semarie [Mon, 13 May 2024 11:17:40 +0000 (11:17 +0000)]
vfs: VOP_REMOVE: move vnode unlocking and ref dropping to FS-indep part
while here, ensure all vop_remove field are set, and always call the function.
the change is very conservative: it only adds vnode ref drop/unlock where it was
absent because it should be unreachable (and if it wasn't, it should fix
things).
ok miod@
kettenis [Mon, 13 May 2024 10:01:53 +0000 (10:01 +0000)]
Implement hardware masking for MSI and MSI-X on amd64. Note that masking
MSIs can only be done for PCI devices that implement per-vector masking,
which a lot of hardware doesn't implement.
ok mlarkin@
jsg [Mon, 13 May 2024 06:48:26 +0000 (06:48 +0000)]
fix some leaks; ok op@
jsg [Mon, 13 May 2024 01:22:47 +0000 (01:22 +0000)]
remove unneeded extern and struct; ok patrick@
jsg [Mon, 13 May 2024 01:15:50 +0000 (01:15 +0000)]
remove prototypes with no matching function
ok mpi@
jsg [Mon, 13 May 2024 00:16:09 +0000 (00:16 +0000)]
remove some unused defines and externs
isaphysmem and isaphysmempgs were removed in 1998
ok kettenis@
kettenis [Sun, 12 May 2024 20:02:13 +0000 (20:02 +0000)]
Add support for using the power button function of the RK809.
This initiates a graceful powerdown when the powerbutton is pressed
and makes it work as a wakeup from suspend.
ok patrick@
kn [Sun, 12 May 2024 19:47:14 +0000 (19:47 +0000)]
Rerun installboot(8) after fw_update(8) to pick up Apple boot firmware
Firmware is fetched after bootstraps are installed, i.e. on fresh installs
apple-boot is not there yet when installboot ought to place it onto the EFI
System Partition.
Rerun --only on Apple silicon-- to replace Asahi u-boot and boot straight
into ours, nicely visible my different logo.
Input sthen deraadt
tb [Sun, 12 May 2024 17:44:11 +0000 (17:44 +0000)]
Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE
semarie [Sun, 12 May 2024 16:54:56 +0000 (16:54 +0000)]
vfs: reorder tmpfs_fifovops: isolate fifo_vops block
separate the local part from the fifo_vops part, and add a comment to keep in
sync.
ok miod@
semarie [Sun, 12 May 2024 16:51:05 +0000 (16:51 +0000)]
vfs: struct vops: show all members, even if NULL
In order to help code maintenance, explicitly add all `struct vops` members with
the current value (if not present, it is NULL), still using the C99 notation.
ok miod@
guenther [Sun, 12 May 2024 16:49:38 +0000 (16:49 +0000)]
Delete the cpu_perf_e[abd]x and cpu_apmi_edx globals and move the
cpuid uses into identifycpu(), as they aren't needed anywhere else.
ok kettenis@
tb [Sun, 12 May 2024 15:26:46 +0000 (15:26 +0000)]
Tweak wording
tb [Sun, 12 May 2024 15:24:21 +0000 (15:24 +0000)]
Remove a 'built-in' that was left in by accident
mglocker [Sun, 12 May 2024 12:20:36 +0000 (12:20 +0000)]
Introduce debugging levels, to make debugging a bit more useful.
tb [Sun, 12 May 2024 11:52:04 +0000 (11:52 +0000)]
sync
tb [Sun, 12 May 2024 11:50:36 +0000 (11:50 +0000)]
Install X509V3_EXT_get_nid.3
tb [Sun, 12 May 2024 11:49:47 +0000 (11:49 +0000)]
Add minimal manpage documenting the misnamed X509V3_EXT_get_nid()
This avoids a dangling reference in i2s_ASN1_ENUMERATED_TABLE.
