openbsd
3 years agosndiod: Attach client at the same position, regardless the device mode
ratchov [Wed, 28 Apr 2021 05:10:29 +0000 (05:10 +0000)]
sndiod: Attach client at the same position, regardless the device mode

This is necessary to make rec-only devices properly work in
full-duplex. Fixes full-duplex clients stuck on rec-only device.

3 years agosndiod: Allocate (free) conversion buffers in slot_attach (slot_detach)
ratchov [Wed, 28 Apr 2021 05:05:05 +0000 (05:05 +0000)]
sndiod: Allocate (free) conversion buffers in slot_attach (slot_detach)

Besides being better coding style, this allows a client to be detached
and then attached to a device with different parameters.

3 years agoAdd RISC-V elf executable detection.
drahn [Wed, 28 Apr 2021 04:41:14 +0000 (04:41 +0000)]
Add RISC-V elf executable detection.
looks good jsg@

3 years agoriscv64 gdtoa support
drahn [Wed, 28 Apr 2021 04:38:01 +0000 (04:38 +0000)]
riscv64 gdtoa support
direct copy from aarch64
constants were rechecked using the qnan.c program.

3 years agoriscv64 libc string support,
drahn [Wed, 28 Apr 2021 04:26:40 +0000 (04:26 +0000)]
riscv64 libc string support,
adopted from aarch64, no native ffs() for now, use C version.
after corrections from kettenis@

3 years agoremove old drm devices
jsg [Wed, 28 Apr 2021 03:55:48 +0000 (03:55 +0000)]
remove old drm devices

3 years agoSync
drahn [Wed, 28 Apr 2021 03:32:36 +0000 (03:32 +0000)]
Sync

3 years agoriscv64 etc support
drahn [Wed, 28 Apr 2021 03:26:25 +0000 (03:26 +0000)]
riscv64 etc support
copied from arm64
MAKEDEV.md contents are kinda partially there, needs more work.

3 years agoRiscv64 csu support
drahn [Wed, 28 Apr 2021 00:11:11 +0000 (00:11 +0000)]
Riscv64 csu support
Includes fixes pointed out by kettenis, jsg, naddy

3 years agoRiscv64 distrib pieces to buld ramdisk
drahn [Tue, 27 Apr 2021 23:57:38 +0000 (23:57 +0000)]
Riscv64 distrib pieces to buld ramdisk
Copied from arm64 with minimal changes.
ok deraadt@

3 years agoAdd IMSG_CTL_SHOW_RTR to the list of restriced control messages.
claudio [Tue, 27 Apr 2021 15:34:18 +0000 (15:34 +0000)]
Add IMSG_CTL_SHOW_RTR to the list of restriced control messages.

3 years agoAdd RFC 6286 to the list of RFC bgpd supports.
claudio [Tue, 27 Apr 2021 11:34:58 +0000 (11:34 +0000)]
Add RFC 6286 to the list of RFC bgpd supports.
OK job@

3 years agoAdd DTLS test in appstest.sh
inoguchi [Tue, 27 Apr 2021 10:13:04 +0000 (10:13 +0000)]
Add DTLS test in appstest.sh

3 years agopf_state_key_link_reverse() is prone to race on parallel forwarding
sashan [Tue, 27 Apr 2021 09:38:29 +0000 (09:38 +0000)]
pf_state_key_link_reverse() is prone to race on parallel forwarding

we need to adjust assertions. at time we call pf_state_key_link_reverse()
is state_key either linked to correct reverse peer or not linked at all.
The pf_state_key_link_reverse() is being called as a reader ons tate_lock.
There might be more packets, which try to update the state key.

