mpi [Wed, 8 Sep 2021 15:34:01 +0000 (15:34 +0000)]
Revert a chunk committed by inadvertence in my last fix.
tb [Wed, 8 Sep 2021 14:33:02 +0000 (14:33 +0000)]
Fix leak in cms_RecipientInfo_kekri_decrypt()
Free ec->key before reassigning it.
From OpenSSL 1.1.1,
58e1e397
ok inoguchi
dv [Wed, 8 Sep 2021 13:29:51 +0000 (13:29 +0000)]
btrace(8): add initial support for cli arguments
This adds initial support for passing cli args to btrace(8) for use
in bt(5) scripts. Similar to bpftrace, they are referenced via $1,
$2, etc. with $# being the number of command line arguments provided.
Adds an initial regress test and a Makefile change to allow providing
arguments to regress tests in a .args file.
Currently no limit is imposed on the number of arguments, keeping
a similar approach as observed in bpftrace. References to undefined
arguments result in a new "nil" type that contextually acts as a
zero or empty string. More work can be done here to improve bpftrace
compatibility.
ok mpi@, jasper@
kn [Wed, 8 Sep 2021 13:16:53 +0000 (13:16 +0000)]
Backout "Merge sysupgrade watchdog and prompt timeout code"
(commitid 0SH0ijktpPPcSctj)
"/autoinstall[2697]: start_timeout: not found" during non-interactive
upgrade, e.g. sysupgrade(8).
Reported by Joel Carnat <joel at carnat dot net>, thanks.
stsp [Wed, 8 Sep 2021 13:06:53 +0000 (13:06 +0000)]
Add a missing call to iwx_ctxt_info_free_fw_img() in an error path
of iwx_ctxt_info_init() which should always free on error.
Also, free firmware paging DMA memory in case loading firmware has failed.
If we don't free paging on error we hit KASSERT(dram->paging == NULL)
in iwx_init_fw_sec() once we try to load firmware again. I have hit
this while debugging firmware load failures during suspend/resume.
ok mpi@
stsp [Wed, 8 Sep 2021 13:06:23 +0000 (13:06 +0000)]
Make iwm(4) and iwx(4) raise IPL to splnet() while loading firmware.
ok mpi@
tb [Wed, 8 Sep 2021 12:56:14 +0000 (12:56 +0000)]
Prepare to provide SSL_get_tlsext_status_type()
Needed for nginx-lua to build with opaque SSL.
ok inoguchi jsing
tb [Wed, 8 Sep 2021 12:32:07 +0000 (12:32 +0000)]
Prepare to provide SSL_set0_rbio()
This is needed for telephony/coturn and telephony/resiprocate to compile
without opaque SSL.
ok inoguchi jsing
tb [Wed, 8 Sep 2021 12:19:17 +0000 (12:19 +0000)]
Prepare to provide BN_bn2{,le}binpad() and BN_lebin2bn()
As found by jsg and patrick, this is needed for newer uboot and
will also be used in upcoming elliptic curve work.
This is from OpenSSL 1.1.1l with minor style tweaks.
ok beck inoguchi
stsp [Wed, 8 Sep 2021 11:40:30 +0000 (11:40 +0000)]
Improve debug output when sending 802.11 action frames by showing the
action frame subtypes we care about (i.e. those related to 11n block ack).
ok mpi@
tobhe [Wed, 8 Sep 2021 11:38:39 +0000 (11:38 +0000)]
Print correct RTP_PROPOSAL types with 'unwindctl status autoconf'.
Feedback and ok florian@
stsp [Wed, 8 Sep 2021 11:35:08 +0000 (11:35 +0000)]
Let iwm(4) and iwx(4) sleep for 1 second while loading firmware.
Sleeping for 1 second matches what iwn(4) does. Fixes issues where loading
firmware failed for bogus reasons. I could trigger this failure on AX200
with suspend/resume but it was not inherently specific to suspend/resume.
The previous code was looping over tsleep(9) in steps of 100msec.
