openbsd
3 years agoReplace cpus_running with CPU_IS_RUNNING().
visa [Sat, 24 Jul 2021 08:21:13 +0000 (08:21 +0000)]
Replace cpus_running with CPU_IS_RUNNING().

3 years agoThe updated dwctwo(4) driver introduces two new parameters.
mglocker [Sat, 24 Jul 2021 06:04:44 +0000 (06:04 +0000)]
The updated dwctwo(4) driver introduces two new parameters.

3 years agoUse the presence of an intrmap, rather than the number of queues, to
jmatthew [Sat, 24 Jul 2021 05:49:59 +0000 (05:49 +0000)]
Use the presence of an intrmap, rather than the number of queues, to
determine how admin interrupts are set up, so we don't get confused about
it when there's only one queue.

3 years agoAdd basic regression tests for strchr() and strrchr().
visa [Sat, 24 Jul 2021 05:45:49 +0000 (05:45 +0000)]
Add basic regression tests for strchr() and strrchr().

3 years agoFix strchr() and strrchr() on mips64
visa [Sat, 24 Jul 2021 05:35:56 +0000 (05:35 +0000)]
Fix strchr() and strrchr() on mips64

Truncate the character arguments of strchr() and strrchr() to eight bits
so that the implied char conversion would work correctly. Otherwise the
functions would always return NULL when the character argument is
negative.

OK miod@

3 years agoSkip RFC4716 format import and export tests when built without OpenSSL.
dtucker [Sat, 24 Jul 2021 02:57:28 +0000 (02:57 +0000)]
Skip RFC4716 format import and export tests when built without OpenSSL.

3 years agoDon't omit ssh-keygen -y from usage when built without OpenSSL. It is
dtucker [Sat, 24 Jul 2021 02:51:14 +0000 (02:51 +0000)]
Don't omit ssh-keygen -y from usage when built without OpenSSL.  It is
actually available, albeit only for ed25519 keys.

3 years agoExclude key conversion options from usage when built without OpenSSL
dtucker [Sat, 24 Jul 2021 02:08:13 +0000 (02:08 +0000)]
Exclude key conversion options from usage when built without OpenSSL
since those are not available, similar to what we currently do with
the moduli screening options.  We can also use this to skip the
conversion regression tests in this case.

3 years agodon't leak environment= variable when it is not the first match
djm [Sat, 24 Jul 2021 01:55:19 +0000 (01:55 +0000)]
don't leak environment= variable when it is not the first match

3 years agotest for first-match-wins in authorized_keys environment=
djm [Sat, 24 Jul 2021 01:54:23 +0000 (01:54 +0000)]
test for first-match-wins in authorized_keys environment=
options

3 years agosync
deraadt [Fri, 23 Jul 2021 23:06:39 +0000 (23:06 +0000)]
sync

3 years agoMake GENERIC compile again.
mglocker [Fri, 23 Jul 2021 21:47:22 +0000 (21:47 +0000)]
Make GENERIC compile again.

3 years agoSimilar to x509/x509_purp.c rev. 1.5:
schwarze [Fri, 23 Jul 2021 20:50:28 +0000 (20:50 +0000)]
Similar to x509/x509_purp.c rev. 1.5:
Delete some code from X509_TRUST_cleanup(3) that had no effect:
it called a function on static objects that returns right away
unless the argument is dynamically allocated.
Pointed out by tb@.

This commit is identical to:

OpenSSL commit 5e6e650d62af09f47d63bfdd6c92e3b16e9da644
Author: Kurt Cancemi <kurt at x64architecture dot com>
Date:   Thu Jun 9 21:57:36 2016 -0400

3 years agoDelete some code from X509_PURPOSE_cleanup(3) that had no effect:
schwarze [Fri, 23 Jul 2021 20:40:49 +0000 (20:40 +0000)]
Delete some code from X509_PURPOSE_cleanup(3) that had no effect:
it called a function on static objects that returns right away
unless the argument is dynamically allocated.
OK jsing@ tb@

The useless code was independently discovered while writing documentation.
This commit is identical to:

OpenSSL commit fa3a0286d178eb3b87bf2eb5fd7af40f81453314
Author: Kurt Cancemi <kurt at x64architecture dot com>
Date:   Wed Jun 8 19:15:38 2016 -0400

3 years agoAdd a roff(7) comment that X509_issuer_and_serial_hash() is
schwarze [Fri, 23 Jul 2021 20:25:36 +0000 (20:25 +0000)]
Add a roff(7) comment that X509_issuer_and_serial_hash() is
intentionally undocumented because it uses MD5 only and is
unused in real-world code according to codesearch.debian.net.
No objection from tb@.

