CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/11/03 07:28:07 Modified files: sys/netinet: udp_usrreq.c Log message: Clear UDP checksum out flag when stripping UDP header. Some network interfaces, like lo(4) or vio(4), set the M_UDP_CSUM_OUT flag on incoming packets. For optimization they produce packets with M_UDP_CSUM_IN_OK, but the actual checksum field in the packet is wrong. If such a packet is forwarded, the checksum must be calculated. So they also set M_UDP_CSUM_OUT. For protocols tunneled in UDP, udp_input() removes the header, but the mbuf flags stay. This means later processing of the packet may insert an UDP checksum, although it is not UDP anymore. This has been observed when forwarding ping packets between two vxlan(4) interfaces. Then an UDP checksum was inserted into the ICMP packet. Clearing the M_UDP_CSUM_OUT flag when the UDP header is stripped, fixes the problem. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/30 12:33:26 Modified files: sys/dev/ic : psp.c Log message: For AMD SEV automatically load psp(4) firmware during vmd(4) startup. When opening /dev/psp for the first time, load the SEV firmware located in /etc/firmware/amdsev/ optained via fw_update(8). The relevant file is determined by CPU family and model. If firmware files are not installed or the correct file could not be determined, PSP will be initialized using the on-chip firmware. Alternatively a BIOS upgrade could install a newer version. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/30 11:51:12 Modified files: sys/dev/ic : psp.c pspvar.h Log message: For AMD SEV implement psp(4) download firmware command. Implement the command to load new firmware onto the chip. Will be used for automatic firmware loading. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/10/30 10:24:13 Modified files: . : errata75.html errata76.html Log message: Release aplsmc errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/30 04:37:22 Modified files: sys/arch/arm64/dev: Tag: OPENBSD_7_5 aplsmc.c Log message: Set AP power state. Fixes the SMC initialization on (at least) the M1 MacBook with the latest system firmware. from kettenis@; ok patrick@, jsg@ this is errata/7.5/013_aplsmc.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/30 04:36:19 Modified files: sys/arch/arm64/dev: Tag: OPENBSD_7_6 aplsmc.c Log message: Set AP power state. Fixes the SMC initialization on (at least) the M1 MacBook with the latest system firmware. from kettenis; ok patrick@, jsg@ this is errata/7.6/004_aplsmc.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/29 15:16:36 Modified files: sys/dev/ic : psp.c pspvar.h Log message: Move psp(4) initialization from attach to device open. In preparation for automatic loading of the AMD SEV firmware, factor out the code that initializes the PSP. As the firmware must be loaded before the initialization, delay initialization to first use of the PSP. Initialization is triggered by opening /dev/psp for the first time. A later diff will add firmware loading in a similar way. Also provide a ioctl(2) for initialization. Not used right now. Will be later used by vmd(8) to reset the PSP. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/29 18:04:46 Modified files: usr.sbin/fw_update: patterns.c Log message: Add fw_update pattern for AMD SEV firmware used with psp(4). from hshoexer@; input deraadt@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/10/29 12:55:56 Modified files: . : errata75.html errata76.html Log message: Release xserver and ssh errata.
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: bl...@cvs.openbsd.org 2024/10/29 12:12:25 Modified files: xserver/xkb: Tag: OPENBSD_7_5 xkb.c Log message: xkb: Fix buffer overflow in _XkbSetCompatMap() The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. CVE-2024-9632 from matthieu@ this is errata/7.5/012_xserver.patch.sig
CVS: cvs.openbsd.org: xenocara
CVSROOT:/cvs Module name:xenocara Changes by: bl...@cvs.openbsd.org 2024/10/29 12:11:33 Modified files: xserver/xkb: Tag: OPENBSD_7_6 xkb.c Log message: xkb: Fix buffer overflow in _XkbSetCompatMap() The _XkbSetCompatMap() function attempts to resize the `sym_interpret` buffer. However, It didn't update its size properly. It updated `num_si` only, without updating `size_si`. CVE-2024-9632 from matthieu@ this is errata/7.6/002_xserver.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/29 11:03:28 Modified files: usr.bin/ssh: Tag: OPENBSD_7_6 kexmlkem768x25519.c libcrux_mlkem768_sha3.h Log message: fix ML-KEM768x25519 KEX on big-endian systems; from djm@; spotted by jsg@; feedback/ok deraadt@ this is errata/7.6/003_ssh.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/24 12:52:59 Modified files: sys/dev/ic : psp.c pspvar.h sys/dev/pci: ccp_pci.c files.pci Added files: sys/dev/pci: psp_pci.c Log message: Attach psp(4) version 1. Some AMD CPUs come with an older platform security processor. It is detectet by PCI Id and has different register offsets. Move the dynamic register offsets into psp_softc. The PCI attach code is now in a separate psp_pci.c file and detects the version of the psp along with the ccp. The attach code is more verbose to display where problems might occur. Now the ccp_wait() has 2 seconds timeout, both for polling and interrupt. Also prevent a useless bus_space_read_4(). OK hshoexer@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/10/13 15:28:51 Modified files: . : errata75.html errata76.html Log message: Release unbound errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/09 08:54:04 Modified files: sbin/unwind/libunbound/util/data: Tag: OPENBSD_7_5 msgencode.c usr.sbin/unbound/util/data: Tag: OPENBSD_7_5 msgencode.c Log message: Fix unbound CVE-2024-8508, put a limit on resources used for handling DNS compression. OK florian from unbound 1.21.1. apply the CVE-2024-8508 fix from unbound (put a limit on resources used for handling DNS compression). OK florian from @sthen this is errata/7.5/011_unbound.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/09 08:52:09 Modified files: sbin/unwind/libunbound/util/data: Tag: OPENBSD_7_6 msgencode.c usr.sbin/unbound/util/data: Tag: OPENBSD_7_6 msgencode.c Log message: Fix unbound CVE-2024-8508, put a limit on resources used for handling DNS compression. OK florian from unbound 1.21.1. apply the CVE-2024-8508 fix from unbound (put a limit on resources used for handling DNS compression). OK florian from @sthen this is errata/7.6/001_unbound.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/08 05:42:49 Modified files: sys/conf : Tag: OPENBSD_7_6 newvers.sh Log message: 7.6-stable
