bluhm [Fri, 24 Dec 2021 15:09:10 +0000 (15:09 +0000)]
Run malloc_duel for 60 seconds instead of 20. It did find kernel
crashes due to missing TLB flushes in the past. Other stress tests
in regress also run for a minute. Additional 40 seconds to the run
time of the test suite is a small price compared to higher chance
of finding bugs.
jsing [Fri, 24 Dec 2021 14:12:26 +0000 (14:12 +0000)]
Reorder some functions.
No functional change.
tb [Fri, 24 Dec 2021 14:00:11 +0000 (14:00 +0000)]
The RFC 3779 test needs LIBRESSL_CRYPTO_INTERNAL as lon as the API
isn't public.
tb [Fri, 24 Dec 2021 13:58:15 +0000 (13:58 +0000)]
Undo commenting of OPENSSL_NO_RFC3779
The define implies that we have the RFC 3779 API and corresponding
symbols publicly exposed. We don't do that since there are still
concerns about its suitability and security. oss-fuzz has code
depending on this define and this broke its build as tracked down
by jsing. This commit gets us oss-fuzz builds back while keeping
job happy since the extension pretty printing will continue to work.
ok jsing
tb [Fri, 24 Dec 2021 12:59:17 +0000 (12:59 +0000)]
Prepare to provide PEM_write_bio_PrivateKey_traditional()
This will be needed in openssl-ruby after the bump.
Part of OpenSSL commit
05dba815.
ok inoguchi jsing
tb [Fri, 24 Dec 2021 12:55:04 +0000 (12:55 +0000)]
Prepare to provide EVP_CIPHER_CTX_{get,set}_cipher_data
They will be needed by security/py-M2Crypto and telephony/sngrep.
ok inoguchi jsing
tb [Fri, 24 Dec 2021 12:02:15 +0000 (12:02 +0000)]
Prepare to provide EVP_CIPHER_CTX_buf_noconst()
This is just a dumb 'return ctx->buf' whose name was chosen to be consistent
with EVP_CIPHER_CTX_iv{,_noconst}() though there is no EVP_CIPHER_CTX_buf()
ok jsing
The backstory is this:
This wonderful API will be needed by MariaDB once EVP is opaque. To be able
to use its own handrolled AES CTR variant, it needs to reach inside the cipher
ctx's buffer and mess with it:
uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
/*
Not much we can do, block ciphers cannot encrypt data that aren't
a multiple of the block length. At least not without padding.
Let's do something CTR-like for the last partial block.
NOTE this assumes that there are only buf_len bytes in the buf.
If OpenSSL will change that, we'll need to change the implementation
of this class too.
*/
Being the dumb return ctx->buf that it is, the EVP_CIPHER_CTX_buf_noconst() API
obviously doesn't provide a means of doing any length checks.
If it is any consolation, it was committed with the vague hope of being a
temporary measure as OpenSSL commit
83b06347 suggests:
Note that the accessors / writers for iv, buf and num may go away, as
those rather belong in the implementation's own structure (cipher_data)
when the implementation would affect them [...]
As is true for many temporary kludges and dumb accessors, these are here
to stay a with us for a while.
While I'm at it, MariaDB has other phantastic things it did to ease its
pain with the OpenSSL 1.1 API transition.
To avoid one of two allocations (we're talking about ~50 and ~170 bytes) per
EVP_{MD,CIPHER}_CTX instantiation, it defines EVP_{MD,CIPHER}_CTX_SIZE and
uses arrays of these sizes that it aligns, casts and passes as ctx to the
EVP API.
Of course, they need to safeguard themselves against the inevitable buffer
overruns that this might cause since the type is opaque and could (and actually
did) change its size between two OpenSSL releases. There is a runtime check in
mysys_ssl/openssl.c that uses CRYPTO_set_mem_functions() to replace malloc()
with "coc_malloc()" to determine the sizes that OpenSSL would allocate
internally when doing EVP_{MD,CIPHER}_CTX_new() and match them to MariaDB's
ideas of the ctx sizes.
Go look, I'm not making this stuff up.
visa [Fri, 24 Dec 2021 10:25:36 +0000 (10:25 +0000)]
Hook up iocond regress.
visa [Fri, 24 Dec 2021 10:22:41 +0000 (10:22 +0000)]
Replace wait channel polling with simple sleep for portability.
tb [Fri, 24 Dec 2021 10:09:44 +0000 (10:09 +0000)]
Fix a typo in a comment and add some empty lines for readability
claudio [Fri, 24 Dec 2021 09:21:41 +0000 (09:21 +0000)]
Sync test code after the change of id from size_t to unsigned int.
