[PATCH] orders.html 5.6 - 5.7

[Raf Czlonka]

Hi all,

Just noticed that 'orders.html' page escaped the 5.6 - 5.7 update.

WARNING!: I had also updated the path to the CD cover small GIF file but
this one is yet to be created. I had not created one as I wasn't sure
whether you'd simply use http://www.openbsd.org/images/bluefish.jpg as
the source to create the mini GIF version or use another file.

Regards,

Raf

Index: orders.html
===
RCS file: /cvs/www/orders.html,v
retrieving revision 1.580
diff -u -p -r1.580 orders.html
--- orders.html 5 Feb 2015 06:20:56 -   1.580
+++ orders.html 5 May 2015 12:31:11 -
@@ -18,10 +18,10 @@
 table
  tr
   td align=center width=150
-   OpenBSD 5.6br
-   Nov 1, 2014br
+   OpenBSD 5.7br
+   May 1, 2015br
a href=https://openbsdstore.com;
-   img height=127 width=90 src=images/cd56-s.gif/a
+   img height=127 width=90 src=images/cd57-s.gif/a
   /td
   td
 Every six months (around May 1 and Nov 1) OpenBSD makes an official 
software release.

Re: seccomp system call

[Damien Miller]

On Mon, 4 May 2015, Todd C. Miller wrote:

 On Sun, 03 May 2015 20:44:25 -, Loganaden Velvindron wrote:
 
  OpenBSD already has systrace.
 
 Last I checked, systrace doesn't work well with multi-threaded
 programs and was trivial to bypass.  The basic design where you
 have a userland monitor process is flawed.  Something where a policy
 is pushed into (and enforced by) the kernel would be better.

seccomp-bpf doesn't offer inspection of indirect syscall arguments
either, so in that regard it's no better than systrace. AFAIK it
would be less intrusive, have fewer knobs and not need a persistent
root-privileged monitor process though.

-d

Re: seccomp system call

[Damien Miller]

On Mon, 4 May 2015, Theo de Raadt wrote:

 Personally, I think seccomp-bpf could be a superior alternative to
 systrace and I'd love to see an implementation. Other developers (inc.
 Theo) are skeptical though, but this is probably a case where the
 argument won't be settled without a concrete implementation to look at.
 
 I am very skeptical about a bpf-style model, because:
 
 People are currently writing policies specific to what glibc does;
 or what they believe it is doing.

I don't think we could expect to use syscall policies written for
Linux as anything more than rough guidance (or perhaps cautionary
example)

 Those policies will be wide open, or too strict.  If we adopt this
 into our world, the next step after that is going to be wide use of
 #ifdef within bpf rulesets.

I don't think that's necessarily true, OpenSSH only uses ifdef in
the systrace rulesets for new/deprecated syscalls and the bpf
rulesets would be identical. Most other privsep daemons would be
in a similar boat I expect.

-d

Re: [PATCH] orders.html 5.6 - 5.7

[Ingo Schwarze]

Hi Raf,

Raf Czlonka wrote on Tue, May 05, 2015 at 01:41:17PM +0100:

 Just noticed that 'orders.html' page escaped the 5.6 - 5.7 update.

Done, thanks for mentioning it.

 WARNING!: I had also updated the path to the CD cover small GIF file but
 this one is yet to be created. I had not created one as I wasn't sure
 whether you'd simply use http://www.openbsd.org/images/bluefish.jpg as
 the source to create the mini GIF version or use another file.

Well, for now, i have simply generated a thumbnail of the usual size
from an image of the CD packaging; i guess that's good enough.
Otherwise, any developer who knows better can improve the image.

Yours,
  Ingo


 Index: orders.html
 ===
 RCS file: /cvs/www/orders.html,v
 retrieving revision 1.580
 diff -u -p -r1.580 orders.html
 --- orders.html   5 Feb 2015 06:20:56 -   1.580
 +++ orders.html   5 May 2015 12:31:11 -
 @@ -18,10 +18,10 @@
  table
   tr
td align=center width=150
 -   OpenBSD 5.6br
 -   Nov 1, 2014br
 +   OpenBSD 5.7br
 +   May 1, 2015br
 a href=https://openbsdstore.com;
 -   img height=127 width=90 src=images/cd56-s.gif/a
 +   img height=127 width=90 src=images/cd57-s.gif/a
/td
td
  Every six months (around May 1 and Nov 1) OpenBSD makes an official 
 software release.
 

