openbsd
10 months agoHoist OBJ_sn2nid() over OBJ_ln2nid()
tb [Fri, 15 Dec 2023 01:51:23 +0000 (01:51 +0000)]
Hoist OBJ_sn2nid() over OBJ_ln2nid()

In all other places, the short name comes before the long name, so fix
the only exception.

10 months agoCoverity rightly points out that an unsigned int is always >= 0
tb [Fri, 15 Dec 2023 01:47:50 +0000 (01:47 +0000)]
Coverity rightly points out that an unsigned int is always >= 0

10 months agoUse inpcb table mutex to set addresses.
bluhm [Fri, 15 Dec 2023 00:24:56 +0000 (00:24 +0000)]
Use inpcb table mutex to set addresses.

Protect all remaining write access to inp_faddr and inp_laddr with
inpcb table mutex.  Document inpcb locking for foreign and local
address and port and routing table id.  Reading will be made MP
safe by adding per socket rw-locks in a next step.

OK sashan@ mvs@

10 months agoOBJ_create: sorry Omar, aobj is a better name than op
tb [Thu, 14 Dec 2023 18:32:49 +0000 (18:32 +0000)]
OBJ_create: sorry Omar, aobj is a better name than op

Done.

10 months agoOBJ_create: use a nid variable to avoid nested function call
tb [Thu, 14 Dec 2023 18:31:03 +0000 (18:31 +0000)]
OBJ_create: use a nid variable to avoid nested function call

10 months agoOBJ_create: malloc() -> calloc()
tb [Thu, 14 Dec 2023 18:16:13 +0000 (18:16 +0000)]
OBJ_create: malloc() -> calloc()

10 months agoOBJ_create: test and assign as usual
tb [Thu, 14 Dec 2023 18:15:21 +0000 (18:15 +0000)]
OBJ_create: test and assign as usual

10 months agoOBJ_create: initialize buf and turn function into single exit
tb [Thu, 14 Dec 2023 18:12:51 +0000 (18:12 +0000)]
OBJ_create: initialize buf and turn function into single exit

10 months agoOBJ_create: rename ok to ret and make it last declaration
tb [Thu, 14 Dec 2023 18:10:32 +0000 (18:10 +0000)]
OBJ_create: rename ok to ret and make it last declaration

10 months agoOBJ_create(): rename i to len
tb [Thu, 14 Dec 2023 18:09:35 +0000 (18:09 +0000)]
OBJ_create(): rename i to len

10 months agoOBJ_create(): remove pointless parentheses
tb [Thu, 14 Dec 2023 18:08:18 +0000 (18:08 +0000)]
OBJ_create(): remove pointless parentheses

10 months agoOBJ_create(): remove useless cast
tb [Thu, 14 Dec 2023 18:06:44 +0000 (18:06 +0000)]
OBJ_create(): remove useless cast

10 months agoOPENSSL_assert() that the passed nid is within range
tb [Thu, 14 Dec 2023 15:33:09 +0000 (15:33 +0000)]
OPENSSL_assert() that the passed nid is within range

discussed with deraadt and jsing

10 months agoBump OPENSSL_showfatal() from LOG_INFO to LOG_CONS
tb [Thu, 14 Dec 2023 15:31:22 +0000 (15:31 +0000)]
Bump OPENSSL_showfatal() from LOG_INFO to LOG_CONS

This way people can actually notice that an OPENSSL_assert() triggered.

discussed with deraadt and jsing

10 months agoMove the txt to obj/nid conversions a bit down.
tb [Thu, 14 Dec 2023 14:45:45 +0000 (14:45 +0000)]
Move the txt to obj/nid conversions a bit down.

No code change

10 months agoDedup OBJ_nid2{obj,sn,ln}()
tb [Thu, 14 Dec 2023 14:33:23 +0000 (14:33 +0000)]
Dedup OBJ_nid2{obj,sn,ln}()

First get the obj corresponding to nid, then inspect its sn and ln.
Shaves off 40 lines of code and will simplify locking.

10 months agoWorkaround for broken clang which has a broken -fno-zero-initialized-in-bss
claudio [Thu, 14 Dec 2023 14:04:57 +0000 (14:04 +0000)]
Workaround for broken clang which has a broken -fno-zero-initialized-in-bss
implementation.