3 years agoMake MALLOC_STATS compile again; noted by Omar Polo and Joe Nelson
otto [Fri, 23 Jul 2021 18:04:28 +0000 (18:04 +0000)]
Make MALLOC_STATS compile again; noted by Omar Polo and Joe Nelson

3 years agoclarify the meaning of the argument of X509_VERIFY_PARAM_set_purpose(3)
schwarze [Fri, 23 Jul 2021 16:43:56 +0000 (16:43 +0000)]
clarify the meaning of the argument of X509_VERIFY_PARAM_set_purpose(3)

3 years agocompile in non-DIAGNOSTIC mode; ok mglocker
deraadt [Fri, 23 Jul 2021 16:23:37 +0000 (16:23 +0000)]
compile in non-DIAGNOSTIC mode; ok mglocker

3 years agomention the possibility that user-defined purpose identifiers may have
schwarze [Fri, 23 Jul 2021 16:22:59 +0000 (16:22 +0000)]
mention the possibility that user-defined purpose identifiers may have
been defined or user-supplied checking functions may have been installed

3 years agoAdjust HTTP/1.1 request string
job [Fri, 23 Jul 2021 16:03:47 +0000 (16:03 +0000)]
Adjust HTTP/1.1 request string

* "Connection: keep-alive" isn't needed, as the HTTP 1.1 default is to
  use persistent connections (RFC 7230, section 6.3).
* "Host" is recommended to be in the front.
* "Accept-Encoding: identity" makes it clear to the server compression
  encodings are not supported.

Based on suggestions from Julian Reschke.

OK benno@ claudio@

3 years agoUse 8/4/1 bytes loads/stores for copyin/copyout/kcopy
jca [Fri, 23 Jul 2021 15:31:14 +0000 (15:31 +0000)]
Use 8/4/1 bytes loads/stores for copyin/copyout/kcopy

Only use multiple bytes operations on properly aligned addresses, as
I have observed a 40x penalty for unaligned 8 bytes operations compared
to equivalent 1-byte loops on this Sifive Unmatched.  The speed gain is
small but significant.

Input & ok kettenis@

3 years agonew manual page X509_PURPOSE_set(3) documenting 11 functions
schwarze [Fri, 23 Jul 2021 14:27:32 +0000 (14:27 +0000)]
new manual page X509_PURPOSE_set(3) documenting 11 functions
related to X509_PURPOSE objects, purpose identifiers, and purpose indices

3 years agonanosleep.2: miscellaneous cleanup and rewrites
cheloha [Fri, 23 Jul 2021 12:47:21 +0000 (12:47 +0000)]
nanosleep.2: miscellaneous cleanup and rewrites

Clean up the nanosleep(2) manpage.  Correct errors and rewrite the
clunky parts.

Lots of input and suggestions from schwarze@ and deraadt@.

Thread: https://marc.info/?l=openbsd-tech&m=162681970507360&w=2

ok schwarze@

3 years agoWhen dhcpleasectl asks to send a new request on an interface we are
florian [Fri, 23 Jul 2021 11:56:01 +0000 (11:56 +0000)]
When dhcpleasectl asks to send a new request on an interface we are
probably stuck in some way and the user wants a mostly clean slate.

If we already have an IP address transition to state REBOOTING so that
we no longer unicast dhcp requests. We will then try to reacquire our
lease twice before giving up and transition to INIT and send dhcp
discover messages accepting any IP address.

3 years agooccured -> occurred;
jmc [Fri, 23 Jul 2021 06:02:39 +0000 (06:02 +0000)]
occured -> occurred;

3 years agopunctuation;
jmc [Fri, 23 Jul 2021 06:01:17 +0000 (06:01 +0000)]
punctuation;

3 years agomention in comment that read_passphrase(..., RP_ALLOW_STDIN) will
djm [Fri, 23 Jul 2021 05:56:47 +0000 (05:56 +0000)]
mention in comment that read_passphrase(..., RP_ALLOW_STDIN) will
try to use askpass first. bz3314

convert a couple of debug() -> debug_f() while here

3 years agoSimplify keygen-convert by using $SSH_KEYTYPES directly.
dtucker [Fri, 23 Jul 2021 05:53:02 +0000 (05:53 +0000)]
Simplify keygen-convert by using $SSH_KEYTYPES directly.

3 years agonote successful authentication method in final "Authenticated to ..."
djm [Fri, 23 Jul 2021 05:24:02 +0000 (05:24 +0000)]
note successful authentication method in final "Authenticated to ..."
message and partial auth success messages (all at LogLevel=verbose)
ok dtucker@

3 years agoTest conversion of ed25519 and ecdsa keys too.
dtucker [Fri, 23 Jul 2021 05:07:16 +0000 (05:07 +0000)]
Test conversion of ed25519 and ecdsa keys too.

