openbsd
17 months agouvm_coredump(9) was removed in 2015 (commitid dNPv28CJI5BxtRGW) as
guenther [Fri, 19 May 2023 18:43:16 +0000 (18:43 +0000)]
uvm_coredump(9) was removed in 2015 (commitid dNPv28CJI5BxtRGW) as
real processes have been dumped using uvm_coredump_walkmap(9) since
2009-03-05Z19:52:24.  Document the current API.

17 months agoAdd missing rsa_security_bit() handler to the RSA-PSS ASN1_METHOD
tb [Fri, 19 May 2023 17:31:20 +0000 (17:31 +0000)]
Add missing rsa_security_bit() handler to the RSA-PSS ASN1_METHOD

Prompted by a report by Steffen Ullrich on libressl@openbsd.org

ok jsing

17 months agofix markup for `maildir' in smtpd.conf(5)
op [Fri, 19 May 2023 15:18:06 +0000 (15:18 +0000)]
fix markup for `maildir' in smtpd.conf(5)

pathname and junk are both optional, but indipendently so.

ok aisha, millert

17 months agoAdd format for server_sessions, from Magnus Gross.
nicm [Fri, 19 May 2023 07:46:34 +0000 (07:46 +0000)]
Add format for server_sessions, from Magnus Gross.

17 months agomake Paths fully OO, as it makes some things simpler
espie [Fri, 19 May 2023 07:37:11 +0000 (07:37 +0000)]
make Paths fully OO, as it makes some things simpler

17 months agothis parameter does not exist
espie [Fri, 19 May 2023 07:30:40 +0000 (07:30 +0000)]
this parameter does not exist

17 months agoremove indirect calls
espie [Fri, 19 May 2023 07:25:16 +0000 (07:25 +0000)]
remove indirect calls

17 months agoSince waitid(2) shares code with wait4(2) and doesn't expose any
guenther [Fri, 19 May 2023 01:12:23 +0000 (01:12 +0000)]
Since waitid(2) shares code with wait4(2) and doesn't expose any
non-trivial new information or code-paths over wait4(), include
it in pledge("stdio")

discussed with deraadt@

17 months agoMove tcp_info structure to be under '#if __BSD_VISIBLE' to repair
guenther [Fri, 19 May 2023 01:04:39 +0000 (01:04 +0000)]
Move tcp_info structure to be under '#if __BSD_VISIBLE' to repair
compliance with POSIX/SUS restrictions on <netinet/tcp.h>

ok bluhm@
ports testing and ok sthen@

17 months agobackout alignment changes (breaking at least two architectures)
deraadt [Fri, 19 May 2023 00:54:27 +0000 (00:54 +0000)]
backout alignment changes (breaking at least two architectures)

17 months agouser: handle paths with whitespace / metacharacters
millert [Thu, 18 May 2023 18:29:28 +0000 (18:29 +0000)]
user: handle paths with whitespace / metacharacters
Use execv(3) instead of system(3) to run external commands.
This avoids problems with whitespace and shell metacharacters
in path names.  OK op@

17 months agoIf you disable retpolineplt then _dl_bind_start is called with an
guenther [Thu, 18 May 2023 16:33:39 +0000 (16:33 +0000)]
If you disable retpolineplt then _dl_bind_start is called with an
indirect branch, so include an endbr64 Just In Case.

ok deraadt@

17 months agoadjust style to post v5.36 world
espie [Thu, 18 May 2023 16:30:01 +0000 (16:30 +0000)]
adjust style to post v5.36 world

17 months agomemmove() entry point is declared with NENTRY() and isn't consecutive
guenther [Thu, 18 May 2023 16:14:05 +0000 (16:14 +0000)]
memmove() entry point is declared with NENTRY() and isn't consecutive
with an ENTRY(), so it needs its own endbr64 for IBT

ok deraadt@

17 months agoAdd PROTO_NORMAL() declarations for the remaining syscalls, to avoid
guenther [Thu, 18 May 2023 16:11:09 +0000 (16:11 +0000)]
Add PROTO_NORMAL() declarations for the remaining syscalls, to avoid
future, inadvertant PLT entries.  Move the __getcwd and __realpath
declarations to hidden/{stdlib,unistd}.h to consolidate and remove
duplication.

ok tb@ otto@ deraadt@

17 months agoAdd PROTO_NORMAL() declarations for utrace (and ktrace) syscalls
guenther [Thu, 18 May 2023 16:07:12 +0000 (16:07 +0000)]
Add PROTO_NORMAL() declarations for utrace (and ktrace) syscalls
so that the internal call can't be interposed over by the app.

ok tb@ otto@ deraadt@

17 months agoAssert pf lock on interface handling
kn [Thu, 18 May 2023 14:11:18 +0000 (14:11 +0000)]
Assert pf lock on interface handling

Make sure that all hooks into pf's internal list of interfaces do happen
with the pf lock held, i.e. nothing relies on the net lock alone, so that
later unlocking can then rely on it.

