jsg [Thu, 10 Jun 2021 04:49:48 +0000 (04:49 +0000)]
recognise Cortex-A510, Cortex-A710 and Cortex-X2
dtucker [Thu, 10 Jun 2021 03:45:31 +0000 (03:45 +0000)]
Add regress test for SIGHUP restart while handling active and
unauthenticated clients. Should catch anything similar to the
pselect bug just fixed in sshd.c.
dtucker [Thu, 10 Jun 2021 03:14:14 +0000 (03:14 +0000)]
Continue accept loop when pselect returns -1, eg if it was interrupted
by a signal. This should prevent the hang discovered by sthen@ wherein
sshd receives a SIGHUP while it has an unauthenticated child and goes
on to a blocking read on a notify_pipe. feedback deraadt@, ok djm@
afresh1 [Wed, 9 Jun 2021 23:21:34 +0000 (23:21 +0000)]
Remove pledgenames() from OpenBSD::Pledge perl module
Pointed out by deraadt@, this is not what that that incomplete table is for.
While the code has been there for several years, I haven't found a use for it,
which is good because it would have been wrong.
While here, update my name.
kettenis [Wed, 9 Jun 2021 19:46:33 +0000 (19:46 +0000)]
Enable MSI-X support for powerpc64.
ok patrick@
mortimer [Wed, 9 Jun 2021 19:44:55 +0000 (19:44 +0000)]
Enable libexecinfo.
With some build plumbing help from jsg@
ok kettenis@ sthen@
mortimer [Wed, 9 Jun 2021 19:42:46 +0000 (19:42 +0000)]
Enable libexecinfo regress.
mortimer [Wed, 9 Jun 2021 19:39:15 +0000 (19:39 +0000)]
Add regress test for libexecinfo.
ok kettenis@ sthen@
mortimer [Wed, 9 Jun 2021 19:37:43 +0000 (19:37 +0000)]
Add libexecinfo.
Based on NetBSD implementation, without the libelf dependency. Architectures
which have libunwind use libunwind, and others use a stub implementation
that does nothing since __builtin methods are unreliable.
Much feedback and help from jca@.
ok kettenis@ sthen@
semarie [Wed, 9 Jun 2021 17:52:47 +0000 (17:52 +0000)]
unveil: small cleanup for UNVEIL_INSPECT
remove two leftover checks which were used when ni_unveil was used with UNVEIL_INSPECT.
it was used by:
- readlink(2) - removed 2019-08-31
- stat(2) and access(2) - removed 2019-03-24
ok claudio@
dlg [Wed, 9 Jun 2021 03:24:54 +0000 (03:24 +0000)]
whitespace tweak. no functional change.
jsg [Wed, 9 Jun 2021 02:56:45 +0000 (02:56 +0000)]
don't fatally error on failing to map visible VRAM
Mapping VRAM here is an optimisation only attempted on 64 bit archs,
there is a fallback path if it fails.
Reported and fix tested by Jerome Kasper on RX 5500 XT (Navi 14) who
mentioned the mapping error did not occur with 6.9-stable.
dv [Tue, 8 Jun 2021 23:18:43 +0000 (23:18 +0000)]
cleanup printf pattern to remove double 0x when printing pointer
mlarkin: "sure"
djm [Tue, 8 Jun 2021 22:30:27 +0000 (22:30 +0000)]
test that UserKnownHostsFile correctly accepts multiple arguments;
would have caught readconf.c r1.356 regression
djm [Tue, 8 Jun 2021 22:06:12 +0000 (22:06 +0000)]
fix regression in r1.356: for ssh_config options that accepted
multiple string arguments, ssh was only recording the first.
Reported by Lucas via bugs@
tb [Tue, 8 Jun 2021 19:34:44 +0000 (19:34 +0000)]
Simplify tlsext_ecpf_parse()
The default alert in the tlsext parsing code is a decode_error, so
there's no need for an error path that only sets that alert.
suggested by/ok jsing
tb [Tue, 8 Jun 2021 18:13:50 +0000 (18:13 +0000)]
Rewrap a comment to avoid an overlong line
tb [Tue, 8 Jun 2021 18:05:47 +0000 (18:05 +0000)]
Ignore the record version for early alerts
On receiving the first flight from the peer, we do not yet know if
we are using TLSv1.3. In particular, we might get an alert record
with record version 0x0300 from a pre-TLSv1.2 peer in response to
our client hello. Ignore the record version instead of sending a
protocol version alert in that situtation. This may also be hit
when talking to a LibreSSL 3.3 server with an illegal SNI.
