OpenBSD cvs log

created 2023-04-30T19:21:53Z
begin 2023-04-24T00:00:00Z
end 2023-04-25T00:00:00Z
path src/sys
commits 11

date 2023-04-24T01:33:32Z
author dlg
files src/sys/dev/fdt/if_dwqe_fdt.c log diff annotate
src/sys/dev/ic/dwqe.c log diff annotate
src/sys/dev/ic/dwqevar.h log diff annotate
message handle fixed-link configuration in the device tree.

if fixed-link is present, populate the interface baudrate and link
status (full duplex or half duplex), and then call the statch handler
to apply that config to the MAC. if fixed-link is specified then
do not attach a phy.

note that phy lookup and reset still occurs in case the device tree
still uses the deprecated snps,reset-gpio properties. the fixed
link port on the bpi r2 pro is connected to a switch chip (which
is not really a phy) that needs needs a reset provided by the
snps,reset-gpio handling. an improved device tree would have the
reset properties on the switch node so it could do its own reset,
but we can't have nice things can we?

tested on a nanopi r5s, which has a phy but no fixed-link config,
and a banana pi bpi-r2 pro, which has both (cos it has two dwqes,
one with a phy and one without).

date 2023-04-24T09:04:03Z
author dv
files src/sys/arch/amd64/amd64/acpi_machdep.c log diff annotate
src/sys/arch/amd64/amd64/cpu.c log diff annotate
src/sys/arch/amd64/amd64/hibernate_machdep.c log diff annotate
message Toggle IBT off during amd64 hibernate before dropping to real mode.

Hibernate on IBT-capable MP systems broke when trying to quiesce
cpus. Instead of finding the locations of endbr64 in the asm indirect
jumps in acpi_wakecode.S, simply disable CR4.CET beforehand and
re-enable on resume.

This will also disable shadowstack, but there are no plans to use it.

"this approach is fine" deraadt@

date 2023-04-24T09:18:55Z
author jmatthew
files src/sys/dev/pci/if_aq_pci.c log diff annotate
message Add initial support for Atlantic 2 hardware. Atlantic 2 has
much more complicated rx processing, and here we're doing the
bare minimum to get packets moving. RSS is not implemented yet,
vlans and multicast (among others) probably don't work yet either.

tested by kettenis@ on an M2 Mac Mini, and by me on an AQC113
card provided by Brad
ok dlg@

date 2023-04-24T09:20:09Z
author mvs
files src/sys/kern/uipc_socket.c log diff annotate
message Don't check `so_sp' within sofree(). The following isspliced() and
issplicedback() already have this check.

ok bluhm@

date 2023-04-24T10:22:06Z
author kettenis
files src/sys/kern/kern_exec.c log diff annotate
message Abuse the wxallowed flag to decide whether we should enforce branch target
or not. The idea is that since /usr/local has wxallowed by default this
will enable enforcement for base while leaving ports alone for now. This
will help us transition to a state where ports are properly marked and
allow us to establish that base is really clean.

Also add an exception for chrome. Chrome already appears to be clean on
arm64 and this exception can be easily modified for testing other ports.

This will screw over people that deliberately disable wxallowed on
/usr/local or who don't have a separate partition for /usr/local. We
think that is an acceptable compromise for the next months.

ok robert@, deraadt@ (who came up with the idea)

date 2023-04-24T10:22:48Z
author kettenis
files src/sys/arch/arm64/arm64/machdep.c log diff annotate
message Enable branch target control flow enforcement on arm64.

ok robert@, deraadt@

date 2023-04-24T12:11:56Z
author kn
files src/sys/netinet/in.c log diff annotate
message Hoist privilege checks further

in6.c already has the privilege check as early as possible, make in.c match.

For unprivileged IPv4 ioctl calls with invalid args, this changes errno from
E* to EPERM.

OK bluhm

date 2023-04-24T14:34:13Z
author patrick
files src/sys/dev/fdt/qcpon.c log diff annotate
message Update qcpon(4) compatibles to match on qcom,pmk8350-pon, which is the updated
binding in Linux 6.3 device trees. While there, remove retrieving the register
address, as the new binding has an additional register with doesn't work with
a single OF_getpropint(), and since we're not using it we don't need to keep it
around.

date 2023-04-24T15:15:00Z
author patrick
files src/sys/dev/fdt/dwpcie.c log diff annotate
message Enable MSI if the node contains an msi-map, like we already do in pciecam(4).
This will make MSIs work on the Lenovo x13s as soon as an updated device tree
is installed.

Discussed with kettenis@

date 2023-04-24T16:46:43Z
author beck
files src/sys/kern/vfs_bio.c log diff annotate
message Remove recursive spl grabbing in vfs_bio.c

in preparation for improvements.

ok claudio@

date 2023-04-24T16:53:57Z
author dv
files src/sys/arch/amd64/amd64/Attic/vmm.c log diff annotate
message vmm(4): allow guests to enable and use supervisor IBT.

Why should hosts have all the fun? Conditionally unmask the cpuid
bits for IBT and allow r/w access to the supervisor CET msr.

Will need revisiting when we introduce usage of userland CET msr.

ok marlkin@