Full i386 regress (thanks bluhm) and daily usage are fine
OK sashan

17 months agosc_st_mtx is not sufficient protection to move state around
sashan [Thu, 18 May 2023 12:10:04 +0000 (12:10 +0000)]
sc_st_mtx is not sufficient protection to move state around
pfsync(4) queues. We also need to grab pf_state::mtx to put/remove
state instance safely from pfsync(4) queue. The issue has been
pointed out by bluhm@. Patch survived testing done by hrvoje@

OK dlg@

17 months agoregen
mvs [Thu, 18 May 2023 10:24:28 +0000 (10:24 +0000)]
regen

17 months agoBackout sysctl(2) unlocking. Lock order issue was triggered in UVM
mvs [Thu, 18 May 2023 10:23:19 +0000 (10:23 +0000)]
Backout sysctl(2) unlocking. Lock order issue was triggered in UVM
layer.

17 months agoRevert ip_sysctl() unlocking. Lock order issue was triggered in UVM
mvs [Thu, 18 May 2023 09:59:43 +0000 (09:59 +0000)]
Revert ip_sysctl() unlocking. Lock order issue was triggered in UVM
layer.

17 months agoUse TSO offloading in ix(4).
jan [Thu, 18 May 2023 08:22:37 +0000 (08:22 +0000)]
Use TSO offloading in ix(4).

With a lot of tweaks, improvements and testing from bluhm.

Thanks to Hrvoje Popovski from the University of Zagreb for
his great testing effort to make this happen.

ok bluhm

17 months agoMake two corrections to the vfork(2) stub:
guenther [Thu, 18 May 2023 04:26:06 +0000 (04:26 +0000)]
Make two corrections to the vfork(2) stub:
 * with IBT, it can't return via an indirect jump as that would
   require the *caller* to have an endbr64
 * to support a potential vmspace-sharing implementation, keep the
   retguard value in an arg register across the underlying syscall

ok kettenis@ deraadt@

17 months agoAdd qcmtx(4), a driver for the hardware spinlock on Qualcomm SoCs that
patrick [Wed, 17 May 2023 23:30:58 +0000 (23:30 +0000)]
Add qcmtx(4), a driver for the hardware spinlock on Qualcomm SoCs that
is used to synchronize access to the shared memory table between the
application cores we run on and the co-processors next to us.

ok kettenis@ drahn@

17 months agoAdd a framework for hardware locks.
patrick [Wed, 17 May 2023 23:25:45 +0000 (23:25 +0000)]
Add a framework for hardware locks.

ok kettenis@ drahn@

17 months agoAdd qcipcc(4), a driver for the inter-processor mailbox interface used
patrick [Wed, 17 May 2023 23:18:59 +0000 (23:18 +0000)]
Add qcipcc(4), a driver for the inter-processor mailbox interface used
to inform (and get informed) of changes to shared memory state.

ok kettenis@

17 months agoAdd support for the Peripheral Authentication Service SMC interface.
patrick [Wed, 17 May 2023 23:12:04 +0000 (23:12 +0000)]
Add support for the Peripheral Authentication Service SMC interface.
These are used to authenticate and boot firmware images on the many
coprocessors embedded in Qualcomm SoCs.

ok kettenis@

17 months agoImplement battery management sysctl. This will provide a set of sysctls
kettenis [Wed, 17 May 2023 22:12:51 +0000 (22:12 +0000)]
Implement battery management sysctl.  This will provide a set of sysctls
to control the charging of laptop batteries:

* hw.battery.chargemode (int)

  -1: force discharge
   0: inhibit charge
   1: auto

In auto mode charging may be controlled by:

* hw.battery.chargestop (int)

  Percentage (0-100) of last full capacity at which the battery should
  stop charging.