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/04 16:21:28 Modified files: sys/arch/amd64/stand/efiboot: exec_i386.c Log message: Allow boot loader to run as AMD SEV guest on QEMU with EFI. When efibooting amd64, the boot loader rewrites the page table built by EFI firmware to ensure that there are no read-only mappings. The rewrite is needed for some HP EFI BIOS, that maps computrace section read-only. When efibooting on SEV enabled QEMU, we would have to ensure the crypt bit is set when changing page tables. However, there is no need for the HP workaround when booting on QEMU (or any other VM), so just do not modify the page table, when SEV gest mode is detected. from Sebastian Sturm; via hshoexer@; OK kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/04 15:15:52 Modified files: sys/arch/amd64/amd64: locore0.S Log message: Allow kernel boot on QEMU with AMD SEV. When booting an OpenBSD kernel on Linux QEMU with SEV enabled, the hypervisor does not forward the SME feature, only the SEV bit is set. Therefore do not depend on SME when checking for SEV guest mode in locore0. from Sebastian Sturm; via hshoexer@; OK jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/10/04 10:58:26 Modified files: sys/dev/ic : psp.c Log message: Increase psp(4) timeouts. On EPYC 9124 psp(4) seems to need more to time to respond. Otherwise it will not attach. Increase timeouts for both polling during autoconf and interrupt during normal operation. from hshoexer@ OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/24 06:37:11 Modified files: sys/kern : kern_sysctl.c Log message: Fix sleeping race during malloc in sysctl hw.disknames. When mallocarray(9) sleeps, disk_count can change, and diskstatslen gets inconsistent. This caused free(9) to panic. Reported-by: syzbot+36e1f3b306f721f90...@syzkaller.appspotmail.com OK deraadt@ mpi@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/09/23 09:26:19 Modified files: . : events.html Added files: papers : eurobsdcon2024-hshoexer-confidential-computing.pdf Log message: Add slides from hshoexer@ at EuroBSDCon 2024.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/09/22 15:30:39 Modified files: . : events.html Added files: papers : eurobsdcon2024-bluhm-packetflow.pdf Log message: Add slides for my talk at EuroBSDCon 2024.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/16 16:30:01 Modified files: usr.sbin/vmd : vm.conf.5 Log message: Mention psp(4) in vm.conf(5) man page. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/16 16:15:43 Modified files: share/man/man4 : psp.4 Log message: Document ioctl(2) interface provided by psp(4) device. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/09/16 15:49:31 Modified files: . : errata74.html errata75.html Log message: Release expat, nfs, readdir, elf errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/16 15:24:56 Modified files: sys/kern : Tag: OPENBSD_7_5 exec_elf.c Log message: Invalid pintables in ELF binaries can crash the kernel. from deraadt@; Fix from yufeng@uq.edu.au this is errata/7.5/010_elf.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/15 16:46:45 Modified files: sys/isofs/cd9660: Tag: OPENBSD_7_4 cd9660_vnops.c sys/isofs/udf : Tag: OPENBSD_7_4 udf_vnops.c sys/miscfs/fuse: Tag: OPENBSD_7_4 fuse_vnops.c sys/msdosfs: Tag: OPENBSD_7_4 msdosfs_conv.c sys/nfs: Tag: OPENBSD_7_4 nfs_vnops.c sys/ntfs : Tag: OPENBSD_7_4 ntfs_vnops.c sys/tmpfs : Tag: OPENBSD_7_4 tmpfs_subr.c sys/ufs/ext2fs : Tag: OPENBSD_7_4 ext2fs_lookup.c sys/ufs/ufs: Tag: OPENBSD_7_4 ufs_vnops.c Log message: Ensure that file names passed back by readdir do not include a '/' character. The '/' char is the path separator and is not allowed in any filename. NFS specific report by Apple Security Engineering and Architecture (SEAR). Input from guenther@ and millert@ from claudio@; OK beck@ miod@ msdos already transfroms for Windows long names a '/' char into '?'. Do the same for the 8.3 case as well. This is not ideal since now it is possible that two files in the same directory have the same name but the msdos code already does a lot of this and so the problem already exists. from claudio@; OK beck@ miod@ Do a basic sanity check that dirents returned via fuse are kind of sane. Ensure that file names passed back by readdir do not include a '/' character. The '/' char is the path separator and is not allowed in any filename. On top of this also check that d_reclen and d_namlen are kind of sane and zero out the padding bytes after d_name. from claudio@; OK beck@ this is errata/7.4/022_readdir.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/15 16:44:29 Modified files: sys/isofs/cd9660: Tag: OPENBSD_7_5 cd9660_vnops.c sys/isofs/udf : Tag: OPENBSD_7_5 udf_vnops.c sys/miscfs/fuse: Tag: OPENBSD_7_5 fuse_vnops.c sys/msdosfs: Tag: OPENBSD_7_5 msdosfs_conv.c sys/nfs: Tag: OPENBSD_7_5 nfs_vnops.c sys/ntfs : Tag: OPENBSD_7_5 ntfs_vnops.c sys/tmpfs : Tag: OPENBSD_7_5 tmpfs_subr.c sys/ufs/ext2fs : Tag: OPENBSD_7_5 ext2fs_lookup.c sys/ufs/ufs: Tag: OPENBSD_7_5 ufs_vnops.c Log message: Ensure that file names passed back by readdir do not include a '/' character. The '/' char is the path separator and is not allowed in any filename. NFS specific report by Apple Security Engineering and Architecture (SEAR). Input from guenther@ and millert@ from claudio@; OK beck@ miod@ msdos already transfroms for Windows long names a '/' char into '?'