SecBSD/src
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync with OpenBSD -current

Browse source
This commit is contained in:
purplerain 2024-07-11 15:49:23 +00:00
parent a8049e67d3
commit ae019f102d
Signed by: purplerain
GPG key ID: F42C07F07E2E35B7
77 changed files with 4413 additions and 6362 deletions
Download patch file Download diff file Expand all files Collapse all files

1
distrib/sets/lists/base/mi
View file

@ -2510,6 +2510,7 @@
./usr/libexec/ntalkd
./usr/libexec/radiusd
./usr/libexec/radiusd/radiusd_bsdauth
./usr/libexec/radiusd/radiusd_ipcp
./usr/libexec/radiusd/radiusd_radius
./usr/libexec/radiusd/radiusd_standard
./usr/libexec/reorder_kernel

1
distrib/sets/lists/comp/mi
View file

@ -1927,6 +1927,7 @@
./usr/share/man/man3/EVP_PKEY_CTX_get_operation.3
./usr/share/man/man3/EVP_PKEY_CTX_new.3
./usr/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3
./usr/share/man/man3/EVP_PKEY_CTX_set_tls1_prf_md.3
./usr/share/man/man3/EVP_PKEY_add1_attr.3
./usr/share/man/man3/EVP_PKEY_asn1_get_count.3
./usr/share/man/man3/EVP_PKEY_asn1_new.3

1
distrib/sets/lists/man/mi
View file

@ -2615,6 +2615,7 @@
./usr/share/man/man8/radiusctl.8
./usr/share/man/man8/radiusd.8
./usr/share/man/man8/radiusd_bsdauth.8
./usr/share/man/man8/radiusd_ipcp.8
./usr/share/man/man8/radiusd_radius.8
./usr/share/man/man8/radiusd_standard.8
./usr/share/man/man8/rarpd.8

4
lib/libc/stdlib/getenv.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: getenv.c,v 1.12 2016/03/13 18:34:21 guenther Exp $ */
/* $OpenBSD: getenv.c,v 1.13 2024/07/10 14:17:58 jca Exp $ */
/*
* Copyright (c) 1987, 1993
* The Regents of the University of California. All rights reserved.
@ -39,8 +39,6 @@
* Sets offset to be the offset of the name/value combination in the
* environmental array, for use by putenv(3), setenv(3) and unsetenv(3).
* Explicitly removes '=' in argument name.
*
* This routine *should* be a static; don't use it.
*/
char *
__findenv(const char *name, int len, int *offset)

7
lib/libcrypto/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.199 2024/07/09 16:41:44 tb Exp $
# $OpenBSD: Makefile,v 1.200 2024/07/10 13:30:14 beck Exp $
LIB= crypto
LIBREBUILD=y
@ -53,7 +53,6 @@ CFLAGS+= -I${LCRYPTO_SRC}/x509
VERSION_SCRIPT= Symbols.map
SYMBOL_LIST= ${.CURDIR}/Symbols.list
SYMBOL_NAMESPACE= ${.CURDIR}/Symbols.namespace
.if (${MACHINE_CPU} == "amd64") || (${MACHINE_CPU} == "i386")
SYMBOL_LIST+= ${.CURDIR}/arch/${MACHINE_CPU}/Symbols.list
@ -746,9 +745,9 @@ includes: prereq
echo $$j; \
eval "$$j"; \
done;
${VERSION_SCRIPT}: ${SYMBOL_LIST} ${SYMBOL_NAMESPACE}
${VERSION_SCRIPT}: ${SYMBOL_LIST}
{ printf '{\n\tglobal:\n'; \
sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_NAMESPACE}; \
sed '/^[._a-zA-Z]/s/$$/;/; s/^/ _libre_/' ${SYMBOL_LIST}; \
sed '/^[._a-zA-Z]/s/$$/;/; s/^/ /' ${SYMBOL_LIST}; \
printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@

3355
lib/libcrypto/Symbols.namespace
View file

File diff suppressed because it is too large Load diff

11
lib/libcrypto/kdf/tls1_prf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: tls1_prf.c,v 1.39 2024/07/09 17:58:36 tb Exp $ */
/* $OpenBSD: tls1_prf.c,v 1.40 2024/07/10 06:53:27 tb Exp $ */
/*
* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
* 2016.
@ -146,8 +146,7 @@ pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
}
static int
pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
const char *type, const char *value)
pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
{
if (value == NULL) {
KDFerror(KDF_R_VALUE_MISSING);
@ -178,10 +177,8 @@ pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
}
static int
tls1_prf_P_hash(const EVP_MD *md,
const unsigned char *secret, size_t secret_len,
const unsigned char *seed, size_t seed_len,
unsigned char *out, size_t out_len)
tls1_prf_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
const unsigned char *seed, size_t seed_len, unsigned char *out, size_t out_len)
{
int chunk;
EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;

5
lib/libcrypto/man/EVP_PKEY_CTX_set_hkdf_md.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.3 2023/09/13 13:46:52 schwarze Exp $
.\" $OpenBSD: EVP_PKEY_CTX_set_hkdf_md.3,v 1.4 2024/07/10 07:57:37 tb Exp $
.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
.\"
.\" This file was written by Alessandro Ghedini <alessandro@ghedini.me>,
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: September 13 2023 $
.Dd $Mdocdate: July 10 2024 $
.Dt EVP_PKEY_CTX_SET_HKDF_MD 3
.Os
.Sh NAME
@ -60,6 +60,7 @@
.Nm EVP_PKEY_CTX_hkdf_mode
.Nd HMAC-based Extract-and-Expand key derivation algorithm
.Sh SYNOPSIS
.In openssl/evp.h
.In openssl/kdf.h
.Ft int
.Fo EVP_PKEY_CTX_hkdf_mode

171
lib/libcrypto/man/EVP_PKEY_CTX_set_tls1_prf_md.3 Normal file
View file

@ -0,0 +1,171 @@
.\" $OpenBSD: EVP_PKEY_CTX_set_tls1_prf_md.3,v 1.2 2024/07/10 10:22:03 tb Exp $
.\" full merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
.\"
.\" This file was written by Dr Stephen Henson <steve@openssl.org>,
.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 10 2024 $
.Dt EVP_PKEY_CTX_SET_TLS1_PRF_MD 3
.Os
.Sh NAME
.Nm EVP_PKEY_CTX_set_tls1_prf_md ,
.Nm EVP_PKEY_CTX_set1_tls1_prf_secret ,
.Nm EVP_PKEY_CTX_add1_tls1_prf_seed
.Nd TLS PRF key derivation algorithm
.Sh SYNOPSIS
.In openssl/evp.h
.In openssl/kdf.h
.Ft int
.Fo EVP_PKEY_CTX_set_tls1_prf_md
.Fa "EVP_PKEY_CTX *pctx"
.Fa "const EVP_MD *md"
.Fc
.Ft int
.Fo EVP_PKEY_CTX_set1_tls1_prf_secret
.Fa "EVP_PKEY_CTX *pctx"
.Fa "unsigned char *sec"
.Fa "int seclen"
.Fc
.Ft int
.Fo EVP_PKEY_CTX_add1_tls1_prf_seed
.Fa "EVP_PKEY_CTX *pctx"
.Fa "unsigned char *seed"
.Fa "int seedlen"
.Fc
.Sh DESCRIPTION
The
.Dv EVP_PKEY_TLS1_PRF
algorithm implements the PRF key derivation function for TLS.
It has no associated private key and only implements key derivation using
.Xr EVP_PKEY_derive 3 .
.Pp
.Fn EVP_PKEY_set_tls1_prf_md
sets the message digest associated with the TLS PRF.
.Xr EVP_md5_sha1 3
is treated as a special case which uses the PRF algorithm using both
MD5 and SHA1 as used in TLS 1.0 and 1.1.
.Pp
.Fn EVP_PKEY_CTX_set_tls1_prf_secret
sets the secret value of the TLS PRF to
.Fa seclen
bytes of the buffer
.Fa sec .
Any existing secret value is replaced and any seed is reset.
.Pp
.Fn EVP_PKEY_CTX_add1_tls1_prf_seed
sets the seed to
.Fa seedlen
bytes of
.Fa seed .
If a seed is already set it is appended to the existing value.
.Sh STRING CTRLS
The TLS PRF also supports string based control operations using
.Xr EVP_PKEY_CTX_ctrl_str 3 .
The
.Fa type
parameter "md" uses the supplied
.Fa value
as the name of the digest algorithm to use.
The
.Fa type
parameters "secret" and "seed" use the supplied
.Fa value
parameter as a secret or seed value.
The names "hexsecret" and "hexseed" are similar except they take a hex
string which is converted to binary.
.Sh NOTES
All these functions are implemented as macros.
.Pp
A context for the TLS PRF can be obtained by calling:
.Bd -literal
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
.Ed
.Pp
The digest, secret value and seed must be set before a key is derived or
an error occurs.
.Pp
The total length of all seeds cannot exceed 1024 bytes in length: this
should be more than enough for any normal use of the TLS PRF.
.Pp
The output length of the PRF is specified by the length parameter in the
.Xr EVP_PKEY_derive 3
function.
Since the output length is variable, setting the buffer to
.Dv NULL
is not meaningful for the TLS PRF.
.Sh RETURN VALUES
All these functions return 1 for success and 0 or a negative value for
failure.
In particular a return value of -2 indicates the operation is not
supported by the public key algorithm.
.Sh EXAMPLES
This example derives 10 bytes using SHA-256 with the secret key "secret"
and seed value "seed":
.Bd -literal
EVP_PKEY_CTX *pctx;
unsigned char out[10];
size_t outlen = sizeof(out);
pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
if (EVP_PKEY_derive_init(pctx) <= 0)
/* Error */
if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0)
/* Error */
if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0)
/* Error */
if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0)
/* Error */
if (EVP_PKEY_derive(pctx, out, &outlen) <= 0)
/* Error */
.Ed
.Sh SEE ALSO
.Xr EVP_PKEY_CTX_ctrl_str 3 ,
.Xr EVP_PKEY_CTX_new 3 ,
.Xr EVP_PKEY_derive 3
.Sh HISTORY
These functions first appeared in OpenSSL 1.1.0 and have been available since
.Ox 7.6 .

3
lib/libcrypto/man/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.287 2024/05/12 11:50:36 tb Exp $
# $OpenBSD: Makefile,v 1.288 2024/07/10 08:51:28 tb Exp $
.include <bsd.own.mk>
@ -176,6 +176,7 @@ MAN= \
EVP_PKEY_CTX_get_operation.3 \
EVP_PKEY_CTX_new.3 \
EVP_PKEY_CTX_set_hkdf_md.3 \
EVP_PKEY_CTX_set_tls1_prf_md.3 \
EVP_PKEY_add1_attr.3 \
EVP_PKEY_asn1_get_count.3 \
EVP_PKEY_asn1_new.3 \

78
lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.9 2024/06/28 14:48:43 tb Exp $
.\" $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.10 2024/07/11 13:50:44 tb Exp $
.\" OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400
.\" OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
.\"
@ -49,7 +49,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 28 2024 $
.Dd $Mdocdate: July 11 2024 $
.Dt SSL_CTX_SET_ALPN_SELECT_CB 3
.Os
.Sh NAME
@ -85,10 +85,10 @@
.Fo SSL_select_next_proto
.Fa "unsigned char **out"
.Fa "unsigned char *outlen"
.Fa "const unsigned char *server"
.Fa "unsigned int server_len"
.Fa "const unsigned char *client"
.Fa "unsigned int client_len"
.Fa "const unsigned char *peer_list"
.Fa "unsigned int peer_list_len"
.Fa "const unsigned char *supported_list"
.Fa "unsigned int supported_list_len"
.Fc
.Ft void
.Fo SSL_get0_alpn_selected
@ -149,7 +149,6 @@ parameter is the pointer set via
.Pp
.Fn SSL_select_next_proto
is a helper function used to select protocols.
It implements the standard protocol selection.
It is expected that this function is called from the application
callback
.Fa cb .
@ -163,32 +162,30 @@ should ignore
and fail by returning
.Dv SSL_TLSEXT_ERR_ALERT_FATAL .
The protocol data in
.Fa server ,
.Fa server_len
.Fa peer_list ,
.Fa peer_list_len
and
.Fa client ,
.Fa client_len
must be in the protocol-list format described below.
.Fa supported_list ,
.Fa supported_list_len
must be two non-empty lists, validly encoded
in the protocol-list format described below.
The first item in the
.Fa server ,
.Fa server_len
list that matches an item in the
.Fa client ,
.Fa client_len
list is selected, and returned in
.Fa peer_list
that matches an item in the
.Fa supported_list
is selected, and returned in
.Fa out ,
.Fa outlen .
The
.Fa out
value will point into either
.Fa server
.Fa peer_list
or
.Fa client ,
.Fa supported_list ,
so it must not be modified and
should be copied immediately.
If no match is found, the first item in
.Fa client ,
.Fa client_len
.Fa supported_list
is returned in
.Fa out ,
.Fa outlen .
@ -213,17 +210,13 @@ of non-empty, 8-bit length-prefixed byte strings.
The length-prefix byte is not included in the length.
Each string is limited to 255 bytes.
A byte-string length of 0 is invalid.
A truncated byte-string is invalid.
The length of the vector is not in the vector itself, but in a separate
variable.
.Pp
For example:
.Bd -literal
unsigned char vector[] = {
6, 's', 'p', 'd', 'y', '/', '1',
8, 'h', 't', 't', 'p', '/', '1', '.', '1'
};
unsigned int length = sizeof(vector);
const unsigned char *vector = "\e6" "spdy/1" "\e8" "http/1.1";
unsigned int length = strlen(vector);
.Ed
.Pp
The ALPN callback is executed after the servername callback; as that
@ -249,8 +242,8 @@ A match was found and is returned in
.It OPENSSL_NPN_NO_OVERLAP
No match was found.
The first item in
.Fa client ,
.Fa client_len
.Fa supported_list ,
.Fa supported_list_len
is returned in
.Fa out ,
.Fa outlen .
@ -273,6 +266,16 @@ configured for this connection.
.Xr ssl 3 ,
.Xr SSL_CTX_set_tlsext_servername_arg 3 ,
.Xr SSL_CTX_set_tlsext_servername_callback 3
.Sh STANDARDS
.Rs
.%T TLS Application-Layer Protocol Negotiation Extension
.%R RFC 7301
.Re
.Pp
.Rs
.%T TLS Next Protocol Negotiation Extension
.%U https://datatracker.ietf.org/doc/html/draft-agl-tls-nextprotoneg
.Re
.Sh HISTORY
.Fn SSL_select_next_proto
first appeared in OpenSSL 1.0.1 and has been available since
@ -285,3 +288,18 @@ and
.Fn SSL_get0_alpn_selected
first appeared in OpenSSL 1.0.2 and have been available since
.Ox 5.7 .
.Sh CAVEATS
The fallback to the first supported protocol in
.Fn SSL_select_next_proto
comes from the opportunistic fallback mechanism in the NPN extension.
This behavior does not make sense for ALPN,
where missing protocol overlap should result in a handshake failure.
To avoid accidental selection of a protocol that the server does not
support, it is recommended to pass the locally configured protocols
as second pair of protocols in the ALPN callback.
.Sh BUGS
The
.Fa out
argument of
.Fn SSL_select_next_proto
should have been const.

58
lib/libssl/ssl_lib.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.325 2024/06/29 07:34:12 tb Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.326 2024/07/11 13:48:52 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -1791,56 +1791,58 @@ LSSL_ALIAS(SSL_get_servername_type);
*/
int
SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
const unsigned char *server_list, unsigned int server_list_len,
const unsigned char *client_list, unsigned int client_list_len)
const unsigned char *peer_list, unsigned int peer_list_len,
const unsigned char *supported_list, unsigned int supported_list_len)
{
CBS client, client_proto, server, server_proto;
CBS peer, peer_proto, supported, supported_proto;
*out = NULL;
*outlen = 0;
/* First check that the client list is well-formed. */
CBS_init(&client, client_list, client_list_len);
if (!tlsext_alpn_check_format(&client))
/* First check that the supported list is well-formed. */
CBS_init(&supported, supported_list, supported_list_len);
if (!tlsext_alpn_check_format(&supported))
goto err;
/*
* Use first client protocol as fallback. This is one way of doing NPN's
* "opportunistic" protocol selection (see security considerations in
* draft-agl-tls-nextprotoneg-04), and it is the documented behavior of
* this API. For ALPN it's the callback's responsibility to fail on
* Use first supported protocol as fallback. This is one way of doing
* NPN's "opportunistic" protocol selection (see security considerations
* in draft-agl-tls-nextprotoneg-04), and it is the documented behavior
* of this API. For ALPN it's the callback's responsibility to fail on
* OPENSSL_NPN_NO_OVERLAP.
*/
if (!CBS_get_u8_length_prefixed(&client, &client_proto))
if (!CBS_get_u8_length_prefixed(&supported, &supported_proto))
goto err;
*out = (unsigned char *)CBS_data(&client_proto);
*outlen = CBS_len(&client_proto);
*out = (unsigned char *)CBS_data(&supported_proto);
*outlen = CBS_len(&supported_proto);
/* Now check that the server list is well-formed. */
CBS_init(&server, server_list, server_list_len);
if (!tlsext_alpn_check_format(&server))
/* Now check that the peer list is well-formed. */
CBS_init(&peer, peer_list, peer_list_len);
if (!tlsext_alpn_check_format(&peer))
goto err;
/*
* Walk the server list and select the first protocol that appears in
* the client list.
* Walk the peer list and select the first protocol that appears in
* the supported list. Thus we honor peer preference rather than local
* preference contrary to a SHOULD in RFC 7301, section 3.2.
*/
while (CBS_len(&server) > 0) {
if (!CBS_get_u8_length_prefixed(&server, &server_proto))
while (CBS_len(&peer) > 0) {
if (!CBS_get_u8_length_prefixed(&peer, &peer_proto))
goto err;
CBS_init(&client, client_list, client_list_len);
CBS_init(&supported, supported_list, supported_list_len);
while (CBS_len(&client) > 0) {
if (!CBS_get_u8_length_prefixed(&client, &client_proto))
while (CBS_len(&supported) > 0) {
if (!CBS_get_u8_length_prefixed(&supported,
&supported_proto))
goto err;
if (CBS_mem_equal(&client_proto,
CBS_data(&server_proto), CBS_len(&server_proto))) {
*out = (unsigned char *)CBS_data(&server_proto);
*outlen = CBS_len(&server_proto);
if (CBS_mem_equal(&supported_proto,
CBS_data(&peer_proto), CBS_len(&peer_proto))) {
*out = (unsigned char *)CBS_data(&peer_proto);
*outlen = CBS_len(&peer_proto);
return OPENSSL_NPN_NEGOTIATED;
}

6
libexec/snmpd/snmpd_metrics/pf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pf.c,v 1.1.1.1 2022/09/01 14:20:33 martijn Exp $ */
/* $OpenBSD: pf.c,v 1.2 2024/07/10 20:33:31 martijn Exp $ */
/*
* Copyright (c) 2012 Joel Knight <joel@openbsd.org>
@ -210,11 +210,11 @@ pfi_get(struct pfr_buffer *b, const char *filter)
bzero(b, sizeof(struct pfr_buffer));
b->pfrb_type = PFRB_IFACES;
for (;;) {
pfr_buf_grow(b, b->pfrb_size);
pfr_buf_grow(b, 0);
b->pfrb_size = b->pfrb_msize;
if (pfi_get_ifaces(filter, b->pfrb_caddr, &(b->pfrb_size)))
return (1);
if (b->pfrb_size <= b->pfrb_msize)
if (b->pfrb_size < b->pfrb_msize)
break;
}

4
regress/lib/libcrypto/symbols/Makefile
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.4 2023/06/22 19:23:27 tb Exp $
# $OpenBSD: Makefile,v 1.5 2024/07/10 13:11:22 tb Exp $
TESTS = \
symbols
@ -22,7 +22,7 @@ LDADD= -lcrypto
DPADD= ${LIBCRYPTO}
LDFLAGS+= -lcrypto
LDFLAGS+= -Wl,--no-allow-shlib-undefined
CFLAGS+= -Wno-deprecated-declarations
CFLAGS+= -Wno-deprecated-declarations -DUSE_LIBRESSL_NAMESPACE
CLEANFILES+= include_headers.c symbols.c symbols.c.tmp

8
regress/lib/libcrypto/symbols/symbols.awk
View file

@ -1,4 +1,4 @@
# $OpenBSD: symbols.awk,v 1.11 2024/04/15 16:49:13 tb Exp $
# $OpenBSD: symbols.awk,v 1.12 2024/07/10 13:11:22 tb Exp $
# Copyright (c) 2018,2020 Theo Buehler <tb@openbsd.org>
#
@ -32,6 +32,8 @@ BEGIN {
# Undefine aliases, so we don't accidentally leave them in Symbols.list.
printf("#ifdef %s\n#undef %s\n#endif\n", $0, $0)
printf("static typeof(%s) *_libre_%s;\n", $0, $0);
}
END {
@ -41,12 +43,16 @@ END {
printf("\tstruct {\n")
printf("\t\tconst char *const name;\n")
printf("\t\tconst void *addr;\n")
printf("\t\tconst void *libre_addr;\n")
printf("\t} symbols[] = {\n")
for (symbol in symbols) {
printf("\t\t{\n")
printf("\t\t\t.name = \"%s\",\n", symbol)
printf("\t\t\t.addr = &%s,\n", symbol)
printf("#if defined(USE_LIBRESSL_NAMESPACE)\n")
printf("\t\t\t.libre_addr = &_libre_%s,\n", symbol)
printf("#endif\n")
printf("\t\t},\n")
}

