openbsd
9 months agovmm(4)/vmd(8)/vmctl(8): increase max VM mem size.
mlarkin [Sat, 20 Jan 2024 20:11:24 +0000 (20:11 +0000)]
vmm(4)/vmd(8)/vmctl(8): increase max VM mem size.

MAXDSIZ was cranked to 128GB back in April 2023, but vmd(8) was limiting
VM RAM size to the old value (32GB).

9 months agoBetter formatting for pax extended header times
jca [Sat, 20 Jan 2024 17:34:50 +0000 (17:34 +0000)]
Better formatting for pax extended header times

As specified, don't include the subsecond part if zero and drop trailing
zeros in the subsecond part.  ok millert@

9 months agoEarly during mimmutable(2) development, we had a big problem with the
deraadt [Sat, 20 Jan 2024 13:19:37 +0000 (13:19 +0000)]
Early during mimmutable(2) development, we had a big problem with the
chrome v8_flags variable's placement in bss, and as a workaround made
it possible to demote a mimmutable mapping's permissions from RW to R.
Further mimmutable-related work in libc's malloc created the same
problem, which led to a better design: objects could be placed into
.openbsd.mutable region, and then at runtime their permission and
immutability could be manipulated better.  So the RW to R demotion
logic is no longer being used, and now this semantic is being deleted.
ok kettenis

9 months agoAEXECVE can be removed, because pinsyscall SYS_execve detection has
deraadt [Sat, 20 Jan 2024 12:16:55 +0000 (12:16 +0000)]
AEXECVE can be removed, because pinsyscall SYS_execve detection has
been deleted.

9 months agolink the infcover test statically in preparation of zlib changes
tb [Sat, 20 Jan 2024 11:29:40 +0000 (11:29 +0000)]
link the infcover test statically in preparation of zlib changes

9 months agoThere are several DART variants; print some more details such that we can
kettenis [Sat, 20 Jan 2024 11:22:46 +0000 (11:22 +0000)]
There are several DART variants; print some more details such that we can
distinguish between them.  Pay attention to the apple,dma-range property
that tells us the desired DVA window.  Add support for a new BUS_DMA_FIXED
that allows use of bus_dmamap_load_raw(9) to map things at a pre-determined
DVA.  This last change is needed for the upcoming Apple KMS driver.
Hopefully that is the only driver that will need this, so don't attempt to
turn this into an MI feature.

ok patrick@

9 months agoMerge docs of crc32_combine_{gen,op} from zlib.h
tb [Sat, 20 Jan 2024 11:16:27 +0000 (11:16 +0000)]
Merge docs of crc32_combine_{gen,op} from zlib.h

Also add two 'len2 must be non-negative.'

from upstream
looks good to jmc

9 months agoUse imsg_get_fd() to access the fd passed via imsgs.
claudio [Sat, 20 Jan 2024 09:01:03 +0000 (09:01 +0000)]
Use imsg_get_fd() to access the fd passed via imsgs.

Most of the conversion is simple there is just log_imsg() that can
no longer display the fd since imsg_get_fd() can only be called once.
OK op@

9 months agoFetch touchpad dimensions from firmware here as well.
kettenis [Sat, 20 Jan 2024 08:00:59 +0000 (08:00 +0000)]
Fetch touchpad dimensions from firmware here as well.

ok mlarkin@, tobhe@

9 months agoImplement extent_alloc_region_with_descr(9) which is the equivalent of
kettenis [Fri, 19 Jan 2024 22:12:24 +0000 (22:12 +0000)]
Implement extent_alloc_region_with_descr(9) which is the equivalent of
extent_alloc_region(9) that uses a pre-allocated region descriptor.

ok patrick@

9 months agoremove the guts of pinsyscall(2), it just returns 0 now.
deraadt [Fri, 19 Jan 2024 21:20:35 +0000 (21:20 +0000)]
remove the guts of pinsyscall(2), it just returns 0 now.
It has been made redundant by the introduction of pinsyscalls(2) which
handles all system calls, rather than just 1.

9 months agoMore files to be blessed by the clean target.
miod [Fri, 19 Jan 2024 20:06:00 +0000 (20:06 +0000)]
More files to be blessed by the clean target.

