sync with OpenBSD -current

lib/libcrypto/Symbols.namespace

@@ -525,6 +525,7 @@ _libre_X509_STORE_new
 _libre_X509_STORE_free
 _libre_X509_STORE_up_ref
 _libre_X509_STORE_get0_objects
+_libre_X509_STORE_get1_objects
 _libre_X509_STORE_get_ex_data
 _libre_X509_STORE_set_ex_data
 _libre_X509_STORE_set_flags

lib/libcrypto/hidden/openssl/x509_vfy.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.6 2023/07/05 21:14:54 bcook Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.7 2024/02/23 10:39:07 tb Exp $ */
 /*
  * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
  *
@@ -40,6 +40,7 @@ LCRYPTO_USED(X509_STORE_new);
 LCRYPTO_USED(X509_STORE_free);
 LCRYPTO_USED(X509_STORE_up_ref);
 LCRYPTO_USED(X509_STORE_get0_objects);
+LCRYPTO_USED(X509_STORE_get1_objects);
 LCRYPTO_USED(X509_STORE_get_ex_data);
 LCRYPTO_USED(X509_STORE_set_ex_data);
 LCRYPTO_USED(X509_STORE_set_flags);

lib/libcrypto/x509/x509_lu.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_lu.c,v 1.62 2023/12/27 01:55:25 tb Exp $ */
+/* $OpenBSD: x509_lu.c,v 1.63 2024/02/23 10:39:07 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -246,6 +246,24 @@ X509_OBJECT_free(X509_OBJECT *a)
 }
 LCRYPTO_ALIAS(X509_OBJECT_free);
 
+static X509_OBJECT *
+x509_object_dup(const X509_OBJECT *obj)
+{
+	X509_OBJECT *copy;
+
+	if ((copy = X509_OBJECT_new()) == NULL) {
+		X509error(ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	copy->type = obj->type;
+	copy->data = obj->data;
+
+	X509_OBJECT_up_ref_count(copy);
+
+	return copy;
+}
+
 void
 X509_STORE_free(X509_STORE *store)
 {
@@ -785,6 +803,53 @@ X509_STORE_get0_objects(X509_STORE *xs)
 }
 LCRYPTO_ALIAS(X509_STORE_get0_objects);
 
+static STACK_OF(X509_OBJECT) *
+sk_X509_OBJECT_deep_copy(const STACK_OF(X509_OBJECT) *objs)
+{
+	STACK_OF(X509_OBJECT) *copy = NULL;
+	X509_OBJECT *obj = NULL;
+	int i;
+
+	if ((copy = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+		X509error(ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
+		if ((obj = x509_object_dup(sk_X509_OBJECT_value(objs, i))) == NULL)
+			goto err;
+		if (!sk_X509_OBJECT_push(copy, obj))
+			goto err;
+		obj = NULL;
+	}
+
+	return copy;
+
+ err:
+	X509_OBJECT_free(obj);
+	sk_X509_OBJECT_pop_free(copy, X509_OBJECT_free);
+
+	return NULL;
+}
+
+STACK_OF(X509_OBJECT) *
+X509_STORE_get1_objects(X509_STORE *store)
+{
+	STACK_OF(X509_OBJECT) *objs;
+
+	if (store == NULL) {
+		X509error(ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+	}
+
+	CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
+	objs = sk_X509_OBJECT_deep_copy(store->objs);
+	CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
+
+	return objs;
+}
+LCRYPTO_ALIAS(X509_STORE_get1_objects);
+
 void *
 X509_STORE_get_ex_data(X509_STORE *xs, int idx)
 {

lib/libcrypto/x509/x509_vfy.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.139 2024/01/10 17:31:28 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.140 2024/02/23 09:50:19 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -146,8 +146,6 @@ static int internal_verify(X509_STORE_CTX *ctx);
 static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
 static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err);
 
-int ASN1_time_tm_clamp_notafter(struct tm *tm);
-
 static int
 null_callback(int ok, X509_STORE_CTX *e)
 {

lib/libcrypto/x509/x509_vfy.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.64 2023/05/28 05:25:24 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.65 2024/02/23 10:39:07 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -293,6 +293,9 @@ int X509_STORE_up_ref(X509_STORE *x);
 STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
 STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *xs);
+#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
+STACK_OF(X509_OBJECT) *X509_STORE_get1_objects(X509_STORE *xs);
+#endif
 void *X509_STORE_get_ex_data(X509_STORE *xs, int idx);
 int X509_STORE_set_ex_data(X509_STORE *xs, int idx, void *data);
 

