openbsd
6 years agoUse atomic instructions to keep track of what ASIDs are in use. This makes
kettenis [Wed, 15 Aug 2018 20:18:31 +0000 (20:18 +0000)]
Use atomic instructions to keep track of what ASIDs are in use.  This makes
pmap_free_asid() and therefore pmap_destroy() mpsafe which is important since
we might end up calling that function without holding the kernel lock
as a result of releasing a reference in pmap_page_protect(9).

ok visa@

6 years agoAdd /usr/include/c++ to hier.7.
fcambus [Wed, 15 Aug 2018 19:40:30 +0000 (19:40 +0000)]
Add /usr/include/c++ to hier.7.

OK jmc@

6 years agoRemove dead assignment in login(1).
fcambus [Wed, 15 Aug 2018 19:38:47 +0000 (19:38 +0000)]
Remove dead assignment in login(1).

Since rev 1.36, the instance variable is never read again so we can
simply drop the else clause with the assignment.

While there, also drop the useless increment, as pointed out by tom@.

OK deraadt@ (previous version), millert@, tom@

6 years agoUpdate AP selection heuristics for auto-join.
stsp [Wed, 15 Aug 2018 18:45:43 +0000 (18:45 +0000)]
Update AP selection heuristics for auto-join.

We now prefer stronger crypto over weaker crypto over none, prefer 5 GHz
band with reasonable RSSI, and use RSSI as a tie-breaker with a slight
advantage for 5GHz. Candidate APs are now ranked by a score which is
calculated based on these attributes.

There is likely room for improvements to make these heuristics
work well across many different environments, but it's a start.

ok phessler@

6 years agoSIOCGIFNETMASK_IN6 failing just means that someone delete the address
florian [Wed, 15 Aug 2018 16:48:20 +0000 (16:48 +0000)]
SIOCGIFNETMASK_IN6 failing just means that someone delete the address
we are currently looking at. No need to fatal.
Found the hard way by naddy

6 years agofix incomplete variable renaming in previous;
schwarze [Wed, 15 Aug 2018 15:36:11 +0000 (15:36 +0000)]
fix incomplete variable renaming in previous;
found by Thomas Klausner <wiz at NetBSD> via a compiler warning

6 years agoRestore ability to use hostnames to configure ip addresses.
florian [Wed, 15 Aug 2018 14:43:30 +0000 (14:43 +0000)]
Restore ability to use hostnames to configure ip addresses.
Unveil /etc/{resolv.conf,hosts,services} which keeps it in sync with
the kernel bypass for pledge("dns").
OK deraadt
pointed out by & OK stsp

6 years agoPartially revert previous, EM7455 is already handled by umb(4).
mpi [Wed, 15 Aug 2018 14:13:07 +0000 (14:13 +0000)]
Partially revert previous, EM7455 is already handled by umb(4).

Reported by Bryan Vyhmeister.

6 years agoGrab the KERNEL_LOCK() in MP-unsafe fo_close routines. This prevents
visa [Wed, 15 Aug 2018 13:19:06 +0000 (13:19 +0000)]
Grab the KERNEL_LOCK() in MP-unsafe fo_close routines. This prevents
a scenario where MP-unsafe code gets run without the kernel lock
as a consequence of an unlocked system call.

OK mpi@, kettenis@

6 years agoFix struct soplice usage
kn [Wed, 15 Aug 2018 12:10:49 +0000 (12:10 +0000)]
Fix struct soplice usage

sys/sys/socketvar.h r1.57 (2014) moved various struct socket fields into
a new struct sosplice field, this adapts usage accordingly.

OK bluhm

6 years agoIntroduce mue_eeprom_present to check if the EEPROM is present.
kevlo [Wed, 15 Aug 2018 07:13:51 +0000 (07:13 +0000)]
Introduce mue_eeprom_present to check if the EEPROM is present.
When the EEPROM is not populated, set the MAC config register
MUE_MAC_CR_AUTO_SPEED.  While there, encode the MAC address for the onboard
USB Ethernet for the Rasperry Pi, like smsc(4) does.

