jsg [Sat, 20 Apr 2024 08:54:01 +0000 (08:54 +0000)]
add Ryzen 8040 "Hawk Point" ids
found in AMD Software: Adrenalin Edition 24.3.1
functionally the same as Ryzen 7040 "Phoenix"
bluhm [Fri, 19 Apr 2024 22:20:36 +0000 (22:20 +0000)]
Make regress mpath more reliable.
Create 100 IP addresses and 100 multipath routes. Then the test
can expect a better distribution of routes that are actually used.
OK anton@
mglocker [Fri, 19 Apr 2024 20:43:33 +0000 (20:43 +0000)]
As of the documentation, the UTP Command Descriptor Base Address (UCDBA)
needs to be aligned on a 128-byte address.
This fixes an issue seen on the PCI controller, where a DMA transfer
scheduled on a odd slot will fail.
jmc [Fri, 19 Apr 2024 19:16:26 +0000 (19:16 +0000)]
replace a (technically incorrect) instance of "IP" with "address";
issue reported by tech3599 at posteo net via henning;
discussed with/ok henning
jca [Fri, 19 Apr 2024 14:39:34 +0000 (14:39 +0000)]
Fix typo in comment
mpi [Fri, 19 Apr 2024 10:22:50 +0000 (10:22 +0000)]
Revert per-CPU caches a double-free has been found by naddy@.
bluhm [Fri, 19 Apr 2024 10:13:58 +0000 (10:13 +0000)]
Merge IPv4 and IPv6 options in inpcb.
A internet PCB has either inp_options or inp_outputopts6. Put them
into a common anonymous union.
OK mvs@ kn@
tb [Fri, 19 Apr 2024 09:54:36 +0000 (09:54 +0000)]
bss_conn: zap trailing whitespace
ratchov [Fri, 19 Apr 2024 06:50:37 +0000 (06:50 +0000)]
nfs: Permit null requests (aka server pings) from non-reserved ports
Unfortunately, this is recommended by rfc 2623 and used by Linux
nfs-utils to mount NFS exports. So until nfs-utils switches into
using reserved ports, this is needed to mount OpenBSD file-systems
on most (all?) Linux distros.
Bits from claudio, ok millert
tb [Thu, 18 Apr 2024 16:50:22 +0000 (16:50 +0000)]
Remove a couple of lies about GOST in CMS
tb [Thu, 18 Apr 2024 16:33:33 +0000 (16:33 +0000)]
More GOST removal adjustments
tb [Thu, 18 Apr 2024 16:32:22 +0000 (16:32 +0000)]
EVP_PKEY_set1_RSA.3 some adjustments after GOST removal
tb [Thu, 18 Apr 2024 11:56:53 +0000 (11:56 +0000)]
Add some more comments explaining shortcomings of the API
The case in point is the incompatibility of the very ergonomic X509_ALGOR
API with the RC2-derived API massacre that is EVP_CIPHER_asn1_to_param()
and its "inverse".
ok jsing
tb [Thu, 18 Apr 2024 11:53:40 +0000 (11:53 +0000)]
Use X509_ALGOR_get0() in ecdh_cms_set_shared_info()
This makes things slightly less gross since it involves less reaching
into nested ASN.1 structures. But don't get the idea that this means
the code is now clean.
ok jsing
tb [Thu, 18 Apr 2024 11:51:53 +0000 (11:51 +0000)]
Test and assign in ecdh_cms_set_shared_info()
ok jsing
tb [Thu, 18 Apr 2024 11:51:01 +0000 (11:51 +0000)]
Turn ecdh_cms_set_shared_info() into single exit
ok jsing
claudio [Thu, 18 Apr 2024 10:29:39 +0000 (10:29 +0000)]
proc_trampoline_mp() was replaced by proc_trampoline_mi() adjust prototype.
OK mpi@
claudio [Thu, 18 Apr 2024 09:06:42 +0000 (09:06 +0000)]
If a proc has P_WEXIT set do not stop it, let it exit since it is already
mostly dead.
This is more like belts and suspenders since a proc in exit1() will not
receive signals anymore and so proc_stop() should not be reachable. This
is even the case when sigexit() is called and a coredump() is happening.
