openbsd
11 months agodrm/amdgpu: don't use ATRM for external devices
jsg [Thu, 30 Nov 2023 02:52:49 +0000 (02:52 +0000)]
drm/amdgpu: don't use ATRM for external devices

From Alex Deucher
2ab6c1237bd4a961b8d5032671510a028fb9f0f6 in linux-6.1.y/6.1.64
432e664e7c98c243fab4c3c95bd463bea3aeed28 in mainline linux

11 months agodrm/amdgpu: don't use pci_is_thunderbolt_attached()
jsg [Thu, 30 Nov 2023 02:51:49 +0000 (02:51 +0000)]
drm/amdgpu: don't use pci_is_thunderbolt_attached()

From Alex Deucher
965dce07a4fc5b15c07c73124f5016240a7250ef in linux-6.1.y/6.1.64
7b1c6263eaf4fd64ffe1cafdc504a42ee4bfbb33 in mainline linux

11 months agodrm/amdgpu/smu13: drop compute workload workaround
jsg [Thu, 30 Nov 2023 02:50:22 +0000 (02:50 +0000)]
drm/amdgpu/smu13: drop compute workload workaround

From Alex Deucher
8e54a91d3e66b9730861f10345238ff5ef979d3d in linux-6.1.y/6.1.64
23170863ea0a0965d224342c0eb2ad8303b1f267 in mainline linux

11 months agodrm/amd/pm: Fix error of MACO flag setting code
jsg [Thu, 30 Nov 2023 02:49:07 +0000 (02:49 +0000)]
drm/amd/pm: Fix error of MACO flag setting code

From Ma Jun
454d0cdd7c127bb0ad06b53c52e94ca2c9a83b20 in linux-6.1.y/6.1.64
7f3e6b840fa8b0889d776639310a5dc672c1e9e1 in mainline linux

11 months agodrm/i915: Fix potential spectre vulnerability
jsg [Thu, 30 Nov 2023 02:47:39 +0000 (02:47 +0000)]
drm/i915: Fix potential spectre vulnerability

From Kunwu Chan
07e94f204f38b0d36eb377b3cda088b4a8b6f9a2 in linux-6.1.y/6.1.64
1a8e9bad6ef563c28ab0f8619628d5511be55431 in mainline linux

11 months agodrm/i915: Bump GLK CDCLK frequency when driving multiple pipes
jsg [Thu, 30 Nov 2023 02:46:29 +0000 (02:46 +0000)]
drm/i915: Bump GLK CDCLK frequency when driving multiple pipes

From Ville Syrjala
9457636a49265bdec14f3b747a4911ea9b7d468c in linux-6.1.y/6.1.64
0cb89cd42fd22bbdec0b046c48f35775f5b88bdb in mainline linux

11 months agodrm/amd/pm: Handle non-terminated overdrive commands.
jsg [Thu, 30 Nov 2023 02:44:33 +0000 (02:44 +0000)]
drm/amd/pm: Handle non-terminated overdrive commands.

From Bas Nieuwenhuizen
e973f40de16125f3f85a07db68a2ad4a0aeb42c2 in linux-6.1.y/6.1.64
08e9ebc75b5bcfec9d226f9e16bab2ab7b25a39a in mainline linux

11 months agodrm/amd/display: enable dsc_clk even if dsc_pg disabled
jsg [Thu, 30 Nov 2023 02:43:08 +0000 (02:43 +0000)]
drm/amd/display: enable dsc_clk even if dsc_pg disabled

From Muhammad Ahmed
3b70d45c7ea8e6c4584f497b1bad1dba1c3b9557 in linux-6.1.y/6.1.64
40255df370e94d44f0f0a924400d68db0ee31bec in mainline linux

11 months agoi915/perf: Fix NULL deref bugs with drm_dbg() calls
jsg [Thu, 30 Nov 2023 02:41:35 +0000 (02:41 +0000)]
i915/perf: Fix NULL deref bugs with drm_dbg() calls

From Harshit Mogalapalli
55db76caa782baa4a1bf02296e2773c38a524a3e in linux-6.1.y/6.1.64
471aa951bf1206d3c10d0daa67005b8e4db4ff83 in mainline linux

11 months agodrm/amdgpu: fix software pci_unplug on some chips
jsg [Thu, 30 Nov 2023 02:39:56 +0000 (02:39 +0000)]
drm/amdgpu: fix software pci_unplug on some chips

