openbsd
3 years agomakes `struct execsw' to:
semarie [Sun, 21 Mar 2021 11:29:38 +0000 (11:29 +0000)]
makes `struct execsw' to:

- use C99-style initialization (grep works better with that)
- use const as execsw is not modified during runtime

ok mpi@

3 years agoUse uppercases for defines.
mpi [Sun, 21 Mar 2021 10:24:36 +0000 (10:24 +0000)]
Use uppercases for defines.

No functional change.

ok semarie@

3 years agoadd -n to SYNOPSIS;
jmc [Sun, 21 Mar 2021 06:44:24 +0000 (06:44 +0000)]
add -n to SYNOPSIS;

3 years agoAdd -n (no action) mode, which just parses the program and exits.
jmatthew [Sun, 21 Mar 2021 01:24:35 +0000 (01:24 +0000)]
Add -n (no action) mode, which just parses the program and exits.

ok mpi@ kn@

3 years agos/struft/struct/; thanks James Hastings
sthen [Sat, 20 Mar 2021 21:02:56 +0000 (21:02 +0000)]
s/struft/struct/; thanks James Hastings

3 years agoSync with apm(4/macppc) to document which ioctls are not supported
kn [Sat, 20 Mar 2021 19:41:44 +0000 (19:41 +0000)]
Sync with apm(4/macppc) to document which ioctls are not supported

Suspend/resume and other power events are NOT YET SUPPORTED.

3 years agoLooking at loading all expressions initially, working towards multi
lum [Sat, 20 Mar 2021 19:39:30 +0000 (19:39 +0000)]
Looking at loading all expressions initially, working towards multi
line. Next to look at "values" (quotes around values).

Current regress tests pass.

3 years agoEnd sentence and add .Pp after (all) "NOT SUPPORTED" lines
kn [Sat, 20 Mar 2021 19:36:29 +0000 (19:36 +0000)]
End sentence and add .Pp after (all) "NOT SUPPORTED" lines

3 years agoRFC 8981 allows the configuration of only temporary IPv6 addresses.
florian [Sat, 20 Mar 2021 17:11:49 +0000 (17:11 +0000)]
RFC 8981 allows the configuration of only temporary IPv6 addresses.
Keep "temporary" the default when setting inet6 autoconf but make it
possible to disable the "autoconf" flag but keep "temporary" enabled.
The normal usecase to only have temporary autoconf addresses would be
"inet6 temporary" in hostname.if
OK kn

3 years agoRFC 8981 allows the configuration of only temporary IPv6 addresses.
florian [Sat, 20 Mar 2021 17:08:57 +0000 (17:08 +0000)]
RFC 8981 allows the configuration of only temporary IPv6 addresses.
Make the interface come up when the IFXF_AUTOCONF6TEMP is set.
OK kn

3 years agoRFC 8981 allows the configuration of only temporary IPv6 addresses.
florian [Sat, 20 Mar 2021 17:07:49 +0000 (17:07 +0000)]
RFC 8981 allows the configuration of only temporary IPv6 addresses.
Track autoconf and temporary flag individually to be able to support
this.
OK kn

3 years agoFix SMALL build when done from sbin/slaacd
kn [Sat, 20 Mar 2021 16:46:03 +0000 (16:46 +0000)]
Fix SMALL build when done from sbin/slaacd

distrib/special/slaccd is the actual SMALL user but having it build from here
is useful, too;  in fact, it showed some more unused variables under SMALL.

OK florian

3 years agoSKIP_PROPOSAL has been ripped out in 2019
kn [Sat, 20 Mar 2021 16:36:52 +0000 (16:36 +0000)]
SKIP_PROPOSAL has been ripped out in 2019

3 years agotypo
tb [Sat, 20 Mar 2021 12:17:45 +0000 (12:17 +0000)]
typo

3 years agonamei: reorganize a bit the error path for simples cases
semarie [Sat, 20 Mar 2021 11:26:07 +0000 (11:26 +0000)]
namei: reorganize a bit the error path for simples cases

- move 'fail' label to end of function (instead of using the first
  if-condition)

- merge the most simples error code paths idioms from 'cleanup+return'
  to 'goto-fail'

ok mpi@

3 years agoSync some comments in order to reduce the difference with NetBSD.
mpi [Sat, 20 Mar 2021 10:24:21 +0000 (10:24 +0000)]
Sync some comments in order to reduce the difference with NetBSD.