6 years agosync machine list with arm64.html
jsg [Wed, 15 Aug 2018 06:31:58 +0000 (06:31 +0000)]
sync machine list with arm64.html

6 years agoadd cpuid and msr bits from
jsg [Wed, 15 Aug 2018 02:07:35 +0000 (02:07 +0000)]
add cpuid and msr bits from
'Deep Dive: CPUID Enumeration and Architectural MSRs'
ok deraadt@

6 years agounveil(2) /etc/nologin.txt for reading
cheloha [Tue, 14 Aug 2018 18:13:11 +0000 (18:13 +0000)]
unveil(2) /etc/nologin.txt for reading

ok deraadt

6 years agoImprove consistency of the substitution command further.
schwarze [Tue, 14 Aug 2018 18:10:09 +0000 (18:10 +0000)]
Improve consistency of the substitution command further.

When the opening square bracket ('[') is abused as the delimiter, the regular
expression contains a bracket expression, and the bracket expression contains
another opening square bracket (sick! - i mean, sic!), then do not require
escaping that innermost bracket and treat a preceding backslash as a literal
backslash character, in accordance with POSIX:

   $ printf 'x[x\\x\n' | sed 's[\[[][R[g'
  xRx\x
   $ printf 'x[x\\x\n' | sed 's[\[\[][R[g'
  xRxRx

While here, also make the implementation more readable and insert
some comments.

Joint work with martijn@ (started during g2k18) and OK martijn@.

6 years agoAdd a comment that explains what the check is doing and why len >= 1.
tb [Tue, 14 Aug 2018 17:59:26 +0000 (17:59 +0000)]
Add a comment that explains what the check is doing and why len >= 1.

Prompted by a remark by jsing

6 years agoThe UI_add_{input,verify}_string() functions want a length not including
tb [Tue, 14 Aug 2018 17:51:36 +0000 (17:51 +0000)]
The UI_add_{input,verify}_string() functions want a length not including
the terminating NUL. EVP_read_pw_string_min() got this wrong, leading to
a one-byte buffer overrun in all callers of EVP_read_pw_string().

Found by mestre running 'openssl passwd' with MALLOC_OPTIONS including C.

Fix this by doing some basic sanity checking in EVP_read_pw_string_min().
Cap the len argument at BUFSIZ and ensure that min < len as well as
0 <= min and 1 <= len.  The last two checks are important as these
numbers may end up in reallocarray().

ok bcook (on previous version), jsing, mestre

6 years agospelling error
deraadt [Tue, 14 Aug 2018 16:43:02 +0000 (16:43 +0000)]
spelling error

6 years agoRemove now unused variable, that got left behind from a previous change.
jsing [Tue, 14 Aug 2018 16:31:02 +0000 (16:31 +0000)]
Remove now unused variable, that got left behind from a previous change.

6 years agoActually check the return values for EVP_Sign* and EVP_Verify*.
jsing [Tue, 14 Aug 2018 16:19:06 +0000 (16:19 +0000)]
Actually check the return values for EVP_Sign* and EVP_Verify*.

ok bcook@ beck@ tb@

6 years agoDon't fail by default in the -new case; ok tb jca
cheloha [Tue, 14 Aug 2018 15:25:04 +0000 (15:25 +0000)]
Don't fail by default in the -new case; ok tb jca

6 years agoAdd size to arguments struct too.
nicm [Tue, 14 Aug 2018 11:38:05 +0000 (11:38 +0000)]
Add size to arguments struct too.

6 years agoSome tidying, use a struct for arguments (there will be more later) and
nicm [Tue, 14 Aug 2018 11:31:34 +0000 (11:31 +0000)]
Some tidying, use a struct for arguments (there will be more later) and
add a helper function.

6 years agoDrop unnecessary pledge(2) promises on apm(8):
mestre [Tue, 14 Aug 2018 06:38:33 +0000 (06:38 +0000)]
Drop unnecessary pledge(2) promises on apm(8):

After we successfully connect to the unix socket created by apmd(8) all actions
occur over fds so we can drop only to pledge("stdio").

The code path in the case that the required action is GETSTATUS, and we couldn't
connect to the socket, then after open(2)/ioctl(2) the device /dev/apm directly
we can pledge("stdio") as well since from here on down we only need to
printf(3) messages.

