callable ages ago with msyscall(2), and there is no stub for
it in libc.. maybe that's the next step to take?

10 months agosync
deraadt [Tue, 12 Dec 2023 01:45:27 +0000 (01:45 +0000)]
sync

10 months agoTurn `pflowstats' statistics counters into per-CPU counters to make them
mvs [Tue, 12 Dec 2023 00:03:31 +0000 (00:03 +0000)]
Turn `pflowstats' statistics counters into per-CPU counters to make them
mpsafe.

The weird interactions around `pflow_flows' and `sc_gcounter' replaced
by simple `pflow_flows' increment. Since the flow sequence is the 32
bits integer, the `sc_gcounter' type replaced by the type of uint32_t.

ok bluhm sashan

10 months agoMake sure the syscall table entries are aligned on a 4-byte boundary.
deraadt [Mon, 11 Dec 2023 22:29:23 +0000 (22:29 +0000)]
Make sure the syscall table entries are aligned on a 4-byte boundary.
Required for strict-alignment architectures and a good idea on others.
same as kettenis commit to libc

10 months agoMake sure the syscall table entries are aligned on a 4-byte boundary.
kettenis [Mon, 11 Dec 2023 22:24:15 +0000 (22:24 +0000)]
Make sure the syscall table entries are aligned on a 4-byte boundary.
Required for strict-alignment architectures and a good idea on others.

ok deraadt@

10 months agoImplement per-CPU caching for the page table page (vp) pool and the PTE
kettenis [Mon, 11 Dec 2023 22:12:52 +0000 (22:12 +0000)]
Implement per-CPU caching for the page table page (vp) pool and the PTE
descriptor (pted) pool in the arm64 pmap implementation.  This
significantly reduces the side-effects of lock contention on the kernel
map lock that is (incorrectly) translated into excessive page daemon
wakeups.  This is not a perfect solution but it does lead to significant
speedups on machines with many CPU cores.

This requires adding a new pmap_init_percpu() function that gets called
at the point where kernel is ready to set up the per-CPU pool caches.
Dummy implementations of this function are added for all non-arm64
architectures.  Some other architectures can probably benefit from
providing an actual implementation that sets up per-CPU caches for
pmap pools as well.

ok phessler@, claudio@, miod@, patrick@

10 months agoSynchronize datasize-cur limit for staff with the default class.
kettenis [Mon, 11 Dec 2023 19:52:40 +0000 (19:52 +0000)]
Synchronize datasize-cur limit for staff with the default class.

ok deraadt@, millert@, phessler@

10 months agoWarn when the same manifestNumber is recycled across multiple issuances of that manifest
job [Mon, 11 Dec 2023 19:05:20 +0000 (19:05 +0000)]
Warn when the same manifestNumber is recycled across multiple issuances of that manifest

OK tb@

10 months agoLog a warning when a manifest replay is detected
job [Mon, 11 Dec 2023 15:50:23 +0000 (15:50 +0000)]
Log a warning when a manifest replay is detected

OK tb@ claudio@

10 months agoampchwm:
jmc [Mon, 11 Dec 2023 15:21:14 +0000 (15:21 +0000)]
ampchwm:
- lowercase Nd
- add arch to Dt

acpi.4:
- add entry for ampchwm

ok claudio

10 months agoFix the shift of status bits 2:0 to 11:9 from <<8 to <<9.
krw [Mon, 11 Dec 2023 14:27:09 +0000 (14:27 +0000)]
Fix the shift of status bits 2:0 to 11:9 from <<8 to <<9.

Fix the mask of shifted 8 bit field from 0x7f to 0xff.

Allows proper decoding of status fields SCT and SC.

From mlelstv@netbsd via NetBSD.

ok miod@

10 months agoTurn `pflow_softc' list into SMR list.
mvs [Mon, 11 Dec 2023 14:25:09 +0000 (14:25 +0000)]
Turn `pflow_softc' list into SMR list.

Since the revision 1.1182 of net/pf.c netlock is not taken while
export_pflow() called from pf_purge_states(). Current locks order
requires netlock to be taken before PF_LOCK(), so there is no reason
to turn it back into this path only for optional export_pflow() call.

The `pflowif_list' foreach loop has no context switch within, so SMR
list is better than mutex(9).