Part of an issue reported by danj.
ok jsing
tb [Tue, 8 Jun 2021 17:41:52 +0000 (17:41 +0000)]
TLSv1.3 server: avoid sending alerts in legacy records
As soon as we know that we're dealing with a TLSv1.3 client, set
the legacy version in the record layer to 0x0303 so that we send
alerts with the correct record version. Previously we would send
early alerts with a record version of 0x0300.
ok jsing
tb [Tue, 8 Jun 2021 17:22:00 +0000 (17:22 +0000)]
Adjust alert for ECPF without uncompressed point format
According to RFC 8422, we must send an illegal_parameter alert on
receiving an ECPF extension that doesn't include the uncompressed
format, not a decode_error.
Reported via GitHub issue #675.
ok jsing
dv [Tue, 8 Jun 2021 14:37:48 +0000 (14:37 +0000)]
vmd(8): malicious dhcp packets on local ifs can cause stack overflows
A sufficiently large dhcp packet can cause a stack overflow in vmd's
internal dhcp server used for providing ip addresses to local guest
interfaces. (This does not affect non-local interfaces.)
The primary changes drop larger packets and change the memory copying
logic to use a compile-time constant. The dhcp option processing
also additional prevention for out of bound reads.
While here, improve construction of the dhcp response's hostname
handling to guard against overflowing the response dhcp options.
Vulnerability reported by Maxime Villard.
ok claudio@
inoguchi [Tue, 8 Jun 2021 11:19:39 +0000 (11:19 +0000)]
Fix pkg-config .pc files with LibreSSL
In libssl.pc, Libs: should not have '-lcrypto', and Requires.private:
should have it as 'libcrypto'.
openssl.pc does not need Libs: and Cflags:, but should have Requires:.
OK millert@
djm [Tue, 8 Jun 2021 07:40:12 +0000 (07:40 +0000)]
test argv_split() optional termination on comments
djm [Tue, 8 Jun 2021 07:09:42 +0000 (07:09 +0000)]
switch sshd_config parsing to argv_split()
similar to the previous commit, this switches sshd_config parsing to
the newer tokeniser. Config parsing will be a little stricter wrt
quote correctness and directives appearing without arguments.
feedback and ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
djm [Tue, 8 Jun 2021 07:07:15 +0000 (07:07 +0000)]
Switch ssh_config parsing to use argv_split()
This fixes a couple of problems with the previous tokeniser,
strdelim()
1. strdelim() is permissive wrt accepting '=' characters. This is
intended to allow it to tokenise "Option=value" but because it
cannot keep state, it will incorrectly split "Opt=val=val2".
2. strdelim() has rudimentry handling of quoted strings, but it
is incomplete and inconsistent. E.g. it doesn't handle escaped
quotes inside a quoted string.
3. It has no support for stopping on a (unquoted) comment. Because
of this readconf.c r1.343 added chopping of lines at '#', but
this caused a regression because these characters may legitimately
appear inside quoted strings.
The new tokeniser is stricter is a number of cases, including #1 above
but previously it was also possible for some directives to appear
without arguments. AFAIK these were nonsensical in all cases, and the
new tokeniser refuses to accept them.
The new code handles quotes much better, permitting quoted space as
well as escaped closing quotes. Finally, comment handling should be
fixed - the tokeniser will terminate only on unquoted # characters.
feedback & ok markus@
tested in snaps for the last five or so days - thanks Theo and those who
caught bugs
dtucker [Tue, 8 Jun 2021 07:05:27 +0000 (07:05 +0000)]
Add testcases from bz#3319 for IPQoS and TunnelDevice being overridden
on the command line.
dtucker [Tue, 8 Jun 2021 07:02:46 +0000 (07:02 +0000)]
Check if IPQoS or TunnelDevice are already set before overriding.