From Vitaly Prosyak
6586b5f8e456de7bddbed2446f5f558f9035c7ad in linux-6.1.y/6.1.64
4638e0c29a3f2294d5de0d052a4b8c9f33ccb957 in mainline linux

11 months agodrm/amd/display: Avoid NULL dereference of timing generator
jsg [Thu, 30 Nov 2023 02:38:28 +0000 (02:38 +0000)]
drm/amd/display: Avoid NULL dereference of timing generator

From Wayne Lin
8a06894666e0b462c9316b26ab615cefdd0d676c in linux-6.1.y/6.1.64
b1904ed480cee3f9f4036ea0e36d139cb5fee2d6 in mainline linux

11 months agodrm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL
jsg [Thu, 30 Nov 2023 02:37:03 +0000 (02:37 +0000)]
drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

From Qu Huang
6c1b3d89a2dda79881726bb6e37af19c0936d736 in linux-6.1.y/6.1.64
5104fdf50d326db2c1a994f8b35dcd46e63ae4ad in mainline linux

11 months agodrm/amdkfd: Fix shift out-of-bounds issue
jsg [Thu, 30 Nov 2023 02:35:24 +0000 (02:35 +0000)]
drm/amdkfd: Fix shift out-of-bounds issue

From Jesse Zhang
2806f880379232e789957c2078d612669eb7a69c in linux-6.1.y/6.1.64
282c1d793076c2edac6c3db51b7e8ed2b41d60a5 in mainline linux

11 months agodrm/radeon: fix a possible null pointer dereference
jsg [Thu, 30 Nov 2023 02:33:55 +0000 (02:33 +0000)]
drm/radeon: fix a possible null pointer dereference

From Ma Ke
16fa59e273f8eb20ececeb570ab41c9d3d791429 in linux-6.1.y/6.1.64
2c1fe3c480f9e1deefd50d4b18be4a046011ee1f in mainline linux

11 months agodrm/amdgpu: Fix potential null pointer derefernce
jsg [Thu, 30 Nov 2023 02:32:22 +0000 (02:32 +0000)]
drm/amdgpu: Fix potential null pointer derefernce

From Stanley Yang
9b70fc7d70e8ef7c4a65034c9487f58609e708a1 in linux-6.1.y/6.1.64
80285ae1ec8717b597b20de38866c29d84d321a1 in mainline linux

11 months agodrm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
jsg [Thu, 30 Nov 2023 02:30:10 +0000 (02:30 +0000)]
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga

From Mario Limonciello
d0725232da777840703f5f1e22f2e3081d712aa4 in linux-6.1.y/6.1.64
0f0e59075b5c22f1e871fbd508d6e4f495048356 in mainline linux

11 months agodrm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
jsg [Thu, 30 Nov 2023 02:28:39 +0000 (02:28 +0000)]
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7

From Mario Limonciello
fc9ac0e8e0bcb3740c6eaad3a1a50c20016d422b in linux-6.1.y/6.1.64
760efbca74a405dc439a013a5efaa9fadc95a8c3 in mainline linux

11 months agodrm/amd/display: use full update for clip size increase of large plane source
jsg [Thu, 30 Nov 2023 02:26:44 +0000 (02:26 +0000)]
drm/amd/display: use full update for clip size increase of large plane source

From Wenjing Liu
24faa2740b3f15e747b563a6c22fb05ba13a76b7 in linux-6.1.y/6.1.64
05b78277ef0efc1deebc8a22384fffec29a3676e in mainline linux

11 months agodrm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments
jsg [Thu, 30 Nov 2023 02:24:02 +0000 (02:24 +0000)]
drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments

From Mario Limonciello
09d4f579d30024eda51b61ec94618011a0fabd66 in linux-6.1.y/6.1.64
7752ccf85b929a22e658ec145283e8f31232f4bb in mainline linux

11 months agodrm/amdkfd: Fix a race condition of vram buffer unref in svm code
jsg [Thu, 30 Nov 2023 02:20:12 +0000 (02:20 +0000)]
drm/amdkfd: Fix a race condition of vram buffer unref in svm code

From Xiaogang Chen
50f35a907c4f9ed431fd3dbb8b871ef1cbb0718e in linux-6.1.y/6.1.64
709c348261618da7ed89d6c303e2ceb9e453ba74 in mainline linux

