sync with OpenBSD -current

distrib/notes/amd64/features

@@ -1,4 +1,4 @@
-dnl	$OpenBSD: features,v 1.4 2023/10/05 11:58:34 kn Exp $
+dnl	$OpenBSD: features,v 1.5 2024/09/17 10:13:50 jsg Exp $
 dnl
 dnl This file lists almost all the conditional features of this port,
 dnl which are used to provide accurate installation notes.
@@ -6,7 +6,7 @@ dnl
 dnl Information about the installer script features should be in sync with
 dnl	src/distrib/amd64/common/install.md
 dnl and the list files in
-dnl	src/distrib/amd64/{common/list,ramdisk_cd/list.local}
+dnl	src/distrib/amd64/{ramdiskA,ramdisk_cd}/list
 dnl
 dnl ====
 dnl

distrib/notes/i386/features

@@ -1,4 +1,4 @@
-dnl	$OpenBSD: features,v 1.4 2023/10/05 11:58:34 kn Exp $
+dnl	$OpenBSD: features,v 1.5 2024/09/17 10:13:50 jsg Exp $
 dnl
 dnl This file lists almost all the conditional features of this port,
 dnl which are used to provide accurate installation notes.
@@ -6,7 +6,7 @@ dnl
 dnl Information about the installer script features should be in sync with
 dnl	src/distrib/i386/common/install.md
 dnl and the list files in
-dnl	src/distrib/i386/{common/list,ramdiskC/list.local,ramdisk_cd/list.local}
+dnl	src/distrib/i386/{ramdisk,ramdisk_cd}/list
 dnl
 dnl ====
 dnl

lib/libc/sys/pledge.2

@@ -1,4 +1,4 @@
-.\" $OpenBSD: pledge.2,v 1.69 2023/10/30 06:11:04 jmc Exp $
+.\" $OpenBSD: pledge.2,v 1.70 2024/09/17 12:53:15 deraadt Exp $
 .\"
 .\" Copyright (c) 2015 Nicholas Marriott <nicm@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 30 2023 $
+.Dd $Mdocdate: September 17 2024 $
 .Dt PLEDGE 2
 .Os
 .Sh NAME
@@ -174,7 +174,6 @@ As a result, all the expected functionalities of libc stdio work.
 .Xr fstat 2 ,
 .Xr fsync 2 ,
 .Xr ftruncate 2 ,
-.Xr getdents 2 ,
 .Xr getdtablecount 2 ,
 .Xr getegid 2 ,
 .Xr getentropy 2 ,
@@ -236,10 +235,11 @@ As a result, all the expected functionalities of libc stdio work.
 .Xr writev 2
 .It Cm rpath
 A number of system calls are allowed if they only cause
-read-only effects on the filesystem:
+read-only effects on the filesystem, or expose filenames to programs:
 .Pp
 .Xr chdir 2 ,
 .Xr getcwd 3 ,
+.Xr getdents 2 ,
 .Xr openat 2 ,
 .Xr fstatat 2 ,
 .Xr faccessat 2 ,

regress/lib/libcrypto/c2sp/Makefile

@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.2 2023/12/17 08:32:26 tb Exp $
+# $OpenBSD: Makefile,v 1.3 2024/09/17 06:12:06 tb Exp $
 
 C2SP_TESTVECTORS = /usr/local/share/c2sp-testvectors/
 
@@ -18,7 +18,7 @@ cctv: cctv.go
 OSSL_LIB =	/usr/local/lib/eopenssl
 OSSL_INC =	/usr/local/include/eopenssl
 
-. for V in 11 31 32
+. for V in 11 32 33
 .  if exists(/usr/local/bin/eopenssl$V)
 PROGS +=	cctv-openssl$V
 SRCS_cctv-openssl$V =

regress/lib/libssl/tlsfuzzer/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.6 2022/07/18 09:17:44 tb Exp $
+#	$OpenBSD: Makefile,v 1.7 2024/09/17 08:47:37 tb Exp $
 
 .if !exists(/usr/local/share/tlsfuzzer)
 regress:
@@ -14,6 +14,10 @@ localhost.key localhost.crt:
 
 certs: localhost.key localhost.crt
 
+start-server:	certs
+	openssl s_server -accept 4433 -groups X25519:P-256:P-521:P-384 \
+		-key localhost.key -cert localhost.crt -www
+
 CLEANFILES	+= localhost.key localhost.crt
 
 PORT		?= 4433
@@ -40,7 +44,7 @@ list-failing:
 missing:
 	@python3 ${.CURDIR}/tlsfuzzer.py -m
 
-.PHONY: all certs failing list list-failing missing port
+.PHONY: all certs failing list list-failing missing port start-server
 