9 months agoMake our mktemp(3) callback-driven and split into multiple files.
millert [Fri, 19 Jan 2024 19:45:02 +0000 (19:45 +0000)]
Make our mktemp(3) callback-driven and split into multiple files.
Previously, calling any of the mktemp(3) family would pull in
lstat(2), open(2) and mkdir(2).  Now, only the necessary system
calls will be reachable from the binary.  OK deraadt@ guenther@

9 months agougly whitespace
deraadt [Fri, 19 Jan 2024 18:58:17 +0000 (18:58 +0000)]
ugly whitespace

9 months agoImplement Multiple Message MSI support on amd64. This is experimental code
kettenis [Fri, 19 Jan 2024 18:38:16 +0000 (18:38 +0000)]
Implement Multiple Message MSI support on amd64.  This is experimental code
to assist qwx(4) development.  We may remove this code again at some point
in the future.

Multiple Message MSI has some serious design flaws, especially when
combined with the APIC interrupt controller architecture.  It was
superseded by MSI-X.  Unfortunately qwx(4) does not implement MSI-X.

ok stsp@, deraadt@

9 months agoRename WSDISPLAY_TYPE_RKDRM to WSDISPLAY_TYPE_KMS such that we can use it
kettenis [Fri, 19 Jan 2024 17:51:15 +0000 (17:51 +0000)]
Rename WSDISPLAY_TYPE_RKDRM to WSDISPLAY_TYPE_KMS such that we can use it
for other generic KMS drivers.

ok jsg@, matthieu@

9 months ago_execvesize.c is no longer generated to support pinsyscall(SYS_execve
deraadt [Fri, 19 Jan 2024 17:02:28 +0000 (17:02 +0000)]
_execvesize.c is no longer generated to support pinsyscall(SYS_execve

9 months agoMove mktemp.c to stdlib where it belongs.
millert [Fri, 19 Jan 2024 16:30:28 +0000 (16:30 +0000)]
Move mktemp.c to stdlib where it belongs.
OK deraadt@

9 months agosync
deraadt [Fri, 19 Jan 2024 16:14:58 +0000 (16:14 +0000)]
sync

9 months agoM_PINSYSCALL is for pinsyscalls(2), not pinsyscall(2)
deraadt [Fri, 19 Jan 2024 15:10:27 +0000 (15:10 +0000)]
M_PINSYSCALL is for pinsyscalls(2), not pinsyscall(2)

9 months agopinsyscall(SYS_execve) will soon go away, so the sys/acct.h bit AEXECVE
deraadt [Fri, 19 Jan 2024 14:25:03 +0000 (14:25 +0000)]
pinsyscall(SYS_execve) will soon go away, so the sys/acct.h bit AEXECVE
can also be remove.  Delete the code using it from the one program that
inspects it.

9 months agoStop initializing pinsyscall(SYS_execve in dynamic binaries that contain
deraadt [Fri, 19 Jan 2024 14:16:41 +0000 (14:16 +0000)]
Stop initializing pinsyscall(SYS_execve in dynamic binaries that contain
a reference reaching the execve(2) stub.  The new pinsyscalls(2) that
applies to all system calls has made this redundant.

9 months agoStop initializing pinsyscall(SYS_execve in static binaries that contain
deraadt [Fri, 19 Jan 2024 14:15:51 +0000 (14:15 +0000)]
Stop initializing pinsyscall(SYS_execve in static binaries that contain
an execve(2) stub.  The new pinsyscalls(2) that applies to all system
calls has made this redundant.

9 months agoEnable shutdown regress test.
jsing [Fri, 19 Jan 2024 08:29:26 +0000 (08:29 +0000)]
Enable shutdown regress test.

9 months agoAdd regress test coverage for SSL_shutdown().
jsing [Fri, 19 Jan 2024 08:29:08 +0000 (08:29 +0000)]
Add regress test coverage for SSL_shutdown().

This tests and codifies the behaviour of SSL_shutdown() with respect to
SSL_quiet_shutdown() and SSL_set_shutdown(). For now, only the legacy stack
(TLSv1.2) is tested, as there are currently some subtle differences with
the TLSv1.3 stack.

9 months agoadd iwn(4) to arm64 GENERIC
mlarkin [Fri, 19 Jan 2024 06:59:10 +0000 (06:59 +0000)]
add iwn(4) to arm64 GENERIC

ok kettenis

9 months agoDefine the IPv6 related attributes from RFC 2865.
yasuoka [Fri, 19 Jan 2024 06:32:28 +0000 (06:32 +0000)]
Define the IPv6 related attributes from RFC 2865.

9 months agoconsolidate pci and cardbus detach code, and have it detach kstats.
dlg [Fri, 19 Jan 2024 03:46:14 +0000 (03:46 +0000)]
consolidate pci and cardbus detach code, and have it detach kstats.

this solves one probably with an re(4) going away.