. Do the same for the 8.3 case as well. This is not ideal since now it is possible that two files in the same directory have the same name but the msdos code already does a lot of this and so the problem already exists. from claudio@; OK beck@ miod@ Do a basic sanity check that dirents returned via fuse are kind of sane. Ensure that file names passed back by readdir do not include a '/' character. The '/' char is the path separator and is not allowed in any filename. On top of this also check that d_reclen and d_namlen are kind of sane and zero out the padding bytes after d_name. from claudio@; OK beck@ this is errata/7.5/009_readdir.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/15 16:35:07 Modified files: sys/nfs: Tag: OPENBSD_7_4 nfs_socket.c nfsm_subs.h Log message: After calling m_freem() on nmi_mrep (or nmi_mreq) set the pointer to NULL. Only do this if struct nfsm_info doesn't have local scope. In some cases the caller would perfrom another m_freem and double free the mbuf and Bad Things(TM) would happen. from claudio@; Reported by Claes M Nyberg on bugs@; with & ok miod@ nfsm_srvnamesiz() may set up an NFSERR_NAMETOL error, which nfsm_reply() would consider as not tragic enough to abort the operation, in order to batch error replies. This would end up invoking nfs_namei() using the length obtained from the NFS request, and Bad Things(TM) would happen if this value is larger than MAXPATHLEN. from miod@; Reported by Claes M Nyberg on bugs@; tweaks & ok claudio@ this is errata/7.4/021_nfs.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/15 16:32:38 Modified files: sys/nfs: Tag: OPENBSD_7_5 nfs_socket.c nfsm_subs.h Log message: After calling m_freem() on nmi_mrep (or nmi_mreq) set the pointer to NULL. Only do this if struct nfsm_info doesn't have local scope. In some cases the caller would perfrom another m_freem and double free the mbuf and Bad Things(TM) would happen. from claudio@; Reported by Claes M Nyberg on bugs@; with & ok miod@ nfsm_srvnamesiz() may set up an NFSERR_NAMETOL error, which nfsm_reply() would consider as not tragic enough to abort the operation, in order to batch error replies. This would end up invoking nfs_namei() using the length obtained from the NFS request, and Bad Things(TM) would happen if this value is larger than MAXPATHLEN. from miod@; Reported by Claes M Nyberg on bugs@; tweaks & ok claudio@ this is errata/7.5/008_nfs.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/11 09:42:52 Modified files: usr.sbin/vmd : Makefile arm64_vm.c loadfile_elf.c parse.y vm.c vm.conf.5 vmd.c vmd.h vmm.c x86_vm.c Added files: usr.sbin/vmd : psp.c sev.c Log message: Implement AMD SEV support in vmd(8). To launch a guest with AMD SEV enabled, vmd needs to do a few things: - retrieve ASID used by guest on VM creation - provide ASID to psp(4) - let psp(4) encrypt memory used intially by guest - run guest - release resources held by psp(4) on guest shutdown To enable SEV for a guest use the parameter "sev" in the guest's vm section in vm.conf. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/10 08:52:42 Modified files: sys/kern : uipc_mbuf.c Log message: Fix build of m_print_chain() on sparc64. Use %zu to print mbuf MHLEN and MLEN in ddb, otherwise gcc complains. found by claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/09 06:47:08 Modified files: lib/libexpat : Tag: OPENBSD_7_4 Changes lib/libexpat/lib: Tag: OPENBSD_7_4 xmlparse.c Log message: Backport libexpat security fixes from version 2.6.3. Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889 #892. No library bump necessary. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 OK tb@ errata/7.4/020_expat.patch
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/09 06:45:38 Modified files: lib/libexpat : Tag: OPENBSD_7_5 Changes lib/libexpat/lib: Tag: OPENBSD_7_5 xmlparse.c Log message: Backport libexpat security fixes from version 2.6.3. Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889 #892. No library bump necessary. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 OK tb@ errata/7.5/007_expat.patch
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/09 05:27:03 Modified files: sys/kern : uipc_mbuf.c Log message: Print mbuf size also for non cluster. Command "ddb> show /c mbuf" always prints mbuf data size. In uipc_mbuf.c include db_interface.h as it contains prototype for m_print_chain(). OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/05 02:52:28 Modified files: sys/ddb: db_command.c db_interface.h sys/kern : uipc_mbuf.c share/man/man4 : ddb.4 Log message: In ddb(4) print mbuf chain and packet list. For debugging hardware offloading, DMA requirements, bounce buffers, and performance optimizations, knowing the memory layout of mbuf content helps. Implement /c and /p modifiers in ddb show mbuf. It traverses the pointer m_next for mbuf chain or m_nextpkt for packet list. Show mbuf type, data offset, mbuf length, packet length, cluster size, and total number of elements, length and size. OK claudio@ mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/05 01:57:14 Modified files: lib/libexpat : Changes README.md lib/libexpat/doc: reference.html lib/libexpat/lib: expat.h siphash.h xmlparse.c lib/libexpat/tests: basic_tests.c misc_tests.c Log message: Update libexpat to version 2.6.3. Relevant for OpenBSD are security fixes #887 #890 #888 #891 #889 #892, other changes #886 #885, infrastructure #880. No library bump necessary. CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 OK tb@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/03 11:19:53 Modified files: sys/arch/amd64/amd64: pmap.c Log message: For virtual addresses use fixed page frame without AMD SEV reduction. When running as a SEV guest, page frame mask is calculated from the