OK bluhm@

3 years agoCheck for possible bgpid collision on open. RFC 6286 defines that this
claudio [Tue, 27 Apr 2021 09:12:23 +0000 (09:12 +0000)]
Check for possible bgpid collision on open. RFC 6286 defines that this
check needs to be done for iBGP sessions but not for eBGP sessions.
On conflict log an error and send a notification with ERR_OPEN_BGPID
suberror.
Reported by cjt (melissa_cjt at 163.com)
OK benno@

3 years agoFix notification sub-error code for syntactically incorrect nexthops.
claudio [Tue, 27 Apr 2021 09:07:10 +0000 (09:07 +0000)]
Fix notification sub-error code for syntactically incorrect nexthops.
The right suberror is ERR_UPD_NEXTHOP.
Reported by cjt (melissa_cjt at 163.com)
OK benno@

3 years agotest-verify-unusual-wildcard-cert is no longer expected to fail with
tb [Tue, 27 Apr 2021 05:14:25 +0000 (05:14 +0000)]
test-verify-unusual-wildcard-cert is no longer expected to fail with
lib/libcrypto/x509/x509_constraints.c r1.16

3 years agoriscv64 libc floating point, a portion of the files are ready.
drahn [Tue, 27 Apr 2021 04:36:00 +0000 (04:36 +0000)]
riscv64 libc floating point, a portion of the files are ready.
ok kettenis.

3 years agoRelax SAN DNSname validation and constraints to permit non leading *
beck [Tue, 27 Apr 2021 03:35:29 +0000 (03:35 +0000)]
Relax SAN DNSname validation and constraints to permit non leading *
wildcards. While we may choose not to support them the standards
appear to permit them optionally so we can't declare a certificate
containing them invalid. Noticed by jeremy@, and Steffan Ulrich
and others. Modify the regression tests to test these cases and
not check the SAN DNSnames as "hostnames" anymore (which don't support
wildcards).

ok jsing@, tb@

3 years agoriscv64 additions for libm
drahn [Tue, 27 Apr 2021 00:31:34 +0000 (00:31 +0000)]
riscv64 additions for libm
ok kettenis@

3 years agovmd(8): fix vmctl client "wait" state corruption
dv [Mon, 26 Apr 2021 22:58:27 +0000 (22:58 +0000)]
vmd(8): fix vmctl client "wait" state corruption

Adds queue-based tracking of waiting client state to fix the cause of
state corruption when a vmctl(8) user cancels a wait and restarts it.
The socket fd value for the control process client was being used to
track the waiting party, but this also prevented multiple waiting
clients.

This moves all the state tracking of who to notify of a vm's stopping
to the control process and no longer requires the parent process to
track it in the global environment state.

Future work will be needed to smooth out the difference between the
IMSG_VMDOP_TERMINATE_VM_{EVENT,RESPONSE} events instead of needing to
translate before relaying to the vmctl(8) client.

Tested by Mischa Peters (thanks!)

ok mlarkin@

3 years agoAdd missing timeout_set_proc() description.
mvs [Mon, 26 Apr 2021 20:32:30 +0000 (20:32 +0000)]
Add missing timeout_set_proc() description.

ok jmc@

3 years agoPrint out both the sent "Neighbor capabilities" and the "Negotiated
claudio [Mon, 26 Apr 2021 18:23:20 +0000 (18:23 +0000)]
Print out both the sent "Neighbor capabilities" and the "Negotiated
capabilities" for a session. Especially the multiprotocol capability
can confuse because both sides need to allow a protocol to enable it.
The JSON code dumps all the capabilities for local, remote and negotiated.
OK denis@, sthen@

3 years agoUnset ftp_proxy to make test independent from environment.
bluhm [Mon, 26 Apr 2021 08:45:01 +0000 (08:45 +0000)]
Unset ftp_proxy to make test independent from environment.

3 years agoRevert per-socket `so_lock' rwlock(9) and use it to protect routing
claudio [Mon, 26 Apr 2021 08:21:35 +0000 (08:21 +0000)]
Revert per-socket `so_lock' rwlock(9) and use it to protect routing
(PF_ROUTE) sockets. There is a locking issue with timeouts that needs
to be fixed.
Requested by deraadt@

3 years agoConvert the ARP packet hold queue from mbuf list to mbuf queue which
bluhm [Mon, 26 Apr 2021 07:55:16 +0000 (07:55 +0000)]
Convert the ARP packet hold queue from mbuf list to mbuf queue which
contins a mutex.  Update la_hold_total with atomic operations.
OK sashan@

3 years agoThe time_t now is only set but never used. Noticed by gcc.
claudio [Mon, 26 Apr 2021 07:40:26 +0000 (07:40 +0000)]
The time_t now is only set but never used. Noticed by gcc.

