openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-06-18 07:13:36 +02:00
Code Activity

Commit Graph

  • 1274bee706 Get rid of the COM_CONSOLE ifdef maze. This was introduced for sparc which is no longer with us. kettenis 2026-04-19 09:36:56 +00:00
  • 813fdc5e2b floating point state leakage can be observed on AMD Zen/Zen+ (Zen 1) jsg 2026-04-19 01:10:28 +00:00
  • 2fc67ad6b9 Attach puc in RAMDISK_CD on amd64 and i386 gnezdo 2026-04-18 18:23:50 +00:00
  • a6d33878ee The parking mutex uses data structures on the stack and expects CPUs to be able to modify that data for other CPUs. Unfortunately on some sparc64 systems (sun4u systems that don't use Fujitsu SPARC64 CPUs) use a trick where the interrupt stack is mapped using a fixed alias on each CPU. This means a CPU can only access its own interrupt stack. Fix this by using the "real" address of the interrupt stack. We still need the fixed alias though to find our own "struct cpu_info" on these systems. So on MULTIPROCESSOR kernel we need to use another locked TLB entry. kettenis 2026-04-18 17:17:03 +00:00
  • 459a576b03 Tell the SpacemiT K1 controller to change the link speed such that we get the PCIe gen2 speeds that the controller supports. kettenis 2026-04-18 17:06:22 +00:00
  • ba4c54b56b Copy SpacemiT K1 device trees onto the miniroot. With this, installs should just work on the supported boards. Make sure you install with a network connection such that fw_update can put the device trees into your new install as well. Document that "make release" now needs the riscv64-spacemit-dtb firmware installed. kettenis 2026-04-18 16:54:22 +00:00
  • ec60ae57e6 Don't let malicious or confused scsi tape devices cause reading or writing outside a mode sense/select buffer. krw 2026-04-18 13:04:02 +00:00
  • bd2c984c29 Revert last commit, rev. 1.446. claudio 2026-04-18 11:16:29 +00:00
  • 1981520d57 document IP_RECVIF sockopt, from Matthew Luckie sthen 2026-04-18 09:30:25 +00:00
  • 56bdd4199b Fix vmd(8) vionet reset race leading to broken networking. dv 2026-04-17 21:08:42 +00:00
  • a9044055e1 Avoid potential undefined behavior on write error while sending data. From Dhiraj Mishra OK deraadt@ tb@ millert 2026-04-17 20:17:53 +00:00
  • 3dfcdce821 Attempt to load the right device tree from the riscv64-specmit-dtb firmware package on SpacemiT K1 boards. The only viable way to do this seems to be basing this on the "model" property of the root node of the device tree provided by the device. This is still a bit of a guess since the Milk-V Jupiter advertises itself as "spacemit k1-x evb board" and the Banana Pi BPI-F3 seems to say it is a "spacemit k1-x deb1 board". kettenis 2026-04-17 19:41:31 +00:00
  • 95fa704455 If you use the floppy, fw_update for some drivers will not work, you will have to figure out the names of the missing firmwares and request them manually. deraadt 2026-04-17 19:35:22 +00:00
  • ca36210afe If you use the floppy, fw_update for some drivers will not work, you will have to figure out the names of the missing firmwares and request them manually. deraadt 2026-04-17 19:34:37 +00:00
  • dd8012433f route_output() can not use the info struct late in its function since the rtm struct that populated it was freed around the rtm_report() call. In that case access to info.rti_info[RTAX_DST] is a use-after-free. Cache the address family before handling the route message so that the route_input call can use this value instead. claudio 2026-04-17 18:30:45 +00:00
  • e5e15d037d oops, fix a one-byte mishap in the previous commit schwarze 2026-04-17 17:30:50 +00:00
  • 4b34885dee Refine unveil(2) usage. schwarze 2026-04-17 17:27:35 +00:00
  • b932b7b57e Prepare for refining unveil(2) usage by providing a function manpath_unveil() that makes the manpath directories accessible. Soon to be used by man(1), spropos(1), and makewhatis(8). schwarze 2026-04-17 15:30:27 +00:00