Tested by Hrvoje Popovski.

ok sashan bluhm

10 months agoManpage for ampchwm(4) - Ampere Altra Fine-Grained Power Telemetry
claudio [Mon, 11 Dec 2023 11:17:34 +0000 (11:17 +0000)]
Manpage for ampchwm(4) - Ampere Altra Fine-Grained Power Telemetry

10 months agoAdd ampchwm(4) a driver to access the Ampere Altra Fine-Grained Power Telemetry
claudio [Mon, 11 Dec 2023 11:15:44 +0000 (11:15 +0000)]
Add ampchwm(4) a driver to access the Ampere Altra Fine-Grained Power Telemetry

This adds per core energy sensors (in Joules) and one per SoC temparature
sensor.
OK kettenis@ deraadt@

10 months agovio(4): simplify mbuf parsing with ether_extract_headers()
jan [Mon, 11 Dec 2023 09:40:42 +0000 (09:40 +0000)]
vio(4): simplify mbuf parsing with ether_extract_headers()

ok sf@

10 months agodrm/amd/display: Fix MPCC 1DLUT programming
jsg [Mon, 11 Dec 2023 05:29:02 +0000 (05:29 +0000)]
drm/amd/display: Fix MPCC 1DLUT programming

From Ilya Bakoulin
10ce6301009fa46ba264ed75b822115ec3ca6e67 in linux-6.1.y/6.1.66
6f395cebdd8927fbffdc3a55a14fcacf93634359 in mainline linux

10 months agodrm/amd/display: Fix the delta clamping for shaper LUT
jsg [Mon, 11 Dec 2023 05:27:19 +0000 (05:27 +0000)]
drm/amd/display: Fix the delta clamping for shaper LUT

From Harry Wentland
8332cb6c63394f32117a6f46a8cf7bedb8eec0b1 in linux-6.1.y/6.1.66
27fc10d1095f7a7de7c917638d7134033a190dd8 in mainline linux

10 months agodrm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut
jsg [Mon, 11 Dec 2023 05:25:29 +0000 (05:25 +0000)]
drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut

From Melissa Wen
442a4d4d01579d5d7066d0653898ffbb4091e3be in linux-6.1.y/6.1.66
94369589e4ec13c762fe10a1fdc4463bdfee5d5f in mainline linux

10 months agodrm/amd/display: Expand kernel doc for DC
jsg [Mon, 11 Dec 2023 05:23:45 +0000 (05:23 +0000)]
drm/amd/display: Expand kernel doc for DC

From Rodrigo Siqueira
6cd736272165d7a6a7d62fb0a40536ed3741ed02 in linux-6.1.y/6.1.66
1682bd1a6b5fb094e914d9b73b711821fd84dcbd in mainline linux

10 months agodrm/amd/pm: fix a memleak in aldebaran_tables_init
jsg [Mon, 11 Dec 2023 05:21:50 +0000 (05:21 +0000)]
drm/amd/pm: fix a memleak in aldebaran_tables_init

From Dinghao Liu
0e0a95166882e594af4ab4f8c6f7894c2c32f6a9 in linux-6.1.y/6.1.66
7a88f23e768491bae653b444a96091d2aaeb0818 in mainline linux

10 months agodrm/amd/display: Guard against invalid RPTR/WPTR being set
jsg [Mon, 11 Dec 2023 05:20:29 +0000 (05:20 +0000)]
drm/amd/display: Guard against invalid RPTR/WPTR being set

From Nicholas Kazlauskas
195514bda626b16fb6ef9ff4172dc0433a3c105b in linux-6.1.y/6.1.66
1ffa8602e39b89469dc703ebab7a7e44c33da0f7 in mainline linux

10 months agodrm/amd/display: Restore rptr/wptr for DMCUB as workaround
jsg [Mon, 11 Dec 2023 05:18:43 +0000 (05:18 +0000)]
drm/amd/display: Restore rptr/wptr for DMCUB as workaround

From JinZe Xu
395a63ca1ad2e0534176cac91f5715961e744529 in linux-6.1.y/6.1.66
8f3589bb6fcea397775398cba4fbcc46829a60ed in mainline linux

10 months agodma-buf: fix check in dma_resv_add_fence
jsg [Mon, 11 Dec 2023 05:15:39 +0000 (05:15 +0000)]
dma-buf: fix check in dma_resv_add_fence

From Christian Koenig
fc98ea2699c090e0377d16d733dca7a0b7508237 in linux-6.1.y/6.1.66
95ba893c9f4feb836ddce627efd0bb6af6667031 in mainline linux