This could lead to a race where the firmware's alive interrupt fired between
the endtsleep() timeout handler, which marks the sleep timeout as expired,
and sleep_finish(), which reschedules the sleeping thread. The driver would
see EWOULDBLOCK and report an error even though loading firmware did succeed.
ok mpi@
job [Wed, 8 Sep 2021 10:49:34 +0000 (10:49 +0000)]
Replace bare ; with continue;
OK tb@
job [Wed, 8 Sep 2021 09:49:24 +0000 (09:49 +0000)]
Fix indentation of comments and labels
OK tb@
djm [Wed, 8 Sep 2021 03:23:44 +0000 (03:23 +0000)]
correct my mistake in previous fix; spotted by halex
benno [Tue, 7 Sep 2021 19:35:41 +0000 (19:35 +0000)]
document that SFP modules work in SFP+ cards.
change the title to show speeds of 100 and 1Gb too.
ok sthen@
mpi [Tue, 7 Sep 2021 19:31:56 +0000 (19:31 +0000)]
Hook new tests.
mpi [Tue, 7 Sep 2021 19:30:44 +0000 (19:30 +0000)]
Check that clear() and zero() only work with map.
mpi [Tue, 7 Sep 2021 19:29:12 +0000 (19:29 +0000)]
Check that map/hist functions are called with the right argument.
Change the parser to make clear() and zero() accept only local and
global variables as arguments.
Since the parser has no knowledge of the type of a variable abort
the execution if clear() or zero() are being called with something
other than a map or hist.
Fix assertions found by jasper@ with AFL++ (port coming soon!).
ok jasper@
mpi [Tue, 7 Sep 2021 19:20:22 +0000 (19:20 +0000)]
Test that syntax errors do not trigger sanity checks.
mpi [Tue, 7 Sep 2021 19:18:08 +0000 (19:18 +0000)]
Return early if a parsing error has been found and do not perform any
sanity check as they might obviously fail.
Fix an assert found by jasper@ with AFL++ (port coming soon!).
ok jasper@
semarie [Tue, 7 Sep 2021 17:39:49 +0000 (17:39 +0000)]
clang: add a new warning for %n format specifier usage in printf(3) family functions
ok deraadt@
different versions tested by jca@ naddy@ sthen@
schwarze [Tue, 7 Sep 2021 17:05:30 +0000 (17:05 +0000)]
Fix an infinite loop that could occur during some cases of horizontally
overlapping horizontal spans. One span would calculate a desired
target width and start preparations for applying it to some columns,
then the other span would overwrite the target width with a different
value and also start preparations for applying that one to some
columns, which could sometimes confuse the code doing the final
distribution to the point of not doing anything at all before
entering the next iteration.
Fix this by making sure the distribution is done step by step, doing
one step at a time rather than allowing multiple steps to conflict.
Specifically, always do the smallest useful step first. This change
also simplifies the code. For example, the local "colwidth" array
is no longer needed.
Note that the algorithm still differs from the one implemented in
GNU tbl(1), which appears to not even try to harmonize column widths
but seems to simply distribute the same amount to all constituent
columns, no matter whether their intrinsic width is narrow or wide.
Adopting a GNU-compatible algorithm might allow further simplifiction
in addition to yielding even more similar output, but i do not want
to implement any major changes of the algorithm at this time.
The infinite loop was reported by <Oliver dot Corff at email dot de>.
job [Tue, 7 Sep 2021 16:50:54 +0000 (16:50 +0000)]
Replace (&(x)) pattern with &x
No functional changes.
OK tb@
mvs [Tue, 7 Sep 2021 16:07:46 +0000 (16:07 +0000)]
Fix NULL pointer dereference introduced by previous commit.