Fixes test-http tests which currently fail. The change in test-rrdp.c
are just cosmetic the id is not used by the test.
Reported by anton@
guenther [Fri, 24 Dec 2021 08:49:19 +0000 (08:49 +0000)]
Delete obsolete __syscall regress that tested the old lseek syscall
with an explicit pad argument.
noted by anton@
jsing [Fri, 24 Dec 2021 08:31:55 +0000 (08:31 +0000)]
Print the name of the test before we run it.
jmc [Fri, 24 Dec 2021 07:09:46 +0000 (07:09 +0000)]
add mtw(4);
jmc [Fri, 24 Dec 2021 07:08:04 +0000 (07:08 +0000)]
use -nosplit for AUTHORS;
jmc [Fri, 24 Dec 2021 07:05:55 +0000 (07:05 +0000)]
iic.4: add apliic to the master list
apliic.4: add arch to Dt
hastings [Fri, 24 Dec 2021 06:53:18 +0000 (06:53 +0000)]
Support more mtw(4) devices.
ASUS USB-N10 v2, D-Link DWA-127 rev B1, Edimax EW-7711UAn v2,
various Ralink/MediaTek ids.
ok stsp@
visa [Fri, 24 Dec 2021 06:50:16 +0000 (06:50 +0000)]
Make poll/select version of filt_solisten() more similar to soo_poll().
OK mpi@
hastings [Fri, 24 Dec 2021 06:19:24 +0000 (06:19 +0000)]
regen
hastings [Fri, 24 Dec 2021 06:18:11 +0000 (06:18 +0000)]
Add some more mtw(4) devices.
ASUS USB-N10 v2, D-Link DWA-127 rev B1, Edimax EW-7711UAn v2,
various Ralink/MediaTek ids.
ok stsp@
hastings [Fri, 24 Dec 2021 05:25:39 +0000 (05:25 +0000)]
Add a manual page for mtw(4).
ok stsp@
tb [Fri, 24 Dec 2021 03:11:56 +0000 (03:11 +0000)]
Style tweak in {d2i,i2d}_IPAddrBlocks()
tb [Fri, 24 Dec 2021 03:06:05 +0000 (03:06 +0000)]
Drop -g -O0 from CFLAGS
tb [Fri, 24 Dec 2021 03:01:23 +0000 (03:01 +0000)]
link rfc3779 test to build
tb [Fri, 24 Dec 2021 03:00:37 +0000 (03:00 +0000)]
Add initial test coverage for RFC 3779 code.
This exercises the code paths that are reached from the validator
and also tests that the public API behaves as expected. There is a
lot more that could be done here, but this test is already big enough.
Missing are tests for X509v3_{addr,asid}_validate_{path,resource_set}()
themselves.
One test failure is ignored and will be fixed in the near future
when a bad logic error in range_should_be_prefix() is fixed.
A consequence of this bug is that we will currently accept and generate
DER that doesn't conform to RFC 3779.
tb [Fri, 24 Dec 2021 02:41:35 +0000 (02:41 +0000)]
Fix some KNF issues in the RFC 3779 section that have bothered me for
way too long.
tb [Fri, 24 Dec 2021 02:30:15 +0000 (02:30 +0000)]
KNF nit
tb [Fri, 24 Dec 2021 02:28:52 +0000 (02:28 +0000)]
Remove asserts from asid_validate_path_internal()
The first asserts ensure that things checked in the callers hold true.