OK mpi@
claudio [Thu, 18 Apr 2024 08:59:38 +0000 (08:59 +0000)]
Clear PCATCH for procs that have P_WEXIT set.
Exiting procs will not return to userland and can not deliver signals so
it is better to not even try.
OK mpi@
jsg [Thu, 18 Apr 2024 01:15:33 +0000 (01:15 +0000)]
drm/amd/display: fix disable otg wa logic in DCN316
From Fudongwang
50971570ba79e421e0df8785dd58f4b696c8c1b7 in linux-6.6.y/6.6.28
cf79814cb0bf5749b9f0db53ca231aa540c02768 in mainline linux
jsg [Thu, 18 Apr 2024 01:13:07 +0000 (01:13 +0000)]
drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST
From Harry Wentland
5ca6cbd8adbedd4aa2ef7e77aa31354f6dfee573 in linux-6.6.y/6.6.28
c3e2a5f2da904a18661335e8be2b961738574998 in mainline linux
jsg [Thu, 18 Apr 2024 01:10:52 +0000 (01:10 +0000)]
drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4
From Harry Wentland
b12c3cfd8265f69d238b4a3200d8755f609e9e58 in linux-6.6.y/6.6.28
9e61ef8d219877202d4ee51d0d2ad9072c99a262 in mainline linux
jsg [Thu, 18 Apr 2024 01:08:20 +0000 (01:08 +0000)]
drm/amdgpu: fix incorrect number of active RBs for gfx11
From Tim Huang
bd3105a71d1c125deedf35be11b4d79e8b84e6f2 in linux-6.6.y/6.6.28
bbca7f414ae9a12ea231cdbafd79c607e3337ea8 in mainline linux
jsg [Thu, 18 Apr 2024 01:06:33 +0000 (01:06 +0000)]
drm/amdgpu: always force full reset for SOC21
From Alex Deucher
fa2df4aa3e3aeae02adc9b4b4f43b7b69b63e5cf in linux-6.6.y/6.6.28
65ff8092e4802f96d87d3d7cde146961f5228265 in mainline linux
jsg [Thu, 18 Apr 2024 01:04:41 +0000 (01:04 +0000)]
drm/amdgpu: Reset dGPU if suspend got aborted
From Lijo Lazar
1520bf605d2ff0d733648713b5485865dde0dea9 in linux-6.6.y/6.6.28
8b2be55f4d6c1099d7f629b0ed7535a5be788c83 in mainline linux
jsg [Thu, 18 Apr 2024 01:02:15 +0000 (01:02 +0000)]
drm/i915: Disable port sync when bigjoiner is used
From Ville Syrjala
2708354ffb70c0a6ec8dd6944077ca7e50a2688b in linux-6.6.y/6.6.28
0653d501409eeb9f1deb7e4c12e4d0d2c9f1cba1 in mainline linux
jsg [Thu, 18 Apr 2024 01:00:30 +0000 (01:00 +0000)]
drm/i915/cdclk: Fix CDCLK programming order when pipes are active
From Ville Syrjala
d1742f77bdf28ffd37a9bd94934a2d261e85de33 in linux-6.6.y/6.6.28
7b1f6b5aaec0f849e19c3e99d4eea75876853cdd in mainline linux
jsg [Thu, 18 Apr 2024 00:58:03 +0000 (00:58 +0000)]
drm/client: Fully protect modes[] with dev->mode_config.mutex
From Ville Syrjala
04e018bd913d3d3336ab7d21c2ad31a9175fe984 in linux-6.6.y/6.6.28
3eadd887dbac1df8f25f701e5d404d1b90fd0fea in mainline linux
jsg [Thu, 18 Apr 2024 00:56:11 +0000 (00:56 +0000)]
drm/amdkfd: Reset GPU on queue preemption failure
From Harish Kasiviswanathan
4d87f08eb75513334a85458306373d7560af1017 in linux-6.6.y/6.6.28
8bdfb4ea95ca738d33ef71376c21eba20130f2eb in mainline linux
jsg [Thu, 18 Apr 2024 00:54:36 +0000 (00:54 +0000)]
drm/i915/vrr: Disable VRR when using bigjoiner
From Ville Syrjala
f9b31dfdc0b5a04fb78cde6d2c64e54607dd316d in linux-6.6.y/6.6.28
dcd8992e47f13afb5c11a61e8d9c141c35e23751 in mainline linux
jsg [Thu, 18 Apr 2024 00:52:17 +0000 (00:52 +0000)]
drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
From Tim Huang
1e3b8874d55c0c28378beb9007494a7a9269a5f5 in linux-6.6.y/6.6.28
31729e8c21ecfd671458e02b6511eb68c2225113 in mainline linux
tb [Wed, 17 Apr 2024 23:24:18 +0000 (23:24 +0000)]
Remove comments from captain obvious and drop useless prototypes
tb [Wed, 17 Apr 2024 22:48:17 +0000 (22:48 +0000)]
SSL_version_str is no more
tb [Wed, 17 Apr 2024 22:43:42 +0000 (22:43 +0000)]
tidy includes
tb [Wed, 17 Apr 2024 21:55:43 +0000 (21:55 +0000)]
bn_convert: zap extra blank line
bluhm [Wed, 17 Apr 2024 20:48:51 +0000 (20:48 +0000)]
Use struct ipsec_level within inpcb.
