SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync

Browse source
This commit is contained in:
purplerain 2025-02-04 00:53:46 +00:00
parent ac98fc1758
commit 54eb3e7d48
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
28 changed files with 408 additions and 99 deletions
Download patch file Download diff file Expand all files Collapse all files

1
etc/skel/dot.profile
View file

@ -3,4 +3,5 @@
# sh/ksh initialization
PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin
export PS1="\[\033[38;5;69m\]┌─(\[\033[38;5;15m\]\u\[\033[38;5;69m\]@\[\033[38;5;15m\]\h\[\033[38;5;69m\])\[\033[38;5;69m\]─[\[\033[38;5;69m\]\w\[\033[38;5;69m\]]\n\[\033[38;5;69m\]└─$\[$(tput sgr0)\] "
export PATH HOME TERM

2
lib/libz/infback.c
View file

@ -46,7 +46,7 @@ int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
#ifdef Z_SOLO
return Z_STREAM_ERROR;
#else
strm->zfree = zcfree;
strm->zfree = zcfree;
#endif
state = (struct inflate_state FAR *)ZALLOC(strm, 1,
sizeof(struct inflate_state));

57
regress/sys/netinet/frag/frag_adjhole.py Normal file
View file

@ -0,0 +1,57 @@
#!/usr/local/bin/python3
print("overlapping ping fragments which modifies pf hole counter")
# |--------|
# |--------|
# |-------|
# |----|
import os
from addr import *
from scapy.all import *
pid=os.getpid()
eid=pid & 0xffff
payload=b"ABCDEFGHIJKLMNOP" * 2
packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \
ICMP(type='echo-request', id=eid)/payload
frag=[]
fid=pid & 0xffff
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
flags='MF')/bytes(packet)[20:36])
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=2, flags='MF')/bytes(packet)[36:52])
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=1, flags='MF')/bytes(packet)[28:44])
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=4)/bytes(packet)[52:60])
eth=[]
for f in frag:
eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/f)
if os.fork() == 0:
time.sleep(1)
sendp(eth, iface=LOCAL_IF)
os._exit(0)
ans=sniff(iface=LOCAL_IF, timeout=3, filter=
"ip and src "+REMOTE_ADDR+" and dst "+LOCAL_ADDR+" and icmp")
for a in ans:
if a and a.type == ETH_P_IP and \
a.payload.proto == 1 and \
a.payload.frag == 0 and a.payload.flags == 0 and \
icmptypes[a.payload.payload.type] == 'echo-reply':
id=a.payload.payload.id
print("id=%#x" % (id))
if id != eid:
print("WRONG ECHO REPLY ID")
exit(2)
data=a.payload.payload.payload.load
print("payload=%s" % (data))
if data == payload:
exit(0)
print("PAYLOAD!=%s" % (payload))
exit(1)
print("NO ECHO REPLY")
exit(2)

82
regress/sys/netinet/frag/frag_overhole.py Normal file
View file

@ -0,0 +1,82 @@
#!/usr/local/bin/python3
print("ping fragment at index boundary which modifies pf hole counter")
# index boundary 4096 |
# |--------------|
# ....
# |--------------|
# |----------|
# |XXXX----------|
# |XXXX----|
# |---|
# this should trigger "frag tail overlap %d" and "frag head overlap %d"
import os
from addr import *
from scapy.all import *
pid=os.getpid()
eid=pid & 0xffff
payload=b"ABCDEFGHIJKLMNOP"
dummy=b"01234567"
fragsize=1024
boundary=4096
fragnum=int(boundary/fragsize)
packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \
ICMP(type='echo-request', id=eid)/ \
((int((boundary+fragsize)/len(payload)) + 1) * payload)
packet_length=len(packet)
frag=[]
fid=pid & 0xffff
for i in range(fragnum-1):
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=(i*fragsize)>>3, flags='MF')/
bytes(packet)[20+i*fragsize:20+(i+1)*fragsize])
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=(boundary-fragsize)>>3, flags='MF')/
bytes(packet)[20+boundary-fragsize:20+boundary-len(dummy)])
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=(boundary-len(dummy))>>3, flags='MF')/
(dummy+bytes(packet)[20+boundary:20+boundary+fragsize]))
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=(boundary-8-len(dummy))>>3, flags='MF')/
(dummy+bytes(packet)[20+boundary-8:20+boundary]))
frag.append(IP(src=LOCAL_ADDR, dst=REMOTE_ADDR, proto=1, id=fid,
frag=(boundary+fragsize)>>3)/bytes(packet)[20+boundary+fragsize:])
eth=[]
for f in frag:
eth.append(Ether(src=LOCAL_MAC, dst=REMOTE_MAC)/f)
if os.fork() == 0:
time.sleep(1)
for e in eth:
sendp(e, iface=LOCAL_IF)
time.sleep(0.001)
os._exit(0)
ans=sniff(iface=LOCAL_IF, timeout=3, filter=
"ip and src "+REMOTE_ADDR+" and dst "+LOCAL_ADDR+" and icmp")
for a in ans:
if a and a.type == ETH_P_IP and \
a.payload.proto == 1 and \
a.payload.frag == 0 and \
icmptypes[a.payload.payload.type] == 'echo-reply':
id=a.payload.payload.id
print("id=%#x" % (id))
if id != eid:
print("WRONG ECHO REPLY ID")
exit(2)
if a and a.type == ETH_P_IP and \
a.payload.proto == 1 and \
a.payload.frag > 0 and \
a.payload.flags == '':
len=(a.payload.frag<<3)+a.payload.len
print("len=%d" % (len))
if len != packet_length:
print("WRONG ECHO REPLY LENGTH")
exit(1)
exit(0)
print("NO ECHO REPLY")
exit(1)

