openbsd
3 years agoAdd GPIO functionality (including support for using GPIOs as interrupt pins).
kettenis [Sat, 30 Oct 2021 14:50:54 +0000 (14:50 +0000)]
Add GPIO functionality (including support for using GPIOs as interrupt pins).
Needed for upcoming Apple M1 laptop keyboard support.

ok patrick@

3 years agodocument (hopefully) near future directions
espie [Sat, 30 Oct 2021 13:44:34 +0000 (13:44 +0000)]
document (hopefully) near future directions

3 years agoFix build break caused by accidental keystroke during last commit
ratchov [Sat, 30 Oct 2021 12:48:11 +0000 (12:48 +0000)]
Fix build break caused by accidental keystroke during last commit

3 years agoDisestablish softintrs upon detach (missed in last commit)
ratchov [Sat, 30 Oct 2021 12:40:55 +0000 (12:40 +0000)]
Disestablish softintrs upon detach (missed in last commit)

During detach, we can't rely on softintrs to signal processes blocked
in read, write or poll, so we need to explicitely call wakeup
functions in the detach method, as other drivers do.

3 years agoDefer selwakeup() calls to a softintr
ratchov [Sat, 30 Oct 2021 12:26:26 +0000 (12:26 +0000)]
Defer selwakeup() calls to a softintr

selwakeup() needs to be protected by KERNEL_LOCK, but we're not
allowed to grab KERNEL_LOCK on interrupt context because midi runs at
IPL_AUDIO with the audio_lock held. Furthermore, doing so is a locking
order bug: syscall code-path grabs KERNEL_LOCK first while interrupt
code-path does the opposite when calling selwakeup().

ok visa

3 years agoRevert previous commit as it's causing panic when devices are detached
ratchov [Sat, 30 Oct 2021 11:56:19 +0000 (11:56 +0000)]
Revert previous commit as it's causing panic when devices are detached

ok sthen, anton

3 years agomatch on Intel 600 Series
jsg [Sat, 30 Oct 2021 03:27:35 +0000 (03:27 +0000)]
match on Intel 600 Series

3 years agoenable snooping on Intel 600 Series
jsg [Sat, 30 Oct 2021 03:24:59 +0000 (03:24 +0000)]
enable snooping on Intel 600 Series

3 years agoregen
jsg [Sat, 30 Oct 2021 03:22:44 +0000 (03:22 +0000)]
regen

3 years agoadd Intel 600 Series and Alder Lake S ids
jsg [Sat, 30 Oct 2021 03:22:08 +0000 (03:22 +0000)]
add Intel 600 Series and Alder Lake S ids

described in
648364-001 Intel 600 Series Chipset Family Platform Controller Hub Datasheet
655258-001 12th Generation Intel Core Processors Datasheet

3 years agoIf the test fails, do not hang forever. Abort with a 10 seconds
bluhm [Fri, 29 Oct 2021 20:15:03 +0000 (20:15 +0000)]
If the test fails, do not hang forever.  Abort with a 10 seconds
timeout.

3 years agoTweak code to make it clear that MBR_init() uses just the boot code and
krw [Fri, 29 Oct 2021 18:38:19 +0000 (18:38 +0000)]
Tweak code to make it clear that MBR_init() uses just the boot code and
partition 0 information from the default MBR.

loongson and macppc provide partition 0 information but no boot code.

amd64, i386, landisk provide boot code but no partition 0 information.

Other arch's get by w/o a default MBR (a.k.a. /usr/mdec/mbr).

No functional change.

3 years agosync
deraadt [Fri, 29 Oct 2021 18:09:26 +0000 (18:09 +0000)]
sync

3 years agothe list of devices which can be created it getting unwieldy and keep getting
jmc [Fri, 29 Oct 2021 16:42:57 +0000 (16:42 +0000)]
the list of devices which can be created it getting unwieldy and keep getting
out of date: remove it (sthen) and add a pointer to -C (dlg);

ok sthen

3 years agopoll needs similar treatment as select recently gained in order to not
anton [Fri, 29 Oct 2021 15:52:44 +0000 (15:52 +0000)]
poll needs similar treatment as select recently gained in order to not
mask failed kqueue_register() attempts which in turn causes the thread to
end up sleeping as opposed of propagating the failure to user space.

