IABSD.fr/src

Branch :


Log

Author Commit Date CI Message
5b7c8fd6 2025-02-17 09:25:45 Simplify ECDH_size() by using BN_num_bytes() ok jsing
2f5a0aea 2025-02-17 08:56:33 Get rid of unused `so' argument in sbreserve(). ok bluhm
edfe48e7 2025-02-17 08:39:50 Reorder <sys/socketvar.h> by moving inline functions to the end. ok bluhm
4df8ba73 2025-02-17 05:00:06 reduce diff to linux
ae0be371 2025-02-16 16:05:07 Use shared socket lock for NFS. The socket functions that are called by NFS code are MP safe. Shared net lock together with socket lock is sufficient. OK mvs@
c48feb94 2025-02-16 13:07:08 Argument order fix for m_gethdr ok martijn@ claudio@ bluhm@
3411e7e2 2025-02-16 11:39:28 Revert SMR protection of rt_gwroute. Using a smr_barrier() in rt_putgwroute() slows down adding routes. This is the hot path for BGP router. Syncing the FIB is now taking ages and the system is close to unrespnsive in that time. found by claudio@
af99e056 2025-02-16 11:27:23 sync
c129e66c 2025-02-16 10:11:37 Add support for reading eeprom pages for the few cards with SFP slots. ok dlg@
f3e19b3a 2025-02-16 09:15:54 hook opam-module.5 page in man5/Makefile reminder by tb@
ab7d5da6 2025-02-16 09:03:31 add opam-module.5 man page to document sysutils/opam module. with help from jmc@
96ec60f5 2025-02-15 21:49:28 Fail hard with mutex assertion if socket buffer is not locked. OK mvs@
a1e112ca 2025-02-15 11:55:17 call intel_fbdev_invalidate() at the end of intelfb_create() Avoids a problem seen with the (Alder Lake) Framework 13 after the 6.12 drm update. Userland console output did not display without switching to a virtual terminal and back. Not all Alder Lake machines, T14 Gen 3 Intel worked as expected before this change. reported and tested by matthieu@
5c4be1f5 2025-02-15 09:05:15 sys/uvideo: clarify bulk endpoint stream closure UVC does not specify how to notify a bulk-based device when the video stream stops. Both Linux and Windows send a CLEAR_FEATURE(HALT) request to the video streaming bulk endpoint. OK: mglocker@
ecbcc43a 2025-02-15 06:48:56 - use \& when contructs like "e.g." end a line, to avoid double spacing - macro is Qq not Oq
3b0301ee 2025-02-15 01:52:07 add "Match version" support to ssh_config. Allows matching on the local version of OpenSSH, e.g. "Match version OpenSSH_10.*" ok markus@
ecd65cd4 2025-02-15 01:50:47 Add support for "Match sessiontype" to ssh_config. Allows matching on the type of session requested, either "shell" for interactive sessions, "exec" for command execution sessions, "subsystem" for subsystem requests, such as sftp, or "none" for transport/forwarding-only sessions. ok markus@
b568ccc6 2025-02-15 01:48:30 "Match command ..." support for ssh_config to allow matching on the remote command specified on the commandline. Also relaxes matching rules for `Match tagged` to allow `Match tagged ""` to match an empty tag value. This also works for command. ok markus@
e245266b 2025-02-14 19:38:59 sync
8d246409 2025-02-14 18:42:43 It is important that we map memory with the right attributes otherwise we may trigger an SError. The crashlog entries for the SMC live in SRAM which needs to be mapped as device memory. To make this possible, make the rk_logmap() rtkit callback function return the desired memory attributes in the low bits of the address, using PMAP_NOCACHE or PMAP_DEVICE defines. Rewrite the DCP implementation of rk_logmap() to do a better job ati determining the correct mapping. The current code would fail in some cases (i.e. on the M1 Pro MacBook Pro) and map some unused address as normal non-cachable which could also trigger an SError. ok jca@
4a7354f2 2025-02-14 18:36:04 Add support for device mappings in pmap_kenter_pa(9) the same way we handle those in pmap_enter(9). ok jca@