* hw.battery.chargestart (int)

  Percentage (0-100) of last full capacity at which the battery should
  start charging.

The idea is that with

  hw.battery.chargemode=1
  hw.battery.chargestop=80
  hw.battery.chargestart=75

the battery would be kept charged within the range between 75% and 80%.

Allowable settings and some details of the behavior may differ between
hardware implementations.

Committing this early to easy testing of further diffs that implement this
functionality in acpithinkpad(4) and aplsmc(4).

ok kn@

17 months agoTolerate difference in some of the features advertised by the
kettenis [Wed, 17 May 2023 21:45:41 +0000 (21:45 +0000)]
Tolerate difference in some of the features advertised by the
ID_AA64PFR0_EL1 register across cores.  The CSV2/CSV3 features are handled
on a per-core basis so it is fine if they are different.  And we only
support 64-bit userland so it is fine if the EL0/EL1/EL2/EL3 fields are
different too.

This prevents us from printing a warning on the Rockchip RK3588 SoC which
combines Cortex-A55 with Cortex-A76 that implement a sightly different
feature set.

ok deraadt@, mlarkin@

17 months agofix -n
espie [Wed, 17 May 2023 21:15:03 +0000 (21:15 +0000)]
fix -n

17 months agoLenovo x13s requires a Qualcomm firmware file which is 13.7MB, so increase
patrick [Wed, 17 May 2023 20:23:14 +0000 (20:23 +0000)]
Lenovo x13s requires a Qualcomm firmware file which is 13.7MB, so increase
the limit from 5MB to 15MB.

What does it contain?  A full copy of Windows VM framework?  For now, we
need it to read the battery status...

"go for it" deraadt@

17 months agostop using old-style prototypes except where strictly necessary
espie [Wed, 17 May 2023 15:51:58 +0000 (15:51 +0000)]
stop using old-style prototypes except where strictly necessary
(for try/catch)

signatures will be much more powerful once I move to 5.36

17 months agoactually fix caching for release/stable
espie [Wed, 17 May 2023 15:45:36 +0000 (15:45 +0000)]
actually fix caching for release/stable
$r2 computation was wrong, led to an undef, which autovivification promptly
masked

17 months agoMake function and symmetry obvious by renaming PRT_make() to
krw [Wed, 17 May 2023 12:59:37 +0000 (12:59 +0000)]
Make function and symmetry obvious by renaming PRT_make() to
PRT_prt_to_dp() and PRT_parse() to PRT_dp_to_prt().

No functional change.

17 months agofix stoeplitz_hash_h32.
dlg [Wed, 17 May 2023 10:22:17 +0000 (10:22 +0000)]
fix stoeplitz_hash_h32.

discussed with and ok tb@

17 months agoUse crypto_internal.h's CTASSERT()
tb [Wed, 17 May 2023 07:42:38 +0000 (07:42 +0000)]
Use crypto_internal.h's CTASSERT()

Now that this macro is available in a header, let's use that version
rather than copies in several .c files.

discussed with jsing

17 months agoClean up alignment handling for SHA-512.
jsing [Wed, 17 May 2023 06:37:14 +0000 (06:37 +0000)]
Clean up alignment handling for SHA-512.

All assembly implementations are required to perform their own alignment
handling. In the case of the C implementation, on strict alignment
platforms, unaligned data will be copied into an aligned buffer. However,
most platforms then perform byte-by-byte reads (via the PULL64 macros).

Instead, remove SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA and alignment
handling to sha512_block_data_order() - if the data is aligned then simply
perform 64 bit loads and then do endian conversion via be64toh(). If the
data is unaligned then use memcpy() and be64toh() (in the form of
crypto_load_be64toh()). Overall this reduces complexity and can improve
performance (on aarch64 we get a ~10% performance gain with aligned input
and about ~1-2% gain on armv7), while the same movq/bswapq is generated
for amd64 and movl/bswapl for i386.

ok tb@

17 months agoadd LTESTS_FROM variable to allow skipping of tests up to a specific
djm [Wed, 17 May 2023 05:52:01 +0000 (05:52 +0000)]
add LTESTS_FROM variable to allow skipping of tests up to a specific
point. e.g. "make LTESTS_FROM=t-sftp" will only run the sftp.sh test
and subsequent ones. ok dtucker@

17 months agoAdd support for disassembling CET (including endbr64), XSS, OSPKE,
guenther [Wed, 17 May 2023 01:57:15 +0000 (01:57 +0000)]
Add support for disassembling CET (including endbr64), XSS, OSPKE,
clflushopt, clwb, ptwrite, rdpid, serialize, WAITPKG, and vmfunc
extensions, as well as part of TSX.  tpause and umonitor addr size
handling isn't 100% correct, but good enough to get the instruction
boundary.

