openbsd
5 months agoRestore previous behaviour or writing to stdout if available.
nicm [Tue, 14 May 2024 07:33:01 +0000 (07:33 +0000)]
Restore previous behaviour or writing to stdout if available.

5 months agoFix last sentence of CAVEATS which I got the wrong way around
tb [Tue, 14 May 2024 06:57:10 +0000 (06:57 +0000)]
Fix last sentence of CAVEATS which I got the wrong way around

5 months agoremove unneeded nfs_getreq() prototype
jsg [Tue, 14 May 2024 06:26:05 +0000 (06:26 +0000)]
remove unneeded nfs_getreq() prototype

nfs_getreq() is in nfs_socket.c and not called from nfs_vnops.c

5 months agomake amdgpu_activate() return early when called during hibernate resume
jsg [Tue, 14 May 2024 04:55:42 +0000 (04:55 +0000)]
make amdgpu_activate() return early when called during hibernate resume

Hibernate does DVACT_QUIESCE/DVACT_SUSPEND from hibernate_resume(),
before config_process_deferred_mountroot() calls amdgpu_attachhook().

Without this change the amdgpu_device_prepare() call ends up faulting in
ttm_resource_manager_evict_all() after the
'drm/amd: Evict resources during PM ops prepare() callback'
commit from April.

earlier diff from and ok stsp@
report and bisection from florian@

5 months agoDelete the declaration of cpu_feature which has been unused since
guenther [Tue, 14 May 2024 01:46:24 +0000 (01:46 +0000)]
Delete the declaration of cpu_feature which has been unused since
rev 1.17 (2017-5-27) when tlbflushg() stopped using it

5 months agoInstead of enabling use of PCLMUL and AESNI iff cpu0 supports them
guenther [Tue, 14 May 2024 01:42:07 +0000 (01:42 +0000)]
Instead of enabling use of PCLMUL and AESNI iff cpu0 supports them
via two global variables, make cpu_ecxfeature the intersection of
cpuid(1).ecx on all CPUs and switch cpu_configure() to directly
check that for the requisite flags.

ok kettenis@

5 months agofix a char signedness bug such that this testing code becomes able
schwarze [Tue, 14 May 2024 00:31:48 +0000 (00:31 +0000)]
fix a char signedness bug such that this testing code becomes able
to display the contents of databases containing UTF-8 strings
on signed char architectures:
for example on i386 and amd64, UTF-8 bytes are negative...

5 months agoIgnore button events in the first 10 seconds after resume. On some ACPI
kettenis [Mon, 13 May 2024 19:56:37 +0000 (19:56 +0000)]
Ignore button events in the first 10 seconds after resume.  On some ACPI
implementations pressing the power button to wake up a machine will cause
a power button notification to happen for that button press   This would
initiate a power down, which isn't the user's intent.

Based on earlier diffs from deraadt@ and James Cook.

ok mlarkin@, "I'm not opposed" cheloha@

5 months agoFix memory leak, from Fadi Afani.
nicm [Mon, 13 May 2024 11:45:05 +0000 (11:45 +0000)]
Fix memory leak, from Fadi Afani.

5 months agoAdd bio(4) support to nvme(4). Provide information on controller and configured
krw [Mon, 13 May 2024 11:41:52 +0000 (11:41 +0000)]
Add bio(4) support to nvme(4). Provide information on controller and configured
namespaces via bioctl(8)'s BIOCINQ, BIOCVOL, BIOCDISK requests.

Based on work with dlg@ at h2k23 and many subsequent improvements and tests by
jmatthew@.

ok jmatthew@

5 months agovfs: VOP_REMOVE: move vnode unlocking and ref dropping to FS-indep part
semarie [Mon, 13 May 2024 11:17:40 +0000 (11:17 +0000)]
vfs: VOP_REMOVE: move vnode unlocking and ref dropping to FS-indep part

while here, ensure all vop_remove field are set, and always call the function.

the change is very conservative: it only adds vnode ref drop/unlock where it was
absent because it should be unreachable (and if it wasn't, it should fix
things).

ok miod@

5 months agoImplement hardware masking for MSI and MSI-X on amd64. Note that masking
kettenis [Mon, 13 May 2024 10:01:53 +0000 (10:01 +0000)]
Implement hardware masking for MSI and MSI-X on amd64.  Note that masking
MSIs can only be done for PCI devices that implement per-vector masking,
which a lot of hardware doesn't implement.