3 years agoremove unused cdev defines
jsg [Mon, 26 Apr 2021 06:05:55 +0000 (06:05 +0000)]
remove unused cdev defines

3 years agoremove unused cdev defines
jsg [Mon, 26 Apr 2021 06:00:12 +0000 (06:00 +0000)]
remove unused cdev defines

3 years agoadd kstat and a notdef line for ujoy
jsg [Mon, 26 Apr 2021 05:00:11 +0000 (05:00 +0000)]
add kstat and a notdef line for ujoy

3 years agoremove old 4.19 amdgpu include paths
jsg [Mon, 26 Apr 2021 04:30:20 +0000 (04:30 +0000)]
remove old 4.19 amdgpu include paths

3 years agoRemove some commented out entries to make this easier to read
jsg [Mon, 26 Apr 2021 04:28:07 +0000 (04:28 +0000)]
Remove some commented out entries to make this easier to read
and enable openprom.

ok visa@

3 years agoBump pbuild stacksize to 8M.
mortimer [Sun, 25 Apr 2021 16:36:56 +0000 (16:36 +0000)]
Bump pbuild stacksize to 8M.

Addresses a stack exhaustion issue with llvm11 and a small number of ports.

ok kettenis@

3 years agoAsus USB-N10 should work with urtwn(4). Patch by Jan Vlach.
stsp [Sun, 25 Apr 2021 15:59:56 +0000 (15:59 +0000)]
Asus USB-N10 should work with urtwn(4). Patch by Jan Vlach.

3 years agoMake urtwn(4) attach to 'ASUS USB-N10 Nano' devices.
stsp [Sun, 25 Apr 2021 15:59:19 +0000 (15:59 +0000)]
Make urtwn(4) attach to 'ASUS USB-N10 Nano' devices.

Patch by Jan Vlach.

3 years agoregen
stsp [Sun, 25 Apr 2021 15:58:14 +0000 (15:58 +0000)]
regen

3 years agoAdd USB product ID for ASUS RTL8188EUS. Patch by Jan Vlach.
stsp [Sun, 25 Apr 2021 15:58:01 +0000 (15:58 +0000)]
Add USB product ID for ASUS RTL8188EUS. Patch by Jan Vlach.

3 years agoImplement support for Rx aggregation offload in iwm(9) and iwx(4), and
stsp [Sun, 25 Apr 2021 15:32:21 +0000 (15:32 +0000)]
Implement support for Rx aggregation offload in iwm(9) and iwx(4), and
re-enable de-aggregation of A-MSDUs in net80211 for all drivers capable
of 11n mode. This can provide improved Rx performance if the access point
supports transmission of A-MSDUs nested in A-MDPUs.

iwm(9) 9k and iwx(4) devices de-aggregate A-MSDUs in hardware.
Neither our drivers nor the net80211 stack were prepared to handle this.

Add two Rx-info flags which drivers can use to avoid having subframes which
arrived in the same A-MSDU rejected as duplicates in the net80211 input layer:
IEEE80211_RXI_HWDEC_SAME_PN allows the same CCMP packet number for a series
of subsequent frames. IEEE80211_RXI_SAME_SEQ allows the same 802.11 frame
header sequence number for a series of subsequent of frames.

Handle A-MPDU reordering on iwm 9k and iwx devices, based on code from iwlwifi.
Rx block ack window information is provided by firmware. So far this info was
ignored by drivers and reordering of A-MPDU subframes happened twice: Once in
firmware, and again in net80211.