e8902928 2025-02-14 13:29:00 Add the kern.audio.kbdcontrol sysctl(2) variable If set to 0, the volume keys on multimedia keyboards are handled as regular keys, allowing programs to use them. The default is 1, i.e. the current behavior. ok armani, kettenis, mvs
51442b8a 2025-02-14 13:14:13 add tunneldf support to sec(4) sec(4) is a very thin wrapper around the existing ipsec output processing for encapsulating packets, and inherited the behaviour that the DF flag was propagated from the encapsulated packet to the outer ip header. this means if the sec(4) interface has a large mtu and is carrying packets with DF set over a network that can't transport large(r) packets, these packets are effectively dropped. ipsec applied via the SPD copes with this by having SAs figure out the path mtu and using that when applying policy, but sec(4) is an interface, so the network stack uses the interface mtu rather than the associated SA path mtu. rfc4459 discusses this kind of problem has offers a variety of solutions. this implements one of the simpler options, which is to allow the tunnel endpoints to manage the DF regardless of the payload and reassemble the encapsulated packets. to actually do this, ipsec output packet processing has to be able to take an argument that says how you want DF to be handled. in the future we're going to look at how we can use the path mtu determined by the ipsec SA to try and implement one of the other solutions from the RFC, which is to signal the lower mtu to the sources of tunnelled packets. tested by and ok claudio@
4eb9c9dc 2025-02-14 12:01:58 Replace Makefile based SHA*_ASM defines with HAVE_SHA_* defines. Currently, SHA{1,256,512}_ASM defines are used to remove the C implementation of sha{1,256,512}_block_data_order() when it is provided by assembly. However, this prevents the C implementation from being used as a fallback. Rename the C sha*_block_data_order() to sha*_block_generic() and provide a sha*_block_data_order() that calls sha*_block_generic(). Replace the Makefile based SHA*_ASM defines with two HAVE_SHA_* defines that allow these functions to be compiled in or removed, such that machine specific verisons can be provided. This should effectively be a no-op on any platform that defined SHA{1,256,512}_ASM. ok tb@
e9994d6d 2025-02-14 08:08:05 With ACPI >= 5, assume UEFI and default to GPT Add another criteria besides efifb(4) attaching to determine whether the installer booted in UEFI mode and not stick with MBR in such cases. This at least avoids "An EFI/GPT disk may not boot. Proceed?" on some boxes. With deraadt kettenis beck
4b5fa149 2025-02-14 06:25:00 Cope with recent changes and pull in sys/rwlock.h.
c33cf9b0 2025-02-14 04:56:26 Enable mtrng(4). ok kettenis@
9c575bff 2025-02-14 03:15:06 Add manual page for mtrng(4). ok kettenis@
e04b0fdd 2025-02-14 03:11:05 Add mtrng(4), supporting the 32-bit random number generator on MediaTek SoCs. ok kettenis@
dddbedba 2025-02-13 21:01:34 Fix route entry race when accessing rt_gwroute. Kassert in rt_getll() was triggered as rt_gwroute could be NULL. Problem was introduced by shared netlock around tcp_timer_rexmt(). PMTU discovery calls rtrequest_delete() which was missing proper locking around rt_gwroute. As rt_getll() is called by ARP and ND6 resolve in the hot path, use SMR to provide the pointer to rt_gwroute lockless. Reference count of the returned route is incremented, caller has to free it. Modifying rt_gwroute or rt_cachecnt in rt_putgwroute() is protected by per route lock. OK mvs@
88a67239 2025-02-13 19:54:44 Remove leftover code from a previous iteration of this and which should have been removed before committing this in the first place.
ea26dbcb 2025-02-13 16:31:25 Add a note about C-r and C-s behaviour, GitHub issue 4309. Also add a missing word, from jmc@.
