openbsd
3 years agoRemove obsolete comments about SSHv1 auth methods. ok djm@
dtucker [Fri, 2 Jul 2021 07:20:44 +0000 (07:20 +0000)]
Remove obsolete comments about SSHv1 auth methods.  ok djm@

3 years agoRemove references to ChallengeResponseAuthentication in favour of
dtucker [Fri, 2 Jul 2021 05:11:20 +0000 (05:11 +0000)]
Remove references to ChallengeResponseAuthentication in favour of
KbdInteractiveAuthentication.  The former is what was in SSHv1, the
latter is what is in SSHv2 (RFC4256) and they were treated as somewhat
but not entirely equivalent.  We retain the old name as deprecated alias
so config files continue to work and a reference in the man page for
people looking for it.

Prompted by bz#3303 which pointed out the discrepancy between the two
when used with Match.  Man page help & ok jmc@, with & ok djm@

3 years ago__remq.S will be needed soon.
deraadt [Fri, 2 Jul 2021 03:10:19 +0000 (03:10 +0000)]
__remq.S will be needed soon.

3 years agodelete sbin/restore
deraadt [Thu, 1 Jul 2021 20:34:19 +0000 (20:34 +0000)]
delete sbin/restore

3 years agoMerge SSL_METHOD_INTERNAL into SSL_METHOD.
jsing [Thu, 1 Jul 2021 17:53:39 +0000 (17:53 +0000)]
Merge SSL_METHOD_INTERNAL into SSL_METHOD.

Now that SSL_METHOD is opaque and in internal headers, we can remove
SSL_METHOD_INTERNAL by merging it back into SSL_METHOD.

ok tb@

3 years agoPrevent athn(4) from calling ieee80211_find_rxnode() on bad frames.
stsp [Thu, 1 Jul 2021 11:51:55 +0000 (11:51 +0000)]
Prevent athn(4) from calling ieee80211_find_rxnode() on bad frames.

This fixes an issue introduced with our workaround for bogus michael
mic failures seen when hardware receives control frames. We do need
to ignore the michael mic failure in this case but we should not call
ieee80211_find_rxnode() on such frames unconditionally. Do this only
if the transmitter's address has already been cached.

When ieee80211_find_rxnode() is called with an unknown source MAC address
it will create a new entry in the node cache. Frames flagged as incorrectly
received by hardware should not be passed to ieee80211_find_rxnode() without
further verification to avoid creating bogus cache entries based on corrupt
frame headers.

Prompted by an issue seen by kettenis@ on arm64 where the node cache
contains bogus entries. This change doesn't fix the issue but it is
a step in the right direction regardless since it fixes one possible
cause for the issue.

ok kettenis@
tested by myself and Mikolaj Kucharski

3 years agoJust in case another developer besides anton@ and myself even wants to
schwarze [Thu, 1 Jul 2021 10:22:16 +0000 (10:22 +0000)]
Just in case another developer besides anton@ and myself even wants to
look at these tests: add a comment providing a high-level picture of
what is going on here, such that everyday maintenance can be performed
without going down the rabbit hole of subr.sh and edit.c.

3 years agoWe already tested all corner cases for two-byte and three-byte UTF-8
schwarze [Thu, 1 Jul 2021 10:00:15 +0000 (10:00 +0000)]
We already tested all corner cases for two-byte and three-byte UTF-8
sequences, but coverage of four-byte sequences was incomplete, which
contributed to the recently fixed ksh(1) emacs.c bug not being found
for some time.

Consequently, add some tests covering
+ valid sequences starting with \0360, \0361, and \0363;
+ incomplete sequences starting with \0360 and \0361;
+ invalid (too low) sequences starting with \0360.

OK anton@

3 years agoremove useless and confusing log message when client has no certificate
eric [Thu, 1 Jul 2021 07:42:16 +0000 (07:42 +0000)]
remove useless and confusing log message when client has no certificate

ok millert@

3 years agoWe moved myname parsing from /etc/netstart to /etc/rc nov 2020, but
deraadt [Thu, 1 Jul 2021 01:16:13 +0000 (01:16 +0000)]
We moved myname parsing from /etc/netstart to /etc/rc nov 2020, but
this manual page wasn't corrected
from James Jerkins

