openbsd
22 months agoProvide BN_zero()/BN_one() as functions and make BN_zero() always succeed.
jsing [Sat, 17 Dec 2022 15:56:25 +0000 (15:56 +0000)]
Provide BN_zero()/BN_one() as functions and make BN_zero() always succeed.

BN_zero() is currently implemented using BN_set_word(), which means it can
fail, however almost nothing ever checks the return value. A long time
ago OpenSSL changed BN_zero() to always succeed and return void, however
kept BN_zero as a macro that calls a new BN_zero_ex() function, so that
it can be switched back to the "can fail" version.

Take a simpler approach - change BN_zero()/BN_one() to functions and make
BN_zero() always succeed. This will be exposed in the next bump, at which
point we can hopefully also remove the BN_zero_ex() function.

ok tb@

22 months agoadd arch to Dt;
jmc [Sat, 17 Dec 2022 14:53:16 +0000 (14:53 +0000)]
add arch to Dt;

22 months agoacme-client: fix SAN-handling insanity
tb [Sat, 17 Dec 2022 13:53:38 +0000 (13:53 +0000)]
acme-client: fix SAN-handling insanity

The revoke process, which does a lot more than revoking a cert, wants to
know the SANs in the cert to be revoked or renewed and check them against
the ones configured in the config file.

To find out which ones are, it prints the SAN extension to a BIO using
X509V3_EXT_print(), slurps that into a buffer, tokenizes the undocumented
output string and plucks out the "DNS:" names. This is reminiscent of
node's hilarious CVE-2021-44532 and on about the same level of crazy, but
fortunately not security relevant.

Get the SAN extension as a GENERAL_NAMES from libcrypto, then we have an
actual data structure to work with, which allows us to access the DNS names
without problems. This simplifies things quite a bit, but the actual logic
in this file remains unmodified. Be careful about ASN1_IA5STRINGs and do
not assume they are C strings.

Tested by florian, millert, Renaud Allard, thanks!

ok florian jsing

22 months agoregen after minherit(2) unlock
kn [Sat, 17 Dec 2022 13:45:00 +0000 (13:45 +0000)]
regen after minherit(2) unlock

22 months agoUnlock minherit(2)
kn [Sat, 17 Dec 2022 13:42:59 +0000 (13:42 +0000)]
Unlock minherit(2)

struct uvm_map's .addr is protected by the map's lock and .{min,max}_offset
are immutable.

uvm_map_inherit() locks the VM map upon entry, sets the desired inheritance
mode for the given address range (validated outside the lock) and unlocks
the map itself.

fork(2), i.e. uvm_mapent_forkcopy(), first locks both old and new maps and
then copies entries over as per the inheritance type.

futex(2), another user of struct vm_map_entry's .inheritance member, also
locks the map accordingly.

OK mpi

22 months agoX509_check_purpose.3: incorporate feedback from jsing
tb [Sat, 17 Dec 2022 12:48:53 +0000 (12:48 +0000)]
X509_check_purpose.3: incorporate feedback from jsing

22 months agoaplefuse(4)
kettenis [Sat, 17 Dec 2022 12:02:00 +0000 (12:02 +0000)]
aplefuse(4)

22 months agoAdd aplefuse(4), a driver for the eFuses on Apple Silicon SoCs.
kettenis [Sat, 17 Dec 2022 11:56:44 +0000 (11:56 +0000)]
Add aplefuse(4), a driver for the eFuses on Apple Silicon SoCs.

ok patrick@

22 months agoMake nvmem_read_cell() and nvmem_write_cell() work for hardware that
kettenis [Sat, 17 Dec 2022 11:54:32 +0000 (11:54 +0000)]
Make nvmem_read_cell() and nvmem_write_cell() work for hardware that
requires word-sized access.

ok patrick@

22 months agoIn bio.h rev. 1.54, jsing@ and tb@ provided BIO_callback_fn_ex(3),
schwarze [Fri, 16 Dec 2022 23:56:57 +0000 (23:56 +0000)]
In bio.h rev. 1.54, jsing@ and tb@ provided BIO_callback_fn_ex(3),
BIO_set_callback_ex(3), BIO_get_callback_ex(3), and BIO_callback_fn(3).
Document them, in part by merging from the OpenSSL 1.1.1 branch,
which is still under a free license,
but heavily tweaked by me, in particular:
* mention that BIO_set_callback_arg(3) is misnamed;
* keep our more detailed explanation of the "ret" argument;
* make the list of callback invocations more readable;
* and update the HISTORY section.