 .endif
 

share/man/man4/psp.4

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: psp.4,v 1.2 2024/09/04 14:24:10 jsg Exp $
+.\"	$OpenBSD: psp.4,v 1.4 2024/09/17 04:12:57 jsg Exp $
 .\"
 .\" Copyright (c) 2024 Jonathan Gray <jsg@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 4 2024 $
+.Dd $Mdocdate: September 17 2024 $
 .Dt PSP 4
 .Os
 .Sh NAME
@@ -26,11 +26,330 @@
 The
 .Nm
 driver provides an interface to the AMD Platform Security Processor.
+The interface can be accessed through the
+.Xr ioctl 2
+interface exposed by
+.Pa /dev/psp .
+.Pp
+.Xr vmd 8
+uses
+.Nm
+to configure and launch SEV-enabled guests.
+.Sh IOCTL INTERFACE
+The
+.Xr ioctl 2
+command codes below are defined in
+.In dev/ic/pspvar.h .
+.Bl -tag -width xxxxxx
+.It Dv PSP_IOC_GET_PSTATUS  Fa "struct psp_platform_status *pspst"
+Collect the current status of the platform.
+.Bd -literal
+struct psp_platform_status {
+	/* Output parameters from PSP_CMD_PLATFORMSTATUS */
+	uint8_t			api_major;
+	uint8_t			api_minor;
+	uint8_t			state;
+	uint8_t			owner;
+	uint32_t		cfges_build;
+	uint32_t		guest_count;
+} __packed;
+.Ed
+.Pp
+.Va api_major
+and
+.Va api_minor
+indicate the PSP firmware version.
+.Pp
+The current platform state is indicated by
+.Va state .
+The following values are defined:
+.Bl -tag -width PSP_PSTATE_WORKING -compact
+.It PSP_PSTATE_UNINIT
+The platform is uninitialized.
+.It PSP_PSTATE_INIT
+The platform is initialized but not managing any guests.
+.It PSP_PSTATE_WORKING
+The platform is initialized and currently managing guests.
+.El
+.Pp
+.Va owner
+indicates whether the platform is self-owned or externally owned.
+.Pp
+Bit 0 of
+.Va cfgs_build
+indicates whether SEV-ES is configured on the platform or not.
+Bits 31:24 indicate the firmware build ID.
+.Pp
+.Va guest_count
+indicates the number of valid guests currently maintained by the
+firmware.
+.It Dv PSP_IOC_DF_FLUSH
+This command flushes all write buffers of the CPU's data fabric.
+It must be invoked after deactivating one or more guests with
+.Dv PSP_IOC_DEACTIVATE .
+.It Dv PSP_IOC_DECOMMISSION Fa "struct psp_decommission *pspdec"
+Deletes all guest context of the guest identified by
+.Va handle .
+.Bd -literal
+struct psp_decommission {
+	/* Input parameter for PSP_CMD_DECOMMISSION */
+	uint32_t		handle;
+} __packed;
+.Ed
+.It Dv PSP_IOC_GET_GSTATUS
+Retrieves status information about an SEV-enabled guest identified by
+.Va handle .
+.Bd -literal
+struct psp_guest_status {
+	/* Input parameter for PSP_CMD_GUESTSTATUS */
+	uint32_t		handle;
+
+	/* Output parameters from PSP_CMD_GUESTSTATUS */
+	uint32_t		policy;
+	uint32_t		asid;
+	uint8_t			state;
+} __packed;
+.Ed
+.Pp
+.Va policy
+indicates the policy used for this guest.
+.Va asid
+indicates the guest's address space identifier (ASID).
+.Pp
+The state of the guest is indicated by
+.Va state .
+The following values are defined:
+.Bl -tag -width PSP_GSTATE_RUNNING -compact
+.It PSP_GSTATE_UNINIT
+The guest is uninitialized.
+.It PSP_GSTATE_LUPDATE
+The guest is currently being launched and plaintext data is imported.
+.It PSP_GSTATE_LSECRET
+The guest is currently being launched and ciphertext data is imported.
+.It PSP_GSTATE_RUNNING
+The guest is fully launched.
+.It PSP_GSTATE_SUPDATE
+The guest is migrated to another machine.
+.It PSP_GSTATE_RUPDATE
+The guest is migrated from another machine.
+.It PSP_GSTATE_SENT
+Thee guest has bin migrated to another machine.
+.El
+.It Dv PSP_IOC_LAUNCH_START
+This command encrypts a guest's memory.
+.Bd -literal
+struct psp_launch_start {
+	/* Input/Output parameter for PSP_CMD_LAUNCH_START */
+	uint32_t		handle;
+
+	/* Input parameters for PSP_CMD_LAUNCH_START */
+	uint32_t		policy;
+
+	/* The following input parameters are not used yet */
+	uint64_t		dh_cert_paddr;
+	uint32_t		dh_cert_len;
+	uint32_t		reserved;
+	uint64_t		session_paddr;
+	uint32_t		session_len;
+} __packed;
+.Ed
+.Pp
+If
+.Va handle
+is zero, a new key is created.
+A unique handle is assigned to the guest and returned in
+.Va handle .
+.Pp
+.Va policy
+specifies the policy used for that guest.
+.Pp
+.Va dh_cert_paddr ,
+.Va dh_cert len ,
+.Va session_paddr
+and
+.Va session_len
+are currently not used.
+.It Dv PSP_IOC_LAUNCH_UPDATE_DATA
+This command encrypts data of the guest identified by
+.Va handle .
+.Bd -literal
+struct psp_launch_update_data {
+	/* Input parameters for PSP_CMD_LAUNCH_UPDATE_DATA */
