inoguchi [Sat, 29 Jan 2022 02:03:19 +0000 (02:03 +0000)]
Add limits.h for INT_MAX in tls_signer.c
ok jsing@ tb@
cheloha [Sat, 29 Jan 2022 00:19:04 +0000 (00:19 +0000)]
head(1): refactor main loop
The main loop here is horribly obfuscated. In particular, the path
through the loop to exit(3) is very complex.
Refactor the open/read/write/close portions of the loop out of main()
into a separate function, head_file().
The result is a lot easier to understand at a glance. In particular,
the path to the end of main() is now dead simple.
Thread: https://marc.info/?l=openbsd-tech&m=
164325900400701&w=2
ok millert@
cheloha [Sat, 29 Jan 2022 00:11:54 +0000 (00:11 +0000)]
rev(1): refactor main loop
The main loop here is obfuscated.
Refactor the open/read/write/close portion of the loop out of main ()
and into a new function, rev_file(). Move "multibyte" out into global
storage.
The result is much easier to understand at a glance.
Thread: https://marc.info/?l=openbsd-tech&m=
164329515201417&w=2
ok millert@
cheloha [Sat, 29 Jan 2022 00:06:26 +0000 (00:06 +0000)]
touch(1): don't leak file descriptor if futimens(2) fails
This conditional chain short-circuits if futimens(2) fails, leaving the
file descriptor open. We need to evaluate each system call in the chain
separately to ensure we attempt to close(2) the descriptor.
With input from guenther@ and millert@.
Thread: https://marc.info/?l=openbsd-tech&m=
164332809900558&w=2
ok millert@, probably ok guenther@
gkoehler [Fri, 28 Jan 2022 18:37:40 +0000 (18:37 +0000)]
Give ddb more access to registers on macppc, powerpc64
Edit db_regs[] in db_trace.c on both powerpc and powerpc64, so ddb can
access $r14, $r15, $r16, $dar, $dsisr.
Only for powerpc: change db_trap_glue to copy all registers to and
from ddb_regs (it was skipping some); change db_set_single_step and
db_clear_single_step to flip the correct bit of srr1; delete
FIXUP_PC_AFTER_BREAK, which was off by 1 instruction.
"ddb{1}> s" on my PowerMac7,3 (dual G5 at 2700 MHz) began to panic
like, "*cpu0: mutex 0xa7d0a0 not held in tc_update_timekeep". Add an
arbitrary delay(100) after sending PPC_IPI_DDB; I want cpu0 to get the
ipi before it can see db_active == 1 and skip acquiring a mutex.
ok kettenis@
visa [Fri, 28 Jan 2022 16:20:09 +0000 (16:20 +0000)]
Remove unused guarded read and write routines.
No objection from miod@
claudio [Fri, 28 Jan 2022 15:30:23 +0000 (15:30 +0000)]
Properly handle .mft files as intended by the RFC. Instead of always
selecting the newest file this opens both the new (from rrdp or rsync)
and old (valid) MFT. It then compares the manifest number and based on
that the 'newer' MFT is selected.
The MFT file and hash check is also changed to always try both locations
and selecting whatever matches up with the hash. The selction is passed
back to the the main process and used later on to open exactly the same
file as was checked against the hash.
The MFT parsing code has been split up into multiple steps so that the
files can be parsed, compared and then fully validated.
In most cases this makes no difference but it prevents replay attacks
using old but still valid files.
With and OK tb@
claudio [Fri, 28 Jan 2022 14:11:27 +0000 (14:11 +0000)]
Do not skip .rrdp cache cleanup if rrdp is off (option -R). The sync
via rsync alters the cache and rrdp can only recover by downloading
a snapshot. By doing the cleanup here it will make sure this happens.
Noticed by job@
OK tb@
inoguchi [Fri, 28 Jan 2022 13:14:48 +0000 (13:14 +0000)]
Error check for sk_push in libssl
CID 118976 118979
ok tb@
inoguchi [Fri, 28 Jan 2022 13:11:56 +0000 (13:11 +0000)]
Error check for sk_push in libssl
CID 24838
comment and ok tb@
claudio [Fri, 28 Jan 2022 10:41:44 +0000 (10:41 +0000)]
Only memcpy() into imsg->data if datalen is not 0. Passing a NULL pointer
to memcpy() is UB no matter if len is 0.