To complete this manual, someone will need to document X509V3_EXT_METHOD,
but that's for a much more rainy day than today.
jsg [Sun, 12 May 2024 09:41:09 +0000 (09:41 +0000)]
vm_page_zero_enable was removed in 2015
jsg [Sun, 12 May 2024 09:27:13 +0000 (09:27 +0000)]
remove uvm_swprekeyprint extern for var we never had
jsg [Sun, 12 May 2024 09:19:54 +0000 (09:19 +0000)]
remove ufs_hashlock extern for var we never had
jsg [Sun, 12 May 2024 09:09:39 +0000 (09:09 +0000)]
nfs_procids was removed in 1996
jsg [Sun, 12 May 2024 08:49:26 +0000 (08:49 +0000)]
pcic_isa_intr_list and npcic_isa_intr_list were removed in 1999
jsg [Sun, 12 May 2024 08:44:09 +0000 (08:44 +0000)]
rtw_host_rfio was removed in 2007
jsg [Sun, 12 May 2024 08:42:13 +0000 (08:42 +0000)]
comsiraddr was removed in 2016
jsg [Sun, 12 May 2024 08:31:05 +0000 (08:31 +0000)]
sync_ifp and ticket_pabuf don't exist, remove externs
jsg [Sun, 12 May 2024 08:21:56 +0000 (08:21 +0000)]
ttybuf[] was removed in 2001, ttydefaults in 1988
jsg [Sun, 12 May 2024 06:24:44 +0000 (06:24 +0000)]
defaul -> default; ok jmc@ ratchov@
tb [Sun, 12 May 2024 05:08:59 +0000 (05:08 +0000)]
Avoid .Xr to no longer public X509_LOOKUP_by_subject(3)
looks good to jmc
jmc [Sat, 11 May 2024 20:35:13 +0000 (20:35 +0000)]
sync the cpu(4) pages for i386/amd64:
- remove section headers. in a document little over one screenful in size,
three section headers within DESCRIPTION seems greedy
- mark up sysctl names
- use the more general hw.sensors sysctl name to show cpu temp. the previously
suggested hw.sensors.cpu*.temp0 is no longer universal
guenther [Sat, 11 May 2024 19:21:47 +0000 (19:21 +0000)]
Use %b to format cpu flag info in dmesg, so we have the raw values
too. This is also much more space efficient.
Reduce the cpu flag noise in dmesg by suppressing lines and registers
that are identical with the previous CPU and show -/+ info if there
are any differences.
particular feedback from deraadt@, kettenis@, jsg@, and dv@
ok deraadt@
tb [Sat, 11 May 2024 18:59:39 +0000 (18:59 +0000)]
Move X509V3_add_standard_extensions out of the way
This function is only used by OpenLDAP and it's been a noop since
forever. It has no business to be squeezed in between a number of
other, quite unrelated functions. It's distracting.
tb [Sat, 11 May 2024 18:52:52 +0000 (18:52 +0000)]
Make two NULL checks more explicit
tb [Sat, 11 May 2024 18:48:47 +0000 (18:48 +0000)]
Unwrap a line
jsg [Sat, 11 May 2024 14:49:56 +0000 (14:49 +0000)]
fix prototype; iosf_i2c_relese -> iosf_i2c_release
tb [Sat, 11 May 2024 06:53:19 +0000 (06:53 +0000)]
Sync DSA_METHOD documentation with reality
It is dubious whether this opaque struct's internals should be documented
in the first place. This also has been incomplete since forever. For now
zap the stuff that no longer exists and make an attempt at matching KNF a
bit more closely.
tb [Sat, 11 May 2024 06:43:50 +0000 (06:43 +0000)]
Remove unused DSA methods
There are no accessors to set them, so this has been involved in a bunch
of dead logic ever since we made DSA opaque a few years ago.
ok jsing
tb [Sat, 11 May 2024 05:41:28 +0000 (05:41 +0000)]
Remove unused PEM_USER and PEM_CTX
I could not find any use of this in all of OpenSSL's git history since
SSLeay 0.8.1b.
ok jsing
krw [Fri, 10 May 2024 21:23:32 +0000 (21:23 +0000)]
Revert r1.108. An Intel 11th Gen i5 Framework laptop with a SanDisk SN850 disk
found a way to prevent the kernel from enabling the nvme controller while
resuming.
