OpenBSD cvs log

created	2020-04-25T18:10:24Z
begin	2020-04-23T00:00:00Z
end	2020-04-24T00:00:00Z
path	src/sys
commits	11

date	2020-04-23T02:54:51Z
author	deraadt
files	src/sys/arch/armv7/conf/RAMDISK	log	diff	annotate
message	Recent changes in usr/mdec require (substantial) growth of the ramdisk. ok jsg kettenis, testing by kmos also

date	2020-04-23T07:57:27Z
author	mpi
files	src/sys/uvm/uvmexp.h	log	diff	annotate
message	Document uvmexp.nswget without relying on implementation details. Prompted by a question from schwarze@ ok deraadt@, schwarze@, visa@

date	2020-04-23T11:13:47Z
author	jsg
files	src/sys/dev/pci/drm/amd/amdkfd/kfd_device.c	log	diff	annotate
message	drm/amdkfd: kfree the wrong pointer From Jack Zhang 044a884072b4313554d910b792f46c3e1f0099a5 in linux 4.19.y/4.19.118 3148a6a0ef3cf93570f30a477292768f7eb5d3c3 in mainline linux

date	2020-04-23T14:56:28Z
author	patrick
files	src/sys/dev/fdt/imxccm.c	log	diff	annotate
files	src/sys/dev/fdt/imxccm_clocks.h	log	diff	annotate
message	Add support for the i.MX8MM PCIe clocks. These behave exactly like the i.MX8MQ variant and sit in the same places.

date	2020-04-23T19:38:08Z
author	tobhe
files	src/sys/net/pfkeyv2.c	log	diff	annotate
	src/sys/net/pfkeyv2.h	log	diff	annotate
	src/sys/net/pfkeyv2_convert.c	log	diff	annotate
	src/sys/net/pfkeyv2_parsemessage.c	log	diff	annotate
	src/sys/netinet/ip_ipsp.c	log	diff	annotate
	src/sys/netinet/ip_ipsp.h	log	diff	annotate
	src/sys/netinet/ipsec_input.c	log	diff	annotate
message	Add support for autmatically moving traffic between rdomains on ipsec(4) encryption or decryption. This allows us to keep plaintext and encrypted network traffic seperated and reduces the attack surface for network sidechannel attacks. The only way to reach the inner rdomain from outside is by successful decryption and integrity verification through the responsible Security Association (SA). The only way for internal traffic to get out is getting encrypted and moved through the outgoing SA. Multiple plaintext rdomains can share the same encrypted rdomain while the unencrypted packets are still kept seperate. The encrypted and unencrypted rdomains can have different default routes. The rdomains can be configured with the new SADB_X_EXT_RDOMAIN pfkey extension. Each SA (tdb) gets a new attribute 'tdb_rdomain_post'. If this differs from 'tdb_rdomain' then the packet is moved to 'tdb_rdomain_post' afer IPsec processing. Flows and outgoing IPsec SAs are installed in the plaintext rdomain, incoming IPsec SAs are installed in the encrypted rdomain. IPCOMP SAs are always installed in the plaintext rdomain. They can be viewed with 'route -T X exec ipsecctl -sa' where X is the rdomain ID. As the kernel does not create encX devices automatically when creating rdomains they have to be added by hand with ifconfig for IPsec to work in non-default rdomains. discussed with chris@ and kn@ ok markus@, patrick@

date	2020-04-23T19:38:09Z
author	tobhe
files	src/sys/netinet/ipsec_output.c	log	diff	annotate
message	Add support for autmatically moving traffic between rdomains on ipsec(4) encryption or decryption. This allows us to keep plaintext and encrypted network traffic seperated and reduces the attack surface for network sidechannel attacks. The only way to reach the inner rdomain from outside is by successful decryption and integrity verification through the responsible Security Association (SA). The only way for internal traffic to get out is getting encrypted and moved through the outgoing SA. Multiple plaintext rdomains can share the same encrypted rdomain while the unencrypted packets are still kept seperate. The encrypted and unencrypted rdomains can have different default routes. The rdomains can be configured with the new SADB_X_EXT_RDOMAIN pfkey extension. Each SA (tdb) gets a new attribute 'tdb_rdomain_post'. If this differs from 'tdb_rdomain' then the packet is moved to 'tdb_rdomain_post' afer IPsec processing. Flows and outgoing IPsec SAs are installed in the plaintext rdomain, incoming IPsec SAs are installed in the encrypted rdomain. IPCOMP SAs are always installed in the plaintext rdomain. They can be viewed with 'route -T X exec ipsecctl -sa' where X is the rdomain ID. As the kernel does not create encX devices automatically when creating rdomains they have to be added by hand with ifconfig for IPsec to work in non-default rdomains. discussed with chris@ and kn@ ok markus@, patrick@

date	2020-04-23T19:48:26Z
author	patrick
files	src/sys/dev/fdt/dwpcie.c	log	diff	annotate
message	Since apparently the bikeshedding over i.MX8M PCIe device tree bindings still hasn't resulted in an upstream commit in Linux, accept the ext_osc attribute if ext_osc exists without a value, or if it has a value greater zero. This improves compatibility with various device trees.

date	2020-04-23T19:50:52Z
author	patrick
files	src/sys/dev/fdt/dwpcie.c	log	diff	annotate
message	Enable pcie_aux in addition to the other PCIe clocks on i.MX8M.

date	2020-04-23T21:28:10Z
author	jmc
files	src/sys/arch/alpha/stand/setnetbootinfo/setnetbootinfo.8	log	diff	annotate
files	src/sys/arch/sgi/stand/sgivol/sgivol.8	log	diff	annotate
message	ce examples of "Ar arg Ar arg" with "Ar arg arg" and stop the spread;

date	2020-04-23T22:14:49Z
author	patrick
files	src/sys/arch/armv7/imx/files.imx	log	diff	annotate
	src/sys/arch/armv7/imx/Attic/imxehci.c	log	diff	annotate
	src/sys/dev/fdt/files.fdt	log	diff	annotate
	src/sys/dev/fdt/imxehci.c	log	diff	annotate
message	Move imxehci(4) to sys/dev/fdt. ok kettenis@

date	2020-04-23T22:16:10Z
author	patrick
files	src/sys/arch/arm64/conf/GENERIC	log	diff	annotate
files	src/sys/arch/arm64/conf/RAMDISK	log	diff	annotate
message	Enable imxehci(4). ok kettenis@