12
regress/sys/netinet/frag/frag_overindex.py
View file

@ -9,8 +9,6 @@ print("ping fragment that overlaps the first fragment at index boundary")
# |XXXX-----|
# |--------------|
# this should trigger "frag index %d, new %d" log in kernel
import os
from addr import *
from scapy.all import *
@ -25,6 +23,7 @@ fragnum=int(boundary/fragsize)
packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \
ICMP(type='echo-request', id=eid)/ \
(int((boundary+8)/len(payload)) * payload)
packet_length=len(packet)
frag=[]
fid=pid & 0xffff
for i in range(fragnum-1):
@ -60,6 +59,15 @@ for a in ans:
if id != eid:
print("WRONG ECHO REPLY ID")
exit(2)
if a and a.type == ETH_P_IP and \
a.payload.proto == 1 and \
a.payload.frag > 0 and \
a.payload.flags == '':
len=(a.payload.frag<<3)+a.payload.len
print("len=%d" % (len))
if len != packet_length:
print("WRONG ECHO REPLY LENGTH")
exit(1)
exit(0)
print("NO ECHO REPLY")
exit(1)

2
regress/sys/netinet/frag/frag_overlimit.py
View file

@ -11,8 +11,6 @@ print("ping fragment at index boundary that cannot be requeued")
# |XXXX-----|
# |--------------|
# this should trigger "fragment requeue limit exceeded" log in kernel
import os
from itertools import chain
from addr import *

10
regress/sys/netinet/frag/frag_overreplace.py
View file

@ -26,6 +26,7 @@ fragnum=int(boundary/fragsize)
packet=IP(src=LOCAL_ADDR, dst=REMOTE_ADDR)/ \
ICMP(type='echo-request', id=eid)/ \
(int((boundary+fragsize)/len(payload)) * payload)
packet_length=len(packet)
frag=[]
fid=pid & 0xffff
for i in range(fragnum-1):
@ -63,6 +64,15 @@ for a in ans:
if id != eid:
print("WRONG ECHO REPLY ID")
exit(2)
if a and a.type == ETH_P_IP and \
a.payload.proto == 1 and \
a.payload.frag > 0 and \
a.payload.flags == '':
len=(a.payload.frag<<3)+a.payload.len
print("len=%d" % (len))
if len != packet_length:
print("WRONG ECHO REPLY LENGTH")
exit(1)
exit(0)
print("NO ECHO REPLY")
exit(1)

28
sys/arch/amd64/amd64/locore.S
View file

@ -1,4 +1,4 @@
/* $OpenBSD: locore.S,v 1.148 2024/08/02 22:24:51 guenther Exp $ */
/* $OpenBSD: locore.S,v 1.150 2025/02/02 05:45:20 guenther Exp $ */
/* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */
/*
@ -882,8 +882,30 @@ KTEXT_PAGE_START
0: pause
lfence
jmp 0b
.space (.Liretq_swapgs - XUsyscall_meltdown) - \
(. - Xsyscall_meltdown), 0xcc
.LKiretq_swapgs:
/*
* The desired directive here would be:
* .space (.Liretq_swapgs - XUsyscall_meltdown) - \
* (.LKiretq_swapgs - Xsyscall_meltdown), 0xcc
*
* While llvm-18 and earlier handled that, llvm/clang-19 miscalculates
* it and thinks that's a negative number; it's not: the correct value
* at this time is "2". Indeed, it calculates the value correctly if
* you append this bit to the end of locore.S:
* .section .rodata
* right_value:
* .quad (.Liretq_swapgs - XUsyscall_meltdown) - \
* (.LKiretq_swapgs - Xsyscall_meltdown)
* You can build locore.o manually, use objdump on it, and see what
* value was stored at 'right_value'! So compiler updates go.
* Fortunately(?), this has broken before so the kernel Makefile
* checks the compiled locore.o to verify that the iretq instructions
* line up (that being the most critical part of what matters). If
* the intr_user_exit sequence changes such that the correct value is
* _not_ "2" and builds fail, then append that chunk above and get the
* correct new value to use here. :(
*/
.space 2, 0xcc
CODEPATCH_END(CPTAG_MELTDOWN_NOP)
swapgs

