Fix vmd(8) vionet reset race leading to broken networking.
A driver reset races with the device asynchronously notifying tx
and rx threads. The current design finishes the reset after the
threads pause and acknowledge the reset. This can clobber device
state because a driver doesn't need to wait before reconfiguring
the device. End result is device thinks it's in a blank slate while
driver thinks device is configured and device refuses to pass packets
thinking the driver isn't ready.
This removes that async reset design and ack message from the
threads. Reset occurs immediately while emulating the write to the
register. A generation counter is used to signal to tx and rx
threads that a reset occurred between they time they finished
processing virtqueues and the time they grabbed the write lock to
change interrupt state on the device so they can safely skip
raising irq lines.
Original bug reports by mbuhl@ and stsp@.
[4 lines not shown]
Attempt to load the right device tree from the riscv64-specmit-dtb
firmware package on SpacemiT K1 boards. The only viable way to do this
seems to be basing this on the "model" property of the root node of
the device tree provided by the device. This is still a bit of a guess
since the Milk-V Jupiter advertises itself as "spacemit k1-x evb board"
and the Banana Pi BPI-F3 seems to say it is a "spacemit k1-x deb1 board".
ok jca@
If you use the floppy, fw_update for some drivers will not work, you will
have to figure out the names of the missing firmwares and request them
manually.
The pci strings in the kernel have become too large, and I'm being told I
may not shorten them.
If you use the floppy, fw_update for some drivers will not work, you will
have to figure out the names of the missing firmwares and request them
manually.
The pci strings in the kernel have become too large, and I'm being told I
may not shorten them.
route_output() can not use the info struct late in its function
since the rtm struct that populated it was freed around the
rtm_report() call. In that case access to info.rti_info[RTAX_DST]
is a use-after-free. Cache the address family before handling the
route message so that the route_input call can use this value instead.
Report from Bruce Dang of Calif.io
OK deraadt@
Refine unveil(2) usage.
* Process man.conf(5) early before unveil(2) because it needs realpath(3).
* Rather than unveiling the whole file system for reading and execution,
only reveal the manpaths actually needed for reading, and /usr/share/locale/
if needed, and only reveal the pager binary for execution.
* Only reveal the whole file system for reading if input file names
are listed individually on the command line.
* Rather than unveiling /tmp unconditionally, only do so when it is
actually needed for the pager.
* When -O outfilename or -O tagfilename is specified, rather than
unveiling the current working directory for writing, only unveil
the specific filenames needed.
Using some feedback from deraadt@, in particular reducing the number
of vnodes that are held, and avoiding use of the "unveil" pledge(2).
Prepare for refining unveil(2) usage by providing a function manpath_unveil()
that makes the manpath directories accessible. Soon to be used by man(1),
spropos(1), and makewhatis(8).
Delete the pointless logic that remembers the original working directory.
It was never needed because manpath_add() in manpath.c has always been
using realpath(3) since the very beginning in 2011, so struct manpaths
only ever contains absolute paths.
The only exception is man.cgi(8), but that chdir(2)s to the right
directory beforehand and only ever uses one single manpath, ".".
This simplifies the code with no functional change.
Some mapchar emulops require a question mark character, so don't permit
loading if that is missing (bounded by firstchar and numchars).
An AI triage report made a hastly conclusion there were bigger problems
here but Miod figures it is just this ? problem.
diff from miod
report from Bruce Dang of Calif.io
vio: recover from missed RX interrupts
It seems at least on Oracle Cloud (arm64, KVM) and on vmd, sometimes rx
interrupts get lost. As a workaround, check the virtqueues in vio_rxtick(),
which allows to recover from this situation.
Diff from renaud@
tested by mbuhl@
ok stsp@
The struct kfino_vmentry copied to userland is 80, and (depending
on architecture?) has 7 bytes of padding at the end, which is
uninitialized. Use M_ZERO.
from tgs
don't lowercase K_AUTH lookups
this diff has circulated for a while, being written and re-written by
different people. In this case, I'm taking Pietro Cerutti's version.
Avoid undefined behaviour in the community code by checking nentries to
be not 0 before memcmp, bsearch or siphash calls.
Calling these functions with a NULL pointer is UB even with a zero len.
While I did fix some code already during a review of all such possible
NULL, 0 calls I missed the bsearch one and introduced the community_equal
memcmp after that.
Reported by Synmac Oliver
OK tb@ deraadt@
Prevent buffer overflow by checking the correct counter.
An attacker on the same layer 2 network can send rogue router
advertisements, potentially crashing slaacd.
From Maurice Hieronymus (mhi AT mailbox.org), thanks!
OK deraadt
sys/octeon: cleanup all interrupts
octciu_next_irq() operates on a uint64_t pending interrupt bitmap, and
irq spans the full 0..63 range. Using 1u << irq therefore builds a 32
bit mask for a 64 bit word; once irq >= 32, the selected pending bit is
no longer cleared correctly.
The immediate consequence is loss of forward progress in the dispatcher
loop: the same interrupt can remain logically pending in the local copy
of isr, the loop can revisit it indefinitely, and the CPU can remain
trapped in interrupt handling.
OK: kettenis@, jca@, deraadt@
Properly handle the FIN flag in tcp_flush_queue.
Once a FIN packet is received all following data should simply be
discarded. Normally this is done in tcp_input but once traffic
needs reassembly the FIN handling in the reassembly queue was not
quite correct. Data directly following the FIN packet was also
reassembled and the FIN was actually lost. The check if packets
should be dropped only checked for SS_CANTRCVMORE which is only
set after tcp_flush_queue returned TH_FIN.
Reported by Xint Code
OK sashan@ deraadt@
For sysctl({CTL_KERN, KERN_TTY, KERN_TTY_INFO), only export the
t_session kernel address pointer if the caller is root.
Reported by Bruce Dang of Calif.io
ok claudio
libtls: consistently handle allocation failures
Use tls_set_errorx() or tls_error_setx() rather than the versions without
x for TLS_ERROR_OUT_OF_MEMORY. ENOMEM adds no further info.
From Michael Forney
ok bcook
libtls: use TLS_ERROR_OUT_OF_MEMORY after malloc failure
tls_config_load_file() hat a spot that used TLS_ERROR_UNKNOWN, so switch
that to the usual error code. Use tls_error_setx() since strerror(ENOMEM)
adds nothing.
From Michael Forney
ok bcook