222
regress/lib/libssl/unit/ssl_set_alpn_protos.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_set_alpn_protos.c,v 1.3 2024/06/28 14:50:37 tb Exp $ */
/* $OpenBSD: ssl_set_alpn_protos.c,v 1.4 2024/07/11 13:51:47 tb Exp $ */
/*
* Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
*
@ -202,162 +202,138 @@ test_ssl_set_alpn_protos_edge_cases(void)
}
static const struct select_next_proto_test {
const unsigned char *server_list;
size_t server_list_len;
const unsigned char *client_list;
size_t client_list_len;
const unsigned char *peer_list;
size_t peer_list_len;
const unsigned char *supported_list;
size_t supported_list_len;
int want_ret;
const unsigned char *want_out;
unsigned char want_out_len; /* yes, unsigned char */
} select_next_proto_tests[] = {
{
.server_list = "\x01" "a" "\x01" "b" "\x01" "c",
.server_list_len = 6,
.client_list = "\x01" "a",
.client_list_len = 2,
.peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
.peer_list_len = 6,
.supported_list = "\x01" "a",
.supported_list_len = 2,
.want_ret = OPENSSL_NPN_NEGOTIATED,
.want_out = "a",
.want_out_len = 1,
},
{
.server_list = "\x01" "a" "\x01" "b" "\x01" "c",
.server_list_len = 6,
.client_list = "\x02" "aa" "\x01" "b" "\x01" "c",
.client_list_len = 7,
.peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
.peer_list_len = 6,
.supported_list = "\x02" "aa" "\x01" "b" "\x01" "c",
.supported_list_len = 7,
.want_ret = OPENSSL_NPN_NEGOTIATED,
.want_out = "b",
.want_out_len = 1,
},
{
/* Use server preference. */
.server_list = "\x01" "a" "\x01" "b" "\x01" "c",
.server_list_len = 6,
.client_list = "\x01" "c" "\x01" "b" "\x01" "a",
.client_list_len = 6,
/* Use peer preference. */
.peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
.peer_list_len = 6,
.supported_list = "\x01" "c" "\x01" "b" "\x01" "a",
.supported_list_len = 6,
.want_ret = OPENSSL_NPN_NEGOTIATED,
.want_out = "a",
.want_out_len = 1,
},
{
/* Again server preference wins. */
.server_list = "\x01" "a" "\x03" "bbb" "\x02" "cc",
.server_list_len = 9,
.client_list = "\x01" "z" "\x02" "cc" "\x03" "bbb",
.client_list_len = 9,
/* Again peer preference wins. */
.peer_list = "\x01" "a" "\x03" "bbb" "\x02" "cc",
.peer_list_len = 9,
.supported_list = "\x01" "z" "\x02" "cc" "\x03" "bbb",
.supported_list_len = 9,
.want_ret = OPENSSL_NPN_NEGOTIATED,
.want_out = "bbb",
.want_out_len = 3,
},
{
/* No overlap fails with first client protocol. */
.server_list = "\x01" "a" "\x01" "b" "\x01" "c",
.server_list_len = 6,
.client_list = "\x01" "z" "\x01" "y",
.client_list_len = 4,
/* No overlap fails with first supported protocol. */
.peer_list = "\x01" "a" "\x01" "b" "\x01" "c",
.peer_list_len = 6,
.supported_list = "\x01" "z" "\x01" "y",
.supported_list_len = 4,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
.want_out = "z",
.want_out_len = 1,
},
{
/*
* No server protocols is a misconfiguration, but should fail
* cleanly.
*/
.server_list = "",
.server_list_len = 0,
.client_list = "\x01" "a" "\x01" "b" "\x01" "c",
.client_list_len = 6,
/* No peer protocols fails cleanly. */
.peer_list = "",
.peer_list_len = 0,
.supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
.supported_list_len = 6,
.want_out = "a",
.want_out_len = 1,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* NULL server protocols is a programming error that fails
* cleanly.
*/
.server_list = NULL,
.server_list_len = 0,
.client_list = "\x01" "a" "\x01" "b" "\x01" "c",
.client_list_len = 6,
/* NULL peer protocols fails cleanly. */
.peer_list = NULL,
.peer_list_len = 0,
.supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
.supported_list_len = 6,
.want_out = "a",
.want_out_len = 1,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* Malformed server protocols is a misconfiguration, but it
* should fail cleanly.
*/
.server_list = "\x00",
.server_list_len = 1,
.client_list = "\x01" "a" "\x01" "b" "\x01" "c",
.client_list_len = 6,
/* Malformed peer protocols fails cleanly. */
.peer_list = "\x00",
.peer_list_len = 1,
.supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
.supported_list_len = 6,
.want_out = "a",
.want_out_len = 1,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* Malformed server protocols is a misconfiguration, but it
* should fail cleanly.
*/
.server_list = "\x01" "a" "\x03" "bb",
.server_list_len = 5,
.client_list = "\x01" "a" "\x01" "b" "\x01" "c",
.client_list_len = 6,
/* Malformed peer protocols fails cleanly. */
.peer_list = "\x01" "a" "\x03" "bb",
.peer_list_len = 5,
.supported_list = "\x01" "a" "\x01" "b" "\x01" "c",
.supported_list_len = 6,
.want_out = "a",
.want_out_len = 1,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* Empty client protocols is not reachable from the ALPN
* callback. It fails cleanly with NULL protocol and 0 length.
*/
.server_list = "\x01" "a",
.server_list_len = 2,
.client_list = "",
.client_list_len = 0,
/* Empty supported list fails cleanly. */
.peer_list = "\x01" "a",
.peer_list_len = 2,
.supported_list = "",
.supported_list_len = 0,
.want_out = NULL,
.want_out_len = 0,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* NULL client protocols is not reachable from the ALPN
* callback. It fails cleanly with NULL protocol and 0 length.
*/
.server_list = "\x01" "a",
.server_list_len = 2,
.client_list = NULL,
.client_list_len = 0,
/* NULL supported list fails cleanly. */
.peer_list = "\x01" "a",
.peer_list_len = 2,
.supported_list = NULL,
.supported_list_len = 0,
.want_out = NULL,
.want_out_len = 0,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* Malformed client list fails cleanly with NULL protocol and
* 0 length.
*/
.server_list = "\x01" "a",
.server_list_len = 2,
.client_list = "\x01" "a" "\x02" "bb" "\x03" "cc" "\x04" "ddd",
.client_list_len = 12,
/* Malformed supported list fails cleanly. */
.peer_list = "\x01" "a",
.peer_list_len = 2,
.supported_list = "\x01" "a" "\x02" "bb" "\x03" "cc" "\x04" "ddd",
.supported_list_len = 12,
.want_out = NULL,
.want_out_len = 0,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/*
* Malformed client list fails cleanly with NULL protocol and
* 0 length.
*/
.server_list = "\x01" "a",
.server_list_len = 2,
.client_list = "\x01" "a" "\x02" "bb" "\x00" "\x03" "ddd",
.client_list_len = 10,
/* Malformed client list fails cleanly. */
.peer_list = "\x01" "a",
.peer_list_len = 2,
.supported_list = "\x01" "a" "\x02" "bb" "\x00" "\x03" "ddd",
.supported_list_len = 10,
.want_out = NULL,
.want_out_len = 0,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
@ -368,58 +344,58 @@ static const struct select_next_proto_test {
*/
{
.server_list = "\x08" "http/1.1" "\x06" "spdy/1",
.server_list_len = 16,
.client_list = "\x08" "http/2.0" "\x08" "http/1.1",
.client_list_len = 18,
.peer_list = "\x08" "http/1.1" "\x06" "spdy/1",
.peer_list_len = 16,
.supported_list = "\x08" "http/2.0" "\x08" "http/1.1",
.supported_list_len = 18,
.want_out = "http/1.1",
.want_out_len = 8,
.want_ret = OPENSSL_NPN_NEGOTIATED,
},
{
.server_list = "\x08" "http/2.0" "\x06" "spdy/1",
.server_list_len = 16,
.client_list = "\x08" "http/1.0" "\x08" "http/1.1",
.client_list_len = 18,
.peer_list = "\x08" "http/2.0" "\x06" "spdy/1",
.peer_list_len = 16,
.supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
.supported_list_len = 18,
.want_out = "http/1.0",
.want_out_len = 8,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
.server_list = "\x08" "http/1.1" "\x08" "http/1.0",
.server_list_len = 18,
.client_list = "\x08" "http/1.0" "\x08" "http/1.1",
.client_list_len = 18,
.peer_list = "\x08" "http/1.1" "\x08" "http/1.0",
.peer_list_len = 18,
.supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
.supported_list_len = 18,
.want_out = "http/1.1",
.want_out_len = 8,
.want_ret = OPENSSL_NPN_NEGOTIATED,
},
{
/* Server malformed. */
.server_list = "\x08" "http/1.1" "\x07" "http/1.0",
.server_list_len = 18,
.client_list = "\x08" "http/1.0" "\x08" "http/1.1",
.client_list_len = 18,
/* Peer list malformed. */
.peer_list = "\x08" "http/1.1" "\x07" "http/1.0",
.peer_list_len = 18,
.supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
.supported_list_len = 18,
.want_out = "http/1.0",
.want_out_len = 8,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/* Server malformed. */
.server_list = "\x07" "http/1.1" "\x08" "http/1.0",
.server_list_len = 18,
.client_list = "\x08" "http/1.0" "\x08" "http/1.1",
.client_list_len = 18,
/* Peer list malformed. */
.peer_list = "\x07" "http/1.1" "\x08" "http/1.0",
.peer_list_len = 18,
.supported_list = "\x08" "http/1.0" "\x08" "http/1.1",
.supported_list_len = 18,
.want_out = "http/1.0",
.want_out_len = 8,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
},
{
/* Client has trailing bytes. */
.server_list = "\x08" "http/1.1" "\x08" "http/1.0",
.server_list_len = 18,
.client_list = "\x08" "http/1.0" "\x07" "http/1.1",
.client_list_len = 18,
/* Supported list has trailing bytes. */
.peer_list = "\x08" "http/1.1" "\x08" "http/1.0",
.peer_list_len = 18,
.supported_list = "\x08" "http/1.0" "\x07" "http/1.1",
.supported_list_len = 18,
.want_out = NULL,
.want_out_len = 0,
.want_ret = OPENSSL_NPN_NO_OVERLAP,
@ -437,8 +413,8 @@ select_next_proto_testcase(const struct select_next_proto_test *test)
int ret;
int failed = 0;
ret = SSL_select_next_proto(&out, &out_len, test->server_list,
test->server_list_len, test->client_list, test->client_list_len);
ret = SSL_select_next_proto(&out, &out_len, test->peer_list,
test->peer_list_len, test->supported_list, test->supported_list_len);
if (ret != test->want_ret || out_len != test->want_out_len ||
(out == NULL && test->want_out != NULL) ||
@ -452,9 +428,9 @@ select_next_proto_testcase(const struct select_next_proto_test *test)
fprintf(stderr, "\nwant:\n");
hexdump(test->want_out, test->want_out_len);
fprintf(stderr, "\nserver:\n");
hexdump(test->server_list, test->server_list_len);
hexdump(test->peer_list, test->peer_list_len);
fprintf(stderr, "\nclient:\n");
hexdump(test->client_list, test->client_list_len);
hexdump(test->supported_list, test->supported_list_len);
fprintf(stderr, "\n");
failed = 1;
}

6
regress/usr.bin/diff/t8.2
View file

@ -1,4 +1,4 @@
/* $OpenBSD: t8.2,v 1.1 2003/07/17 21:04:04 otto Exp $ */
/* $OpenBSD: t8.2,v 1.2 2024/07/10 09:20:33 krw Exp $ */
/* $NetBSD: kern_malloc.c,v 1.15.4.2 1996/06/13 17:10:56 cgd Exp $ */
/*
@ -76,7 +76,7 @@ struct kmemusage *kmemusage;
char *kmembase, *kmemlimit;
char buckstring[16 * sizeof("123456,")];
int buckstring_init = 0;
#if defined(KMEMSTATS) || defined(DIAGNOSTIC) || defined(FFS_SOFTUPDATES)
#if defined(KMEMSTATS) || defined(DIAGNOSTIC)
char *memname[] = INITKMEMNAMES;
char *memall = NULL;
extern struct lock sysctl_kmemlock;
@ -561,7 +561,7 @@ sysctl_malloc(name, namelen, oldp, oldlenp, newp, newlen, p)
return (EOPNOTSUPP);
#endif
case KERN_MALLOC_KMEMNAMES:
#if defined(KMEMSTATS) || defined(DIAGNOSTIC) || defined(FFS_SOFTUPDATES)
#if defined(KMEMSTATS) || defined(DIAGNOSTIC)
if (memall == NULL) {
int totlen;

18
regress/usr.bin/diff/t9.2
View file

@ -1,4 +1,4 @@
/* $OpenBSD: t9.2,v 1.2 2013/12/01 16:40:56 krw Exp $ */
/* $OpenBSD: t9.2,v 1.4 2024/07/10 09:24:03 krw Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */
/*
@ -591,10 +591,6 @@ sys_statfs(p, v, retval)
if ((error = VFS_STATFS(mp, sp, p)) != 0)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
#if notyet
if (mp->mnt_flag & MNT_SOFTDEP)
sp->f_eflags = STATFS_SOFTUPD;
#endif
/* Don't let non-root see filesystem id (for NFS security) */
if (suser(p->p_ucred, &p->p_acflag)) {
bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
@ -633,10 +629,6 @@ sys_fstatfs(p, v, retval)
if (error)
return (error);
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
#if notyet
if (mp->mnt_flag & MNT_SOFTDEP)
sp->f_eflags = STATFS_SOFTUPD;
#endif
/* Don't let non-root see filesystem id (for NFS security) */
if (suser(p->p_ucred, &p->p_acflag)) {
bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
@ -689,10 +681,6 @@ sys_getfsstat(p, v, retval)
}
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
#if notyet
if (mp->mnt_flag & MNT_SOFTDEP)
sp->f_eflags = STATFS_SOFTUPD;
#endif
if (suser(p->p_ucred, &p->p_acflag)) {
bcopy((caddr_t)sp, (caddr_t)&sb, sizeof(sb));
sb.f_fsid.val[0] = sb.f_fsid.val[1] = 0;
@ -2292,10 +2280,6 @@ sys_fsync(p, v, retval)
vp = (struct vnode *)fp->f_data;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
error = VOP_FSYNC(vp, fp->f_cred, MNT_WAIT, p);
#ifdef FFS_SOFTUPDATES
if (error == 0 && vp->v_mount && (vp->v_mount->mnt_flag & MNT_SOFTDEP))
error = softdep_fsync(vp);
#endif
VOP_UNLOCK(vp, 0, p);
FRELE(fp);

5
sbin/dhcp6leased/dhcp6leased.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dhcp6leased.c,v 1.11 2024/06/05 16:15:47 florian Exp $ */
/* $OpenBSD: dhcp6leased.c,v 1.12 2024/07/11 10:38:57 florian Exp $ */
/*
* Copyright (c) 2017, 2021, 2024 Florian Obser <florian@openbsd.org>
@ -913,6 +913,9 @@ write_lease_file(struct imsg_lease_info *imsg_lease_info)
rem = sizeof(lease_buf);
for (i = 0; i < iface_conf->ia_count; i++) {
if (imsg_lease_info->pds[i].prefix_len == 0)
continue;
len = snprintf(p, rem, "%s%d %s %d\n", LEASE_IA_PD_PREFIX,
i, inet_ntop(AF_INET6, &imsg_lease_info->pds[i].prefix,
ntopbuf, INET6_ADDRSTRLEN),

4
sbin/dhcp6leased/dhcp6leased.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: dhcp6leased.h,v 1.8 2024/06/06 15:15:44 florian Exp $ */
/* $OpenBSD: dhcp6leased.h,v 1.9 2024/07/10 12:44:46 florian Exp $ */
/*
* Copyright (c) 2017, 2021 Florian Obser <florian@openbsd.org>
@ -260,7 +260,7 @@ void merge_config(struct dhcp6leased_conf *, struct
const char *sin6_to_str(struct sockaddr_in6 *);
/* engine.c */
const char *dhcp_message_type2str(uint8_t);
const char *dhcp_message_type2str(int);
/* frontend.c */
struct iface_conf *find_iface_conf(struct iface_conf_head *, char *);