Reported-by: syzbot+684597dbbb9b516e76ae@syzkaller.appspotmail.com
ok mpi@
schwarze [Tue, 7 Sep 2021 14:50:56 +0000 (14:50 +0000)]
Correctly calculate required column widths for tables containing
cells that horizontally span columns which contains "n" (number)
formatted cells on other rows. This requires updating total column
widths from "n" formatted cells before starting width distribution
from the spanning cells to their constituent columns.
tobhe [Tue, 7 Sep 2021 14:09:04 +0000 (14:09 +0000)]
Fix leak of msg_cert.id_buf. ikev2_msg_cleanup() frees id_buf if we
don't delete the pointer.
ok markus@
tobhe [Tue, 7 Sep 2021 14:06:23 +0000 (14:06 +0000)]
Fix leak of m if message initialization fails.
ok markus@
jcs [Tue, 7 Sep 2021 13:46:07 +0000 (13:46 +0000)]
Retry up to 3 times on password authentication failure
ok martijn
support from various
schwarze [Tue, 7 Sep 2021 11:47:42 +0000 (11:47 +0000)]
we already parse the GNU tbl(7) "nospaces" option,
so let it have the intended effect, too
bluhm [Tue, 7 Sep 2021 11:10:28 +0000 (11:10 +0000)]
Regress targets for PROGS are created by default now. Do not run
the program rde_trie_test without a parameter. Create separate
tests for each option.
OK claudio@
schwarze [Tue, 7 Sep 2021 10:58:44 +0000 (10:58 +0000)]
do not crash when a tbl(7) cell uses roman font
job [Tue, 7 Sep 2021 10:24:51 +0000 (10:24 +0000)]
KNF
OK tb@ jsing@ beck@
martijn [Tue, 7 Sep 2021 10:09:28 +0000 (10:09 +0000)]
The trap receiver syntax changed.
Pointed out by and OK bluhm@
mvs [Tue, 7 Sep 2021 09:56:00 +0000 (09:56 +0000)]
Fix the race between if_detach() and rtm_output().
When the dying network interface descriptor has if_get(9) obtained
reference owned by foreign thread, the if_detach() thread will sleep
just after it removed this interface from the interface index map.
The data related to this interface is still in routing table, so
if_get(9) called by concurrent rtm_output() thread will return NULL and
the following "ifp != NULL" assertion will be triggered.
So remove the "ifp != NULL" assertions from rtm_output() and try to grab
`ifp' as early as possible then hold it until we finish the work. In the
case we won the race and we have `ifp' non NULL, concurrent if_detach()
thread will wait us. In the case we lost we just return ESRCH.
The problem reported by danj@.
Diff tested by danj@.
ok mpi@
denis [Tue, 7 Sep 2021 06:48:42 +0000 (06:48 +0000)]
synchronize tcpdump.8 and pcap-filter.5 primitives documentation
reads ok to jmc@
good enough start for deraadt@
djm [Tue, 7 Sep 2021 06:03:51 +0000 (06:03 +0000)]
avoid NULL deref in -Y find-principals. Report and fix from
Carlo Marcelo Arenas Belón
tb [Mon, 6 Sep 2021 20:52:59 +0000 (20:52 +0000)]
The default Ruby has switched to 3.0
patrick [Mon, 6 Sep 2021 19:55:27 +0000 (19:55 +0000)]
Accompany some functions wich are marked inline with the static keyword
to make the arm64 kernel link when compiled with -fno-inline.
ok kettenis@ mpi@
deraadt [Mon, 6 Sep 2021 13:37:50 +0000 (13:37 +0000)]
we do not build binaries -g by default
deraadt [Mon, 6 Sep 2021 13:32:18 +0000 (13:32 +0000)]
repair missing paths on unveil failure
tobhe [Mon, 6 Sep 2021 13:29:17 +0000 (13:29 +0000)]
Fix leaks in vroute addr and route caches.
ok patrick@
mpi [Mon, 6 Sep 2021 12:59:59 +0000 (12:59 +0000)]
Serialize access to the global list of pmaps with a mutex.
This prevents possible corruption due to a concurrent access between
pmap_growkernel() & pmap_create/pmap_destroy().
