Implement cleanup helpers for rib_dump_free()
rib_dump_cleanup() and prefix_adjout_dump_cleanup() do the specific
bits of unlocking and removing the held reference to the rib entry
or prefix. This way the code doing that can be properly moved to
rde_adjout.c
OK tb@
Implement reference counting for fd. There may be a rare race condition
when the fuse device is closed and manages to free fd before a sleeping
thread reaches the fd->fd_fmp == NULL check.
OK claudio@
Add support for blocking reads to the FUSE device and change libfuse so
that it now blocks when reading fusebufs from /dev/fuse0 rather than
waiting for a kernel event to indicate that a new fusebuf is available.
As libfuse is no longer listening for kernel events, it now has to
listen for signals using signal(3). These were previously ignored
because they were delivered as kernel events. One benefit of this is
that pressing Ctrl+C during an sshfs login now exits, as expected.
A few errnos have also been changed to match Linux, since file systems
that will later use the kernel protocol may rely on these.
OK claudio@
Prepare to update if_bnxtreg.h by renaming fields and constants to the
names used in the new version, and allowing for commands longer than the
HWRM request buffer, which must be submitted using the short (indirect)
command mechanism. HWRM commands are truncated to the maximum size
supported by the firmware, which is the same as the request buffer size
for all the hardware we currently support, but newer generations use
longer commands.
ok stsp@
Remove MCX_MAX_QUEUES, which was just an arbitrary number we picked, and
instead use IF_MAX_VECTORS for arrays and doorbell layout checks, and
account for the maximum number of EQs from the device capabilities when
determining how many queues to use.
ok dlg@ bluhm@
Fix regress for recent pflow template addition
Note this does not add new tests for the NAT template but does fix existing tests
which fail after the addition
ok anton@
Move the adj-rib-out related code out of rde_rib.c into its own file.
rde_adjout.c will contain all the logic for handling the adj-rib-out
also adjust the function names to be prefix_adjout_xyz to make it clear
what they cover. Some function need to be exported now but over time
this will go away since the adj-rib-out code will be mostly rewritten.
OK deraadt@ tb@
When MAXPARTITIONS is cranked to 52 there are some places
where the value must remain 16. e.g. MD/Vendor labels that
must fit inside a DEV_BSIZE buf, parsing the contents of a
DEV_BSIZE buf as a disklabel and translations to/from
MD/Vendor labels and OpenBSD labels.
Replace MAXPARTITIONS with MAXPARTITIONS16 in the most
obvious of these places.
ok deraadt@
rpki-client: add wrappers for x509_valid_name()
Currently the same function is used for subjects and issuers and it
requires the caller to pass in a string clarifying what is being
checked. Add two wrappers for issuer and subject which matches the
required logic better independently of whether we ever support
UTF8String in subjects of BGPsec router certs or not.
ok claudio job
audio: Use the full audio ring buffer for DMA
The reader/writer pointer within the DMA buffer (on hardware that has
it, like azalia and envy) is used by the interrupt handler to track
the hardware position and, in turn, detect underruns. This works as
long as the interrupt is not delayed enough for the pointer to wrap.
Using the full buffer instead of a tiny portion of it makes underruns
detection more reliable, especially on low-latency configurations or
very busy systems.
Userland still uses the same buffer size as before, which now
corresponds to a sliding window within the DMA ring buffer. The audio
latency is unchanged and there's no user-visible behavior change
during normal operation.
rpki-client: validate octets in a printable string
While we still cannot require that commonName in issuer and subject are
a PrintableString, as opposed to a UTF8String, for example, we can validate
that their contents are well-formed. Check that each octet belongs to the
very limited set of characters allowed in Table 10 of X.680.
ok job
uaudio: Handle devices with a single clock exposed in multiple domains
Many devices seem to expose multiple clocks (aka clock domains) even
if they have one physical clock only. If two clocks have the same
attributes and at least one common rate, print a warning and assume
they are synchronous.
ok phessler
Change powerpc64 memory barriers to "sync"
The switch from "isync" to "sync" fixes the parking mutex on a 4-core
IBM POWER9, and proves that "isync" is the wrong barrier.
Back in June 2024, I suspected that "isync" was wrong, gave an
explanation, and proposed a diff switching to "sync" in
https://marc.info/?l=openbsd-tech&m=171816471216159&w=2
I forgot the diff, and lacked evidence of a problem until this month
(November 2025), when the parking mutex in /sys/kern/kern_lock.c
caused lockups. The 4-core POWER9 froze in "make -j4 build" before
finishing libc, but the switch from "isync" to "sync" fixes it.
ok jca@ dlg@
only include port numbers in Host headers when it's not 443.
step-ca has a teary if you include the port in the Host header, but
pebble gets confused if you don't. florian says "I can't see anything
in RFC9110 7.2 that suggests sending a port in the host header is
wrong", so we're pretty sure step-ca is doing the wrong thing, but
it's also pretty easy to be accomodating by omitting the port if
the https request is on port 443. just don't talk to step-ca on a
non standard port i guess.
ok sthen@ florian@
In r1.39, both the baud rate and the line configuration are set through
UCHCOM_REQ_SET_BAUDRATE, whereas previously they were configured via
UCHCOM_REG_BPS_PRE, UCHCOM_REG_BPS_DIV, UCHCOM_REG_LCR, and UCHCOM_REG_LCR2.
Use the traditional method to set the rate and line configuration to
prevent issues with some CH341 devices not operating properly.
Reported by Mikolaj Kucharski on bugs@
ok miod@
back to rev 1.24, enable GuC submission on Meteor/Arrow Lake again
The problems I had with GuC submission were with an uncommitted inteldrm
firmware update to 20250917. Not yet seen with 20250708 currently
on firmware mirrors.
requested by kettenis@ for low power idle states in suspend
sync cert.pem with updated Mozilla list; ok tb@
changes are:
+OISTE Foundation
+ /C=CH/O=OISTE Foundation/CN=OISTE Server Root ECC G1
+ /C=CH/O=OISTE Foundation/CN=OISTE Server Root RSA G1
SwissSign AG
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
+ /C=CH/O=SwissSign AG/CN=SwissSign RSA TLS Root CA 2022 - 1
TrustAsia Technologies, Inc.
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4
+ /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia TLS ECC Root CA
+ /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia TLS RSA Root CA