11 months agodrm/amdgpu: not to save bo in the case of RAS err_event_athub
jsg [Thu, 30 Nov 2023 02:18:37 +0000 (02:18 +0000)]
drm/amdgpu: not to save bo in the case of RAS err_event_athub

From David (Ming Qiang) Wu
5b978a8ce49719625c796f80ef6929312743badd in linux-6.1.y/6.1.64
fa1f1cc09d588a90c8ce3f507c47df257461d148 in mainline linux

11 months agoadd dev_is_removable() for 6.1.64 drm
jsg [Thu, 30 Nov 2023 02:14:01 +0000 (02:14 +0000)]
add dev_is_removable() for 6.1.64 drm

11 months agoFix unwanted sign-extension of ID register masks. Sign-extension of the
kettenis [Wed, 29 Nov 2023 23:32:16 +0000 (23:32 +0000)]
Fix unwanted sign-extension of ID register masks.  Sign-extension of the
GPI feature mask caused misdetection of the GPI feature when some other
feature was present that was advertised in the upper 32 bits of the same
ID register.  Resulting in a crash as soon as the pmap code tried to set
the PAC keys.

Fix suggested by Marc Zyngier who found and debugged the problem.

ok jsg@, deraadt@

11 months agoIgnore ENGINE at the API boundary
tb [Wed, 29 Nov 2023 21:35:57 +0000 (21:35 +0000)]
Ignore ENGINE at the API boundary

This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.

ok jsing

11 months agoregen syscalls
bluhm [Wed, 29 Nov 2023 20:46:23 +0000 (20:46 +0000)]
regen syscalls

11 months agoUnlock bind(2) syscall.
bluhm [Wed, 29 Nov 2023 20:40:06 +0000 (20:40 +0000)]
Unlock bind(2) syscall.

For internet sockets sobind() runs with exclusive net lock due to
solock().  For unix domain sockets uipc_bind() grabs the kernel
lock itself.  So sys_bind() is MP safe.  Add NOLOCK flag to avoid
kernel lock.

OK mvs@

11 months agoRun TCP syn cache timer without kernel lock.
bluhm [Wed, 29 Nov 2023 19:19:25 +0000 (19:19 +0000)]
Run TCP syn cache timer without kernel lock.

As syn_cache_timer() uses syn cache mutex and exclusive net lock,
it does not need kernel lock.

OK mvs@

11 months agoremove unused VXLANMTU definition
denis [Wed, 29 Nov 2023 18:46:37 +0000 (18:46 +0000)]
remove unused VXLANMTU definition

OK claudio, miod

11 months agoDocument inp_socket as immutable and remove NULL checks.
bluhm [Wed, 29 Nov 2023 18:30:48 +0000 (18:30 +0000)]
Document inp_socket as immutable and remove NULL checks.

Struct inpcb field inp_socket is initialized in in_pcballoc().  It
is not NULL and never changed.

OK mvs@

11 months agoClean up CMAC implementation a little
tb [Wed, 29 Nov 2023 18:11:10 +0000 (18:11 +0000)]
Clean up CMAC implementation a little

Add explanatory comments that refer to the spec so that all the weird
dances make a little more sense. It turns out that this implmeentation
only supports block ciphers with block sizes of 64 and 128 bits, so
enforce this with a check.

Simplify make_kn() to make a little more sense and make it constant
time. Some stylistic fixes like checking pointers explicitly against
NULL and shuffle things into an order that makes a bit more sense.

Includes a fix for a warning reported by Viktor Szakats in
https://github.com/libressl/portable/issues/926

ok jsing

11 months agorelay_read_http: defer header parsing until after line continuation
millert [Wed, 29 Nov 2023 15:35:07 +0000 (15:35 +0000)]
relay_read_http: defer header parsing until after line continuation

Wait until we have a complete line before parsing the Content-Length,
Transfer-Encoding and Host headers.  This prevents potential request
smuggling attacks.  Filtering already happens after header line
continuation has been performed.  Reported by Ben Kallus.
OK claudio@

11 months agoaliases package.5 as packing-list and plist, since this is the entry
espie [Wed, 29 Nov 2023 14:32:01 +0000 (14:32 +0000)]
aliases package.5 as packing-list and plist, since this is the entry
point for people looking for packing-list details.

small tweak by tb@ for readability

okay tb@, jca@

11 months agoConvert ssl3_cipher_by_id() to bsearch()
tb [Wed, 29 Nov 2023 13:39:34 +0000 (13:39 +0000)]
Convert ssl3_cipher_by_id() to bsearch()

This was previously the only user of OBJ_bsearch_ssl_cipher_id(), which
in turn is the one remaining user of OBJ_bsearch_() outside of libcrypto.
OBJ_bsearch_() is OpenSSL's idiosyncratic reimplementation of ANSI C89's
bsearch(). Since this used to be hidden behind macro insanity, the result
was three inscrutable layers of comparison functions.