  • 10e90c6526 Delete the pointless logic that remembers the original working directory. It was never needed because manpath_add() in manpath.c has always been using realpath(3) since the very beginning in 2011, so struct manpaths only ever contains absolute paths. The only exception is man.cgi(8), but that chdir(2)s to the right directory beforehand and only ever uses one single manpath, ".". schwarze 2026-04-17 14:07:48 +00:00
  • b1fcf203e1 locase() in usr.bin/rpcgen/rpc_util.c copies an identifier into a static buffer without bounds checking renaud 2026-04-17 06:24:34 +00:00
  • 5323d24150 cgetnext() in lib/libc/gen/getcap.c copies a record name into a stack buffer without bounds checking renaud 2026-04-17 06:23:09 +00:00
  • 572068f13b Some mapchar emulops require a question mark character, so don't permit loading if that is missing (bounded by firstchar and numchars). An AI triage report made a hastly conclusion there were bigger problems here but Miod figures it is just this ? problem. diff from miod report from Bruce Dang of Calif.io deraadt 2026-04-17 06:18:19 +00:00
  • 0d0a18a154 In ipcs(1) use shm_cpid to determine whether a shared memory segment is in use. As since kern_sysctl.c r1.490 shm_internal is always NULL. dgl 2026-04-17 02:01:29 +00:00
  • 2dd8b2a80c vmctl(8): switch to new disk format enum. dv 2026-04-16 21:34:47 +00:00
  • 0947192cc0 vio: recover from missed RX interrupts sf 2026-04-16 21:00:00 +00:00
  • 9a5efc9108 The struct kfino_vmentry copied to userland is 80, and (depending on architecture?) has 7 bytes of padding at the end, which is uninitialized. Use M_ZERO. from tgs deraadt 2026-04-16 20:03:14 +00:00
  • 0f09bc3c23 smtpd: bump version to 7.9 op 2026-04-16 19:37:42 +00:00
  • 5263ddf930 don't lowercase K_AUTH lookups op 2026-04-16 19:36:04 +00:00
  • 30254ef85d Avoid undefined behaviour in the community code by checking nentries to be not 0 before memcmp, bsearch or siphash calls. claudio 2026-04-16 19:06:45 +00:00
  • bd18663393 Prevent buffer overflow by checking the correct counter. florian 2026-04-16 16:59:07 +00:00
  • a0adf3c1a9 sys/octeon: cleanup all interrupts kirill 2026-04-16 15:50:58 +00:00
  • 072ce9297f Properly handle the FIN flag in tcp_flush_queue. claudio 2026-04-16 15:45:58 +00:00
  • f79dbf8c69 Don't mix heap and stack pointers in offset calculation job 2026-04-16 15:29:42 +00:00
  • b7a4e98ac3 Add pattern for riscv64-spacemit-dtb that matches smtgpio(4). kettenis 2026-04-16 15:21:12 +00:00
  • 203548908a For sysctl({CTL_KERN, KERN_TTY, KERN_TTY_INFO), only export the t_session kernel address pointer if the caller is root. Reported by Bruce Dang of Calif.io ok claudio deraadt 2026-04-16 14:51:36 +00:00
  • a87550c1c9 do not expose p_addr kernel address unless root from Bruce Dang of Calif.io ok claudio kettenis deraadt 2026-04-16 14:47:24 +00:00
  • 8a9c1abf57 Fix missing word, that rather changed the meaning, spotted by "schalken" on IRC. dgl 2026-04-16 07:42:45 +00:00
  • 8b1d075419 libtls: consistently handle allocation failures tb 2026-04-16 07:35:25 +00:00
  • 7d022cae23 libtls: use TLS_ERROR_OUT_OF_MEMORY after malloc failure tb 2026-04-16 07:33:11 +00:00
  • e709fac20c libtls: use tls_error_setx() after BIO_new_mem_buf() tb 2026-04-16 07:29:53 +00:00
  • ddea2ef37c libtls: prefer x version of error setting tb 2026-04-16 07:28:00 +00:00
  • e3ff805eb7 Similar to sysctl KERN_SYSVIPC_SEMINFO, KERN_SYSVIPC_SHM_INFO also leaks the same kernel pointer that shminfo() leaks. ok dgl deraadt 2026-04-16 07:09:41 +00:00
  • 76d3556486 sysctl KERN_SYSVIPC_SEM_INFO was leaking the sem_base kernel pointer to userland. dgl 2026-04-16 07:03:15 +00:00
  • 8d7a3d558a libtls: add missing length checks before BIO_new_mem_buf() tb 2026-04-16 05:16:48 +00:00
  • 1b900a0c7d shmctl IPC_STAT was leaking the shm_internal kernel malloc pointer into userland The manual page calls this "sysv stupidity", .h calls it 'implementation specific data". It is surprising we didn't fix this before. Found by tsg@, ok millert deraadt 2026-04-16 05:07:07 +00:00
