Pass correct argument to m_tag_delete() in ip_srcroute()
When the ip_srcroute function was redone to follow what FreeBSD did
the m_tag_delete() call was not correctly adjusted. In FreeBSD the
tag data structs always start with a struct m_tag while in OpenBSD
this wrapping is not done.
ip_srcroute is disabled by default and nobody sane turns it on.
From a report by Frank Denis
OK dlg@ deraadt@
Correct ICMPv6 parameter problem in IPv6 destination option.
If the destination option is placed in a different mbuf than the
IPv6 header, the calculation of the parameter problem offset was
wrong.
found by Quarkslab Vulnerability Reports
OK deraadt@
sys/ufs: make ufs_readdir() use UFS_BUFATOFF()
Read directory data through UFS_BUFATOFF() instead of routing the
operation through VOP_READ() into a temporary kernel buffer; this keeps
directory entry decoding on the buffer cache path, bounds each transfer
by the buffer size, file size, and caller supplied count, and releases
each buffer after complete entries are converted.
Since VOP_READ() no longer provides the access time side effect, mark
IN_ACCESS under the same MNT_NOATIME rule used by ffs_read().
OK: deraadt@
sys/qwz: add AMPDU callbacks
Add the same BlockAck task and AMPDU callback plumbing used by qwx.
This wires net80211 ADDBA/DELBA handling into the existing qwz RX
TID/reorder setup code, while leaving TX aggregation to firmware as qwx.
OK: stsp@
Our kernel uses the medany code model, so we don't need the GP in the
kernel. GP relaxation requires the medlow code model, which we don't want
because it will limit future kernel address space randomization.
Should fix linking the riscv64 kernel with llvm 22.
ok jca@
the relink binaries are always a .tar file. scan for them using
find, rather than having to list them. This will make it easier
to add new ones.
help from jsg
iked: Avoid NULL-deref in ocsp_connect_finish()
Several error path in ocsp_connect() can call ocsp_connect_finish()
with oc == NULL. This will result in a NULL-deref. To recover
gracefully the child requesting the OCSP file descriptor needs to
be notified, otherwise the stale request will exist in the child
forever. To accomplish this, provide struct iked_sahdr *sh directly
to ocsp_connect_finish() as a parameter. So sh is guaranteed to
be valid even when oc is NULL.
While there, avoid a potential double-free on oc_path when a strdup(3)
fails.
ok tobhe@
Add samsabi(4), a driver for the Samsung Advanced BIOS Interface (SABI),
a vendor command interface of the embedded controller found in Samsung
laptops.
For now we support keyboard backlight control, as tested on the Samsung
Galaxy Book4 Edge.
Feedback and ok kettenis@
sys/uvm/pdaemon: compare constraints in paddr units
uvm_constraint_range bounds are physical addresses, as is
VM_PAGE_TO_PHYS(). Do not apply atop() before comparing them, otherwise
the pagedaemon matches page frame numbers against byte address ranges.
OK: kettenis@, deraadt@
drm/ttm: Convert -EAGAIN from dmem_cgroup_try_charge to -ENOSPC
From Thomas Hellstrom
9a34b94832c374543ce553d4cec6eda6955397d1 in linux-6.18.y/6.18.33
591711b32681a04b57d00c2a404658f8419a081c in mainline linux
drm/i915: skip __i915_request_skip() for already signaled requests
From Sebastian Brzezinka
65a3a1cf29ebe143a989bc1e96519a393e68ab65 in linux-6.18.y/6.18.33
4cfe4c0efbdcde742a47813180cc69b132d7598e in mainline linux
drm/i915/dp: Fix VSC dynamic range signaling for RGB formats
From Chaitanya Kumar Borah
d25b863e2dff42cf3533ca8d7e08c6eec910bc11 in linux-6.18.y/6.18.33
1ae15b6c7965d137eef21f2cc7d367b29cb88369 in mainline linux
