From 99745de74739704f1f1858631c6775fca8e2d23b Mon Sep 17 00:00:00 2001 From: purplerain Date: Tue, 18 Jun 2024 04:24:39 +0000 Subject: [PATCH] sync with OpenBSD -current --- distrib/arm64/iso/Makefile | 4 +- lib/libcrypto/x509/x509_lib.c | 121 ++++---- lib/libm/man/feclearexcept.3 | 6 +- regress/lib/libcrypto/x509/Makefile | 4 +- .../lib/libcrypto/x509/x509_extensions_test.c | 266 +++++++++++++++++- regress/usr.bin/ssh/penalty-expire.sh | 1 + regress/usr.bin/ssh/penalty.sh | 4 + share/man/man7/mdoc.7 | 20 +- sys/arch/amd64/amd64/identcpu.c | 5 +- sys/arch/arm64/stand/efiboot/efiboot.c | 5 +- sys/arch/armv7/stand/efiboot/conf.c | 4 +- sys/arch/armv7/stand/efiboot/efiboot.c | 26 +- sys/arch/armv7/stand/efiboot/efidt.h | 44 +++ sys/dev/pci/ahci_pci.c | 22 +- .../pci/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c | 3 +- .../pci/drm/amd/amdgpu/amdgpu_atomfirmware.c | 15 + sys/dev/pci/drm/amd/amdgpu/sdma_v4_0.c | 3 + sys/dev/pci/drm/amd/amdkfd/kfd_device.c | 11 +- sys/dev/pci/drm/amd/include/atomfirmware.h | 43 +++ .../drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c | 20 +- sys/dev/pci/drm/drm_fbdev_generic.c | 1 - sys/dev/pci/drm/i915/i915_hwmon.c | 46 ++- sys/dev/pci/drm/include/generated/autoconf.h | 2 +- sys/dev/pci/if_vmx.c | 28 +- sys/dev/pci/pcidevs | 6 +- sys/dev/pci/pcidevs.h | 6 +- sys/dev/pci/pcidevs_data.h | 10 +- usr.bin/make/buf.c | 4 +- usr.bin/make/compat.c | 6 +- usr.bin/make/error.c | 4 +- usr.bin/make/job.c | 12 +- usr.bin/make/main.c | 16 +- usr.bin/make/make.c | 8 +- usr.bin/make/parse.c | 12 +- usr.bin/make/parsevar.c | 15 +- usr.bin/make/targ.c | 4 +- usr.bin/make/targequiv.c | 4 +- usr.bin/make/var.c | 6 +- usr.bin/make/varmodifiers.c | 4 +- usr.bin/mandoc/st.c | 3 +- usr.bin/sed/compile.c | 8 +- usr.bin/sed/extern.h | 6 +- usr.bin/sed/main.c | 10 +- usr.bin/sed/process.c | 8 +- usr.bin/ssh/Makefile.inc | 4 +- usr.bin/ssh/serverloop.c | 6 +- usr.bin/ssh/ssh-add.1 | 12 +- usr.bin/ssh/ssh-keygen.1 | 20 +- usr.bin/ssh/ssh-keyscan.1 | 16 +- usr.bin/ssh/ssh-keysign.8 | 6 +- usr.bin/ssh/ssh.1 | 21 +- usr.bin/ssh/ssh_config.5 | 11 +- usr.bin/ssh/sshd.8 | 9 +- usr.bin/timeout/timeout.1 | 10 +- usr.sbin/relayd/parse.y | 15 +- usr.sbin/relayd/pfe.c | 36 ++- usr.sbin/relayd/pfe_filter.c | 7 +- usr.sbin/relayd/relayd.conf.5 | 11 +- usr.sbin/relayd/relayd.h | 3 +- usr.sbin/rpki-client/crl.c | 6 +- usr.sbin/rpki-client/filemode.c | 4 +- usr.sbin/rpki-client/validate.c | 6 +- 62 files changed, 774 insertions(+), 285 deletions(-) create mode 100644 sys/arch/armv7/stand/efiboot/efidt.h diff --git a/distrib/arm64/iso/Makefile b/distrib/arm64/iso/Makefile index 0051bf94d..d11affbec 100644 --- a/distrib/arm64/iso/Makefile +++ b/distrib/arm64/iso/Makefile @@ -1,7 +1,7 @@ -# $OpenBSD: Makefile,v 1.10 2024/06/09 17:24:19 deraadt Exp $ +# $OpenBSD: Makefile,v 1.11 2024/06/18 01:31:48 deraadt Exp $ FS= install${OSrev}.img -FSSIZE= 1136400 +FSSIZE= 1236400 CDROM= install${OSrev}.iso MOUNT_POINT= /mnt diff --git a/lib/libcrypto/x509/x509_lib.c b/lib/libcrypto/x509/x509_lib.c index 434787588..8382babbd 100644 --- a/lib/libcrypto/x509/x509_lib.c +++ b/lib/libcrypto/x509/x509_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_lib.c,v 1.21 2024/05/28 15:40:38 tb Exp $ */ +/* $OpenBSD: x509_lib.c,v 1.23 2024/06/17 05:38:08 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -178,77 +178,69 @@ X509V3_EXT_d2i(X509_EXTENSION *ext) } LCRYPTO_ALIAS(X509V3_EXT_d2i); -/* Get critical flag and decoded version of extension from a NID. - * The "idx" variable returns the last found extension and can - * be used to retrieve multiple extensions of the same NID. - * However multiple extensions with the same NID is usually - * due to a badly encoded certificate so if idx is NULL we - * choke if multiple extensions exist. - * The "crit" variable is set to the critical value. - * The return value is the decoded extension or NULL on - * error. The actual error can have several different causes, - * the value of *crit reflects the cause: - * >= 0, extension found but not decoded (reflects critical value). - * -1 extension not found. - * -2 extension occurs more than once. +/* + * This API is only safe to call with known nid, crit != NULL and idx == NULL. + * On NULL return, crit acts as a failure indicator: crit == -1 means an + * extension of type nid was not present, crit != -1 is fatal: crit == -2 + * means multiple extensions of type nid are present; if crit is 0 or 1, this + * implies the extension was found but could not be decoded. */ void * -X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) +X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x509_exts, int nid, int *crit, + int *idx) { - int lastpos, i; - X509_EXTENSION *ex, *found_ex = NULL; + X509_EXTENSION *ext; + int lastpos = idx == NULL ? -1 : *idx; - if (!x) { - if (idx) - *idx = -1; - if (crit) - *crit = -1; + if (crit != NULL) + *crit = -1; + if (idx != NULL) + *idx = -1; + + /* + * Nothing to do if no extensions, unknown nid, or missing extension. + */ + + if (x509_exts == NULL) + return NULL; + if ((lastpos = X509v3_get_ext_by_NID(x509_exts, nid, lastpos)) < 0) + return NULL; + if ((ext = X509v3_get_ext(x509_exts, lastpos)) == NULL) + return NULL; + + /* + * API madness. Only check for a second extension of type nid if + * idx == NULL. Indicate this by setting *crit to -2. If idx != NULL, + * don't care and set *idx to the index of the first extension found. + */ + + if (idx == NULL && X509v3_get_ext_by_NID(x509_exts, nid, lastpos) > 0) { + if (crit != NULL) + *crit = -2; return NULL; } - if (idx) - lastpos = *idx + 1; - else - lastpos = 0; - if (lastpos < 0) - lastpos = 0; - for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) { - ex = sk_X509_EXTENSION_value(x, i); - if (OBJ_obj2nid(ex->object) == nid) { - if (idx) { - *idx = i; - found_ex = ex; - break; - } else if (found_ex) { - /* Found more than one */ - if (crit) - *crit = -2; - return NULL; - } - found_ex = ex; - } - } - if (found_ex) { - /* Found it */ - if (crit) - *crit = X509_EXTENSION_get_critical(found_ex); - return X509V3_EXT_d2i(found_ex); - } - /* Extension not found */ - if (idx) - *idx = -1; - if (crit) - *crit = -1; - return NULL; + /* + * Another beautiful API detail: *crit will be set to 0 or 1, so if the + * extension fails to decode, we can deduce this from return value NULL + * and crit != -1. + */ + + if (crit != NULL) + *crit = X509_EXTENSION_get_critical(ext); + if (idx != NULL) + *idx = lastpos; + + return X509V3_EXT_d2i(ext); } LCRYPTO_ALIAS(X509V3_get_d2i); int -X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, +X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x509_exts, int nid, void *value, int crit, unsigned long flags) { - STACK_OF(X509_EXTENSION) *exts = *x; + STACK_OF(X509_EXTENSION) *exts = *x509_exts; X509_EXTENSION *ext = NULL; X509_EXTENSION *existing; int extidx; @@ -256,7 +248,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int ret = 0; /* See if the extension already exists. */ - extidx = X509v3_get_ext_by_NID(*x, nid, -1); + extidx = X509v3_get_ext_by_NID(*x509_exts, nid, -1); switch (flags & X509V3_ADD_OP_MASK) { case X509V3_ADD_DEFAULT: @@ -296,7 +288,8 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, errcode = X509V3_R_EXTENSION_NOT_FOUND; goto err; } - if ((existing = sk_X509_EXTENSION_delete(*x, extidx)) == NULL) { + if ((existing = sk_X509_EXTENSION_delete(*x509_exts, + extidx)) == NULL) { ret = -1; goto err; } @@ -319,10 +312,10 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, /* If extension exists, replace it. */ if (extidx >= 0) { - existing = sk_X509_EXTENSION_value(*x, extidx); + existing = sk_X509_EXTENSION_value(*x509_exts, extidx); X509_EXTENSION_free(existing); existing = NULL; - if (sk_X509_EXTENSION_set(*x, extidx, ext) == NULL) { + if (sk_X509_EXTENSION_set(*x509_exts, extidx, ext) == NULL) { /* * XXX - Can't happen. If it did happen, |existing| is * now a freed pointer. Nothing we can do here. @@ -341,7 +334,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, goto err; ext = NULL; - *x = exts; + *x509_exts = exts; done: return 1; @@ -350,7 +343,7 @@ X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, if ((flags & X509V3_ADD_SILENT) == 0 && errcode != 0) X509V3error(errcode); - if (exts != *x) + if (exts != *x509_exts) sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); X509_EXTENSION_free(ext); diff --git a/lib/libm/man/feclearexcept.3 b/lib/libm/man/feclearexcept.3 index 1b0c506d5..c2a3071d4 100644 --- a/lib/libm/man/feclearexcept.3 +++ b/lib/libm/man/feclearexcept.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: feclearexcept.3,v 1.6 2020/11/14 10:35:58 jmc Exp $ +.\" $OpenBSD: feclearexcept.3,v 1.7 2024/06/17 12:59:28 tim Exp $ .\" .\" Copyright (c) 2011 Martynas Venckus .