3 years agoAdd test for exporting pubkey from a passphrase-protected private key.
dtucker [Fri, 23 Jul 2021 04:56:21 +0000 (04:56 +0000)]
Add test for exporting pubkey from a passphrase-protected private key.

3 years agoAdd a ForkAfterAuthentication ssh_config(5) counterpart to the
djm [Fri, 23 Jul 2021 04:04:52 +0000 (04:04 +0000)]
Add a ForkAfterAuthentication ssh_config(5) counterpart to the
ssh(1) -f flag. Last part of GHPR231 from Volker Diels-Grabsch.
ok dtucker

3 years agoAdd a StdinNull directive to ssh_config(5) that allows the config
djm [Fri, 23 Jul 2021 04:00:59 +0000 (04:00 +0000)]
Add a StdinNull directive to ssh_config(5) that allows the config
file to do the same thing as -n does on the ssh(1) commandline.
Patch from Volker Diels-Grabsch via GHPR231; ok dtucker

3 years agomake authorized_keys environment="..." directives first-match-wins
djm [Fri, 23 Jul 2021 03:57:20 +0000 (03:57 +0000)]
make authorized_keys environment="..." directives first-match-wins
and more strictly limit their maximum number; prompted by OOM
reported by OSS-fuzz (35470).

feedback and ok dtucker@

3 years agoregression test for time-limited signature keys
djm [Fri, 23 Jul 2021 03:54:55 +0000 (03:54 +0000)]
regression test for time-limited signature keys

3 years agoLet allowed signers files used by ssh-keygen(1) signatures support key
djm [Fri, 23 Jul 2021 03:37:52 +0000 (03:37 +0000)]
Let allowed signers files used by ssh-keygen(1) signatures support key
lifetimes, and allow the verification mode to specify a signature time
to check at. This is intended for use by git to support signing
objects using ssh keys. ok dtucker@

3 years agopci_intr_msix_count() is the function that drivers using multiple MSI-X
jmatthew [Fri, 23 Jul 2021 00:29:14 +0000 (00:29 +0000)]
pci_intr_msix_count() is the function that drivers using multiple MSI-X
vectors use to decide whether to use MSI-X, so make it return 0 if MSI
is not enabled for the device.

fixes problems with ix(4) on older amd64 hardware and current riscv64
ok kettenis@ dlg@

3 years agodocument X509_STORE_CTX_set_time(3) and X509_STORE_CTX_set_depth(3)
schwarze [Thu, 22 Jul 2021 19:44:30 +0000 (19:44 +0000)]
document X509_STORE_CTX_set_time(3) and X509_STORE_CTX_set_depth(3)

3 years agoMajor cleanup.
schwarze [Thu, 22 Jul 2021 19:09:26 +0000 (19:09 +0000)]
Major cleanup.
1. Fix the order of functions to match the order they occur in
application code, making the text significantly easier to follow.
2. Do not use the same argument placeholder *sk for several different
things; call the arguments *trusted, *untrusted, and *crls as
appropriate.
3. Avoid using the word "initialised" for two different concepts
in the same manual page; it was sometimes intended to mean "fill
with zeros" and sometimes "replace the zeros with useful data".
4. Generally, make the text more precise, more straightforward,
and shorter (-84 +65 lines of mdoc code).

3 years agombrfile can be const.
krw [Thu, 22 Jul 2021 18:54:17 +0000 (18:54 +0000)]
mbrfile can be const.

3 years agoSync dwctwo(4) with the NetBSD-current code base.
mglocker [Thu, 22 Jul 2021 18:32:33 +0000 (18:32 +0000)]
Sync dwctwo(4) with the NetBSD-current code base.

On the Raspberry Pi 3 Model B+ this does as a benefit:

* Enable the USB on-board Ethernet controller through mue(4).
* Enable the two USB uhub2 ports for removable devices.

Feedback incorporated from kettenis@ and jsg@.

ok kettenis@

3 years agoOnly perform the default-route-pause if there are interfaces with the
deraadt [Thu, 22 Jul 2021 18:29:47 +0000 (18:29 +0000)]
Only perform the default-route-pause if there are interfaces with the
AUTOCONF flag set.  This removes the delay for even more (strange)
static configs.
ok sthen

3 years agoDelete unused non-PIC code.
kettenis [Thu, 22 Jul 2021 18:16:13 +0000 (18:16 +0000)]
Delete unused non-PIC code.

ok mlarkin@

3 years agosmall tweak for default route checking, we don't care about the number of
sthen [Thu, 22 Jul 2021 18:09:04 +0000 (18:09 +0000)]
small tweak for default route checking, we don't care about the number of
routes, only if at least one exists, so can avoid the subshell and just use
grep -q. ok deraadt

3 years agoMake dhcpleased(8) always configure provided routes, regardless of
stsp [Thu, 22 Jul 2021 18:01:29 +0000 (18:01 +0000)]
Make dhcpleased(8) always configure provided routes, regardless of
whether the address we received in our lease is already configured.

