Change powerpc64 memory barriers to "sync"
The switch from "isync" to "sync" fixes the parking mutex on a 4-core
IBM POWER9, and proves that "isync" is the wrong barrier.
Back in June 2024, I suspected that "isync" was wrong, gave an
explanation, and proposed a diff switching to "sync" in
https://marc.info/?l=openbsd-tech&m=171816471216159&w=2
I forgot the diff, and lacked evidence of a problem until this month
(November 2025), when the parking mutex in /sys/kern/kern_lock.c
caused lockups. The 4-core POWER9 froze in "make -j4 build" before
finishing libc, but the switch from "isync" to "sync" fixes it.
ok jca@ dlg@
only include port numbers in Host headers when it's not 443.
step-ca has a teary if you include the port in the Host header, but
pebble gets confused if you don't. florian says "I can't see anything
in RFC9110 7.2 that suggests sending a port in the host header is
wrong", so we're pretty sure step-ca is doing the wrong thing, but
it's also pretty easy to be accomodating by omitting the port if
the https request is on port 443. just don't talk to step-ca on a
non standard port i guess.
ok sthen@ florian@
In r1.39, both the baud rate and the line configuration are set through
UCHCOM_REQ_SET_BAUDRATE, whereas previously they were configured via
UCHCOM_REG_BPS_PRE, UCHCOM_REG_BPS_DIV, UCHCOM_REG_LCR, and UCHCOM_REG_LCR2.
Use the traditional method to set the rate and line configuration to
prevent issues with some CH341 devices not operating properly.
Reported by Mikolaj Kucharski on bugs@
ok miod@
back to rev 1.24, enable GuC submission on Meteor/Arrow Lake again
The problems I had with GuC submission were with an uncommitted inteldrm
firmware update to 20250917. Not yet seen with 20250708 currently
on firmware mirrors.
requested by kettenis@ for low power idle states in suspend
sync cert.pem with updated Mozilla list; ok tb@
changes are:
+OISTE Foundation
+ /C=CH/O=OISTE Foundation/CN=OISTE Server Root ECC G1
+ /C=CH/O=OISTE Foundation/CN=OISTE Server Root RSA G1
SwissSign AG
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
+ /C=CH/O=SwissSign AG/CN=SwissSign RSA TLS Root CA 2022 - 1
TrustAsia Technologies, Inc.
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4
+ /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia TLS ECC Root CA
+ /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia TLS RSA Root CA
Fix example Geofeed object
According to RFC 6487, Section 4.4, PrintableString ought to be used
instead of UTF8String. Example generated using openssl cli utility
with "string_mask = nombstr" in the req section.
Export XDG_RUNTIME_DIR to child ssh sessions
Currently setusercontext(LOGIN_SETALL) does create the directory in
/tmp/run/user, since LOGIN_SETXDGENV is part of LOGIN_SETALL, but the
env variable wasn't exported.
ok djm@
Fix drm code to avoid spurious tsleep errors leading to crashes
__set_current_state() reimplements parts of sleep_finish() but forgot
to clear P_SINTR. Later another tsleep->sleep_finish() call could
pick up the flag and erroneously return ERESTART early, leading to
crashes in unsuspecting code using tsleep(0, INFSLP).
Issue experienced by Piotr Isajew using iridium on 7.8 and myself
using firefox.
ok claudio@ mpi@ and most likely kettenis@
rpki-client: split out a cms_SignerInfo_check_attributes() helper
This makes the incomprehensible beast that is cms_parse_validate_internal()
a bit smaller and makes it easier to reason about which pieces have side
effects and which pieces don't. A few more things need to be done here for
an upcoming refactoring.
ok job
revert the parking mutex.
it's causing lockups on powerpc64 and probably alpha.
thanks to gkoehler and mlarkin for confirming it was parking and
not something else on powerpc64.
we need the stability to move the tree past other churn at the moment.
don't strnvis() log messages that are going to be logged by sshd-auth
via its parent sshd-session process, as the parent will also run them
though strnvis().
Prevents double-escaping of non-printing characters in some log
messages. bz3896 ok dtucker@
re-apply three commits that were lost while merging the 19.1.7 update
Initial IP-based caching implementation with O(logn) lookup.
Caching implemented via red-black trees, this can be improved and
further work is on-going to bring it closer to GNU's performance that
uses a LRU-MRU 8-entries based caching algorithm.
Prompted by robert@ who run into a runtime of an executed macro of
5 minutes in libreoffice. With this the execution is reduced to 58 seconds.
C++11 tips from espie@, rsadowski@
Tested by robert@
from robert@; OK mortimer@, kettenis@.
Make the unwind cache tread-safe by declaring it thread_local. Solves
segfaults seen on exception handling.
from robert@; ok kettenis@
[29 lines not shown]
Only make nodes for extra partitions if an architecture has crossed over
to 52. That will happen to most or all architectures, but we don't
need to so yet.
I'm also considering adding a environment-variable knob to be used on
a single MAKEDEV run which wants to avoid the extra node creations,
as a way to help out some tight install media (only a few of those)