Regression introduced in the recent switch to implement poll on top of
kqueue.

Thanks to Larry Hynes <larry at larryhynes dot com> for reporting and
Leah Neukirchen <leah at vuxu dot org> for providing a reproducer; which
also already made its way into regress.

ok mpi@

3 years agoA USB HID report ID must be represented using a single byte ranging
anton [Fri, 29 Oct 2021 15:43:55 +0000 (15:43 +0000)]
A USB HID report ID must be represented using a single byte ranging
between 1-255 where 0 is reserved. The pseudo report ID
UHIDEV_CLAIM_MULTIPLE_REPORTID is currently colliding with the valid
report ID 255. Therefore crank it which gets rid of the collision and
increase the related fields in order to cope with larger integers.

Thanks to Damien Couderc <openbsd at petrocore dot eu> for reporting and
testing.

3 years agoIn x509/x509_purp.c rev. 1.11, tb@ fixed X509_check_purpose(3)
schwarze [Fri, 29 Oct 2021 14:29:24 +0000 (14:29 +0000)]
In x509/x509_purp.c rev. 1.11, tb@ fixed X509_check_purpose(3)
to fail if parsing of a certificate extension failed.
Adjust the documentation accordingly.
OK tb@

3 years agomatch more Prolific HXN ids
jsg [Fri, 29 Oct 2021 14:25:05 +0000 (14:25 +0000)]
match more Prolific HXN ids
tested by robert@ on PL2303GT
ok deraadt@ robert@ patrick@

3 years agoregen
jsg [Fri, 29 Oct 2021 14:23:07 +0000 (14:23 +0000)]
regen

3 years agomore Prolific HXN ids
jsg [Fri, 29 Oct 2021 14:22:26 +0000 (14:22 +0000)]
more Prolific HXN ids
ok deraadt@ robert@ patrick@

3 years agoDon't grab audio_lock in filt_midi{read,write} if NOTE_SUBMIT is set.
ratchov [Fri, 29 Oct 2021 13:24:50 +0000 (13:24 +0000)]
Don't grab audio_lock in filt_midi{read,write} if NOTE_SUBMIT is set.

Fixes panics caused by attempts to grab audio_lock twice in the
interrupt code path: once in the low-lever interrupt handler and once
in selwakeup()

This is exactly how audio(4) handles this problem.

ok mpi

3 years agoHook poll tests.
mpi [Fri, 29 Oct 2021 13:13:20 +0000 (13:13 +0000)]
Hook poll tests.

3 years agoTest that poll(2) returns POLLNVAL for an already closed fd.
mpi [Fri, 29 Oct 2021 13:13:04 +0000 (13:13 +0000)]
Test that poll(2) returns POLLNVAL for an already closed fd.

poll(2) rewrite on top of kqueue is currently blocking instead of
returning.  Regression reported by Larry Hynes with a reproducer
from Leah Neukirchen, thanks a lot!

3 years agoActually error in X509_check_purpose() if x509v3_cache_extensions()
tb [Fri, 29 Oct 2021 12:11:13 +0000 (12:11 +0000)]
Actually error in X509_check_purpose() if x509v3_cache_extensions()
indicates failure. The previous "error return" X509_V_ERR_UNSPECIFIED
translates to 1, i.e., success. This changes to the intended behavior
of x509_purp.c r1.3 and matches OpenSSL. This will need various
adjustments in the documentation.

ok jsing

3 years agodocument the horrifying function X509_TRUST_set_default(3)
schwarze [Fri, 29 Oct 2021 11:25:37 +0000 (11:25 +0000)]
document the horrifying function X509_TRUST_set_default(3)

3 years agoadd missing .h file include
deraadt [Fri, 29 Oct 2021 10:54:33 +0000 (10:54 +0000)]
add missing .h file include
from Emil Engler