Discussed with and ok kettenis@
deraadt [Mon, 6 Sep 2021 08:03:08 +0000 (08:03 +0000)]
document EFAULT, and replace all 'It Er' errno with 'It Bq Er'
millert [Mon, 6 Sep 2021 00:36:01 +0000 (00:36 +0000)]
revision 1.381 neglected to remove sChallengeResponseAuthentication
from the enum. Noticed by christos@zoulas.com. OK dtucker@
dv [Sun, 5 Sep 2021 16:36:34 +0000 (16:36 +0000)]
vmm(4): raise vm pool ipl to IPL_MPFLOOR
Similar to the recent change by mpi in revision 1.288, commitid:
A4zhVhOoHAIpRGBJ, raise the ipl level of the vm_pool to IPL_MPFLOOR
to prevent lock ordering issues.
ok mpi@
mglocker [Sun, 5 Sep 2021 16:16:13 +0000 (16:16 +0000)]
This allows us to disable usb(4) without kernel crash.
ok mpi@
dv [Sun, 5 Sep 2021 13:13:31 +0000 (13:13 +0000)]
vmm(4): fix vcpu locking issues reported by syzbot
Syzbot found 3 issues related to the new vcpu lock. This diff adds
a write lock to vm_rwregs (needed on VMX as vmread instructions
require taking ownership of the vcpu to load the VMCS) and prevents
locking the vcpu in vm_run if we fail the cas operation for toggling
vcpu state.
In the future, we can push the locking in vm_rwregs on AMD SVM
systems.
The panics in question:
panic: rw_enter: vcpulock locking against myself
panic: lock (rwlock) vcpulock not locked
panic: vcpulock: lock not held
Reported-by: syzbot+1dab11e14aa7a159cadf@syzkaller.appspotmail.com
Reported-by: syzbot+36244e105daffa1a81b6@syzkaller.appspotmail.com
Reported-by: syzbot+c78b5644c7dc3d9b689a@syzkaller.appspotmail.com
ok mlarkin@
mpi [Sun, 5 Sep 2021 11:44:46 +0000 (11:44 +0000)]
Introduce dummy pagers for 'special' subsystems using UVM objects.
Some pmaps (x86, hppa) and the buffer cache rely on UVM objects to allocate
and manipulate pages. These objects should not be manipulated by uvm_fault()
and do not currently require the same locking enforcement.
Use the dummy pagers to explicitly document which UVM functions are meant to
manipulate UVM objects (uobj) that do not need the upcoming `vmobjlock' and
instead still rely on the KERNEL_LOCK().
Tested by many as part of a larger diff.
ok kettenis@, beck@
job [Sun, 5 Sep 2021 10:45:40 +0000 (10:45 +0000)]
Include encoding.c
Thanks patrick@
mpi [Sun, 5 Sep 2021 10:14:11 +0000 (10:14 +0000)]
Clear map to not double print it now that map & hist are printed by default.
mpi [Sun, 5 Sep 2021 07:59:47 +0000 (07:59 +0000)]
Pass `uobj' to uvmfault_unlockall() at the end of the fault handler.
This is currently a NOOP but will become necessary to unlock the UVM
object with the upcoing "vmobjlock" diff.
Tested by patrick@ and robert@
ok jsg@
jmc [Sun, 5 Sep 2021 06:16:30 +0000 (06:16 +0000)]
new sentence, new line, and tweak wording of previous;
inoguchi [Sun, 5 Sep 2021 04:05:14 +0000 (04:05 +0000)]
Remove unused variable tmptm in do_body of openssl(1) ca
inoguchi [Sun, 5 Sep 2021 01:55:54 +0000 (01:55 +0000)]
Using serial number instead as subject if it is empty in openssl(1) ca
This allows multiple entries without a subject even if unique_subject == yes.