Correct decoding of rex64 {fxsave,fxrstor,xsave,xrstor,xsaveopt}
to instead use a '64' suffix, ala "fxsave64".

"good enough" ok kettenis@ deraadt@ mlarkin@

17 months agouseradd: use "cp" instead of "pax" to copy dot files
millert [Tue, 16 May 2023 21:28:46 +0000 (21:28 +0000)]
useradd: use "cp" instead of "pax" to copy dot files
There are some minor semantic differences but nothing that should
affect files in /etc/skel.  OK op@

17 months agoadd net.inet.tcp.tso;
jmc [Tue, 16 May 2023 21:13:19 +0000 (21:13 +0000)]
add net.inet.tcp.tso;
ok jan bluhm

17 months agoAlways set maximum queue length to passed in the IFQCTL_MAXLEN case.
mvs [Tue, 16 May 2023 20:09:27 +0000 (20:09 +0000)]
Always set maximum queue length to passed in the IFQCTL_MAXLEN case.
This is not the fast path, so dropping mq->mq_maxlen check doesn't
introduce any performance impact, but makes code MP consistent.

Discussed with and ok from bluhm@

17 months agoReplace tab by space after #define in PR_* definitions.
mvs [Tue, 16 May 2023 19:44:55 +0000 (19:44 +0000)]
Replace tab by space after #define in PR_* definitions.

ok bluhm@

17 months agoIntroduce temporary PR_MPSYSCTL flag to mark (*pr_sysctl)() handler MP
mvs [Tue, 16 May 2023 19:36:00 +0000 (19:36 +0000)]
Introduce temporary PR_MPSYSCTL flag to mark (*pr_sysctl)() handler MP
safe. We have may of them, so use flag instead of pushing kernel lock
within.

Unlock ip_sysctl(). Still take kernel lock within IPCTL_MRTSTATS case.
It looks like `mrtstat' protection is inconsistent, so keep locking as
it was. Since `mrtstat' are counters, it make sense to rework them into
per CPU counters with separate diffs.

Feedback and ok from bluhm@

17 months agoecdhtest: check malloc() return values
tb [Tue, 16 May 2023 18:41:18 +0000 (18:41 +0000)]
ecdhtest: check malloc() return values

From Ilya Chipitsine

17 months agosome fatal -> fatalx to improved logging
op [Tue, 16 May 2023 17:48:52 +0000 (17:48 +0000)]
some fatal -> fatalx to improved logging

errno doesn't generally contains anything useful after libtls functions,
and in most cases it's explicitly cleared to avoid misuse, so change a
few fatal() calls to fatalx() when logging libtls failures.  Also, add
the real error string, via tls_error() or tls_config_error(), that was
missing before.

ok millert@

17 months agoRRDP snapshots should encode publish elements only once. If encountered
claudio [Tue, 16 May 2023 17:01:31 +0000 (17:01 +0000)]
RRDP snapshots should encode publish elements only once. If encountered
fail the transfer and fall back to rsync.

When more than one publish element for the same file exist the RP does
not know which one to choose. Lets fail the RRDP transfer in this case
and fall back to rsync. CA that publish a file more than once are buggy
and need to be fixed.
OK job@ tb@

17 months agoexplicitly rename internal methods with an _
espie [Tue, 16 May 2023 16:55:32 +0000 (16:55 +0000)]
explicitly rename internal methods with an _

17 months agoclean visible interface a bit: Ustar does not use errsay (but ArcCheck does)
espie [Tue, 16 May 2023 16:45:04 +0000 (16:45 +0000)]
clean visible interface a bit: Ustar does not use errsay (but ArcCheck does)
and having a forwarder for system for ONE use is a bit much !