9470f526 2025-02-13 14:44:33 Get rid of unused `so' argument in sbrelease(). No functional changes. ok bluhm
babf29f6 2025-02-13 12:39:15 Remove socket lock from soo_ioctl(FIOASYNC). The socket buffer flags are protected by socket buffer mutex. Neither socket lock nor net lock are needed anymore. OK mvs@
715c64a6 2025-02-13 11:19:49 ec_mont_group_set_curve: convert to BN_MONT_CTX_create() and simplify This removes the penultimate internal call of BN_MONT_CTX_new(). The last one could be removed at the cost of introducing a BN_MONT_CTX_dup(), which probably isn't worth it. ok jsing
955ad9dd 2025-02-13 11:18:00 dsa_gen: convert to BN_MONT_CTX_create() This can now be a single call before the BN_MONT_CTX is actually used rather than two calls separated by 170 lines. ok jsing
0695c23a 2025-02-13 11:15:09 Convert bn_exp to BN_MONT_CTX_create() This simplifies the handling of the BN_MONT_CTX passed in and unifies the exit paths. Also zap some particularly insightful comments by our favorite captain. ok jsing
cce9f024 2025-02-13 11:10:01 Convert BPSW to BN_MONT_CTX_create() ok jsing
eda5102e 2025-02-13 11:09:51 Convert BN_MONT_CTX_set_locked() to BN_MONT_CTX_create() ok jsing
f5061072 2025-02-13 11:04:20 bn: add internal BN_MONT_CTX_create() This does what the public BN_MONT_CTX_new() should have done in the first place rather than doing the toolkit thing of returning an invalid object that you need to figure out how to populate and with what because the docs are abysmal. It takes the required arguments and calls BN_MONT_CTX_set(), which all callers do immediately after _new() (except for DSA which managed to squeeze 170 lines of garbage between the two calls). ok jsing
44a9493f 2025-02-12 21:41:53 Use shared net lock in sysctl fill file. The macro FILLINPTABLE() already uses shared net lock for fill_file(). The FILLIT() sysctls should do the same instead of grabbing exclusive net lock. OK mvs@
bd92615b 2025-02-12 21:28:10 Use socket lock for inpcb notify. The notify and ctlinput functions were not MP safe. They need socket lock which can be aquired by in_pcbsolock_ref(). Of course in_pcbnotifyall() has to be called without holding a socket lock. Rename in_rtchange() to in_pcbrtchange(). This is the correct namespace and the functions take care of the inpcb route. OK mvs@
4116b2d2 2025-02-12 21:22:15 recp -> reciprocal renaming in tests
3ca91234 2025-02-12 21:21:34 Rename BN_mod_exp_recp() to BN_mod_exp_reciprocal() (leaving out a dotasm comment that would become harder to read than it already is)
eb8501b6 2025-02-12 20:18:31 Fix ddb machine sysregs stack overflow. In 64-bit mode, the operand size of SIDT and SGDT instructions is 8+2 bytes. On amd64 ddb command 'machine sysregs' reserved only int64_t, resulting in a stack overflow. Use struct region_descriptor which has the correct memory layout for IDTR and GDTR. Allow to call db_sysregs_cmd() also with single processor kernel. from Sebastian Sturm; OK deraadt@ miod@
b57ea41b 2025-02-12 19:33:20 Make the filename for the config file const since it should not be modified. OK tb@
7bceecc6 2025-02-12 16:49:56 Replace hand-rolled list foreach loops with corresponding FOREACH_SAFE In most cases this is obvious the tricky ones are in name2id.c where the cleaned up code is a fair bit easier to read. OK tb@
e38e22e0 2025-02-12 16:40:51 Move * around in prototype.