24
sys/arch/arm64/arm64/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.135 2025/01/25 12:29:35 kettenis Exp $ */
/* $OpenBSD: cpu.c,v 1.137 2025/02/02 13:36:09 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -673,7 +673,10 @@ cpu_identify(struct cpu_info *ci)
printf("\n%s: mismatched ID_AA64MMFR0_EL1",
ci->ci_dev->dv_xname);
}
if (READ_SPECIALREG(id_aa64mmfr1_el1) != cpu_id_aa64mmfr1) {
id = READ_SPECIALREG(id_aa64mmfr1_el1);
/* Allow SpecSEI to be different. */
id &= ~ID_AA64MMFR1_SPECSEI_MASK;
if (id != cpu_id_aa64mmfr1) {
printf("\n%s: mismatched ID_AA64MMFR1_EL1",
ci->ci_dev->dv_xname);
}
@ -1251,10 +1254,12 @@ cpu_identify_cleanup(void)
if (ID_AA64ISAR1_SB(cpu_id_aa64isar1) >= ID_AA64ISAR1_SB_IMPL)
hwcap |= HWCAP_SB;
if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_PAC ||
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC)
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC ||
ID_AA64ISAR2_APA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_APA3_PAC)
hwcap |= HWCAP_PACA;
if (ID_AA64ISAR1_GPA(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPA_IMPL ||
ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL)
ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL ||
ID_AA64ISAR2_GPA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_GPA3_IMPL)
hwcap |= HWCAP_PACG;
/* HWCAP2 */
@ -1430,6 +1435,14 @@ cpu_attach(struct device *parent, struct device *dev, void *aux)
cpu_id_aa64pfr0 = READ_SPECIALREG(id_aa64pfr0_el1);
cpu_id_aa64pfr1 = READ_SPECIALREG(id_aa64pfr1_el1);
/*
* The SpecSEI "feature" isn't relevant for userland.
* So it is fine if this field differs between CPU
* cores. Mask off this field to prevent exporting it
* to userland.
*/
cpu_id_aa64mmfr1 &= ~ID_AA64MMFR1_SPECSEI_MASK;
/*
* The CSV2/CSV3 "features" are handled on a
* per-processor basis. So it is fine if these fields
@ -1524,7 +1537,8 @@ cpu_init(void)
/* Enable PAuth. */
if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_PAC ||
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC) {
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC ||
ID_AA64ISAR2_APA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_APA3_PAC) {
sctlr = READ_SPECIALREG(sctlr_el1);
sctlr |= SCTLR_EnIA | SCTLR_EnDA;
sctlr |= SCTLR_EnIB | SCTLR_EnDB;

15
sys/arch/arm64/arm64/pmap.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pmap.c,v 1.108 2025/01/31 20:49:25 kettenis Exp $ */
/* $OpenBSD: pmap.c,v 1.110 2025/02/03 17:59:40 jca Exp $ */
/*
* Copyright (c) 2008-2009,2014-2016 Dale Rahn <drahn@dalerahn.com>
*
@ -729,10 +729,6 @@ pmap_remove_pted(pmap_t pm, struct pte_desc *pted)
pmap_pte_remove(pted, pm != pmap_kernel());
ttlb_flush(pm, pted->pted_va & ~PAGE_MASK);
if (pted->pted_va & PTED_VA_EXEC_M) {
pted->pted_va &= ~PTED_VA_EXEC_M;
}
if (PTED_MANAGED(pted))
pmap_remove_pv(pted);
@ -821,9 +817,6 @@ pmap_kremove_pg(vaddr_t va)
pmap_pte_remove(pted, 0);
ttlb_flush(pm, pted->pted_va & ~PAGE_MASK);
if (pted->pted_va & PTED_VA_EXEC_M)
pted->pted_va &= ~PTED_VA_EXEC_M;
if (PTED_MANAGED(pted))
pmap_remove_pv(pted);
@ -2335,7 +2328,8 @@ void
pmap_setpauthkeys(struct pmap *pm)
{
if (ID_AA64ISAR1_APA(cpu_id_aa64isar1) >= ID_AA64ISAR1_APA_PAC ||
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC) {
ID_AA64ISAR1_API(cpu_id_aa64isar1) >= ID_AA64ISAR1_API_PAC ||
ID_AA64ISAR2_APA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_APA3_PAC) {
__asm volatile ("msr apiakeylo_el1, %0"
:: "r"(pm->pm_apiakey[0]));
__asm volatile ("msr apiakeyhi_el1, %0"
@ -2355,7 +2349,8 @@ pmap_setpauthkeys(struct pmap *pm)
}
if (ID_AA64ISAR1_GPA(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPA_IMPL ||
ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL) {
ID_AA64ISAR1_GPI(cpu_id_aa64isar1) >= ID_AA64ISAR1_GPI_IMPL ||
ID_AA64ISAR2_GPA3(cpu_id_aa64isar2) >= ID_AA64ISAR2_GPA3_IMPL) {
__asm volatile ("msr apgakeylo_el1, %0"
:: "r"(pm->pm_apgakey[0]));
__asm volatile ("msr apgakeyhi_el1, %0"

4
sys/arch/arm64/include/armreg.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: armreg.h,v 1.40 2025/01/25 12:29:35 kettenis Exp $ */
/* $OpenBSD: armreg.h,v 1.41 2025/02/02 11:21:45 kettenis Exp $ */
/*-
* Copyright (c) 2013, 2014 Andrew Turner
* Copyright (c) 2015 The FreeBSD Foundation
@ -453,7 +453,7 @@
#define ID_AA64ISAR1_LS64_ACCDATA (0x3ULL << ID_AA64ISAR1_LS64_SHIFT)
/* ID_AA64ISAR2_EL1 */
#define ID_AA64ISAR2_MASK 0x00ff0000f0ff00ffULL
#define ID_AA64ISAR2_MASK 0x00ff0000f0ffffffULL
#define ID_AA64ISAR2_WFXT_SHIFT 0
#define ID_AA64ISAR2_WFXT_MASK (0xfULL << ID_AA64ISAR2_WFXT_SHIFT)
#define ID_AA64ISAR2_WFXT(x) ((x) & ID_AA64ISAR2_WFXT_MASK)

