Re: two bge(4) bugfixes
> This chunk doesn't make sense to me. The code is supposed to write a > magic value into SRAM, not into a register. If I understand if_bgereg.h correctly, access to the SRAM can be performed either through a simple indirect access (write address to the index register, read from or write to the data register), or through a fixed 32KB window in the pci address space, and the latter is not available on older models. Thus it makes sense to use write_op as determined from the board type earlier, rather than always use writemem_ind. Also, the following diff to if_bgereg.h makes sure that the window is used as a 32KB window, not a 64KB one. Index: if_bgereg.h === RCS file: /OpenBSD/src/sys/dev/pci/if_bgereg.h,v retrieving revision 1.128 diff -u -p -r1.128 if_bgereg.h --- if_bgereg.h 19 Oct 2015 05:31:25 - 1.128 +++ if_bgereg.h 1 Nov 2015 10:01:54 - @@ -47,7 +47,7 @@ * * The NIC's memory can be accessed by the host in one of 3 ways: * - * 1) Indirect register access. The MEMWIN_BASEADDR and MEMWIN_DATA + * 1) Indirect register access. The REG_BASEADDR and REG_DATA *registers in PCI config space can be used to read any 32-bit *address within the NIC's memory. * @@ -2272,15 +2272,15 @@ #defineBGE_MEMWIN_READ(pc, tag, x, val) \ do {\ pci_conf_write(pc, tag, BGE_PCI_MEMWIN_BASEADDR,\ - (0x & x)); \ - val = CSR_READ_4(sc, BGE_MEMWIN_START + (x & 0x)); \ + (0x8000 & x)); \ + val = CSR_READ_4(sc, BGE_MEMWIN_START + (x & 0x7FFF)); \ } while(0) #defineBGE_MEMWIN_WRITE(pc, tag, x, val) \ do {\ pci_conf_write(pc, tag, BGE_PCI_MEMWIN_BASEADDR,\ - (0x & x)); \ - CSR_WRITE_4(sc, BGE_MEMWIN_START + (x & 0x), val); \ + (0x8000 & x)); \ + CSR_WRITE_4(sc, BGE_MEMWIN_START + (x & 0x7FFF), val); \ } while(0) /*
Re: [PATCH] rcs: buf_free/rcsnum_free
I remember reading a while ago that people were thinking to use opencvs for anoncvs mirrors. I don't see any mirrors reporting as opencvs though... $ for h in $hosts; do printf "%-30s" $h; export CVSROOT="anoncvs@$h:/cvs"; cvs version | grep -v Client; done ; anoncvs.au.openbsd.orgServer: Concurrent Versions System (CVS) 1.11.1p1 (client/server) ftp5.eu.openbsd.org Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs1.ca.openbsd.org Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs.comstyle.com Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) openbsd.cs.toronto.eduServer: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs.fr.openbsd.orgServer: Concurrent Versions System (CVS) 1.11.1p1 (client/server) openbsd.cs.fau.de Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) mirror.osn.de Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) ftp.hostserver.de Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs.jp.openbsd.orgServer: Concurrent Versions System (CVS) 1.11.1p1 (client/server) openbsd.park.rambler.ru Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs.obsd.si Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs.eu.openbsd.orgServer: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs.spacehopper.org Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs1.usa.openbsd.org Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) anoncvs3.usa.openbsd.org Server: Concurrent Versions System (CVS) 1.11.1p1 (client/server) mirror.planetunix.net Server: Concurrent Versions System (CVS) 1.12.13 (client/server) On Fri, Oct 30, 2015 at 10:26:31AM +, Nicholas Marriott wrote: > I think it is never going to rise from the dead. > > Original message > From: Tobias Stoeckmann> Date:30/10/2015 10:06 (GMT+00:00) > To: "Michael W. Bombardieri" > Cc: Nicholas Marriott ,tech@openbsd.org > Subject: Re: [PATCH] rcs: buf_free/rcsnum_free > > On Fri, Oct 30, 2015 at 08:52:02AM +0800, Michael W. Bombardieri wrote: > > Sorry. Here is new diff. Hopefully I haven't missed anything else. > > You missed OpenCVS, which shares the same code base. > > But is OpenCVS worth it anymore? > Even a harsher question: Is it time to tedu it?
