sys/cnmac: add RX queues
Add RX queues to cnmac, backed by shared POW groups. Use PIP tags for RX
group selection and pass the tag up as M_FLOWID.
OK: visa@
sys/cnmac: read MAC address from device tree
Read local-mac-address from the matching ethernet port node in device
tree; fall back to the old board address allocation when it is absent.
As suggested by visa@, this changes HW address assignment on the
EdgeRouter Pro, and probably on the ER-8, by swapping ports as follows:
cnmac0 <-> cnmac4
cnmac1 <-> cnmac5
cnmac2 <-> cnmac6
cnmac3 <-> cnmac7
Affected devices uses the same MAC addresses as the original firmware.
OK: visa@
vmd(8): Avoid reuse of dead filedescriptor
When the vmd process sends a kernfd to the vmm process, that
descriptor will be closed in msgbuf_write() after a successful
sendmsg(). However, that descriptor number is still stored in
vm->vm_kernel.
When termination of one VM is interleaved with lauch of another VM,
that number might be reassigned to a _new_ kernfd of the launching
VM. Now we have a race:
- the vmd process queues an imsg with that descriptor in config_setvm()
(for the launching VM)
- the vmd process calls in vm_stop() close() on that descriptor
(for the terminating VM)
- when the vmd process calls proc_dispatch() imsgbuf_send() for
imsg queued in config_setvm(), sendmsg() will return EBADF (the
descriptor in the control message is invalid)
[3 lines not shown]
Bring the qwz driver up to WPA2 association on the Qualcomm WCN7850
chip.
Major changes:
1. Fix the RX path.
2. Fix the TX path.
3. Fix MSI interrupt routing.
4. Make the WPA2 4-way handshake complete.
5. Add bus_dmamap_sync() barriers on RX and TX.
6. Update register/descriptor defines from ath11k to ath12k WiFi7.
Known limitations:
- DHCP does not yet complete on most setups: TX of DISCOVER works
(the DHCP server sees it), but the OFFER does not reach the host.
Likely an RX-path or post-handshake GTK state issue. Reported by
kettenis@ with an athn(4) AP on a Vivobook.
- Some hardware (e.g. Honor laptop) hits a firmware page fault
[21 lines not shown]
make_addressRange: unused bits in max must be zero
X509v3_addr_add_range() requires that min and max of an address range
have network encoding. In the RFC 3779 encoding of an actual address
range (as opposed to a prefix) as a SEQUENCE OF two ASN.1 BIT STRINGs,
the trailing one bits of the maximum become unused bits and therefore
must be DER encoded as zeroes. The DER encoder will clear them via i2d
but these trailing ones are annoying. Make a copy in which the unused
bits are cleared.
ok kenjiro
Attempt to drain the transmit FIFO before resetting or disabling it such
that output that is currently in the FIFO makes it out. We already do
this when attaching as a console by using a fixed delay, but not in
compwroff() which runs when userland closes the associated tty. Instead
of using a fixed delay, look at the LSR_TSRE bit which should get set
if the FIFO (or the itransmit shift register if the FIFO is disabled) is
empty. Use a fixed timeout such that on hardware with a non-functional
LSR_TSRE bit the loops still terminate.
This should fix issues where we lose serial output when userland closes
a tty or when com(4) attaches to the port that is used as the console.
ok deraadt@
Fix PKCS7_set_{un,}signed_attributes()
In both these functions, if the X509_ATTRIBUTE_dup() fails, the
remainder of the sk stack is shared with p7si->{un,}auth_attr and
the caller will likely end up freeing it twice.
Fix this by writing another sk_deep_copy() patterned after the existing
ones in x509_lu.c and x509_vpm.c. PKCS7_set_{un,}signed_attributes()
become trivial wrappers of that.
ok jsing kenjiro
Allow '!}' and '!)' at EOF, even though there is no forward movement.
The updated behavior differs from traditional vi but matches vim.
It is already possible to run bang commands at EOF in conjunction
with some other forward movement commands such as 'l' and 'w'.
From Walter Alejandro Iglesias
Fix special case of ')' when the cursor is on white-space.
The forward sentence code has a special case to support moving to
the start of the next sentence when it is in the middle of a empty
line or whitespace between sentences. However, the logic was
incorrect and applied when the curson was on _any_ white-space.
This change adds logic to look back and detect whether the cursor
is actually in between two sentences.
Based on a diff from Walter Alejandro.
Prevent '(' from moving the cursor forward.
Fixes an issue where '(' moved forward the start of the next (not
previous) sentence when used within whitespace at the start if a line.
From Debian bug 193498 (Tommy Pettersson) via nvi2.
Do not clear the dirty upper and lower bits when enabling the FPU in fprs
When handling a FPU disabled trap and the FPU context is still pointing to
curproc then all that needs to be done is enable the FPU but on sparc64 this
needs to be done in two places. In pstate and %fprs.
Writing FPRS_FEF into %fprs clears the DU and DL bits which marks the FPU
state as clean (but it may not be). If the proc only reads the FPU state
and later a lazy FPU switch is forced the FPU context is not correctly saved.
Instead read %fprs and or FPRS_FEF into it, keeping the DU and DL bits intact.
See also rev 1.68 for why %fprs needs to be fumbled with.
This fixes various issues seen during ports bulk builds. Like perl tripping
over "use 5.12.0;" with a -NaN is not a version error, various awk issues
and even cmake failures via 'std::bad_array_new_length'.
OK kettenis@
If the PCIe link is down, provide access to config space for bus 0, but
return 0xffffffff (and ignore writes) for other busses. This gets rid of
the "can't initialize hardware" messages that confuse some users and
better matches what happens on other platforms with PCIe when a slot is
empty.
ok jca@
pkcs7: don't use i and j for NIDs in PKCS7_dataDecode()
There's no need to assign to i before the switch and j is a terrible
name for a NID. Inline the latter and switch directly over the return
value of OBJ_obj2nid().
ok jsing kenjiro
pkcs7: avoid assignment to i in PKCS7_dataInit()
We can switch over the return value of OBJ_obj2nid() rather than using i
for an indirection.
ok jsing kenjiro
pkcs7: Simplify PKCS7_type_is_other()
Remove unnecessary isOther and nid variables and use direct returns.
The function should probably be removed...
ok jsing kenjiro
SECURITY update to openvpn-2.7.2
fix race condition in TLS handshake that could lead to leaking of packet
data from a previous handshake under specific circumstances
(CVE-2026-40215)
fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key (CVE-2026-35058)
Other changes: https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst
ok naddy@
Simplify PKCS7_get_issuer_and_serial()
The i variable is unused. Likewise for the first assignment to ri.
Instead of an incomplete check that idx is in range, which still
results in a NULL deref if idx < 0, check if ri is not NULL before
accessing, as sk_value() checks the index correctly.
ok jsing kenjiro