9 months agoAdd TSO support. Previous commit fixed up a bug that could only be
jmatthew [Fri, 19 Jan 2024 03:25:13 +0000 (03:25 +0000)]
Add TSO support.  Previous commit fixed up a bug that could only be
triggered with TCP socket splicing and TSO, and with that fixed, it
works reliably.

tested by hrvoje, jan@, mbuhl@, bluhm@, feedback from jan@ and bluhm@,
ok jan@ mbuhl@ bluhm@

9 months agoUnify inpcb API for inet and inet6.
bluhm [Fri, 19 Jan 2024 02:24:07 +0000 (02:24 +0000)]
Unify inpcb API for inet and inet6.

Many functions for IPv4 call their IPv6 counterpart if INP_IPV6 is
set at the socket's pcb.  By using the generic API consistently,
the logic is not in the caller it gets more readable.

OK mvs@

9 months agoBackout priterator() for walking allprocess list.
bluhm [Fri, 19 Jan 2024 01:43:26 +0000 (01:43 +0000)]
Backout priterator() for walking allprocess list.

This approach does not work as LIST_NEXT() of a removed element
does not return NULL.  I causes a crash in syzcaller and triggers
kernel diagnostic assertion "vp->v_uvcount == 0" in sys/kern/kern_unveil.c
line 845 during reboot.  Unfortunately the backout brings back the
race in fill_file() and fstat(1) may crash the kernel.

Reported-by: syzbot+54fba1c004d7383d5e85@syzkaller.appspotmail.com
9 months agothe warning about syscall going away is a bit dated now.
deraadt [Thu, 18 Jan 2024 19:00:11 +0000 (19:00 +0000)]
the warning about syscall going away is a bit dated now.
ok miod tb

9 months agoec_point_conversion: zap an empty line
tb [Thu, 18 Jan 2024 16:49:40 +0000 (16:49 +0000)]
ec_point_conversion: zap an empty line

9 months agoSwitch from EVP_CIPHER_type() to EVP_CIPHER_nid()
tb [Thu, 18 Jan 2024 16:30:43 +0000 (16:30 +0000)]
Switch from EVP_CIPHER_type() to EVP_CIPHER_nid()

EVP_CIPHER_type() will never return NID_gost89_cnt since it has no
associated ASN1_OBJECT. Switching to EVP_CIPHER_nid() has a slight
chance of working. Do that before beck applies the flensing knife.

ok beck

9 months agofix macro to look more like a function, remove extraneous ;
espie [Thu, 18 Jan 2024 15:34:29 +0000 (15:34 +0000)]
fix macro to look more like a function, remove extraneous ;
(clang's -Weverything would correctly warn about the resulting empty
statement)

No generated code change

9 months agoConvert IMSG_UPDATE and session_update() to new imsg API and ibufs.
claudio [Thu, 18 Jan 2024 14:56:44 +0000 (14:56 +0000)]
Convert IMSG_UPDATE and session_update() to new imsg API and ibufs.
OK tb@

9 months agoUse imsg_get_fd() in vmd.
claudio [Thu, 18 Jan 2024 14:49:59 +0000 (14:49 +0000)]
Use imsg_get_fd() in vmd.

vmd uses a lot of fd passing and does it sometimes via extra abstraction
so this just tries to convert the code without any optimisations.

ok dv@

9 months agoConvert the simple imsgs to use imsg_get_data().
claudio [Thu, 18 Jan 2024 14:46:21 +0000 (14:46 +0000)]
Convert the simple imsgs to use imsg_get_data().
OK tb@

9 months agoThe CRL's purported signing time actually is called thisUpdate, not lastUpdate
job [Thu, 18 Jan 2024 14:34:26 +0000 (14:34 +0000)]
The CRL's purported signing time actually is called thisUpdate, not lastUpdate

OK tb@ claudio@

9 months agoMove the rtable_exists() check into in_pcbset_rtableid().
claudio [Thu, 18 Jan 2024 11:03:16 +0000 (11:03 +0000)]
Move the rtable_exists() check into in_pcbset_rtableid().
OK bluhm@ mvs@

9 months agoConvert privsep imsg code to use imsg_get_fd().
claudio [Thu, 18 Jan 2024 09:58:23 +0000 (09:58 +0000)]
Convert privsep imsg code to use imsg_get_fd().