regress/sys/btcfi/Makefile

@@ -0,0 +1,22 @@
+#	$OpenBSD: Makefile,v 1.1 2024/02/23 21:33:51 kettenis Exp $
+
+.if ${MACHINE_ARCH} == "amd64" || ${MACHINE_ARCH} == "aarch64"
+
+PROG= foobar
+OBJS= foo.o
+
+.if ${MACHINE_ARCH} == "aarch64"
+NOBTCFI_CFLAGS= -mbranch-protection=none
+.else
+NOBTCFI_CFLAGS= -fcf-protection=none
+.endif
+
+foo.o: foo.c
+	${COMPILE.c} ${NOBTCFI_CFLAGS} ${.CURDIR}/foo.c -o foo.o
+
+.elif make(regress) || make(all)
+regress:
+	@echo Cannot run on ${MACHINE_ARCH}.
+	@echo SKIPPED
+.endif
+.include <bsd.regress.mk>

regress/sys/btcfi/foo.c

@@ -0,0 +1,6 @@
+/* Public domain */
+
+void
+foo(void)
+{
+}

regress/sys/btcfi/foobar.c

@@ -0,0 +1,34 @@
+/* Public domain */
+
+#include <signal.h>
+#include <stdlib.h>
+
+extern void foo(void);
+void (*foobar)(void) = foo;
+
+void
+bar(void)
+{
+	foobar();
+}
+
+void
+handler(int sig, siginfo_t *si, void *context)
+{
+	if (si->si_signo == SIGILL && si->si_code == ILL_BTCFI)
+		exit(0);
+}
+
+int
+main(void)
+{
+	struct sigaction sa;
+
+	sa.sa_sigaction = handler;
+	sa.sa_mask = 0;
+	sa.sa_flags = SA_SIGINFO;
+	sigaction(SIGILL, &sa, NULL);
+
+	bar();
+	exit(1);
+}

sys/arch/amd64/amd64/db_memrw.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: db_memrw.c,v 1.8 2017/04/30 13:04:49 mpi Exp $	*/
+/*	$OpenBSD: db_memrw.c,v 1.9 2024/02/23 18:19:02 cheloha Exp $	*/
 /*	$NetBSD: db_memrw.c,v 1.1 2003/04/26 18:39:27 fvdl Exp $	*/
 
 /*-
@@ -60,9 +60,9 @@
  * Read bytes from kernel address space for debugger.
  */
 void
-db_read_bytes(vaddr_t addr, size_t size, char *data)
+db_read_bytes(vaddr_t addr, size_t size, void *datap)
 {
-	char *src;
+	char *data = datap, *src;
 
 	src = (char *)addr;
 
@@ -160,10 +160,10 @@ db_write_text(vaddr_t addr, size_t size, char *data)
  * Write bytes to kernel address space for debugger.
  */
 void
-db_write_bytes(vaddr_t addr, size_t size, char *data)
+db_write_bytes(vaddr_t addr, size_t size, void *datap)
 {
 	extern char etext;
-	char *dst;
+	char *data = datap, *dst;
 
 	/* If any part is in kernel text, use db_write_text() */
 	if (addr >= KERNBASE && addr < (vaddr_t)&etext) {

sys/arch/arm/arm/db_interface.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: db_interface.c,v 1.20 2022/10/15 08:04:02 jsg Exp $	*/
+/*	$OpenBSD: db_interface.c,v 1.21 2024/02/23 18:19:02 cheloha Exp $	*/
 /*	$NetBSD: db_interface.c,v 1.34 2003/10/26 23:11:15 chris Exp $	*/
 
 /*
@@ -182,9 +182,9 @@ db_validate_address(vaddr_t addr)
  * Read bytes from kernel address space for debugger.
  */
 void
-db_read_bytes(vaddr_t addr, size_t size, char *data)
+db_read_bytes(vaddr_t addr, size_t size, void *datap)
 {
-	char	*src = (char *)addr;
+	char *data = datap, *src = (char *)addr;
 
 	if (db_validate_address((u_int)src)) {
 		db_printf("address %p is invalid\n", src);
@@ -301,11 +301,11 @@ db_write_text(vaddr_t addr, size_t size, char *data)
  * Write bytes to kernel address space for debugger.
  */
 void
-db_write_bytes(vaddr_t addr, size_t size, char *data)
+db_write_bytes(vaddr_t addr, size_t size, void *datap)
 {
 	extern char etext[];
 	extern char kernel_text[];
-	char *dst;
+	char *data = datap, *dst;
 	size_t loop;
 