Set nkmempages to -1 by default instead of 0 so that the value ends up in
the data section. This way config(8) is able to alter the value as promised.

See also: https://github.com/llvm/llvm-project/issues/74632
OK miod@

10 months agoSimplify OBJ_nid2obj()
tb [Thu, 14 Dec 2023 14:04:46 +0000 (14:04 +0000)]
Simplify OBJ_nid2obj()

This is now yet another identical copy of the same code...
Next step will be to dedup.

ok jsing

10 months agoSimplify OBJ_nid2sn()
tb [Thu, 14 Dec 2023 14:02:57 +0000 (14:02 +0000)]
Simplify OBJ_nid2sn()

This is exactly the same as the previous OBJ_nid2ln() change modulo
s/ln/sn/g.

ok jsing

10 months agoSimplify OBJ_nid2ln()
tb [Thu, 14 Dec 2023 14:01:42 +0000 (14:01 +0000)]
Simplify OBJ_nid2ln()

If nid is in the range of built-in NIDs, return the corresponding
long name, unless some genius left a hole. Otherwise perform a yolo
check if there are any user-added objects with matching nid in the
global hash.

This changes behavior in that we now push an OBJ_R_UNKNOWN_NID error
onto the stack even if there are no user-added objects.

ok jsing

10 months agoMostly straightforward conversion to imsg_get_fd() only the handling
claudio [Thu, 14 Dec 2023 13:52:37 +0000 (13:52 +0000)]
Mostly straightforward conversion to imsg_get_fd() only the handling
of the control socket needs a local variable since imsg_get_fd() can
only be called once on an imsg.
OK tb@

10 months agoThere is no more option NKMEMPAGES_MAX
claudio [Thu, 14 Dec 2023 13:34:23 +0000 (13:34 +0000)]
There is no more option NKMEMPAGES_MAX
OK miod@

10 months agoNKMEMPAGES_MAX_DEFAULT is no longer used. Remove it from param.h.
claudio [Thu, 14 Dec 2023 13:26:49 +0000 (13:26 +0000)]
NKMEMPAGES_MAX_DEFAULT is no longer used. Remove it from param.h.
OK miod@

10 months agoConstrain the AFRINIC TA further
job [Thu, 14 Dec 2023 12:26:03 +0000 (12:26 +0000)]
Constrain the AFRINIC TA further

Today AFRINIC clarified its actual current resource holdings by issuing
a new CA certificate in response to a report on overclaiming:
https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html

OK tb@

10 months agoFix sk_deep_copy() implementation
tb [Thu, 14 Dec 2023 12:02:10 +0000 (12:02 +0000)]
Fix sk_deep_copy() implementation

sk_deep_copy() is bad code. It is less bad than the upstream code, but
still bad: it passes strdup() through a void pointer and assigns it to
a function pointer of different type before calling the latter. That's
not kosher in more than one way.

There is no need for such gymnastics. If we need a deep copy for a type,
we should implement it as appropriate for that type.

Also, we should not expect and even less so allow holes in a STACK_OF().
The only way the vpm->hosts can be populated is by way of this deep_copy
function or x509_param_set_hosts_internal(), which pushes only after a
non-NULL check. Invariants: they're useful.

ok jsing

10 months agoBring default logic to set nkmempages into the 21st century.
claudio [Thu, 14 Dec 2023 11:58:09 +0000 (11:58 +0000)]
Bring default logic to set nkmempages into the 21st century.

The new logic is:
Up to 1G physmem use physical memory / 4,
above 1G add an extra 16MB per 1G of memory.