ok yasuoka

9 months agoFix IMSG_RECONF_ASPA handling. The rde did not expect what the rtr process
claudio [Thu, 18 Jan 2024 09:39:36 +0000 (09:39 +0000)]
Fix IMSG_RECONF_ASPA handling. The rde did not expect what the rtr process
was sending and hit the error path because of that. Since the encoding
as two uint32_t in rtr.c is awkward use the same way that the parent is
sending the aspa sets. This uses a local copy so that the included expire
filed is forced to 0 (the RDE does not use that field).
OK tb@

9 months agoreduce diff to linux
jsg [Thu, 18 Jan 2024 08:50:27 +0000 (08:50 +0000)]
reduce diff to linux

9 months agoUse solock() instead of netlock within fill_file(). This makes all
mvs [Thu, 18 Jan 2024 08:48:32 +0000 (08:48 +0000)]
Use solock() instead of netlock within fill_file(). This makes all
socket types protected. The netlock is still used while fill_file()
called through *table.inpt_queue walkthroughs, but this is the inet
sockets case.

ok bluhm

9 months agoUse `nowake' as tsleep_nsec(9) ident. It has no corresponding wakeup(9).
mvs [Thu, 18 Jan 2024 08:46:41 +0000 (08:46 +0000)]
Use `nowake' as tsleep_nsec(9) ident. It has no corresponding wakeup(9).

ok bluhm

9 months agoremove duplicate defines, merge error from local patches
jsg [Thu, 18 Jan 2024 07:52:37 +0000 (07:52 +0000)]
remove duplicate defines, merge error from local patches

9 months agoremove duplicate steam deck block, merge error from local patches
jsg [Thu, 18 Jan 2024 06:24:03 +0000 (06:24 +0000)]
remove duplicate steam deck block, merge error from local patches

9 months agoInstead of skipping the call to hdcp_destroy(), use NULL for the kobject
jsg [Thu, 18 Jan 2024 05:01:52 +0000 (05:01 +0000)]
Instead of skipping the call to hdcp_destroy(), use NULL for the kobject
argument.  Unused in the function itself as we define away
sysfs_remove_bin_file().

9 months agoFix core file writing when a file map into memory has later been truncated
kurt [Wed, 17 Jan 2024 22:22:25 +0000 (22:22 +0000)]
Fix core file writing when a file map into memory has later been truncated
to be smaller than the mapping. Record which memory segments are backed by
vnodes while walking the uvm map and later suppress EFAULT errors caused
by the underlying file being truncated. okay miod@

9 months agoSince pinsyscalls(2) applies to all system calls and does a more precise
deraadt [Wed, 17 Jan 2024 18:56:13 +0000 (18:56 +0000)]
Since pinsyscalls(2) applies to all system calls and does a more precise
check earlier, the pinsyscall(SYS_execve mechanism has become redundant.
It needs to be removed delicately since ld.so and static binaries use it.
As a first step, neuter the checking code in sys_execve().  Further steps
will follow slowly.
ok kettenis

9 months agovery ugly whitespaces
deraadt [Wed, 17 Jan 2024 13:00:05 +0000 (13:00 +0000)]
very ugly whitespaces

9 months agoUse imsg_get_fd()
claudio [Wed, 17 Jan 2024 10:01:24 +0000 (10:01 +0000)]
Use imsg_get_fd()

As usual proc_forward_imsg() is never forwarding a file descriptor so
just use -1 there. This should be replaced by imsg_forward().
All other changes are simple conversions.

OK tb@

9 months agoUse imsg_get_fd() and a local variable.
claudio [Wed, 17 Jan 2024 08:28:15 +0000 (08:28 +0000)]
Use imsg_get_fd() and a local variable.
OK florian@

9 months agoZap trailing space.
ajacoutot [Wed, 17 Jan 2024 08:26:06 +0000 (08:26 +0000)]
Zap trailing space.

from Kirill Miazine, thanks.

9 months agoConvert to use imsg_get_fd()
claudio [Wed, 17 Jan 2024 08:25:02 +0000 (08:25 +0000)]
Convert to use imsg_get_fd()

proc_forward_imsg() does not need to forward file descriptors so just use
-1 there. In other places shuffle debug messages around or use a helper
variable since imsg_get_fd() can only be called once.

