Re: amd64 softlock and interlocking
Date: Sat, 24 Jan 2015 10:47:59 +1000 From: David Gwynne da...@gwynne.id.au Lots of other things would have to change when that happens too. Until then I'll take any latency improvement I can get. The difference is noticable? Note that intr_disestablish() uses an atomic operation to clear bits. That one is necessary. And I think that means we have to use atomic operations everywhere to modify ci_ipending. On 24 Jan 2015 12:40 am, Mark Kettenis mark.kette...@xs4all.nl wrote: Date: Fri, 23 Jan 2015 22:52:37 +1000 From: David Gwynne da...@gwynne.id.au when a softint gets scheduled, we set a bit in the current cpus cpu_info structure. that doesnt have to be an interlocked operation to be locally atomic. ok? Hmm, but it will need to be if we ever want to have the ability to schedule softinterrupts on different CPUs. Index: arch/amd64/amd64/intr.c === RCS file: /cvs/src/sys/arch/amd64/amd64/intr.c,v retrieving revision 1.40 diff -u -p -r1.40 intr.c --- arch/amd64/amd64/intr.c 6 Jan 2015 12:50:47 - 1.40 +++ arch/amd64/amd64/intr.c 23 Jan 2015 12:50:20 - @@ -721,6 +721,6 @@ softintr(int sir) { struct cpu_info *ci = curcpu(); - __asm volatile(lock; orq %1, %0 : + __asm volatile(orq %1, %0 : =m(ci-ci_ipending) : ir (1UL sir)); }
Re: syslogd TLS verify
On Thu, Jan 22, 2015 at 12:54:46AM +0100, Alexander Bluhm wrote: With this diff, syslogd verifies the x509 certificate of the TLS server before sending any messages to it. Note that you also need Reyk's extensions to libtls and libssl to use the CA file with privsep. So I will not commit before Reyk. Reyk has commited the libtls privsep support. Any oks? ok? bluhm Index: usr.sbin/syslogd/syslogd.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.144 diff -u -p -r1.144 syslogd.c --- usr.sbin/syslogd/syslogd.c19 Jan 2015 16:40:49 - 1.144 +++ usr.sbin/syslogd/syslogd.c21 Jan 2015 23:17:20 - @@ -141,6 +141,7 @@ struct filed { struct buffertls f_buftls; struct bufferevent *f_bufev; struct tls *f_ctx; + char*f_host; int f_reconnectwait; } f_forw; /* forwarding address */ charf_fname[PATH_MAX]; @@ -215,6 +216,10 @@ int IncludeHostname = 0;/* include RFC char *path_ctlsock = NULL; /* Path to control socket */ +struct tls_config *tlsconfig; +const char *CAfile = /etc/ssl/cert.pem; /* file containing CA certificates */ +int NoVerify = 0; /* do not verify TLS server x509 certificate */ + #define CTL_READING_CMD 1 #define CTL_WRITING_REPLY2 #define CTL_WRITING_CONT_REPLY 3 @@ -316,7 +321,7 @@ main(int argc, char *argv[]) int ch, i; int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd; - while ((ch = getopt(argc, argv, 46dhnuf:m:p:a:s:)) != -1) + while ((ch = getopt(argc, argv, 46C:dhnuf:m:p:a:s:V)) != -1) switch (ch) { case '4': /* disable IPv6 */ IPv4Only = 1; @@ -326,6 +331,9 @@ main(int argc, char *argv[]) IPv6Only = 1; IPv4Only = 0; break; + case 'C': /* file containing CA certificates */ + CAfile = optarg; + break; case 'd': /* debug */ Debug++; break; @@ -358,6 +366,9 @@ main(int argc, char *argv[]) case 's': path_ctlsock = optarg; break; + case 'V': /* do not verify certificates */ + NoVerify = 1; + break; default: usage(); } @@ -495,6 +506,39 @@ main(int argc, char *argv[]) } close(pair[1]); + if (tls_init() == -1) { + logerror(tls_init); + } else if ((tlsconfig = tls_config_new()) == NULL) { + logerror(tls_config_new); + } else if (NoVerify) { + tls_config_insecure_noverifyhost(tlsconfig); + tls_config_insecure_noverifycert(tlsconfig); + } else { + struct stat sb; + + fd = -1; + p = NULL; + errno = 0; + if ((fd = open(CAfile, O_RDONLY)) == -1) { + logerror(open CAfile); + } else if (fstat(fd, sb) == -1) { + logerror(fstat CAfile); + } else if (sb.st_size 1024*1024*1024) { + logerror(CAfile larger than 1GB); + } else if ((p = calloc(sb.st_size, 1)) == NULL) { + logerror(calloc CAfile); + } else if (read(fd, p, sb.st_size) != sb.st_size) { + logerror(read CAfile); + } else if (tls_config_set_ca_mem(tlsconfig, p, sb.st_size) + == -1) { + logerror(tls_config_set_ca_mem); + } else { + dprintf(CAfile %s, size %lld\n, CAfile, sb.st_size); + } + free(p); + close(fd); + } + dprintf(off running\n); chdir(/); @@ -813,8 +857,8 @@ tcp_connectcb(int fd, short event, void f-f_un.f_forw.f_ctx = ctx; buffertls_set(f-f_un.f_forw.f_buftls, bufev, ctx, s); - /* XXX no host given */ - buffertls_connect(f-f_un.f_forw.f_buftls, s, NULL); + buffertls_connect(f-f_un.f_forw.f_buftls, s, + f-f_un.f_forw.f_host); } return; @@ -837,39 +881,23 @@ tcp_connectcb(int fd, short event, void struct tls * tls_socket(struct filed *f) { - static struct tls_config *config; struct tls *ctx; char ebuf[100]; - if (config == NULL) { - if (tls_init() 0) { -