CPUID provided "physical address bit reduction". The amd64 pmap code uses the variable pg_frame instead of the defined PG_FRAME 0x000ff000. There was one instance in pmap code where pg_frame was applied to virtual address, not physical address. On some machines the address bit reduction is rather large with six bits. So the calculated pg_frame is 0x3fe0. However, on amd64 VM_MAX_ADDRESS is defined as 0x7fbfdfeff000. Masking a such large address with pg_frame caused havoc. Therefore, when masking virtual addresses, still use PG_FRAME. from hshoexer@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/03 03:36:12 Modified files: etc/etc.amd64 : MAKEDEV Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/03 03:35:46 Modified files: etc: MAKEDEV.common etc/etc.amd64 : MAKEDEV.md Log message: For AMD SEV create /dev/psp. To call ioctl(2) for the platform security processor (PSP), vmd(8) needs a device file. It is currently linked to the cryptographic co-processor ccp(4). We may split this into a separate psp(4) device. from hshoexer@; input jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/01 13:32:48 Modified files: share/man/man4 : ccp.4 Log message: For AMD SEV mention platform security processor in ccp(4) map page. from hshoexer@; input jsg@; ok mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/01 13:25:06 Modified files: sys/dev/ic : ccp.c ccpvar.h Log message: For AMD SEV provide ioctl(2) in cpp(4) to shutdown guest. To shutdown a SEV-enabled guest, first deactivate the guest context in ccp(4), then decommission the guest context. Combine these two operations in a single ioctl to simplify guest shutdown for vmd(8). As this ioctl does not directly map to a single ccp command, use a high number for the ioctl. More ioctls like this one will come. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/09/01 11:13:46 Modified files: sys/arch/amd64/include: conf.h sys/dev/ic : ccp.c sys/kern : kern_pledge.c sys/sys: pledge.h Log message: Pledge "vmm" for ccp(4) ioctl(2). Limit ccp ioctls to processes that pledge vmm. Specific psp device ioctls for AMD SEV will allowed for vmd(8). from hshoexer@; input deraadt@ jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/29 10:42:30 Modified files: sys/kern : uipc_mbuf2.c Log message: In m_pulldown() replace memmove() with memcpy(). The memmove() in m_pulldown() copied memory between different mbufs. So data cannot overlap and memcpy() is enough. OK claudio@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/29 04:44:40 Modified files: sys/kern : kern_sysctl.c uipc_mbuf.c uipc_mbuf2.c sys/sys: mbuf.h usr.bin/netstat: mbuf.c Log message: Show expensive mbuf operations in netstat(1) statistics. If the memory layout is not optimal, m_defrag(), m_prepend(), m_pullup(), and m_pulldown() will allocate mbufs or copy memory. Count these operations to find possible optimizations. input dhill@; OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/28 12:21:15 Modified files: sys/arch/amd64/amd64: bus_dma.c Log message: If bounce buffers do not fit, defragment mbuf. Some packets were dropped by vio_encap() when using bounce buffers. These mbufs are too fragmented for the pre allocated bounce buffer pages. By returing EFBIG the network driver will call m_defrag() and try again. This fixes the problem. OK sf@ hshoexer@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/27 03:16:03 Modified files: sys/arch/amd64/amd64: identcpu.c vmm_machdep.c sys/arch/amd64/include: cpu.h vmmvar.h sys/dev/vmm: vmm.c vmm.h Log message: Enable AMD SEV support in vmm(4). Bring the pieces for vmm(4) to support guests with SEV memory encryption on AMD CPUs. The corresponding vmd(8) changes will follow. Emulate cpuid 0x801f so the guest can discover SEV features. Allow vmd(8) to enable SEV on VM creation. Inform vmd(8) about the c-bit position and ASID assigned to each VCPU. Note that vmd(8) has to be rebuilt with the new header files. from hshoexer@; input dv@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/26 07:55:14 Modified files: sys/netinet: tcp_input.c Log message: Rearrange #ifdef TCP_SIGNATURE to keep braces balanced.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/26 06:15:40 Modified files: regress/include/bitstring: Makefile bitstring_test.c regress/include/bitstring/good: 27 32 49 64 67 8 Log message: Test bitstring macro evaluation. For all bitstring macros, add a test with side effects in the arguments. Also fix compiler warnings and wrap long line. In main() replace exit(0) with return(0) to check stack canary. Create expected test files with make target create-good. OK florian deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/26 05:52:54 Modified files: include: bitstring.h Log message: Evaluate arguments of bitstring macros only once. According to bit_alloc(3) man page the arguments to bitstring macros are evaluated only once and may safely have side effects. Fix the implementation with temporary variables to fulfill this requirement. OK florian@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/22 05:36:24 Modified files: sys/arch/amd64/amd64: bus_dma.c Log message: Fix merge of bounce buffer segments in amd64 bus dma. If the physical pages are contiguous, _bus_dmamap_load_buffer() tries to merge the segments. In case of mbuf chains, it can happen that the physical bounce buffers are contiguous, but the virtual addresses of mbuf m_data are not. Then during transmit _bus_dmamap_sync() tries to copy segments where it cannot access the virtual source address which is mapped in a different mbuf. So if bounce buffers are used, physical and virtual buffer must be contigous, to merge a segment. While there, split check and decrement of variable i in a for loop to make the code readable. with and OK hshoexer@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/20 09:30:29 Modified files: sys/arch/amd64/amd64: bus_dma.c Log message: Fix whitespace in amd64 bus dma.