Re: [PATCH] rcs: buf_free/rcsnum_free
Some did for a while but it has some nasty bugs and nobody is working on fixing it. On Sun, Nov 01, 2015 at 03:08:54PM +0800, Michael W. Bombardieri wrote: > I remember reading a while ago that people were thinking to > use opencvs for anoncvs mirrors. I don't see any mirrors > reporting as opencvs though... > > $ for h in $hosts; do printf "%-30s" $h; export CVSROOT="anoncvs@$h:/cvs"; > cvs version | grep -v Client; done ; > anoncvs.au.openbsd.orgServer: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > ftp5.eu.openbsd.org Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs1.ca.openbsd.org Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs.comstyle.com Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > openbsd.cs.toronto.eduServer: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs.fr.openbsd.orgServer: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > openbsd.cs.fau.de Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > mirror.osn.de Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > ftp.hostserver.de Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs.jp.openbsd.orgServer: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > openbsd.park.rambler.ru Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs.obsd.si Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs.eu.openbsd.orgServer: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs.spacehopper.org Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs1.usa.openbsd.org Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > anoncvs3.usa.openbsd.org Server: Concurrent Versions System (CVS) > 1.11.1p1 (client/server) > mirror.planetunix.net Server: Concurrent Versions System (CVS) > 1.12.13 (client/server) > > On Fri, Oct 30, 2015 at 10:26:31AM +, Nicholas Marriott wrote: > > I think it is never going to rise from the dead. > > > > Original message > > From: Tobias Stoeckmann> > Date:30/10/2015 10:06 (GMT+00:00) > > To: "Michael W. Bombardieri" > > Cc: Nicholas Marriott ,tech@openbsd.org > > Subject: Re: [PATCH] rcs: buf_free/rcsnum_free > > > > On Fri, Oct 30, 2015 at 08:52:02AM +0800, Michael W. Bombardieri wrote: > > > Sorry. Here is new diff. Hopefully I haven't missed anything else. > > > > You missed OpenCVS, which shares the same code base. > > > > But is OpenCVS worth it anymore? > > Even a harsher question: Is it time to tedu it?
pledging m4
I did partial work before if was called pledge. Now, with fork and exec, simple pledge is easy. There might be something down the line to explicitly allow m4 to fork and exec, but unfortunately, the corresponding macros are used by both sendmail and autoconf scripts, so I would say they're rather ubiquitous. Index: main.c === RCS file: /cvs/src/usr.bin/m4/main.c,v retrieving revision 1.84 diff -u -p -r1.84 main.c --- main.c 21 Dec 2014 09:33:12 - 1.84 +++ main.c 1 Nov 2015 09:12:04 - @@ -174,6 +174,9 @@ main(int argc, char *argv[]) int n; char *p; + if (pledge("stdio proc exec rpath wpath cpath", NULL) == -1) + err(1, "pledge"); + if (signal(SIGINT, SIG_IGN) != SIG_IGN) signal(SIGINT, onintr);
Re: [PATCH] rcs: buf_free/rcsnum_free
On Sun, Nov 01, 2015 at 11:17:40AM +, Stuart Henderson wrote: > On 2015/11/01 08:03, Nicholas Marriott wrote: > > Some did for a while but it has some nasty bugs and nobody is working on > > fixing it. > > Some used it on amd64 for a while to avoid checkout failures due to > running into memory limits, but then I tracked it down and increased > the limit in CVSROOT/options to get around this. > > Switching between cvs and opencvs upstreams without making a fresh > checkout caused some problems so it's better if mirrors all just use > cvs. I think it should be moved into Attic. It's not like we've been nice to the pcc tree-import either after it lacked attention.
Re: [PATCH] rcs: buf_free/rcsnum_free
On 2015/11/01 08:03, Nicholas Marriott wrote: > Some did for a while but it has some nasty bugs and nobody is working on > fixing it. Some used it on amd64 for a while to avoid checkout failures due to running into memory limits, but then I tracked it down and increased the limit in CVSROOT/options to get around this. Switching between cvs and opencvs upstreams without making a fresh checkout caused some problems so it's better if mirrors all just use cvs.
