openbsd
8 months agoAnd a pile of TS ASN.1 stuff becomes internal-only, too
tb [Mon, 15 Apr 2024 15:52:46 +0000 (15:52 +0000)]
And a pile of TS ASN.1 stuff becomes internal-only, too

ok jsing

8 months agoX509_NAME_ENTRIES_it and X509_NAME_INTERNAL_it go internal
tb [Mon, 15 Apr 2024 15:52:01 +0000 (15:52 +0000)]
X509_NAME_ENTRIES_it and X509_NAME_INTERNAL_it go internal

It's always good to see something called internal in the public API.

ok jsing

8 months agoAnd here go {,EC}DSA_SIG_it
tb [Mon, 15 Apr 2024 15:49:37 +0000 (15:49 +0000)]
And here go {,EC}DSA_SIG_it

ok jsing

8 months agoAdd scandirat(3); from freebsd
florian [Mon, 15 Apr 2024 15:47:58 +0000 (15:47 +0000)]
Add scandirat(3); from freebsd

To be used in httpd(8) shortly to prevent toctu issues.

This makes __fdopendir internally accessible to avoid unnecessary
syscalls in scandirat(3). Suggested & diff by guenther

suggested by & OK millert
tweak & OK guenther
OK tb, jca

This rides the libc crank.

8 months agoDHparam_it becomes static, too
tb [Mon, 15 Apr 2024 15:47:37 +0000 (15:47 +0000)]
DHparam_it becomes static, too

ok jsing

8 months agoMore X9.62 stuff was never used outside of ec_asn1.c
tb [Mon, 15 Apr 2024 15:46:29 +0000 (15:46 +0000)]
More X9.62 stuff was never used outside of ec_asn1.c

We only need the ASN.1 items.

ok jsing

8 months agoEC_PRIVATEKEY becomes internal-only, too
tb [Mon, 15 Apr 2024 15:44:15 +0000 (15:44 +0000)]
EC_PRIVATEKEY becomes internal-only, too

ok jsing

8 months agoUnexport the ECPKPARAMETERS API
tb [Mon, 15 Apr 2024 15:42:23 +0000 (15:42 +0000)]
Unexport the ECPKPARAMETERS API

ok jsing

8 months agoMake ECPARAMETERS_{new,free,it} internal-only
tb [Mon, 15 Apr 2024 15:41:27 +0000 (15:41 +0000)]
Make ECPARAMETERS_{new,free,it} internal-only

ok jsing

8 months agoMove BIO_CONNECT_{new,free}() to internal-only
tb [Mon, 15 Apr 2024 15:40:08 +0000 (15:40 +0000)]
Move BIO_CONNECT_{new,free}() to internal-only

ok jsing

8 months agoRemove ASN1_time_clamp_not_after() from Symbols.list
tb [Mon, 15 Apr 2024 15:37:37 +0000 (15:37 +0000)]
Remove ASN1_time_clamp_not_after() from Symbols.list

This was only ever semi-public and libtls no longer uses it since it was
switched to the BoringSSL POSIX time API.

ok jsing

8 months agosync libc bump
tb [Mon, 15 Apr 2024 15:34:11 +0000 (15:34 +0000)]
sync libc bump

8 months agowhee libc 100. break all the things
tb [Mon, 15 Apr 2024 15:32:12 +0000 (15:32 +0000)]
whee libc 100. break all the things

8 months agoremove unused __bswap16, __bswap32 MD functions from arm and aarch64
naddy [Mon, 15 Apr 2024 15:21:11 +0000 (15:21 +0000)]
remove unused __bswap16, __bswap32 MD functions from arm and aarch64

ok miod@

8 months agoRegen after sigsuspend and __thrsigdivert unlock
claudio [Mon, 15 Apr 2024 15:09:26 +0000 (15:09 +0000)]
Regen after sigsuspend and __thrsigdivert unlock

8 months agosigsuspend and __thrsigdivert no longer require the KERNEL_LOCK since
claudio [Mon, 15 Apr 2024 15:08:20 +0000 (15:08 +0000)]
sigsuspend and __thrsigdivert no longer require the KERNEL_LOCK since
dosigsuspend() no longer needs it.
OK mvs@ mpi@

8 months agoEnable negative zero checks for BN_clear_bit() and BN_mask_bits().
jsing [Mon, 15 Apr 2024 14:36:16 +0000 (14:36 +0000)]
Enable negative zero checks for BN_clear_bit() and BN_mask_bits().