Turn them into error checks and set the error on the X509_STORE_CTX
if it's present. Checking sk_value(..., i) with i < sk_num(...) isn't
useful, particularly if that check is done via an assert. Turn one
remaining assert into a NULL check. Finally, simplify the sk_num()
checks in the callers.
ok jsing
tb [Fri, 24 Dec 2021 02:23:44 +0000 (02:23 +0000)]
Turn asserts in ASIdentifierChoice_canonize() into error checks
The first assert ensures that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.
ok jsing
tb [Fri, 24 Dec 2021 02:22:16 +0000 (02:22 +0000)]
Remove assert from extract_min_max() (again)
All callers ensure that aor != NULL, so this isn't necessary.
ok jsing
tb [Fri, 24 Dec 2021 02:17:27 +0000 (02:17 +0000)]
Revert previous. The commit contained more than intended.
tb [Fri, 24 Dec 2021 02:12:31 +0000 (02:12 +0000)]
Turn asserts in ASIdentifierChoice_canonize() into error checks
The first assert ensure that a stack that was just sorted in a stronger
sense is sorted in a weak sense and the second assert ensures that
the result of the canonization procedure is canonical. All callers check
for error, so these asserts don't do anything useful.
ok jsing
tb [Fri, 24 Dec 2021 02:07:37 +0000 (02:07 +0000)]
Remove assert from extract_min_max()
All callers ensure that aor != NULL, so this isn't necessary.
ok jsing
tb [Fri, 24 Dec 2021 02:04:00 +0000 (02:04 +0000)]
Fix indent of a comment.
tb [Fri, 24 Dec 2021 02:02:37 +0000 (02:02 +0000)]
Remove asserts from addr_validate_path_internal()
This is reachable from x509_verify(), but all asserts are previously
checked in the caller. Turn them into error checks and make sure
the error is set on the X509_STORE_CTX if present. Change some
stack == NULL || sk_num(stack) == 0 checks into sk_num(stack) <= 0
which is equivalent but simpler.
ok jsing
tb [Fri, 24 Dec 2021 01:56:08 +0000 (01:56 +0000)]
Turn assert in X509v3_addr_canonize() into an error check.
All internal callers check the return value and future external
callers will be happy not to hit an assert from the library.
ok jsing
patrick [Fri, 24 Dec 2021 00:07:56 +0000 (00:07 +0000)]
sync
patrick [Fri, 24 Dec 2021 00:07:06 +0000 (00:07 +0000)]
apliic(4)
patrick [Fri, 24 Dec 2021 00:01:39 +0000 (00:01 +0000)]
Add apliic(4), a driver for the I2C controller found on various Apple SoCs.
ok kettenis@
tb [Thu, 23 Dec 2021 23:48:38 +0000 (23:48 +0000)]
Fully check the second strtoul() call in v2i_IPAddrBlocks()
This can read a value in an arbitrary base from a string that is
supposed to be followed by whitespace or a colon, so it cannot be
switched to strtonum(). The current checks don't allow a read past
the end, but let's use the standard idiom instead.
ok jsing
tb [Thu, 23 Dec 2021 23:41:26 +0000 (23:41 +0000)]
Fix an arbitrary out-of-bounds stack read in v2i_IPAddrBlocks()
Switch an insufficiently checked strtoul() to strtonum(). This can
be used to trigger a read of a user-controlled size from the stack.
$ openssl req -new -addext 'sbgp-ipAddrBlock = IPv4:192.0.2.0/
12341234'
Segmentation fault (core dumped)
The bogus prefix length
12341234 is fed into X509v3_addr_add_prefix() and
used to read (prefixlen + 7) / 8 bytes from the stack variable 'min[16]'
that ends up as 'data' in the memmove in ASN1_STRING_set().
The full fix will add length checks to X509v3_addr_add_prefix() and
make_addressPrefix() and will be dealt with later. The entire
X509v3_{addr,asid}_* API will need a thorough review before it can be
exposed.
This code is only enabled in -current and can only be reached from
openssl.cnf files that contain sbgp-ipAddrBlock or from the openssl(1)
command line.
ok jsing
jsg [Thu, 23 Dec 2021 23:23:42 +0000 (23:23 +0000)]
fix indent to make it clear a line isn't part of previous if
ok deraadt@ millert@
bluhm [Thu, 23 Dec 2021 22:35:11 +0000 (22:35 +0000)]
Remove unused variables and assignments in ah and esp output.
found by clang 13; OK tobhe@
patrick [Thu, 23 Dec 2021 20:48:24 +0000 (20:48 +0000)]
Fix endless loop in the interrupt handler. When iterating over each
GPIO base register we must not replace the iterator variable with the
index of the pin inside the register.
ok kettenis@
guenther [Thu, 23 Dec 2021 18:50:59 +0000 (18:50 +0000)]
sync
guenther [Thu, 23 Dec 2021 18:50:31 +0000 (18:50 +0000)]
Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!
Time for a story...