22 months agoqcpdc(4)'s establish routine needs to return the wrapped cookie, not the
patrick [Fri, 16 Dec 2022 18:08:08 +0000 (18:08 +0000)]
qcpdc(4)'s establish routine needs to return the wrapped cookie, not the
cookie it received from establishing the interrupt.

22 months agoDocument extension caching of X509_check_purpose()
tb [Fri, 16 Dec 2022 18:02:28 +0000 (18:02 +0000)]
Document extension caching of X509_check_purpose()

The overwhelming majority of callers of X509_check_purpose() in our tree
pass a purpose of -1. In this case X509_check_purpose() acts as a wrapper
of x509v3_cache_extensions() which makes sanity checks like non-negativity
of ASN.1 integers or canonicity of RFC 3779 extensions as well as checking
uniqueness of extensions.

from schwarze who beat an initial diff of mine into shape

22 months agozap double space and needless line break
kn [Fri, 16 Dec 2022 17:57:39 +0000 (17:57 +0000)]
zap double space and needless line break

22 months agodrop a total of 93 trailing spaces from three lines
tb [Fri, 16 Dec 2022 17:47:34 +0000 (17:47 +0000)]
drop a total of 93 trailing spaces from three lines

22 months agoadd a CAVEATS section warning the user to not create cycles;
schwarze [Fri, 16 Dec 2022 16:02:17 +0000 (16:02 +0000)]
add a CAVEATS section warning the user to not create cycles;
OK tb@

22 months agotop(1): always recount number of online CPUs
cheloha [Fri, 16 Dec 2022 15:54:27 +0000 (15:54 +0000)]
top(1): always recount number of online CPUs

If hw.smt is toggled while top(1) is running in "combined" mode the
CPU count on the CPU state line is incorrect.

We always need to recount the number of online CPUs.

22 months agoPrevent KASSERT in iwm(4) if firmware image is missing or corrupt.
stsp [Fri, 16 Dec 2022 13:49:35 +0000 (13:49 +0000)]
Prevent KASSERT in iwm(4) if firmware image is missing or corrupt.

Same fix as for iwx(4) in CVS commit YakAvDYHWiUF3c4m, r1.113 if_iwx.c.
ok deraadt, mpi

22 months agoRevert BIO_push(3) cycle prevention (bio_lib.c rev. 1.42).
schwarze [Fri, 16 Dec 2022 13:41:55 +0000 (13:41 +0000)]
Revert BIO_push(3) cycle prevention (bio_lib.c rev. 1.42).

jsing@ worries that cycle prevention might increase risk because
software that is not checking return values (and indeed, not checking
is likely common in practice) might silently behave incorrectly
with cycle prevention whereas without, it will likely either crash
right away through infinite recursion or at least hang in an infinite
loop when trying to use the cyclic chain, in both cases making it
likely that the bug will be found and fixed.

Besides, tb@ points out that BIO_set_next(3) ought to behave as
similarly as possible to BIO_push(3), but adding cycle prevention
to BIO_set_next(3) would be even less convincing because that
function does not provide a return value, encouraging users to
expect that it will always succeed.  While a safe idiom for checking
the success of BIO_set_next(3) could easily be designed, let's be
realistic: application software would be highly unlikely to pick up
such an idiom.

22 months agoDowngrade riscv64-specific LTO error to a warning
jca [Fri, 16 Dec 2022 12:06:23 +0000 (12:06 +0000)]
Downgrade riscv64-specific LTO error to a warning

Error happens when mixing some PIC and non-PIC code in an LTO build/link

  ld: error: linking module flags 'SmallDataLimit': IDs have conflicting values in '<REDACTED>.o' and 'ld-temp.o'

and affects a few ports now.  Issue reported upstream where the proposed
fix uses llvm::Module::Min, which we don't have and would require
a backport.  For now, work around this issue by downgrading to
a warning, which should have the intended effect in most cases (use the
value of the first module, which is smaller than the defaults value used
by ld-temp.o).

ok kettenis@

22 months agoDo not escape tabs in output (iTerm2 needs them). GitHub issue 3414.
nicm [Fri, 16 Dec 2022 08:22:05 +0000 (08:22 +0000)]
Do not escape tabs in output (iTerm2 needs them). GitHub issue 3414.