Tested:
iwm 7260: bcallah, dv
iwm 7265: mpi, trondd, Matthias Schmidt
iwm 8260: bket, Marcus MERIGHI
iwm 8265: stsp, tracey, Uwe Werler
iwm 9260: phessler, matthieu
iwm 9560: stsp, Uwe Werler
iwx ax200: jmc, stsp
iwx ax201: stsp

3 years agoClean up derivation of finished/peer finished.
jsing [Sun, 25 Apr 2021 13:15:22 +0000 (13:15 +0000)]
Clean up derivation of finished/peer finished.

Make this process more readable by having specific client/server functions,
calling the correct one based on s->server. This allows to remove various
SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code.

ok inoguchi@ tb@

3 years agocleanup riscv64 config glue
jsg [Sun, 25 Apr 2021 02:48:00 +0000 (02:48 +0000)]
cleanup riscv64 config glue

ok kettenis@ visa@

3 years agoImplement per-socket `so_lock' rwlock(9) and use it to protect routing
mvs [Sun, 25 Apr 2021 00:00:34 +0000 (00:00 +0000)]
Implement per-socket `so_lock' rwlock(9) and use it to protect routing
(PF_ROUTE) sockets. This can be done because we have no cases where one
thread should lock two sockets simultaneously.

Also this time `so_lock 'used for routing sockets only but in the future
it will be used to other socket types too.

ok bluhm@

3 years agoSync with arm64 version fixing bugs in some of the more obscure bus_space(9)
kettenis [Sat, 24 Apr 2021 21:37:41 +0000 (21:37 +0000)]
Sync with arm64 version fixing bugs in some of the more obscure bus_space(9)
functions.

ok patrick@

3 years agosync
deraadt [Sat, 24 Apr 2021 18:28:34 +0000 (18:28 +0000)]
sync

3 years agoDo not leave errors on the error stack on PKCS12_parse() success.
tb [Sat, 24 Apr 2021 18:16:39 +0000 (18:16 +0000)]
Do not leave errors on the error stack on PKCS12_parse() success.
Fix is the same as OpenSSL commit ffbf304d4832bd51bb0618f8ca5b7c26647ee664

Found by Alex Gaynor with a new pyca cryptography regress test.

ok inoguchi

3 years agoEnable the new verifier again so hopefully the remaining kinks get ironed
tb [Sat, 24 Apr 2021 18:10:12 +0000 (18:10 +0000)]
Enable the new verifier again so hopefully the remaining kinks get ironed
out in this release cycles.

discussed with deraadt and jsing

3 years agoremove bgpd warning message exposed by "bgpctl show rib peer out" for
deraadt [Sat, 24 Apr 2021 17:04:24 +0000 (17:04 +0000)]
remove bgpd warning message exposed by "bgpctl show rib peer out" for
non-existant peer; the bgpctl command exposes the error itself
ok claudio

3 years agoThe variation in access size requirements and spacing of registers of
kettenis [Sat, 24 Apr 2021 10:33:09 +0000 (10:33 +0000)]
The variation in access size requirements and spacing of registers of
NS16550 clones is a bit of a mess.  There are FDT properties that describe
these but these proprties are optional for some variants and the default
values depend on the compatible string being used.  Most variants that have
shown up in the ARM world use 32-bit access and spacing.  But true NS16550A
implementations of course use 8-bit access and spacing.  So look at the
compatible strings to set up the appropriate defaults.  Makes the "true"
NS16550A implemented by QEMU work for RISCV targets.

ok jsg@, drahn@

3 years agoRemove unused function pointers from `todr_handle'.
mpi [Sat, 24 Apr 2021 10:15:14 +0000 (10:15 +0000)]
Remove unused function pointers from `todr_handle'.

from miod@

3 years agoConvert allocations to km_alloc(9).
mpi [Sat, 24 Apr 2021 09:44:44 +0000 (09:44 +0000)]
Convert allocations to km_alloc(9).

Also document an existing bug where the mapping for `pm_pdir_intel' is
lost when PAE is enabled.

