| Age | Commit message (Collapse) | Author |
|---|
|
for fragment entries was reached, pf_create_fragment() called
pf_flush_fragments() without lock. This could result in a crash.
Let PF_FRAG_LOCK() cover the whole pf_reassemble() function as
pf_nfrents++ was also missing the lock.
crash found and fix tested by Hrvoje Popovski; OK sashan@
|
|
ok bluhm@
|
|
on version. Fixes M2 Macbook Air 2022 which reports version 2 but only
uses 3 cells.
ok kettenis@
|
|
While here get rid of the unused returned value of uvmpd_scan_inactive().
ok jsg@, kn@
|
|
function may sleep, so holding a mutex is not possible. The same
list entry and rwlock is used for UDP multicast and raw IP delivery.
By adding a write lock, exclusive netlock is no longer necessary
for PCB notify and UDP and raw IP input.
OK mvs@
|
|
Explicitly forbidden in sections 2 and 5 of draft-ietf-sidrops-rpki-rsc-10.
looks good to claudio
|
|
|
|
libkern bzero doesn't have the 486 path but is otherwise the same
ok mlarkin@ deraadt@
|
|
ok daniel@
|
|
ok daniel@
|
|
ok bluhm@
|
|
|
|
about operations the daemon performs.
|
|
As with powerpc, powerpc64, and riscv64, on mips64 platforms we need
to isolate the clock interrupt schedule from the MD clock interrupt
code. To do this, we need to stop deferring clock interrupt work
until the next tick and instead defer the work until we logically
unmask the clock interrupt from splx(9).
Add a boolean (ci_clock_deferred) to the cpu_info struct to note
whether we need to trigger the clock interrupt by hand, and then
do so from splx(9) by calling md_triggerclock().
Currently md_triggerclock is only ever set to cp0_trigger_int5(). The
routine takes great care to ensure that INT5 has fired or will fire
before returning.
There are some loongson machines that use glxclk instead of CP0. They
can be switched to use CP0 later.
With input and advice from visa@ and miod@.
Compiled and extensively tested by visa@ and miod@ on various octeon
and loongson machines. No issues seen on octeon machines. miod@ saw
some odd things on loongsoon, but suggests that all issues are
probably unrelated to this patch.
Link: https://marc.info/?l=openbsd-tech&m=165929192702632&w=2
ok visa@, miod@
|
|
are status variables that can be used to avoid locking if timers
are not running. This should reduce contention on exclusive netlock.
OK kn@ mvs@
|
|
ok bluhm@
|
|
|
|
While more work is still required, this is sufficient to get ngtcp2 to
compile with QUIC and for curl to be able to make HTTP/3 requests.
ok tb@
|
|
ok tb@
|
|
This provides SSL_QUIC_METHOD (aka ssl_quic_method_st), which allows for
QUIC callback hooks to be passed to an SSL_CTX or SSL. This is largely
ported/adapted from BoringSSL.
It is worth noting that this struct is not opaque and the original
interface exposed by BoringSSL differs to the one they now use. The
original interface was copied by quictls and it appears that this API
will not be updated to match BoringSSL.
To make things even more challenging, at least one consumer does not use
named initialisers, making code completely dependent on the order in
which the function pointers are defined as struct members. In order to
try to support both variants, the set_read_secret/set_write_secret
functions are included, however they have to go at the end.
ok tb@
|
|
ok tb@
|
|
ok tb@
|
|
LibreSSL will not return these values, however software is starting to
check for these as return values from SSL_get_error().
ok tb@
|
|
ok bluhm@
|
|
For now they all run on softraid(4) on vnd(4) and do not require any
setup up-front, making it easy to spot bugs in MD code.
amd64 passes, sparc64 passes with the exception of "-r/mnt" usage,
as is done by the installer, when the softraid volume contains
more than one chunk. arm64 needs more love, still.
Will be hooked up per-arch soon.
OK anton
|
|
ok bluhm@
|
|
reassembly and IPv6 hob-by-hob header chain processing out of
ip_local() and ip6_local(), they are almost empty stubs. The check
for local deliver loop in ip_ours() and ip6_ours() is sufficient.