3 years agoSimplify the way we track the FPU state, using powerpc64 as a model.
kettenis [Wed, 30 Jun 2021 22:20:56 +0000 (22:20 +0000)]
Simplify the way we track the FPU state, using powerpc64 as a model.
The new code still uses the clean/dirty state that the hardware reports
to optimize saving/restoring the FPU register, but no longer attempts to
keep the FPU registers alive across a context switch.  Fixes panics seen
on MP kernels.

ok drahn@

3 years agoThe byte \0363 is not invalid in UTF-8.
schwarze [Wed, 30 Jun 2021 18:55:52 +0000 (18:55 +0000)]
The byte \0363 is not invalid in UTF-8.
The incorrectness of this test was exposed by the bugfix
in /usr/src/bin/ksh/emacs.c rev. 1.88 and reported to me by bluhm@.
This is a minimal fix replacing the incorrect test line
with two correct tests involving the same byte.
OK anton@

3 years agomore trivial .Ar -> .Fa replacements in syscall manuals
schwarze [Wed, 30 Jun 2021 18:46:49 +0000 (18:46 +0000)]
more trivial .Ar -> .Fa replacements in syscall manuals

3 years agouse .Fa rather than .Ar; patch from me at EmilEngler dot com
schwarze [Wed, 30 Jun 2021 18:17:21 +0000 (18:17 +0000)]
use .Fa rather than .Ar; patch from me at EmilEngler dot com

3 years agoDisable some code that reaches into libssl internals.
jsing [Wed, 30 Jun 2021 18:11:47 +0000 (18:11 +0000)]
Disable some code that reaches into libssl internals.

This should be moved to a dedicated regress test.

3 years agoDisable some tests that probably no longer make sense.
jsing [Wed, 30 Jun 2021 18:10:42 +0000 (18:10 +0000)]
Disable some tests that probably no longer make sense.

We'll either fix these or remove them in the near future.

3 years agoPull in ssl_locl.h to allow for move of struct ssl_session_st.
jsing [Wed, 30 Jun 2021 18:09:46 +0000 (18:09 +0000)]
Pull in ssl_locl.h to allow for move of struct ssl_session_st.

3 years agoPrepare to provide SSL_get_signature_nid() and friends.
jsing [Wed, 30 Jun 2021 18:07:50 +0000 (18:07 +0000)]
Prepare to provide SSL_get_signature_nid() and friends.

This adds functionality for SSL_get_signature_nid(),
SSL_get_peer_signature_nid(), SSL_get_signature_type_nid() and
SSL_get_peer_signature_type_nid().

This is not currently publicly visible and will be exposed at a later
date.

ok inoguchi@ tb@

3 years agoMove some structs from public to private headers.
jsing [Wed, 30 Jun 2021 18:04:05 +0000 (18:04 +0000)]
Move some structs from public to private headers.

Move struct ssl_cipher_st, struct ssl_method_st, struct ssl_session_st and
struct ssl3_state_st from public to private headers. These are already
under #ifdef LIBRESSL_INTERNAL and are no longer publicly visible.

ok inoguchi@ tb@

3 years ago... way too much white space!
claudio [Wed, 30 Jun 2021 15:24:10 +0000 (15:24 +0000)]
... way too much white space!

3 years agoRemove splnet() from ifnewlladdr(), it is not needed anymore.
bluhm [Wed, 30 Jun 2021 13:23:33 +0000 (13:23 +0000)]
Remove splnet() from ifnewlladdr(), it is not needed anymore.
Add asserts and comments for the locks that are necessary.
discussed with dlg@ mpi@ mvs@; tested by Hrvoje Popovski; OK mpi@

3 years agoRemove TODO.md, this file is not up-to-date and also not really a good
claudio [Wed, 30 Jun 2021 13:16:45 +0000 (13:16 +0000)]
Remove TODO.md, this file is not up-to-date and also not really a good
todo list for rsync.

3 years agoReplace Id: tags with OpenBSD: tags
claudio [Wed, 30 Jun 2021 13:10:04 +0000 (13:10 +0000)]
Replace Id: tags with OpenBSD: tags
OK deraadt@

3 years agoRemove unused variable cryptodesc_pool. Document global variables
bluhm [Wed, 30 Jun 2021 12:21:02 +0000 (12:21 +0000)]
Remove unused variable cryptodesc_pool.  Document global variables
in crypto.c and annotate locking protection.  Assert kernel lock
where needed.  Remove dead code from crypto_get_driverid().  Move
crypto_init() prototype into header file.
OK mpi@