ok mlarkin@

5 months agofix some leaks; ok op@
jsg [Mon, 13 May 2024 06:48:26 +0000 (06:48 +0000)]
fix some leaks; ok op@

5 months agoremove unneeded extern and struct; ok patrick@
jsg [Mon, 13 May 2024 01:22:47 +0000 (01:22 +0000)]
remove unneeded extern and struct; ok patrick@

5 months agoremove prototypes with no matching function
jsg [Mon, 13 May 2024 01:15:50 +0000 (01:15 +0000)]
remove prototypes with no matching function
ok mpi@

5 months agoremove some unused defines and externs
jsg [Mon, 13 May 2024 00:16:09 +0000 (00:16 +0000)]
remove some unused defines and externs

isaphysmem and isaphysmempgs were removed in 1998
ok kettenis@

5 months agoAdd support for using the power button function of the RK809.
kettenis [Sun, 12 May 2024 20:02:13 +0000 (20:02 +0000)]
Add support for using the power button function of the RK809.
This initiates a graceful powerdown when the powerbutton is pressed
and makes it work as a wakeup from suspend.

ok patrick@

5 months agoRerun installboot(8) after fw_update(8) to pick up Apple boot firmware
kn [Sun, 12 May 2024 19:47:14 +0000 (19:47 +0000)]
Rerun installboot(8) after fw_update(8) to pick up Apple boot firmware

Firmware is fetched after bootstraps are installed, i.e. on fresh installs
apple-boot is not there yet when installboot ought to place it onto the EFI
System Partition.

Rerun --only on Apple silicon-- to replace Asahi u-boot and boot straight
into ours, nicely visible my different logo.

Input sthen deraadt

5 months agoBe more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE
tb [Sun, 12 May 2024 17:44:11 +0000 (17:44 +0000)]
Be more specific about X509V3_ADD_APPEND and X509V3_ADD_DELETE

5 months agovfs: reorder tmpfs_fifovops: isolate fifo_vops block
semarie [Sun, 12 May 2024 16:54:56 +0000 (16:54 +0000)]
vfs: reorder tmpfs_fifovops: isolate fifo_vops block

separate the local part from the fifo_vops part, and add a comment to keep in
sync.

ok miod@

5 months agovfs: struct vops: show all members, even if NULL
semarie [Sun, 12 May 2024 16:51:05 +0000 (16:51 +0000)]
vfs: struct vops: show all members, even if NULL

In order to help code maintenance, explicitly add all `struct vops` members with
the current value (if not present, it is NULL), still using the C99 notation.

ok miod@

5 months agoDelete the cpu_perf_e[abd]x and cpu_apmi_edx globals and move the
guenther [Sun, 12 May 2024 16:49:38 +0000 (16:49 +0000)]
Delete the cpu_perf_e[abd]x and cpu_apmi_edx globals and move the
cpuid uses into identifycpu(), as they aren't needed anywhere else.

ok kettenis@

5 months agoTweak wording
tb [Sun, 12 May 2024 15:26:46 +0000 (15:26 +0000)]
Tweak wording

5 months agoRemove a 'built-in' that was left in by accident
tb [Sun, 12 May 2024 15:24:21 +0000 (15:24 +0000)]
Remove a 'built-in' that was left in by accident

5 months agoIntroduce debugging levels, to make debugging a bit more useful.
mglocker [Sun, 12 May 2024 12:20:36 +0000 (12:20 +0000)]
Introduce debugging levels, to make debugging a bit more useful.

5 months agosync
tb [Sun, 12 May 2024 11:52:04 +0000 (11:52 +0000)]
sync

5 months agoInstall X509V3_EXT_get_nid.3
tb [Sun, 12 May 2024 11:50:36 +0000 (11:50 +0000)]
Install X509V3_EXT_get_nid.3

5 months agoAdd minimal manpage documenting the misnamed X509V3_EXT_get_nid()
tb [Sun, 12 May 2024 11:49:47 +0000 (11:49 +0000)]
Add minimal manpage documenting the misnamed X509V3_EXT_get_nid()

This avoids a dangling reference in i2s_ASN1_ENUMERATED_TABLE.
To complete this manual, someone will need to document X509V3_EXT_METHOD,
but that's for a much more rainy day than today.