8 months agoPrevent negative zero from being created via BN bit functions.
jsing [Mon, 15 Apr 2024 14:35:25 +0000 (14:35 +0000)]
Prevent negative zero from being created via BN bit functions.

Both BN_clear_bit() and BN_mask_bits() can create zero values - in both
cases ensure that the negative sign is correctly handled if the value
becomes zero.

Thanks to Guido Vranken for providing a reproducer.

Fixes oss-fuzz #67901

ok tb@

8 months agodrop htonl(), htons(), ntohl(), ntohs() MD functions from libc
naddy [Mon, 15 Apr 2024 14:30:48 +0000 (14:30 +0000)]
drop htonl(), htons(), ntohl(), ntohs() MD functions from libc

Userland code compiled in a normal fashion picks up the htonl(),
htons(), ntohl(), ntohs() macros implemented by endian.h.  The
functions in libc are effectively unused.  Keep the MI functions
in case something looks for the symbols in libc or plays games
with #undef, but change them to wrap the implementation from
endian.h.

tweaks suggested by claudio@, ok miod@

8 months agoDon't wait forever in nvme_poll(). Respect the timeout provided by a scsi_xfer.
krw [Mon, 15 Apr 2024 14:25:10 +0000 (14:25 +0000)]
Don't wait forever in nvme_poll(). Respect the timeout provided by a scsi_xfer.
Define values for internal commands (identity and queue ops) that are polled.

Adapted from work by jdolecek@netbsd.

Feedback/suggestions deraadt@, testing by jca@, ok jmatthew@.

8 months agohint that the tcp timeout values can be adjusted collectively via
jmc [Mon, 15 Apr 2024 14:06:52 +0000 (14:06 +0000)]
hint that the tcp timeout values can be adjusted collectively via
"set optimization"; from jesper wallin

ok bluhm

8 months agodocument tcp.tsdiff; from jesper wallin
jmc [Mon, 15 Apr 2024 14:04:49 +0000 (14:04 +0000)]
document tcp.tsdiff; from jesper wallin
ok bluhm

8 months agoDon't hang in nvme_poll() if the nvme controller has disconnected from the pcie
krw [Mon, 15 Apr 2024 13:58:48 +0000 (13:58 +0000)]
Don't hang in nvme_poll() if the nvme controller has disconnected from the pcie
bus. i.e. if register reads start returning 0xffffffff.

Feedback/suggestions deraadt@, testing by jca@, ok jmatthew@.

8 months agoUse the manifest location as additional differentiator when comparing CRLs
job [Mon, 15 Apr 2024 13:57:45 +0000 (13:57 +0000)]
Use the manifest location as additional differentiator when comparing CRLs

OK tb@

8 months agoSync to autoconf 2.71 upstream built infrastructure
florian [Mon, 15 Apr 2024 12:44:24 +0000 (12:44 +0000)]
Sync to autoconf 2.71 upstream built infrastructure

This reduces the diff when doing updates considerably.
No change in .o files.

Much help & OK sthen

8 months agoFixes for memory leaks reported by Lu Ming Yin, fixes from Howard Chu.
nicm [Mon, 15 Apr 2024 08:19:55 +0000 (08:19 +0000)]
Fixes for memory leaks reported by Lu Ming Yin, fixes from Howard Chu.

8 months agoadd an EXAMPLES section with a simple config file, similar to the wireless
jmc [Mon, 15 Apr 2024 06:12:46 +0000 (06:12 +0000)]
add an EXAMPLES section with a simple config file, similar to the wireless
pages;

started by a request from julian huhn, and adapted from a diff from
gerhard;

feedback claudio kevlo sthen gerhard
ok kevlo

8 months agodrm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes
jsg [Mon, 15 Apr 2024 01:48:11 +0000 (01:48 +0000)]
drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes

From Shradha Gupta
5c1dc516f52a5a0c0370086509ec12e6c3acb428 in linux-6.6.y/6.6.27
048a36d8a6085bbd8ab9e5794b713b92ac986450 in mainline linux

8 months agodrm: Check output polling initialized before disabling
jsg [Mon, 15 Apr 2024 01:46:03 +0000 (01:46 +0000)]
drm: Check output polling initialized before disabling