3 years agogrow ramdisk area due to increased firmware sizes..
deraadt [Wed, 30 Jun 2021 12:19:00 +0000 (12:19 +0000)]
grow ramdisk area due to increased firmware sizes..
ok jsg

3 years agouse @ to silently execute "exec make"
deraadt [Wed, 30 Jun 2021 11:50:22 +0000 (11:50 +0000)]
use @ to silently execute "exec make"

3 years agoFor path MTU discovery tcp_mtudisc() should resend a TCP packet by
bluhm [Wed, 30 Jun 2021 11:26:49 +0000 (11:26 +0000)]
For path MTU discovery tcp_mtudisc() should resend a TCP packet by
calling tcp_output() if the TCP maximum segment size changes.  But
that did not work, as the new value was compared before tcp_mss()
had a chance to modify it.  Move the comparison and change it from
not equal to greater than.  It makes only sense to resend a packet
immediately if it becomes smaller and is more likely to fit.
OK sashan@ tobhe@

3 years agoTLS error messages have changed slightly, adapt regex for expected
bluhm [Wed, 30 Jun 2021 10:11:36 +0000 (10:11 +0000)]
TLS error messages have changed slightly, adapt regex for expected
logs in syslogd regress.

3 years agodocument and deprecate the macros X509_extract_key(3)
schwarze [Wed, 30 Jun 2021 10:06:43 +0000 (10:06 +0000)]
document and deprecate the macros X509_extract_key(3)
and X509_REQ_extract_key(3), using feedback from tb@ and jsing@

3 years agoCorrect sigalg hash usage when signing content for client verify.
jsing [Wed, 30 Jun 2021 09:59:07 +0000 (09:59 +0000)]
Correct sigalg hash usage when signing content for client verify.

This was inadvertently broken during sigalgs refactoring.

3 years agoAlign HT protection flags we send to iwx(4) firmware with flags used by
stsp [Wed, 30 Jun 2021 09:47:57 +0000 (09:47 +0000)]
Align HT protection flags we send to iwx(4) firmware with flags used by
Linux iwlwifi.

Setting the FAT protection flag while we're using 20 MHz channels doesn't
really make a lot of sense to me but apparently firmware expects it to be
set regardless. Linux does not use the SELF_CTS_EN flag so it might be better
to avoid using SELF_CTS_EN.

According to zxystd from OpenIntelWireless, the same change fixed fatal
firmware errors seen during HT protection updates for them:
https://github.com/OpenIntelWireless/itlwm/commit/032a14185a434b7181c0e78a953dc2e1c21a0853

test and ok gnezdo@

3 years agoMake the iwx(4) mac context task send its command only if we are still in
stsp [Wed, 30 Jun 2021 09:47:20 +0000 (09:47 +0000)]
Make the iwx(4) mac context task send its command only if we are still in
RUN state when the task gets to run. Fixes fatal firmware errors where
mac context updates were erroneously sent in states other than RUN state.

Additionally, avoid scheduling a mac context task if a pending newstate
task is going to move us out of RUN state anyway.

Issue debugged by zxystd in OpenIntelWireless itlwm; patch by me.

3 years agoMake Tx-done interrupt processing in iwx(4) more similar to iwlwifi.
stsp [Wed, 30 Jun 2021 09:46:46 +0000 (09:46 +0000)]
Make Tx-done interrupt processing in iwx(4) more similar to iwlwifi.

When iwx(4) takes a frame off the queue we used the ring index reported
by firmware to figure out which frame can be taken off the ring.
This logic was inherited from iwn(4).

We have sometimes seen an index get skipped and had a workaround in place
where we took all pending frames up to this index off the ring.

Apart from the ring index the firmware reports another value which is its
starting sequence number (SSN). An SSN is usually associated with a Tx
aggregation queue that uses block ack. On non-aggregation queues the SSN
matches the ring index most of the time and hence seems redundant at first
sight. But the values are not always the same.

We now always use the SSN as the upper bound which matches the Linux driver.

This seems to fix fatal firmware errors during Tx commands seen by jcs@
which suggests that we were sometimes taking frames off the ring too early.

3 years agoFix Tx queue flushing in iwm(4).
stsp [Wed, 30 Jun 2021 09:45:47 +0000 (09:45 +0000)]
Fix Tx queue flushing in iwm(4).

iwm(4) was still using an outdated version of the TX_FLUSH command.
Current firmware expects a different version which has the same size but
different semantics. The iwx(4) driver is already using the new version.