  • 8227d12b0d Calibrate the PHY if the firmware didn't do so already. kettenis 2026-04-15 21:16:13 +00:00
  • bc8d5b8a0d The riscv64 pmap implementation copies the kernel l1 page table entries into all other pmaps to allow access to KVA when running in kernel mode. Unfortunately when pmap_growkernel() creates new kernel l1 page table entries, existing pmaps are not updated. This causes unexpected kernel page faults when KVAs that depend on those new kernel l1 page table entries are used. Fix this by fully populating the kernel l1 page tables in pmap_bootstrap(). kettenis 2026-04-15 21:15:08 +00:00
  • 2a36b3c3c2 keypairtest: zero out tls_error before running tests tb 2026-04-15 20:13:07 +00:00
  • 098500e8b3 sysctl skips processes with pr->ps_pgrp == NULL. comment said this was dying processes. actually it is also brand new processes now. deraadt 2026-04-15 19:29:02 +00:00
  • 443dd5519a During early stages of fork in process_new(), since the ps_pgrp field is in the process copy region the child gets this pointer. Before fork1() completes the process creation, it is possible for other processes to change the pgrp in an attacker controlled way, such that the pointer becomes stagnant. A very complicated AI-generated attack chaining many methods (which a experienced human could generate given sufficent time) suceeds at racing this stagnant pgrp object in the pool cache and can do things it should not. We need to start the children without a pgrp (ie. NULL), and update the pgrp pointer late. Found by Nicholas Carlini at Anthropic this is security errata 7.7/037_pgrp.patch.sig and 7.8/031_pgrp.patch.sig deraadt 2026-04-15 18:55:54 +00:00
  • 215573faa6 Make the ix(4) driver compile when DBG is set to 1 in ixgbe.h. stsp 2026-04-15 17:30:50 +00:00
  • 2f0d2c4421 Do not pass pointers over privilege boundaries. florian 2026-04-15 16:50:32 +00:00
  • 1b16e9a828 init GuC TLB invalidation xarray with XA_FLAGS_LOCK_IRQ jsg 2026-04-15 03:00:20 +00:00
  • 8928aa2468 Provide an example how to disambiguate mktime() return values job 2026-04-15 00:20:28 +00:00
  • 35f31cb19b vmd(8): remove config parsing TOCTOU with disk parsing. dv 2026-04-14 21:41:19 +00:00
  • 54c4adda4f Clear the pointer in tm data structures before passing them to unprivileged side. Prevents address information leak. canacar 2026-04-14 18:19:50 +00:00
  • e11cf29b70 vmd(8): zero potential heap pointers before IPC. dv 2026-04-14 14:15:10 +00:00
  • 82afeac7db Do not leak old time format if it is replaced in same format. nicm 2026-04-14 11:25:41 +00:00
  • 06178a3283 If job_run fails, do not crash but instead free the popup. nicm 2026-04-14 08:39:10 +00:00
  • 8faa725573 Another check for partially initialized control client, from Matt Koscica in GitHub issue 5004. nicm 2026-04-14 08:32:30 +00:00
  • 84c70f1e56 Add detach to default session menu, suggested by Przemyslaw Sztoch. nicm 2026-04-14 07:35:17 +00:00
  • 54b22d0328 Fix key binding conflict in session menu, from Dane Jensen. nicm 2026-04-14 07:28:57 +00:00
  • 65ef24d9d6 Include window bits for pane notifications, GitHub issue 5007 from Saul Nogueras. nicm 2026-04-14 07:26:45 +00:00
  • f981cde1c8 Limit precision to 100 to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. nicm 2026-04-14 07:24:23 +00:00
  • 5ce6ac7c76 Add WAYLAND_DISPLAY to default update-environment, GitHub issue 4965 from wgh at torlan dot ru. nicm 2026-04-14 07:16:02 +00:00
  • 489fa13373 sync deraadt 2026-04-13 19:13:59 +00:00
  • bb890fd247 move out of -beta deraadt 2026-04-13 17:22:23 +00:00
  • 0486237ef5 Prior to this we substring matched and allowed a leading . on a SAN DNSname constraint. This is not correct, as with a DNSname constraint, it may exacly match or match zero or more additional components on the front of the candidte to match. beck 2026-04-13 17:04:23 +00:00
  • a0d7485e83 Document RETURN value for timegm(3) tb 2026-04-13 16:01:54 +00:00