From Shradha Gupta
3d1b47e3a935abd4f258a945db87e7267ff4079c in linux-6.6.y/6.6.27
5abffb66d12bcac84bf7b66389c571b8bb6e82bd in mainline linux

8 months agodrm/amd/display: Fix nanosec stat overflow
jsg [Mon, 15 Apr 2024 01:43:44 +0000 (01:43 +0000)]
drm/amd/display: Fix nanosec stat overflow

From Aric Cyr
953fee8160f1adf2929b9588c043170563c6ac4d in linux-6.6.y/6.6.27
14d68acfd04b39f34eea7bea65dda652e6db5bf6 in mainline linux

8 months agodrm/ttm: return ENOSPC from ttm_bo_mem_space v3
jsg [Mon, 15 Apr 2024 01:42:21 +0000 (01:42 +0000)]
drm/ttm: return ENOSPC from ttm_bo_mem_space v3

From Christian Koenig
852ad6a4f55c1e90123eff6d957119d4d5f27726 in linux-6.6.y/6.6.27
28e5126718c7b306b8c29d2ae8f48417e9303aa1 in mainline linux

8 months agoamdkfd: use calloc instead of kzalloc to avoid integer overflow
jsg [Mon, 15 Apr 2024 01:40:36 +0000 (01:40 +0000)]
amdkfd: use calloc instead of kzalloc to avoid integer overflow

From Dave Airlie
315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 in linux-6.6.y/6.6.27
3b0daecfeac0103aba8b293df07a0cbaf8b43f29 in mainline linux

8 months agoRun raw IP input in parallel.
bluhm [Sun, 14 Apr 2024 20:46:27 +0000 (20:46 +0000)]
Run raw IP input in parallel.

Running raw IPv4 input with shared net lock in parallel is less
complex than UDP.  Especially there is no socket splicing.

New ip_deliver() may run with shared or exclusive net lock.  The
last parameter indicates the mode.  If is is running with shared
netlock and encounters a protocol that needs exclusive lock, the
packet is queued.  Old ip_ours() always queued the packet.  Now it
calls ip_deliver() with shared net lock, and if that cannot handle
the packet completely, the packet is queued and later processed
with exclusive net lock.

In case of an IPv6 header chain, that switches from shared to
exclusive processing, the next protocol and mbuf offset are stored
in a mbuf tag.

OK mvs@

8 months agoTurn sp_tlb_flush_{ctx,pte} into function pointers, and pick one out of three
miod [Sun, 14 Apr 2024 19:08:09 +0000 (19:08 +0000)]
Turn sp_tlb_flush_{ctx,pte} into function pointers, and pick one out of three
flavours: pre-usIII, usIII, and sun4v.

This allows us to get rid of the HORRID_III_HACK define in locore and switch
pre-usIII systems to the older, slightly simpler, code for these routines.

ok claudio@ kettenis@

8 months agoDelete support for the LESSOPEN and LESSCLOSE environment variables
guenther [Sun, 14 Apr 2024 18:11:54 +0000 (18:11 +0000)]
Delete support for the LESSOPEN and LESSCLOSE environment variables
aka the "Input Preprocessor": it's been a source for multiple
security bugs in the past as everything has to deal with handling
arbitrary filenames and generally resulted in multiple TOCTOU issues.
The base system never included a default LESSOPEN setting like some
Linux distributions did, but it's a suds-filled sink full of knives
to try to use safely.

ok tb@ deraadt@ millert@

8 months agot22 and t23 can fail if the first chunk ends up being allocated at
otto [Sun, 14 Apr 2024 17:47:41 +0000 (17:47 +0000)]
t22 and t23 can fail if the first chunk ends up being allocated at
the very end of the page. Circumvent that. Reported by and fix ok
anton@

8 months agostop erroring if <file>.orig exists
phessler [Sun, 14 Apr 2024 17:24:15 +0000 (17:24 +0000)]
stop erroring if <file>.orig exists

OK op@ rsadowski@ kn@

8 months agoFix indent
tb [Sun, 14 Apr 2024 15:41:09 +0000 (15:41 +0000)]
Fix indent

pointed out by jsing

8 months agoDelete a few more GOST remnants
tb [Sun, 14 Apr 2024 14:14:14 +0000 (14:14 +0000)]
Delete a few more GOST remnants