Also do not log errors if flushing Tx queues fails. This can happen if
the AP disappeared. Just cope by resetting the device and clearing rings.

Should fix "flushing Tx queues failed" and related firmware errors.

3 years agoAlign HT protection flags we send to iwm(4) firmware with flags used by
stsp [Wed, 30 Jun 2021 09:44:56 +0000 (09:44 +0000)]
Align HT protection flags we send to iwm(4) firmware with flags used by
Linux iwlwifi.

Setting the FAT protection flag while we're using 20 MHz channels doesn't
really make a lot of sense to me but apparently firmware expects it to be
set regardless. Linux does not use the SELF_CTS_EN flag so it might be better
to avoid using SELF_CTS_EN.

According to zxystd from OpenIntelWireless, the same change fixed fatal
firmware errors seen during HT protection updates for them:
https://github.com/OpenIntelWireless/itlwm/commit/032a14185a434b7181c0e78a953dc2e1c21a0853

test and ok gnezdo@

3 years agoMake the iwm(4) mac context task send its command only if we are still in
stsp [Wed, 30 Jun 2021 09:43:59 +0000 (09:43 +0000)]
Make the iwm(4) mac context task send its command only if we are still in
RUN state when the task gets to run. Fixes fatal firmware errors where
mac context updates were erroneously sent in states other than RUN state.

Additionally, avoid scheduling a mac context task if a pending newstate
task is going to move us out of RUN state anyway.

Issue debugged by zxystd in OpenIntelWireless itlwm; patch by me.

3 years agoMake Tx-done interrupt processing in iwm(4) more similar to iwlwifi.
stsp [Wed, 30 Jun 2021 09:42:22 +0000 (09:42 +0000)]
Make Tx-done interrupt processing in iwm(4) more similar to iwlwifi.

When iwm(4) takes a frame off a non-aggregation queue we used the ring index
reported by firmware to figure out which frame can be taken off the ring.
This logic was inherited from iwn(4).

We have sometimes seen an index get skipped and had a workaround in place
where we took all pending frames up to this index off the ring.

Apart from the ring index the firmware reports another value which is its
starting sequence number (SSN). An SSN is usually associated with a Tx
aggregation queue that uses block ack. On non-aggregation queues the SSN
matches the ring index most of the time and hence seems redundant at first
sight. But the values are not always the same.

We now always use the SSN as the upper bound which matches the Linux driver.

This seems to fix fatal firmware errors during Tx commands seen by jcs@
which suggests that we were sometimes taking frames off the ring too early.

The ring index is still used to feed information about a frame to the Tx
rate control algorithm but no longer determines when frames are taken off
the ring.

test and ok jcs@

3 years agoadd missing call to sbi_remote_fence_i()
jsg [Wed, 30 Jun 2021 07:39:05 +0000 (07:39 +0000)]
add missing call to sbi_remote_fence_i()

ok kettenis@

3 years agoMULTIPTOCESSOR -> MULTIPROCESSOR
jsg [Wed, 30 Jun 2021 01:08:10 +0000 (01:08 +0000)]
MULTIPTOCESSOR -> MULTIPROCESSOR

ok deraadt@

3 years agosync
deraadt [Tue, 29 Jun 2021 22:41:12 +0000 (22:41 +0000)]
sync

3 years agoinclude bsd.mp (but don't change isntall.md to choose it yet)
deraadt [Tue, 29 Jun 2021 22:03:50 +0000 (22:03 +0000)]
include bsd.mp (but don't change isntall.md to choose it yet)

3 years agobuild bsd.mp
deraadt [Tue, 29 Jun 2021 22:03:30 +0000 (22:03 +0000)]
build bsd.mp

3 years agoDidn't intend to commit the CPU_IS_RUNNING() changes just yet, so revert
kettenis [Tue, 29 Jun 2021 21:31:49 +0000 (21:31 +0000)]
Didn't intend to commit the CPU_IS_RUNNING() changes just yet, so revert
those bits.

3 years agoSMP support. Mostly works, but occasionally craps out during boot.
kettenis [Tue, 29 Jun 2021 21:27:52 +0000 (21:27 +0000)]
SMP support.  Mostly works, but occasionally craps out during boot.

ok drahn@

3 years agowhitespace
kettenis [Tue, 29 Jun 2021 19:58:21 +0000 (19:58 +0000)]
whitespace

3 years agosync
deraadt [Tue, 29 Jun 2021 19:57:23 +0000 (19:57 +0000)]
sync

3 years agoPull sigalg selection up into ssl3_send_client_verify().
jsing [Tue, 29 Jun 2021 19:56:11 +0000 (19:56 +0000)]
Pull sigalg selection up into ssl3_send_client_verify().