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: November 14 2020 $ +.Dd $Mdocdate: June 17 2024 $ .Dt FECLEAREXCEPT 3 .Os .Sh NAME @@ -111,7 +111,7 @@ This function does not raise floating-point exceptions, but only sets the state of the flags. .Pp The -.Fn fetesteexcept +.Fn fetestexcept function determines which of a specified subset of the floating-point exception flags are currently set. The diff --git a/regress/lib/libcrypto/x509/Makefile b/regress/lib/libcrypto/x509/Makefile index 5a90facb2..80879f6e3 100644 --- a/regress/lib/libcrypto/x509/Makefile +++ b/regress/lib/libcrypto/x509/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.22 2024/05/28 15:33:35 tb Exp $ +# $OpenBSD: Makefile,v 1.23 2024/06/16 17:57:08 tb Exp $ PROGS = constraints verify x509attribute x509name x509req_ext callback PROGS += expirecallback callbackfailures x509_asn1 x509_extensions_test @@ -11,7 +11,7 @@ LDADD_verify = ${CRYPTO_INT} WARNINGS = Yes CFLAGS += -DLIBRESSL_INTERNAL -Wall -Werror CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/x509 -CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring +CFLAGS += -I${.CURDIR}/../../../../lib/libcrypto/bytestring SUBDIR += bettertls policy rfc3779 diff --git a/regress/lib/libcrypto/x509/x509_extensions_test.c b/regress/lib/libcrypto/x509/x509_extensions_test.c index 9005333fe..2961b0612 100644 --- a/regress/lib/libcrypto/x509/x509_extensions_test.c +++ b/regress/lib/libcrypto/x509/x509_extensions_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_extensions_test.c,v 1.2 2024/05/28 15:42:09 tb Exp $ */ +/* $OpenBSD: x509_extensions_test.c,v 1.3 2024/06/17 05:04:54 tb Exp $ */ /* * Copyright (c) 2024 Theo Buehler @@ -27,6 +27,9 @@ #define ASN1_BOOLEAN_TRUE 0xff #define ASN1_BOOLEAN_FALSE 0x00 +#define X509V3_EXT_CRITICAL 1 +#define X509V3_EXT_NONCRITICAL 0 + static BASIC_CONSTRAINTS * create_basic_constraints(int ca) { @@ -40,6 +43,20 @@ create_basic_constraints(int ca) return bc; } +static X509_EXTENSION * +ext_create_basic_constraints(int ca, int critical) +{ + X509_EXTENSION *ext; + BASIC_CONSTRAINTS *bc; + + bc = create_basic_constraints(ca); + if ((ext = X509V3_EXT_i2d(NID_basic_constraints, critical, bc)) == NULL) + errx(1, "X509V3_EXT_i2d"); + BASIC_CONSTRAINTS_free(bc); + + return ext; +} + static int test_x509v3_add1_i2d_empty_stack(STACK_OF(X509_EXTENSION) **extensions) { @@ -644,12 +661,259 @@ test_x509v3_add1_i2d(void) return failed; } +static int +test_x509v3_get_d2i_null(void) +{ + X509_EXTENSION *ext; + int crit, idx; + int failed = 1; + + if ((ext = X509V3_get_d2i(NULL, NID_undef, NULL, NULL)) != NULL) { + fprintf(stderr, "FAIL: %s: expected X509V3_get_d2i with three " + "NULL arguments to return NULL\n", __func__); + goto err; + } + + idx = -5; + if (X509V3_get_d2i(NULL, NID_undef, &crit, &idx) != NULL) { + /* Leaks whatever garbage libcrypto decoded. What to do... */ + fprintf(stderr, "FAIL: %s: expected X509V3_get_d2i NULL stack" + "to return NULL\n", __func__); + goto err; + } + + if (crit != -1 || idx != -1) { + fprintf(stderr, "FAIL: %s: crit: want: %d, got: %d; " + "idx: want: %d, got: %d\n", __func__, -1, crit, -1, idx); + goto err; + } + + failed = 0; + + err: + X509_EXTENSION_free(ext); + + return failed; +} + +static int +test_x509v3_get_d2i_multiple_basic_constraints(void) +{ + STACK_OF(X509_EXTENSION) *exts = NULL; + ASN1_BIT_STRING *abs = NULL; + BASIC_CONSTRAINTS *bc = NULL; + X509_EXTENSION *ext; + int crit, idx; + int ca, nid; + int failed = 1; + + /* + * Create extension stack containing three basic constraints extensions: + * 1. critical CA basic constraints, + * 2. non-critical CA basic constraints, + * 3. critical non-CA basic constraints. + */ + + if ((exts = sk_X509_EXTENSION_new_null()) == NULL) + errx(1, "sk_X509_EXTENSION_new_null"); + + ca = 1; + ext = ext_create_basic_constraints(ca, X509V3_EXT_CRITICAL); + + if (sk_X509_EXTENSION_push(exts, ext) <= 0) + errx(1, "sk_X509_EXTENSION_push"); + ext = NULL; + + ca = 1; + ext = ext_create_basic_constraints(ca, X509V3_EXT_NONCRITICAL); + + if (sk_X509_EXTENSION_push(exts, ext) <= 0) + errx(1, "sk_X509_EXTENSION_push"); + ext = NULL; + + ca = 0; + ext = ext_create_basic_constraints(ca, X509V3_EXT_CRITICAL); + + if (sk_X509_EXTENSION_push(exts, ext) <= 0) + errx(1, "sk_X509_EXTENSION_push"); + ext = NULL; + + /* + * There is no key usage in this stack, so we shouldn't find any. + */ + + nid = NID_key_usage; + if ((abs = X509V3_get_d2i(exts, nid, &crit, NULL)) != NULL) { + fprintf(stderr, "FAIL: %s: found key usage extension\n", + __func__); + goto err; + } + if (crit != -1) { + fprintf(stderr, "FAIL: %s: key usage: crit: want %d, got %d\n", + __func__, -1, crit); + goto err; + } + + /* + * If we pass no idx and look for basic constraints, + * we should fail with crit == -2. + */ + + nid = NID_basic_constraints; + if ((bc = X509V3_get_d2i(exts, nid, &crit, NULL)) != NULL) { + fprintf(stderr, "FAIL: %s (NULL idx): did not expect to find " + "basic constraints\n", __func__); + goto err; + } + if (crit != -2) { + fprintf(stderr, "FAIL: %s: basic constraints, no idx: \n" + "crit: want %d, got %d\n", __func__, -2, crit); + goto err; + } + + /* + * If we pass idx = -1 and look for basic constraints, we should find + * the first one: it is critical at idx = 0, with ca bit set to true. + */ + + nid = NID_basic_constraints; + idx = -1; + if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) == NULL) { + fprintf(stderr, "FAIL: %s (idx %d): expected to find" + "basic constraints\n", __func__, -1); + goto err; + } + if (crit != 1) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "crit: want %d, got %d\n", __func__, -1, 1, crit); + goto err; + } + if (idx != 0) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "idx: want %d, got %d\n", __func__, -1, 0, idx); + goto err; + } + if (bc->ca != ASN1_BOOLEAN_TRUE) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "cA bit: want %x, got %x\n", __func__, -1, + ASN1_BOOLEAN_TRUE, bc->ca); + goto err; + } + BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + /* + * Now pass idx = 0 and look for basic constraints, we should find + * the second one: non-critical at idx = 1, with ca bit set to true. + */ + + nid = NID_basic_constraints; + idx = 0; + if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) == NULL) { + fprintf(stderr, "FAIL: %s (idx %d): expected to find" + "basic constraints\n", __func__, 0); + goto err; + } + if (crit != 0) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "crit: want %d, got %d\n", __func__, 0, 0, crit); + goto err; + } + if (idx != 1) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "idx: want %d, got %d\n", __func__, 0, 1, idx); + goto err; + } + if (bc->ca != ASN1_BOOLEAN_TRUE) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "cA bit: want %x, got %x\n", __func__, 0, + ASN1_BOOLEAN_TRUE, bc->ca); + goto err; + } + BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + /* + * Now pass idx = 1 and look for basic constraints, we should find the + * third one: critical at idx = 2, with ca bit set to false. + */ + + nid = NID_basic_constraints; + idx = 1; + if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) == NULL) { + fprintf(stderr, "FAIL: %s (idx %d): expected to find" + "basic constraints\n", __func__, 1); + goto err; + } + if (crit != 1) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "crit: want %d, got %d\n", __func__, 1, 0, crit); + goto err; + } + if (idx != 2) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "idx: want %d, got %d\n", __func__, 1, 2, idx); + goto err; + } + if (bc->ca != ASN1_BOOLEAN_FALSE) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "cA bit: want %x, got %x\n", __func__, 1, + ASN1_BOOLEAN_FALSE, bc->ca); + goto err; + } + BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + /* + * Finally, pass idx = 2 and we should find no basic constraints. + */ + + nid = NID_basic_constraints; + idx = 2; + if ((bc = X509V3_get_d2i(exts, nid, &crit, &idx)) != NULL) { + fprintf(stderr, "FAIL: %s (idx %d): expected to find" + "no basic constraints\n", __func__, 2); + goto err; + } + if (crit != -1) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "crit: want %d, got %d\n", __func__, 2, -1, crit); + goto err; + } + if (idx != -1) { + fprintf(stderr, "FAIL: %s: basic constraints (idx %d): " + "idx: want %d, got %d\n", __func__, 2, -1, idx); + goto err; + } + + failed = 0; + + err: + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + ASN1_BIT_STRING_free(abs); + BASIC_CONSTRAINTS_free(bc); + + return failed; +} + +static int +test_x509v3_get_d2i(void) +{ + int failed = 0; + + failed |= test_x509v3_get_d2i_null(); + failed |= test_x509v3_get_d2i_multiple_basic_constraints(); + + return failed; +} + int main(void) { int failed = 0; failed |= test_x509v3_add1_i2d(); + failed |= test_x509v3_get_d2i(); return failed; } diff --git a/regress/usr.bin/ssh/penalty-expire.sh b/regress/usr.bin/ssh/penalty-expire.sh index 30b7bd45d..4f0bbe638 100644 --- a/regress/usr.bin/ssh/penalty-expire.sh +++ b/regress/usr.bin/ssh/penalty-expire.sh @@ -24,6 +24,7 @@ verbose "penalty expiry" # Incur a penalty cat /dev/null > $OBJ/authorized_keys_${USER} ${SSH} -F $OBJ/ssh_config somehost true && fatal "authfail connect succeeded" +sleep 2 # Check denied cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER} diff --git a/regress/usr.bin/ssh/penalty.sh b/regress/usr.bin/ssh/penalty.sh index 9556b31f7..8b8353238 100644 --- a/regress/usr.bin/ssh/penalty.sh +++ b/regress/usr.bin/ssh/penalty.sh @@ -25,14 +25,17 @@ verbose "penalty for authentication failure" cat /dev/null > $OBJ/authorized_keys_${USER} ${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded" cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER} +sleep 2 # Should be below penalty threshold ${SSH} -F $OBJ/ssh_config somehost true || fatal "authfail not expired" +sleep 2 # Fail authentication again; penalty should activate cat /dev/null > $OBJ/authorized_keys_${USER} ${SSH} -F $OBJ/ssh_config somehost true && fatal "noauth connect succeeded" cp $OBJ/authorized_keys_${USER}.bak $OBJ/authorized_keys_${USER} +sleep 2 # These should be refused by the active penalty ${SSH} -F $OBJ/ssh_config somehost true && fail "authfail not rejected" @@ -42,6 +45,7 @@ conf "noauth:100s" ${SSH} -F $OBJ/ssh_config somehost true || fatal "basic connect failed" verbose "penalty for no authentication" ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null || fatal "keyscan failed" +sleep 2 # Repeat attempt should be penalised ${SSHKEYSCAN} -t ssh-ed25519 -p $PORT 127.0.0.1 >/dev/null 2>&1 && fail "keyscan not rejected" diff --git a/share/man/man7/mdoc.7 b/share/man/man7/mdoc.7 index 485c9e9de..c621462e5 100644 --- a/share/man/man7/mdoc.7 +++ b/share/man/man7/mdoc.7 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mdoc.7,v 1.183 2024/05/20 18:40:53 schwarze Exp $ +.