Reported by fouzhe on openbgpd-portable github page.
OK tb@
claudio [Fri, 28 Jan 2022 10:37:23 +0000 (10:37 +0000)]
Must use unsigned 1 here since modern compilers can't shift a signed 1 by 31.
OK tb@ kettenis@
guenther [Fri, 28 Jan 2022 07:11:14 +0000 (07:11 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
guenther [Fri, 28 Jan 2022 06:33:26 +0000 (06:33 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
guenther [Fri, 28 Jan 2022 06:18:41 +0000 (06:18 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
guenther [Fri, 28 Jan 2022 05:54:02 +0000 (05:54 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
guenther [Fri, 28 Jan 2022 05:24:15 +0000 (05:24 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
guenther [Fri, 28 Jan 2022 05:15:05 +0000 (05:15 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
guenther [Fri, 28 Jan 2022 05:01:28 +0000 (05:01 +0000)]
Update comment: struct link_map is defined in <link_elf.h>
noted by miod
guenther [Fri, 28 Jan 2022 04:59:15 +0000 (04:59 +0000)]
When it's the possessive of 'it', it's spelled "its", without the
apostrophe.
one from miod, other by "never just one" vibe
jsing [Fri, 28 Jan 2022 03:46:46 +0000 (03:46 +0000)]
Expose tls_signer_error()
Add tls_signer_error to Symbols.list - this was missed during the last
libtls minor bump and can ride along.
ok deraadt@
jsg [Thu, 27 Jan 2022 23:26:35 +0000 (23:26 +0000)]
drm/radeon: fix error handling in radeon_driver_open_kms
From Christian Koenig
f22f67b43775fffb09f371ea861779cdbbb763ec in linux 5.15.y/5.15.17
4722f463896cc0ef1a6f1c3cb2e171e949831249 in mainline linux
jsg [Thu, 27 Jan 2022 23:23:27 +0000 (23:23 +0000)]
drm/i915/display/ehl: Update voltage swing table
From Jose Roberto de Souza
077fe9d865604fcab3238afeaa7408cc1635bc39 in linux 5.15.y/5.15.17
ef3ac01564067a4337bb798b8eddc6ea7b78fd10 in mainline linux
jsg [Thu, 27 Jan 2022 23:19:39 +0000 (23:19 +0000)]
drm/amdgpu: don't do resets on APUs which don't support it
From Alex Deucher
c3a9e0e701dfd087b0044c3598bffe880262c066 in linux 5.15.y/5.15.17
e8309d50e97851ff135c4e33325d37b032666b94 in mainline linux
jsg [Thu, 27 Jan 2022 23:14:21 +0000 (23:14 +0000)]
drm/amd/display: Fix the uninitialized variable in enable_stream_features()
From Yizhuo Zhai
3bf997ec299cdf7280b2039806e5e1d847df111a in linux 5.15.y/5.15.17
0726ed3065eeb910f9cea0c933bc021a848e00b3 in mainline linux
jsg [Thu, 27 Jan 2022 23:12:15 +0000 (23:12 +0000)]
amdgpu/pm: Make sysfs pm attributes as read-only for VFs
From Marina Nikolic
e4066c05d3327b530bb00d11d3492bac1e69982d in linux 5.15.y/5.15.17
11c9cc95f818f0f187e9b579a7f136f532b42445 in mainline linux
jsg [Thu, 27 Jan 2022 23:10:02 +0000 (23:10 +0000)]
drm/amdgpu: fixup bad vram size on gmc v8
From Zongmin Zhou
493b87970061f044c5cf795cfd1d679d114844ed in linux 5.15.y/5.15.17
11544d77e3974924c5a9c8a8320b996a3e9b2f8b in mainline linux
jsg [Thu, 27 Jan 2022 23:07:51 +0000 (23:07 +0000)]
drm/amd/amdgpu: fix gmc bo pin count leak in SRIOV
From Jingwen Chen
305f07b93d34d292432251e9963bf232db38d67a in linux 5.15.y/5.15.17
948e7ce01413b71395723aaf846015062aea3a43 in mainline linux
jsg [Thu, 27 Jan 2022 23:05:39 +0000 (23:05 +0000)]
drm/amd/amdgpu: fix psp tmr bo pin count leak in SRIOV
From Jingwen Chen
8662d0c6a36807093aed34b17b930484fd4bf22f in linux 5.15.y/5.15.17