Clamp it down depending on available kernel virtual address space
 - up and including 512M -> 64MB (macppc, arm, sh)
 - between 512M and 1024M -> 128MB (hppa, i386, mips, luna88k)
 - over 1024M clamping to VM_KERNEL_SPACE_SIZE / 4

The result is much more malloc(9) space on 64bit archs with lots of memory
and large kva space.
Note: amd64 only has 4G of kva and therefor nkmempages is limited to 262144

As a side-effect NKMEMPAGES_MAX and nkmempages_max are no longer used.
Tested and OK miod@

10 months agoUse imsg_get_fd() to access the file descriptor passed in the imsg.
claudio [Thu, 14 Dec 2023 11:10:19 +0000 (11:10 +0000)]
Use imsg_get_fd() to access the file descriptor passed in the imsg.
OK tb@

10 months agoUse imsg_get_fd() to access the file descriptor passed in the imsg.
claudio [Thu, 14 Dec 2023 11:09:56 +0000 (11:09 +0000)]
Use imsg_get_fd() to access the file descriptor passed in the imsg.
OK tb@

10 months agoUse imsg_get_fd() to access the file descriptor passed in the imsg.
claudio [Thu, 14 Dec 2023 11:09:34 +0000 (11:09 +0000)]
Use imsg_get_fd() to access the file descriptor passed in the imsg.
OK tb@

10 months agoRewrite send_packet to update the eigrp header without using ibuf_seek.
claudio [Thu, 14 Dec 2023 10:02:27 +0000 (10:02 +0000)]
Rewrite send_packet to update the eigrp header without using ibuf_seek.

There is a long term goal to remove ibuf_seek from the public ibuf API
since the function is a bit tricky to use.
OK tb@

10 months agoUse imsg_get_fd() to access the fd passed with the imsg.
claudio [Thu, 14 Dec 2023 09:59:27 +0000 (09:59 +0000)]
Use imsg_get_fd() to access the fd passed with the imsg.
Go ahead florian@ OK tb@

10 months agoUse imsg_get_fd() to access the fd passed with the imsg.
claudio [Thu, 14 Dec 2023 09:58:59 +0000 (09:58 +0000)]
Use imsg_get_fd() to access the fd passed with the imsg.
Go ahead florian@ OK tb@

10 months agoUse imsg_get_fd() to access the fd passed with the imsg.
claudio [Thu, 14 Dec 2023 09:58:37 +0000 (09:58 +0000)]
Use imsg_get_fd() to access the fd passed with the imsg.
Go ahead florian@ OK tb@

10 months agoFor historical reasons, APNIC ended up with a v6 block for IX assignments
job [Thu, 14 Dec 2023 09:13:00 +0000 (09:13 +0000)]
For historical reasons, APNIC ended up with a v6 block for IX assignments
carved out of a larger block assigned to RIPE NCC

OK tb@

10 months agorpki-client: make IP address block checks stricter
tb [Thu, 14 Dec 2023 07:52:53 +0000 (07:52 +0000)]
rpki-client: make IP address block checks stricter

There are only two valid AFIs in this context, so check that we have one
or two of them. We only accept the IPv4 and IPv6 AFIs in ip_add_afi_parse()
and reject any SAFI, so enforce that neither AFI is repeated. This doesn't
change things for certificates, where all this is implied by other checks
combined. Making this explicit and match the logic needed for ROAs is a win.

looks good to job
ok claudio

10 months agodrm/i915: Skip some timing checks on BXT/GLK DSI transcoders
jsg [Thu, 14 Dec 2023 05:47:41 +0000 (05:47 +0000)]
drm/i915: Skip some timing checks on BXT/GLK DSI transcoders

From Ville Syrjala
f38b4e99e24cbc45084552fe50273ed847a4f511 in linux-6.1.y/6.1.68
20c2dbff342aec13bf93c2f6c951da198916a455 in mainline linux

10 months agodrm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo
jsg [Thu, 14 Dec 2023 05:44:58 +0000 (05:44 +0000)]
drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo

From Jani Nikula
d9ef7b05ccd7f4f0d12b7aed2a2e5858809dd4a4 in linux-6.1.y/6.1.68
f2f9c8cb6421429ef166d6404426693212d0ca07 in mainline linux

10 months agodrm/i915/lvds: Use REG_BIT() & co.
jsg [Thu, 14 Dec 2023 05:43:28 +0000 (05:43 +0000)]
drm/i915/lvds: Use REG_BIT() & co.

