openbsd
3 years agomark up fixes; from lyndon
jmc [Wed, 27 Jan 2021 14:59:10 +0000 (14:59 +0000)]
mark up fixes; from lyndon

3 years agoword fix;
jmc [Wed, 27 Jan 2021 14:58:06 +0000 (14:58 +0000)]
word fix;

3 years agospelling fixes;
jmc [Wed, 27 Jan 2021 14:57:29 +0000 (14:57 +0000)]
spelling fixes;

3 years agoregen
jsg [Wed, 27 Jan 2021 10:48:44 +0000 (10:48 +0000)]
regen

3 years agoadd some more amdgpu devices
jsg [Wed, 27 Jan 2021 10:47:58 +0000 (10:47 +0000)]
add some more amdgpu devices

3 years agoFlush pending output before entering or exiting alternate screen rather
nicm [Wed, 27 Jan 2021 10:42:52 +0000 (10:42 +0000)]
Flush pending output before entering or exiting alternate screen rather
than leaking it, oss-fuzz issue 29959.

3 years agothis needs kex.h now
djm [Wed, 27 Jan 2021 10:15:08 +0000 (10:15 +0000)]
this needs kex.h now

3 years agomake ssh->kex->session_id a sshbuf instead of u_char*/size_t and
djm [Wed, 27 Jan 2021 10:05:28 +0000 (10:05 +0000)]
make ssh->kex->session_id a sshbuf instead of u_char*/size_t and
use that instead of global variables containing copies of it.
feedback/ok markus@

3 years agoremove global variable used to stash compat flags and use the
djm [Wed, 27 Jan 2021 09:26:53 +0000 (09:26 +0000)]
remove global variable used to stash compat flags and use the
purpose-built ssh->compat variable instead; feedback/ok markus@

3 years agoBe consistent in not using parameter names for function prototypes.
mglocker [Wed, 27 Jan 2021 08:32:46 +0000 (08:32 +0000)]
Be consistent in not using parameter names for function prototypes.

3 years agoDetermine available address families (and monitor when this changes)
florian [Wed, 27 Jan 2021 08:30:50 +0000 (08:30 +0000)]
Determine available address families (and monitor when this changes)
to configure libunbound accordingly. This way it no longer tries to
talk to IPv6 nameservers when only IPv4 is available and vice versa.
input deraadt
OK kn

3 years agodo better accounting of how many msix interrupts we want to use.
dlg [Wed, 27 Jan 2021 07:46:11 +0000 (07:46 +0000)]
do better accounting of how many msix interrupts we want to use.

ok jmatthew@

3 years agothese programs (with common ancestry) had a -fno-common problem related
deraadt [Wed, 27 Jan 2021 07:21:52 +0000 (07:21 +0000)]
these programs (with common ancestry) had a -fno-common problem related
to privsep_procid.
ok mortimer

3 years agosplit out extern and decl for -fno-common
deraadt [Wed, 27 Jan 2021 07:21:12 +0000 (07:21 +0000)]
split out extern and decl for -fno-common

3 years agomakemap does not need a common which it does not use.
deraadt [Wed, 27 Jan 2021 07:20:27 +0000 (07:20 +0000)]
makemap does not need a common which it does not use.

3 years agocommons used rather than externs, fix for -fno-common
deraadt [Wed, 27 Jan 2021 07:19:54 +0000 (07:19 +0000)]
commons used rather than externs, fix for -fno-common

3 years agofix -fno-common issues; ok mortimer
deraadt [Wed, 27 Jan 2021 07:18:41 +0000 (07:18 +0000)]
fix -fno-common issues; ok mortimer

3 years agofix -fno-common issues; ok mortimer
deraadt [Wed, 27 Jan 2021 07:18:16 +0000 (07:18 +0000)]
fix -fno-common issues; ok mortimer

3 years agonsd contains two yacc parsers, but predates "yacc -b". Instead a
deraadt [Wed, 27 Jan 2021 05:06:12 +0000 (05:06 +0000)]
nsd contains two yacc parsers, but predates "yacc -b".  Instead a
script renames the fields in one parser.  Three additional variables
(yysslim, yyssp, yystacksize) need to be renamed also.
Yes it is worse than stepping out of bed on the wrong side into cat vomit.