Prevents values in config files from overriding values supplied on
the command line. bz#3319, ok markus.
djm [Tue, 8 Jun 2021 06:54:40 +0000 (06:54 +0000)]
Allow argv_split() to optionally terminate tokenisation when it
encounters an unquoted comment.
Add some additional utility function for working with argument
vectors, since we'll be switching to using them to parse
ssh/sshd_config shortly.
ok markus@ as part of a larger diff; tested in snaps
djm [Tue, 8 Jun 2021 06:52:43 +0000 (06:52 +0000)]
sprinkle some "# comment" at end of configuration lines to test
comment handling
djm [Tue, 8 Jun 2021 06:51:47 +0000 (06:51 +0000)]
more descriptive failure message
krw [Tue, 8 Jun 2021 02:45:49 +0000 (02:45 +0000)]
Replace hand rolled memory allocation in efid_io() with
BS->AllocatePages() and BS->FreePages() as in all the other
efid_io() versions.
Don't leak the pages on success.
Bump boot version to 3.59.
ok yasuoka@
krw [Mon, 7 Jun 2021 21:18:31 +0000 (21:18 +0000)]
Replace all uses of 'EFI_CALL(func, params)' with
the expansion 'func(params)'.
Allows upcoming removal of eficall.h.
Tested & ok patrick@
job [Mon, 7 Jun 2021 18:44:27 +0000 (18:44 +0000)]
Add HTTPS URL for LACNIC TA
OK deraadt@ claudio@
dv [Mon, 7 Jun 2021 13:55:54 +0000 (13:55 +0000)]
vmm(4): add dt tracepoints for guest entry/exit
To aid in development and debugging, this adds a tracepoint prior
to vm entry and after vm exit. It captures the vcpu and run params
plus the exit code, but dt(4)/btrace(8) will need some future work
to leverage those args.
The location of the tracepoint might change in the future, but for
now this solves my issues trying to use printf's to debug vmcs state
corruption.
ok mpi@
krw [Mon, 7 Jun 2021 13:38:58 +0000 (13:38 +0000)]
"intrisic" -> "intrinsic" in a couple of comments.
dv [Mon, 7 Jun 2021 12:55:19 +0000 (12:55 +0000)]
btrace(8): add "cpu" to long conversion
Special values need to be translated to longs for use with functions
like hist/lhist. Add "cpu" to conversion list.
ok mpi@
tb [Mon, 7 Jun 2021 10:53:59 +0000 (10:53 +0000)]
tweak previous: avoid markup and refer to an HTTP header only by its
name as is done elsewhere on this page.
pointed out by jmc
mpi [Mon, 7 Jun 2021 09:10:32 +0000 (09:10 +0000)]
Kill SS_ASYNC and only check SB_ASYNC when async signals are wanted.
This socket flag was redundant with the socket buffer one.
ok mvs@
kettenis [Mon, 7 Jun 2021 07:38:55 +0000 (07:38 +0000)]
Changing the default from (W)hole disk to (E)dit MBR wasn't enough to prevent
folks from shooting themselves in the foot. Make sure (W) can't be used
if an "APFS ISC" is found on the disk. This is the most essential
partition that is required for Apple M1 machines to boot.
ok krw@, deraadt@
djm [Mon, 7 Jun 2021 03:38:38 +0000 (03:38 +0000)]
fix debug message when finding a private key to match a certificate
being attempted for user authentication. Previously it would print
the certificate's path, whereas it was supposed to be showing the
private key's path. Patch from Alex Sherwin via GHPR247
djm [Mon, 7 Jun 2021 01:16:34 +0000 (01:16 +0000)]
test AuthenticationMethods inside a Match block as well as in
the main config section
krw [Mon, 7 Jun 2021 00:04:20 +0000 (00:04 +0000)]
Replace all uses of 'EFI_CALL(func, params)' with
the expansion 'func(params)'.
Allows upcoming removal of eficall.h.
djm [Mon, 7 Jun 2021 00:00:50 +0000 (00:00 +0000)]
prepare for stricter sshd_config parsing that will refuse a config
that has {Allow,Deny}{Users,Groups} on a line with no subsequent
arguments. Such lines are permitted but are nonsensical noops ATM
krw [Sun, 6 Jun 2021 23:56:55 +0000 (23:56 +0000)]
Replace all uses of 'EFI_CALL(func, params)' with
the expansion 'func(params)'.