Re: getprogname(3) manpage fix

[Ingo Schwarze]

Hi Kaspars,

committed, thanks.
  Ingo


Kaspars Bankovskis wrote on Mon, May 04, 2015 at 11:45:17PM +0300:

 Index: getprogname.3
 ===
 RCS file: /cvs/src/lib/libc/gen/getprogname.3,v
 retrieving revision 1.4
 diff -u -p -r1.4 getprogname.3
 --- getprogname.3 31 Jul 2013 16:43:27 -  1.4
 +++ getprogname.3 4 May 2015 20:34:35 -
 @@ -55,7 +55,7 @@ or other diagnostic output.
  The
  .Fn setprogname
  function sets the name of the program to be the last path component of the
 -.Fa progname
 +.Fa name
  argument.
  Internally, only the pointer to the given string is kept as the program name,
  so it should not be modified and the storage for the string must remain valid
 @@ -65,9 +65,9 @@ for the rest of the program's lifetime.
  .Xr setproctitle 3
  .Sh HISTORY
  The
 -.Nm getprogname
 +.Fn getprogname
  and
 -.Nm setprogname
 +.Fn setprogname
  functions first appeared in
  .Ox 5.4
  as function-based wrappers around the

trunk is out, special offer with LACP included!

[Martin Pieuchot]

Now that the stack is ready, here's a diff to take the first victim,
trunk(4), out of ether_input().

If you glanced over previous versions of this diff, the differences
are mostly in sys/net/trunklacp.c and include some printf(9) fixes
in bonus.

Ok?

Index: net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.195
diff -u -p -r1.195 if_ethersubr.c
--- net/if_ethersubr.c  4 May 2015 10:24:08 -   1.195
+++ net/if_ethersubr.c  5 May 2015 12:10:25 -
@@ -463,9 +463,6 @@ ether_input(struct mbuf *m, void *hdr)
int llcfound = 0;
struct llc *l;
struct arpcom *ac;
-#if NTRUNK  0
-   int i = 0;
-#endif
 #if NPPPOE  0
struct ether_header *eh_tmp;
 #endif
@@ -480,21 +477,6 @@ ether_input(struct mbuf *m, void *hdr)
m_adj(m, ETHER_HDR_LEN);
}
 
-#if NTRUNK  0
-   /* Handle input from a trunk port */
-   while (ifp-if_type == IFT_IEEE8023ADLAG) {
-   if (++i  TRUNK_MAX_STACKING) {
-   m_freem(m);
-   return (1);
-   }
-   if (trunk_input(ifp, eh, m) != 0)
-   return (1);
-
-   /* Has been set to the trunk interface */
-   ifp = m-m_pkthdr.rcvif;
-   }
-#endif
-
if ((ifp-if_flags  IFF_UP) == 0) {
m_freem(m);
return (1);
@@ -518,17 +500,9 @@ ether_input(struct mbuf *m, void *hdr)
else
m-m_flags |= M_MCAST;
ifp-if_imcasts++;
-#if NTRUNK  0
-   if (ifp != ifp0)
-   ifp0-if_imcasts++;
-#endif
}
 
ifp-if_ibytes += m-m_pkthdr.len + sizeof(*eh);
-#if NTRUNK  0
-   if (ifp != ifp0)
-   ifp0-if_ibytes += m-m_pkthdr.len + sizeof(*eh);
-#endif
 
etype = ntohs(eh-ether_type);
 
Index: net/if_trunk.c
===
RCS file: /cvs/src/sys/net/if_trunk.c,v
retrieving revision 1.95
diff -u -p -r1.95 if_trunk.c
--- net/if_trunk.c  14 Mar 2015 03:38:51 -  1.95
+++ net/if_trunk.c  5 May 2015 13:09:53 -
@@ -94,14 +94,14 @@ int  trunk_rr_detach(struct trunk_softc 
 voidtrunk_rr_port_destroy(struct trunk_port *);
 int trunk_rr_start(struct trunk_softc *, struct mbuf *);
 int trunk_rr_input(struct trunk_softc *, struct trunk_port *,
-   struct ether_header *, struct mbuf *);
+   struct mbuf *);
 
 /* Active failover */
 int trunk_fail_attach(struct trunk_softc *);
 int trunk_fail_detach(struct trunk_softc *);
 int trunk_fail_start(struct trunk_softc *, struct mbuf *);
 int trunk_fail_input(struct trunk_softc *, struct trunk_port *,
-   struct ether_header *, struct mbuf *);
+   struct mbuf *);
 
 /* Loadbalancing */
 int trunk_lb_attach(struct trunk_softc *);
@@ -110,7 +110,7 @@ int  trunk_lb_port_create(struct trunk_p
 voidtrunk_lb_port_destroy(struct trunk_port *);
 int trunk_lb_start(struct trunk_softc *, struct mbuf *);
 int trunk_lb_input(struct trunk_softc *, struct trunk_port *,
-   struct ether_header *, struct mbuf *);
+   struct mbuf *);
 int trunk_lb_porttable(struct trunk_softc *, struct trunk_port *);
 