3 years agoshuffle externs (and definitions) around to satisfy -fno-common
deraadt [Wed, 27 Jan 2021 05:03:23 +0000 (05:03 +0000)]
shuffle externs (and definitions) around to satisfy -fno-common
ok mortimer

3 years agohave pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to.
dlg [Wed, 27 Jan 2021 04:46:21 +0000 (04:46 +0000)]
have pf_route{,6} clear the pf_pdesc mbuf ref early for route-to/reply-to.

pf_route and pf_route6 are called to take over delivery of the
packet with route-to and reply-to instead of letting it get processed
normally. for the dup-to handling, it copies the mbuf but leaves
the original mbuf in place. pf_route takes over the packet by
clearing the mbuf pointer in the pf_pdesc struct. this diff moves
the clearing of that pointer to the start of the function, rather
than checking for dup-to again on the way out of the function.

i think this is better because it means that it's more robust in
the face of future code changes. even if that's not true, it's still
shorter code in a forwarding path.

ok sashan@ jmatthew@

3 years agodon't run copies of packets made by dup-to through pf_test.
dlg [Wed, 27 Jan 2021 03:02:06 +0000 (03:02 +0000)]
don't run copies of packets made by dup-to through pf_test.

dup-to is kind of like what you do with a span port, but is a bit
more fine grained. it copies packets in a connection out an interface
so that connection can be monitored. it doesnt make sense for pf
to see the copied packets and try to match or create new states for
them either. at best it needs config to stop pf seeing the copies
(eg, set skip on $dup_to_tgt_if). at worst it breaks the connections
you're monitoring because the states in pf get confused.

found while discussing larger route-to changes on tech@.

ok bluhm@ sashan@

3 years agokqueue: Fix termination assert
visa [Wed, 27 Jan 2021 02:58:03 +0000 (02:58 +0000)]
kqueue: Fix termination assert

When a kqueue file is closed, the kqueue can still have threads
scanning it. Consequently, kqueue_terminate() can see scan markers
in the event queue. These markers are removed when the scanning threads
leave the kqueue. Take this into account when checking the queue's
state, to avoid a panic when kqueue is closed from under a thread.

OK anton@

Reported-by: syzbot+757c60a2aa1125137cce@syzkaller.appspotmail.com
3 years agosatisfy -fno-common by duplicating deck chairs as required
deraadt [Wed, 27 Jan 2021 01:59:39 +0000 (01:59 +0000)]
satisfy -fno-common by duplicating deck chairs as required
ok mortimer millert

3 years agosatisfy -fno-common
deraadt [Wed, 27 Jan 2021 01:57:37 +0000 (01:57 +0000)]
satisfy -fno-common
similar to the approach used by mortimer

3 years agoLogical not bitwise or. ok djm@
dtucker [Wed, 27 Jan 2021 00:37:26 +0000 (00:37 +0000)]
Logical not bitwise or.  ok djm@

3 years agoAdd support for RSA-PSS PKCS1 signatures. Don't enable them by
tobhe [Tue, 26 Jan 2021 23:06:23 +0000 (23:06 +0000)]
Add support for RSA-PSS PKCS1 signatures.  Don't enable them by
default for now because of interoperability issues.

ok patrick@

3 years agoRecognize Apple Icestorm cores.
kettenis [Tue, 26 Jan 2021 23:02:18 +0000 (23:02 +0000)]
Recognize Apple Icestorm cores.

3 years agoFix build with -fno-common. OK deraadt@
millert [Tue, 26 Jan 2021 20:42:49 +0000 (20:42 +0000)]
Fix build with -fno-common.  OK deraadt@

3 years agoRewrap a comment line to fit into 80 columns.
tb [Tue, 26 Jan 2021 18:47:08 +0000 (18:47 +0000)]
Rewrap a comment line to fit into 80 columns.