relayd: improving sessions distribution across hosts in hash mode
Hi, relayd (when running relays) will distribute client sessions over hosts using various algorithms. Some of them generate a hash from different data and calculate modulo rlt->rlt_nhosts to find the host the session should go to. If this host is down, the current algorithm simply selects the next host that is up. This puts heavier load on this next host, it would be nicer if the connections would be distributed to more destinations. The following diff changes this algorithm: if the chosen host is not available, the hash value p is shifted to the right and the calculation is retried until a host that is usable is found or a maximum of retires is reached (in that case the old method is used). ok? diff --git usr.sbin/relayd/relay.c usr.sbin/relayd/relay.c index f14d7c9..9bb69ba 100644 --- usr.sbin/relayd/relay.c +++ usr.sbin/relayd/relay.c @@ -1220,6 +1220,8 @@ relay_from_table(struct rsession *con) struct relay_table *rlt = NULL; struct table*table = NULL; int idx = -1; + int cnt = 0; + int maxtries; u_int64_tp = 0; /* the table is already selected */ @@ -1275,18 +1277,38 @@ relay_from_table(struct rsession *con) /* NOTREACHED */ } if (idx == -1) { + /* handle all hashing algorithms */ p = SipHash24_End(>se_siphashctx); /* Reset hash context */ SipHash24_Init(>se_siphashctx, >rl_conf.hashkey.siphashkey); - if ((idx = p % rlt->rlt_nhosts) >= RELAY_MAXHOSTS) - return (-1); + maxtries = (rlt->rlt_nhosts < RELAY_MAX_HASH_RETRIES ? + rlt->rlt_nhosts : RELAY_MAX_HASH_RETRIES); + while (cnt < maxtries) { + if ((idx = p % rlt->rlt_nhosts) >= RELAY_MAXHOSTS) + return (-1); + + host = rlt->rlt_host[idx]; + + DPRINTF("%s: session %d: table %s host %s, " + "p 0x%016llx, idx %d, cnt %d, max %d", + __func__, con->se_id, table->conf.name, + host->conf.name, p, idx, cnt, maxtries); + + if (!table->conf.check || host->up == HOST_UP) + goto found; + p = p >> 1; + cnt++; + } + } else { + /* handle all non-hashing algorithms */ + host = rlt->rlt_host[idx]; + DPRINTF("%s: session %d: table %s host %s, p 0x%016llx, idx %d", + __func__, con->se_id, table->conf.name, host->conf.name, p, idx); } - host = rlt->rlt_host[idx]; - DPRINTF("%s: session %d: table %s host %s, p 0x%016llx, idx %d", - __func__, con->se_id, table->conf.name, host->conf.name, p, idx); + while (host != NULL) { DPRINTF("%s: session %d: host %s", __func__, con->se_id, host->conf.name); diff --git usr.sbin/relayd/relayd.h usr.sbin/relayd/relayd.h index 3c7dc89..2e0fd58 100644 --- usr.sbin/relayd/relayd.h +++ usr.sbin/relayd/relayd.h @@ -76,6 +76,7 @@ #define RELAY_BACKLOG 10 #define RELAY_MAXLOOKUPLEVELS 5 #define RELAY_OUTOF_FD_RETRIES 5 +#define RELAY_MAX_HASH_RETRIES 5 #define CONFIG_RELOAD 0x00 #define CONFIG_TABLES 0x01
Re: Upgrading flex?
Serguey Parkhomovsky wrote: > Is there any interest in having a newer version of flex in base? I > recently tried compiling some software with OpenBSD's flex, but had to > tweak some code in order to get it to compile with 2.5.4. Of course, I > could always install the flex in ports to get a newer version, but I > was wondering what would be involved/if anyone is working on this > already. tedu@ was talking about this very recently - I'd search the archives.
Tweaks to malloc(3) manpage
1. I don't see much reason to mention calloc() as an alternative to reallocarray() when it's the worse option. 2. Use size > 0 when testing overflow. ok? Index: lib/libc/stdlib/malloc.3 === RCS file: /cvs/src/lib/libc/stdlib/malloc.3,v retrieving revision 1.91 diff -u -p -r1.91 malloc.3 --- lib/libc/stdlib/malloc.314 Sep 2015 13:08:01 - 1.91 +++ lib/libc/stdlib/malloc.31 Nov 2015 16:35:17 - @@ -203,10 +203,6 @@ if ((p = reallocarray(NULL, num, size)) err(1, "reallocarray"); .Ed .Pp -Alternatively, -.Fn calloc -may be used at the cost of initialization overhead. -.Pp When using .Fn realloc , be careful to avoid the following idiom: @@ -291,7 +287,7 @@ size_t num, size; \&... /* Check for size_t overflow */ -if (size && num > SIZE_MAX / size) +if (size > 0 && num > SIZE_MAX / size) errc(1, EOVERFLOW, "overflow"); if ((p = malloc(size * num)) == NULL) @@ -309,7 +305,7 @@ if (size < 0 || num < 0) errc(1, EOVERFLOW, "overflow"); /* Check for signed int overflow */ -if (size && num > INT_MAX / size) +if (size > 0 && num > INT_MAX / size) errc(1, EOVERFLOW, "overflow"); if ((p = malloc(size * num)) == NULL)
Re: Another use of areallocarray() in ksh
Michael McConville wrote: > Mike Burns wrote: > > On 2015-11-01 10.44.45 -0500, Michael McConville wrote: > > > Index: history.c > > > === > > > RCS file: /cvs/src/bin/ksh/history.c,v > > > retrieving revision 1.52 > > > diff -u -p -r1.52 history.c > > > --- history.c 1 Nov 2015 15:38:53 - 1.52 > > > +++ history.c 1 Nov 2015 15:44:02 - > > > @@ -507,7 +507,7 @@ sethistsize(int n) > > > cursize = n; > > > } > > > > > > - history = (char **)aresize(history, n*sizeof(char *), APERM); > > > + history = areallocarray(history, n, sizeof(char *), APERM); > > > > Is this a memory leak? I'm thinking of the IDIOMS section of > > realloc(3). > > I don't think so. This is areallocarray(), a ksh-specific function, not > the stdlib's reallocarray(3). I'm pretty sure that a failed allocation > in ksh is fatal. It's defined in bin/ksh/alloc.c if you're interested. Also, I think that idiom only applies when you're incrementing a size variable (n, in this case) before reallocating.