Allows upcoming removal of eficall.h.
Tested & ok naddy@
bluhm [Sun, 6 Jun 2021 22:53:06 +0000 (22:53 +0000)]
Test must build also when started with make regress. Use consistent
variable names in make file.
tb [Sun, 6 Jun 2021 22:00:35 +0000 (22:00 +0000)]
appease mandoc -Tlint
tb [Sun, 6 Jun 2021 21:59:20 +0000 (21:59 +0000)]
Add .Pp for consistency with all other config blocks.
kettenis [Sun, 6 Jun 2021 18:58:14 +0000 (18:58 +0000)]
Use installboot(8) on arm64 ramdisks like we do for amd64.
ok krw@
djm [Sun, 6 Jun 2021 11:34:16 +0000 (11:34 +0000)]
Match host certificates against host public keys, not private keys.
Allows use of certificates with private keys held in a ssh-agent.
Reported by Miles Zhou in bz3524; ok dtucker@
aoyama [Sun, 6 Jun 2021 10:48:30 +0000 (10:48 +0000)]
Add firmware selection for BRCM_CC_43241_CHIP_ID (0x4324).
According to NetBSD, this chip uses one of three firmwares depending
on its revision, but all of them are already included in the
bwfm-firmware package, so we can load one of them.
ok patrick@ sthen@
djm [Sun, 6 Jun 2021 03:40:39 +0000 (03:40 +0000)]
Client-side workaround for a bug in OpenSSH 7.4: this release allows
RSA/SHA2 signatures for public key authentication but fails to advertise
this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
server to incorrectly match PubkeyAcceptedAlgorithms and potentially
refuse to offer valid keys.
Reported by and based on patch from Gordon Messmer via bz3213, thanks
also for additional analysis by Jakub Jelen. ok dtucker
djm [Sun, 6 Jun 2021 03:17:02 +0000 (03:17 +0000)]
degrade gracefully if a sftp-server offers the limits@openssh.com
extension but fails when the client tries to invoke it.
Reported by Hector Martin via bz3318
djm [Sun, 6 Jun 2021 03:15:39 +0000 (03:15 +0000)]
the limits@openssh.com extension was incorrectly marked as an
operation that writes to the filesystem, which made it unavailable
in sftp-server read-only mode. Spotted by Hector Martin via bz3318
naddy [Sat, 5 Jun 2021 13:47:00 +0000 (13:47 +0000)]
PROTOCOL.certkeys: update reference from IETF draft to RFC
Also fix some typos.
ok djm@
deraadt [Sat, 5 Jun 2021 13:32:52 +0000 (13:32 +0000)]
this file includes sys/param.h, so does not need to redefine PAGE_MASK
krw [Fri, 4 Jun 2021 15:19:38 +0000 (15:19 +0000)]
Remove now unused eficall.S.
prodded by jsg@
semarie [Fri, 4 Jun 2021 10:01:49 +0000 (10:01 +0000)]
unbreak regress/libexec/ld.so/nodelete test
pointed by bluhm@
mvs [Fri, 4 Jun 2021 09:06:09 +0000 (09:06 +0000)]
regen
mvs [Fri, 4 Jun 2021 09:05:19 +0000 (09:05 +0000)]
Unlock connect(2). Again.
ok mpi@
jsg [Fri, 4 Jun 2021 07:29:54 +0000 (07:29 +0000)]
avoid a use after free in a path taken if malloc M_NOWAIT fails
djm [Fri, 4 Jun 2021 06:19:07 +0000 (06:19 +0000)]
The RB_GENERATE_STATIC(3) macro expands to a series of function
definitions and not a statement, so there should be no semicolon
following them. Patch from Michael Forney
djm [Fri, 4 Jun 2021 05:59:18 +0000 (05:59 +0000)]
rework authorized_keys example section, removing irrelevant stuff,
de-wrapping the example lines and better aligning the examples with
common usage and FAQs; ok jmc
djm [Fri, 4 Jun 2021 05:10:03 +0000 (05:10 +0000)]
adjust SetEnv description to clarify $TERM handling
dtucker [Fri, 4 Jun 2021 05:09:08 +0000 (05:09 +0000)]
Switch the listening select loop from select() to pselect() and
mask signals while checking signal flags, umasking for pselect and
restoring afterwards. Also restore signals before sighup_restart
so they don't remain blocked after restart.