5 months agovm_page_zero_enable was removed in 2015
jsg [Sun, 12 May 2024 09:41:09 +0000 (09:41 +0000)]
vm_page_zero_enable was removed in 2015

5 months agoremove uvm_swprekeyprint extern for var we never had
jsg [Sun, 12 May 2024 09:27:13 +0000 (09:27 +0000)]
remove uvm_swprekeyprint extern for var we never had

5 months agoremove ufs_hashlock extern for var we never had
jsg [Sun, 12 May 2024 09:19:54 +0000 (09:19 +0000)]
remove ufs_hashlock extern for var we never had

5 months agonfs_procids was removed in 1996
jsg [Sun, 12 May 2024 09:09:39 +0000 (09:09 +0000)]
nfs_procids was removed in 1996

5 months agopcic_isa_intr_list and npcic_isa_intr_list were removed in 1999
jsg [Sun, 12 May 2024 08:49:26 +0000 (08:49 +0000)]
pcic_isa_intr_list and npcic_isa_intr_list were removed in 1999

5 months agortw_host_rfio was removed in 2007
jsg [Sun, 12 May 2024 08:44:09 +0000 (08:44 +0000)]
rtw_host_rfio was removed in 2007

5 months agocomsiraddr was removed in 2016
jsg [Sun, 12 May 2024 08:42:13 +0000 (08:42 +0000)]
comsiraddr was removed in 2016

5 months agosync_ifp and ticket_pabuf don't exist, remove externs
jsg [Sun, 12 May 2024 08:31:05 +0000 (08:31 +0000)]
sync_ifp and ticket_pabuf don't exist, remove externs

5 months agottybuf[] was removed in 2001, ttydefaults in 1988
jsg [Sun, 12 May 2024 08:21:56 +0000 (08:21 +0000)]
ttybuf[] was removed in 2001, ttydefaults in 1988

5 months agodefaul -> default; ok jmc@ ratchov@
jsg [Sun, 12 May 2024 06:24:44 +0000 (06:24 +0000)]
defaul -> default; ok jmc@ ratchov@

5 months agoAvoid .Xr to no longer public X509_LOOKUP_by_subject(3)
tb [Sun, 12 May 2024 05:08:59 +0000 (05:08 +0000)]
Avoid .Xr to no longer public X509_LOOKUP_by_subject(3)

looks good to jmc

5 months agosync the cpu(4) pages for i386/amd64:
jmc [Sat, 11 May 2024 20:35:13 +0000 (20:35 +0000)]
sync the cpu(4) pages for i386/amd64:

- remove section headers. in a document little over one screenful in size,
three section headers within DESCRIPTION seems greedy
- mark up sysctl names
- use the more general hw.sensors sysctl name to show cpu temp. the previously
suggested hw.sensors.cpu*.temp0 is no longer universal

5 months agoUse %b to format cpu flag info in dmesg, so we have the raw values
guenther [Sat, 11 May 2024 19:21:47 +0000 (19:21 +0000)]
Use %b to format cpu flag info in dmesg, so we have the raw values
too.  This is also much more space efficient.
Reduce the cpu flag noise in dmesg by suppressing lines and registers
that are identical with the previous CPU and show -/+ info if there
are any differences.

particular feedback from deraadt@, kettenis@, jsg@, and dv@
ok deraadt@

5 months agoMove X509V3_add_standard_extensions out of the way
tb [Sat, 11 May 2024 18:59:39 +0000 (18:59 +0000)]
Move X509V3_add_standard_extensions out of the way

This function is only used by OpenLDAP and it's been a noop since
forever. It has no business to be squeezed in between a number of
other, quite unrelated functions. It's distracting.

5 months agoMake two NULL checks more explicit
tb [Sat, 11 May 2024 18:52:52 +0000 (18:52 +0000)]
Make two NULL checks more explicit

5 months agoUnwrap a line
tb [Sat, 11 May 2024 18:48:47 +0000 (18:48 +0000)]
Unwrap a line

5 months agofix prototype; iosf_i2c_relese -> iosf_i2c_release
jsg [Sat, 11 May 2024 14:49:56 +0000 (14:49 +0000)]
fix prototype; iosf_i2c_relese -> iosf_i2c_release

5 months agoSync DSA_METHOD documentation with reality
tb [Sat, 11 May 2024 06:53:19 +0000 (06:53 +0000)]
Sync DSA_METHOD documentation with reality

It is dubious whether this opaque struct's internals should be documented
in the first place. This also has been incomplete since forever. For now
zap the stuff that no longer exists and make an attempt at matching KNF a
bit more closely.