In the case I observed, no default route was added to the routing table
even though the server provided both an address and a route option.
As it happened the leased address was already configured on the interface.
This should not prevent routing table updates, but it did.

ok florian

3 years agoSplit the functions operating on the X509_VERIFY_PARAM object out
schwarze [Thu, 22 Jul 2021 17:11:14 +0000 (17:11 +0000)]
Split the functions operating on the X509_VERIFY_PARAM object out
of X509_STORE_CTX_new(3) because i'm about to document five additional
functions of this kind and the page X509_STORE_CTX_new(3) is growing
unwieldy.

No text change yet, except that i added an introductory sentence
to the beginning of the DESCRIPTION of the new page.

3 years agoAdd sizes for free() in zlib
tb [Thu, 22 Jul 2021 16:40:19 +0000 (16:40 +0000)]
Add sizes for free() in zlib

Rebased version of a diff from miod who described it as follows:

This tries to keep diffability against upstream, hence a questionable
choice of the size type for zcfree() - but all sizes should fit in 32
bits anyway.

Since all zcfree routines used in the tree cope with NULL arguments
(including the various alloc.c used by the boot blocks), I have
simplified TRY_FREE to compensate for the growth.

Reminded by and ok mpi

3 years agodocument X509_STORE_CTX_get0_current_issuer(3)
schwarze [Thu, 22 Jul 2021 15:35:50 +0000 (15:35 +0000)]
document X509_STORE_CTX_get0_current_issuer(3)
and X509_STORE_CTX_get0_current_crl(3)

3 years agoSend rDNS proposals on ramdisks
kn [Thu, 22 Jul 2021 15:32:51 +0000 (15:32 +0000)]
Send rDNS proposals on ramdisks

Otherwise resolvd(8) will never learn nameservers and update
/etc/resolv.conf with IPv6 resolvers.

At the moment IPv6 only installations always prompt for nameservers
anyway, but that is its own bug and will be fixed soon.

This enables the upcoming fix to detect learned nameservers in the
first place.

Feedback OK florian

3 years agoMove X509_STORE_CTX_get0_cert(3) to the X509_STORE_CTX_new(3) manual.
schwarze [Thu, 22 Jul 2021 14:30:38 +0000 (14:30 +0000)]
Move X509_STORE_CTX_get0_cert(3) to the X509_STORE_CTX_new(3) manual.

OpenSSL documents it in X509_STORE_CTX_get_error(3), but it is
misplaced there.  It has nothing to do with accessing status or
error information but merely retrieves a pointer to the certificate
that the users wants to validate.  It is a companion function to
X509_STORE_CTX_init(3), X509_STORE_CTX_set_cert(3),
X509_STORE_CTX_get0_store(3), and X509_STORE_CTX_get0_untrusted(3).

While here:
1. Clarify how the new, init, verify, cleanup, and free calls interact,
and who owns the memory involved, because this is all really confusing
from the user perspective.
2. Clarify how X509_STORE_CTX_init(3), X509_STORE_CTX_set_cert(3), and
X509_STORE_CTX_set_chain(3) partially override each other.
3. Move X509_STORE_CTX_set0_untrusted(3) to the proper place because
it is the same as X509_STORE_CTX_set_chain(3).
4. Add a few missing words and improve some wordings.

3 years agoHave PRT_protected_guid() return 0/-1 like everything else
krw [Thu, 22 Jul 2021 13:30:40 +0000 (13:30 +0000)]
Have PRT_protected_guid() return 0/-1 like everything else
reporting success/failure.

No functional change.

3 years agoTweak some err() verbiage.
krw [Thu, 22 Jul 2021 13:17:59 +0000 (13:17 +0000)]
Tweak some err() verbiage.

3 years agoIn revision 1.74 of netmpls/mpls_input.c we use rtisvalid(4) to check
mvs [Thu, 22 Jul 2021 11:07:17 +0000 (11:07 +0000)]
In revision 1.74 of netmpls/mpls_input.c we use rtisvalid(4) to check
the result returned by rtalloc(4) instead of a compare with NULL. Since
it's assumed this returned `rt' could be non NULL we should use
rtfree(4) in error path. rtfree(4) also allows NULL as input.

ok claudio@

3 years agoMake kqpoll_dequeue() usable with lazy removal of knotes
visa [Thu, 22 Jul 2021 07:22:43 +0000 (07:22 +0000)]
Make kqpoll_dequeue() usable with lazy removal of knotes

Adjust kqpoll_dequeue() so that it will clear only badfd knotes when
called from kqpoll_init(). This is needed by kqpoll's lazy removal
of knotes. Eager removal in kqpoll_dequeue() would defeat kqpoll's
attempt to reuse previously established knotes under workloads where
knote activation tends to occur already before next kqpoll scan.