This means that we do sigalg selection for all cases, including those
where are are not sending sigalgs. This is needed in order to track our
signature type in legacy cases.

ok tb@

3 years agoTrack sigalg used by ourselves and our peer in the legacy stack.
jsing [Tue, 29 Jun 2021 19:43:15 +0000 (19:43 +0000)]
Track sigalg used by ourselves and our peer in the legacy stack.

This is needed for upcoming API additions.

3 years agoPull up and dedup the TLS version check in ssl_sigalg_pkey_ok().
jsing [Tue, 29 Jun 2021 19:36:14 +0000 (19:36 +0000)]
Pull up and dedup the TLS version check in ssl_sigalg_pkey_ok().

Suggested by tb@

3 years agoSimplify RSA PSS key size comment.
jsing [Tue, 29 Jun 2021 19:33:46 +0000 (19:33 +0000)]
Simplify RSA PSS key size comment.

Wording provided by tb@

3 years agoUse appropriate TLS version when building client sigalg extensions.
jsing [Tue, 29 Jun 2021 19:31:16 +0000 (19:31 +0000)]
Use appropriate TLS version when building client sigalg extensions.

Only use the minimum TLS version to when building a signature algorithms
extension for a ClientHello - in all other cases we should be using the
negotiated TLS version.

ok inoguchi@ tb@

3 years agoChange ssl_sigalg_from_value() to take SSL * instead of a TLS version.
jsing [Tue, 29 Jun 2021 19:29:16 +0000 (19:29 +0000)]
Change ssl_sigalg_from_value() to take SSL * instead of a TLS version.

This simplifies callers, as only the negotiated TLS version needs to be
used here.

Requested by tb@

3 years agoMake various sigalg functions static now that they're only used internally.
jsing [Tue, 29 Jun 2021 19:25:59 +0000 (19:25 +0000)]
Make various sigalg functions static now that they're only used internally.

3 years agoConvert legacy stack server to ssl_sigalg_for_peer().
jsing [Tue, 29 Jun 2021 19:24:07 +0000 (19:24 +0000)]
Convert legacy stack server to ssl_sigalg_for_peer().

ok inoguchi@ tb@

3 years agoConvert legacy stack client to ssl_sigalg_for_peer().
jsing [Tue, 29 Jun 2021 19:23:36 +0000 (19:23 +0000)]
Convert legacy stack client to ssl_sigalg_for_peer().

ok inoguchi@ tb@

3 years agoProvide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.
jsing [Tue, 29 Jun 2021 19:20:39 +0000 (19:20 +0000)]
Provide a ssl_sigalg_for_peer() function and use in the TLSv1.3 code.

Provide an ssl_sigalg_for_peer() function that knows how to figure out
which signature algorithm should be used for a peer provided signature,
performing appropriate validation to ensure that the peer provided value
is suitable for the protocol version and key in use.

In the TLSv1.3 code, this replaces the need for separate calls to lookup
the sigalg from the peer provided value, then perform validation.

ok inoguchi@ tb@

3 years agoMove the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().
jsing [Tue, 29 Jun 2021 19:10:08 +0000 (19:10 +0000)]
Move the RSA-PSS check for TLSv1.3 to ssl_sigalg_pkey_ok().

Also, rather than passing in a check_curve flag, pass in the SSL * and
handle version checks internally to ssl_sigalg_pkey_ok(), simplifying
the callers.

ok inoguchi@ tb@

3 years agoFactor out handling of legacy default signature algorithms.
jsing [Tue, 29 Jun 2021 18:59:25 +0000 (18:59 +0000)]
Factor out handling of legacy default signature algorithms.

In the case of TLSv1.0 and TLSv1.1 there is no signature algorithms
extension and default signature algorithms are used - similar applies to
TLSv1.2 when the signature algorithms extension has been omitted.

ok inoguchi@ tb@

3 years agoMop up now unused variables.
jsing [Tue, 29 Jun 2021 18:55:47 +0000 (18:55 +0000)]
Mop up now unused variables.