No functionnal change.

ok kettenis@

3 years agoAdd a 'batch' mode to mg via the '-b' command line option which will
lum [Sat, 20 Mar 2021 09:00:49 +0000 (09:00 +0000)]
Add a 'batch' mode to mg via the '-b' command line option which will
initialise a pty, run the specified file of mg commands and then exit.

This is to facilitate mg fitting into the OpenBSD regress test
framework and be able to run via a cron job.

3 years agoAdd new test-tls13-multiple-ccs-messages.py
tb [Sat, 20 Mar 2021 08:12:53 +0000 (08:12 +0000)]
Add new test-tls13-multiple-ccs-messages.py

This is a test that checks for NSS's CCS flood DoS CVE-2020-25648.
The test script currently fails on LibreSSL and OpenSSL 1.1.1j because
it sends invalid records with version 0x0300 instead of 0x0303.
We have the ccs_seen logic corresponding to NSS's fix:
https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
but we do allow up to two CCS due to an interop issue with Fizz, so
at least one of the tests will likey be broken once the record version
is fixed.

3 years agouse m_dup_pkthdr in ip_fragment to copy pkthdr info to fragments.
dlg [Sat, 20 Mar 2021 01:15:28 +0000 (01:15 +0000)]
use m_dup_pkthdr in ip_fragment to copy pkthdr info to fragments.

this ensures more stuff is copied, in particular the flowid
information. this is also how v6 does it, which makes things more
consistent.

ok bluhm@

3 years agoRemove libLLVM.so.2.0 on upgrade
kn [Fri, 19 Mar 2021 23:52:55 +0000 (23:52 +0000)]
Remove libLLVM.so.2.0 on upgrade

It is over a year old and corresponds to LLVM 8.0.0 after the
"-msvr4-struct-return" ABI change;  saves 47M (on amd64).

OK deraadt

3 years agoPrepare documenting SSL_use_certificate_chain_file
tb [Fri, 19 Mar 2021 20:31:49 +0000 (20:31 +0000)]
Prepare documenting SSL_use_certificate_chain_file

3 years agoUndo previous. As pointed out by jsing I clearly wasn't fully awake...
tb [Fri, 19 Mar 2021 19:52:55 +0000 (19:52 +0000)]
Undo previous. As pointed out by jsing I clearly wasn't fully awake...

3 years agoPrepare to provide SSL_use_certificate_chain_file()
tb [Fri, 19 Mar 2021 19:51:07 +0000 (19:51 +0000)]
Prepare to provide SSL_use_certificate_chain_file()

This is the same as SSL_CTX_use_certificate_chain_file() but for an
SSL object instead of an SSL_CTX object. remi found this in a recent
librelp update, so we need to provide it. The function will be exposed
in an upcoming library bump.

ok inoguchi on an earlier version, input/ok jsing

3 years agoEdit wireguard for concision. Remove some background covered by wg(4).
procter [Fri, 19 Mar 2021 19:36:10 +0000 (19:36 +0000)]
Edit wireguard for concision. Remove some background covered by wg(4).
Swap -wgpeerall and wgpeer in synopsis to ease parsing.
"I'm good" - Matt Dunwoodie. "just commit" - jmc
suggestions and ok sthen@

3 years agoFix copy-paste error in previous
tb [Fri, 19 Mar 2021 18:52:14 +0000 (18:52 +0000)]
Fix copy-paste error in previous

Found the hard way by lists y42 org via an OCSP validation failure that
in turn caused pkg_add over TLS to fail. Detailed report by sthen.

ok sthen

3 years agoAdd an -V option to show the version of rpki-client. For the base version
claudio [Fri, 19 Mar 2021 13:56:10 +0000 (13:56 +0000)]
Add an -V option to show the version of rpki-client. For the base version
it will show just OpenBSD while -portable will show the portable version.
OK sthen@, tb@, kn@

3 years agoDelay chdir to the cache directory to after parsing the tal files.
claudio [Fri, 19 Mar 2021 09:43:59 +0000 (09:43 +0000)]
Delay chdir to the cache directory to after parsing the tal files.
Using the -t option relative locations can be passed as tal locations
and so the process can not chdir until these files were read.
OK job@

3 years agoRemove booting from kernels in raw/qcow2 images
kn [Fri, 19 Mar 2021 09:29:33 +0000 (09:29 +0000)]
Remove booting from kernels in raw/qcow2 images

Diff and (slightly tweaked) text below from
Dave Voutila < dave at sisu dot io >, thanks!