5 months agoRemove unused DSA methods
tb [Sat, 11 May 2024 06:43:50 +0000 (06:43 +0000)]
Remove unused DSA methods

There are no accessors to set them, so this has been involved in a bunch
of dead logic ever since we made DSA opaque a few years ago.

ok jsing

5 months agoRemove unused PEM_USER and PEM_CTX
tb [Sat, 11 May 2024 05:41:28 +0000 (05:41 +0000)]
Remove unused PEM_USER and PEM_CTX

I could not find any use of this in all of OpenSSL's git history since
SSLeay 0.8.1b.

ok jsing

5 months agoRevert r1.108. An Intel 11th Gen i5 Framework laptop with a SanDisk SN850 disk
krw [Fri, 10 May 2024 21:23:32 +0000 (21:23 +0000)]
Revert r1.108. An Intel 11th Gen i5 Framework laptop with a SanDisk SN850 disk
found a way to prevent the kernel from enabling the nvme controller while
resuming.

Fixes resuming on the Framework13.

Problem reported and reversion tested by ian@

5 months agopax: make list file handle line-buffered unless it is stderr.
millert [Fri, 10 May 2024 20:28:31 +0000 (20:28 +0000)]
pax: make list file handle line-buffered unless it is stderr.
This fixes a problem where the file list output was fully-buffered
when used as part of a pipeline.  With this change, files are listed
as they are extracted in verbose mode.  OK deraadt@ guenther@

5 months agoKeep probing upstream servers.
florian [Fri, 10 May 2024 15:02:26 +0000 (15:02 +0000)]
Keep probing upstream servers.

(lib)unbound might mark many servers down in case of a network issue.
This is something that can easily happen for unwind(8).

Problem pointed out by Kirill A. Korinsky in unbound(8).
https://github.com/NLnetLabs/unbound/issues/362

OK sthen

5 months agoMake the kernel compile also when turning on debugging.
mglocker [Fri, 10 May 2024 10:49:10 +0000 (10:49 +0000)]
Make the kernel compile also when turning on debugging.

ok mpi@

5 months agoRegen
claudio [Fri, 10 May 2024 09:21:41 +0000 (09:21 +0000)]
Regen

5 months agoThe ptsignal() race against p_sigmask changes by dosigsuspend() are fixed.
claudio [Fri, 10 May 2024 09:21:01 +0000 (09:21 +0000)]
The ptsignal() race against p_sigmask changes by dosigsuspend() are fixed.
Unlock sigsuspend() and __thrsigdivert() again.

5 months agoCorrect display the details of COMMAND using the ps command from the kernel
asou [Fri, 10 May 2024 06:46:14 +0000 (06:46 +0000)]
Correct display the details of COMMAND using the ps command from the kernel
crash dump.

OK millert@

5 months agoFix broken debugging.
mglocker [Fri, 10 May 2024 06:14:10 +0000 (06:14 +0000)]
Fix broken debugging.

5 months agoAdd missing EC_KEY_free()
tb [Fri, 10 May 2024 05:12:03 +0000 (05:12 +0000)]
Add missing EC_KEY_free()

While eckey_from_explicit_params() frees *out_eckey, eckey_from_object()
and eckey_from_params() do not. These functions are currently all callled
with a NULL *out_eckey, but the latter two would leak if that should ever
change.

ok jsing

5 months agoRemove fixed nonce length information from algorithm2
tb [Fri, 10 May 2024 05:08:05 +0000 (05:08 +0000)]
Remove fixed nonce length information from algorithm2

This information has been part of tls12_key_block_generate() for a while
now. It remained in this table because at that point SSL_CIPHER was still
public. Nothing can access algorithm2 anymore from the outside, so this is
dead weight.

ok jsing

5 months agoInline dsa_builtin_keygen() in DSA_generate_key()
tb [Fri, 10 May 2024 04:53:55 +0000 (04:53 +0000)]
Inline dsa_builtin_keygen() in DSA_generate_key()

ok djm

5 months agomake pf_match_rule() prototype match the function
jsg [Fri, 10 May 2024 03:50:12 +0000 (03:50 +0000)]
make pf_match_rule() prototype match the function