Re: [PATCH] rcs: buf_free/rcsnum_free
> > I think it should be moved into Attic. It's not like we've been nice to > > the pcc tree-import either after it lacked attention. > > I agree, it has been unlinked from the build for more than 5 years. I don't agree. I still have some hope. Yes, it has problems. But go look at the code in gnu/usr.bin/cvs There were good reasons to start the effort...
Re: inteldrm(4) diff that needs testing
Hi Mark, Just tried amd64 snapshot (1st Nov) on Intel NUC5i7RYH and building world from source (updated around 4PM UTC, 1st Nov). While I do not get any kernel panic or crash as others may have faced, the behavior of some programs such as firefox, dillo under X (startx with default install) will give some strange rendering: Firefox/Dillo window will stay gray/black/blank. Still responsive but the display is not there. Moving the mouse over the window will un-hide some of the toolbar's button but that's all I managed to see. (this does not happen on 5.8-release and not sure if its related to that diff) Below full dmesg with some "error" lines displayed: error: [drm:pid20852:intel_dp_set_idle_link_train] *ERROR* Timed out waiting for DP idle patterns OpenBSD 5.8-current (GENERIC.MP) #1: Sun Nov 1 23:58:23 SGT 2015 r...@nuc.none:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16036732928 (15293MB) avail mem = 15546572800 (14826MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x36ee7000 (53 entries) bios0: vendor Intel Corporation version "RYBDWi35.86A.0350.2015.0812.1722" date 08/12/2015 bios0: Intel Corporation NUC5i7RYB acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT ASF! SSDT SSDT SSDT DMAR acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz, 3392.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz, 3392.15 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz, 3392.15 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz, 3392.15 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimadt0: bogus nmi for apid 3 acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus -1 (RP02) acpiprt6 at acpi0: bus -1 (RP03) acpiprt7 at acpi0: bus 2 (RP04) acpiprt8 at acpi0: bus -1 (RP05) acpiprt9 at acpi0: bus -1 (RP06) acpiprt10 at acpi0: bus -1 (RP07) acpiprt11 at acpi0: bus -1 (RP08) acpiec0 at acpi0: not present acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x31), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x31), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x31), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@230 mwait.1@0x31), C1(1000@1 mwait.1), PSS acpipwrres0 at
Another use of areallocarray() in ksh
ok? Index: history.c === RCS file: /cvs/src/bin/ksh/history.c,v retrieving revision 1.52 diff -u -p -r1.52 history.c --- history.c 1 Nov 2015 15:38:53 - 1.52 +++ history.c 1 Nov 2015 15:44:02 - @@ -507,7 +507,7 @@ sethistsize(int n) cursize = n; } - history = (char **)aresize(history, n*sizeof(char *), APERM); + history = areallocarray(history, n, sizeof(char *), APERM); histsize = n; histptr = history + cursize;
Re: [PATCH] rcs: buf_free/rcsnum_free
On Sun, Nov 01, 2015 at 01:10:21PM +0100, Tobias Stoeckmann wrote: > On Sun, Nov 01, 2015 at 11:17:40AM +, Stuart Henderson wrote: > > On 2015/11/01 08:03, Nicholas Marriott wrote: > > > Some did for a while but it has some nasty bugs and nobody is working on > > > fixing it. > > > > Some used it on amd64 for a while to avoid checkout failures due to > > running into memory limits, but then I tracked it down and increased > > the limit in CVSROOT/options to get around this. > > > > Switching between cvs and opencvs upstreams without making a fresh > > checkout caused some problems so it's better if mirrors all just use > > cvs. > > I think it should be moved into Attic. It's not like we've been nice to > the pcc tree-import either after it lacked attention. I agree, it has been unlinked from the build for more than 5 years.
Re: Another use of areallocarray() in ksh
Mike Burns wrote: > On 2015-11-01 10.44.45 -0500, Michael McConville wrote: > > Index: history.c > > === > > RCS file: /cvs/src/bin/ksh/history.c,v > > retrieving revision 1.52 > > diff -u -p -r1.52 history.c > > --- history.c 1 Nov 2015 15:38:53 - 1.52 > > +++ history.c 1 Nov 2015 15:44:02 - > > @@ -507,7 +507,7 @@ sethistsize(int n) > > cursize = n; > > } > > > > - history = (char **)aresize(history, n*sizeof(char *), APERM); > > + history = areallocarray(history, n, sizeof(char *), APERM); > > Is this a memory leak? I'm thinking of the IDIOMS section of > realloc(3). I don't think so. This is areallocarray(), a ksh-specific function, not the stdlib's reallocarray(3). I'm pretty sure that a failed allocation in ksh is fatal. It's defined in bin/ksh/alloc.c if you're interested.