Fixes resuming on the Framework13.
Problem reported and reversion tested by ian@
millert [Fri, 10 May 2024 20:28:31 +0000 (20:28 +0000)]
pax: make list file handle line-buffered unless it is stderr.
This fixes a problem where the file list output was fully-buffered
when used as part of a pipeline. With this change, files are listed
as they are extracted in verbose mode. OK deraadt@ guenther@
florian [Fri, 10 May 2024 15:02:26 +0000 (15:02 +0000)]
Keep probing upstream servers.
(lib)unbound might mark many servers down in case of a network issue.
This is something that can easily happen for unwind(8).
Problem pointed out by Kirill A. Korinsky in unbound(8).
https://github.com/NLnetLabs/unbound/issues/362
OK sthen
mglocker [Fri, 10 May 2024 10:49:10 +0000 (10:49 +0000)]
Make the kernel compile also when turning on debugging.
ok mpi@
claudio [Fri, 10 May 2024 09:21:41 +0000 (09:21 +0000)]
Regen
claudio [Fri, 10 May 2024 09:21:01 +0000 (09:21 +0000)]
The ptsignal() race against p_sigmask changes by dosigsuspend() are fixed.
Unlock sigsuspend() and __thrsigdivert() again.
asou [Fri, 10 May 2024 06:46:14 +0000 (06:46 +0000)]
Correct display the details of COMMAND using the ps command from the kernel
crash dump.
OK millert@
mglocker [Fri, 10 May 2024 06:14:10 +0000 (06:14 +0000)]
Fix broken debugging.
tb [Fri, 10 May 2024 05:12:03 +0000 (05:12 +0000)]
Add missing EC_KEY_free()
While eckey_from_explicit_params() frees *out_eckey, eckey_from_object()
and eckey_from_params() do not. These functions are currently all callled
with a NULL *out_eckey, but the latter two would leak if that should ever
change.
ok jsing
tb [Fri, 10 May 2024 05:08:05 +0000 (05:08 +0000)]
Remove fixed nonce length information from algorithm2
This information has been part of tls12_key_block_generate() for a while
now. It remained in this table because at that point SSL_CIPHER was still
public. Nothing can access algorithm2 anymore from the outside, so this is
dead weight.
ok jsing
tb [Fri, 10 May 2024 04:53:55 +0000 (04:53 +0000)]
Inline dsa_builtin_keygen() in DSA_generate_key()
ok djm
jsg [Fri, 10 May 2024 03:50:12 +0000 (03:50 +0000)]
make pf_match_rule() prototype match the function
tb [Thu, 9 May 2024 20:57:49 +0000 (20:57 +0000)]
Make the openssl_dsa_meth static const
tb [Thu, 9 May 2024 20:56:52 +0000 (20:56 +0000)]
Move openssl_dsa_meth below the methods it uses
no functional change
tb [Thu, 9 May 2024 20:43:36 +0000 (20:43 +0000)]
Make the DH_METHOD static const
tb [Thu, 9 May 2024 20:40:42 +0000 (20:40 +0000)]
Move public API and DH_METHOD to the bottom of the file
no functional change
jmc [Thu, 9 May 2024 17:57:36 +0000 (17:57 +0000)]
sync the SSL text; ok tb
jmc [Thu, 9 May 2024 17:22:20 +0000 (17:22 +0000)]
- drop ref to non-installed g++(1) page
- drop ref to clang that isn;t particularly helpful and only relevant
to some platforms, as suggested by kettenis
mglocker [Thu, 9 May 2024 17:05:22 +0000 (17:05 +0000)]
Enable ufshci(4) on amd64.
ok kettenis@ deraadt@
tb [Thu, 9 May 2024 14:29:08 +0000 (14:29 +0000)]
Tiny style tweaks in X509_REQ_add_extension_nid()
Test & assign and use ret instead of rv.
ok jsing
tb [Thu, 9 May 2024 14:27:21 +0000 (14:27 +0000)]
Streamline X509_REQ_check_private_key() a bit
Use better variable names, split the success from the error path and
return directly rather than using an ok variable.