From Ville Syrjala
cf70d62ace9070fb8be900fa87cb2e43cbc1fa9f in linux-6.1.y/6.1.68
9dd56e979cb69f5cd904574c852b620777a2f69f in mainline linux

10 months agodrm/i915/display: Drop check for doublescan mode in modevalid
jsg [Thu, 14 Dec 2023 05:40:30 +0000 (05:40 +0000)]
drm/i915/display: Drop check for doublescan mode in modevalid

From Ankit Nautiyal
e6d55cf4939987eb1761cb0cbf47af233123da87 in linux-6.1.y/6.1.68
9d04eb20bc71a383b4d4e383b0b7fac8d38a2e34 in mainline linux

10 months agodrm/amdgpu: Update EEPROM I2C address for smu v13_0_0
jsg [Thu, 14 Dec 2023 05:38:21 +0000 (05:38 +0000)]
drm/amdgpu: Update EEPROM I2C address for smu v13_0_0

From Candice Li
c8bf22e0d0499de0692a91290f923029230a5bd4 in linux-6.1.y/6.1.68
e0409021e34af50e7b6f31635c8d21583d7c43dd in mainline linux

10 months agodrm/amdgpu: Add I2C EEPROM support on smu v13_0_6
jsg [Thu, 14 Dec 2023 05:36:31 +0000 (05:36 +0000)]
drm/amdgpu: Add I2C EEPROM support on smu v13_0_6

From Candice Li
87509778718cffdee6412f0d39713f883208a013 in linux-6.1.y/6.1.68
b81fde0dfe402e864ef1ac506eba756c89f1ad32 in mainline linux

10 months agodrm/amdgpu: simplify amdgpu_ras_eeprom.c
jsg [Thu, 14 Dec 2023 05:34:50 +0000 (05:34 +0000)]
drm/amdgpu: simplify amdgpu_ras_eeprom.c

From Alex Deucher
4ccb34d4313b81d6268b1e68bd9a4e7309f096f6 in linux-6.1.y/6.1.68
6246059a19d4cd32ef1af42a6ab016b779cd68c4 in mainline linux

10 months agodrm/amdgpu: Return from switch early for EEPROM I2C address
jsg [Thu, 14 Dec 2023 05:33:28 +0000 (05:33 +0000)]
drm/amdgpu: Return from switch early for EEPROM I2C address

From Luben Tuikov
af6b1f1156fc2d886251a076b87243597301437c in linux-6.1.y/6.1.68
8782007b5f5795f118c5167f46d8c8142abcc92f in mainline linux

10 months agodrm/amdgpu: Remove second moot switch to set EEPROM I2C address
jsg [Thu, 14 Dec 2023 05:31:54 +0000 (05:31 +0000)]
drm/amdgpu: Remove second moot switch to set EEPROM I2C address

From Luben Tuikov
a3049c9a30131639f056a2b3db934c70ff91068a in linux-6.1.y/6.1.68
1bb745d7596d2b368fd9afb90473f3581495e39d in mainline linux

10 months agodrm/amdgpu: Add support for RAS table at 0x40000
jsg [Thu, 14 Dec 2023 05:30:17 +0000 (05:30 +0000)]
drm/amdgpu: Add support for RAS table at 0x40000

From Luben Tuikov
30289057ef8f8accd98ee41221c859a471f20c5c in linux-6.1.y/6.1.68
64a3dbb06ad88d89a0958ccafc4f01611657f641 in mainline linux

10 months agodrm/amdgpu: Decouple RAS EEPROM addresses from chips
jsg [Thu, 14 Dec 2023 05:27:09 +0000 (05:27 +0000)]
drm/amdgpu: Decouple RAS EEPROM addresses from chips

From Luben Tuikov
c67c553b4dd9a315919ae8990da367523fad0e38 in linux-6.1.y/6.1.68
3b8164f8084ff7888ed24970efa230ff5d36eda8 in mainline linux

10 months agodrm/amdgpu: Remove redundant I2C EEPROM address
jsg [Thu, 14 Dec 2023 05:25:39 +0000 (05:25 +0000)]
drm/amdgpu: Remove redundant I2C EEPROM address

From Luben Tuikov
ee9efcdc76af0dcb51579aa61c5019eabce93d73 in linux-6.1.y/6.1.68
da858deab88eb561f2196bc99b6dbd2320e56456 in mainline linux

10 months agodrm/amdgpu: Add EEPROM I2C address support for ip discovery
jsg [Thu, 14 Dec 2023 05:23:24 +0000 (05:23 +0000)]
drm/amdgpu: Add EEPROM I2C address support for ip discovery