22 months agoMake U+FE0F VARIATION SELECTOR-16 change the width from 1 to 2. GitHub
nicm [Fri, 16 Dec 2022 08:19:58 +0000 (08:19 +0000)]
Make U+FE0F VARIATION SELECTOR-16 change the width from 1 to 2. GitHub
issue 3409.

22 months agoAdd send-keys -K to handle keys directly as if typed (so look up in key
nicm [Fri, 16 Dec 2022 08:13:40 +0000 (08:13 +0000)]
Add send-keys -K to handle keys directly as if typed (so look up in key
table). GitHub issue 3361.

22 months agoMention that scp uses the SFTP protocol and remove reference to
djm [Fri, 16 Dec 2022 07:13:22 +0000 (07:13 +0000)]
Mention that scp uses the SFTP protocol and remove reference to
legacy flag. Spotted by, feedback and ok jmc@

22 months agoClear signal mask early in main(); sshd may have been started with
djm [Fri, 16 Dec 2022 06:56:47 +0000 (06:56 +0000)]
Clear signal mask early in main(); sshd may have been started with
one or more signals masked (sigprocmask(2) is not cleared on fork/exec)
and this could interfere with various things, e.g. the login grace timer.

Execution environments that fail to clear the signal mask before running
sshd are clearly broken, but apparently they do exist.

Reported by Sreedhar Balasubramanian; ok dtucker@

22 months agoadd -X to usage();
jmc [Fri, 16 Dec 2022 06:52:48 +0000 (06:52 +0000)]
add -X to usage();

22 months agoPrioritize lladdr over name/unit in hostname.if processing
afresh1 [Fri, 16 Dec 2022 04:04:25 +0000 (04:04 +0000)]
Prioritize lladdr over name/unit in hostname.if processing

When needed, lladdr is more precise and enduring.

Suggested by deraadt@
Many improvments and OK kn@

22 months agoadd a -X option to both scp(1) and sftp(1) to allow control over
djm [Fri, 16 Dec 2022 03:40:03 +0000 (03:40 +0000)]
add a -X option to both scp(1) and sftp(1) to allow control over
some SFTP protocol knobs: the copy buffer length and the number of
inflight requests, both of which are used during upload/download.

Previously these could be controlled in sftp(1) using the -b/-R options.
This makes them available in both SFTP protocol clients using the same
option character sequence.

ok dtucker@

22 months agodelete // debug comment chunks. If anyone wants to debug ld.so and runs
deraadt [Fri, 16 Dec 2022 03:14:52 +0000 (03:14 +0000)]
delete // debug comment chunks.  If anyone wants to debug ld.so and runs
into a mimmutable related concern, you want to undo this revision to get
this debug back.  I do not consider this suitable for hiding behind a
cpp macro.

22 months agoalways keep pf_state_keys attached to pf_states.
dlg [Fri, 16 Dec 2022 02:05:44 +0000 (02:05 +0000)]
always keep pf_state_keys attached to pf_states.

pf_state structures don't contain ip addresses, protocols, ports,
etc. that information is stored in a pf_state_key struct, which is
used to wire a state into the state table. when things like pfsync
or the pf state ioctls want to export information about a state,
particularly the addresses on it, they needs the pf_state_key struct
to read from.

before this diff the code assumed that when a state was removed
from the state tables it could throw the pf_state_key structs away
as part of that removal. this code changes it so once pf_state_insert
succeeds, a pf_state will keep its references to the pf_state_key
structs until the pf_state struct itself is being destroyed.

this allows anything that holds a reference to a pf_state to also
look at the pf_state_key structs because they're now effectively
an immutable part of the pf_state struct.

this is by far the simplest and most straightforward fix for pfsync
crashing on pf_state_key dereferences we've come up with so far.
it has been made possible by the addition of reference counts to
pf_state and pf_state_key structs, which allows us to properly
account for this adjusted lifecycle for pf_state_keys on pf_state
structs.

sashan@ and i have been kicking this diff around for a couple of
weeks now.
ok sashan@ jmatthew@

22 months agopriv_validgroup: do not read more than IF_NAMESIZE chars of name
millert [Thu, 15 Dec 2022 19:36:45 +0000 (19:36 +0000)]
priv_validgroup: do not read more than IF_NAMESIZE chars of name
Store the length locally instead of computing it multiple times.
OK dv@, previous version OK deraadt@