5 months agoMake the openssl_dsa_meth static const
tb [Thu, 9 May 2024 20:57:49 +0000 (20:57 +0000)]
Make the openssl_dsa_meth static const

5 months agoMove openssl_dsa_meth below the methods it uses
tb [Thu, 9 May 2024 20:56:52 +0000 (20:56 +0000)]
Move openssl_dsa_meth below the methods it uses

no functional change

5 months agoMake the DH_METHOD static const
tb [Thu, 9 May 2024 20:43:36 +0000 (20:43 +0000)]
Make the DH_METHOD static const

5 months agoMove public API and DH_METHOD to the bottom of the file
tb [Thu, 9 May 2024 20:40:42 +0000 (20:40 +0000)]
Move public API and DH_METHOD to the bottom of the file

no functional change

5 months agosync the SSL text; ok tb
jmc [Thu, 9 May 2024 17:57:36 +0000 (17:57 +0000)]
sync the SSL text; ok tb

5 months ago- drop ref to non-installed g++(1) page
jmc [Thu, 9 May 2024 17:22:20 +0000 (17:22 +0000)]
- drop ref to non-installed g++(1) page
- drop ref to clang that isn;t particularly helpful and only relevant
to some platforms, as suggested by kettenis

5 months agoEnable ufshci(4) on amd64.
mglocker [Thu, 9 May 2024 17:05:22 +0000 (17:05 +0000)]
Enable ufshci(4) on amd64.

ok kettenis@ deraadt@

5 months agoTiny style tweaks in X509_REQ_add_extension_nid()
tb [Thu, 9 May 2024 14:29:08 +0000 (14:29 +0000)]
Tiny style tweaks in X509_REQ_add_extension_nid()

Test & assign and use ret instead of rv.

ok jsing

5 months agoStreamline X509_REQ_check_private_key() a bit
tb [Thu, 9 May 2024 14:27:21 +0000 (14:27 +0000)]
Streamline X509_REQ_check_private_key() a bit

Use better variable names, split the success from the error path and
return directly rather than using an ok variable.

ok jsing

5 months agoZap some extra parentheses in X509_REQ_get_pubkey()
tb [Thu, 9 May 2024 14:22:16 +0000 (14:22 +0000)]
Zap some extra parentheses in X509_REQ_get_pubkey()

ok jsing

5 months agoClean up X509_to_X509_REQ()
tb [Thu, 9 May 2024 14:20:57 +0000 (14:20 +0000)]
Clean up X509_to_X509_REQ()

Use better variable names. X509_REQ_new() sets the version to the only
specified version, so there is no point to set it. Extract the subject
name, then assign to make it more obvious that we error happens if the
cert has a missing subject. Switch to X509_get0_pubkey() to avoid some
strange dance with a strangely named variable to adjust the refcount.

ok jsing

5 months agoFurther simplify X509_REQ_get_extensions()
tb [Thu, 9 May 2024 14:00:52 +0000 (14:00 +0000)]
Further simplify X509_REQ_get_extensions()

Instead of inlining a poor version of ASN1_TYPE_unpack_sequence() with
missing error checks, just call the real thing. It's safer and simpler.

ok jsing

5 months agosimplify exit message handling, which was more complicated than
djm [Thu, 9 May 2024 09:46:47 +0000 (09:46 +0000)]
simplify exit message handling, which was more complicated than
it needed to be because of unexpunged ssh1 remnants. ok markus@

5 months agoctime(3) and ctime_r(3) can fail when timestamps are way off.
florian [Thu, 9 May 2024 08:35:40 +0000 (08:35 +0000)]
ctime(3) and ctime_r(3) can fail when timestamps are way off.
Add missing error checks to all calls under sbin/

Input kettenis, millert
OK millert

5 months agoctime(3) and ctime_r(3) can fail when timestamps are way off.
florian [Thu, 9 May 2024 08:35:03 +0000 (08:35 +0000)]
ctime(3) and ctime_r(3) can fail when timestamps are way off.
Add missing error checks to all calls under libexec/

Input kettenis, millert
OK millert

5 months agoBack then I faced intermittent file-system corruptions for which setting
mglocker [Thu, 9 May 2024 08:24:09 +0000 (08:24 +0000)]
Back then I faced intermittent file-system corruptions for which setting
FUA (Force Unit Access) did help.  In the meantime it turned out that
those file-system corruptions were most likely caused by the slot issues.
Now that we fixed the slot management and limited to one slot for now,
remove FUA again, which increases the write performance significantly.