When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate
To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.
The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.
ok deraadt@
tb [Thu, 23 Dec 2021 18:12:58 +0000 (18:12 +0000)]
fix typo: boolean true should decode to 1, not 0
tb [Thu, 23 Dec 2021 18:04:41 +0000 (18:04 +0000)]
Route templated implementations of {d2i,i2d}_ASN1_BOOLEAN() through
ASN1_item_ex_{d2i,i2d}() instead of ASN1_item_{d2i,i2d}(). Fixes test
failure on sparc64, and hopefully all other architectures.
reported by tobhe
with/ok jsing
bluhm [Thu, 23 Dec 2021 12:21:48 +0000 (12:21 +0000)]
IPsec is not MP safe yet. To allow forwarding in parallel without
dirty hacks, it is better to protect IPsec input and output with
kernel lock. Not much is lost as crypto needs the kernel lock
anyway. From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path. Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@
anton [Thu, 23 Dec 2021 12:14:15 +0000 (12:14 +0000)]
Get rid of unused next battery level argument.
bluhm [Thu, 23 Dec 2021 10:17:01 +0000 (10:17 +0000)]
Use TAILQ_FOREACH to traverse the disk list in sysctl_diskinit().
OK anton@
bluhm [Thu, 23 Dec 2021 10:09:16 +0000 (10:09 +0000)]
Disk lock was held when returning to userland. Add a missing unlock
in vnd ioctl error path.
Reported-by: syzbot+6dde3fda33074a256318@syzkaller.appspotmail.com
OK jsg@ anton@
bluhm [Thu, 23 Dec 2021 10:04:14 +0000 (10:04 +0000)]
Template for option WITNESS is in the architecture GENERIC.MP file
if it is supported. Remove it from the global GENERIC config.
OK visa@ claudio@
jsg [Thu, 23 Dec 2021 09:17:19 +0000 (09:17 +0000)]
fix off by one in bounds test
ok deraadt@
jsg [Thu, 23 Dec 2021 09:15:59 +0000 (09:15 +0000)]
fix off by one in bounds test
ok tobhe@
jsg [Thu, 23 Dec 2021 04:37:12 +0000 (04:37 +0000)]
make array bounds in unix2dosfn() prototype match function
missed when unix2dosfn() was changed in the kernel with
msdosfs_conv.c rev 1.15 in 2012
jsg [Thu, 23 Dec 2021 02:12:52 +0000 (02:12 +0000)]
make array bounds in unix2dosfn() prototype match function
missed when unix2dosfn() was changed with msdosfs_conv.c rev 1.15 in 2012
jsg [Thu, 23 Dec 2021 01:39:44 +0000 (01:39 +0000)]
give et_setmulti() more chance of working
ok claudio@
jsg [Wed, 22 Dec 2021 23:05:52 +0000 (23:05 +0000)]
Avoid GNU printf extension to use 'L' length modifier with a int
conversion specifier to mean 'll'. Found by an ok deraadt@
bluhm [Wed, 22 Dec 2021 22:20:13 +0000 (22:20 +0000)]
While malloc sleeps, the disk list could change during sysctl. Then
allocated memory could be too short for the list of disks. Retry
allocating enough space until it did not change.
The disk list and duid memory are protected by kernel lock. Use
asserts to mark this explicitly.
Reported-by: syzbot+807423f6868bbfb836bc@syzkaller.appspotmail.com
OK anton@ mpi@
tobhe [Wed, 22 Dec 2021 19:37:33 +0000 (19:37 +0000)]
Disable minimum power consumption in hostap mode. This improves connection
reliability when bwfm is used as an access point.
ok patrick@
florian [Wed, 22 Dec 2021 18:33:21 +0000 (18:33 +0000)]
Trivial update to 4.3.9.
bluhm [Wed, 22 Dec 2021 16:18:49 +0000 (16:18 +0000)]
Replace IO::Socket::INET with IO::Socket::IP.
bluhm [Wed, 22 Dec 2021 15:54:01 +0000 (15:54 +0000)]
Replace deprecated IO::Socket::INET6 with IO::Socket::IP.
bluhm [Wed, 22 Dec 2021 15:14:13 +0000 (15:14 +0000)]
Replace deprecated IO::Socket::INET6 with IO::Socket::IP.