22 months agoThe idiomatic way of coping with signed char vs unsigned char (which
deraadt [Thu, 15 Dec 2022 18:20:39 +0000 (18:20 +0000)]
The idiomatic way of coping with signed char vs unsigned char (which
did not come from stdio read functions) in the presence of ctype
macros, is to always cast to (unsigned char).  casting to (int) for
a "macro" which is documented to take int, is weird.  And sadly wrong,
because of the sing extension risk..
same diff from florian

22 months agoacme-client: use timegm() instead of mktime()
tb [Thu, 15 Dec 2022 17:36:56 +0000 (17:36 +0000)]
acme-client: use timegm() instead of mktime()

Times in certificates are all expressed in Zulu time, so calling the time
zone dependent mktime() on such a time and comparing it to time(NULL) is
wrong.

This means that the check of at least 30 days validity and deciding on
whether to renew or not might have been off by by half a day depending on
where you are. That should not matter since you (or cron) are supposed to
run acme-client way more often than once a month.

ok claudio millert

22 months agoIn curve25519.h rev. 1.4 to 1.7, tb@ and jsing@ provided
schwarze [Thu, 15 Dec 2022 17:20:48 +0000 (17:20 +0000)]
In curve25519.h rev. 1.4 to 1.7, tb@ and jsing@ provided
ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3).
Document them.

22 months agoacme-client: use ASN1_TIME_to_tm()
tb [Thu, 15 Dec 2022 16:59:04 +0000 (16:59 +0000)]
acme-client: use ASN1_TIME_to_tm()

There is a hand-rolled, only minimally checked implementation converting
an ASN1_TIME into a struc tm. beck has invested a lot of time improving
the time parsing inside libcrypto, so make use of that. That code is safer,
better vetted and more correct.

ok florian

22 months agoAdd explicit casts to ctype functions in vmd(8).
dv [Thu, 15 Dec 2022 16:01:40 +0000 (16:01 +0000)]
Add explicit casts to ctype functions in vmd(8).

OK millert@

22 months agoAdd shim functions for repo code introduced by the pre repo stats.
claudio [Thu, 15 Dec 2022 12:04:59 +0000 (12:04 +0000)]
Add shim functions for repo code introduced by the pre repo stats.
From tb@

22 months agoRework statistic collection to be per repository and add metric output option
claudio [Thu, 15 Dec 2022 12:02:29 +0000 (12:02 +0000)]
Rework statistic collection to be per repository and add metric output option

Many statistic values are now accounted by repository via repo_stat_inc()
At end of the run sum_stats() accumulates these stats per TAL and globally.
The new output file metrics is written when the -m output flag is specified.
The metrics file is written in OpenMetrics format (with a few tweaks to
allow node_exporter to parse the file as well). The ometric code is a copy
from bgpctl(8) and should be kept in sync.
OK tb@

22 months agoThe argument to ctype functions must be EOF or representable as an
florian [Thu, 15 Dec 2022 08:07:03 +0000 (08:07 +0000)]
The argument to ctype functions must be EOF or representable as an
unsigned char.

Casting to int is particularly useless because that's what the
compiler already does. We need to prevent sign extension, not write
down that we want sign extension.

OK deraadt, kn, miod, op

22 months agoThe argument to ctype functions must be EOF or representable as an
florian [Thu, 15 Dec 2022 08:06:13 +0000 (08:06 +0000)]
The argument to ctype functions must be EOF or representable as an
unsigned char.

Casting to int is particularly useless because that's what the
compiler already does. We need to prevent sign extension, not write
down that we want sign extension.

OK deraadt, kn, miod

22 months agorework the text describing interface name;
jmc [Thu, 15 Dec 2022 06:39:05 +0000 (06:39 +0000)]
rework the text describing interface name;
feedback deraadt afresh kn

22 months agosync
deraadt [Thu, 15 Dec 2022 04:03:51 +0000 (04:03 +0000)]
sync

22 months agoadd __ctzdi2 to sparc64 kernel
jsg [Wed, 14 Dec 2022 23:50:31 +0000 (23:50 +0000)]
add __ctzdi2 to sparc64 kernel

If __builtin_ctzl() is used on sparc64, gcc 4.2 will emit a call to
__ctzdi2.  For userland this is in libgcc or compiler-rt.  In the kernel
we put these functions in libkern.