Instead of passing around u_char[4], introduce struct ipsec_level
that contains 4 ipsec levels. This provides better type safety.
The embedding struct inpcb is globally visible for netstat(1), so
put struct ipsec_level outside of #ifdef _KERNEL.
OK deraadt@ mvs@
tb [Wed, 17 Apr 2024 20:47:36 +0000 (20:47 +0000)]
sync
jca [Wed, 17 Apr 2024 18:12:12 +0000 (18:12 +0000)]
Provide a pax format specific option handler
The existing tar_opt() implements support for -o write_opt=nodir for the
old tar and ustar formats. We don't really want to support it for the
pax format, and we want to be able to implement pax format specific
options (even if there are none right now). ok millert@
jca [Wed, 17 Apr 2024 15:48:44 +0000 (15:48 +0000)]
Fold long line
tb [Wed, 17 Apr 2024 15:03:22 +0000 (15:03 +0000)]
Simplify super ugly exit path
ok job
job [Wed, 17 Apr 2024 15:00:50 +0000 (15:00 +0000)]
Remove outdated (now inaccurate) warning message
OK tb@
jsing [Wed, 17 Apr 2024 14:47:17 +0000 (14:47 +0000)]
Rewrite BN_mpi2bn() using CBS and bn_bin2bn_cbs().
ok tb@
jsing [Wed, 17 Apr 2024 14:45:46 +0000 (14:45 +0000)]
Rewrite BN_lebin2bn() using CBS.
We get an implementation of this for free by having bn_bin2bn_cbs() use
CBS_get_u8() instead of CBS_get_last_u8().
ok tb@
jsing [Wed, 17 Apr 2024 14:43:37 +0000 (14:43 +0000)]
Provide constant time operations for uint8_t.
These will be used in upcoming changes.
ok tb@
job [Wed, 17 Apr 2024 14:31:59 +0000 (14:31 +0000)]
Sync RPKI Trust Anchor constraints to nro-delegated-stats
Turns out that registry at https://www.iana.org/assignments/as-numbers/as-numbers.xml
is an incomplete one, where only 'new' assignments are listed. In the
past this registry used to list all ASNs, but the RIRs asked IANA to
revert to not being very detailed...
There is another source of truth, the 'nro-delegated-stats' file at
https://ftp.ripe.net/pub/stats/ripencc/nro-stats/latest/nro-delegated-stats
this is updated daily and composed of information from each RIR.
Summary of changes:
* LACNIC manages a more ASNs than previously known:
- allow those ASNs for LACNIC
- deny those for RIPE, APNIC, ARIN
* AFRINIC's allow list was good (compared to nro-delegated-stats), but the
full set of AfriNIC ASNs wasn't denylisted for RIPE, ARIN, APNIC.
OK tb@
tb [Wed, 17 Apr 2024 14:01:33 +0000 (14:01 +0000)]
Shuffle EVP_PKEY_CTX setting together
Another stroke of the already very dirty brush eliminates more traces
of ADHD and/or crack.
ok jsing
claudio [Wed, 17 Apr 2024 14:01:17 +0000 (14:01 +0000)]
Set Accept: */* HTTP header like it was done in ftp(1).