100
sbin/dhcp6leased/engine.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: engine.c,v 1.17 2024/07/09 16:24:57 florian Exp $ */
/* $OpenBSD: engine.c,v 1.24 2024/07/11 10:48:51 florian Exp $ */
/*
* Copyright (c) 2017, 2021, 2024 Florian Obser <florian@openbsd.org>
@ -127,7 +127,7 @@ struct dhcp6leased_iface *get_dhcp6leased_iface_by_id(uint32_t);
void remove_dhcp6leased_iface(uint32_t);
void parse_dhcp(struct dhcp6leased_iface *,
struct imsg_dhcp *);
void parse_ia_pd_options(uint8_t *, size_t, struct prefix *);
int parse_ia_pd_options(uint8_t *, size_t, struct prefix *);
void state_transition(struct dhcp6leased_iface *, enum
if_state);
void iface_timeout(int, short, void *);
@ -139,10 +139,9 @@ int prefixcmp(struct prefix *, struct prefix *, int);
void send_reconfigure_interface(struct iface_pd_conf *,
struct prefix *, enum reconfigure_action);
int engine_imsg_compose_main(int, pid_t, void *, uint16_t);
const char *dhcp_message_type2str(uint8_t);
const char *dhcp_option_type2str(uint16_t);
const char *dhcp_option_type2str(int);
const char *dhcp_duid2str(int, uint8_t *);
const char *dhcp_status2str(uint8_t);
const char *dhcp_status2str(int);
void in6_prefixlen2mask(struct in6_addr *, int len);
struct dhcp6leased_conf *engine_conf;
@ -813,11 +812,19 @@ parse_dhcp(struct dhcp6leased_iface *iface, struct imsg_dhcp *dhcp)
log_debug("%s: IA_PD, IAID: %08x, T1: %u, T2: %u",
__func__, ntohl(iapd.iaid), ntohl(iapd.t1),
ntohl(iapd.t2));
if (ntohl(iapd.iaid) < iface_conf->ia_count)
parse_ia_pd_options(p +
if (ntohl(iapd.iaid) < iface_conf->ia_count) {
int status_code;
status_code = parse_ia_pd_options(p +
sizeof(struct dhcp_iapd), opt_hdr.len -
sizeof(struct dhcp_iapd),
&iface->new_pds[ntohl(iapd.iaid)]);
if (status_code != DHCP_STATUS_SUCCESS &&
iface->state == IF_RENEWING) {
state_transition(iface, IF_REBINDING);
goto out;
}
}
break;
case DHO_RAPID_COMMIT:
if (opt_hdr.len != 0) {
@ -933,14 +940,14 @@ parse_dhcp(struct dhcp6leased_iface *iface, struct imsg_dhcp *dhcp)
return;
}
void
int
parse_ia_pd_options(uint8_t *p, size_t len, struct prefix *prefix)
{
struct dhcp_option_hdr opt_hdr;
struct dhcp_iaprefix iaprefix;
struct in6_addr mask;
int i;
uint16_t status_code;
uint16_t status_code = DHCP_STATUS_SUCCESS;
char ntopbuf[INET6_ADDRSTRLEN], *visbuf;
while (len >= sizeof(struct dhcp_option_hdr)) {
@ -954,7 +961,7 @@ parse_ia_pd_options(uint8_t *p, size_t len, struct prefix *prefix)
dhcp_option_type2str(opt_hdr.code), opt_hdr.len);
if (len < opt_hdr.len) {
log_warnx("%s: malformed packet, ignoring", __func__);
return;
return DHCP_STATUS_UNSPECFAIL;
}
switch (opt_hdr.code) {
@ -962,7 +969,7 @@ parse_ia_pd_options(uint8_t *p, size_t len, struct prefix *prefix)
if (len < sizeof(struct dhcp_iaprefix)) {
log_warnx("%s: malformed packet, ignoring",
__func__);
return;
return DHCP_STATUS_UNSPECFAIL;
}
memcpy(&iaprefix, p, sizeof(struct dhcp_iaprefix));
@ -997,20 +1004,21 @@ parse_ia_pd_options(uint8_t *p, size_t len, struct prefix *prefix)
break;
case DHO_STATUS_CODE:
/*
* XXX handle STATUS_CODE if not success
* STATUS_CODE can also appear in other parts of
* the packet.
*/
/* XXX STATUS_CODE can also appear outside of options */
if (len < 2) {
log_warnx("%s: malformed packet, ignoring",
__func__);
return;
return DHCP_STATUS_UNSPECFAIL;
}
memcpy(&status_code, p, sizeof(uint16_t));
status_code = ntohs(status_code);
visbuf = calloc(4, len - 2);
strvisx(visbuf, p + 2, len - 2, VIS_SAFE);
/* must be at least 4 * srclen + 1 long */
visbuf = calloc(4, opt_hdr.len - 2 + 1);
if (visbuf == NULL) {
log_warn("%s", __func__);
break;
}
strvisx(visbuf, p + 2, opt_hdr.len - 2, VIS_SAFE);
log_debug("%s: %s - %s", __func__,
dhcp_status2str(status_code), visbuf);
break;
@ -1020,6 +1028,7 @@ parse_ia_pd_options(uint8_t *p, size_t len, struct prefix *prefix)
p += opt_hdr.len;
len -= opt_hdr.len;
}
return status_code;
}
/* XXX check valid transitions */
@ -1270,9 +1279,10 @@ configure_interfaces(struct dhcp6leased_iface *iface)
struct iface_ia_conf *ia_conf;
struct iface_pd_conf *pd_conf;
struct imsg_lease_info imsg_lease_info;
uint32_t i;
char ntopbuf[INET6_ADDRSTRLEN];
char ifnamebuf[IF_NAMESIZE], *if_name;
if ((if_name = if_indextoname(iface->if_index, ifnamebuf)) == NULL) {
log_debug("%s: unknown interface %d", __func__,
iface->if_index);
@ -1285,11 +1295,14 @@ configure_interfaces(struct dhcp6leased_iface *iface)
return;
}
memset(&imsg_lease_info, 0, sizeof(imsg_lease_info));
imsg_lease_info.if_index = iface->if_index;
memcpy(imsg_lease_info.pds, iface->new_pds, sizeof(iface->new_pds));
engine_imsg_compose_main(IMSG_WRITE_LEASE, 0, &imsg_lease_info,
sizeof(imsg_lease_info));
for (i = 0; i < iface_conf->ia_count; i++) {
struct prefix *pd = &iface->new_pds[i];
log_info("prefix delegation #%d %s/%d received on %s from "
"server %s", i, inet_ntop(AF_INET6, &pd->prefix, ntopbuf,
INET6_ADDRSTRLEN), pd->prefix_len, if_name,
dhcp_duid2str(iface->serverid_len, iface->serverid));
}
SIMPLEQ_FOREACH(ia_conf, &iface_conf->iface_ia_list, entry) {
struct prefix *pd = &iface->new_pds[ia_conf->id];
@ -1300,10 +1313,9 @@ configure_interfaces(struct dhcp6leased_iface *iface)
}
if (prefixcmp(iface->pds, iface->new_pds, iface_conf->ia_count) != 0) {
uint32_t i;
char ntopbuf[INET6_ADDRSTRLEN];
log_warnx("IA_PDs changed");
log_info("Prefix delegations on %s from server %s changed",
if_name, dhcp_duid2str(iface->serverid_len,
iface->serverid));
for (i = 0; i < iface_conf->ia_count; i++) {
log_debug("%s: iface->pds [%d]: %s/%d", __func__, i,
inet_ntop(AF_INET6, &iface->pds[i].prefix, ntopbuf,
@ -1318,6 +1330,12 @@ configure_interfaces(struct dhcp6leased_iface *iface)
memcpy(iface->pds, iface->new_pds, sizeof(iface->pds));
memset(iface->new_pds, 0, sizeof(iface->new_pds));
memset(&imsg_lease_info, 0, sizeof(imsg_lease_info));
imsg_lease_info.if_index = iface->if_index;
memcpy(imsg_lease_info.pds, iface->pds, sizeof(iface->pds));
engine_imsg_compose_main(IMSG_WRITE_LEASE, 0, &imsg_lease_info,
sizeof(imsg_lease_info));
}
void
@ -1326,6 +1344,8 @@ deconfigure_interfaces(struct dhcp6leased_iface *iface)
struct iface_conf *iface_conf;
struct iface_ia_conf *ia_conf;
struct iface_pd_conf *pd_conf;
uint32_t i;
char ntopbuf[INET6_ADDRSTRLEN];
char ifnamebuf[IF_NAMESIZE], *if_name;
@ -1341,6 +1361,15 @@ deconfigure_interfaces(struct dhcp6leased_iface *iface)
return;
}
for (i = 0; i < iface_conf->ia_count; i++) {
struct prefix *pd = &iface->pds[i];
log_info("Prefix delegation #%d %s/%d expired on %s from "
"server %s", i, inet_ntop(AF_INET6, &pd->prefix, ntopbuf,
INET6_ADDRSTRLEN), pd->prefix_len, if_name,
dhcp_duid2str(iface->serverid_len, iface->serverid));
}
SIMPLEQ_FOREACH(ia_conf, &iface_conf->iface_ia_list, entry) {
struct prefix *pd = &iface->pds[ia_conf->id];
@ -1348,6 +1377,7 @@ deconfigure_interfaces(struct dhcp6leased_iface *iface)
send_reconfigure_interface(pd_conf, pd, DECONFIGURE);
}
}
memset(iface->pds, 0, sizeof(iface->pds));
}
int
@ -1416,7 +1446,7 @@ send_reconfigure_interface(struct iface_pd_conf *pd_conf, struct prefix *pd,
}
const char *
dhcp_message_type2str(uint8_t type)
dhcp_message_type2str(int type)
{
static char buf[sizeof("Unknown [255]")];
@ -1448,13 +1478,13 @@ dhcp_message_type2str(uint8_t type)
case DHCPRELAYREPL:
return "DHCPRELAYREPL";
default:
snprintf(buf, sizeof(buf), "Unknown [%u]", type);
snprintf(buf, sizeof(buf), "Unknown [%u]", type & 0xff);
return buf;
}
}
const char *
dhcp_option_type2str(uint16_t code)
dhcp_option_type2str(int code)
{
static char buf[sizeof("Unknown [65535]")];
switch (code) {
@ -1481,7 +1511,7 @@ dhcp_option_type2str(uint16_t code)
case DHO_INF_MAX_RT:
return "DHO_INF_MAX_RT";
default:
snprintf(buf, sizeof(buf), "Unknown [%u]", code);
snprintf(buf, sizeof(buf), "Unknown [%u]", code &0xffff);
return buf;
}
}
@ -1505,7 +1535,7 @@ dhcp_duid2str(int len, uint8_t *p)
}
const char*
dhcp_status2str(uint8_t status)
dhcp_status2str(int status)
{
static char buf[sizeof("Unknown [255]")];
@ -1525,7 +1555,7 @@ dhcp_status2str(uint8_t status)
case DHCP_STATUS_NOPREFIXAVAIL:
return "NoPrefixAvail";
default:
snprintf(buf, sizeof(buf), "Unknown [%u]", status);
snprintf(buf, sizeof(buf), "Unknown [%u]", status & 0xff);
return buf;
}
}

30
sbin/dhcp6leased/frontend.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: frontend.c,v 1.12 2024/06/19 07:42:44 florian Exp $ */
/* $OpenBSD: frontend.c,v 1.14 2024/07/11 13:38:03 florian Exp $ */
/*
* Copyright (c) 2017, 2021, 2024 Florian Obser <florian@openbsd.org>
@ -551,6 +551,9 @@ update_iface(uint32_t if_index)
if ((flags = get_flags(if_name)) == -1)
return;
if (find_iface_conf(&frontend_conf->iface_list, if_name) == NULL)
return;
memset(&ifinfo, 0, sizeof(ifinfo));
ifinfo.if_index = if_index;
ifinfo.link_state = -1;
@ -873,8 +876,8 @@ build_packet(uint8_t message_type, struct iface *iface, char *if_name)
void
send_packet(uint8_t message_type, struct iface *iface)
{
ssize_t pkt_len;
char ifnamebuf[IF_NAMESIZE], *if_name;
ssize_t pkt_len;
char ifnamebuf[IF_NAMESIZE], *if_name, *message_name;
if (!event_initialized(&iface->udpev)) {
iface->send_solicit = 1;
@ -887,7 +890,26 @@ send_packet(uint8_t message_type, struct iface *iface)
== NULL)
return; /* iface went away, nothing to do */
log_debug("%s on %s", dhcp_message_type2str(message_type), if_name);
switch (message_type) {
case DHCPSOLICIT:
message_name = "Soliciting";
break;
case DHCPREQUEST:
message_name = "Requesting";
break;
case DHCPRENEW:
message_name = "Renewing";
break;
case DHCPREBIND:
message_name = "Rebinding";
break;
default:
message_name = NULL;
break;
}
if (message_name)
log_info("%s lease on %s", message_name, if_name);
pkt_len = build_packet(message_type, iface, if_name);

8
share/man/man4/bnxt.4
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: bnxt.4,v 1.3 2021/09/08 20:29:21 jmc Exp $
.\" $OpenBSD: bnxt.4,v 1.4 2024/07/10 07:56:21 jmatthew Exp $
.\"
.\" Copyright (c) 2018 Jonathan Matthew <jmatthew@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: September 8 2021 $
.Dd $Mdocdate: July 10 2024 $
.Dt BNXT 4
.Os
.Sh NAME
@ -41,9 +41,9 @@ Broadcom P210p Adapter (10Gb SFP+)
.It
Broadcom P210tp Adapter (10GBASE-T)
.It
Broadcom P255c Adapter (10/25Gb QSFP28)
Broadcom P225c Adapter (10/25Gb QSFP28)
.It
Broadcom P255p Adapter (10/25Gb SFP28)
Broadcom P225p Adapter (10/25Gb SFP28)
.El
.Pp
Adapters based on these chipsets are also available as LOM/Mezzanine

19
share/man/man5/port-modules.5
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: port-modules.5,v 1.269 2024/07/09 13:05:15 bentley Exp $
.\" $OpenBSD: port-modules.5,v 1.270 2024/07/11 12:55:33 bentley Exp $
.\"
.\" Copyright (c) 2008 Marc Espie
.\"
@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: July 9 2024 $
.Dd $Mdocdate: July 11 2024 $
.Dt PORT-MODULES 5
.Os
.Sh NAME
@ -697,7 +697,7 @@ it sets
.Ev MODFONT_FAMILY
should be set to the name of the font family.
This sets
.Ev MODFONT_DIR
.Ev MODFONT_FONTDIR
and
.Ev MODFONT_DOCDIR
using said family name.
@ -707,10 +707,15 @@ target is provided if the port itself does not provide it.
This installs fonts from
.Ev WRKSRC
in the distribution.
If one or more file extensions are listed in
.Ev MODFONT_TYPES ,
files of those types will be used.
Otherwise, otf files are preferred, with a fallback to ttf.
If one or more filenames (relative to
.Ev WRKSRC )
are listed in
.Ev MODFONT_FONTFILES ,
they will be installed to
.Ev MODFONT_FONTDIR .
Otherwise, otf files in
.Ev WRKSRC
will be installed, with a fallback to ttf.
If filenames (relative to
.Ev WRKSRC )
are listed in

20
sys/arch/amd64/amd64/locore0.S
View file

@ -1,4 +1,4 @@
/* $OpenBSD: locore0.S,v 1.23 2024/05/12 16:49:38 guenther Exp $ */
/* $OpenBSD: locore0.S,v 1.24 2024/07/10 12:36:13 bluhm Exp $ */
/* $NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $ */
/*
@ -314,17 +314,21 @@ cont:
NDML3_ENTRIES + NDML2_ENTRIES + 3) * NBPG)
#define fillkpt \
1: movl %eax,(%ebx) ; /* store phys addr */ \
movl $0,4(%ebx) ; /* upper 32 bits 0 */ \
addl $8,%ebx ; /* next pte/pde */ \
addl $NBPG,%eax ; /* next phys page */ \
loop 1b ; /* till finished */
pushl %ebp ; /* save */ \
movl RELOC((pg_crypt + 4)), %ebp ; /* C bit? */ \
1: movl %eax,(%ebx) ; /* store phys addr */ \
movl %ebp,4(%ebx) ; /* upper 32 bits */ \
addl $8,%ebx ; /* next pte/pde */ \
addl $NBPG,%eax ; /* next phys page */ \
loop 1b ; /* till finished */ \
popl %ebp ; /* restore */
#define fillkpt_nx \
pushl %ebp ; /* save */ \
1: movl %eax,(%ebx) ; /* store phys addr */ \
movl RELOC((pg_nx + 4)), %ebp ; /* NX bit? */ \
orl RELOC((pg_crypt + 4)), %ebp ; /* C bit? */ \
1: movl %eax,(%ebx) ; /* store phys addr */ \
movl %ebp,4(%ebx) ; /* upper 32 bits */ \
addl $8,%ebx ; /* next pte/pde */ \
addl $NBPG,%eax ; /* next phys page */ \
@ -510,6 +514,7 @@ store_pte:
movl %eax, (%ebx)
pushl %ebp
movl RELOC((pg_nx + 4)), %ebp
orl RELOC((pg_crypt + 4)), %ebp
movl %ebp, 4(%ebx)
popl %ebp
addl $8, %ebx
@ -535,6 +540,7 @@ store_pte:
movl %eax,(%ebx)
pushl %ebp
movl RELOC((pg_nx + 4)), %ebp
orl RELOC((pg_crypt + 4)), %ebp
movl %ebp, 4(%ebx)
popl %ebp

23
sys/arch/amd64/include/vmmvar.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmmvar.h,v 1.102 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: vmmvar.h,v 1.103 2024/07/10 09:27:32 dv Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -88,15 +88,15 @@
#define VMX_EXIT_XSAVES 63
#define VMX_EXIT_XRSTORS 64
#define VM_EXIT_TERMINATED 0xFFFE
#define VM_EXIT_NONE 0xFFFF
/*
* VMX: Misc defines
*/
#define VMX_MAX_CR3_TARGETS 256
#define VMX_VMCS_PA_CLEAR 0xFFFFFFFFFFFFFFFFUL
#define VM_EXIT_TERMINATED 0xFFFE
#define VM_EXIT_NONE 0xFFFF
/*
* SVM: Intercept codes (exit reasons)
*/
@ -473,20 +473,6 @@ struct vm_intr_params {
uint16_t vip_intr;
};
#define VM_RWVMPARAMS_PVCLOCK_SYSTEM_GPA 0x1 /* read/write pvclock gpa */
#define VM_RWVMPARAMS_PVCLOCK_VERSION 0x2 /* read/write pvclock version */
#define VM_RWVMPARAMS_ALL (VM_RWVMPARAMS_PVCLOCK_SYSTEM_GPA | \
VM_RWVMPARAMS_PVCLOCK_VERSION)
struct vm_rwvmparams_params {
/* Input parameters to VMM_IOC_READVMPARAMS/VMM_IOC_WRITEVMPARAMS */
uint32_t vpp_vm_id;
uint32_t vpp_vcpu_id;
uint32_t vpp_mask;
paddr_t vpp_pvclock_system_gpa;
uint32_t vpp_pvclock_version;
};
#define VM_RWREGS_GPRS 0x1 /* read/write GPRs */
#define VM_RWREGS_SREGS 0x2 /* read/write segment registers */
#define VM_RWREGS_CRS 0x4 /* read/write CRs */
@ -936,7 +922,6 @@ int vm_impl_init(struct vm *, struct proc *);
void vm_impl_deinit(struct vm *);
int vcpu_init(struct vcpu *);
void vcpu_deinit(struct vcpu *);
int vm_rwvmparams(struct vm_rwvmparams_params *, int);
int vm_rwregs(struct vm_rwregs_params *, int);
int vcpu_reset_regs(struct vcpu *, struct vcpu_reg_state *);

101
sys/arch/arm64/arm64/cpu.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.123 2024/07/02 19:59:54 kettenis Exp $ */
/* $OpenBSD: cpu.c,v 1.125 2024/07/11 12:07:39 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@ -245,6 +245,7 @@ uint64_t cpu_id_aa64pfr0;
uint64_t cpu_id_aa64pfr1;
int arm64_has_lse;
int arm64_has_rng;
#ifdef CRYPTO
int arm64_has_aes;
#endif
@ -273,8 +274,12 @@ struct cfdriver cpu_cd = {
NULL, "cpu", DV_DULL
};
struct timeout cpu_rng_to;
void cpu_rng(void *);
void cpu_opp_init(struct cpu_info *, uint32_t);
void cpu_psci_init(struct cpu_info *);
void cpu_psci_idle_cycle(void);
void cpu_flush_bp_noop(void);
void cpu_flush_bp_psci(void);
@ -285,6 +290,25 @@ void cpu_kstat_attach(struct cpu_info *ci);
void cpu_opp_kstat_attach(struct cpu_info *ci);
#endif
void
cpu_rng(void *arg)
{
struct timeout *to = arg;
uint64_t rndr;
int ret;
ret = __builtin_arm_rndrrs(&rndr);
if (ret)
ret = __builtin_arm_rndr(&rndr);
if (ret == 0) {
enqueue_randomness(rndr & 0xffffffff);
enqueue_randomness(rndr >> 32);
}
if (to)
timeout_add_msec(to, 1000);
}
/*
* Enable mitigation for Spectre-V2 branch target injection
* vulnerabilities (CVE-2017-5715).
@ -666,6 +690,7 @@ cpu_identify(struct cpu_info *ci)
if (ID_AA64ISAR0_RNDR(id) >= ID_AA64ISAR0_RNDR_IMPL) {
printf("%sRNDR", sep);
sep = ",";
arm64_has_rng = 1;
}
if (ID_AA64ISAR0_TLB(id) >= ID_AA64ISAR0_TLB_IOS) {
@ -1138,6 +1163,11 @@ cpu_attach(struct device *parent, struct device *dev, void *aux)
}
cpu_init();
if (arm64_has_rng) {
timeout_set(&cpu_rng_to, cpu_rng, &cpu_rng_to);
cpu_rng(&cpu_rng_to);
}
#ifdef MULTIPROCESSOR
}
#endif
@ -1955,6 +1985,51 @@ cpu_psci_init(struct cpu_info *ci)
uint32_t cluster;
int idx, len, node;
/*
* Find the shallowest (for now) idle state for this CPU.
* This should be the first one that is listed. We'll use it
* in the idle loop.
*/
len = OF_getproplen(ci->ci_node, "cpu-idle-states");
if (len < (int)sizeof(uint32_t))
return;
states = malloc(len, M_TEMP, M_WAITOK);
OF_getpropintarray(ci->ci_node, "cpu-idle-states", states, len);
node = OF_getnodebyphandle(states[0]);
free(states, M_TEMP, len);
if (node) {
uint32_t entry, exit, residency, param;
int32_t features;
param = OF_getpropint(node, "arm,psci-suspend-param", 0);
entry = OF_getpropint(node, "entry-latency-us", 0);
exit = OF_getpropint(node, "exit-latency-us", 0);
residency = OF_getpropint(node, "min-residency-us", 0);
ci->ci_psci_idle_latency += entry + exit + 2 * residency;
/* Skip states that stop the local timer. */
if (OF_getpropbool(node, "local-timer-stop"))
ci->ci_psci_idle_param = 0;
/* Skip powerdown states. */
features = psci_features(CPU_SUSPEND);
if (features == PSCI_NOT_SUPPORTED ||
(features & PSCI_FEATURE_POWER_STATE_EXT) == 0) {
if (param & PSCI_POWER_STATE_POWERDOWN)
param = 0;
} else {
if (param & PSCI_POWER_STATE_EXT_POWERDOWN)
param = 0;
}
if (param) {
ci->ci_psci_idle_param = param;
cpu_idle_cycle_fcn = cpu_psci_idle_cycle;
}
}
/*
* Hunt for the deepest idle state for this CPU. This is
* fairly complicated as it requires traversing quite a few
@ -2052,6 +2127,30 @@ cpu_psci_init(struct cpu_info *ci)
OF_getpropint(node, "arm,psci-suspend-param", 0);
}
void
cpu_psci_idle_cycle(void)
{
struct cpu_info *ci = curcpu();
struct timeval start, stop;
u_long itime;
microuptime(&start);
if (ci->ci_prev_sleep > ci->ci_psci_idle_latency)
psci_cpu_suspend(ci->ci_psci_idle_param, 0, 0);
else
cpu_wfi();
microuptime(&stop);
timersub(&stop, &start, &stop);
itime = stop.tv_sec * 1000000 + stop.tv_usec;
ci->ci_last_itime = itime;
itime >>= 1;
ci->ci_prev_sleep = (ci->ci_prev_sleep + (ci->ci_prev_sleep >> 1)
+ itime) >> 1;
}
#if NKSTAT > 0
struct cpu_kstats {

4
sys/arch/arm64/conf/Makefile.arm64
View file

@ -1,4 +1,4 @@
# $OpenBSD: Makefile.arm64,v 1.48 2024/07/02 10:25:16 kettenis Exp $
# $OpenBSD: Makefile.arm64,v 1.49 2024/07/11 12:07:40 kettenis Exp $
# For instructions on building kernels consult the config(8) and options(4)
# manual pages.
@ -56,7 +56,7 @@ CWARNFLAGS= -Werror -Wall -Wimplicit-function-declaration \
-Wno-unused-but-set-variable -Wno-gnu-folding-constant \
-Wframe-larger-than=2047
CMACHFLAGS= -march=armv8-a+nofp+nosimd \
CMACHFLAGS= -march=armv8-a+nofp+nosimd+rng \
-fno-omit-frame-pointer -mno-omit-leaf-frame-pointer \
-ffixed-x18
CMACHFLAGS+= -ffreestanding ${NOPIE_FLAGS}

4
sys/arch/arm64/include/cpu.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.h,v 1.47 2024/05/01 12:54:27 mpi Exp $ */
/* $OpenBSD: cpu.h,v 1.48 2024/07/10 11:01:24 kettenis Exp $ */
/*
* Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
*
@ -146,6 +146,8 @@ struct cpu_info {
uint64_t ci_ttbr1;
vaddr_t ci_el1_stkend;
uint32_t ci_psci_idle_latency;
uint32_t ci_psci_idle_param;
uint32_t ci_psci_suspend_param;
struct opp_table *ci_opp_table;

7
sys/arch/arm64/include/efivar.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: efivar.h,v 1.1 2023/01/14 12:11:11 kettenis Exp $ */
/* $OpenBSD: efivar.h,v 1.2 2024/07/10 10:53:55 kettenis Exp $ */
/*
* Copyright (c) 2022 Mark Kettenis <kettenis@openbsd.org>
*
@ -30,6 +30,11 @@ struct efi_softc {
struct todr_chip_handle sc_todr;
};
extern EFI_GET_VARIABLE efi_get_variable;
extern EFI_SET_VARIABLE efi_set_variable;
extern EFI_GET_NEXT_VARIABLE_NAME efi_get_next_variable_name;
void efi_enter(struct efi_softc *);
void efi_leave(struct efi_softc *);