3 years agorpki-client 7.4 is imminent, bump version
claudio [Fri, 29 Oct 2021 10:36:55 +0000 (10:36 +0000)]
rpki-client 7.4 is imminent, bump version

3 years agodocument X509_EXTENSION_dup(3);
schwarze [Fri, 29 Oct 2021 10:22:00 +0000 (10:22 +0000)]
document X509_EXTENSION_dup(3);
while here, add the missing const qualifier to the obj argument of
X509_EXTENSION_create_by_OBJ(3) and correct a typo in the argument
name of X509_EXTENSION_get_data(3)

3 years agonew manual page X509_REQ_print_ex(3),
schwarze [Fri, 29 Oct 2021 09:42:07 +0000 (09:42 +0000)]
new manual page X509_REQ_print_ex(3),
also documenting X509_REQ_print(3) and X509_REQ_print_fp(3)

3 years agoEnsure that RRDP snapshot and delta files are fetched from the same host
claudio [Fri, 29 Oct 2021 09:27:36 +0000 (09:27 +0000)]
Ensure that RRDP snapshot and delta files are fetched from the same host
as the notification file.
OK tb@ job@

3 years agoLimit the HTTP requests to 2GB of data. This is enforced via a quick
claudio [Fri, 29 Oct 2021 08:51:20 +0000 (08:51 +0000)]
Limit the HTTP requests to 2GB of data. This is enforced via a quick
check of the content-lenght header and also with a check when writing
data out so that chunked encoding can not bypass the limit.
OK beck@ job@

3 years agoProperly implement --max-size and --min-size.
claudio [Fri, 29 Oct 2021 08:00:59 +0000 (08:00 +0000)]
Properly implement --max-size and --min-size.
This uses scan_scaled(3) from libutil which is very similar to how rsync
behaves. Not implemented are the +/-1 math and the 1000 vs 1024 multipliers.
OK benno@ job@

3 years agossh-keygen: make verify-time argument parsing optional
djm [Fri, 29 Oct 2021 03:20:46 +0000 (03:20 +0000)]
ssh-keygen: make verify-time argument parsing optional

From Fabian Stelzer

3 years agosshsig: add tests for signing key validity and find-principals
djm [Fri, 29 Oct 2021 03:03:06 +0000 (03:03 +0000)]
sshsig: add tests for signing key validity and find-principals

- adds generic find-principals tests (this command had none before)
- tests certs with a timeboxed validity both with and without a
  restriced lifetime for the CA
- test for a revoked CA cert

by Fabian Stelzer

3 years agoavoid signedness warning; spotted in -portable
djm [Fri, 29 Oct 2021 02:48:19 +0000 (02:48 +0000)]
avoid signedness warning; spotted in -portable

3 years agoSync output at end of run with output inside the openbgpd output file.
claudio [Thu, 28 Oct 2021 19:02:36 +0000 (19:02 +0000)]
Sync output at end of run with output inside the openbgpd output file.
With and OK tb@

3 years agoDo not force the cursor to move if it is in the automargin space at EOL
nicm [Thu, 28 Oct 2021 18:57:06 +0000 (18:57 +0000)]
Do not force the cursor to move if it is in the automargin space at EOL
and that is where we want it to be, GitHub issue 2956.

3 years agoAllow detach even if suspend flag set, GitHub issue 2932.
nicm [Thu, 28 Oct 2021 18:54:33 +0000 (18:54 +0000)]
Allow detach even if suspend flag set, GitHub issue 2932.

3 years agoExpand command as a format, GitHub issue 2920.
nicm [Thu, 28 Oct 2021 18:39:15 +0000 (18:39 +0000)]
Expand command as a format, GitHub issue 2920.