tobhe [Wed, 22 Dec 2021 13:37:46 +0000 (13:37 +0000)]
Consolidate enc_getif() lookups in IPsec input path to save one lookup
per packet and improve readability.
ok bluhm@
jsg [Wed, 22 Dec 2021 12:33:02 +0000 (12:33 +0000)]
drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
From Le Ma
aec5897b277b13acd8f913d777654d4d092a24f1 in linux 5.10.y/5.10.88
f3a8076eb28cae1553958c629aecec479394bbe2 in mainline linux
jsg [Wed, 22 Dec 2021 12:30:38 +0000 (12:30 +0000)]
drm/amd/pm: fix a potential gpu_metrics_table memory leak
From Lang Yu
222cebd995cdf11fe0d502749560f65e64990e55 in linux 5.10.y/5.10.88
aa464957f7e660abd554f2546a588f6533720e21 in mainline linux
bluhm [Wed, 22 Dec 2021 11:50:28 +0000 (11:50 +0000)]
Replace deprecated IO::Socket::INET6 with IO::Socket::IP.
claudio [Wed, 22 Dec 2021 09:35:14 +0000 (09:35 +0000)]
Replace two questionable size_t types. For the repo id use a unsigned int
and for the roa maxlength use unsigned char (like the prefixlen in struct
ip_addr).
With input and OK job@
claudio [Wed, 22 Dec 2021 08:44:15 +0000 (08:44 +0000)]
The maxlength is optional in roa entries. By setting it to the address
prefixlen before looking for the optional maxlength attribute the code
can be simplified and a ternary expression can be removed.
OK tb@ job@
jmc [Wed, 22 Dec 2021 06:56:41 +0000 (06:56 +0000)]
sort -H and -h in SYNOPSIS/usage();
tweak the -H text;
ok djm
jsg [Wed, 22 Dec 2021 01:38:36 +0000 (01:38 +0000)]
%Lx -> %llx kernel printf does not support %Lx
mpi [Tue, 21 Dec 2021 22:21:32 +0000 (22:21 +0000)]
Fix a typo in mlock(2) error path triggering a double-free.
Pass the correct entry to uvm_fault_unwire_locked().
Reported-by: syzbot+bb2f63f076618e9ed0d3@syzkaller.appspotmail.com
ok kettenis@, deraadt@
kettenis [Tue, 21 Dec 2021 20:53:46 +0000 (20:53 +0000)]
Move checks on attach arguments from attach into match.
ok anton@, deraadt@
claudio [Tue, 21 Dec 2021 17:50:27 +0000 (17:50 +0000)]
Cleanup a few things while reading the code.
OK job@
claudio [Tue, 21 Dec 2021 16:16:15 +0000 (16:16 +0000)]
Simplify code a bit. There is only one TA per TAL and so only one
ta_lookup(). Implementing the talrepocnt limiter there makes little
sense and gains us nothing.
OK job@
nicm [Tue, 21 Dec 2021 14:57:28 +0000 (14:57 +0000)]
Support underscore style with capture-pane -e, GitHub issue 2928.
tobhe [Tue, 21 Dec 2021 13:50:35 +0000 (13:50 +0000)]
Add test cases for intermediate cert with 'set cert_partial_chain'.
nicm [Tue, 21 Dec 2021 13:07:53 +0000 (13:07 +0000)]
ARM's Morello CHERI architecture does not support pointers in packed
structures, so remove the packed attribute on struct grid_line and
reorder the members to eliminate unnecessary padding. From Jessica
Clarke in GitHub issue 3012.
anton [Tue, 21 Dec 2021 11:46:01 +0000 (11:46 +0000)]
knf nits
schwarze [Tue, 21 Dec 2021 11:14:07 +0000 (11:14 +0000)]
document BN_MONT_CTX_set_locked(3)
bluhm [Tue, 21 Dec 2021 09:35:08 +0000 (09:35 +0000)]
Do not print "dt: 451 probes" at boot in dmesg. Btrace device dt(4)
is enabled by default, this line does not provide much information.
requested by kettenis@ deraadt@; OK mpi@
schwarze [Tue, 21 Dec 2021 08:07:20 +0000 (08:07 +0000)]
state up front that patch(1) operates on text files,
fixing an omission pointed out by chrisz@;
OK jmc@ deraadt@ chrisz@
jsg [Tue, 21 Dec 2021 07:44:22 +0000 (07:44 +0000)]
avoid returning uninitialised var in hidpp_send_report()
ok anton@
anton [Tue, 21 Dec 2021 06:12:49 +0000 (06:12 +0000)]
Let malloc return an error as opposed of panicking when sysctl
kern.shminfo.shmseg is set to something ridiculously large.
ok kettenis@ millert@
Reported-by: syzbot+9f1b201cdbc97b19c7f5@syzkaller.appspotmail.com
anton [Tue, 21 Dec 2021 06:12:03 +0000 (06:12 +0000)]
Fix another vnd race pointed out by mpi@ and make sure to not unlock the
vnode twice in the error path.