  • b09aaa95e2 The fault handling code that deals with getting back from swap for an anon does not expect failures because we are short on memory. These are synchronous operations so we're expected to wait on memory to become available. This got broken in rev 1.178 (Back out the pagedaemon "oom" reserve and sleeping point). Bring back the code to allocate bounce memory using uvm_pglistalloc(9) but only use it for the !async case (which will never be use by the pagedaemon). kettenis 2026-04-13 15:23:57 +00:00
  • ad5d1521b3 decrease the agressiveness of inactive growth from the previous commit. A small increase is enough; if not enough free is created in one round, it will be created the next time. long discussions with kirill deraadt 2026-04-13 14:56:46 +00:00
  • b62e31ea2a smte(4) kettenis 2026-04-13 12:20:13 +00:00
  • 6d57bcee83 Add smte(4), a driver for the ethernet interfaces of the SpacemiT K1 SoC. kettenis 2026-04-13 12:03:19 +00:00
  • d6aa72a3f7 Add clocks for pinctrl and ethernet. kettenis 2026-04-13 12:02:19 +00:00
  • 8030d57a83 Do not notify clients if not fully initialized, from Ben Maurer in GitHub issue 4980. nicm 2026-04-13 09:35:20 +00:00
  • 60b5b83d4a Add -C flag to command-prompt to match display-message -C (do not freeze panes). From Barrett Ruth in GitHub issue 4978. nicm 2026-04-13 09:33:09 +00:00
  • 3819564587 add smtpinctrl(4); ok kettenis@ jsg 2026-04-13 09:25:26 +00:00
  • 2f26fa0b01 Fix CCR ROAIPAddressFamily sort order job 2026-04-13 09:22:46 +00:00
  • 5118a09c2e When we detect stale TSB entries during a context switch, don't enter DDB but invalidate the stale entries and print a warning. kettenis 2026-04-13 09:10:14 +00:00
  • 7a7df3e9b7 Also show the duration of the current session through the ~I escape job 2026-04-13 08:18:33 +00:00
  • ef90b149a7 rpki-client: fix incorrect error exit in x509_get_time() tb 2026-04-13 03:36:10 +00:00
  • 380397a6e9 rpki-client: ignore malformed revocationDate in CRLs tb 2026-04-13 03:14:28 +00:00
  • 284b3d32c6 check the prefix (cidr) len for an allowedip is valid. dlg 2026-04-13 01:10:39 +00:00
  • 075934f685 mention inthid(4) and ispi(4) jsg 2026-04-13 01:09:07 +00:00
  • 63e9ba80cc add ispi(4) jsg 2026-04-13 01:05:49 +00:00
  • 086c5738bc These programs spin if they receive a RA from the local network with ND option with length 0. from Daniel Wade ok florian this will be errata 7.7/036_v6daemons.patch and 7.8/030_v6daemons.patch deraadt 2026-04-12 23:57:27 +00:00
  • ccd7c26414 drm/amd/display: Fix DCE LVDS handling jsg 2026-04-12 23:27:43 +00:00
  • 6bc9155911 drm/amd/pm: disable OD_FAN_CURVE if temp or pwm range invalid for smu v13 jsg 2026-04-12 23:23:52 +00:00
  • 5fabc9c165 drm/amdgpu/pm: drop SMU driver if version not matched messages jsg 2026-04-12 23:21:02 +00:00
  • 6d5bacc117 drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB jsg 2026-04-12 23:17:56 +00:00
  • a2c2f33e08 drm/amdgpu: validate doorbell_offset in user queue creation jsg 2026-04-12 23:14:28 +00:00
  • a8b9b58f9a drm/amdgpu: Fix wait after reset sequence in S4 jsg 2026-04-12 23:12:22 +00:00
  • bc80c61d81 drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP jsg 2026-04-12 23:10:19 +00:00
  • 464bd0571b drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode jsg 2026-04-12 23:08:00 +00:00
  • a97508759c drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() jsg 2026-04-12 23:05:35 +00:00
  • 3e4da3a243 drm/ioc32: stop speculation on the drm_compat_ioctl path jsg 2026-04-12 23:02:30 +00:00
  • dedd674940 Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" jsg 2026-04-12 23:00:13 +00:00
  • 8e156a5ebe pfr_pool_get() in call to pfr_prepare_network()must use af instead of hardcoded AF_INET sashan 2026-04-12 22:42:08 +00:00
  • 747740863c pf_frag_compare() should not be using subtraction to compare fragment IDs sashan 2026-04-12 22:34:19 +00:00
  • 32063577ec Fix error handling in pf_sourcelim_add() sashan 2026-04-12 22:29:15 +00:00