3
sys/arch/arm64/include/pmap.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pmap.h,v 1.27 2025/01/31 20:49:25 kettenis Exp $ */
/* $OpenBSD: pmap.h,v 1.28 2025/02/03 17:59:40 jca Exp $ */
/*
* Copyright (c) 2008,2009,2014 Dale Rahn <drahn@dalerahn.com>
*
@ -48,7 +48,6 @@
#define PTED_VA_MANAGED_M (PMAP_MD3)
#define PTED_VA_WIRED_M (PMAP_MD3 << 1)
#define PTED_VA_EXEC_M (PMAP_MD3 << 2)
#if defined(_KERNEL) && !defined(_LOCORE)

23
sys/dev/acpi/acpireg.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: acpireg.h,v 1.61 2024/08/08 07:01:22 kettenis Exp $ */
/* $OpenBSD: acpireg.h,v 1.62 2025/02/02 15:52:20 patrick Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
* Copyright (c) 2005 Marco Peereboom <marco@openbsd.org>
@ -800,6 +800,27 @@ struct acpi_iort_smmu_pmu_interrupt {
uint32_t flags;
} __packed;
struct acpi_iort_smmu_v3_node {
uint64_t base_address;
uint32_t flags;
#define ACPI_IORT_SMMU_V3_COHACC_OVERRIDE(x) (((x) >> 0) & 0x1)
#define ACPI_IORT_SMMU_V3_HTTU_OVERRIDE(x) (((x) >> 1) & 0x3)
#define ACPI_IORT_SMMU_V3_PROX_DOM_VALID (1 << 3)
#define ACPI_IORT_SMMU_V3_DEVID_MAP_VALID (1 << 4)
uint32_t reserved;
uint64_t vatos_address;
uint32_t model;
#define ACPI_IORT_SMMU_V3_GENERIC 0
#define ACPI_IORT_SMMU_V3_HISILICON_HI161X 1
#define ACPI_IORT_SMMU_V3_CAVIUM_CN99X 2
uint32_t event;
uint32_t pri;
uint32_t gerr;
uint32_t sync;
uint32_t proximity_domain;
uint32_t deviceid_mapping_index;
} __packed;
struct acpi_iort_mapping {
uint32_t input_base;
uint32_t number_of_ids;

4
sys/dev/kcov.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kcov.c,v 1.50 2024/11/10 10:04:33 jsg Exp $ */
/* $OpenBSD: kcov.c,v 1.51 2025/02/02 21:05:12 gnezdo Exp $ */
/*
* Copyright (c) 2018 Anton Lindqvist <anton@openbsd.org>
@ -34,7 +34,7 @@
#include <uvm/uvm_extern.h>
#define KCOV_BUF_MEMB_SIZE sizeof(uintptr_t)
#define KCOV_BUF_MAX_NMEMB (256 << 10)
#define KCOV_BUF_MAX_NMEMB (512 << 10)
#define KCOV_CMP_CONST 0x1
#define KCOV_CMP_SIZE(x) ((x) << 1)