 	/* If any part is in kernel text, use db_write_text() */

sys/arch/arm64/arm64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.104 2024/02/21 21:50:17 jsg Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.105 2024/02/23 21:52:12 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -938,10 +938,12 @@ cpu_attach(struct device *parent, struct device *dev, void *aux)
 		 * Lenovo X13s ships with broken EL2 firmware that
 		 * hangs the machine if we enable PAuth.
 		 */
-		if (hw_vendor && strcmp(hw_vendor, "LENOVO") == 0 &&
-		    hw_prod && strncmp(hw_prod, "21BX", 4) == 0) {
-			cpu_id_aa64isar1 &= ~ID_AA64ISAR1_APA_MASK;
-			cpu_id_aa64isar1 &= ~ID_AA64ISAR1_GPA_MASK;
+		if (hw_vendor && hw_prod && strcmp(hw_vendor, "LENOVO") == 0) {
+			if (strncmp(hw_prod, "21BX", 4) == 0 ||
+			    strncmp(hw_prod, "21BY", 4) == 0) {
+				cpu_id_aa64isar1 &= ~ID_AA64ISAR1_APA_MASK;
+				cpu_id_aa64isar1 &= ~ID_AA64ISAR1_GPA_MASK;
+			}
 		}
 
 		cpu_identify(ci);

sys/arch/arm64/arm64/db_interface.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: db_interface.c,v 1.14 2022/11/07 09:43:04 mpi Exp $	*/
+/*	$OpenBSD: db_interface.c,v 1.15 2024/02/23 18:19:03 cheloha Exp $	*/
 /*	$NetBSD: db_interface.c,v 1.34 2003/10/26 23:11:15 chris Exp $	*/
 
 /*
@@ -197,9 +197,9 @@ db_validate_address(vaddr_t addr)
  * Read bytes from kernel address space for debugger.
  */
 void
-db_read_bytes(vaddr_t addr, size_t size, char *data)
+db_read_bytes(vaddr_t addr, size_t size, void *datap)
 {
-	char	*src = (char *)addr;
+	char *data = datap, *src = (char *)addr;
 
 	if (db_validate_address((vaddr_t)src)) {
 		db_printf("address %p is invalid\n", src);
@@ -277,10 +277,10 @@ db_write_text(vaddr_t addr, size_t size, char *data)
  * Write bytes to kernel address space for debugger.
  */
 void
-db_write_bytes(vaddr_t addr, size_t size, char *data)
+db_write_bytes(vaddr_t addr, size_t size, void *datap)
 {
 	extern char etext[];
-	char *dst;
+	char *data = datap, *dst;
 	size_t loop;
 
 	/* If any part is in kernel text, use db_write_text() */

sys/arch/arm64/stand/efiboot/efiboot.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: efiboot.c,v 1.49 2024/02/04 18:44:23 kettenis Exp $	*/
+/*	$OpenBSD: efiboot.c,v 1.50 2024/02/23 21:52:12 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@@ -1121,12 +1121,14 @@ efi_fdt(void)
 	if (hw_vendor == NULL || hw_prod == NULL)
 		return fdt_sys;
 
-	if (strcmp(hw_vendor, "LENOVO") == 0 &&
-	    strncmp(hw_prod, "21BX", 4) == 0) {
-		fdt_load_override(FW_PATH
-		    "qcom/sc8280xp-lenovo-thinkpad-x13s.dtb");
-		/* TODO: find a better mechanism */
-		cnset(ttydev("fb0"));
+	if (strcmp(hw_vendor, "LENOVO") == 0) {
+		if (strncmp(hw_prod, "21BX", 4) == 0 ||
+		    strncmp(hw_prod, "21BY", 4) == 0) {
+			fdt_load_override(FW_PATH
+			    "qcom/sc8280xp-lenovo-thinkpad-x13s.dtb");
+			/* TODO: find a better mechanism */
+			cnset(ttydev("fb0"));
+		}
 	}
 
 	return fdt_override ? fdt_override : fdt_sys;

sys/arch/i386/i386/db_memrw.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: db_memrw.c,v 1.18 2020/09/23 15:13:26 deraadt Exp $	*/
+/*	$OpenBSD: db_memrw.c,v 1.19 2024/02/23 18:19:03 cheloha Exp $	*/
 /*	$NetBSD: db_memrw.c,v 1.6 1999/04/12 20:38:19 pk Exp $	*/
 
 /*
@@ -50,9 +50,9 @@
  * Read bytes from kernel address space for debugger.
  */
 void
-db_read_bytes(vaddr_t addr, size_t size, char *data)
+db_read_bytes(vaddr_t addr, size_t size, void *datap)
 {
-	char	*src;
+	char *data = datap, *src;
 
 	src = (char *)addr;
 	while (size-- > 0)
@@ -136,9 +136,9 @@ db_write_text(vaddr_t addr, size_t size, char *data)
  * Write bytes to kernel address space for debugger.
  */
 void
-db_write_bytes(vaddr_t addr, size_t size, char *data)
+db_write_bytes(vaddr_t addr, size_t size, void *datap)
 {
-	char	*dst;
+	char *data = datap, *dst;
 	extern char	etext;
 
 	if (addr >= VM_MIN_KERNEL_ADDRESS &&

sys/ddb/db_access.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: db_access.h,v 1.11 2020/01/20 15:58:23 visa Exp $	*/
+/*	$OpenBSD: db_access.h,v 1.12 2024/02/23 18:19:02 cheloha Exp $	*/
 /*	$NetBSD: db_access.h,v 1.6 1994/10/09 08:29:57 mycroft Exp $	*/
 