With inputs from hshoexer@, tested by bluhm@, ok mlarkin@

3 years agoIf MSI-X vectors are available, create multiple tx/rx queues, configure
jmatthew [Sat, 24 Apr 2021 09:37:46 +0000 (09:37 +0000)]
If MSI-X vectors are available, create multiple tx/rx queues, configure
RSS, and use the RSS hash value as a flow ID for received packets.

ok dlg@

3 years agoAdd cduart(4), a driver for the Cadence UART found on Xilinx Zynq SoCs.
visa [Sat, 24 Apr 2021 07:49:11 +0000 (07:49 +0000)]
Add cduart(4), a driver for the Cadence UART found on Xilinx Zynq SoCs.

Tested on Xilinx Zynq-7000.

Input and OK kettenis@

3 years agoreduce diff to other archs
jsg [Sat, 24 Apr 2021 06:08:41 +0000 (06:08 +0000)]
reduce diff to other archs

ok deraadt@ mlarkin@

3 years agoadd gfrtc(4)
jsg [Sat, 24 Apr 2021 05:16:27 +0000 (05:16 +0000)]
add gfrtc(4)

3 years agoAdd gfrtc a driver for the real-time clock interface of Google's
jsg [Sat, 24 Apr 2021 05:14:45 +0000 (05:14 +0000)]
Add gfrtc a driver for the real-time clock interface of Google's
Goldfish Android virtual hardware platform.  Used for the RTC on
qemu-system-riscv64 -M virt.

feedback and ok kettenis@

3 years agoRemove "-4" option treatment and use it always on s_server test in appstest.sh
inoguchi [Sat, 24 Apr 2021 00:10:43 +0000 (00:10 +0000)]
Remove "-4" option treatment and use it always on s_server test in appstest.sh

3 years agoSetting variable arpinit_done is not MP save if we want to execute
bluhm [Fri, 23 Apr 2021 21:55:36 +0000 (21:55 +0000)]
Setting variable arpinit_done is not MP save if we want to execute
arp_rtrequest() in parallel.  Move initialization to arpinit()
function.
OK kettenis@ mvs@

3 years agoThe variable la_hold_total contains the number of packets currently
bluhm [Fri, 23 Apr 2021 21:47:32 +0000 (21:47 +0000)]
The variable la_hold_total contains the number of packets currently
in the arp queue.  So the sysctl net.inet.ip.arpqueued must be read
only.  In if_ether.c include the header with the declaration of
la_hold_total to ensure that the definition matches.
OK mvs@

3 years agoEnable test-renegotiation-changed-clienthello.py but skip
tb [Fri, 23 Apr 2021 21:01:45 +0000 (21:01 +0000)]
Enable test-renegotiation-changed-clienthello.py but skip
"drop extended_master_secret in renegotiation" since we don't
support this extension.

3 years agowhitespace
tb [Fri, 23 Apr 2021 18:30:18 +0000 (18:30 +0000)]
whitespace

3 years agoAdd MID_RISCV64 and EM_RISCV to enable riscv64
drahn [Fri, 23 Apr 2021 15:53:07 +0000 (15:53 +0000)]
Add MID_RISCV64 and EM_RISCV to enable riscv64
ok deraadt@

3 years agoFile was accidentally duplicated on inital checkin, remove dup.
drahn [Fri, 23 Apr 2021 15:31:12 +0000 (15:31 +0000)]
File was accidentally duplicated on inital checkin, remove dup.

3 years agoenable viornd(4) on riscv64
jsg [Fri, 23 Apr 2021 13:03:40 +0000 (13:03 +0000)]
enable viornd(4) on riscv64

3 years agoenable syscon(4) on riscv64
jsg [Fri, 23 Apr 2021 12:49:53 +0000 (12:49 +0000)]
enable syscon(4) on riscv64
makes reboot and poweroff work with qemu

ok kettenis@

3 years agoAdjust support for "syscon-reboot" and "syscon-poweroff" for the updated
kettenis [Fri, 23 Apr 2021 12:38:00 +0000 (12:38 +0000)]
Adjust support for "syscon-reboot" and "syscon-poweroff" for the updated
bindings in mainline Linux.  Necessary to support the QEMY RISCV target.

ok jsg@

3 years agobuild with -Werror
jsg [Fri, 23 Apr 2021 12:09:45 +0000 (12:09 +0000)]
build with -Werror
ok mlarkin@