99f2f888 2025-02-12 14:11:26 Changes to the per-process unveil datastructures can be raced by either pledge() [removing all path promises] or unveil() [adding new paths], against namei() inspecting in other thread system calls. Detailed locking for this would make future work on vfs unlocking difficult, so use the simplest way for now: SINGLE_UNWIND ok claudio
bc46d05f 2025-02-12 13:10:13 Improve control_imsg_relay() error handling and move the peer check to session imsg dispatch where all other checks are as well. OK tb@
705b70e0 2025-02-11 22:27:09 Implement support for SVE (Scalable Vector Extension) on arm64. ok patrick@
d800967e 2025-02-11 20:43:46 clarify behaviour of -s option; from jan stary ok millert
0eb55e79 2025-02-11 19:28:45 Make session_update take a struct peer pointer as first argument like all other functions in packet processing. While there also improve the "no such peer" error message so that it is clear which one was triggered. OK tb@
10a2be2b 2025-02-11 16:22:37 Fix stupid bug in previous (handle _CID being a Package type)
d47bdb84 2025-02-11 14:58:11 Keep the new p_pledge field struct proc in sync upon execve(2). Regression caught by regress/sys/kern/pledge/execpromise. ok deraadt@
dc62a47c 2025-02-11 14:44:52 If rpki-client kills an rsync process via SIGTERM ignore the SIGTERM exit. Do not treat that SIGTERM as an unexpected program termination that should be reported and have rpki-client exit non-zero at the end of its run. rsync intercepts the SIGTERM and exits but openrsync does not so this only affects openrsync. Problem noticed by job@ OK tb@
783dad9c 2025-02-11 14:29:05 Clear the right memory in the RFC 8950 handling inside capa_neg_calc(). Obvious copy paste error which was harmless. OK tb@
3d82e387 2025-02-11 12:55:05 bring back local change to disable panel self refresh should re-resolve display issues on Dell XPS 13 7390 reported by James Cook on bugs@
06a6b4fa 2025-02-11 12:07:26 Handle _CID being a Package type, in which case we'll use the first item in the Package as the cid value to match against. This will allow pckbc@acpi to match on some chromebooks. ok kettenis@
e0b0180b 2025-02-11 07:54:52 define CONFIG_FRAMEBUFFER_CONSOLE used in inteldrm when deciding if an fb is too big for stolen memory
8d506a4c 2025-02-11 05:18:02 make totalram_pages() return long needed as callers shift the result left by PAGE_SHIFT without casting
e79a733a 2025-02-11 03:54:20 avoid %pR format strings in intel_memory_regions_hw_probe() debug
d288aa1f 2025-02-10 23:19:26 include arguments the command was invoked with, and operating system name, version and architecture in startup debugging output; ok dtucker
c6789490 2025-02-10 23:16:51 include line number in Match debug messages, makes it a little easier to see what's going on
c7df606a 2025-02-10 23:00:29 fix "Match invalid-user" from incorrectly being activated in initial configuration pass when no other predicates were present on the match line
ebbd7b19 2025-02-10 20:40:26 Fix pasto. Spotted by FUKAUMI Naoki.
42051861 2025-02-10 18:09:10 Print error message about missing config file. dhc6leased(8) does not work without one, as oposed to dhcpleased(8) from where this code came. Noticed by claudio.
e68d79e3 2025-02-10 16:45:46 A syzkaller report was diagnosed by semarie, and found a namei-related sleeping system call which was re-inspecting p->p_p->ps_pledge in one thread, after another thread had reduced the promises by calling pledge(), with promises which would have prevented that syscall from being called in the first place. This inconsistant promise view is dangerous. So let's change pledge semantics a tiny bit: We copy the per-process p_p->ps_pledge value to per-thread p_pledge at invocation of each system call, so that the configuration is stable. This method avoids increasing the cost of pledge checks. ok claudio kettenis semarie
ba453f40 2025-02-10 15:06:57 Fix TCP maximum segment size with IPsec. When IPsec is used, if_get(m->m_pkthdr.ph_ifidx) returns enc0. Its if_mtu is 0 which results in negative mss. After fixing a signed integer comparison bug with imax(), tcp_mss_adv() used mssdflt, which is 512. So the TCP SYN cache sent packets with a small maximum TCP segment number. The underlying problem is, that SYN cache used the incoming interface m->m_pkthdr.ph_ifidx for the outgoing MTU. The correct way is to use the route of the destination address like tcp_mss() does it. The SYN cache has a struct route which can be used. An additional route lookup does not happen as the route is cached and will be reused by ip_output(). OK mvs@
72218500 2025-02-10 14:42:13 Fix spelling in log warnings Thanks to Marco D'Itri for reporting
719e8131 2025-02-10 11:41:19 Although one would expect systems emulating the legacy PS/2 keyboard controller to do this faithfully, there are more and more systems which use creative interrupt configurations differing from the ISA defaults, and cause pckbc@isa to not behave correctly, making these keyboards (and sometimes trackpads, too) unusable. This commit introduces a pckbc@acpi attachment, which will attach instead of pckbc@isa if it detects an interrupt configuration which would not be handled correctly by the isa attachment. This unbreaks, among other things, the keyboards in various ChromeBook. ok kettenis@, thanks to everyone who tested.
