OpenBSD src changes summary for 2017-02-07 ==========================================
distrib/sets lib/libcrypto lib/libssl regress/lib regress/misc regress/usr.bin regress/usr.sbin share/man share/termtypes sys/arch/amd64/amd64 sys/arch/arm/cortex sys/arch/arm64/arm64 sys/arch/arm64/dev sys/arch/i386/i386 sys/arch/i386/pci sys/crypto sys/dev sys/dev/acpi sys/dev/ic sys/dev/pci sys/dev/pv sys/kern sys/net sys/net80211 sys/netinet sys/netinet6 sys/sys usr.bin/netstat usr.bin/tmux usr.sbin/httpd usr.sbin/syspatch == distrib =========================================================== 01/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib sets ~ lists/man/mi > sync (tb@) ~ lists/base/mi > sync (tb@) == lib =============================================================== 02/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libcrypto ~ err/err.c ~ err/err_prn.c > Add file and line to the LibreSSL error strings sine we are no longer in > 1989, VMS, or MS/DOS and we all run Brobdingnagian C compilers that have > can now be counted on to achieve this level of sophistication nearly > everywhere. > ok jsing@ (beck@) ~ err/err.c ~ err/err_prn.c > Revert previous; the implementation is incorrect since it assumes that the > provided error code matches the error that is currently on the top of the > error stack. (jsing@) libssl ~ bio_ssl.c ~ d1_both.c ~ d1_clnt.c ~ d1_lib.c ~ d1_pkt.c ~ d1_srtp.c ~ d1_srvr.c ~ s3_lib.c ~ ssl_asn1.c ~ ssl_both.c ~ ssl_cert.c ~ ssl_ciph.c ~ ssl_clnt.c ~ ssl_err.c ~ ssl_lib.c ~ ssl_locl.h ~ ssl_packet.c ~ ssl_pkt.c ~ ssl_rsa.c ~ ssl_sess.c ~ ssl_srvr.c ~ ssl_txt.c ~ t1_enc.c ~ t1_lib.c ~ t1_reneg.c > Change SSLerror() back to taking two args, with the first one being an SSL > *. > Make a table of "function codes" which maps the internal state of the SSL * > to something like a useful name so in a typical error in the connection you > know in what sort of place in the handshake things happened. (instead of > by arcane function name). > Add SSLerrorx() for when we don't have an SSL * > ok jsing@ after us both being prodded by bluhm@ to make it not terrible > (beck@) == regress =========================================================== 03/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libcrypto/bn/general/bntest.c > Remove unused variable in C source to make the test compile and pass. > (bluhm@) misc ~ c++abi/nm1.C > Include <netinet/in.h> to get in_addr_t and in_port_t compiled. (bluhm@) usr.bin ~ ssh/test-exec.sh > Remove deprecated SSH1 options RSAAuthentication and > RhostsRSAAuthentication from regression test sshd_config. (dtucker@) usr.sbin ~ syslogd/args-client-tls-fake.pl ~ syslogd/args-client-tls-tcp.pl ~ syslogd/args-server-tls-client-fake.pl ~ syslogd/args-server-tls-tcp.pl ~ syslogd/args-tls-cipher-null.pl > Adapt regex in syslogd test to the new shiny libssl error messages. > (bluhm@) == share ============================================================= 04/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man5/installurl.5 > Inline the example section: this looks better, makes 'mandoc -Tlint' happy > and avoids giving the impression that one should follow the link to find > examples. > jmc agrees; go ahead rpe (tb@) ~ man5/Makefile > Hook installurl.5 to build. (tb@) ~ man5/installurl.5 > Fix Xr: syspatch(1) -> syspatch(8) (tb@) termtypes ~ termtypes.master > Update to terminfo-20170128. (nicm@) == sys =============================================================== 05/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ aesni.c ~ via.