It is much simpler and cleaner to use the standard API. Move all the code
to s3_lib.c, since it's ony used there.

In a few further diffs, OBJ_bsearch_() will be removed from libcrypto.
Unfortunately, we'll need to keep OBJ_bsearch_ex(), because it is
exposed via sk_find_ex(), which is exposed by M2Crypto...

ok jsing

11 months agoUse a long for id in ssl3_get_cipher_by_id()
tb [Wed, 29 Nov 2023 13:29:34 +0000 (13:29 +0000)]
Use a long for id in ssl3_get_cipher_by_id()

While the cipher id is effectively a 32-bit value, someone decided that
it should be represented by a long in various internal structs, whose
mameber is passed as id. So use a long because of this and also to make
an upcoming diff simpler.

ok jsing

11 months agoCleanup kmeminit_nkmempages().
claudio [Wed, 29 Nov 2023 11:47:15 +0000 (11:47 +0000)]
Cleanup kmeminit_nkmempages().

NKMEMPAGES_MIN was removed long time ago in all archs so there is no
need to keep it.
Also initalize nkmempages_max at compile time since sparc (with variable
page size) is long gone as well.
No objection from miod@

11 months agoupdate supported hardware lists
jmatthew [Wed, 29 Nov 2023 06:59:23 +0000 (06:59 +0000)]
update supported hardware lists

11 months agoAdd support for new SAS HBAs (codenamed Aero and Sea, sold as Broadcom HBA
jmatthew [Wed, 29 Nov 2023 06:54:09 +0000 (06:54 +0000)]
Add support for new SAS HBAs (codenamed Aero and Sea, sold as Broadcom HBA
9500, Dell HBA350/5, Lenovo ThinkSystem 440 HBA, Supermicro AOC-S3808/16)

These apparently have a hardware problem that results in reads of some
registers returning all zeros under some transient conditions, which can
apparently be worked around by retrying reads that return 0 up to 3 times.

ok dlg@

11 months agoregen
jmatthew [Wed, 29 Nov 2023 06:46:58 +0000 (06:46 +0000)]
regen

11 months agoadd some new Broadcom SAS HBA ids
jmatthew [Wed, 29 Nov 2023 06:46:29 +0000 (06:46 +0000)]
add some new Broadcom SAS HBA ids

11 months agoincrease the number of address ranges in acpi attach args from 4 to 8
jsg [Wed, 29 Nov 2023 03:41:31 +0000 (03:41 +0000)]
increase the number of address ranges in acpi attach args from 4 to 8

On Intel Alder Lake-S and Raptor Lake-S platforms GPIO has 5 address
ranges.  One for each GPIO community.

Fixes suspend/resume on Laurence Tratt's Raptor Lake-S machine
which broke when Alder Lake-S support was added to pchgpio(4).

ok kettenis@

11 months agoUpdate awk to the Nov 27, 2023 version.
millert [Tue, 28 Nov 2023 20:54:38 +0000 (20:54 +0000)]
Update awk to the Nov 27, 2023 version.

11 months agorelay_read_http: tighten up header parsing
millert [Tue, 28 Nov 2023 18:36:55 +0000 (18:36 +0000)]
relay_read_http: tighten up header parsing

1) reject headers with embedded NULs
2) reject headers with invalid characters in the name
3) reject Transfer-Encoding with values other than "chunked"
4) reject chunk values containing non-hex characters
5) reject Content-Length values of "+0" or "-0"
6) reject requests without a ' ' and headers without a ':'

Reported by Ben Kallus, OK bluhm@

11 months agoRemove struct inpcb from in6_embedscope() parameters.
bluhm [Tue, 28 Nov 2023 13:23:20 +0000 (13:23 +0000)]
Remove struct inpcb from in6_embedscope() parameters.

rip6_output() did modify inp_outputopts6 temporarily to provide
different ip6_pktopts to in6_embedscope().  Better pass inp_outputopts6
and inp_moptions6 as separate arguments to in6_embedscope().
Simplify the code that deals with these options in in6_embedscope().
Doucument inp_moptions and inp_moptions6 as protected by net lock.