10 months agodrm/amd/display: fix ABM disablement
jsg [Mon, 11 Dec 2023 05:12:54 +0000 (05:12 +0000)]
drm/amd/display: fix ABM disablement

From Hamza Mahfooz
7cfc3884a8bb3b77efd035885c758fb33587f1b3 in linux-6.1.y/6.1.66
b9f46f0b98784e40288ee393f863f553fde062fa in mainline linux

10 months agodrm/amd/display: Update min Z8 residency time to 2100 for DCN314
jsg [Mon, 11 Dec 2023 05:11:15 +0000 (05:11 +0000)]
drm/amd/display: Update min Z8 residency time to 2100 for DCN314

From Nicholas Kazlauskas
859a3a9f1e6b4055fd96695d11defca050ecf5cf in linux-6.1.y/6.1.66
4636a211980052ca0df90265c8a3ed2d46099091 in mainline linux

10 months agodrm/amd/display: Use DRAM speed from validation for dummy p-state
jsg [Mon, 11 Dec 2023 05:09:01 +0000 (05:09 +0000)]
drm/amd/display: Use DRAM speed from validation for dummy p-state

From Alvin Lee
6ef7f13c72df6bc95d39eb1614306768141377db in linux-6.1.y/6.1.66
9be601135ba8ac69880c01606c82140f2dde105e in mainline linux

10 months agodrm/amd/display: Remove min_dst_y_next_start check for Z8
jsg [Mon, 11 Dec 2023 05:07:03 +0000 (05:07 +0000)]
drm/amd/display: Remove min_dst_y_next_start check for Z8

From Nicholas Kazlauskas
a67c18704706e0a9ccac9b7002e678d325aea123 in linux-6.1.y/6.1.66
08448812acb2ab701cd5ff7e1a1dc97f7f10260c in mainline linux

10 months agodrm/amd/display: Include udelay when waiting for INBOX0 ACK
jsg [Mon, 11 Dec 2023 05:04:45 +0000 (05:04 +0000)]
drm/amd/display: Include udelay when waiting for INBOX0 ACK

From Alvin Lee
33ed892f0cdeb1350648cd3bfe8140aa9f792076 in linux-6.1.y/6.1.66
3c9ea68cb61bd7e5bd312c06a12adada74ff5805 in mainline linux

10 months agodrm/amdgpu: Force order between a read and write to the same address
jsg [Mon, 11 Dec 2023 05:02:38 +0000 (05:02 +0000)]
drm/amdgpu: Force order between a read and write to the same address

From Alex Sierra
c5cf436c8969516c92aaceb87582ff19bd187756 in linux-6.1.y/6.1.66
4b27a33c3b173bef1d19ba89e0b9b812b4fddd25 in mainline linux

10 months agodrm/amd: Enable PCIe PME from D3
jsg [Mon, 11 Dec 2023 05:00:24 +0000 (05:00 +0000)]
drm/amd: Enable PCIe PME from D3

From Mario Limonciello
c6088429630048661e480ed28590e69a48c102d6 in linux-6.1.y/6.1.66
6967741d26c87300a51b5e50d4acd104bc1a9759 in mainline linux

10 months agoadd dma_fence_is_later_or_same() for 6.1.66 drm
jsg [Mon, 11 Dec 2023 04:56:54 +0000 (04:56 +0000)]
add dma_fence_is_later_or_same() for 6.1.66 drm

10 months agoarm just had to be different and change the syntax for .pushsection
deraadt [Mon, 11 Dec 2023 03:05:15 +0000 (03:05 +0000)]
arm just had to be different and change the syntax for .pushsection
arguments, so we have to cope.

10 months agoOops, wrong argument to macro
deraadt [Mon, 11 Dec 2023 02:30:36 +0000 (02:30 +0000)]
Oops, wrong argument to macro

10 months agoReport system call pinning violations.
deraadt [Mon, 11 Dec 2023 00:40:31 +0000 (00:40 +0000)]
Report system call pinning violations.

10 months agoAdd an accounting flag for syscall pinning violations.
deraadt [Mon, 11 Dec 2023 00:39:43 +0000 (00:39 +0000)]
Add an accounting flag for syscall pinning violations.