52
sys/dev/pci/if_aq_pci.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_aq_pci.c,v 1.29 2025/01/26 23:09:48 jmatthew Exp $ */
/* $OpenBSD: if_aq_pci.c,v 1.30 2025/02/02 08:28:14 jmatthew Exp $ */
/* $NetBSD: if_aq.c,v 1.27 2021/06/16 00:21:18 riastradh Exp $ */
/*
@ -365,6 +365,7 @@
#define TPB_TX_BUF_SCP_INS_EN (1 << 2)
#define TPB_TX_BUF_CLK_GATE_EN (1 << 5)
#define TPB_TX_BUF_TC_MODE_EN (1 << 8)
#define TPB_TX_BUF_TC_Q_RAND_MAP_EN (1 << 9)
/* TPB_TXB_BUFSIZE_REG[AQ_TRAFFICCLASS_NUM] 0x7910-7990 */
@ -467,7 +468,7 @@
#define AQ2_RPF_REDIR2_REG 0x54c8
#define AQ2_RPF_REDIR2_INDEX (1 << 12)
#define AQ2_RPF_REDIR2_HASHTYPE 0x00000100
#define AQ2_RPF_REDIR2_HASHTYPE 0x000001FF
#define AQ2_RPF_REDIR2_HASHTYPE_NONE 0
#define AQ2_RPF_REDIR2_HASHTYPE_IP (1 << 0)
#define AQ2_RPF_REDIR2_HASHTYPE_TCP4 (1 << 1)
@ -478,7 +479,16 @@
#define AQ2_RPF_REDIR2_HASHTYPE_IP6EX (1 << 6)
#define AQ2_RPF_REDIR2_HASHTYPE_TCP6EX (1 << 7)
#define AQ2_RPF_REDIR2_HASHTYPE_UDP6EX (1 << 8)
#define AQ2_RPF_REDIR2_HASHTYPE_ALL 0x00000100
#define AQ2_RPF_REDIR2_HASHTYPE_ALL 0x000001FF
#define AQ2_RX_Q_TC_MAP_REG(i) (0x5900 + (i) * 4)
#define AQ2_TX_Q_TC_MAP_REG(i) (0x799c + (i) * 4)
#define AQ2_RPF_RSS_REDIR_MAX 64
#define AQ2_RPF_RSS_REDIR_REG(tc, i) \
(0x6200 + (0x100 * ((tc) >> 2)) + (i) * 4)
#define AQ2_RPF_RSS_REDIR_TC_MASK(tc) \
(0x1f << (5 * ((tc) & 3)))
#define AQ2_RPF_REC_TAB_ENABLE_REG 0x6ff0
#define AQ2_RPF_REC_TAB_ENABLE_MASK 0x0000ffff
@ -1282,8 +1292,7 @@ aq_attach(struct device *parent, struct device *self, void *aux)
if (pci_intr_map_msix(pa, 0, &ih) == 0) {
int nmsix = pci_intr_msix_count(pa);
/* don't do rss on aq2 yet */
if (aqp->aq_hwtype == HWTYPE_AQ1 && nmsix > 1) {
if (nmsix > 1) {
nmsix--;
sc->sc_intrmap = intrmap_create(&sc->sc_dev,
nmsix, AQ_MAXQ, INTRMAP_POWEROF2);
@ -2803,6 +2812,26 @@ aq_hw_qos_set(struct aq_softc *sc)
AQ_WRITE_REG_BIT(sc, RPF_RPB_RX_TC_UPT_REG,
RPF_RPB_RX_TC_UPT_MASK(i_priority), 0);
}
/* ring to TC mapping */
if (HWTYPE_AQ2_P(sc)) {
AQ_WRITE_REG_BIT(sc, TPB_TX_BUF_REG,
TPB_TX_BUF_TC_Q_RAND_MAP_EN, 1);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(0), 0x00000000);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(1), 0x00000000);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(2), 0x01010101);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(3), 0x01010101);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(4), 0x02020202);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(5), 0x02020202);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(6), 0x03030303);
AQ_WRITE_REG(sc, AQ2_TX_Q_TC_MAP_REG(7), 0x03030303);
AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(0), 0x00000000);
AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(1), 0x11111111);
AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(2), 0x22222222);
AQ_WRITE_REG(sc, AQ2_RX_Q_TC_MAP_REG(3), 0x33333333);
}
}
int
@ -2817,6 +2846,19 @@ aq_init_rss(struct aq_softc *sc)
if (sc->sc_nqueues == 1)
return 0;
if (HWTYPE_AQ2_P(sc)) {
AQ_WRITE_REG_BIT(sc, AQ2_RPF_REDIR2_REG, AQ2_RPF_REDIR2_INDEX, 0);
for (i = 0; i < AQ2_RPF_RSS_REDIR_MAX; i++) {
int tc;
int q;
for (tc = 0; tc < 4; tc++) {
q = (tc * 8) + (i % sc->sc_nqueues);
AQ_WRITE_REG_BIT(sc, AQ2_RPF_RSS_REDIR_REG(tc, i),
AQ2_RPF_RSS_REDIR_TC_MASK(tc), q);
}
}
}
/* rss key is composed of 32 bit registers */
stoeplitz_to_key(rss_key, sizeof(rss_key));
for (i = 0; i < nitems(rss_key); i++) {

22
sys/dev/usb/xhcivar.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: xhcivar.h,v 1.16 2024/08/17 01:55:03 jsg Exp $ */
/* $OpenBSD: xhcivar.h,v 1.17 2025/02/01 22:46:34 patrick Exp $ */
/*
* Copyright (c) 2014 Martin Pieuchot
@ -133,8 +133,24 @@ int xhci_intr(void *);
int xhci_detach(struct device *, int);
int xhci_activate(struct device *, int);
#define XREAD1(sc, a) bus_space_read_1((sc)->iot, (sc)->ioh, (a))
#define XREAD2(sc, a) bus_space_read_2((sc)->iot, (sc)->ioh, (a))
static inline uint8_t
xhci_read_1(bus_space_tag_t iot, bus_space_handle_t ioh, bus_size_t offset)
{
uint32_t reg;
reg = bus_space_read_4(iot, ioh, offset & ~3);
return (reg >> ((offset & 3) * 8)) & 0xff;
}
static inline uint16_t
xhci_read_2(bus_space_tag_t iot, bus_space_handle_t ioh, bus_size_t offset)
{
uint32_t reg;
reg = bus_space_read_4(iot, ioh, offset & ~2);
return (reg >> ((offset & 2) * 8)) & 0xffff;
}
#define XREAD1(sc, a) xhci_read_1((sc)->iot, (sc)->ioh, (a))
#define XREAD2(sc, a) xhci_read_2((sc)->iot, (sc)->ioh, (a))
#define XREAD4(sc, a) bus_space_read_4((sc)->iot, (sc)->ioh, (a))
#define XWRITE1(sc, a, x) bus_space_write_1((sc)->iot, (sc)->ioh, (a), (x))
#define XWRITE2(sc, a, x) bus_space_write_2((sc)->iot, (sc)->ioh, (a), (x))

10
sys/kern/uipc_socket.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: uipc_socket.c,v 1.369 2025/01/31 13:49:18 mvs Exp $ */
/* $OpenBSD: uipc_socket.c,v 1.370 2025/02/03 09:00:55 mvs Exp $ */
/* $NetBSD: uipc_socket.c,v 1.21 1996/02/04 02:17:52 christos Exp $ */
/*
@ -2444,9 +2444,9 @@ filt_sowmodify(struct kevent *kev, struct knote *kn)
struct socket *so = kn->kn_fp->f_data;
int rv;
sofilt_lock(so, &so->so_snd);
mtx_enter(&so->so_snd.sb_mtx);
rv = knote_modify(kev, kn);
sofilt_unlock(so, &so->so_snd);
mtx_leave(&so->so_snd.sb_mtx);
return (rv);
}
@ -2457,9 +2457,9 @@ filt_sowprocess(struct knote *kn, struct kevent *kev)
struct socket *so = kn->kn_fp->f_data;
int rv;
sofilt_lock(so, &so->so_snd);
mtx_enter(&so->so_snd.sb_mtx);
rv = knote_process(kn, kev);
sofilt_unlock(so, &so->so_snd);
mtx_leave(&so->so_snd.sb_mtx);
return (rv);
}