3 years agoRequire a ServerHello following a HelloRetryRequest to use the same cipher.
jsing [Tue, 29 Jun 2021 18:47:15 +0000 (18:47 +0000)]
Require a ServerHello following a HelloRetryRequest to use the same cipher.

RFC 8446 section 4.1.4 requires that the client ensure the cipher suite
in the TLSv1.3 HelloRetryRequest and subsequent ServerHello is the same.

Reported via GitHub issue #675.

ok inoguchi@ tb@

3 years agodelete pre-EFI boot kernel location scripting
deraadt [Tue, 29 Jun 2021 18:45:41 +0000 (18:45 +0000)]
delete pre-EFI boot kernel location scripting
ok drahn

3 years agoReject zero-length non-application data fragments in the legacy stack.
jsing [Tue, 29 Jun 2021 18:43:49 +0000 (18:43 +0000)]
Reject zero-length non-application data fragments in the legacy stack.

Per RFC 5246 section 6.2.1, zero-length fragments are only permitted for
application data - reject all others.

Reported via GitHub issue #675.

ok inoguchi@ tb@

3 years agosync maxusers with other 64bits architectures. ok kettenis@, deraadt@.
matthieu [Tue, 29 Jun 2021 17:49:49 +0000 (17:49 +0000)]
sync maxusers with other 64bits architectures. ok kettenis@, deraadt@.

3 years agoFlip the -r RRDP switch, which went through community testing for half a year.
deraadt [Tue, 29 Jun 2021 17:43:57 +0000 (17:43 +0000)]
Flip the -r RRDP switch, which went through community testing for half a year.
Default is now to attempt RRDP first, then try RSYNC.
If problems show up, return to rsync-only behaviour with -R, and file a report.
ok claudio

3 years agomore precision because the argument is signed,
schwarze [Tue, 29 Jun 2021 16:34:52 +0000 (16:34 +0000)]
more precision because the argument is signed,
and even char is signed on some platforms;
OK millert@ jmc@

3 years agoremove unused prototype
claudio [Tue, 29 Jun 2021 16:15:37 +0000 (16:15 +0000)]
remove unused prototype
OK deraadt@

3 years agoSend AUTHENTICATION_FAILED in case of unexpected auth method or auth
tobhe [Tue, 29 Jun 2021 15:39:20 +0000 (15:39 +0000)]
Send AUTHENTICATION_FAILED in case of unexpected auth method or auth
data not being accessible.

From Claudia Priesterjahn @ achelos
ok patrick@

3 years agofunction args must not use .Ar and EDOM and ERANGE require .Er;
schwarze [Tue, 29 Jun 2021 14:47:33 +0000 (14:47 +0000)]
function args must not use .Ar and EDOM and ERANGE require .Er;
mostly mechanical diff similar to what Emil Engler just sent for sqrt(3)

3 years agoinsert missing .Ns
schwarze [Tue, 29 Jun 2021 14:46:44 +0000 (14:46 +0000)]
insert missing .Ns

3 years agobasic mdoc(7) macro cleanup; patch from me at EmilEngler dot com
schwarze [Tue, 29 Jun 2021 14:04:16 +0000 (14:04 +0000)]
basic mdoc(7) macro cleanup; patch from me at EmilEngler dot com

3 years agorktcphy(4)
patrick [Tue, 29 Jun 2021 12:51:18 +0000 (12:51 +0000)]
rktcphy(4)

3 years agoWhen configuring the USB3 phy, try the OFW PHY API first, and if there's
patrick [Tue, 29 Jun 2021 12:46:36 +0000 (12:46 +0000)]
When configuring the USB3 phy, try the OFW PHY API first, and if there's
no matching device, fall back to xhci(4)'s PHY configuration code.

ok kettenis@

3 years agoEnable rktcphy(4).
patrick [Tue, 29 Jun 2021 12:43:33 +0000 (12:43 +0000)]
Enable rktcphy(4).

ok kettenis@

3 years agoAdd rktcphy(4), a driver for the Type-C PHY controller found on the
patrick [Tue, 29 Jun 2021 12:43:09 +0000 (12:43 +0000)]
Add rktcphy(4), a driver for the Type-C PHY controller found on the
Rockchip RK3399.  While the PHY allows switching between combinations
of USB3 and DisplayPort, this driver enables only USB3 functionality.
This allows USB3 devices to show up on machines where previously only
USB2 devices showed up.  Driver was taken from FreeBSD and adjusted to
fit into our code base.

ok kettenis@

3 years agoThe way we boot OpenBSD, there is no need to play the hart lottery.
kettenis [Tue, 29 Jun 2021 12:22:39 +0000 (12:22 +0000)]
The way we boot OpenBSD, there is no need to play the hart lottery.
This is essentially a remnant of early RISC-V, which used the Berkely
Boot Loader.  Modern RISC-V firmware makes sure only one hart is enabled
and offsers SBI calls to start the other harts.

