Re: inteldrm(4) diff that needs testing

[YASUOKA Masahiko]

On Sat, 24 Oct 2015 23:48:01 +0200 (CEST)
Mark Kettenis  wrote:
> The diff below makes inteldrm(4) attach directly to pci(4) instead of
> vga(1).  Because inteldrm(4) depends on intagp(4), this also make
> intagp(4) a child of inteldrm(4).  Ultimately I'd like to integrate
> intagp(4) into inteldrm(4), but that's going to be a bit more work.
> 
> This diff is needed to make inteldrm(4) work when OpenBSD gets booted
> by UEFI firmware.  It will also make inteldrm(4) work on machines with
> discrete graphics.
> 
> This diff needs to be tested on a wide range of hardware.  So if you
> have a machine with inteldrm(4), please give it a shot.  I'm
> particularly interested in testing on an x40.

works for me on vaio z (UEFI only).

On UEFI boot, efifb(4) tries to become the console and seems to break
the wsdisplay on inteldrm0 (switching X <=> console became unusable).
To avoid this I used the diff following.

Index: sys/arch/amd64/amd64/efifb.c
===
RCS file: /disk/cvs/openbsd/src/sys/arch/amd64/amd64/efifb.c,v
retrieving revision 1.6
diff -u -p -r1.6 efifb.c
--- sys/arch/amd64/amd64/efifb.c7 Sep 2015 18:19:58 -   1.6
+++ sys/arch/amd64/amd64/efifb.c26 Oct 2015 05:49:37 -
@@ -91,6 +91,10 @@ int
 efifb_match(struct device *parent, void *cf, void *aux)
 {
struct efifb_attach_args *eaa = aux;
+   extern int vga_console_attached;
+
+   if (vga_console_attached)
+   return (0);
 
if (strcmp(eaa->eaa_name, efifb_cd.cd_name) == 0 &&
bios_efiinfo != NULL)


OpenBSD 5.8-current (GENERIC.MP) #63: Mon Oct 26 14:59:03 JST 2015

yasu...@yasuoka-ob1.tokyo.iiji.jp:/home/yasuoka/source/openbsd/cvs/head/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 
7f
real mem = 8470687744 (8078MB)
avail mem = 8209833984 (7829MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xacd7 (20 entries)
bios0: vendor Phoenix Technologies Ltd. version "R0181B6" date 02/19/2015
bios0: VAIO Corporation VAIO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP ASF! HPET LPIT APIC MCFG WDAT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT PCCT SSDT UEFI MSDM TPM2 SSDT BATB FPDT UEFI BGRT CSRT DMAR
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) 
GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) TPD4(S4) TPD7(S0) TPD8(S0) HDEF(S4) 
PXSX(S4) RP01(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz, 2594.46 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz, 2594.01 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz, 2594.01 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-5257U CPU @ 2.70GHz, 2594.01 MHz
cpu3: 

rewrite if_ifwithaddr() to use rtalloc(9)

[Vincent Gross]

regress/sys/net/rdomains still passes with this diff.

Ok ?

Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.398
diff -u -p -r1.398 if.c
--- net/if.c25 Oct 2015 21:58:04 -  1.398
+++ net/if.c26 Oct 2015 09:44:10 -
@@ -1143,31 +1143,19 @@ if_congested(void)
 struct ifaddr *
 ifa_ifwithaddr(struct sockaddr *addr, u_int rtableid)
 {
-   struct ifnet *ifp;
struct ifaddr *ifa;
+   struct rtentry *rt;
u_int rdomain;
 
+   /*
+* Local routes corresponding to ifas are in rdomain's
+* default rtable.
+*/
rdomain = rtable_l2(rtableid);
-   TAILQ_FOREACH(ifp, , if_list) {
-   if (ifp->if_rdomain != rdomain)
-   continue;
-
-   TAILQ_FOREACH(ifa, >if_addrlist, ifa_list) {
-   if (ifa->ifa_addr->sa_family != addr->sa_family)
-   continue;
-
-   if (equal(addr, ifa->ifa_addr))
-   return (ifa);
-
-   /* IPv6 doesn't have broadcast */
-   if ((ifp->if_flags & IFF_BROADCAST) &&
-   ifa->ifa_broadaddr &&
-   ifa->ifa_broadaddr->sa_len != 0 &&
-   equal(ifa->ifa_broadaddr, addr))
-   return (ifa);
-   }
-   }
-   return (NULL);
+   rt = rtalloc(addr, 0, rdomain);
+   ifa = rt && (rt->rt_flags & RTF_LOCAL) ? rt->rt_ifa : NULL;
+   rtfree(rt);
+   return ifa;
 }
 
 /*

uptime in top

[Ted Unangst]

when i run top, i think uptime would be interesting info to include. there's
some space on the second line under the hostname and time. i tried to squeeze
it on the first line, but there isn't much room with 80 columns.


Index: display.c
===
RCS file: /cvs/src/usr.bin/top/display.c,v
retrieving revision 1.49
diff -u -p -r1.49 display.c
--- display.c   6 May 2015 07:53:29 -   1.49
+++ display.c   26 Oct 2015 10:26:04 -
@@ -56,6 +56,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include "screen.h"/* interface to screen package */
 #include "layout.h"/* defines for screen position layout */
@@ -204,6 +205,40 @@ display_init(struct statics * statics)
/* return number of lines available */
return (display_lines);
 }
+static void
+format_uptime(char *buf, size_t buflen)
+{
+   time_t now, uptime;
+   int days, hrs, mins;
+   int mib[2];
+   size_t size;
+   struct timeval boottime;
+
+   now = time(NULL);
+   /*
+* Print how long system has been up.
+* (Found by getting "boottime" from the kernel)
+*/
+   mib[0] = CTL_KERN;
+   mib[1] = KERN_BOOTTIME;
+   size = sizeof(boottime);
+   if (sysctl(mib, 2, , , NULL, 0) != -1) {
+   uptime = now - boottime.tv_sec;
+   uptime += 30;
+   days = uptime / (3600 * 24);
+   uptime %= (3600 * 24);
+   hrs = uptime / 3600;
+   uptime %= 3600;
+   mins = uptime / 60;
+   if (days > 0)
+   snprintf(buf, buflen, "up %d day%s, %2d:%02d",
+   days, days > 1 ? "s" : "", hrs, mins);
+   else
+   snprintf(buf, buflen, "up %2d:%02d",
+   hrs, mins);
+   }
+}
+
 
 void
 i_loadave(pid_t mpid, double *avenrun)
@@ -222,6 +257,7 @@ i_loadave(pid_t mpid, double *avenrun)
for (i = 0; i < 3; i++)
printwp("%c %5.2f", i == 0 ? ':' : ',', avenrun[i]);
}
+
 }
 
 /*
@@ -272,6 +308,7 @@ i_procstates(int total, int *states, int
 {
if (screen_length > 2 || !smart_terminal) {
char procstates_buffer[MAX_COLS];
+   char uptime[40];
 
move(1, 0);
clrtoeol();
@@ -286,6 +323,13 @@ i_procstates(int total, int *states, int
states, procstate_names);
 
addstrp(procstates_buffer);
+
+   format_uptime(uptime, sizeof(uptime));
+   if (smart_terminal)
+   move(1, screen_width - strlen(uptime));
+   else
+   printwp("  ");
+   printwp("%s", uptime);
putn();
}
 }

rip6query(8)

[Theo de Raadt]

does anyone use rip6query?

we don't have a ripquery

I cannot imagine the use for this too.  Either you are using rip6
protocol, or you aren't.  Does this perhaps still exist because
route6d isn't like our other daemons with a "fib-update" mode?

Re: utf8 hack for ls

[Ted Unangst]

Damien Miller wrote:
> rather than scattering hacks in each program that needs to
> output utf8 to the console, how about making something
> for libutil that they all can use?

Yes, that is certainly the plan, but I think it's easier to see what's needed
if we convert a few programs first to identify common functionality. Also,
diffs that touch libutil and ls are a pain to test.

Re: utf8 hack for ls

[Damien Miller]

rather than scattering hacks in each program that needs to
output utf8 to the console, how about making something
for libutil that they all can use?

On Sun, 25 Oct 2015, Ted Unangst wrote:

> it only gets deeper and thicker...
> 
> this decodes chars and prints ? for bytes it doesn't like, as well as
> codepoints (128-159) it doesn't like.
> 
> (this is extracted from some old utf8 code i had laying around. it's a bit
> simpler than the stringprep stuff but it seems to handle the case of some
> incorrect sequences correctly. it does allow overlong encodings, but "not my
> problem"?)

Re: utf8 hack for ls

[Theo de Raadt]

> Damien Miller wrote:
> > rather than scattering hacks in each program that needs to
> > output utf8 to the console, how about making something
> > for libutil that they all can use?
> 
> Yes, that is certainly the plan, but I think it's easier to see what's needed
> if we convert a few programs first to identify common functionality. Also,
> diffs that touch libutil and ls are a pain to test.

of course.  so imagine adding an API.  then changing it, cranking major,
changing it, cranking major, etc.

imsg eventually ended up in libutil, but that was after ~12 programs had
put design pressure on it from seperate directions.

The noises in the berlin room and icb lead me to believe we are nowhere near
some 'encompassing API' that would cover all cases.  as in, such API already
exist, but are not being considered...

Re: sed: better error message

[Theo de Raadt]

> Jérémie Courrèges-Anglas wrote:
> > Michael McConville  writes:
> > > It looks like it can be pretty easily replaced with calls to err(3),
> > > errx(3), warn(3), warnx(3), etc.
> > 
> > Not sure about this, you'd have to repeat the same code over and over to
> > print the line number and file name.
> 
> Good point. I'll look at the code more.
> 
> > > However, it'd be easiest to rename the function to error() first.
> > >
> > > Thoughts?
> > 
> > Makes sense to me.
> > 
> > However, using "error" instead of "sed_err" would save you two
> > characters and avoid some of the >80 chars long lines introduced by your
> > diff.  Those should be fixed.
> 
> 'error' seemed a little too general. ok for s_err?

hundreds of programs use error() just fine because it isn't available
in the system namespace.

enhanced use-after-free detection for malloc v2

[Daniel Micay]

This is an improved revision of my earlier patch.

It now validates the junk data in the delayed_chunks array in an atexit handler
too, rather than just when allocations are swapped out.

It will now catch this simple UAF 100% of the time:

#include 
#include 

int main(void) {
  size_t i;
  char *p;
  for (i = 0; i < 32; i++) {
p = malloc(16);
if (!p) return 1;
  }

  p = malloc(16);
  if (!p) return 1;
  free(p);
  *p = 5;

  for (i = 0; i < 4; i++) {
p = malloc(16);
if (!p) return 1;
free(p);
  }
  return 0;
}

In general, it depends on the allocation still being in the delayed chunks
array when the use-after-free happens. This means a larger delayed chunks
array would improve the detection rate.

diff --git a/stdlib/malloc.c b/stdlib/malloc.c
index 424dd77..4a635b6 100644
--- a/stdlib/malloc.c
+++ b/stdlib/malloc.c
@@ -182,6 +182,7 @@ struct malloc_readonly {
int malloc_freeunmap;   /* mprotect free pages PROT_NONE? */
int malloc_hint;/* call madvice on free pages?  */
int malloc_junk;/* junk fill? */
+   int malloc_validate;/* validate junk */
int malloc_move;/* move allocations to end of page? */
int malloc_realloc; /* always realloc? */
int malloc_xmalloc; /* xmalloc behaviour? */
@@ -218,6 +219,8 @@ static void malloc_exit(void);
 #define CALLER NULL
 #endif
 
+static void validate_delayed_chunks(void);
+
 /* low bits of r->p determine size: 0 means >= page size and p->size holding
  *  real size, otherwise r->size is a shift count, or 1 for malloc(0)
  */
@@ -560,6 +563,12 @@ omalloc_init(struct dir_info **dp)
case 'J':
mopts.malloc_junk = 2;
break;
+   case 'v':
+   mopts.malloc_validate = 0;
+   break;
+   case 'V':
+   mopts.malloc_validate = 1;
+   break;
case 'n':
case 'N':
break;
@@ -608,6 +617,9 @@ omalloc_init(struct dir_info **dp)
}
}
 
+   if (!mopts.malloc_junk)
+   mopts.malloc_validate = 0;
+
 #ifdef MALLOC_STATS
if (mopts.malloc_stats && (atexit(malloc_exit) == -1)) {
static const char q[] = "malloc() warning: atexit(2) failed."
@@ -616,6 +628,12 @@ omalloc_init(struct dir_info **dp)
}
 #endif /* MALLOC_STATS */
 
+   if (mopts.malloc_validate && (atexit(validate_delayed_chunks) == -1)) {
+   static const char q[] = "malloc() warning: atexit(2) failed."
+   " Will not be able to check for use after free\n";
+   write(STDERR_FILENO, q, sizeof(q) - 1);
+   }
+
while ((mopts.malloc_canary = arc4random()) == 0)
;
 
@@ -1190,6 +1208,33 @@ malloc(size_t size)
 /*DEF_STRONG(malloc);*/
 
 static void
+validate_junk(void *p) {
+   struct region_info *r;
+   struct dir_info *pool = getpool();
+   size_t byte, sz;
+   r = find(pool, p);
+   if (r == NULL)
+   wrterror("bogus pointer in validate_junk", p);
+   REALSIZE(sz, r);
+   for (byte = 0; byte < sz; byte++) {
+   if (((char *)p)[byte] != SOME_FREEJUNK) {
+   wrterror("use after free", p);
+   return;
+   }
+   }
+}
+
+static void
+validate_delayed_chunks(void) {
+   struct dir_info *pool = getpool();
+   int i;
+   if (pool == NULL)
+   return;
+   for (i = 0; i < MALLOC_DELAYED_CHUNK_MASK + 1; i++)
+   validate_junk(pool->delayed_chunks[i]);
+}
+
+static void
 ofree(void *p)
 {
struct dir_info *pool = getpool();
@@ -1253,6 +1298,8 @@ ofree(void *p)
wrterror("double free", p);
return;
}
+   if (mopts.malloc_validate)
+   validate_junk(p);
pool->delayed_chunks[i] = tmp;
}
if (p != NULL) {

Re: ChachaPoly-03: Chacha20-Poly1305 AEAD construction as per RFC7634

[Mike Belopuhov]

On 26 October 2015 at 23:52, Damien Miller  wrote:
> On Mon, 26 Oct 2015, Mike Belopuhov wrote:
>
>> OK?
>
> Will this get the nonce right on BE systems?
>

nonce is a uint8_t array, so of course yes, it's endian agnostic because
you address memory byte by byte.