 /*
@@ -36,5 +36,5 @@
 db_expr_t db_get_value(vaddr_t, size_t, int);
 void db_put_value(vaddr_t, size_t, db_expr_t);
 
-void db_read_bytes(vaddr_t, size_t, char *);
-void db_write_bytes(vaddr_t, size_t, char *);
+void db_read_bytes(vaddr_t, size_t, void *);
+void db_write_bytes(vaddr_t, size_t, void *);

sys/kern/kern_timeout.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_timeout.c,v 1.96 2023/10/12 15:32:38 cheloha Exp $	*/
+/*	$OpenBSD: kern_timeout.c,v 1.97 2024/02/23 16:51:39 cheloha Exp $	*/
 /*
  * Copyright (c) 2001 Thomas Nordin <nordin@openbsd.org>
  * Copyright (c) 2000-2001 Artur Grabowski <art@openbsd.org>
@@ -271,6 +271,7 @@ timeout_set_flags(struct timeout *to, void (*fn)(void *), void *arg, int kclock,
     int flags)
 {
 	KASSERT(!ISSET(flags, ~(TIMEOUT_PROC | TIMEOUT_MPSAFE)));
+	KASSERT(kclock >= KCLOCK_NONE && kclock < KCLOCK_MAX);
 
 	to->to_func = fn;
 	to->to_arg = arg;
@@ -404,7 +405,7 @@ timeout_abs_ts(struct timeout *to, const struct timespec *abstime)
 	mtx_enter(&timeout_mutex);
 
 	KASSERT(ISSET(to->to_flags, TIMEOUT_INITIALIZED));
-	KASSERT(to->to_kclock != KCLOCK_NONE);
+	KASSERT(to->to_kclock == KCLOCK_UPTIME);
 
 	old_abstime = to->to_abstime;
 	to->to_abstime = *abstime;
@@ -750,10 +751,14 @@ softclock(void *arg)
 		CIRCQ_REMOVE(&to->to_list);
 		if (to == first_new)
 			new = 1;
-		if (to->to_kclock != KCLOCK_NONE)
-			softclock_process_kclock_timeout(to, new);
-		else
+		if (to->to_kclock == KCLOCK_NONE)
 			softclock_process_tick_timeout(to, new);
+		else if (to->to_kclock == KCLOCK_UPTIME)
+			softclock_process_kclock_timeout(to, new);
+		else {
+			panic("%s: invalid to_clock: %d",
+			    __func__, to->to_kclock);
+		}
 	}
 	tostat.tos_softclocks++;
 	needsproc = !CIRCQ_EMPTY(&timeout_proc);
@@ -951,26 +956,34 @@ db_show_timeout(struct timeout *to, struct circq *bucket)
 		where = "thread-mp";
 #endif
 	else {
-		if (to->to_kclock != KCLOCK_NONE)
+		if (to->to_kclock == KCLOCK_UPTIME)
 			wheel = timeout_wheel_kc;
-		else
+		else if (to->to_kclock == KCLOCK_NONE)
 			wheel = timeout_wheel;
+		else
+			goto invalid;
 		snprintf(buf, sizeof(buf), "%3ld/%1ld",
 		    (bucket - wheel) % WHEELSIZE,
 		    (bucket - wheel) / WHEELSIZE);
 		where = buf;
 	}
-	if (to->to_kclock != KCLOCK_NONE) {
+	if (to->to_kclock == KCLOCK_UPTIME) {
 		kc = &timeout_kclock[to->to_kclock];
 		timespecsub(&to->to_abstime, &kc->kc_lastscan, &remaining);
 		db_printf("%20s  %8s  %9s  0x%0*lx  %s\n",
 		    db_timespec(&remaining), db_kclock(to->to_kclock), where,
 		    width, (ulong)to->to_arg, name);
-	} else {
+	} else if (to->to_kclock == KCLOCK_NONE) {
 		db_printf("%20d  %8s  %9s  0x%0*lx  %s\n",
 		    to->to_time - ticks, "ticks", where,
 		    width, (ulong)to->to_arg, name);
-	}
+	} else
+		goto invalid;
+	return;
+
+ invalid:
+	db_printf("%s: timeout 0x%p: invalid to_kclock: %d",
+	    __func__, to, to->to_kclock);
 }
 
 void