OK tb@ job@
tb [Wed, 17 Apr 2024 14:00:17 +0000 (14:00 +0000)]
ecdh_cms_encrypt(): tweak wrap_algor construction
This manually constructs an X509_ALGOR because the (now internal) legacy
interface EVP_CIPHER_param_to_asn1() (which is an unwelcome complication
thanks to RC2) is entirely incompatible with X509_ALGOR_set0() since
the ASN1_TYPE can't be pulled apart nicely (because the ASN1_TYPE API
is incomplete as well).
Once we got this far, we get to DER-encode the inner AlgorithmIdentifier
and set that blob as the parameters of another one. The same variables
are reused of course and needless to say an unchecked X509_ALGOR_set0()
would leak this blob on failure. So fix this by switching to the usual
error checked X509_ALGOR_set0_by_nid().
ok jsing
tb [Wed, 17 Apr 2024 13:58:55 +0000 (13:58 +0000)]
ecdh_cms_encrypt: tweak handling of ecdh_nid
ok jsing
tb [Wed, 17 Apr 2024 13:57:58 +0000 (13:57 +0000)]
ecdh_cms_encrypt: handle kdf_md in one go
Again the getting and the setting were interrupted by ten lines of
completely unrelated code.
ok jsing
tb [Wed, 17 Apr 2024 13:56:36 +0000 (13:56 +0000)]
ecdh_cms_encrypt: simplify setting the KDF type
It is much simpler to avoid the key_type variable altogether and inline
its use. Also it makes no sense to have 15 unrelated lines between the
getting of the kdf type, checking its content, and then actually setting
it to EVP_PKEY_ECDH_KDF_X9_63.
ok jsing
tb [Wed, 17 Apr 2024 13:54:39 +0000 (13:54 +0000)]
Use error checked X509_ALGOR_set0_by_nid
While setting the parameters to type V_ASN1_UNDEF can't actually fail,
it is cleaner to just do the check. Using the by_nid() variant also
removes the need for an unchecked nested OBJ_nid2obj() call.
ok jsing
tb [Wed, 17 Apr 2024 13:51:41 +0000 (13:51 +0000)]
ecdh_cms_encrypt: simplify handling of pkey
The pkey is only used in one scope. i2o allocates if passed a pointer
to NULL, so use that to drop two unnecessary local variables.
ok jsing
tb [Wed, 17 Apr 2024 13:50:01 +0000 (13:50 +0000)]
Transfer ownership before setting unused bits
This looks like a use after free, but setting the unused bits to 0
can't actually fail.
ok jsing
tb [Wed, 17 Apr 2024 13:49:18 +0000 (13:49 +0000)]
Turn ecdh_cms_encrypt() into single exit
Also use ret instead of rv.
ok jsing
tb [Wed, 17 Apr 2024 13:47:18 +0000 (13:47 +0000)]
Fix error check in ecdh_cms_encrypt()
ASN1_TYPE_get() returns V_ASN1_* constants. Checking the return for
NID_undef instead means that we actually check for V_ASN1_EOC, which
makes absolutely no sense here. Clearly V_ASN1_UNDEF was intended.
ok jsing
sthen [Wed, 17 Apr 2024 13:34:23 +0000 (13:34 +0000)]
change docs for MODPY_PYBUILD=other
mpi [Wed, 17 Apr 2024 13:17:31 +0000 (13:17 +0000)]
Remove a micro optimization to free pages in batch in amap_wipeout().
The contention on uvm_lock_fpageq() is now reduced by using per-CPU caches,
so we want to put pages on the cache and not give them back directly to the
allocator.
ok kettenis@
mpi [Wed, 17 Apr 2024 13:12:58 +0000 (13:12 +0000)]
Add per-CPU caches to the pmemrange allocator.
The caches are used primarily to reduce contention on uvm_lock_fpageq() during
concurrent page faults. For the moment only uvm_pagealloc() tries to get a
page from the current CPU's cache. So on some architectures the caches are
also used by the pmap layer.