--
Since 6.7 switched to FFS2 as the default filesystem for new installs,
the ability for vmd(8) to load a kernel and boot.conf from a disk image
directly (without SeaBIOS) has been broken.

A diff from tb to add FFS2 support never mdae it into the tree.

On 5th Jan 2021, new ramdisks for amd64 have started shipping gzipped,
breaking the ability to load the bsd.rd directly as a kernel image for a vmd
guest without first uncompressing the image.

Using BIOS works, the FFS2 change happend ten months ago and few if any have
complained about the breakage.  vmctl(8) is still vague about supporting it
per its man page and one still has to pass the disk image twice as a "-b"
and "-d" argument to boot an OpenBSD guest *without* BIOS.

Josh Rickmar reported the gzip issue on bugs@ and provided patches to add
support for compressed ramdisks and kernel images.  The easiest way to do so
is to drop support for FFS images since they require a call to fmemopen(3)
while all the other logic uses fopen(3)/fdopen(3) calls and a file
descriptor.  It is much easier to get thsoe patches merged if they don't
have to account for extracting files from disk images.
--

No objections anyone
"Removing it makes sense" reyk (who wrote the FFS module)
OK mlarkin

3 years agoFix function name in warning
kn [Fri, 19 Mar 2021 08:10:57 +0000 (08:10 +0000)]
Fix function name in warning

3 years agoRTM_IFINFO is providing the mac address now, no need to go through
florian [Fri, 19 Mar 2021 07:43:27 +0000 (07:43 +0000)]
RTM_IFINFO is providing the mac address now, no need to go through
getifaddrs on every route message.
This also allows us to drop the route pledge since we only need to
fetch the interface state with getifaddrs on startup.

3 years agoanother unfortunate action to cope with relentless kernel growth
deraadt [Fri, 19 Mar 2021 04:30:56 +0000 (04:30 +0000)]
another unfortunate action to cope with relentless kernel growth

3 years agoadd a test for misc.c:argv_split(), currently fails
djm [Fri, 19 Mar 2021 04:23:50 +0000 (04:23 +0000)]
add a test for misc.c:argv_split(), currently fails

3 years agosplit
djm [Fri, 19 Mar 2021 03:25:01 +0000 (03:25 +0000)]
split

3 years agoreturn non-zero exit status when killed by signal; bz#3281
djm [Fri, 19 Mar 2021 02:22:34 +0000 (02:22 +0000)]
return non-zero exit status when killed by signal; bz#3281
ok dtucker@

3 years agoincrease maximum SSH2_FXP_READ to match the maximum packet size.
djm [Fri, 19 Mar 2021 02:18:28 +0000 (02:18 +0000)]
increase maximum SSH2_FXP_READ to match the maximum packet size.
Also handle zero-length reads that are borderline nonsensical but
not explicitly banned by the spec.
Based on patch from Mike Frysinger, feedback deraadt@ ok dtucker@

3 years agoUpdate go-module docs for recent changes, from Josh Rickmar, small tweak
sthen [Thu, 18 Mar 2021 22:36:36 +0000 (22:36 +0000)]
Update go-module docs for recent changes, from Josh Rickmar, small tweak
from me

3 years agoFrom Joachim Wiberg's version of mg.
lum [Thu, 18 Mar 2021 18:09:21 +0000 (18:09 +0000)]
From Joachim Wiberg's version of mg.