>> + /* initial counter is 1 */
>> + ctx->nonce[0] = 1;
>> + memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
>> + CHACHA20_SALT);

Re: ChachaPoly-01: sync chacha_private.h to the code from ssh

[Reyk Floeter]

On Mon, Oct 26, 2015 at 06:27:19PM +0100, Mike Belopuhov wrote:
> Kernel version lost the counter argument to chacha_ivsetup that I'll
> need for Chacha20 use in the IPsec stack.
> 
> This change is a NO-OP.
> 
> OK?
> 

Looks OK and matches the version in ssh.

btw., why are we using this header file instead of chacha.[ch] again?

Reyk

> ---
>  sys/crypto/chacha_private.h | 8 
>  sys/crypto/xform.c  | 1 +
>  sys/dev/rnd.c   | 8 
>  3 files changed, 9 insertions(+), 8 deletions(-)
> 
> diff --git sys/crypto/chacha_private.h sys/crypto/chacha_private.h
> index 66b57c5..662c074 100644
> --- sys/crypto/chacha_private.h
> +++ sys/crypto/chacha_private.h
> @@ -48,11 +48,11 @@ typedef struct
>  
>  static const char sigma[16] = "expand 32-byte k";
>  static const char tau[16] = "expand 16-byte k";
>  
>  static void
> -chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 ivbits)
> +chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits)
>  {
>const char *constants;
>  
>x->input[4] = U8TO32_LITTLE(k + 0);
>x->input[5] = U8TO32_LITTLE(k + 4);
> @@ -73,14 +73,14 @@ chacha_keysetup(chacha_ctx *x,const u8 *k,u32 kbits,u32 
> ivbits)
>x->input[2] = U8TO32_LITTLE(constants + 8);
>x->input[3] = U8TO32_LITTLE(constants + 12);
>  }
>  
>  static void
> -chacha_ivsetup(chacha_ctx *x,const u8 *iv)
> +chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
>  {
> -  x->input[12] = 0;
> -  x->input[13] = 0;
> +  x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
> +  x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
>x->input[14] = U8TO32_LITTLE(iv + 0);
>x->input[15] = U8TO32_LITTLE(iv + 4);
>  }
>  
>  static void
> diff --git sys/crypto/xform.c sys/crypto/xform.c
> index 1dbe054..84b762b 100644
> --- sys/crypto/xform.c
> +++ sys/crypto/xform.c
> @@ -56,10 +56,11 @@
>  #include 
>  #include 
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, 
> int);
>  extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int);
>  
>  int  des_set_key(void *, caddr_t);
> diff --git sys/dev/rnd.c sys/dev/rnd.c
> index 58f12ed..eda81ed 100644
> --- sys/dev/rnd.c
> +++ sys/dev/rnd.c
> @@ -566,12 +566,12 @@ static inline void _rs_rekey(u_char *dat, size_t 
> datlen);
>  
>  static inline void
>  _rs_init(u_char *buf, size_t n)
>  {
>   KASSERT(n >= KEYSZ + IVSZ);
> - chacha_keysetup(, buf, KEYSZ * 8, 0);
> - chacha_ivsetup(, buf + KEYSZ);
> + chacha_keysetup(, buf, KEYSZ * 8);
> + chacha_ivsetup(, buf + KEYSZ, NULL);
>  }
>  
>  static void
>  _rs_seed(u_char *buf, size_t n)
>  {
> @@ -831,12 +831,12 @@ randomread(dev_t dev, struct uio *uio, int ioflag)
>   return 0;
>  
>   buf = malloc(POOLBYTES, M_TEMP, M_WAITOK);
>   if (total > ARC4_MAIN_MAX_BYTES) {
>   arc4random_buf(lbuf, sizeof(lbuf));
> - chacha_keysetup(, lbuf, KEYSZ * 8, 0);
> - chacha_ivsetup(, lbuf + KEYSZ);
> + chacha_keysetup(, lbuf, KEYSZ * 8);
> + chacha_ivsetup(, lbuf + KEYSZ, NULL);
>   explicit_bzero(lbuf, sizeof(lbuf));
>   myctx = 1;
>   }
>  
>   while (ret == 0 && uio->uio_resid > 0) {
> -- 
> 2.6.2
> 

-- 

Re: csh: kill profiling & debugging ifdefs

[Vadim Zhukov]

2015-10-26 21:55 GMT+01:00 Christian Weisgerber :
> Remove the profiling and debugging ifdefs.  Most of this is for
> instrumenting the expression evaluator and has been in place for
> 35 years.  I think we're done debugging.
>
> ok?

okay zhuk@
--
  WBR,
  Vadim Zhukov

Re: sed: better error handling

[Jérémie Courrèges-Anglas]

Thanks to Michael sed has moved from an error-prone custom err()
function to error().  Here's a cleanup for the arguments you can pass to
error().

- some calls to err(1, ...) - as in err(3) - had crept in.  But
  misc.c:err() did exit right away if you passed it 1 - despite the
  misleading comment about ERROR in defs.h.  Make those calls
  error(FATAL, ...)
- some calls used COMPILE2.  COMPILE and COMPILE2 are actually the same
  value, so kill the latter.
- also kill ERROR, unused elsewhere.
- reorder the remaining defines; put WARNING first since it doesn't
  cause sed to exit.

Comments / oks?

Index: compile.c
===
RCS file: /cvs/src/usr.bin/sed/compile.c,v
retrieving revision 1.39
diff -u -p -r1.39 compile.c
--- compile.c   26 Oct 2015 14:08:47 -  1.39
+++ compile.c   26 Oct 2015 19:36:34 -
@@ -784,7 +784,7 @@ fixuplabel(struct s_command *cp, struct 
break;
}
if ((cp->u.c = findlabel(cp->t)) == NULL)
-   error(COMPILE2, "undefined label '%s'", cp->t);
+   error(COMPILE, "undefined label '%s'", cp->t);
free(cp->t);
break;
case '{':
@@ -809,7 +809,7 @@ enterlabel(struct s_command *cp)
lhp = [h & LHMASK];
for (lh = *lhp; lh != NULL; lh = lh->lh_next)
if (lh->lh_hash == h && strcmp(cp->t, lh->lh_cmd->t) == 0)
-   error(COMPILE2, "duplicate label '%s'", cp->t);
+   error(COMPILE, "duplicate label '%s'", cp->t);
lh = xmalloc(sizeof *lh);
lh->lh_next = *lhp;
lh->lh_hash = h;
Index: defs.h
===
RCS file: /cvs/src/usr.bin/sed/defs.h,v
retrieving revision 1.6
diff -u -p -r1.6 defs.h
--- defs.h  17 Jul 2015 20:38:57 -  1.6
+++ defs.h  26 Oct 2015 19:36:34 -
@@ -136,11 +136,9 @@ typedef struct {
 /*
  * Error severity codes:
  */
-#defineFATAL   0   /* Exit immediately with 1 */
-#defineERROR   1   /* Continue, but change exit value */
-#defineWARNING 2   /* Just print the warning */
-#defineCOMPILE 3   /* Print error, count and finish script 
*/
-#defineCOMPILE23   /* Print error, count and finish script 
*/
+#defineWARNING 0   /* Just print the warning */
+#defineFATAL   1   /* Exit immediately with 1 */
+#defineCOMPILE 2   /* Print error, count and finish script 
*/
 
 /*
  * Round up to the nearest multiple of _POSIX2_LINE_MAX
Index: main.c
===
RCS file: /cvs/src/usr.bin/sed/main.c,v
retrieving revision 1.29
diff -u -p -r1.29 main.c
--- main.c  26 Oct 2015 14:08:47 -  1.29
+++ main.c  26 Oct 2015 19:36:34 -
@@ -161,10 +161,10 @@ main(int argc, char *argv[])
 
if (inplace != NULL) {
if (pledge("stdio rpath wpath cpath fattr", NULL) == -1)
-   error(1, "pledge");
+   error(FATAL, "pledge: %s", strerror(errno));
} else {
if (pledge("stdio rpath wpath cpath", NULL) == -1)
-   error(1, "pledge");
+   error(FATAL, "pledge: %s", strerror(errno));
}
 
/* First usage case; script is the first arg */
@@ -355,7 +355,7 @@ mf_fgets(SPACE *sp, enum e_spflag spflag
fname = files->fname;
if (inplace != NULL) {
if (lstat(fname, ) != 0)
-   error(1, "%s: %s", fname,
+   error(FATAL, "%s: %s", fname,
strerror(errno ? errno : EIO));
if (!S_ISREG(sb.st_mode))
error(FATAL, "%s: %s %s", fname,


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

csh: kill profiling & debugging ifdefs

[Christian Weisgerber]

Remove the profiling and debugging ifdefs.  Most of this is for
instrumenting the expression evaluator and has been in place for
35 years.  I think we're done debugging.

ok?

diff -uNrp -xCVS csh,3/Makefile csh/Makefile
--- csh,3/Makefile  Mon Oct 26 17:40:17 2015
+++ csh/MakefileMon Oct 26 21:50:37 2015
@@ -2,12 +2,8 @@
 #
 # C Shell with process control; VM/UNIX VAX Makefile
 # Bill Joy UC Berkeley; Jim Kulp IIASA, Austria
-#
-# To profile, put -DPROF in DEFS and -pg in CFLAGS, and recompile.
 
 PROG=  csh
-#CFLAGS+=-g
-#CFLAGS+=-Wall
 CFLAGS+=-I${.CURDIR} -I.
 SRCS=  alloc.c char.c const.c csh.c dir.c dol.c error.c exec.c exp.c file.c \
func.c glob.c hist.c init.c lex.c misc.c parse.c proc.c \
diff -uNrp -xCVS csh,3/csh.c csh/csh.c
--- csh,3/csh.c Mon Oct 26 17:40:17 2015
+++ csh/csh.c   Mon Oct 26 19:07:34 2015
@@ -819,9 +819,6 @@ void
 exitstat(void)
 {
 Char *s;
-#ifdef PROF
-monitor(0);
-#endif
 /*
  * Note that if STATUS is corrupted (i.e. getn bombs) then error will exit
  * directly because we poke child here. Otherwise we might continue
@@ -1257,11 +1254,7 @@ initdesc(void)
 
 
 void
-#ifdef PROF
-done(int i)
-#else
 xexit(int i)
-#endif
 {
 untty();
 _exit(i);
diff -uNrp -xCVS csh,3/csh.h csh/csh.h
--- csh,3/csh.h Mon Oct 26 17:40:17 2015
+++ csh/csh.h   Mon Oct 26 19:07:09 2015
@@ -53,10 +53,6 @@
 #defineFSHERR  18  /* ... shell diagnostics */
 #defineFOLDSTD 19  /* ... old std input */
 
-#ifdef PROF
-#definexexit(n)done(n)
-#endif
-
 typedef short Char;
 
 #define SAVE(a) (Strsave(str2short(a)))
diff -uNrp -xCVS csh,3/exp.c csh/exp.c
--- csh,3/exp.c Mon Oct 26 17:40:17 2015
+++ csh/exp.c   Mon Oct 26 18:50:04 2015
@@ -71,11 +71,6 @@ static void  evalav(Char **);
 static int isa(Char *, int);
 static int egetn(Char *);
 
-#ifdef EDEBUG
-static voidetracc(char *, Char *, Char ***);
-static voidetraci(char *, int, Char ***);
-#endif
-
 int
 expr(Char ***vp)
 {
@@ -87,17 +82,11 @@ exp0(Char ***vp, bool ignore)
 {
 int p1 = exp1(vp, ignore);
 
-#ifdef EDEBUG
-etraci("exp0 p1", p1, vp);
-#endif
 if (**vp && eq(**vp, STRor2)) {
int p2;
 
(*vp)++;
p2 = exp0(vp, (ignore & IGNORE) || p1);
-#ifdef EDEBUG
-   etraci("exp0 p2", p2, vp);
-#endif
return (p1 || p2);
 }
 return (p1);
@@ -108,17 +97,11 @@ exp1(Char ***vp, bool ignore)
 {
 int p1 = exp2_(vp, ignore);
 
-#ifdef EDEBUG
-etraci("exp1 p1", p1, vp);
-#endif
 if (**vp && eq(**vp, STRand2)) {
int p2;
 
(*vp)++;
p2 = exp1(vp, (ignore & IGNORE) || !p1);
-#ifdef EDEBUG
-   etraci("exp1 p2", p2, vp);
-#endif
return (p1 && p2);
 }
 return (p1);
@@ -129,17 +112,11 @@ exp2_(Char ***vp, bool ignore)
 {
 int p1 = exp2a(vp, ignore);
 
-#ifdef EDEBUG
-etraci("exp3 p1", p1, vp);
-#endif
 if (**vp && eq(**vp, STRor)) {
int p2;
 
(*vp)++;
p2 = exp2_(vp, ignore);
-#ifdef EDEBUG
-   etraci("exp3 p2", p2, vp);
-#endif
return (p1 | p2);
 }
 return (p1);
@@ -150,17 +127,11 @@ exp2a(Char ***vp, bool ignore)
 {
 int p1 = exp2b(vp, ignore);
 