3 years agozap a tab
tb [Tue, 26 Jan 2021 18:45:32 +0000 (18:45 +0000)]
zap a tab

3 years agoPrepare to provide SSL_set_hostflags()
tb [Tue, 26 Jan 2021 18:43:41 +0000 (18:43 +0000)]
Prepare to provide SSL_set_hostflags()

Yet another one of these X509_VERIFY_PARAM reacharounds into
libcrypto. Recently found in imapfilter, also used elsewhere.
Will be made publicly visible with the next minor bump.

ok jsing

3 years agoone variable was common, fixing what I can.
deraadt [Tue, 26 Jan 2021 18:25:07 +0000 (18:25 +0000)]
one variable was common, fixing what I can.
(the portable code in here is not in great shape, and I am ignoring it)

3 years agosatisfy -fno-common, by (1) copying all the variable decls from
deraadt [Tue, 26 Jan 2021 18:23:49 +0000 (18:23 +0000)]
satisfy -fno-common, by (1) copying all the variable decls from
indent_globs.h to indent.c, and (2) changing all the same decls in
indent_globs.h to be extern
ok mortimer

3 years agosatisfy -fno-common, by (1) copying all the variable decls from
deraadt [Tue, 26 Jan 2021 18:22:45 +0000 (18:22 +0000)]
satisfy -fno-common, by (1) copying all the variable decls from
indent_globs.h to indent.c, and (2) changing all the same decls in
indent_globs.h to be extern
ok mortimer

3 years agosockb variable is unused (and even worse, was common unused)
deraadt [Tue, 26 Jan 2021 18:22:35 +0000 (18:22 +0000)]
sockb variable is unused (and even worse, was common unused)

3 years agosatisfy -fno-common, by (1) copying all the variable decls from
deraadt [Tue, 26 Jan 2021 18:21:47 +0000 (18:21 +0000)]
satisfy -fno-common, by (1) copying all the variable decls from
indent_globs.h to indent.c, and (2) changing all the same decls in
indent_globs.h to be extern
ok mortimer

3 years agosatisfy -fno-common, by (1) copying all the variable decls from
deraadt [Tue, 26 Jan 2021 18:21:25 +0000 (18:21 +0000)]
satisfy -fno-common, by (1) copying all the variable decls from
indent_globs.h to indent.c, and (2) changing all the same decls in
indent_globs.h to be extern
ok mortimer

3 years agosatisfy -fno-common by repairing one enum decl
deraadt [Tue, 26 Jan 2021 18:19:43 +0000 (18:19 +0000)]
satisfy -fno-common by repairing one enum decl
ok mortimer

3 years agomove HostbasedAcceptedAlgorithms to the right place in alphabetical order
naddy [Tue, 26 Jan 2021 15:40:17 +0000 (15:40 +0000)]
move HostbasedAcceptedAlgorithms to the right place in alphabetical order

3 years agoMove sequence numbers into the new TLSv1.2 record layer.
jsing [Tue, 26 Jan 2021 14:22:19 +0000 (14:22 +0000)]
Move sequence numbers into the new TLSv1.2 record layer.

This allows for all of the DTLS sequence number save/restore code to be
removed.

ok inoguchi@ "whee!" tb@

3 years agoMove private key setup to a helper function with proper error
eric [Tue, 26 Jan 2021 12:51:22 +0000 (12:51 +0000)]
Move private key setup to a helper function with proper error
checking.  Only install the hash on the key if fake key is used,
and do it for EC keys too.

ok tb@ jsing@

3 years agoSome config changes require a restart of all resolvers even DEAD ones;
florian [Tue, 26 Jan 2021 12:46:46 +0000 (12:46 +0000)]
Some config changes require a restart of all resolvers even DEAD ones;
handle them like UNKNOWN.
Found the hard way by kn.

3 years agoWhen checking for available address family for AI_ADDRCONFIG consider
florian [Tue, 26 Jan 2021 12:27:28 +0000 (12:27 +0000)]
When checking for available address family for AI_ADDRCONFIG consider
the routing domain we are currently in. Otherwise we might end up with
address families that are not available in the current rdomain but in
others since getifaddrs(3) gives us all interface addresses in the
system.
Clue-bat & OK claudio, input & OK eric, OK kn

3 years agoremove test that's now bogus, as fullpkgpath takes precedence.
espie [Tue, 26 Jan 2021 12:13:21 +0000 (12:13 +0000)]
remove test that's now bogus, as fullpkgpath takes precedence.
thanks bluhm@

3 years agoRemove unused variables leftover from refactoring. ok djm@
dtucker [Tue, 26 Jan 2021 11:25:01 +0000 (11:25 +0000)]
Remove unused variables leftover from refactoring.  ok djm@

3 years agoAlways resize the original screen before copying when exiting the
nicm [Tue, 26 Jan 2021 09:32:52 +0000 (09:32 +0000)]
Always resize the original screen before copying when exiting the
alternate screen, GitHub issue 2536.