"This patch makes sure to clear the status/echo line after killing and
switching buffers by name.  Otherwise the kill/switch prompt lingers"

3 years agoDo not include ':' in the port number.
tb [Thu, 18 Mar 2021 16:15:19 +0000 (16:15 +0000)]
Do not include ':' in the port number.

ok claudio

3 years agoWhen changing the link local address send a RTM_IFINFO message out.
claudio [Thu, 18 Mar 2021 15:58:58 +0000 (15:58 +0000)]
When changing the link local address send a RTM_IFINFO message out.
Also prefer if (error == 0) over if (!error).
OK florian@ bluhm@

3 years agoDo not call rtm_ifchg() if IFF_UP changed. The code in if_up() and if_down()
claudio [Thu, 18 Mar 2021 15:57:16 +0000 (15:57 +0000)]
Do not call rtm_ifchg() if IFF_UP changed. The code in if_up() and if_down()
already call rtm_ifchg() and so this would just result in a duplicate message.
Noticed by deraadt@. OK florian@ bluhm@

3 years agoLike in the sysctl case include the ifp_sadl as RTA_IFP address in RTM_IFINFO
claudio [Thu, 18 Mar 2021 15:55:19 +0000 (15:55 +0000)]
Like in the sysctl case include the ifp_sadl as RTA_IFP address in RTM_IFINFO
messages. This way userland can detect if the lladdr of an interface was
changed.
OK florian@ bluhm@

3 years agoFail in rsync_base_uri() if the strdup calls fail. Do not bubble this
claudio [Thu, 18 Mar 2021 15:47:10 +0000 (15:47 +0000)]
Fail in rsync_base_uri() if the strdup calls fail. Do not bubble this
error upwards since a NULL return represents a bad-URI.
Diff originally from tb@

3 years agoAvoid NULL access in http_parse_uri()
tb [Thu, 18 Mar 2021 15:40:45 +0000 (15:40 +0000)]
Avoid NULL access in http_parse_uri()

A malformed URI such as "https://[::1/index.html" causes a NULL access
in the hosttail[1] == ":" check.

ok claudio

3 years agoFix SIOCDELLABEL/"ifconfig mpe0 -mplslabel" to unset label completely
kn [Thu, 18 Mar 2021 14:47:17 +0000 (14:47 +0000)]
Fix SIOCDELLABEL/"ifconfig mpe0 -mplslabel" to unset label completely

While the corresponding route gets removed properly, the driver's softc
kept the old label, i.e. "ifconfig mpe0" would show "mpls: label 42"
instead of "mpls: label (unset)" even though it was unset.

OK claudio

3 years agoDocument SIOCDELLABEL, link among MPLS drivers
kn [Thu, 18 Mar 2021 14:22:04 +0000 (14:22 +0000)]
Document SIOCDELLABEL, link among MPLS drivers

Use of the IOCTL section losely adopted from bridge(4),
the list of ioctls however is still incomplete.

mpw(4) and mpip(4) could use a reference to mpe(4) IOCTL or so,
but this is good enough for starters.

Feedback OK claudio

3 years agoDocument "-tunneldomain" and "-mplslabel", complete MPLS synopsis
kn [Thu, 18 Mar 2021 14:16:38 +0000 (14:16 +0000)]
Document "-tunneldomain" and "-mplslabel", complete MPLS synopsis

OK claudio

3 years agoDo not assign the return value from asprintf (int) to a size_t and then
claudio [Thu, 18 Mar 2021 14:08:01 +0000 (14:08 +0000)]
Do not assign the return value from asprintf (int) to a size_t and then
compare it to -1. Instead use a temp variable and assign to bufsz after
the -1 check.
Also add errx() calls after the switch statements in the FSM functions.
OK job@ tb@

3 years agoInitialize rsyncpid and httppid in the noop case. It seem gcc is not able
claudio [Thu, 18 Mar 2021 14:05:44 +0000 (14:05 +0000)]
Initialize rsyncpid and httppid in the noop case. It seem gcc is not able
to realize that the pids are initialized if !noop and not accessed if noop.
OK job@ tb@

3 years agoSince the entity queues are per repo there is no need to store the repo id
claudio [Thu, 18 Mar 2021 14:03:42 +0000 (14:03 +0000)]
Since the entity queues are per repo there is no need to store the repo id
anymore.
OK job@ tb@

3 years agoRemove duplicate prototype.
bluhm [Thu, 18 Mar 2021 11:17:04 +0000 (11:17 +0000)]
Remove duplicate prototype.

