OpenBSD Journal

OpenBSD Journal

mwx(4), another new wi-fi driver, added to -current

Contributed by rueda on from the it's-raining-wi-fi-drivers dept.

Hot on the heels of qwx(4) [see earlier report], and soon after going -beta, -current has gained another new wi-fi driver - mwx(4). Claudio Jeker (claudio@) committed the import:

CVSROOT:	/cvs
Module name:	src
Changes by:	claudio@cvs.openbsd.org	2024/02/21 03:48:10

Modified files:
	sys/dev/pci    : files.pci 
Added files:
	sys/dev/pci    : if_mwx.c if_mwxreg.h 

Log message:
Import mwx(4) a driver for Mediatek MT7921 and MT7922 802.11ax devices

This is work in progress. Scan works, RX of packets is more or less there
but TX does not work yet. The packets are passed to the chip but get stuck
or ignored there. It is easy to hang the device or the system since device
reset is not quite right (like many other bits).

Also this is only for MT7921 right now since I have no access to a MT7922
device.

Lots of pushing from deraadt@ to commit this now.

So, WIP and MT7921-only [at this stage], but very promising.

New code for SIGILL faults help identify misbranches

Contributed by Janne Johansson on from the don't pee on the electric fence dept.

If you run recent OpenBSD on certain amd64 or aarch64 platforms, indirect branching to an "unexpected" location will crash your program, in order to prevent ROP attacks and similar ways to have your program execute code where it shouldn't.

The OpenBSD compiler will insert an extra instruction in all the places where a branch is supposed to land, and if it lands anywhere else, a CPU fault is raised and your program gets an "Illegal Instruction".

Previously, crashes of this kind have looked more or less like any other kind of fault where code is executing random data or from random locations, but since the kernel knows when this has happened, we can make it explicit that the fault is due to missing branch target instructions, which will help a lot when debugging.

Link to the commit here.

OpenBSD -current moves to 7.5-beta

Contributed by Janne Johansson on from the springtime for Puffy dept.

It's that time of the year again. With this commit, Theo de Raadt (deraadt@) changed the version string for the OpenBSD development branch (i.e. -current) to 7.5-beta:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2024/02/17 09:13:24

Modified files:
	sys/sys        : param.h 
	etc/root       : root.mail 
	sys/conf       : newvers.sh 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	share/mk       : sys.mk 
	usr.bin/signify: signify.1 

Log message:
move to 7.5-beta

With the upcoming release expected to appear in May, testing is particularly welcome.

7.5-beta snapshots are already appearing on the mirrors.

New wi-fi driver, qwx(4), enabled in -current

Contributed by rueda on from the qwx my line dept.

Stefan Sperling (stsp@) tooted regarding the addition of qwx(4) to -current:

The next set of #OpenBSD amd64/arm64 snapshots will start shipping the qwx driver for #ath11k QCNFA765 wifi devices.

My part-time effort on this driver started about a year ago, with much help from mpi@, @bluerise, kettenis@, and claudio@

https://marc.info/?l=openbsd-cvs&m=170801475321249&w=2

Edit: And I should mention that the OpenBSD Foundation supports this effort. Thanks to everyone who donated!

The QCNFA765 is found in some laptops.

The driver currently supports only 11a/b/g modes.

Thanks to Stefan, his helpers, and The OpenBSD Foundation!

Soft updates (softdep) support removed from -current

Contributed by rueda on from the don't-hold-your-breath dept.

Support for soft updates (softdep), disabled since before the 7.4 release [see earlier report], has been removed from -current by Bob Beck (beck@):

CVSROOT:	/cvs
Module name:	src
Changes by:	beck@cvs.openbsd.org	2024/02/03 11:51:59

Modified files:
	bin/ps         : ps.1 
	sbin/dump      : traverse.c 
	sbin/dumpfs    : dumpfs.c 
	sbin/fsck_ffs  : dir.c fsck.h main.c pass1.c pass2.c pass5.c 
	                 setup.c 
	sbin/growfs    : growfs.c 
	sbin/quotacheck: quotacheck.c 
	share/man/man5 : fs.5 
	sys/conf       : files 
	sys/ddb        : db_interface.h 
	sys/dev        : softraid.c 
	sys/kern       : kern_physio.c spec_vnops.c vfs_bio.c vfs_subr.c 
	                 vfs_sync.c vfs_syscalls.c 
	sys/sys        : buf.h mount.h proc.h vnode.h 
	sys/ufs/ffs    : ffs_alloc.c ffs_balloc.c ffs_extern.h 
	                 ffs_inode.c ffs_softdep.c ffs_softdep_stub.c 
	                 ffs_vfsops.c ffs_vnops.c fs.h softdep.h 
	sys/ufs/ufs    : inode.h ufs_extern.h ufs_inode.c ufs_lookup.c 
	                 ufs_vnops.c 
	sys/uvm        : uvm_swap.c 

Log message:
Remove Softdep.