OK deraadt@

6 years agoreturn ENOTTY rather than EINVAL to indicate an ioctl hasn't been handled
jmatthew [Tue, 14 Aug 2018 05:22:21 +0000 (05:22 +0000)]
return ENOTTY rather than EINVAL to indicate an ioctl hasn't been handled

ok dlg@ deraadt@ kettenis@

6 years agosupport tail arguments on the .ME and .UE macros,
schwarze [Tue, 14 Aug 2018 01:26:12 +0000 (01:26 +0000)]
support tail arguments on the .ME and .UE macros,
used for example in the ditroff(7) manual of the groff package

6 years agodocument new namei flags
deraadt [Mon, 13 Aug 2018 23:13:02 +0000 (23:13 +0000)]
document new namei flags

6 years agoInstead of using BYPASSUNVEIL at NDINIT time, use KERNELPATH to indicate
deraadt [Mon, 13 Aug 2018 23:12:39 +0000 (23:12 +0000)]
Instead of using BYPASSUNVEIL at NDINIT time, use KERNELPATH to indicate
we want to skip all userland-related checks.  Discussed with beck and
semarie, tested by stsp.

6 years agoMore clear version of previous namei/pledge/chroot solution. namei flag
deraadt [Mon, 13 Aug 2018 23:11:44 +0000 (23:11 +0000)]
More clear version of previous namei/pledge/chroot solution.  namei flag
KERNELPATH indicates this operation is being done on behalf of the kernel,
not a process, so ignore chroot of the current process context, start at /,
and skip unveil and pledge checks.  Discussed with beck and semarie

6 years agoin sys_statfs(), BYPASSUNVEIL can be passed to NDINIT in the "flags"
deraadt [Mon, 13 Aug 2018 20:36:35 +0000 (20:36 +0000)]
in sys_statfs(), BYPASSUNVEIL can be passed to NDINIT in the "flags"
argument, rather than manually |= afterwards.  Observed by semarie

6 years agoThe first panic in pledge_namei should only be for ni_pledge == 0
deraadt [Mon, 13 Aug 2018 20:31:38 +0000 (20:31 +0000)]
The first panic in pledge_namei should only be for ni_pledge == 0
(the other cause is implausible, and crashes with a nice *NULL)

6 years agoMake the owner of fcgi socket configurable.
florian [Mon, 13 Aug 2018 16:54:50 +0000 (16:54 +0000)]
Make the owner of fcgi socket configurable.

Andrew Daugherity (andrew.daugherity AT gmail) pointed out that this
is helpful for his port to linux. For example on openSUSE nginx and
Apache run as different users so a compile time default user won't cut
it.
Man page tweaks jmc@

While here, consistently log users at debug level; from Andrew.

6 years agobasic macro cleanup, break lines of excessive length, fix order of sections
schwarze [Mon, 13 Aug 2018 16:37:56 +0000 (16:37 +0000)]
basic macro cleanup, break lines of excessive length, fix order of sections

6 years agoSimplify the startup of the cleaner, reaper and update threads by
visa [Mon, 13 Aug 2018 15:26:17 +0000 (15:26 +0000)]
Simplify the startup of the cleaner, reaper and update threads by
passing the main function directly to kthread_create(9). The start_*
functions are mere stepping stones nowadays and can be pruned.
They used to contain more logic in the pre-kthread era.

While here, set `cleanerproc' and `syncerproc' during the thread
creation rather than expect the threads to set the proc pointer.
Also, rename `sched_sync' to `syncer_thread' to reduce confusion
with the scheduler-related functions.

OK kettenis@, deraadt@, mpi@

6 years agoAdd more content. Tweaks from ingo. This man page is not yet hooked up to the
rob [Mon, 13 Aug 2018 15:22:39 +0000 (15:22 +0000)]
Add more content. Tweaks from ingo. This man page is not yet hooked up to the
build and is still a work in progress. Tweaks and comments welcome.

6 years agoAdd support for band-steering access points to net80211.
stsp [Mon, 13 Aug 2018 15:19:52 +0000 (15:19 +0000)]
Add support for band-steering access points to net80211.

Some access points have a feature called "band steering" where they
will try to push clients from 2 GHz channels to 5 GHz channels.
If a client sends probe-requests on both 2 GHz and 5GHz channels, and
then attempts to authenticate on a 2 GHz channel, such APs will deny
authentication and hope that the client will come back on a 5 GHz channel.