This prevents a race where a SIGTERM or SIGHUP can arrive between
checking the flag and calling select (eg if sshd is processing a
new connection) resulting in sshd not shutting down until the next
time it receives a new connection. bz#2158, with & ok djm@
djm [Fri, 4 Jun 2021 05:02:40 +0000 (05:02 +0000)]
allow ssh_config SetEnv to override $TERM, which is otherwise handled
specially by the protocol. Useful in ~/.ssh/config to set TERM to
something generic (e.g. "xterm" instead of "xterm-256color") for
destinations that lack terminfo entries. feedback and ok dtucker@
djm [Fri, 4 Jun 2021 04:02:21 +0000 (04:02 +0000)]
correct extension name "no-presence-required" => "no-touch-required"
document "verify-required" option
jsg [Fri, 4 Jun 2021 01:52:21 +0000 (01:52 +0000)]
disable ppgtt on cherryview/braswell
With ppgtt enabled the contents of struct gen6_ppgtt are overwritten
leading to unexpected values for vma pointer such as 0 and 1.
Multiple people have reported problems with 6.9 on cherryview/braswell
with traces along the lines of
uvm_fault(0xffffffff8214ea68, 0xb8, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at i915_ggtt_pin+0x29: movq 0xb8(%rdi),%r12
i915_ggtt_pin(0,10000,20) at i915_ggtt_pin+0x29
gen6_ppgtt_pin(
ffff800000cb9400) at gen6_ppgtt_pin+0x7c
__intel_context_do_pin(
fffffd817dc8ad80) at __intel_context_do_pin+0xca
intel_engines_init(
ffff800000104c38) at intel_engines_init+0x4b5
intel_gt_init(
ffff800000104c38) at intel_gt_init+0x130
i915_gem_init(
ffff800000100000) at i915_gem_init+0xa3
i915_driver_probe(
ffff800000100000,
ffffffff81fc6e90) at i915_driver_probe+0x7ed
The "use drm_mm from linux 5.7.y" commit made last October is
implicated in the change in behaviour but does not itself have any
cherryview/braswell specific changes. There is at least one report on
misc@ which suggests this occurred in some situations with 6.8 which
lacks that change.
Thanks to the people who reported this in particular Matthias Pressfreund
who tested many patches.
deraadt [Fri, 4 Jun 2021 00:29:15 +0000 (00:29 +0000)]
machine/cpu.h requires a pre-include of sys/time.h
krw [Fri, 4 Jun 2021 00:09:34 +0000 (00:09 +0000)]
yasuoka@ pointed out that amd64 clang now understands
'__attribute((ms_abi))', removing the need for the EFI_CALL
abstraction.
Nuke the amd64 EFI_CALL dance from all copies of eficall.h,
remove eficall.S from the build.
ok kettenis@ yasuoka@
patrick [Thu, 3 Jun 2021 21:42:23 +0000 (21:42 +0000)]
Implement multicast support in mvpp(4) to make IPv6 work. With this
change it's also not necessary to remember the old lladdr, since the
old one will be purged automatically prior to installing the current
set of multicast addresses.
Complaint filed by matthieu@
kettenis [Thu, 3 Jun 2021 17:08:56 +0000 (17:08 +0000)]
Use machdep.compatible to determine Pine64 and Raspberry Pi "platforms".
Also recognize Apple "platforms" and change the default from "whole" to
"edit" when installing on disk with a GPT on those. This should prevent
users from accidentally overwriting essential partitions that are needed
to boot those machines.
ok deraadt@
kettenis [Thu, 3 Jun 2021 17:05:41 +0000 (17:05 +0000)]
Enable machdep.compatible on platforms that have it.
ok deraadt@
claudio [Thu, 3 Jun 2021 15:10:05 +0000 (15:10 +0000)]
Use O_DIRECTORY when opening directories. This makes some errors a bit
clearer when using -d.