Re: Another use of areallocarray() in ksh
On 2015-11-01 10.44.45 -0500, Michael McConville wrote: > Index: history.c > === > RCS file: /cvs/src/bin/ksh/history.c,v > retrieving revision 1.52 > diff -u -p -r1.52 history.c > --- history.c 1 Nov 2015 15:38:53 - 1.52 > +++ history.c 1 Nov 2015 15:44:02 - > @@ -507,7 +507,7 @@ sethistsize(int n) > cursize = n; > } > > - history = (char **)aresize(history, n*sizeof(char *), APERM); > + history = areallocarray(history, n, sizeof(char *), APERM); Is this a memory leak? I'm thinking of the IDIOMS section of realloc(3).
Re: inteldrm(4) diff that needs testing
I somehow missed this thread before posting to misc@. I’m using the Nov 1 snapshot with an OpenBSD-only EFI install on the internal SSD of a 2013 MacBook Air and inteldrm(4) does attach but immediately after the display is corrupted. I can start X just fine but the corruption remains. I can quit fvwm by carefully guessing where “Quit" is and X also shuts down just fine too. Bryan OpenBSD 5.8-current (GENERIC.MP) #1557: Sun Nov 1 07:21:09 MST 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error ffreal mem = 8509276160 (8115MB) avail mem = 8247255040 (7865MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0x8cd14000 (42 entries) bios0: vendor Apple Inc. version "MBA61.88Z.0099.B20.1509081314" date 09/08/2015 bios0: Apple Inc. MacBookAir6,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT MCFG DMAR acpi0: wakeup devices P0P2(S3) EC__(S3) HDEF(S3) RP01(S3) RP02(S3) RP03(S3) ARPT(S4) RP05(S3) RP06(S3) SPIT(S3) XHC1(S3) ADP1(S3) LID0(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.24 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz, 1600.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpiec0 at acpi0 acpimcfg0 at acpi0 addr 0xe000, bus 0-155 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus 2 (RP02) acpiprt4 at acpi0: bus 3 (RP03) acpiprt5 at acpi0: bus 5 (RP05) acpiprt6 at acpi0: bus 4 (RP06) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpibat0 at acpi0: BAT0 model "3545797981023400290" type 3545797981528607052 oem "3545797981528673619" acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpivideo0 at acpi0: IGPU acpivout0 at acpivideo0: DD01 cpu0: Enhanced SpeedStep 1600 MHz: speeds: 2301, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200, 1100, 1000, 900, 800, 759 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 5000" rev 0x09 drm0 at inteldrm0
Re: Drop register keyword from less(1)
No, I don't think we should do this because it will make updating to upstream less more difficult, and it is painful enough as it is. On Sun, Nov 01, 2015 at 02:25:58PM -0500, Michael McConville wrote: > Every one of these is in a var declaration, so a megadiff is probably > the easiest way to do it. > > ok? > > > Index: brac.c > === > RCS file: /cvs/src/usr.bin/less/brac.c,v > retrieving revision 1.6 > diff -u -p -r1.6 brac.c > --- brac.c25 Apr 2014 13:38:21 - 1.6 > +++ brac.c1 Nov 2015 19:19:16 - > @@ -25,13 +25,13 @@ > */ > public void > match_brac(obrac, cbrac, forwdir, n) > - register int obrac; > - register int cbrac; > + int obrac; > + int cbrac; > int forwdir; > int n; > { > - register int c; > - register int nest; > + int c; > + int nest; > POSITION pos; > int (*chget)(); > > Index: ch.c > === > RCS file: /cvs/src/usr.bin/less/ch.c,v > retrieving revision 1.10 > diff -u -p -r1.10 ch.c > --- ch.c 25 Apr 2014 13:38:21 - 1.10 > +++ ch.c 1 Nov 2015 19:19:16 - > @@ -144,11 +144,11 @@ static int ch_addbuf(); > int > ch_get() > { > - register struct buf *bp; > - register struct bufnode *bn; > - register int n; > - register int slept; > - register int h; > + struct buf *bp; > + struct bufnode *bn; > + int n; > + int slept; > + int h; > POSITION pos; > POSITION len; > > @@ -410,8 +410,8 @@ end_logfile() > public void > sync_logfile() > { > - register