When I unifdefed GOST support, the tree wasn't fully unlocked, so I didn't
want to touch a public header. All this code is in #ifndef OPENSSL_NO_GOST,
which we define.

ok jsing

8 months agoadd maturin as MODPY_PYBUILD backend
sthen [Sun, 14 Apr 2024 12:09:28 +0000 (12:09 +0000)]
add maturin as MODPY_PYBUILD backend

8 months agoZap trailing whitespace.
florian [Sun, 14 Apr 2024 11:21:08 +0000 (11:21 +0000)]
Zap trailing whitespace.

OK tb

8 months agoRemove documentation of no longer available API
tb [Sun, 14 Apr 2024 10:56:18 +0000 (10:56 +0000)]
Remove documentation of no longer available API

8 months agoImplement support for AVX-512. This required some fixes to the so-far
kettenis [Sun, 14 Apr 2024 09:59:04 +0000 (09:59 +0000)]
Implement support for AVX-512.  This required some fixes to the so-far
unused Skylake AVX-512 MDS handler and increases the ci_mds_tmp array to
64 bytes.  With help from guenther@

ok deraadt@, guenther@

8 months agoless: escape newlines in file names
tb [Sun, 14 Apr 2024 08:34:00 +0000 (08:34 +0000)]
less: escape newlines in file names

Newlines in a filename can lead to arbitrary code execution
https://marc.info/?l=oss-security&m=171292433330233&w=2
via LESSOPEN.  The diff is a straightforward adaptation of
https://github.com/gwsw/less/commit/007521ac3c95bc76

The better fix is deleting the misfeatures that are LESSOPEN
and LESSCLOSE which will happen in a separate commit.

diff looks good to guenther

8 months agowith empty body loops, put final semicolon on a new line for readability
jsg [Sun, 14 Apr 2024 03:26:25 +0000 (03:26 +0000)]
with empty body loops, put final semicolon on a new line for readability
ok bluhm@ jca@

8 months agoput loop body on a new line
jsg [Sun, 14 Apr 2024 03:23:13 +0000 (03:23 +0000)]
put loop body on a new line
ok bluhm@ jca@

8 months agoavoid uninitialised var use
jsg [Sun, 14 Apr 2024 00:38:26 +0000 (00:38 +0000)]
avoid uninitialised var use
found by smatch, ok miod@

8 months agocorrect indentation
jsg [Sat, 13 Apr 2024 23:44:11 +0000 (23:44 +0000)]
correct indentation

no functional change, found by smatch warnings
ok miod@ bluhm@

8 months agovmm: protect vmm activation with the vmm_softc rwlock.
dv [Sat, 13 Apr 2024 21:57:22 +0000 (21:57 +0000)]
vmm: protect vmm activation with the vmm_softc rwlock.

Syzbot found a race when enabling vmm mode on multiprocessor systems.

Protect the vmm start/stop lifecycle by taking the write lock used
for protecting the status of the vmm device.

Reported-by: syzbot+6ae9cec00bbe45fd7782@syzkaller.appspotmail.com
ok gnezdo@

8 months agocheck group and world permissions of iked psk files
jrick [Sat, 13 Apr 2024 15:58:10 +0000 (15:58 +0000)]
check group and world permissions of iked psk files

Similar to the permission checks performed on iked.conf(5) due to the
possibility of it containing inline psk strings, require psk files to not be
group writable or world read-writable.

ok tobhe@

8 months agoReadd FFS_MAX_SOFTDEPS define
jca [Sat, 13 Apr 2024 15:08:37 +0000 (15:08 +0000)]
Readd FFS_MAX_SOFTDEPS define

For consistency with other removed indexes which are still around.
No functional change except for the new define.  ok tb@

8 months agoZap unused sd_* softdep sysctl names
jca [Sat, 13 Apr 2024 15:07:10 +0000 (15:07 +0000)]
Zap unused sd_* softdep sysctl names

ok tb@

8 months agoRenove unused function and prototype.
kettenis [Sat, 13 Apr 2024 14:20:48 +0000 (14:20 +0000)]
Renove unused function and prototype.