91
sys/arch/arm64/include/vmmvar.h Normal file
View file

@ -0,0 +1,91 @@
/* $OpenBSD: vmmvar.h,v 1.1 2024/07/10 10:41:19 dv Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/*
* CPU capabilities for VMM operation
*/
#ifndef _MACHINE_VMMVAR_H_
#define _MACHINE_VMMVAR_H_
#define VMM_HV_SIGNATURE "OpenBSDVMM58"
#define VMM_PCI_MMIO_BAR_BASE 0xF0000000ULL
#define VMM_PCI_MMIO_BAR_END 0xFFDFFFFFULL /* 2 MiB below 4 GiB */
/* Exit Reasons */
#define VM_EXIT_TERMINATED 0xFFFE
#define VM_EXIT_NONE 0xFFFF
struct vmm_softc_md {
/* Capabilities */
uint32_t nr_cpus; /* [I] */
};
/*
* struct vcpu_inject_event : describes an exception or interrupt to inject.
*/
struct vcpu_inject_event {
uint8_t vie_vector; /* Exception or interrupt vector. */
uint32_t vie_errorcode; /* Optional error code. */
uint8_t vie_type;
#define VCPU_INJECT_NONE 0
#define VCPU_INJECT_INTR 1 /* External hardware interrupt. */
#define VCPU_INJECT_EX 2 /* HW or SW Exception */
#define VCPU_INJECT_NMI 3 /* Non-maskable Interrupt */
};
#define VCPU_REGS_NGPRS 31
struct vcpu_reg_state {
uint64_t vrs_gprs[VCPU_REGS_NGPRS];
};
/*
* struct vm_exit
*
* Contains VM exit information communicated to vmd(8). This information is
* gathered by vmm(4) from the CPU on each exit that requires help from vmd.
*/
struct vm_exit {
struct vcpu_reg_state vrs;
};
struct vm_intr_params {
/* Input parameters to VMM_IOC_INTR */
uint32_t vip_vm_id;
uint32_t vip_vcpu_id;
uint16_t vip_intr;
};
#define VM_RWREGS_GPRS 0x1 /* read/write GPRs */
#define VM_RWREGS_ALL (VM_RWREGS_GPRS)
struct vm_rwregs_params {
/*
* Input/output parameters to VMM_IOC_READREGS /
* VMM_IOC_WRITEREGS
*/
uint32_t vrwp_vm_id;
uint32_t vrwp_vcpu_id;
uint64_t vrwp_mask;
struct vcpu_reg_state vrwp_regs;
};
/* IOCTL definitions */
#define VMM_IOC_INTR _IOW('V', 6, struct vm_intr_params) /* Intr pending */
#endif /* ! _MACHINE_VMMVAR_H_ */

5
sys/arch/arm64/stand/efiboot/efiboot.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: efiboot.c,v 1.56 2024/07/07 09:38:44 patrick Exp $ */
/* $OpenBSD: efiboot.c,v 1.57 2024/07/10 18:46:42 patrick Exp $ */
/*
* Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@ -588,7 +588,8 @@ efi_dma_constraint(void)
fdt_node_is_compatible(node, "rockchip,rk3588") ||
fdt_node_is_compatible(node, "rockchip,rk3588s"))
dma_constraint[1] = htobe64(0xffffffff);
if (fdt_node_is_compatible(node, "lenovo,thinkpad-x13s"))
if (fdt_node_is_compatible(node, "qcom,sc8280xp") ||
fdt_node_is_compatible(node, "qcom,x1e80100"))
dma_constraint[1] = htobe64(0xffffffff);
/* Pass DMA constraint. */

57
sys/dev/efi/efi.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: efi.c,v 1.1 2023/01/14 12:11:11 kettenis Exp $ */
/* $OpenBSD: efi.c,v 1.2 2024/07/10 10:53:55 kettenis Exp $ */
/*
* Copyright (c) 2022 3mdeb <contact@3mdeb.com>
*
@ -33,6 +33,10 @@ int efiioc_var_next(struct efi_softc *sc, void *);
int efiioc_var_set(struct efi_softc *sc, void *);
int efi_adapt_error(EFI_STATUS);
EFI_GET_VARIABLE efi_get_variable;
EFI_SET_VARIABLE efi_set_variable;
EFI_GET_NEXT_VARIABLE_NAME efi_get_next_variable_name;
int
efiopen(dev_t dev, int flag, int mode, struct proc *p)
{
@ -142,13 +146,18 @@ efiioc_var_get(struct efi_softc *sc, void *data)
goto leave;
}
if (efi_enter_check(sc)) {
error = ENOSYS;
goto leave;
if (efi_get_variable) {
status = efi_get_variable(name, (EFI_GUID *)&ioc->vendor,
&ioc->attrib, &ioc->datasize, value);
} else {
if (efi_enter_check(sc)) {
error = ENOSYS;
goto leave;
}
status = sc->sc_rs->GetVariable(name, (EFI_GUID *)&ioc->vendor,
&ioc->attrib, &ioc->datasize, value);
efi_leave(sc);
}
status = sc->sc_rs->GetVariable(name, (EFI_GUID *)&ioc->vendor,
&ioc->attrib, &ioc->datasize, value);
efi_leave(sc);
if (status == EFI_BUFFER_TOO_SMALL) {
/*
@ -183,13 +192,18 @@ efiioc_var_next(struct efi_softc *sc, void *data)
if (error)
goto leave;
if (efi_enter_check(sc)) {
error = ENOSYS;
goto leave;
if (efi_get_next_variable_name) {
status = efi_get_next_variable_name(&ioc->namesize,
name, (EFI_GUID *)&ioc->vendor);
} else {
if (efi_enter_check(sc)) {
error = ENOSYS;
goto leave;
}
status = sc->sc_rs->GetNextVariableName(&ioc->namesize,
name, (EFI_GUID *)&ioc->vendor);
efi_leave(sc);
}
status = sc->sc_rs->GetNextVariableName(&ioc->namesize,
name, (EFI_GUID *)&ioc->vendor);
efi_leave(sc);
if (status == EFI_BUFFER_TOO_SMALL) {
/*
@ -242,13 +256,18 @@ efiioc_var_set(struct efi_softc *sc, void *data)
goto leave;
}
if (efi_enter_check(sc)) {
error = ENOSYS;
goto leave;
if (efi_set_variable) {
status = efi_set_variable(name, (EFI_GUID *)&ioc->vendor,
ioc->attrib, ioc->datasize, value);
} else {
if (efi_enter_check(sc)) {
error = ENOSYS;
goto leave;
}
status = sc->sc_rs->SetVariable(name, (EFI_GUID *)&ioc->vendor,
ioc->attrib, ioc->datasize, value);
efi_leave(sc);
}
status = sc->sc_rs->SetVariable(name, (EFI_GUID *)&ioc->vendor,
ioc->attrib, ioc->datasize, value);
efi_leave(sc);
error = efi_adapt_error(status);

23
sys/dev/fdt/psci.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: psci.c,v 1.16 2024/04/13 14:20:48 kettenis Exp $ */
/* $OpenBSD: psci.c,v 1.17 2024/07/10 11:01:24 kettenis Exp $ */
/*
* Copyright (c) 2016 Jonathan Gray <jsg@openbsd.org>
@ -37,27 +37,6 @@ extern void (*powerdownfn)(void);
#define SMCCC_ARCH_WORKAROUND_2 0x80007fff
#define SMCCC_ARCH_WORKAROUND_3 0x80003fff
#define PSCI_VERSION 0x84000000
#ifdef __LP64__
#define CPU_SUSPEND 0xc4000001
#else
#define CPU_SUSPEND 0x84000001
#endif
#define CPU_OFF 0x84000002
#ifdef __LP64__
#define CPU_ON 0xc4000003
#else
#define CPU_ON 0x84000003
#endif
#define SYSTEM_OFF 0x84000008
#define SYSTEM_RESET 0x84000009
#define PSCI_FEATURES 0x8400000a
#ifdef __LP64__
#define SYSTEM_SUSPEND 0xc400000e
#else
#define SYSTEM_SUSPEND 0x8400000e
#endif
struct psci_softc {
struct device sc_dev;
register_t (*sc_callfn)(register_t, register_t, register_t,

26
sys/dev/fdt/pscivar.h
View file

@ -10,12 +10,38 @@
#define PSCI_METHOD_HVC 1
#define PSCI_METHOD_SMC 2
#define PSCI_VERSION 0x84000000
#ifdef __LP64__
#define CPU_SUSPEND 0xc4000001
#else
#define CPU_SUSPEND 0x84000001
#endif
#define CPU_OFF 0x84000002
#ifdef __LP64__
#define CPU_ON 0xc4000003
#else
#define CPU_ON 0x84000003
#endif
#define SYSTEM_OFF 0x84000008
#define SYSTEM_RESET 0x84000009
#define PSCI_FEATURES 0x8400000a
#ifdef __LP64__
#define SYSTEM_SUSPEND 0xc400000e
#else
#define SYSTEM_SUSPEND 0x8400000e
#endif
#define PSCI_FEATURE_POWER_STATE_EXT (1 << 1)
#define PSCI_POWER_STATE_POWERDOWN (1 << 16)
#define PSCI_POWER_STATE_EXT_POWERDOWN (1 << 30)
int psci_can_suspend(void);
int32_t psci_system_suspend(register_t, register_t);
int32_t psci_cpu_on(register_t, register_t, register_t);
int32_t psci_cpu_off(void);
int32_t psci_cpu_suspend(register_t, register_t, register_t);
int32_t psci_features(uint32_t);
void psci_flush_bp(void);
int psci_method(void);

87
sys/dev/fdt/qcscm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: qcscm.c,v 1.7 2024/07/04 20:11:46 kettenis Exp $ */
/* $OpenBSD: qcscm.c,v 1.8 2024/07/10 10:53:55 kettenis Exp $ */
/*
* Copyright (c) 2022 Patrick Wildt <patrick@blueri.se>
*
@ -33,11 +33,14 @@
#include <machine/fdt.h>
#include <dev/efi/efi.h>
#include <machine/efivar.h>
#include <dev/ofw/openfirm.h>
#include <dev/ofw/ofw_misc.h>
#include <dev/ofw/fdt.h>
#include "efi.h"
/* #define QCSCM_DEBUG */
#define ARM_SMCCC_STD_CALL (0U << 31)
@ -142,6 +145,12 @@ EFI_STATUS qcscm_uefi_set_variable(struct qcscm_softc *, CHAR16 *,
EFI_STATUS qcscm_uefi_get_next_variable(struct qcscm_softc *,
CHAR16 *, int *, EFI_GUID *);
EFI_STATUS qcscm_efi_get_variable(CHAR16 *, EFI_GUID *, UINT32 *,
UINTN *, VOID *);
EFI_STATUS qcscm_efi_set_variable(CHAR16 *, EFI_GUID *, UINT32,
UINTN, VOID *);
EFI_STATUS qcscm_efi_get_next_variable_name(UINTN *, CHAR16 *, EFI_GUID *);
#ifdef QCSCM_DEBUG
void qcscm_uefi_dump_variables(struct qcscm_softc *);
void qcscm_uefi_dump_variable(struct qcscm_softc *, CHAR16 *, int,
@ -188,6 +197,12 @@ qcscm_attach(struct device *parent, struct device *self, void *aux)
printf("\n");
qcscm_sc = sc;
#if NEFI > 0
efi_get_variable = qcscm_efi_get_variable;
efi_set_variable = qcscm_efi_set_variable;
efi_get_next_variable_name = qcscm_efi_get_next_variable_name;
#endif
#ifdef QCSCM_DEBUG
qcscm_uefi_dump_variables(sc);
qcscm_uefi_dump_variable(sc, u"RTCInfo", sizeof(u"RTCInfo"),
@ -418,7 +433,7 @@ qcscm_uefi_get_variable(struct qcscm_softc *sc,
resp = QCSCM_DMA_KVA(qdm) + respoff;
if (resp->command_id != QCTEE_UEFI_GET_VARIABLE ||
resp->length < sizeof(*resp) || resp->length > respsize) {
resp->length < sizeof(*resp)) {
qcscm_dmamem_free(sc, qdm);
return QCTEE_UEFI_DEVICE_ERROR;
}
@ -433,7 +448,8 @@ qcscm_uefi_get_variable(struct qcscm_softc *sc,
return ret;
}
if (resp->data_offset + resp->data_size > resp->length) {
if (resp->length > respsize ||
resp->data_offset + resp->data_size > resp->length) {
qcscm_dmamem_free(sc, qdm);
return QCTEE_UEFI_DEVICE_ERROR;
}
@ -641,7 +657,71 @@ qcscm_uefi_get_next_variable(struct qcscm_softc *sc,
return QCTEE_UEFI_SUCCESS;
}
#if NEFI > 0
EFI_STATUS
qcscm_efi_get_variable(CHAR16 *name, EFI_GUID *guid, UINT32 *attributes,
UINTN *data_size, VOID *data)
{
struct qcscm_softc *sc = qcscm_sc;
EFI_STATUS status;
int name_size;
int size;
name_size = 0;
while (name[name_size])
name_size++;
name_size++;
size = *data_size;
status = qcscm_uefi_get_variable(sc, name, name_size * 2, guid,
attributes, data, &size);
*data_size = size;
/* Convert 32-bit status code to 64-bit. */
return ((status & 0xf0000000) << 32 | (status & 0x0fffffff));
}
EFI_STATUS
qcscm_efi_set_variable(CHAR16 *name, EFI_GUID *guid, UINT32 attributes,
UINTN data_size, VOID *data)
{
struct qcscm_softc *sc = qcscm_sc;
EFI_STATUS status;
int name_size;
name_size = 0;
while (name[name_size])
name_size++;
name_size++;
status = qcscm_uefi_set_variable(sc, name, name_size * 2, guid,
attributes, data, data_size);
/* Convert 32-bit status code to 64-bit. */
return ((status & 0xf0000000) << 32 | (status & 0x0fffffff));
}
EFI_STATUS
qcscm_efi_get_next_variable_name(UINTN *name_size, CHAR16 *name,
EFI_GUID *guid)
{
struct qcscm_softc *sc = qcscm_sc;
EFI_STATUS status;
int size;
size = *name_size;
status = qcscm_uefi_get_next_variable(sc, name, &size, guid);
*name_size = size;
/* Convert 32-bit status code to 64-bit. */
return ((status & 0xf0000000) << 32 | (status & 0x0fffffff));
}
#endif
#ifdef QCSCM_DEBUG
void
qcscm_uefi_dump_variables(struct qcscm_softc *sc)
{
@ -699,6 +779,7 @@ qcscm_uefi_dump_variable(struct qcscm_softc *sc, CHAR16 *name, int namesize,
printf("%02x", data[i]);
printf("\n");
}
#endif
int

8
sys/dev/pci/drm/include/linux/fb.h
View file

@ -60,11 +60,9 @@ struct fb_info {
#define FBINFO_STATE_RUNNING 0
#define FBINFO_STATE_SUSPENDED 1
#define FBINFO_DEFAULT 0
#define FBINFO_VIRTFB 1
#define FBINFO_READS_FAST 2
#define FBINFO_HIDE_SMEM_START 0
#define FBINFO_VIRTFB 0x0001
#define FBINFO_READS_FAST 0x0002
#define FBINFO_HIDE_SMEM_START 0x0004
#define FB_ROTATE_UR 0
#define FB_ROTATE_CW 1

29
sys/dev/pci/if_iavf.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: if_iavf.c,v 1.14 2024/07/09 16:04:15 jmatthew Exp $ */
/* $OpenBSD: if_iavf.c,v 1.17 2024/07/10 09:50:28 jmatthew Exp $ */
/*
* Copyright (c) 2013-2015, Intel Corporation
@ -1115,7 +1115,7 @@ iavf_config_hena(struct iavf_softc *sc)
iaq.iaq_flags = htole16(IAVF_AQ_BUF | IAVF_AQ_RD);
iaq.iaq_opcode = htole16(IAVF_AQ_OP_SEND_TO_PF);
iaq.iaq_vc_opcode = htole32(IAVF_VC_OP_SET_RSS_HENA);
iaq.iaq_datalen = htole32(sizeof(*caps));
iaq.iaq_datalen = htole16(sizeof(*caps));
iavf_aq_dva(&iaq, IAVF_DMA_DVA(&sc->sc_scratch));
caps = IAVF_DMA_KVA(&sc->sc_scratch);
@ -2393,11 +2393,15 @@ iavf_atq_done(struct iavf_softc *sc)
unsigned int cons;
unsigned int prod;
mtx_enter(&sc->sc_atq_mtx);
prod = sc->sc_atq_prod;
cons = sc->sc_atq_cons;
if (prod == cons)
if (prod == cons) {
mtx_leave(&sc->sc_atq_mtx);
return;
}
atq = IAVF_DMA_KVA(&sc->sc_atq);
@ -2421,6 +2425,8 @@ iavf_atq_done(struct iavf_softc *sc)
BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE);
sc->sc_atq_cons = cons;
mtx_leave(&sc->sc_atq_mtx);
}
static int
@ -2429,6 +2435,8 @@ iavf_atq_post(struct iavf_softc *sc, struct iavf_aq_desc *iaq)
struct iavf_aq_desc *atq, *slot;
unsigned int prod;
mtx_enter(&sc->sc_atq_mtx);
atq = IAVF_DMA_KVA(&sc->sc_atq);
prod = sc->sc_atq_prod;
slot = atq + prod;
@ -2446,6 +2454,9 @@ iavf_atq_post(struct iavf_softc *sc, struct iavf_aq_desc *iaq)
prod &= IAVF_AQ_MASK;
sc->sc_atq_prod = prod;
iavf_wr(sc, sc->sc_aq_regs->atq_tail, prod);
mtx_leave(&sc->sc_atq_mtx);
return (prod);
}
@ -2554,15 +2565,15 @@ iavf_config_irq_map(struct iavf_softc *sc)
iavf_aq_dva(&iaq, IAVF_DMA_DVA(&sc->sc_scratch));
map = IAVF_DMA_KVA(&sc->sc_scratch);
map->num_vectors = letoh16(1);
map->num_vectors = htole16(1);
vec = map->vecmap;
vec[0].vsi_id = letoh16(sc->sc_vsi_id);
vec[0].vsi_id = htole16(sc->sc_vsi_id);
vec[0].vector_id = 0;
vec[0].rxq_map = letoh16(iavf_allqueues(sc));
vec[0].txq_map = letoh16(iavf_allqueues(sc));
vec[0].rxitr_idx = IAVF_NOITR;
vec[0].txitr_idx = IAVF_NOITR;
vec[0].rxq_map = htole16(iavf_allqueues(sc));
vec[0].txq_map = htole16(iavf_allqueues(sc));
vec[0].rxitr_idx = htole16(IAVF_NOITR);
vec[0].txitr_idx = htole16(IAVF_NOITR);
bus_dmamap_sync(sc->sc_dmat, IAVF_DMA_MAP(&sc->sc_scratch), 0, IAVF_DMA_LEN(&sc->sc_scratch),
BUS_DMASYNC_PREREAD);

17
sys/dev/vmm/vmm.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmm.h,v 1.5 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: vmm.h,v 1.6 2024/07/10 10:41:19 dv Exp $ */
/*
* Copyright (c) 2014-2023 Mike Larkin <mlarkin@openbsd.org>
*
@ -108,6 +108,20 @@ struct vm_run_params {
uint8_t vrp_irqready; /* ready for IRQ on entry */
};
#define VM_RWVMPARAMS_PVCLOCK_SYSTEM_GPA 0x1 /* read/write pvclock gpa */
#define VM_RWVMPARAMS_PVCLOCK_VERSION 0x2 /* read/write pvclock version */
#define VM_RWVMPARAMS_ALL (VM_RWVMPARAMS_PVCLOCK_SYSTEM_GPA | \
VM_RWVMPARAMS_PVCLOCK_VERSION)
struct vm_rwvmparams_params {
/* Input parameters to VMM_IOC_READVMPARAMS/VMM_IOC_WRITEVMPARAMS */
uint32_t vpp_vm_id;
uint32_t vpp_vcpu_id;
uint32_t vpp_mask;
paddr_t vpp_pvclock_system_gpa;
uint32_t vpp_pvclock_version;
};
/* IOCTL definitions */
#define VMM_IOC_CREATE _IOWR('V', 1, struct vm_create_params) /* Create VM */
#define VMM_IOC_RUN _IOWR('V', 2, struct vm_run_params) /* Run VCPU */
@ -225,6 +239,7 @@ void vm_teardown(struct vm **);
int vm_get_info(struct vm_info_params *);
int vm_terminate(struct vm_terminate_params *);
int vm_resetcpu(struct vm_resetcpu_params *);
int vm_rwvmparams(struct vm_rwvmparams_params *, int);
int vcpu_must_stop(struct vcpu *);
int vm_share_mem(struct vm_sharemem_params *, struct proc *);
int vm_run(struct vm_run_params *);