struct buf *bp; > - register struct bufnode *bn; > + struct buf *bp; > + struct bufnode *bn; > int warned = FALSE; > BLOCKNUM block; > BLOCKNUM nblocks; > @@ -448,9 +448,9 @@ sync_logfile() > buffered(block) > BLOCKNUM block; > { > - register struct buf *bp; > - register struct bufnode *bn; > - register int h; > + struct buf *bp; > + struct bufnode *bn; > + int h; > > h = BUFHASH(block); > FOR_BUFS_IN_CHAIN(h, bn) > @@ -468,7 +468,7 @@ buffered(block) > */ > public int > ch_seek(pos) > - register POSITION pos; > + POSITION pos; > { > BLOCKNUM new_block; > POSITION len; > @@ -537,8 +537,8 @@ ch_end_seek() > public int > ch_beg_seek() > { > - register struct bufnode *bn; > - register struct bufnode *firstbn; > + struct bufnode *bn; > + struct bufnode *firstbn; > > /* >* Try a plain ch_seek first. > @@ -595,7 +595,7 @@ ch_tell() > public int > ch_forw_get() > { > - register int c; > + int c; > > if (thisfile == NULL) > return (EOI); > @@ -658,7 +658,7 @@ ch_setbufspace(bufspace) > public void > ch_flush() > { > - register struct bufnode *bn; > + struct bufnode *bn; > > if (thisfile == NULL) > return; > @@ -725,8 +725,8 @@ ch_flush() > static int > ch_addbuf() > { > - register struct buf *bp; > - register struct bufnode *bn; > + struct buf *bp; > + struct bufnode *bn; > > /* >* Allocate and initialize a new buffer and link it > @@ -750,7 +750,7 @@ ch_addbuf() > static void > init_hashtbl() > { > - register int h; > + int h; > > for (h = 0; h < BUFHASH_SIZE; h++) > { > @@ -765,7 +765,7 @@ init_hashtbl() > static void > ch_delbufs() > { > - register struct bufnode *bn; > + struct bufnode *bn; > > while (ch_bufhead != END_OF_CHAIN) > { > Index: charset.c > === > RCS file: /cvs/src/usr.bin/less/charset.c,v > retrieving revision 1.10 > diff -u -p -r1.10 charset.c > --- charset.c 25 Apr 2014 13:38:21 - 1.10 > +++ charset.c 1 Nov 2015 19:19:16 - > @@ -134,9 +134,9 @@ public int binattr = AT_STANDOUT; > ichardef(s) > char *s; > { > - register char *cp; > - register int n; > - register char v; > + char *cp; > + int n; > + char v; > > n = 0; > v = 0; > @@ -189,11 +189,11 @@ ichardef(s) > */ > static int > icharset(name, no_error) > - register char *name; > + char *name; > int no_error; > { > - register struct charset *p; > - register struct cs_alias *a; > + struct charset *p; > + struct cs_alias *a; > > if (name == NULL || *name == '\0') > return (0); > @@ -233,7 +233,7 @@ icharset(name, no_error) > static void > ilocale() > { > - register int c; > + int c; > > for (c = 0; c < (int) sizeof(chardef); c++) > { > Index: cmdbuf.c > === > RCS file: /cvs/src/usr.bin/less/cmdbuf.c,v > retrieving revision 1.7 > diff -u -p -r1.7 cmdbuf.c > --- cmdbuf.c 25 Apr 2014 13:38:21
Re: Drop register keyword from less(1)
If we are going to diverge from upstream less, a better starting point would be https://github.com/gdamore/less-fork See also http://garrett.damore.org/2014_09_01_archive.html If you decide to tackle that you'll also want to diff our less against the stock version to make sure we don't lose any local changes, of which there were a few. - todd
Re: [PATCH] rcs: buf_free/rcsnum_free
On Sun, 01 Nov 2015 09:07:18 -0700, Theo de Raadt wrote: > > > I think it should be moved into Attic. It's not like we've been nice to > > > the pcc tree-import either after it lacked attention. > > > > I agree, it has been unlinked from the build for more than 5 years. > > I don't agree. I still have some hope. > > Yes, it has problems. But go look at the code in gnu/usr.bin/cvs > > There were good reasons to start the effort... I'd also like it to stick around for a bit longer. - todd
IPv6 DHCP-PD/SLAAC - no /64 route in routing table
