SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2024-09-21 19:08:31 +00:00
parent e9d0cc1e24
commit 9d1bed226b
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
12 changed files with 69 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
games/fortune/fortune/fortune.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: fortune.c,v 1.64 2024/05/21 05:00:47 jsg Exp $ */
/* $OpenBSD: fortune.c,v 1.65 2024/09/20 12:52:37 tb Exp $ */
/* $NetBSD: fortune.c,v 1.8 1995/03/23 08:28:40 cgd Exp $ */
/*-
@ -413,6 +413,7 @@ add_file(int percent, char *file, char *dir, FILEDESC **head, FILEDESC **tail,
if (was_malloc)
free(path);
path = offensive;
offensive = NULL;
file = off_name(file);
was_malloc = true;
}
@ -430,9 +431,9 @@ over:
* we'll pick up the -o file anyway.
*/
if (All_forts && offensive != NULL) {
path = offensive;
if (was_malloc)
free(path);
path = offensive;
offensive = NULL;
was_malloc = true;
DPRINTF(1, (stderr, "\ttrying \"%s\"\n", path));

2
gnu/usr.bin/binutils/gdb/cli/cli-cmds.c
View File

@ -625,7 +625,7 @@ edit_command (char *arg, int from_tty)
}
if ((editor = (char *) getenv ("EDITOR")) == NULL)
editor = "/bin/ex";
editor = "/usr/bin/ex";
/* Approximate base-10 log of line to 1 unit for digit count */
for(log10=32, m=0x80000000; !(sal.line & m) && log10>0; log10--, m=m>>1);

2
gnu/usr.bin/binutils/gdb/doc/gdb.texinfo
View File

@ -32,7 +32,7 @@
@set EDITION Ninth
@c !!set GDB edit command default editor
@set EDITOR /bin/ex
@set EDITOR /usr/bin/ex
@c THIS MANUAL REQUIRES TEXINFO 4.0 OR LATER.

4
regress/usr.bin/mandoc/mdoc/In/Makefile
View File

@ -1,6 +1,6 @@
# $OpenBSD: Makefile,v 1.9 2017/03/08 22:53:35 schwarze Exp $
# $OpenBSD: Makefile,v 1.10 2024/09/21 11:56:36 schwarze Exp $
REGRESS_TARGETS = break eos font noarg
REGRESS_TARGETS = break eos font noarg parse
LINT_TARGETS = noarg
.include <bsd.regress.mk>

13
regress/usr.bin/mandoc/mdoc/In/parse.in Normal file
View File

@ -0,0 +1,13 @@
.\" $OpenBSD: parse.in,v 1.1 2024/09/21 11:56:36 schwarze Exp $
.Dd $Mdocdate: September 21 2024 $
.Dt IN-PARSE 2
.Os
.Sh NAME
.Nm In-parse
.Nd parsing of include file macros
.Sh DESCRIPTION
first line
.Sy parent In arg1 arg2 Sy child
middle line
.In ( arg )
last line

9
regress/usr.bin/mandoc/mdoc/In/parse.out_ascii Normal file
View File

@ -0,0 +1,9 @@
IN-PARSE(2) System Calls Manual IN-PARSE(2)
NNAAMMEE
IInn--ppaarrssee - parsing of include file macros
DDEESSCCRRIIPPTTIIOONN
first line ppaarreenntt <_a_r_g_1> arg2 cchhiilldd middle line (<_a_r_g>) last line
OpenBSD September 21, 2024 OpenBSD

15
regress/usr.bin/mandoc/mdoc/In/parse.out_markdown Normal file
View File

@ -0,0 +1,15 @@
IN-PARSE(2) - System Calls Manual
# NAME
**In-parse** - parsing of include file macros
# DESCRIPTION
first line
**parent** &lt;*arg1*> arg2 **child**
middle line
(&lt;*arg*>)
last line
OpenBSD - September 21, 2024