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/08/19 09:19:51 Modified files: . : errata74.html errata75.html Log message: Release cron errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/19 09:14:54 Modified files: usr.sbin/cron : Tag: OPENBSD_7_4 entry.c Log message: Fix CVE-2024-43688, buffer underflow for very large step values In get_number(), reject values that are so large that they are interpreted as negative numbers. In set_range(), step values smaller than one or larger than the "stop" value are ignored. This prevents bit_nset() from being called with out-of-range values. from millert@; Bug found by Dave G. of Supernetworks. this is errata/7.4/019_cron.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/19 09:13:45 Modified files: usr.sbin/cron : Tag: OPENBSD_7_5 entry.c Log message: Fix CVE-2024-43688, buffer underflow for very large step values In get_number(), reject values that are so large that they are interpreted as negative numbers. In set_range(), step values smaller than one or larger than the "stop" value are ignored. This prevents bit_nset() from being called with out-of-range values. from millert@; Bug found by Dave G. of Supernetworks. this is errata/7.5/006_cron.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/18 15:04:29 Modified files: sys/arch/amd64/amd64: bus_dma.c Log message: Use define to test bounce buffer in amd64 bus dma. To debug bounce buffers easily on non-SEV hardware, introduce a define FORCE_BOUNCE_BUFFER that activates them. Default is off, no functional change. OK miod@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/14 12:31:33 Modified files: sys/arch/amd64/amd64: bus_dma.c sys/arch/amd64/include: bus.h Log message: Implement bounce buffering for AMD SEV in amd64 bus dma. When running as SEV guest, as indicated by variable cpu_sev_guestmode, allocate additional pages for each segment on dma map creation. These pages are mapped with the PMAP_NOCRYPT attribute, i.e. the crypt bit is not set in the PTE. Thus, these pages are shared with the hypervisor. When the map is loaded with actual pages, the address in the descriptor is replaced by the corresponding bounce buffer. Using bus_dmamap_sync(), data is copied from the encrypted pages used by guest drivers to the unencrypted bounce buffers shared with the hypervisor, and vice versa. If the kernel is not running in SEV guest mode, which means as normal host or non-SEV guest, no bounce buffers are used. from hshoexer@; based on ancient code of mickey@; OK kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/13 14:48:00 Modified files: sys/dev/ic : ccp.c Log message: For AMD SEV use correct command mask in ccp(4) driver. According to AMD SEV API specification, the mask for command ID is supposed to be of length 10 (Bits [25:16]), rather than length 6. This ensures that all commands are properly processed by the PSP. from Aaron Debebe; OK hshoexer@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/12 05:25:27 Modified files: sys/kern : uipc_domain.c sys/netinet: igmp.c sys/netinet6 : icmp6.c mld6.c Log message: Run network protocol timer without kernel lock. Mark slow and fast protocol timeouts as MP safe. This means they run on a spearate thread without holding the kernel lock. IGMP and MLD6 cannot run in parallel, they use exclusive net lock to protect themselves. As a performance optimization global variables are used to skip igmp_fasttimo() and mld6_fasttimeo() if no multicast is active. These global variables use atomic operations and memory barriers to work lockless. IPv6 fragment timeout protects itself with a mutex. TCP timers also run without kernel lock now. The whole TCP stack holds exclusive net lock, so additional kernel lock is useless. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/08 09:02:36 Modified files: sys/kern : kern_sysctl.c Log message: In sysctl KERN_FILE_BYPID stop traversal after pid has been found. When searching for a specific process, there is no need to traverse the list of all processes to the end. Break after pid has been found and the file structure has been filled. Also check for arg >= 0 as this is consistent with the arg < -1 check before. This makes no functional difference as process 0 has PS_SYSTEM set and is skipped anyway. OK millert@ mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/06 10:56:09 Modified files: sys/net: pf.c sys/netinet: ip_input.c Log message: Unlock sysctl net.inet.ip.directed-broadcast. ip_directedbcast is read once in either ip_input() or pf_test() during packet processing. So writing the variable does not need net lock. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/05 11:47:29 Modified files: sys/net: if_bridge.c if_veb.c Log message: Fix bridging IPv6 fragments with pf reassembly. Sending IPv6 fragments over a bridge with pf did not work. During input pf reassembles the packet, and at bridge output it should be refragmented. This is only done for PF_FWD direction, but bridge(4) and veb(4) called pf_test() with PF_OUT argument. OK sashan@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/01 11:19:01 Modified files: sys/kern : uipc_socket.c Log message: Run socket splice idle timeout without kernel lock. OK mvs@
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/08/01 08:43:25 Modified files: . : errata74.html errata75.html Log message: Release sndiod errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/01 08:41:16 Modified files: usr.bin/sndiod : Tag: OPENBSD_7_4 sock.c Log message: sndiod: Fix insufficent check of input from clients Fixes possible sndiod(8) crashes caused by a global table overread triggered by the client. Found and analysed by Henry Ford , thanks! from ratchov@; OK bluhm@, help from millert@, mlarkin@ this is errata/7.4/018_sndiod.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/08/01 08:39:52 Modified files: usr.bin/sndiod : Tag: OPENBSD_7_5 sock.c Log message: sndiod: Fix insufficent check of input from clients Fixes possible sndiod(8) crashes caused by a global table overread triggered by the client. Found and analysed by Henry Ford , thanks! from ratchov@; OK bluhm@, help from millert@, mlarkin@ this is errata/7.5/005_sndiod.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/29 06:41:30 Modified files: sys/netinet6 : frag6.c Log message: Use shared net lock instead of exclusive when frag6 calls icmp6_error(). OK mvs@ a while ago as part of a larger diff