+	uint32_t		handle;
+	uint32_t		reserved;
+	uint64_t		paddr;
+	uint32_t		length;
+} __packed;
+.Ed
+.Pp
+.Va paddr
+and
+.Va length
+specify the address and length of the data to be encrypted.
+Both values must be a multiple of 16 bytes.
+.It Dv PSP_IOC_LAUNCH_MEASURE
+This commands generates a measurement of the guest's memory.
+The guest is identified by
+.Va handle .
+.Bd -literal
+struct psp_measure {
+	/* Output buffer for PSP_CMD_LAUNCH_MEASURE */
+	uint8_t			measure[32];
+	uint8_t			measure_nonce[16];
+} __packed;
+
+struct psp_launch_measure {
+	/* Input parameters for PSP_CMD_LAUNCH_MEASURE */
+	uint32_t		handle;
+	uint32_t		reserved;
+	uint64_t		measure_paddr;
+
+	/* Input/output parameter for PSP_CMD_LAUNCH_MEASURE */
+	uint32_t		measure_len;
+	uint32_t		padding;
+
+	/* Output buffer from PSP_CMD_LAUNCH_MEASURE */
+	struct psp_measure	psp_measure;	/* 64bit aligned */
+#define measure		psp_measure.measure
+#define measure_nonce	psp_measure.measure_nonce
+} __packed;
+.Ed
+.Pp
+.Va measure_paddr
+is currently not used and
+.Va measure_len
+must always be
+.Li sizeof(struct psp_measure) .
+.Pp
+.Va psp_measure
+contains the buffers
+.Va measure
+and
+.Va measure_nonce .
+These contain the measurement and nonce generated by the PSP.
+.It Dv PSP_IOC_LAUNCH_FINISH
+This command finalizes the launch of the guest identified by
+.Va handle .
+.Bd -literal
+struct psp_launch_finish {
+	/* Input parameter for PSP_CMD_LAUNCH_FINISH */
+	uint32_t		handle;
+} __packed;
+.Ed
+.It Dv PSP_IOC_ATTESTATION
+This command generates an attestation report signed by the PSP with
+a platform specific key.
+.Bd -literal
+struct psp_report {
+	/* Output buffer for PSP_CMD_ATTESTATION */
+	uint8_t			report_nonce[16];
+	uint8_t			report_launch_digest[32];
+	uint32_t		report_policy;
+	uint32_t		report_sig_usage;
+	uint32_t		report_sig_algo;
+	uint32_t		reserved2;
+	uint8_t			report_sig1[144];
+} __packed;
+
+struct psp_attestation {
+	/* Input parameters for PSP_CMD_ATTESTATION */
+	uint32_t		handle;
+	uint32_t		reserved;
+	uint64_t		attest_paddr;
+	uint8_t			attest_nonce[16];
+
+	/* Input/output parameter from PSP_CMD_ATTESTATION */
+	uint32_t		attest_len;
+	uint32_t		padding;
+
+	/* Output parameter from PSP_CMD_ATTESTATION */
+	struct psp_report	psp_report;	/* 64bit aligned */
+#define report_nonce		psp_report.report_nonce
+#define report_launch_digest	psp_report.report_launch_digest
+#define report_policy		psp_report.report_policy
+#define report_sig_usage	psp_report.report_sig_usage;
+#define report_report_sig_alg	psp_report.report_sig_algo;
+#define report_report_sig1	psp_report.report_sig1;
+} __packed;
+.Ed
+.Pp
+.Va handle
+identifies the guest.
+.Va attest_paddr
+is currently not used.
+.Va attest_nonce
+is the nonce returned by a previous
+.Dv PSP_IOC_LAUNCH_MEASURE
+command.
+.Va attest_len
+must always be
+.Li sizeof(struct psp_report) .
+.Pp
+The attestation report is returned in
+.Va psp_report .
+The format of the report is defined by
+.Li struct psp_report .
+.It Dv PSP_IOC_ACTIVATE
+This commands associates the context of the guest identified by
+.Va handle
+with the address space identifier provided in
+.Va asid .
+.Bd -literal
+struct psp_activate {
+	/* Input parameters for PSP_CMD_ACTIVATE */
+	uint32_t		handle;
+	uint32_t		asid;
+} __packed;
+.Ed
+.It Dv PSP_IOC_DEACTIVATE
+This command dissociates the context of the guest identified by
+.Va handle
+from its current the address space identifier.
+.Bd -literal
+struct psp_deactivate {
+	/* Input parameter for PSP_CMD_DEACTIVATE */
+	uint32_t		handle;
+} __packed;
+.Ed
+.It Dv PSP_IOC_SNP_GET_PSTATUS
+This command returns the state of a SEV-SNP enabled platform.
+.Bd -literal
+struct psp_snp_platform_status {
+	uint8_t			api_major;
+	uint8_t			api_minor;
+	uint8_t			state;
+	uint8_t			is_rmp_init;
+	uint32_t		build;
+	uint32_t		features;
+	uint32_t		guest_count;
+	uint64_t		current_tcb;
+	uint64_t		reported_tcb;
+} __packed;
+.Ed
+.It Dv PSP_IOC_GUEST_SHUTDOWN
+This command shuts down a guest identified by
+.Va handle .
+.Bd -literal
+struct psp_guest_shutdown {
+	/* Input parameter for PSP_CMD_GUEST_SHUTDOWN */
+	uint32_t		handle;
+} __packed;
+.Ed
+.Pp
+The command combines
+.Dv PSP_IOC_DEACTIVATE
+and
+.Dv PSP_IOC_DECOMMISSION
+in a single
+.Xr ioctl 2
+call.
+.El
 .Sh FILES
 .Bl -tag -width /dev/psp
 .It Pa /dev/psp
 .El
 .Sh SEE ALSO
+.Xr ioctl 2 ,
 .Xr ccp 4 ,
 .Xr vmd 8
 .Rs