3 years agocast TCB_GET() to void * to avoid -Wpointer-integer-compare warning
jsg [Fri, 23 Apr 2021 12:07:14 +0000 (12:07 +0000)]
cast TCB_GET() to void * to avoid -Wpointer-integer-compare warning
when building kern_sig.c
ok mlarkin@

3 years agoreuse arm64 openprom(4) on riscv64
jsg [Fri, 23 Apr 2021 12:01:02 +0000 (12:01 +0000)]
reuse arm64 openprom(4) on riscv64
ok kettenis@

3 years agoRemove the sysctl kern.allowdt code from kernel if dt(4) is not
bluhm [Fri, 23 Apr 2021 07:21:02 +0000 (07:21 +0000)]
Remove the sysctl kern.allowdt code from kernel if dt(4) is not
configured.  This will result in a "value is not available" error
from sysctl when trying to enable dt on a kernel without support.
The variable allowdt should be in the device, not in sysctl source.
We don't need #ifdef for extern and prototypes.
OK mpi@

3 years agoWhen we have a single tx/rx queue, the cp ring is also used for async
jmatthew [Fri, 23 Apr 2021 07:00:58 +0000 (07:00 +0000)]
When we have a single tx/rx queue, the cp ring is also used for async
events, so it can't be allocated when the interface is brought up and
freed when it's taken down.

ok dlg@

3 years agospelling
jsg [Fri, 23 Apr 2021 05:40:06 +0000 (05:40 +0000)]
spelling

3 years agoCreate separate structures for rx and tx queues to allow creating multiples
jmatthew [Fri, 23 Apr 2021 04:58:34 +0000 (04:58 +0000)]
Create separate structures for rx and tx queues to allow creating multiples
of each of them, and prepare for having multiple completion rings.

ok dlg@

3 years agoInclude sys/systm.h in riscv64 db files,
drahn [Fri, 23 Apr 2021 04:36:05 +0000 (04:36 +0000)]
Include sys/systm.h in riscv64 db files,
matches other archs, fixes -Werror failues,
ok jsg@

3 years agoadd missing break
jsg [Fri, 23 Apr 2021 04:35:54 +0000 (04:35 +0000)]
add missing break
ok drahn@

3 years agocall klist_invalidate from bpfsdetach to tell kq listeners what happened.
dlg [Fri, 23 Apr 2021 03:43:19 +0000 (03:43 +0000)]
call klist_invalidate from bpfsdetach to tell kq listeners what happened.

without this, something using a kevent to monitor a bpf fd on an
idle interface never has the event fire, which means it never
realises the interface goes away. with this, the read event goes
off and the next read fails with EIO, like pretty much every other
driver when the underlying device is removed.

ok claudio@ visa@ jmatthew@

3 years agoonly skip pf once for packets that are injected by a divert-packet socket.
dlg [Fri, 23 Apr 2021 03:29:24 +0000 (03:29 +0000)]
only skip pf once for packets that are injected by a divert-packet socket.

when a divert socket gets a packet from userland to send back through
the kernel, it marks it as diverted so pf knows not to divert it
back to userland again. this marking stuck to the packet though,
so if it went through pf again (eg, on the way out of the network
stack) pf would skip it again. this is undesirable if you want pf
to do things to the packet on this outgoing hope, such as nat.

this has pf clear the mark once it's been used, which allows the
next run of a packet through pf to have stuff work on it.

found by some people at parta networks.
ok sashan@ lteo@ bluhm@
bluhm@ also suggested keeping my diff in the same style as the rest of pf.c

3 years agoWe're only going to use the first CoS queue, so only store the ID of that
jmatthew [Fri, 23 Apr 2021 03:23:44 +0000 (03:23 +0000)]
We're only going to use the first CoS queue, so only store the ID of that
one.  Some of this would have got in the way of setting up multiple tx/rx
rings.

ok dlg@

3 years agoInitial import of OpenBSD/riscv64
drahn [Fri, 23 Apr 2021 02:42:16 +0000 (02:42 +0000)]
Initial import of OpenBSD/riscv64