2
sys/lib/libz/infback.c
View file

@ -46,7 +46,7 @@ int ZEXPORT inflateBackInit_(z_streamp strm, int windowBits,
#ifdef Z_SOLO
return Z_STREAM_ERROR;
#else
strm->zfree = zcfree;
strm->zfree = zcfree;
#endif
state = (struct inflate_state FAR *)ZALLOC(strm, 1,
sizeof(struct inflate_state));

4
sys/net/if.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if.c,v 1.725 2025/01/25 10:53:36 mvs Exp $ */
/* $OpenBSD: if.c,v 1.726 2025/02/03 08:58:52 mvs Exp $ */
/* $NetBSD: if.c,v 1.35 1996/05/07 05:26:04 thorpej Exp $ */
/*
@ -975,7 +975,7 @@ if_output_local(struct ifnet *ifp, struct mbuf *m, sa_family_t af)
ifiq = ifp->if_iqs[flow % ifp->if_niqs];
return (ifiq_enqueue(ifiq, m) == 0 ? 0 : ENOBUFS);
return (ifiq_enqueue_qlim(ifiq, m, 8192) == 0 ? 0 : ENOBUFS);
}
void

21
sys/net/ifq.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ifq.c,v 1.55 2024/11/20 02:18:45 dlg Exp $ */
/* $OpenBSD: ifq.c,v 1.56 2025/02/03 08:58:52 mvs Exp $ */
/*
* Copyright (c) 2015 David Gwynne <dlg@openbsd.org>
@ -796,9 +796,10 @@ ifiq_add_data(struct ifiqueue *ifiq, struct if_data *data)
}
int
ifiq_enqueue(struct ifiqueue *ifiq, struct mbuf *m)
ifiq_enqueue_qlim(struct ifiqueue *ifiq, struct mbuf *m, unsigned int qlim)
{
struct ifnet *ifp = ifiq->ifiq_if;
unsigned int len;
#if NBPFILTER > 0
caddr_t if_bpf = ifp->if_bpf;
#endif
@ -825,10 +826,22 @@ ifiq_enqueue(struct ifiqueue *ifiq, struct mbuf *m)
mtx_enter(&ifiq->ifiq_mtx);
ifiq->ifiq_packets++;
ifiq->ifiq_bytes += m->m_pkthdr.len;
ifiq->ifiq_enqueues++;
ml_enqueue(&ifiq->ifiq_ml, m);
if (qlim && ((len = ml_len(&ifiq->ifiq_ml) >= qlim))) {
ifiq->ifiq_qdrops++;
} else {
ifiq->ifiq_enqueues++;
ml_enqueue(&ifiq->ifiq_ml, m);
m = NULL;
}
mtx_leave(&ifiq->ifiq_mtx);
if (m) {
m_freem(m);
return (0);
}
task_add(ifiq->ifiq_softnet, &ifiq->ifiq_task);
return (0);

11
sys/net/ifq.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ifq.h,v 1.42 2024/11/20 02:18:45 dlg Exp $ */
/* $OpenBSD: ifq.h,v 1.43 2025/02/03 08:58:52 mvs Exp $ */
/*
* Copyright (c) 2015 David Gwynne <dlg@openbsd.org>
@ -488,12 +488,19 @@ ifq_idx(struct ifqueue *ifq, unsigned int nifqs, const struct mbuf *m)
void ifiq_init(struct ifiqueue *, struct ifnet *, unsigned int);
void ifiq_destroy(struct ifiqueue *);
int ifiq_input(struct ifiqueue *, struct mbuf_list *);
int ifiq_enqueue(struct ifiqueue *, struct mbuf *);
int ifiq_enqueue_qlim(struct ifiqueue *, struct mbuf *,
unsigned int);
void ifiq_add_data(struct ifiqueue *, struct if_data *);
#define ifiq_len(_ifiq) READ_ONCE(ml_len(&(_ifiq)->ifiq_ml))
#define ifiq_empty(_ifiq) (ifiq_len(_ifiq) == 0)
static inline int
ifiq_enqueue(struct ifiqueue *ifiq, struct mbuf *m)
{
return ifiq_enqueue_qlim(ifiq, m, 0);
}
#endif /* _KERNEL */
#endif /* _NET_IFQ_H_ */

