Correct the MLKEM hybrid objects values.
The ietf has had a bunch of back and forth over what will happen here.
in the end the previously mentioned draft will not include the TLS hybrids,
so we change this to use reference the correct draft for TLS, and use the
same name everyone else is using, without an OID.
While we will probably end up needing the *other* hybrids for things like
CMS, we will bring them in when we need them and have official OID values
from IANA.
ok tb@
merge the correct skinny-label into the single sector available.
We don't need to provide a fat-label, because the partitions in the
list don't need it. If this image is later used in a circumstance
where someone wants to tweak and add higher partitions, that will work
fine, but we don't need to create it ahead of time.
ok krw
Pick up MAKEDEV_PARTITIONS from the environment to replace the sysctl
maxpartitions value. It is expected things using this will set it to 16,
and it creates less inodes for the disk entries.
This is intentionally not documented since only a few install media need
this, and use of it is discouraged.
ok visa
Fix two circumstances where the code didn't understand that struct disklabel
doesn't fit inside a sector anymore.
There are a limited number of cases like this showing up throughout the
tree, and we may want a better mechanism to hand-fix them. This however
still means we need to find them..
ok krw
Capture VMCALL and abort the VM loop if invoked from cpl 0
When invoked from user space the expected happens:
VMX_EXIT_VMCALL at cpl=3
And the guest programs gets
Illegal instruction (core dumped)
ok mlarkin@
Implement cleanup helpers for rib_dump_free()
rib_dump_cleanup() and prefix_adjout_dump_cleanup() do the specific
bits of unlocking and removing the held reference to the rib entry
or prefix. This way the code doing that can be properly moved to
rde_adjout.c
OK tb@
Implement reference counting for fd. There may be a rare race condition
when the fuse device is closed and manages to free fd before a sleeping
thread reaches the fd->fd_fmp == NULL check.
OK claudio@
Add support for blocking reads to the FUSE device and change libfuse so
that it now blocks when reading fusebufs from /dev/fuse0 rather than
waiting for a kernel event to indicate that a new fusebuf is available.
As libfuse is no longer listening for kernel events, it now has to
listen for signals using signal(3). These were previously ignored
because they were delivered as kernel events. One benefit of this is
that pressing Ctrl+C during an sshfs login now exits, as expected.
A few errnos have also been changed to match Linux, since file systems
that will later use the kernel protocol may rely on these.
OK claudio@
Prepare to update if_bnxtreg.h by renaming fields and constants to the
names used in the new version, and allowing for commands longer than the
HWRM request buffer, which must be submitted using the short (indirect)
command mechanism. HWRM commands are truncated to the maximum size
supported by the firmware, which is the same as the request buffer size
for all the hardware we currently support, but newer generations use
longer commands.
ok stsp@
Remove MCX_MAX_QUEUES, which was just an arbitrary number we picked, and
instead use IF_MAX_VECTORS for arrays and doorbell layout checks, and
account for the maximum number of EQs from the device capabilities when
determining how many queues to use.
ok dlg@ bluhm@
Fix regress for recent pflow template addition
Note this does not add new tests for the NAT template but does fix existing tests
which fail after the addition
ok anton@
Move the adj-rib-out related code out of rde_rib.c into its own file.
rde_adjout.c will contain all the logic for handling the adj-rib-out
also adjust the function names to be prefix_adjout_xyz to make it clear
what they cover. Some function need to be exported now but over time
this will go away since the adj-rib-out code will be mostly rewritten.
OK deraadt@ tb@
When MAXPARTITIONS is cranked to 52 there are some places
where the value must remain 16. e.g. MD/Vendor labels that
must fit inside a DEV_BSIZE buf, parsing the contents of a
DEV_BSIZE buf as a disklabel and translations to/from
MD/Vendor labels and OpenBSD labels.
Replace MAXPARTITIONS with MAXPARTITIONS16 in the most
obvious of these places.
ok deraadt@
rpki-client: add wrappers for x509_valid_name()
Currently the same function is used for subjects and issuers and it
requires the caller to pass in a string clarifying what is being
checked. Add two wrappers for issuer and subject which matches the
required logic better independently of whether we ever support
UTF8String in subjects of BGPsec router certs or not.
ok claudio job
audio: Use the full audio ring buffer for DMA
The reader/writer pointer within the DMA buffer (on hardware that has
it, like azalia and envy) is used by the interrupt handler to track
the hardware position and, in turn, detect underruns. This works as
long as the interrupt is not delayed enough for the pointer to wrap.
Using the full buffer instead of a tiny portion of it makes underruns
detection more reliable, especially on low-latency configurations or
very busy systems.
Userland still uses the same buffer size as before, which now
corresponds to a sliding window within the DMA ring buffer. The audio
latency is unchanged and there's no user-visible behavior change
during normal operation.
rpki-client: validate octets in a printable string
While we still cannot require that commonName in issuer and subject are
a PrintableString, as opposed to a UTF8String, for example, we can validate
that their contents are well-formed. Check that each octet belongs to the
very limited set of characters allowed in Table 10 of X.680.
ok job
uaudio: Handle devices with a single clock exposed in multiple domains
Many devices seem to expose multiple clocks (aka clock domains) even
if they have one physical clock only. If two clocks have the same
attributes and at least one common rate, print a warning and assume
they are synchronous.
ok phessler
Change powerpc64 memory barriers to "sync"
The switch from "isync" to "sync" fixes the parking mutex on a 4-core
IBM POWER9, and proves that "isync" is the wrong barrier.
Back in June 2024, I suspected that "isync" was wrong, gave an
explanation, and proposed a diff switching to "sync" in
https://marc.info/?l=openbsd-tech&m=171816471216159&w=2
I forgot the diff, and lacked evidence of a problem until this month
(November 2025), when the parking mutex in /sys/kern/kern_lock.c
caused lockups. The 4-core POWER9 froze in "make -j4 build" before
finishing libc, but the switch from "isync" to "sync" fixes it.
ok jca@ dlg@