17 months agocleaner documentation of what's going on
espie [Tue, 16 May 2023 14:33:04 +0000 (14:33 +0000)]
cleaner documentation of what's going on

17 months agoUse separate IFCAPs for LRO and TSO.
jan [Tue, 16 May 2023 14:32:54 +0000 (14:32 +0000)]
Use separate IFCAPs for LRO and TSO.

This diff introduces separate capabilities for TCP offloading.  We split this
into LRO (large receive offloading) and TSO (TCP segmentation offloading).
LRO can be turned on/off via tcprecvoffload option of ifconfig and is not
inherited to sub interfaces.

TSO is inherited by sub interfaces to signal this hardware offloading capability
to the network stack.

With tweaks from bluhm, claudio and dlg

ok bluhm, claudio

17 months agostart un-exposing some internal methods
espie [Tue, 16 May 2023 14:31:54 +0000 (14:31 +0000)]
start un-exposing some internal methods

17 months agoditch subclasses for PackingList: I ended up never using this anywhere
espie [Tue, 16 May 2023 14:31:26 +0000 (14:31 +0000)]
ditch subclasses for PackingList: I ended up never using this anywhere

17 months agouse the new set_destdir interface
espie [Tue, 16 May 2023 14:30:55 +0000 (14:30 +0000)]
use the new set_destdir interface

17 months agoavoid the "indirect object" call, as it won't work with v5.36
espie [Tue, 16 May 2023 14:30:12 +0000 (14:30 +0000)]
avoid the "indirect object" call, as it won't work with v5.36
document a few useful details
introduce a less confusing set_destdir inteface for later

17 months agoexplain why there is a hierarchy with one single subclass, because
espie [Tue, 16 May 2023 14:29:20 +0000 (14:29 +0000)]
explain why there is a hierarchy with one single subclass, because
we never know when we may need to change crypto-hashes!

17 months agodocument a few small details, some of them non-obvious like
espie [Tue, 16 May 2023 14:28:39 +0000 (14:28 +0000)]
document a few small details, some of them non-obvious like
the inheritance hierarchy or the exact interface for ->add

17 months agoadd missing pointer invalidation
jcs [Tue, 16 May 2023 14:10:43 +0000 (14:10 +0000)]
add missing pointer invalidation

ok tb

17 months agodocument extra parameter that's used by pkg_check
espie [Tue, 16 May 2023 14:04:16 +0000 (14:04 +0000)]
document extra parameter that's used by pkg_check

17 months agotypo
espie [Tue, 16 May 2023 11:53:01 +0000 (11:53 +0000)]
typo

17 months agothe old "indirect method call" was deprecated recently (apart from
espie [Tue, 16 May 2023 11:20:00 +0000 (11:20 +0000)]
the old "indirect method call" was deprecated recently (apart from
mimicing perl base syntax on fh objects and the likes), so use the
more consistent class->method calling method in examples (and in code)

17 months agoState -> BaseState, for lightweight requirements
espie [Tue, 16 May 2023 10:52:58 +0000 (10:52 +0000)]
State -> BaseState, for lightweight requirements

17 months agoreflect reality better: document set_description and friends
espie [Tue, 16 May 2023 10:51:36 +0000 (10:51 +0000)]
reflect reality better: document set_description and friends

17 months agosince apparently, the "example" conf is not free-form (adding comments
espie [Tue, 16 May 2023 09:02:50 +0000 (09:02 +0000)]
since apparently, the "example" conf is not free-form (adding comments
would break scripts, go figure), highlight the staging servers so that
people with non-standard configurations (challenge/response) get a chance
at figuring things out.

okay tb@

17 months agoClean up SHA-512 input handling and round macros.
jsing [Tue, 16 May 2023 07:04:57 +0000 (07:04 +0000)]
Clean up SHA-512 input handling and round macros.

Avoid reach around and initialisation outside of the macro, cleaning up
the call sites to remove the initialisation. Use a T2 variable to more
closely follow the documented algorithm and remove the gorgeous compound
statement X = Y += A + B + C.