37
sys/net/pf_norm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf_norm.c,v 1.233 2024/07/14 18:53:39 bluhm Exp $ */
/* $OpenBSD: pf_norm.c,v 1.234 2025/02/01 21:10:02 bluhm Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
@ -667,34 +667,21 @@ pf_fillup_fragment(struct pf_frnode *key, u_int32_t id,
aftercut = frent->fe_off + frent->fe_len - after->fe_off;
if (aftercut < after->fe_len) {
int old_index, new_index;
DPFPRINTF(LOG_NOTICE, "frag tail overlap %d", aftercut);
m_adj(after->fe_m, aftercut);
old_index = pf_frent_index(after);
/* Fragment may switch queue as fe_off changes */
pf_frent_remove(frag, after);
after->fe_off += aftercut;
after->fe_len -= aftercut;
new_index = pf_frent_index(after);
if (old_index != new_index) {
DPFPRINTF(LOG_DEBUG, "frag index %d, new %d",
old_index, new_index);
/* Fragment switched queue as fe_off changed */
after->fe_off -= aftercut;
after->fe_len += aftercut;
/* Remove restored fragment from old queue */
pf_frent_remove(frag, after);
after->fe_off += aftercut;
after->fe_len -= aftercut;
/* Insert into correct queue */
if (pf_frent_insert(frag, after, prev)) {
DPFPRINTF(LOG_WARNING,
"fragment requeue limit exceeded");
m_freem(after->fe_m);
pool_put(&pf_frent_pl, after);
pf_status.fragments--;
/* There is not way to recover */
goto free_fragment;
}
/* Insert into correct queue */
if (pf_frent_insert(frag, after, prev)) {
DPFPRINTF(LOG_WARNING,
"fragment requeue limit exceeded");
m_freem(after->fe_m);
pool_put(&pf_frent_pl, after);
pf_status.fragments--;
/* There is not way to recover */
goto free_fragment;
}
break;
}

19
sys/net/pipex.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pipex.c,v 1.157 2025/01/25 02:06:40 yasuoka Exp $ */
/* $OpenBSD: pipex.c,v 1.158 2025/02/03 09:44:30 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -1274,6 +1274,7 @@ pipex_pppoe_lookup_session(struct mbuf *m0)
{
struct pipex_session *session;
struct pipex_pppoe_header pppoe;
struct ether_header eh;
/* short packet */
if (m0->m_pkthdr.len < (sizeof(struct ether_header) + sizeof(pppoe)))
@ -1289,8 +1290,14 @@ pipex_pppoe_lookup_session(struct mbuf *m0)
PIPEX_DBG((NULL, LOG_DEBUG, "<%s> session not found (id=%d)",
__func__, pppoe.session_id));
#endif
if (session && session->proto.pppoe.over_ifidx !=
m0->m_pkthdr.ph_ifidx) {
m_copydata(m0, 0, sizeof(struct ether_header), &eh);
if (session && (session->proto.pppoe.over_ifidx !=
m0->m_pkthdr.ph_ifidx || memcmp(
((struct ether_header *)session->peer.sa.sa_data)->ether_dhost,
eh.ether_shost, ETHER_ADDR_LEN) != 0)) {
PIPEX_DBG((NULL, LOG_DEBUG,
"<%s> received packet from wrong host (id=%d)", __func__,
pppoe.session_id));
pipex_rele_session(session);
session = NULL;
}
@ -1518,7 +1525,8 @@ pipex_pptp_lookup_session(struct mbuf *m0)
PIPEX_DBG((NULL, LOG_DEBUG,
"<%s> the source address of the session is not matched",
__func__));
goto not_ours;
pipex_rele_session(session);
session = NULL;
}
return (session);
@ -2036,7 +2044,8 @@ pipex_l2tp_lookup_session(struct mbuf *m0, int off, struct sockaddr *sasrc)
PIPEX_DBG((NULL, LOG_DEBUG,
"<%s> the source address of the session is not matched",
__func__));
goto not_ours;
pipex_rele_session(session);
session = NULL;
}
return (session);

11
usr.sbin/npppd/npppd/ppp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */
/* $OpenBSD: ppp.c,v 1.33 2025/02/03 08:26:51 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: ppp.c,v 1.32 2024/07/01 07:09:07 yasuoka Exp $ */
/* $Id: ppp.c,v 1.33 2025/02/03 08:26:51 yasuoka Exp $ */
/**@file
* This file provides PPP(Point-to-Point Protocol, RFC 1661) and
* {@link :: _npppd_ppp PPP instance} related functions.
@ -192,11 +192,16 @@ ppp_set_tunnel_label(npppd_ppp *_this, char *buf, int lbuf)
{
int flag, af;
char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
u_char *ea;
hbuf[0] = 0;
sbuf[0] = 0;
af = ((struct sockaddr *)&_this->phy_info)->sa_family;
if (af < AF_MAX) {
if (af == AF_LINK) {
ea = LLADDR((struct sockaddr_dl *)&_this->phy_info);
snprintf(buf, lbuf, "%02x:%02x:%02x:%02x:%02x:%02x", *ea,
*(ea + 1), *(ea + 2), *(ea + 3), *(ea + 4), *(ea + 5));
} else if (af < AF_MAX) {
flag = NI_NUMERICHOST;
if (af == AF_INET || af == AF_INET6)
flag |= NI_NUMERICSERV;

12
usr.sbin/npppd/pppoe/pppoed.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pppoed.c,v 1.25 2021/03/29 03:54:40 yasuoka Exp $ */
/* $OpenBSD: pppoed.c,v 1.26 2025/02/03 07:46:06 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -28,7 +28,7 @@
/**@file
* This file provides the PPPoE(RFC2516) server(access concentrator)
* implementation.
* $Id: pppoed.c,v 1.25 2021/03/29 03:54:40 yasuoka Exp $
* $Id: pppoed.c,v 1.26 2025/02/03 07:46:06 yasuoka Exp $
*/
#include <sys/param.h> /* ALIGN */
#include <sys/types.h>
@ -671,8 +671,14 @@ pppoed_input(pppoed_listener *_this, uint8_t shost[ETHER_ADDR_LEN], int is_disc,
if (session_id != 0) {
hl = hash_lookup(_this->self->session_hash,
(void *)(intptr_t)session_id);
if (hl != NULL)
if (hl != NULL) {
if (memcmp(((pppoe_session *)hl->item)->ether_addr,
shost, ETHER_ADDR_LEN) != 0) {
reason = "received packet from wrong host.";
goto bad_packet;
}
session = (pppoe_session *)hl->item;
}
}
if (!is_disc) {
if (session != NULL)