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) arch/arm/cortex ~ ampintc.c > There are 1023 possible values for the interrupts, but our masks limit > these currently to 255. Thus making it impossible to use higher IRQs > than that. The AMD Seattle SoC though seems to provide 448 IRQs, which > is kind of out of bounds, so raise them to the proper values. This > makes interrupts work on that machine. (patrick@) arch/arm64/arm64 ~ locore.S ~ pmap.c > For consistency sake, apply the inner shareable attribute to the bootstrap > pagetables as well. Also replace the number for write-back with a proper > define. (patrick@) ~ pmap.c > Since the instruction cache does not in any way snoop the data cache > we need to make sure to clean the data and invalidate the instruction > cache upon entering a page with pmap_enter(). Since it is possible > that pmap_enter() does not directly enter the page, we need to do the > same dance in the pmap fault fixup code. Every new writeable mapping > or write removes a page's flag to mark it unflushed. The next time > pmap_enter() is called or a fault happens on that VA, it has to be > flushed and invalidated again. This was heavily discussed with Dale > Rahn. > On the Pine64 and Raspberry Pi 3 we have been very lucky to not run > into any cache issues, especially with the instruction cache. The > AMD Seattle seems to be a different kind of beast where we actually > have to care about these things. This finally brings the machine > into userland. (patrick@) arch/arm64/dev ~ ampintc.c > There are 1023 possible values for the interrupts, but our masks limit > these currently to 255. Thus making it impossible to use higher IRQs > than that. The AMD Seattle SoC though seems to provide 448 IRQs, which > is kind of out of bounds, so raise them to the proper values. This > makes interrupts work on that machine. (patrick@) ~ agtimer.c > The default frequency we chose for the generic timer does not always ring > true. Instead, unless overwritten by the device tree, we should ask the > generic timer for its frequency. This fixes time on my AMD Seattle and > should improve time management on QEMU as well. (patrick@) arch/i386/i386 ~ via.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) arch/i386/pci ~ glxsb.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) crypto ~ cryptodev.h > The return code of crp_callback is never checked, so it is not > useful to propagate the error. When an error occurs in an asynchronous > network path, incrementing a counter is the right thing. There are > four places where an error is not accounted, just add a comment for > now. > OK mpi@ visa@ (bluhm@) ~ crypto.c ~ cryptodev.h ~ cryptosoft.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) dev ~ softraid_crypto.c > The return code of crp_callback is never checked, so it is not > useful to propagate the error. When an error occurs in an asynchronous > network path, incrementing a counter is the right thing. There are > four places where an error is not accounted, just add a comment for > now. > OK mpi@ visa@ (bluhm@) ~ softraid_crypto.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) dev/acpi ~ acpithinkpad.c > Test for NULL before dereferencing a pointer not after. (jsg@) dev/ic ~ mfireg.h > pull struct mfi_evtarg_pd_state out of struct mfi_evt_detail. > this lets me pass the specific argument to an aen handler in mfii. > it also unbreaks the tree. > found by jmatthew@ (dlg@) dev/pci ~ mfii.c > whitespace fixes. no functional change. (dlg@) ~ mfii.c > provide support for submitting async dcmd frames. > async dcmds are submitted via an mpii request (like the scsi commands > are) which uses the ccb_request buffer, meaning that the dcmd itself > has to go somewhere else. this reuses the sense buffer on the ccb > for the dcmd, and provides wrappers for accessing that space and > submitting a dcmd via the passthru command. (dlg@) ~ mfii.c > add the framework around asynchronous event notifications. > this submits MR_DCMD_CTRL_EVENT_WAIT commands via the async dcmd > path to read all events from boot onward, and eventually ends up > waiting after the boot messages are consumed. > right now none of the events are handled, but this can be added now > this framework is in place. > the board does generate human readable log messages for every event. > we can send them somewhere (dmesg or syslog for example), but for > now theyre masked by #if 0. (dlg@) ~ mfii.c > support hotplug of physical disks. > this only handles MFI_EVT_PD_INSERTED_EXT and MFI_EVT_PD_REMOVED_EXT so > far. if this code is to be reused in mfi, it should probably change to > use MFI_EVT_PD_INSERTED and MFI_EVT_PD_REMOVED instead. > unlike mpii and