5 months agoSprinkle some more DPRINTFs.
mglocker [Thu, 9 May 2024 08:21:52 +0000 (08:21 +0000)]
Sprinkle some more DPRINTFs.

5 months agoPack hardware descriptor structures.
mglocker [Thu, 9 May 2024 08:20:22 +0000 (08:20 +0000)]
Pack hardware descriptor structures.

5 months agoParse the OCS response value for completed commands, and set error on
mglocker [Thu, 9 May 2024 08:18:20 +0000 (08:18 +0000)]
Parse the OCS response value for completed commands, and set error on
failure.

5 months agoPerform bus DMA synchronization to update the command descriptors.
mglocker [Thu, 9 May 2024 08:16:32 +0000 (08:16 +0000)]
Perform bus DMA synchronization to update the command descriptors.

5 months agoUse 1U for bit operations on 32-bit registers.
mglocker [Thu, 9 May 2024 08:13:57 +0000 (08:13 +0000)]
Use 1U for bit operations on 32-bit registers.

Proposed by dlg@

5 months agoDon't do math on KVA to get the required slot offset since that could
mglocker [Thu, 9 May 2024 08:12:22 +0000 (08:12 +0000)]
Don't do math on KVA to get the required slot offset since that could
cause invalid pointers depending on the compiler interpretation of
(void *).  Instead work with the structure pointer itself.

Proposed by dlg@

5 months agoDon't use the task id for UPIU commands. We don't use task management
mglocker [Thu, 9 May 2024 08:09:17 +0000 (08:09 +0000)]
Don't use the task id for UPIU commands.  We don't use task management
commands yet.

5 months agoDon't schedule interrupt aggregation when commands are still in-progress.
mglocker [Thu, 9 May 2024 08:06:42 +0000 (08:06 +0000)]
Don't schedule interrupt aggregation when commands are still in-progress.
As of the documentation:

"NOTE Write operations to IACTH and IATOVAL are only allowed when no
commands are outstanding."

Instead we only schedule interrupt aggregation at the start of the
SCSI command call, when all commands have completed.

5 months agoPrevent that scheduling of new commands is interfering with processing
mglocker [Thu, 9 May 2024 08:04:48 +0000 (08:04 +0000)]
Prevent that scheduling of new commands is interfering with processing
of completed commands with a command mutex.

5 months agoDon't relay on the doorbell register to track our slots. As of the
mglocker [Thu, 9 May 2024 08:02:59 +0000 (08:02 +0000)]
Don't relay on the doorbell register to track our slots.  As of the
documentation:

"UTRLDBR is a volatile register; software should only use its value to
determine commands that have completed, not to determine which commands
have previously been issued."

Instead we use the CCB structure to track our slots, as proposed by dlg@.

CAVEAT: Since using more than one slot is currently causing OCS errors,
we limit the slots to one until we can find a solution.

5 months agossl_ciph.c: unwrap a line
tb [Thu, 9 May 2024 07:55:48 +0000 (07:55 +0000)]
ssl_ciph.c: unwrap a line

5 months agoRemove leftover logic of SSL2 support
tb [Thu, 9 May 2024 07:47:50 +0000 (07:47 +0000)]
Remove leftover logic of SSL2 support

SSL2_CF_8_BYTE_ENC was set by things such as RC4_64_WITH_MD5, which fell
victim to tedu's axe a decade ago. Zap that.

ok jsing

5 months agoPlug a "leak" in ssl_security_group()
tb [Thu, 9 May 2024 07:12:03 +0000 (07:12 +0000)]
Plug a "leak" in ssl_security_group()

The way the CBB API is used, CBB_add_u16() and CBB_finish() can't actually
fail here, but if they could, cbb->base would leak. Rewrite this code with
the proper idioms to make it look right.

ok jsing

5 months agoAlign RSA and EC key generation with each other
tb [Thu, 9 May 2024 06:08:11 +0000 (06:08 +0000)]
Align RSA and EC key generation with each other

Being two different cryptographic primitives, it is clear that there must
be some differences between RSA and EC keygen, but they don't have to be
entirely different. We need to set the key type, RSA needs a bit size and
ECDSA needs a curve. That's all the differences there need to be.

Garbage collect a few useless elses and avoid two exit labels paths where
one would do just fine.