'looks good' deraadt@ miod@

22 months agoregen
jsg [Wed, 14 Dec 2022 23:29:09 +0000 (23:29 +0000)]
regen

22 months agoadd id for Navi 31, Radeon RX 7900 XT/XTX (gfx1100, GC 11.0.0)
jsg [Wed, 14 Dec 2022 23:28:31 +0000 (23:28 +0000)]
add id for Navi 31, Radeon RX 7900 XT/XTX (gfx1100, GC 11.0.0)

22 months agoIn evp.h rev. 1.109 and 1.112, jsing@ and tb@ provided
schwarze [Wed, 14 Dec 2022 22:37:07 +0000 (22:37 +0000)]
In evp.h rev. 1.109 and 1.112, jsing@ and tb@ provided
EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3),
EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3).

Merge the documentation from the OpenSSL 1.1.1 branch, which is
still under a free license.  I tweaked the text somewhat for
conciseness, and argument names for uniformity.

22 months agoIn asn1.h rev. 1.71 and 1.72, jsing@ and tb@ provided ASN1_buf_print(3).
schwarze [Wed, 14 Dec 2022 20:27:28 +0000 (20:27 +0000)]
In asn1.h rev. 1.71 and 1.72, jsing@ and tb@ provided ASN1_buf_print(3).
Document it.

22 months agoThe argument to ctype functions must be EOF or representable as an
florian [Wed, 14 Dec 2022 18:32:26 +0000 (18:32 +0000)]
The argument to ctype functions must be EOF or representable as an
unsigned char.

Casting to int is particularly useless because that's what the
compiler already does. We need to prevent sign extension, not write
down that we want sign extension.

OK deraadt, millert, kn

22 months agoContinue loop if no match found; avoids an OOB write. ok florian@ tb@
otto [Wed, 14 Dec 2022 15:44:13 +0000 (15:44 +0000)]
Continue loop if no match found; avoids an OOB write. ok florian@ tb@

22 months agoOptimize io_buf_read() a bit by calling read() again after the inital
claudio [Wed, 14 Dec 2022 15:19:16 +0000 (15:19 +0000)]
Optimize io_buf_read() a bit by calling read() again after the inital
header of the buf was read. This often saves a round-trip to the main
event loop and poll(2).
OK job@ tb@

22 months agoPlug leak of ECDSA_SIG
tb [Wed, 14 Dec 2022 15:02:43 +0000 (15:02 +0000)]
Plug leak of ECDSA_SIG

ok sthen

22 months agoDo the IPv4 specific MP capability check only once per update/withdraw
claudio [Wed, 14 Dec 2022 14:16:20 +0000 (14:16 +0000)]
Do the IPv4 specific MP capability check only once per update/withdraw
instead of per prefix.
OK sthen@

22 months agoPut an splhigh() at the start of cpu_configure() to prevent splasserts
kettenis [Wed, 14 Dec 2022 13:55:11 +0000 (13:55 +0000)]
Put an splhigh() at the start of cpu_configure() to prevent splasserts
trigger in autoconf.  Matches what we do on (many) other architectures.

ok miod@

22 months agoMove some basic accessors of aspath to rde.h and make them static inline.
claudio [Wed, 14 Dec 2022 12:37:15 +0000 (12:37 +0000)]
Move some basic accessors of aspath to rde.h and make them static inline.
OK tb@

22 months agoAdd missing type for OMT_INFO.
claudio [Wed, 14 Dec 2022 11:23:41 +0000 (11:23 +0000)]
Add missing type for OMT_INFO.

Changes output like this:
 # HELP bgpd bgpd information
-# TYPE bgpd unknown
+# TYPE bgpd info
 bgpd_info{nodename="xxx",domainname="xxx",release="7.7"} 1

22 months agoAlways initialize b64sz
job [Wed, 14 Dec 2022 10:45:34 +0000 (10:45 +0000)]
Always initialize b64sz

OK tb@

22 months agoSwitch to struct timespec for collecting stats. This allows to use
claudio [Wed, 14 Dec 2022 10:34:49 +0000 (10:34 +0000)]
Switch to struct timespec for collecting stats. This allows to use
clock_gettime(CLOCK_MONOTONIC) for runtime calculation.
OK tb@

22 months agoPrint expiry moment in human-readable filemode in a consistent fashion across all...
job [Wed, 14 Dec 2022 08:46:58 +0000 (08:46 +0000)]
Print expiry moment in human-readable filemode in a consistent fashion across all object types

OK claudio@ tb@

22 months agoPrint issuer & serial in filemode
job [Wed, 14 Dec 2022 02:34:32 +0000 (02:34 +0000)]
Print issuer & serial in filemode

OK tb@

22 months agoIn tcp_now() switch from getnsecuptime() to getnsecruntime()
claudio [Tue, 13 Dec 2022 18:10:55 +0000 (18:10 +0000)]
In tcp_now() switch from getnsecuptime() to getnsecruntime()

The tcp timer is not supposed to run during suspend but getnsecuptime() does
and because of this sessions with TCP_KEEPALIVE on reset after a few hours
of sleep.