mpi, it looks like the firmware aborts outstanding > commands against a disk when it's physically removed, so we dont > have to explicitly abort them. this is probably a carry over from > mfi generation boards which dont have an explicit abort command > they can use. (dlg@) ~ mfii.c > i got the MFII_TASK_MGMT flags round the wrong way. (dlg@) ~ mfii.c > handle physical disk state changes. > more specificially we probe the disk if it goes from UNCONFIGURED_GOOD > to a SYSTEM disk, and detach it if goes from being a SYSTEM disk > to anything else. > this semantic comes from the lsi^Wavago code in the illumos mr_sas > driver. seems to work fine. > i think this covers all the ways a passthru disk can transition on > these boards. (dlg@) ~ if_myx.c > move the mbuf pools to m_pool_init and a single global memory limit > this replaces individual calls to pool_init, pool_set_constraints, and > pool_sethardlimit with calls to m_pool_init. m_pool_init inits the > mbuf pools with the mbuf pool allocator, and because of that doesnt > set per pool limits. > ok bluhm@ as part of a larger diff (dlg@) ~ if_iwm.c > Release the NET_LOCK() before entering per-driver ioctl() routine. > This prevents a deadlock with the X server and some wireless drivers. > The real fix is to take unix domain socket code out of the NET_LOCK(). > Issue reported by pirofti@ and ajacoutot@ > ok tb@, stsp@, pirofti@ (mpi@) ~ hifn7751.c ~ safe.c ~ ubsec.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) dev/pv ~ xenstore.c > Make the 'incomplete header' message debug only (mikeb@) kern ~ uipc_mbuf.c > provide a custom pool page allocator for mbufs, but dont use it yet. > the custom allocator is basically a wrapper around the multi page > pool allocator, but it has a single global memory limit managed by > the wrapper. > currently each of the mbuf pools has their own memory limit (or > none in the case of the myx pool) independent of the other pools. > this means each pool can allocate up to nmbclust worth of mbufs, > rather than all of them sharing the one limit. wrapping the allocator > like this means we can move to a single memory limit for all mbufs > in the system. > ok bluhm@ as part of a larger diff (dlg@) ~ uipc_mbuf.c > add m_pool_init(), a wrapper around pool_init for mbuf clusters. > m_pool_init is basically a call to pool_init with everythign except > the size and alignment specified, and a call to pool_set_constraints > so the memroy is always dma reachable. it also wires up the memory > with the custom mbuf pool allocator. > ok bluhm@ as part of a larger diff (dlg@) ~ uipc_mbuf.c > move the mbuf pools to m_pool_init and a single global memory limit > this replaces individual calls to pool_init, pool_set_constraints, and > pool_sethardlimit with calls to m_pool_init. m_pool_init inits the > mbuf pools with the mbuf pool allocator, and because of that doesnt > set per pool limits. > ok bluhm@ as part of a larger diff (dlg@) ~ uipc_mbuf.c > enable per cpu caches on the mbuf pools. > this didnt make sense previously since the mbuf pools had item > limits that meant the cpus had to coordinate via a single counter > to make sure the limit wasnt exceeded. > mbufs are now limited by how much memory can be allocated for pages > from the system. individual pool items are no longer counted and > therefore do not have to be coordinated. > ok bluhm@ as part of a larger diff. (dlg@) net ~ if.c > Release the NET_LOCK() before entering per-driver ioctl() routine. > This prevents a deadlock with the X server and some wireless drivers. > The real fix is to take unix domain socket code out of the NET_LOCK(). > Issue reported by pirofti@ and ajacoutot@ > ok tb@, stsp@, pirofti@ (mpi@) ~ if_pflow.c > No longer need to unlock the netlock since the upper layer is doing it. > Found by Hrvoje Popovski. (mpi@) net80211 ~ ieee80211_proto.c > Enable the short slot time feature in 802.11n mode. > ok mpi@ (stsp@) netinet ~ in.c > Release the NET_LOCK() before entering per-driver ioctl() routine. > This prevents a deadlock with the X server and some wireless drivers. > The real fix is to take unix domain