\" $OpenBSD: mdoc.7,v 1.184 2024/06/17 15:35:33 schwarze Exp $ .\" .\" Copyright (c) 2009, 2010, 2011 Kristaps Dzonsons .\" Copyright (c) 2010, 2011, 2013-2020 Ingo Schwarze @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 20 2024 $ +.Dd $Mdocdate: June 17 2024 $ .Dt MDOC 7 .Os .Sh NAME @@ -2552,7 +2552,7 @@ It is used as the basis for UNIX 03 certification. .br The second and last Technical Corrigendum. .El -.It Single UNIX Specification version 4 +.It POSIX issues 7 and 8 .Pp .Bl -tag -width "-p1003.1g-2000" -compact .It \-p1003.1-2008 @@ -2560,8 +2560,18 @@ The second and last Technical Corrigendum. .It \-susv4 .St -susv4 .br -This standard is also called -X/Open Portability Guide version 7. +This standard is based on C99. +It is also called the +Open Group Standard Base Specifications, Issue 7. +.El +.Pp +.Bl -tag -width "-p1003.1g-2000" -compact +.It \-p1003.1-2024 +.St -p1003.1-2024 +.br +This standard is based on C17. +It is also called the +Open Group Standard Base Specifications, Issue 8. .El .It Other standards .Pp diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c index 8a6008ccc..ecf130c39 100644 --- a/sys/arch/amd64/amd64/identcpu.c +++ b/sys/arch/amd64/amd64/identcpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: identcpu.c,v 1.143 2024/05/14 01:42:07 guenther Exp $ */ +/* $OpenBSD: identcpu.c,v 1.144 2024/06/16 14:01:26 kn Exp $ */ /* $NetBSD: identcpu.c,v 1.1 2003/04/26 18:39:28 fvdl Exp $ */ /* @@ -727,7 +727,8 @@ identifycpu(struct cpu_info *ci) } #ifndef SMALL_KERNEL - if (CPU_IS_PRIMARY(ci) && (ci->ci_feature_tpmflags & TPM_SENSOR)) { + if (CPU_IS_PRIMARY(ci) && (ci->ci_feature_tpmflags & TPM_SENSOR) && + ci->ci_vendor == CPUV_INTEL) { ci->ci_sensor.type = SENSOR_TEMP; sensor_task_register(ci, intelcore_update_sensor, 5); sensor_attach(&ci->ci_sensordev, &ci->ci_sensor); diff --git a/sys/arch/arm64/stand/efiboot/efiboot.c b/sys/arch/arm64/stand/efiboot/efiboot.c index 0bae14026..295b9ae27 100644 --- a/sys/arch/arm64/stand/efiboot/efiboot.c +++ b/sys/arch/arm64/stand/efiboot/efiboot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: efiboot.c,v 1.51 2024/06/14 19:49:17 kettenis Exp $ */ +/* $OpenBSD: efiboot.c,v 1.52 2024/06/17 09:36:04 kettenis Exp $ */ /* * Copyright (c) 2015 YASUOKA Masahiko @@ -101,8 +101,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) /* disable reset by watchdog after 5 minutes */ BS->SetWatchdogTimer(0, 0, 0, NULL); - status = BS->HandleProtocol(image, &imgp_guid, - (void **)&imgp); + status = BS->HandleProtocol(image, &imgp_guid, (void **)&imgp); if (status == EFI_SUCCESS) status = BS->HandleProtocol(imgp->DeviceHandle, &devp_guid, (void **)&dp); diff --git a/sys/arch/armv7/stand/efiboot/conf.c b/sys/arch/armv7/stand/efiboot/conf.c index de536fb96..4143b4f5c 100644 --- a/sys/arch/armv7/stand/efiboot/conf.c +++ b/sys/arch/armv7/stand/efiboot/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.35 2024/03/10 15:37:54 kettenis Exp $ */ +/* $OpenBSD: conf.c,v 1.36 2024/06/17 09:12:45 kettenis Exp $ */ /* * Copyright (c) 1996 Michael Shalayeff @@ -42,7 +42,7 @@ #include "efidev.h" #include "efipxe.h" -const char version[] = "1.22"; +const char version[] = "1.23"; int debug = 0; struct fs_ops file_system[] = { diff --git a/sys/arch/armv7/stand/efiboot/efiboot.c b/sys/arch/armv7/stand/efiboot/efiboot.c index c6bf9501e..0e5ac7dca 100644 --- a/sys/arch/armv7/stand/efiboot/efiboot.c +++ b/sys/arch/armv7/stand/efiboot/efiboot.c @@ -1,4 +1,4 @@ -/* $OpenBSD: efiboot.c,v 1.40 2022/12/22 15:44:02 kettenis Exp $ */ +/* $OpenBSD: efiboot.c,v 1.41 2024/06/17 09:12:45 kettenis Exp $ */ /* * Copyright (c) 2015 YASUOKA Masahiko @@ -36,6 +36,7 @@ #include "efidev.h" #include "efiboot.h" +#include "efidt.h" #include "fdt.h" EFI_SYSTEM_TABLE *ST; @@ -59,6 +60,7 @@ static EFI_GUID blkio_guid = BLOCK_IO_PROTOCOL; static EFI_GUID devp_guid = DEVICE_PATH_PROTOCOL; static EFI_GUID gop_guid = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID; static EFI_GUID fdt_guid = FDT_TABLE_GUID; +static EFI_GUID dt_fixup_guid = EFI_DT_FIXUP_PROTOCOL_GUID; #define efi_guidcmp(_a, _b) memcmp((_a), (_b), sizeof(EFI_GUID)) @@ -1004,12 +1006,18 @@ efi_fdt(void) return fdt_sys; } +#define EXTRA_DT_SPACE (32 * 1024) + int fdt_load_override(char *file) { + EFI_DT_FIXUP_PROTOCOL *dt_fixup; EFI_PHYSICAL_ADDRESS addr; char path[MAXPATHLEN]; + EFI_STATUS status; struct stat sb; + size_t dt_size; + UINTN sz; int fd; if (file == NULL && fdt_override) { @@ -1027,7 +1035,8 @@ fdt_load_override(char *file) printf("cannot open %s\n", path); return 0; } - if (efi_memprobe_find(EFI_SIZE_TO_PAGES(sb.st_size), + dt_size = sb.st_size + EXTRA_DT_SPACE; + if (efi_memprobe_find(EFI_SIZE_TO_PAGES(dt_size), PAGE_SIZE, EfiLoaderData, &addr) != EFI_SUCCESS) { printf("cannot allocate memory for %s\n", path); return 0; @@ -1037,9 +1046,18 @@ fdt_load_override(char *file) return 0; } + status = BS->LocateProtocol(&dt_fixup_guid, NULL, (void **)&dt_fixup); + if (status == EFI_SUCCESS) { + sz = dt_size; + status = dt_fixup->Fixup(dt_fixup, (void *)addr, &sz, + EFI_DT_APPLY_FIXUPS | EFI_DT_RESERVE_MEMORY); + if (status != EFI_SUCCESS) + panic("DT fixup failed: 0x%lx", status); + } + if (!fdt_init((void *)addr)) { printf("invalid device tree\n"); - BS->FreePages(addr, EFI_SIZE_TO_PAGES(sb.st_size)); + BS->FreePages(addr, EFI_SIZE_TO_PAGES(dt_size)); return 0; } @@ -1050,7 +1068,7 @@ fdt_load_override(char *file) } fdt_override = (void *)addr; - fdt_override_size = sb.st_size; + fdt_override_size = dt_size; return 0; } diff --git a/sys/arch/armv7/stand/efiboot/efidt.h b/sys/arch/armv7/stand/efiboot/efidt.h new file mode 100644 index 000000000..8a2ab0d2c --- /dev/null +++ b/sys/arch/armv7/stand/efiboot/efidt.h @@ -0,0 +1,44 @@ +/* $OpenBSD: efidt.h,v 1.1 2024/06/17 09:12:45 kettenis Exp $ */ + +/* + * Copyright (c) 2024 Mark Kettenis + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include + +#include +#include + +#define EFI_DT_FIXUP_PROTOCOL_GUID \ + { 0xe617d64c, 0xfe08, 0x46da, \ + { 0xf4, 0xdc, 0xbb, 0xd5, 0x87, 0x0c, 0x73, 0x00 } } + +INTERFACE_DECL(_EFI_DT_FIXUP_PROTOCOL); + +typedef EFI_STATUS +(EFIAPI *EFI_DT_FIXUP) ( + IN struct _EFI_DT_FIXUP_PROTOCOL *This, + IN VOID *Fdt, + IN OUT UINTN *BufferSize, + IN UINT32 Flags + ); + +#define EFI_DT_APPLY_FIXUPS 0x00000001 +#define EFI_DT_RESERVE_MEMORY 0x00000002 + +typedef struct _EFI_DT_FIXUP_PROTOCOL { + UINT64 Revision; + EFI_DT_FIXUP Fixup; +} EFI_DT_FIXUP_PROTOCOL; diff --git a/sys/dev/pci/ahci_pci.c b/sys/dev/pci/ahci_pci.c index 183df336a..964abde5b 100644 --- a/sys/dev/pci/ahci_pci.c +++ b/sys/dev/pci/ahci_pci.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ahci_pci.c,v 1.17 2024/05/24 06:02:53 jsg Exp $ */ +/* $OpenBSD: ahci_pci.c,v 1.18 2024/06/16 18:00:08 kn Exp $ */ /* * Copyright (c) 2006 David Gwynne @@ -71,6 +71,8 @@ int ahci_intel_attach(struct ahci_softc *, struct pci_attach_args *); int ahci_samsung_attach(struct ahci_softc *, struct pci_attach_args *); +int ahci_storx_attach(struct ahci_softc *, + struct pci_attach_args *); static const struct ahci_device ahci_devices[] = { { PCI_VENDOR_AMD, PCI_PRODUCT_AMD_HUDSON2_SATA_1, @@ -148,7 +150,10 @@ static const struct ahci_device ahci_devices[] = { NULL, ahci_samsung_attach }, { PCI_VENDOR_VIATECH, PCI_PRODUCT_VIATECH_VT8251_SATA, - ahci_no_match, ahci_vt8251_attach } + ahci_no_match, ahci_vt8251_attach }, + + { PCI_VENDOR_ZHAOXIN, PCI_PRODUCT_ZHAOXIN_STORX_AHCI, + NULL, ahci_storx_attach }, }; int ahci_pci_match(struct device *, void *, void *); @@ -285,6 +290,19 @@ ahci_samsung_attach(struct ahci_softc *sc, struct pci_attach_args *pa) return (0); } +int +ahci_storx_attach(struct ahci_softc *sc, struct pci_attach_args *pa) +{ + /* + * Disable MSI with the ZX-100/ZX-200/ZX-E StorX AHCI Controller + * in the Unchartevice 6640MA notebook, otherwise ahci(4) hangs + * with SATA speed set to "Gen3" in BIOS. + */ + sc->sc_flags |= AHCI_F_NO_MSI; + + return (0); +} + int ahci_pci_match(struct device *parent, void *match, void *aux) { diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c index 6bbd18cb7..dc3fd9790 100644 --- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c +++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_amdkfd_gpuvm.c @@ -1135,7 +1135,8 @@ static int reserve_bo_and_cond_vms(struct kgd_mem *mem, int ret; ctx->sync = &mem->sync; - drm_exec_init(&ctx->exec, DRM_EXEC_INTERRUPTIBLE_WAIT); + drm_exec_init(&ctx->exec, DRM_EXEC_INTERRUPTIBLE_WAIT | + DRM_EXEC_IGNORE_DUPLICATES); drm_exec_until_all_locked(&ctx->exec) { ctx->n_vms = 0; list_for_each_entry(entry, &mem->attachments, list) { diff --git a/sys/dev/pci/drm/amd/amdgpu/amdgpu_atomfirmware.c b/sys/dev/pci/drm/amd/amdgpu/amdgpu_atomfirmware.c index fb2681dd6..23651a973 100644 --- a/sys/dev/pci/drm/amd/amdgpu/amdgpu_atomfirmware.c +++ b/sys/dev/pci/drm/amd/amdgpu/amdgpu_atomfirmware.c @@ -211,6 +211,7 @@ union igp_info { struct atom_integrated_system_info_v1_11 v11; struct atom_integrated_system_info_v1_12 v12; struct atom_integrated_system_info_v2_1 v21; + struct atom_integrated_system_info_v2_3 v23; }; union umc_info { @@ -359,6 +360,20 @@ amdgpu_atomfirmware_get_vram_info(struct amdgpu_device *adev, if (vram_type) *vram_type = convert_atom_mem_type_to_vram_type(adev, mem_type); break; + case 3: + mem_channel_number = igp_info->v23.umachannelnumber; + if (!mem_channel_number) + mem_channel_number = 1; + mem_type = igp_info->v23.memorytype; + if (mem_type == LpDdr5MemType) + mem_channel_width = 32; + else + mem_channel_width = 64; + if (vram_width) + *vram_width = mem_channel_number * mem_channel_width; + if (vram_type) + *vram_type = convert_atom_mem_type_to_vram_type(adev, mem_type); + break; default: return -EINVAL; } diff --git a/sys/dev/pci/drm/amd/amdgpu/sdma_v4_0.c b/sys/dev/pci/drm/amd/amdgpu/sdma_v4_0.c index 5854767cc..b5d62cef5 100644 --- a/sys/dev/pci/drm/amd/amdgpu/sdma_v4_0.c +++ b/sys/dev/pci/drm/amd/amdgpu/sdma_v4_0.c @@ -2031,6 +2031,9 @@ static int sdma_v4_0_process_trap_irq(struct amdgpu_device *adev, DRM_DEBUG("IH: SDMA trap\n"); instance = sdma_v4_0_irq_id_to_seq(entry->client_id); + if (instance < 0) + return instance; + switch (entry->ring_id) { case 0: amdgpu_fence_process(&adev->sdma.instance[instance].ring); diff --git a/sys/dev/pci/drm/amd/amdkfd/kfd_device.c b/sys/dev/pci/drm/amd/amdkfd/kfd_device.c index 913c70a0e..0c94bdfad 100644 --- a/sys/dev/pci/drm/amd/amdkfd/kfd_device.c +++ b/sys/dev/pci/drm/amd/amdkfd/kfd_device.c @@ -402,15 +402,8 @@ struct kfd_dev *kgd2kfd_probe(struct amdgpu_device *adev, bool vf) f2g = &gfx_v11_kfd2kgd; break; case IP_VERSION(11, 0, 3): - if ((adev->pdev->device == 0x7460 && - adev->pdev->revision == 0x00) || - (adev->pdev->device == 0x7461 && - adev->pdev->revision == 0x00)) - /* Note: Compiler version is 11.0.5 while HW version is 11.0.3 */ - gfx_target_version = 110005; - else - /* Note: Compiler version is 11.0.1 while HW version is 11.0.3 */ - gfx_target_version = 110001; + /* Note: Compiler version is 11.0.1 while HW version is 11.0.3 */ + gfx_target_version = 110001; f2g = &gfx_v11_kfd2kgd; break; default: diff --git a/sys/dev/pci/drm/amd/include/atomfirmware.h b/sys/dev/pci/drm/amd/include/atomfirmware.h index a04820334..90c9d574a 100644 --- a/sys/dev/pci/drm/amd/include/atomfirmware.h +++ b/sys/dev/pci/drm/amd/include/atomfirmware.h @@ -1625,6 +1625,49 @@ struct atom_integrated_system_info_v2_2 uint32_t reserved4[189]; }; +struct uma_carveout_option { + char optionName[29]; //max length of string is 28chars + '\0'. Current design is for "minimum", "Medium", "High". This makes entire struct size 64bits + uint8_t memoryCarvedGb; //memory carved out with setting + uint8_t memoryRemainingGb; //memory remaining on system + union { + struct _flags { + uint8_t Auto : 1; + uint8_t Custom : 1; + uint8_t Reserved : 6; + } flags; + uint8_t all8; + } uma_carveout_option_flags; +}; + +struct atom_integrated_system_info_v2_3 { + struct atom_common_table_header table_header; + uint32_t vbios_misc; // enum of atom_system_vbiosmisc_def + uint32_t gpucapinfo; // enum of atom_system_gpucapinf_def + uint32_t system_config; + uint32_t cpucapinfo; + uint16_t gpuclk_ss_percentage; // unit of 0.001%, 1000 mean 1% + uint16_t gpuclk_ss_type; + uint16_t dpphy_override; // bit vector, enum of atom_sysinfo_dpphy_override_def + uint8_t memorytype; // enum of atom_dmi_t17_mem_type_def, APU memory type indication. + uint8_t umachannelnumber; // number of memory channels + uint8_t htc_hyst_limit; + uint8_t htc_tmp_limit; + uint8_t reserved1; // dp_ss_control + uint8_t gpu_package_id; + struct edp_info_table edp1_info; + struct edp_info_table edp2_info; + uint32_t reserved2[8]; + struct atom_external_display_connection_info extdispconninfo; + uint8_t UMACarveoutVersion; + uint8_t UMACarveoutIndexMax; + uint8_t UMACarveoutTypeDefault; + uint8_t UMACarveoutIndexDefault; + uint8_t UMACarveoutType; //Auto or Custom + uint8_t UMACarveoutIndex; + struct uma_carveout_option UMASizeControlOption[20]; + uint8_t reserved3[110]; +}; + // system_config enum atom_system_vbiosmisc_def{ INTEGRATED_SYSTEM_INFO__GET_EDID_CALLBACK_FUNC_SUPPORT = 0x01, diff --git a/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c b/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c index cd674ef5a..1fd4702dc 100644 --- a/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c +++ b/sys/dev/pci/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c @@ -226,15 +226,17 @@ static int smu_v13_0_4_system_features_control(struct smu_context *smu, bool en) struct amdgpu_device *adev = smu->adev; int ret = 0; - if (!en && adev->in_s4) { - /* Adds a GFX reset as workaround just before sending the - * MP1_UNLOAD message to prevent GC/RLC/PMFW from entering - * an invalid state. - */ - ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_GfxDeviceDriverReset, - SMU_RESET_MODE_2, NULL); - if (ret) - return ret; + if (!en && !adev->in_s0ix) { + if (adev->in_s4) { + /* Adds a GFX reset as workaround just before sending the + * MP1_UNLOAD message to prevent GC/RLC/PMFW from entering + * an invalid state. + */ + ret = smu_cmn_send_smc_msg_with_param(smu, SMU_MSG_GfxDeviceDriverReset, + SMU_RESET_MODE_2, NULL); + if (ret) + return ret; + } ret = smu_cmn_send_smc_msg(smu, SMU_MSG_PrepareMp1ForUnload, NULL); } diff --git a/sys/dev/pci/drm/drm_fbdev_generic.c b/sys/dev/pci/drm/drm_fbdev_generic.c index 7c4dc3732..a6d23eea0 100644 --- a/sys/dev/pci/drm/drm_fbdev_generic.c +++ b/sys/dev/pci/drm/drm_fbdev_generic.c @@ -122,7 +122,6 @@ static int drm_fbdev_generic_helper_fb_probe(struct drm_fb_helper *fb_helper, /* screen */ info->flags |= FBINFO_VIRTFB | FBINFO_READS_FAST; info->screen_buffer = screen_buffer; - info->fix.smem_start = page_to_phys(vmalloc_to_page(info->screen_buffer)); info->fix.smem_len = screen_size; #ifdef notyet diff --git a/sys/dev/pci/drm/i915/i915_hwmon.c b/sys/dev/pci/drm/i915/i915_hwmon.c index 4ad8ab02e..c89c8ca2e 100644 --- a/sys/dev/pci/drm/i915/i915_hwmon.c +++ b/sys/dev/pci/drm/i915/i915_hwmon.c @@ -793,7 +793,7 @@ void i915_hwmon_register(struct drm_i915_private *i915) if (!IS_DGFX(i915)) return; - hwmon = devm_kzalloc(dev, sizeof(*hwmon), GFP_KERNEL); + hwmon = kzalloc(sizeof(*hwmon), GFP_KERNEL); if (!hwmon) return; @@ -819,14 +819,12 @@ void i915_hwmon_register(struct drm_i915_private *i915) hwm_get_preregistration_info(i915); /* hwmon_dev points to device hwmon */ - hwmon_dev = devm_hwmon_device_register_with_info(dev, ddat->name, - ddat, - &hwm_chip_info, - hwm_groups); - if (IS_ERR(hwmon_dev)) { - i915->hwmon = NULL; - return; - } + hwmon_dev = hwmon_device_register_with_info(dev, ddat->name, + ddat, + &hwm_chip_info, + hwm_groups); + if (IS_ERR(hwmon_dev)) + goto err; ddat->hwmon_dev = hwmon_dev; @@ -839,16 +837,36 @@ void i915_hwmon_register(struct drm_i915_private *i915) if (!hwm_gt_is_visible(ddat_gt, hwmon_energy, hwmon_energy_input, 0)) continue; - hwmon_dev = devm_hwmon_device_register_with_info(dev, ddat_gt->name, - ddat_gt, - &hwm_gt_chip_info, - NULL); + hwmon_dev = hwmon_device_register_with_info(dev, ddat_gt->name, + ddat_gt, + &hwm_gt_chip_info, + NULL); if (!IS_ERR(hwmon_dev)) ddat_gt->hwmon_dev = hwmon_dev; } + return; +err: + i915_hwmon_unregister(i915); } void i915_hwmon_unregister(struct drm_i915_private *i915) { - fetch_and_zero(&i915->hwmon); + struct i915_hwmon *hwmon = i915->hwmon; + struct intel_gt *gt; + int i; + + if (!hwmon) + return; + + for_each_gt(gt, i915, i) + if (hwmon->ddat_gt[i].hwmon_dev) + hwmon_device_unregister(hwmon->ddat_gt[i].hwmon_dev); + + if (hwmon->ddat.hwmon_dev) + hwmon_device_unregister(hwmon->ddat.hwmon_dev); + + mutex_destroy(&hwmon->hwmon_lock); + + kfree(i915->hwmon); + i915->hwmon = NULL; } diff --git a/sys/dev/pci/drm/include/generated/autoconf.h b/sys/dev/pci/drm/include/generated/autoconf.h index c251f6183..adcef50e2 100644 --- a/sys/dev/pci/drm/include/generated/autoconf.h +++ b/sys/dev/pci/drm/include/generated/autoconf.h @@ -93,5 +93,5 @@ #endif #if defined(SUSPEND) || defined(HIBERNATE) -#define CONFIG_PM_SLEEP +#define CONFIG_PM_SLEEP 1 #endif diff --git a/sys/dev/pci/if_vmx.c b/sys/dev/pci/if_vmx.c index e70d9b50f..c3ad040ce 100644 --- a/sys/dev/pci/if_vmx.c +++ b/sys/dev/pci/if_vmx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vmx.c,v 1.87 2024/06/07 08:44:25 jan Exp $ */ +/* $OpenBSD: if_vmx.c,v 1.88 2024/06/17 11:13:43 bluhm Exp $ */ /* * Copyright (c) 2013 Tsubai Masanari @@ -1619,6 +1619,8 @@ vmxnet3_start(struct ifqueue *ifq) rgen = ring->gen; for (;;) { + int hdrlen; + if (free <= NTXSEGS) { ifq_set_oactive(ifq); break; @@ -1628,6 +1630,30 @@ vmxnet3_start(struct ifqueue *ifq) if (m == NULL) break; + /* + * Headers for Ether, IP, TCP including options must lay in + * first mbuf to support TSO. Usually our stack gets that + * right. To avoid packet parsing here, make a rough estimate + * for simple IPv4. Cases seen in the wild contain only ether + * header in separate mbuf. To support IPv6 with TCP options, + * move as much as possible into first mbuf. Realloc mbuf + * before bus dma load. + */ + hdrlen = sizeof(struct ether_header) + sizeof(struct ip) + + sizeof(struct tcphdr); + if (ISSET(m->m_pkthdr.csum_flags, M_TCP_TSO) && + m->m_len < hdrlen && hdrlen <= m->m_pkthdr.len) { + hdrlen = MHLEN; + /* m_pullup preserves alignment, reserve space */ + hdrlen -= mtod(m, unsigned long) & (sizeof(long) - 1); + if (hdrlen > m->m_pkthdr.len) + hdrlen = m->m_pkthdr.len; + if ((m = m_pullup(m, hdrlen)) == NULL) { + ifq->ifq_errors++; + continue; + } + } + map = ring->dmap[prod]; if (vmx_load_mbuf(sc->sc_dmat, map, m) != 0) { diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index 2981aa6e2..416ff0fad 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2076 2024/05/22 16:24:59 martijn Exp $ +$OpenBSD: pcidevs,v 1.2077 2024/06/16 16:20:51 kn Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -346,6 +346,7 @@ vendor SYMPHONY2 0x1c1c Symphony Labs vendor SKHYNIX 0x1c5c SK hynix vendor ADATA 0x1cc1 ADATA Technology vendor UMIS 0x1cc4 Union Memory +vendor ZHAOXIN 0x1d17 Zhaoxin vendor BAIKAL 0x1d39 Baikal Electronics vendor AQUANTIA 0x1d6a Aquantia vendor ROCKCHIP 0x1d87 Rockchip @@ -10039,6 +10040,9 @@ product YMTC PC005 0x1001 PC005 /* Zeinet products */ product ZEINET 1221 0x0001 1221 +/* Zhaoxin products */ +product ZHAOXIN STORX_AHCI 0x9083 StorX AHCI + /* Ziatech products */ product ZIATECH ZT8905 0x8905 PCI-ST32 diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index 8a90a3f32..b07d6b965 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2075 2024/05/21 07:03:55 jsg Exp + * OpenBSD: pcidevs,v 1.2077 2024/06/16 16:20:51 kn Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -351,6 +351,7 @@ #define PCI_VENDOR_SKHYNIX 0x1c5c /* SK hynix */ #define PCI_VENDOR_ADATA 0x1cc1 /* ADATA Technology */ #define PCI_VENDOR_UMIS 0x1cc4 /* Union Memory */ +#define PCI_VENDOR_ZHAOXIN 0x1d17 /* Zhaoxin */ #define PCI_VENDOR_BAIKAL 0x1d39 /* Baikal Electronics */ #define PCI_VENDOR_AQUANTIA 0x1d6a /* Aquantia */ #define PCI_VENDOR_ROCKCHIP 0x1d87 /* Rockchip */ @@ -10044,6 +10045,9 @@ /* Zeinet products */ #define PCI_PRODUCT_ZEINET_1221 0x0001 /* 1221 */ +/* Zhaoxin products */ +#define PCI_PRODUCT_ZHAOXIN_STORX_AHCI 0x9083 /* StorX AHCI */ + /* Ziatech products */ #define PCI_PRODUCT_ZIATECH_ZT8905 0x8905 /* PCI-ST32 */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index fabd8f541..74de782f4 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2075 2024/05/21 07:03:55 jsg Exp + * OpenBSD: pcidevs,v 1.2077 2024/06/16 16:20:51 kn Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -36047,6 +36047,10 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_ZEINET, PCI_PRODUCT_ZEINET_1221, "1221", }, + { + PCI_VENDOR_ZHAOXIN, PCI_PRODUCT_ZHAOXIN_STORX_AHCI, + "StorX AHCI", + }, { PCI_VENDOR_ZIATECH, PCI_PRODUCT_ZIATECH_ZT8905, "PCI-ST32", @@ -37279,6 +37283,10 @@ static const struct pci_known_vendor pci_known_vendors[] = { PCI_VENDOR_UMIS, "Union Memory", }, + { + PCI_VENDOR_ZHAOXIN, + "Zhaoxin", + }, { PCI_VENDOR_BAIKAL, "Baikal Electronics", diff --git a/usr.bin/make/buf.c b/usr.bin/make/buf.c index 0a3d80609..24f79aeba 100644 --- a/usr.bin/make/buf.c +++ b/usr.bin/make/buf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: buf.c,v 1.30 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: buf.c,v 1.31 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: buf.c,v 1.9 1996/12/31 17:53:21 christos Exp $ */ /* @@ -90,7 +90,7 @@ #endif static void -fatal_overflow() +fatal_overflow(void) { fprintf(stderr, "buffer size overflow\n"); exit(2); diff --git a/usr.bin/make/compat.c b/usr.bin/make/compat.c index bef1e8789..82f288ba9 100644 --- a/usr.bin/make/compat.c +++ b/usr.bin/make/compat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compat.c,v 1.94 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: compat.c,v 1.95 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: compat.c,v 1.14 1996/11/06 17:59:01 christos Exp $ */ /* @@ -247,12 +247,12 @@ CompatMake(void *gnp, /* The node to make */ } void -Compat_Init() +Compat_Init(void) { } void -Compat_Update(GNode *gn) +Compat_Update(GNode *gn UNUSED) { } diff --git a/usr.bin/make/error.c b/usr.bin/make/error.c index 6fe193a2b..12246505d 100644 --- a/usr.bin/make/error.c +++ b/usr.bin/make/error.c @@ -1,4 +1,4 @@ -/* $OpenBSD: error.c,v 1.26 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: error.c,v 1.27 2024/06/18 02:11:03 millert Exp $ */ /* * Copyright (c) 2001 Marc Espie. @@ -122,7 +122,7 @@ Punt(const char *fmt, ...) * The program exits */ void -Finish() +Finish(void) { Job_Wait(); print_errors(); diff --git a/usr.bin/make/job.c b/usr.bin/make/job.c index 9b43637c0..bf6a36c15 100644 --- a/usr.bin/make/job.c +++ b/usr.bin/make/job.c @@ -1,4 +1,4 @@ -/* $OpenBSD: job.c,v 1.165 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: job.c,v 1.166 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: job.c,v 1.16 1996/11/06 17:59:08 christos Exp $ */ /* @@ -297,7 +297,7 @@ quick_summary(int signo) } static void -internal_print_errors() +internal_print_errors(void) { Job *j, *k, *jnext; int dying; @@ -375,7 +375,7 @@ notice_signal(int sig) } void -Sigset_Init() +Sigset_Init(void) { sigemptyset(&emptyset); sigprocmask(SIG_BLOCK, &emptyset, &origset); @@ -664,7 +664,7 @@ may_continue_job(Job *job) } static void -may_continue_heldback_jobs() +may_continue_heldback_jobs(void) { while (!no_new_jobs) { if (heldJobs != NULL) { @@ -775,7 +775,7 @@ reap_jobs(void) } void -reset_signal_mask() +reset_signal_mask(void) { sigprocmask(SIG_SETMASK, &origset, NULL); } @@ -811,7 +811,7 @@ handle_running_jobs(void) } void -loop_handle_running_jobs() +loop_handle_running_jobs(void) { while (runningJobs != NULL) handle_running_jobs(); diff --git a/usr.bin/make/main.c b/usr.bin/make/main.c index cf238d7bc..b2bd67694 100644 --- a/usr.bin/make/main.c +++ b/usr.bin/make/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.132 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: main.c,v 1.133 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: main.c,v 1.34 1997/03/24 20:56:36 gwr Exp $ */ /* @@ -127,7 +127,7 @@ record_option(int c, const char *arg) } void -set_notparallel() +set_notparallel(void) { compatMake = true; } @@ -465,7 +465,7 @@ add_dirpath(Lst l, const char *n) * run-time. */ static char * -figure_out_MACHINE() +figure_out_MACHINE(void) { char *r = getenv("MACHINE"); if (r == NULL) { @@ -479,7 +479,7 @@ figure_out_MACHINE() } static char * -figure_out_MACHINE_ARCH() +figure_out_MACHINE_ARCH(void) { char *r = getenv("MACHINE_ARCH"); if (r == NULL) { @@ -492,7 +492,7 @@ figure_out_MACHINE_ARCH() return r; } static char * -figure_out_MACHINE_CPU() +figure_out_MACHINE_CPU(void) { char *r = getenv("MACHINE_CPU"); if (r == NULL) { @@ -510,7 +510,7 @@ figure_out_MACHINE_CPU() } static char * -figure_out_CURDIR() +figure_out_CURDIR(void) { char *dir, *cwd; struct stat sa, sb; @@ -577,7 +577,7 @@ setup_CURDIR_OBJDIR(struct dirs *d) * ::... */ static void -setup_VPATH() +setup_VPATH(void) { if (Var_Value("VPATH") != NULL) { char *vpath; @@ -936,7 +936,7 @@ found: Var_Set("MAKEFILE", fname); * exit with usage message */ static void -usage() +usage(void) { (void)fprintf(stderr, "usage: make [-BeiknpqrSst] [-C directory] [-D variable] [-d flags] [-f mk]\n\ diff --git a/usr.bin/make/make.c b/usr.bin/make/make.c index 61f03afe1..b8af4a20d 100644 --- a/usr.bin/make/make.c +++ b/usr.bin/make/make.c @@ -1,4 +1,4 @@ -/* $OpenBSD: make.c,v 1.84 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: make.c,v 1.85 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: make.c,v 1.10 1996/11/06 17:59:15 christos Exp $ */ /* @@ -118,13 +118,13 @@ static bool randomize_queue; long random_delay = 0; bool -nothing_left_to_build() +nothing_left_to_build(void) { return Array_IsEmpty(&to_build); } static void -random_setup() +random_setup(void) { randomize_queue = Var_Definedi("RANDOM_ORDER", NULL); @@ -503,7 +503,7 @@ add_targets_to_make(Lst todo) } void -Make_Init() +Make_Init(void) { /* wild guess at initial sizes */ Array_Init(&to_build, 500); diff --git a/usr.bin/make/parse.c b/usr.bin/make/parse.c index 2a2f2b6ad..00b3ec311 100644 --- a/usr.bin/make/parse.c +++ b/usr.bin/make/parse.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.c,v 1.136 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: parse.c,v 1.137 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: parse.c,v 1.29 1997/03/10 21:20:04 christos Exp $ */ /* @@ -219,7 +219,7 @@ static struct { #undef P static void -create_special_nodes() +create_special_nodes(void) { unsigned int i; @@ -690,7 +690,7 @@ parse_do_targets(Lst paths, unsigned int *op, const char *line) } static void -dump_targets() +dump_targets(void) { size_t i; for (i = 0; i < gtargets.n; i++) @@ -1436,6 +1436,7 @@ build_target_group(struct growableArray *targets, struct ohash *t) LstNode ln; bool seen_target = false; unsigned int i; + GNode *gn, *gn2; /* may be 0 if wildcard expansion resulted in zero match */ if (targets->n <= 1) @@ -1465,7 +1466,6 @@ build_target_group(struct growableArray *targets, struct ohash *t) if (seen_target) return; - GNode *gn, *gn2; /* targets may already participate in groupling lists, * so rebuild the circular list "from scratch" */ @@ -1488,7 +1488,7 @@ build_target_group(struct growableArray *targets, struct ohash *t) } static void -reset_target_hash() +reset_target_hash(void) { if (htargets_setup) ohash_delete(&htargets); @@ -1497,7 +1497,7 @@ reset_target_hash() } void -Parse_End() +Parse_End(void) { if (htargets_setup) ohash_delete(&htargets); diff --git a/usr.bin/make/parsevar.c b/usr.bin/make/parsevar.c index c90ed89e0..855e049df 100644 --- a/usr.bin/make/parsevar.c +++ b/usr.bin/make/parsevar.