Prompted by mpi@

3 years agoAfter netstart, dhcpleased, and resolved are running, spin up to 10
deraadt [Thu, 22 Jul 2021 01:53:45 +0000 (01:53 +0000)]
After netstart, dhcpleased, and resolved are running, spin up to 10
seconds waiting for a default route (v4 or v6) to exist, this
increases the chance of DNS lookups working earlier.  This is done
before pf is configured, sorry we have good reasons.  Static
configurations are unaffected.  dhclient previously did this kind of
delay, and this is the lightest touch we can come up with which gives
the same effect.
While here, also start relinking earlier.
ok benno florian sthen

3 years agoA couple of missed 'const'.
krw [Wed, 21 Jul 2021 20:26:30 +0000 (20:26 +0000)]
A couple of missed 'const'.

3 years agoDocument X509_STORE_CTX_get_chain(3).
schwarze [Wed, 21 Jul 2021 15:03:45 +0000 (15:03 +0000)]
Document X509_STORE_CTX_get_chain(3).

It is deprecated, but it is still called by various application programs,
so let's better mention it.

3 years agoAlso count crypto errors in ipsec_input_cb() like IPsec output in
bluhm [Wed, 21 Jul 2021 12:23:32 +0000 (12:23 +0000)]
Also count crypto errors in ipsec_input_cb() like IPsec output in
previous commit.

3 years agoUse a dedicated struct mbr to hold the GPT protective MBR,
krw [Wed, 21 Jul 2021 12:22:54 +0000 (12:22 +0000)]
Use a dedicated struct mbr to hold the GPT protective MBR,
either the one read from disk or the default one created
when initializing GPT.

Simplifies logic, eliminates MBR_init_GPT() and demotes
MBR_protective_mbr() to a helper function called from
GPT_read().

Nuke an unused variable in passing.

No intentional functional change.

3 years agoPropagate errors from crypto_invoke() and count them in IPsec. They
bluhm [Wed, 21 Jul 2021 11:11:41 +0000 (11:11 +0000)]
Propagate errors from crypto_invoke() and count them in IPsec.  They
should not happen, but always check error conditions.  tq is never
NULL, remove the check.  tdb->tdb_odrops++ is not MP safe, but will
be addressed separately in ipsec_output_cb().
OK mvs@

3 years agosync
sthen [Wed, 21 Jul 2021 09:18:32 +0000 (09:18 +0000)]
sync

3 years agoRemove DTLS processed_rcds queue.
jsing [Wed, 21 Jul 2021 08:42:14 +0000 (08:42 +0000)]
Remove DTLS processed_rcds queue.

When DTLS handshake records are received from the next epoch, we will
potentially queue them on the unprocessed_rcds queue - this is usually
a Finished message that has been received without the ChangeCipherSuite
(CCS) message (which may have been dropped or reordered).

After the epoch increments (due to the CCS being received), the current
code processes all records on the unprocessed queue and immediate queues
them on the processed queue, which dtls1_get_record() then pulls from.
This form of processing only adds more complexity and another queue.

Instead, once the epoch increments, pull a single record from the
unprocessed queue and process it, allowing the contents to be consumed
by the caller. We repeat this process until the unprocessed queue is
empty, at which point we go back to consuming messages from the wire.

ok inoguchi@ tb@

3 years agoDo not add height twice when calculating popup_mouse_top, from M Kelly.
nicm [Wed, 21 Jul 2021 08:09:43 +0000 (08:09 +0000)]
Do not add height twice when calculating popup_mouse_top, from M Kelly.

3 years agoDo not close popups on resize, instead adjust them to fit, from Anindya
nicm [Wed, 21 Jul 2021 08:06:36 +0000 (08:06 +0000)]
Do not close popups on resize, instead adjust them to fit, from Anindya
Mukherjee.

3 years agoSilently discard invalid DTLS records.
jsing [Wed, 21 Jul 2021 07:51:12 +0000 (07:51 +0000)]
Silently discard invalid DTLS records.

Per RFC 6347 section 4.1.2.1, DTLS should silently discard invalid records,
including those that have a bad MAC. When converting to the new record
layer, we inadvertantly switched to standard TLS behaviour, where an
invalid record is fatal. This restores the previous behaviour.