So if we fail to AUTH for any reason, and if there is a different
AP with the same ESSID that we haven't tried yet, try that AP next.
Keep trying until no APs are left, and only then continue scanning.

APs with support for this feature were provided by Mischa Peters.

ok phessler@ mpi@

6 years agoSupport CPU frequency scaling on NXP i.MX8M.
patrick [Mon, 13 Aug 2018 15:15:02 +0000 (15:15 +0000)]
Support CPU frequency scaling on NXP i.MX8M.

ok kettenis@

6 years agoSupport GPIO-based voltage regulators.
patrick [Mon, 13 Aug 2018 15:14:27 +0000 (15:14 +0000)]
Support GPIO-based voltage regulators.

ok kettenis@

6 years agoPrevent iwm(4) from writing back the former BSS channel
stsp [Mon, 13 Aug 2018 15:05:31 +0000 (15:05 +0000)]
Prevent iwm(4) from writing back the former BSS channel
if the current BSS has been changed by ieee80211_input().
Needed for upcoming band-steering support in net80211.
ok phessler@ mpi@

6 years agoPrint global IPsec counters.
mpi [Mon, 13 Aug 2018 14:36:54 +0000 (14:36 +0000)]
Print global IPsec counters.

ok markus@

6 years agoMake it possible to run pipe(2) and pipe2(2) mostly w/o KERNEL_LOCK():
mpi [Mon, 13 Aug 2018 14:35:29 +0000 (14:35 +0000)]
Make it possible to run pipe(2) and pipe2(2) mostly w/o KERNEL_LOCK():

- Update counters atomatically
- Use IPL_MPFLOOR for pipe's pool.
- Grab the KERNEL_LOCK() before calling km_alloc(9) & km_free(9)

Inputs from kettenis@, ok visa@

6 years agoAttach to Sierra Wireless MC7304/MC7354 & EM7455, from Denis Lapshin.
mpi [Mon, 13 Aug 2018 14:32:46 +0000 (14:32 +0000)]
Attach to Sierra Wireless MC7304/MC7354 & EM7455, from Denis Lapshin.

6 years agoregen
mpi [Mon, 13 Aug 2018 14:25:24 +0000 (14:25 +0000)]
regen

6 years agoSierra Wireless MC7304/MC7354, from Denis Lapshin.
mpi [Mon, 13 Aug 2018 14:24:49 +0000 (14:24 +0000)]
Sierra Wireless MC7304/MC7354, from Denis Lapshin.

6 years agoThe iterator i is not the option code, but simply the index for the
patrick [Mon, 13 Aug 2018 14:10:26 +0000 (14:10 +0000)]
The iterator i is not the option code, but simply the index for the
array that stores the option codes.  Fixes the issue where it named
an incorrect option on error.

Found by Florian Kaiser
ok krw@

6 years agoAdd a test covering the recently fixed issue with dangling knote references upon
anton [Mon, 13 Aug 2018 06:36:29 +0000 (06:36 +0000)]
Add a test covering the recently fixed issue with dangling knote references upon
closing a kqueue file descriptor.

6 years agoconsistent macros;
jmc [Mon, 13 Aug 2018 05:54:13 +0000 (05:54 +0000)]
consistent macros;

6 years agorevert compat.[ch] section of the following change. It causes
djm [Mon, 13 Aug 2018 02:41:05 +0000 (02:41 +0000)]
revert compat.[ch] section of the following change. It causes
double-free under some circumstances.

--

date: 2018/07/31 03:07:24;  author: djm;  state: Exp;  lines: +33 -18;  commitid: f7g4UI8eeOXReTPh;
fix some memory leaks spotted by Coverity via Jakub Jelen in bz#2366
feedback and ok dtucker@

6 years agoAdd administrative options to LACP trunk implementation.
ccardenas [Sun, 12 Aug 2018 23:50:31 +0000 (23:50 +0000)]
Add administrative options to LACP trunk implementation.

The trunk driver now has a new ioctl (SIOCxTRUNKOPTS), which for now only
has options for LACP:
* Mode - Active or Passive (default Active)
* Timeout - Fast or Slow (default Slow)
* System Priority - 1(high) to 65535(low) (default 32768/0x8000)
* Port Priority - 1(high) to 65535(low) (default 32768/0x8000)
* IFQ Priority - 0 to NUM_QUEUES (default 6)

At the moment, ifconfig only has options for lacpmode and lacptimeout
plumbed as those are the immediate need.