-#ifdef EDEBUG
-etraci("exp2a p1", p1, vp);
-#endif
 if (**vp && eq(**vp, STRcaret)) {
int p2;
 
(*vp)++;
p2 = exp2a(vp, ignore);
-#ifdef EDEBUG
-   etraci("exp2a p2", p2, vp);
-#endif
return (p1 ^ p2);
 }
 return (p1);
@@ -171,17 +142,11 @@ exp2b(Char ***vp, bool ignore)
 {
 int p1 = exp2c(vp, ignore);
 
-#ifdef EDEBUG
-etraci("exp2b p1", p1, vp);
-#endif
 if (**vp && eq(**vp, STRand)) {
int p2;
 
(*vp)++;
p2 = exp2b(vp, ignore);
-#ifdef EDEBUG
-   etraci("exp2b p2", p2, vp);
-#endif
return (p1 & p2);
 }
 return (p1);
@@ -194,17 +159,11 @@ exp2c(Char ***vp, bool ignore)
 Char *p2;
 int i;
 
-#ifdef EDEBUG
-etracc("exp2c p1", p1, vp);
-#endif
 if ((i = isa(**vp, EQOP)) != 0) {
(*vp)++;
if (i == EQMATCH || i == NOTEQMATCH)
ignore |= NOGLOB;
p2 = exp3(vp, ignore);
-#ifdef EDEBUG
-   etracc("exp2c p2", p2, vp);
-#endif
if (!(ignore & IGNORE))
switch (i) {
 
@@ -240,17 +199,11 @@ exp3(Char ***vp, bool ignore)
 int i;
 
 p1 = exp3a(vp, ignore);
-#ifdef EDEBUG
-etracc("exp3 p1", p1, vp);
-#endif
 if ((i = isa(**vp, RELOP)) != 0) {
(*vp)++;
if (**vp && eq(**vp, STRequal))
i |= 1, (*vp)++;
p2 = exp3(vp, ignore);
-#ifdef EDEBUG
-   etracc("exp3 p2", p2, vp);
-#endif
if (!(ignore & IGNORE))
switch (i) {
 
@@ -284,16 +237,10 @@ exp3a(Char ***vp, bool ignore)
 int i;
 
 p1 = exp4(vp, ignore);
-#ifdef EDEBUG
-etracc("exp3a p1", p1, vp);
-#endif
 op = **vp;
 if (op && any("<>", op[0]) && op[0] == op[1]) {
(*vp)++;
p2 = exp3a(vp, ignore);
-#ifdef EDEBUG
-   

Re: Added RTL8188CE to www/faq/faq6.html

[Stuart Henderson]

On 2015/10/26 17:41, Mariano Baragiola wrote:
> Hello, support for RTL8188CE was added with rtwn(4) on 5.8.
> 
> Here's the small diff. First time patching myself, so forgive me if
> something wrong.
> 
> 
> Index: www/faq/faq6.html
> ===
> RCS file: /cvs/www/faq/faq6.html,v
> retrieving revision 1.336
> diff -u -p -r1.336 faq6.html
> --- www/faq/faq6.html 18 Oct 2015 19:42:11 -  1.336
> +++ www/faq/faq6.html 26 Oct 2015 20:36:03 -
> @@ -1891,6 +1891,8 @@ Ralink Technology RT25x0 802.11a/b/g.   Realtek RTL8188SU/RTL8192SU USB 802.11b/g/n
>   href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtwsektion=4;>rtw(4)
>  Realtek 8180 802.11b. (AP)
> + href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtwnsektion=4;>rtwn(4)
> +Realtek RTL8188CE PCIe IEEE 802.11b/g/n
>   href="http://www.openbsd.org/cgi-bin/man.cgi?query=rumsektion=4;>rum(4)
>  Ralink Technology RT2501USB. (AP)
>   href="http://www.openbsd.org/cgi-bin/man.cgi?query=runsektion=4;>run(4)
> 

Thanks, committed. I had to hand-apply it due to line-wrapping, probably
from your mail client.

Spaces are allowed in pdisk partitions, aren't they?

[Vadim Zhukov]

According to miod@, partition name is allowed to have spaces. Thus,
and after reading the code, I suspect the following correction in
the manual page is needed. The "create partition" and "rename
partition" commands share the same name extracting code, so those
should have the same behaviour.

So I'm asking for confirmation (or something I could count like
an appropriate okay). Any suggestions are welcome too, of course;
main point here is to remove conflicting statements.

--
WBR,
  Vadim Zhukov


Index: pdisk.8
===
RCS file: /cvs/src/sbin/pdisk/pdisk.8,v
retrieving revision 1.18
diff -u -p -r1.18 pdisk.8
--- pdisk.8 26 Aug 2010 17:55:10 -  1.18
+++ pdisk.8 26 Oct 2015 18:53:37 -
@@ -141,6 +141,8 @@ respectively.
 The last argument is the name of the partition.
 This can be a single word without quotes, or a string surrounded by
 single or double quotes.
+Note that behaviour of other OSes isn't defined in case of name
+containing space characters.
 The type of the created partition is the correct type for
 .Ox .
 .Pp
@@ -154,7 +156,9 @@ other arguments.
 The
 .Em n
 (name) command allows the name of a partition to be changed.
-The name must not contain any spaces.
+See the description of
+.Sq c
+command for details on naming partitions.
 Note that the various "Apple_Driver" partitions depend
 on the name field for proper functioning.
 I am not aware of any other partition types with this limitation.

Re: sed: better error handling

[Tobias Stoeckmann]

> Comments / oks?

Looks much cleaner, okay for me.

Re: ChachaPoly-03: Chacha20-Poly1305 AEAD construction as per RFC7634

[Damien Miller]

On Mon, 26 Oct 2015, Mike Belopuhov wrote:

> OK?

Will this get the nonce right on BE systems?

> + /* initial counter is 1 */
> + ctx->nonce[0] = 1;
> + memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
> + CHACHA20_SALT);

Re: ChachaPoly-07: test vectors

[Reyk Floeter]

On Mon, Oct 26, 2015 at 06:34:07PM +0100, Mike Belopuhov wrote:
> Rather scarce, but that's all we've been given so far.
> I can add more chacha-only test cases, but I don't believe
> that this is strictly necessary.
> 
> OK?
> 

I ran these test vectors and applied them to the openssl version as well.

OK (depending on all the previous diffs, again)

> ---
>  regress/sys/crypto/Makefile |   1 +
>  regress/sys/crypto/chachapoly/Makefile  |  26 ++
>  regress/sys/crypto/chachapoly/chachapoly_test.c | 438 
> 
>  3 files changed, 465 insertions(+)
>  create mode 100644 regress/sys/crypto/chachapoly/Makefile
>  create mode 100644 regress/sys/crypto/chachapoly/chachapoly_test.c
> 
> diff --git regress/sys/crypto/Makefile regress/sys/crypto/Makefile
> index 233dac3..3991e34 100644
> --- regress/sys/crypto/Makefile
> +++ regress/sys/crypto/Makefile
> @@ -8,10 +8,11 @@ SUBDIR+= key_wrap
>  .if defined(REGRESS_FULL) || make(clean) || make(cleandir) || make(obj)
>  SUBDIR+= enc
>  SUBDIR+= aesctr
>  SUBDIR+= aesxts
>  SUBDIR+= aes
> +SUBDIR+= chachapoly
>  .endif
>  
>  install:
>  
>  .include 
> diff --git regress/sys/crypto/chachapoly/Makefile 
> regress/sys/crypto/chachapoly/Makefile
> new file mode 100644
> index 000..827d1d0
> --- /dev/null
> +++ regress/sys/crypto/chachapoly/Makefile
> @@ -0,0 +1,26 @@
> +#$OpenBSD: Makefile,v 1.2 2014/01/18 05:54:52 martynas Exp $
> +
> +DIR=${.CURDIR}/../../../../sys
> +
> +PROG=chachapoly_test
> +SRCS+=   poly1305.c chachapoly.c chachapoly_test.c
> +CDIAGFLAGS=  -Wall
> +CDIAGFLAGS+= -Werror
> +CDIAGFLAGS+= -Wpointer-arith
> +CDIAGFLAGS+= -Wno-uninitialized
> +CDIAGFLAGS+= -Wstrict-prototypes
> +CDIAGFLAGS+= -Wmissing-prototypes
> +CDIAGFLAGS+= -Wunused
> +CDIAGFLAGS+= -Wsign-compare
> +#CDIAGFLAGS+=-Wshadow
> +
> +REGRESS_TARGETS= run-regress-${PROG}
> +
> +CFLAGS+= -I${DIR}
> +
> +.PATH:   ${DIR}/crypto
> +
> +run-regress-${PROG}: ${PROG}
> + ./${PROG}
> +
> +.include 
> diff --git regress/sys/crypto/chachapoly/chachapoly_test.c 
> regress/sys/crypto/chachapoly/chachapoly_test.c
> new file mode 100644
> index 000..2f393e4
> --- /dev/null
> +++ regress/sys/crypto/chachapoly/chachapoly_test.c
> @@ -0,0 +1,438 @@
> +/*  $OpenBSD: gmac_test.c,v 1.2 2011/04/04 16:46:22 deraadt Exp $  */
> +
> +/*
> + * Copyright (c) 2010,2015 Mike Belopuhov 
> + * Copyright (c) 2005 Markus Friedl 
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +int debug = 0;
> +
> +enum { TST_KEY, TST_IV, TST_AAD, TST_PLAIN, TST_CIPHER, TST_TAG, TST_NUM };
> +
> +struct {
> + char*data[TST_NUM];
> +} tests[] = {
> + /* Chacha20, counter=1 test vectors */
> +
> + /* Test vector from RFC7539 2.4.2 */
> + {
> + /* key + salt */
> + "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f "
> + "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f "
> + "00 00 00 00",
> + /* iv */
> + "00 00 00 4a 00 00 00 00",
> + /* aad */
> + NULL,
> + /* plaintext */
> + "4c 61 64 69 65 73 20 61 6e 64 20 47 65 6e 74 6c "
> + "65 6d 65 6e 20 6f 66 20 74 68 65 20 63 6c 61 73 "
> + "73 20 6f 66 20 27 39 39 3a 20 49 66 20 49 20 63 "
> + "6f 75 6c 64 20 6f 66 66 65 72 20 79 6f 75 20 6f "
> + "6e 6c 79 20 6f 6e 65 20 74 69 70 20 66 6f 72 20 "
> + "74 68 65 20 66 75 74 75 72 65 2c 20 73 75 6e 73 "
> + "63 72 65 65 6e 20 77 6f 75 6c 64 20 62 65 20 69 "
> + "74 2e",
> + /* ciphertext */
> + "6e 2e 35 9a 25 68 f9 80 41 ba 07 28 dd 0d 69 81 "
> + "e9 7e 7a ec 1d 43 60 c2 0a 27 af cc fd 9f ae 0b "
> + "f9 1b 65 c5 52 47 33 ab 8f 59 3d ab cd 62 b3 57 "
> + "16 39 d6 24 e6 51 52 ab 8f 53 0c 35 9f 08 61 d8 "
> + "07 ca 0d bf 50 0d 6a 61 56 a3 8e 08 8a 22 b6 5e "
> + "52 bc 51 4d 16 cc f8 06 81 8c e9 1a b7 79 37 36 "
> + "5a f9 0b bf 74 a3 5b e6 b4 0b 8e ed f2 78 5e 42 "
> 

Re: More easy rt_ifidx changes

[Alexander Bluhm]