3 years agoAdjust unveil_find_cover() to return -1 if the root vnode is passed in.
claudio [Tue, 29 Jun 2021 07:55:29 +0000 (07:55 +0000)]
Adjust unveil_find_cover() to return -1 if the root vnode is passed in.
This helps unveil_add_vnode() to properly re-evaluate unveils when
"/" is added to the list.

Because of this adjust unveil_covered() to check for the root as well
so that in that case the unveil uv is returned instead of NULL. Traversing
up from the root returns the root. This check is not really needed since
namei has its own root check and shortcuts for root vnodes.

OK semarie@

3 years agoremove arch ifdefs around drm.h include
jsg [Tue, 29 Jun 2021 01:46:35 +0000 (01:46 +0000)]
remove arch ifdefs around drm.h include

ok deraadt@ kettenis@

3 years agomove some config lines to ensure drm.h is always created
jsg [Tue, 29 Jun 2021 01:42:14 +0000 (01:42 +0000)]
move some config lines to ensure drm.h is always created

ok deraadt@ kettenis@

3 years agodelete the two pairs of extra blank lines from expected man(7) terminal
schwarze [Mon, 28 Jun 2021 19:59:09 +0000 (19:59 +0000)]
delete the two pairs of extra blank lines from expected man(7) terminal
output that are no longer printed since man_term.c rev. 1.189

3 years agoAdd another epicycle to -A processing that ensures ONLY the
krw [Mon, 28 Jun 2021 19:50:30 +0000 (19:50 +0000)]
Add another epicycle to -A processing that ensures ONLY the
partition table is changed. Not the GPT header. Not the MBR. And
only write back as much partition table information as the header
claims to have room for.

At a minimum should make -A safer when operating on the Apple M1
GPT.

A major overhaul of this code is urgently needed before someone
sneezes too hard in its vicinity.

Feedback kettenis@ & ok deraadt@

3 years agoIn terminal output of man(7) documents, stop printing two extra blank
schwarze [Mon, 28 Jun 2021 19:49:57 +0000 (19:49 +0000)]
In terminal output of man(7) documents, stop printing two extra blank
lines before the NAME section and before the page footer.  While these
blank lines had a long tradition, they didn't really serve any purpose
and merely wasted screen real estate.  Besides, this makes output from
man(7) more similar to output from mdoc(7).

This commit keeps mandoc compatible with groff-current,
where G. Branden Robinson committed the same change
on June 16 (groff commit 2278d6ed).

3 years agodo not need .align 2 or 4 after .text, the ABI's .text will decide what
deraadt [Mon, 28 Jun 2021 18:53:10 +0000 (18:53 +0000)]
do not need .align 2 or 4 after .text, the ABI's .text will decide what
to do
ok kettenis

3 years agowhitespace
deraadt [Mon, 28 Jun 2021 18:52:26 +0000 (18:52 +0000)]
whitespace

3 years agoUse the order action->sender == ctx->mode everywhere for consistency.
tb [Mon, 28 Jun 2021 18:48:56 +0000 (18:48 +0000)]
Use the order action->sender == ctx->mode everywhere for consistency.

3 years agoctx->alert is not a boolean, so compare it explicitly against 0.
tb [Mon, 28 Jun 2021 18:42:17 +0000 (18:42 +0000)]
ctx->alert is not a boolean, so compare it explicitly against 0.