Referred to OpenSSL commit
5af88441 and arranged for our codebase.
ok tb@
inoguchi [Sun, 5 Sep 2021 01:49:42 +0000 (01:49 +0000)]
Check extensions before setting version to v3
Referred to OpenSSL commit
4881d849 and arranged for our codebase.
comment and ok from tb@
inoguchi [Sun, 5 Sep 2021 01:33:18 +0000 (01:33 +0000)]
Use accessor method rather than direct X509 structure access
Referred to OpenSSL commit
a8d8e06b and arranged for our codebase.
comment and ok from tb@
deraadt [Sat, 4 Sep 2021 23:58:54 +0000 (23:58 +0000)]
sync
schwarze [Sat, 4 Sep 2021 22:37:26 +0000 (22:37 +0000)]
during prioritization for man(1), correctly extract the section name
from the file name extension of gzipped manual page files; bug found
on Alpine Linux by Soeren Tempel <soeren at soeren hyphen tempel dot net>,
who also tested this patch
bluhm [Sat, 4 Sep 2021 22:15:33 +0000 (22:15 +0000)]
To mitigate against spectre attacks, AMD processors without the
IBRS feature need an lfence instruction after every near ret. Place
them after all functions in the kernel which are implemented in
assembler. Change the retguard macro so that the end of the lfence
instruction is 16-byte aligned now. This prevents that the ret
instruction is at the end of a 32-byte boundary. The latter would
cause a performance impact on certain Intel processors which have
a microcode update to mitigate the jump conditional code erratum.
See software techniques for managing speculation on AMD processors
revision 9.17.20 mitigation G-5.
See Intel mitigations for jump conditional code erratum revision
1.0 november 2019 2.4 software guidance and optimization methods.
OK deraadt@ mortimer@
schwarze [Sat, 4 Sep 2021 20:24:40 +0000 (20:24 +0000)]
mdoc(7): improve output of .At 32v
The official designation by AT&T was "UNIX/32V", so use that in the output.
That also makes sense because "system/architecture" is a widespread
convention to refer to the port of an operating system to a specific
architecture, in this case 32V (32bit DEC VAX).
The former wording "Version 32V AT&T UNIX" was misleading
because 32V is not a version number.
Even though UNIX/32V was not officially designated as Version 7 by AT&T,
prepend "Version 7" because it was in fact a straightforward port of
Version 7 AT&T UNIX. That makes it easier to understand for 21st
century readers of manual pages.
Suggested by nabijaczleweli at nabijaczleweli dot xyz.
Same change as in GNU troff commit
21d30728.
OK G dot Branden dot Robinson at gmail dot com (gbranden@ in groff)
schwarze [Sat, 4 Sep 2021 19:21:39 +0000 (19:21 +0000)]
delete a stray word reported by wilfried dot meindl at gmail dot com;
while here, delete the redundant word "will" right in front of it, too
jsing [Sat, 4 Sep 2021 16:26:12 +0000 (16:26 +0000)]
Factor out the TLSv1.3 code that handles content from TLS records.
Currently, the plaintext content from opened TLS records is handled via
the rbuf code in the TLSv1.3 record layer. Factor this out and provide a
separate struct tls_content, which knows how to track and manipulate the
content.
This makes the TLSv1.3 code cleaner, however it will also soon also be used
to untangle parts of the legacy record layer.
ok beck@ tb@
beck [Sat, 4 Sep 2021 15:21:45 +0000 (15:21 +0000)]
Refactor ssl_update_cache. This now matches the logic used for TLS 1.3
in Openssl 1.1.1 for when to call the session callbacks. I believe it
to also generates a lot less eye bleed, confirmed by tb@
ok jsing@ tb@
jsing [Sat, 4 Sep 2021 14:31:54 +0000 (14:31 +0000)]
Improve DTLS hello request handling code.
Rather than manually checking multiple bytes, actually parse the DTLS
handshake message header, then check the values against what we parsed.
ok inoguchi@ tb@
jsing [Sat, 4 Sep 2021 14:24:28 +0000 (14:24 +0000)]
Change dtls1_get_message_header() to take a CBS.