OK bluhm@

On Mon, Oct 26, 2015 at 05:24:19PM +0100, Martin Pieuchot wrote:
> Index: net/if.c
> ===
> RCS file: /cvs/src/sys/net/if.c,v
> retrieving revision 1.398
> diff -u -p -r1.398 if.c
> --- net/if.c  25 Oct 2015 21:58:04 -  1.398
> +++ net/if.c  26 Oct 2015 16:02:06 -
> @@ -2341,6 +2341,7 @@ if_group_routechange(struct sockaddr *ds
>  int
>  if_group_egress_build(void)
>  {
> + struct ifnet*ifp;
>   struct ifg_group*ifg;
>   struct ifg_member   *ifgm, *next;
>   struct sockaddr_in   sa_in;
> @@ -2364,8 +2365,11 @@ if_group_egress_build(void)
>   if (rt0 != NULL) {
>   rt = rt0;
>   do {
> - if (rt->rt_ifp)
> - if_addgroup(rt->rt_ifp, IFG_EGRESS);
> + ifp = if_get(rt->rt_ifidx);
> + if (ifp != NULL) {
> + if_addgroup(ifp, IFG_EGRESS);
> + if_put(ifp);
> + }
>  #ifndef SMALL_KERNEL
>   rt = rt_mpath_next(rt);
>  #else
> @@ -2381,8 +2385,11 @@ if_group_egress_build(void)
>   if (rt0 != NULL) {
>   rt = rt0;
>   do {
> - if (rt->rt_ifp)
> - if_addgroup(rt->rt_ifp, IFG_EGRESS);
> + ifp = if_get(rt->rt_ifidx);
> + if (ifp != NULL) {
> + if_addgroup(ifp, IFG_EGRESS);
> + if_put(ifp);
> + }
>  #ifndef SMALL_KERNEL
>   rt = rt_mpath_next(rt);
>  #else
> Index: net/pf.c
> ===
> RCS file: /cvs/src/sys/net/pf.c,v
> retrieving revision 1.947
> diff -u -p -r1.947 pf.c
> --- net/pf.c  13 Oct 2015 19:32:31 -  1.947
> +++ net/pf.c  26 Oct 2015 16:03:57 -
> @@ -2912,6 +2912,7 @@ pf_get_mss(struct pf_pdesc *pd)
>  u_int16_t
>  pf_calc_mss(struct pf_addr *addr, sa_family_t af, int rtableid, u_int16_t 
> offer)
>  {
> + struct ifnet*ifp;
>   struct sockaddr_in  *dst;
>  #ifdef INET6
>   struct sockaddr_in6 *dst6;
> @@ -2944,11 +2945,12 @@ pf_calc_mss(struct pf_addr *addr, sa_fam
>  #endif /* INET6 */
>   }
>  
> - if (rt && rt->rt_ifp) {
> - mss = rt->rt_ifp->if_mtu - hlen - sizeof(struct tcphdr);
> + if (rt != NULL && (ifp = if_get(rt->rt_ifidx)) != NULL) {
> + mss = ifp->if_mtu - hlen - sizeof(struct tcphdr);
>   mss = max(tcp_mssdflt, mss);
> - rtfree(rt);
> + if_put(ifp);
>   }
> + rtfree(rt);
>   mss = min(mss, offer);
>   mss = max(mss, 64); /* sanity - at least max opt space */
>   return (mss);
> Index: netinet6/nd6.c
> ===
> RCS file: /cvs/src/sys/netinet6/nd6.c,v
> retrieving revision 1.162
> diff -u -p -r1.162 nd6.c
> --- netinet6/nd6.c25 Oct 2015 15:11:52 -  1.162
> +++ netinet6/nd6.c26 Oct 2015 16:23:23 -
> @@ -392,8 +392,8 @@ nd6_llinfo_timer(void *arg)
>  
>   if ((rt = ln->ln_rt) == NULL)
>   panic("ln->ln_rt == NULL");
> - if ((ifp = rt->rt_ifp) == NULL)
> - panic("ln->ln_rt->rt_ifp == NULL");
> + if ((ifp = if_get(rt->rt_ifidx)) == NULL)
> + return;
>   ndi = ND_IFINFO(ifp);
>   dst = satosin6(rt_key(rt));
>  
> @@ -477,6 +477,7 @@ nd6_llinfo_timer(void *arg)
>   break;
>   }
>  
> + if_put(ifp);
>   splx(s);
>  }
>  

Re: utf8 hack for ls

[Anthony J. Bentley]

Stefan Sperling writes:
> On Mon, Oct 26, 2015 at 03:58:58PM -0600, Anthony J. Bentley wrote:
> > "Ted Unangst" writes:
> > > it only gets deeper and thicker...
> > 
> > Indeed.
> > 
> > Here's a shorter implementation. Like colorls(1), it uses wide
> > characters (only within the putname() function) but is slightly cleaned
> > up and simplified.
> 
> Is it really shorter if you follow the libc code paths this is calling?

No, it's not. But that's not inherent to wchar_t, only to the Citrus
stuff that infests our libc. As Citrus gets cleaned up, this works
better instantly. And if we instead come up with better functions for
doing this kind of thing:

> The utilities in Ted's diff would eventually be split off into a library.

There are a number of directions a hypothetical UTF-8 library could go.
mbwidth(), for example, would fit quite cleanly in the code below--and
this code style is *very* common, because these are the standard
functions for this stuff, so such an API would get a lot of use.

New version of the patch--Ted pointed out max column widths were
derived from byte lengths instead of character widths.


Index: extern.h
===
RCS file: /cvs/src/bin/ls/extern.h,v
retrieving revision 1.9
diff -u -p -r1.9 extern.h
--- extern.h2 Jun 2003 23:32:08 -   1.9
+++ extern.h27 Oct 2015 00:07:54 -
@@ -51,4 +51,5 @@ void   printacol(DISPLAY *);
 voidprintlong(DISPLAY *);
 voidprintscol(DISPLAY *);
 voidprintstream(DISPLAY *);
+size_t  strwidth(char *);
 voidusage(void);
Index: ls.c
===
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.43
diff -u -p -r1.43 ls.c
--- ls.c9 Oct 2015 01:37:06 -   1.43
+++ ls.c27 Oct 2015 00:07:54 -
@@ -48,6 +48,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #include "ls.h"
@@ -103,6 +104,8 @@ ls_main(int argc, char *argv[])
int kflag = 0, width = 0;
char *p;
 
+   setlocale(LC_CTYPE, "");
+
/* Terminal defaults to -Cq, non-terminal defaults to -1. */
if (isatty(STDOUT_FILENO)) {
if ((p = getenv("COLUMNS")) != NULL)
@@ -474,8 +477,8 @@ display(FTSENT *p, FTSENT *list)
continue;
}
}
-   if (cur->fts_namelen > maxlen)
-   maxlen = cur->fts_namelen;
+   if (strwidth(cur->fts_name) > maxlen)
+   maxlen = strwidth(cur->fts_name);
if (needstats) {
sp = cur->fts_statp;
if (sp->st_blocks > maxblock)
Index: print.c
===
RCS file: /cvs/src/bin/ls/print.c,v
retrieving revision 1.34
diff -u -p -r1.34 print.c
--- print.c 15 Mar 2015 00:41:27 -  1.34
+++ print.c 27 Oct 2015 00:07:54 -
@@ -310,7 +310,8 @@ printstream(DISPLAY *dp)
continue;
if (col > 0) {
(void)putchar(','), col++;
-   if (col + 1 + extwidth + p->fts_namelen >= termwidth)
+   if (col + 1 + extwidth + strwidth(p->fts_name) >=
+   termwidth)
(void)putchar('\n'), col = 0;
else
(void)putchar(' '), col++;
Index: util.c
===
RCS file: /cvs/src/bin/ls/util.c,v
retrieving revision 1.16
diff -u -p -r1.16 util.c
--- util.c  21 Nov 2013 15:54:45 -  1.16
+++ util.c  27 Oct 2015 00:07:54 -
@@ -41,10 +41,13 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 #include "ls.h"
 #include "extern.h"
 
+#ifdef SMALL
 int
 putname(char *name)
 {
@@ -54,6 +57,62 @@ putname(char *name)
putchar((!isprint((unsigned char)*name) && f_nonprint) ? '?' : 
*name);
return len;
 }
+
+size_t
+strwidth(char *s)
+{
+   return strlen(s);
+}
+#else
+int
+putname(char *name)
+{
+   int width, n;
+   wchar_t wc;
+
+   width = 0;
+   while ((n = mbtowc(, name, MB_LEN_MAX)) != 0) {
+   if (n == -1) {
+   width++;
+   name++;
+   putchar('?');
+   } else if (iswprint(wc)) {
+   width += wcwidth(wc);
+   name += n;
+   printf("%lc", wc);
+   } else {
+   width++;
+   name += n;
+   putchar('?');
+   }
+   }
+
+   return width;
+}
+
+size_t
+strwidth(char *s)
+{
+   int width, n;
+   wchar_t wc;
+
+   width = 0;
+   while ((n = mbtowc(, s, MB_LEN_MAX)) != 0) {
+   if (n == -1) {
+   width++;
+   

Re: utf8 hack for ls

[Anthony J. Bentley]

"Ted Unangst" writes:
> it only gets deeper and thicker...

Indeed.

Here's a shorter implementation. Like colorls(1), it uses wide
characters (only within the putname() function) but is slightly cleaned
up and simplified.


Index: ls.c
===
RCS file: /cvs/src/bin/ls/ls.c,v
retrieving revision 1.43
diff -u -p -r1.43 ls.c
--- ls.c9 Oct 2015 01:37:06 -   1.43
+++ ls.c26 Oct 2015 21:53:40 -
@@ -48,6 +48,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #include "ls.h"
@@ -102,6 +103,8 @@ ls_main(int argc, char *argv[])
int ch, fts_options, notused;
int kflag = 0, width = 0;
char *p;
+
+   setlocale(LC_CTYPE, "");
 
/* Terminal defaults to -Cq, non-terminal defaults to -1. */
if (isatty(STDOUT_FILENO)) {
Index: util.c
===
RCS file: /cvs/src/bin/ls/util.c,v
retrieving revision 1.16
diff -u -p -r1.16 util.c
--- util.c  21 Nov 2013 15:54:45 -  1.16
+++ util.c  26 Oct 2015 21:53:40 -
@@ -41,10 +41,13 @@
 #include 
 #include 
 #include 
+#include 
+#include 
 
 #include "ls.h"
 #include "extern.h"
 
+#ifdef SMALL
 int
 putname(char *name)
 {
@@ -54,6 +57,33 @@ putname(char *name)
putchar((!isprint((unsigned char)*name) && f_nonprint) ? '?' : 
*name);
return len;
 }
+#else
+int
+putname(char *name)
+{
+   int width, n;
+   wchar_t wc;
+
+   width = 0;
+   while ((n = mbtowc(, name, MB_CUR_MAX)) != 0) {
+   if (n == -1) {
+   width++;
+   name++;
+   putchar('?');
+   } else if (iswprint(wc)) {
+   width += wcwidth(wc);
+   name += n;
+   printf("%lc", wc);
+   } else {
+   width++;
+   name += n;
+   putchar('?');
+   }
+   }
+
+   return width;
+}
+#endif
 
 void
 usage(void)

Re: ARP reply towards MP-safeness

[Alexander Bluhm]

On Mon, Oct 26, 2015 at 07:08:19PM +0100, Martin Pieuchot wrote:
> This rewrites the code to send an ARP reply to no use ``myaddr''.  The
> goal is to get rid of the per-ifp address list iterations.
> 
> Instead do two route lookups.
> 
> ok?

Should the "reply:" label stay before the "if (op != ARPOP_REQUEST)"?
Otherwise you could send a reply in response to a reply.

bluhm

> 
> Index: netinet/if_ether.c
> ===
> RCS file: /cvs/src/sys/netinet/if_ether.c,v
> retrieving revision 1.177
> diff -u -p -r1.177 if_ether.c
> --- netinet/if_ether.c25 Oct 2015 11:58:11 -  1.177
> +++ netinet/if_ether.c26 Oct 2015 18:01:12 -
> @@ -519,8 +519,9 @@ in_arpinput(struct mbuf *m)
>  #endif
>   char addr[INET_ADDRSTRLEN];
>   int op, changed = 0;
> - unsigned int len;
> + unsigned int len, rdomain;
>  
> + rdomain = rtable_l2(m->m_pkthdr.ph_rtableid);
>   ifp = if_get(m->m_pkthdr.ph_ifidx);
>   if (ifp == NULL) {
>   m_freem(m);
> @@ -606,7 +607,7 @@ in_arpinput(struct mbuf *m)
>   goto reply;
>   }
>   rt = arplookup(isaddr.s_addr, itaddr.s_addr == myaddr.s_addr, 0,
> - rtable_l2(m->m_pkthdr.ph_rtableid));
> + rdomain);
>   if (rt != NULL && (sdl = satosdl(rt->rt_gateway)) != NULL) {
>   la = (struct llinfo_arp *)rt->rt_llinfo;
>   if (sdl->sdl_alen) {
> @@ -693,32 +694,29 @@ in_arpinput(struct mbuf *m)
>   }
>   }
>   }
> -reply:
> - if (op != ARPOP_REQUEST) {
> -out:
> - rtfree(rt);
> - if_put(ifp);
> - m_freem(m);
> - return;
> - }
>  
> + if (op != ARPOP_REQUEST)
> + goto out;
>   rtfree(rt);
> - if (itaddr.s_addr == myaddr.s_addr) {
> - /* I am the target */
> - memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha));
> - memcpy(ea->arp_sha, enaddr, sizeof(ea->arp_sha));
> - } else {
> - rt = arplookup(itaddr.s_addr, 0, SIN_PROXY,
> - rtable_l2(m->m_pkthdr.ph_rtableid));
> - if (rt == NULL)
> - goto out;
> - if (rt->rt_ifp->if_type == IFT_CARP && ifp->if_type != IFT_CARP)
> +
> +
> +reply:
> + /*
> +  * Reply if we have a local or proxy entry.
> +  */
> + rt = arplookup(itaddr.s_addr, 0, SIN_PROXY, rdomain);
> + if (!rtisvalid(rt)) {
> + rt = arplookup(itaddr.s_addr, 0, 0, rdomain);
> + if (!rtisvalid(rt) || !ISSET(rt->rt_flags, RTF_LOCAL))
>   goto out;
> - memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha));
> - sdl = satosdl(rt->rt_gateway);
> - memcpy(ea->arp_sha, LLADDR(sdl), sizeof(ea->arp_sha));
> - rtfree(rt);
>   }
> + if (rt->rt_ifp->if_type == IFT_CARP && ifp->if_type != IFT_CARP)
> + goto out;
> + memcpy(ea->arp_tha, ea->arp_sha, sizeof(ea->arp_sha));
> + sdl = satosdl(rt->rt_gateway);
> + memcpy(ea->arp_sha, LLADDR(sdl), sizeof(ea->arp_sha));
> + rtfree(rt);
> +
>  
>   memcpy(ea->arp_tpa, ea->arp_spa, sizeof(ea->arp_spa));
>   memcpy(ea->arp_spa, , sizeof(ea->arp_spa));
> @@ -738,6 +736,11 @@ out:
>   ifp->if_output(ifp, m, , NULL);
>   if_put(ifp);
>   return;
> +
> +out:
> + rtfree(rt);
> + if_put(ifp);
> + m_freem(m);
>  }
>  
>  /*

