From acf2ed1690ede83e813fb0ac89ea45cb06fdef17 Mon Sep 17 00:00:00 2001 From: purplerain Date: Wed, 24 Jul 2024 20:05:56 +0000 Subject: [PATCH] sync with OpenBSD -current --- lib/libcrypto/man/BUF_MEM_new.3 | 7 +- lib/libradius/Makefile | 12 ++- lib/libradius/Symbols.list | 89 +++++++++++++++++++++++ lib/libradius/radius_attr.c | 27 ++++++- lib/libradius/radius_local.h | 4 +- lib/libradius/radius_msgauth.c | 6 +- lib/libradius/radius_new_request_packet.3 | 14 ++-- lib/libradius/shlib_version | 2 +- lib/libsndio/sioctl_sun.c | 16 +++- lib/libssl/d1_lib.c | 23 +----- lib/libssl/s3_lib.c | 12 +-- lib/libssl/ssl_ciph.c | 47 ++++++------ lib/libssl/ssl_local.h | 6 +- lib/libssl/ssl_methods.c | 17 +---- regress/lib/libssl/ciphers/cipherstest.c | 11 +-- sys/dev/pv/virtio.c | 4 +- sys/dev/usb/uaudio.c | 40 ++++++++-- sys/kern/kern_exit.c | 19 +++-- sys/kern/kern_sig.c | 4 +- sys/kern/kern_synch.c | 11 ++- sys/kern/subr_log.c | 22 ++++-- sys/net/pfkeyv2_parsemessage.c | 19 ++++- sys/uvm/uvm_device.c | 4 +- sys/uvm/uvm_extern.h | 5 +- sys/uvm/uvm_map.c | 41 ++--------- sys/uvm/uvm_pager.c | 22 +----- sys/uvm/uvm_vnode.c | 8 +- usr.bin/sndiod/file.c | 32 ++++++-- usr.sbin/radiusctl/parser.c | 23 +++++- usr.sbin/radiusctl/parser.h | 3 +- usr.sbin/radiusctl/radiusctl.8 | 7 +- usr.sbin/radiusctl/radiusctl.c | 9 ++- 32 files changed, 354 insertions(+), 212 deletions(-) create mode 100644 lib/libradius/Symbols.list diff --git a/lib/libcrypto/man/BUF_MEM_new.3 b/lib/libcrypto/man/BUF_MEM_new.3 index 3b2f20d21..8c72091ab 100644 --- a/lib/libcrypto/man/BUF_MEM_new.3 +++ b/lib/libcrypto/man/BUF_MEM_new.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: BUF_MEM_new.3,v 1.18 2023/07/27 06:20:45 tb Exp $ +.\" $OpenBSD: BUF_MEM_new.3,v 1.19 2024/07/24 08:57:58 tb Exp $ .\" OpenSSL doc/crypto/buffer.pod 18edda0f Sep 20 03:28:54 2000 +0000 .\" not merged: 74924dcb, 58e3457a, 21b0fa91, 7644a9ae .\" OpenSSL doc/crypto/BUF_MEM_new.pod 53934822 Jun 9 16:39:19 2016 -0400 @@ -52,7 +52,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 27 2023 $ +.Dd $Mdocdate: July 24 2024 $ .Dt BUF_MEM_NEW 3 .Os .Sh NAME @@ -90,8 +90,7 @@ The library uses the .Vt BUF_MEM structure defined in buffer.h: .Bd -literal -typedef struct buf_mem_st -{ +typedef struct buf_mem_st { size_t length; /* current number of bytes */ char *data; size_t max; /* size of buffer */ diff --git a/lib/libradius/Makefile b/lib/libradius/Makefile index a521bdc0e..9333e70d9 100644 --- a/lib/libradius/Makefile +++ b/lib/libradius/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.3 2016/03/30 06:38:43 jmc Exp $ +# $OpenBSD: Makefile,v 1.4 2024/07/24 08:22:26 yasuoka Exp $ LIB= radius SRCS= radius.c radius_attr.c radius_msgauth.c radius_userpass.c \ @@ -9,7 +9,8 @@ CFLAGS+= -Wall MAN= radius_new_request_packet.3 -.include +VERSION_SCRIPT= Symbols.map +SYMBOL_LIST= ${.CURDIR}/Symbols.list includes: @cd ${.CURDIR}; for i in $(INCS); do \ @@ -19,3 +20,10 @@ includes: echo $$j; \ eval "$$j"; \ done + +${VERSION_SCRIPT}: ${SYMBOL_LIST} + { printf '{\n\tglobal:\n'; \ + sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \ + printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@ + +.include diff --git a/lib/libradius/Symbols.list b/lib/libradius/Symbols.list new file mode 100644 index 000000000..fdae9b7ec --- /dev/null +++ b/lib/libradius/Symbols.list @@ -0,0 +1,89 @@ +radius_check_accounting_request_authenticator +radius_check_message_authenticator +radius_check_response_authenticator +radius_convert_packet +radius_decrypt_mppe_key_attr +radius_decrypt_user_password_attr +radius_del_attr_all +radius_del_vs_attr_all +radius_delete_packet +radius_encrypt_mppe_key_attr +radius_encrypt_user_password_attr +radius_get_authenticator +radius_get_authenticator_retval +radius_get_code +radius_get_data +radius_get_eap_msk +radius_get_id +radius_get_ipv4_attr +radius_get_ipv6_attr +radius_get_length +radius_get_mppe_recv_key_attr +radius_get_mppe_send_key_attr +radius_get_raw_attr +radius_get_raw_attr_cat +radius_get_raw_attr_ptr +radius_get_request_authenticator_retval +radius_get_request_packet +radius_get_string_attr +radius_get_uint16_attr +radius_get_uint32_attr +radius_get_uint64_attr +radius_get_user_password_attr +radius_get_vs_ipv4_attr +radius_get_vs_ipv6_attr +radius_get_vs_raw_attr +radius_get_vs_raw_attr_cat +radius_get_vs_raw_attr_ptr +radius_get_vs_string_attr +radius_get_vs_uint16_attr +radius_get_vs_uint32_attr +radius_get_vs_uint64_attr +radius_has_attr +radius_has_vs_attr +radius_new_request_packet +radius_new_response_packet +radius_put_ipv4_attr +radius_put_ipv6_attr +radius_put_message_authenticator +radius_put_mppe_recv_key_attr +radius_put_mppe_send_key_attr +radius_put_raw_attr +radius_put_raw_attr_cat +radius_put_string_attr +radius_put_uint16_attr +radius_put_uint32_attr +radius_put_uint64_attr +radius_put_user_password_attr +radius_put_vs_ipv4_attr +radius_put_vs_ipv6_attr +radius_put_vs_raw_attr +radius_put_vs_raw_attr_cat +radius_put_vs_string_attr +radius_put_vs_uint16_attr +radius_put_vs_uint32_attr +radius_put_vs_uint64_attr +radius_recv +radius_recvfrom +radius_recvmsg +radius_send +radius_sendmsg +radius_sendto +radius_set_accounting_request_authenticator +radius_set_id +radius_set_ipv4_attr +radius_set_ipv6_attr +radius_set_message_authenticator +radius_set_raw_attr +radius_set_request_packet +radius_set_response_authenticator +radius_set_uint16_attr +radius_set_uint32_attr +radius_set_uint64_attr +radius_set_vs_ipv4_attr +radius_set_vs_ipv6_attr +radius_set_vs_raw_attr +radius_set_vs_uint16_attr +radius_set_vs_uint32_attr +radius_set_vs_uint64_attr +radius_update_id diff --git a/lib/libradius/radius_attr.c b/lib/libradius/radius_attr.c index 1a994700d..561aceee3 100644 --- a/lib/libradius/radius_attr.c +++ b/lib/libradius/radius_attr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius_attr.c,v 1.2 2023/07/08 08:53:26 yasuoka Exp $ */ +/* $OpenBSD: radius_attr.c,v 1.3 2024/07/24 08:19:16 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -199,6 +199,31 @@ radius_put_raw_attr(RADIUS_PACKET * packet, uint8_t type, const void *buf, return (0); } +int +radius_unshift_raw_attr(RADIUS_PACKET * packet, uint8_t type, const void *buf, + size_t length) +{ + RADIUS_ATTRIBUTE *newattr; + + if (length > 255 - 2) + return (-1); + + if (radius_ensure_add_capacity(packet, length + 2) != 0) + return (-1); + + memmove(packet->pdata->attributes + length + 2, + packet->pdata->attributes, + radius_get_length(packet) - sizeof(RADIUS_PACKET_DATA)); + + newattr = ATTRS_BEGIN(packet->pdata); + newattr->type = type; + newattr->length = length + 2; + memcpy(newattr->data, buf, length); + packet->pdata->length = htons(radius_get_length(packet) + length + 2); + + return (0); +} + int radius_put_vs_raw_attr(RADIUS_PACKET * packet, uint32_t vendor, uint8_t vtype, const void *buf, size_t length) diff --git a/lib/libradius/radius_local.h b/lib/libradius/radius_local.h index cd2dfe4af..efc59e312 100644 --- a/lib/libradius/radius_local.h +++ b/lib/libradius/radius_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: radius_local.h,v 1.1 2015/07/20 23:52:29 yasuoka Exp $ */ +/* $OpenBSD: radius_local.h,v 1.2 2024/07/24 08:19:16 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -74,6 +74,8 @@ struct _RADIUS_PACKET { #define ATTRS_ADVANCE(x) (x = ATTRS_NEXT(x)) int radius_ensure_add_capacity(RADIUS_PACKET * packet, size_t capacity); +int radius_unshift_raw_attr(RADIUS_PACKET * packet, uint8_t type, + const void *buf, size_t length); #define ROUNDUP(a, b) ((((a) + (b) - 1) / (b)) * (b)) #define MINIMUM(a, b) (((a) < (b))? (a) : (b)) diff --git a/lib/libradius/radius_msgauth.c b/lib/libradius/radius_msgauth.c index c17a8eed8..bbc26e77a 100644 --- a/lib/libradius/radius_msgauth.c +++ b/lib/libradius/radius_msgauth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radius_msgauth.c,v 1.2 2021/12/16 17:32:51 tb Exp $ */ +/* $OpenBSD: radius_msgauth.c,v 1.3 2024/07/24 08:19:16 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -112,8 +112,8 @@ radius_put_message_authenticator(RADIUS_PACKET * packet, const char *secret) * because content of Message-Authenticator attribute is assumed zero * during calculation. */ - if (radius_put_raw_attr(packet, RADIUS_TYPE_MESSAGE_AUTHENTICATOR, - ma, sizeof(ma)) != 0) + if (radius_unshift_raw_attr(packet, RADIUS_TYPE_MESSAGE_AUTHENTICATOR, + ma, sizeof(ma)) != 0) return (-1); return (radius_set_message_authenticator(packet, secret)); diff --git a/lib/libradius/radius_new_request_packet.3 b/lib/libradius/radius_new_request_packet.3 index 36c8ea6a9..ccbb3f76c 100644 --- a/lib/libradius/radius_new_request_packet.3 +++ b/lib/libradius/radius_new_request_packet.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radius_new_request_packet.3,v 1.6 2022/09/11 06:38:11 jmc Exp $ +.\" $OpenBSD: radius_new_request_packet.3,v 1.7 2024/07/24 08:19:16 yasuoka Exp $ .\" .\" Copyright (c) 2009 Internet Initiative Japan Inc. .\" All rights reserved. @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2022 $ +.Dd $Mdocdate: July 24 2024 $ .Dt RADIUS_NEW_REQUEST_PACKET 3 .Os .Sh NAME @@ -285,6 +285,10 @@ There are helper functions for Message-Authenticator attributes. and .Fn radius_set_message_authenticator calculate a Message-Authenticator and put or set it to packet, respectively. +When +.Fn radius_put_message_authenticator +is used, +the Message-Authenticator attribute is placed at the first in the attributes. .Pp .Fn radius_check_message_authenticator checks a Message-Authenticator. @@ -368,9 +372,9 @@ NULL on failure. .Sh HISTORY The .Nm radius+ -library was first written by UMEZAWA Takeshi in 2002 for the ID gateway service -of Internet Initiative Japan. -YASUOKA Masahiko added support for Message-Authentication attributes in 2008. +library was first written by UMEZAWA Takeshi in 2002 for the ID Gateway service +of Internet Initiative Japan Inc. +YASUOKA Masahiko added support for Message-Authenticator attributes in 2008. .Ox project rewrote C++ code to pure C code in 2010. The diff --git a/lib/libradius/shlib_version b/lib/libradius/shlib_version index 1edea46de..b52599a16 100644 --- a/lib/libradius/shlib_version +++ b/lib/libradius/shlib_version @@ -1,2 +1,2 @@ -major=1 +major=2 minor=0 diff --git a/lib/libsndio/sioctl_sun.c b/lib/libsndio/sioctl_sun.c index 64129ac2a..886c8207e 100644 --- a/lib/libsndio/sioctl_sun.c +++ b/lib/libsndio/sioctl_sun.c @@ -472,9 +472,18 @@ sioctl_sun_pollfd(struct sioctl_hdl *addr, struct pollfd *pfd, int events) { struct sioctl_sun_hdl *hdl = (struct sioctl_sun_hdl *)addr; + hdl->events = events; + + /* + * The audio(4) driver doesn't support POLLOUT, so if it is + * requested, don't set the struct pollfd. The AUDIO_MIXER_WRITE + * ioctl never blocks, so just return POLLOUT in sioctl_sun_revents(). + */ + if (events & POLLOUT) + return 0; + pfd->fd = hdl->fd; pfd->events = POLLIN; - hdl->events = events; return 1; } @@ -485,6 +494,9 @@ sioctl_sun_revents(struct sioctl_hdl *arg, struct pollfd *pfd) struct