10 months agosync
deraadt [Mon, 11 Dec 2023 00:35:06 +0000 (00:35 +0000)]
sync

10 months agodocument upcoming pinsyscalls(2) system call
deraadt [Mon, 11 Dec 2023 00:34:24 +0000 (00:34 +0000)]
document upcoming pinsyscalls(2) system call
ok kettenis, some tweaks from jmc

10 months agovmm(4): flush EPTs after enabling VMX mode.
dv [Sun, 10 Dec 2023 21:25:14 +0000 (21:25 +0000)]
vmm(4): flush EPTs after enabling VMX mode.

The Intel SDM states the vmxon/vmxoff instructions don't invalidate
any EPT states on the cpu and recommend invalidating the global
context. vmm(4) opportunistically disables and enables VMX mode as
vms are created or terminated, so this adds a recommended
housekeeping step per the SDM.

While here, tidy up the CR4 toggling by moving it to after the MSR
feature check.

ok mlarkin@

10 months agoevp_test: zap extra empty line
tb [Sun, 10 Dec 2023 19:20:06 +0000 (19:20 +0000)]
evp_test: zap extra empty line

10 months agoThe new cinematic to get sensor information as soon as possible sometimes
miod [Sun, 10 Dec 2023 19:03:37 +0000 (19:03 +0000)]
The new cinematic to get sensor information as soon as possible sometimes
runs too fast for the device and causes it to stutter its identification
string. Check if the second string chunk matches the first one, and ignore
it in this case, the correct data will come later.

10 months agosync
deraadt [Sun, 10 Dec 2023 16:59:51 +0000 (16:59 +0000)]
sync

10 months agopinsyscalls(2) 2nd argument can be "uint *" instead of "void *
deraadt [Sun, 10 Dec 2023 16:59:09 +0000 (16:59 +0000)]
pinsyscalls(2) 2nd argument can be "uint *" instead of "void *
ok kettenis

10 months agoAdd a new label "sigcodecall" inside every sigtramp definition, directly
deraadt [Sun, 10 Dec 2023 16:56:01 +0000 (16:56 +0000)]
Add a new label "sigcodecall" inside every sigtramp definition, directly
in front of the syscall instruction.  This is used to calculate the start
of the syscall for SYS_sigreturn and pinned system calls.
ok kettenis

10 months agoPopulate the non-LOAD openbsd.syscalls section (and PT_OPENBSD_SYSCALL)
deraadt [Sun, 10 Dec 2023 16:45:50 +0000 (16:45 +0000)]
Populate the non-LOAD openbsd.syscalls section (and PT_OPENBSD_SYSCALL)
with {uint offset, uint syscall#} entries in libc & ld.so.
In libc a few syscall# entries (break, sigprocmask, _tfork, _threxit)
are duplicated because additional or inline uses occur (that situation
is handled elsewhere)
ok kettenis

10 months agoSince errno isn't used here, use warnx() instead of warn()
job [Sun, 10 Dec 2023 14:18:23 +0000 (14:18 +0000)]
Since errno isn't used here, use warnx() instead of warn()

OK tb@

10 months agoSkip interfaces already claimed by other uaudio(4) instances.
ratchov [Sun, 10 Dec 2023 06:32:14 +0000 (06:32 +0000)]
Skip interfaces already claimed by other uaudio(4) instances.

Fixes support of devices that attach multiple uaudio(4) drivers.

Every uaudio(4) instance parses the full set of device descriptors
because there are multiple interfaces per driver instance. If there is
a second uaudio(4) instance (i.e. a second control & stream interfaces
combo), the latter must skip the interfaces already used by the first
one (if it didn't, multiple uaudio(4) would try to use the same
interface and neither would work).

Help from and ok armani@.

10 months agoAdd basic write support for 'pax' format archives
jca [Sat, 9 Dec 2023 23:00:11 +0000 (23:00 +0000)]
Add basic write support for 'pax' format archives

Keep writing archives in ustar format by default.  People can test the
posix 'pax' format using pax(1) -w -x pax ... or cpio -o -H pax ...;
tar(1) can't exercise this code yet.  Only long names file and link
names are supported for now.