The approach taken for the options was to make them on a "trunk" vs a
"port" as what's typically seen on various NOSes (JunOS, NXOS, etc...)
as it's uncommon for a host to have one link "Passive" and the other
"Active" in a given trunk.

Just like on a NOS, when applying lacpmode or lacptimeout, the settings
are immediately applied to all existing ports in the trunk and to all
future ports brought into the trunk.

Tested by many on a plethora of NIC drivers and switches.

Ok remi@

6 years agoChange ber_write_elements() to return ssize_t instead of int.
rob [Sun, 12 Aug 2018 22:04:09 +0000 (22:04 +0000)]
Change ber_write_elements() to return ssize_t instead of int.

ok claudio@

6 years agobetter diagnosics on alg list assembly errors; ok deraadt@ markus@
djm [Sun, 12 Aug 2018 20:19:13 +0000 (20:19 +0000)]
better diagnosics on alg list assembly errors; ok deraadt@ markus@

6 years agoDrop reference to dmabuf "file" as fnew() returns one that has two
kettenis [Sun, 12 Aug 2018 19:05:37 +0000 (19:05 +0000)]
Drop reference to dmabuf "file" as fnew() returns one that has two
references.

ok visa@, deraadt@

6 years agoMake ifconfig's -joinlist command work as advertised.
stsp [Sun, 12 Aug 2018 18:33:55 +0000 (18:33 +0000)]
Make ifconfig's -joinlist command work as advertised.
ok deraadt phessler

6 years agoReally overwrite the major of com(4) instead of the hardcoded 12.
kettenis [Sun, 12 Aug 2018 18:32:18 +0000 (18:32 +0000)]
Really overwrite the major of com(4) instead of the hardcoded 12.
Should have been part of the earlier commit that unified armv7 and arm64.

6 years agoAdd retguard macros for arm64 asm and apply them in the straightforward
mortimer [Sun, 12 Aug 2018 17:15:10 +0000 (17:15 +0000)]
Add retguard macros for arm64 asm and apply them in the straightforward
cases in kernel and libc.
ok deraadt@

6 years agoAdd retguard for arm64.
mortimer [Sun, 12 Aug 2018 17:07:00 +0000 (17:07 +0000)]
Add retguard for arm64.
ok deraadt@

6 years agoRefactor retguard to make adding additional arches easier.
mortimer [Sun, 12 Aug 2018 16:59:31 +0000 (16:59 +0000)]
Refactor retguard to make adding additional arches easier.

6 years agoadd missing markup;
jmc [Sun, 12 Aug 2018 12:40:25 +0000 (12:40 +0000)]
add missing markup;

6 years agoHeydar Aliyev, Baku, Azerbaijan is GYD, not BAK
deraadt [Sun, 12 Aug 2018 02:55:45 +0000 (02:55 +0000)]
Heydar Aliyev, Baku, Azerbaijan is GYD, not BAK

6 years agosync
deraadt [Sat, 11 Aug 2018 23:18:39 +0000 (23:18 +0000)]
sync

6 years agoMake legacy interrupts work in more cases.
kettenis [Sat, 11 Aug 2018 22:47:27 +0000 (22:47 +0000)]
Make legacy interrupts work in more cases.

6 years agoUse IORT table to map requester ID into MSI sideband data.
kettenis [Sat, 11 Aug 2018 20:46:48 +0000 (20:46 +0000)]
Use IORT table to map requester ID into MSI sideband data.

6 years agoNuke stray/pointless 'volatile' for local var.
krw [Sat, 11 Aug 2018 18:37:21 +0000 (18:37 +0000)]
Nuke stray/pointless 'volatile' for local var.

6 years agoGet rid of PLEDGE_STAT, which was a hack used for unveil.
beck [Sat, 11 Aug 2018 16:16:07 +0000 (16:16 +0000)]
Get rid of PLEDGE_STAT, which was a hack used for unveil.
We use UNVEIL_INSPECT instead in the unveil flags for the same
purpose, and now add traversed vnodes of a path with UNVEIL_INSPECT
instead of with 0 flags and voodoo in unveil_flagmatch. This
allows us to uncontort the logic of unveil_flagmatch a bunch.
helpful review and ok from semarie@

6 years agoRefactor the nearly identical benchmark loops into a single loop.
cheloha [Sat, 11 Aug 2018 16:07:36 +0000 (16:07 +0000)]
Refactor the nearly identical benchmark loops into a single loop.