ok jsing
tb [Thu, 9 May 2024 14:22:16 +0000 (14:22 +0000)]
Zap some extra parentheses in X509_REQ_get_pubkey()
ok jsing
tb [Thu, 9 May 2024 14:20:57 +0000 (14:20 +0000)]
Clean up X509_to_X509_REQ()
Use better variable names. X509_REQ_new() sets the version to the only
specified version, so there is no point to set it. Extract the subject
name, then assign to make it more obvious that we error happens if the
cert has a missing subject. Switch to X509_get0_pubkey() to avoid some
strange dance with a strangely named variable to adjust the refcount.
ok jsing
tb [Thu, 9 May 2024 14:00:52 +0000 (14:00 +0000)]
Further simplify X509_REQ_get_extensions()
Instead of inlining a poor version of ASN1_TYPE_unpack_sequence() with
missing error checks, just call the real thing. It's safer and simpler.
ok jsing
djm [Thu, 9 May 2024 09:46:47 +0000 (09:46 +0000)]
simplify exit message handling, which was more complicated than
it needed to be because of unexpunged ssh1 remnants. ok markus@
florian [Thu, 9 May 2024 08:35:40 +0000 (08:35 +0000)]
ctime(3) and ctime_r(3) can fail when timestamps are way off.
Add missing error checks to all calls under sbin/
Input kettenis, millert
OK millert
florian [Thu, 9 May 2024 08:35:03 +0000 (08:35 +0000)]
ctime(3) and ctime_r(3) can fail when timestamps are way off.
Add missing error checks to all calls under libexec/
Input kettenis, millert
OK millert
mglocker [Thu, 9 May 2024 08:24:09 +0000 (08:24 +0000)]
Back then I faced intermittent file-system corruptions for which setting
FUA (Force Unit Access) did help. In the meantime it turned out that
those file-system corruptions were most likely caused by the slot issues.
Now that we fixed the slot management and limited to one slot for now,
remove FUA again, which increases the write performance significantly.
mglocker [Thu, 9 May 2024 08:21:52 +0000 (08:21 +0000)]
Sprinkle some more DPRINTFs.
mglocker [Thu, 9 May 2024 08:20:22 +0000 (08:20 +0000)]
Pack hardware descriptor structures.
mglocker [Thu, 9 May 2024 08:18:20 +0000 (08:18 +0000)]
Parse the OCS response value for completed commands, and set error on
failure.
mglocker [Thu, 9 May 2024 08:16:32 +0000 (08:16 +0000)]
Perform bus DMA synchronization to update the command descriptors.
mglocker [Thu, 9 May 2024 08:13:57 +0000 (08:13 +0000)]
Use 1U for bit operations on 32-bit registers.
Proposed by dlg@
mglocker [Thu, 9 May 2024 08:12:22 +0000 (08:12 +0000)]
Don't do math on KVA to get the required slot offset since that could
cause invalid pointers depending on the compiler interpretation of
(void *). Instead work with the structure pointer itself.
Proposed by dlg@
mglocker [Thu, 9 May 2024 08:09:17 +0000 (08:09 +0000)]
Don't use the task id for UPIU commands. We don't use task management
commands yet.
mglocker [Thu, 9 May 2024 08:06:42 +0000 (08:06 +0000)]
Don't schedule interrupt aggregation when commands are still in-progress.
As of the documentation:
"NOTE Write operations to IACTH and IATOVAL are only allowed when no
commands are outstanding."
Instead we only schedule interrupt aggregation at the start of the
SCSI command call, when all commands have completed.
mglocker [Thu, 9 May 2024 08:04:48 +0000 (08:04 +0000)]
Prevent that scheduling of new commands is interfering with processing
of completed commands with a command mutex.
mglocker [Thu, 9 May 2024 08:02:59 +0000 (08:02 +0000)]
Don't relay on the doorbell register to track our slots. As of the
documentation:
"UTRLDBR is a volatile register; software should only use its value to
determine commands that have completed, not to determine which commands
have previously been issued."