As another small bonus, this file no longer uses "deprecated API", so the
portable fork can get rid of an ugly openssl 3 patch if they want to.

ok florian

5 months agoSuppress cache-info dmesg lines when they are identical to the
guenther [Wed, 8 May 2024 18:00:55 +0000 (18:00 +0000)]
Suppress cache-info dmesg lines when they are identical to the
previous cpu.

testing on hybrid box by jmatthew@
suggestions from kettenis@
ok deraadt@

5 months agoixl(4): force mss of tso packets in hardware supported range.
jan [Wed, 8 May 2024 17:52:11 +0000 (17:52 +0000)]
ixl(4): force mss of tso packets in hardware supported range.

ok bluhm@

5 months agofix line wrapping in function definition
tb [Wed, 8 May 2024 16:35:05 +0000 (16:35 +0000)]
fix line wrapping in function definition

5 months ago- for pwraction, point to acpibtn(4)
jmc [Wed, 8 May 2024 15:30:26 +0000 (15:30 +0000)]
- for pwraction, point to acpibtn(4)
- for lidaction, document the value 0
- for lidaction, adjust the description to a format similar
to that of pwraction

ok kettenis deraadt

5 months agoAdd more regress coverage for lhash.
jsing [Wed, 8 May 2024 15:13:23 +0000 (15:13 +0000)]
Add more regress coverage for lhash.

5 months agofix iwx(4) monitor mode
stsp [Wed, 8 May 2024 14:03:54 +0000 (14:03 +0000)]
fix iwx(4) monitor mode

Monitor mode was broken by a recent firmware update. Two tweaks make
it work again:

1) The firmware does not like us sending the power-mode command while
in monitor mode and will panic, so simply don't do that.

2) We no longer add two queues while in monitor mode, just one queue
for frame injection. This queue's index will be 1, not 2. Make the
driver expect the correct index to prevent an error when monitor mode
is entered.

tested by jmc@ and myself on iwx ax200

5 months agodisable the regular ieee80211_encap() Tx path in monitor mode
stsp [Wed, 8 May 2024 14:02:59 +0000 (14:02 +0000)]
disable the regular ieee80211_encap() Tx path in monitor mode

Frames injected from user space carry the DLT_IEEE802_11_RADIO
mbuf tag, and are handled as a special case. Do not fall back
to regular encapsulation while we are in monitor mode and the
frame injected by userspace is found to be invalid.

This fixes an issue when iwx(4) runs in monitor mode with addresses
configured on the interface and leaving 11n/11ac mode directly for
monitor mode. In this case, traffic generated by userspace or the
kernel (such as ICMPv6) would trigger Tx attempts, which in turn
would trigger an attempt to set up a block ACK agreement and then
cause a firmware panic.

This points at a related issue where interface configuration state
is not properly cleaned up while switching into monitor mode.
The 11n/11ac interface config should ideally be cleared completely,
preventing block ack from being initiated.

But preventing the stack from trying to send frames down the regular
Tx path in monitor mode is a good idea in general because drivers may
not handle this very well for various reasons, block ack being just one.

tested by jmc@ and myself on iwx ax200

5 months agoRework how action SIG_HOLD is handled in ptsignal.
claudio [Wed, 8 May 2024 13:05:33 +0000 (13:05 +0000)]
Rework how action SIG_HOLD is handled in ptsignal.

Since we want to unlock sigsuspend, ptsignal needs to double check in the
SSLEEP case that the signal being delivered is still masked or unmasked.
Remove the early return for action SIG_HOLD so that the SSLEEP case can
properly recheck the sigmask.

On top of this update siglist only in one place at the end of ptsignal
this now includes the clearing of signals for the SA_CONT and SA_STOP
cases.

OK mpi@

5 months agoFix route leak in ip input.
bluhm [Wed, 8 May 2024 13:01:30 +0000 (13:01 +0000)]
Fix route leak in ip input.

In previous commit when refactoring the route cache, a rtfree() has
been forgotten.  For each forwarded packet the reference counter
of the route entry was increased.  This eventually leads to an
integer overflow and triggers kassert.

reported by and OK jan@

5 months agoAvoid OpenSSL SSL repetitions
tb [Wed, 8 May 2024 09:41:33 +0000 (09:41 +0000)]
Avoid OpenSSL SSL repetitions

with the help of jmc