OK kn@

11 months agoSwitch to legacy method late in tls13_use_legacy_stack()
tb [Tue, 28 Nov 2023 13:19:04 +0000 (13:19 +0000)]
Switch to legacy method late in tls13_use_legacy_stack()

If memory allocation of s->init_buf fails in ssl3_setup_init_buffer()
during downgrade to the legacy stack, the legacy state machine would
resume with an incorrectly set up SSL, resulting in a NULL dereference.
The fix is to switch to the legacy method only after the SSL is fully
set up. There is a second part to this fix, which will be committed
once we manage to agree on the color of the bikeshed.

Detailed analysis and patch from Masaru Masuda, many thanks!
https://github.com/libressl/openbsd/issues/146

ok jsing

11 months agocorrect spelling of FALLTHROUGH
jsg [Tue, 28 Nov 2023 09:29:20 +0000 (09:29 +0000)]
correct spelling of FALLTHROUGH

11 months agoremove more unused defines
jsg [Tue, 28 Nov 2023 09:10:18 +0000 (09:10 +0000)]
remove more unused defines
ok kettenis@

11 months agoAdapt inv{vpid,ept} to return success or failure.
dv [Tue, 28 Nov 2023 00:17:48 +0000 (00:17 +0000)]
Adapt inv{vpid,ept} to return success or failure.

ok mlarkin@

11 months agoEVP test: fix includes
tb [Mon, 27 Nov 2023 22:39:26 +0000 (22:39 +0000)]
EVP test: fix includes

11 months agoEVP test: add regress coverage for the do_all() API
tb [Mon, 27 Nov 2023 22:29:51 +0000 (22:29 +0000)]
EVP test: add regress coverage for the do_all() API

11 months agoRegen cert.pem
tb [Mon, 27 Nov 2023 21:44:21 +0000 (21:44 +0000)]
Regen cert.pem

ok sthen

New Roots for existing CA:
  /CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE
  /CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE

New CA:
BEIJING CERTIFICATE AUTHORITY
  /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1
  /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2

Two E-Tugra roots were removed due to a breach:
  /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3
  /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

Removed expired root:
  /C=HK/O=Hongkong Post/CN=Hongkong Post Root CA 1

Removed expired CA:
SECOM Trust.net
  /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1

New CA:
Sectigo Limited
  /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root E46
  /C=GB/O=Sectigo Limited/CN=Sectigo Public Server Authentication Root R46

New roots for existing CA:
  /C=US/O=SSL Corporation/CN=SSL.com TLS ECC Root CA 2022
  /C=US/O=SSL Corporation/CN=SSL.com TLS RSA Root CA 2022

11 months agoAdd NULL check before dereferencing inp_seclevel.
bluhm [Mon, 27 Nov 2023 20:37:15 +0000 (20:37 +0000)]
Add NULL check before dereferencing inp_seclevel.

In some cases inp may be NULL, so check that before passing
inp->inp_seclevel to ipsp_spd_lookup() or ip_output().

Missed in previous commit.

11 months agoRegen
miod [Mon, 27 Nov 2023 20:04:07 +0000 (20:04 +0000)]
Regen

11 months agoNew devices, support for which is coming soon.
miod [Mon, 27 Nov 2023 20:03:50 +0000 (20:03 +0000)]
New devices, support for which is coming soon.

11 months agoRemove some trailing whitespace
tb [Mon, 27 Nov 2023 19:27:21 +0000 (19:27 +0000)]
Remove some trailing whitespace

x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text'
by removing trailing whitespace from non-critical certificate extensions.
Committing the difference now to reduces noise in an upcoming diff.

There's some trailing whitespace remaining. That's because we try to print
a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work
so well with an encoding full of NULs...