Instead we use the CCB structure to track our slots, as proposed by dlg@.
CAVEAT: Since using more than one slot is currently causing OCS errors,
we limit the slots to one until we can find a solution.
tb [Thu, 9 May 2024 07:55:48 +0000 (07:55 +0000)]
ssl_ciph.c: unwrap a line
tb [Thu, 9 May 2024 07:47:50 +0000 (07:47 +0000)]
Remove leftover logic of SSL2 support
SSL2_CF_8_BYTE_ENC was set by things such as RC4_64_WITH_MD5, which fell
victim to tedu's axe a decade ago. Zap that.
ok jsing
tb [Thu, 9 May 2024 07:12:03 +0000 (07:12 +0000)]
Plug a "leak" in ssl_security_group()
The way the CBB API is used, CBB_add_u16() and CBB_finish() can't actually
fail here, but if they could, cbb->base would leak. Rewrite this code with
the proper idioms to make it look right.
ok jsing
tb [Thu, 9 May 2024 06:08:11 +0000 (06:08 +0000)]
Align RSA and EC key generation with each other
Being two different cryptographic primitives, it is clear that there must
be some differences between RSA and EC keygen, but they don't have to be
entirely different. We need to set the key type, RSA needs a bit size and
ECDSA needs a curve. That's all the differences there need to be.
Garbage collect a few useless elses and avoid two exit labels paths where
one would do just fine.
As another small bonus, this file no longer uses "deprecated API", so the
portable fork can get rid of an ugly openssl 3 patch if they want to.
ok florian
guenther [Wed, 8 May 2024 18:00:55 +0000 (18:00 +0000)]
Suppress cache-info dmesg lines when they are identical to the
previous cpu.
testing on hybrid box by jmatthew@
suggestions from kettenis@
ok deraadt@
jan [Wed, 8 May 2024 17:52:11 +0000 (17:52 +0000)]
ixl(4): force mss of tso packets in hardware supported range.
ok bluhm@
tb [Wed, 8 May 2024 16:35:05 +0000 (16:35 +0000)]
fix line wrapping in function definition
jmc [Wed, 8 May 2024 15:30:26 +0000 (15:30 +0000)]
- for pwraction, point to acpibtn(4)
- for lidaction, document the value 0
- for lidaction, adjust the description to a format similar
to that of pwraction
ok kettenis deraadt
jsing [Wed, 8 May 2024 15:13:23 +0000 (15:13 +0000)]
Add more regress coverage for lhash.
stsp [Wed, 8 May 2024 14:03:54 +0000 (14:03 +0000)]
fix iwx(4) monitor mode
Monitor mode was broken by a recent firmware update. Two tweaks make
it work again:
1) The firmware does not like us sending the power-mode command while
in monitor mode and will panic, so simply don't do that.
2) We no longer add two queues while in monitor mode, just one queue
for frame injection. This queue's index will be 1, not 2. Make the
driver expect the correct index to prevent an error when monitor mode
is entered.
tested by jmc@ and myself on iwx ax200
stsp [Wed, 8 May 2024 14:02:59 +0000 (14:02 +0000)]
disable the regular ieee80211_encap() Tx path in monitor mode
Frames injected from user space carry the DLT_IEEE802_11_RADIO
mbuf tag, and are handled as a special case. Do not fall back
to regular encapsulation while we are in monitor mode and the
frame injected by userspace is found to be invalid.
This fixes an issue when iwx(4) runs in monitor mode with addresses
configured on the interface and leaving 11n/11ac mode directly for
monitor mode. In this case, traffic generated by userspace or the
kernel (such as ICMPv6) would trigger Tx attempts, which in turn
would trigger an attempt to set up a block ACK agreement and then
cause a firmware panic.
This points at a related issue where interface configuration state
is not properly cleaned up while switching into monitor mode.
The 11n/11ac interface config should ideally be cleared completely,
preventing block ack from being initiated.