Re: ChachaPoly-08: ipsecctl

[Reyk Floeter]

sure OK

On Mon, Oct 26, 2015 at 06:34:46PM +0100, Mike Belopuhov wrote:
> Only useful for dumping SAs.
> 
> OK?
> 
> ---
>  sbin/ipsecctl/ipsecctl.h | 2 +-
>  sbin/ipsecctl/parse.y| 1 +
>  sbin/ipsecctl/pfkdump.c  | 5 +
>  3 files changed, 7 insertions(+), 1 deletion(-)
> 
> diff --git sbin/ipsecctl/ipsecctl.h sbin/ipsecctl/ipsecctl.h
> index f95440e..51d0665 100644
> --- sbin/ipsecctl/ipsecctl.h
> +++ sbin/ipsecctl/ipsecctl.h
> @@ -65,11 +65,11 @@ enum {
>   ENCXF_UNKNOWN, ENCXF_NONE, ENCXF_3DES_CBC, ENCXF_DES_CBC, ENCXF_AES,
>   ENCXF_AES_128, ENCXF_AES_192, ENCXF_AES_256, ENCXF_AESCTR,
>   ENCXF_AES_128_CTR, ENCXF_AES_192_CTR, ENCXF_AES_256_CTR,
>   ENCXF_AES_128_GCM, ENCXF_AES_192_GCM, ENCXF_AES_256_GCM,
>   ENCXF_AES_128_GMAC, ENCXF_AES_192_GMAC, ENCXF_AES_256_GMAC,
> - ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_NULL
> + ENCXF_BLOWFISH, ENCXF_CAST128, ENCXF_CHACHA20_POLY1305, ENCXF_NULL
>  };
>  enum {
>   COMPXF_UNKNOWN, COMPXF_DEFLATE, COMPXF_LZS
>  };
>  enum {
> diff --git sbin/ipsecctl/parse.y sbin/ipsecctl/parse.y
> index cab02d2..382cc47 100644
> --- sbin/ipsecctl/parse.y
> +++ sbin/ipsecctl/parse.y
> @@ -120,10 +120,11 @@ const struct ipsec_xf encxfs[] = {
>   { "aes-128-gmac",   ENCXF_AES_128_GMAC, 16+4,   16+4,   1, 1 },
>   { "aes-192-gmac",   ENCXF_AES_192_GMAC, 24+4,   24+4,   1, 1 },
>   { "aes-256-gmac",   ENCXF_AES_256_GMAC, 32+4,   32+4,   1, 1 },
>   { "blowfish",   ENCXF_BLOWFISH, 5,  56, 0, 0 },
>   { "cast128",ENCXF_CAST128,  5,  16, 0, 0 },
> + { "chacha20-poly1305",  ENCXF_CHACHA20_POLY1305, 32+4,  32+4,   1, 1 },
>   { "null",   ENCXF_NULL, 0,  0,  0, 0 },
>   { NULL, 0,  0,  0,  0, 0 },
>  };
>  
>  const struct ipsec_xf compxfs[] = {
> diff --git sbin/ipsecctl/pfkdump.c sbin/ipsecctl/pfkdump.c
> index feead80..172bf8f 100644
> --- sbin/ipsecctl/pfkdump.c
> +++ sbin/ipsecctl/pfkdump.c
> @@ -149,10 +149,11 @@ struct idname auth_types[] = {
>   { SADB_X_AALG_SHA2_384, "hmac-sha2-384",NULL },
>   { SADB_X_AALG_SHA2_512, "hmac-sha2-512",NULL },
>   { SADB_X_AALG_AES128GMAC,   "gmac-aes-128", NULL },
>   { SADB_X_AALG_AES192GMAC,   "gmac-aes-192", NULL },
>   { SADB_X_AALG_AES256GMAC,   "gmac-aes-256", NULL },
> + { SADB_X_AALG_CHACHA20POLY1305, "chacha20-poly1305",NULL },
>   { 0,NULL,   NULL }
>  };
>  
>  struct idname enc_types[] = {
>   { SADB_EALG_NONE,   "none", NULL },
> @@ -169,10 +170,11 @@ struct idname enc_types[] = {
>   { SADB_X_EALG_DES_IV64, "des-iv64", NULL },
>   { SADB_X_EALG_IDEA, "idea", NULL },
>   { SADB_EALG_NULL,   "null", NULL },
>   { SADB_X_EALG_RC4,  "rc4",  NULL },
>   { SADB_X_EALG_RC5,  "rc5",  NULL },
> + { SADB_X_EALG_CHACHA20POLY1305, "chacha20-poly1305",NULL },
>   { 0,NULL,   NULL }
>  };
>  
>  struct idname comp_types[] = {
>   { SADB_X_CALG_NONE, "none", NULL },
> @@ -743,10 +745,13 @@ pfkey_print_sa(struct sadb_msg *msg, int opts)
>   xfs.encxf = [ENCXF_BLOWFISH];
>   break;
>   case SADB_X_EALG_CAST:
>   xfs.encxf = [ENCXF_CAST128];
>   break;
> + case SADB_X_EALG_CHACHA20POLY1305:
> + xfs.encxf = [ENCXF_CHACHA20_POLY1305];
> + break;
>   case SADB_EALG_NULL:
>   xfs.encxf = [ENCXF_NULL];
>   break;
>   }
>   }
> -- 
> 2.6.2
> 

-- 

Re: utf8 hack for ls

[Stefan Sperling]

On Mon, Oct 26, 2015 at 03:58:58PM -0600, Anthony J. Bentley wrote:
> "Ted Unangst" writes:
> > it only gets deeper and thicker...
> 
> Indeed.
> 
> Here's a shorter implementation. Like colorls(1), it uses wide
> characters (only within the putname() function) but is slightly cleaned
> up and simplified.

Is it really shorter if you follow the libc code paths this is calling?

The utilities in Ted's diff would eventually be split off into a library.

> Index: ls.c
> ===
> RCS file: /cvs/src/bin/ls/ls.c,v
> retrieving revision 1.43
> diff -u -p -r1.43 ls.c
> --- ls.c  9 Oct 2015 01:37:06 -   1.43
> +++ ls.c  26 Oct 2015 21:53:40 -
> @@ -48,6 +48,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  
>  #include "ls.h"
> @@ -102,6 +103,8 @@ ls_main(int argc, char *argv[])
>   int ch, fts_options, notused;
>   int kflag = 0, width = 0;
>   char *p;
> +
> + setlocale(LC_CTYPE, "");
>  
>   /* Terminal defaults to -Cq, non-terminal defaults to -1. */
>   if (isatty(STDOUT_FILENO)) {
> Index: util.c
> ===
> RCS file: /cvs/src/bin/ls/util.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 util.c
> --- util.c21 Nov 2013 15:54:45 -  1.16
> +++ util.c26 Oct 2015 21:53:40 -
> @@ -41,10 +41,13 @@
>  #include 
>  #include 
>  #include 
> +#include 
> +#include 
>  
>  #include "ls.h"
>  #include "extern.h"
>  
> +#ifdef SMALL
>  int
>  putname(char *name)
>  {
> @@ -54,6 +57,33 @@ putname(char *name)
>   putchar((!isprint((unsigned char)*name) && f_nonprint) ? '?' : 
> *name);
>   return len;
>  }
> +#else
> +int
> +putname(char *name)
> +{
> + int width, n;
> + wchar_t wc;
> +
> + width = 0;
> + while ((n = mbtowc(, name, MB_CUR_MAX)) != 0) {
> + if (n == -1) {
> + width++;
> + name++;
> + putchar('?');
> + } else if (iswprint(wc)) {
> + width += wcwidth(wc);
> + name += n;
> + printf("%lc", wc);
> + } else {
> + width++;
> + name += n;
> + putchar('?');
> + }
> + }
> +
> + return width;
> +}
> +#endif
>  
>  void
>  usage(void)

Re: ChachaPoly-02: import Poly1305 implementation by Andrew-Moon

[Reyk Floeter]

On Mon, Oct 26, 2015 at 06:28:19PM +0100, Mike Belopuhov wrote:
> OK?
> 

Are these modifications worth doing or wouldn't it be better to keep
the differences to the reference implementation as minimal as
possible?  Even if we don't use the leftover bytes.  I think I'd be
nice to have the same code in ssh/libressl/sys if possible.

Reyk

> ---
>  sys/crypto/poly1305.c | 209 
> ++
>  sys/crypto/poly1305.h |  23 ++
>  2 files changed, 232 insertions(+)
>  create mode 100644 sys/crypto/poly1305.c
>  create mode 100644 sys/crypto/poly1305.h
> 
> diff --git sys/crypto/poly1305.c sys/crypto/poly1305.c
> new file mode 100644
> index 000..4f0840f
> --- /dev/null
> +++ sys/crypto/poly1305.c
> @@ -0,0 +1,209 @@
> +/*
> + * Public Domain poly1305 from Andrew Moon
> + *
> + * poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication
> + * and 64 bit addition from https://github.com/floodyberry/poly1305-donna
> + *
> + * A few modifications were performed by Mike Belopuhov in order to make
> + * this code suitable for use under the OCF:
> + *  - no need to accumulate leftover bytes as caller is responsible to
> + *provide complete blocks but for the last one;
> + *  - state is cleared by the caller (via a timing safe zeroing function)
> + */
> +
> +#include 
> +#include 
> +
> +#include "poly1305.h"
> +
> +/* interpret four 8 bit unsigned integers as a 32 bit unsigned integer in 
> little endian */
> +static inline uint32_t
> +U8TO32(const unsigned char *p)
> +{
> + return (((uint32_t)(p[0] & 0xff)  ) |
> + ((uint32_t)(p[1] & 0xff) <<  8) |
> + ((uint32_t)(p[2] & 0xff) << 16) |
> + ((uint32_t)(p[3] & 0xff) << 24));
> +}
> +
> +/* store a 32 bit unsigned integer as four 8 bit unsigned integers in little 
> endian */
> +static inline void
> +U32TO8(unsigned char *p, uint32_t v)
> +{
> + p[0] = (v  ) & 0xff;
> + p[1] = (v >>  8) & 0xff;
> + p[2] = (v >> 16) & 0xff;
> + p[3] = (v >> 24) & 0xff;
> +}
> +
> +void
> +poly1305_init(poly1305_state *st, const unsigned char key[32])
> +{
> + /* r &= 0xffc0ffc0ffc0fff */
> + st->r[0] = (U8TO32([ 0]) ) & 0x3ff;
> + st->r[1] = (U8TO32([ 3]) >> 2) & 0x303;
> + st->r[2] = (U8TO32([ 6]) >> 4) & 0x3ffc0ff;
> + st->r[3] = (U8TO32([ 9]) >> 6) & 0x3f03fff;
> + st->r[4] = (U8TO32([12]) >> 8) & 0x00f;
> +
> + /* h = 0 */
> + st->h[0] = 0;
> + st->h[1] = 0;
> + st->h[2] = 0;
> + st->h[3] = 0;
> + st->h[4] = 0;
> +
> + /* save pad for later */
> + st->pad[0] = U8TO32([16]);
> + st->pad[1] = U8TO32([20]);
> + st->pad[2] = U8TO32([24]);
> + st->pad[3] = U8TO32([28]);
> +}
> +
> +static void
> +poly1305_blocks(poly1305_state *st, const unsigned char *m, size_t bytes)
> +{
> + const uint32_t hibit = (1 << 24); /* 1 << 128 */
> + uint32_t r0,r1,r2,r3,r4;
> + uint32_t s1,s2,s3,s4;
> + uint32_t h0,h1,h2,h3,h4;
> + uint64_t d0,d1,d2,d3,d4;
> + uint32_t c;
> +
> + r0 = st->r[0];
> + r1 = st->r[1];
> + r2 = st->r[2];
> + r3 = st->r[3];
> + r4 = st->r[4];
> +
> + s1 = r1 * 5;
> + s2 = r2 * 5;
> + s3 = r3 * 5;
> + s4 = r4 * 5;
> +
> + h0 = st->h[0];
> + h1 = st->h[1];
> + h2 = st->h[2];
> + h3 = st->h[3];
> + h4 = st->h[4];
> +
> + while (bytes >= poly1305_block_size) {
> + /* h += m[i] */
> + h0 += (U8TO32(m+ 0) ) & 0x3ff;
> + h1 += (U8TO32(m+ 3) >> 2) & 0x3ff;
> + h2 += (U8TO32(m+ 6) >> 4) & 0x3ff;
> + h3 += (U8TO32(m+ 9) >> 6) & 0x3ff;
> + h4 += (U8TO32(m+12) >> 8) | hibit;
> +
> + /* h *= r */
> + d0 = ((uint64_t)h0 * r0) + ((uint64_t)h1 * s4) + ((uint64_t)h2 
> * s3) + ((uint64_t)h3 * s2) + ((uint64_t)h4 * s1);
> + d1 = ((uint64_t)h0 * r1) + ((uint64_t)h1 * r0) + ((uint64_t)h2 
> * s4) + ((uint64_t)h3 * s3) + ((uint64_t)h4 * s2);
> + d2 = ((uint64_t)h0 * r2) + ((uint64_t)h1 * r1) + ((uint64_t)h2 
> * r0) + ((uint64_t)h3 * s4) + ((uint64_t)h4 * s3);
> + d3 = ((uint64_t)h0 * r3) + ((uint64_t)h1 * r2) + ((uint64_t)h2 
> * r1) + ((uint64_t)h3 * r0) + ((uint64_t)h4 * s4);
> + d4 = ((uint64_t)h0 * r4) + ((uint64_t)h1 * r3) + ((uint64_t)h2 
> * r2) + ((uint64_t)h3 * r1) + ((uint64_t)h4 * r0);
> +
> + /* (partial) h %= p */
> +   c = (uint32_t)(d0 >> 26); h0 = (uint32_t)d0 & 
> 0x3ff;
> + d1 += c;  c = (uint32_t)(d1 >> 26); h1 = (uint32_t)d1 & 
> 0x3ff;
> + d2 += c;  c = (uint32_t)(d2 >> 26); h2 = (uint32_t)d2 & 
> 0x3ff;
> + d3 += c;  c = (uint32_t)(d3 >> 26); h3 = (uint32_t)d3 & 
> 0x3ff;
> + d4 += c;  c = (uint32_t)(d4 >> 26); h4 = (uint32_t)d4 & 
> 0x3ff;
> + h0 += c * 5;  c =   (h0 >> 26); 

Re: kill NLS (native language support) libc errno message

[sven falempin]

On Sat, Oct 24, 2015 at 10:44 AM, Stefan Sperling  wrote:

> On Sat, Oct 24, 2015 at 04:07:59PM +0200, Alexander Bluhm wrote:
> > Hi,
> >
> > The only thing that is translated into multiple languages in OpenBSD
> > are the errno messages and signal names.  Everything else is in
> > English.  We are not planning to translate more text.  Running a
> > mixed system with less than 1% of the text in native language makes
> > no sense.  So I suggest to remove the NLS support from libc messages.
> > The catopen(3) functions stay as they are.
> >
> > I already saw performance issues with NLS as generating error
> > messages currently requires disk access.
> >
> > I will take care of mtree and bsd.nls.mk if we agree on this
> > direction.
> >
> > There are some NLS leftovers in pledge(2).  I will remove them later
> > after people have updated libc.
> >
> > ok for the libc part?
>
> I am very happy to see this go away. There's no point in translating
> just strerror() strings, and there are no plans to translate the
> base system.
>
> Many ports will still use their own translations with gettext. The
> errno strings will be in English regardless of language settings,
> but everything else about gettext in ports will still work.
>
> OK by me.
>
>
English is not my native language and i like this nice diff.