The callers know the actual length and can initialise a CBS correctly.
ok inoguchi@ tb@
jsing [Sat, 4 Sep 2021 14:15:52 +0000 (14:15 +0000)]
Improve DTLS record header parsing.
Rather than pulling out the epoch and then six bytes of sequence number,
pull out SSL3_SEQUENCE_SIZE for the sequence number, then pull the epoch
off the start of the sequence number.
ok inoguchi@ tb@
schwarze [Sat, 4 Sep 2021 12:47:04 +0000 (12:47 +0000)]
In the fallback code to look for manual pages without using mandoc.db(5),
accept files "man<one-digit-section>/<name>.<full-section>"
in addition the already supported "man<full-section>/name.[01-9]*".
Needed for example on Alpine Linux which puts its Perl manuals
into "man3/<name>.3pm" and the POSIX manuals into "man3/<name>.3p".
While here, allow the glob(3) at the end of fs_lookup() to add multiple
matches to the result set. This improves man -w output and may also
help some cases of plain man(1), allowing main() to prioritize properly
rather than fs_lookup() picking a random match.
None of this really matters for standard manpaths on OpenBSD because
both base system and ports developers are highly disciplined about
putting manual pages into properly named files and directories, but
even on OpenBSD, it may help to access some raw, unported third-party
manual page trees.
Issue reported and patch tested
by Soeren Tempel <soeren at soeren hyphen tempel dot net>.
jmatthew [Sat, 4 Sep 2021 12:11:45 +0000 (12:11 +0000)]
Add uaq(4), a driver for Aquantia AQC111U/AQC112U USB ethernet devices.
hardware provided by Brad
tested with modest success by mlarkin@, kevlo@ and Brad
ok kevlo@
schwarze [Sat, 4 Sep 2021 11:58:31 +0000 (11:58 +0000)]
* avoid the misleading wording "second kill signal"
* simplify and shorten EXIT STATUS, no change with respect to the meaning
* cut down HISTORY to the usual amount of information
feedback deraadt@ and jmc@; OK deraadt@; OK jmc@ on an earlier version
schwarze [Sat, 4 Sep 2021 11:49:11 +0000 (11:49 +0000)]
* more specific error messages
* no need to check suffix != NULL twice in a row
* style: *(suffix + 1) -> suffix[1]
feedback & OK deraadt@
mglocker [Sat, 4 Sep 2021 10:19:28 +0000 (10:19 +0000)]
Revert list_move() to list_move_tail() change from last commit since it
turned out that it has a negative impact to isoc transfers timing with our
driver implementation.
jasper [Sat, 4 Sep 2021 07:13:14 +0000 (07:13 +0000)]
in backtraces, print as many arguments as the function actually has
since amd64 is compiled with -msave-args we have all arguments available to print and
there's no reason to limit this to six.
discussed with kettenis@
mbuhl [Sat, 4 Sep 2021 07:06:58 +0000 (07:06 +0000)]
Disable tests that don't work in bluhms regress framework.
bluhm [Fri, 3 Sep 2021 23:57:30 +0000 (23:57 +0000)]
Make sure that strings passed to printline() are always NUL terminated.
There was a corner case with a very long message received over TCP
or TLS where this was not clear. Force a '\0' where this line is
truncated.
OK martijn@ deraadt@
job [Fri, 3 Sep 2021 23:30:42 +0000 (23:30 +0000)]
Add X509 Extensions for IP Addresses and AS Identifiers
(subordinate code paths are include guarded)
OK tb@
schwarze [Fri, 3 Sep 2021 16:51:47 +0000 (16:51 +0000)]
* add the missing STANDARDS section as noticed by tb@
* mention that the *optionp input string will be modified
* clarify that the array of tokens is expected to be NULL-terminated
OK millert@ tb@, and the first half of STANDARDS also OK jmc@
jasper [Fri, 3 Sep 2021 16:45:44 +0000 (16:45 +0000)]
add kprobes provider for dt
this allows us to dynamically trace function boundaries with btrace by patching
prologues and epilogues with a breakpoint upon which the handler records the data,
sends it back to userland for btrace to consume.
currently it's hidden behind DDBPROF, and there is still a lot to cleanup and
improve, but basic scripts that observe return codes from a probed function
work.
from Tom Rollet, with various changes by me
feedback and ok mpi@
bluhm [Fri, 3 Sep 2021 16:28:33 +0000 (16:28 +0000)]
Use a define for the iov array size in syslogd. This is better
than passing the magic number 6 around and checking at runtime
whether its fits.