OK tb@ tobhe@

9 months agoConvert to use imsg_get_fd() since proc_forward_imsg() never forwards a
claudio [Wed, 17 Jan 2024 08:22:40 +0000 (08:22 +0000)]
Convert to use imsg_get_fd() since proc_forward_imsg() never forwards a
file descriptor just use -1 there.
OK tb@

9 months agoGet all variable-length values for the parent server before linking the
claudio [Wed, 17 Jan 2024 08:20:58 +0000 (08:20 +0000)]
Get all variable-length values for the parent server before linking the
server onto various list. Fixes a use-after-free if former fails.
OK tb@

9 months agounstub i915_driver_hw_remove()
jsg [Wed, 17 Jan 2024 06:28:15 +0000 (06:28 +0000)]
unstub i915_driver_hw_remove()

9 months agoupdate drm to linux 6.6.12
jsg [Tue, 16 Jan 2024 23:37:50 +0000 (23:37 +0000)]
update drm to linux 6.6.12

Thanks to the OpenBSD Foundation for sponsoring this work.

9 months agoUpdate standards reference
job [Tue, 16 Jan 2024 19:52:39 +0000 (19:52 +0000)]
Update standards reference

9 months agoprint flag 'l' for base program or ld.so being under pinsyscalls enforcement,
deraadt [Tue, 16 Jan 2024 19:08:37 +0000 (19:08 +0000)]
print flag 'l' for base program or ld.so being under pinsyscalls enforcement,
and 'L' for libc.so.  This flag printing may be deleted once we are entirely
confident this is working correctly.
ok kettenis

9 months agoRead PT_OPENBSD_SYSCALLS in libc.so, and convert it to a table for
deraadt [Tue, 16 Jan 2024 19:07:31 +0000 (19:07 +0000)]
Read PT_OPENBSD_SYSCALLS in libc.so, and convert it to a table for
pinsyscalls(2).
ok kettenis

9 months agoThe kernel will now read pinsyscall tables out of PT_OPENBSD_SYSCALLS in
deraadt [Tue, 16 Jan 2024 19:05:00 +0000 (19:05 +0000)]
The kernel will now read pinsyscall tables out of PT_OPENBSD_SYSCALLS in
the main program or ld.so, and accept a submission of that information
for libc.so from ld.so via pinsyscalls(2).  At system call invocation,
the syscall number is matched to the specific address it must come from.
ok kettenis, gnezdo, testing of variations by many people

9 months agoHandle variable names (things strating with $ or @) in yylex() this way
claudio [Tue, 16 Jan 2024 14:35:56 +0000 (14:35 +0000)]
Handle variable names (things strating with $ or @) in yylex() this way
the error handling of strange variable names can be better controlled.
With and OK dv@

9 months agoConvert to imsg_get_fd() and remove unused proc_forward_imsg().
claudio [Tue, 16 Jan 2024 13:33:12 +0000 (13:33 +0000)]
Convert to imsg_get_fd() and remove unused proc_forward_imsg().
OK martijn@

9 months agoSwitch session_notification() over to use a struct ibuf to carry the
claudio [Tue, 16 Jan 2024 13:15:31 +0000 (13:15 +0000)]
Switch session_notification() over to use a struct ibuf to carry the
extra data. With this IMSG_UPDATE_ERR can use the new imsg API.

Introduce session_notification_data() for the few cases where there
is no ibuf readily available.

OK tb@

9 months agoUse imsg_get_fd() instead of direct access to imsg.fd
claudio [Tue, 16 Jan 2024 13:09:11 +0000 (13:09 +0000)]
Use imsg_get_fd() instead of direct access to imsg.fd

The change in proc.c can be further simplified once imsg_free() takes
care of unclaimed file descriptors.

OK nicm@

9 months agoUse imsg_get_fd() and adjust cleanup code accordingly.
claudio [Tue, 16 Jan 2024 13:07:29 +0000 (13:07 +0000)]
Use imsg_get_fd() and adjust cleanup code accordingly.
OK nicm@

9 months agoFix clang warning about possible unaligned access on arm64.
kevlo [Tue, 16 Jan 2024 12:21:02 +0000 (12:21 +0000)]
Fix clang warning about possible unaligned access on arm64.

ok stsp@

9 months agoCope with recent changes to pfctl output.
anton [Tue, 16 Jan 2024 06:40:07 +0000 (06:40 +0000)]
Cope with recent changes to pfctl output.

9 months agoAdd debug message for no policy found.
jan [Mon, 15 Jan 2024 21:37:58 +0000 (21:37 +0000)]
Add debug message for no policy found.

In this case iked would just silently drop incomming connections.
Thus, the user has a chance to figure out whats going on.

ok tobhe@

9 months agoMake sure to return a proper string in ai_canonname.
florian [Mon, 15 Jan 2024 18:03:39 +0000 (18:03 +0000)]
Make sure to return a proper string in ai_canonname.