3 years agointrmap attribute missing from mcx; ok dlg
deraadt [Tue, 26 Jan 2021 08:01:09 +0000 (08:01 +0000)]
intrmap attribute missing from mcx; ok dlg

3 years agoRename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to
dtucker [Tue, 26 Jan 2021 05:32:21 +0000 (05:32 +0000)]
Rename HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to
HostbasedAcceptedAlgorithms, which more accurately reflects its effect.
This matches a previous change to PubkeyAcceptedAlgorithms.  The previous
names are retained as aliases.  ok djm@

3 years agorefactor key constraint parsing in ssh-agent
djm [Tue, 26 Jan 2021 00:54:49 +0000 (00:54 +0000)]
refactor key constraint parsing in ssh-agent

Key constraints parsing code previously existed in both the "add regular
key" and "add smartcard key" path. This unifies them but also introduces
more consistency checking: duplicated constraints and constraints that
are nonsensical for a particular situation (e.g. FIDO provider for a
smartcard key) are now banned.

ok markus@

3 years agomore ssh-agent refactoring
djm [Tue, 26 Jan 2021 00:53:31 +0000 (00:53 +0000)]
more ssh-agent refactoring

Allow confirm_key() to accept an additional reason suffix

Factor publickey userauth parsing out into its own function and allow
it to optionally return things it parsed out of the message to its
caller.

feedback/ok markus@

3 years agomake struct hostkeys public; I have no idea why I made it opaque
djm [Tue, 26 Jan 2021 00:51:30 +0000 (00:51 +0000)]
make struct hostkeys public; I have no idea why I made it opaque
originally.

ok markus@

3 years agomove check_host_cert() from sshconnect,c to sshkey.c and refactor
djm [Tue, 26 Jan 2021 00:49:30 +0000 (00:49 +0000)]
move check_host_cert() from sshconnect,c to sshkey.c and refactor
it to make it more generally usable and testable.

ok markus@

3 years agouse recallocarray to allocate the agent sockets table; also clear
djm [Tue, 26 Jan 2021 00:47:47 +0000 (00:47 +0000)]
use recallocarray to allocate the agent sockets table; also clear
socket entries that are being marked as unused.

spinkle in some debug2() spam to make it easier to watch an agent
do its thing.

ok markus

3 years agofactor out common code in the agent client
djm [Tue, 26 Jan 2021 00:46:17 +0000 (00:46 +0000)]
factor out common code in the agent client

Add a ssh_request_reply_decode() function that sends a message to
the agent, reads and parses a success/failure reply.
Use it for all requests that only expect success/failure

ok markus@

3 years agoWe have this sequence in bridge(4) ioctl(2) path:
mvs [Mon, 25 Jan 2021 19:47:16 +0000 (19:47 +0000)]
We have this sequence in bridge(4) ioctl(2) path:

ifs = ifunit(req->ifbr_ifsname);
if (ifs == NULL) {
error = ENOENT;
break;
}
if (ifs->if_bridgeidx != ifp->if_index) {
error = ESRCH;
break;
}
bif = bridge_getbif(ifs);

This sequence repeats 8 times. Also we don't check value returned by
bridge_getbig() before use. Newly introduced bridge_getbig() function
replaces this sequence. This not only reduces duplicated code but also
makes `bif' dereference safe.

ok bluhm@

3 years agoGive machdep.c a thorough cleanup that is long overdue.
kettenis [Mon, 25 Jan 2021 19:37:17 +0000 (19:37 +0000)]
Give machdep.c a thorough cleanup that is long overdue.

ok patrick@

3 years agoRevert local diff now that we no longer use syslog logging in
florian [Mon, 25 Jan 2021 16:57:37 +0000 (16:57 +0000)]
Revert local diff now that we no longer use syslog logging in
libunbound.
OK phessler

3 years agoDisable logging to syslog for libunbound. We are not getting anything
florian [Mon, 25 Jan 2021 16:56:59 +0000 (16:56 +0000)]
Disable logging to syslog for libunbound. We are not getting anything
useful for us out of it and it can be quite noisy when we are missing
IPv4 or IPv6 addresses.
It is still available when logging to stderr when running with -d.
OK phessler

3 years agoResolve data toggle out of sync problem for ugen(4) and uhidev(4) devices
mglocker [Mon, 25 Jan 2021 14:14:42 +0000 (14:14 +0000)]
Resolve data toggle out of sync problem for ugen(4) and uhidev(4) devices
on xhci(4) controllers by clearing the interface endpoints before opening
the pipes.