OK deraadt@ martijn@ mvs@
fcambus [Fri, 3 Sep 2021 16:11:45 +0000 (16:11 +0000)]
Allow the compiler driver to link the libclang_rt.profile library.
With this change, passing -fprofile-instr-generate -fcoverage-mapping
when building programs will attempt linking against libclang_rt.profile.a.
Please note that we do not ship the library yet.
OK jca@
jca [Fri, 3 Sep 2021 14:58:25 +0000 (14:58 +0000)]
Zap a chatty printf
ok mlarkin@ kettenis@
patrick [Fri, 3 Sep 2021 14:53:09 +0000 (14:53 +0000)]
It's time to enable smmu(4).
ok kettenis@ some time ago
tb [Fri, 3 Sep 2021 14:50:36 +0000 (14:50 +0000)]
Implement a -h option that allows specifying a target host that
will be passed to the test scripts.
jca [Fri, 3 Sep 2021 14:13:06 +0000 (14:13 +0000)]
Don't pretend we support PT_STEP on this architecture.
The RISC-V doesn't seem to provide hardware support for generic purpose
single stepping, and we're not emulating single stepping for riscv64
like we do for alpha or mips64. Hiding PT_STEP makes it possible to run
inferior processes with a wip ports/devel/gdb update.
ok kettenis@
jca [Fri, 3 Sep 2021 14:09:26 +0000 (14:09 +0000)]
Enable ptrace(2) support for PT_GETFPREGS/PT_SETFPREGS
The code is already there, it was unreachable because of this #if 0.
ok kettenis@
patrick [Fri, 3 Sep 2021 14:04:35 +0000 (14:04 +0000)]
Make virtio(4) less restrictive on the type of BAR it supports for
legacy versions. The current version of Parallels on M1 seems to
not provide the I/O BAR that we expect, and reducing our expectations
seems to be help.
ok kettenis@
tb [Fri, 3 Sep 2021 13:26:20 +0000 (13:26 +0000)]
Now that the issue is fixed, enable test-extensions.py
jsing [Fri, 3 Sep 2021 13:19:12 +0000 (13:19 +0000)]
Use SSL3_HM_HEADER_LENGTH instead of the magic number 4.
ok beck@
jsing [Fri, 3 Sep 2021 13:18:17 +0000 (13:18 +0000)]
Ensure that a server hello does not have trailing data.
Found by tlsfuzzer.
ok beck@
jsing [Fri, 3 Sep 2021 13:18:01 +0000 (13:18 +0000)]
Ensure that a client hello does not have trailing data.
Found by tlsfuzzer.
ok beck@
jsing [Fri, 3 Sep 2021 13:16:54 +0000 (13:16 +0000)]
Set message_size correctly when switching to the legacy stack.
The message_size variable is not actually the handshake message size,
rather the number of bytes contained within the handshake message, hence
we have to subtract the length of the handshake message header.
ok beck@
stsp [Fri, 3 Sep 2021 12:39:43 +0000 (12:39 +0000)]
Reset a net80211 node's QoS Tx sequence counter to the start of the
block ack window when a new Tx block ack agreement is established.
In the future this change will allow the iwx(4) driver to initialize this
sequence number such that it corresponds to what the firmware expects.