3 years agoType-cast getpagesize() from int to size_t for the comparison with d.
claudio [Thu, 18 Mar 2021 11:16:58 +0000 (11:16 +0000)]
Type-cast getpagesize() from int to size_t for the comparison with d.
getpagesize() will only return positive numbers (there is no negative
page size system) and it can not fail.
Should fix some compiler warnings seen in -portable projects.
OK otto@

3 years agoThe ntpd client code corrects both T1 and T4 with the current offset
bluhm [Thu, 18 Mar 2021 11:06:41 +0000 (11:06 +0000)]
The ntpd client code corrects both T1 and T4 with the current offset
returned by adjtime(2) from the kernel.  T1 is local time when the
NTP packet is sent and T4 when the response is received.  If between
these events a NTP reply from another server is received, it may
change the kernel offset with adjtime(2).  Then the calulation of
the client offset was done with different bases, the result was
wrong and the system time started moving around.
So instead of correcting T1 and T4 individually at different events,
correct their sum once.
Error handling was missing if there is no timestamp in the response.
As this should not happen in our kernel, fatal() is appropriate.
tested by weerd@; OK claudio@

3 years agoIn revision 1.91 of uhidev.c, jcs@ made sure to only detach devices
anton [Thu, 18 Mar 2021 09:21:53 +0000 (09:21 +0000)]
In revision 1.91 of uhidev.c, jcs@ made sure to only detach devices
claiming multiple report ids once. This allows uhidpp to piggy back on
the same functionality making uhidev_unset_report_dev() redundant.

3 years agoregen
mvs [Thu, 18 Mar 2021 08:44:59 +0000 (08:44 +0000)]
regen

3 years agoUnlock sendsyslog(2). Console output still requires kernel lock to be
mvs [Thu, 18 Mar 2021 08:43:38 +0000 (08:43 +0000)]
Unlock sendsyslog(2). Console output still requires kernel lock to be
held but this path is only followed while `syslogf' socket is not set.

New `syslogf_rwlock' used to protect `syslogf' access.

ok bluhm@

3 years agoFix previous (1.258). It breaks if localX itself is an object reference.
yasuoka [Thu, 18 Mar 2021 00:17:26 +0000 (00:17 +0000)]
Fix previous (1.258).  It breaks if localX itself is an object reference.
found and test by Rafael Avila de Espindola

ok kettenis

3 years agoWhen devices have claimed multiple report ids, only detach and send
jcs [Wed, 17 Mar 2021 19:44:16 +0000 (19:44 +0000)]
When devices have claimed multiple report ids, only detach and send
DVACT_DEACTIVATE to them once when walking sc_subdevs.

Fixes a regression reported and tested by Edd Barrett.

Input from and previous version ok anton.

3 years agoMake "ifconfig mpw0 -mplslabel" work
kn [Wed, 17 Mar 2021 18:53:25 +0000 (18:53 +0000)]
Make "ifconfig mpw0 -mplslabel" work

Code is there, noone ever used it, I guess.
This makes ifconfig(8) documentation actually hold true.

OK claudio

3 years agoRead ahead is now enforced for DTLS - remove workarounds.
jsing [Wed, 17 Mar 2021 18:11:01 +0000 (18:11 +0000)]
Read ahead is now enforced for DTLS - remove workarounds.

ok inoguchi@ tb@

3 years agoUse consistent s_server_opt_ prefix.
jsing [Wed, 17 Mar 2021 18:09:50 +0000 (18:09 +0000)]
Use consistent s_server_opt_ prefix.

3 years agoAdd DTLSv1.2 support to openssl(1) s_client/s_server.
jsing [Wed, 17 Mar 2021 18:08:32 +0000 (18:08 +0000)]
Add DTLSv1.2 support to openssl(1) s_client/s_server.

ok inoguchi@ tb@

3 years agofix whitespace nit in previous
tb [Wed, 17 Mar 2021 18:04:21 +0000 (18:04 +0000)]
fix whitespace nit in previous

3 years agoUpdate for DTLSv1.2 being enabled.
jsing [Wed, 17 Mar 2021 17:43:31 +0000 (17:43 +0000)]
Update for DTLSv1.2 being enabled.

3 years agoEnable DTLSv1.2.
jsing [Wed, 17 Mar 2021 17:42:53 +0000 (17:42 +0000)]
Enable DTLSv1.2.

This means that the DTLS_method() will now use DTLSv1.2 rather than DTLSv1.
Additional DTLSv1.2 related symbols and defines will be made publicly
visible in the near future.

ok inoguchi@ tb@

3 years agoUpdate for DTLSv1.2 version handling.
jsing [Wed, 17 Mar 2021 17:23:42 +0000 (17:23 +0000)]
Update for DTLSv1.2 version handling.