Tested by Mikolaj Kucharski for ugen(4) and gnezdo@ for uhidev(4), plus
myself for both.

ok mpi@

3 years agoAdd the new function usbd_clear_endpoint_feature() which allows to issue
mglocker [Mon, 25 Jan 2021 14:05:57 +0000 (14:05 +0000)]
Add the new function usbd_clear_endpoint_feature() which allows to issue
an UR_CLEAR_FEATURE request on a specific endpoint address without the
need to have a pipe open to that endpoint.

From NetBSD, ok mpi@

3 years agophp.port.mk sets MODPHP_BUILDDEP=No by default now.
sthen [Mon, 25 Jan 2021 14:02:18 +0000 (14:02 +0000)]
php.port.mk sets MODPHP_BUILDDEP=No by default now.

3 years agoraise the max number of queues/interrupts to 16, up from 1.
dlg [Mon, 25 Jan 2021 12:27:42 +0000 (12:27 +0000)]
raise the max number of queues/interrupts to 16, up from 1.

jmatthew@ has tried this before, but hrvoje popovski experienced
breakage so it wasn't enabled. we've tightened the code up since
then so it's time to try again.

this diff has been tested by hrvoje popovski and myself
ok jmatthew@

3 years agoif the rx descriptor reports the rss hash, use it for the mbuf flowid.
dlg [Mon, 25 Jan 2021 11:11:22 +0000 (11:11 +0000)]
if the rx descriptor reports the rss hash, use it for the mbuf flowid.

ok jmatthew@

3 years agodon't lose the M_FLOWID flag if the ipv4 cksum is ok.
dlg [Mon, 25 Jan 2021 09:36:48 +0000 (09:36 +0000)]
don't lose the M_FLOWID flag if the ipv4 cksum is ok.

found while poking around with hrvoje popovski
yes jmatthew@

3 years agoAdjust code since bgpd added an extra argument to aspath_verify() to
claudio [Mon, 25 Jan 2021 09:17:33 +0000 (09:17 +0000)]
Adjust code since bgpd added an extra argument to aspath_verify() to
reject AS_SET segments. In bgpctl this is always off.
OK benno@

3 years agoRFC6472 discourages the use of AS_SET segements in ASPATH attributes.
claudio [Mon, 25 Jan 2021 09:15:23 +0000 (09:15 +0000)]
RFC6472 discourages the use of AS_SET segements in ASPATH attributes.
The main reason is that AS_SET does not play nice with RPKI ROA.

Introduce a per neighbor and global config option
    'reject as-set yes' and 'reject as-set no'
If set to yes received UPDATES with AS_SET segements are rejected.
This is done the same way other ASPATH soft-errors are handled. The UPDATE
is marked invalid and all prefixes are treated as withdraws.
`bgpctl show rib in error` can be used to show prefixes that where denied
and treated as withdraws because of errors.

By default this feature is off.

OK benno@

3 years agoFix wg(4) ioctl to be able to handle multiple wgpeers.
yasuoka [Mon, 25 Jan 2021 09:11:36 +0000 (09:11 +0000)]
Fix wg(4) ioctl to be able to handle multiple wgpeers.
Diff from Yuichiro NAITO.

ok procter

3 years agofix filtering on kstat unit numbers
dlg [Mon, 25 Jan 2021 06:55:59 +0000 (06:55 +0000)]
fix filtering on kstat unit numbers

3 years agor1.102 forgot to tweak the "redistribute rtlabel" part of the grammar.
dlg [Mon, 25 Jan 2021 06:16:38 +0000 (06:16 +0000)]
r1.102 forgot to tweak the "redistribute rtlabel" part of the grammar.

fixes "redistribute rtlabel foo" without "depend on".