With input and tests from caspar@, ok millert@

10 months agoFix wrong call to slot->ops->exit() causing server to abort.
ratchov [Sat, 9 Dec 2023 22:12:03 +0000 (22:12 +0000)]
Fix wrong call to slot->ops->exit() causing server to abort.

ok kn@

10 months agovio(4) add recv TCP/UDP checksum offloading
jan [Sat, 9 Dec 2023 10:36:05 +0000 (10:36 +0000)]
vio(4) add recv TCP/UDP checksum offloading

tested on Linux/KVM
tested on proxmox and vultr by florian

ok florian

10 months agoFollowing a failed fetch, use a previously cached and valid Manifest
job [Sat, 9 Dec 2023 00:44:18 +0000 (00:44 +0000)]
Following a failed fetch, use a previously cached and valid Manifest

RPKI Manifests enable Relying Parties (RPs) to detect replay attacks,
unauthorized in-flight modification, or deletion of signed objects. RPs
can accomplish these security functions by comparing (what is expected
to be) a monotonically increasing counter (the 'manifestNumber') - to
determine what the latest Manifest is; a list of filenames - in order to
establish whether the complete set of files was fetched; and a list of
SHA256 message digests to ascertain whether the content's of said files
are exactly the same as the CA intended them to be.

Over time, two schools of thought arose. One philosophy is that the
highest numbered cryptographically valid Manifest represents the express
intent of the CA, so if manifest-listed files are missing, someone
upstream messed up and gets to enjoy the broken pieces. After all, RFC
9286 section 5.2 puts the onus firmly on the repository operator to
publish in a consistent manner. Here, "consistent" means that newly
issued manifests - in the same RRDP delta - are bundled together with
all new or changed ROAs, and that remote RSYNC repositories are
atomically updated (for example, using symlink pivots).

To overcome various types of inconsistent, transient, or intermediate
states of the remote publication point - previous versions of rpki-client
did construct the full CARepository state using a mix of objects from both
its local validated cache and the RRDP/RSYNC staging directories
(which contain purported new versions of the objects).

However, another take on RFC 9286 section 6.6's "use cached versions of
the objects" is that 'the objects' not only refers to the listed
subordinate products (such as ROAs/Certificates/ASPAs), but also to
Manifests themselves. The philosophy being that lower numbered
cryptographically valid Manifests with a complete & untampered set of
files are to be preferred over a higher numbered cryptographically valid
Manifests accompanied by incomplete sets of files. Consequently -
potentially - producing more stable VRP outputs, at the expense of being
magnanimous towards sloppy CAs and repository operators.

Going forward, rpki-client logs errors when inconsistent publications
are encountered, but also proceeds to use older cryptographically valid
Manifests (from previous successful fetches) in order to construct
the tree.

With and OK tb@, and also thanks to Ties de Kock from RIPE NCC.

10 months agoAdd spaces around '='. style(9) fix, no functional changes.
mvs [Fri, 8 Dec 2023 23:15:44 +0000 (23:15 +0000)]
Add spaces around '='. style(9) fix, no functional changes.

10 months agoIntroduce `sc_mtx' mutex(9) to protect the most of pflow_softc
mvs [Fri, 8 Dec 2023 23:13:40 +0000 (23:13 +0000)]
Introduce `sc_mtx' mutex(9) to protect the most of pflow_softc
structure. Protect the `send_nam', `sc_flowsrc' and `sc_flowdst'
pflow_softc members by existing `sc_lock' rwlock(9).

This partially fixes locking inconsistency of pflow_softc. The following
work will be done with separate diffs.

Also, pass `sc' instead of NULL to pflow_get_mbuf() while calling from
pflow_sendout_ipfix_tmpl(). This fixes the NULL dereference.

ok bluhm@

10 months agoMake sure TIB_INIT correctly initializes tib_thread_flags; regression
miod [Fri, 8 Dec 2023 19:14:36 +0000 (19:14 +0000)]
Make sure TIB_INIT correctly initializes tib_thread_flags; regression
introduced in 1.3, causing sporadic pthread_main_np() erroneous results
(and possibly more subtle problems).

With and ok kurt@

10 months agoPT_OPENBSD_SYSCALLS is an extension that points to non-LOAD section
deraadt [Fri, 8 Dec 2023 13:58:41 +0000 (13:58 +0000)]
PT_OPENBSD_SYSCALLS is an extension that points to non-LOAD section
which contains {offset,syscall#} structures.
ok kettenis

10 months agolocally us MAXIMUM() rather than MAX()
deraadt [Fri, 8 Dec 2023 12:58:27 +0000 (12:58 +0000)]
locally us MAXIMUM() rather than MAX()
ok tb gnezdo

10 months agoprevent leak in sshsig_match_principals; ok djm@
markus [Fri, 8 Dec 2023 09:18:39 +0000 (09:18 +0000)]
prevent leak in sshsig_match_principals; ok djm@

10 months agoAdd regress coverage for OBJ_NAME_do_all*()
tb [Fri, 8 Dec 2023 08:30:04 +0000 (08:30 +0000)]
Add regress coverage for OBJ_NAME_do_all*()

While this may seem a bit out of place since is an objects API by name,
it really is about EVP. Plus, we want to leverage some things we already
needed for the EVP_*do_all() API (which currently wraps OBJ_NAME_do_all*
but that will change soon).