85dfc1d692c9434c37842e610be37cd4ae4e0081 in mainline linux
jsg [Thu, 27 Jan 2022 23:03:40 +0000 (23:03 +0000)]
drm/amdkfd: Fix error handling in svm_range_add
From Felix Kuehling
4a635b9d5ba5f691e378f7ec20e11b7b04f07a45 in linux 5.15.y/5.15.17
726be40607264b180a2b336c81e1dcff941de618 in mainline linux
jsg [Thu, 27 Jan 2022 23:01:23 +0000 (23:01 +0000)]
drm/amd/display: add else to avoid double destroy clk_mgr
From Martin Leung
58d33532664c1580beeb127ffe771a7739fb63d3 in linux 5.15.y/5.15.17
11dff0e871037a6ad978e52f826a2eb7f5fb274a in mainline linux
jsg [Thu, 27 Jan 2022 22:58:56 +0000 (22:58 +0000)]
drm/amdgpu/display: set vblank_disable_immediate for DC
From Alex Deucher
f94cf1cb17963905910c2adc332ebb9e44e7fa4b in linux 5.15.y/5.15.17
92020e81ddbeac351ea4a19bcf01743f32b9c800 in mainline linux
jsg [Thu, 27 Jan 2022 22:56:43 +0000 (22:56 +0000)]
drm/amd/display: check top_pipe_to_program pointer
From Yang Li
1fffa8ffd62fc511d4447b793641252c4743e81c in linux 5.15.y/5.15.17
a689e8d1f80012f90384ebac9dcfac4201f9f77e in mainline linux
jsg [Thu, 27 Jan 2022 22:52:54 +0000 (22:52 +0000)]
drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L
From Hans de Goede
c350fcc74035f48ee5a7226faee7079dd0ce9565 in linux 5.15.y/5.15.17
bc30c3b0c8a1904d83d5f0d60fb8650a334b207b in mainline linux
jsg [Thu, 27 Jan 2022 22:50:24 +0000 (22:50 +0000)]
drm/amd/display: Fix out of bounds access on DNC31 stream encoder regs
From Nicholas Kazlauskas
89166801f80dc64083212eef1308bfc62f6844f1 in linux 5.15.y/5.15.17
d374d3b493215d637b9e7be12a93f22caf4c1f97 in mainline linux
jsg [Thu, 27 Jan 2022 22:46:54 +0000 (22:46 +0000)]
drm/amd/display: Fix bug in debugfs crc_win_update entry
From Wayne Lin
6dcc6706dab10744d277bdc2613fb135c6a632dd in linux 5.15.y/5.15.17
4bef85d4c9491415b7931407b07f24841c1e0390 in mainline linux
jsg [Thu, 27 Jan 2022 22:44:38 +0000 (22:44 +0000)]
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
From Zhou Qingyang
e833ef0b545e1a5b3eaf00af391c4fd1fb47ffd8 in linux 5.15.y/5.15.17
ab50cb9df8896b39aae65c537a30de2c79c19735 in mainline linux
jsg [Thu, 27 Jan 2022 22:41:01 +0000 (22:41 +0000)]
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
From Zhou Qingyang
1e22b51876fa786c0b972e327ffb5cc686873cd1 in linux 5.15.y/5.15.17
b220110e4cd442156f36e1d9b4914bb9e87b0d00 in mainline linux
jsg [Thu, 27 Jan 2022 22:37:14 +0000 (22:37 +0000)]
drm/dp: Don't read back backlight mode in drm_edp_backlight_enable()
From Lyude Paul
56339a5546a7f66333f9d3c55e3fd1424caa4879 in linux 5.15.y/5.15.17
646596485e1ed2182adf293dfd5aec4a96c46330 in mainline linux
jsg [Thu, 27 Jan 2022 22:13:24 +0000 (22:13 +0000)]
drm: fix null-ptr-deref in drm_dev_init_release()
From Wang Hai
52e1bf49e3e25358519719284028334cb31ab543 in linux 5.15.y/5.15.17
acf20ed020ffa4d6cc8347e8d356509b95df3cbe in mainline linux
jsg [Thu, 27 Jan 2022 22:10:11 +0000 (22:10 +0000)]
drm/ttm: Put BO in its memory manager's lru list
From xinhui pan
0da09030aae4a3c9de4699e7ce71085639f8c378 in linux 5.15.y/5.15.17
781050b0a3164934857c300bb0bc291e38c26b6f in mainline linux
tb [Thu, 27 Jan 2022 20:31:21 +0000 (20:31 +0000)]
sort includes as usual
tb [Thu, 27 Jan 2022 20:30:29 +0000 (20:30 +0000)]
Do not depend on engine.h pulling in err.h and evp.h
bluhm [Thu, 27 Jan 2022 18:28:44 +0000 (18:28 +0000)]
Cast to unsigned integer before overflow can happen.