11 months agoAdd missing error check for yp_get_default_domain()
tb [Mon, 27 Nov 2023 18:37:53 +0000 (18:37 +0000)]
Add missing error check for yp_get_default_domain()

Avoids a crash when no default domain is set.

from hshoexer
ok deraadt who had the same diff

11 months agoadditonal -> additional
jsg [Mon, 27 Nov 2023 13:42:19 +0000 (13:42 +0000)]
additonal -> additional

11 months agoRemove silly parentheses
tb [Mon, 27 Nov 2023 11:52:32 +0000 (11:52 +0000)]
Remove silly parentheses

11 months agoDocument -J, --omit-link-times and remove a confusing sentence from
claudio [Mon, 27 Nov 2023 11:32:34 +0000 (11:32 +0000)]
Document -J, --omit-link-times and remove a confusing sentence from
the -O, --omit-dir-times description.
OK tb@

11 months agoImplement --omit-link-times / -J based on the --omit-dir-times work
claudio [Mon, 27 Nov 2023 11:30:49 +0000 (11:30 +0000)]
Implement --omit-link-times / -J based on the --omit-dir-times work
done by job@.
OK tb@

11 months agoThe uploader tail shortcut to skip dir postprocessing should also check
claudio [Mon, 27 Nov 2023 11:28:39 +0000 (11:28 +0000)]
The uploader tail shortcut to skip dir postprocessing should also check
if ignore_dir_times is set. In that case preserve_times loses its meaning.
OK tb@

11 months agoAdd --no-O and --no-omit-dir-times options. For some reason the real
claudio [Mon, 27 Nov 2023 10:14:19 +0000 (10:14 +0000)]
Add --no-O and --no-omit-dir-times options. For some reason the real
rsync has these options and so should ours. These strange --no-XYZ
options are undocumented and are there just for compatibility.
OK tb@ job@

11 months agointerfacename -> interface to match usage and other manuals; OK florian
kn [Mon, 27 Nov 2023 09:29:48 +0000 (09:29 +0000)]
interfacename -> interface to match usage and other manuals;  OK florian

11 months agoMove the callers X509_STORE_CTX_purpose_inherit() down a bit
tb [Mon, 27 Nov 2023 00:51:12 +0000 (00:51 +0000)]
Move the callers X509_STORE_CTX_purpose_inherit() down a bit

11 months agosupport Alder Lake-N and Alder Lake-S
jsg [Mon, 27 Nov 2023 00:39:42 +0000 (00:39 +0000)]
support Alder Lake-N and Alder Lake-S

Alder Lake-N tested by sthen@
Alder Lake-S tested by Laurence Tratt (on Raptor Lake-S)
feedback and ok kettenis@

11 months agoAdd arm64 bti pads for range extension thunks.
tobhe [Sun, 26 Nov 2023 22:18:45 +0000 (22:18 +0000)]
Add arm64 bti pads for range extension thunks.

Large arm64 binaries like chromium use range extension thunks
for accessing plt entries. Add bti landing pads for the
additional indirection.

upstream commit: 60827df765156cee6cca3dc5049388dde9dac1c0

ok kettenis@

11 months agoRemove inp parameter from ip_output().
bluhm [Sun, 26 Nov 2023 22:08:10 +0000 (22:08 +0000)]
Remove inp parameter from ip_output().

ip_output() received inp as parameter.  This is only used to lookup
the IPsec level of the socket.  Reasoning about MP locking is much
easier if only relevant data is passed around.  Convert ip_output()
to receive constant inp_seclevel as argument and mark it as protected
by net lock.

OK mvs@

11 months agoFix read/write past buffer end
afresh1 [Sun, 26 Nov 2023 16:52:12 +0000 (16:52 +0000)]
Fix read/write past buffer end

From upstream commit:

From 7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140

A package name may be specified in a \p{...} regular expression
construct.  If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in.  By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one.  Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.

In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name".  The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off.  I found it convenient to strip off the package specifier
"utf8::".  To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.

This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword".  All such ones are undocumented
internal properties.

What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal.  The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is.  Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.

The solution is to skip the "utf8::" when reparsing "name".  Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.

This commit also does white-space adjustment so that things align
vertically for readability.

11 months agomark functions as static when they're unused elsewhere, makes the
espie [Sun, 26 Nov 2023 16:04:17 +0000 (16:04 +0000)]
mark functions as static when they're unused elsewhere, makes the
code slightly easier to understand.

okay and tweak kn@

11 months agoAdd a few more RK3588 clocks/resets that are reference by newer device
kettenis [Sun, 26 Nov 2023 13:47:45 +0000 (13:47 +0000)]
Add a few more RK3588 clocks/resets that are reference by newer device
trees.

ok dlg@

11 months agovmm(4)/vmx: pass correct vpid value to invvpid.
dv [Sun, 26 Nov 2023 13:02:44 +0000 (13:02 +0000)]
vmm(4)/vmx: pass correct vpid value to invvpid.