ok jsg@

8 months agoSplit out Spectre-V2 and Spectre-BHB mitigation code like I did for
kettenis [Sat, 13 Apr 2024 14:19:39 +0000 (14:19 +0000)]
Split out Spectre-V2 and Spectre-BHB mitigation code like I did for
Spectre-V4 a few weeks ago.  Treat Qualcomm Kryo 400 Silver like Cortex-A55
for Spectre-V2 since that is what is is.

ok jsg@

8 months agoError check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl()
tb [Sat, 13 Apr 2024 14:02:51 +0000 (14:02 +0000)]
Error check X509_ALGOR_set0() in {dsa,ec}_pkey_ctrl()

These are four versions of near identical code: PKCS#7 and CMS controls
for DSA and EC. The checks are rather incomplete and should probably be
merged somehow (see the Ed25519 version in ecx_methods(). For now, only
replace X509_ALGOR_set0() with its internal by_nid() version and, while
there, spell NULL correctly.

ok jca

8 months agosync to unbound 1.19.3
florian [Sat, 13 Apr 2024 13:58:34 +0000 (13:58 +0000)]
sync to unbound 1.19.3

heavy lifting by & OK sthen

8 months agoUnwrap a line for consistency with other copy-pasted versions
tb [Sat, 13 Apr 2024 13:57:54 +0000 (13:57 +0000)]
Unwrap a line for consistency with other copy-pasted versions

8 months agomerge unbound 1.19.3
sthen [Sat, 13 Apr 2024 12:24:57 +0000 (12:24 +0000)]
merge unbound 1.19.3

8 months agoimport unbound 1.19.3, ok florian
sthen [Sat, 13 Apr 2024 12:23:45 +0000 (12:23 +0000)]
import unbound 1.19.3, ok florian

8 months agodocument "psk file path" notation; from josh rickmar
jmc [Sat, 13 Apr 2024 12:11:08 +0000 (12:11 +0000)]
document "psk file path" notation; from josh rickmar
ok tobhe

8 months agoremove useless includes of ip.h and ip6.h
jan [Fri, 12 Apr 2024 19:27:43 +0000 (19:27 +0000)]
remove useless includes of ip.h and ip6.h

ok bluhm

8 months agoSplit single TCP inpcb table into IPv4 and IPv6 parts.
bluhm [Fri, 12 Apr 2024 16:07:09 +0000 (16:07 +0000)]
Split single TCP inpcb table into IPv4 and IPv6 parts.

With two separate TCP hash tables, each one becomes smaller.  When
we remove the exclusive net lock from TCP, contention on internet
PCB table mutex will be reduced.  UDP has been split earlier into
IPv4 and IPv6.  Replace branch conditions based on INP_IPV6 with
assertions.

OK mvs@

8 months agoUpdate to nsd 4.9.1
florian [Fri, 12 Apr 2024 15:53:34 +0000 (15:53 +0000)]
Update to nsd 4.9.1

sparc64 built test by tb
OK tb, sthen

8 months agomerge unbound update
sthen [Fri, 12 Apr 2024 15:45:24 +0000 (15:45 +0000)]
merge unbound update

8 months agoimport unbound 1.19.2, reminded by florian@
sthen [Fri, 12 Apr 2024 15:44:27 +0000 (15:44 +0000)]
import unbound 1.19.2, reminded by florian@
(yes I know there is a newer one, I'll update on top)

8 months agoIn snmpd_metrics process keep file descriptors 0 1 2 open.
bluhm [Fri, 12 Apr 2024 14:17:42 +0000 (14:17 +0000)]
In snmpd_metrics process keep file descriptors 0 1 2 open.

stdin, stdout, stderr are reserverd.  They should point to a terminal,
a redirect file or pipe, or /dev/null.  Closing them and allocating
arbitrary files in those places is not good.  Call closefrom with
4 to keep /dev/null open in snmpd_metrics.

OK martijn@

8 months agoAvoid snprintf() of NULL when _nc_get_source() returns NULL.
millert [Fri, 12 Apr 2024 14:10:28 +0000 (14:10 +0000)]
Avoid snprintf() of NULL when _nc_get_source() returns NULL.
The filename buffer is not actually used in this case but it is
safer to set it to the empty string than to leave it uninitialized.
OK tb@

8 months agoFix race between rip_input() and soisdisconnected().
bluhm [Fri, 12 Apr 2024 12:25:58 +0000 (12:25 +0000)]
Fix race between rip_input() and soisdisconnected().