 /* Broadcast mode */
@@ -118,14 +118,14 @@ inttrunk_bcast_attach(struct trunk_sof
 int trunk_bcast_detach(struct trunk_softc *);
 int trunk_bcast_start(struct trunk_softc *, struct mbuf *);
 int trunk_bcast_input(struct trunk_softc *, struct trunk_port *,
-   struct ether_header *, struct mbuf *);
+   struct mbuf *);
 
 /* 802.3ad LACP */
 int trunk_lacp_attach(struct trunk_softc *);
 int trunk_lacp_detach(struct trunk_softc *);
 int trunk_lacp_start(struct trunk_softc *, struct mbuf *);
 int trunk_lacp_input(struct trunk_softc *, struct trunk_port *,
-   struct ether_header *, struct mbuf *);
+   struct mbuf *);
 
 /* Trunk protocol table */
 static const struct {
@@ -288,6 +288,7 @@ trunk_port_create(struct trunk_softc *tr
 {
struct trunk_softc *tr_ptr;
struct trunk_port *tp;
+   struct ifih *trunk_ifih;
int error = 0;
 
/* Limit the maximal number of trunk ports */
@@ -326,12 +327,19 @@ trunk_port_create(struct trunk_softc *tr
M_DEVBUF, M_NOWAIT|M_ZERO)) == NULL)
return (ENOMEM);
 
+   trunk_ifih = malloc(sizeof(*trunk_ifih), M_DEVBUF, M_NOWAIT);
+   if (trunk_ifih == NULL) {
+   free(tp, M_DEVBUF, 0);
+   return (ENOMEM);
+   }
+
/* Check if port is a stacked trunk */
SLIST_FOREACH(tr_ptr, trunk_list, tr_entries) {
if (ifp == tr_ptr-tr_ac.ac_if) {
tp-tp_flags |= TRUNK_PORT_STACK;
if (trunk_port_checkstacking(tr_ptr) =

Re: msleep(9) should handle cold and panics just like tsleep does

[Philip Guenther]

On Tue, May 5, 2015 at 9:35 AM, Mike Belopuhov m...@belopuhov.com wrote:
...
 Here's a diff to remedy this.  This is the same chunk as in the
 tsleep, except it uses semantics of msleep.  IPL dance is there
 to negate the IPL changing effect of mtx_enter/mtx_leave so that
 splx(safepri) operation is actually changing IPL level from HIGH
 to safepri and then back to the mutex IPL level.
...
 +   spl = MUTEX_OLDIPL(mtx);
 +   MUTEX_OLDIPL(mtx) = splhigh();
 +   mtx_leave(mtx);
 +
 +   splx(safepri);

Hmm, since mtx_leave() effectively ends with
splx(MUTEX_OLDIPL(mtx));, can't we just say:

  spl = MUTEX_OLDIPL(mtx);
  MUTEX_OLDIPL(mtx) = safepri;
  mtx_leave(mtx);

(The tsleep() version needs splhigh() because that's the only safe way
to get the current spl level so that it can be restored before
returning.  Here in msleep() the mutex's MUTEX_OLDIPL() already has
the value we need.)


Philip Guenther

msleep(9) should handle cold and panics just like tsleep does

[Mike Belopuhov]

Now that we have mutexes in our I/O path (SCSI, mfi, etc)
vfs_shutdown codepath is no longer safe since it still doesn't
disable process scheduling and relies on tsleep and now msleep
not to get into the mi_switch by accident.  Unfortunately msleep
doesn't provide such guarantees yet.

Here's a diff to remedy this.  This is the same chunk as in the
tsleep, except it uses semantics of msleep.  IPL dance is there
to negate the IPL changing effect of mtx_enter/mtx_leave so that
splx(safepri) operation is actually changing IPL level from HIGH
to safepri and then back to the mutex IPL level.

This fixes up hangs seen in vfs_shutdown (sys_sync) on panics.