Each cache is composed of two magazines, design is borrowed from jeff bonwick
vmem's paper and the implementation is similar to the one of pool_cache from
dlg@. However there is no depot layer and magazines are refilled directly by
the pmemrange allocator.
Tested by robert@, claudio@ and Laurence Tratt.
ok kettenis@
jca [Wed, 17 Apr 2024 10:19:17 +0000 (10:19 +0000)]
Fixup comment
Spotted by caspar@ earlier
tb [Wed, 17 Apr 2024 09:51:18 +0000 (09:51 +0000)]
ftp: send 'Accept */*' header
A recent update to filezilla showed a server that would refuse to let us
download the distfile without us sending this header. Browsers, curl and
wget do so, so it should be safe for us to follow suit.
ok deraadt florian phessler sthen
claudio [Wed, 17 Apr 2024 09:41:44 +0000 (09:41 +0000)]
dogetrusage() must be called with the KERNEL_LOCK held for now.
OK mpi@
jsing [Wed, 17 Apr 2024 08:51:11 +0000 (08:51 +0000)]
Add regress coverage for BN_lebin2bn().
florian [Wed, 17 Apr 2024 08:36:30 +0000 (08:36 +0000)]
Revert previous, it breaks IPv6 on loopback interfaces.
Reported by bket & anton
tb [Wed, 17 Apr 2024 08:24:11 +0000 (08:24 +0000)]
Avoid NULL dereference in EVP_PKEY_paramgen()
If EVP_PKEY_new() returns NULL, it would be passed to the paramgen() pmeth
which would typically dereference it. This is identical to a recent change
in keygen().
ok jsing
claudio [Wed, 17 Apr 2024 06:18:18 +0000 (06:18 +0000)]
Only use the first egress interface in $IFIDX and $IFLLADDR. Systems
can have more then one interface.
This only works if ther first egress interface is a ethernet interface
(P2P interfaces have no LLADDR) but that was already buggy before this.
OK bluhm@ martijn@
kn [Wed, 17 Apr 2024 04:36:39 +0000 (04:36 +0000)]
Use $_disk consistently over $1 in md_installboot(); no functional change
Somehow I did not amend those right away when adding local _disk in r1.43
tb [Wed, 17 Apr 2024 01:24:43 +0000 (01:24 +0000)]
openssl req: plug obvious leak
CID 492603
jca [Tue, 16 Apr 2024 23:09:35 +0000 (23:09 +0000)]
Switch tar(1) write default format to 'pax'
Lets us store longer file names, link names, finer grained timestamps,
larger archive member files, etc; at the expense of larger uncompressed
archives and less widespread support across the ecosystem. If you're
unhappy with the new defaults, you can use -F ustar. Or you can help
fix bugs / find a better middle ground.
Prodding from various including job@ and deraadt@
ok sthen@ caspar@ millert@
jca [Tue, 16 Apr 2024 22:58:10 +0000 (22:58 +0000)]
Fix reading large pax extended records
512 bytes isn't enough if you want to store rather large but still
useful long file names or symbolic links destinations. The best way to
size the buffer to read those records is based upon the largest paths
pax(1) can handle, and that is PAXPATHLEN.
Reported by caspar@, input and ok millert@
jca [Tue, 16 Apr 2024 20:51:11 +0000 (20:51 +0000)]
Fix pasto: broken storage of symbolic link long destinations in pax format
jca [Tue, 16 Apr 2024 19:09:06 +0000 (19:09 +0000)]
Revert wip patch, not intended for commit
jca [Tue, 16 Apr 2024 19:04:11 +0000 (19:04 +0000)]
Add tar(1) -F option to select write format
We want to move towards 'pax' as the default format for writing, this
option lets users downgrade to -F ustar where the 'pax' format isn't
convenient/usable (same as -x <format> in pax(1)).
-F <format> is more generic than -o/-O. -H (GNU tar) was already used
and we don't want long options so --format (NetBSD/FreeBSD) is excluded
too.
ok sthen@ caspar@ millert@
jca [Tue, 16 Apr 2024 18:52:43 +0000 (18:52 +0000)]
Correctly detect 'pax' format archives in append mode
We expect that existing pax archives start with a global or extended
header. If they don't, append operations will be done using ustar
format.