Problem noticed by mlarkin@, investigation by yasuoka@ additional testing jca@
OK yasuoka@ jca@ cheloha@

22 months agotimecounting: add getbinruntime(), getnsecruntime()
cheloha [Tue, 13 Dec 2022 17:30:36 +0000 (17:30 +0000)]
timecounting: add getbinruntime(), getnsecruntime()

The networking people want a fast, monotonic clock that only advances
while the system is not suspended.  The runtime clock satisfies most
of these requirements, so introduce getnsecruntime() to provide a fast
means for reading it.

Based on patches from jca@ and claudio@.

ok yasuoka@

22 months agosync
deraadt [Tue, 13 Dec 2022 17:19:02 +0000 (17:19 +0000)]
sync

22 months agoremove advent entry 11/SunLast and leave 12/SunFirst, to avoid getting
jmc [Tue, 13 Dec 2022 07:08:17 +0000 (07:08 +0000)]
remove advent entry 11/SunLast and leave 12/SunFirst, to avoid getting
two "First Sunday of Advent" entries;

22 months agoadd tipd(4);
jmc [Tue, 13 Dec 2022 06:58:03 +0000 (06:58 +0000)]
add tipd(4);

22 months agoconsistently put the Xr in "made obsolete by" in symbolic,
jmc [Tue, 13 Dec 2022 06:56:06 +0000 (06:56 +0000)]
consistently put the Xr in "made obsolete by" in symbolic,
as sigvec already does; remove the one inconsistent colon
from creat(3) in this same text

original diff from josiah frentsos

22 months agoThe C compiler -rdynamic argument is not specific to gcc, so just say 'cc'
guenther [Tue, 13 Dec 2022 02:50:01 +0000 (02:50 +0000)]
The C compiler -rdynamic argument is not specific to gcc, so just say 'cc'

queried by and ok jcw@

22 months agoClarify the default is to require message authentication.
yasuoka [Tue, 13 Dec 2022 00:59:53 +0000 (00:59 +0000)]
Clarify the default is to require message authentication.

22 months agoEnable tipd(4) on RAMDISK kernels as well.
kettenis [Mon, 12 Dec 2022 22:06:40 +0000 (22:06 +0000)]
Enable tipd(4) on RAMDISK kernels as well.

ok deraadt@

22 months agoFix typo.
kettenis [Mon, 12 Dec 2022 20:44:00 +0000 (20:44 +0000)]
Fix typo.

22 months agotipd(4)
kettenis [Mon, 12 Dec 2022 19:25:49 +0000 (19:25 +0000)]
tipd(4)

22 months agoFix USB hotplug on type-C connectors of Apple Silicon hardware. The USB
kettenis [Mon, 12 Dec 2022 19:18:25 +0000 (19:18 +0000)]
Fix USB hotplug on type-C connectors of Apple Silicon hardware.  The USB
controller on these machines does not see connection events.  Instead we
need to rely on the USB PD controllers to notify us of a new connection
and reset the USB controller.  This diff implements this by adding a new
tipd(4) driver and infrastructure to notify xhci(4) of new connections.

ok patrick@

22 months agoImprove range check to protect against overflow.
kettenis [Mon, 12 Dec 2022 18:45:01 +0000 (18:45 +0000)]
Improve range check to protect against overflow.

ok patrick@

22 months agoBump to LibreSSL 3.7.1
tb [Mon, 12 Dec 2022 14:16:58 +0000 (14:16 +0000)]
Bump to LibreSSL 3.7.1

22 months agoSince bgpctl uses clock_gettime() and struct timespec switch ometric code
claudio [Mon, 12 Dec 2022 09:51:04 +0000 (09:51 +0000)]
Since bgpctl uses clock_gettime() and struct timespec switch ometric code
over to handle struct timespec instead of struct timeval. This way no
extra conversion is needed.
OK tb@

22 months agoRevert sb_state changes to unbreak tree.
tb [Mon, 12 Dec 2022 08:30:22 +0000 (08:30 +0000)]
Revert sb_state changes to unbreak tree.