When we made sure that getaddrinfo(3) always resolves "localhost" to
the loopback address we forgot to set ai_canonname if AI_CANONNAME or
AI_FQDN is set. On a successful call ai_canonname has to be a NUL-terminated
string if either of those flags are set.

Problem observed by a@alexis-fouilhe.fr in smtpd(8) with a hostname of
"localhost".

OK millert

9 months agoAdd support for bringing up RTKit while !cold.
kettenis [Mon, 15 Jan 2024 16:57:31 +0000 (16:57 +0000)]
Add support for bringing up RTKit while !cold.

ok tobhe@

9 months agoIntroduce priterator(), the `ps_list' iterator. Some of `allprocess'
mvs [Mon, 15 Jan 2024 15:47:37 +0000 (15:47 +0000)]
Introduce priterator(), the `ps_list' iterator. Some of `allprocess'
list walkthroughs have context switch within, so make exit1() wait
until the last reference released.

Reported-by: syzbot+0e9dda76c42c82c626d7@syzkaller.appspotmail.com
ok bluhm claudio

9 months agoConvert the simple bits of imsg handling over to the new imsg API.
claudio [Mon, 15 Jan 2024 15:44:50 +0000 (15:44 +0000)]
Convert the simple bits of imsg handling over to the new imsg API.

OK tb@

9 months agoInclude cert_partial_chain in iked_static instead of sending a separate
tobhe [Mon, 15 Jan 2024 15:29:00 +0000 (15:29 +0000)]
Include cert_partial_chain in iked_static instead of sending a separate
message.

from markus@

9 months agoRun the pkey cleanup test also for {Ed,X}25519
tb [Mon, 15 Jan 2024 15:09:57 +0000 (15:09 +0000)]
Run the pkey cleanup test also for {Ed,X}25519

9 months agoSwitch to EVP_CIPHER_do_all() now that snaps are available on most arches
tb [Mon, 15 Jan 2024 15:00:13 +0000 (15:00 +0000)]
Switch to EVP_CIPHER_do_all() now that snaps are available on most arches

9 months agoFetch touchpad dimensions from firmware instead of hardcoding the values
kettenis [Mon, 15 Jan 2024 13:27:20 +0000 (13:27 +0000)]
Fetch touchpad dimensions from firmware instead of hardcoding the values
for the original 13" M1 MacBook.

ok mlarkin@

9 months agoWe can't call kstat_create(9) when bringing up the secondary CPUs as it
kettenis [Mon, 15 Jan 2024 11:58:45 +0000 (11:58 +0000)]
We can't call kstat_create(9) when bringing up the secondary CPUs as it
uses an rwlock and curproc isn't initialized yet for these CPUs at this
point.  As a result we hit a "locking against myself" panic if there is
any lock contention.

Fix this by adding a new ci_midr member to struct cpu_info which gets
initialized when we identify the CPUs and use that to attach the kstat
stuff.

ok tobhe@, dlg@

9 months agoA cache can send a 'NO_DATA_AVAILABLE' error during version negotiation
claudio [Mon, 15 Jan 2024 11:55:26 +0000 (11:55 +0000)]
A cache can send a 'NO_DATA_AVAILABLE' error during version negotiation
so handle this case as well. This error triggers an RTR_EVNT_NO_DATA
event that moves the session to RTR_STATE_ESTABLISHED (and out of negotiation).

When there is no data available the session_id remains unset until data
becomes available. So handle this case not only in rtr_parse_cache_response()
but also in rtr_parse_notify().

RTR_EVNT_NO_DATA arms the RTR_EVNT_TIMER_RETRY timer. On expiry send a
reset or serial query depending on the cache session state.

OK tb@

9 months agoThe maximum number of ring slots a tx packet can use is 32, which is
jmatthew [Mon, 15 Jan 2024 08:56:45 +0000 (08:56 +0000)]
The maximum number of ring slots a tx packet can use is 32, which is
indicated by writing 0 to the 5 bit 'BD count' field in the first slot.
Accordingly, mask the value we're writing there.

Each packet uses one slot for offload information and then one per DMA
segment, which means the maximum number of DMA segments must be 31 rather
than 32.  Trying to send a packet using 33 slots makes the nic firmware
very upset.

ok dlg@

9 months agoCurrently 'pfctl -a "*" -sr' recursively walks anchor tree and shows
sashan [Mon, 15 Jan 2024 07:23:32 +0000 (07:23 +0000)]
Currently 'pfctl -a "*" -sr' recursively walks anchor tree and shows
rules found in every anchor. This commit introduces the same behavior
for tables. Command 'pfctl -a "*" -sT' prints all tables attached to
every anchor loaded to pf(4).