Hi all, I'm having trouble with enabling IPv6 routing on my 5.8 gateway. (Internet)[DHCPv6+PD](em0-GW-axe0)[SLAAC/rtadvd] My box is connected to Comcast, I'm getting IPv6 address assignment over DHCPv6 (wide dhcp6c) on WAN interface(em0) together with prefix delegation and assigning this prefix to axe0 (internal interface). On axe0 i'm running rtadvd. My clients are getting IPv6 addresses properly assigned and i'm able to ping link-local address of my gw. but if I check ipv6 neighbors on my gw I see that there are no global addresses except permanent (GW-owned addresses). When I enabled nd6_debug in sysctl - i'm getting the following error message - my laptop send neighbor solicitation message to lookup GW's address: nd6_ns_input: src=2601:647:::82e6:50ff:fe04:e758 nd6_ns_input: dst=ff02:5::1:ff46:fb5c nd6_ns_input: tgt=2601:647:::cab3:73ff:fe46:fb5c nd6_ns_input: NS packet from non-neighbor nd6_ns_input: src=2601:647:::82e6:50ff:fe04:e758 nd6_ns_input: dst=ff02:5::1:ff46:fb5c $ndp -p 2601:647::::/64 if=axe0 flags=LD vltime=infinity, pltime=infinity, expire=Never, ref=1 No advertising router fe80::%axe0/64 if=axe0 flags=LAO vltime=infinity, pltime=infinity, expire=Never, ref=0 No advertising router fe80::%em0/64 if=em0 flags=LAO vltime=infinity, pltime=infinity, expire=Never, ref=0 No advertising router fe80::%lo0/64 if=lo0 flags=LAO vltime=infinity, pltime=infinity, expire=Never, ref=0 No advertising router In tcpdump I see nbr sol messages: 11:16:00.099357 2601:647:::82e6:50ff:fe04:e758 > ff02::1:ff46:fb5c: icmp6: neighbor sol: who has 2601:647:::cab3:73ff:fe46:fb5c 11:16:01.110618 2601:647:::82e6:50ff:fe04:e758 > ff02::1:ff46:fb5c: icmp6: neighbor sol: who has 2601:647::893a:cab3:73ff:fe46:fb5c ifconfig: # ifconfig axe0 axe0: flags=208843mtu 1500 lladdr c8:b3:73:46:fb:5c priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.0.1.254 netmask 0xff00 broadcast 10.0.1.255 inet6 fe80::cab3:73ff:fe46:fb5c%axe0 prefixlen 64 scopeid 0x5 inet6 2601:647:::cab3:73ff:fe46:fb5c prefixlen 64 It seems a bit strange that there is no connected DHCP-PD /64 prefix route in the routing table (as you can see above - interface have this prefix configured by dhcp6c): # route show -inet6 | grep 647 2601:647:: c8:b3:73:46:fb:5c UHLl 0 10 - 1 lo0 # netstat -rn | grep 647 2601:647:::cab3:73ff:fe46:fb5c c8:b3:73:46:fb:5c UHLl 0 10 - 1 lo0 As a result, if i try to do traceroute6 from the GW to my laptop (1 hop) - the packet gets routed to the default gw (ISP/WAN interface): $ traceroute6 2601:647:::82e6:50ff:fe04:e758 traceroute6 to 2601:647:::82e6:50ff:fe04:e758 (2601:647:::82e6:50ff:fe04:e758), 64 hops max, 60 byte packets 1 2001:558::::1 (2001:558::::1) 8.669 ms 8.08 ms 9.143 ms ^C Any suggestions/ideas? -- Thanks a lot, Yury.
Re: ChachaPoly-04: Hook up Chacha20-Poly1305 to the OCF
On Mon, Oct 26, 2015 at 18:30 +0100, Mike Belopuhov wrote: > OK? > Update due to changes in ChachaPoly-02. Right now those long lines fit into 80 symbol wide columns, but I'll see if I can clean it up further and remove those pesky casts. OK? --- sys/conf/files | 2 ++ sys/crypto/cryptodev.h | 9 ++--- sys/crypto/xform.c | 22 ++ sys/crypto/xform.h | 2 ++ 4 files changed, 32 insertions(+), 3 deletions(-) diff --git sys/conf/files sys/conf/files index 7e56c2e..9816077 100644 --- sys/conf/files +++ sys/conf/files @@ -858,10 +858,12 @@ file crypto/michael.c wlan file crypto/cmac.c wlan file crypto/hmac.c wlan | (softraid & crypto) file crypto/gmac.c ipsec | crypto file crypto/key_wrap.c wlan file crypto/idgen.cinet6 | nfsclient | nfsserver +file crypto/chachapoly.c ipsec | crypto +file crypto/poly1305.c ipsec | crypto file crypto/siphash.c file netmpls/mpls_input.c mpls file netmpls/mpls_output.c mpls file netmpls/mpls_proto.c mpls file netmpls/mpls_raw.cmpls diff --git sys/crypto/cryptodev.h sys/crypto/cryptodev.h index f4af569..5923512 100644 --- sys/crypto/cryptodev.h +++ sys/crypto/cryptodev.h @@ -75,11 +75,12 @@ #define DES_BLOCK_LEN 8 #define DES3_BLOCK_LEN 8 #define BLOWFISH_BLOCK_LEN 