252
sys/arch/amd64/amd64/vmm_machdep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vmm_machdep.c,v 1.36 2024/09/04 16:12:40 dv Exp $ */
/* $OpenBSD: vmm_machdep.c,v 1.37 2024/09/21 04:36:28 mlarkin Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -72,7 +72,6 @@ int vmm_quiesce_vmx(void);
int vm_run(struct vm_run_params *);
int vm_intr_pending(struct vm_intr_params *);
int vm_rwregs(struct vm_rwregs_params *, int);
int vm_mprotect_ept(struct vm_mprotect_ept_params *);
int vm_rwvmparams(struct vm_rwvmparams_params *, int);
int vcpu_readregs_vmx(struct vcpu *, uint64_t, int, struct vcpu_reg_state *);
int vcpu_readregs_svm(struct vcpu *, uint64_t, struct vcpu_reg_state *);
@ -125,7 +124,6 @@ int svm_fault_page(struct vcpu *, paddr_t);
int vmx_fault_page(struct vcpu *, paddr_t);
int vmx_handle_np_fault(struct vcpu *);
int svm_handle_np_fault(struct vcpu *);
int vmx_mprotect_ept(struct vcpu *, vm_map_t, paddr_t, paddr_t, int);
pt_entry_t *vmx_pmap_find_pte_ept(pmap_t, paddr_t);
int vmm_alloc_vpid(uint16_t *);
void vmm_free_vpid(uint16_t);
@ -440,9 +438,6 @@ vmmioctl_machdep(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
case VMM_IOC_INTR:
ret = vm_intr_pending((struct vm_intr_params *)data);
break;
case VMM_IOC_MPROTECT_EPT:
ret = vm_mprotect_ept((struct vm_mprotect_ept_params *)data);
break;
default:
DPRINTF("%s: unknown ioctl code 0x%lx\n", __func__, cmd);
ret = ENOTTY;
@ -456,7 +451,6 @@ pledge_ioctl_vmm_machdep(struct proc *p, long com)
{
switch (com) {
case VMM_IOC_INTR:
case VMM_IOC_MPROTECT_EPT:
return (0);
}
@ -624,250 +618,6 @@ out:
return (ret);
}
/*
* vm_mprotect_ept
*
* IOCTL handler to sets the access protections of the ept
*
* Parameters:
* vmep: describes the memory for which the protect will be applied..
*
* Return values:
* 0: if successful
* ENOENT: if the VM defined by 'vmep' cannot be found
* EINVAL: if the sgpa or size is not page aligned, the prot is invalid,
* size is too large (512GB), there is wraparound
* (like start = 512GB-1 and end = 512GB-2),
* the address specified is not within the vm's mem range
* or the address lies inside reserved (MMIO) memory
*/
int
vm_mprotect_ept(struct vm_mprotect_ept_params *vmep)
{
struct vm *vm;
struct vcpu *vcpu;
vaddr_t sgpa;
size_t size;
vm_prot_t prot;
uint64_t msr;
int ret = 0, memtype;
/* If not EPT or RVI, nothing to do here */
if (!(vmm_softc->mode == VMM_MODE_EPT
|| vmm_softc->mode == VMM_MODE_RVI))
return (0);
/* Find the desired VM */
ret = vm_find(vmep->vmep_vm_id, &vm);
/* Not found? exit. */
if (ret != 0) {
DPRINTF("%s: vm id %u not found\n", __func__,
vmep->vmep_vm_id);
return (ret);
}
vcpu = vm_find_vcpu(vm, vmep->vmep_vcpu_id);
if (vcpu == NULL) {
DPRINTF("%s: vcpu id %u of vm %u not found\n", __func__,
vmep->vmep_vcpu_id, vmep->vmep_vm_id);
ret = ENOENT;
goto out_nolock;
}
rw_enter_write(&vcpu->vc_lock);
if (vcpu->vc_state != VCPU_STATE_STOPPED) {
DPRINTF("%s: mprotect_ept %u on vm %u attempted "
"while vcpu was in state %u (%s)\n", __func__,
vmep->vmep_vcpu_id, vmep->vmep_vm_id, vcpu->vc_state,
vcpu_state_decode(vcpu->vc_state));
ret = EBUSY;
goto out;
}
/* Only proceed if the pmap is in the correct mode */
KASSERT((vmm_softc->mode == VMM_MODE_EPT &&
vm->vm_map->pmap->pm_type == PMAP_TYPE_EPT) ||
(vmm_softc->mode == VMM_MODE_RVI &&
vm->vm_map->pmap->pm_type == PMAP_TYPE_RVI));
sgpa = vmep->vmep_sgpa;
size = vmep->vmep_size;
prot = vmep->vmep_prot;
/* No W^X permissions */
if ((prot & PROT_MASK) != prot &&
(prot & (PROT_WRITE | PROT_EXEC)) == (PROT_WRITE | PROT_EXEC)) {
DPRINTF("%s: W+X permission requested\n", __func__);