3 years agomake ssh hostbased authentication send the signature algorithm in
djm [Mon, 25 Jan 2021 06:00:17 +0000 (06:00 +0000)]
make ssh hostbased authentication send the signature algorithm in
its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
This make HostbasedAcceptedAlgorithms do what it is supposed to -
filter on signature algorithm and not key type.

spotted with dtucker@ ok markus@

3 years agoif stoeplitz is enabled, use it to provide a flowid for tcp packets.
dlg [Mon, 25 Jan 2021 03:40:46 +0000 (03:40 +0000)]
if stoeplitz is enabled, use it to provide a flowid for tcp packets.

drivers that implement rss and multiple rings depend on the symmetric
toeplitz code, and use it to generate a key that decides with rx
ring a packet lands on. if the toeplitz code is enabled, this diff
has the pcb and tcp layer use the toeplitz code to generate a flowid
for packets they send, which in turn is used to pick a tx ring.
because the nic and the stack use the same key, the tx and rx sides
end up with the same hash/flowid. at the very least this means that
the same rx and tx queue pair on a particular nic are used for both
sides of the connection. as the stack becomes more parallel, it
will also help keep both sides of the tcp connection processing in
the one place.

3 years agouse an intrmap when establishing interrupts for queues.
dlg [Mon, 25 Jan 2021 01:45:55 +0000 (01:45 +0000)]
use an intrmap when establishing interrupts for queues.

mcx is still hardcoded/limited to 1 queue for now, but this lets
different mcx devices use different cpus for handling packets.

looks good jmatthew@

3 years agoUpdate to tzdata2021a from www.iana.org. Major changes:
millert [Sun, 24 Jan 2021 20:18:50 +0000 (20:18 +0000)]
Update to tzdata2021a from iana.org.  Major changes:
 o South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.

3 years agohmac-sha2-384 and hmac-sha2-512 are enabled by default.
tobhe [Sun, 24 Jan 2021 19:10:19 +0000 (19:10 +0000)]
hmac-sha2-384 and hmac-sha2-512 are enabled by default.

3 years agoImplement DNS64 synthesis.
florian [Sun, 24 Jan 2021 18:29:15 +0000 (18:29 +0000)]
Implement DNS64 synthesis.
When unwind(8) learns new autoconf resolvers (from dhcp or router
advertisements) it checks if a DNS64 is present in this network
location and tries to recover the IPv6 prefix used according to
RFC7050.
The learned autoconf resolvers are then prevented from upgrading to
the validating state since DNS64 breaks DNSSEC.
unwind(8) can now perform its own synthesis. If a query for a AAAA
record results in no answer we re-send the query for A and if that
leads to an answer we synthesize an AAAA answer using the learned
prefixes.

Testing & OK kn

3 years agomatch on Intel Alder Lake and Meteor Lake I219 Ethernet ids
jsg [Sun, 24 Jan 2021 10:21:43 +0000 (10:21 +0000)]
match on Intel Alder Lake and Meteor Lake I219 Ethernet ids

3 years agoregen
jsg [Sun, 24 Jan 2021 10:17:32 +0000 (10:17 +0000)]
regen

3 years agoadd Intel Alder Lake and Meteor Lake I219 Ethernet ids
jsg [Sun, 24 Jan 2021 10:16:58 +0000 (10:16 +0000)]
add Intel Alder Lake and Meteor Lake I219 Ethernet ids

3 years agoAdd missing __KAME__ markers.
florian [Sun, 24 Jan 2021 08:58:50 +0000 (08:58 +0000)]
Add missing __KAME__ markers.
OK claudio

3 years agoPass sockaddr_in6 arround so that we have space to store the scope in
florian [Sun, 24 Jan 2021 08:57:10 +0000 (08:57 +0000)]
Pass sockaddr_in6 arround so that we have space to store the scope in
a proper field. Move KAME hack to kernel / userland boundaries.
Due to the way -d (delete) works in ndp(8), once we flip the kernel
over to not pass down embedded scope it also must not expect embeded
scope passed to the kernel.
OK claudio