There is no change to the clang generated assembly on aarch64.

ok tb@

17 months agouser: simplify memsave() to strsave()
millert [Mon, 15 May 2023 17:00:24 +0000 (17:00 +0000)]
user: simplify memsave() to strsave()
All callers of memsave() pass strlen(s) as the size argument.
We can eliminate the size argument and just use strdup(3) instead.
OK tb@

17 months agoImplement the TCP/IP layer for hardware TCP segmentation offload.
bluhm [Mon, 15 May 2023 16:34:56 +0000 (16:34 +0000)]
Implement the TCP/IP layer for hardware TCP segmentation offload.
If the driver of a network interface claims to support TSO, do not
chop the packet in software, but pass it down to the interface
layer.
Precalculate parts of the pseudo header checksum, but without the
packet length.  The length of all generated smaller packets is not
known yet.  Driver and hardware will use the mbuf packet header
field ph_mss to calculate it and update checksum.
Introduce separate flags IFCAP_TSOv4 and IFCAP_TSOv6 as hardware
might support ony one protocol family.  The old flag IFXF_TSO is
only relevant for large receive offload.  It is missnamed, but keep
that for now.
Note that drivers do not set TSO capabilites yet.  Also the ifconfig
flags and pseudo interfaces capabilities will be done separately.
So this commit should not change behavior.
heavily based on the work from jan@; OK sashan@

17 months agocalendar.canada: sync the entry for victoria day with that of calendar.holiday.
jmc [Mon, 15 May 2023 16:22:07 +0000 (16:22 +0000)]
calendar.canada: sync the entry for victoria day with that of calendar.holiday.
as seen this morning, Mon-Third* does not always work. Mon-2 works for now...

calendar.uk: victoria day is obscure enough in scotland that i don;t think it
warrants worth an entry

17 months agoPass the ESR as the trapno value; this might help in determining the detailed
kettenis [Mon, 15 May 2023 15:02:06 +0000 (15:02 +0000)]
Pass the ESR as the trapno value; this might help in determining the detailed
cause of a signal.

ok bluhm@, guenther@, deraadt@

17 months agoEnable BTI PLT entries by default.
kettenis [Mon, 15 May 2023 13:15:17 +0000 (13:15 +0000)]
Enable BTI PLT entries by default.

ok jsg@

17 months agocast to '(long long)' instead of '(long long int)'
op [Mon, 15 May 2023 12:03:04 +0000 (12:03 +0000)]
cast to '(long long)' instead of '(long long int)'

while here adjust the spacing in some of the touched lines.
requested by deraadt@, ok tb@

17 months agocast to '(long long)' instead of '(long long int)'
op [Mon, 15 May 2023 12:02:40 +0000 (12:02 +0000)]
cast to '(long long)' instead of '(long long int)'

requested by deraadt@, ok tb@

17 months agoAdd Juneteenth.
bentley [Mon, 15 May 2023 10:36:08 +0000 (10:36 +0000)]
Add Juneteenth.

ok phessler@ jmc@

17 months agoTurn on pointer-authentication on arm64 as well by default. This means
kettenis [Mon, 15 May 2023 09:58:06 +0000 (09:58 +0000)]
Turn on pointer-authentication on arm64 as well by default.  This means
we effectively enable -mbranch-protection=standard on arm64 now.

ok deraadt@

17 months agosync
deraadt [Mon, 15 May 2023 02:00:50 +0000 (02:00 +0000)]
sync

17 months agoRename arguments of X509_STORE_CTX_init()
tb [Sun, 14 May 2023 20:20:40 +0000 (20:20 +0000)]
Rename arguments of X509_STORE_CTX_init()

It is higly confusing to call the list of untrusted certs chain, when
you're later going to call X509_STORE_CTX_get0_chain() to get a completely
unrelated chain by the verifier. Other X509_STORE_CTX APIs call this list
of certs 'untrusted', so go with that. At the same time, rename the x509
into leaf, which is more explicit.

suggested by/ok jsing

17 months agoImprove emulation of a disktab entry (-t) by using the type
krw [Sun, 14 May 2023 18:34:02 +0000 (18:34 +0000)]
Improve emulation of a disktab entry (-t) by using the type
specified in the disktab entry (:dt:) when setting the default
disklabel's d_type. This will enable installboot(8) to know the
vnd device should be treated as a floppy disk.

Feedback & improved field packing from millert@

17 months agoFix X509error() and X509V3error()
tb [Sun, 14 May 2023 17:20:26 +0000 (17:20 +0000)]
Fix X509error() and X509V3error()

When v3err.c was merged into x509_err.c nearly three years ago, it was
overlooked that the code needed two distinct pairs of ERR_FUNC/ERR_REASON,
one for ERR_LIB_X509 and one for ERR_LIB_X509V3. The result is that the
reason strings for the X509_R_* codes would be overwritten by the ones for
X509V3_R_* with the same value while the reason strings for all X509V3_R_*
would be left undefined.