From Candice Li
a945568638acfc7d2d95de520849857506b21252 in linux-6.1.y/6.1.68
c9bdc6c3cf39df6db9c611d05fc512b1276b1cc8 in mainline linux

10 months agodrm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10
jsg [Thu, 14 Dec 2023 05:20:52 +0000 (05:20 +0000)]
drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10

From Candice Li
f549f837b9aca23983540fc6498e19eee8b3073a in linux-6.1.y/6.1.68
bc22f8ec464af9e14263c3ed6a1c2be86618c804 in mainline linux

10 months agodrm/amdgpu: correct the amdgpu runtime dereference usage count
jsg [Thu, 14 Dec 2023 05:19:03 +0000 (05:19 +0000)]
drm/amdgpu: correct the amdgpu runtime dereference usage count

From Prike Liang
458affed061935948d31f5d731bbcfbff3158762 in linux-6.1.y/6.1.68
c6df7f313794c3ad41a49b9a7c95da369db607f3 in mainline linux

10 months agodrm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
jsg [Thu, 14 Dec 2023 05:17:32 +0000 (05:17 +0000)]
drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c

From Srinivasan Shanmugam
41c5dd545e765bf4677a211d3c68808d7069e4a1 in linux-6.1.y/6.1.68
93125cb704919f572c01e02ef64923caff1c3164 in mainline linux

10 months agodrm/amdgpu: fix memory overflow in the IB test
jsg [Thu, 14 Dec 2023 05:15:58 +0000 (05:15 +0000)]
drm/amdgpu: fix memory overflow in the IB test

From Tim Huang
613eaee4459dfdae02f48cd02231cc177e9c37e7 in linux-6.1.y/6.1.68
6b0b7789a7a5f3e69185449f891beea58e563f9b in mainline linux

10 months agodrm/amdgpu: correct chunk_ptr to a pointer to chunk.
jsg [Thu, 14 Dec 2023 05:14:10 +0000 (05:14 +0000)]
drm/amdgpu: correct chunk_ptr to a pointer to chunk.

From YuanShang
9046665befd6e9b9b97df458dc4c41cfe63e21d3 in linux-6.1.y/6.1.68
50d51374b498457c4dea26779d32ccfed12ddaff in mainline linux

10 months agoSimplify OBJ_ln2nid()
tb [Wed, 13 Dec 2023 23:34:45 +0000 (23:34 +0000)]
Simplify OBJ_ln2nid()

This is s/sn/ln/g of the previous commit and eliminates another
OBJ_bsearch_() user, the last one in this file. The bsearch() uses
in this file are possibly the only ones that actually make sense
since we're searching tables of roughly 1000 entries.

ok jsing

10 months agoSimplify OBJ_sn2nid()
tb [Wed, 13 Dec 2023 23:31:25 +0000 (23:31 +0000)]
Simplify OBJ_sn2nid()

Another OBJ_bsearch_() elimination.

OBJ_sn2nid() is very similar to OBJ_obj2nid(). First it tries to retrieve
an object identifier with matching "short name" from the global hash of
added objects and then searches the table of built-in objects.

ok jsing

10 months agoSimplify OBJ_obj2nid()
tb [Wed, 13 Dec 2023 23:28:47 +0000 (23:28 +0000)]
Simplify OBJ_obj2nid()

Continue with OBJ_bsearch_() elimination.

OBJ_obj2nid() first checks if the object identifier passed in has a nid
and if so, it returns that. Otherwise, it looks into the global hash of
added objects (of course without locking) for a match and then returns
the nid thereof. As a last attempt, it searches the table of built-in
object identifiers.