volume *vol; int idx, n; + if (hdl->events & POLLOUT) + return POLLOUT; + if (pfd->revents & POLLIN) { while (1) { n = read(hdl->fd, &idx, sizeof(int)); @@ -514,5 +526,5 @@ sioctl_sun_revents(struct sioctl_hdl *arg, struct pollfd *pfd) return POLLHUP; } } - return hdl->events & POLLOUT; + return 0; } diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c index ae6a6650a..69db8a0df 100644 --- a/lib/libssl/d1_lib.c +++ b/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.64 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -250,27 +250,6 @@ dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } -/* - * As it's impossible to use stream ciphers in "datagram" mode, this - * simple filter is designed to disengage them in DTLS. Unfortunately - * there is no universal way to identify stream SSL_CIPHER, so we have - * to explicitly list their SSL_* codes. Currently RC4 is the only one - * available, but if new ones emerge, they will have to be added... - */ -const SSL_CIPHER * -dtls1_get_cipher(unsigned int u) -{ - const SSL_CIPHER *cipher; - - if ((cipher = ssl3_get_cipher(u)) == NULL) - return NULL; - - if (cipher->algorithm_enc == SSL_RC4) - return NULL; - - return cipher; -} - void dtls1_start_timer(SSL *s) { diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index d30eb6deb..86b32aec1 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1127,12 +1127,12 @@ ssl3_num_ciphers(void) } const SSL_CIPHER * -ssl3_get_cipher(unsigned int u) +ssl3_get_cipher_by_index(int idx) { - if (u < SSL3_NUM_CIPHERS) - return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u])); - else - return (NULL); + if (idx < 0 || idx >= SSL3_NUM_CIPHERS) + return NULL; + + return &ssl3_ciphers[idx]; } static int diff --git a/lib/libssl/ssl_ciph.c b/lib/libssl/ssl_ciph.c index dce141101..2478d70ea 100644 --- a/lib/libssl/ssl_ciph.c +++ b/lib/libssl/ssl_ciph.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_ciph.c,v 1.146 2024/07/22 14:47:15 jsing Exp $ */ +/* $OpenBSD: ssl_ciph.c,v 1.147 2024/07/23 14:40:53 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -576,22 +576,6 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr, *head = curr; } -/* XXX beck: remove this in a followon to removing GOST */ -static void -ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, - unsigned long *enc, unsigned long *mac, unsigned long *ssl) -{ - *mkey = 0; - *auth = 0; - *enc = 0; - *mac = 0; - *ssl = 0; - -#ifdef SSL_FORBID_ENULL - *enc |= SSL_eNULL; -#endif -} - static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, unsigned long disabled_mkey, unsigned long disabled_auth, @@ -608,10 +592,15 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers, * a linked list with at most num entries. */ - /* Get the initial list of ciphers */ + /* + * Get the initial list of ciphers, iterating backwards over the + * cipher list - the list is ordered by cipher value and we currently + * hope that ciphers with higher cipher values are preferable... + */ co_list_num = 0; /* actual count of ciphers */ - for (i = 0; i < num_of_ciphers; i++) { - c = ssl_method->get_cipher(i); + for (i = num_of_ciphers - 1; i >= 0; i--) { + c = ssl3_get_cipher_by_index(i); + /* * Drop any invalid ciphers and any which use unavailable * algorithms. @@ -1153,11 +1142,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method, if (rule_str == NULL || cipher_list == NULL) goto err; - /* - * To reduce the work to do we only want to process the compiled - * in algorithms, so we first get the mask of disabled ciphers. - */ - ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl); + disabled_mkey = 0; + disabled_auth = 0; + disabled_enc = 0; + disabled_mac = 0; + disabled_ssl = 0; + +#ifdef SSL_FORBID_ENULL + disabled_enc |= SSL_eNULL; +#endif + + /* DTLS cannot be used with stream ciphers. */ + if (ssl_method->dtls) + disabled_enc |= SSL_RC4; /* * Now we have to collect the available ciphers from the compiled diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h index 34197e592..4cbc13f8a 100644 --- a/lib/libssl/ssl_local.h +++ b/lib/libssl/ssl_local.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */ +/* $OpenBSD: ssl_local.h,v 1.23 2024/07/23 14:40:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -379,8 +379,6 @@ struct ssl_method_st { int peek); int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len); - const SSL_CIPHER *(*get_cipher)(unsigned int ncipher); - unsigned int enc_flags; /* SSL_ENC_FLAG_* */ }; @@ -1290,7 +1288,7 @@ int ssl3_send_alert(SSL *s, int level, int desc); int ssl3_get_req_cert_types(SSL *s, CBB *cbb); int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max); int ssl3_num_ciphers(void); -const SSL_CIPHER *ssl3_get_cipher(unsigned int u); +const SSL_CIPHER *ssl3_get_cipher_by_index(int idx); const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value); int ssl3_renegotiate(SSL *ssl); diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c index ca80da62f..dee52decf 100644 --- a/lib/libssl/ssl_methods.c +++ b/lib/libssl/ssl_methods.