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parsevar.c,v 1.17 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: parsevar.c,v 1.18 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: parse.c,v 1.29 1997/03/10 21:20:04 christos Exp $ */ /* @@ -38,7 +38,6 @@ #include "parsevar.h" static const char *find_op1(const char *); -static const char *find_op2(const char *); static bool parse_variable_assignment(const char *, int); static const char * @@ -55,18 +54,6 @@ find_op1(const char *p) return p; } -static const char * -find_op2(const char *p) -{ - for(;; p++) { - if (ISSPACE(*p) || *p == '$' || *p == '\0') - break; - if (p[strspn(p, "?:!+")] == '=') - break; - } - return p; -} - static bool parse_variable_assignment(const char *line, int ctxt) { diff --git a/usr.bin/make/targ.c b/usr.bin/make/targ.c index 0c916c41d..b8962facb 100644 --- a/usr.bin/make/targ.c +++ b/usr.bin/make/targ.c @@ -1,4 +1,4 @@ -/* $OpenBSD: targ.c,v 1.87 2024/05/21 05:00:48 jsg Exp $ */ +/* $OpenBSD: targ.c,v 1.88 2024/06/18 02:11:03 millert Exp $ */ /* $NetBSD: targ.c,v 1.11 1997/02/20 16:51:50 christos Exp $ */ /* @@ -337,7 +337,7 @@ status_to_string(GNode *gn) } struct ohash * -targets_hash() +targets_hash(void) { return &targets; } diff --git a/usr.bin/make/targequiv.c b/usr.bin/make/targequiv.c index 53bdca26f..78a02944d 100644 --- a/usr.bin/make/targequiv.c +++ b/usr.bin/make/targequiv.c @@ -1,4 +1,4 @@ -/* $OpenBSD: targequiv.c,v 1.10 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: targequiv.c,v 1.11 2024/06/18 02:11:04 millert Exp $ */ /* * Copyright (c) 2007-2008 Marc Espie. * @@ -109,7 +109,7 @@ add_to_equiv_list(struct ohash *equiv, GNode *gn) } static void -build_equivalence() +build_equivalence(void) { unsigned int i; GNode *gn; diff --git a/usr.bin/make/var.c b/usr.bin/make/var.c index 09ae6d9ef..2997b7eb5 100644 --- a/usr.bin/make/var.c +++ b/usr.bin/make/var.c @@ -1,4 +1,4 @@ -/* $OpenBSD: var.c,v 1.106 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: var.c,v 1.107 2024/06/18 02:11:04 millert Exp $ */ /* $NetBSD: var.c,v 1.18 1997/03/18 19:24:46 christos Exp $ */ /* @@ -1365,7 +1365,7 @@ Var_SubstVar(Buffer buf, /* To store result */ ***/ static void -set_magic_shell_variable() +set_magic_shell_variable(void) { const char *name = "SHELL"; const char *ename = NULL; @@ -1380,7 +1380,7 @@ set_magic_shell_variable() } static void -set_magic_name_list_variable() +set_magic_name_list_variable(void) { const char *name = VARNAME_LIST; const char *ename = NULL; diff --git a/usr.bin/make/varmodifiers.c b/usr.bin/make/varmodifiers.c index ea457a3a0..c88f6e2ae 100644 --- a/usr.bin/make/varmodifiers.c +++ b/usr.bin/make/varmodifiers.c @@ -1,4 +1,4 @@ -/* $OpenBSD: varmodifiers.c,v 1.49 2023/09/04 11:35:11 espie Exp $ */ +/* $OpenBSD: varmodifiers.c,v 1.50 2024/06/18 02:11:04 millert Exp $ */ /* $NetBSD: var.c,v 1.18 1997/03/18 19:24:46 christos Exp $ */ /* @@ -174,7 +174,7 @@ static struct modifier { ; void -VarModifiers_Init() +VarModifiers_Init(void) { choose_mod['M'] = &match_mod; choose_mod['N'] = &nomatch_mod; diff --git a/usr.bin/mandoc/st.c b/usr.bin/mandoc/st.c index 959338faf..97c8f8bd2 100644 --- a/usr.bin/mandoc/st.c +++ b/usr.bin/mandoc/st.c @@ -1,4 +1,4 @@ -/* $OpenBSD: st.c,v 1.14 2022/01/13 08:39:24 schwarze Exp $ */ +/* $OpenBSD: st.c,v 1.15 2024/06/16 18:33:05 job Exp $ */ /* * Copyright (c) 2009, 2010 Kristaps Dzonsons * @@ -35,6 +35,7 @@ LINE("-p1003.1-96", "ISO/IEC 9945-1:1996 (\\(lqPOSIX.1\\(rq)") LINE("-p1003.1-2001", "IEEE Std 1003.1-2001 (\\(lqPOSIX.1\\(rq)") LINE("-p1003.1-2004", "IEEE Std 1003.1-2004 (\\(lqPOSIX.1\\(rq)") LINE("-p1003.1-2008", "IEEE Std 1003.1-2008 (\\(lqPOSIX.1\\(rq)") +LINE("-p1003.1-2024", "IEEE Std 1003.1-2024 (\\(lqPOSIX.1\\(rq)") LINE("-p1003.1", "IEEE Std 1003.1 (\\(lqPOSIX.1\\(rq)") LINE("-p1003.1b", "IEEE Std 1003.1b (\\(lqPOSIX.1b\\(rq)") LINE("-p1003.1b-93", "IEEE Std 1003.1b-1993 (\\(lqPOSIX.1b\\(rq)") diff --git a/usr.bin/sed/compile.c b/usr.bin/sed/compile.c index bdb62d3ce..f21fd0acd 100644 --- a/usr.bin/sed/compile.c +++ b/usr.bin/sed/compile.c @@ -1,4 +1,4 @@ -/* $OpenBSD: compile.c,v 1.51 2022/12/26 19:16:02 jmc Exp $ */ +/* $OpenBSD: compile.c,v 1.52 2024/06/18 00:32:22 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -151,7 +151,7 @@ compile_stream(struct s_command **link) stack = 0; for (;;) { - if ((p = cu_fgets(&lbuf, &bufsize)) == NULL) { + if ((p = cu_getline(&lbuf, &bufsize)) == NULL) { if (stack != 0) error(COMPILE, "unexpected EOF (pending }'s)"); return (link); @@ -538,7 +538,7 @@ compile_subst(char *p, struct s_subst *s) *sp++ = *p; } size += sp - op; - } while ((p = cu_fgets(&lbuf, &bufsize))); + } while ((p = cu_getline(&lbuf, &bufsize))); error(COMPILE, "unterminated substitute in regular expression"); } @@ -682,7 +682,7 @@ compile_text(void) lbuf = text = NULL; asize = size = 0; - while ((p = cu_fgets(&lbuf, &bufsize))) { + while ((p = cu_getline(&lbuf, &bufsize))) { size_t len = ROUNDLEN(strlen(p) + 1); if (asize - size < len) { do { diff --git a/usr.bin/sed/extern.h b/usr.bin/sed/extern.h index 772f0bab3..2d28ef8a8 100644 --- a/usr.bin/sed/extern.h +++ b/usr.bin/sed/extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: extern.h,v 1.14 2018/11/14 10:59:33 martijn Exp $ */ +/* $OpenBSD: extern.h,v 1.15 2024/06/18 00:32:22 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. * Copyright (c) 1992, 1993 @@ -48,10 +48,10 @@ extern FILE *infile, *outfile; void cfclose(struct s_command *, struct s_command *); void compile(void); void cspace(SPACE *, const char *, size_t, enum e_spflag); -char *cu_fgets(char **, size_t *); +char *cu_getline(char **, size_t *); __dead void error(int, const char *, ...); void warning(const char *, ...); -int mf_fgets(SPACE *, enum e_spflag); +int mf_getline(SPACE *, enum e_spflag); int lastline(void); void finish_file(void); void process(void); diff --git a/usr.bin/sed/main.c b/usr.bin/sed/main.c index 9450d5b74..0d741db69 100644 --- a/usr.bin/sed/main.c +++ b/usr.bin/sed/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.44 2023/02/08 08:18:11 tb Exp $ */ +/* $OpenBSD: main.c,v 1.45 2024/06/18 00:32:22 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -209,11 +209,11 @@ main(int argc, char *argv[]) } /* - * Like fgets, but go through the chain of compilation units chaining them + * Like getline, but go through the chain of compilation units chaining them * together. Empty strings and files are ignored. */ char * -cu_fgets(char **outbuf, size_t *outsize) +cu_getline(char **outbuf, size_t *outsize) { static enum {ST_EOF, ST_FILE, ST_STRING} state = ST_EOF; static FILE *f; /* Current open file */ @@ -328,11 +328,11 @@ finish_file(void) } /* - * Like fgets, but go through the list of files chaining them together. + * Like getline, but go through the list of files chaining them together. * Set len to the length of the line. */ int -mf_fgets(SPACE *sp, enum e_spflag spflag) +mf_getline(SPACE *sp, enum e_spflag spflag) { struct stat sb; size_t len; diff --git a/usr.bin/sed/process.c b/usr.bin/sed/process.c index 932e333fd..308ab71ee 100644 --- a/usr.bin/sed/process.c +++ b/usr.bin/sed/process.c @@ -1,4 +1,4 @@ -/* $OpenBSD: process.c,v 1.35 2022/01/12 15:13:36 martijn Exp $ */ +/* $OpenBSD: process.c,v 1.36 2024/06/18 00:32:22 millert Exp $ */ /*- * Copyright (c) 1992 Diomidis Spinellis. @@ -90,7 +90,7 @@ process(void) size_t len, oldpsl; char *p; - for (linenum = 0; mf_fgets(&PS, REPLACE);) { + for (linenum = 0; mf_getline(&PS, REPLACE);) { pd = 0; top: cp = prog; @@ -164,14 +164,14 @@ redirect: if (!nflag && !pd) OUT(); flush_appends(); - if (!mf_fgets(&PS, REPLACE)) + if (!mf_getline(&PS, REPLACE)) exit(0); pd = 0; break; case 'N': flush_appends(); cspace(&PS, "\n", 1, 0); - if (!mf_fgets(&PS, 0)) + if (!mf_getline(&PS, 0)) exit(0); break; case 'p': diff --git a/usr.bin/ssh/Makefile.inc b/usr.bin/ssh/Makefile.inc index 5e4cb3856..bd7697d1d 100644 --- a/usr.bin/ssh/Makefile.inc +++ b/usr.bin/ssh/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.93 2024/06/04 15:14:45 deraadt Exp $ +# $OpenBSD: Makefile.inc,v 1.94 2024/06/17 08:30:29 djm Exp $ .include @@ -37,7 +37,7 @@ WARNINGS=yes OPENSSL?= yes ZLIB?= yes -DSAKEY?= yes +DSAKEY?= no .if (${OPENSSL:L} == "yes") CFLAGS+= -DWITH_OPENSSL diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 689d21e52..4e052c02b 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.239 2024/05/17 00:30:24 djm Exp $ */ +/* $OpenBSD: serverloop.c,v 1.240 2024/06/17 08:28:31 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -260,11 +260,11 @@ process_input(struct ssh *ssh, int connection_in) if (errno == EAGAIN || errno == EINTR) return 0; if (errno == EPIPE) { - verbose("Connection closed by %.100s port %d", + logit("Connection closed by %.100s port %d", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh)); return -1; } - verbose("Read error from remote host %s port %d: %s", + logit("Read error from remote host %s port %d: %s", ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), strerror(errno)); cleanup_exit(255); diff --git a/usr.bin/ssh/ssh-add.1 b/usr.bin/ssh/ssh-add.1 index 290ba91d3..c31de4dd9 100644 --- a/usr.bin/ssh/ssh-add.1 +++ b/usr.bin/ssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $ +.\" $OpenBSD: ssh-add.1,v 1.87 2024/06/17 08:30:29 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 19 2023 $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -67,10 +67,9 @@ When run without arguments, it adds the files .