Move all of the benchmark code -- loop initialization, the loops, and
the report printing -- into a new function, benchmark().  Eliminates
lots of duplicate code.

Regressions to 1.20 caught by tb@ and inoguchi@.  Tweaked by tb@.

ok tb@, jsing@

6 years agoMatch "ARMH0011".
kettenis [Sat, 11 Aug 2018 16:04:49 +0000 (16:04 +0000)]
Match "ARMH0011".

6 years agoMake GICv3 redistributor support actually work and add ITS support.
kettenis [Sat, 11 Aug 2018 16:02:33 +0000 (16:02 +0000)]
Make GICv3 redistributor support actually work and add ITS support.

6 years agodon't need 61 keys anymore
deraadt [Sat, 11 Aug 2018 15:43:44 +0000 (15:43 +0000)]
don't need 61 keys anymore

6 years agoBump MAXCPUS from 8 to 24.
kettenis [Sat, 11 Aug 2018 14:00:33 +0000 (14:00 +0000)]
Bump MAXCPUS from 8 to 24.

ok jsg@

6 years agoFix a couple of bugs in the ITS support code:
kettenis [Sat, 11 Aug 2018 11:16:43 +0000 (11:16 +0000)]
Fix a couple of bugs in the ITS support code:

- Don't dereference sc_prop if we're not handling an LPI.  Fixes a crash
  on qemu when emulating a GICv3 without ITS (and therefore no LPIs(.

- Use the true IPL when calculating the priority of an LPI.  The old
  code used a variable that still had the IPL_MPSAFE flag in it.

- Write to the right GITS_BASERn instead of ialways writing to GITS_BASER0.

- Flush the cache after initializing/modifying the in-memory tables.  The
  GICv3 on the SynQuacer isn't fully coherent and only supports the
  "non-shareable" attribute for its in-memory tables.  So we have to flush
  the cache to the point of coherency to guarentee that the GIC sees our
  changes to those tables.  Throw in a full memory barrier for good measure.

Also add support for the SynQuacer pre-ITS.

ok jsg@, patrick@

6 years agoactually s/unveil/pledge on err(3), I missed it on previous commit.
mestre [Sat, 11 Aug 2018 11:04:26 +0000 (11:04 +0000)]
actually s/unveil/pledge on err(3), I missed it on previous commit.

6 years agothe only fs access kdump(1) needs is to the tracefile which by default is
mestre [Sat, 11 Aug 2018 11:01:37 +0000 (11:01 +0000)]
the only fs access kdump(1) needs is to the tracefile which by default is
ktrace.out unless argument -f is used. We can just unveil(2) that file with read
permissions before the pledge(2) call.

OK deraadt@

6 years agolook(1) will access /usr/share/dict/words to look for the string we want, or it
mestre [Sat, 11 Aug 2018 11:00:34 +0000 (11:00 +0000)]
look(1) will access /usr/share/dict/words to look for the string we want, or it
may access another file instead if we mention it via argument. In order to know
which file to unveil(2) we need to push down pledge(2) a little bit after
getopt(3) and now that we know the name of the file we can unveil(2) it only
with read permissions.

OK deraadt@

6 years agoJust like in mesg(1) in biff(1) we just need to push down pledge(2) a little
mestre [Sat, 11 Aug 2018 10:59:34 +0000 (10:59 +0000)]
Just like in mesg(1) in biff(1) we just need to push down pledge(2) a little
bit to get the tty name. After this we can unveil(2) the tty with rw access in
order to stat(2)/chmod(2) it, once this is done we can put back the same
pledge(2) just right afterwards.

OK deraadt@

6 years agoAdd comment explaining why we read basic MCS set only from beacon/probereq.
stsp [Sat, 11 Aug 2018 10:58:39 +0000 (10:58 +0000)]
Add comment explaining why we read basic MCS set only from beacon/probereq.
requested by mpi@

6 years agothis one was my fault, when an error occurrs on mesg(1) it must exit with error
mestre [Sat, 11 Aug 2018 10:58:39 +0000 (10:58 +0000)]
this one was my fault, when an error occurrs on mesg(1) it must exit with error
values >1 since the return value 1 is used to indicate that messages have been
disallowed. while here also s/unveil/pledge on err(3).