This work is based on the effort:
https://www.openbsd.org/papers/Porting_OpenBSD_to_RISCV_FinalReport.pdf
"Porting OpenBSD to RISC-V ISA"
by
Brian Bamsch <bbamsch@google.com>
Wenyan He <wenyan.he@sjsu.edu>
Mars Li <mengshi.li.mars@gmail.com>
Shivam Waghela <shivamwaghela@gmail.com>

With additional work by Dale Rahn <drahn@openbsd.org>

3 years agoUse the long version of the bwfm(4) firmware path, which includes the
patrick [Thu, 22 Apr 2021 22:14:30 +0000 (22:14 +0000)]
Use the long version of the bwfm(4) firmware path, which includes the
board's compatible string, when printing an error about not being able
to load the firmware.  Since most NVRAM files are board- or package-
specific, having the compatible makes it easier for us to find the
correct files, so that we can add them to the bwfm-firmware port.

ok kurt@

3 years agoAdd a non-interactive version of query-replace-regexp function called
lum [Thu, 22 Apr 2021 19:50:55 +0000 (19:50 +0000)]
Add a non-interactive version of query-replace-regexp function called
replace-regexp. Unfortunately query-replace-regexp can't be used in a
startup file.

3 years agovmd(8): guard against bad virtio drivers
dv [Thu, 22 Apr 2021 18:40:21 +0000 (18:40 +0000)]
vmd(8): guard against bad virtio drivers

Add protections against guests with bad virtio-{blk,net,scsi}
drivers, specifically avoiding invalid descriptor chains and
invalid vionet packet sizes. This helps prevent possible lockup
of the host vm process due to a spinning device event loop thread.

Also fix an unneeded cast in the vioblk handling in case of invalid
buffer lengths.

OK mlarkin@

3 years agoOnly hash known CH extensions
tb [Thu, 22 Apr 2021 18:27:53 +0000 (18:27 +0000)]
Only hash known CH extensions

RFC 4.1.2 specifies the ways in which the extensions in the first and
the second ClientHello may differ.  It basically says that extensions
not known to a server must not change.  This in turn makes it impossible
to introduce new extensions that do change.  It makes little sense to
enforce that extensions we don't know and care about aren't modified,
so make the hashing more lenient and restrict it to the extensions we
do care about.  Arguably, enforcing no change in an unknown extension
is incompatible with the requirement that it be ignored.

ok bcook jsing

3 years agokqueue: Make timer re-addition reset existing timer
visa [Thu, 22 Apr 2021 15:30:12 +0000 (15:30 +0000)]
kqueue: Make timer re-addition reset existing timer

When an existing EVFILT_TIMER filter is re-added, cancel the existing
timer and any pending event, and restart the timer using the new timeout
period. This makes the new timeout period take effect immediately and
matches the behaviour of FreeBSD. Previously, the new setting was
applied only after the existing timer expired.

The timer rescheduling is done by using an f_modify callback. The
reading of timer events is moved from f_event to f_process. f_event of
timer_filtops becomes redundant. Unlike most other event sources, timers
activate knotes directly without using a klist and knote(9).

OK mpi@

3 years agoMark umb(4) as network device instead of a generic one. This also makes
patrick [Thu, 22 Apr 2021 14:06:59 +0000 (14:06 +0000)]
Mark umb(4) as network device instead of a generic one.  This also makes
it show up with the proper category in hotplug scripts.

From Tilo Stritzky
ok groth@ sthen@

3 years agoKeep under #ifdef TMPFS functions to grow/shrink uaobj.
mpi [Thu, 22 Apr 2021 11:54:32 +0000 (11:54 +0000)]
Keep under #ifdef TMPFS functions to grow/shrink uaobj.

ok patrick@

3 years agoIndent and simplify the grammar.
mpi [Thu, 22 Apr 2021 11:53:13 +0000 (11:53 +0000)]
Indent and simplify the grammar.