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/26 09:59:04 Modified files: sys/arch/amd64/amd64: vmm_machdep.c Log message: On AMD vmm(4) set SVM_INTERCEPT_INVLPGA in intercept1. According to the AMD64 Architecture Programmer's Manual volume 2 the intercept SVM_INTERCEPT_INVLPGA needs to be set in vmcb.intercept1 (vector 3, offest 00Ch) instead of intercept2 (vector 4, offset 010h). SVM_INTERCEPT_INVLPGA is bit 26, so before vcpu_reset_regs_svm() was actually setting an intercept for CR10, which does not exist. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/26 08:38:20 Modified files: sys/netinet: in_proto.c sys/netinet6 : in6_proto.c Log message: Run UDP input on multiple CPU in parallel. The socket layer of UDP has been made fully MP safe. UDP output is MP safe for a while. mvs@ has fixed the missing pieces in socket splicing recently. This means that complete UDP stack can be processed by multiple threads now. Activate multi processing for udp_input() when called with IPv4 or IPv6 packets. Usually IP processing runs on multiple softnet threads with shared net lock. From there local packets are queued and processed by one thread with exclusive net lock. If the PR_MPINPUT flag is set, protocol input is called directly from IP input on multiple threads, with shared net lock and no additional queueing. tested by Hrvoje Popovski; OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/21 13:41:31 Modified files: sys/arch/amd64/amd64: cpu.c locore0.S pmap.c sys/arch/amd64/include: cpu.h specialreg.h Log message: For AMD SEV determine C-bit position and guest mode in locore0. Actually determine the C-bit position if we are running as a guest with SEV enabled. Configure pg_crypt, pg_frame and pg_lgframe accordingly, using the physical address bit reduction provided by cpuid. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/19 10:58:32 Modified files: sys/netinet: ip_input.c sys/netinet6 : in6_proto.c ip6_forward.c ip6_input.c Log message: Unlock sysctl net.inet.ip.redirect and net.inet6.ip6.redirect. Variable ip and ip6 sendredirects is only read once during packet processing. Use atomic_load_int() to access the value in exactly one read instruction. No memory barriers needed as there is no correlation with other values. Sort the ip and ip6 checks, so the difference is easier to see. Move access to global variable to the end. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/19 09:41:58 Modified files: sys/netinet: udp_usrreq.c Log message: Relax socket lock assertion in UDP input and send. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/19 09:28:51 Modified files: libexec/getty : main.c Log message: unveil(2) /etc/gettytab.db in getty(8) to avoid possible violation. OK deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/18 08:46:28 Modified files: sys/net: pf_ioctl.c Log message: In pfattach() pass malloc type instead of flags to cpumem_malloc(). from markus@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/14 12:53:39 Modified files: sys/net: if.c pf.c pf_norm.c sys/netinet: ip_carp.c ip_icmp.c ip_input.c sys/netinet6 : icmp6.c ip6_input.c nd6.c nd6.h nd6_nbr.c nd6_rtr.c Log message: Unlock IPv6 sysctl net.inet6.ip6.forwarding from net lock. Use atomic operations to read ip6_forwarding while processing packets in the network stack. To make clear where actually the router property is needed, use the i_am_router variable based on ip6_forwarding. It already existed in nd6_nbr. Move i_am_router setting up the call stack until all users are independent. The forwarding decisions in pf_test, pf_refragment6, ip6_input do also not interfere. Use a new array ipv6ctl_vars_unlocked to make transition of all the integer sysctls easier. Adapt IPv4 to the new style. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/14 09:42:23 Modified files: sys/kern : uipc_socket.c Log message: Fix source and drain confusion in socket splicing somove(). If a large mbuf in the source socket buffer does not fit into the drain buffer, split the mbuf. But if the drain buffer still has some data in it, stop moving data and try again later. This skips a potentially expensive mbuf operation. When looking which socket buffer has to be locked, I found that the length of the source send buffer was checked. Change it to drain. As this is a performance optimization for a special corner case, noone noticed the bug. OK sashan@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/13 07:20:44 Modified files: sys/conf : files sys/netinet: ip_gre.c Log message: Add condition to ip_gre.c in files. Use gre condition in conf/files for compiling netinet/ip_gre.c only if needed. Remove #if NGRE > 0 from ip_gre.c that caused ramdisk build to compile an empty C file. OK kn@ deraadt@; input jsg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/13 06:00:11 Modified files: sys/netinet: in_proto.c Log message: Mark IP protocol GRE as MP safe from socket layer. The pipex code in gre_send() matches more or less what udp_send() does. This has been MP safe for a long time. rip_send() is already called with PR_MPSOCKET. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/13 04:09:40 Modified files: sys/netinet6 : ip6_forward.c Log message: Previous commit broke RAMDISK_CD kernel build. Always include udp.h in ip6_forward.c.