[trivial] (type *)0 -> NULL

[Michael McConville]

While I'm in here:


Index: sys/lib/libsa/net.c
===
RCS file: /cvs/src/sys/lib/libsa/net.c,v
retrieving revision 1.19
diff -u -p -r1.19 net.c
--- sys/lib/libsa/net.c 26 Oct 2015 02:33:07 -  1.19
+++ sys/lib/libsa/net.c 26 Oct 2015 14:17:59 -
@@ -244,7 +244,7 @@ ip_convertaddr(const char *p)
 #define IP_ANYADDR 0
u_int32_t addr = 0, n;
 
-   if (p == (char *)0 || *p == '\0')
+   if (p == NULL || *p == '\0')
return IP_ANYADDR;
p = number(p, );
addr |= (n << 24) & 0xff00;

Re: pair(4) (was: connect routing domains on layer 2)

[gwes]

On 10/24/15 06:46, Reyk Floeter wrote:

vether doesn't help as it is not transmitting any traffic.
in other words, "vether is a bridge endpoint" "pair is a bridge link"
This may be a dead topic, but doesn't bridge_output() transmit for 
vether(4)?

Or am I missing the point entirely?

pair(4) does look very useful as a "cable". I just wonder why bridge(4)
doesn't act more like a physical switch which would accept the single
endpoint of a vether(4)

Geoff Steckel

Re: pair(4) (was: connect routing domains on layer 2)

[Theo de Raadt]

> On 10/24/15 06:46, Reyk Floeter wrote:
> > vether doesn't help as it is not transmitting any traffic.
> > in other words, "vether is a bridge endpoint" "pair is a bridge link"
> This may be a dead topic, but doesn't bridge_output() transmit for 
> vether(4)?
> Or am I missing the point entirely?
> 
> pair(4) does look very useful as a "cable". I just wonder why bridge(4)
> doesn't act more like a physical switch which would accept the single
> endpoint of a vether(4)

That is answered in the manual page.

Re: inteldrm(4) diff that needs testing

[Jan Stary]

On Oct 24 23:48:01, mark.kette...@xs4all.nl wrote:
> The diff below makes inteldrm(4) attach directly to pci(4) instead of
> vga(1).  Because inteldrm(4) depends on intagp(4), this also make
> intagp(4) a child of inteldrm(4).  Ultimately I'd like to integrate
> intagp(4) into inteldrm(4), but that's going to be a bit more work.
> 
> This diff is needed to make inteldrm(4) work when OpenBSD gets booted
> by UEFI firmware.  It will also make inteldrm(4) work on machines with
> discrete graphics.
> 
> This diff needs to be tested on a wide range of hardware.  So if you
> have a machine with inteldrm(4), please give it a shot.  I'm
> particularly interested in testing on an x40.

This is an old MacBook2,1 running current/amd64.
Both dmesg below, this is the hightlight of the dmesg diff:

-vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
-intagp0 at vga1
+inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
+intagp0 at inteldrm0
 agp0 at intagp0: aperture at 0xc000, size 0x1000
-inteldrm0 at vga1
 drm0 at inteldrm0
 inteldrm0: apic 1 int 16
 inteldrm0: 1280x800
-wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
+wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
 wsdisplay0: screen 1-5 added (std, vt100 emulation)
 "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
 vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and 
Frequency, rev 0x03) at pci0 dev 7 function 0 not configured

With the patch applied, X seems to run just fine,
including video-heavy things like firefox or mplayer .

It suspends but does not resume correctly; the resume does happen
(see below for /var/log/messages), but the screen is mostly black
with seemingly random color patches.

Unfortunately, I do not have any other access to the machine right now
(will try again on one of my networks where I can connect remotely).


Jan


Before:

OpenBSD 5.8-current (GENERIC.MP) #1537: Tue Oct 20 09:44:09 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3171901440 (3024MB)
avail mem = 3071705088 (2929MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (37 entries)
bios0: vendor Apple Inc. version "MB21.88Z.00A5.B07.0706270922" date 06/27/07
bios0: Apple Inc. MacBook2,1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
acpi0: wakeup devices ADP1(S3) LID0(S3) PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USB7(S3) EC__(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.61 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.26 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 4MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpimcfg0 at acpi0 addr 0xf000, bus 0-255
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (PCIB)
acpicpu0 at acpi0: !C3(100@55 mwait@0x31), !C2(500@1 mwait@0x10), C1(1000@1 
mwait), PSS
acpicpu1 at acpi0: !C3(100@55 mwait@0x31), !C2(500@1 mwait@0x10), C1(1000@1 
mwait), PSS
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "15253732082930497" type 15253732284385612 oem 
"15253732284387396"
acpivideo0 at acpi0: GFX0
cpu0: Enhanced SpeedStep 2161 MHz: speeds: 2167, 2000, 1833, 1667, 1500, 1333, 
1000 MHz
memory map conflict 0xbef0/0x10
memory map conflict 0xbf00/0x100
memory map conflict 0xf00f8000/0x1000
memory map conflict 0xfed1c000/0x4000
memory map conflict 0xfffb/0x3
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
intagp0 at vga1
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: apic 1 int 16
inteldrm0: 1280x800
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: 

Re: rewrite if_ifwithaddr() to use rtalloc(9)

[Martin Pieuchot]

On 26/10/15(Mon) 10:45, Vincent Gross wrote:
> regress/sys/net/rdomains still passes with this diff.

MP is hard!  Let me comment on your diff, you're taking the right
direction.

> Index: net/if.c
> ===
> RCS file: /cvs/src/sys/net/if.c,v
> retrieving revision 1.398
> diff -u -p -r1.398 if.c
> --- net/if.c  25 Oct 2015 21:58:04 -  1.398
> +++ net/if.c  26 Oct 2015 09:44:10 -
> @@ -1143,31 +1143,19 @@ if_congested(void)

You're forgetting the most interesting part of this function!  Its
comment:

/*
 * Locate an interface based on a complete address.
 */ 

Historically this function was returning an ``ifp'' and in most of the
cases that's exactly what we want.  So the code is dereferencing an
``ifa'' just to get ``ifp''.  The diff below changes some of this 
call just to give you an idea.

>  struct ifaddr *
>  ifa_ifwithaddr(struct sockaddr *addr, u_int rtableid)

>  {
> - struct ifnet *ifp;
>   struct ifaddr *ifa;
> + struct rtentry *rt;
>   u_int rdomain;
>  
> + /*
> +  * Local routes corresponding to ifas are in rdomain's
> +  * default rtable.
> +  */
>   rdomain = rtable_l2(rtableid);
> - TAILQ_FOREACH(ifp, , if_list) {
> - if (ifp->if_rdomain != rdomain)
> - continue;
> -
> - TAILQ_FOREACH(ifa, >if_addrlist, ifa_list) {
> - if (ifa->ifa_addr->sa_family != addr->sa_family)
> - continue;
> -
> - if (equal(addr, ifa->ifa_addr))
> - return (ifa);
> -
> - /* IPv6 doesn't have broadcast */
> - if ((ifp->if_flags & IFF_BROADCAST) &&
> - ifa->ifa_broadaddr &&
> - ifa->ifa_broadaddr->sa_len != 0 &&
> - equal(ifa->ifa_broadaddr, addr))
> - return (ifa);
> - }
> - }
> - return (NULL);
> + rt = rtalloc(addr, 0, rdomain);
> + ifa = rt && (rt->rt_flags & RTF_LOCAL) ? rt->rt_ifa : NULL;

Here you're forgetting RTF_BROADCAST and you should probably call
rtisvalid(9) instead of checking for (rt != NULL).

> + rtfree(rt);
> + return ifa;

This is currently correct but that's what we do not want.  As soon as
rtfree(9) is called ``ifa'' might be freed.

But let's take a step back.  All the ifa_if*() functions are a good hint
that some work has to be done for MP-safeness.  Accessing "" MUST
not be done in the hot path (only in ioctl path). 

There's two types of codes calling ifa_ifwithaddr().  Those that want
an ifp index (like divert) should probably use rt->rt_ifidx.  Those that
want a destination should use rt_key(rt) on a RTF_LOCAL|RTF_BROADCAST
route.

I'd better see an audit of all the functions calling ifa_if*() to see
if they are called in hot path and need to be rewritten or if we can
deal with them later.

The diff below is just a hint, I don't want to introduce a new
interface.


Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.393
diff -u -p -r1.393 if.c
--- net/if.c22 Oct 2015 17:48:34 -  1.393
+++ net/if.c23 Oct 2015 13:19:50 -
@@ -1138,12 +1138,38 @@ if_congested(void)
 /*
  * Locate an interface based on a complete address.
  */
+struct ifnet *
+if_withaddr(struct sockaddr *addr, unsigned int rtableid)
+{
+   struct ifnet *ifp;
+   struct ifaddr *ifa;
+   unsigned int rdomain;
+
+   rdomain = rtable_l2(rtableid);
+   TAILQ_FOREACH(ifp, , if_list) {
+   if (ifp->if_rdomain != rdomain)
+   continue;
+
+   TAILQ_FOREACH(ifa, >if_addrlist, ifa_list) {
+   if (ifa->ifa_addr->sa_family != addr->sa_family)
+   continue;
+
+   if (equal(addr, ifa->ifa_addr))
+   return (ifp);
+   }
+   }
+   return (NULL);
+}
+
+/*
+ * Locate an ``ifa'' based on a unicast or broadcast address.
+ */
 struct ifaddr *
-ifa_ifwithaddr(struct sockaddr *addr, u_int rtableid)
+ifa_ifwithaddr(struct sockaddr *addr, unsigned int rtableid)
 {
struct ifnet *ifp;
struct ifaddr *ifa;
-   u_int rdomain;
+   unsigned int rdomain;
 
rdomain = rtable_l2(rtableid);
TAILQ_FOREACH(ifp, , if_list) {
Index: net/route.c
===
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.258
diff -u -p -r1.258 route.c
--- net/route.c 22 Oct 2015 17:19:38 -  1.258
+++ net/route.c 23 Oct 2015 13:27:31 -
@@ -443,7 +443,7 @@ rtredirect(struct sockaddr *dst, struct 
if (!(flags & RTF_DONE) && rt &&
 (!equal(src, rt->rt_gateway) || rt->rt_ifa != ifa))
error = EINVAL;
-   

pwcache

[Ted Unangst]

Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
database open is a surprising abstraction violation for the caller of
user_from_uid. Now it has a file descriptor it must close before exec by
calling endpwent(), but this fact is not mentioned. (find is affected by this,
for example.)

Simplest fix is to just leave the database closed. The point of the cache is
to avoid calling getpwuid() at all, so we shouldn't worry about the
performance of that call so much. Now, the cache is rather stupid, and we can
fix that too, but first fix the real bug.


Index: gen/pwcache.c
===
RCS file: /cvs/src/lib/libc/gen/pwcache.c,v
retrieving revision 1.9
diff -u -p -r1.9 pwcache.c
--- gen/pwcache.c   8 Aug 2005 08:05:34 -   1.9
+++ gen/pwcache.c   26 Oct 2015 13:41:52 -
@@ -45,17 +45,12 @@ user_from_uid(uid_t uid, int nouser)
uid_t   uid;
charname[_PW_NAME_LEN + 1];
} c_uid[NCACHE];
-   static int pwopen;
static char nbuf[15];   /* 32 bits == 10 digits */
struct passwd *pw;
struct ncache *cp;
 
cp = c_uid + (uid & MASK);
if (cp->uid != uid || !*cp->name) {
-   if (pwopen == 0) {
-   setpassent(1);
-   pwopen = 1;
-   }
if ((pw = getpwuid(uid)) == NULL) {
if (nouser)
return (NULL);
@@ -75,17 +70,12 @@ group_from_gid(gid_t gid, int nogroup)
gid_t   gid;
charname[_PW_NAME_LEN + 1];
} c_gid[NCACHE];
-   static int gropen;
static char nbuf[15];   /* 32 bits == 10 digits */
struct group *gr;
struct ncache *cp;
 
cp = c_gid + (gid & MASK);
if (cp->gid != gid || !*cp->name) {
-   if (gropen == 0) {
-   setgroupent(1);
-   gropen = 1;
-   }
if ((gr = getgrgid(gid)) == NULL) {
if (nogroup)
return (NULL);

Re: pwcache

[Philip Guenther]

On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst  wrote:
> Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
> database open is a surprising abstraction violation for the caller of
> user_from_uid. Now it has a file descriptor it must close before exec by
> calling endpwent(), but this fact is not mentioned. (find is affected by this,
> for example.)