ret = EINVAL;
goto out;
}
/* No Write only permissions */
if ((prot & (PROT_READ | PROT_WRITE | PROT_EXEC)) == PROT_WRITE) {
DPRINTF("%s: No Write only permissions\n", __func__);
ret = EINVAL;
goto out;
}
/* No empty permissions */
if (prot == 0) {
DPRINTF("%s: No empty permissions\n", __func__);
ret = EINVAL;
goto out;
}
/* No execute only on EPT CPUs that don't have that capability */
if (vmm_softc->mode == VMM_MODE_EPT) {
msr = rdmsr(IA32_VMX_EPT_VPID_CAP);
if (prot == PROT_EXEC &&
(msr & IA32_EPT_VPID_CAP_XO_TRANSLATIONS) == 0) {
DPRINTF("%s: Execute only permissions unsupported,"
" adding read permission\n", __func__);
prot |= PROT_READ;
}
}
/* Must be page aligned */
if ((sgpa & PAGE_MASK) || (size & PAGE_MASK) || size == 0) {
ret = EINVAL;
goto out;
}
/* size must be less then 512GB */
if (size >= NBPD_L4) {
ret = EINVAL;
goto out;
}
/* no wraparound */
if (sgpa + size < sgpa) {
ret = EINVAL;
goto out;
}
/*
* Specifying addresses within the PCI MMIO space is forbidden.
* Disallow addresses that start inside the MMIO space:
* [VMM_PCI_MMIO_BAR_BASE .. VMM_PCI_MMIO_BAR_END]
*/
if (sgpa >= VMM_PCI_MMIO_BAR_BASE && sgpa <= VMM_PCI_MMIO_BAR_END) {
ret = EINVAL;
goto out;
}
/*
* ... and disallow addresses that end inside the MMIO space:
* (VMM_PCI_MMIO_BAR_BASE .. VMM_PCI_MMIO_BAR_END]
*/
if (sgpa + size > VMM_PCI_MMIO_BAR_BASE &&
sgpa + size <= VMM_PCI_MMIO_BAR_END) {
ret = EINVAL;
goto out;
}
memtype = vmm_get_guest_memtype(vm, sgpa);
if (memtype == VMM_MEM_TYPE_UNKNOWN) {
ret = EINVAL;
goto out;
}
if (vmm_softc->mode == VMM_MODE_EPT)
ret = vmx_mprotect_ept(vcpu, vm->vm_map, sgpa, sgpa + size,
prot);
else if (vmm_softc->mode == VMM_MODE_RVI) {
pmap_write_protect(vm->vm_map->pmap, sgpa, sgpa + size, prot);
/* XXX requires a invlpga */
ret = 0;
} else
ret = EINVAL;
out:
if (vcpu != NULL)
rw_exit_write(&vcpu->vc_lock);
out_nolock:
refcnt_rele_wake(&vm->vm_refcnt);
return (ret);
}
/*
* vmx_mprotect_ept
*
* apply the ept protections to the requested pages, faulting in the page if
* required.
*/
int
vmx_mprotect_ept(struct vcpu *vcpu, vm_map_t vm_map, paddr_t sgpa, paddr_t egpa,
int prot)
{
struct vmx_invept_descriptor vid;
pmap_t pmap;
pt_entry_t *pte;
paddr_t addr;
int ret = 0;
pmap = vm_map->pmap;
KERNEL_LOCK();
for (addr = sgpa; addr < egpa; addr += PAGE_SIZE) {
pte = vmx_pmap_find_pte_ept(pmap, addr);
if (pte == NULL) {
ret = uvm_fault(vm_map, addr, VM_FAULT_WIRE,
PROT_READ | PROT_WRITE | PROT_EXEC);
if (ret)
printf("%s: uvm_fault returns %d, GPA=0x%llx\n",
__func__, ret, (uint64_t)addr);
pte = vmx_pmap_find_pte_ept(pmap, addr);
if (pte == NULL) {
KERNEL_UNLOCK();
return EFAULT;
}
}
if (prot & PROT_READ)
*pte |= EPT_R;
else
*pte &= ~EPT_R;
if (prot & PROT_WRITE)
*pte |= EPT_W;
else
*pte &= ~EPT_W;
if (prot & PROT_EXEC)
*pte |= EPT_X;
else
*pte &= ~EPT_X;
}
/*
* SDM 3C: 28.3.3.4 Guidelines for Use of the INVEPT Instruction
* the first bullet point seems to say we should call invept.
*
* Software should use the INVEPT instruction with the single-context
* INVEPT type after making any of the following changes to an EPT
* paging-structure entry (the INVEPT descriptor should contain an
* EPTP value that references directly or indirectly
* the modified EPT paging structure):
* Changing any of the privilege bits 2:0 from 1 to 0.
* */
if (pmap->eptp != 0) {
memset(&vid, 0, sizeof(vid));
vid.vid_eptp = pmap->eptp;
DPRINTF("%s: flushing EPT TLB for EPTP 0x%llx\n", __func__,
vid.vid_eptp);
invept(vcpu->vc_vmx_invept_op, &vid);
}
KERNEL_UNLOCK();
return ret;
}
/*
* vmx_pmap_find_pte_ept
*

