| Age | Commit message (Collapse) | Author |
|---|
|
The code has outgrown the original name for this struct. Both the
external and internal APIs have used the "clockqueue" namespace for
some time when operating on it, and that name is eyeball-consistent
with "clockintr" and "clockrequest", so "clockqueue" it is.
|
|
|
|
|
|
Problem spotted and diff from Einfach Jemand (rru.142 at gmail),
thanks!
OK phessler, jca
|
|
|
|
has occurred in the process.
ok various people
|
|
Allow to save stacktrace and process name in tuples.
|
|
|
|
gcm_{gmult,ghash}_4bit(), aesni_ccm64_decrypt_blocks(), aes_cbc_encrypt(),
and aesni_xts_{en,de}crypt() were overlooked in previous passes.
Found with a diff for ld.lld by kettenis
ok kettenis
|
|
A current limitation is the value read from a map is converted to an
integer. To preserve the original type we have to make maps aware of
the type of its elements.
|
|
boot-process, we don't want to accidentally allow "notrack" indirect
branches. Linux kernel does the same. Today it is difficult to do the
same for userland, because there is 1 known piece of software using
"notrack" (which needs to be fixed).
ok kettenis
|
|
This manpage only covers the frontend APIs. The backend API is still
moving around and will be documented separately.
Tons of input, editing, and suggestions from jmc@, schwarze@, mpi@,
claudio@, mlarkin@, and probably several others I'm forgetting.
ok jmc@ schwarze@ claudio@ mpi@
|
|
|
|
cet.h is needed for other platforms to emit the relevant .gnu.properties
sections that are necessary for them to enable IBT. It also avoids issues
with older toolchains on macOS that explode on encountering endbr64.
based on a diff by kettenis
ok beck kettenis
|
|
Tweak a few things in qwx_dp_rx_tid_del_func() to make it behave
correctly on OpenBSD:
- struct dp_reo_cache_flush_elem: make ts a 64-bit count of nanoseconds
Linux uses jiffies to timestamp dp_reo_cache_flush_elem. Although
OpenBSD has a global jiffies variable, we shouldn't use it outside
of drm(4). I would rather not use our global ticks variable, either.
We can use getnsecuptime(9), a low-res 64-bit nanosecond timestamp,
as a substitute.
- qwx_dp_rx_tid_del_func: replace gettime(9) with getnsecuptime(9)
- qwx_dp_rx_tid_del_func: convert DP_REO_DESC_FREE_TIMEOUT_MS to nanoseconds
- qwx_dp_rx_tid_del_func: reverse timestamp comparison operator
This comparison is backwards. Linux uses the time_after() macro to
test whether a given entry has expired, so our ported code needs to
test whether the current uptime is greater than or equal to a given
entry's expiration time.
Joint effort with stsp@. Tested by stsp@.
ok stsp@
|
|
No cipher in libcrypto is marked EVP_CIPH_CUSTOM_KEY_LENGTH and no control
handler deals with EVP_CTRL_SET_KEY_LENGTH, which means that this code is
dead as far as libcrypto is concerned. Almost nothing uses EVP_CIPHER_meth*
(this was added for a single project) and nothing sets a custom ctrl. This
isn't going to change anyway since EVP_CIPHER_meth* is deprecated in order
to promote more provider beauty.
ok beck jsing
|
|
These don't do anything but return 0 and will be garbage collected in the
upcoming bump.
ok jsing
|
|
|
|
The function should be in the clockqueue_intrclock namespace. Also,
"reprogram" is a better word for what the function actually does.
|
|
OpenBSD starts the system uptime clock at 1.0 instead of 0.0. We
inherited this behavior from FreeBSD when we imported kern_tc.c.
patrick@ reports that this causes a problem in sdmmc(4) during boot:
the sdmmc_delay() call in sdmmc_init() doesn't block for the full
250ms. This happens because the system hardclock() starts at 0.0 and
executes about hz times, rapidly, to "catch up" to 1.0. This
instantly expires the first hz timeout ticks, hence the short sleep.
Starting the system uptime at 0.0 fixes the problem.
Prompted by patrick@. Tested by patrick@. In snaps since Feb 19 2023.
Thread: https://marc.info/?l=openbsd-tech&m=170830229732396&w=2
ok patrick@ deraadt@
|
|
ok beck@, deraadt@
|
|
|
|
Almost all db_read_bytes() callers cast the destination buffer
argument to char*, which suggests the API's prototype is incompatible
with how the API is actually used.
Change db_read_bytes() and db_write_bytes() to take a void* as the
destination/source buffer parameter so callers don't need to cast the
argument.