found by kubsan; joint work with tobhe@; OK miod@
visa [Thu, 27 Jan 2022 17:36:22 +0000 (17:36 +0000)]
cad(4): Mention PolarFire SoC.
visa [Thu, 27 Jan 2022 17:34:51 +0000 (17:34 +0000)]
cad(4): Disable unused priority queues
The GEMs on the PolarFire Soc implement four Rx queues and four
Tx queues for prioritizing traffic. All the queues are in a pseudo
active state after reset. The driver uses only queues with index 0.
Disable the rest to avoid DMA errors.
Tested on a SiFive FU740 by jca@, Microchip PolarFire SoC and
Xilinx Zynq-7000 by me.
millert [Thu, 27 Jan 2022 16:58:37 +0000 (16:58 +0000)]
Update awk to Dec 8, 2021 version.
Fixes error handling in closefile() and closeall(). Long standing
warnings had been made fatal and some fatal errors went undetected.
krw [Thu, 27 Jan 2022 16:26:32 +0000 (16:26 +0000)]
Nuke single use function PRT_fix_BN() and just use the ATA/ATAPI LBA -> CHS
conversion formula
LBA = (C × HPC + H) × SPT + (S − 1)
instead of the equivalent tortuous arithmetic used in PRT_fix_BN().
No intentional functional change.
jsg [Thu, 27 Jan 2022 12:25:22 +0000 (12:25 +0000)]
drop some local changes in an unused function
jsg [Thu, 27 Jan 2022 04:20:01 +0000 (04:20 +0000)]
raise sched_engine lock mtx ipl to IPL_TTY
used with spin_lock_irq() from
resubmit_virtual_request()
execlists_hold()
execlists_unhold()
execlists_capture()
remove_from_engine()
rcu_virtual_context_destroy()
virtual_submission_tasklet()
used with spin_lock_irqsave() from
execlists_submit_request()
execlists_reset_rewind()
execlists_reset_cancel()
virtual_submit_request()
intel_execlists_show_requests()
jsg [Thu, 27 Jan 2022 04:17:40 +0000 (04:17 +0000)]
raise mm obj_lock mtx ipl to IPL_TTY
used with spin_lock_irqsave() from
__i915_gem_object_set_pages()
i915_gem_suspend_late()
i915_gem_shrink()
i915_gem_shrinker_oom()
i915_gem_object_make_unshrinkable()
i915_gem_madvise_ioctl()
jsg [Thu, 27 Jan 2022 02:56:13 +0000 (02:56 +0000)]
use process name for both thread and process name
claudio [Wed, 26 Jan 2022 14:42:39 +0000 (14:42 +0000)]
Allow URI as file in -f mode. This makes it easier to explore
rpki repositories by following AIA and manifest URIs.
Also stop checking the the loaded file is not part of the auth tree,
it is possible that this file was loaded before as a dependency.
OK tb@
kettenis [Wed, 26 Jan 2022 14:39:07 +0000 (14:39 +0000)]
An ACPI device needs to be both present and enabled for it to function.
So only attempt to attach hardware that has both bits enabled. This fixes
an issue where com(4) would attach for a disabled serial port leading to
misdetection of the hardware variant and a subsequent hang when /etc/rc
runs ttyflags -a.
ok anton@, deraadt@
claudio [Wed, 26 Jan 2022 13:57:56 +0000 (13:57 +0000)]
Change the repository layout by removing the valid directory. Everything
that was in that directory is now in the chachedir root. The rsync and
rrdp directories are now .rsync/ and .rrdp/. The ta/ directory still
remains because TAs are special.
Idea and most of the diff from job@
OK tb@ and benno@
uaa [Wed, 26 Jan 2022 12:05:33 +0000 (12:05 +0000)]
shrink uca.ibufsize from UCHCOMIBUFSIZE to wMaxPacketSize of bulk-in pipe
USB transaction is finished when whole requested data has transferred,
or short packet (the size is less than wMaxPacketSize) has sent.