Inconsistency has been noticed by Klemens (kn@).

OK @bluhm, OK @kn

9 months agoFrom "Lorenz (xha)" (me(at)xha.li): teach binutils how to assemble
guenther [Mon, 15 Jan 2024 06:57:07 +0000 (06:57 +0000)]
From "Lorenz (xha)" (me(at)xha.li): teach binutils how to assemble
endbr{64,32}

"sure" dv@ deraadt@

9 months agoIncrease wait until threshold. Should hopefully make these tests more
anton [Mon, 15 Jan 2024 06:51:54 +0000 (06:51 +0000)]
Increase wait until threshold. Should hopefully make these tests more
stable.

9 months agovio(4): poll device status after issuing device reset.
dv [Mon, 15 Jan 2024 02:35:23 +0000 (02:35 +0000)]
vio(4): poll device status after issuing device reset.

The virtio spec says a driver "should" wait for a device to report
a clear device status after performing a reset. In some hypervisors,
this doesn't matter as the vcpu's io instruction emulation and
virtio network device emulation happen serially in the same thread.
In hypervisors like vmd(8), device reset happens asynchronously and
the driver can't assume the device is ready.

This race condition results in mbuf pool corruption, causing panics.

Bug reported and reproduced by bluhm@. Root cause found and diff
from sf@. ok dv@ and committed on sf@'s behalf with his permission.

9 months agoclockintr: move CLST_IGNORE_REQUESTS from cl_flags to cq_flags
cheloha [Mon, 15 Jan 2024 01:15:37 +0000 (01:15 +0000)]
clockintr: move CLST_IGNORE_REQUESTS from cl_flags to cq_flags

In the near future, we will add support for destroying clockintr
objects.  When this happens, it will no longer be safe to dereference
the pointer to the expired clockintr during the dispatch loop in
clockintr_dispatch() after reentering cq_mtx.  This means we will not
be able to safely check for the CLST_IGNORE_REQUESTS flag.

So replace the CLST_IGNORE_REQUESTS flag in cl_flags with the
CQ_IGNORE_REQUESTS flag in cq_flags.  The semantics are the same.
Both cl_flags and cq_flags are protected by cq_mtx.

Note that we cannot move the CLST_IGNORE_REQUESTS flag to cr_flags in
struct clockrequest: that member is owned by the dispatching CPU and
is not mutated with atomic operations.

9 months agoTidy a few more includes in cms/
tb [Sun, 14 Jan 2024 18:40:24 +0000 (18:40 +0000)]
Tidy a few more includes in cms/

9 months agosys/sched.h: conceal <sys/queue.h> inclusion from userspace
cheloha [Sun, 14 Jan 2024 17:23:56 +0000 (17:23 +0000)]
sys/sched.h: conceal <sys/queue.h> inclusion from userspace

Nothing outside of the _KERNEL guard in <sys/sched.h> needs
<sys/queue.h>, so move its inclusion under _KERNEL.

Requested by claudio@.

Link: https://marc.info/?l=openbsd-tech&m=169937494818685&w=2
ok claudio@

9 months agosys/sched.h: conceal struct schedstate_percpu definition from userspace
cheloha [Sun, 14 Jan 2024 17:11:55 +0000 (17:11 +0000)]
sys/sched.h: conceal struct schedstate_percpu definition from userspace

struct schedstate_perpcu contains struct clockintr pointers.  struct
clockintr is not defined in userspace, so move schedstate_percpu into
the _KERNEL guard to hide it from userspace.  Nothing in base userspace
uses schedstate_percpu.

Thread: https://marc.info/?l=openbsd-tech&m=169861224916185&w=2

ok claudio@ millert@

9 months agoWhenever we have a libc major bump, we run the risk that dependent shared
kettenis [Sun, 14 Jan 2024 09:39:03 +0000 (09:39 +0000)]
Whenever we have a libc major bump, we run the risk that dependent shared
libraries will request a different (major) libc version from the one
requested by the binary itself.  For various reasons loading multiple libc
versions is not a good idea, and since the introduction of msyscall(2)
support, system calls will only work when called from one of the two loaded
libcs.  This really means that when we have a libc major bump, users must
update all dynamic executables and shared libraries in the system.

