audio: Use the full audio ring buffer for DMA
The reader/writer pointer within the DMA buffer (on hardware that has
it, like azalia and envy) is used by the interrupt handler to track
the hardware position and, in turn, detect underruns. This works as
long as the interrupt is not delayed enough for the pointer to wrap.
Using the full buffer instead of a tiny portion of it makes underruns
detection more reliable, especially on low-latency configurations or
very busy systems.
Userland still uses the same buffer size as before, which now
corresponds to a sliding window within the DMA ring buffer. The audio
latency is unchanged and there's no user-visible behavior change
during normal operation.
rpki-client: validate octets in a printable string
While we still cannot require that commonName in issuer and subject are
a PrintableString, as opposed to a UTF8String, for example, we can validate
that their contents are well-formed. Check that each octet belongs to the
very limited set of characters allowed in Table 10 of X.680.
ok job
uaudio: Handle devices with a single clock exposed in multiple domains
Many devices seem to expose multiple clocks (aka clock domains) even
if they have one physical clock only. If two clocks have the same
attributes and at least one common rate, print a warning and assume
they are synchronous.
ok phessler
Change powerpc64 memory barriers to "sync"
The switch from "isync" to "sync" fixes the parking mutex on a 4-core
IBM POWER9, and proves that "isync" is the wrong barrier.
Back in June 2024, I suspected that "isync" was wrong, gave an
explanation, and proposed a diff switching to "sync" in
https://marc.info/?l=openbsd-tech&m=171816471216159&w=2
I forgot the diff, and lacked evidence of a problem until this month
(November 2025), when the parking mutex in /sys/kern/kern_lock.c
caused lockups. The 4-core POWER9 froze in "make -j4 build" before
finishing libc, but the switch from "isync" to "sync" fixes it.
ok jca@ dlg@
only include port numbers in Host headers when it's not 443.
step-ca has a teary if you include the port in the Host header, but
pebble gets confused if you don't. florian says "I can't see anything
in RFC9110 7.2 that suggests sending a port in the host header is
wrong", so we're pretty sure step-ca is doing the wrong thing, but
it's also pretty easy to be accomodating by omitting the port if
the https request is on port 443. just don't talk to step-ca on a
non standard port i guess.
ok sthen@ florian@
In r1.39, both the baud rate and the line configuration are set through
UCHCOM_REQ_SET_BAUDRATE, whereas previously they were configured via
UCHCOM_REG_BPS_PRE, UCHCOM_REG_BPS_DIV, UCHCOM_REG_LCR, and UCHCOM_REG_LCR2.
Use the traditional method to set the rate and line configuration to
prevent issues with some CH341 devices not operating properly.
Reported by Mikolaj Kucharski on bugs@
ok miod@
back to rev 1.24, enable GuC submission on Meteor/Arrow Lake again
The problems I had with GuC submission were with an uncommitted inteldrm
firmware update to 20250917. Not yet seen with 20250708 currently
on firmware mirrors.
requested by kettenis@ for low power idle states in suspend
sync cert.pem with updated Mozilla list; ok tb@
changes are:
+OISTE Foundation
+ /C=CH/O=OISTE Foundation/CN=OISTE Server Root ECC G1
+ /C=CH/O=OISTE Foundation/CN=OISTE Server Root RSA G1
SwissSign AG
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
+ /C=CH/O=SwissSign AG/CN=SwissSign RSA TLS Root CA 2022 - 1
TrustAsia Technologies, Inc.
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G3
/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia Global Root CA G4
+ /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia TLS ECC Root CA
+ /C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia TLS RSA Root CA
Fix example Geofeed object
According to RFC 6487, Section 4.4, PrintableString ought to be used
instead of UTF8String. Example generated using openssl cli utility
with "string_mask = nombstr" in the req section.
Export XDG_RUNTIME_DIR to child ssh sessions
Currently setusercontext(LOGIN_SETALL) does create the directory in
/tmp/run/user, since LOGIN_SETXDGENV is part of LOGIN_SETALL, but the
env variable wasn't exported.
ok djm@
Fix drm code to avoid spurious tsleep errors leading to crashes
__set_current_state() reimplements parts of sleep_finish() but forgot
to clear P_SINTR. Later another tsleep->sleep_finish() call could
pick up the flag and erroneously return ERESTART early, leading to
crashes in unsuspecting code using tsleep(0, INFSLP).
Issue experienced by Piotr Isajew using iridium on 7.8 and myself
using firefox.
ok claudio@ mpi@ and most likely kettenis@
rpki-client: split out a cms_SignerInfo_check_attributes() helper
This makes the incomprehensible beast that is cms_parse_validate_internal()
a bit smaller and makes it easier to reason about which pieces have side
effects and which pieces don't. A few more things need to be done here for
an upcoming refactoring.
ok job