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/13 03:34:26 Modified files: sys/netinet6 : ip6_forward.c Log message: Do not store full IPv6 packet in common forwarding case. Forwarding IPv6 packets is slower than IPv4. Reason is that m_copym() is done for every packet. Just in case we may have to send an ICMP6 packet, ip6_forward() creates a mbuf copy. After that mbuf cluster is read only, so for the ethernet header another mbuf is allocated. pf NAT and RDR ignores readonly clusters, so it also modifies the potential ICMP6 packet. IPv4 ip_forward() avoids all these problems by copying the leading 68 bytes of the original packets onto the stack. More is not need for ICMP. IPv6 RFC 4443 2.4. (c) requires up to 1232 bytes in the ICMP6 packet. This cannot be copied to the stack. The reason for the difference in the standard seems to be that the ICMP6 packet has to contain the full header chain. If we have a simple TCP, UDP or ESP packet without chain, do a shortcut and just preserve the header for the ICMP6 packet. Small packets already use stack memory, large packets need extra mbuf allocation. Now truncate ICMP6 packet to a reasonable length if the original packets has a final protocol header directly after the IPv6 header. List of suitable protocols contains TCP, UDP, ESP as they cover the common cases and anything behind the header should not be needed for path MTU discovery. OK deraadt@ florian@ mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/12 13:50:35 Modified files: sys/kern : uipc_socket2.c sys/netinet: in_pcb.c in_pcb.h in_proto.c ip_divert.c ip_divert.h ip_var.h raw_ip.c udp_usrreq.c udp_var.h sys/netinet6 : in6_proto.c ip6_divert.c ip6_var.h raw_ip6.c sys/sys: protosw.h Log message: Remove internet PCB mutex. All incpb locking has been converted to socket receive buffer mutex. Per PCB mutex inp_mtx is not needed anymore. Also delete PRU related locking functions. A flag PR_MPSOCKET indicates whether protocol functions support parallel access with per socket rw-lock. TCP is the only protocol that is not MP capable from the socket layer and needs exclusive netlock. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/12 03:25:27 Modified files: sys/net: pf.c sys/netinet: ip_icmp.c ip_input.c Log message: Run sysctl net.inet.ip.forwarding without net lock. The places in packet processing where ip_forwarding is evaluated have been consolidated. The remaining pieces in pf test, ip input, and icmp input do not need consistent information. If the integer value is changed by another CPU, it is harmless. The sysctl syscall sets the value atomically, so add atomic read in network processing and remove the net lock in sysctl IPCTL_FORWARDING. OK claudio@ mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/11 08:11:55 Modified files: sys/kern : kern_sysctl.c Log message: Use atomic operations to access integers in sysctl(2). In sysctl_int_bounded() use atomic operations to load, store, or swap integer values. By using volatile pointers this will result in a single assembly instruction, no matter how over optimizing compilers will become. Note that this does not solve data dependency problems, nor MP problems in the kernel code using these integers. For full MP safety additional considerations, memory barriers, or locks will be needed where the values are used. But for simple integer in- and output volatile is enough. If new and old value pointers are given to sysctl, atomic swapping guarantees that userlands sees the same old value only once. There are more sysctl_int() functions that have to be adapted. OK deraadt@ kettenis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/10 06:36:14 Modified files: sys/arch/amd64/amd64: locore0.S Log message: Use AMD SEV C-bit in inital page tables setup by locore0. Similar to the NX-bit apply the C-bit to the PTEs built by locore0. Right now, pg_crypt is initialized to 0, so nothing will change. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/09 13:11:06 Modified files: sys/arch/amd64/amd64: pmap.c sys/arch/amd64/include: pmap.h pte.h Log message: Prepare pmap for using the AMD SEV C-bit to encrypt guest memory. The C-bit in a page table entry is used by a SEV guest to specify, which pages are to be encrypted and which not. The latter is needed to share pages with the hypervisor for virtio(4). The actual position of the C-bit within a PTE is CPU implementation dependend and needs to be determined dynamically at system boot. The position of the C-bit also determines the actual size of page frame mask. This will be provided by a separate change. To be able to use the same kernel as both host and guest, the C-bit is provided as variable similar to the NX-bit. Same holds for the page frame masks. Right now, pg_crypt is set to 0, pg_frame an pg_lgframe to PG_FRAME and PG_LGFRAME respectively. Thus the kernel works as a host system same as before. Also introduce a PMAP_NOCRYPT flag. A guest will use this with busdma to establish unencrypted mappings that can be shared with the hypervisor. from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/09 03:33:13 Modified files: sys/netinet6 : ip6_forward.c Log message: IPv6 forward copies small packet content on the stack. Unfortunately RFC 4443 demands that the ICMP6 error packet containing the orignal packet is up to 1280 bytes long. That means for every forwarded packet forward() creates a mbuf copy, just in case delivery fails. For small packets we can copy the content on the stack like IPv4 forward does. This saves us some mbuf allocations if the content is shorter than the mbuf data size. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/04 06:50:08 Modified files: sys/net: pf.c pf_norm.c sys/netinet6 : ip6_forward.c ip6_input.c ip6_mroute.c ip6_output.c ip6_var.h Log message: Implement IPv6 forwarding IPsec only. IPsec gateways set the forwarding sysctl to 2. While this worked for IPv4 since a long time, adapt this feature for IPv6 now. Set sysctl net.inet6.ip6.forwarding=2 to forward only packets that have been processed by IPsec. Set IPV6_FORWARDING_IPSEC in ip6_input() and pass the flag down to the call stack. This provides consistent view on global variable ip6_forwarding. In ip6_output() or ip6_forward() drop packets that do not match the policy. OK denis@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/02 12:33:47 Modified files: sys/net: pf.c sys/netinet: ip_input.c ip_mroute.c ip_output.c ip_var.h Log message: Read IPsec forwarding information once. Fix MP race between reading ip_forwarding in ip_input() and checking ip_forwarding == 2 in ip_output(). In theory ip_forwarding could be 2 during ip_input() and later 0 in ip_output(). Then a packet would be forwarded that was never allowed. Currently exclusive netlock in sysctl(2) prevents all races. Introduce IP_FORWARDING_IPSEC and pass it with the flags parameter that was introduced for IP_FORWARDING. Instead of calling m_tag_find(), traversing the list, and comparing with NULL, just check the PACKET_TAG_IPSEC_IN_DONE bit. Reading ipsec_in_use in ip_output() is a performance hack that is not necessary. New code only checks tree bits. OK mvs@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/07/01 06:06:45 Modified files: usr.sbin/syslogd: syslogd.c regress/usr.sbin/syslogd: args-client-tls.pl Log message: Explicit TLS handshake with syslog client. Add a new TLS handshake callback for incoming connections. This will allow to inspect the client certificate later. For now only print a debug message and check it in regress. with and OK henning@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/28 15:36:05 Modified files: regress/sys/kern: Makefile Log message: Link regress unp-write-closed to build.