sys/conf/GENERIC

@@ -1,4 +1,4 @@
-#	$OpenBSD: GENERIC,v 1.297 2024/08/31 04:17:14 dlg Exp $
+#	$OpenBSD: GENERIC,v 1.298 2024/09/17 13:45:49 jsg Exp $
 #
 #	Machine-independent option; used by all architectures for their
 #	GENERIC kernel
@@ -16,7 +16,7 @@ option		KMEMSTATS	# collect malloc(9) statistics
 option		PTRACE		# ptrace(2) system call
 
 #option		KVA_GUARDPAGES	# slow virtual address recycling (+ guarding)
-option		POOL_DEBUG	# pool corruption detection
+#option		POOL_DEBUG	# pool corruption detection
 #option		VFSLCKDEBUG	# VFS locking checks
 
 option		CRYPTO		# Cryptographic framework

sys/conf/newvers.sh

@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: newvers.sh,v 1.204 2024/08/07 15:59:24 deraadt Exp $
+#	$OpenBSD: newvers.sh,v 1.205 2024/09/17 13:39:17 deraadt Exp $
 #	$NetBSD: newvers.sh,v 1.17.2.1 1995/10/12 05:17:11 jtc Exp $
 #
 # Copyright (c) 1984, 1986, 1990, 1993
@@ -71,9 +71,9 @@ ost="SecBSD"
 osr="1.6"
 
 cat >vers.c <<eof
-#define STATUS "-beta"			/* just before a release */
-#if 0
 #define STATUS ""			/* release */
+#if 0
+#define STATUS "-beta"			/* just before a release */
 #define STATUS "-current"		/* just after a release */
 #define STATUS "-stable"		/* stable branch */
 #endif

sys/dev/pci/nvme_pci.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nvme_pci.c,v 1.11 2024/05/24 06:02:58 jsg Exp $ */
+/*	$OpenBSD: nvme_pci.c,v 1.12 2024/09/18 00:03:19 jmatthew Exp $ */
 
 /*
  * Copyright (c) 2014 David Gwynne <dlg@openbsd.org>
@@ -73,10 +73,6 @@ nvme_pci_match(struct device *parent, void *match, void *aux)
 	return (0);
 }
 
-static const struct pci_matchid nvme_msi_blacklist[] = {
-	{ PCI_VENDOR_INTEL,	PCI_PRODUCT_INTEL_OPTANE },
-};
-
 void
 nvme_pci_attach(struct device *parent, struct device *self, void *aux)
 {
@@ -92,9 +88,6 @@ nvme_pci_attach(struct device *parent, struct device *self, void *aux)
 
 	printf(": ");
 
-	if (pci_matchbyid(pa, nvme_msi_blacklist, nitems(nvme_msi_blacklist)))
-		CLR(pa->pa_flags, PCI_FLAGS_MSI_ENABLED);
-
 	maptype = pci_mapreg_type(pa->pa_pc, pa->pa_tag, NVME_PCI_BAR);
 	if (pci_mapreg_map(pa, NVME_PCI_BAR, maptype, 0,
 	    &sc->sc_iot, &sc->sc_ioh, NULL, &sc->sc_ios, 0) != 0) {

sys/dev/pv/if_vio.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vio.c,v 1.54 2024/09/04 09:12:55 sf Exp $	*/
+/*	$OpenBSD: if_vio.c,v 1.55 2024/09/17 09:00:14 sf Exp $	*/
 