OK deraadt@
krw [Thu, 3 Jun 2021 15:05:55 +0000 (15:05 +0000)]
Recognize the Apple APFS GPT partition types seen on Apple M1 boxen.
ok kettenis@
deraadt [Thu, 3 Jun 2021 13:38:18 +0000 (13:38 +0000)]
(man page also)
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
deraadt [Thu, 3 Jun 2021 13:19:45 +0000 (13:19 +0000)]
secure_path(3) hasn't been called since we recognized the TOCTOU issues a few
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
deraadt [Thu, 3 Jun 2021 13:14:03 +0000 (13:14 +0000)]
typo
otto [Thu, 3 Jun 2021 06:42:03 +0000 (06:42 +0000)]
For 4k sector disks, the minimum frag size is 4k. For a 2G fs
that delivers too few inodes to hold a src tree. So adjust the
density for partitions on a 4k disk if fragsize and density are not
passed on the command line. This is kind of a hack, since we do not
have a way to signal the desired # of inodes from the install script.
ok kettenis@ krw@
dlg [Thu, 3 Jun 2021 04:47:54 +0000 (04:47 +0000)]
ip6_input_if used the ip6_hdr pointer uninitted after i refactored it.
i did test this, but i guess i was lucky. very lucky.
Coverity CID
1505114
dlg [Thu, 3 Jun 2021 01:55:52 +0000 (01:55 +0000)]
remember if the ipv4 header checksum is ok.
if a bridge checks the ip header before the network stack, then we
can remember it was ok when the bridge checks it so the ip stack
doesnt have to.
ok claudio@ mvs@
krw [Wed, 2 Jun 2021 22:44:26 +0000 (22:44 +0000)]
Use the same logic in all copies of gpt_chk_mbr(), relaxing the
media length check to allow EFI GPT partitions to be smaller that
the entire disk.
Consistently use GPTSECTOR instead of randomly tossing in some
literal '1's.
ok kettenis@
sashan [Wed, 2 Jun 2021 21:49:31 +0000 (21:49 +0000)]
With parallel execution of pf_test() two packets may try to update the same
state in pfsync(4) queue. pfsync_q_ins() takes that race into account with one
exception: the KASSERT() at line 2352. That KASSERT() needs to be removed.
2346 void
2347 pfsync_q_ins(struct pf_state *st, int q)
2348 {
2349 struct pfsync_softc *sc = pfsyncif;
2350 size_t nlen, sc_len;
2351
2352 KASSERT(st->sync_state == PFSYNC_S_NONE);
2353
2354 #if defined(PFSYNC_DEBUG)
2355 if (sc->sc_len < PFSYNC_MINPKT)
2356 panic("pfsync pkt len is too low %zd", sc->sc_len);
2357 #endif
2358 do {
2359 mtx_enter(&sc->sc_mtx[q]);
2360
2361 /*
2362 * If two threads are competing to insert the same state, then
2363 * there must be just single winner.
2364 */
2365 if (st->sync_state != PFSYNC_S_NONE) {
2366 mtx_leave(&sc->sc_mtx[q]);
2367 break;
2368 }
OK bluhm@
kettenis [Wed, 2 Jun 2021 21:41:38 +0000 (21:41 +0000)]
Linux folks introduced "10gbase-r" since it is "more correct" and we're
starting to see firmware that uses this instead of the "10gbase-kr" that
was used before to describe the PHYs. So recognize both and treat that
the same.
ok deraadt@, patrick@
kettenis [Wed, 2 Jun 2021 19:38:14 +0000 (19:38 +0000)]
Avoid spinning on the kernel lock with interrupts disabled.
ok gkoehler@
patrick [Wed, 2 Jun 2021 19:16:11 +0000 (19:16 +0000)]
When processing a received packet, only sync the amount of bytes
mcx(4) told us has arrived. The DMA map's mapsize on RX packets
is the length of the allocated buffer. For mcx(4), this can be
more than around 9000 bytes, as each buffer will be at least as
big as the maximum supported MTU. There's no need to sync the
whole buffer, if it's only a small packet.
ok dlg@ jmatthew@
patrick [Wed, 2 Jun 2021 19:11:02 +0000 (19:11 +0000)]
Correctly calculate number of PRPL entries we have to sync by adding
brackets to manage operator precedence. Otherwise we'd attempt to sync
more than needed, which doesn't cause issues, but it's still wrong.
ok dlg@ jmatthew@
deraadt [Wed, 2 Jun 2021 18:44:16 +0000 (18:44 +0000)]
sync
schwarze [Wed, 2 Jun 2021 18:27:36 +0000 (18:27 +0000)]
In -W style mode, check .Xr links along the full manpath because
that is more useful for validating manuals of non-base software.