3 years agoFix assembly in #ifdef MULTIPROCESSOR case.
kettenis [Mon, 28 Jun 2021 18:38:17 +0000 (18:38 +0000)]
Fix assembly in #ifdef MULTIPROCESSOR case.

ok jsing@

3 years agoAdd speculation-blocking sequence after syscalls like we did for libc a while
kettenis [Mon, 28 Jun 2021 18:21:08 +0000 (18:21 +0000)]
Add speculation-blocking sequence after syscalls like we did for libc a while
ago.  While there, fix the SYS_exit syscall.  The syscall number is passed in
r12, not as the argument of the syscall instruction.

ok deraadt@

3 years agodelete .align inside sigtramp stubs, as the stack alignment requirement
deraadt [Mon, 28 Jun 2021 15:45:15 +0000 (15:45 +0000)]
delete .align inside sigtramp stubs, as the stack alignment requirement
hasn't existed for many years, since the code was moved it into a unique page,
with trap sleds.
ok kettenis

3 years agoThe state machine now takes care of setting the legacy state,
tb [Mon, 28 Jun 2021 15:36:51 +0000 (15:36 +0000)]
The state machine now takes care of setting the legacy state,
so it is no longer necessary in to do this by hand in various
places of the code interfacing with the legacy stack.

ok jsing

3 years agoExpand info callback support for TLSv1.3
tb [Mon, 28 Jun 2021 15:35:14 +0000 (15:35 +0000)]
Expand info callback support for TLSv1.3

During the TLSv1.3 handshake, update the legacy state and call the
info callback at the appropriate moment.  This is done by mapping
the TLSv1.3 states to the states in the old state machine whenever
that is possible. The callbacks are called at the beginning and end
of the handshake, and just before the state machine advances.

This should fix a periodic warning in logs of tor relays about a
variable that wasn't set although it should have been.

input/ok jsing, ok inoguchi (early version)

3 years agoHave tcpdump split the 802.11 sequence number field into its sequence number
stsp [Mon, 28 Jun 2021 14:35:42 +0000 (14:35 +0000)]
Have tcpdump split the 802.11 sequence number field into its sequence number
and fragment number components instead of printing the whole field in decimal.

ok sthen@ kn@ jca@

3 years agoplaceholder for later
espie [Mon, 28 Jun 2021 14:17:01 +0000 (14:17 +0000)]
placeholder for later

3 years agoGarbage collect loop index i which is no longer used after usage tweak.
tb [Mon, 28 Jun 2021 14:01:38 +0000 (14:01 +0000)]
Garbage collect loop index i which is no longer used after usage tweak.

3 years agoFix base-gcc -Wno-error=uninitialized
jca [Mon, 28 Jun 2021 13:47:46 +0000 (13:47 +0000)]
Fix base-gcc -Wno-error=uninitialized

base-gcc always errored out when -Werror was passed and -Wuninitialized
triggered, even when -Wno-error=uninitialized was passed.

Deemed correct by Miod

3 years agoremove old "paranoid" option, I'm pretty sure nobody uses it.
espie [Mon, 28 Jun 2021 11:25:14 +0000 (11:25 +0000)]
remove old "paranoid" option, I'm pretty sure nobody uses it.

refactor the code into figuring out simple updates: if we don't have
any @execs but just @tags, we can probably do something simpler wrt
temporary files and temporary filenames, which should speed up texlive
updates significantly.

(the tempfile code is not there yet, just the check for safe updates)

3 years agoMake anonymous object reference counting independant from the KERNEL_LOCK().
mpi [Mon, 28 Jun 2021 11:19:01 +0000 (11:19 +0000)]
Make anonymous object reference counting independant from the KERNEL_LOCK().

- Use atomic operations for increment/decrement

- Rewrite the loop from uao_swap_off() to only keep a reference to the
  next item in the list.

ok jmatthew@

3 years agoEnable dt(4).
mpi [Mon, 28 Jun 2021 11:04:14 +0000 (11:04 +0000)]
Enable dt(4).

ok kettenis@

3 years agoImplement copyin32().
kettenis [Mon, 28 Jun 2021 09:35:09 +0000 (09:35 +0000)]
Implement copyin32().

ok deraadt@

3 years agoAlso show the time spent in userland when analyzing the kernel stack
bluhm [Mon, 28 Jun 2021 08:55:06 +0000 (08:55 +0000)]
Also show the time spent in userland when analyzing the kernel stack
in flame graph.  Only when both kernel and userland are displayed,
the whole picture of system activity becomes clear.  Fixes a parsing
bug in the flame graph tool where userland time was interpreted as
invalid kernel stack.
OK kn@

3 years agoMake sure __bss_start is aligned on an 8-byte boundary. This makes sure
kettenis [Sun, 27 Jun 2021 21:39:55 +0000 (21:39 +0000)]
Make sure __bss_start is aligned on an 8-byte boundary.  This makes sure
zeroing out .bss doesn't overrun and overwrite the ELF symbol table.

ok patrick@