18
usr.sbin/npppd/pptp/pptpd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pptpd.c,v 1.34 2022/12/28 21:30:17 jmc Exp $ */
/* $OpenBSD: pptpd.c,v 1.35 2025/02/03 07:46:06 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -25,12 +25,12 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: pptpd.c,v 1.34 2022/12/28 21:30:17 jmc Exp $ */
/* $Id: pptpd.c,v 1.35 2025/02/03 07:46:06 yasuoka Exp $ */
/**@file
* This file provides a implementation of PPTP daemon. Currently it
* provides functions for PAC (PPTP Access Concentrator) only.
* $Id: pptpd.c,v 1.34 2022/12/28 21:30:17 jmc Exp $
* $Id: pptpd.c,v 1.35 2025/02/03 07:46:06 yasuoka Exp $
*/
#include <sys/types.h>
#include <sys/socket.h>
@ -786,12 +786,22 @@ pptpd_gre_input(pptpd_listener *listener, struct sockaddr *peer, u_char *pkt,
/* route to pptp_call */
call_id = grehdr->call_id;
hl = hash_lookup(_this->call_id_map, CALL_ID_KEY(call_id, listener->index));
hl = hash_lookup(_this->call_id_map, CALL_ID_KEY(call_id,
listener->index));
if (hl == NULL) {
reason = "Received GRE packet has unknown call_id";
goto bad_gre;
}
call = hl->item;
if (!(peer->sa_family == AF_INET &&
call->ctrl->peer.ss_family == AF_INET &&
((struct sockaddr_in *)peer)->sin_addr.s_addr ==
((struct sockaddr_in *)&call->ctrl->peer)->sin_addr.s_addr)) {
reason = "Received GRE packet from invalid host";
goto bad_gre;
}
pptp_call_gre_input(call, seq, ack, input_flags, pkt, lpkt);
return;

17
usr.sbin/smtpd/smtpd-filters.7
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: smtpd-filters.7,v 1.13 2024/11/05 19:36:53 jmc Exp $
.\" $OpenBSD: smtpd-filters.7,v 1.14 2025/02/02 18:19:42 op Exp $
.\"
.\" Copyright (c) 2008 Janne Johansson <jj@openbsd.org>
.\" Copyright (c) 2009 Jacek Masiulaniec <jacekm@dobremiasto.net>
@ -17,7 +17,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
.Dd $Mdocdate: November 5 2024 $
.Dd $Mdocdate: February 2 2025 $
.Dt SMTPD-FILTERS 7
.Os
.Sh NAME
@ -465,7 +465,7 @@ Fields are separated by the
.Dq |
character.
.Bd -literal -offset indent
filter|0.7|1576146008.006099|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d|mail.openbsd.org|pass|199.185.178.25:33174|45.77.67.80:25
filter|0.7|1576146008.006099|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d|mail.openbsd.org|199.185.178.25
.Ed
.Pp
The format consists of a protocol prefix containing the stream,
@ -484,7 +484,7 @@ filter request,
also separated by
.Dq | :
.Bd -literal -offset indent
mail.openbsd.org|pass|199.185.178.25:33174|45.77.67.80:25
mail.openbsd.org|199.185.178.25
.Ed
.Pp
Unlike with report events,
@ -553,9 +553,16 @@ filter-dataline|7641df9771b4ed00|1ef1c203cc576e5d|.
.Pp
The list of events and event-specific parameters for smtp-in are as follows:
.Bl -tag -width Ds
.It Ic connect : Ar rdns fcrdns src dest
.It Ic connect : Ar rdns src
This request is emitted after connection,
before the banner is displayed.
.Pp
.Ar src
contains either the IP address of the source
(a.b.c.d for IPv4 or [x:x:x:x:x:x:x:x] IPv6)
or
.Dq local
(for UNIX sockets).
.It Ic helo : Ar identity
This request is emitted after the client has emitted
.Dq HELO .

4
usr.sbin/sysupgrade/sysupgrade.sh
View file

@ -1,6 +1,6 @@
#!/bin/ksh
#
# $OpenBSD: sysupgrade.sh,v 1.57 2024/10/25 03:42:06 deraadt Exp $
# $OpenBSD: sysupgrade.sh,v 1.58 2025/02/03 18:55:55 florian Exp $
#
# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
# Copyright (c) 2015 Robert Peichaer <rpe@openbsd.org>
@ -220,7 +220,7 @@ Directory does not contain SHA256.sig. Continue without verification = yes
__EOT
if ! ${KEEP}; then
CLEAN=$(echo SHA256 ${SETS} | sed -e 's/ /,/g')
CLEAN=$(echo BUILDINFO SHA256 ${SETS} | sed -e 's/ /,/g')
cat <<__EOT > /etc/rc.firsttime
rm -f ${SETSDIR}/{${CLEAN}}
__EOT