UCHCOMIBUFSIZE(256) was multiply of wMaxPacketSize(32). When CH340 sends
exact wMaxPacketSize byte packet, this will cause Rx jam problem
due to transaction is not finished.
Now uca.ibufsize is same as wMaxPacketSize to avoid this problem.
ok kevlo@
tb [Wed, 26 Jan 2022 11:05:41 +0000 (11:05 +0000)]
whitespace
kn [Wed, 26 Jan 2022 06:31:31 +0000 (06:31 +0000)]
Make vmm(4/amd64) tracepoints amd64-only
One can use them on non-VMM architectures, but they obviously won't hit:
# arch -s ; btrace -l | grep vmm
sparc64
tracepoint:vmm:guest_enter
tracepoint:vmm:guest_exit
Move them under __amd64__ to avoid confusion and safe a few bytes.
OK dv
anton [Wed, 26 Jan 2022 06:05:59 +0000 (06:05 +0000)]
Rework initialization of sensors on device connect.
jsg [Wed, 26 Jan 2022 04:18:05 +0000 (04:18 +0000)]
implement might_alloc() using assertwaitok()
jsg [Wed, 26 Jan 2022 01:46:12 +0000 (01:46 +0000)]
reduce diff to linux ggtt_probe_common()
tb [Tue, 25 Jan 2022 21:55:13 +0000 (21:55 +0000)]
sync
eric [Tue, 25 Jan 2022 21:53:45 +0000 (21:53 +0000)]
minor bump after api additiom
eric [Tue, 25 Jan 2022 21:51:24 +0000 (21:51 +0000)]
Introduce a signer interface intented to make TLS privsep simpler
to implement.
Add a tls_config_set_sign_cb() function that allows to register
a callback for the signing operation on a tls_config. When used,
the context installs fake pivate keys internally, and the callback
receives the hash of the public key.
Add a tls_signer_*() set of functions to manage tls_signer objects.
A tls_signer is an opaque structure on which keys are added.
It is used to compute signatures with private keys identified by
their associated public key hash.
Discussed with and ok jsing@ tb@
jsg [Tue, 25 Jan 2022 21:31:26 +0000 (21:31 +0000)]
reduce diff to linux shmem_create_from_object()
includes linux
988d4ff6e3c2220d13d8dde22a98945b64fd7977
drm/i915: Fix ww locking in shmem_create_from_object
jsg [Tue, 25 Jan 2022 21:19:21 +0000 (21:19 +0000)]
reduce diff to linux vm_fault_cpu()
adds change made in linux
9fa1f4785f2a54286ccb8a850cda5661f0a3aaf9
drm/i915: Add object locking to vm_fault_cpu
tb [Tue, 25 Jan 2022 18:01:20 +0000 (18:01 +0000)]
Rewrite paragraph to refer to EVP_CIPHER_CTX_new() and HMAC_CTX_new()
to match reality.
spotted by/ok jmc
tb [Tue, 25 Jan 2022 17:55:39 +0000 (17:55 +0000)]
Remove some HMAC_CTX_init() remnants in HMAC(3).
spotted by/ok jmc
tb [Tue, 25 Jan 2022 15:00:09 +0000 (15:00 +0000)]
Fix another return 0 bug in SSL_shutdown()
If tls13_recod_layer_send_pending() returns TLS13_IO_EOF, we will
bubble this up to the caller via tls13_legacy_return_code(), which
translates TLS13_IO_EOF to 0. This can happen if we have pending
post handshake-handshake data and the peer closes the pipe.
Presumably tls13_legacy_shutdown() should be rewritten yet again.
ok jsing
tb [Tue, 25 Jan 2022 14:51:54 +0000 (14:51 +0000)]
Avoid an infinite loop in SSL_shutdown()
If the peer closed the write side of the connection and we have not
yet received the close_notify, SSL_shutdown() makes an extra read to
try and read the peer's close_notify from the pipe. In that situation,
we receive EOF. The legacy stack will return -1 while the TLSv1.3
stack will end up returning 0.