Re: [PATCH] bpf is now blocking again with and without timeout
On 21 Jan 2015, at 5:50 am, Simon Mages mages.si...@googlemail.com wrote: Sorry, i did not test the Patch well enough. It is still broken, but in a different way. I think tedu forgot in his patch to reset d-bd_rdStart. From my point of view it should be zero after sleeping in this case. Because if you read again after a successful read the timeout wont be processed because of: /* * If there's a timeout, bd_rdStart is tagged when we start the read. * we can then figure out when we're done reading. */ if (d-bd_rtout != -1 d-bd_rdStart == 0) d-bd_rdStart = ticks; else d-bd_rdStart = 0; And zero is all the time smaller then the elapsed time in the second read. This would fix it: if (elapsed d-bd_rtout) { error = tsleep(d, PRINET|PCATCH, bpf, d-bd_rtout - elapsed); + d-bd_rdStart = 0; } else error = EWOULDBLOCK; yes, that makes sense to me. ill commit it when im back at work (tuesday the 27th around 11am gmt+10) unless someone objects. or beats me too it. dlg BR Simon 2015-01-07 9:11 GMT+01:00, Simon Mages mages.si...@googlemail.com: I tested the patch and its working. I have a small test program already. I create a regression test with it. I'll post the diff here. Am 06.01.2015 04:19 schrieb Philip Guenther guent...@gmail.com: [(@#*$(*# control-enter keybinding] On Mon, Jan 5, 2015 at 7:15 PM, Philip Guenther guent...@gmail.com wrote: On Mon, Jan 5, 2015 at 11:01 AM, Ted Unangst t...@tedunangst.com wrote: ... In the regular timeout case, I'm not sure what you're changing. There is a problem here though. If we're already close to the timeout expiring, we shouldn't sleep the full timeout, only the time left since we began the read. Yes, that was what I was trying to convey in my reply to Mages's earlier post on this bpf issue. Your diff looks correct to me, though untested. Mages, do you have code this can be tested against? Is there something you could contribute to form a regress test we could place under /usr/src/regress/net/ to verify that we got this right and to catch breakage in the future? Philip Guenther
Re: syslogd TLS verify
On Sat, Jan 24, 2015 at 20:40, Alexander Bluhm wrote: On Thu, Jan 22, 2015 at 12:54:46AM +0100, Alexander Bluhm wrote: With this diff, syslogd verifies the x509 certificate of the TLS server before sending any messages to it. Note that you also need Reyk's extensions to libtls and libssl to use the CA file with privsep. So I will not commit before Reyk. Reyk has commited the libtls privsep support. Any oks? +case 'C': /* file containing CA certificates */ +CAfile = optarg; +break; +case 'V': /* do not verify certificates */ +NoVerify = 1; +break; I think it would be better to do as ftp(1) does and have one command line option that sets all the options, instead of exploding getopt() with every possibility.
spdmem(4) - print out correct tCAS of DDR2 DIMMs
Hello, this diff makes spdmem(4) print out CAS latencies of DDR2 SDRAM DIMMs instead of random garbage. 1) i is not 1 2) CAS latency can be up to 7 (CL6 and CL7 DDR2 SDRAMs are common). Regards, David Index: sys/dev/spdmem.c === RCS file: /cvs/src/sys/dev/spdmem.c,v retrieving revision 1.4 diff -u -p -r1.4 spdmem.c --- sys/dev/spdmem.c19 Jan 2015 18:38:41 - 1.4 +++ sys/dev/spdmem.c24 Jan 2015 22:28:37 - @@ -533,8 +533,8 @@ spdmem_ddr2_decode(struct spdmem_softc * } /* Print CAS latency */ - for (i = 5; i = 2; i--) { - if (s-sm_data[SPDMEM_DDR_CAS] (i i)) { + for (i = 7; i = 2; i--) { + if (s-sm_data[SPDMEM_DDR_CAS] (1 i)) { printf(CL%d, i); break; }