While vmm's use of invvpid in the vmx vcpu run loop is questionable
since we require and use EPT, the vpid value is unquestionably wrong
in these calls.

ok mlarkin@

11 months agoregen
jsg [Sun, 26 Nov 2023 05:47:54 +0000 (05:47 +0000)]
regen

11 months agodrm/i915/rpl: Update pci ids for RPL P/U
jsg [Sun, 26 Nov 2023 05:47:21 +0000 (05:47 +0000)]
drm/i915/rpl: Update pci ids for RPL P/U

From Dnyaneshwar Bhadane
5d5fea7c79a7f7b61a9683784c83d539aca8dafe in mainline linux

11 months agoFix oslog support and be more forgiving when we see messages that we don't
kettenis [Sat, 25 Nov 2023 18:12:20 +0000 (18:12 +0000)]
Fix oslog support and be more forgiving when we see messages that we don't
recognize.  Fixes booting with newer firmware (such as the firmware
currently installed by the Asahi installer).

ok tobhe@

11 months agorecognize future updatedb tagged packages
espie [Sat, 25 Nov 2023 17:43:39 +0000 (17:43 +0000)]
recognize future updatedb tagged packages

11 months agoUpdate awk to the Nov 24, 2023 version.
millert [Sat, 25 Nov 2023 16:31:33 +0000 (16:31 +0000)]
Update awk to the Nov 24, 2023 version.

11 months agowhitespace; spotted by kn
florian [Sat, 25 Nov 2023 13:00:05 +0000 (13:00 +0000)]
whitespace; spotted by kn

11 months agoMove ssl_cipher_id_cmp() next to its only caller
tb [Sat, 25 Nov 2023 12:05:08 +0000 (12:05 +0000)]
Move ssl_cipher_id_cmp() next to its only caller

It was left alone and forlorn in the middle of other nonsense. Since there
is only one caller (the OBJ_bsearch_ stupidity), it can be static and there
is no need to prototype it in ssl_local.h.

11 months agoFirst stab at IPv6-only preferred from RFC8925.
florian [Sat, 25 Nov 2023 12:00:39 +0000 (12:00 +0000)]
First stab at IPv6-only preferred from RFC8925.

This lets dhcpleased(8) request "IPv6-only preferred". If the
server replies with this option dhcpleased stops and does not request
a lease and deconfigures IPv4 on the interface.

For now this is pretty much useless unless one dynamically configures
pf(4) to act as a CLAT. gelatod(8) from ports can help with this.

However, this helps me while hacking on a kernel based stateless CLAT
by moving dhcpleased out of the way while having an IPv6-mostly
network configured to compare behaviour with macOS.

Input jmc
OK phessler
Input & OK sthen

11 months agoforgot to zap really old D/F
espie [Sat, 25 Nov 2023 11:02:23 +0000 (11:02 +0000)]
forgot to zap really old D/F

11 months ago-h is handled by State.pm, don't try to recognize it
espie [Sat, 25 Nov 2023 11:01:22 +0000 (11:01 +0000)]
-h is handled by State.pm, don't try to recognize it

11 months agocheck_security has been around long enough, no need to check quirks can
espie [Sat, 25 Nov 2023 10:58:45 +0000 (10:58 +0000)]
check_security has been around long enough, no need to check quirks can
do it

11 months agoreinstate checking the keytype, which I unwittingly dropped a long time ago.
espie [Sat, 25 Nov 2023 10:29:23 +0000 (10:29 +0000)]
reinstate checking the keytype, which I unwittingly dropped a long time ago.

11 months agoreason this is here
espie [Sat, 25 Nov 2023 10:18:40 +0000 (10:18 +0000)]
reason this is here

11 months agodead too
espie [Sat, 25 Nov 2023 10:17:59 +0000 (10:17 +0000)]
dead too

11 months agothis is dead since 2016
espie [Sat, 25 Nov 2023 10:17:38 +0000 (10:17 +0000)]
this is dead since 2016

11 months agoDocument that "localhost" only resolves to the loopback addresses.
florian [Sat, 25 Nov 2023 08:14:43 +0000 (08:14 +0000)]
Document that "localhost" only resolves to the loopback addresses.
prodding pb
OK phessler, sthen
Input & OK jmc

11 months agovmm(4)/vmx: fix memory scribbling by updating GDTR/TR if vcpu moves.
dv [Fri, 24 Nov 2023 21:48:25 +0000 (21:48 +0000)]
vmm(4)/vmx: fix memory scribbling by updating GDTR/TR if vcpu moves.