Softdep has been a no-op for some time now, this removes it to get
it out of the way.

Flensing mostly done in Talinn, with some help from krw@

ok deraadt@

pinsyscalls(2) work summarized by Theo de Raadt

Contributed by Peter N. M. Hansteen on from the safely pinned dept.

In a post to tech@, Theo de Raadt (deraadt@) summarizes the multi-year effort to make certain attack vectors unavailable on OpenBSD:

Subject:    pinsyscalls(2)
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2024-01-28 20:20:59

pinsyscalls(2) has gone into the tree without too much difficulty, and no
issues are currently known.

None of this could have been possible without help from a few groups of
people.

Read more…

KMS for Apple silicon machines

Contributed by rueda on from the kettenis-makes-smoother dept.

Mark Kettenis (kettenis@) committed support for Kernel Mode-Setting (KMS) on Apple silicon (arm64) machines:

CVSROOT:	/cvs
Module name:	src
Changes by:	kettenis@cvs.openbsd.org	2024/01/22 11:54:01

Modified files:
	sys/arch/arm64/conf: GENERIC 
	sys/dev/pci/drm: files.drm 
	sys/dev/pci/drm/include/generated: autoconf.h 
Added files:
	sys/dev/pci/drm/apple: afk.c afk.h apldcp.c apldrm.c apple_drv.c 
	                       dcp-internal.h dcp.c dcp.h 
	                       dcp_backlight.c dptxep.c dptxep.h 
	                       ibootep.c iomfb.c iomfb.h 
	                       iomfb_internal.h iomfb_template.c 
	                       iomfb_template.h iomfb_v12_3.c 
	                       iomfb_v12_3.h iomfb_v13_3.c iomfb_v13_3.h 
	                       parser.c parser.h systemep.c trace.c 
	                       trace.h version_utils.h 
	sys/dev/pci/drm/include/linux: apple-mailbox.h args.h 
	sys/dev/pci/drm/include/linux/soc/apple: rtkit.h 

Log message:
Add apldcp(4) and apldrm(4).  Together these drivers provide KMS
functionality on Apple Silicom machines.  At this point the drivers
provide significant power savings when the display is blanked (and
during suspend) and backlight control.  Some support for HDMI output
is also included, but for now only when HDMI is used as the primary output.
In the future this should also provide displayport support.

This is a port of the the Asahi Linux drivers which can be found at

https://github.com/AsahiLinux/linux/tree/asahi-wip

Note that this branch gets rebased from time to time.

These drivers do *not* bring us GPU accelerated graphics.  But there
are reports that things run "smoother".

There are some known bugs with backlight control: the backlight level
may not be restored properly after the display has been blanked, and
changing the backlight quickly un succession may break the backlight
control.

ok jsg@

Read more…

Donate!

Donate to OpenBSD

Features

We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.4

0132024-02-13 SECURITY DNSSEC protocol vulnerabilities have been discovered that render various DNSSEC validators victims of Denial Of Service while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and CVE-2023-50868 in unwind(8) and unbound(8).
0122024-01-16 SECURITY Fix multiple xserver heap buffer overflows, out of bounds memory accesses and memory corruption. CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 CVE-2024-0408 CVE-2024-0409
0112023-12-18 SECURITY An SSH protocol weakness (the Terrapin Attack) exists that allows an on-path adversary to disable keystroke timing obfuscation.
0102023-12-14 SECURITY Fix out of bounds memory accesses in XRandR and XKB X server extensions. CVE-2023-6377 CVE-2023-6478
0092023-12-10 RELIABILITY A race condition between pf(4)'s processing of packets and expiration of packet states may cause a kernel panic.
0082023-12-10 RELIABILITY vmm(4) restored stale GDTR & TR values on vm exit which could lead to memory corruption or kernel deadlocks.

Unofficial RSS feed of OpenBSD errata

OpenBSD 7.3

0262024-02-13 SECURITY DNSSEC protocol vulnerabilities have been discovered that render various DNSSEC validators victims of Denial Of Service while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and CVE-2023-50868 in unwind(8) and unbound(8).
0252024-01-16 SECURITY Fix multiple xserver heap buffer overflows, out of bounds memory accesses and memory corruption. CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 CVE-2024-0408 CVE-2024-0409
0242023-12-18 SECURITY An SSH protocol weakness (the Terrapin Attack) exists that allows an on-path adversary to disable keystroke timing obfuscation.
0232023-12-14 SECURITY Fix out of bounds memory accesses in XRandR and XKB X server extensions. CVE-2023-6377 CVE-2023-6478
0222023-12-10 RELIABILITY vmm(4) restored stale GDTR & TR values on vm exit which could lead to memory corruption or kernel deadlocks.
0212023-11-29 SECURITY A crafted regular expression when compiled by perl can cause a one-byte attacker controlled buffer overflow in a heap allocated buffer. CVE-2023-47038

Unofficial RSS feed of OpenBSD errata

XML/RSS/RDF

Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]