Fixes append mode on pax archives where pax(1) would bail out when
appending to pax archives, falsely detecting a mismatch. Reading was
unaffected. Reported by caspar@, ok caspar@ millert@
tb [Tue, 16 Apr 2024 17:46:30 +0000 (17:46 +0000)]
Fix key share negotiation in HRR case
In the ClientHello retrying the handshake after a HelloRetryRequest, the
client must send a single key share matching the group selected by the
server in the HRR. This is not necessarily the mutually preferred group.
Incorrect logic added in ssl_tlsect.c r1.134 would potentially reject
such a key share because of that.
Instead, add logic to ensure on the server side that there is a single
share matching the group we selected in the HRR.
Fixes a regress test in p5-IO-Socket-SSL where server is configured
with P-521:P-384 and the client with P-256:P-384:P-521. Since the
client sends an initial P-256 key share, a HRR is triggered which
the faulty logic rejected because it was not the mutually preferred
P-384 but rather matching the server-selected P-521.
This will need some deduplication in subsequent commits. We may also
want to consider honoring the mutual preference and request a key
accordingly in the HRR.
reported by bluhm, fix suggested by jsing
ok beck jsing
florian [Tue, 16 Apr 2024 17:15:50 +0000 (17:15 +0000)]
Prevent toctu issues in static file serving and auto index generation.
This fixes a problem in passing, reported by matthieu@ where httpd
would return 500 Internal Server Error when it could stat(2) but not
open(2) a file. The correct error code is 403.
testing matthieu
ok tobhe, tl;dr ok stsp
input & OK deraadt
fcambus [Tue, 16 Apr 2024 17:15:15 +0000 (17:15 +0000)]
Update Spleen kernel fonts to version 2.1.0, bringing the following
improvements:
- Fix latin small letter 'u' smoothing in the 32x64 version
florian [Tue, 16 Apr 2024 14:37:49 +0000 (14:37 +0000)]
Destination addresses make no sense on loopback interfaces.
While here use (variable & FLAG) or !(variable & FLAG) consistently in
in6_update_ifa().
Discussed with claudio
OK denis
jsing [Tue, 16 Apr 2024 13:14:46 +0000 (13:14 +0000)]
Invert BN_BITS2 handling in bn_bin2bn_cbs() and bn_hex2bn_cbs().
This results in simpler code.
Suggested by tb@ during review.
jsing [Tue, 16 Apr 2024 13:11:37 +0000 (13:11 +0000)]
Rewrite BN_bin2bn() using CBS.
ok tb@
jsing [Tue, 16 Apr 2024 13:07:14 +0000 (13:07 +0000)]
Provide bn_expand_bytes().
This will be used in an upcoming change.
ok tb@
jsing [Tue, 16 Apr 2024 13:04:05 +0000 (13:04 +0000)]
Rename bn_expand() to bn_expand_bits().
Also change the bits type from int to size_t, since that's what the callers
are passing and we can avoid unnecessary input validation.
ok tb@
bluhm [Tue, 16 Apr 2024 12:56:39 +0000 (12:56 +0000)]
Use route cache function in IP input.
Instaed of passing a struct rtentry from ip_input() to ip_forward()
and then embed it into a struct route for ip_output(), start with
struct route and pass it along. Then the route cache is used
consistently. Also the route cache hit and missed counters should
reflect reality after this commit.
There is a small difference in the code. in_ouraddr() checks for
NULL and not rtisvalid(). Previous discussion showed that the route
RTF_UP flag should only be considered for multipath routing.
Otherwise it does not mean anything. Especially the local and
broadcast check in in_ouraddr() should not be affected by interface
link status.
When doing cache lookups, route must be valid, but after rtalloc_mpath()
lookup, use any route that route_mpath() returns.
OK claudio@
bluhm [Tue, 16 Apr 2024 12:40:40 +0000 (12:40 +0000)]
Run raw IPv6 input in parallel.
Get rip6_input() in the same shape as rip_input(). Call
soisdisconnected() from rip6_disconnect(). This means that the raw
IP socket cannot be reconnected later. Now raw IPv6 behaves like
IPv4 in this regard, KAME code is quite inconsistent here. Also
make sure that there is no race between disconnect, input and wakeup.