10 months agoNew TEMPerHUM sensor; reported by Mikolaj Kucharski on bugs@
miod [Fri, 8 Dec 2023 06:33:48 +0000 (06:33 +0000)]
New TEMPerHUM sensor; reported by Mikolaj Kucharski on bugs@

10 months agoRun bind(2) and connect(2) stress test also with IPv6.
bluhm [Thu, 7 Dec 2023 23:47:48 +0000 (23:47 +0000)]
Run bind(2) and connect(2) stress test also with IPv6.

10 months agoCollect .openbsd.syscalls sections into a new PT_OPENBSD_SYSCALLS segment.
kettenis [Thu, 7 Dec 2023 21:57:34 +0000 (21:57 +0000)]
Collect .openbsd.syscalls sections into a new PT_OPENBSD_SYSCALLS segment.
This will be used soon to pin system calls to designated call sites.

ok deraadt@

10 months agoInpcb table mutex protects addr and port during bind(2) and connect(2).
bluhm [Thu, 7 Dec 2023 16:08:30 +0000 (16:08 +0000)]
Inpcb table mutex protects addr and port during bind(2) and connect(2).

in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() have to set
addresses and ports within the same critical section as the inpcb
hash table calculation.  Also lookup and address selection have to
be protected to avoid bindings and connections that are not unique.

For that in_pcbpickport() and in_pcbbind_locked() expect that the
table mutex is already taken.  The functions in_pcblookup_lock(),
in_pcblookup_local_lock(), and in_pcbaddrisavail_lock() grab the
mutex iff the lock parameter is IN_PCBLOCK_GRAB.  Otherwise the
parameter is IN_PCBLOCK_HOLD has the lock has to be taken already.
Note that in_pcblookup_lock() and in_pcblookup_local() return an
inp with increased reference iff they take and release the lock.
Otherwise the caller protects the life time of the inp.

This gives enough flexibility that in_pcbbind() and in_pcbconnect()
can hold the table mutex when they need it.  The public inpcb API
does not change.

OK sashan@ mvs@

10 months agoadd services entries for Matter, a protocol for discovery and comms
sthen [Thu, 7 Dec 2023 14:53:31 +0000 (14:53 +0000)]
add services entries for Matter, a protocol for discovery and comms
with "smart home"/IoT devices, which runs over TCP or UDP over v6 over
various physical/network layers (Ethernet, Wifi, or low power lossy
radio-based networks like Thread). req by Jordan Williams  ok deraadt

https://csa-iot.org/wp-content/uploads/2022/11/22-27349-001_Matter-1.0-Core-Specification.pdf

10 months agosync
deraadt [Thu, 7 Dec 2023 14:00:15 +0000 (14:00 +0000)]
sync

10 months agoAdd a stub pinsyscalls() system call that simply returns 0 for now,
deraadt [Thu, 7 Dec 2023 13:59:04 +0000 (13:59 +0000)]
Add a stub pinsyscalls() system call that simply returns 0 for now,
before future work where ld.so(1) will need this new system call.
Putting this in the kernel ahead of time will save some grief.
ok kettenis

11 months agoavoid bad register access in eephy_reset for Marvell Alaska 88E1512
uwe [Thu, 7 Dec 2023 09:46:58 +0000 (09:46 +0000)]
avoid bad register access in eephy_reset for Marvell Alaska 88E1512

The register write before this change had no visible run-time effect
on 88E1512 under normal conditions but it tried to update a reserved
bit and might prevent the standard behaviour of breaking the link on
insufficient Inter-Packet Gaps.

Cross-checked with datasheets for supported variants. Extended special
control register 20 exists only in E1111 but not in E151x, E1545x, or
E3016. It seems that the register was dropped in E15xx and subsequent
designs.

Originally from stsp@

ok claudio@ stsp@

11 months agoAdd tests that create and delete cloned routes during connect(2).
bluhm [Wed, 6 Dec 2023 22:57:14 +0000 (22:57 +0000)]
Add tests that create and delete cloned routes during connect(2).