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_methods.c,v 1.31 2023/07/08 16:40:13 beck Exp $ */ +/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -77,7 +77,6 @@ static const SSL_METHOD DTLS_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .get_cipher = dtls1_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -98,7 +97,6 @@ static const SSL_METHOD DTLS_client_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .get_cipher = dtls1_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -119,7 +117,6 @@ static const SSL_METHOD DTLSv1_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .get_cipher = dtls1_get_cipher, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -140,7 +137,6 @@ static const SSL_METHOD DTLSv1_client_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .get_cipher = dtls1_get_cipher, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -161,7 +157,6 @@ static const SSL_METHOD DTLSv1_2_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .get_cipher = dtls1_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -182,7 +177,6 @@ static const SSL_METHOD DTLSv1_2_client_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = dtls1_read_bytes, .ssl_write_bytes = dtls1_write_app_data_bytes, - .get_cipher = dtls1_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -266,7 +260,6 @@ static const SSL_METHOD TLS_method_data = { .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_3_ENC_FLAGS, }; @@ -287,7 +280,6 @@ static const SSL_METHOD TLS_legacy_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -308,7 +300,6 @@ static const SSL_METHOD TLS_client_method_data = { .ssl_pending = tls13_legacy_pending, .ssl_read_bytes = tls13_legacy_read_bytes, .ssl_write_bytes = tls13_legacy_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_3_ENC_FLAGS, }; @@ -329,7 +320,6 @@ static const SSL_METHOD TLSv1_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_ENC_FLAGS, }; @@ -350,7 +340,6 @@ static const SSL_METHOD TLSv1_client_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_ENC_FLAGS, }; @@ -371,7 +360,6 @@ static const SSL_METHOD TLSv1_1_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -392,7 +380,6 @@ static const SSL_METHOD TLSv1_1_client_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_1_ENC_FLAGS, }; @@ -413,7 +400,6 @@ static const SSL_METHOD TLSv1_2_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; @@ -434,7 +420,6 @@ static const SSL_METHOD TLSv1_2_client_method_data = { .ssl_pending = ssl3_pending, .ssl_read_bytes = ssl3_read_bytes, .ssl_write_bytes = ssl3_write_bytes, - .get_cipher = ssl3_get_cipher, .enc_flags = TLSV1_2_ENC_FLAGS, }; diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c index 97ad2be2b..649eaf720 100644 --- a/regress/lib/libssl/ciphers/cipherstest.c +++ b/regress/lib/libssl/ciphers/cipherstest.c @@ -1,4 +1,3 @@ -/* $OpenBSD: cipherstest.c,v 1.15 2024/07/17 15:22:56 tb Exp $ */ /* * Copyright (c) 2015, 2020 Joel Sing * @@ -24,7 +23,7 @@ #include int ssl3_num_ciphers(void); -const SSL_CIPHER *ssl3_get_cipher(unsigned int u); +const SSL_CIPHER *ssl3_get_cipher_by_index(int idx); int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str); @@ -48,12 +47,8 @@ check_cipher_order(void) num_ciphers = ssl3_num_ciphers(); - for (i = 1; i <= num_ciphers; i++) { - /* - * For some reason, ssl3_get_cipher() returns ciphers in - * reverse order. - */ - if ((cipher = ssl3_get_cipher(num_ciphers - i)) == NULL) { + for (i = 0; i < num_ciphers; i++) { + if ((cipher = ssl3_get_cipher_by_index(i)) == NULL) { fprintf(stderr, "FAIL: ssl3_get_cipher(%d) returned " "NULL\n", i); return 1; diff --git a/sys/dev/pv/virtio.c b/sys/dev/pv/virtio.c index 49a7fe2b2..ac63ec6d9 100644 --- a/sys/dev/pv/virtio.c +++ b/sys/dev/pv/virtio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: virtio.c,v 1.25 2024/05/24 10:05:55 jsg Exp $ */ +/* $OpenBSD: virtio.c,v 1.26 2024/07/23 19:14:05 sf Exp $ */ /* $NetBSD: virtio.c,v 1.3 2011/11/02 23:05:52 njoly Exp $ */ /* @@ -807,7 +807,7 @@ virtio_dequeue(struct virtio_softc *sc, struct virtqueue *vq, * if you forget to call this the slot will be leaked. * * Don't call this if you use statically allocated slots - * and virtio_dequeue_trim(). + * and virtio_enqueue_trim(). */ int virtio_dequeue_commit(struct virtqueue *vq, int slot) diff --git a/sys/dev/usb/uaudio.c b/sys/dev/usb/uaudio.c index 72895bc3e..0c02b6110 100644 --- a/sys/dev/usb/uaudio.c +++ b/sys/dev/usb/uaudio.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uaudio.c,v 1.174 2023/12/10 06:32:14 ratchov Exp $ */ +/* $OpenBSD: uaudio.c,v 1.175 2024/07/23 08:59:21 ratchov Exp $ */ /* * Copyright (c) 2018 Alexandre Ratchov * @@ -2702,6 +2702,22 @@ uaudio_fixup_params(struct uaudio_softc *sc) } } +int +uaudio_iface_index(struct uaudio_softc *sc, int ifnum) +{ + int i, nifaces; + + nifaces = sc->udev->cdesc->bNumInterfaces; + + for (i = 0; i < nifaces; i++) { + if (sc->udev->ifaces[i].idesc->bInterfaceNumber == ifnum) + return i; + } + + printf("%s: %d: invalid interface number\n", __func__, ifnum); + return -1; +} + /* * Parse all descriptors and build configuration of the device. */ @@ -2711,6 +2727,7 @@ uaudio_process_conf(struct uaudio_softc *sc, struct uaudio_blob *p) struct uaudio_blob dp; struct uaudio_alt *a; unsigned int type, ifnum, altnum, nep, class, subclass; + int i; while (p->rptr != p->wptr) { if (!uaudio_getdesc(p, &dp)) @@ -2736,7 +2753,8 @@ uaudio_process_conf(struct uaudio_softc *sc, struct uaudio_blob *p) switch (subclass) { case UISUBCLASS_AUDIOCONTROL: - if (usbd_iface_claimed(sc->udev, ifnum)) { + i = uaudio_iface_index(sc, ifnum); + if (i != -1 && usbd_iface_claimed(sc->udev, i)) { DPRINTF("%s: %d: AC already claimed\n", __func__, ifnum); break; } @@ -2748,7 +2766,8 @@ uaudio_process_conf(struct uaudio_softc *sc, struct uaudio_blob *p) return 0; break; case UISUBCLASS_AUDIOSTREAM: - if (usbd_iface_claimed(sc->udev, ifnum)) { + i = uaudio_iface_index(sc, ifnum); + if (i != -1 && usbd_iface_claimed(sc->udev, i)) { DPRINTF("%s: %d: AS already claimed\n", __func__, ifnum); break; } @@ -2768,10 +2787,19 @@ done: * Claim all interfaces we use. This prevents other uaudio(4) * devices from trying to use them. */ - for (a = sc->alts; a != NULL; a = a->next) - usbd_claim_iface(sc->udev, a->ifnum); + for (a = sc->alts; a != NULL; a = a->next) { + i = uaudio_iface_index(sc, a->ifnum); + if (i != -1) { + DPRINTF("%s: claim: %d at %d\n", __func__, a->ifnum, i); + usbd_claim_iface(sc->udev, i); + } + } - usbd_claim_iface(sc->udev, sc->ctl_ifnum); + i = uaudio_iface_index(sc, sc->ctl_ifnum); + if (i != -1) { + DPRINTF("%s: claim: ac %d at %d\n", __func__, sc->ctl_ifnum, i); + usbd_claim_iface(sc->udev, i); + } return 1; } diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index 1e3347eef..43ef7a37f 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_exit.c,v 1.225 2024/07/22 08:18:53 claudio Exp $ */ +/* $OpenBSD: kern_exit.c,v 1.227 2024/07/24 15:30:17 claudio Exp $ */ /* $NetBSD: kern_exit.c,v 1.39 1996/04/22 01:38:25 christos Exp $ */ /* @@ -458,8 +458,6 @@ reaper(void *arg) WITNESS_THREAD_EXIT(p); - KERNEL_LOCK(); - /* * Free the VM resources we're still holding on to. * We must do this from a valid thread because doing @@ -470,13 +468,16 @@ reaper(void *arg) if (p->p_flag & P_THREAD) { /* Just a thread */ + KERNEL_LOCK(); proc_free(p); + KERNEL_UNLOCK(); } else { struct process *pr = p->p_p; /* Release the rest of the process's vmspace */ uvm_exit(pr); + KERNEL_LOCK(); if ((pr->ps_flags & PS_NOZOMBIE) == 0) { /* Process is now a true zombie. */ atomic_setbits_int(&pr->ps_flags, PS_ZOMBIE); @@ -493,9 +494,8 @@ reaper(void *arg) /* No one will wait for us, just zap it. */ process_zap(pr); } + KERNEL_UNLOCK(); } - - KERNEL_UNLOCK(); } } @@ -550,10 +550,9 @@ loop: return (0); } if ((options & WTRAPPED) && - pr->ps_flags & PS_TRACED && + (pr->ps_flags & PS_TRACED) && (pr->ps_flags & PS_WAITED) == 0 && pr->ps_single && - pr->ps_single->p_stat == SSTOP && - (pr->ps_single->p_flag & P_SUSPSINGLE) == 0) { + pr->ps_single->p_stat == SSTOP) { if (single_thread_wait(pr, 0)) goto loop; @@ -578,8 +577,8 @@ loop: if (p->p_stat == SSTOP && (pr->ps_flags & PS_WAITED) == 0 && (p->p_flag & P_SUSPSINGLE) == 0 && - (pr->ps_flags & PS_TRACED || - options & WUNTRACED)) { + ((pr->ps_flags & PS_TRACED) || + (options & WUNTRACED))) { if ((options & WNOWAIT) == 0) atomic_setbits_int(&pr->ps_flags, PS_WAITED); diff --git a/sys/kern/kern_sig.c b/sys/kern/kern_sig.c index b360e31c7..e9dcaf4fa 100644 --- a/sys/kern/kern_sig.c +++ b/sys/kern/kern_sig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_sig.c,v 1.333 2024/07/22 09:43:47 claudio Exp $ */ +/* $OpenBSD: kern_sig.c,v 1.334 2024/07/24 15:31:08 claudio Exp $ */ /* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */ /* @@ -2164,6 +2164,7 @@ single_thread_set(struct proc *p, int flags) panic("single_thread_mode = %d", mode); #endif } + KASSERT((p->p_flag & P_SUSPSINGLE) == 0); pr->ps_single = p; pr->ps_singlecnt = pr->ps_threadcnt; @@ -2233,6 +2234,7 @@ single_thread_wait(struct process *pr, int recheck) if (!recheck) break; } + KASSERT((pr->ps_single->p_flag & P_SUSPSINGLE) == 0); mtx_leave(&pr->ps_mtx); return wait; diff --git a/sys/kern/kern_synch.c b/sys/kern/kern_synch.c index 16de8ad5d..cbbb473df 100644 --- a/sys/kern/kern_synch.c +++ b/sys/kern/kern_synch.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kern_synch.c,v 1.205 2024/06/03 12:48:25 claudio Exp $ */ +/* $OpenBSD: kern_synch.c,v 1.206 2024/07/23 08:38:02 claudio Exp $ */ /* $NetBSD: kern_synch.c,v 1.37 1996/04/22 01:38:37 christos Exp $ */ /* @@ -62,7 +62,7 @@ #include #endif -int sleep_signal_check(void); +int sleep_signal_check(struct proc *); int thrsleep(struct proc *, struct sys___thrsleep_args *); int thrsleep_unlock(void *); @@ -385,7 +385,7 @@ sleep_finish(int timo, int do_sleep) * we must be ready for sleep when sleep_signal_check() is * called. */ - if ((error = sleep_signal_check()) != 0) { + if ((error = sleep_signal_check(p)) != 0) { catch = 0; do_sleep = 0; } @@ -438,7 +438,7 @@ sleep_finish(int timo, int do_sleep) /* Check if thread was woken up because of a unwind or signal */ if (catch != 0) - error = sleep_signal_check(); + error = sleep_signal_check(p); /* Signal errors are higher priority than timeouts. */ if (error == 0 && error1 != 0) @@ -451,9 +451,8 @@ sleep_finish(int timo, int do_sleep) * Check and handle signals and suspensions around a sleep cycle. */ int -sleep_signal_check(void) +sleep_signal_check(struct proc *p) { - struct proc *p = curproc; struct sigctx ctx; int err, sig; diff --git a/sys/kern/subr_log.c b/sys/kern/subr_log.c index f1e504dd8..e64b85d27 100644 --- a/sys/kern/subr_log.c +++ b/sys/kern/subr_log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: subr_log.c,v 1.78 2023/09/22 20:03:05 mvs Exp $ */ +/* $OpenBSD: subr_log.c,v 1.79 2024/07/24 13:37:05 claudio Exp $ */ /* $NetBSD: subr_log.c,v 1.11 1996/03/30 22:24:44 christos Exp $ */ /* @@ -73,10 +73,11 @@ /* * Locking: * L log_mtx + * Q log_kq_mtx */ struct logsoftc { int sc_state; /* [L] see above for possibilities */ - struct klist sc_klist; /* process waiting on kevent call */ + struct klist sc_klist; /* [Q] process waiting on kevent call */ struct sigio_ref sc_sigio; /* async I/O registration */ int sc_need_wakeup; /* if set, wake up waiters */ struct timeout sc_tick; /* wakeup poll timeout */ @@ -97,6 +98,8 @@ struct rwlock syslogf_rwlock = RWLOCK_INITIALIZER("syslogf"); */ struct mutex log_mtx = MUTEX_INITIALIZER_FLAGS(IPL_HIGH, "logmtx", MTX_NOWITNESS); +struct mutex log_kq_mtx = + MUTEX_INITIALIZER_FLAGS(IPL_HIGH, "logkqmtx", MTX_NOWITNESS); void filt_logrdetach(struct knote *kn); int filt_logread(struct knote *kn, long hint); @@ -208,7 +211,7 @@ logopen(dev_t dev, int flags, int mode, struct proc *p) if (log_open) return (EBUSY); log_open = 1; - klist_init_mutex(&logsoftc.sc_klist, &log_mtx); + klist_init_mutex(&logsoftc.sc_klist, &log_kq_mtx); sigio_init(&logsoftc.sc_sigio); timeout_set(&logsoftc.sc_tick, logtick, NULL); timeout_add_msec(&logsoftc.sc_tick, LOG_TICK); @@ -336,7 +339,9 @@ filt_logread(struct knote *kn, long hint) { struct msgbuf *mbp = kn->kn_hook; + mtx_enter(&log_mtx); kn->kn_data = msgbuf_getlen(mbp); + mtx_leave(&log_mtx); return (kn->kn_data != 0); } @@ -345,9 +350,9 @@ filt_logmodify(struct kevent *kev, struct knote *kn) { int active; - mtx_enter(&log_mtx); + mtx_enter(&log_kq_mtx); active = knote_modify(kev, kn); - mtx_leave(&log_mtx); + mtx_leave(&log_kq_mtx); return (active); } @@ -357,9 +362,9 @@ filt_logprocess(struct knote *kn, struct kevent *kev) { int active; - mtx_enter(&log_mtx); + mtx_enter(&log_kq_mtx); active = knote_process(kn, kev); - mtx_leave(&log_mtx); + mtx_leave(&log_kq_mtx); return (active); } @@ -404,9 +409,10 @@ logtick(void *arg) state = logsoftc.sc_state; if (logsoftc.sc_state & LOG_RDWAIT) logsoftc.sc_state &= ~LOG_RDWAIT; - knote_locked(&logsoftc.sc_klist, 0); mtx_leave(&log_mtx); + knote(&logsoftc.sc_klist, 0); + if (state & LOG_ASYNC) pgsigio(&logsoftc.sc_sigio, SIGIO, 0); if (state & LOG_RDWAIT) diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index ad1165162..048529fcf 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.62 2023/09/29 18:45:42 tobhe Exp $ */ +/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.63 2024/07/23 20:04:51 tobhe Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -144,9 +144,9 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] = /* GETSPI */ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE, /* UPDATE */ - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP | BITMAP_X_RDOMAIN | BITMAP_X_IFACE, + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_ADDRESS_PROXY | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP | BITMAP_X_RDOMAIN | BITMAP_X_COUNTER | BITMAP_X_REPLAY | BITMAP_X_IFACE, /* ADD */ - BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP | BITMAP_X_RDOMAIN | BITMAP_X_IFACE, + BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP | BITMAP_X_RDOMAIN | BITMAP_X_COUNTER | BITMAP_X_REPLAY | BITMAP_X_IFACE, /* DELETE */ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_RDOMAIN, /* GET */ @@ -851,6 +851,19 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) return (EINVAL); } break; + case SADB_X_EXT_REPLAY: + if (i != sizeof(struct sadb_x_replay)) { + DPRINTF("bad REPLAY header length"); + return (EINVAL); + } + break; + case SADB_X_EXT_COUNTER: + if (i != sizeof(struct sadb_x_counter)) { + DPRINTF("bad COUNTER header length"); + return (EINVAL); + } + break; + #if NPF > 0 case SADB_X_EXT_TAG: if (i < sizeof(struct sadb_x_tag)) { diff --git a/sys/uvm/uvm_device.c b/sys/uvm/uvm_device.c index 818cf70e5..7adf0d6b8 100644 --- a/sys/uvm/uvm_device.c +++ b/sys/uvm/uvm_device.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_device.c,v 1.66 2021/12/15 12:53:53 mpi Exp $ */ +/* $OpenBSD: uvm_device.c,v 1.67 2024/07/24 12:15:55 mpi Exp $ */ /* $NetBSD: uvm_device.c,v 1.30 2000/11/25 06:27:59 chs Exp $ */ /* @@ -245,8 +245,6 @@ udv_detach(struct uvm_object *uobj) { struct uvm_device *udv = (struct uvm_device *)uobj; - KERNEL_ASSERT_LOCKED(); - /* * loop until done */ diff --git a/sys/uvm/uvm_extern.h b/sys/uvm/uvm_extern.h index 1c0d9e0ca..d68ecd912 100644 --- a/sys/uvm/uvm_extern.h +++ b/sys/uvm/uvm_extern.h @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_extern.h,v 1.174 2024/04/02 08:39:17 deraadt Exp $ */ +/* $OpenBSD: uvm_extern.h,v 1.175 2024/07/24 12:17:31 mpi Exp $ */ /* $NetBSD: uvm_extern.h,v 1.57 2001/03/09 01:02:12 chs Exp $ */ /* @@ -195,11 +195,12 @@ struct pmap; * Locks used to protect struct members in this file: * K kernel lock * I immutable after creation + * a atomic operations * v vm_map's lock */ struct vmspace { struct vm_map vm_map; /* VM address map */ - int vm_refcnt; /* [K] number of references */ + int vm_refcnt; /* [a] number of references */ caddr_t vm_shm; /* SYS5 shared memory private data XXX */ /* we copy from vm_startcopy to the end of the structure on fork */ #define vm_startcopy vm_rssize diff --git a/sys/uvm/uvm_map.c b/sys/uvm/uvm_map.c index de0e7d247..c2be72b9f 100644 --- a/sys/uvm/uvm_map.c +++ b/sys/uvm/uvm_map.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_map.c,v 1.329 2024/06/02 15:31:57 deraadt Exp $ */ +/* $OpenBSD: uvm_map.c,v 1.330 2024/07/24 12:17:31 mpi Exp $ */ /* $NetBSD: uvm_map.c,v 1.86 2000/11/27 08:40:03 chs Exp $ */ /* @@ -1346,7 +1346,6 @@ void uvm_unmap_detach(struct uvm_map_deadq *deadq, int flags) { struct vm_map_entry *entry, *tmp; - int waitok = flags & UVM_PLA_WAITOK; TAILQ_FOREACH_SAFE(entry, deadq, dfree.deadq, tmp) { /* Drop reference to amap, if we've got one. */ @@ -1356,21 +1355,6 @@ uvm_unmap_detach(struct uvm_map_deadq *deadq, int flags) atop(entry->end - entry->start), flags & AMAP_REFALL); - /* Skip entries for which we have to grab the kernel lock. */ - if (UVM_ET_ISSUBMAP(entry) || UVM_ET_ISOBJ(entry)) - continue; - - TAILQ_REMOVE(deadq, entry, dfree.deadq); - uvm_mapent_free(entry); - } - - if (TAILQ_EMPTY(deadq)) - return; - - KERNEL_LOCK(); - while ((entry = TAILQ_FIRST(deadq)) != NULL) { - if (waitok) - uvm_pause(); /* Drop reference to our backing object, if we've got one. */ if (UVM_ET_ISSUBMAP(entry)) { /* ... unlikely to happen, but play it safe */ @@ -1381,11 +1365,9 @@ uvm_unmap_detach(struct uvm_map_deadq *deadq, int flags) entry->object.uvm_obj); } - /* Step to next. */ TAILQ_REMOVE(deadq, entry, dfree.deadq); uvm_mapent_free(entry); } - KERNEL_UNLOCK(); } void @@ -2476,10 +2458,6 @@ uvm_map_teardown(struct vm_map *map) #endif int i; - KERNEL_ASSERT_LOCKED(); - KERNEL_UNLOCK(); - KERNEL_ASSERT_UNLOCKED(); - KASSERT((map->flags & VM_MAP_INTRSAFE) == 0); vm_map_lock(map); @@ -2535,9 +2513,7 @@ uvm_map_teardown(struct vm_map *map) numq++; KASSERT(numt == numq); #endif - uvm_unmap_detach(&dead_entries, UVM_PLA_WAITOK); - - KERNEL_LOCK(); + uvm_unmap_detach(&dead_entries, 0); pmap_destroy(map->pmap); map->pmap = NULL; @@ -3417,10 +3393,8 @@ uvmspace_exec(struct proc *p, vaddr_t start, vaddr_t end) void uvmspace_addref(struct vmspace *vm) { - KERNEL_ASSERT_LOCKED(); KASSERT(vm->vm_refcnt > 0); - - vm->vm_refcnt++; + atomic_inc_int(&vm->vm_refcnt); } /* @@ -3429,9 +3403,7 @@ uvmspace_addref(struct vmspace *vm) void uvmspace_free(struct vmspace *vm) { - KERNEL_ASSERT_LOCKED(); - - if (--vm->vm_refcnt == 0) { + if (atomic_dec_int_nv(&vm->vm_refcnt) == 0) { /* * lock the map, to wait out all other references to it. delete * all of the mappings and pages they hold, then call the pmap @@ -3439,8 +3411,11 @@ uvmspace_free(struct vmspace *vm) */ #ifdef SYSVSHM /* Get rid of any SYSV shared memory segments. */ - if (vm->vm_shm != NULL) + if (vm->vm_shm != NULL) { + KERNEL_LOCK(); shmexit(vm); + KERNEL_UNLOCK(); + } #endif uvm_map_teardown(&vm->vm_map); diff --git a/sys/uvm/uvm_pager.c b/sys/uvm/uvm_pager.c index 3b3669789..76365e751 100644 --- a/sys/uvm/uvm_pager.c +++ b/sys/uvm/uvm_pager.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_pager.c,v 1.91 2023/08/11 17:53:22 mpi Exp $ */ +/* $OpenBSD: uvm_pager.c,v 1.92 2024/07/24 12:18:10 mpi Exp $ */ /* $NetBSD: uvm_pager.c,v 1.36 2000/11/27 18:26:41 chs Exp $ */ /* @@ -134,24 +134,6 @@ uvm_pseg_get(int flags) int i; struct uvm_pseg *pseg; - /* - * XXX Prevent lock ordering issue in uvm_unmap_detach(). A real - * fix would be to move the KERNEL_LOCK() out of uvm_unmap_detach(). - * - * witness_checkorder() at witness_checkorder+0xba0 - * __mp_lock() at __mp_lock+0x5f - * uvm_unmap_detach() at uvm_unmap_detach+0xc5 - * uvm_map() at uvm_map+0x857 - * uvm_km_valloc_try() at uvm_km_valloc_try+0x65 - * uvm_pseg_get() at uvm_pseg_get+0x6f - * uvm_pagermapin() at uvm_pagermapin+0x45 - * uvn_io() at uvn_io+0xcf - * uvn_get() at uvn_get+0x156 - * uvm_fault_lower() at uvm_fault_lower+0x28a - * uvm_fault() at uvm_fault+0x1b3 - * upageflttrap() at upageflttrap+0x62 - */ - KERNEL_LOCK(); mtx_enter(&uvm_pseg_lck); pager_seg_restart: @@ -178,7 +160,6 @@ pager_seg_restart: if (!UVM_PSEG_INUSE(pseg, i)) { pseg->use |= 1 << i; mtx_leave(&uvm_pseg_lck); - KERNEL_UNLOCK(); return pseg->start + i * MAXBSIZE; } } @@ -191,7 +172,6 @@ pager_seg_fail: } mtx_leave(&uvm_pseg_lck); - KERNEL_UNLOCK(); return 0; } diff --git a/sys/uvm/uvm_vnode.c b/sys/uvm/uvm_vnode.c index 6d1180019..61124c821 100644 --- a/sys/uvm/uvm_vnode.c +++ b/sys/uvm/uvm_vnode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uvm_vnode.c,v 1.132 2023/04/10 04:21:20 jsg Exp $ */ +/* $OpenBSD: uvm_vnode.c,v 1.133 2024/07/24 12:16:21 mpi Exp $ */ /* $NetBSD: uvm_vnode.c,v 1.36 2000/11/24 20:34:01 chs Exp $ */ /* @@ -306,10 +306,12 @@ uvn_detach(struct uvm_object *uobj) struct vnode *vp; int oldflags; + KERNEL_LOCK(); rw_enter(uobj->vmobjlock, RW_WRITE); uobj->uo_refs--; /* drop ref! */ if (uobj->uo_refs) { /* still more refs */ rw_exit(uobj->vmobjlock); + KERNEL_UNLOCK(); return; } @@ -365,6 +367,7 @@ uvn_detach(struct uvm_object *uobj) if ((uvn->u_flags & UVM_VNODE_RELKILL) == 0) { rw_exit(uobj->vmobjlock); + KERNEL_UNLOCK(); return; } @@ -387,8 +390,7 @@ out: /* drop our reference to the vnode. */ vrele(vp); - - return; + KERNEL_UNLOCK(); } /* diff --git a/usr.bin/sndiod/file.c b/usr.bin/sndiod/file.c index 3fb8664f5..64a235741 100644 --- a/usr.bin/sndiod/file.c +++ b/usr.bin/sndiod/file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: file.c,v 1.26 2022/12/26 19:16:03 jmc Exp $ */ +/* $OpenBSD: file.c,v 1.27 2024/07/23 06:34:03 ratchov Exp $ */ /* * Copyright (c) 2008-2012 Alexandre Ratchov * @@ -63,7 +63,7 @@ void timo_update(unsigned int); void timo_init(void); void timo_done(void); -void file_process(struct file *, struct pollfd *); +int file_process(struct file *, struct pollfd *); struct timespec file_ts; struct file *file_list; @@ -270,10 +270,10 @@ file_del(struct file *f) #endif } -void +int file_process(struct file *f, struct pollfd *pfd) { - int revents; + int rc, revents; #ifdef DEBUG struct timespec ts0, ts1; long us; @@ -283,14 +283,21 @@ file_process(struct file *f, struct pollfd *pfd) if (log_level >= 3) clock_gettime(CLOCK_UPTIME, &ts0); #endif + rc = 0; revents = (f->state != FILE_ZOMB) ? f->ops->revents(f->arg, pfd) : 0; - if ((revents & POLLHUP) && (f->state != FILE_ZOMB)) + if ((revents & POLLHUP) && (f->state != FILE_ZOMB)) { f->ops->hup(f->arg); - if ((revents & POLLIN) && (f->state != FILE_ZOMB)) + rc = 1; + } + if ((revents & POLLIN) && (f->state != FILE_ZOMB)) { f->ops->in(f->arg); - if ((revents & POLLOUT) && (f->state != FILE_ZOMB)) + rc = 1; + } + if ((revents & POLLOUT) && (f->state != FILE_ZOMB)) { f->ops->out(f->arg); + rc = 1; + } #ifdef DEBUG if (log_level >= 3) { clock_gettime(CLOCK_UPTIME, &ts1); @@ -304,6 +311,7 @@ file_process(struct file *f, struct pollfd *pfd) } } #endif + return rc; } int @@ -370,11 +378,19 @@ file_poll(void) /* * process files that do not rely on poll */ + res = 0; for (f = file_list; f != NULL; f = f->next) { if (f->nfds > 0) continue; - file_process(f, NULL); + res |= file_process(f, NULL); } + /* + * The processing may have changed the poll(2) conditions of + * other files, so restart the loop to force their poll(2) event + * masks to be reevaluated. + */ + if (res) + return 1; /* * Sleep. Calculate the number of milliseconds poll(2) must diff --git a/usr.sbin/radiusctl/parser.c b/usr.sbin/radiusctl/parser.c index c43d7e42f..c0934db0a 100644 --- a/usr.sbin/radiusctl/parser.c +++ b/usr.sbin/radiusctl/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.3 2024/07/09 17:26:14 yasuoka Exp $ */ +/* $OpenBSD: parser.c,v 1.4 2024/07/24 08:27:20 yasuoka Exp $ */ /* * Copyright (c) 2010 Reyk Floeter @@ -44,6 +44,7 @@ enum token_type { MAXWAIT, FLAGS, SESSION_SEQ, + MSGAUTH, ENDTOKEN }; @@ -58,6 +59,7 @@ static struct parse_result res = { .tries = TEST_TRIES_DEFAULT, .interval = { TEST_INTERVAL_DEFAULT, 0 }, .maxwait = { TEST_MAXWAIT_DEFAULT, 0 }, + .msgauth = 1 }; static const struct token t_test[]; @@ -71,6 +73,7 @@ static const struct token t_nas_port[]; static const struct token t_tries[]; static const struct token t_interval[]; static const struct token t_maxwait[]; +static const struct token t_yesno[]; static const struct token t_ipcp[]; static const struct token t_ipcp_flags[]; static const struct token t_ipcp_session_seq[]; @@ -105,6 +108,7 @@ static const struct token t_test_opts[] = { { KEYWORD, "interval", NONE, t_interval }, { KEYWORD, "tries", NONE, t_tries }, { KEYWORD, "maxwait", NONE, t_maxwait }, + { KEYWORD, "msgauth", NONE, t_yesno }, { ENDTOKEN, "", NONE, NULL } }; @@ -143,6 +147,12 @@ static const struct token t_maxwait[] = { { ENDTOKEN, "", NONE, NULL } }; +static const struct token t_yesno[] = { + { MSGAUTH, "yes", 1, t_test_opts }, + { MSGAUTH, "no", 0, t_test_opts }, + { ENDTOKEN, "", NONE, NULL } +}; + static const struct token t_ipcp[] = { { KEYWORD, "show", IPCP_SHOW, NULL }, { KEYWORD, "dump", IPCP_DUMP, t_ipcp_flags }, @@ -365,6 +375,14 @@ match_token(char *word, const struct token table[]) printf("invalid argument: %s is %s for " "\"session-id\"", word, errstr); t = &table[i]; + case MSGAUTH: + if (word != NULL && + strcmp(word, table[i].keyword) == 0) { + match++; + res.msgauth = table[i].value; + t = &table[i]; + } + break; case ENDTOKEN: break; } @@ -436,6 +454,9 @@ show_valid_args(const struct token table[]) case SESSION_SEQ: fprintf(stderr, " \n"); break; + case MSGAUTH: + fprintf(stderr, " %s\n", table[i].keyword); + break; case ENDTOKEN: break; } diff --git a/usr.sbin/radiusctl/parser.h b/usr.sbin/radiusctl/parser.h index 3f5e271bf..6fefb0f47 100644 --- a/usr.sbin/radiusctl/parser.h +++ b/usr.sbin/radiusctl/parser.h @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.h,v 1.3 2024/07/09 17:26:14 yasuoka Exp $ */ +/* $OpenBSD: parser.h,v 1.4 2024/07/24 08:27:20 yasuoka Exp $ */ /* This file is derived from OpenBSD:src/usr.sbin/ikectl/parser.h 1.9 */ /* @@ -60,6 +60,7 @@ struct parse_result { const char *password; u_short port; int nas_port; + int msgauth; enum auth_method auth_method; /* number of packets to try sending */ diff --git a/usr.sbin/radiusctl/radiusctl.8 b/usr.sbin/radiusctl/radiusctl.8 index 58980c9ba..00ab5bce2 100644 --- a/usr.sbin/radiusctl/radiusctl.8 +++ b/usr.sbin/radiusctl/radiusctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: radiusctl.8,v 1.8 2024/07/14 03:47:44 jsg Exp $ +.\" $OpenBSD: radiusctl.8,v 1.9 2024/07/24 08:27:20 yasuoka Exp $ .\" .\" Copyright (c) YASUOKA Masahiko .\" @@ -15,7 +15,7 @@ .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" .\" -.Dd $Mdocdate: July 14 2024 $ +.Dd $Mdocdate: July 24 2024 $ .Dt RADIUSCTL 8 .Os .Sh NAME @@ -86,6 +86,9 @@ the default port number 1812 is used. .It Cm tries Ar number Specifies the number of packets to try sending. The default is 3. +.It Cm msgauth Ar yes | no +Specifies if Message-Authenticator is given for the access request packet. +The default is yes. .El .It Cm ipcp show Show all ipcp sessions in the database of diff --git a/usr.sbin/radiusctl/radiusctl.c b/usr.sbin/radiusctl/radiusctl.c index d3bc45eb8..6b8a4fedb 100644 --- a/usr.sbin/radiusctl/radiusctl.c +++ b/usr.sbin/radiusctl/radiusctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: radiusctl.c,v 1.11 2024/07/22 09:39:23 yasuoka Exp $ */ +/* $OpenBSD: radiusctl.c,v 1.12 2024/07/24 08:27:20 yasuoka Exp $ */ /* * Copyright (c) 2015 YASUOKA Masahiko * @@ -368,7 +368,8 @@ radius_test(struct parse_result *res) u32val = htonl(res->nas_port); radius_put_raw_attr(reqpkt, RADIUS_TYPE_NAS_PORT, &u32val, 4); - radius_put_message_authenticator(reqpkt, res->secret); + if (res->msgauth) + radius_put_message_authenticator(reqpkt, res->secret); event_init(); @@ -500,6 +501,10 @@ radius_dump(FILE *out, RADIUS_PACKET *pkt, bool resp, const char *secret) : (radius_check_message_authenticator(pkt, secret) == 0) ? "Verified" : "NG"); } + if (!resp) + fprintf(out, " Message-Authenticator = %s\n", + (radius_has_attr(pkt, RADIUS_TYPE_MESSAGE_AUTHENTICATOR)) + ? "(Present)" : "(Not present)"); if (radius_get_string_attr(pkt, RADIUS_TYPE_USER_NAME, buf, sizeof(buf)) == 0)