But preventing the stack from trying to send frames down the regular
Tx path in monitor mode is a good idea in general because drivers may
not handle this very well for various reasons, block ack being just one.
tested by jmc@ and myself on iwx ax200
claudio [Wed, 8 May 2024 13:05:33 +0000 (13:05 +0000)]
Rework how action SIG_HOLD is handled in ptsignal.
Since we want to unlock sigsuspend, ptsignal needs to double check in the
SSLEEP case that the signal being delivered is still masked or unmasked.
Remove the early return for action SIG_HOLD so that the SSLEEP case can
properly recheck the sigmask.
On top of this update siglist only in one place at the end of ptsignal
this now includes the clearing of signals for the SA_CONT and SA_STOP
cases.
OK mpi@
bluhm [Wed, 8 May 2024 13:01:30 +0000 (13:01 +0000)]
Fix route leak in ip input.
In previous commit when refactoring the route cache, a rtfree() has
been forgotten. For each forwarded packet the reference counter
of the route entry was increased. This eventually leads to an
integer overflow and triggers kassert.
reported by and OK jan@
tb [Wed, 8 May 2024 09:41:33 +0000 (09:41 +0000)]
Avoid OpenSSL SSL repetitions
with the help of jmc
tb [Wed, 8 May 2024 08:24:23 +0000 (08:24 +0000)]
avoid various repetitions in the descriptions of libcrypto and libssl
with/ok jmc
tb [Wed, 8 May 2024 08:20:08 +0000 (08:20 +0000)]
Simplify X509_REQ_get_extensions()
Now that we know the two OIDs we need to look for when checking for the
extension list attribute in a certification request, we can simplify this
quite a bit. There is one change of behavior. Attribute value sets are not
supposed to be empty and it makes no sense to return an empty stack of
extensions in that case, return NULL instead, matching BoringSSL.
This removes last use of ext_nids and ext_nid_list[], so these two bits
of unprotected global mutable state can now join the party in the attic.
ok jsing
tb [Wed, 8 May 2024 08:11:50 +0000 (08:11 +0000)]
Simplify X509_REQ_extension_nid()
Now that the global ext_nids[] array can no longer be modified by the
application, we can simplify this by returning the two possible NIDs
that we accept in the extension list attribute in PKCS#10 certification
requests.
The year is 2024. This API is entirely unused by the ecosystem. Well not
entirely! One small village of indomitable rare API use still holds out
against the cleansers. You may have guessed it: security/xca.
ok jsing
tb [Wed, 8 May 2024 07:55:10 +0000 (07:55 +0000)]
Defang X509_REQ_{s,g}et_extension_nids()
These fiddle with unprotected global state, so aren't thread safe and
of course there was no good reason to have this API in the first place.
Nothing uses it, so it becomes a noop and will be removed in the next
major bump.
ok jsing
tb [Wed, 8 May 2024 06:54:43 +0000 (06:54 +0000)]
symbols test: drop headers that don't define any symbols
djm [Tue, 7 May 2024 23:40:53 +0000 (23:40 +0000)]
avoid memcpy(malloc(0), ..., 0), which is not portable.
ok florian@
tb [Tue, 7 May 2024 21:00:18 +0000 (21:00 +0000)]
openssl: toolkit implementing the TLS v1 protocol is weird
Well, it's a toolkit alright, and a terrible one at that, but TLS v1
(which is this beloved toolkit's name for TLS v1.0) is a thing firmly
from the past, so drop the v1.
tb [Tue, 7 May 2024 20:40:07 +0000 (20:40 +0000)]
PEM_read_bio_PrivateKey: fix grammar
This old [...] routines use [...] -> These old [...] routines [...]
jan [Tue, 7 May 2024 18:35:23 +0000 (18:35 +0000)]
Additional check for TSO packets with 0 MSS.
Tested by bluhm
ok bluhm@
claudio [Tue, 7 May 2024 15:54:23 +0000 (15:54 +0000)]
rw_enter() with RW_NOSLEEP returns EBUSY and not the expected EWOULDBLOCK
This fixes random gmake failures during ports builds caused by:
gmake[2]: *** read jobs pipe: Device busy. Stop.
Fix verified by tb@ on his bulk build box
OK mvs@ tb@