49
sys/kern/kern_sig.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kern_sig.c,v 1.331 2024/07/09 09:22:50 claudio Exp $ */
/* $OpenBSD: kern_sig.c,v 1.332 2024/07/10 12:28:46 claudio Exp $ */
/* $NetBSD: kern_sig.c,v 1.54 1996/04/22 01:38:32 christos Exp $ */
/*
@ -1078,7 +1078,12 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
*/
if (signum == SIGKILL) {
atomic_clearbits_int(&p->p_flag, P_SUSPSIG);
goto runfast;
/* Raise priority to at least PUSER. */
if (p->p_usrpri > PUSER)
p->p_usrpri = PUSER;
unsleep(p);
setrunnable(p);
goto out;
}
if (prop & SA_CONT) {
@ -1097,10 +1102,19 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
wakeparent = 1;
if (action == SIG_DFL)
mask = 0;
if (action == SIG_CATCH)
goto runfast;
if (p->p_wchan == NULL)
goto run;
if (action == SIG_CATCH) {
/* Raise priority to at least PUSER. */
if (p->p_usrpri > PUSER)
p->p_usrpri = PUSER;
unsleep(p);
setrunnable(p);
goto out;
}
if (p->p_wchan == NULL) {
unsleep(p);
setrunnable(p);
goto out;
}
atomic_clearbits_int(&p->p_flag, P_WSLEEP);
p->p_stat = SSLEEP;
goto out;
@ -1146,8 +1160,11 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
* so it can discover the signal in cursig() and stop
* for the parent.
*/
if (pr->ps_flags & PS_TRACED)
goto run;
if (pr->ps_flags & PS_TRACED) {
unsleep(p);
setrunnable(p);
goto out;
}
/*
* Recheck sigmask before waking up the process,
@ -1206,8 +1223,13 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
/*
* All other (caught or default) signals
* cause the process to run.
* Raise priority to at least PUSER.
*/
goto runfast;
if (p->p_usrpri > PUSER)
p->p_usrpri = PUSER;
unsleep(p);
setrunnable(p);
goto out;
/* NOTREACHED */
case SONPROC:
@ -1229,15 +1251,6 @@ ptsignal(struct proc *p, int signum, enum signal_type type)
}
/* NOTREACHED */
runfast:
/*
* Raise priority to at least PUSER.
*/
if (p->p_usrpri > PUSER)
p->p_usrpri = PUSER;
run:
unsleep(p);
setrunnable(p);
out:
/* finally adjust siglist */
if (mask)

39
sys/kern/kern_sysctl.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: kern_sysctl.c,v 1.428 2024/07/08 13:17:12 claudio Exp $ */
/* $OpenBSD: kern_sysctl.c,v 1.429 2024/07/11 14:11:55 bluhm Exp $ */
/* $NetBSD: kern_sysctl.c,v 1.17 1996/05/20 17:49:05 mrg Exp $ */
/*-
@ -41,6 +41,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/atomic.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/pool.h>
@ -1005,19 +1006,39 @@ int
sysctl_int_bounded(void *oldp, size_t *oldlenp, void *newp, size_t newlen,
int *valp, int minimum, int maximum)
{
int val = *valp;
int oldval, newval;
int error;
/* read only */
if (newp == NULL || minimum > maximum)
return (sysctl_rdint(oldp, oldlenp, newp, val));
if (newp != NULL && minimum > maximum)
return (EPERM);
if ((error = sysctl_int(oldp, oldlenp, newp, newlen, &val)))
return (error);
/* outside limits */
if (val < minimum || maximum < val)
if (oldp != NULL && *oldlenp < sizeof(int))
return (ENOMEM);
if (newp != NULL && newlen != sizeof(int))
return (EINVAL);
*valp = val;
*oldlenp = sizeof(int);
/* copyin() may sleep, call it first */
if (newp != NULL) {
if ((error = copyin(newp, &newval, sizeof(int))))
return (error);
/* outside limits */
if (newval < minimum || maximum < newval)
return (EINVAL);
}
if (oldp != NULL) {
if (newp != NULL)
oldval = atomic_swap_uint(valp, newval);
else
oldval = atomic_load_int(valp);
if ((error = copyout(&oldval, oldp, sizeof(int)))) {
/* new value has been set although user gets error */
return (error);
}
} else if (newp != NULL)
atomic_store_int(valp, newval);
return (0);
}

6
sys/kern/vfs_syscalls.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vfs_syscalls.c,v 1.365 2024/05/18 05:20:22 guenther Exp $ */
/* $OpenBSD: vfs_syscalls.c,v 1.366 2024/07/10 09:12:11 krw Exp $ */
/* $NetBSD: vfs_syscalls.c,v 1.71 1996/04/23 10:29:02 mycroft Exp $ */
/*
@ -697,10 +697,6 @@ sys_getfsstat(struct proc *p, void *v, register_t *retval)
}
sp->f_flags = mp->mnt_flag & MNT_VISFLAGMASK;
#if notyet
if (mp->mnt_flag & MNT_SOFTDEP)
sp->f_eflags = STATFS_SOFTUPD;
#endif
error = (copyout_statfs(sp, sfsp, p));
if (error) {
vfs_unbusy(mp);

8
usr.bin/mg/mg.1
View file

@ -1,7 +1,7 @@
.\" $OpenBSD: mg.1,v 1.138 2024/07/09 14:51:37 op Exp $
.\" $OpenBSD: mg.1,v 1.139 2024/07/10 05:19:02 jmc Exp $
.\" This file is in the public domain.
.\"
.Dd $Mdocdate: July 9 2024 $
.Dd $Mdocdate: July 10 2024 $
.Dt MG 1
.Os
.Sh NAME
@ -938,11 +938,11 @@ Set the tab width for the current buffer, or the default for new buffers
if called with a prefix argument or from the startup file.
.It Ic shell-command
Execute external command from mini-buffer.
With an universal argument it inserts the command output into the current
With a universal argument it inserts the command output into the current
buffer.
.It Ic shell-command-on-region
Provide the text in region to the shell command as input.
With an universal argument it replaces the region with the command
With a universal argument it replaces the region with the command
output.
.It Ic shrink-window
Shrink current window by one line.

6
usr.bin/ssh/sshd_config.5
View file

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.366 2024/07/04 22:53:59 djm Exp $
.Dd $Mdocdate: July 4 2024 $
.\" $OpenBSD: sshd_config.5,v 1.367 2024/07/10 21:58:34 djm Exp $
.Dd $Mdocdate: July 10 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -1579,7 +1579,7 @@ accumulated.
.Pp
Penalties are enabled by default with the default settings listed below
but may disabled using the
.Cm off
.Cm no
keyword.
The defaults may be overridden by specifying one or more of the keywords below,
separated by whitespace.

12
usr.sbin/npppd/npppd/npppd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: npppd.c,v 1.53 2022/07/01 09:57:24 mvs Exp $ */
/* $OpenBSD: npppd.c,v 1.54 2024/07/11 14:05:59 yasuoka Exp $ */
/*-
* Copyright (c) 2005-2008,2009 Internet Initiative Japan Inc.
@ -29,7 +29,7 @@
* Next pppd(nppd). This file provides a npppd daemon process and operations
* for npppd instance.
* @author Yasuoka Masahiko
* $Id: npppd.c,v 1.53 2022/07/01 09:57:24 mvs Exp $
* $Id: npppd.c,v 1.54 2024/07/11 14:05:59 yasuoka Exp $
*/
#include "version.h"
#include <sys/param.h> /* ALIGNED_POINTER */
@ -101,7 +101,6 @@ static void npppd_timer(int, short, void *);
static void npppd_auth_finalizer_periodic(npppd *);
static int rd2slist_walk (struct radish *, void *);
static int rd2slist (struct radish_head *, slist *);
static slist *npppd_get_ppp_by_user (npppd *, const char *);
static int npppd_get_all_users (npppd *, slist *);
static struct ipcpstat
*npppd_get_ipcp_stat(struct ipcpstat_head *, const char *);
@ -255,6 +254,7 @@ npppd_init(npppd *_this, const char *config_file)
_this->pid = getpid();
slist_init(&_this->realms);
npppd_conf_init(&_this->conf);
TAILQ_INIT(&_this->raddae_listens);
log_printf(LOG_NOTICE, "Starting npppd pid=%u version=%s",
_this->pid, VERSION);
@ -444,6 +444,10 @@ npppd_stop(npppd *_this)
_this->finalizing = 1;
npppd_reset_timer(_this);
#ifdef USE_NPPPD_RADIUS
npppd_radius_dae_fini(_this);
#endif
}
static void
@ -763,7 +767,7 @@ npppd_get_ppp_by_ip(npppd *_this, struct in_addr ipaddr)
* @return {@link slist} that contains the {@link npppd_ppp} instances.
* NULL may be returned if no instance has been found.
*/
static slist *
slist *
npppd_get_ppp_by_user(npppd *_this, const char *username)
{
hash_link *hl;

32
usr.sbin/npppd/npppd/npppd.conf.5
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: npppd.conf.5,v 1.34 2024/07/01 14:56:19 jmc Exp $
.\" $OpenBSD: npppd.conf.5,v 1.35 2024/07/11 14:05:59 yasuoka Exp $
.\"
.\" Copyright (c) 2012 YASUOKA Masahiko <yasuoka@openbsd.org>
.\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 1 2024 $
.Dd $Mdocdate: July 11 2024 $
.Dt NPPPD.CONF 5
.Os
.Sh NAME
@ -41,6 +41,8 @@ Interface settings.
Authentication settings.
.It Sy Bind
Bind settings.
.It Sy RADIUS
RADIUS settings.
.El
.Sh GLOBAL
The global options are as follows:
@ -664,6 +666,32 @@ settings so that they are used together.
.Pp
.Ic bind tunnel from Ar tunnel Ic authenticated by Ar authentication
.Ic to Ar ifname
.Sh RADIUS
.Ic radius
configures the RADIUS features.
The supported options are as follows:
.Bl -tag -width Ds
.It Ic radius nas-id Ar identifier
Specify the
.Ar identifier
that is noticed to the RADIUS peers in the NAS-Identifier attribute.
.It Ic radius dae listen on Ar address Oo port Ar number Oc
Enable the Dynamic Authorization Extensions for RADIUS
.Po DAE, RFC 5176 Pc
server.
Specify the local
.Ar address
.Xr npppd 8
should listen on for the DAE requests.
Optionally specify a port
.Ar number ,
the default port number is 3799.
.It Ic radius dae client Ar address Ic secret Ar secret
Specify
.Ar address
for a DAE client and
.Ar secret .
.El
.Sh EXAMPLES
A very simple configuration example is below:
.Bd -literal -offset indent

144
usr.sbin/npppd/npppd/npppd.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: npppd.h,v 1.20 2024/07/01 07:09:07 yasuoka Exp $ */
/* $OpenBSD: npppd.h,v 1.21 2024/07/11 14:05:59 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -43,6 +43,7 @@
#include "l2tp_conf.h"
#include "pptp_conf.h"
#include "pppoe_conf.h"
#include "slist.h"
#define MINIMUM(a, b) (((a) < (b)) ? (a) : (b))
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
@ -170,6 +171,25 @@ struct authconf {
} data;
};
struct radclientconf {
union {
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
} addr;
TAILQ_ENTRY(radclientconf) entry;
char secret[];
};
TAILQ_HEAD(radclientconfs,radclientconf);
struct radlistenconf {
union {
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
} addr;
TAILQ_ENTRY(radlistenconf) entry;
};
TAILQ_HEAD(radlistenconfs,radlistenconf);
struct ipcpconf {
TAILQ_ENTRY(ipcpconf) entry;
char name[NPPPD_GENERIC_NAME_LEN];
@ -207,6 +227,9 @@ struct npppd_conf {
TAILQ_HEAD(ipcpconfs, ipcpconf) ipcpconfs;
TAILQ_HEAD(ifaces, iface) ifaces;
TAILQ_HEAD(confbinds, confbind) confbinds;
struct radclientconfs raddaeclientconfs;
struct radlistenconfs raddaelistenconfs;
char nas_id[NPPPD_GENERIC_NAME_LEN];
struct l2tp_confs l2tp_confs;
struct pptp_confs pptp_confs;
struct pppoe_confs pppoe_confs;
@ -266,65 +289,70 @@ TAILQ_HEAD(ctl_conn_list, ctl_conn);
extern struct ctl_conn_list ctl_conns;
__BEGIN_DECLS
npppd *npppd_get_npppd (void);
int npppd_init (npppd *, const char *);
void npppd_start (npppd *);
void npppd_stop (npppd *);
void npppd_fini (npppd *);
int npppd_reset_routing_table (npppd *, int);
int npppd_get_user_password (npppd *, npppd_ppp *, const char *, char *, int *);
struct in_addr *npppd_get_user_framed_ip_address (npppd *, npppd_ppp *, const char *);
int npppd_check_calling_number (npppd *, npppd_ppp *);
npppd_ppp *npppd_get_ppp_by_ip (npppd *, struct in_addr);
npppd_ppp *npppd_get_ppp_by_id (npppd *, u_int);
int npppd_check_user_max_session (npppd *, npppd_ppp *);
void npppd_network_output (npppd *, npppd_ppp *, int, u_char *, int);
int npppd_ppp_pipex_enable (npppd *, npppd_ppp *);
int npppd_ppp_pipex_disable (npppd *, npppd_ppp *);
int npppd_prepare_ip (npppd *, npppd_ppp *);
void npppd_release_ip (npppd *, npppd_ppp *);
void npppd_set_ip_enabled (npppd *, npppd_ppp *, int);
int npppd_assign_ip_addr (npppd *, npppd_ppp *, uint32_t);
int npppd_set_radish (npppd *, void *);
int npppd_ppp_bind_realm (npppd *, npppd_ppp *, const char *, int);
int npppd_ppp_is_realm_local (npppd *, npppd_ppp *);
int npppd_ppp_is_realm_radius (npppd *, npppd_ppp *);
int npppd_ppp_is_realm_ready (npppd *, npppd_ppp *);
const char *npppd_ppp_get_realm_name (npppd *, npppd_ppp *);
const char *npppd_ppp_get_iface_name (npppd *, npppd_ppp *);
int npppd_ppp_iface_is_ready (npppd *, npppd_ppp *);
int npppd_ppp_bind_iface (npppd *, npppd_ppp *);
void npppd_ppp_unbind_iface (npppd *, npppd_ppp *);
void *npppd_get_radius_auth_setting (npppd *, npppd_ppp *);
int sockaddr_npppd_match (void *, void *);
const char *npppd_ppp_get_username_for_auth (npppd *, npppd_ppp *, const char *, char *);
const char *npppd_ppp_tunnel_protocol_name (npppd *, npppd_ppp *);
const char *npppd_tunnel_protocol_name (int);
struct tunnconf *npppd_get_tunnconf (npppd *, const char *);
int npppd_reload_config (npppd *);
int npppd_modules_reload (npppd *);
int npppd_ifaces_load_config (npppd *);
npppd *npppd_get_npppd(void);
int npppd_init(npppd *, const char *);
void npppd_start(npppd *);
void npppd_stop(npppd *);
void npppd_fini(npppd *);
int npppd_reset_routing_table(npppd *, int);
int npppd_get_user_password(npppd *, npppd_ppp *, const char *,
char *, int *);
struct in_addr *npppd_get_user_framed_ip_address(npppd *, npppd_ppp *,
const char *);
int npppd_check_calling_number(npppd *, npppd_ppp *);
npppd_ppp *npppd_get_ppp_by_ip(npppd *, struct in_addr);
npppd_ppp *npppd_get_ppp_by_id(npppd *, u_int);
slist *npppd_get_ppp_by_user(npppd *, const char *);
int npppd_check_user_max_session(npppd *, npppd_ppp *);
void npppd_network_output(npppd *, npppd_ppp *, int, u_char *, int);
int npppd_ppp_pipex_enable(npppd *, npppd_ppp *);
int npppd_ppp_pipex_disable(npppd *, npppd_ppp *);
int npppd_prepare_ip(npppd *, npppd_ppp *);
void npppd_release_ip(npppd *, npppd_ppp *);
void npppd_set_ip_enabled(npppd *, npppd_ppp *, int);
int npppd_assign_ip_addr(npppd *, npppd_ppp *, uint32_t);
int npppd_set_radish(npppd *, void *);
int npppd_ppp_bind_realm(npppd *, npppd_ppp *, const char *, int);
int npppd_ppp_is_realm_local(npppd *, npppd_ppp *);
int npppd_ppp_is_realm_radius(npppd *, npppd_ppp *);
int npppd_ppp_is_realm_ready(npppd *, npppd_ppp *);
const char *npppd_ppp_get_realm_name(npppd *, npppd_ppp *);
const char *npppd_ppp_get_iface_name(npppd *, npppd_ppp *);
int npppd_ppp_iface_is_ready(npppd *, npppd_ppp *);
int npppd_ppp_bind_iface(npppd *, npppd_ppp *);
void npppd_ppp_unbind_iface(npppd *, npppd_ppp *);
void *npppd_get_radius_auth_setting(npppd *, npppd_ppp *);
int sockaddr_npppd_match(void *, void *);
const char *npppd_ppp_get_username_for_auth(npppd *, npppd_ppp *,
const char *, char *);
const char *npppd_ppp_tunnel_protocol_name(npppd *, npppd_ppp *);
const char *npppd_tunnel_protocol_name(int);
struct tunnconf *npppd_get_tunnconf(npppd *, const char *);
int npppd_reload_config(npppd *);
int npppd_modules_reload(npppd *);
int npppd_ifaces_load_config(npppd *);
int npppd_conf_parse (struct npppd_conf *, const char *);
void npppd_conf_init (struct npppd_conf *);
void npppd_conf_fini (struct npppd_conf *);
int npppd_config_check (const char *);
void npppd_on_ppp_start (npppd *, npppd_ppp *);
void npppd_on_ppp_stop (npppd *, npppd_ppp *);
void imsg_event_add(struct imsgev *);
int npppd_conf_parse(struct npppd_conf *, const char *);
void npppd_conf_init(struct npppd_conf *);
void npppd_conf_fini(struct npppd_conf *);
int npppd_config_check(const char *);
void npppd_on_ppp_start(npppd *, npppd_ppp *);
void npppd_on_ppp_stop(npppd *, npppd_ppp *);
void imsg_event_add(struct imsgev *);
int control_init (struct control_sock *);
int control_listen (struct control_sock *);
void control_cleanup (struct control_sock *);
struct npppd_ctl *npppd_ctl_create (npppd *);
void npppd_ctl_destroy (struct npppd_ctl *);
int npppd_ctl_who (struct npppd_ctl *);
int npppd_ctl_monitor (struct npppd_ctl *);
int npppd_ctl_who_and_monitor (struct npppd_ctl *);
int npppd_ctl_add_started_ppp_id (struct npppd_ctl *, uint32_t);
int npppd_ctl_add_stopped_ppp (struct npppd_ctl *, npppd_ppp *);
int npppd_ctl_imsg_compose (struct npppd_ctl *, struct imsgbuf *);
int npppd_ctl_disconnect (struct npppd_ctl *, u_int *, int);
int control_init(struct control_sock *);
int control_listen(struct control_sock *);
void control_cleanup(struct control_sock *);
struct npppd_ctl
*npppd_ctl_create(npppd *);
void npppd_ctl_destroy(struct npppd_ctl *);
int npppd_ctl_who(struct npppd_ctl *);
int npppd_ctl_monitor(struct npppd_ctl *);
int npppd_ctl_who_and_monitor(struct npppd_ctl *);
int npppd_ctl_add_started_ppp_id(struct npppd_ctl *, uint32_t);
int npppd_ctl_add_stopped_ppp(struct npppd_ctl *, npppd_ppp *);
int npppd_ctl_imsg_compose(struct npppd_ctl *, struct imsgbuf *);
int npppd_ctl_disconnect(struct npppd_ctl *, u_int *, int);
__END_DECLS

7
usr.sbin/npppd/npppd/npppd_config.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: npppd_config.c,v 1.14 2015/01/19 01:48:59 deraadt Exp $ */
/* $OpenBSD: npppd_config.c,v 1.15 2024/07/11 14:05:59 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: npppd_config.c,v 1.14 2015/01/19 01:48:59 deraadt Exp $ */
/* $Id: npppd_config.c,v 1.15 2024/07/11 14:05:59 yasuoka Exp $ */
/*@file
* This file provides functions which operates configuration and so on.
*/
@ -131,6 +131,9 @@ npppd_modules_reload(npppd *_this)
#ifdef USE_NPPPD_PPPOE
rval |= pppoed_reload(&_this->pppoed, &_this->conf.pppoe_confs);
#endif
#ifdef USE_NPPPD_RADIUS
npppd_radius_dae_init(_this);
#endif
return rval;
}

10
usr.sbin/npppd/npppd/npppd_local.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: npppd_local.h,v 1.18 2024/02/26 08:29:37 yasuoka Exp $ */
/* $OpenBSD: npppd_local.h,v 1.19 2024/07/11 14:05:59 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
@ -73,6 +73,10 @@
#include "npppd_pool.h"
#include "npppd_ctl.h"
#ifdef USE_NPPPD_RADIUS
#include "npppd_radius.h"
#endif
/** structure of pool */
struct _npppd_pool {
/** base of npppd structure */
@ -169,6 +173,10 @@ struct _npppd {
struct control_sock ctl_sock;
#ifdef USE_NPPPD_RADIUS
struct npppd_radius_dae_listens raddae_listens;
#endif
u_int /** whether finalizing or not */
finalizing:1,
/** whether finalize completed or not */