OK tb@ kn@ deraadt@

6 years agoUse MAXCPUS as the number of elements for the array of per-cpu data.
kettenis [Sat, 11 Aug 2018 10:42:42 +0000 (10:42 +0000)]
Use MAXCPUS as the number of elements for the array of per-cpu data.

ok jsg@, patrick@

6 years agoUse MAXCPUS as the number of elements for the array of per-cpu data.
kettenis [Sat, 11 Aug 2018 10:41:08 +0000 (10:41 +0000)]
Use MAXCPUS as the number of elements for the array of per-cpu data.
Fixes machines with more than 8 cores.

ok jsg@, patrick@

6 years agoFix problems ofthe ifconfig argument parser with "ifconfig <if> join".
benno [Sat, 11 Aug 2018 09:18:49 +0000 (09:18 +0000)]
Fix problems ofthe ifconfig argument parser with "ifconfig <if> join".
Due to the way the parsing works, you cannot have an option that
accepts strings as argument or no argument, without side effects: for
example "join <nwid>" could only join networks that did not have a
nwid identical to another ifconfig option, i.e. "join mtu" or "join
join" would not work.

Solve this by making join always require an nwid. Listing all the
configured nwids for auto-join is moved to the new option "joinlist".
Removing _all_ auto-join configuration is moved to "-joinlist".

deraadt@ likes it and ok phessler@ stsp@

6 years agoPrevent server side overflow for message id in snmp header.
rob [Sat, 11 Aug 2018 04:31:57 +0000 (04:31 +0000)]
Prevent server side overflow for message id in snmp header.

ok sthen@, tb@

6 years agohandle the non-portable GNU-style \[charNN], \[charNNN] character
schwarze [Fri, 10 Aug 2018 22:12:40 +0000 (22:12 +0000)]
handle the non-portable GNU-style \[charNN], \[charNNN] character
escape sequences, used for example in the groff_char(7) manual page

6 years agoThe groff man-ext macros define fonts CB, CI, and CR,
schwarze [Fri, 10 Aug 2018 20:40:43 +0000 (20:40 +0000)]
The groff man-ext macros define fonts CB, CI, and CR,
and some groff manual pages actually use them in .ft requests.
It's easy enough to handle these .ft requests in mandoc, too.

6 years agosync
deraadt [Fri, 10 Aug 2018 20:27:18 +0000 (20:27 +0000)]
sync

6 years agocrank to 6.4-beta
deraadt [Fri, 10 Aug 2018 20:27:01 +0000 (20:27 +0000)]
crank to 6.4-beta

6 years agoSimplify server key exchange signature verification.
jsing [Fri, 10 Aug 2018 17:52:35 +0000 (17:52 +0000)]
Simplify server key exchange signature verification.

Everything can go through the EVP_Verify* code path.

ok inoguchi@ tb@

6 years agoSimplify server kex exchange signature generation.
jsing [Fri, 10 Aug 2018 17:44:16 +0000 (17:44 +0000)]
Simplify server kex exchange signature generation.

Everything can go through the single EVP_Sign* code path.

ok inoguchi@ tb@

6 years agoAdd glue to EVP_md5_sha1() so that it can be used with EVP_Sign* and
jsing [Fri, 10 Aug 2018 17:30:29 +0000 (17:30 +0000)]
Add glue to EVP_md5_sha1() so that it can be used with EVP_Sign* and
EVP_Verify*.

ok tb@

6 years agoAdd missing include to X25519 synopsis.
jsing [Fri, 10 Aug 2018 17:28:48 +0000 (17:28 +0000)]
Add missing include to X25519 synopsis.

6 years agoIn typical swiss-army style, various modes and options cause
deraadt [Fri, 10 Aug 2018 17:15:22 +0000 (17:15 +0000)]
In typical swiss-army style, various modes and options cause
different unveils.  Joint work with beck and florian.
Let us know if you hit any corner cases.