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , -.Pa ~/.ssh/id_ed25519 , -.Pa ~/.ssh/id_ed25519_sk , +.Pa ~/.ssh/id_ed25519 and -.Pa ~/.ssh/id_dsa . +.Pa ~/.ssh/id_ed25519_sk . After loading a private key, .Nm will try to load corresponding certificate information from the @@ -314,13 +313,12 @@ the built-in USB HID support. .El .Sh FILES .Bl -tag -width Ds -compact -.It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_ecdsa_sk .It Pa ~/.ssh/id_ed25519 .It Pa ~/.ssh/id_ed25519_sk .It Pa ~/.ssh/id_rsa -Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, +Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity of the user. .El .Pp diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index c392141ea..df6803fd9 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.230 2023/09/04 10:29:58 job Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.232 2024/06/17 13:50:18 naddy Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 4 2023 $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -51,7 +51,7 @@ .Op Fl m Ar format .Op Fl N Ar new_passphrase .Op Fl O Ar option -.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa +.Op Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa .Op Fl w Ar provider .Op Fl Z Ar cipher .Nm ssh-keygen @@ -205,7 +205,6 @@ section for details. Normally each user wishing to use SSH with public key authentication runs this once to create the authentication key in -.Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , .Pa ~/.ssh/id_ed25519 , @@ -296,7 +295,6 @@ Show the bubblebabble digest of specified private or public key file. Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 3072 bits. Generally, 3072 bits is considered sufficient. -DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, the .Fl b flag determines the key length by selecting from one of three elliptic @@ -414,9 +412,8 @@ section. Prints the contents of one or more certificates. .It Fl l Show fingerprint of specified public key file. -For RSA and DSA keys .Nm -tries to find the matching public key file and prints its fingerprint. +will try to find the matching public key file and prints its fingerprint. If combined with .Fl v , a visual ASCII art representation of the key is supplied with the @@ -579,10 +576,9 @@ by key ID or serial number. See the .Sx KEY REVOCATION LISTS section for details. -.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa +.It Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa Specifies the type of key to create. The possible values are -.Dq dsa , .Dq ecdsa , .Dq ecdsa-sk , .Dq ed25519 , @@ -1290,13 +1286,12 @@ the built-in USB HID support. .El .Sh FILES .Bl -tag -width Ds -compact -.It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_ecdsa_sk .It Pa ~/.ssh/id_ed25519 .It Pa ~/.ssh/id_ed25519_sk .It Pa ~/.ssh/id_rsa -Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, +Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to @@ -1308,13 +1303,12 @@ but it is offered as the default file for the private key. .Xr ssh 1 will read this file when a login attempt is made. .Pp -.It Pa ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_ecdsa.pub .It Pa ~/.ssh/id_ecdsa_sk.pub .It Pa ~/.ssh/id_ed25519.pub .It Pa ~/.ssh/id_ed25519_sk.pub .It Pa ~/.ssh/id_rsa.pub -Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, +Contains the ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA public key for authentication. The contents of this file should be added to .Pa ~/.ssh/authorized_keys diff --git a/usr.bin/ssh/ssh-keyscan.1 b/usr.bin/ssh/ssh-keyscan.1 index df4fb6ca4..79cef300d 100644 --- a/usr.bin/ssh/ssh-keyscan.1 +++ b/usr.bin/ssh/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.51 2024/06/14 05:20:34 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.52 2024/06/17 08:30:29 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: June 14 2024 $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -130,7 +130,6 @@ The default is 5 seconds. .It Fl t Ar type Specify the type of the key to fetch from the scanned hosts. The possible values are -.Dq dsa , .Dq ecdsa , .Dq ed25519 , .Dq ecdsa-sk , @@ -138,14 +137,7 @@ The possible values are or .Dq rsa . Multiple values may be specified by separating them with commas. -The default is to fetch -.Dq rsa , -.Dq ecdsa , -.Dq ed25519 , -.Dq ecdsa-sk , -and -.Dq ed25519-sk -keys. +The default is to fetch all the above key types. .It Fl v Verbose mode: print debugging messages about progress. @@ -177,7 +169,7 @@ Find all hosts from the file which have new or different keys from those in the sorted file .Pa ssh_known_hosts : .Bd -literal -offset indent -$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e +$ ssh-keyscan -t rsa,ecdsa,ed25519 -f ssh_hosts | \e sort -u - ssh_known_hosts | diff ssh_known_hosts - .Ed .Sh SEE ALSO diff --git a/usr.bin/ssh/ssh-keysign.8 b/usr.bin/ssh/ssh-keysign.8 index 6b4b9b270..3b4d35b09 100644 --- a/usr.bin/ssh/ssh-keysign.8 +++ b/usr.bin/ssh/ssh-keysign.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $ +.\" $OpenBSD: ssh-keysign.8,v 1.18 2024/06/17 08:30:29 djm Exp $ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -22,7 +22,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 31 2022 $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH-KEYSIGN 8 .Os .Sh NAME @@ -61,7 +61,6 @@ Controls whether .Nm is enabled. .Pp -.It Pa /etc/ssh/ssh_host_dsa_key .It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_ed25519_key .It Pa /etc/ssh/ssh_host_rsa_key @@ -73,7 +72,6 @@ Since they are readable only by root, .Nm must be set-uid root if host-based authentication is used. .Pp -.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub .It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 61a154c2a..6b5bb0e07 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.440 2024/05/26 20:35:12 naddy Exp $ -.Dd $Mdocdate: May 26 2024 $ +.\" $OpenBSD: ssh.1,v 1.441 2024/06/17 08:30:29 djm Exp $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH 1 .Os .Sh NAME @@ -304,10 +304,9 @@ The default is .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , -.Pa ~/.ssh/id_ed25519 , -.Pa ~/.ssh/id_ed25519_sk +.Pa ~/.ssh/id_ed25519 and -.Pa ~/.ssh/id_dsa . +.Pa ~/.ssh/id_ed25519_sk . Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple @@ -929,10 +928,10 @@ key pair for authentication purposes. The server knows the public key, and only the user knows the private key. .Nm implements public key authentication protocol automatically, -using one of the DSA, ECDSA, Ed25519 or RSA algorithms. +using one of the ECDSA, Ed25519 or RSA algorithms. The HISTORY section of .Xr ssl 8 -contains a brief discussion of the DSA and RSA algorithms. +contains a brief discussion of the RSA and ECDSA algorithms. .Pp The file .Pa ~/.ssh/authorized_keys @@ -959,8 +958,6 @@ flag). The user creates their key pair by running .Xr ssh-keygen 1 . This stores the private key in -.Pa ~/.ssh/id_dsa -(DSA), .Pa ~/.ssh/id_ecdsa (ECDSA), .Pa ~/.ssh/id_ecdsa_sk @@ -973,8 +970,6 @@ or .Pa ~/.ssh/id_rsa (RSA) and stores the public key in -.Pa ~/.ssh/id_dsa.pub -(DSA), .Pa ~/.ssh/id_ecdsa.pub (ECDSA), .Pa ~/.ssh/id_ecdsa_sk.pub @@ -1556,7 +1551,7 @@ secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (DSA, ECDSA, Ed25519, RSA) +Lists the public keys (ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described in the .Xr sshd 8 @@ -1576,7 +1571,6 @@ Contains additional definitions for environment variables; see .Sx ENVIRONMENT , above. .Pp -.It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_ecdsa_sk .It Pa ~/.ssh/id_ed25519 @@ -1592,7 +1586,6 @@ It is possible to specify a passphrase when generating the key which will be used to encrypt the sensitive part of this file using AES-128. .Pp -.It Pa ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_ecdsa.pub .It Pa ~/.ssh/id_ecdsa_sk.pub .It Pa ~/.ssh/id_ed25519.pub diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 9cd1ccdfd..129ed951b 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.395 2024/06/14 05:01:22 djm Exp $ -.Dd $Mdocdate: June 14 2024 $ +.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1114,7 +1114,7 @@ section and environment variables as described in the .Sx ENVIRONMENT VARIABLES section. .It Cm IdentityFile -Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, +Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read. You can also specify a public key file to use the corresponding private key that is loaded in @@ -1124,10 +1124,9 @@ The default is .Pa ~/.ssh/id_rsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ecdsa_sk , -.Pa ~/.ssh/id_ed25519 , -.Pa ~/.ssh/id_ed25519_sk +.Pa ~/.ssh/id_ed25519 and -.Pa ~/.ssh/id_dsa . +.Pa ~/.ssh/id_ed25519_sk . Additionally, any identities represented by the authentication agent will be used for authentication unless .Cm IdentitiesOnly diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 32e591f0d..28c5fa66f 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.325 2023/09/19 20:37:07 deraadt Exp $ -.Dd $Mdocdate: September 19 2023 $ +.