Recover mbuf offset and next protocol directly in ipintr() and
ip6intr().
OK mvs@
|
|
just like -r1.28 did for OF_getpropintarray()
ok kettenis@
|
|
buffer. Later it may be used to protect more of the PCB or socket.
In divert input replace the kernel lock with this mutex.
OK mvs@
|
|
|
|
- enable Tx/Rx aggregations of individual 802.11 frames on the USB bus
- in urtwn_fw_loadpage(), the maximum block size is 254 bytes rather than
196 bytes
- clear the interrupt status register
- no need to disable BAR for USB devices and set NAV limit
ok stsp@, jmatthew@
|
|
|
|
Mem1 -> SDRAM
Mem2 -> BIOS
These show up in pcidump as "Class: 05 Memory, Subclass: 00 RAM" which is
probably the reason for the Mem1/Mem2 names.
From NetBSD with tweaks from jsg@; also confirmed in the Transmeta BIOS
Programmer's Guide.
ok jsg@
|
|
|
|
For the protocols which don't support request, leave handler NULL. Do the
NULL check within corresponding pru_() wrapper and return EOPNOTSUPP in
such case. This will be done for all upcoming user request handlers.
ok bluhm@ guenther@
|
|
The 486DLC is a 486-class CPU which we no longer support on i386.
The 6x86 (also known as the M1) did not support CPUID by default[*]
so extra support code is needed to differentiate between these early
Cyrix processors in order to apply some errata that the M1 needs.
However the 6x86 doesn't implement the RDTSC instruction so we can
remove support code for this CPU at this point.
Cyrix implemented RDTSC in the 6x86MX (also known as the M2). So
this is likely the earliest Cyrix CPU that we can support on i386.
We keep the support code in "cyrix6x86_cpu_setup" because early
6x86MX CPUs would continue to benefit from this fixup code.
[*]: CPUID can be enabled on the Cyrix 6x86 by setting bit 7 of
CCR4
ok mlarkin@, jsg@
|
|
|
|
Cyrix CPUs don't support amd64. These defines were probably carried
over from i386 accidentally when the amd64 code was first imported.
ok mlarkin@, jsg@
|
|
|
|
EVP_chacha20_poly1305() is an EVP_CIPHER implementation of the
ChaCha20-Poly1305 AEAD. This is potentially used to provide encryption for
the QUIC transport layer.
Where possible, this should be avoided in favour of the significantly saner
EVP_AEAD interface.
ok tb@
|
|
The length checks for EVP_aead_chacha20_poly1305() seal/open were incorrect
and are no longer necessary (not to mention that the comment failed to
match the code). Remove these since the underlying ChaCha implementation
will now handle the same sized inputs at these functions can.
Issue flagged by and ok tb@
|
|
We can avoid this unnecessary limitation by calling chacha_encrypt_bytes()
multiple times internally. In the case of ChaCha(), the caller still needs
to ensure that the same IV is not used for more than 2^70 bytes.
ok tb@
|
|
This gives us cleaner and safer code, although it is worth noting that we
now generate the encoding even when called with NULL as the output pointer
(and then discard it, returning just the length).
Resolves oss-fuzz #49963.
ok tb@
|
|
In asn1_i2d_ex_primitive(), asn1_ex_i2c() returning -1 is used to indicate
that the object is optional and should be skipped, while -2 is used to
indicate that indefinite length encoding should be used. Any other negative
value was treated as success, resulting in the out pointer being walked
backwards. Avoid this by treating any negative value (aside from -1 and -2)
as a failure, propagating it up the stack.
Additionally, check the return value of the second asn1_ex_i2c() call to
ensure that it matches the value returned by the first call. This makes
sure that the length of the encoded object is correct, plus it detects the
case where a failure occurs during the second call.
Discussed with tb@ (who also flagged the negative value issue).
|
|
|
|
|
|
|
|
|
|
MBR partitions previously enjoyed.
Found and fix tested by matthieu@
|
|
OK sthen
|