The last two steps can be cleaned up and simplified quite a bit by using
C99 initializers, bsearch() and an appropriate comparison function. Then
it becomes obvious that bsearch() already returns a pointer to the nid
we're looking for, so there is no point in converting that into its
corresponding obj and returning the nid thereof.

ok jsing

10 months agoImplement per-CPU caching for the page table page (vp) pool and the PTE
jca [Wed, 13 Dec 2023 18:26:41 +0000 (18:26 +0000)]
Implement per-CPU caching for the page table page (vp) pool and the PTE
descriptor (pted) pool in the [riscv64] pmap implementation.  This
significantly reduces the side-effects of lock contention on the kernel
map lock that is (incorrectly) translated into excessive page daemon
wakeups.  This is not a perfect solution but it does lead to significant
speedups [on the Hifive Unmatched]

Improvement and commit message adapted from kettenis' rev 1.110 commit
to arm64/pmap.c.  ok phessler@ kettenis@

10 months agoMatch what reorder_kernel is doing and use kern.osversion to find out whether
ajacoutot [Wed, 13 Dec 2023 17:50:23 +0000 (17:50 +0000)]
Match what reorder_kernel is doing and use kern.osversion to find out whether
we are running an MP kernel or not.

based on a reworked submission from kris at devtty dot one via deraadt@
input and ok robert@

10 months agosync
deraadt [Wed, 13 Dec 2023 16:58:32 +0000 (16:58 +0000)]
sync

10 months agoFix syscall number bounds check computations.
miod [Wed, 13 Dec 2023 15:57:22 +0000 (15:57 +0000)]
Fix syscall number bounds check computations.

10 months agoUse imsg_get_fd() to access the control fd.
claudio [Wed, 13 Dec 2023 15:34:43 +0000 (15:34 +0000)]
Use imsg_get_fd() to access the control fd.
OK tb@

10 months agoUse imsg_get_fd() to access the control fd.
claudio [Wed, 13 Dec 2023 15:34:27 +0000 (15:34 +0000)]
Use imsg_get_fd() to access the control fd.
OK tb@

10 months agoUnbreak; looks like a not up-to-date diff was commited )-:
miod [Wed, 13 Dec 2023 12:41:31 +0000 (12:41 +0000)]
Unbreak; looks like a not up-to-date diff was commited )-:

10 months agoremove -o cases; reminded by anton
kn [Wed, 13 Dec 2023 12:14:10 +0000 (12:14 +0000)]
remove -o  cases;  reminded by anton

10 months agoImpose constraints on RPKI Trust Anchors
job [Wed, 13 Dec 2023 11:34:56 +0000 (11:34 +0000)]
Impose constraints on RPKI Trust Anchors

See https://datatracker.ietf.org/doc/html/draft-snijders-constraining-rpki-trust-anchors
for more information.

Tested for a few months.

OK tb@ claudio@

10 months agoPut back variable initialization mistakenly lost in 1.162
miod [Wed, 13 Dec 2023 11:20:18 +0000 (11:20 +0000)]
Put back variable initialization mistakenly lost in 1.162

10 months agoMove a large part of SYS.h defines to DEFS.h to match where other platforms
miod [Wed, 13 Dec 2023 09:01:25 +0000 (09:01 +0000)]
Move a large part of SYS.h defines to DEFS.h to match where other platforms
put their macros, and also turn a few "EXIT" into "END" for consistency with
other platforms. NFCI
ok kettenis@ deraadt@

10 months agoOSF/1 placed alpha binaries above 4G. This affects our nopie binaries,
deraadt [Wed, 13 Dec 2023 08:10:22 +0000 (08:10 +0000)]
OSF/1 placed alpha binaries above 4G.  This affects our nopie binaries,
of which there is only one -- instbin, on the install media.  But
that is incompatible with the 32-bit offsets in openbsd.syscalls.
Move the start of openbsd nopie binaries much lower.
ok kettenis

10 months agorfc3779: remove redundant const.
tb [Wed, 13 Dec 2023 07:19:37 +0000 (07:19 +0000)]
rfc3779: remove redundant const.

This is already included in the typedef (yuck) and makes some Windows
compilers unhappy.

10 months agono more syscall.2;
jmc [Wed, 13 Dec 2023 06:39:10 +0000 (06:39 +0000)]
no more syscall.2;

10 months agotlsexttest: \178 isn't a valid octal escape sequence
tb [Wed, 13 Dec 2023 06:00:28 +0000 (06:00 +0000)]
tlsexttest: \178 isn't a valid octal escape sequence

10 months agoconstraints: \178 isn't a valid octal escape sequence
tb [Wed, 13 Dec 2023 05:59:50 +0000 (05:59 +0000)]
constraints: \178 isn't a valid octal escape sequence

10 months agox509_asn1: avoid lookup table that makes some compilers whine
tb [Wed, 13 Dec 2023 05:57:37 +0000 (05:57 +0000)]
x509_asn1: avoid lookup table that makes some compilers whine

10 months agowhen invoking KnownHostsCommand to determine the order of host key
djm [Wed, 13 Dec 2023 03:28:19 +0000 (03:28 +0000)]
when invoking KnownHostsCommand to determine the order of host key
algorithms to request, ensure that the hostname passed to the command
is decorated with the port number for ports other than 22.