312
usr.sbin/npppd/npppd/npppd_radius.c
View file

@ -1,4 +1,4 @@
/* $Id: npppd_radius.c,v 1.11 2024/07/01 07:09:07 yasuoka Exp $ */
/* $Id: npppd_radius.c,v 1.12 2024/07/11 14:05:59 yasuoka Exp $ */
/*-
* Copyright (c) 2009 Internet Initiative Japan Inc.
* All rights reserved.
@ -45,12 +45,16 @@
#include <string.h>
#include <stdbool.h>
#include <radius.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <event.h>
#include "radius_req.h"
#include "npppd_local.h"
#include "npppd_radius.h"
#include "net_utils.h"
#ifdef NPPPD_RADIUS_DEBUG
#define NPPPD_RADIUS_DBG(x) ppp_log x
@ -268,7 +272,7 @@ radius_acct_request(npppd *pppd, npppd_ppp *ppp, int stop)
/* npppd has no physical / virtual ports in design. */
/* RFC 2865 5.32. NAS-Identifier */
ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, "npppd");
ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, pppd->conf.nas_id);
/* RFC 2865 5.31. Calling-Station-Id */
if (ppp->calling_number[0] != '\0')
@ -397,7 +401,7 @@ radius_acct_on(npppd *pppd, radius_req_setting *rad_setting)
/* RFC 2866 5.1. Acct-Status-Type */
ATTR_INT32(RADIUS_TYPE_ACCT_STATUS_TYPE, RADIUS_ACCT_STATUS_TYPE_ACCT_ON);
/* RFC 2865 5.32. NAS-Identifier */
ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, "npppd");
ATTR_STR(RADIUS_TYPE_NAS_IDENTIFIER, pppd->conf.nas_id);
/* Send the request */
radius_request(radctx, radpkt);
@ -561,3 +565,305 @@ ppp_set_radius_attrs_for_authreq(npppd_ppp *_this,
fail:
return 1;
}
/***********************************************************************
* Dynamic Authorization Extensions for RADIUS
***********************************************************************/
static int npppd_radius_dae_listen_start(struct npppd_radius_dae_listen *);
static void npppd_radius_dae_on_event(int, short, void *);
static void npppd_radius_dae_listen_stop(struct npppd_radius_dae_listen *);
void
npppd_radius_dae_init(npppd *_this)
{
struct npppd_radius_dae_listens listens;
struct npppd_radius_dae_listen *listen, *listent;
struct radlistenconf *listenconf;
TAILQ_INIT(&listens);
TAILQ_FOREACH(listenconf, &_this->conf.raddaelistenconfs, entry) {
TAILQ_FOREACH_SAFE(listen, &_this->raddae_listens, entry,
listent) {
if ((listen->addr.sin4.sin_family == AF_INET &&
listenconf->addr.sin4.sin_family == AF_INET &&
memcmp(&listen->addr.sin4, &listenconf->addr.sin4,
sizeof(struct sockaddr_in)) == 0) ||
(listen->addr.sin6.sin6_family == AF_INET6 &&
listenconf->addr.sin6.sin6_family == AF_INET6 &&
memcmp(&listen->addr.sin6, &listenconf->addr.sin6,
sizeof(struct sockaddr_in6)) == 0))
break;
}
if (listen != NULL)
/* keep using this */
TAILQ_REMOVE(&_this->raddae_listens, listen, entry);
else {
if ((listen = calloc(1, sizeof(*listen))) == NULL) {
log_printf(LOG_ERR, "%s: calloc failed: %m",
__func__);
goto fail;
}
listen->pppd = _this;
listen->sock = -1;
if (listenconf->addr.sin4.sin_family == AF_INET)
listen->addr.sin4 = listenconf->addr.sin4;
else
listen->addr.sin6 = listenconf->addr.sin6;
}
TAILQ_INSERT_TAIL(&listens, listen, entry);
}
/* listen on the new addresses */
TAILQ_FOREACH(listen, &listens, entry) {
if (listen->sock == -1)
npppd_radius_dae_listen_start(listen);
}
/* stop listening on the old addresses */
TAILQ_FOREACH_SAFE(listen, &_this->raddae_listens, entry, listent) {
TAILQ_REMOVE(&_this->raddae_listens, listen, entry);
npppd_radius_dae_listen_stop(listen);
free(listen);
}
fail:
TAILQ_CONCAT(&_this->raddae_listens, &listens, entry);
return;
}
void
npppd_radius_dae_fini(npppd *_this)
{
struct npppd_radius_dae_listen *listen, *listent;
TAILQ_FOREACH_SAFE(listen, &_this->raddae_listens, entry, listent) {
TAILQ_REMOVE(&_this->raddae_listens, listen, entry);
npppd_radius_dae_listen_stop(listen);
free(listen);
}
}
int
npppd_radius_dae_listen_start(struct npppd_radius_dae_listen *listen)
{
char buf[80];
int sock = -1, on = 1;
if ((sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP)) == -1) {
log_printf(LOG_ERR, "%s: socket(): %m", __func__);
goto on_error;
}
on = 1;
if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on)) == -1) {
log_printf(LOG_WARNING, "%s: setsockopt(,,SO_REUSEADDR): %m",
__func__);
goto on_error;
}
if (bind(sock, (struct sockaddr *)&listen->addr,
listen->addr.sin4.sin_len) == -1) {
log_printf(LOG_ERR, "%s: bind(): %m", __func__);
goto on_error;
}
listen->sock = sock;
event_set(&listen->evsock, listen->sock, EV_READ | EV_PERSIST,
npppd_radius_dae_on_event, listen);
event_add(&listen->evsock, NULL);
log_printf(LOG_INFO, "radius Listening %s/udp (DAE)",
addrport_tostring((struct sockaddr *)&listen->addr,
listen->addr.sin4.sin_len, buf, sizeof(buf)));
return (0);
on_error:
if (sock >= 0)
close(sock);
return (-1);
}
void
npppd_radius_dae_on_event(int fd, short ev, void *ctx)
{
char buf[80], attr[256], username[256];
char *endp;
const char *reason, *nakcause = NULL;
struct npppd_radius_dae_listen *listen = ctx;
struct radclientconf *client;
npppd *_this = listen->pppd;
RADIUS_PACKET *req = NULL, *res = NULL;
struct sockaddr_storage ss;
socklen_t sslen;
unsigned long long ppp_id;
int code, n = 0;
uint32_t cause = 0;
struct in_addr ina;
slist *users;
npppd_ppp *ppp;
reason = "disconnect requested";
sslen = sizeof(ss);
req = radius_recvfrom(listen->sock, 0, (struct sockaddr *)&ss, &sslen);
if (req == NULL) {
log_printf(LOG_WARNING, "%s: receiving a RADIUS message "
"failed: %m", __func__);
return;
}
TAILQ_FOREACH(client, &_this->conf.raddaeclientconfs, entry) {
if (ss.ss_family == AF_INET &&
((struct sockaddr_in *)&ss)->sin_addr.s_addr ==
client->addr.sin4.sin_addr.s_addr)
break;
else if (ss.ss_family == AF_INET6 &&
IN6_ARE_ADDR_EQUAL(&((struct sockaddr_in6 *)&ss)->sin6_addr,
&client->addr.sin6.sin6_addr))
break;
}
if (client == NULL) {
log_printf(LOG_WARNING, "radius received a RADIUS message from "
"%s: unknown client", addrport_tostring(
(struct sockaddr *)&ss, ss.ss_len, buf, sizeof(buf)));
goto out;
}
if (radius_check_accounting_request_authenticator(req,
client->secret) != 0) {
log_printf(LOG_WARNING, "radius received an invalid RADIUS "
"message from %s: bad response authenticator",
addrport_tostring(
(struct sockaddr *)&ss, ss.ss_len, buf, sizeof(buf)));
goto out;
}
if ((code = radius_get_code(req)) != RADIUS_CODE_DISCONNECT_REQUEST) {
/* Code other than Disconnect-Request is not supported */
if (code == RADIUS_CODE_COA_REQUEST) {
log_printf(LOG_INFO, "received CoA-Request from %s",
addrport_tostring(
(struct sockaddr *)&ss, ss.ss_len, buf,
sizeof(buf)));
code = RADIUS_CODE_COA_NAK;
cause = RADIUS_ERROR_CAUSE_ADMINISTRATIVELY_PROHIBITED;
goto send;
}
log_printf(LOG_WARNING, "radius received an invalid RADIUS "
"message from %s: unknown code %d",
addrport_tostring((struct sockaddr *)&ss, ss.ss_len, buf,
sizeof(buf)), code);
goto out;
}
log_printf(LOG_INFO, "radius received Disconnect-Request from %s",
addrport_tostring((struct sockaddr *)&ss, ss.ss_len, buf,
sizeof(buf)));
if (radius_get_string_attr(req, RADIUS_TYPE_NAS_IDENTIFIER, attr,
sizeof(attr)) == 0 && strcmp(attr, _this->conf.nas_id) != 0) {
cause = RADIUS_ERROR_CAUSE_NAS_IDENTIFICATION_MISMATCH;
nakcause = "NAS Identification is mimatch";
goto search_done;
}
/* prepare User-Name attribute */
memset(&username, 0, sizeof(username));
radius_get_string_attr(req, RADIUS_TYPE_USER_NAME, username,
sizeof(username));
cause = RADIUS_ERROR_CAUSE_SESSION_NOT_FOUND;
/* Our Session-Id is represented in "%08X%08x" (boot_id, ppp_id) */
snprintf(buf, sizeof(buf), "%08X", _this->boot_id);
if (radius_get_string_attr(req, RADIUS_TYPE_ACCT_SESSION_ID, attr,
sizeof(attr)) == 0) {
ppp = NULL;
/* the client is to disconnect a session */
if (strlen(attr) != 16 || strncmp(buf, attr, 8) != 0) {
cause = RADIUS_ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE;
nakcause = "Session-Id is wrong";
goto search_done;
}
ppp_id = strtoull(attr + 8, &endp, 16);
if (*endp != '\0' || errno == ERANGE || ppp_id == ULLONG_MAX) {
cause = RADIUS_ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE;
nakcause = "Session-Id is invalid";
goto search_done;
}
if ((ppp = npppd_get_ppp_by_id(_this, ppp_id)) == NULL)
goto search_done;
if (username[0] != '\0' &&
strcmp(username, ppp->username) != 0) {
/* specified User-Name attribute is mismatched */
cause = RADIUS_ERROR_CAUSE_INVALID_ATTRIBUTE_VALUE;
nakcause = "User-Name is mismatched";
goto search_done;
}
ppp_stop(ppp, reason);
n++;
} else if (username[0] != '\0') {
users = npppd_get_ppp_by_user(_this, username);
if (users == NULL)
goto search_done;
memset(&ina, 0, sizeof(ina));
radius_get_uint32_attr(req, RADIUS_TYPE_FRAMED_IP_ADDRESS,
&ina.s_addr);
slist_itr_first(users);
while ((ppp = slist_itr_next(users)) != NULL) {
if (ntohl(ina.s_addr) != 0 &&
ina.s_addr != ppp->ppp_framed_ip_address.s_addr)
continue;
ppp_stop(ppp, reason);
n++;
}
} else if (radius_get_uint32_attr(req, RADIUS_TYPE_FRAMED_IP_ADDRESS,
&ina.s_addr) == 0) {
ppp = npppd_get_ppp_by_ip(_this, ina);
if (ppp != NULL) {
ppp_stop(ppp, reason);
n++;
}
}
search_done:
if (n > 0)
code = RADIUS_CODE_DISCONNECT_ACK;
else {
if (nakcause == NULL)
nakcause = "session not found";
code = RADIUS_CODE_DISCONNECT_NAK;
}
send:
res = radius_new_response_packet(code, req);
if (res == NULL) {
log_printf(LOG_WARNING, "%s: radius_new_response_packet: %m",
__func__);
goto out;
}
if (cause != 0)
radius_put_uint32_attr(res, RADIUS_TYPE_ERROR_CAUSE, cause);
radius_set_response_authenticator(res, client->secret);
if (radius_sendto(listen->sock, res, 0, (struct sockaddr *)&ss, sslen)
== -1)
log_printf(LOG_WARNING, "%s: sendto(): %m", __func__);
log_printf(LOG_INFO, "radius send %s to %s%s%s",
(code == RADIUS_CODE_DISCONNECT_ACK)? "Disconnect-ACK" :
(code == RADIUS_CODE_DISCONNECT_NAK)? "Disconnect-NAK" : "CoA-NAK",
addrport_tostring((struct sockaddr *)&ss, ss.ss_len, buf,
sizeof(buf)), (nakcause)? ": " : "", (nakcause)? nakcause : "");
out:
radius_delete_packet(req);
if (res != NULL)
radius_delete_packet(res);
}
void
npppd_radius_dae_listen_stop(struct npppd_radius_dae_listen *listen)
{
char buf[80];
if (listen->sock >= 0) {
log_printf(LOG_INFO, "radius Shutdown %s/udp (DAE)",
addrport_tostring((struct sockaddr *)&listen->addr,
listen->addr.sin4.sin_len, buf, sizeof(buf)));
event_del(&listen->evsock);
close(listen->sock);
listen->sock = -1;
}
}

30
usr.sbin/npppd/npppd/npppd_radius.h
View file

@ -1,15 +1,35 @@
#ifndef NPPPD_RADIUS_H
#define NPPPD_RADIUS_H 1
#include <sys/tree.h>
#include <netinet/in.h>
#include <event.h>
struct npppd_radius_dae_listen {
int sock;
struct event evsock;
union {
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
} addr;
npppd *pppd;
TAILQ_ENTRY(npppd_radius_dae_listen) entry;
};
TAILQ_HEAD(npppd_radius_dae_listens, npppd_radius_dae_listen);
#ifdef __cplusplus
extern "C" {
#endif
void ppp_proccess_radius_framed_ip (npppd_ppp *, RADIUS_PACKET *);
int ppp_set_radius_attrs_for_authreq (npppd_ppp *, radius_req_setting *, RADIUS_PACKET *);
void npppd_ppp_radius_acct_start (npppd *, npppd_ppp *);
void npppd_ppp_radius_acct_stop (npppd *, npppd_ppp *);
void radius_acct_on(npppd *, radius_req_setting *);
void ppp_proccess_radius_framed_ip(npppd_ppp *, RADIUS_PACKET *);
int ppp_set_radius_attrs_for_authreq(npppd_ppp *, radius_req_setting *,
RADIUS_PACKET *);
void npppd_ppp_radius_acct_start(npppd *, npppd_ppp *);
void npppd_ppp_radius_acct_stop(npppd *, npppd_ppp *);
void radius_acct_on(npppd *, radius_req_setting *);
void npppd_radius_dae_init(npppd *);
void npppd_radius_dae_fini(npppd *);
#ifdef __cplusplus
}

91
usr.sbin/npppd/npppd/parse.y
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.28 2024/07/01 07:09:07 yasuoka Exp $ */
/* $OpenBSD: parse.y,v 1.29 2024/07/11 14:05:59 yasuoka Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -32,6 +32,7 @@
#include <inttypes.h>
#include <limits.h>
#include <stdarg.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -134,6 +135,7 @@ typedef struct {
%token INTERFACE ADDRESS IPCP
%token BIND FROM AUTHENTICATED BY TO
%token ERROR
%token DAE CLIENT NAS_ID
%token <v.string> STRING
%token <v.number> NUMBER
%type <v.yesno> yesno
@ -164,6 +166,7 @@ grammar : /* empty */
| grammar ipcp '\n'
| grammar interface '\n'
| grammar bind '\n'
| grammar radius '\n'
| grammar error '\n' { file->errors++; }
;
@ -513,6 +516,80 @@ tunnopt : LISTEN ON addressport {
curr_tunnconf->debug_dump_pktout = $2;
}
;
radius : RADIUS NAS_ID STRING {
if (strlcpy(conf->nas_id, $3, sizeof(conf->nas_id))
>= sizeof(conf->nas_id)) {
yyerror("`radius nas-id' is too long. use "
"less than %u chars.",
(unsigned)sizeof(conf->nas_id) - 1);
free($3);
YYERROR;
}
free($3);
}
| RADIUS DAE CLIENT address SECRET STRING {
struct radclientconf *client;
int secretsiz;
secretsiz = strlen($6) + 1;
if ((client = calloc(1, offsetof(struct radclientconf,
secret[secretsiz]))) == NULL) {
yyerror("%s", strerror(errno));
free($6);
YYERROR;
}
strlcpy(client->secret, $6, secretsiz);
switch ($4.ss_family) {
case AF_INET:
memcpy(&client->addr, &$4,
sizeof(struct sockaddr_in));
break;
case AF_INET6:
memcpy(&client->addr, &$4,
sizeof(struct sockaddr_in6));
break;
default:
yyerror("address family %d not supported",
$4.ss_family);
free($6);
YYERROR;
break;
}
TAILQ_INSERT_TAIL(&conf->raddaeclientconfs, client,
entry);
free($6);
}
| RADIUS DAE LISTEN ON addressport {
struct radlistenconf *listen;
if (ntohs(((struct sockaddr_in *)&$5)->sin_port) == 0)
((struct sockaddr_in *)&$5)->sin_port = htons(
RADIUS_DAE_DEFAULT_PORT);
if ((listen = calloc(1, sizeof(*listen))) == NULL) {
yyerror("%s", strerror(errno));
YYERROR;
}
switch ($5.ss_family) {
case AF_INET:
memcpy(&listen->addr, &$5,
sizeof(struct sockaddr_in));
break;
case AF_INET6:
memcpy(&listen->addr, &$5,
sizeof(struct sockaddr_in6));
break;
default:
yyerror("address family %d not supported",
$5.ss_family);
YYERROR;
break;
}
TAILQ_INSERT_TAIL(&conf->raddaelistenconfs, listen,
entry);
}
;
tunnelproto : L2TP { $$ = NPPPD_TUNNEL_L2TP; }
| PPTP { $$ = NPPPD_TUNNEL_PPTP; }
@ -1011,6 +1088,8 @@ lookup(char *s)
{ "ccp-timeout", CCP_TIMEOUT},
{ "chap", CHAP},
{ "chap-name", CHAP_NAME},
{ "client", CLIENT},
{ "dae", DAE},
{ "debug-dump-pktin", DEBUG_DUMP_PKTIN},
{ "debug-dump-pktout", DEBUG_DUMP_PKTOUT},
{ "dns-servers", DNS_SERVERS},
@ -1061,6 +1140,7 @@ lookup(char *s)
{ "mppe-key-state", MPPE_KEY_STATE},
{ "mru", MRU},
{ "mschapv2", MSCHAPV2},
{ "nas-id", NAS_ID},
{ "nbns-servers", NBNS_SERVERS},
{ "no", NO},
{ "on", ON},
@ -1429,6 +1509,9 @@ npppd_conf_init(struct npppd_conf *xconf)
TAILQ_INIT(&xconf->l2tp_confs);
TAILQ_INIT(&xconf->pptp_confs);
TAILQ_INIT(&xconf->pppoe_confs);
TAILQ_INIT(&xconf->raddaeclientconfs);
TAILQ_INIT(&xconf->raddaelistenconfs);
strlcpy(xconf->nas_id, "npppd", sizeof(xconf->nas_id));
}
void
@ -1439,6 +1522,8 @@ npppd_conf_fini(struct npppd_conf *xconf)
struct ipcpconf *ipcp, *ipcp0;
struct iface *iface, *iface0;
struct confbind *confbind, *confbind0;
struct radclientconf *radc, *radct;
struct radlistenconf *radl, *radlt;
TAILQ_FOREACH_SAFE(tunn, &xconf->tunnconfs, entry, tunn0) {
tunnconf_fini(tunn);
@ -1455,6 +1540,10 @@ npppd_conf_fini(struct npppd_conf *xconf)
TAILQ_FOREACH_SAFE(confbind, &xconf->confbinds, entry, confbind0) {
free(confbind);
}
TAILQ_FOREACH_SAFE(radc, &xconf->raddaeclientconfs, entry, radct)
free(radc);
TAILQ_FOREACH_SAFE(radl, &xconf->raddaelistenconfs, entry, radlt)
free(radl);
TAILQ_INIT(&xconf->l2tp_confs);
TAILQ_INIT(&xconf->pptp_confs);
TAILQ_INIT(&xconf->pppoe_confs);

22
usr.sbin/pstat/pstat.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pstat.c,v 1.129 2022/02/22 17:35:01 deraadt Exp $ */
/* $OpenBSD: pstat.c,v 1.130 2024/07/10 13:29:23 krw Exp $ */
/* $NetBSD: pstat.c,v 1.27 1996/10/23 22:50:06 cgd Exp $ */
/*-
@ -739,6 +739,11 @@ mount_print(struct mount *mp)
flags &= ~MNT_NODEV;
comma = ",";
}
if (flags & MNT_NOPERM) {
(void)printf("%snoperm", comma);
flags &= ~MNT_NOPERM;
comma = ",";
}
if (flags & MNT_ASYNC) {
(void)printf("%sasync", comma);
flags &= ~MNT_ASYNC;
@ -810,6 +815,16 @@ mount_print(struct mount *mp)
flags &= ~MNT_FORCE;
comma = ",";
}
if (flags & MNT_STALLED) {
(void)printf("%sstalled", comma);
flags &= ~MNT_STALLED;
comma = ",";
}
if (flags & MNT_SWAPPABLE) {
(void)printf("%sswappable", comma);
flags &= ~MNT_SWAPPABLE;
comma = ",";
}
if (flags & MNT_WANTRDWR) {
(void)printf("%swantrdwr", comma);
flags &= ~MNT_WANTRDWR;
@ -820,6 +835,11 @@ mount_print(struct mount *mp)
flags &= ~MNT_SOFTDEP;
comma = ",";
}
if (flags & MNT_DOOMED) {
(void)printf("%sdoomed", comma);
flags &= ~MNT_DOOMED;
comma = ",";
}
if (flags)
(void)printf("%sunknown_flags:%x", comma, flags);
(void)printf(")");

5
usr.sbin/radiusctl/radiusctl.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: radiusctl.8,v 1.6 2024/07/09 17:26:14 yasuoka Exp $
.\" $OpenBSD: radiusctl.8,v 1.7 2024/07/10 05:41:34 jmc Exp $
.\"
.\" Copyright (c) YASUOKA Masahiko <yasuoka@yasuoka.net>
.\"
@ -15,7 +15,7 @@
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.\"
.Dd $Mdocdate: July 9 2024 $
.Dd $Mdocdate: July 10 2024 $
.Dt RADIUSCTL 8
.Os
.Sh NAME
@ -111,7 +111,6 @@ shows the sessions in JSON format.
.It Cm ipcp disconnect Ar sequence
Request to disconnect the session specfied by the
.Ar sequence .
.Xc
.El
.Sh EXAMPLES
.Bd -literal -offset indent