The inpcb fileds inp_icmp6filt and inp_cksum6 are protected by
exclusive net lock in icmp6_ctloutput(). With all that, mark raw
IPv6 sockets to handle input in parallel.
OK mvs@
jsg [Tue, 16 Apr 2024 10:19:00 +0000 (10:19 +0000)]
remove unused functions; ok tb@
claudio [Tue, 16 Apr 2024 10:06:37 +0000 (10:06 +0000)]
Call bufq_destroy() in swap_off for the VREG case since swap_on() called
bufq_init(). Similar issue as the use-after-free in mfs.
Missing call noticed by jsg@
OK deraadt@ mpi@
claudio [Tue, 16 Apr 2024 10:04:41 +0000 (10:04 +0000)]
Call bufq_destroy() in mfs_reclaim() before freeing the mfsnode.
This fixes a use-after-free bug in bufq_quiesce() once a mfs partition
was unmounted.
OK mpi@ deraadt@
mpi [Tue, 16 Apr 2024 08:53:02 +0000 (08:53 +0000)]
Prevent a NULL dereference in error code path.
Under memory pressure allocating an amap chunk can fail. In such case it
is not possible to call amap_wipeout() because the newly allocated amap
isn't yet on the global list.
Issue reported by bluhm@, ok jsg@
tb [Tue, 16 Apr 2024 07:34:18 +0000 (07:34 +0000)]
sort
caspar [Mon, 15 Apr 2024 22:07:08 +0000 (22:07 +0000)]
Amend previous: improve comment
mvs [Mon, 15 Apr 2024 21:31:29 +0000 (21:31 +0000)]
Don't take solock() in soreceive() for udp(4) sockets.
These sockets are not connection oriented, they don't call pru_rcvd(),
but they have splicing ability and they set `so_error'.
Splicing ability is the most problem. However, we can hold `sb_mtx'
around `ssp_socket' modifications together with solock(). So the
`sb_mtx' is pretty enough to isspiced() check in soreceive(). The
unlocked `so_sp' dereference is fine, because we set it only once for
the whole socket life-time and we do this before `ssp_socket'
assignment.
We also need to take sblock() before splice sockets, so the sosplice()
and soreceive() are both serialized. Since `sb_mtx' required to unsplice
sockets too, it also serializes somove() with soreceive() regardless on
somove() caller.
The sosplice() was reworked to accept standalone sblock() for udp(4)
sockets.
soreceive() performs unlocked `so_error' check and modification.
Previously, we have no ability to predict which concurrent soreceive()
or sosend() thread will fail and clean `so_error'. With this unlocked
access we could have sosend() and soreceive() threads which fails
together.
`so_error' stored to local `error2' variable because `so_error' could be
overwritten by concurrent sosend() thread.
Tested and ok bluhm
bluhm [Mon, 15 Apr 2024 18:31:04 +0000 (18:31 +0000)]
Delete unused inp_csumoffset define.
OK mvs@
jca [Mon, 15 Apr 2024 17:33:10 +0000 (17:33 +0000)]
Switch pax(1) to write archives using the 'pax' format by default
ramdisk versions will keep using ustar for writing.
ok millert@
tb [Mon, 15 Apr 2024 16:49:13 +0000 (16:49 +0000)]
Remove workarounds for unprototyped symbols
bentley [Mon, 15 Apr 2024 16:11:01 +0000 (16:11 +0000)]
Sync with font module variable namespacing changes.
ok sthen@
tb [Mon, 15 Apr 2024 16:05:49 +0000 (16:05 +0000)]
Include the correct header
tb [Mon, 15 Apr 2024 16:04:02 +0000 (16:04 +0000)]
sync libressl bump
tb [Mon, 15 Apr 2024 16:01:23 +0000 (16:01 +0000)]
crank libtls like libcrypto and libssl
tb [Mon, 15 Apr 2024 16:00:51 +0000 (16:00 +0000)]
crank libssl major after libcrypto major and symbol removal
tb [Mon, 15 Apr 2024 16:00:05 +0000 (16:00 +0000)]
Unexport SSL_version_str
ok jsing