 /*
  * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@@ -317,8 +317,9 @@ void	vio_iff(struct vio_softc *);
 int	vio_media_change(struct ifnet *);
 void	vio_media_status(struct ifnet *, struct ifmediareq *);
 int	vio_ctrleof(struct virtqueue *);
-int	vio_wait_ctrl(struct vio_softc *sc);
-int	vio_wait_ctrl_done(struct vio_softc *sc);
+int	vio_ctrl_start(struct vio_softc *, uint8_t, uint8_t, int, int *);
+int	vio_ctrl_submit(struct vio_softc *, int);
+void	vio_ctrl_finish(struct vio_softc *);
 void	vio_ctrl_wakeup(struct vio_softc *, enum vio_ctrl_state);
 int	vio_alloc_mem(struct vio_softc *);
 int	vio_alloc_dmamem(struct vio_softc *);
@@ -1483,6 +1484,111 @@ vio_tx_drain(struct vio_softc *sc)
 /*
  * Control vq
  */
+
+/*
+ * Lock the control queue and the sc_ctrl_* structs and prepare a request.
+ *
+ * If this function succeeds, the caller must also call either
+ * vio_ctrl_submit() or virtio_enqueue_abort(), in both cases followed by
+ * vio_ctrl_finish().
+ */
+int
+vio_ctrl_start(struct vio_softc *sc, uint8_t class, uint8_t cmd, int nslots,
+    int *slotp)
+{
+	struct virtio_softc *vsc = sc->sc_virtio;
+	struct virtqueue *vq = sc->sc_ctl_vq;
+	int r;
+
+	splassert(IPL_NET);
+
+	while (sc->sc_ctrl_inuse != FREE) {
+		if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc))
+			return ENXIO;
+		r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viowait", INFSLP);
+		if (r != 0)
+			return r;
+	}
+	sc->sc_ctrl_inuse = INUSE;
+
+	sc->sc_ctrl_cmd->class = class;
+	sc->sc_ctrl_cmd->command = cmd;
+
+	r = virtio_enqueue_prep(vq, slotp);
+	if (r != 0)
+		panic("%s: %s virtio_enqueue_prep: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
+	r = virtio_enqueue_reserve(vq, *slotp, nslots + 2);
+	if (r != 0)
+		panic("%s: %s virtio_enqueue_reserve: control vq busy",
+		    sc->sc_dev.dv_xname, __func__);
+
+	vio_dmamem_enqueue(vsc, sc, vq, *slotp, sc->sc_ctrl_cmd,
+	    sizeof(*sc->sc_ctrl_cmd), 1);
+
+	return 0;
+}
+
+/*
+ * Submit a control queue request and wait for the result.
+ *
+ * vio_ctrl_start() must have been called successfully.
+ * After vio_ctrl_submit(), the caller may inspect the
+ * data returned from the hypervisor. Afterwards, the caller
+ * must always call vio_ctrl_finish().
+ */
+int
+vio_ctrl_submit(struct vio_softc *sc, int slot)
+{
+	struct virtio_softc *vsc = sc->sc_virtio;
+	struct virtqueue *vq = sc->sc_ctl_vq;
+	int r;
+
+	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status,
+	    sizeof(*sc->sc_ctrl_status), 0);
+
+	virtio_enqueue_commit(vsc, vq, slot, 1);
+
+	while (sc->sc_ctrl_inuse != DONE) {
+		if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc))
+			return ENXIO;
+		r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viodone",
+		    VIRTIO_NET_CTRL_TIMEOUT);
+		if (r != 0) {
+			if (r == EWOULDBLOCK)
+				printf("%s: ctrl queue timeout\n",
+				    sc->sc_dev.dv_xname);
+			vio_ctrl_wakeup(sc, RESET);
+			return ENXIO;
+		}
+	}
+
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
+	    sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
+	    sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD);
+
+	if (sc->sc_ctrl_status->ack != VIRTIO_NET_OK)
+		return EIO;
+
+	return 0;
+}
+
+/*
+ * Unlock the control queue and the sc_ctrl_* structs.
+ *
+ * It is ok to call this function if the control queue is marked dead
+ * due to a fatal error.
+ */
+void
+vio_ctrl_finish(struct vio_softc *sc)
+{
+	if (sc->sc_ctrl_inuse == RESET)
+		return;
+
+	vio_ctrl_wakeup(sc, FREE);
+}
+
 /* issue a VIRTIO_NET_CTRL_RX class command and wait for completion */
 int
 vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff)
@@ -1491,51 +1597,24 @@ vio_ctrl_rx(struct vio_softc *sc, int cmd, int onoff)
 	struct virtqueue *vq = sc->sc_ctl_vq;
 	int r, slot;
 
-	splassert(IPL_NET);
-
-	if ((r = vio_wait_ctrl(sc)) != 0)
+	r = vio_ctrl_start(sc, VIRTIO_NET_CTRL_RX, cmd, 1, &slot);
+	if (r != 0)
 		return r;
 
-	sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_RX;
-	sc->sc_ctrl_cmd->command = cmd;
 	sc->sc_ctrl_rx->onoff = onoff;
 
-	r = virtio_enqueue_prep(vq, &slot);
-	if (r != 0)
-		panic("%s: %s virtio_enqueue_prep: control vq busy",
-		    sc->sc_dev.dv_xname, __func__);
-	r = virtio_enqueue_reserve(vq, slot, 3);
-	if (r != 0)
-		panic("%s: %s virtio_enqueue_reserve: control vq busy",
-		    sc->sc_dev.dv_xname, __func__);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd,
-	    sizeof(*sc->sc_ctrl_cmd), 1);
 	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_rx,
 	    sizeof(*sc->sc_ctrl_rx), 1);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status,
-	    sizeof(*sc->sc_ctrl_status), 0);
-	virtio_enqueue_commit(vsc, vq, slot, 1);
 
-	if ((r = vio_wait_ctrl_done(sc)) != 0)
-		goto out;
-
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
-	    sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE);
+	r = vio_ctrl_submit(sc, slot);
 	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_rx,
 	    sizeof(*sc->sc_ctrl_rx), BUS_DMASYNC_POSTWRITE);
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
-	    sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD);
-
-	if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) {
-		r = 0;
-	} else {
+	if (r != 0)
 		printf("%s: ctrl cmd %d failed\n", sc->sc_dev.dv_xname, cmd);
-		r = EIO;
-	}
 