However, to ease this transition, change ld.so to only load the first libc
version that we encounter (in a breadth first sense) and substitute that
libc version for all further loads of libc, even if different versions are
requested.  This is done silently since I can't come up with a good warning
message.  In practice this means the libc version requested by the
executable itself will be loaded.  This means that shared libraries may
fail to load if they use a symbol that has been removed.  But given the
constraints, this is the best that we can do.  Even when we bump the
libc major, the set of changes is typically small and most binaries and
shared libraries will continue to run and allow the user to run pkg_add -u
without any fallout.

ok deraadt@, gkoehler@

9 months agoPrepare for removing most of the X509_TRUST API
tb [Sat, 13 Jan 2024 19:57:38 +0000 (19:57 +0000)]
Prepare for removing most of the X509_TRUST API

X509_check_trust() is of course used by the verifier. Unfortunately
M2Crypto exposes it. The only other part of the X509_TRUST API that
are still needed are the X509_TRUST_* macros in x509.h, as they are
used via *_set_trust and indirectly via the purpose stuff. The rest
will be removed.

X509_TRUST_add() was defanged recently, in particular it no longer
hangs strdup()'ed strings off the global struct. Nothing ever cleaned
these up. TRUST_cleanup() attempted to do so, but since it checked
the dynamic/dynamic strings flags in the wrong order, that cleanup
call ended up doing nothing, so that code was removed at some point.

As a consequence, the struct can now be made const. Use a CTASSERT()
to ensure size assumptions on X509_TRUST_COUNT, X509_TRUST_MAX, and
X509_TRUST_MIN hold true.

Remove the global variable underlying X509_TRUST_set_default()'s
functionality and move its accessor down to all the other functions
that will be deleted.

Inline a few things in X509_check_trust(), so we can excise the
internals of X509_TRUST_get0(), X509_TRUST_get_by_id(). Since the
default trust function can no longer be changed, call obj_trust()
directly.

ok jsing

9 months agoRemove check{,obj_cleanup}_defer documentation
tb [Sat, 13 Jan 2024 19:06:20 +0000 (19:06 +0000)]
Remove check{,obj_cleanup}_defer documentation

Both check_defer() and the global variable obj_cleanup_defer were removed
from the public API two years ago. Now they were removed from the internals
as well, simplifying the cleanup process greatly. We no longer need them
to have a chance to understand the cleanup process. Also remove references
to EVP_cleanup() since this has long been deprecated and now it doesn't
clean up things anymore.

9 months agoRemove mention of a refcount bug
tb [Sat, 13 Jan 2024 18:37:51 +0000 (18:37 +0000)]
Remove mention of a refcount bug

Said bug was fixed in OpenSSL 1.0.0, released 14 years ago. It is of course
unsurprising that you may accidentally increment the refcount if your idiom
for decrementing it is CRYPTO_add(&bio-references, -1, CRYPTO_LOCK_BIO)).

9 months agoBIO_f_ssl.3: Remove explicit library initialization
tb [Sat, 13 Jan 2024 17:50:01 +0000 (17:50 +0000)]
BIO_f_ssl.3: Remove explicit library initialization

9 months agoRemove calls to OpenSSL_add_all_{ciphers,digests}()
tb [Sat, 13 Jan 2024 17:04:29 +0000 (17:04 +0000)]
Remove calls to OpenSSL_add_all_{ciphers,digests}()

9 months agoMove errno.h inclusion where it belongs
tb [Sat, 13 Jan 2024 16:32:53 +0000 (16:32 +0000)]
Move errno.h inclusion where it belongs

9 months agoClean up EVP_MD_CTX_init() usage in ASN1_item_sign()
joshua [Sat, 13 Jan 2024 13:59:18 +0000 (13:59 +0000)]
Clean up EVP_MD_CTX_init() usage in ASN1_item_sign()

ok tb@

9 months agoPrepare to remove the EVP_PKEY_meth_* API
tb [Sat, 13 Jan 2024 12:46:59 +0000 (12:46 +0000)]
Prepare to remove the EVP_PKEY_meth_* API

After removing the last caller of EVP_PKEY_meth_find() from libssl, none
of these is used. And with EVP_PKEY_meth_new() gone, there will no longer
be a way to get your hands onto an EVP_PKEY_METHOD that is writable, so
none of the silent failures (because they're void functions) should matter
in the few weeks until we bump.

ok jsing

9 months agoThe OBJ_NAME API joins the party in evp_names.c
tb [Sat, 13 Jan 2024 12:18:52 +0000 (12:18 +0000)]
The OBJ_NAME API joins the party in evp_names.c

... and another file without license disappears.