6 years agodelete volatile intended to silence whiny old compilers around vfork.
deraadt [Fri, 10 Aug 2018 17:03:26 +0000 (17:03 +0000)]
delete volatile intended to silence whiny old compilers around vfork.
This variable is only used in the parent context so there is no issue.
ok kettenis

6 years agoBump boot loader versions for softraid passphrase handling change.
jsing [Fri, 10 Aug 2018 16:43:54 +0000 (16:43 +0000)]
Bump boot loader versions for softraid passphrase handling change.

6 years agoRetry on incorrect passphrase for softraid crypto boot.
jsing [Fri, 10 Aug 2018 16:41:35 +0000 (16:41 +0000)]
Retry on incorrect passphrase for softraid crypto boot.

Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few reasons for this, including the fact that pkcs5_pbkdf2() allows an
empty passphrase and that returning EPERM allowed for another attempt.

With the event of KARL and the need for bsd.booted with hibernate resumption,
this becomes much more of an issue - if you get the passphrase wrong you
fail to resume. There are also other situations like using /etc/boot.conf
to switch serial console, but an incorrect passphrase results in the config
not being read. Also, bcrypt_pbkdf() does not permit empty passphrases.

This reworks the softraid crypto support in the boot loaders so that it
loops requesting a valid passphrase until one is provided, or an empty
passphrase is entered (at which point it will abort).

ok mortimer@ tb@

6 years agoRun the wycheproof ECDSA test vectors against libcrypto.
jsing [Fri, 10 Aug 2018 16:22:58 +0000 (16:22 +0000)]
Run the wycheproof ECDSA test vectors against libcrypto.

Skip the ecdsa_webcrypto_test.json vectors for the time being, as these
likely need some extra glue.

6 years agoRun the X25519 wycheproof test vectors against libcrypto.
jsing [Fri, 10 Aug 2018 16:18:55 +0000 (16:18 +0000)]
Run the X25519 wycheproof test vectors against libcrypto.

6 years agoRework regress so that it is easier to add additional test types.
jsing [Fri, 10 Aug 2018 16:14:40 +0000 (16:14 +0000)]
Rework regress so that it is easier to add additional test types.

6 years agoUse a table rather than a switch when converting strings to NIDs.
jsing [Fri, 10 Aug 2018 16:12:19 +0000 (16:12 +0000)]
Use a table rather than a switch when converting strings to NIDs.

This will make it easier to extend.

6 years agoAdd a regress test that checks file descriptor allocation across fork.
jsing [Fri, 10 Aug 2018 15:58:16 +0000 (15:58 +0000)]
Add a regress test that checks file descriptor allocation across fork.

In particular, this checks the behaviour of kqueue fds being closed and
reallocated across a fork.

6 years agoUpdate fd_freefile when filtering/closing kqueue descriptors in fdcopy().
jsing [Fri, 10 Aug 2018 15:53:49 +0000 (15:53 +0000)]
Update fd_freefile when filtering/closing kqueue descriptors in fdcopy().

Prior to r1.153 of kern_descrip.c, the kqueue descriptors were removed
using fdremove(), which reset fd_freefile as appropriate. The new code
simply avoids adding the descriptor to the new table, however this means
that fd_freefile can be left with an incorrect value, resulting in a file
descriptor allocation "hole". Restore the previous behavour by lowering
fd_freefile as appropriate when dropping descriptors.

Issue found via golang regress tests.

ok deraadt@ mpi@ visa@

6 years agoAnother place where we should handle AS_SET better. aspath_lenmatch()
claudio [Fri, 10 Aug 2018 11:15:53 +0000 (11:15 +0000)]
Another place where we should handle AS_SET better. aspath_lenmatch()
should count through AS_SET boundaries, in other words the path
1 2 3 { 4 3 5 } 3 3 7 has an as-seq count of 4, before it was just 2.
OK benno@

6 years agoMake the AS_SET handling for source-as even simpler. It is enough to only
claudio [Fri, 10 Aug 2018 11:13:01 +0000 (11:13 +0000)]
Make the AS_SET handling for source-as even simpler. It is enough to only
extract the rightmost AS of a segment if the segment is not an AS_SET.
Then if we hit the final segment as will contain the last aggregator AS.
This fixes a possible issue with a path like 1 2 3 { 4 5 } { 6 7 } which
should match for source-as 3.
OK benno@