 	DPRINTF("%s: cmd %d %d: %d\n", __func__, cmd, onoff, r);
-out:
-	vio_ctrl_wakeup(sc, FREE);
+
+	vio_ctrl_finish(sc);
 	return r;
 }
 
@@ -1546,87 +1625,29 @@ vio_ctrl_guest_offloads(struct vio_softc *sc, uint64_t features)
 	struct virtqueue *vq = sc->sc_ctl_vq;
 	int r, slot;
 
-	splassert(IPL_NET);
-
-	if ((r = vio_wait_ctrl(sc)) != 0)
+	r = vio_ctrl_start(sc, VIRTIO_NET_CTRL_GUEST_OFFLOADS,
+	    VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET, 1, &slot);
+	if (r != 0)
 		return r;
 
-	sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_GUEST_OFFLOADS;
-	sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_GUEST_OFFLOADS_SET;
 	sc->sc_ctrl_guest_offloads->offloads = features;
 
-	r = virtio_enqueue_prep(vq, &slot);
-	if (r != 0)
-		panic("%s: %s virtio_enqueue_prep: control vq busy",
-		    sc->sc_dev.dv_xname, __func__);
-	r = virtio_enqueue_reserve(vq, slot, 3);
-	if (r != 0)
-		panic("%s: %s virtio_enqueue_reserve: control vq busy",
-		    sc->sc_dev.dv_xname, __func__);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd,
-	    sizeof(*sc->sc_ctrl_cmd), 1);
 	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_guest_offloads,
 	    sizeof(*sc->sc_ctrl_guest_offloads), 1);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status,
-	    sizeof(*sc->sc_ctrl_status), 0);
-	virtio_enqueue_commit(vsc, vq, slot, 1);
 
-	if ((r = vio_wait_ctrl_done(sc)) != 0)
-		goto out;
+	r = vio_ctrl_submit(sc, slot);
 
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
-	    sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE);
 	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_guest_offloads,
 	    sizeof(*sc->sc_ctrl_guest_offloads), BUS_DMASYNC_POSTWRITE);
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
-	    sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD);
 
-	if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) {
-		r = 0;
-	} else {
+	if (r != 0) {
 		printf("%s: offload features 0x%llx failed\n",
 		    sc->sc_dev.dv_xname, features);
-		r = EIO;
 	}
 
-	DPRINTF("%s: features 0x%llx: %d\n", __func__, features, r);
- out:
-	vio_ctrl_wakeup(sc, FREE);
-	return r;
-}
+	DPRINTF("%s: offload features 0x%llx: %d\n", __func__, features, r);
 
-int
-vio_wait_ctrl(struct vio_softc *sc)
-{
-	int r = 0;
-
-	while (sc->sc_ctrl_inuse != FREE) {
-		if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc))
-			return ENXIO;
-		r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viowait", INFSLP);
-	}
-	sc->sc_ctrl_inuse = INUSE;
-
-	return r;
-}
-
-int
-vio_wait_ctrl_done(struct vio_softc *sc)
-{
-	int r = 0;
-
-	while (sc->sc_ctrl_inuse != DONE) {
-		if (sc->sc_ctrl_inuse == RESET || vio_needs_reset(sc))
-			return ENXIO;
-		r = tsleep_nsec(&sc->sc_ctrl_inuse, PRIBIO, "viodone",
-		    VIRTIO_NET_CTRL_TIMEOUT);
-		if (r == EWOULDBLOCK) {
-			printf("%s: ctrl queue timeout\n",
-			    sc->sc_dev.dv_xname);
-			vio_ctrl_wakeup(sc, RESET);
-			return ENXIO;
-		}
-	}
+	vio_ctrl_finish(sc);
 	return r;
 }
 
@@ -1665,55 +1686,35 @@ vio_set_rx_filter(struct vio_softc *sc)
 	struct virtio_softc *vsc = sc->sc_virtio;
 	struct virtqueue *vq = sc->sc_ctl_vq;
 	int r, slot;
+	size_t len_uc, len_mc;
 
-	splassert(IPL_NET);
 
-	if ((r = vio_wait_ctrl(sc)) != 0)
+	r = vio_ctrl_start(sc, VIRTIO_NET_CTRL_MAC,
+	    VIRTIO_NET_CTRL_MAC_TABLE_SET, 2, &slot);
+	if (r != 0)
 		return r;
 
-	sc->sc_ctrl_cmd->class = VIRTIO_NET_CTRL_MAC;
-	sc->sc_ctrl_cmd->command = VIRTIO_NET_CTRL_MAC_TABLE_SET;
+	len_uc = sizeof(*sc->sc_ctrl_mac_tbl_uc) +
+	    sc->sc_ctrl_mac_tbl_uc->nentries * ETHER_ADDR_LEN;
+	len_mc = sizeof(*sc->sc_ctrl_mac_tbl_mc) +
+	    sc->sc_ctrl_mac_tbl_mc->nentries * ETHER_ADDR_LEN;
+	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_uc, len_uc,
+	    1);
+	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_mc, len_mc,
+	    1);
 