socket code out of the NET_LOCK(). > Issue reported by pirofti@ and ajacoutot@ > ok tb@, stsp@, pirofti@ (mpi@) ~ ip_ah.c ~ ip_esp.c ~ ip_ipcomp.c > The return code of crp_callback is never checked, so it is not > useful to propagate the error. When an error occurs in an asynchronous > network path, incrementing a counter is the right thing. There are > four places where an error is not accounted, just add a comment for > now. > OK mpi@ visa@ (bluhm@) ~ ip_ah.c ~ ip_esp.c ~ ip_ipcomp.c > Reduce the per-packet allocation costs for crypto operations (cryptop) > by pre-allocating two cryptodesc objects and storing them in an array > instead of a linked list. If more than two cryptodesc objects are > required use mallocarray to fetch them. Adapt the drivers to the new > API. > This change results in one pool-get per ESP packet instead of three. > It also simplifies softraid crypto where more cryptodesc objects are > allocated than used. > From, with and ok markus@, ok bluhm@ > "looks sane" mpi@ (patrick@) ~ ip_ah.c ~ ip_ah.h ~ ip_esp.c ~ ip_esp.h ~ ip_ipcomp.c ~ ip_ipcomp.h > IPsec packets could be dropped unaccounted if output after crypto > failed. Add a counter for that case. > OK dhill@ (bluhm@) ~ ip_ipsp.h ~ ipsec_input.c > Error propagation does neither make sense for ip input path nor for > asynchronous callbacks. Make the IPsec functions void, there is > already a counter in the error path. > OK mpi@ (bluhm@) ~ icmp_var.h ~ ip_icmp.c > Use percpu counters for icmp > ok dlg@ a while ago > some input from jca@ who wrote the same diff (jmatthew@) netinet6 ~ in6.c > Release the NET_LOCK() before entering per-driver ioctl() routine. > This prevents a deadlock with the X server and some wireless drivers. > The real fix is to take unix domain socket code out of the NET_LOCK(). > Issue reported by pirofti@ and ajacoutot@ > ok tb@, stsp@, pirofti@ (mpi@) sys ~ pool.h > export the multi page allocator so other things can explicitly use it. > (dlg@) ~ mbuf.h > add m_pool_init(), a wrapper around pool_init for mbuf clusters. > m_pool_init is basically a call to pool_init with everythign except > the size and alignment specified, and a call to pool_set_constraints > so the memroy is always dma reachable. it also wires up the memory > with the custom mbuf pool allocator. > ok bluhm@ as part of a larger diff (dlg@) == usr.bin =========================================================== 06/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin netstat ~ inet.c > IPsec packets could be dropped unaccounted if output after crypto > failed. Add a counter for that case. > OK dhill@ (bluhm@) tmux ~ tty.c > Unfortunately DECFRA does not handle default colours properly (it does > not reset colours when in SGR 0), so we can't use it without more > trouble than it is worth. Abandon the idea for now. (nicm@) ~ tty.c > DECSLRM in xterm(1) appears to have a quirk where it can generate an > extra scroll of the entire terminal; issuing DECSTBM first prevents > this. Do that for now. (nicm@) ~ format.c > Remove a debugging leftover. (nicm@) ~ tty.c > Do not clear the scroll region, instead set it to the scroll region we > actually want. (nicm@) == usr.sbin ========================================================== 07/07 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin httpd ~ server_http.c > Improve parsing of the HTTP request line > Make sure that the beginning of a new request starts with an > alphabetic character. This is a quick way to detect non-ASCII > requests (eg. TLS on port 80). The full validation of the request > method is done once the input line is read. > Make sure that non-terminated lines do not exceed the > SERVER_MAXHEADERLENGTH which is 8k. As the current read watermark is > set to 64k, this means that the limit check is triggered after max. > 64k of input, depending on the TCP read buffer. > OK benno@ jsing@ (reyk@) ~ httpd.conf.5 ~ httpd.h ~ parse.y ~ server.c > /tmp/cvsspEkok (reyk@) syspatch ~ syspatch.8 > Add installurl to FILES and SEE ALSO. (ajacoutot@) ~ syspatch.8 > Ox on its own line; (jmc@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