Fix this by an #undef/#define dance for ERR_LIB_X509V3 once we no longer
the ERR_FUNC/ERR_REASON pair for ERR_LIB_X509.

reported by job
ok jsing

17 months agoSend the linebuffer BIO to the attic
tb [Sun, 14 May 2023 16:36:25 +0000 (16:36 +0000)]
Send the linebuffer BIO to the attic

  *) On VMS, stdout may very well lead to a file that is written to
     in a record-oriented fashion.  That means that every write() will
     write a separate record, which will be read separately by the
     programs trying to read from it.  This can be very confusing.

     The solution is to put a BIO filter in the way that will buffer
     text until a linefeed is reached, and then write everything a
     line at a time, so every record written will be an actual line,
     not chunks of lines and not (usually doesn't happen, but I've
     seen it once) several lines in one record.  BIO_f_linebuffer() is
     the answer.

     Currently, it's a VMS-only method, because that's where it has
     been tested well enough.
     [Richard Levitte]

Yeah, no, we don't care about any of this and haven't compiled this file
since forever. Looks like tedu's chainsaw got blunt at some point...

17 months agoFix another mandoc -Tlint warning
tb [Sun, 14 May 2023 09:33:19 +0000 (09:33 +0000)]
Fix another mandoc -Tlint warning

With this the only -Tlint warnings are about Xr to undocumented functions:
EVP_CIPHER_CTX_copy, EVP_CIPHER_CTX_get_cipher_data, X509V3_EXT_get_nid.

17 months agoRephrase a sentence slightly to apease mandoc -Tlint
tb [Sun, 14 May 2023 09:29:37 +0000 (09:29 +0000)]
Rephrase a sentence slightly to apease mandoc -Tlint

17 months agoFix Xr as BN_is_prime(3) is in the attic
tb [Sun, 14 May 2023 09:27:15 +0000 (09:27 +0000)]
Fix Xr as BN_is_prime(3) is in the attic

17 months agoZap trailing comma
tb [Sun, 14 May 2023 08:03:57 +0000 (08:03 +0000)]
Zap trailing comma

17 months agoX509_policy_tree_level_count(3) is gone
tb [Sun, 14 May 2023 08:03:02 +0000 (08:03 +0000)]
X509_policy_tree_level_count(3) is gone

17 months agoadd missing #include <string.h>; ok tb@
op [Sun, 14 May 2023 07:26:25 +0000 (07:26 +0000)]
add missing #include <string.h>; ok tb@

17 months agogive softnet threads unique names by suffixing softnet with their index.
dlg [Sun, 14 May 2023 01:46:53 +0000 (01:46 +0000)]
give softnet threads unique names by suffixing softnet with their index.

ie, you'll see softnet0, softnet1, etc in top/ps/etc now instead
of just softnet on these threads.

this is done by wrapping the taskq and name up in a softnet struct.

ok patrick@ bluhm@ mvs@ kn@ sashan@

17 months agovmm(4)/vmd(8): switch to anonymous shared mappings.
dv [Sat, 13 May 2023 23:15:28 +0000 (23:15 +0000)]
vmm(4)/vmd(8): switch to anonymous shared mappings.

While splitting out emulated virtio network and block devices into
separate processes, I originally used named mappings via shm_mkstemp(3).
While this functionally achieved the desired result, it had two
unintended consequences:

1) tearing down a vm process and its child processes required
excessive locking as the guest memory was tied into the VFS layer.

2) it was observed by mlarkin@ that actions in other parts of the
VFS layer could cause some of the guest memory to flush to storage,
possibly filling /tmp.

This commit adds a new vmm(4) ioctl dedicated to allowing a process
request the kernel share a mapping of guest memory into its own vm
space. This requires an open fd to /dev/vmm (requiring root) and
both the "vmm" and "proc" pledge(2) promises. In addition, the caller
must know enough about the original memory ranges to reconstruct them
to make the vm's ranges.