Since the documentation is not super explicit about what should be
done if SSL_shutdown() returns 0, some applications will enter an
infinite loop. The code and documentation indicate that SSL_shutdown()
should only be called once more if it returned 0. Newer versions
of the OpenSSL documentation explicitly say that one should call
SSL_read() if SSL_shutdown() returns 0 in order to retrieve the
close_notify. Doing this would also have avoided this infinite loop.
Reported by Carsten Arzig and bluhm with a test case extracted from the
syslogd tests using IO::Socket::SSL, which has such an infinite loop.
ok bluhm jsing
visa [Tue, 25 Jan 2022 07:10:19 +0000 (07:10 +0000)]
Use unguarded loads in stack trace saving
The stack trace saver should see a system state that is not broken.
Therefore use unguarded memory accesses.
However, the unwinder is still haphazard. Terminate immediately if
the program counter or stack pointer look inconsistent.
visa [Tue, 25 Jan 2022 07:08:43 +0000 (07:08 +0000)]
Preserve pcb_onfault in kdbpeek() and kdbpoke()
This avoids misbehaviour if kdbpeek() or kdbpoke() is used in the middle
of a guarded copy operation.
gnezdo [Tue, 25 Jan 2022 04:04:40 +0000 (04:04 +0000)]
Capture a repeated pattern into sysctl_securelevel_int function
A few variables in the kernel are only writeable before securelevel is
raised. It makes sense to handle them with less code.
OK sthen@ bluhm@
bluhm [Mon, 24 Jan 2022 22:49:48 +0000 (22:49 +0000)]
An af-to pf rule must have an address family naf to use after
translation. Make stricter sanity checks in pf ioctl to avoid later
crashes during packet processing.
Reported-by: syzbot+0ef9190e7d0195496d0d@syzkaller.appspotmail.com
OK sashan@
tb [Mon, 24 Jan 2022 17:39:59 +0000 (17:39 +0000)]
Document X509_V_ERR_UNNESTED_RESOURCE. Previous version looked good
to claudio
claudio [Mon, 24 Jan 2022 17:29:37 +0000 (17:29 +0000)]
Adjust code to handle unsupported file types a bit more graceful.
The file still needs to match its hash to make the MFT valid but then
there will only be a warning printed. Parsing of other files from that
MFT are not influenced.
OK tb@
claudio [Mon, 24 Jan 2022 15:50:34 +0000 (15:50 +0000)]
When rename fails show the source filename and not the destination.
The error should be more helpful thisway.
OK tb@
tb [Mon, 24 Jan 2022 13:53:29 +0000 (13:53 +0000)]
Garbage collect unused ret in ssl3_get_new_session_ticket()
ret is used to bubble up an error from ssl3_get_message() and is unused
otherwise. Zap dead store and silly ret = 1; return ret;
ok inoguchi jsing
tb [Mon, 24 Jan 2022 13:51:48 +0000 (13:51 +0000)]
In ssl3_get_server_key_exchange() switch a 'goto err' to
'goto fatal_err' so that the illegal_parameter alert is
actually sent in case of X509_get0_pubkey() failure.
ok inoguchi jsing
tb [Mon, 24 Jan 2022 13:49:50 +0000 (13:49 +0000)]
Avoid use of uninitialized in tlsext_sni_server_parse()
If the hostname is too long, tlsext_sni_is_valid_hostname() will fail
without having initialized *is_ip. As a result, the garbage value could
lead to accepting (but otherwise ignoring) overlong and possibly invalid
hostnames without erroring in tlsext_sni_server_parse().
ok inoguchi jsing
tb [Mon, 24 Jan 2022 13:47:53 +0000 (13:47 +0000)]
Garbage collect the unused rv in tls1_check_ec_server_key() and
convert to usual form of error checking.
ok inoguchi jsing
jsg [Mon, 24 Jan 2022 08:55:58 +0000 (08:55 +0000)]
sync dma-resv with linux-5.15.y
revert linux
cd29f22019ec4ab998d2e1e8c831c7c42db4aa7d
dma-buf: Use sequence counter with associated wound/wait mutex
to not have to deal with seqcount_ww_mutex
jmc [Mon, 24 Jan 2022 06:54:15 +0000 (06:54 +0000)]
in the options list, show -f as taking "file ..." arguments;
tweak/ok claudio
afresh1 [Mon, 24 Jan 2022 00:47:05 +0000 (00:47 +0000)]
Redownload existing files with failed checksums
jsg [Sun, 23 Jan 2022 22:53:03 +0000 (22:53 +0000)]
move uao_reference() call before uvm_map()
other uses in the kernel do this as uvm_map() may sleep and the segment
may be deallocated while sleeping without a reference
kettenis notes that shouldn't happen here due to a obj reference from an
earlier i915_gem_object_lookup() call
ok visa@ kettenis@
bluhm [Sun, 23 Jan 2022 21:44:31 +0000 (21:44 +0000)]
Define all TCP TF_ flags as unsigned numbers. They are stored in
u_int t_flags. Shifting TF_TIMER with TCPT_DELACK can touch the
sign bit.