Tested in snaps for a couple of days.
anton [Tue, 21 Dec 2021 06:11:16 +0000 (06:11 +0000)]
Ensure that the disk has been initialized after acquiring the lock and
not before as we might end up sleeping while acquiring the lock,
introducing a potential race.
Tested in snaps for a couple of days.
ok mpi@
Reported-by: syzbot+c87cdc2905b441c20d39@syzkaller.appspotmail.com
anton [Tue, 21 Dec 2021 06:10:29 +0000 (06:10 +0000)]
Rename local variable intrfn to intr, matches what dev/fdt/com_fdt.c
already does.
anton [Tue, 21 Dec 2021 06:09:47 +0000 (06:09 +0000)]
Do not attach com at acpi when there's no address or irq present. Fixes
a regression caused by the recent change to start attaching com at acpi
as it turns out that Libreboot exposes console devices lacking crucial
data in their acpi tables. The same console attaches fine over isa,
therefore restore this behavior.
Problem reported by <cipher-hearts at riseup dot net> on bugs@
ok deraadt@ kettenis@
anton [Tue, 21 Dec 2021 06:08:57 +0000 (06:08 +0000)]
errno overhaul, getting rid of some ambiguity. In the hopes of tracking
down a rare but annoying problem related to remote coverage exposed by
syzkaller.
jmatthew [Tue, 21 Dec 2021 00:23:15 +0000 (00:23 +0000)]
Multiply the number of states in the example adaptive timeout calculation
by 10 so it works with the numbers in the config, which were previously
multiplied.
ok dlg@
bluhm [Mon, 20 Dec 2021 22:28:48 +0000 (22:28 +0000)]
Remove useless suser assert from dt(4). The ioctl(2) path checks
the user anyway and close(2) may crash after setuid(2).
Reported-by: syzbot+90e094f33d329fb2c3ab@syzkaller.appspotmail.com
OK deraadt@
patrick [Mon, 20 Dec 2021 19:24:32 +0000 (19:24 +0000)]
bus_dmamem_unmap() should not be called from interrupt context, so free
and close flowrings using bwfm_do_async().
Reported by and ok kettenis@
deraadt [Mon, 20 Dec 2021 18:03:41 +0000 (18:03 +0000)]
sync
jsing [Mon, 20 Dec 2021 17:23:07 +0000 (17:23 +0000)]
Always allocate a new stack in o2i_SCT_LIST().
If we're given a pointer to an existing stack, free it and allocate a new
one rather than poping and freeing all of the existing entries so we can
reuse it. While here rename some arguments and variables.
ok inoguchi@ tb@
jsing [Mon, 20 Dec 2021 17:19:19 +0000 (17:19 +0000)]
Convert SCT_new_from_base64() to use CBS for o2i_SCT_signature().
Remove the existing o2i_SCT_signature() function and rename
o2i_SCT_signature_internal() to replace it.
ok inoguchi@ tb@
tobhe [Mon, 20 Dec 2021 17:09:18 +0000 (17:09 +0000)]
Remove unused variable 'clen'.
ok bluhm@
jsing [Mon, 20 Dec 2021 16:52:26 +0000 (16:52 +0000)]
Add regress coverage for the crazy SCT_new_from_base64() API.
visa [Mon, 20 Dec 2021 16:24:32 +0000 (16:24 +0000)]
Make filt_dead() selectively inactive with EVFILT_EXCEPT
When a knote uses the dead event filter, the knote's file descriptor is
not supposed to point to an object with pending out-of-band data. Make
the knote inactive so that userspace will not receive a spurious event.
However, kqueue-based poll(2) should still receive HUP notifications.
This lets the system use dead_filtops with less strings attached
relative to the filter type.