This matches the behaviour of KnownHostsCommand when invoked to look
up the actual host key.

bz3643, ok dtucker@

10 months agoactually remove it, pointed out by jsg
deraadt [Wed, 13 Dec 2023 02:42:36 +0000 (02:42 +0000)]
actually remove it, pointed out by jsg

10 months agoanother syscall(2) removal chunk got lost
deraadt [Wed, 13 Dec 2023 02:31:15 +0000 (02:31 +0000)]
another syscall(2) removal chunk got lost

10 months agofiledescriptor -> file descriptor
jsg [Wed, 13 Dec 2023 00:37:42 +0000 (00:37 +0000)]
filedescriptor -> file descriptor

10 months agotwo syscall(2) removal chunks got lost
deraadt [Tue, 12 Dec 2023 23:43:35 +0000 (23:43 +0000)]
two syscall(2) removal chunks got lost

10 months agoMake -o less special, drop -o '' support, always use last value
kn [Tue, 12 Dec 2023 22:00:43 +0000 (22:00 +0000)]
Make -o less special, drop -o '' support, always use last value

ftp(1) says -o is about a single file/URL, but option handling takes the
empty string as "reset previous -o value", which makes little sense, is
undocumented and counter-intuitively works as if no -o was specified.

OK millert

10 months agoThe OID inside snmpTrapOID is of type NOTIFICATION-TYPE, which does not
martijn [Tue, 12 Dec 2023 20:18:39 +0000 (20:18 +0000)]
The OID inside snmpTrapOID is of type NOTIFICATION-TYPE, which does not
have a zero appended.

OK tb@

10 months agoDo a bitter cleanup after the config defined objects on shutdown.
martijn [Tue, 12 Dec 2023 20:15:49 +0000 (20:15 +0000)]
Do a bitter cleanup after the config defined objects on shutdown.

OK tb@

10 months agoput pinsyscalls(2) into the "always" group
deraadt [Tue, 12 Dec 2023 17:43:10 +0000 (17:43 +0000)]
put pinsyscalls(2) into the "always" group

10 months agorepair type for 2nd arg of read(2)
deraadt [Tue, 12 Dec 2023 17:39:14 +0000 (17:39 +0000)]
repair type for 2nd arg of read(2)

10 months agoio_read_buf() abused the ibuf internal rpos which is no longer allowed.
claudio [Tue, 12 Dec 2023 15:54:18 +0000 (15:54 +0000)]
io_read_buf() abused the ibuf internal rpos which is no longer allowed.
This is now just a simple wrapper around ibuf_get().
OK tb@

10 months agoibuf_getdata() abuses the rpos from the ibuf. This is no longer allowed
claudio [Tue, 12 Dec 2023 15:52:58 +0000 (15:52 +0000)]
ibuf_getdata() abuses the rpos from the ibuf. This is no longer allowed
and breaks because ibuf_seek() now uses rpos itself. Now this is just
ibuf_get_ibuf() with an extra allocation done.
OK tobhe@ tb@

10 months agoSync
claudio [Tue, 12 Dec 2023 15:50:39 +0000 (15:50 +0000)]
Sync

10 months agoMove ibuf API from imsg_init.3 to ibuf_add.3
claudio [Tue, 12 Dec 2023 15:49:21 +0000 (15:49 +0000)]
Move ibuf API from imsg_init.3 to ibuf_add.3

Document all new functions added and adjust examples in imsg_init.3
to follow the new way of handling messages.
OK tb@

10 months agoExtend imsg and ibuf API with useful getter methods
claudio [Tue, 12 Dec 2023 15:47:40 +0000 (15:47 +0000)]
Extend imsg and ibuf API with useful getter methods