Setting SS_CANTRCVMORE is protected by mutex of receive socket
buffer.  The raw inpcb loop in rip_input() does a lockless access.
Protect it with READ_ONCE(), although it is not perfect.  Check the
socket buffer state again when the mutex is held.  Drop and count
the packet that is processed between the checks.

Currently soisdisconnected() is called with exclusive net lock.
The new code also works without net lock.

OK mvs@

8 months agoFix warning about delta element issues in the Update Notification File XML
job [Fri, 12 Apr 2024 11:50:29 +0000 (11:50 +0000)]
Fix warning about delta element issues in the Update Notification File XML

OK tb@

8 months agobio_enc: various basic cleanup
tb [Fri, 12 Apr 2024 11:10:34 +0000 (11:10 +0000)]
bio_enc: various basic cleanup

Call a BIO bio rather than bi, a, or b; don't cast when assigning from
or to a (void *). Drop loads of silly redundant parentheses, use better
order of variable declarations.

No change in the generated assembly

8 months agocorrect loop in channel set function
jsg [Fri, 12 Apr 2024 09:56:39 +0000 (09:56 +0000)]
correct loop in channel set function
found by smatch indent warning
ok kevlo@ stsp@

8 months agoGarbage collect various *_init() pmeths
tb [Fri, 12 Apr 2024 09:41:39 +0000 (09:41 +0000)]
Garbage collect various *_init() pmeths

It's unclear whether the functions these support were ever really
used for anything else than kicking off an overenginerred state
machine.

ok jsing

8 months agoFix a potential NULL-deref in EVP_PKEY_keygen()
tb [Fri, 12 Apr 2024 02:56:15 +0000 (02:56 +0000)]
Fix a potential NULL-deref in EVP_PKEY_keygen()

After a EVP_PKEY_new() failure, a NULL pointer would be passed to the
keygen pmeth, which could result in tears.

ok beck jsing

8 months agognu/cvs: avoid a harmless configure warning
tb [Fri, 12 Apr 2024 02:51:52 +0000 (02:51 +0000)]
gnu/cvs: avoid a harmless configure warning

Ever since the prehistoric zlib was removed last fall, the configure script
would complain because of a missing file:
sed: 0: /usr/src/gnu/usr.bin/cvs/zlib/Makefile.in: No such file or directory

noticed by deraadt
ok bluhm

8 months agofix non-auto setting of extended media type bits
jsg [Fri, 12 Apr 2024 01:54:21 +0000 (01:54 +0000)]
fix non-auto setting of extended media type bits
found by smatch warning about uninitialised var use
ok jmatthew@

8 months agoRegen
kevlo [Fri, 12 Apr 2024 00:44:07 +0000 (00:44 +0000)]
Regen

8 months agoAdd support for CH343 uart.
kevlo [Fri, 12 Apr 2024 00:43:32 +0000 (00:43 +0000)]
Add support for CH343 uart.
The CH343 devices support any baud rate up to 6 Mbps.

ok miod@

8 months agocorrect value of XFEATURE_AMX
jsg [Thu, 11 Apr 2024 23:00:13 +0000 (23:00 +0000)]
correct value of XFEATURE_AMX
ok miod@ guenther@

8 months agoStop making <machine/pmap.h> include <machine/pte.h>, and fix the very few
miod [Thu, 11 Apr 2024 18:58:44 +0000 (18:58 +0000)]
Stop making <machine/pmap.h> include <machine/pte.h>, and fix the very few
files which really need <machine/pte.h> guts.

8 months agoRemove repeated type declaration that makes bison unhappy
tb [Thu, 11 Apr 2024 18:07:55 +0000 (18:07 +0000)]
Remove repeated type declaration that makes bison unhappy

Fixes: https://github.com/openbgpd-portable/openbgpd-portable/issues/77

ok claudio

8 months agoFix previous: it should not have removed the "max_softdeps" entry
otto [Thu, 11 Apr 2024 16:31:30 +0000 (16:31 +0000)]
Fix previous: it should not have removed the "max_softdeps" entry
to keep the indexes consistent. ok deraadt@

8 months agoPrevent changing interface loopback flag from userland.
bluhm [Thu, 11 Apr 2024 15:08:18 +0000 (15:08 +0000)]
Prevent changing interface loopback flag from userland.