3 years agoEliminate S/R conflicts and simplify filter grammar.
mpi [Thu, 22 Apr 2021 11:36:11 +0000 (11:36 +0000)]
Eliminate S/R conflicts and simplify filter grammar.

3 years agoRemove trailing whitespace in comment blocks.
dv [Thu, 22 Apr 2021 10:45:21 +0000 (10:45 +0000)]
Remove trailing whitespace in comment blocks.

3 years agoreenable POOL_DEBUG
naddy [Thu, 22 Apr 2021 10:23:07 +0000 (10:23 +0000)]
reenable POOL_DEBUG

3 years agoSimplify token declaration.
mpi [Thu, 22 Apr 2021 10:06:52 +0000 (10:06 +0000)]
Simplify token declaration.

3 years agoSimplify now that TID and PID are now only being parsed as builtin.
mpi [Thu, 22 Apr 2021 09:44:38 +0000 (09:44 +0000)]
Simplify now that TID and PID are now only being parsed as builtin.

3 years agoRemove support for in-kernel filters.
mpi [Thu, 22 Apr 2021 09:36:39 +0000 (09:36 +0000)]
Remove support for in-kernel filters.

This might be added back in a future if copying events to userland becomes
a performance issue.  However note that it is not always possible to filter
in-kernel if, for example. a variable has to be evaluated when a rule fires.

3 years agoAdd a test that roundtrips a bunch of points on all builtin curves
tb [Wed, 21 Apr 2021 20:15:08 +0000 (20:15 +0000)]
Add a test that roundtrips a bunch of points on all builtin curves
via point2oct and oct2point and that checks the corner case in hybrid
encoding that was fixed in ec2_oct.c r1.13.

3 years agoClean up TLSv1.2 certificate request handshake data.
jsing [Wed, 21 Apr 2021 19:27:56 +0000 (19:27 +0000)]
Clean up TLSv1.2 certificate request handshake data.

Currently cert_req is used by clients and cert_request is used by servers.
Replace this by a single cert_request used by either client or server.
Remove the certificate types as they are currently unused. This also fixes
a bug whereby if the number of certificate types exceeds SSL3_CT_NUMBER
the number of bytes read in is insufficient, which will break decoding.

ok inoguchi@ tb@

3 years agoFix packet size checks and remove bad casts.
dv [Wed, 21 Apr 2021 18:27:36 +0000 (18:27 +0000)]
Fix packet size checks and remove bad casts.

Because dhcpsz was an uninitialized ssize_t, it was possible that a
garbage "packet" would be queued on the receiving end of the virtio
network device.

Change the type to size_t and add proper checks based on it being
greater than zero. Remove the cast of ssize_t to uint64_t that also
caused garbage sizes when dhcpsz was unintialized and set at runtime
to something < 0.

3 years agoTurn panic for unknown event type into a printf and return.
kettenis [Wed, 21 Apr 2021 18:11:17 +0000 (18:11 +0000)]
Turn panic for unknown event type into a printf and return.

ok patrick@

3 years agoUse the plenteous BUFSIZE found in mg in lieu of 128.
lum [Wed, 21 Apr 2021 14:45:28 +0000 (14:45 +0000)]
Use the plenteous BUFSIZE found in mg in lieu of 128.

3 years agoremove -p from usage;
jmc [Wed, 21 Apr 2021 13:23:56 +0000 (13:23 +0000)]
remove -p from usage;

3 years agoExtend filters to support any conditionnal test including global variables.
mpi [Wed, 21 Apr 2021 10:53:17 +0000 (10:53 +0000)]
Extend filters to support any conditionnal test including global variables.

Stop using in-kernel filtering for the moment except for not tracing the
tracer.

Keep track of the number of filtered events.

3 years agoAlways initialized min value for an histogram.
mpi [Wed, 21 Apr 2021 10:34:36 +0000 (10:34 +0000)]
Always initialized min value for an histogram.

3 years agoTest local variables, boolean and print() of variables other than maps.
mpi [Wed, 21 Apr 2021 10:30:46 +0000 (10:30 +0000)]
Test local variables, boolean and print() of variables other than maps.