That last claim isn't true: the fds are marked close-on-exec so
there's no leakage.

Philip

csh: clean up left over NLS cruft

[Christian Weisgerber]

Clean up cruft made visible by the unifdefing:
* remove setlocale() calls
* remove write-only variable AsciiOnly 
* remove now unused string constants STRLANG, STRLC_CTYPE
* remove hardcoded support for ISO8859-1

OK?

Index: char.c
===
RCS file: /cvs/src/bin/csh/char.c,v
retrieving revision 1.5
diff -u -p -r1.5 char.c
--- char.c  26 Oct 2015 15:01:15 -  1.5
+++ char.c  26 Oct 2015 15:27:45 -
@@ -130,101 +130,8 @@ unsigned short _cmap[256] = {
_META|_CMD, 0,  0,  _CTR,
 
 //
-/* 128 - 255 The below is supposedly ISO 8859/1*/
+/* 128 - 255   */
 //
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* (undef) (undef) (undef) (undef) */
-   _CTR,   _CTR,   _CTR,   _CTR,
-
-/* nobreakspaceexclamdown  centsterling*/
-   _SP,0,  0,  0,
-
-/* currencyyen brokenbar   section */
-   0,  0,  0,  0,
-
-/* diaeresis   copyright   ordfeminine guillemotleft   */
-   0,  0,  0,  0,
-
-/* notsign hyphen  registered  macron  */
-   0,  0,  0,  0,
-
-/* degree  plusminus   twosuperior threesuperior   */
-   0,  0,  0,  0,
-
-/* acute   mu  paragraph   periodcentered  */
-   0,  0,  0,  0,
-
-/* cedilla onesuperior masculine   guillemotright  */
-   0,  0,  0,  0,
-
-/* onequarter  onehalf threequarters   questiondown*/
-   0,  0,  0,  0,
-
-/* Agrave  Aacute  Acircumflex Atilde  */
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_UP,
-
-/* Adiaeresis  Aring   AE  Ccedilla*/
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_UP,
-
-/* Egrave  Eacute  Ecircumflex Ediaeresis  */
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_UP,
-
-/* Igrave  Iacute  Icircumflex Idiaeresis  */
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_UP,
-
-/* ETH Ntilde  Ograve  Oacute  */
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_UP,
-
-/* Ocircumflex Otilde  Odiaeresis  multiply*/
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   0,
-
-/* OobliqueUgrave  Uacute  Ucircumflex */
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_UP,
-
-/* Udiaeresis  Yacute  THORN   ssharp  */
-   _LET|_UP,   _LET|_UP,   _LET|_UP,   _LET|_LOW,
-
-/* agrave  aacute  acircumflex atilde  */
-   _LET|_LOW,  _LET|_LOW,  _LET|_LOW,  _LET|_LOW,
-
-/* adiaeresis  aring   ae  ccedilla*/
-   _LET|_LOW,  _LET|_LOW,  _LET|_LOW,  _LET|_LOW,
-
-/* egrave  eacute  ecircumflex ediaeresis  */
-   _LET|_LOW,  _LET|_LOW,  _LET|_LOW,  _LET|_LOW,
-
-/* igrave  iacute  icircumflex idiaeresis  */
-   _LET|_LOW,  _LET|_LOW,  _LET|_LOW,  _LET|_LOW,
-
-/* eth ntilde  ograve  oacute  */
-   _LET|_LOW,  _LET|_LOW,  _LET|_LOW,  _LET|_LOW,
-
-/* ocircumflex otilde  odiaeresis  division   

Re: pwcache

[Todd C. Miller]

On Mon, 26 Oct 2015 11:39:48 -0400, "Ted Unangst" wrote:

> This improves the cache. Basically, it's kind of like four way
> associative now, with LRU replacement. Also we can cache nameless
> entries instead of going back to getpwuid every time.

Shouldn't those memcpy() be memmove()?

 - todd

Re: pwcache

[Ted Unangst]

Todd C. Miller wrote:
> On Mon, 26 Oct 2015 11:39:48 -0400, "Ted Unangst" wrote:
> 
> > This improves the cache. Basically, it's kind of like four way
> > associative now, with LRU replacement. Also we can cache nameless
> > entries instead of going back to getpwuid every time.
> 
> Shouldn't those memcpy() be memmove()?

They are part of the same array, but none of the elements should overlap.

Re: pwcache

[Ted Unangst]

Philip Guenther wrote:
> On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst  wrote:
> > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
> > database open is a surprising abstraction violation for the caller of
> > user_from_uid. Now it has a file descriptor it must close before exec by
> > calling endpwent(), but this fact is not mentioned. (find is affected by 
> > this,
> > for example.)
> 
> That last claim isn't true: the fds are marked close-on-exec so
> there's no leakage.

That's what I get for believing the lies of the setpassent() man page.

Re: csh: clean up left over NLS cruft

[Todd C. Miller]

On Mon, 26 Oct 2015 16:35:51 +0100, Christian Weisgerber wrote:

> Clean up cruft made visible by the unifdefing:
> * remove setlocale() calls
> * remove write-only variable AsciiOnly 
> * remove now unused string constants STRLANG, STRLC_CTYPE
> * remove hardcoded support for ISO8859-1

OK.

 - todd

Re: __predict_false for pledge

[Philip Guenther]

On Mon, Oct 26, 2015 at 8:46 AM, Michael McConville  wrote:
> We have a pretty strong guarantee that it can only happen once per
> process...
...
> --- sys/sys/syscall_mi.h9 Oct 2015 01:17:18 -   1.11
> +++ sys/sys/syscall_mi.h26 Oct 2015 15:13:44 -
> @@ -72,7 +72,8 @@ mi_syscall(struct proc *p, register_t co
> if (lock)
> KERNEL_LOCK();
> pledged = (p->p_p->ps_flags & PS_PLEDGE);
> -   if (pledged && !(tval = pledge_check(p, code))) {
> +   if (__predict_false(
> +   pledged && !(tval = pledge_check(p, code {

I disagree.  That's the code used on every syscall, not just once per
process and pledged is true for *most* of the processes on a -current
box.  No, that doesn't mean we should do __predict_true() there.

In general, __predict_{true,false} should be left in the tool box and
only pulled out after detailed dives into code paths involved.  For
all my banging on the project, I think I've used them in *two* places.


Philip Guenther

ChachaPoly-05: Chacha20-Poly1305 for software crypto

[Mike Belopuhov]

OK?

---
 sys/crypto/cryptosoft.c | 24 
 1 file changed, 24 insertions(+)

diff --git sys/crypto/cryptosoft.c sys/crypto/cryptosoft.c
index f735c7c..2a4abce 100644
--- sys/crypto/cryptosoft.c
+++ sys/crypto/cryptosoft.c
@@ -511,18 +511,20 @@ swcr_authenc(struct cryptop *crp)
return (EINVAL);
 
switch (sw->sw_alg) {
case CRYPTO_AES_GCM_16:
case CRYPTO_AES_GMAC:
+   case CRYPTO_CHACHA20_POLY1305:
swe = sw;
crde = crd;
exf = swe->sw_exf;
ivlen = exf->ivsize;
break;
case CRYPTO_AES_128_GMAC:
case CRYPTO_AES_192_GMAC:
case CRYPTO_AES_256_GMAC:
+   case CRYPTO_CHACHA20_POLY1305_MAC:
swa = sw;
crda = crd;
axf = swa->sw_axf;
if (swa->sw_ictx == 0)
return (EINVAL);
@@ -628,10 +630,19 @@ swcr_authenc(struct cryptop *crp)
*blkp = htobe32(aadlen * 8);
blkp = (uint32_t *)blk + 3;
*blkp = htobe32(crde->crd_len * 8);
axf->Update(, blk, axf->hashsize);
break;
+   case CRYPTO_CHACHA20_POLY1305_MAC:
+   /* length block */
+   bzero(blk, axf->hashsize);
+   blkp = (uint32_t *)blk;
+   *blkp = htole32(aadlen);
+   blkp = (uint32_t *)blk + 2;
+   *blkp = htole32(crde->crd_len);
+   axf->Update(, blk, axf->hashsize);
+   break;
}
 
/* Finalize MAC */
axf->Final(aalg, );
 
@@ -809,10 +820,13 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
goto enccommon;
case CRYPTO_AES_GMAC:
txf = _xform_aes_gmac;
(*swd)->sw_exf = txf;
break;
+   case CRYPTO_CHACHA20_POLY1305:
+   txf = _xform_chacha20_poly1305;
+   goto enccommon;
case CRYPTO_NULL:
txf = _xform_null;
goto enccommon;
enccommon:
if (txf->ctxsize > 0) {
@@ -912,10 +926,14 @@ swcr_newsession(u_int32_t *sid, struct cryptoini *cri)
axf = _hash_gmac_aes_192;
goto auth4common;
 
case CRYPTO_AES_256_GMAC:
axf = _hash_gmac_aes_256;
+   goto auth4common;
+
+   case CRYPTO_CHACHA20_POLY1305_MAC:
+   axf = _hash_chacha20_poly1305;
auth4common:
(*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA,
M_NOWAIT);
if ((*swd)->sw_ictx == NULL) {
swcr_freesession(i);
@@ -976,10 +994,11 @@ swcr_freesession(u_int64_t tid)
case CRYPTO_RIJNDAEL128_CBC:
case CRYPTO_AES_CTR:
case CRYPTO_AES_XTS:
case CRYPTO_AES_GCM_16:
case CRYPTO_AES_GMAC:
+   case CRYPTO_CHACHA20_POLY1305:
case CRYPTO_NULL:
txf = swd->sw_exf;
 
if (swd->sw_kschedule) {
explicit_bzero(swd->sw_kschedule, txf->ctxsize);
@@ -1006,10 +1025,11 @@ swcr_freesession(u_int64_t tid)
break;
 
case CRYPTO_AES_128_GMAC:
case CRYPTO_AES_192_GMAC:
case CRYPTO_AES_256_GMAC:
+   case CRYPTO_CHACHA20_POLY1305_MAC:
case CRYPTO_MD5:
case CRYPTO_SHA1:
axf = swd->sw_axf;
 
if (swd->sw_ictx) {
@@ -1108,10 +1128,12 @@ swcr_process(struct cryptop *crp)
case CRYPTO_AES_GCM_16:
case CRYPTO_AES_GMAC:
case CRYPTO_AES_128_GMAC:
case CRYPTO_AES_192_GMAC:
case CRYPTO_AES_256_GMAC:
+   case CRYPTO_CHACHA20_POLY1305:
+   case CRYPTO_CHACHA20_POLY1305_MAC:
crp->crp_etype = swcr_authenc(crp);
goto done;
 
case CRYPTO_DEFLATE_COMP:
if ((crp->crp_etype = swcr_compdec(crd, sw,
@@ -1171,10 +1193,12 @@ swcr_init(void)
algs[CRYPTO_SHA2_384_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_SHA2_512_HMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_128_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;
algs[CRYPTO_AES_192_GMAC] = CRYPTO_ALG_FLAG_SUPPORTED;

ChachaPoly-03: Chacha20-Poly1305 AEAD construction as per RFC7634

[Mike Belopuhov]

OK?

---
 sys/crypto/chachapoly.c | 94 +
 sys/crypto/chachapoly.h | 57 ++
 2 files changed, 151 insertions(+)
 create mode 100644 sys/crypto/chachapoly.c
 create mode 100644 sys/crypto/chachapoly.h

diff --git sys/crypto/chachapoly.c sys/crypto/chachapoly.c
new file mode 100644
index 000..a670ab9
--- /dev/null
+++ sys/crypto/chachapoly.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+int
+chacha20_setkey(void *sched, u_int8_t *key, int len)
+{
+   struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched;
+
+   if (len != CHACHA20_KEYSIZE + CHACHA20_SALT)
+   return (-1);
+
+   /* initial counter is 1 */
+   ctx->nonce[0] = 1;
+   memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+   CHACHA20_SALT);
+   chacha_keysetup((chacha_ctx *)>block, key, CHACHA20_KEYSIZE * 8);
+   return (0);
+}
+
+void
+chacha20_reinit(caddr_t key, u_int8_t *iv)
+{
+   struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+
+   chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce);
+}
+
+void
+chacha20_crypt(caddr_t key, u_int8_t *data)
+{
+   struct chacha20_ctx *ctx = (struct chacha20_ctx *)key;
+
+   chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data,
+   CHACHA20_BLOCK_LEN);
+}
+
+void
+Chacha_Poly_Init(CHACHA_POLY_CTX *ctx)
+{
+   memset(ctx, 0, sizeof(*ctx));
+}
+
+void
+Chacha_Poly_Setkey(CHACHA_POLY_CTX *ctx, const uint8_t *key, uint16_t klen)
+{
+   /* salt is part of the nonce */
+   memcpy(ctx->poly.nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE,
+   CHACHA20_SALT);
+   chacha_keysetup((chacha_ctx *)>chacha, key, CHACHA20_KEYSIZE * 8);
+}
+
+void
+Chacha_Poly_Reinit(CHACHA_POLY_CTX *ctx, const uint8_t *iv, uint16_t ivlen)
+{
+   /* initial counter is 0 */
+   chacha_ivsetup((chacha_ctx *)>chacha, iv, ctx->poly.nonce);
+   chacha_encrypt_bytes((chacha_ctx *)>chacha, ctx->poly.key,
+   ctx->poly.key, POLY1305_KEYLEN);
+   poly1305_init((poly1305_state *)>poly.state, ctx->poly.key);
+}
+
+int
+Chacha_Poly_Update(CHACHA_POLY_CTX *ctx, const uint8_t *data, uint16_t len)
+{
+   poly1305_update((poly1305_state *)>poly.state, data, len);
+   return (0);
+}
+
+void
+Chacha_Poly_Final(uint8_t digest[POLY1305_TAGLEN], CHACHA_POLY_CTX *ctx)
+{
+   poly1305_finish((poly1305_state *)>poly.state, digest);
+   explicit_bzero(>poly.state, sizeof(ctx->poly.state));
+}
diff --git sys/crypto/chachapoly.h sys/crypto/chachapoly.h
new file mode 100644
index 000..e358c0f
--- /dev/null
+++ sys/crypto/chachapoly.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015 Mike Belopuhov
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _CHACHAPOLY_H_
+#define _CHACHAPOLY_H_
+
+#define CHACHA20_KEYSIZE   32
+#define CHACHA20_CTR   4
+#define CHACHA20_SALT  4
+#define CHACHA20_NONCE 8
+#define CHACHA20_BLOCK_LEN 64
+
+struct chacha20_ctx {
+   uint8_t block[CHACHA20_BLOCK_LEN];
+   uint8_t nonce[CHACHA20_NONCE];
+};
+
+intchacha20_setkey(void *, u_int8_t *, int);
+void   chacha20_reinit(caddr_t, u_int8_t *);
+void   chacha20_crypt(caddr_t, u_int8_t *);
+
+
+#define POLY1305_KEYLEN32
+#define POLY1305_TAGLEN16
+#define POLY1305_BLOCK_LEN 16
+
+struct poly1305_ctx {
+   uint8_t key[POLY1305_KEYLEN];
+  

Re: pwcache

[Todd C. Miller]

On Mon, 26 Oct 2015 09:19:20 -0700, Philip Guenther wrote:

> Ah, I missed fixing that before.  How's this?