13
sys/arch/amd64/include/vmmvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vmmvar.h,v 1.105 2024/08/27 09:16:03 bluhm Exp $ */
/* $OpenBSD: vmmvar.h,v 1.106 2024/09/21 04:36:28 mlarkin Exp $ */
/*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
*
@ -492,19 +492,8 @@ struct vm_rwregs_params {
struct vcpu_reg_state vrwp_regs;
};
struct vm_mprotect_ept_params {
/* Input parameters to VMM_IOC_MPROTECT_EPT */
uint32_t vmep_vm_id;
uint32_t vmep_vcpu_id;
vaddr_t vmep_sgpa;
size_t vmep_size;
int vmep_prot;
};
/* IOCTL definitions */
#define VMM_IOC_INTR _IOW('V', 6, struct vm_intr_params) /* Intr pending */
/* Control the protection of ept pages*/
#define VMM_IOC_MPROTECT_EPT _IOW('V', 11, struct vm_mprotect_ept_params)
/* CPUID masks */
/*

6
sys/arch/arm64/stand/efiboot/efiboot.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: efiboot.c,v 1.58 2024/08/01 11:53:03 mglocker Exp $ */
/* $OpenBSD: efiboot.c,v 1.59 2024/09/20 19:12:50 kettenis Exp $ */
/*
* Copyright (c) 2015 YASUOKA Masahiko <yasuoka@yasuoka.net>
@ -1121,6 +1121,10 @@ struct smbios_dtb {
"qcom/sc8280xp-lenovo-thinkpad-x13s.dtb" },
{ "LENOVO", "21BY",
"qcom/sc8280xp-lenovo-thinkpad-x13s.dtb" },
{ "LENOVO", "21N1",
"qcom/x1e78100-lenovo-thinkpad-t14s.dtb" },
{ "LENOVO", "21N2",
"qcom/x1e78100-lenovo-thinkpad-t14s.dtb" },
{ "LENOVO", "83ED",
"qcom/x1e80100-lenovo-yoga-slim7x.dtb" },
{ "SAMSUNG", "Galaxy Book4 Edge",

18
usr.sbin/relayd/relayd.conf.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: relayd.conf.5,v 1.209 2024/07/14 03:58:49 jsg Exp $
.\" $OpenBSD: relayd.conf.5,v 1.210 2024/09/21 05:37:26 aisha Exp $
.\"
.\" Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: July 14 2024 $
.Dd $Mdocdate: September 21 2024 $
.Dt RELAYD.CONF 5
.Os
.Sh NAME
@ -1537,6 +1537,20 @@ redirect "dns" {
}
.Ed
.Pp
To load balance an IP address over multiple backend servers using a
.Xr pf 4
.Cm route-to
directive:
.Bd -literal -offset indent
table <backends> { 10.100.42.71 10.100.42.72 10.100.42.73 }
redirect "xmpp" {
listen on 10.100.42.2 tcp port 5222
route to <backends> port 5222 check tcp interface em0
}
.Ed
.Pp
The following configuration would add a relay to forward
secure HTTPS connections to a pool of HTTP webservers
using the

3
usr.sbin/vmd/arm64_vm.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: arm64_vm.c,v 1.2 2024/09/11 15:42:52 bluhm Exp $ */
/* $OpenBSD: arm64_vm.c,v 1.3 2024/09/21 04:12:18 mlarkin Exp $ */
/*
* Copyright (c) 2024 Dave Voutila <dv@openbsd.org>
*
@ -17,6 +17,7 @@
#include <sys/types.h>
#include "vmd.h"
#include "vmm.h"
void
create_memory_map(struct vm_create_params *vcp)