5
usr.sbin/radiusd/parse.y
View file

@ -1,4 +1,4 @@
/* $OpenBSD: parse.y,v 1.21 2024/07/09 17:26:14 yasuoka Exp $ */
/* $OpenBSD: parse.y,v 1.22 2024/07/10 16:30:43 yasuoka Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@ -394,7 +394,6 @@ authenticate : AUTHENTICATE str_l BY STRING optdeco {
yyerror("Out of memory: %s", strerror(errno));
goto authenticate_error;
}
modref = create_module_ref($4);
if ((auth->auth = create_module_ref($4)) == NULL)
goto authenticate_error;
auth->username = $2.v;
@ -495,7 +494,7 @@ account : ACCOUNT optquick str_l TO STRING optdeco {
struct radiusd_module_ref *modref, *modreft;
if ((acct = calloc(1,
sizeof(struct radiusd_authentication))) == NULL) {
sizeof(struct radiusd_accounting))) == NULL) {
yyerror("Out of memory: %s", strerror(errno));
goto account_error;
}

21
usr.sbin/radiusd/radiusd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd.c,v 1.45 2024/07/09 17:26:14 yasuoka Exp $ */
/* $OpenBSD: radiusd.c,v 1.46 2024/07/10 16:30:43 yasuoka Exp $ */
/*
* Copyright (c) 2013, 2023 Internet Initiative Japan Inc.
@ -118,7 +118,7 @@ main(int argc, char *argv[])
{
extern char *__progname;
const char *conffile = CONFFILE;
int ch;
int ch, error;
struct radiusd *radiusd;
bool noaction = false;
struct passwd *pw;
@ -213,10 +213,11 @@ main(int argc, char *argv[])
event_loop(0);
error = radiusd->error;
radiusd_free(radiusd);
event_base_free(NULL);
if (radiusd->error != 0)
if (error != 0)
exit(EXIT_FAILURE);
else
exit(EXIT_SUCCESS);
@ -339,6 +340,7 @@ radiusd_free(struct radiusd *radiusd)
struct radiusd_module *module, *modulet;
struct radiusd_module_ref *modref, *modreft;
struct radiusd_authentication *authen, *authent;
struct radiusd_accounting *acct, *acctt;
TAILQ_FOREACH_SAFE(authen, &radiusd->authen, next, authent) {
TAILQ_REMOVE(&radiusd->authen, authen, next);
@ -352,6 +354,19 @@ radiusd_free(struct radiusd *radiusd)
free(authen->username);
free(authen);
}
TAILQ_FOREACH_SAFE(acct, &radiusd->account, next, acctt) {
TAILQ_REMOVE(&radiusd->account, acct, next);
free(acct->secret);
free(acct->acct);
TAILQ_FOREACH_SAFE(modref, &acct->deco, next, modreft) {
TAILQ_REMOVE(&acct->deco, modref, next);
free(modref);
}
for (i = 0; acct->username[i] != NULL; i++)
free(acct->username[i]);
free(acct->username);
free(acct);
}
TAILQ_FOREACH_SAFE(module, &radiusd->module, next, modulet) {
TAILQ_REMOVE(&radiusd->module, module, next);
radiusd_module_unload(module);

8
usr.sbin/radiusd/radiusd.conf.5
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: radiusd.conf.5,v 1.28 2024/07/09 17:26:14 yasuoka Exp $
.\" $OpenBSD: radiusd.conf.5,v 1.29 2024/07/10 05:40:08 jmc Exp $
.\"
.\" Copyright (c) 2014 Esdenera Networks GmbH
.\" Copyright (c) 2014, 2023 Internet Initiative Japan Inc.
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 9 2024 $
.Dd $Mdocdate: July 10 2024 $
.Dt RADIUSD.CONF 5
.Os
.Sh NAME
@ -86,8 +86,8 @@ See
.It Do ipcp Dc module
The
.Dq ipcp
module provides IP configuration and manages IP address pool.
Also provides session-timeout and disconnection feature.
module provides IP configuration and manages the IP address pool.
It also provides session-timeout and disconnection feature.
See
.Xr radiusd_ipcp 8 .
.It Do radius Dc module

66
usr.sbin/radiusd/radiusd_ipcp.8
View file

@ -1,4 +1,4 @@
.\" $OpenBSD: radiusd_ipcp.8,v 1.2 2024/07/09 17:34:10 yasuoka Exp $
.\" $OpenBSD: radiusd_ipcp.8,v 1.4 2024/07/11 14:14:56 yasuoka Exp $
.\"
.\" Copyright (c) 2024 Internet Initiative Japan Inc.
.\"
@ -16,7 +16,7 @@
.\"
.\" The following requests are required for all man pages.
.\"
.Dd $Mdocdate: July 9 2024 $
.Dd $Mdocdate: July 11 2024 $
.Dt RADIUSD_IPCP 8
.Os
.Sh NAME
@ -30,21 +30,20 @@ The
module is executed by
.Xr radiusd 8
as a module to provide IP configuration through RADIUS Access-Accept messages
and manages IP address pool through RADIUS accounting messages.
and manages the IP address pool through RADIUS accounting messages.
The internal sessions can be shown or monitored by
.Xr radiusctl 8 .
Also
.Nm
provides session timeouts and disconnects requested by
also provides session timeouts and disconnects requested by
.Xr radiusctl 8
through the Dynamic Authorization Extension
.Po DAE, RFC 5176 Pc .
.Pq DAE, RFC 5176 .
.Sh CONFIGURATIONS
To use the
.Nm
module,
it should be configure as a decoration module of the authentication
and as an accouting module.
it should be configured as a decoration module of the authentication
and as an accounting module.
.Bd -literal -offset indent
authenticate * by (any auth module) decorate-by ipcp
account * to ipcp
@ -52,27 +51,24 @@ account * to ipcp
.Pp
The
.Nm
module supports the following configuration key and value:
.Pp
module supports the following configuration keys and values:
.Bl -tag -width Ds
.It Ic address pool Ar address-space ...
Specify the IP address spaces that is pooled.
The
.Ar address-space
can be specified by a address range
can be specified by an address range
.Pq e.g. 192.168.1.1-192.168.1.199
or a address mask
or an address mask
.Pq e.g. 192.168.1.0/24 .
The pooled addresses are used for dynamic assignment.
.It Ic address static Ar address-space ...
Specify the IP address spaces that is pooled for static assignment.
The
.Ar address-space
is the same syntax of
is the same syntax as
.Ic address pool ,
see the description for
.Ic address pool
for detail.
above.
.It Ic name-server Ar primary-address Op Ar secondary-address
Specify the DNS servers' IP addresses.
.It Ic netbios-server Ar primary-address Op Ar secondary-address
@ -109,12 +105,12 @@ the server is selected only for the session which NAS-Identifier is
matched the specified value.
The default port number is 3799.
.It Ic max-sessions Ar number
Specify the maxinum number of sessions.
Specify the maximum number of sessions.
.Sq 0
means no limit.
The default value is 0.
.It Ic user-max-sessions Ar number
Specify the maxinum number of sessions per a user.
Specify the maximum number of sessions per a user.
.Sq 0
means no limit.
The default value is 0.
@ -125,13 +121,19 @@ session after Access-Accept.
preserves the assigned IP address for that period.
The default value is 60 seconds.
.El
.Sh FILES
.Bl -tag -width "/usr/libexec/radiusd/radiusd_ipcp" -compact
.It Pa /usr/libexec/radiusd/radiusd_ipcp
.Dq ipcp
module executable.
.El
.Sh EXAMPLES
An example which
An example with
.Nm
works with
.Xr npppd 8 .
working with
.Xr npppd 8 :
.Pp
.Pa /etc/radiusd.conf:
.Pa /etc/radiusd.conf :
.Bd -literal -offset indent
listen on 127.0.0.1
listen on 127.0.0.1 accounting
@ -150,14 +152,15 @@ module ipcp {
set name-server 192.168.0.4
set max-sessions 128
set user-max-sessions 2
#set dae server 127.0.0.1 "SECRET3"
set dae server 127.0.0.1 "SECRET3"
set session-timeout radius
}
authenticate * by radius decorate-by ipcp
account * to ipcp
.Ed
.Pp
.Pa /etc/npppd/npppd.conf:
.Pa /etc/npppd/npppd.conf :
.Bd -literal -offset indent
tunnel L2TP protocol l2tp {
listen on 192.0.2.51
@ -175,19 +178,16 @@ authentication RADIUS type radius {
}
}
bind tunnel from L2TP authenticated by RADIUS to pppac0
radius dae listen on 127.0.0.1
radius dae client 127.0.0.1 secret "SECRET3"
.Ed
.Sh FILES
.Bl -tag -width "/usr/libexec/radiusd/radiusd_ipcp" -compact
.It Pa /usr/libexec/radiusd/radiusd_ipcp
.Dq ipcp
module executable.
.El
.Sh SEE ALSO
.Xr radiusctl 8 ,
.Xr authenticate 3 ,
.Xr radiusd 8 ,
.Xr radiusd.conf 5 ,
.Xr npppd 8
.Xr npppd 8 ,
.Xr radiusctl 8 ,
.Xr radiusd 8
.Sh HISTORY
The
.Nm

112
usr.sbin/radiusd/radiusd_ipcp.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: radiusd_ipcp.c,v 1.1 2024/07/09 17:26:14 yasuoka Exp $ */
/* $OpenBSD: radiusd_ipcp.c,v 1.3 2024/07/11 13:29:08 yasuoka Exp $ */
/*
* Copyright (c) 2024 Internet Initiative Japan Inc.
@ -190,6 +190,7 @@ static void ipcp_schedule_timer(struct module_ipcp *);
static void ipcp_dae_send_disconnect_request(struct assigned_ipv4 *);
static void ipcp_dae_request_on_timeout(int, short, void *);
static void ipcp_dae_on_event(int, short, void *);
static void ipcp_dae_reset_request(struct assigned_ipv4 *);
static struct ipcp_address
*parse_address_range(const char *);
static const char
@ -625,7 +626,9 @@ ipcp_dispatch_control(void *ctx, struct imsg *imsg)
else {
log_info("Disconnect id=%u requested",
assign->seq);
ipcp_dae_send_disconnect_request(assign);
if (assign->dae_ntry == 0)
ipcp_dae_send_disconnect_request(
assign);
}
}
break;
@ -1057,7 +1060,7 @@ ipcp_accounting_request(void *ctx, u_int q_id, const u_char *pkt,
assign->session_timeout;
}
assign->nas_ipv4 = nas_ipv4;
assign->nas_ipv4 = nas_ipv4;
assign->nas_ipv6 = nas_ipv6;
strlcpy(assign->nas_id, nas_id, sizeof(assign->nas_id));
if (radius_get_string_attr(radpkt, RADIUS_TYPE_ACCT_SESSION_ID,
@ -1222,18 +1225,7 @@ ipcp_ipv4_release(struct module_ipcp *self, struct assigned_ipv4 *assign)
TAILQ_REMOVE(&assign->user->ipv4s, assign, next);
RB_REMOVE(assigned_ipv4_tree, &self->ipv4s, assign);
self->nsessions--;
if (assign->dae != NULL) {
if (assign->dae_ntry > 0) {
TAILQ_REMOVE(&assign->dae->reqs, assign,
dae_next);
if (evtimer_pending(&assign->dae_evtimer, NULL))
evtimer_del(&assign->dae_evtimer);
}
}
if (assign->dae_reqpkt != NULL)
radius_delete_packet(assign->dae_reqpkt);
if (evtimer_pending(&assign->dae_evtimer, NULL))
evtimer_del(&assign->dae_evtimer);
ipcp_dae_reset_request(assign);
free(assign);
}
}
@ -1505,37 +1497,50 @@ ipcp_dae_send_disconnect_request(struct assigned_ipv4 *assign)
if (assign->dae == NULL)
return; /* DAE is not configured */
if (assign->dae_ntry == 0)
if (assign->dae_reqpkt != NULL) {
radius_delete_packet(assign->dae_reqpkt);
assign->dae_reqpkt = NULL;
if (assign->dae_reqpkt == NULL) {
if ((reqpkt = radius_new_request_packet(
RADIUS_CODE_DISCONNECT_REQUEST)) == NULL) {
log_warn("%s: radius_new_request_packet(): %m",
__func__);
return;
}
radius_put_string_attr(reqpkt, RADIUS_TYPE_ACCT_SESSION_ID,
assign->session_id);
/*
* RFC 5176 Section 3, "either the User-Name or
* Chargeable-User-Identity attribute SHOULD be present in
* Disconnect-Request and CoA-Request packets."
*/
radius_put_string_attr(reqpkt, RADIUS_TYPE_USER_NAME,
assign->user->name);
if (assign->nas_id[0] != '\0')
radius_put_string_attr(reqpkt,
RADIUS_TYPE_NAS_IDENTIFIER, assign->nas_id);
if (ntohl(assign->nas_ipv4.s_addr) != 0)
radius_put_ipv4_attr(reqpkt,
RADIUS_TYPE_NAS_IP_ADDRESS, assign->nas_ipv4);
if (!IN6_IS_ADDR_UNSPECIFIED(&assign->nas_ipv6))
radius_put_ipv6_attr(reqpkt,
RADIUS_TYPE_NAS_IPV6_ADDRESS, &assign->nas_ipv6);
radius_set_accounting_request_authenticator(reqpkt,
assign->dae->secret);
assign->dae_reqpkt = reqpkt;
}
reqpkt = radius_new_request_packet(RADIUS_CODE_DISCONNECT_REQUEST);
radius_put_string_attr(reqpkt, RADIUS_TYPE_ACCT_SESSION_ID,
assign->session_id);
radius_set_accounting_request_authenticator(reqpkt,
assign->dae->secret);
if (radius_send(assign->dae->sock, reqpkt, 0) < 0)
log_warn("%s: sendto: %m", __func__);
if (assign->dae_ntry == 0)
if (assign->dae_ntry == 0) {
log_info("Sending Disconnect-Request seq=%u to %s",
assign->seq, print_addr((struct sockaddr *)
&assign->dae->nas_addr, buf, sizeof(buf)));
TAILQ_INSERT_TAIL(&assign->dae->reqs, assign, dae_next);
}
assign->dae_reqpkt = reqpkt;
tv.tv_sec = dae_request_timeouts[assign->dae_ntry];
if (radius_send(assign->dae->sock, assign->dae_reqpkt, 0) < 0)
log_warn("%s: sendto: %m", __func__);
tv.tv_sec = dae_request_timeouts[assign->dae_ntry++];
tv.tv_usec = 0;
evtimer_set(&assign->dae_evtimer, ipcp_dae_request_on_timeout, assign);
evtimer_add(&assign->dae_evtimer, &tv);
if (assign->dae_ntry++ == 0)
TAILQ_INSERT_TAIL(&assign->dae->reqs, assign, dae_next);
}
void
@ -1544,11 +1549,12 @@ ipcp_dae_request_on_timeout(int fd, short ev, void *ctx)
struct assigned_ipv4 *assign = ctx;
char buf[80];
if (assign->dae_ntry >= (int)nitems(dae_request_timeouts))
if (assign->dae_ntry >= (int)nitems(dae_request_timeouts)) {
log_warnx("No answer for Disconnect-Request seq=%u from %s",
assign->seq, print_addr((struct sockaddr *)
&assign->dae->nas_addr, buf, sizeof(buf)));
else
ipcp_dae_reset_request(assign);
} else
ipcp_dae_send_disconnect_request(assign);
}
@ -1561,7 +1567,7 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
uint32_t u32;
struct assigned_ipv4 *assign;
char buf[80], causestr[80];
const char *cause;
const char *cause = "";
if ((ev & EV_READ) == 0)
return;
@ -1581,7 +1587,7 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
log_warnx("Received RADIUS packet from %s has unknown id=%d",
print_addr((struct sockaddr *)&dae->nas_addr, buf,
sizeof(buf)), radius_get_id(radres));
return;
goto out;
}
radius_set_request_packet(radres, assign->dae_reqpkt);
@ -1590,7 +1596,7 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
"authenticator", assign->seq, print_addr(
(struct sockaddr *)&dae->nas_addr, buf,
sizeof(buf)));
return;
goto out;
}
causestr[0] = '\0';
if (radius_get_uint32_attr(radres, RADIUS_TYPE_ERROR_CAUSE, &u32) == 0){
@ -1600,6 +1606,7 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
u32, cause);
else
snprintf(causestr, sizeof(causestr), " cause=%u", u32);
cause = causestr;
}
code = radius_get_code(radres);
@ -1608,13 +1615,11 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
log_info("Received Disconnect-ACK for seq=%u from %s%s",
assign->seq, print_addr((struct sockaddr *)
&dae->nas_addr, buf, sizeof(buf)), cause);
evtimer_del(&assign->dae_evtimer);
break;
case RADIUS_CODE_DISCONNECT_NAK:
log_warnx("Received Disconnect-NAK for seq=%u from %s%s",
assign->seq, print_addr((struct sockaddr *)
&dae->nas_addr, buf, sizeof(buf)), cause);
evtimer_del(&assign->dae_evtimer);
break;
default:
log_warn("Received unknown code=%d for id=%u from %s",
@ -1622,6 +1627,25 @@ ipcp_dae_on_event(int fd, short ev, void *ctx)
&dae->nas_addr, buf, sizeof(buf)));
break;
}
ipcp_dae_reset_request(assign);
out:
if (radres != NULL)
radius_delete_packet(radres);
}
void
ipcp_dae_reset_request(struct assigned_ipv4 *assign)
{
if (assign->dae != NULL) {
if (assign->dae_ntry > 0)
TAILQ_REMOVE(&assign->dae->reqs, assign, dae_next);
}
if (assign->dae_reqpkt != NULL)
radius_delete_packet(assign->dae_reqpkt);
assign->dae_reqpkt = NULL;
if (evtimer_pending(&assign->dae_evtimer, NULL))
evtimer_del(&assign->dae_evtimer);
assign->dae_ntry = 0;
}
/***********************************************************************

4
usr.sbin/vmctl/Makefile
View file

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.6 2019/01/18 01:24:07 pd Exp $
# $OpenBSD: Makefile,v 1.7 2024/07/10 09:27:33 dv Exp $
.if ${MACHINE} == "amd64"
.if ${MACHINE} == "amd64" || ${MACHINE} == "arm64"
.PATH: ${.CURDIR}/../vmd

23
usr.sbin/vmd/Makefile
View file

@ -1,13 +1,20 @@
# $OpenBSD: Makefile,v 1.29 2023/04/27 22:47:27 dv Exp $
# $OpenBSD: Makefile,v 1.30 2024/07/10 09:27:33 dv Exp $
.if ${MACHINE} == "amd64"
.if ${MACHINE} == "amd64" || ${MACHINE} == "arm64"
PROG= vmd
SRCS= vmd.c control.c log.c priv.c proc.c config.c vmm.c
SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c
SRCS+= ns8250.c i8253.c dhcp.c packet.c mmio.c
SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c fw_cfg.c
SRCS+= vm_agentx.c vioblk.c vionet.c
SRCS= vmd.c control.c log.c priv.c proc.c config.c vmm.c vm.c
SRCS+= pci.c virtio.c dhcp.c packet.c parse.y atomicio.c
SRCS+= vioscsi.c vioraw.c vioqcow2.c vm_agentx.c vioblk.c
SRCS+= vionet.c
.if ${MACHINE} == "amd64"
SRCS+= i8253.c i8259.c fw_cfg.c loadfile_elf.c mc146818.c ns8250.c
SRCS+= x86_vm.c x86_mmio.c
.endif # amd64
.if ${MACHINE} == "arm64"
SRCS+= arm64_vm.c
.endif # arm64
CFLAGS+= -Wall -I${.CURDIR}
CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
@ -24,7 +31,7 @@ YFLAGS=
NOPROG= yes
.endif
.endif # amd64 or arm64
MAN= vmd.8 vm.conf.5

162
usr.sbin/vmd/arm64_vm.c Normal file
View file

@ -0,0 +1,162 @@
/* $OpenBSD: arm64_vm.c,v 1.1 2024/07/10 10:41:19 dv Exp $ */
/*
* Copyright (c) 2024 Dave Voutila <dv@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/types.h>
#include "vmd.h"
void
create_memory_map(struct vm_create_params *vcp)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
}
int
load_firmware(struct vmd_vm *vm, struct vcpu_reg_state *vrs)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
void
init_emulated_hw(struct vmop_create_params *vcp, int child_cdrom,
int child_disks[][VM_MAX_BASE_PER_DISK], int *child_taps)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
}
void
restore_emulated_hw(struct vm_create_params *vcp, int fd, int *child_taps,
int child_disks[][VM_MAX_BASE_PER_DISK], int child_cdrom)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
}
void
pause_vm_md(struct vmd_vm *vm)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
}
void
unpause_vm_md(struct vmd_vm *vm)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
}
int
dump_devs(int fd)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
int
dump_send_header(int fd)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
void *
hvaddr_mem(paddr_t gpa, size_t len)
{ fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (NULL);
}
int
write_mem(paddr_t dst, const void *buf, size_t len)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
int
read_mem(paddr_t src, void *buf, size_t len)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
int
intr_pending(struct vmd_vm *vm)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
void
intr_toggle_el(struct vmd_vm *vm, int irq, int val)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
}
int
intr_ack(struct vmd_vm *vm)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
void
vcpu_assert_irq(uint32_t vm_id, uint32_t vcpu_id, int irq)
{
fatalx("%s: unimplemented", __func__);
}
void
vcpu_deassert_irq(uint32_t vm_id, uint32_t vcpu_id, int irq)
{
fatalx("%s: unimplemented", __func__);
}
int
vmd_check_vmh(struct vm_dump_header *vmh)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
int
vcpu_exit(struct vm_run_params *vrp)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (-1);
}
uint8_t
vcpu_exit_pci(struct vm_run_params *vrp)
{
fatalx("%s: unimplemented", __func__);
/* NOTREACHED */
return (0xff);
}