IFF_LOOPBACK is telling userland the behaviour of a specific driver,
it is supposed to be static and permanent.  Clearing the loopback
flag on lo0 could lead to a kernel crash due to inconsistent multicast
igmp group.

Reported-by: syzbot+2f24ed6c8ddb2d6bb22c@syzkaller.appspotmail.com
OK claudio@ deraadt@

8 months agoDon't take solock() in soreceive() for SOCK_RAW inet sockets.
mvs [Thu, 11 Apr 2024 13:32:51 +0000 (13:32 +0000)]
Don't take solock() in soreceive() for SOCK_RAW inet sockets.

For inet sockets solock() is the netlock wrapper, so soreceive() could
be performed simultaneous with exclusively locked code paths.

These sockets are not connection oriented, they don't call pru_rcvd(),
they can't be spliced, they don't set `so_error'. Nothing to protect
with solock() in soreceive() path.

`so_rcv' buffer protected by `sb_mtx' mutex(9), but since it released,
sblock() required to serialize concurrent soreceive() and sorflush()
threads. Current sblock() is some kind of rwlock(9) implementation, so
introduce `sb_lock' rwlock(9) and use it directly for that purpose.

The sorflush() and callers were refactored to avoid solock() for raw
inet sockets. This was done to avoid packet processing stop.

Tested and ok bluhm.

8 months agoTake solock_shared() in soo_stat().
mvs [Thu, 11 Apr 2024 08:33:37 +0000 (08:33 +0000)]
Take solock_shared() in soo_stat().

Only unix(4) and tcp(4) sockets set (*pru_sence)() handler. The rest of
soo_stat() is the read only access.

ok bluhm

8 months agoUse != NULL for pointer check. No binary change.
claudio [Thu, 11 Apr 2024 08:33:15 +0000 (08:33 +0000)]
Use != NULL for pointer check. No binary change.

8 months agoRemove parentheses after return
tb [Thu, 11 Apr 2024 06:49:19 +0000 (06:49 +0000)]
Remove parentheses after return

This file was very undecided what style to choose and often changed its
mind in the middle of a function. No change in the generated assembly.

8 months agoMatch on ConnectX-6 virtual functions too, since they don't seem to be
jmatthew [Thu, 11 Apr 2024 06:42:12 +0000 (06:42 +0000)]
Match on ConnectX-6 virtual functions too, since they don't seem to be
any different to earlier revisions.

from Brad

8 months agoRework internal tm_to_*() converters
tb [Thu, 11 Apr 2024 06:42:09 +0000 (06:42 +0000)]
Rework internal tm_to_*() converters

Make them static. Don't make them allocate if passed a NULL ASN1_TIME to
avoid leaks. This currently means that we accept a NULL and succeed. That's
very ugly but better than what we have now.

Simplify ASN1_TIME_set_string_internal() accordingly and allocate an
ASN1_TIME at the API boundary of ASN1_TIME_adj_internal() and of
ASN1_TIME_to_generalized_time().

ok beck (after a lot of squealing and distress)

8 months agoAdd support for media types from the extended ethernet capabilities fields.
jmatthew [Thu, 11 Apr 2024 05:30:55 +0000 (05:30 +0000)]
Add support for media types from the extended ethernet capabilities fields.
If none of the regular ethernet capabilities are present, check the extended
capabilities.  Since we only report that the link is active if there's a
detected media type, this isn't just a cosmetic change.

Joerg Streckfuss reported that a gigabit SFP didn't work in a ConnectX-6 Lx,
and tested that this change makes it work.

ok dlg@

8 months agodrm/i915/gt: Enable only one CCS for compute workload
jsg [Thu, 11 Apr 2024 03:40:05 +0000 (03:40 +0000)]
drm/i915/gt: Enable only one CCS for compute workload

From Andi Shyti
a7ff84a6fe5ae8889a5f1c97008358836bd7f947 in linux-6.6.y/6.6.26
6db31251bb265813994bfb104eb4b4d0f44d64fb in mainline linux

8 months agodrm/i915/gt: Do not generate the command streamer for all the CCS
jsg [Thu, 11 Apr 2024 03:35:18 +0000 (03:35 +0000)]
drm/i915/gt: Do not generate the command streamer for all the CCS