For ibufs:
- various getters for ibufs (ibuf_get* and ibuf_skip)
- additional ibuf set/add functions that don't alter byte order
- ibuf_truncate and ibuf_rewind
- ibuf_from_buffer and ibuf_from_ibuf to populate a reader ibuf
- a getter for the msgbuf queuelen

For imsg:
- various getters for imsg (especially imsg_get_data() which can be used
  in most cases as a simple one call api with all error checks).
  All the imsg.hdr fields can also be accessed by getters.
- The imsg data is now actually an ibuf but the old imsg.data pointer is
  kept for now to not break every imsg application.
- Introduce imsg_forward to simply forward a message from one channel to
  an other (used in the control socket code).

Since this requires a major bump take the oportunity to also cleanup some
function signatures to use size_t for length fields. Also internal data
structures are removed from the public header.

With and OK tb@

10 months agoTo avoid kbind(2) becoming a powerful gadget, it is called inline to a
deraadt [Tue, 12 Dec 2023 15:44:00 +0000 (15:44 +0000)]
To avoid kbind(2) becoming a powerful gadget, it is called inline to a
function.  Therefore we cannot create a precise pinsyscall label.  Instead
create a duplicate entry (using inline asm) to force the kernel's pinsyscall
code to skip validation, rather than labelling it illegal.  kbind(2) remains
safe because it self-protects by checking its calling address.
ok kettenis

10 months agosync
deraadt [Tue, 12 Dec 2023 15:41:47 +0000 (15:41 +0000)]
sync

10 months agocrank libc major because syscall(2) was removed
deraadt [Tue, 12 Dec 2023 15:41:24 +0000 (15:41 +0000)]
crank libc major because syscall(2) was removed

10 months agosync
deraadt [Tue, 12 Dec 2023 15:38:15 +0000 (15:38 +0000)]
sync

10 months agosync
deraadt [Tue, 12 Dec 2023 15:32:58 +0000 (15:32 +0000)]
sync

10 months agoremove support for syscall(2) -- the "indirection system call" because
deraadt [Tue, 12 Dec 2023 15:30:55 +0000 (15:30 +0000)]
remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards.  This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go".  "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen

10 months agoslyle(9) fix. No functional changes.
mvs [Tue, 12 Dec 2023 12:38:52 +0000 (12:38 +0000)]
slyle(9) fix. No functional changes.

10 months agoThe sigtramp was calling sigreturn(2), and upon failure exit(2), which
deraadt [Tue, 12 Dec 2023 07:37:20 +0000 (07:37 +0000)]
The sigtramp was calling sigreturn(2), and upon failure exit(2), which
doesn't make sense anymore.  It is better to just issue an illegal
instruction.
ok kettenis, with some misgivings about inconsistant approaches between
architectures.
In the future we could change sigreturn(2) to never return an exit code,
but always just terminate the process.  We stopped this system call
from being callable ages ago with msyscall(2), and there is no stub for
it in libc.. maybe that's the next step to take?

10 months agosync
deraadt [Tue, 12 Dec 2023 01:45:27 +0000 (01:45 +0000)]
sync

10 months agoTurn `pflowstats' statistics counters into per-CPU counters to make them
mvs [Tue, 12 Dec 2023 00:03:31 +0000 (00:03 +0000)]
Turn `pflowstats' statistics counters into per-CPU counters to make them
mpsafe.

The weird interactions around `pflow_flows' and `sc_gcounter' replaced
by simple `pflow_flows' increment. Since the flow sequence is the 32
bits integer, the `sc_gcounter' type replaced by the type of uint32_t.

ok bluhm sashan

10 months agoMake sure the syscall table entries are aligned on a 4-byte boundary.
deraadt [Mon, 11 Dec 2023 22:29:23 +0000 (22:29 +0000)]
Make sure the syscall table entries are aligned on a 4-byte boundary.
Required for strict-alignment architectures and a good idea on others.
same as kettenis commit to libc

10 months agoMake sure the syscall table entries are aligned on a 4-byte boundary.
kettenis [Mon, 11 Dec 2023 22:24:15 +0000 (22:24 +0000)]
Make sure the syscall table entries are aligned on a 4-byte boundary.
Required for strict-alignment architectures and a good idea on others.

ok deraadt@