3 years agoAdd support for DTLSv1.2 version handling.
jsing [Wed, 17 Mar 2021 17:22:37 +0000 (17:22 +0000)]
Add support for DTLSv1.2 version handling.

This teaches the version functions that handle protocol versions about
DTLSv1.2 and the SSL_OP_NO_DTLS* options. We effectively convert between
TLS and TLS protocol versions where necessary.

ok inoguchi@ tb@

3 years agoList the Qu-c0-hr-b0-48 firmware image in the iwx(4) man page.
stsp [Wed, 17 Mar 2021 16:01:21 +0000 (16:01 +0000)]
List the Qu-c0-hr-b0-48 firmware image in the iwx(4) man page.

3 years agoMake iwx(4) attach to AX201 devices with PCI ID 0x34f0.
stsp [Wed, 17 Mar 2021 15:59:27 +0000 (15:59 +0000)]
Make iwx(4) attach to AX201 devices with PCI ID 0x34f0.

Requires Qu-c0-hr-b0-48 firmware which is available via fw_update(1).

Patch by Fredrik Engberg

3 years agoregen
stsp [Wed, 17 Mar 2021 15:58:51 +0000 (15:58 +0000)]
regen

3 years agoAdd another iwx(4) PCI device ID.
stsp [Wed, 17 Mar 2021 15:58:38 +0000 (15:58 +0000)]
Add another iwx(4) PCI device ID.
Based on a patch by Fredrik Engberg

3 years agoMake iwn(4) send block ack request frames with the firmware node
stsp [Wed, 17 Mar 2021 15:34:21 +0000 (15:34 +0000)]
Make iwn(4) send block ack request frames with the firmware node
which represents the AP, rather than the firmware's broadcast node.

Fixes a problem where firmware would generate bogus block ack requests
with a wrong starting sequence number, shifting the receiver's block ack
window out of sync with that of the firmware. Traffic would stall until
enough frames were sent to wrap sequence numbers of the block ack window.

ok chris@ kmos@

3 years agoSplit off init_ifaces from update_iface. init_ifaces discovers the
florian [Wed, 17 Mar 2021 15:24:04 +0000 (15:24 +0000)]
Split off init_ifaces from update_iface. init_ifaces discovers the
state of the machine on startup using ioctl(2) and getifaddrs(3).
We can then update this state with information provided by route
messages. We still need getifaddrs(3) to check if the layer 2 address
has changed.

This simplifies error handling (what should we do if ioctl(2) fails?),
reduces kernel round trips (no need to ask the kernel again for
information RTM_IFINFO provided already) and prevents a theoretical
race between RTM_IFINFO and getaddrinfo(3).

In a fast link state UP -> DOWN -> UP transition RTM_IFINFO informs us
that the link went down but we were not using this information but
rather looked at getifaddrs(3) information which might see the link as
already up again. We would then do nothing while we should try to get
a new lease.

By storing all interface information in the frontend process we can
skip imsgs to the engine process if we get an RTM_IFINFO without
relevant changes for us.

3 years agoUse correct rdomain when adding/deleting routes
kn [Wed, 17 Mar 2021 14:30:08 +0000 (14:30 +0000)]
Use correct rdomain when adding/deleting routes

mpip(4) always adds and deletes routes in rdomain 0 regardless of the
`tunneldomain', i.e. the `sc_rdomain' value.

mpw(4) adds routes with the specified rdomain but always deletes them
in rdomain 0.

mpe(4) consistently uses the softc's rdomain which is tracked
consistently across the various ioctls -- no fix needed.

Found while reading the code and testing ifconfig(8)'s "tunneldomain" in
order to document MPLS ioctls.

OK claudio

3 years agoFix bit position of ORPHAN in PS_BITS.
visa [Wed, 17 Mar 2021 14:06:54 +0000 (14:06 +0000)]
Fix bit position of ORPHAN in PS_BITS.

3 years agoAdd missing memory clobbers to "data" barriers.
kettenis [Wed, 17 Mar 2021 12:03:40 +0000 (12:03 +0000)]
Add missing memory clobbers to "data" barriers.