Issue noted by inoguchi@

ok inoguchi@

3 years agoUse exclusive lock under /dev/, silence expected errors in installer
kn [Wed, 21 Jul 2021 03:53:50 +0000 (03:53 +0000)]
Use exclusive lock under /dev/, silence expected errors in installer

resolvd(8), slaacd(8) and dhcpleased(8) are different from other daemons
in that there must only be a single instance.

resolvd already does this, adjust slaacd and dhcpleased accordingly while
moving the lockfile paths under /dev/ such that they work early on boot and
don't run into races should /var be (un)mounted between daemon starts.

Locking is especially required in the installer where all three daemons are
started every time the "(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? "
prompt is entered, i.e. restarting installation or dropping into a shell
and back into the prompt again would start multiple instances.

To avoid expected lockfile error messages in between installer prompts,
discard standard error when starting the autoconf daemons;  none of them
has other potential failure cases in installer mode before daemon(3)izing.

Input sthen deraadt
OK deraadt

3 years agodrm/amdkfd: fix sysfs kobj leak
jsg [Wed, 21 Jul 2021 01:03:49 +0000 (01:03 +0000)]
drm/amdkfd: fix sysfs kobj leak

From Philip Yang
b3205768cd1a3a9869500ec27e129f8a71d2152a in linux 5.10.y/5.10.52
dcdb4d904b4bd3078fe8d4d24b1658560d6078ef in mainline linux

3 years agodrm/dp_mst: Add missing drm parameters to recently added call to drm_dbg_kms()
jsg [Wed, 21 Jul 2021 01:01:21 +0000 (01:01 +0000)]
drm/dp_mst: Add missing drm parameters to recently added call to drm_dbg_kms()

From Jose Souza
cae871baa4f30608dc2084ca8ddc8f7e49913721 in linux 5.10.y/5.10.52
24ff3dc18b99c4b912ab1746e803ddb3be5ced4c in mainline linux

3 years agodrm/dp_mst: Avoid to mess up payload table by ports in stale topology
jsg [Wed, 21 Jul 2021 00:59:32 +0000 (00:59 +0000)]
drm/dp_mst: Avoid to mess up payload table by ports in stale topology

From Wayne Lin
16fb4e9c39b9543efd0c3dbc3dbb8865d090646a in linux 5.10.y/5.10.52
3769e4c0af5b82c8ea21d037013cb9564dfaa51f in mainline linux

3 years agodrm/dp_mst: Do not set proposed vcpi directly
jsg [Wed, 21 Jul 2021 00:57:36 +0000 (00:57 +0000)]
drm/dp_mst: Do not set proposed vcpi directly

From Wayne Lin
3462bc8b1a1f1b507804d33d118402235e8a1fab in linux 5.10.y/5.10.52
35d3e8cb35e75450f87f87e3d314e2d418b6954b in mainline linux

3 years agodrm/i915/gt: Fix -EDEADLK handling regression
jsg [Wed, 21 Jul 2021 00:53:30 +0000 (00:53 +0000)]
drm/i915/gt: Fix -EDEADLK handling regression

From Ville Syrjala
0728df8048060e9bdedb9dd38c62782ee97184ba in linux 5.10.y/5.10.52
2feeb52859fc1ab94cd35b61ada3a6ac4ff24243 in mainline linux

3 years agodrm/i915/gtt: drop the page table optimisation
jsg [Wed, 21 Jul 2021 00:50:05 +0000 (00:50 +0000)]
drm/i915/gtt: drop the page table optimisation

From Matthew Auld
81dd2d60f677bbab622c52711a711f0f43d37458 in linux 5.10.y/5.10.52
0abb33bfca0fb74df76aac03e90ce685016ef7be in mainline linux

3 years agoadd AMD 17h/6xh Root Complex
jcs [Tue, 20 Jul 2021 18:33:59 +0000 (18:33 +0000)]
add AMD 17h/6xh Root Complex

ok brynet

3 years agoSplit X509_NAME_hash(3) out of d2i_X509_NAME(3) and document
schwarze [Tue, 20 Jul 2021 17:31:32 +0000 (17:31 +0000)]
Split X509_NAME_hash(3) out of d2i_X509_NAME(3) and document
X509_issuer_name_hash(3), X509_subject_name_hash(3), and the _old variants.

Even though this is only tangentially related to decoding and encoding,
including a single function in d2i_X509_NAME(3) was probably OK,
but let's not bog down that page with six functions that are likely
to become obsolete at some point - even though right now, they are
still being used both internally and by external software.