Looks fine to me, though I wonder whether other systems leak the fd.

 - todd

Re: __predict_false for pledge

[Michael McConville]

Ted Unangst wrote:
> Michael McConville wrote:
> > We have a pretty strong guarantee that it can only happen once per
> > process...
> 
> I don't think this really matters. What does it do to the assmembly,
> and how does that make things faster?

It lets the compiler know that the body is very unlikely to run so that
it won't unroll loops, and will maybe bump the condition body to the end
of the procedure, etc. It can also be used to annotate the branch with a
hint instruction, but I don't know how many architectures still use
those.

Not sure how people feel about these annotations. This is a pretty
classic use case, though.

Re: pwcache

[Todd C. Miller]

On Mon, 26 Oct 2015 12:07:33 -0400, "Ted Unangst" wrote:

> Todd C. Miller wrote:
> > On Mon, 26 Oct 2015 11:39:48 -0400, "Ted Unangst" wrote:
> > 
> > > This improves the cache. Basically, it's kind of like four way
> > > associative now, with LRU replacement. Also we can cache nameless
> > > entries instead of going back to getpwuid every time.
> > 
> > Shouldn't those memcpy() be memmove()?
> 
> They are part of the same array, but none of the elements should overlap.

OK, I wasn't able to convince myself that was the case.

 - todd

More easy rt_ifidx changes

[Martin Pieuchot]

Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.398
diff -u -p -r1.398 if.c
--- net/if.c25 Oct 2015 21:58:04 -  1.398
+++ net/if.c26 Oct 2015 16:02:06 -
@@ -2341,6 +2341,7 @@ if_group_routechange(struct sockaddr *ds
 int
 if_group_egress_build(void)
 {
+   struct ifnet*ifp;
struct ifg_group*ifg;
struct ifg_member   *ifgm, *next;
struct sockaddr_in   sa_in;
@@ -2364,8 +2365,11 @@ if_group_egress_build(void)
if (rt0 != NULL) {
rt = rt0;
do {
-   if (rt->rt_ifp)
-   if_addgroup(rt->rt_ifp, IFG_EGRESS);
+   ifp = if_get(rt->rt_ifidx);
+   if (ifp != NULL) {
+   if_addgroup(ifp, IFG_EGRESS);
+   if_put(ifp);
+   }
 #ifndef SMALL_KERNEL
rt = rt_mpath_next(rt);
 #else
@@ -2381,8 +2385,11 @@ if_group_egress_build(void)
if (rt0 != NULL) {
rt = rt0;
do {
-   if (rt->rt_ifp)
-   if_addgroup(rt->rt_ifp, IFG_EGRESS);
+   ifp = if_get(rt->rt_ifidx);
+   if (ifp != NULL) {
+   if_addgroup(ifp, IFG_EGRESS);
+   if_put(ifp);
+   }
 #ifndef SMALL_KERNEL
rt = rt_mpath_next(rt);
 #else
Index: net/pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.947
diff -u -p -r1.947 pf.c
--- net/pf.c13 Oct 2015 19:32:31 -  1.947
+++ net/pf.c26 Oct 2015 16:03:57 -
@@ -2912,6 +2912,7 @@ pf_get_mss(struct pf_pdesc *pd)
 u_int16_t
 pf_calc_mss(struct pf_addr *addr, sa_family_t af, int rtableid, u_int16_t 
offer)
 {
+   struct ifnet*ifp;
struct sockaddr_in  *dst;
 #ifdef INET6
struct sockaddr_in6 *dst6;
@@ -2944,11 +2945,12 @@ pf_calc_mss(struct pf_addr *addr, sa_fam
 #endif /* INET6 */
}
 
-   if (rt && rt->rt_ifp) {
-   mss = rt->rt_ifp->if_mtu - hlen - sizeof(struct tcphdr);
+   if (rt != NULL && (ifp = if_get(rt->rt_ifidx)) != NULL) {
+   mss = ifp->if_mtu - hlen - sizeof(struct tcphdr);
mss = max(tcp_mssdflt, mss);
-   rtfree(rt);
+   if_put(ifp);
}
+   rtfree(rt);
mss = min(mss, offer);
mss = max(mss, 64); /* sanity - at least max opt space */
return (mss);
Index: netinet6/nd6.c
===
RCS file: /cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.162
diff -u -p -r1.162 nd6.c
--- netinet6/nd6.c  25 Oct 2015 15:11:52 -  1.162
+++ netinet6/nd6.c  26 Oct 2015 16:23:23 -
@@ -392,8 +392,8 @@ nd6_llinfo_timer(void *arg)
 
if ((rt = ln->ln_rt) == NULL)
panic("ln->ln_rt == NULL");
-   if ((ifp = rt->rt_ifp) == NULL)
-   panic("ln->ln_rt->rt_ifp == NULL");
+   if ((ifp = if_get(rt->rt_ifidx)) == NULL)
+   return;
ndi = ND_IFINFO(ifp);
dst = satosin6(rt_key(rt));
 
@@ -477,6 +477,7 @@ nd6_llinfo_timer(void *arg)
break;
}
 
+   if_put(ifp);
splx(s);
 }
 

Re: pwcache

[Philip Guenther]

On Mon, Oct 26, 2015 at 9:05 AM, Ted Unangst  wrote:
> Philip Guenther wrote:
>> On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst  wrote:
>> > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd
>> > database open is a surprising abstraction violation for the caller of
>> > user_from_uid. Now it has a file descriptor it must close before exec by
>> > calling endpwent(), but this fact is not mentioned. (find is affected by 
>> > this,
>> > for example.)
>>
>> That last claim isn't true: the fds are marked close-on-exec so
>> there's no leakage.
>
> That's what I get for believing the lies of the setpassent() man page.

Ah, I missed fixing that before.  How's this?

Index: getpwent.3
===
RCS file: /data/src/openbsd/src/lib/libc/gen/getpwent.3,v
retrieving revision 1.29
diff -u -p -r1.29 getpwent.3
--- getpwent.3  15 Jan 2015 03:19:43 -  1.29
+++ getpwent.3  26 Oct 2015 16:18:00 -
@@ -73,12 +73,9 @@ that wish to process the complete list o
 It is dangerous for long-running programs to keep the file descriptors
 open as the database will become out of date if it is updated while the
 program is running.
-Furthermore, programs that run child processes should be careful to call
-.Fn endpwent
-to close these descriptors before calling
+However the file descriptors are automatically closed when
 .Xr execve 2
-or
-.Xr system 3 .
+is called.
 .Pp
 .Fn setpwent
 causes
Index: getpwnam.3
===
RCS file: /data/src/openbsd/src/lib/libc/gen/getpwnam.3,v
retrieving revision 1.7
diff -u -p -r1.7 getpwnam.3
--- getpwnam.3  15 Jan 2015 03:19:43 -  1.7
+++ getpwnam.3  26 Oct 2015 16:18:03 -
@@ -106,12 +106,9 @@ These file descriptors can be closed by
 It is dangerous for long-running programs to keep the file descriptors
 open as the database will become out of date if it is updated while the
 program is running.
-Furthermore, programs that run child processes should be careful to call
-.Xr endpwent 3
-to close these descriptors before calling
+However the file descriptors are automatically closed when
 .Xr execve 2
-or
-.Xr system 3 .
+is called.
 .Pp
 These routines have been written to
 .Dq shadow

Re: __predict_false for pledge

[Theo de Raadt]

> On Mon, Oct 26, 2015 at 8:46 AM, Michael McConville  wrote:
> > We have a pretty strong guarantee that it can only happen once per
> > process...
> ...
> > --- sys/sys/syscall_mi.h9 Oct 2015 01:17:18 -   1.11
> > +++ sys/sys/syscall_mi.h26 Oct 2015 15:13:44 -
> > @@ -72,7 +72,8 @@ mi_syscall(struct proc *p, register_t co
> > if (lock)
> > KERNEL_LOCK();
> > pledged = (p->p_p->ps_flags & PS_PLEDGE);
> > -   if (pledged && !(tval = pledge_check(p, code))) {
> > +   if (__predict_false(
> > +   pledged && !(tval = pledge_check(p, code {
> 
> I disagree.  That's the code used on every syscall, not just once per
> process and pledged is true for *most* of the processes on a -current
> box.  No, that doesn't mean we should do __predict_true() there.

I have no idea what it will do on all our platforms.

> In general, __predict_{true,false} should be left in the tool box and
> only pulled out after detailed dives into code paths involved.  For
> all my banging on the project, I think I've used them in *two* places.

I suspect there is more benefit to be gained through actual tested
refactoring (with assumption: systrace is almost never used).

Re: __predict_false for pledge

[Michael McConville]

Philip Guenther wrote:
> On Mon, Oct 26, 2015 at 8:46 AM, Michael McConville  wrote:
> > We have a pretty strong guarantee that it can only happen once per
> > process...
> ...
> > --- sys/sys/syscall_mi.h9 Oct 2015 01:17:18 -   1.11
> > +++ sys/sys/syscall_mi.h26 Oct 2015 15:13:44 -
> > @@ -72,7 +72,8 @@ mi_syscall(struct proc *p, register_t co
> > if (lock)
> > KERNEL_LOCK();
> > pledged = (p->p_p->ps_flags & PS_PLEDGE);
> > -   if (pledged && !(tval = pledge_check(p, code))) {
> > +   if (__predict_false(
> > +   pledged && !(tval = pledge_check(p, code {
> 
> I disagree.  That's the code used on every syscall, not just once per
> process and pledged is true for *most* of the processes on a -current
> box.  No, that doesn't mean we should do __predict_true() there.

That's what I mean - it's used on every syscall and it can never be true
more than once per process. (That's a pledge failure, and the program
will be terminated.)

> In general, __predict_{true,false} should be left in the tool box and
> only pulled out after detailed dives into code paths involved.  For
> all my banging on the project, I think I've used them in *two* places.

Passing thought: it'd be nice if the names were shorter. I feel like
much of the reason they're seen as cumbersome is that they're so
verbose. Linux uses likely() and unlikely(). __rare() could also work.

FWIW, below is what /usr/include/sys/cdefs.h says about them. Maybe
outdated.


/*
 * GNU C version 2.96 adds explicit branch prediction so that
 * the CPU back-end can hint the processor and also so that
 * code blocks can be reordered such that the predicted path
 * sees a more linear flow, thus improving cache behavior, etc.
 *
 * The following two macros provide us with a way to utilize this
 * compiler feature.  Use __predict_true() if you expect the expression
 * to evaluate to true, and __predict_false() if you expect the
 * expression to evaluate to false.
 *
 * A few notes about usage:
 *
 *  * Generally, __predict_false() error condition checks (unless
 *you have some _strong_ reason to do otherwise, in which case
 *document it), and/or __predict_true() `no-error' condition
 *checks, assuming you want to optimize for the no-error case.
 *
 *  * Other than that, if you don't know the likelihood of a test
 *succeeding from empirical or other `hard' evidence, don't
 *make predictions.
 *
 *  * These are meant to be used in places that are run `a lot'.
 *It is wasteful to make predictions in code that is run
 *seldomly (e.g. at subsystem initialization time) as the
 *basic block reordering that this affects can often generate
 *larger code.
 */

Re: __predict_false for pledge

[Theo de Raadt]

> Not sure how people feel about these annotations. This is a pretty
> classic use case, though.

No, the classic case is when the condition is a single variable, rather
than a condition "always true && rarely true".

Re: __predict_false for pledge

[Ted Unangst]

Michael McConville wrote:
> Ted Unangst wrote:
> > Michael McConville wrote:
> > > We have a pretty strong guarantee that it can only happen once per
> > > process...
> > 
> > I don't think this really matters. What does it do to the assmembly,
> > and how does that make things faster?
> 
> It lets the compiler know that the body is very unlikely to run so that
> it won't unroll loops, and will maybe bump the condition body to the end
> of the procedure, etc. It can also be used to annotate the branch with a
> hint instruction, but I don't know how many architectures still use
> those.

I meant in this case specifically. What is the *demonstrated* benefit?

Generally, not many fans of the annotation for the sake of annontation in
these parts. :)