From Andi Shyti
726ff623869ddc3de887d99296cac3c849061b21 in linux-6.6.y/6.6.26
ea315f98e5d6d3191b74beb0c3e5fc16081d517c in mainline linux

8 months agodrm/i915/gt: Disable HW load balancing for CCS
jsg [Thu, 11 Apr 2024 03:33:42 +0000 (03:33 +0000)]
drm/i915/gt: Disable HW load balancing for CCS

From Andi Shyti
c1f7ce2a11a945044d9d5556e638efdca70fb321 in linux-6.6.y/6.6.26
bc9a1ec01289e6e7259dc5030b413a9c6654a99a in mainline linux

8 months agodrm/prime: Unbreak virtgpu dma-buf export
jsg [Thu, 11 Apr 2024 03:31:39 +0000 (03:31 +0000)]
drm/prime: Unbreak virtgpu dma-buf export

From Rob Clark
cc4d9f0597ee1f1f94323611ae5d7473ddf2a99a in linux-6.6.y/6.6.26
a4ec240f6b7c21cf846d10017c3ce423a0eae92c in mainline linux

8 months agodrm/amd: Flush GFXOFF requests in prepare stage
jsg [Thu, 11 Apr 2024 03:29:26 +0000 (03:29 +0000)]
drm/amd: Flush GFXOFF requests in prepare stage

From Mario Limonciello
3da10e91ecd24c49dd80e73f5ca86166f90dcfe1 in linux-6.6.y/6.6.26
ca299b4512d4b4f516732a48ce9aa19d91f4473e in mainline linux

8 months agodrm/amd: Add concept of running prepare_suspend() sequence for IP blocks
jsg [Thu, 11 Apr 2024 03:27:39 +0000 (03:27 +0000)]
drm/amd: Add concept of running prepare_suspend() sequence for IP blocks

From Mario Limonciello
da67a1139f054fc59c9c18f135729bc16aef93d4 in linux-6.6.y/6.6.26
cb11ca3233aa3303dc11dca25977d2e7f24be00f in mainline linux

8 months agodrm/amd: Evict resources during PM ops prepare() callback
jsg [Thu, 11 Apr 2024 03:24:40 +0000 (03:24 +0000)]
drm/amd: Evict resources during PM ops prepare() callback

From Mario Limonciello
8b5f720486ca87e102ee722a73ae0894c12f1e7a in linux-6.6.y/6.6.26
5095d5418193eb2748c7d8553c7150b8f1c44696 in mainline linux

8 months agodrm/amd/display: Prevent crash when disable stream
jsg [Thu, 11 Apr 2024 03:20:22 +0000 (03:20 +0000)]
drm/amd/display: Prevent crash when disable stream

From Chris Park
4356a2c3f296503c8b420ae8adece053960a9f06 in linux-6.6.y/6.6.26
72d72e8fddbcd6c98e1b02d32cf6f2b04e10bd1c in mainline linux

8 months agodrm/amd/display: Fix DPSTREAM CLK on and off sequence
jsg [Thu, 11 Apr 2024 03:18:45 +0000 (03:18 +0000)]
drm/amd/display: Fix DPSTREAM CLK on and off sequence

From Dmytro Laktyushkin
8dc9a27589a9bf5f0a7eb517543411adc185e957 in linux-6.6.y/6.6.26
e8d131285c98927554cd007f47cedc4694bfedde in mainline linux

8 months agodrm/i915/mtl: Update workaround 14018575942
jsg [Thu, 11 Apr 2024 03:16:35 +0000 (03:16 +0000)]
drm/i915/mtl: Update workaround 14018575942

From Tejas Upadhyay
2564623ee0da92ed7f8a87aa3758cbf2c46257bb in linux-6.6.y/6.6.26
186bce682772e7346bf7ced5325b5f4ff050ccfb in mainline linux

8 months agodrm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74
jsg [Thu, 11 Apr 2024 03:15:02 +0000 (03:15 +0000)]
drm/i915/xelpg: Extend some workarounds/tuning to gfx version 12.74

From Matt Roper
798781b43194c6d2bdea0c4ded660f3135c484d3 in linux-6.6.y/6.6.26
c44d4ef47fdad0a33966de89f9064e19736bb52f in mainline linux