3 years agoTurn pipex(4) session statistics to per-CPU counters. This makes pipex(4)
mvs [Tue, 20 Jul 2021 16:44:55 +0000 (16:44 +0000)]
Turn pipex(4) session statistics to per-CPU counters. This makes pipex(4)
more compliant to bluhm@'s work on traffic forwarding parallelization.

ok yasuoka@ bluhm@

3 years agoThe current workaround to disable parallel IPsec did not work.
bluhm [Tue, 20 Jul 2021 16:32:28 +0000 (16:32 +0000)]
The current workaround to disable parallel IPsec did not work.
Variable nettaskqs must not change at runtime.  Interface input
queues choose the thread during init with ifiq_softnet = net_tq().
So it cannot be modified after pfkeyv2_send() sets the first SA in
kernel.  Also changing the calculation in net_tq() may call task_del()
with a different taskq than task_add().
Instead of restricting the index to the first softnet task, use an
exclusive lock.  For now just move the comment.  We can later decide
if a write net lock or kernel lock is better.
OK mvs@

3 years agoAdd the 7265-17 image back into the list of firmware used by iwm(4).
stsp [Tue, 20 Jul 2021 16:01:52 +0000 (16:01 +0000)]
Add the 7265-17 image back into the list of firmware used by iwm(4).

3 years agoDo not attempt to load 7265D iwm(4) firmware on all 7265 devices.
stsp [Tue, 20 Jul 2021 16:00:47 +0000 (16:00 +0000)]
Do not attempt to load 7265D iwm(4) firmware on all 7265 devices.

There are several variants of 7265 devices, all of which share a PCI ID.
7265D devices can be told apart by looking at the hardware revision number.
Non-D 7265 devices won't load 7265D firmware. Load the 7265-17 image instead.

Problem reported and fix tested on a non-D 7265 by Tilo Stritzky.
Tested on a 7265D by myself.

3 years agoUse installboot -p such that the right partition will be newfs'ed.
kettenis [Tue, 20 Jul 2021 15:25:48 +0000 (15:25 +0000)]
Use installboot -p such that the right partition will be newfs'ed.

ok krw@, deraadt@

3 years agoAdd -p option to "prepare" (newfs) a filesystem that will be used for
kettenis [Tue, 20 Jul 2021 14:51:56 +0000 (14:51 +0000)]
Add -p option to "prepare" (newfs) a filesystem that will be used for
the bootloader.  This is a no-op on architectures where such a filesystem
isn't needed.

ok krw@, deraadt@

3 years agoMake iwm_init() call iwm_stop() if we fail to move into SCAN state.
stsp [Tue, 20 Jul 2021 14:44:37 +0000 (14:44 +0000)]
Make iwm_init() call iwm_stop() if we fail to move into SCAN state.

Generally, iwm_init() must either succeed or reset everything. In the case
I observed, the missing call to iwm_stop() left us with a non-zero refcount
for the newstate task which failed to perform the INIT -> SCAN transition.
The next ioctl request from userspace would then trigger a KASSERT in
iwm_init() which checks for old tasks that haven't run to completion.

This problem won't happen under normal conditions. It will happen if
the firmware crashes in response to a bad scan command, for instance.
I ran into this while working on support for newer iwx(4) firmware.

3 years agoMake iwx_init() call iwx_stop() if we fail to move into SCAN state.
stsp [Tue, 20 Jul 2021 14:44:09 +0000 (14:44 +0000)]
Make iwx_init() call iwx_stop() if we fail to move into SCAN state.

Generally, iwx_init() must either succeed or reset everything. In the case
I observed, the missing call to iwx_stop() left us with a non-zero refcount
for the newstate task which failed to perform the INIT -> SCAN transition.
The next ioctl request from userspace would then trigger a KASSERT in
iwx_init() which checks for old tasks that haven't run to completion.

This problem won't happen under normal conditions. It will happen if
the firmware crashes in response to a bad scan command, for instance.
I ran into this while working on support for newer iwx(4) firmware.

3 years agosync
deraadt [Tue, 20 Jul 2021 13:36:42 +0000 (13:36 +0000)]
sync

3 years agoAlso add missing -V to usage
claudio [Tue, 20 Jul 2021 12:08:53 +0000 (12:08 +0000)]
Also add missing -V to usage

3 years agoAdd -V to usage. Reported by Pier Carlo Chiodi.
claudio [Tue, 20 Jul 2021 12:07:46 +0000 (12:07 +0000)]
Add -V to usage. Reported by Pier Carlo Chiodi.

3 years agoCheck pointer variable if it is NULL in ca.c
inoguchi [Tue, 20 Jul 2021 12:04:53 +0000 (12:04 +0000)]
Check pointer variable if it is NULL in ca.c

missed with r1.32

3 years agoSimplify DHCP lease file parer after switch to dhcpleased
kn [Tue, 20 Jul 2021 11:20:09 +0000 (11:20 +0000)]
Simplify DHCP lease file parer after switch to dhcpleased

dhcpleased(8)'s lease files are much simpler than dhclient.leases(5):
- exactly one lease per file (not many)
- only option lines (not statement, declaration, etc.)
- every option/value is separated by a single ": " (no optional leading
  "option ")
- values are not quoted or escaped (like dhclient does)

lease_value() is hard to read, mostly because it strips optional double
quotes around option values as was required with dhclient.

dhclient VIS_ALL's values if they contain backticks, backslashes and
other characters, otherwise it VIS_SAFE's (and optionally quotes them).

dhcpleased VIS_SAFE's all value strings equally.