4f6ac763 2025-02-10 09:42:09 avoid %pV %ps format strings in __drm_dev_vprintk()
170d0829 2025-02-10 09:28:00 stop printing pid and calling function in dev_printk()
76a5afcb 2025-02-10 08:18:23 Align index numbers in trees, from David Mandelberg, GitHub issue 4360.
a5de3193 2025-02-10 08:14:32 Add display-message -C flag to update pane while message is displayed, GitHub issue 4363 from Vitaly Ostrosablin.
0ebf3621 2025-02-10 01:51:11 drm/amd/display: Add hubp cache reset when powergating From Aric Cyr 8eb4d51b44c7f79e27bef8dbb4f1f068c10396f4 in linux-6.12.y/6.12.13 01130f5260e5868fb6b15ab8c00dbc894139f48e in mainline linux
e26ddf00 2025-02-10 01:48:29 drm/amd/display: Reduce accessing remote DPCD overhead From Wayne Lin f488b53b54435f9ac5fe897b0e483a91240ee5f4 in linux-6.12.y/6.12.13 adb4998f4928a17d91be054218a902ba9f8c1f93 in mainline linux
a664c55f 2025-02-10 01:44:13 drm/amdgpu: fix gpu recovery disable with per queue reset From Jonathan Kim d9cc477e77c622f3b595c62b1f37563c7d641214 in linux-6.12.y/6.12.13 86bde64cb7957be393f84e5d35fb8dfc91e4ae7e in mainline linux
9ab9d937 2025-02-10 01:42:40 Revert "drm/amdgpu/gfx9: put queue resets behind a debug option" From Alex Deucher fd3ea4d5493f4907d9e1f2834dcd3742ab158446 in linux-6.12.y/6.12.13 32f00289698189b813942f37626218fd473e7302 in mainline linux
00fe0701 2025-02-10 01:40:19 drm/amdgpu: tear down ttm range manager for doorbell in amdgpu_ttm_fini() From Jiang Liu 495497c6e7f7a175f6f28b733408eff834a31e13 in linux-6.12.y/6.12.13 60a2c0c12b644450e420ffc42291d1eb248bacb7 in mainline linux
12a4c494 2025-02-10 01:38:56 drm/amdgpu/vcn: reset fw_shared under SRIOV From Bokun Zhang 833b813b7fdab90220a0938953586ed3a87d7076 in linux-6.12.y/6.12.13 3676f37a88432132bcff55a17dc48911239b6d98 in mainline linux
f9813dd0 2025-02-10 01:37:28 drm/connector: Allow clearing HDMI infoframes From Derek Foreman 4128fb6a69bf3bf8032bfdeb0cc6919b80a428b2 in linux-6.12.y/6.12.13 d34357743b360c99903b5a59daab08f55b2f41a1 in mainline linux
30cdf4b4 2025-02-10 01:35:22 drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table From Ivan Stepchenko 0b97cd8a61b2b40fd73cf92a4bb2256462d22adb in linux-6.12.y/6.12.13 357445e28ff004d7f10967aa93ddb4bffa5c3688 in mainline linux
9b0ca61c 2025-02-10 01:32:56 drm/amd/pm: Fix an error handling path in vega10_enable_se_edc_force_stall_config() From Christophe JAILLET e656f04ecd52c63cb4ced21bb933d327dd547aa2 in linux-6.12.y/6.12.13 a3300782d5375e280ba7040f323d01960bfe3396 in mainline linux
275cd30c 2025-02-09 18:24:08 In a section 1 manual, use the plain English words "standard output" rather than the overly technical abbreviation "stdout" - we are not talking about a device file or a FILE * object here. Issue reported by <onf at disroot dot org> on the groff mailing list.
045bbcac 2025-02-09 18:15:23 Fix a markup glitch: In a section 1 manual, use the plain English words "standard output" rather than the overly technical abbreviation "stdout" - we are not talking about a device file or a FILE * object here. Issue reported by <onf at disroot dot org> on the groff mailing list.