\" $OpenBSD: sshd.8,v 1.326 2024/06/17 08:30:29 djm Exp $ +.Dd $Mdocdate: June 17 2024 $ .Dt SSHD 8 .Os .Sh NAME @@ -438,8 +438,6 @@ sk-ssh-ed25519@openssh.com .It ssh-ed25519 .It -ssh-dss -.It ssh-rsa .El .Pp @@ -450,7 +448,6 @@ Note that lines in this file can be several hundred bytes long (because of the size of the public key encoding) up to a limit of 8 kilobytes, which permits RSA keys up to 16 kilobits. You don't want to type them in; instead, copy the -.Pa id_dsa.pub , .Pa id_ecdsa.pub , .Pa id_ecdsa_sk.pub , .Pa id_ed25519.pub , @@ -854,7 +851,7 @@ secret, but the recommended permissions are read/write/execute for the user, and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (DSA, ECDSA, Ed25519, RSA) +Lists the public keys (ECDSA, Ed25519, RSA) that can be used for logging in as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended diff --git a/usr.bin/timeout/timeout.1 b/usr.bin/timeout/timeout.1 index 6a77deb6d..b2f016604 100644 --- a/usr.bin/timeout/timeout.1 +++ b/usr.bin/timeout/timeout.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: timeout.1,v 1.8 2023/11/03 19:16:31 cheloha Exp $ +.\" $OpenBSD: timeout.1,v 1.9 2024/06/16 18:33:56 job Exp $ .\" $NetBSD: timeout.1,v 1.4 2016/10/13 06:22:26 dholland Exp $ .\" .\" Copyright (c) 2014 Baptiste Daroussin @@ -27,7 +27,7 @@ .\" .\" $FreeBSD: head/usr.bin/timeout/timeout.1 268861 2014-07-18 22:56:59Z bapt $ .\" -.Dd $Mdocdate: November 3 2023 $ +.Dd $Mdocdate: June 16 2024 $ .Dt TIMEOUT 1 .Os .Sh NAME @@ -118,6 +118,12 @@ returns the exit status of the .Sh SEE ALSO .Xr kill 1 , .Xr signal 3 +.Sh STANDARDS +The +.Nm +utility is compliant with the +.St -p1003.1-2024 +specification. .Sh HISTORY The .Nm diff --git a/usr.sbin/relayd/parse.y b/usr.sbin/relayd/parse.y index a6842f970..739ff164e 100644 --- a/usr.sbin/relayd/parse.y +++ b/usr.sbin/relayd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.255 2023/10/29 11:27:11 kn Exp $ */ +/* $OpenBSD: parse.y,v 1.256 2024/06/17 08:02:57 sashan Exp $ */ /* * Copyright (c) 2007 - 2014 Reyk Floeter @@ -179,14 +179,14 @@ typedef struct { %token TIMEOUT TLS TO ROUTER RTLABEL TRANSPARENT URL WITH TTL RTABLE %token MATCH PARAMS RANDOM LEASTSTATES SRCHASH KEY CERTIFICATE PASSWORD ECDHE %token EDH TICKETS CONNECTION CONNECTIONS CONTEXT ERRORS STATE CHANGES CHECKS -%token WEBSOCKETS +%token WEBSOCKETS PFLOG %token STRING %token NUMBER %type context hostname interface table value path %type http_type loglevel quick %type dstmode flag forwardmode retry %type opttls opttlsclient -%type redirect_proto relay_proto match +%type redirect_proto relay_proto match pflog %type action ruleaf key_option %type port %type host @@ -605,7 +605,7 @@ rdroptsl : forwardmode TO tablespec interface { $3->conf.rdrid = rdr->conf.id; $3->conf.flags |= F_USED; } - | LISTEN ON STRING redirect_proto port interface { + | LISTEN ON STRING redirect_proto port interface pflog { if (host($3, &rdr->virts, SRV_MAX_VIRTS, &$5, $6, $4) <= 0) { yyerror("invalid virtual ip: %s", $3); @@ -618,6 +618,8 @@ rdroptsl : forwardmode TO tablespec interface { if (rdr->conf.port == 0) rdr->conf.port = $5.val[0]; tableport = rdr->conf.port; + if ($7) + rdr->conf.flags |= F_PFLOG; } | DISABLE { rdr->conf.flags |= F_DISABLE; } | STICKYADDR { rdr->conf.flags |= F_STICKY; } @@ -651,6 +653,10 @@ match : /* empty */ { $$ = 0; } | MATCH { $$ = 1; } ; +pflog : /* empty */ { $$ = 0; } + | PFLOG { $$ = 1; } + ; + forwardmode : FORWARD { $$ = FWD_NORMAL; } | ROUTE { $$ = FWD_ROUTE; } | TRANSPARENT FORWARD { $$ = FWD_TRANS; } @@ -2454,6 +2460,7 @@ lookup(char *s) { "pass", PASS }, { "password", PASSWORD }, { "path", PATH }, + { "pflog", PFLOG }, { "pftag", PFTAG }, { "port", PORT }, { "prefork", PREFORK }, diff --git a/usr.sbin/relayd/pfe.c b/usr.sbin/relayd/pfe.c index 3a97b749c..3aba811ee 100644 --- a/usr.sbin/relayd/pfe.c +++ b/usr.sbin/relayd/pfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe.c,v 1.90 2020/09/14 11:30:25 martijn Exp $ */ +/* $OpenBSD: pfe.c,v 1.91 2024/06/17 08:36:56 sashan Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -584,11 +584,14 @@ int disable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host) { struct host *h; - struct table *table; + struct table *table, *t; + int host_byname = 0; if (host == NULL) { - if (id->id == EMPTY_ID) + if (id->id == EMPTY_ID) { host = host_findbyname(env, id->name); + host_byname = 1; + } else host = host_find(env, id->id); if (host == NULL || host->conf.parentid) @@ -625,6 +628,16 @@ disable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host) /* Disable all children */ SLIST_FOREACH(h, &host->children, child) disable_host(c, id, h); + + /* Disable hosts with same name on all tables */ + if (host_byname) + TAILQ_FOREACH(t, env->sc_tables, entry) + TAILQ_FOREACH(h, &t->hosts, entry) + if (strcmp(h->conf.name, + host->conf.name) == 0 && + h->conf.id != host->conf.id && + !h->conf.parentid) + disable_host(c, id, h); pfe_sync(); } return (0); @@ -634,10 +647,15 @@ int enable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host) { struct host *h; + struct table *t; + int host_byname = 0; + if (host == NULL) { - if (id->id == EMPTY_ID) + if (id->id == EMPTY_ID) { host = host_findbyname(env, id->name); + host_byname = 1; + } else host = host_find(env, id->id); if (host == NULL || host->conf.parentid) @@ -666,6 +684,16 @@ enable_host(struct ctl_conn *c, struct ctl_id *id, struct host *host) /* Enable all children */ SLIST_FOREACH(h, &host->children, child) enable_host(c, id, h); + + /* Enable hosts with same name on all tables */ + if (host_byname) + TAILQ_FOREACH(t, env->sc_tables, entry) + TAILQ_FOREACH(h, &t->hosts, entry) + if (strcmp(h->conf.name, + host->conf.name) == 0 && + h->conf.id != host->conf.id && + !h->conf.parentid) + enable_host(c, id, h); pfe_sync(); } return (0); diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c index 97aea01df..c1851260c 100644 --- a/usr.sbin/relayd/pfe_filter.c +++ b/usr.sbin/relayd/pfe_filter.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfe_filter.c,v 1.65 2023/09/14 09:54:31 yasuoka Exp $ */ +/* $OpenBSD: pfe_filter.c,v 1.66 2024/06/17 08:02:57 sashan Exp $ */ /* * Copyright (c) 2006 Pierre-Yves Ritschard @@ -377,6 +377,11 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable) rio.rule.direction = PF_IN; rio.rule.keep_state = PF_STATE_NORMAL; + if (rdr->conf.flags & F_PFLOG) + rio.rule.log = 1; + else + rio.rule.log = 0; /* allow change via reload */ + switch (t->conf.fwdmode) { case FWD_NORMAL: /* traditional redirection */ diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 21f310138..b4fa8398b 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.207 2023/10/29 11:27:11 kn Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.208 2024/06/17 08:02:57 sashan Exp $ .\" .\" Copyright (c) 2006 - 2016 Reyk Floeter .\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard @@ -15,7 +15,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 29 2023 $ +.Dd $Mdocdate: June 17 2024 $ .Dt RELAYD.CONF 5 .Os .Sh NAME @@ -517,6 +517,7 @@ At least one entry for the main table is mandatory. .Op ip-proto .Ic port Ar port .Op Ic interface Ar name +.Op Ic pflog .Xc Specify an .Ar address @@ -540,6 +541,12 @@ or it defaults to .Cm tcp . The rule can be optionally restricted to a given interface name. +The optional +.Ic pflog +keyword will add +.Cm log +to the rule. The logged packets are sent to +.Xr pflog 4 . .It Xo .Op Ic match .Ic pftag Ar name diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index b5ac2d111..2f55c2bb2 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.272 2024/05/18 06:34:46 jsg Exp $ */ +/* $OpenBSD: relayd.h,v 1.273 2024/06/17 08:02:57 sashan Exp $ */ /* * Copyright (c) 2006 - 2016 Reyk Floeter @@ -402,6 +402,7 @@ union hashkey { #define F_TLSINSPECT 0x04000000 #define F_HASHKEY 0x08000000 #define F_AGENTX_TRAPONLY 0x10000000 +#define F_PFLOG 0x20000000 #define F_BITS \ "\10\01DISABLE\02BACKUP\03USED\04DOWN\05ADD\06DEL\07CHANGED" \ diff --git a/usr.sbin/rpki-client/crl.c b/usr.sbin/rpki-client/crl.c index 0cf97caff..fddd27aee 100644 --- a/usr.sbin/rpki-client/crl.c +++ b/usr.sbin/rpki-client/crl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crl.c,v 1.41 2024/06/12 10:03:09 tb Exp $ */ +/* $OpenBSD: crl.c,v 1.42 2024/06/17 18:52:50 tb Exp $ */ /* * Copyright (c) 2024 Theo Buehler * Copyright (c) 2019 Kristaps Dzonsons @@ -296,6 +296,10 @@ crl_get(struct crl_tree *crlt, const struct auth *a) { struct crl find; + /* XXX - this should be removed, but filemode relies on it. */ + if (a == NULL) + return NULL; + find.aki = a->cert->ski; find.mftpath = a->cert->mft; diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 70c6cf112..573063ffc 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.46 2024/06/12 10:03:09 tb Exp $ */ +/* $OpenBSD: filemode.c,v 1.47 2024/06/17 18:54:36 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -227,7 +227,7 @@ parse_load_certchain(char *uri) cert->talid = a->cert->talid; a = auth_insert(uri, &auths, cert, a); uripath_add(uri, cert); - stack[i] = NULL; + stack[i - 1] = NULL; } return a; diff --git a/usr.sbin/rpki-client/validate.c b/usr.sbin/rpki-client/validate.c index f4c6e7c26..bcbf9cbc5 100644 --- a/usr.sbin/rpki-client/validate.c +++ b/usr.sbin/rpki-client/validate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: validate.c,v 1.75 2024/06/12 10:03:09 tb Exp $ */ +/* $OpenBSD: validate.c,v 1.76 2024/06/17 18:52:50 tb Exp $ */ /* * Copyright (c) 2019 Kristaps Dzonsons * @@ -304,6 +304,10 @@ build_chain(const struct auth *a, STACK_OF(X509) **intermediates, *intermediates = NULL; *root = NULL; + /* XXX - this should be removed, but filemode relies on it. */ + if (a == NULL) + return; + if ((*intermediates = sk_X509_new_null()) == NULL) err(1, "sk_X509_new_null"); if ((*root = sk_X509_new_null()) == NULL)