11 months agoshort circuit debug log processing early if we're not going to
djm [Wed, 6 Dec 2023 21:06:48 +0000 (21:06 +0000)]
short circuit debug log processing early if we're not going to
log anything. From Kobe Housen

11 months agoPeriodically reset constraint DNS info for constraints that failed
otto [Wed, 6 Dec 2023 15:51:53 +0000 (15:51 +0000)]
Periodically reset constraint DNS info for constraints that failed
to reply; ok florian@

11 months agoStress test bind(2) and connect(2) system calls in OpenBSD regress.
bluhm [Wed, 6 Dec 2023 14:41:52 +0000 (14:41 +0000)]
Stress test bind(2) and connect(2) system calls in OpenBSD regress.

11 months agoProtect socket receive buffer in IP multicast routing.
bluhm [Wed, 6 Dec 2023 09:27:17 +0000 (09:27 +0000)]
Protect socket receive buffer in IP multicast routing.

Since soreceive() runs in parallel for raw sockets, sbappendaddr()
has to be protected by inpcb mutex.  This was missing in multicast
forwarding which is running with a combination of shared net lock
and kernel lock.  soreceive() uses shared net lock and mutex per
inpcb.  Grab mutex before sbappendaddr() in socket_send() and
socket6_send().

panic receive 1 reported by Jo Geraerts
OK mvs@ claudio@

11 months agoMove CALLSYS_NOERROR macro from <machine/asm.h> to libc, and expand it for
miod [Wed, 6 Dec 2023 06:15:33 +0000 (06:15 +0000)]
Move CALLSYS_NOERROR macro from <machine/asm.h> to libc, and expand it for
non-libc users. This is a two-liner macro anyway, and this will make
deraadt@'s future changes in this area easier to make. NFC

11 months agoAdd more devices which may attach ukbd (and thus wskbd) but should never be
miod [Tue, 5 Dec 2023 20:49:31 +0000 (20:49 +0000)]
Add more devices which may attach ukbd (and thus wskbd) but should never be
considered as console keyboards.

11 months agoCast uvmexp.swpages to long before multiplying by 99 to avoid integer
claudio [Tue, 5 Dec 2023 15:50:45 +0000 (15:50 +0000)]
Cast uvmexp.swpages to long before multiplying by 99 to avoid integer
overflows on systems with big swap partitions.
OK kettenis@ miod@

11 months agotimeout_del() the timer while stopping an interface so that no timeout
kevlo [Tue, 5 Dec 2023 13:43:39 +0000 (13:43 +0000)]
timeout_del() the timer while stopping an interface so that no timeout
is fired afterwards.

ok claudio@

11 months agoreject headers that start with a space or tab
op [Tue, 5 Dec 2023 13:38:25 +0000 (13:38 +0000)]
reject headers that start with a space or tab

If the first header starts with a space but still contains a colon
character, it is added to the body mail effectively appending it to the
Received header due to the folding rules.

Issue reported by Crystal Kolipe

ok millert@, giovanni@

11 months agoRemove "disable auto-negotiation" workaround for Marvell Alaska PHYs
uwe [Tue, 5 Dec 2023 11:06:05 +0000 (11:06 +0000)]
Remove "disable auto-negotiation" workaround for Marvell Alaska PHYs

This avoids an intermediate link state (10baseT) before the interface
is configured via ifconfig(8), and is consistent with other MII
drivers and OSes.

The original reason for this workaround is mainly thought be related
to either reducing the time required for auto-negotiation to complete
or indeed incorrect advertisement of link capabilities.

Tested on Intel Elkhart Lake with dwqe(4) and 88E1512 PHY.
Originally from stsp@ with feedback from kettenis@.

ok kettenis@ claudio@

11 months agoboot_file was removed in arm64 machdep.c rev 1.55
jsg [Tue, 5 Dec 2023 05:27:26 +0000 (05:27 +0000)]
boot_file was removed in arm64 machdep.c rev 1.55

11 months agolast .Nm should not have a comma
jsg [Tue, 5 Dec 2023 02:41:13 +0000 (02:41 +0000)]
last .Nm should not have a comma

11 months agozap trailing whitespace
tb [Mon, 4 Dec 2023 22:52:41 +0000 (22:52 +0000)]
zap trailing whitespace