-	r = virtio_enqueue_prep(vq, &slot);
-	if (r != 0)
-		panic("%s: %s virtio_enqueue_prep: control vq busy",
-		    sc->sc_dev.dv_xname, __func__);
-	r = virtio_enqueue_reserve(vq, slot, 4);
-	if (r != 0)
-		panic("%s: %s virtio_enqueue_reserve: control vq busy",
-		    sc->sc_dev.dv_xname, __func__);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_cmd,
-	    sizeof(*sc->sc_ctrl_cmd), 1);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_uc,
-	    sizeof(*sc->sc_ctrl_mac_tbl_uc) +
-	    sc->sc_ctrl_mac_tbl_uc->nentries * ETHER_ADDR_LEN, 1);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_mac_tbl_mc,
-	    sizeof(*sc->sc_ctrl_mac_tbl_mc) +
-	    sc->sc_ctrl_mac_tbl_mc->nentries * ETHER_ADDR_LEN, 1);
-	vio_dmamem_enqueue(vsc, sc, vq, slot, sc->sc_ctrl_status,
-	    sizeof(*sc->sc_ctrl_status), 0);
-	virtio_enqueue_commit(vsc, vq, slot, 1);
+	r = vio_ctrl_submit(sc, slot);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_tbl_uc, len_uc,
+	    BUS_DMASYNC_POSTWRITE);
+	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_tbl_mc, len_mc,
+	    BUS_DMASYNC_POSTWRITE);
 
-	if ((r = vio_wait_ctrl_done(sc)) != 0)
-		goto out;
-
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_cmd,
-	    sizeof(*sc->sc_ctrl_cmd), BUS_DMASYNC_POSTWRITE);
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_mac_info,
-	    VIO_CTRL_MAC_INFO_SIZE, BUS_DMASYNC_POSTWRITE);
-	VIO_DMAMEM_SYNC(vsc, sc, sc->sc_ctrl_status,
-	    sizeof(*sc->sc_ctrl_status), BUS_DMASYNC_POSTREAD);
-
-	if (sc->sc_ctrl_status->ack == VIRTIO_NET_OK) {
-		r = 0;
-	} else {
+	if (r != 0) {
 		/* The host's filter table is not large enough */
 		printf("%s: failed setting rx filter\n", sc->sc_dev.dv_xname);
-		r = EIO;
 	}
 
-out:
-	vio_ctrl_wakeup(sc, FREE);
+	vio_ctrl_finish(sc);
 	return r;
 }
 

sys/nfs/nfs_bio.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_bio.c,v 1.86 2024/05/01 13:15:59 jsg Exp $	*/
+/*	$OpenBSD: nfs_bio.c,v 1.87 2024/09/18 05:21:19 jsg Exp $	*/
 /*	$NetBSD: nfs_bio.c,v 1.25.4.2 1996/07/08 20:47:04 jtc Exp $	*/
 
 /*
@@ -616,7 +616,7 @@ nfs_doio(struct buf *bp, struct proc *p)
 	    default:
 		panic("nfs_doio:  type %x unexpected", vp->v_type);
 		break;
-	    };
+	    }
 	    if (error) {
 		bp->b_flags |= B_ERROR;
 		bp->b_error = error;

sys/nfs/nfs_serv.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_serv.c,v 1.129 2024/09/11 12:22:34 claudio Exp $	*/
+/*	$OpenBSD: nfs_serv.c,v 1.130 2024/09/18 05:21:19 jsg Exp $	*/
 /*     $NetBSD: nfs_serv.c,v 1.34 1997/05/12 23:37:12 fvdl Exp $       */
 
 /*
@@ -1110,7 +1110,7 @@ nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
 			if (nd.ni_vp == NULL)
 				va.va_mode = 0;
 			break;
-		};
+		}
 		va.va_type = VREG;
 	} else {
 		sp = (struct nfsv2_sattr *)nfsm_dissect(&info, NFSX_V2SATTR);
@@ -1133,7 +1133,7 @@ nfsrv_create(struct nfsrv_descript *nfsd, struct nfssvc_sock *slp,
 			break;
 		default:
 			break;
-		};
+		}
 	}
 
 	/*

sys/nfs/nfs_socket.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_socket.c,v 1.153 2024/09/11 12:22:34 claudio Exp $	*/
+/*	$OpenBSD: nfs_socket.c,v 1.154 2024/09/18 05:21:19 jsg Exp $	*/
 /*	$NetBSD: nfs_socket.c,v 1.27 1996/04/15 20:20:00 thorpej Exp $	*/
 
 /*
@@ -1125,7 +1125,7 @@ nfs_rephead(int siz, struct nfsrv_descript *nd, struct nfssvc_sock *slp,
 				    *tl = 0;
 			}
 			break;
-		};
+		}
 	}
 
 	*mrq = mreq;

sys/nfs/nfs_srvcache.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_srvcache.c,v 1.31 2024/05/01 13:15:59 jsg Exp $	*/
+/*	$OpenBSD: nfs_srvcache.c,v 1.32 2024/09/18 05:21:19 jsg Exp $	*/
 /*	$NetBSD: nfs_srvcache.c,v 1.12 1996/02/18 11:53:49 fvdl Exp $	*/
 