22 months agoRemove extra : in parameter substitution
afresh1 [Mon, 12 Dec 2022 02:30:51 +0000 (02:30 +0000)]
Remove extra : in parameter substitution

From Rob Whitlock <rwhitlock22 () gmail ! com>

22 months agoThis time, socket's buffer lock requires solock() to be held. As a part of
mvs [Sun, 11 Dec 2022 21:19:08 +0000 (21:19 +0000)]
This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.

Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.

Also, don't adjust the remaining SS_* bits right now.

ok millert@

22 months agoAdd a small blurb on @SECLEVEL=n
tb [Sun, 11 Dec 2022 20:53:27 +0000 (20:53 +0000)]
Add a small blurb on @SECLEVEL=n

22 months agoBalance a getifaddrs() with a freeifaddrs(); plugs a leak seen by
otto [Sun, 11 Dec 2022 10:47:37 +0000 (10:47 +0000)]
Balance a getifaddrs() with a freeifaddrs(); plugs a leak seen by
florian@ and myself.  ok florian@

22 months agoUse evcount_percpu() with platform interrupt counters on octeon.
visa [Sun, 11 Dec 2022 05:31:05 +0000 (05:31 +0000)]
Use evcount_percpu() with platform interrupt counters on octeon.

22 months agoCut two cycles from k_tlb_inv() on octeon.
visa [Sun, 11 Dec 2022 05:07:25 +0000 (05:07 +0000)]
Cut two cycles from k_tlb_inv() on octeon.

"If it works, go for it!" miod@

22 months agoRemove unused experimental ICMP6 redirect low water bits
kn [Sat, 10 Dec 2022 23:45:51 +0000 (23:45 +0000)]
Remove unused experimental ICMP6 redirect low water bits

Dead since introduction in 2001 with icmp6.c r1.31:
    implement upper limit to icmp6 redirects (experimental, turned off)
    negative value to {mtudisc,redirect}_{hi,lo}wat will turn off the limitation.
    sync with kame.

icmp6_redirect_lowat was always -1 and never hit the empty conditional.

icmp6_redirect_hiwat never existed.

icmp6_mtudisc_{hi,lo}wat are exposed as net.inet6.icmp6.mtudisc_{hi,lo}wat
sysctl(2)s, so don't touch those for now.

OK mvs

22 months agoReuse off variable from previous line; no object change
kn [Sat, 10 Dec 2022 22:40:58 +0000 (22:40 +0000)]
Reuse off variable from previous line;  no object change

22 months agozap 68 trailing spaces from a single line
kn [Sat, 10 Dec 2022 22:16:24 +0000 (22:16 +0000)]
zap 68 trailing spaces from a single line

22 months ago`dp' was just allocated with M_ZERO flag, so the following bzero(3) is not
mvs [Sat, 10 Dec 2022 21:29:10 +0000 (21:29 +0000)]
`dp' was just allocated with M_ZERO flag, so the following bzero(3) is not
required.

ok kn@

22 months agoMerge nd6_option_init() into nd6_options()
kn [Sat, 10 Dec 2022 21:26:21 +0000 (21:26 +0000)]
Merge nd6_option_init() into nd6_options()

All call-sites call nd6_options() directly after nd6_option_init().
Fold them to simplify the logic and do less pointing around.

Feedback OK bluhm florian

22 months agoIncrease transfer completion timeout to 100ms. This is what Linux has
kettenis [Sat, 10 Dec 2022 18:43:48 +0000 (18:43 +0000)]
Increase transfer completion timeout to 100ms.  This is what Linux has
and we need a longer timeout for the USB Type-C PD chips.

ok tobhe@

22 months agoex_range: fix handling of escaped backslashes.
millert [Sat, 10 Dec 2022 16:06:18 +0000 (16:06 +0000)]
ex_range: fix handling of escaped backslashes.
If there are two consecutive backslashes, skip past both so the
second is not mistakenly treated as an escape character.
This is consistent with how escaped backslashes are treated
in ex_substitute() and global().  From Bosco G. G.

22 months agoalpha: switch to clockintr
cheloha [Sat, 10 Dec 2022 15:02:29 +0000 (15:02 +0000)]
alpha: switch to clockintr

- Add missing tick_nsec initialization to cpu_initclocks().
- Set stathz = hz, profhz = stathz; we don't have any control over the
  interrupt clock on alpha so everything has the same frequency.
- Set schedhz = 16 to imitate current schedclock() dispatch frequency.