3 years agodocument X509_REQ_to_X509(3)
schwarze [Thu, 28 Oct 2021 15:30:54 +0000 (15:30 +0000)]
document X509_REQ_to_X509(3)

3 years agoflesh out veb(4)/vport description a bit, spell out in more words what
sthen [Thu, 28 Oct 2021 15:06:36 +0000 (15:06 +0000)]
flesh out veb(4)/vport description a bit, spell out in more words what
is meant by "independently of the host network stack"

feedback jmc dlg

3 years agounwrap a line
tb [Thu, 28 Oct 2021 14:24:08 +0000 (14:24 +0000)]
unwrap a line

3 years agoLimit how many FileAndHash entries a single manifest may contain
job [Thu, 28 Oct 2021 13:51:42 +0000 (13:51 +0000)]
Limit how many FileAndHash entries a single manifest may contain

OK claudio@

3 years agoDon't fetch files larger than 2MB
job [Thu, 28 Oct 2021 13:50:29 +0000 (13:50 +0000)]
Don't fetch files larger than 2MB

OK claudio@

3 years agodocument X509_to_X509_REQ(3)
schwarze [Thu, 28 Oct 2021 13:23:19 +0000 (13:23 +0000)]
document X509_to_X509_REQ(3)

3 years agosort
tb [Thu, 28 Oct 2021 13:13:03 +0000 (13:13 +0000)]
sort

3 years agoProvide --max-size and --min-size arguments. Currently ignored but
claudio [Thu, 28 Oct 2021 13:07:43 +0000 (13:07 +0000)]
Provide --max-size and --min-size arguments. Currently ignored but
rpki-client wants --max-size and this will unblock that work.
With job@

3 years agosync
sthen [Thu, 28 Oct 2021 12:01:56 +0000 (12:01 +0000)]
sync

3 years agoLimit the size of the base64 blob inside the RRDP XML to be less than
claudio [Thu, 28 Oct 2021 11:57:00 +0000 (11:57 +0000)]
Limit the size of the base64 blob inside the RRDP XML to be less than
MAX_FILE_SIZE after base64 decoding it. This way hostile RRDP servers
do less damage.
OK beck@ tb@

3 years agoMechanical KNF in preparation for changing
beck [Thu, 28 Oct 2021 11:55:43 +0000 (11:55 +0000)]
Mechanical KNF in preparation for changing

3 years agoAdd headers normally contained in include/openssl, verbatim from 1.1.1
beck [Thu, 28 Oct 2021 11:23:07 +0000 (11:23 +0000)]
Add headers normally contained in include/openssl, verbatim from 1.1.1

3 years agoImport Certificate Transparency verbatim from OpenSSL 1.1.1
beck [Thu, 28 Oct 2021 11:21:03 +0000 (11:21 +0000)]
Import Certificate Transparency verbatim from OpenSSL 1.1.1

This is not yet hooked up and will not compile. Follow on commits
will KNF and then make it build.

ok jsing@ tb@

3 years agoopenssl-ruby tests: rework for x509_alt.c r1.3 and r1.5.
tb [Thu, 28 Oct 2021 11:01:19 +0000 (11:01 +0000)]
openssl-ruby tests: rework for x509_alt.c r1.3 and r1.5.

ruby can no longer generate certs with bogus wildcards in it to check
that they will fail to verify when creating TLS connections. It will
throw an error. This change needs openssl-ruby-tests-20211024p0 or later
to work.

3 years agoBring back r1.3, ok beck
tb [Thu, 28 Oct 2021 10:58:23 +0000 (10:58 +0000)]
Bring back r1.3, ok beck

Original commit message from beck:

Validate Subject Alternate Names when they are being added to certificates.

With this change we will reject adding SAN DNS, EMAIL, and IP addresses
that are malformed at certificate creation time.

ok jsing@ tb@

3 years agoAccept server replies from any server port
kn [Thu, 28 Oct 2021 09:44:49 +0000 (09:44 +0000)]
Accept server replies from any server port

There is no requirement other than replying to client port 68/udp
as per RFC 2131, so drop the 67/udp check.

Same conclusion from florian
Reported and tested by Roc Vallès < vallesroc AT gmail DOT com>, thanks!

3 years agoDon't exit in certain cases on failures to parse x509 objects.
beck [Thu, 28 Oct 2021 09:02:19 +0000 (09:02 +0000)]
Don't exit in certain cases on failures to parse x509 objects.