 /*
@@ -204,7 +204,7 @@ nfsrv_getcache(struct nfsrv_descript *nd, struct nfssvc_sock *slp,
 		rp->rc_flag |= RC_NAM;
 		rp->rc_nam = m_copym(nd->nd_nam, 0, M_COPYALL, M_WAIT);
 		break;
-	};
+	}
 	rp->rc_proc = nd->nd_procnum;
 	hash = NFSRCHASH(nd->nd_retxid);
 	LIST_INSERT_HEAD(hash, rp, rc_hash);

sys/nfs/nfs_srvsubs.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_srvsubs.c,v 1.1 2024/09/09 03:50:14 jsg Exp $	*/
+/*	$OpenBSD: nfs_srvsubs.c,v 1.2 2024/09/18 05:21:19 jsg Exp $	*/
 /*	$NetBSD: nfs_subs.c,v 1.27.4.3 1996/07/08 20:34:24 jtc Exp $	*/
 
 /*
@@ -389,7 +389,7 @@ netaddr_match(int family, union nethostaddr *haddr, struct mbuf *nam)
 		break;
 	default:
 		break;
-	};
+	}
 	return (0);
 }
 
@@ -462,7 +462,7 @@ nfsm_srvsattr(struct mbuf **mp, struct vattr *va, struct mbuf *mrep,
 		va->va_vaflags |= VA_UTIMES_CHANGE;
 		getnanotime(&va->va_atime);
 		break;
-	};
+	}
 
 	tl = (uint32_t *)nfsm_dissect(&info, NFSX_UNSIGNED);
 	if (tl == NULL)
@@ -480,7 +480,7 @@ nfsm_srvsattr(struct mbuf **mp, struct vattr *va, struct mbuf *mrep,
 		va->va_vaflags |= VA_UTIMES_CHANGE;
 		getnanotime(&va->va_mtime);
 		break;
-	};
+	}
 
 	*dposp = info.nmi_dpos;
 	*mp = info.nmi_md;

sys/nfs/nfs_syscalls.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_syscalls.c,v 1.127 2024/06/26 01:40:49 jsg Exp $	*/
+/*	$OpenBSD: nfs_syscalls.c,v 1.128 2024/09/18 05:21:19 jsg Exp $	*/
 /*	$NetBSD: nfs_syscalls.c,v 1.19 1996/02/18 11:53:52 fvdl Exp $	*/
 
 /*
@@ -469,7 +469,7 @@ loop:
 		m_freem(nd->nd_mrep);
 		m_freem(nd->nd_nam2);
 		break;
-	};
+	}
 
 	if (nd) {
 		pool_put(&nfsrv_descript_pl, nd);

sys/nfs/nfs_vnops.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nfs_vnops.c,v 1.203 2024/09/12 09:04:51 claudio Exp $	*/
+/*	$OpenBSD: nfs_vnops.c,v 1.204 2024/09/18 05:21:19 jsg Exp $	*/
 /*	$NetBSD: nfs_vnops.c,v 1.62.4.1 1996/07/08 20:26:52 jtc Exp $	*/
 
 /*
@@ -653,7 +653,7 @@ nfs_setattr(void *v)
 			tsize = np->n_size;
 			np->n_size = np->n_vattr.va_size = vap->va_size;
 			uvm_vnp_setsize(vp, np->n_size);
-		};
+		}
 	} else if ((vap->va_mtime.tv_nsec != VNOVAL ||
 		vap->va_atime.tv_nsec != VNOVAL) &&
 		vp->v_type == VREG &&

usr.bin/rsync/blocks.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: blocks.c,v 1.23 2024/02/28 09:36:11 claudio Exp $ */
+/*	$OpenBSD: blocks.c,v 1.24 2024/09/18 10:22:36 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -121,7 +121,7 @@ blkhash_set(struct blktab *p, const struct blkset *bset)
 void
 blkhash_free(struct blktab *p)
 {
-
+	free(p->q);
 	free(p->blks);
 	free(p);
 }

usr.sbin/vmd/vm.conf.5

@@ -1,4 +1,4 @@
-.\" $OpenBSD: vm.conf.5,v 1.64 2024/09/11 15:42:52 bluhm Exp $
+.\" $OpenBSD: vm.conf.5,v 1.65 2024/09/16 22:30:01 bluhm Exp $
 .\"
 .\" Copyright (c) 2015 Mike Larkin <mlarkin@openbsd.org>
 .\" Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -15,7 +15,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 11 2024 $
+.Dd $Mdocdate: September 16 2024 $
 .Dt VM.CONF 5
 .Os
 .Sh NAME
@@ -324,7 +324,11 @@ If only
 is given,
 only the group is set.
 .It Ic sev
-Enables SEV for guest.
+Enables AMD Secure Encrypted Virtualization for guest.
+.Xr vmd 8
+uses
+.Xr psp 4
+to configure the guest for SEV.
 .El
 .Sh VM INSTANCES
 It is possible to use configured or running VMs as a template for