found by kubsan; suggested by deraadt@; OK miod@
jmc [Sun, 23 Jan 2022 18:40:55 +0000 (18:40 +0000)]
rearrange SYNOPSIS/usage to be a bit clearer;
discussed with and ok claudio
claudio [Sun, 23 Jan 2022 12:09:24 +0000 (12:09 +0000)]
Handle EINTR the same way in all poll loops. In all cases restart the
poll loop. In the main process move the timeout handling for repositories
into a single function that does the timeouts and the calculation of the
timeout in one go.
OK tb@
claudio [Sun, 23 Jan 2022 11:59:40 +0000 (11:59 +0000)]
On poll() failure we want to skip pollfd related action but the signal
delivery checks at the end still need to happen. So that on EINTR bgpd
processes reconfigure or mrt files ASAP.
Fix for mrt integration tests.
Reported by and ok anton@
tb [Sun, 23 Jan 2022 09:19:13 +0000 (09:19 +0000)]
zap extra blank line
claudio [Sun, 23 Jan 2022 07:21:12 +0000 (07:21 +0000)]
Allow rpki-client to display more than one file in -f mode.
Change -f to be a mode flag and pass one or multiple files as arguments
to rpki-client. Some extra checks need to be done to not load the same
certificate or CRL multiple times.
Input and OK tb@
claudio [Sun, 23 Jan 2022 05:59:35 +0000 (05:59 +0000)]
Simplify valid_cert() and valid_roa() by passing in struct auth instead
of looking it up again. For this valid_roa() needs to be moved up in
proc_parser_roa() also move out the assignment of the TAL id. Not the
right thing to alter an object in a validation function.
OK tb@
millert [Sat, 22 Jan 2022 23:22:11 +0000 (23:22 +0000)]
Flush all stdio streams before running a shell command.
Otherwise, if ed's output is not line buffered (e.g. if it is
redirected to a file or pipe) the shell command output may be
displayed before data buffered by ed itself is written.
From Soeren Tempel. OK deraadt@
krw [Sat, 22 Jan 2022 15:39:00 +0000 (15:39 +0000)]
Wrap some long lines.
tb [Sat, 22 Jan 2022 09:18:48 +0000 (09:18 +0000)]
Change valid_filename() ot return an enum rtype and rename it to
rtype_from_mftfile(). Move both rtype_from functions to mft.c.
ok beck claudio
afresh1 [Sat, 22 Jan 2022 05:03:47 +0000 (05:03 +0000)]
Support multiple -v as promised in the man page
There are now four levels of verbosity:
0. Prints only the summary
1. Prints a line when installing/removing
2. Uses the ftp(1) progress bar
3. Provides more details for debugging
With some excellent ksh knowledge provided by kn@
deraadt [Sat, 22 Jan 2022 00:49:39 +0000 (00:49 +0000)]
sync
djm [Sat, 22 Jan 2022 00:49:34 +0000 (00:49 +0000)]
add a ssh_packet_process_read() function that reads from a fd
directly into the transport input buffer.
Use this in the client and server mainloops to avoid unnecessary
copying. It also lets us use a more greedy read size without penalty.
Yields a 2-3% performance gain on cipher-speed.sh (in a fairly
unscientific test tbf)
feedback dtucker@ ok markus@
djm [Sat, 22 Jan 2022 00:45:31 +0000 (00:45 +0000)]
Use sshbuf_read() to read directly into the channel input buffer
rather than into a stack buffer that needs to be copied again;
Improves performance by about 1% on cipher-speed.sh
feedback dtucker@ ok markus@
inoguchi [Sat, 22 Jan 2022 00:45:17 +0000 (00:45 +0000)]
Use memmove instead of memcpy for overlapping memory
CID 251047 251094
OK beck@ jsing@ millert@ tb@