In most cases we already warn and continue if someone sends us malformed
x509 objects. This makes this consistent behaviour in all places
so that if someone passes in bogus X509, We end up failing their entry
and continuing rather than exiting.

We still exit on memory/system failures so that a future run of rpki
client can simply do better when the machine is perhaps less hammered
on

ok job@ claudio@

3 years agoadd proper declaration for addr in dt_prov_kprobe_hook
jasper [Thu, 28 Oct 2021 08:47:40 +0000 (08:47 +0000)]
add proper declaration for addr in dt_prov_kprobe_hook

3 years agoincrement SSH_SK_VERSION_MAJOR to match last change
djm [Thu, 28 Oct 2021 02:55:30 +0000 (02:55 +0000)]
increment SSH_SK_VERSION_MAJOR to match last change

3 years agoWhen downloading resident keys from a FIDO token, pass back the
djm [Thu, 28 Oct 2021 02:54:18 +0000 (02:54 +0000)]
When downloading resident keys from a FIDO token, pass back the
user ID that was used when the key was created and append it to
the filename the key is written to (if it is not the default).

Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different
user IDs.

feedback Pedro Martelletto; ok markus

NB. increments SSH_SK_VERSION_MAJOR

3 years agoFix HISTORY section: 6.9 -> 7.0
tb [Wed, 27 Oct 2021 22:11:21 +0000 (22:11 +0000)]
Fix HISTORY section: 6.9 -> 7.0

3 years agoAdd limits on size of certain untrusted inputs
beck [Wed, 27 Oct 2021 21:56:58 +0000 (21:56 +0000)]
Add limits on size of certain untrusted inputs

ok job@

3 years agocreate directory for libxcvt headers
matthieu [Wed, 27 Oct 2021 21:31:31 +0000 (21:31 +0000)]
create directory for libxcvt headers

3 years agoextend checks of ensuring there's valid CTF data before attempting to use it.
jasper [Wed, 27 Oct 2021 21:21:35 +0000 (21:21 +0000)]
extend checks of ensuring there's valid CTF data before attempting to use it.

3 years agoLimit length on URIs
job [Wed, 27 Oct 2021 18:09:08 +0000 (18:09 +0000)]
Limit length on URIs

OK beck@

3 years agoThe crypto layer needs the kernel lock. ah_zeroize() takes it when
bluhm [Wed, 27 Oct 2021 16:58:44 +0000 (16:58 +0000)]
The crypto layer needs the kernel lock.  ah_zeroize() takes it when
called from tdb_walk().  tdb_walk() needs mutex tdb_sadb_mtx to
protect the loop traversal.  First take the kernel lock in tdb_walk()
to preserve lock order.
found by witness
OK tobhe@ mvs@

3 years agouse db_get_probe_addr() instead of handrolling the expression wrapped in ifdef
jasper [Wed, 27 Oct 2021 15:18:12 +0000 (15:18 +0000)]
use db_get_probe_addr() instead of handrolling the expression wrapped in ifdef

ok mpi@

3 years agonew manual page X509_REQ_add_extensions(3)
schwarze [Wed, 27 Oct 2021 14:54:07 +0000 (14:54 +0000)]
new manual page X509_REQ_add_extensions(3)
documenting six functions for extensions in certification requests

3 years agoReplace 'DIAGNOSTIC' block within soqinsque() by KASSERT(9).
mvs [Wed, 27 Oct 2021 13:41:09 +0000 (13:41 +0000)]
Replace 'DIAGNOSTIC' block within soqinsque() by KASSERT(9).

ok sashan@

3 years agoadd some .Xrs involving recently added pages
schwarze [Wed, 27 Oct 2021 11:24:47 +0000 (11:24 +0000)]
add some .Xrs involving recently added pages

3 years agominor tweaks to wording and punctuation,
schwarze [Wed, 27 Oct 2021 11:22:57 +0000 (11:22 +0000)]
minor tweaks to wording and punctuation,
and add .Xrs to relevant objects

3 years agoMinor tweaks:
schwarze [Wed, 27 Oct 2021 10:35:43 +0000 (10:35 +0000)]
Minor tweaks:
* Say "number of bytes" instead of "length of bytes".
* Remove mention of a BUGS section that exists neither here nor in OpenSSL.
* List all authors who contributed Copyright-worthy amounts of text.
* Remove years from the Copyright line that saw no non-trivial changes.
* Add the year 2014: that's when Emilia wrote the i2d_re_X509_tbs() text.
* Improve merge comments.