Tested with SP and MP kernels on amd64.  OK?

diff --git sys/kern/kern_synch.c sys/kern/kern_synch.c
index fbf7684..6fe2b61 100644
--- sys/kern/kern_synch.c
+++ sys/kern/kern_synch.c
@@ -142,7 +142,7 @@ tsleep(const volatile void *ident, int priority, const char 
*wmesg, int timo)
 }
 
 /*
- * Same as tsleep, but if we have a mutex provided, then once we've 
+ * Same as tsleep, but if we have a mutex provided, then once we've
  * entered the sleep queue we drop the mutex. After sleeping we re-lock.
  */
 int
@@ -155,12 +155,33 @@ msleep(const volatile void *ident, struct mutex *mtx, int 
priority,
KASSERT((priority  ~(PRIMASK | PCATCH | PNORELOCK)) == 0);
KASSERT(mtx != NULL);
 
+   if (cold || panicstr) {
+   /*
+* After a panic, or during autoconfiguration,
+* just give interrupts a chance, then just return;
+* don't run any other procs or panic below,
+* in case this is the idle process and already asleep.
+*/
+   spl = MUTEX_OLDIPL(mtx);
+   MUTEX_OLDIPL(mtx) = splhigh();
+   mtx_leave(mtx);
+
+   splx(safepri);
+
+   if ((priority  PNORELOCK) == 0) {
+   mtx_enter(mtx);
+   MUTEX_OLDIPL(mtx) = spl;
+   } else
+   splx(spl);
+   return (0);
+   }
+
sleep_setup(sls, ident, priority, wmesg);
sleep_setup_timeout(sls, timo);
sleep_setup_signal(sls, priority);
 
/* XXX - We need to make sure that the mutex doesn't
-* unblock splsched. This can be made a bit more 
+* unblock splsched. This can be made a bit more
 * correct when the sched_lock is a mutex.
 */
spl = MUTEX_OLDIPL(mtx);

Re: seccomp system call

[Nicolas Bedos]

On Mon May 04, Damien Miller wrote:
 Personally, I think seccomp-bpf could be a superior alternative to
 systrace and I'd love to see an implementation. Other developers (inc.
 Theo) are skeptical though, but this is probably a case where the
 argument won't be settled without a concrete implementation to look at.
 
 I'd welcome any work you do on it.

I'm going to start working on the bpf part and I will let you know if I
succeed at implementing the SECCOMP_SET_MODE_FILTER operation.

Re: How to tie up p_tid with pthread_self's thread ID

[Jérémie Courrèges-Anglas]

Stuart Henderson st...@openbsd.org writes:

 I am trying to track down some threads which are seeing high cpu use in
 top(1), but can't work out how to track back from any information available
 from struct kinfo_proc back to a thread ID as returned by pthread_self().

 The threaded program can print a nice display of its own internal concept
 of thread name, with the value returned by pthread_self(), and on some OS
 it also stores what I think is their equivalent of our p_tid, e.g. on linux
 it uses syscall(SYS_gettid).

 Do we have a way within a threaded program to determine the current thread's
 p_tid?

If I'm not mistaken that would be getthrid(2).

 Or is there a way to go from p_tid (or something else available in struct
 kinfo_proc) back to a thread ID returned by pthread_self()?

No idea.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

How to tie up p_tid with pthread_self's thread ID

[Stuart Henderson]

I am trying to track down some threads which are seeing high cpu use in
top(1), but can't work out how to track back from any information available
from struct kinfo_proc back to a thread ID as returned by pthread_self().

The threaded program can print a nice display of its own internal concept
of thread name, with the value returned by pthread_self(), and on some OS
it also stores what I think is their equivalent of our p_tid, e.g. on linux
it uses syscall(SYS_gettid).

Do we have a way within a threaded program to determine the current thread's
p_tid?

Or is there a way to go from p_tid (or something else available in struct
kinfo_proc) back to a thread ID returned by pthread_self()?

Thanks.

Re: PATCH: bring crypto(9) up to speed with crypto/cryptodev.h

[Mike Belopuhov]

On 2 May 2015 at 22:07, Vincent Gross dermi...@kilob.yt wrote:
 Hi folks,

 crypto(9) describes functions and constants that are not part of
 crypto/cryptodev.h anymore (see 1.58 - 1.60), this patch fixes that.

 Cheers,


committed a tweaked version.  thanks.

Re: [patch] rtl8188eu support for urtwn(4)

[Stefan Sperling]

On Mon, May 04, 2015 at 01:51:28PM +0200, Stefan Sperling wrote:
 On Mon, May 04, 2015 at 01:23:59PM +0200, Stefan Sperling wrote:
  Unfortunately, this patch doesn't still fix the performance problem
  for me. How are you testing performance? I'm using tcpbench(1).
 
 I've committed your patch so we can work on the remaining issues in
 smaller chunks. Thanks a lot for your work so far. It's always great
 to see someone new help us out with wireless.

For the record: The speed issue happens only with an AP in 11b mode
(the 88E firmware retries every data frame at 5Mbit/s). OFDM (11g) works.