If the vcpu thread sleeps in the kernel, like when handling a nested
page fault and calling uvm_fault(9), the thread may be rescheduled
on another host cpu. vmm(4) was only setting the GDTR and TR bases
in the VMCS once prior to first vm entry, so a thread migration can
result in restoring the wrong GDTR and TR on vm exit for the host
cpu. This results in borked interrupts and corrupted stack pointers,
causing programs to segfault or sigabort. It can also result in
missed ipi's causing kernel deadlocks.

Use similar logic to the SVM routines and check for cpu migration
within the hot loop. Since we're letting the VMX features of the
cpu restore GDTR, we can also drop the manual store/load routines.

Reported and with much appreciated testing help from Mischa Peters.

ok mlarkin@

11 months agoadd glue to match usage against actual options, as a debugging facility
espie [Fri, 24 Nov 2023 18:19:25 +0000 (18:19 +0000)]
add glue to match usage against actual options, as a debugging facility

11 months agoRemove unneeded symbols.
miod [Fri, 24 Nov 2023 16:41:12 +0000 (16:41 +0000)]
Remove unneeded symbols.

11 months agoEmpty IKEv2 DPD messages should not contain extra NONE payloads
tobhe [Fri, 24 Nov 2023 14:43:00 +0000 (14:43 +0000)]
Empty IKEv2 DPD messages should not contain extra NONE payloads

from markus@

11 months agoRequire files to be of a minimum size in the RRDP & RSYNC transports
job [Fri, 24 Nov 2023 14:05:47 +0000 (14:05 +0000)]
Require files to be of a minimum size in the RRDP & RSYNC transports

Picked 100 bytes as a minimum, to accommodate future signature schemes
(such as the smaller P-256) and small files like empty CRLs.

With and OK claudio@ tb@

11 months agoMatch on 19h/1xh PSP
jmatthew [Fri, 24 Nov 2023 08:47:35 +0000 (08:47 +0000)]
Match on 19h/1xh PSP

ok dlg@

11 months agoNo need to load function addresses in registers and branch to the register
miod [Fri, 24 Nov 2023 07:57:39 +0000 (07:57 +0000)]
No need to load function addresses in registers and branch to the register
contents when there is that nifty instruction called "call"; NFC

11 months agoRemove unused direct map defines and macros, originating from FreeBSD.
miod [Fri, 24 Nov 2023 07:18:49 +0000 (07:18 +0000)]
Remove unused direct map defines and macros, originating from FreeBSD.
ok mlarkin@ kettenis@

11 months agoAdditional tests of automatic tagging involving different kinds of hyphens
schwarze [Fri, 24 Nov 2023 04:53:39 +0000 (04:53 +0000)]
Additional tests of automatic tagging involving different kinds of hyphens
after tag.c rev. 1.38.

11 months ago1. Do not put ASCII_HYPH (0x1c) into the tag file.
schwarze [Fri, 24 Nov 2023 04:48:02 +0000 (04:48 +0000)]
1. Do not put ASCII_HYPH (0x1c) into the tag file.
That happened when tagging a string containing '-' on an input text line,
most commonly in man(7) .TP next line scope.
2. Do not let "\-" end the tag.
In both cases, translate ASCII_HYPH and "\-" to plain '-' for output.
For example, this improves handling of unbound.conf(5).

These two bugs were found thanks to a posting by weerd@.

11 months agoregen
jmatthew [Fri, 24 Nov 2023 04:34:35 +0000 (04:34 +0000)]
regen

11 months agoAdd devices found in 4th generation (Genoa) Epyc systems
jmatthew [Fri, 24 Nov 2023 04:34:09 +0000 (04:34 +0000)]
Add devices found in 4th generation (Genoa) Epyc systems

input from and ok jsg@

11 months agoPlug mem leak of msg when processing a quit message.
dtucker [Fri, 24 Nov 2023 00:31:30 +0000 (00:31 +0000)]
Plug mem leak of msg when processing a quit message.
Coverity CID#427852, ok djm@

11 months agoFix comments longer than 80 column.
asou [Fri, 24 Nov 2023 00:15:42 +0000 (00:15 +0000)]
Fix comments longer than 80 column.

ok miod@