3 years agoRevert version 1.3 - not allowing the creation of bogus certificates
beck [Wed, 27 Oct 2021 10:22:08 +0000 (10:22 +0000)]
Revert version 1.3 - not allowing the creation of bogus certificates
breaks the ruby regression tests that expect to make bogus certificates
and see that they are rejected :(

I am reverting this for now to make the regress tests pass, and will
bring it back if we decide to patch the regress tests to remove the
problem cases

3 years agoFix to correctly parse the 'to' time into the to_tm
beck [Wed, 27 Oct 2021 09:56:43 +0000 (09:56 +0000)]
Fix to correctly parse the 'to' time into the to_tm

3 years agoAdd ASN1_TIME_diff from OpenSSL.
beck [Wed, 27 Oct 2021 09:50:56 +0000 (09:50 +0000)]
Add ASN1_TIME_diff from OpenSSL.

The symbol is not yet exposed and will show up with tb@'s forthcoming bump

ok tb@ jsing@

3 years agofix spello in comment
jasper [Wed, 27 Oct 2021 09:09:55 +0000 (09:09 +0000)]
fix spello in comment

3 years agoMention vether(4) and mpip(4) interfaces in the create list
solene [Wed, 27 Oct 2021 06:36:51 +0000 (06:36 +0000)]
Mention vether(4) and mpip(4) interfaces in the create list

ok benno@ dlg@

3 years agoregen
visa [Wed, 27 Oct 2021 03:25:11 +0000 (03:25 +0000)]
regen

3 years agoUnlock the kevent(2) system call.
visa [Wed, 27 Oct 2021 03:24:44 +0000 (03:24 +0000)]
Unlock the kevent(2) system call.

Tested by mpi@ and tb@

OK mpi@

3 years agobackport a perl patch to avoid excessive warnings with llvm 13 clang
jsg [Wed, 27 Oct 2021 02:27:34 +0000 (02:27 +0000)]
backport a perl patch to avoid excessive warnings with llvm 13 clang

originally from Tony Cook in
skip using gcc brace groups for STMT_START/END
7169efc77525df70484a824bff4ceebd1fafc760

looks fine millert@ ok afresh1@

3 years agoMerge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1
tb [Tue, 26 Oct 2021 23:37:56 +0000 (23:37 +0000)]
Merge documentation for i2d_re_X509*_tbs(3) from OpenSSL 1.1

3 years agoupdate to libfido2 1.8.0; ok sthen@ "timing is fine" deraadt@
djm [Tue, 26 Oct 2021 21:36:23 +0000 (21:36 +0000)]
update to libfido2 1.8.0; ok sthen@ "timing is fine" deraadt@

3 years agospelling fixes;
jmc [Tue, 26 Oct 2021 18:50:38 +0000 (18:50 +0000)]
spelling fixes;

3 years agosync
tb [Tue, 26 Oct 2021 18:17:09 +0000 (18:17 +0000)]
sync

3 years agoinstall X509_get_extension_flags.3 and X509_SIG_get0.3
tb [Tue, 26 Oct 2021 18:11:04 +0000 (18:11 +0000)]
install X509_get_extension_flags.3 and X509_SIG_get0.3

3 years agoRemove a line documenting that X509_get_X509_PUBKEY(3) is missing
tb [Tue, 26 Oct 2021 18:05:07 +0000 (18:05 +0000)]
Remove a line documenting that X509_get_X509_PUBKEY(3) is missing

discussed with schwarze

3 years agoDocument X509_get0_pubkey.3
tb [Tue, 26 Oct 2021 18:04:24 +0000 (18:04 +0000)]
Document X509_get0_pubkey.3

3 years agoDocument new signature of X509_get_X509_PUBKEY() and remove claim
tb [Tue, 26 Oct 2021 18:01:00 +0000 (18:01 +0000)]
Document new signature of X509_get_X509_PUBKEY() and remove claim
that the API is implemented as a macro. This will change in an
upcoming bump.