3 years agoHide kernel internals from userland by wrapping more bits in _KERNEL blocks.
claudio [Wed, 17 Mar 2021 09:05:42 +0000 (09:05 +0000)]
Hide kernel internals from userland by wrapping more bits in _KERNEL blocks.
Especially the includes of net/rtable.h and sys/queue.h are problematic.
OK florian@

3 years agoNetstat wants to access kernel internal structures for the kvm walker of
claudio [Wed, 17 Mar 2021 09:03:51 +0000 (09:03 +0000)]
Netstat wants to access kernel internal structures for the kvm walker of
the routing table.  Define _KERNEL around the net/route.h include.
OK florian@

3 years agoAlways use an allocated buffer for {Read,Write}Blocks() to make
yasuoka [Wed, 17 Mar 2021 05:41:34 +0000 (05:41 +0000)]
Always use an allocated buffer for {Read,Write}Blocks() to make
efid_io() simpler.  Also fixes the problem on some machines when boot
from CD-ROM.  It happened because the previous version passed
unaligned pointers to the functions even if it is restricted by the
IoAlign property of the media.  idea from kettenis, work with asou

ok kettenis

3 years agoAdd 'grp31' alias for curve25519 as documented in iked.conf(5).
tobhe [Tue, 16 Mar 2021 22:50:52 +0000 (22:50 +0000)]
Add 'grp31' alias for curve25519 as documented in iked.conf(5).

3 years agoNode without a "status" property should be considered enabled as well.
kettenis [Tue, 16 Mar 2021 22:08:55 +0000 (22:08 +0000)]
Node without a "status" property should be considered enabled as well.

Same change made to arm64 a week ago.

3 years agoMake sure that switching the console from serial to framebuffer works
kettenis [Tue, 16 Mar 2021 22:02:27 +0000 (22:02 +0000)]
Make sure that switching the console from serial to framebuffer works
for framebuffer nodes under / and /chosen.

Same change made to arm64 last month.

3 years agoNuke unused time_t variable.
krw [Tue, 16 Mar 2021 20:21:54 +0000 (20:21 +0000)]
Nuke unused time_t variable.

3 years agoMove setifrtlabel() and *keepalive() prototypes out of SMALL
kn [Tue, 16 Mar 2021 19:24:36 +0000 (19:24 +0000)]
Move setifrtlabel() and *keepalive() prototypes out of SMALL

Those commands are not supported under SMALL;  unless I overlooked others,
this should be the last bit to declare all prototypes correctly wrt. SMALL
(the overall unsorted order of both prototypes and commands makes this hard
to spot).

No object change, with and without SMALL.

3 years agosync to unbound 1.13.1; heavy lifting by sthen
florian [Tue, 16 Mar 2021 18:38:05 +0000 (18:38 +0000)]
sync to unbound 1.13.1; heavy lifting by sthen

3 years agoacpi_intr_disestablish() should free its own cookie.
patrick [Tue, 16 Mar 2021 18:31:16 +0000 (18:31 +0000)]
acpi_intr_disestablish() should free its own cookie.

ok kettenis@

3 years agoBump MAXTSIZ to 256MB on i386.
kurt [Tue, 16 Mar 2021 18:04:16 +0000 (18:04 +0000)]
Bump MAXTSIZ to 256MB on i386.

okay deraadt@

3 years agoOn i386 don't attempt to map shared libraries in low memory when
kurt [Tue, 16 Mar 2021 18:03:06 +0000 (18:03 +0000)]
On i386 don't attempt to map shared libraries in low memory when
a large executable's .text section crosses the 512MB exec line.

Executables that have MAXTSIZ > 64MB can map above the default
512MB exec line. When this happens, shared libs that attempt to map
into low memory will find their .data section can not be mapped. ld.so
will attempt to remap the share lib at higher addresses until it can be
mapped. For very large executables like chrome this process is very
time consuming. This change detects how much of the executable's
.text section exceeds 512MB and uses that as the initial hint for
shared libs to map into which avoids attempting to map into blocked
memory.

okay deraadt@

3 years agoDon't (try to) deconfigure an interface that was never configured.
florian [Tue, 16 Mar 2021 17:40:28 +0000 (17:40 +0000)]
Don't (try to) deconfigure an interface that was never configured.