Bringup help from claudio@.  Tested by miod@ (2-CPU DS25).

Link: https://marc.info/?l=openbsd-tech&m=166776333303245&w=2
ok mlarkin@

22 months agoMake the accepted log grep pattern more strict in order to not pick up any log
anton [Sat, 10 Dec 2022 12:17:46 +0000 (12:17 +0000)]
Make the accepted log grep pattern more strict in order to not pick up any log
entries from sshd causing intermittent failures.

Discussed with bluhm@ back in August this year.

22 months agobio chain test: compress some error printing
tb [Sat, 10 Dec 2022 10:56:16 +0000 (10:56 +0000)]
bio chain test: compress some error printing

22 months agobio chain test: deduplicate chain walking code
tb [Sat, 10 Dec 2022 10:45:39 +0000 (10:45 +0000)]
bio chain test: deduplicate chain walking code

22 months agobio chain test: handle walking of empty chains
tb [Sat, 10 Dec 2022 10:42:13 +0000 (10:42 +0000)]
bio chain test: handle walking of empty chains

Rework the loops walking the chains to be correct for empty chains as well.
This simplifies the checking at the cost of slightly more initialization
and will allow further refactoring in a subsequent check.

22 months agoMitigate Spectre-BHB by using core-specific trampoline vectors. On some cores
patrick [Sat, 10 Dec 2022 10:13:58 +0000 (10:13 +0000)]
Mitigate Spectre-BHB by using core-specific trampoline vectors.  On some cores
Spectre-BHB can be mitigated by using a loop that branches a number of times.
For cores where this does not suffice, or where Spectre-V2 needs to be handled
as well, try and call into a new PSCI function that mitigates both Spectre-V2
and Spectre-BHB.  Some newer machines, which might not be in anyone's hands
yet, have an instruction (CLRBHB) that clears the BHB.  If ECBHB is set, the
BHB isn't vulnerable.  If we have CSV2_3/HCXT, it's not vulnerable at all.

No visible performance dropoff on a MacchiatoBin (4xA72) or Lenovo x13s (4xA78C+
4xX1C), but around 2-3% on a LX2K (16xA72) and RK3399 (4xA53+2xA72).

ok kettenis@

22 months agoFix comments, no binary change.
aoyama [Sat, 10 Dec 2022 02:41:56 +0000 (02:41 +0000)]
Fix comments, no binary change.

22 months agoSimplify early kernel bootstrap a bit more. Just map the entire 64MB memory
kettenis [Fri, 9 Dec 2022 22:31:31 +0000 (22:31 +0000)]
Simplify early kernel bootstrap a bit more.  Just map the entire 64MB memory
block that the bootloader allocates for us (minus the first 2MB).  This means
we can get rid of a bunch of code in pmap_bootstrap().  It also makes sure
that we don't accidentally enter mappings that cover secure memory just
beyond where the kernel was loaded.

ok patrick@

22 months agoAdd detection for Spectre-BHB related CLRBHB, ECBHB and CSV2_3/HCXT
patrick [Fri, 9 Dec 2022 21:23:24 +0000 (21:23 +0000)]
Add detection for Spectre-BHB related CLRBHB, ECBHB and CSV2_3/HCXT
feature bits.

ok kettenis@

22 months agofix double word and Ar -> Dv;
jmc [Fri, 9 Dec 2022 21:19:53 +0000 (21:19 +0000)]
fix double word and Ar -> Dv;

22 months agoFix typo: SCTX -> SCXT
patrick [Fri, 9 Dec 2022 20:37:39 +0000 (20:37 +0000)]
Fix typo: SCTX -> SCXT

ok kettenis@

22 months agoresolvd: fix leaks of line and fp
tb [Fri, 9 Dec 2022 18:22:35 +0000 (18:22 +0000)]
resolvd: fix leaks of line and fp

In case asprintf() fails or the iov overflows, the file and the line read
would be leaked.

also noted by otto
ok deraadt millert

22 months agoiovcnt can be zero, writev does not like that and O_CREATE is
otto [Fri, 9 Dec 2022 18:11:24 +0000 (18:11 +0000)]
iovcnt can be zero, writev does not like that and O_CREATE is
not needed, we just renamed sucessfully to that file.
ok deraadt@ florian@