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/28 15:07:27 Log message: Test writing to socket pair closed by the other side. This must trigger EPIPE error. with and OK mvs@ Status: Vendor Tag: bluhm Release Tags: bluhm_20240628 N src/regress/sys/kern/unp-write-closed/Makefile N src/regress/sys/kern/unp-write-closed/unp-write-closed.c No conflicts created by this import
CVS: cvs.openbsd.org: www
CVSROOT:/cvs Module name:www Changes by: bl...@cvs.openbsd.org 2024/06/25 16:11:01 Modified files: . : errata74.html errata75.html Log message: Release bgpd errata.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/25 16:01:06 Modified files: usr.sbin/bgpd : Tag: OPENBSD_7_4 rde_prefix.c Log message: When filling prefixes with pt_writebuf() keep 2 bytes reserved in the withdraw case. Those bytes are needed for the attribute length field. Without this withdraw messages can become overfull and are dropped without notice. Problem found and fix tested by denis@ from claudio@; OK denis@ tb@ this is errata/7.4/017_bgpd.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/25 16:00:25 Modified files: usr.sbin/bgpd : Tag: OPENBSD_7_5 rde_prefix.c Log message: When filling prefixes with pt_writebuf() keep 2 bytes reserved in the withdraw case. Those bytes are needed for the attribute length field. Without this withdraw messages can become overfull and are dropped without notice. Problem found and fix tested by denis@ from claudio@; OK denis@ tb@ this is errata/7.5/004_bgpd.patch.sig
CVS: cvs.openbsd.org: src
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org 2024/06/24 15:22:14
Modified files:
sys/arch/amd64/amd64: identcpu.c
sys/arch/amd64/include: cpu.h specialreg.h
Log message:
Show AMD SEV bits during identify CPU in dmesg.
Enable identifycpu() to discover and show AMD SEV related information
provided by cpuid.
The "crypt bit" for page table entries is stored in amd64_pos_cbit,
although it is not used yet.
Registers ecx and edx provide the number of guest and minimum ASID
for SEV-only guests. At least the latter value can be configured
in the BIOS, so it is useful to have this information in dmesg.
Therefore define emtpy bit masks for printf("%b") to get the raw
numbers.
from hshoexer@; OK mlarkin@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/24 06:19:19 Modified files: sys/netinet: ip_input.c Log message: Explicitly allocate stack memory for ICMP payload in IPv4 forward. Old ip_forward() allocated a fake mbuf copy on the stack to send an ICMP packet after ip_output() has failed. It seems easier to just copy the data onto the stack that icmp_error() may use. Only if the ICMP error packet is acutally sent, create the mbuf. m_dup_pkthdr() uses atomic operation to link the incpb to mbuf. pf_pkt_addr_changed() was immediately called afterwards to remove the linkage again. Also m_tag_delete_chain() was overhead. New code uses less CPU locking in the hot path. OK deraadt@ claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/20 13:25:42 Modified files: sys/net: if.c pf.c pf_norm.c sys/netinet: ip_carp.c sys/netinet6 : icmp6.c ip6_forward.c ip6_input.c ip6_var.h nd6.c nd6_nbr.c Log message: Read IPv6 forwarding value only once while processing a packet. IPv4 uses IP_FORWARDING to pass down a consistent value of net.inet.ip.forwarding down the stack. This is needed for unlocking sysctl. Do the same for IPv6. Read ip6_forwarding once in ip6_input_if() and pass down IPV6_FORWARDING as flags to ip6_ours(), ip6_hbhchcheck(), ip6_forward(). Replace the srcrt value with IPV6_REDIRECT flag for consistency with IPv4. To have common syntax with IPv4, use ip6_forwarding == 0 checks instead of !ip6_forwarding. This will also make it easier to implement net.inet6.ip6.forwarding=2 for IPsec only forwarding later. In nd6_ns_input() and nd6_na_input() read ip6_forwarding once and store it in i_am_router. The variable name has been chosen to avoid confusion with is_router, which indicates router flag of the packet. Reading of ip6_forwarding is done independently from ip6_input_if(), consistency does not really matter. One is for ND router behavior the other for forwarding. Again use the ip6_forwarding != 0 check, so when ip6_forwarding IPsec only value 2 gets implemented, it will behave like a router. OK deraadt@ sashan@ florian@ claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/20 13:25:04 Modified files: sys/netinet: ip_icmp.c Log message: Do not send ICMP redirect if IP forwarding is IPsec only. If sysctl net.inet.ip.forwarding is set to 2, only packets processed by IPsec are forwarded. I this case behave more like a router than a host and do not accept ICMP redirect packets. OK deraadt@ sashan@ florian@ claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: bl...@cvs.openbsd.org 2024/06/17 05:13:43 Modified files: sys/dev/pci: if_vmx.c Log message: In vmx(4) TSO must pullup headers into first mbuf. Forwarding IPv6 packets from vmx with LRO to vmx with TSO did not work. vmx(4) has the requirement that all headers are in the first mbuf. ip6_forward() is quite dumb. It calls m_copym() to create a mbuf that might be used for sending ICMP6 later. After passing the forwarded packet down to ether_encap(), m_prepend() is used to restore the ethernet header. As the mbuf cluster has been copied, it is read only now. That means m_prepend() does not provide the empty space at the beginning of the cluster, but allocates a new mbuf that contains only the ethernet header. vmx(4) cannot transmit such a TSO packet and drops it. Solution is to call m_pullup() in vmxnet3_start(). If we ended up in such a miserable condition, use the first mbuf in the chain and move all headers into it. OK jan@