6021acf1 2025-02-09 12:14:13 Factor out the logic on how to stop a process from single_tread_set() into process_stop(). This logic will be used by the signal stop code soon. OK mpi@
d2e1daa0 2025-02-08 10:12:00 Cache CRLs in issuer cache The issuer cache holds a pair of SHA-512 of parent and child cert plus the result of the signature verification. Since CRLs also have a cached hash of their DER, we can easily add them to the same cache. This way we also avoid the cost of repeated signature verification for CRLs. For ordinary workloads the cache is larger than necessary and it won't currently take up more space than ~8M anyway, so the cost of doing this is negligible. For applications like rpki-client where the same (CA, CRL) pair is used to verify multiple EE certs, the gain is significant. In fact, the current worst case is a single pair being used for > 50k EE certs, responsible for about 20-25% of the total runtime of an ordinary rpki-client run if a hw-accelerated version of SHA-2 is available and even more if it isn't. In both cases the cost of processing of this pair is reduced by more than an order of magnitude. The implementation is a translation of x509_verify_parent_signature() to the case of CRLs and is entirely trivial thanks to the cache's design. Found while investigating a performance bottleneck found by job tested by job ok beck
2347e6ed 2025-02-08 03:41:36 Move X509_NAME_print() next to its only internal caller Fix includes while there
bd8a446d 2025-02-08 01:11:55 rework "Default IPv6 router?" to behave like the rest The only interactive question backed by ksh(1)'s select has a few drawbacks: no ! or ? support, no record in the response file and unexpected behaviour. Switch to ask_until() like 'Default IPv4 route?' and 'Access Point?' to fix all this; now one can drop into a shell without restarting an install to follow route(8)'s last EXAMPLE. florian likes it OK afresh1
953cafab 2025-02-08 01:04:56 x509_verify_parent_signature(): no need to bump pkey's refcount The parent certificate outlives the signature check, so we don't have to take a refcount of its pubkey and then release it again. ok beck
71686e93 2025-02-08 01:01:31 x509_verify: missing verify error on cached signature mismatch If a signature mismatch is cached, the same error should be passed to the verify callback as if the mismatch was detected by doing the calculation, rather than falling back to the "unable to find the issuer cert locally". ok beck
24e5b720 2025-02-07 23:08:48 Respect checksum offloading in dhcrelay(8) and dhcrelay6(8). When sending IP packets over virtual machines on the same host, vio(4) can offload the checksum and never calculate it. As neither sender nor host calculate checksum, it is always wrong, and the receiver has to check a flag. A similar fix has been commited to dhcpleased(8) and dhcpd(8). RFC 1071 recommends to verify the checksum by calculating it over the packet including the checksum and compare to 0. That is also what our kernel does. Convert the logic to that algorithm. tested and OK jan@
3b1132f5 2025-02-07 22:05:15 Print RAS and SVE CPU features. ok tb@, mglocker@
c0f05be6 2025-02-07 21:56:04 Rework checksum validation for incoming UDP in dhcpleased(8). RFC 1071 recommends to verify the checksum by calculating it over the packet including the checksum and compare to 0. That is also what our kernel does. Convert the logic in dhcpleased(8) to that algorithm. tested and OK jan@
17e47b48 2025-02-07 21:48:26 Respect checksum offloading for incoming UDP in dhcpd(8). When sending IP packets over virtual machines on the same host, vio(4) can offload the checksum and never calculate it. As neither sender nor host calculate checksum, it is always wrong, and the receiver has to check a flag. A similar fix has been commited in dhcpleased(8) a while ago. RFC 1071 recomends to verify the checksum by calculating it over the packet including the checksum and compare to 0. That is also what our kernel does. Convert the logic in dhcpd(8) to that algorithm. tested and OK jan@ markus@
a57a1649 2025-02-07 21:22:23 sync from unbound-1.21.1 to avoid some whitespace diffs
c25c3844 2025-02-07 17:25:50 grow size of media
d3bc0aaa 2025-02-07 13:37:11 whitespace
4ce92a75 2025-02-07 11:57:17 reduce the diff to linux