3 years agosync
deraadt [Sun, 24 Jan 2021 02:44:51 +0000 (02:44 +0000)]
sync

3 years agomatch on Realtek RTL8168H ids for Killer E2500V2 and E2600
jsg [Sun, 24 Jan 2021 01:59:20 +0000 (01:59 +0000)]
match on Realtek RTL8168H ids for Killer E2500V2 and E2600

checked against linux and windows drivers

3 years agoregen
jsg [Sun, 24 Jan 2021 01:57:17 +0000 (01:57 +0000)]
regen

3 years agoadd Realtek RTL8168H ids for Killer E2500V2 and E2600
jsg [Sun, 24 Jan 2021 01:56:44 +0000 (01:56 +0000)]
add Realtek RTL8168H ids for Killer E2500V2 and E2600

checked against linux and windows drivers

3 years agomatch on another Realtek RTL8168 id
jsg [Sat, 23 Jan 2021 23:39:40 +0000 (23:39 +0000)]
match on another Realtek RTL8168 id

reported and tested by John Batteen on a TP-Link TG-3468

3 years agoregen
jsg [Sat, 23 Jan 2021 23:36:20 +0000 (23:36 +0000)]
regen

3 years agoadd another Realtek RTL8168 id
jsg [Sat, 23 Jan 2021 23:35:28 +0000 (23:35 +0000)]
add another Realtek RTL8168 id

shows up on a TP-Link TG-3468 John Batteen has

3 years agoFix whitespace issues
mlarkin [Sat, 23 Jan 2021 22:56:35 +0000 (22:56 +0000)]
Fix whitespace issues

3 years agovmm(4): wire faulted in pages
mlarkin [Sat, 23 Jan 2021 22:34:46 +0000 (22:34 +0000)]
vmm(4): wire faulted in pages

This change wires the pages used by virtual machines managed by vmm(4).
When uvm swaps out a page, vmm(4) does not properly do TLB flushing,
possibly leading to memory corruption or improper page access later.

While this diff is not the correct fix (implementing proper TLB flush
semantics), it does work around the problem by not letting the pages
get swapped out in the first place.

This means that under memory pressure, swap pages will have to come
from other processes, and it also means you cannot overcommit vmm(4)
memory assignment (eg, assign more memory to VMs than you actually
have).

It is my plan to fix this the correct way, but that will take time.

This issue was originally pointed out a long time ago by Maxime V., but
due to my taking a year away from OpenBSD, the issue remained unfixed.

3 years agoHandle write() errors.
tobhe [Sat, 23 Jan 2021 22:04:55 +0000 (22:04 +0000)]
Handle write() errors.

ok patrick@

3 years agoHandle errors and truncated output from snprintf().
tobhe [Sat, 23 Jan 2021 21:51:29 +0000 (21:51 +0000)]
Handle errors and truncated output from snprintf().

ok patrick@

3 years agolist-io must be run from config dir
kn [Sat, 23 Jan 2021 21:39:54 +0000 (21:39 +0000)]
list-io must be run from config dir

The current description fails to explain how to use it properly and the
error message is only helpful for people that know how ldomctl works
and/or what the Phsyical Resource Inventory is.

OK afresh1 kettenis

3 years agoFix typos.
tobhe [Sat, 23 Jan 2021 21:35:48 +0000 (21:35 +0000)]
Fix typos.

From Ryan Kavanagh
ok patrick@

3 years agoFix IORT struct for Context and PMU interrupts. I misread bytes with bits.
patrick [Sat, 23 Jan 2021 20:01:01 +0000 (20:01 +0000)]
Fix IORT struct for Context and PMU interrupts.  I misread bytes with bits.

ok kettenis@

3 years agosync
deraadt [Sat, 23 Jan 2021 17:36:22 +0000 (17:36 +0000)]
sync

3 years agoMove resolv_conf string generation for ASR to function; makes
florian [Sat, 23 Jan 2021 16:28:12 +0000 (16:28 +0000)]
Move resolv_conf string generation for ASR to function; makes
upcomming DNS64 diff simpler.

3 years agoDon't just blindly upgrade to VALIDATING if we see a SECURE answer.
florian [Sat, 23 Jan 2021 16:27:24 +0000 (16:27 +0000)]
Don't just blindly upgrade to VALIDATING if we see a SECURE answer.
Let's go through the check_resolver() / new_resolver() code path
which will also hook up the resovler to the shared cache.
This means also one less special case for upcomming DNS64 support.

3 years agoRemove unused variables found by clang. Additional unused var spotted by eric@.
rob [Sat, 23 Jan 2021 16:11:11 +0000 (16:11 +0000)]
Remove unused variables found by clang. Additional unused var spotted by eric@.

OK mvs@, eric@

3 years agosync
sthen [Sat, 23 Jan 2021 15:03:00 +0000 (15:03 +0000)]
sync