All install.sub users of lease_value() quote its output so they should
be safe without any special unescaping as previously done.

OK florian

3 years agoRemove bogus use of CPU_MAXID and get cpu_info only once.
visa [Tue, 20 Jul 2021 07:53:39 +0000 (07:53 +0000)]
Remove bogus use of CPU_MAXID and get cpu_info only once.

3 years agoRemove unneeded __sync_* library functions from the kernel.
visa [Tue, 20 Jul 2021 07:51:08 +0000 (07:51 +0000)]
Remove unneeded __sync_* library functions from the kernel.

These library functions were added as stopgaps because GCC 4.2.1
lacks the corresponding __sync_* builtins on mips64. However,
the builtins are now provided by Clang.

3 years agoFix trailing whitespace in a few places.
mlarkin [Tue, 20 Jul 2021 00:41:54 +0000 (00:41 +0000)]
Fix trailing whitespace in a few places.

No code change.

3 years agoTweak one comment and nuke a bunch of pointless ones.
krw [Mon, 19 Jul 2021 23:24:54 +0000 (23:24 +0000)]
Tweak one comment and nuke a bunch of pointless ones.

3 years agoAbstract reading the built-in MBR or MBR file into
krw [Mon, 19 Jul 2021 19:46:20 +0000 (19:46 +0000)]
Abstract reading the built-in MBR or MBR file into
a separate function.

No functional change.

3 years agoMBR_protective_mbr() can take a const struct mbr *.
krw [Mon, 19 Jul 2021 19:30:35 +0000 (19:30 +0000)]
MBR_protective_mbr() can take a const struct mbr *.

No functional change.

3 years agoAn MBR knows (mbr_lba_self) where it is supposed to go, no
krw [Mon, 19 Jul 2021 19:23:50 +0000 (19:23 +0000)]
An MBR knows (mbr_lba_self) where it is supposed to go, no
need to pass the value to MBR_write().

Let MBR_write() do the translation from struct mbr to the
struct dos_mbr that will be written to the disk. Thus
eliminating unnecessary struct dos_mbr variables and the
parsing thereof.

No intentional functional change.

3 years agoFix an alignment fault observed on an octeon machine while pppoe(4) was
stsp [Mon, 19 Jul 2021 19:00:58 +0000 (19:00 +0000)]
Fix an alignment fault observed on an octeon machine while pppoe(4) was
attempting to negotiate a large MTU.

Copy the peer's max payload size from the discovery packet with memcpy()
instead of using a pointer to this value's offset in the packet buffer.

tweak and ok visa@
additional testing and ok sthen@

3 years agoMarkup optional ICMP/ICMP6 codes as such
kn [Mon, 19 Jul 2021 16:23:56 +0000 (16:23 +0000)]
Markup optional ICMP/ICMP6 codes as such

Only icmp(4)/icmp6(4) types are required for `icmp-type'/`icmp6-type' rules
while codes are optional.

From Martin Vahlensieck < openbsd at academicsolutions dot ch >, thanks!

3 years agoRemove `ids' from `ipsec_ids_tree' while following ipsp_ids_insert()
mvs [Mon, 19 Jul 2021 14:49:55 +0000 (14:49 +0000)]
Remove `ids' from `ipsec_ids_tree' while following ipsp_ids_insert()
error path. This fixes use-after-free issue. Also fix debug message
mistype pointed by bluhm@ in error path.

ok millert@ bluhm@

3 years agoRevert incorrect tweaks to disk geometry calculations and
krw [Mon, 19 Jul 2021 14:30:08 +0000 (14:30 +0000)]
Revert incorrect tweaks to disk geometry calculations and
non '-b' MBR disk initialization.

Detected by bluhm@'s ever vigilant regress testing.

3 years agodocument X509_CRL_print(3) and X509_CRL_print_fp(3)
schwarze [Mon, 19 Jul 2021 13:16:43 +0000 (13:16 +0000)]
document X509_CRL_print(3) and X509_CRL_print_fp(3)

3 years agodrm/i915/display: Do not zero past infoframes.vsc
jsg [Mon, 19 Jul 2021 10:51:58 +0000 (10:51 +0000)]
drm/i915/display: Do not zero past infoframes.vsc

From Kees Cook
3f9c2a058e61b8df9fef196ad6180fbf9932ed80 in linux 5.10.y/5.10.51
07b72960d2b4a087ff2445e286159e69742069cc in mainline linux