Nothing changes in -W all mode: by default for -T lint, we still
assume we want to check base system conventions, including usually
not wanting to link to non-base manual pages.
The use case, a partial idea how to handle it, and a preliminary
patch was originally presented by kn@, then refined by me.
Final patch tested and OK'ed by kn@.
schwarze [Wed, 2 Jun 2021 17:36:59 +0000 (17:36 +0000)]
test private use areas some more as they have proven fragile
schwarze [Wed, 2 Jun 2021 16:35:25 +0000 (16:35 +0000)]
Cleanup:
1. Move invalid two-byte sequences after valid ones
and make their descriptions easier to understand.
2. Replace the wrong and confusing expression "middle byte"
with the correct term "start byte".
3. Add test lines for U+EFFFF and U+F0000.
4. Replace the unhelpful word "strange" with more descriptive terms.
Arguably, nothing about this (or maybe everything?) is strange.
kettenis [Wed, 2 Jun 2021 16:12:18 +0000 (16:12 +0000)]
Add GPT support; stolen from i386_installboot.c.
ok krw@, deraadt@
kettenis [Wed, 2 Jun 2021 15:31:15 +0000 (15:31 +0000)]
Add support for booting from disks with 4k sectors. Inspired by the
code we already have for amd64, but changed to use EFI memory allocation
interfaces as some implementations seem to insist on page-aligned memory.
ok krw@
schwarze [Wed, 2 Jun 2021 15:07:42 +0000 (15:07 +0000)]
The wcwidth(3) of Plane 15 and Plane 16 Private Use Characters
was changed from 0 to 1. Adjust the test results accordingly.
Issue reported by bluhm@.
dv [Wed, 2 Jun 2021 14:40:46 +0000 (14:40 +0000)]
vmd(8): allow locking a randomly assigned lladdr
Provide a default value of a zero'd mac address so a user can still
specify the interface should be "locked" (only transmitting ethernet
packets with a matching source address). vmd will assign a random
address at vm launch.
As an example, this is now valid:
vm "name" {
interface {
locked lladdr
}
...
}
From Martin Vahlensieck
ok claudio@
visa [Wed, 2 Jun 2021 13:56:28 +0000 (13:56 +0000)]
Enable pool cache on knote pool
Use the pool cache to reduce the overhead of memory management in
function kqueue_register().
When EV_ADD is given, kqueue_register() pre-allocates a knote to avoid
potential sleeping in the middle of the critical section that spans
from knote lookup to insertion. However, the pre-allocation is useless
if the lookup finds a matching knote.
The cost of knote allocation will become significant with kqueue-based
poll(2) and select(2) because the frequency of allocation will increase.
Most of the cost appears to come from the locking inside the pool.
The pool cache amortizes it by using CPU-local caches of free knotes
as buffers.
OK dlg@ mpi@
mvs [Wed, 2 Jun 2021 11:31:10 +0000 (11:31 +0000)]
regen
mvs [Wed, 2 Jun 2021 11:30:23 +0000 (11:30 +0000)]
Unlock setrtable(2). Local copy of `ps_rtableid' used to make checks
consistent.
ok mpi@
martijn [Wed, 2 Jun 2021 08:41:16 +0000 (08:41 +0000)]
The getnext_indexoid tests now pass
martijn [Wed, 2 Jun 2021 08:40:09 +0000 (08:40 +0000)]
agentx_context_object_nfind had its ax_oid_cmp arguments swapped.
OK bluhm@
martijn [Wed, 2 Jun 2021 08:32:22 +0000 (08:32 +0000)]
Make the hints at the bottom row sticky by turning the knobs toggles.
Specifically this effects ^G, help and order.
While here also document the 'h' character.
Initial inspiration and diff from Anindya Mukherjee (anindya49 <at> hotmail
<dot> com)
OK bluhm@