Tested with help from Mischa Peters.

ok mlarkin@

17 months agoadd /usr/local/sbin to PATH;
jmc [Sat, 13 May 2023 18:34:49 +0000 (18:34 +0000)]
add /usr/local/sbin to PATH;
confirmed/ok kn

17 months agoIn the absence of the 'disktype' command line parameter always
krw [Sat, 13 May 2023 18:13:42 +0000 (18:13 +0000)]
In the absence of the 'disktype' command line parameter always
use the d_type value provided by the kernel when creating,
editing or printing a disklabel.

i.e. treat d_type as disk geometry is treated, reflecting
current reality as opposed to historical data.

17 months agodefault path includes /usr/local/sbin
kn [Sat, 13 May 2023 16:36:40 +0000 (16:36 +0000)]
default path includes /usr/local/sbin

Improve markup while here.
Feedback tb jmc
OK millert

17 months agoFinally remove the kernel lock from IPv6 neighbor discovery. ND6
bluhm [Sat, 13 May 2023 16:27:59 +0000 (16:27 +0000)]
Finally remove the kernel lock from IPv6 neighbor discovery.  ND6
entries in rt_llinfo are protected either by exclusive netlock or
the ND6 mutex.  The performance critical lookup path in nd6_resolve()
uses shared netlock, but is not lockless.  In contrast to ARP it
grabs the mutex also in the common case.
tested by Hrvoje Popovski; with and OK kn@

17 months agoInstead of implementing IPv4 header checksum creation everywhere,
bluhm [Sat, 13 May 2023 13:35:17 +0000 (13:35 +0000)]
Instead of implementing IPv4 header checksum creation everywhere,
introduce in_hdr_cksum_out().  It is used like in_proto_cksum_out().
OK claudio@

17 months agoPut back in the simplification of the aiodone daemon.
mpi [Sat, 13 May 2023 09:24:59 +0000 (09:24 +0000)]
Put back in the simplification of the aiodone daemon.

Previous "breakage" of the swap on arm64 has been found to be an issue
on one machine the rockpro/arm64 related to a deadlock built into the
sdmmc(4) stack interacting with swapping code both running under
KERNEL_LOCK().

This issue is easily reproducible on -current and entering swap when
building LLVM on a rockpro crashes the machine by memory corruption.

Tested by mlarkin@ on octeon & i386, by myself on amd64 & arm64 and by
sthen@ on i386 port bulk.

ok beck@ some time ago.

Previous commit message:

Simplify the aiodone daemon which is only used for async writes.

- Remove unused support for asynchronous read, including error conditions

- Grab the proper lock for each page that has been written to swap.  This
allows to enable an assertion in uvm_page_unbusy().

- Move the uvm_anon_release() call outside of uvm_page_unbusy() and
assert for the different anon cases.

ok beck@, kettenis@

17 months agoAssert that test->want != NULL at this point
tb [Sat, 13 May 2023 07:17:32 +0000 (07:17 +0000)]
Assert that test->want != NULL at this point

Should make coverity happier

17 months agoadd axppmic support to RAMDISK,
uaa [Fri, 12 May 2023 21:32:49 +0000 (21:32 +0000)]
add axppmic support to RAMDISK,
to support ethernet on OrangePi One Plus (Allwinner H6).

ok kettenis@

17 months agoBob points out that one error should be an X509V3error()
tb [Fri, 12 May 2023 19:02:10 +0000 (19:02 +0000)]
Bob points out that one error should be an X509V3error()

17 months agox509_utl.c: fix some style nits.
tb [Fri, 12 May 2023 18:39:44 +0000 (18:39 +0000)]
x509_utl.c: fix some style nits.

17 months agoAdd interface names in front of error messages.
jan [Fri, 12 May 2023 18:24:13 +0000 (18:24 +0000)]
Add interface names in front of error messages.

Suggested by Hrvoje Popovski.

ok phessler@

17 months agoFall back on loading the kernel from the EFI system partition if we're
kettenis [Fri, 12 May 2023 16:43:00 +0000 (16:43 +0000)]
Fall back on loading the kernel from the EFI system partition if we're
booting from a disk without a BSD disklabel.

ok kn@, caspar@

17 months agovmd(8): fix segfault on vm creation.
dv [Fri, 12 May 2023 16:18:17 +0000 (16:18 +0000)]
vmd(8): fix segfault on vm creation.

vm_instance was using the wrong vm instance for checking the
vm_kernel_path member. Switch to using the value from the parent
vm instance in the check for if a kernel is known.

Issue reported by kn@. OK mlarkin@, kn@.