Note that ba->ba_winstart is set to ni->ni_qos_txseqs[tid] when a new Tx agg
agreement is initiated in ieee80211_node_addba_request(). Unless the driver
resets ba->ba_winstart before ieee80211_addba_resp_accept() runs, which is
what iwx(4) will do, the assignment added with this patch is a no-op.
kn [Fri, 3 Sep 2021 12:11:15 +0000 (12:11 +0000)]
Document sleep button, lid status and lidaction/pwraction support
landry added the sensor back in 2013 and suspend via sleep button also works
(at least on ThinkPads).
`machdep.{lid,pwr}action' are super useful but only mentioned in
/etc/examples/wsconsctl.conf providing poor discovery.
acpibtn(4) is the most prominent driver supporting them, so document their
behaviour here as a reference point (`man -k .=lidaction' now shows it).
suspend/hibernate wording is taken from apm(8).
sysctl value list style is taken from sysctl(2)'s KERN_POOL_DEBUG.
Feedback jmc
bluhm [Fri, 3 Sep 2021 11:58:24 +0000 (11:58 +0000)]
Make Bob happy.
stsp [Fri, 3 Sep 2021 11:55:31 +0000 (11:55 +0000)]
Make iwm(4) and iwx(4) resume code path more similar to the attach code path.
In particular, this makes suspend/resume work on systems using msix.
Resume is not 100% reliable yet, though, failing about 1 in 20 times
to bring the interface back up.
Recovery with ifconfig down/up should be possible when things go wrong.
With help from gnezdo@ in diagnosing the issue and testing changes.
Tests:
8265: stsp
9260: florian
9560: kevlo, Uwe Werler
ax200: kevlo, Mark Patruck, beck
ax201: gnezdo
dv [Fri, 3 Sep 2021 11:47:05 +0000 (11:47 +0000)]
vmm(4): grab kernel lock before vmspace init
We need the kernel lock before calling some uvm functions. Fixes a
panic reported by syzbot.
Reported-by: syzbot+dd7a70eaf794705db27e@syzkaller.appspotmail.com
ok mlarkin@
stsp [Fri, 3 Sep 2021 11:41:41 +0000 (11:41 +0000)]
Ensure that iwm(4) and iwx(4) will reload firmware from disk on down/up,
and will not do so during resume.
Tested by kevlo@ on iwx(4) and by myself on iwm(4).
florian [Fri, 3 Sep 2021 09:13:00 +0000 (09:13 +0000)]
Make traceroute(8) faster by sending probes and doing DNS async.
Traditional traceroute would send one probe and then wait for up to 5
seconds for a reply and then send the next probe. On a lossy link that
eventually ends in a black hole this would take about 15 minutes and
people would hit control-c in anger.
This rewrites the traceroute engine to use libevent and asr's async
DNS interface. Probes are now send every 30ms or as soon as we get an
answer back. With that we got the 15 minute worse case down to about
10 seconds.
A minor adjustment that is possible with this is to delay printing a
line until we get to a line with answers. This has two effects:
1) If there are intermediate hops that don't answer, output pauses for
a bit so we keep the visual cue of "something might be wrong here".
2) If there is a black hole at the end, we don't print out many "* * *"
lines and thus scrolling the interesting bits out of the terminal.
We collapse those lines and just print
64 * * *
at the end.
Unfortunately the -c option to send udp probes to a fixed port had to
go for now. But we should be able to add it back.
"Once you have seen the new one you can't go back to the old one" &
enthusiastic OK deraadt@
OK sthen@
"I am very distressed that florian went to bed without committing it"
beck@
beck [Fri, 3 Sep 2021 08:58:53 +0000 (08:58 +0000)]
Call the callback on success in new verifier in a compatible way
when we succeed with a chain, and ensure we do not call the callback
twice when the caller doesn't expect it. A refactor of the end of
the legacy verify code in x509_vfy is probably overdue, but this
should be done based on a piece that works. the important bit here
is this allows the perl regression tests in tree to pass.
Changes the previously committed regress tests to test the success
case callbacks to be known to pass.
ok bluhm@ tb@
bentley [Fri, 3 Sep 2021 08:22:25 +0000 (08:22 +0000)]
Update Albuquerque, NM zip codes.