3 years agoAdd tlsfeature NID
job [Tue, 26 Oct 2021 17:35:38 +0000 (17:35 +0000)]
Add tlsfeature NID

OK beck@ tb@

3 years agoMake proto config option accept a list to allow specifying multiple
tobhe [Tue, 26 Oct 2021 17:31:22 +0000 (17:31 +0000)]
Make proto config option accept a list to allow specifying multiple
protocols for a single policy, e.g. "proto { ipencap, ipv6 }".

feedback and ok benno@
ok patrick@

3 years agoAdjust regress to the new BIO-free world order.
claudio [Tue, 26 Oct 2021 16:59:54 +0000 (16:59 +0000)]
Adjust regress to the new BIO-free world order.

3 years agoMove load_file() to encoding.c so that regress can use the function.
claudio [Tue, 26 Oct 2021 16:59:19 +0000 (16:59 +0000)]
Move load_file() to encoding.c so that regress can use the function.

3 years agoAdd a new TEMPerHUM device id. style tweak deraadt@, ok mlarkin@
matthieu [Tue, 26 Oct 2021 16:49:12 +0000 (16:49 +0000)]
Add a new TEMPerHUM device id. style tweak deraadt@, ok mlarkin@

3 years agoImprove unhibernate performance (30% on some machines, another upcoming diff
deraadt [Tue, 26 Oct 2021 16:29:49 +0000 (16:29 +0000)]
Improve unhibernate performance (30% on some machines, another upcoming diff
shows gains up to 50%) by skipping attach of irrelevant devices, which are
tagged CD_SKIPHIBERNATE in the per-driver cfdriver.  In particular, usb devices
are not attached, so they don't need to detach during the suspend-unpack-resume.
New bootblocks are required (which tell the kernel it's job is unhibernate
before configure runs)
tested by various

3 years agoRefactor the tal parsing code to use the same load_file() and buffer
claudio [Tue, 26 Oct 2021 16:12:54 +0000 (16:12 +0000)]
Refactor the tal parsing code to use the same load_file() and buffer
passing as done for the other parsers.
OK job@ tb@

3 years agoGeneralise "nameserver" workings
kn [Tue, 26 Oct 2021 15:48:25 +0000 (15:48 +0000)]
Generalise "nameserver" workings

The generated route message is not at all resolvd(8) specific.
Mention how unwind(8) reacts to proposals as well.

"Broadcast" wording deraadt jmc
OK millert

3 years agoAdd RFC 3779 checks to both legacy and new verifier
job [Tue, 26 Oct 2021 15:14:18 +0000 (15:14 +0000)]
Add RFC 3779 checks to both legacy and new verifier

OK beck@

3 years agoFree memory on text exit to make asan quieter
beck [Tue, 26 Oct 2021 14:34:02 +0000 (14:34 +0000)]
Free memory on text exit to make asan quieter

ok tb@

3 years agoEnable vmx(4) on arm64. Tested using VMware Fusion on the Apple M1.
patrick [Tue, 26 Oct 2021 14:20:47 +0000 (14:20 +0000)]
Enable vmx(4) on arm64.  Tested using VMware Fusion on the Apple M1.

ok kettenis@

3 years agosync
deraadt [Tue, 26 Oct 2021 14:15:02 +0000 (14:15 +0000)]
sync

3 years agoOnly flush freshly mapped uncached/device mappings if we have a vm_page for it,
patrick [Tue, 26 Oct 2021 14:13:57 +0000 (14:13 +0000)]
Only flush freshly mapped uncached/device mappings if we have a vm_page for it,
meaning we make sure it is indeed managed memory/RAM and not some MMIO.  Fixes
booting on VMware Fusion (and an older QEMU diff for HVF acceleration).

ok kettenis@