5
usr.sbin/vmd/i8253.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: i8253.c,v 1.40 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: i8253.c,v 1.41 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2016 Mike Larkin <mlarkin@openbsd.org>
*
@ -29,7 +29,6 @@
#include "i8253.h"
#include "vmd.h"
#include "vmm.h"
#include "atomicio.h"
extern char *__progname;
@ -369,7 +368,7 @@ i8253_fire(int fd, short type, void *arg)
struct timeval tv;
struct i8253_channel *ctr = (struct i8253_channel *)arg;
vcpu_assert_pic_irq(ctr->vm_id, 0, 0);
vcpu_assert_irq(ctr->vm_id, 0, 0);
if (ctr->mode != TIMER_INTTC) {
timerclear(&tv);

5
usr.sbin/vmd/mc146818.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: mc146818.c,v 1.28 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: mc146818.c,v 1.29 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2016 Mike Larkin <mlarkin@openbsd.org>
*
@ -31,7 +31,6 @@
#include "mc146818.h"
#include "virtio.h"
#include "vmd.h"
#include "vmm.h"
#define MC_RATE_MASK 0xf
@ -148,7 +147,7 @@ rtc_fireper(int fd, short type, void *arg)
{
rtc.regs[MC_REGC] |= MC_REGC_PF;
vcpu_assert_pic_irq((ptrdiff_t)arg, 0, 8);
vcpu_assert_irq((ptrdiff_t)arg, 0, 8);
evtimer_add(&rtc.per, &rtc.per_tv);
}

1046
usr.sbin/vmd/mmio.c
View file

File diff suppressed because it is too large Load diff

7
usr.sbin/vmd/ns8250.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: ns8250.c,v 1.39 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: ns8250.c,v 1.40 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2016 Mike Larkin <mlarkin@openbsd.org>
*
@ -30,7 +30,6 @@
#include "atomicio.h"
#include "ns8250.h"
#include "vmd.h"
#include "vmm.h"
extern char *__progname;
struct ns8250_dev com1_dev;
@ -80,7 +79,7 @@ ratelimit(int fd, short type, void *arg)
com1_dev.regs.iir |= IIR_TXRDY;
com1_dev.regs.iir &= ~IIR_NOPEND;
vcpu_assert_pic_irq(com1_dev.vmid, 0, com1_dev.irq);
vcpu_assert_irq(com1_dev.vmid, 0, com1_dev.irq);
mutex_unlock(&com1_dev.mutex);
}
@ -157,7 +156,7 @@ com_rcv_event(int fd, short kind, void *arg)
/* If pending interrupt, inject */
if ((com1_dev.regs.iir & IIR_NOPEND) == 0) {
/* XXX: vcpu_id */
vcpu_assert_pic_irq((uintptr_t)arg, 0, com1_dev.irq);
vcpu_assert_irq((uintptr_t)arg, 0, com1_dev.irq);
}
mutex_unlock(&com1_dev.mutex);

16
usr.sbin/vmd/pci.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pci.c,v 1.32 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: pci.c,v 1.33 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -28,12 +28,12 @@
#include "vmd.h"
#include "pci.h"
#include "vmm.h"
#include "i8259.h"
#include "atomicio.h"
struct pci pci;
extern struct vmd_vm current_vm;
extern char *__progname;
/* PIC IRQs, assigned to devices in order */
@ -86,7 +86,9 @@ pci_add_bar(uint8_t id, uint32_t type, void *barfn, void *cookie)
pci.pci_devices[id].pd_bartype[bar_ct] = PCI_BAR_TYPE_MMIO;
pci.pci_devices[id].pd_barsize[bar_ct] = VM_PCI_MMIO_BAR_SIZE;
pci.pci_devices[id].pd_bar_ct++;
} else if (type == PCI_MAPREG_TYPE_IO) {
}
#ifdef __amd64__
else if (type == PCI_MAPREG_TYPE_IO) {
if (pci.pci_next_io_bar >= VM_PCI_IO_BAR_END)
return (1);
@ -102,6 +104,7 @@ pci_add_bar(uint8_t id, uint32_t type, void *barfn, void *cookie)
pci.pci_devices[id].pd_barsize[bar_ct] = VM_PCI_IO_BAR_SIZE;
pci.pci_devices[id].pd_bar_ct++;
}
#endif /* __amd64__ */
return (0);
}
@ -195,7 +198,7 @@ pci_add_device(uint8_t *id, uint16_t vid, uint16_t pid, uint8_t class,
pci.pci_next_pic_irq++;
DPRINTF("assigned irq %d to pci dev %d",
pci.pci_devices[*id].pd_irq, *id);
pic_set_elcr(pci.pci_devices[*id].pd_irq, 1);
intr_toggle_el(&current_vm, pci.pci_devices[*id].pd_irq, 1);
}
pci.pci_dev_ct ++;
@ -216,7 +219,10 @@ pci_init(void)
memset(&pci, 0, sizeof(pci));
pci.pci_next_mmio_bar = VMM_PCI_MMIO_BAR_BASE;
#ifdef __amd64__
pci.pci_next_io_bar = VM_PCI_IO_BAR_BASE;
#endif /* __amd64__ */
if (pci_add_device(&id, PCI_VENDOR_OPENBSD, PCI_PRODUCT_OPENBSD_PCHB,
PCI_CLASS_BRIDGE, PCI_SUBCLASS_BRIDGE_HOST,
@ -226,6 +232,7 @@ pci_init(void)
}
}
#ifdef __amd64__
void
pci_handle_address_reg(struct vm_run_params *vrp)
{
@ -415,6 +422,7 @@ pci_handle_data_reg(struct vm_run_params *vrp)
}
}
}
#endif /* __amd64__ */
int
pci_dump(int fd)

11
usr.sbin/vmd/pci.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: pci.h,v 1.10 2023/02/06 20:33:34 dv Exp $ */
/* $OpenBSD: pci.h,v 1.11 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -93,9 +93,6 @@ struct pci {
};
int pci_find_first_device(uint16_t);
void pci_handle_address_reg(struct vm_run_params *);
void pci_handle_data_reg(struct vm_run_params *);
uint8_t pci_handle_io(struct vm_run_params *);
void pci_init(void);
int pci_add_device(uint8_t *, uint16_t, uint16_t, uint8_t, uint8_t, uint16_t,
uint16_t, uint8_t, pci_cs_fn_t);
@ -105,4 +102,10 @@ uint8_t pci_get_dev_irq(uint8_t);
int pci_dump(int);
int pci_restore(int);
#ifdef __amd64__
void pci_handle_address_reg(struct vm_run_params *);
void pci_handle_data_reg(struct vm_run_params *);
uint8_t pci_handle_io(struct vm_run_params *);
#endif /* __amd64__ */
#endif /* _PCI_H_ */

6
usr.sbin/vmd/vioblk.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vioblk.c,v 1.13 2024/02/20 21:40:37 dv Exp $ */
/* $OpenBSD: vioblk.c,v 1.14 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2023 Dave Voutila <dv@openbsd.org>
@ -555,7 +555,7 @@ handle_sync_io(int fd, short event, void *arg)
case VIODEV_MSG_IO_WRITE:
/* Write IO: no reply needed */
if (handle_io_write(&msg, dev) == 1)
virtio_assert_pic_irq(dev, 0);
virtio_assert_irq(dev, 0);
break;
case VIODEV_MSG_SHUTDOWN:
event_del(&dev->sync_iev.ev);
@ -614,7 +614,7 @@ handle_io_write(struct viodev_msg *msg, struct virtio_dev *dev)
vioblk->cfg.isr_status = 0;
vioblk->vq[0].last_avail = 0;
vioblk->vq[0].notified_avail = 0;
virtio_deassert_pic_irq(dev, msg->vcpu);
virtio_deassert_irq(dev, msg->vcpu);
}
break;
default:

23
usr.sbin/vmd/virtio.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: virtio.c,v 1.114 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: virtio.c,v 1.115 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -47,7 +47,6 @@
#include "vioscsi.h"
#include "virtio.h"
#include "vmd.h"
#include "vmm.h"
extern struct vmd *env;
extern char *__progname;
@ -274,7 +273,7 @@ virtio_rnd_io(int dir, uint16_t reg, uint32_t *data, uint8_t *intr,
case VIRTIO_CONFIG_ISR_STATUS:
*data = viornd.cfg.isr_status;
viornd.cfg.isr_status = 0;
vcpu_deassert_pic_irq(viornd.vm_id, 0, viornd.irq);
vcpu_deassert_irq(viornd.vm_id, 0, viornd.irq);
break;
}
}
@ -310,7 +309,7 @@ vmmci_ctl(unsigned int cmd)
/* Trigger interrupt */
vmmci.cfg.isr_status = VIRTIO_CONFIG_ISR_CONFIG_CHANGE;
vcpu_assert_pic_irq(vmmci.vm_id, 0, vmmci.irq);
vcpu_assert_irq(vmmci.vm_id, 0, vmmci.irq);
/* Add ACK timeout */
tv.tv_sec = VMMCI_TIMEOUT;
@ -322,7 +321,7 @@ vmmci_ctl(unsigned int cmd)
vmmci.cmd = cmd;
vmmci.cfg.isr_status = VIRTIO_CONFIG_ISR_CONFIG_CHANGE;
vcpu_assert_pic_irq(vmmci.vm_id, 0, vmmci.irq);
vcpu_assert_irq(vmmci.vm_id, 0, vmmci.irq);
} else {
log_debug("%s: RTC sync skipped (guest does not "
"support RTC sync)\n", __func__);
@ -468,7 +467,7 @@ vmmci_io(int dir, uint16_t reg, uint32_t *data, uint8_t *intr,
case VIRTIO_CONFIG_ISR_STATUS:
*data = vmmci.cfg.isr_status;
vmmci.cfg.isr_status = 0;
vcpu_deassert_pic_irq(vmmci.vm_id, 0, vmmci.irq);
vcpu_deassert_irq(vmmci.vm_id, 0, vmmci.irq);
break;
}
}
@ -1586,9 +1585,9 @@ handle_dev_msg(struct viodev_msg *msg, struct virtio_dev *gdev)
switch (msg->type) {
case VIODEV_MSG_KICK:
if (msg->state == INTR_STATE_ASSERT)
vcpu_assert_pic_irq(vm_id, msg->vcpu, irq);
vcpu_assert_irq(vm_id, msg->vcpu, irq);
else if (msg->state == INTR_STATE_DEASSERT)
vcpu_deassert_pic_irq(vm_id, msg->vcpu, irq);
vcpu_deassert_irq(vm_id, msg->vcpu, irq);
break;
case VIODEV_MSG_READY:
log_debug("%s: device reports ready", __func__);
@ -1702,9 +1701,9 @@ virtio_pci_io(int dir, uint16_t reg, uint32_t *data, uint8_t *intr,
* device performs a register read.
*/
if (msg.state == INTR_STATE_ASSERT)
vcpu_assert_pic_irq(dev->vm_id, msg.vcpu, msg.irq);
vcpu_assert_irq(dev->vm_id, msg.vcpu, msg.irq);
else if (msg.state == INTR_STATE_DEASSERT)
vcpu_deassert_pic_irq(dev->vm_id, msg.vcpu, msg.irq);
vcpu_deassert_irq(dev->vm_id, msg.vcpu, msg.irq);
} else {
log_warnx("%s: expected IO_READ, got %d", __func__,
msg.type);
@ -1716,7 +1715,7 @@ virtio_pci_io(int dir, uint16_t reg, uint32_t *data, uint8_t *intr,
}
void
virtio_assert_pic_irq(struct virtio_dev *dev, int vcpu)
virtio_assert_irq(struct virtio_dev *dev, int vcpu)
{
struct viodev_msg msg;
int ret;
@ -1734,7 +1733,7 @@ virtio_assert_pic_irq(struct virtio_dev *dev, int vcpu)
}
void
virtio_deassert_pic_irq(struct virtio_dev *dev, int vcpu)
virtio_deassert_irq(struct virtio_dev *dev, int vcpu)
{
struct viodev_msg msg;
int ret;

6
usr.sbin/vmd/virtio.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: virtio.h,v 1.51 2024/02/20 21:40:37 dv Exp $ */
/* $OpenBSD: virtio.h,v 1.52 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -346,8 +346,8 @@ uint32_t vring_size(uint32_t);
int vm_device_pipe(struct virtio_dev *, void (*)(int, short, void *),
struct event_base *);
int virtio_pci_io(int, uint16_t, uint32_t *, uint8_t *, void *, uint8_t);
void virtio_assert_pic_irq(struct virtio_dev *, int);
void virtio_deassert_pic_irq(struct virtio_dev *, int);
void virtio_assert_irq(struct virtio_dev *, int);
void virtio_deassert_irq(struct virtio_dev *, int);
int virtio_rnd_io(int, uint16_t, uint32_t *, uint8_t *, void *, uint8_t);
int viornd_dump(int);

1247
usr.sbin/vmd/vm.c
View file

File diff suppressed because it is too large Load diff

131
usr.sbin/vmd/vmd.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmd.c,v 1.158 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: vmd.c,v 1.159 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@ -41,7 +41,6 @@
#include <grp.h>
#include <dev/vmm/vmm.h>
#include <machine/specialreg.h>
#include "proc.h"
#include "atomicio.h"
@ -613,134 +612,6 @@ vmd_dispatch_priv(int fd, struct privsep_proc *p, struct imsg *imsg)
return (0);
}
int
vmd_check_vmh(struct vm_dump_header *vmh)
{
int i;
unsigned int code, leaf;
unsigned int a, b, c, d;
if (strncmp(vmh->vmh_signature, VM_DUMP_SIGNATURE, strlen(VM_DUMP_SIGNATURE)) != 0) {
log_warnx("%s: incompatible dump signature", __func__);
return (-1);
}
if (vmh->vmh_version != VM_DUMP_VERSION) {
log_warnx("%s: incompatible dump version", __func__);
return (-1);
}
for (i = 0; i < VM_DUMP_HEADER_CPUID_COUNT; i++) {
code = vmh->vmh_cpuids[i].code;
leaf = vmh->vmh_cpuids[i].leaf;
if (leaf != 0x00) {
log_debug("%s: invalid leaf 0x%x for code 0x%x",
__func__, leaf, code);
return (-1);
}
switch (code) {
case 0x00:
CPUID_LEAF(code, leaf, a, b, c, d);
if (vmh->vmh_cpuids[i].a > a) {
log_debug("%s: incompatible cpuid level",
__func__);
return (-1);
}
if (!(vmh->vmh_cpuids[i].b == b &&
vmh->vmh_cpuids[i].c == c &&
vmh->vmh_cpuids[i].d == d)) {
log_debug("%s: incompatible cpu brand",
__func__);
return (-1);
}
break;
case 0x01:
CPUID_LEAF(code, leaf, a, b, c, d);
if ((vmh->vmh_cpuids[i].c & c & VMM_CPUIDECX_MASK) !=
(vmh->vmh_cpuids[i].c & VMM_CPUIDECX_MASK)) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: c", __func__,
code, leaf);
return (-1);
}
if ((vmh->vmh_cpuids[i].d & d & VMM_CPUIDEDX_MASK) !=
(vmh->vmh_cpuids[i].d & VMM_CPUIDEDX_MASK)) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: d", __func__,
code, leaf);
return (-1);
}
break;
case 0x07:
CPUID_LEAF(code, leaf, a, b, c, d);
if ((vmh->vmh_cpuids[i].b & b & VMM_SEFF0EBX_MASK) !=
(vmh->vmh_cpuids[i].b & VMM_SEFF0EBX_MASK)) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: c", __func__,
code, leaf);
return (-1);
}
if ((vmh->vmh_cpuids[i].c & c & VMM_SEFF0ECX_MASK) !=
(vmh->vmh_cpuids[i].c & VMM_SEFF0ECX_MASK)) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: d", __func__,
code, leaf);
return (-1);
}
break;
case 0x0d:
CPUID_LEAF(code, leaf, a, b, c, d);
if (vmh->vmh_cpuids[i].b > b) {
log_debug("%s: incompatible cpu: insufficient "
"max save area for enabled XCR0 features",
__func__);
return (-1);
}
if (vmh->vmh_cpuids[i].c > c) {
log_debug("%s: incompatible cpu: insufficient "
"max save area for supported XCR0 features",
__func__);
return (-1);
}
break;
case 0x80000001:
CPUID_LEAF(code, leaf, a, b, c, d);
if ((vmh->vmh_cpuids[i].a & a) !=
vmh->vmh_cpuids[i].a) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: a", __func__,
code, leaf);
return (-1);
}
if ((vmh->vmh_cpuids[i].c & c) !=
vmh->vmh_cpuids[i].c) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: c", __func__,
code, leaf);
return (-1);
}
if ((vmh->vmh_cpuids[i].d & d) !=
vmh->vmh_cpuids[i].d) {
log_debug("%s: incompatible cpu features "
"code: 0x%x leaf: 0x%x reg: d", __func__,
code, leaf);
return (-1);
}
break;
default:
log_debug("%s: unknown code 0x%x", __func__, code);
return (-1);
}
}
return (0);
}
void
vmd_sighdlr(int sig, short event, void *arg)

47
usr.sbin/vmd/vmd.h
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmd.h,v 1.126 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: vmd.h,v 1.127 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -43,6 +43,9 @@
#define nitems(_a) (sizeof((_a)) / sizeof((_a)[0]))
#define MB(x) (x * 1024UL * 1024UL)
#define GB(x) (x * 1024UL * 1024UL * 1024UL)
#define VMD_USER "_vmd"
#define VMD_CONF "/etc/vm.conf"
#define SOCKET_NAME "/var/run/vmd.sock"
@ -492,21 +495,51 @@ int opentap(char *);
int fd_hasdata(int);
int vmm_pipe(struct vmd_vm *, int, void (*)(int, short, void *));
/* vm.c */
/* {mach}_vm.c (md interface) */
void create_memory_map(struct vm_create_params *);
int load_firmware(struct vmd_vm *, struct vcpu_reg_state *);
void init_emulated_hw(struct vmop_create_params *, int,
int[][VM_MAX_BASE_PER_DISK], int *);
void restore_emulated_hw(struct vm_create_params *vcp, int, int *,
int[][VM_MAX_BASE_PER_DISK], int);
int vcpu_reset(uint32_t, uint32_t, struct vcpu_reg_state *);
void pause_vm_md(struct vmd_vm *);
void unpause_vm_md(struct vmd_vm *);
int dump_devs(int);
int dump_send_header(int);
void *hvaddr_mem(paddr_t, size_t);
int write_mem(paddr_t, const void *, size_t);
int read_mem(paddr_t, void *, size_t);
int intr_ack(struct vmd_vm *);
int intr_pending(struct vmd_vm *);
void intr_toggle_el(struct vmd_vm *, int, int);
void vcpu_assert_irq(uint32_t, uint32_t, int);
void vcpu_deassert_irq(uint32_t, uint32_t, int);
int vcpu_exit(struct vm_run_params *);
uint8_t vcpu_exit_pci(struct vm_run_params *);
#ifdef __amd64__
/* x86 io functions in x86_vm.c */
void set_return_data(struct vm_exit *, uint32_t);
void get_input_data(struct vm_exit *, uint32_t *);
#endif /* __amd64 __ */
/* vm.c (mi functions) */
void vcpu_halt(uint32_t);
void vcpu_unhalt(uint32_t);
void vcpu_signal_run(uint32_t);
int vcpu_intr(uint32_t, uint32_t, uint8_t);
void vm_main(int, int);
void mutex_lock(pthread_mutex_t *);
void mutex_unlock(pthread_mutex_t *);
int read_mem(paddr_t, void *buf, size_t);
int start_vm(struct vmd_vm *, int);
__dead void vm_shutdown(unsigned int);
int vmd_check_vmh(struct vm_dump_header *);
void vm_pipe_init(struct vm_dev_pipe *, void (*)(int, short, void *));
void vm_pipe_init2(struct vm_dev_pipe *, void (*)(int, short, void *),
void *);
void vm_pipe_send(struct vm_dev_pipe *, enum pipe_msg_type);
enum pipe_msg_type vm_pipe_recv(struct vm_dev_pipe *);
int write_mem(paddr_t, const void *buf, size_t);
void* hvaddr_mem(paddr_t, size_t);
int remap_guest_mem(struct vmd_vm *, int);
__dead void vm_shutdown(unsigned int);
/* config.c */
int config_init(struct vmd *);

6
usr.sbin/vmd/vmm.c
View file

@ -1,4 +1,4 @@
/* $OpenBSD: vmm.c,v 1.120 2024/07/09 09:31:37 dv Exp $ */
/* $OpenBSD: vmm.c,v 1.121 2024/07/10 09:27:33 dv Exp $ */
/*
* Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
@ -30,9 +30,6 @@
#include <dev/pci/pcireg.h>
#include <dev/vmm/vmm.h>
#include <machine/psl.h>
#include <machine/specialreg.h>
#include <net/if.h>
#include <errno.h>
@ -50,7 +47,6 @@
#include <util.h>
#include "vmd.h"
#include "vmm.h"
#include "atomicio.h"
#include "proc.h"

1045
usr.sbin/vmd/x86_mmio.c Normal file
View file

File diff suppressed because it is too large Load diff

1373
usr.sbin/vmd/x86_vm.c Normal file
View file

File diff suppressed because it is too large Load diff