With input from bluhm@. Bugs caught by Clemens Gossnitzer (ASCII
approximation of name).
Thread: https://marc.info/?l=openbsd-tech&m=170740813021636&w=2
ok bluhm@
|
|
In kern_timeout.c, the to_kclock checks are not strict enough to catch
all plausible programmer mistakes. Tighten them up:
- timeout_set_flags: KASSERT that kclock is valid
- timeout_abs_ts: KASSERT that to_kclock is KCLOCK_UPTIME
We can also add to_kclock validation to softclock() and
db_show_timeout(), which may help to debug memory corruption:
- softclock: panic if to_kclock is not KCLOCK_NONE or KCLOCK_UPTIME
- db_show_timeout: print warning if to_kclock is invalid
Prompted by bluhm@ in response to a syzbot panic. Hopefully these
changes help to narrow down the root cause.
Link: https://syzkaller.appspot.com/bug?extid=49d3f7118413963f651a
Reported-by: syzbot+49d3f7118413963f651a@syzkaller.appspotmail.com
ok bluhm@
|
|
minor changes.
|
|
The OpenSSL 1.1 API X509_STORE_get0_objects() is not thread safe. It
exposes a naked internal pointer containing certificates, CRLs and
cached objects added by X509_LOOKUP_hash_dir(). Thus, if the store is
shared between threads, it is not possible to inspect this pointer safely
since another thread could concurrently add to it. This may happen in
particular during certificate verification. This API led to security
issues in rust-openssl and is also problematic in current Python.
Other consumers of X509_STORE_get0_objects() are haproxy, isync, openvpn.
The solution is to take a snapshot of the state under a lock and return
that. This is what X509_STORE_get1_objects() does. It returns a newly
allocated stack that needs to be freed with sk_X509_OBJECT_pop_free(),
passing X509_OBJECT_free as a second argument.
Based on a diff by David Benjamin for BoringSSL.
https://boringssl-review.googlesource.com/c/boringssl/+/65787
ok beck jsing
PS: Variants of this have landed in Python and OpenSSL 3 as well. There the
sk_*deep_copy() API is used, which in OpenSSL relies on evaluating function
pointers after casts (BoringSSL fixed that). Instead of using this macro
insanity and exposing that garbage in public, we can do this by implementing
a pedestrian, static sk_X509_OBJECT_deep_copy() by hand.
|
|
There is now a prototype in x509_internal.h, so no need to repeat that
here.
|
|
- Add missing igc_check_for_link() call; from Masanobu SAITOH via NetBSD.
"Fine" deraadt@
ok jan@
|
|
ESHUTDOWN is an expected thread-synchronization condition which
can be triggered via ifconfig commands. Don't warn about this.
Reported by Marco van Hulten on misc@
|
|
|
|
|
|
|
|
|
|
Pass source address to route_cache() and store it in struct route.
Cached multipath routes are only valid if source address matches.
If sysctl multipath changes, increase route generation number.
OK claudio@
|
|
Use db_get_value() to access addr to ensure that alignment errors
don't cause exceptions. DDB on 32bit archs does normally not handle
64bit values so to print 64bit ints a bit of gymnastics is needed.
OK mpi@
|
|
ctt_size info. This helps to ensure that the reported sizes match.
OK mpi@
|
|
smaller than logic.
There was a bug in this code because of a badly placed ) which I only
noticed after rewriting the function since I assumed that C integer
promotion is playing tricks with us.
OK mpi@
|
|
OK mpi@
|
|
|
|
Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.
https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist
with and OK claudio@ tb@
|
|
We can now run MHI state transition code in the interrupt handler.
There is no reason to run a separate thread just to poke at some
registers and send a few of wakeups().
|
|
This removes all sleep points from the MHI state-change task, which
will allow us to get rid of it. And I can now reproduce the channel
startup issue kettenis@ saw on arm64 by removing the delay() call.
|
|
testing + ok phessler@
|
|
testing + ok phessler@ deraadt@
|
|
|
|
|
|
when named initializers use fields within these anonymous unions.
Hopefully a short-term bandaid until the appropriate changes are identified
and backported to gcc3.
ok claudio@
|
|
My recent refactor introduced a bug where the vionet device will
add the tap(4) read event on an unpause regardless of driver and
device state, causing the cpu to peg as the read event fires
indefinitely because the guest's virtqueue isn't ready to receive
the data.
Add in a global flag that tracks if the rx-side is enabled or not
to coordinate adding the tap read event.
ok mlarkin@
|
|
|
|
|