3 years agoWe can't learn anything interesting from RTM_NEWADDR, stop handling
florian [Tue, 16 Mar 2021 17:39:15 +0000 (17:39 +0000)]
We can't learn anything interesting from RTM_NEWADDR, stop handling
it.

3 years agohandle theoretical case of sigfillsz not being pow2-sized on some
deraadt [Tue, 16 Mar 2021 16:32:22 +0000 (16:32 +0000)]
handle theoretical case of sigfillsz not being pow2-sized on some
architecture.
from miod

3 years agoDescribe what happens when RFC 4638 is not supported.
millert [Tue, 16 Mar 2021 13:53:39 +0000 (13:53 +0000)]
Describe what happens when RFC 4638 is not supported.
With help from sthen@.  OK sthen@ jmc@

3 years agoFix some correctness issues in the lowelevel kernel bringup code.
kettenis [Tue, 16 Mar 2021 10:57:47 +0000 (10:57 +0000)]
Fix some correctness issues in the lowelevel kernel bringup code.

- Make sure we install a dummy page table in TTBR0_EL1 before we change
  the size of the VA space in TCR_EL1.

- Flush the TLB after updating TCR_EL1.

- Flush TLB after installing the real kernel page table in TTBR1_EL1.

- Add some barriers around TLB flushes to make it consistent with
  other places where we do TLB flushes.

ok drahn@, patrick@

3 years agoAdd client-detached notification in control mode, from Mohsin Kaleem.
nicm [Tue, 16 Mar 2021 09:14:58 +0000 (09:14 +0000)]
Add client-detached notification in control mode, from Mohsin Kaleem.

3 years agoDo not delete control socket upon exit
kn [Tue, 16 Mar 2021 09:00:43 +0000 (09:00 +0000)]
Do not delete control socket upon exit

The control socket is not unveiled, therefore accounting would report
unveil violations whenever apmd(8) stopped (normally).

As discussed and done with other daemons such as relayd which also employ
no pledge (due to inherent limitations) but unveil effecting all of /,
simply stop removing the socket upon exit and leave it to the next apmd
which completely sets up its control socket anew at startup.

Violations reported by anton
Feedback OK semarie mestre

3 years agoA socket buffer is not the best size to read from a disk.
otto [Tue, 16 Mar 2021 06:44:14 +0000 (06:44 +0000)]
A socket buffer is not the best size to read from a disk.
Use st_blksize to set high water mark; florian@

3 years agodon't let logging clobber errno before use
djm [Tue, 16 Mar 2021 06:15:43 +0000 (06:15 +0000)]
don't let logging clobber errno before use

3 years agoAdd code to acpiiort(4) to look up named components in the IORT and
patrick [Mon, 15 Mar 2021 22:56:48 +0000 (22:56 +0000)]
Add code to acpiiort(4) to look up named components in the IORT and
map them.  This makes ACPI's call to acpi_iommu_device_map() do work
through acpiiort(4).

ok kettenis@

3 years agoChange API of acpiiort(4). It was written as a hook before, taking the
patrick [Mon, 15 Mar 2021 22:48:57 +0000 (22:48 +0000)]
Change API of acpiiort(4).  It was written as a hook before, taking the
PCI attach args and replacing the DMA tag inside.  Our other IOMMU API
though takes a DMA tag and returns the old one or a new one.  To have
acpiiort(4) integrate better with non-PCI ACPI devices, change the API
so that it is more similar to the other API.  This also makes the code
easier to understand.

ok kettenis@

3 years agoAdd acpi_iommu_device_map(), which replaces the DMA tag with one that
patrick [Mon, 15 Mar 2021 22:44:57 +0000 (22:44 +0000)]
Add acpi_iommu_device_map(), which replaces the DMA tag with one that
is blessed with IOMMU magic, if available.  This is mainly for arm64,
since on amd64 and i386 the IOMMU only captures PCIe devices, as far
as I know, which uses the pci_probe_device_hook().  This though is for
non-PCI devices attached through ACPI.

ok kettenis@

3 years agoAdd the IORT structure for named components. These give us the stream ids
patrick [Mon, 15 Mar 2021 22:40:23 +0000 (22:40 +0000)]
Add the IORT structure for named components.  These give us the stream ids
used towards an smmu(4) for non-PCI devices.  The references are provided
as ASCII printable paths.

ok kettenis@