8 #define CAST128_BLOCK_LEN 8 #define RIJNDAEL128_BLOCK_LEN 16 -#define EALG_MAX_BLOCK_LEN 16 /* Keep this updated */ +#define CHACHA20_BLOCK_LEN 64 +#define EALG_MAX_BLOCK_LEN 64 /* Keep this updated */ /* Maximum hash algorithm result length */ #define AALG_MAX_RESULT_LEN64 /* Keep this updated */ #define CRYPTO_DES_CBC 1 @@ -105,12 +106,14 @@ #define CRYPTO_AES_GCM_16 23 #define CRYPTO_AES_128_GMAC24 #define CRYPTO_AES_192_GMAC25 #define CRYPTO_AES_256_GMAC26 #define CRYPTO_AES_GMAC27 -#define CRYPTO_ESN 28 /* Support for Extended Sequence Numbers */ -#define CRYPTO_ALGORITHM_MAX 28 /* Keep updated */ +#define CRYPTO_CHACHA20_POLY1305 28 +#define CRYPTO_CHACHA20_POLY1305_MAC 29 +#define CRYPTO_ESN 30 /* Support for Extended Sequence Numbers */ +#define CRYPTO_ALGORITHM_MAX 30 /* Keep updated */ /* Algorithm flags */ #defineCRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ #defineCRYPTO_ALG_FLAG_RNG_ENABLE 0x02 /* Has HW RNG for DH/DSA */ #defineCRYPTO_ALG_FLAG_DSA_SHA 0x04 /* Can do SHA on msg */ diff --git sys/crypto/xform.c sys/crypto/xform.c index aaf6f29..1a106ca 100644 --- sys/crypto/xform.c +++ sys/crypto/xform.c @@ -56,10 +56,11 @@ #include #include #include #include #include +#include extern void des_ecb3_encrypt(caddr_t, caddr_t, caddr_t, caddr_t, caddr_t, int); extern void des_ecb_encrypt(caddr_t, caddr_t, caddr_t, int); int des_set_key(void *, caddr_t); @@ -214,10 +215,20 @@ struct enc_xform enc_xform_aes_xts = { aes_xts_decrypt, aes_xts_setkey, aes_xts_reinit }; +struct enc_xform enc_xform_chacha20_poly1305 = { + CRYPTO_CHACHA20_POLY1305, "CHACHA20-POLY1305", + 1, 8, 32+4, 32+4, + sizeof(struct chacha20_ctx), + chacha20_crypt, + chacha20_crypt, + chacha20_setkey, + chacha20_reinit +}; + struct enc_xform enc_xform_arc4 = { CRYPTO_ARC4, "ARC4", 1, 1, 1, 32, 0, NULL, NULL, @@ -311,10 +322,21 @@ struct auth_hash auth_hash_gmac_aes_256 = { (void (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Reinit, (int (*)(void *, const u_int8_t *, u_int16_t)) AES_GMAC_Update, (void (*)(u_int8_t *, void *)) AES_GMAC_Final }; +struct auth_hash auth_hash_chacha20_poly1305 = { + CRYPTO_CHACHA20_POLY1305_MAC, "CHACHA20-POLY1305", + CHACHA20_KEYSIZE+CHACHA20_SALT, POLY1305_BLOCK_LEN, POLY1305_TAGLEN, + sizeof(CHACHA20_POLY1305_CTX), CHACHA20_BLOCK_LEN, + (void (*)(void *))Chacha20_Poly1305_Init, + (void (*)(void *, const u_int8_t *, u_int16_t))Chacha20_Poly1305_Setkey, + (void (*)(void *, const u_int8_t *, u_int16_t))Chacha20_Poly1305_Reinit, + (int (*)(void *, const u_int8_t *, u_int16_t))Chacha20_Poly1305_Update, + (void (*)(u_int8_t *, void *))Chacha20_Poly1305_Final +}; + struct auth_hash auth_hash_md5 = { CRYPTO_MD5, "MD5", 0, 16, 16, sizeof(MD5_CTX), 0, (void (*) (void *)) MD5Init, NULL, NULL, MD5Update_int, diff --git sys/crypto/xform.h sys/crypto/xform.h index 0e7678c..4591666 100644 --- sys/crypto/xform.h +++ sys/crypto/xform.h @@ -83,10 +83,11 @@ extern struct enc_xform enc_xform_cast5; extern struct enc_xform enc_xform_rijndael128; extern struct enc_xform enc_xform_aes_ctr; extern struct enc_xform enc_xform_aes_gcm; extern
Re: ChachaPoly-07: test vectors
On Mon, Oct 26, 2015 at 18:34 +0100, Mike Belopuhov wrote: > Rather scarce, but that's all we've been given so far. > I can add more chacha-only test cases, but I don't believe > that this is strictly necessary. > > OK? > Update due to Chacha20_Poly1305_* function name changes. Please note that this includes a slight adjustment to the second (data, not AAD) Chacha20_Poly1305_Update loop: I have removed a copy of leftover bytes into a temporary buffer to simulate the same loop in cryptosoft driver more closely, i.e. supply data in 64 byte (Chacha20 block size) chunks until the last block which is provided with a non-padded length. OK? --- regress/sys/crypto/Makefile | 1 + regress/sys/crypto/chachapoly/Makefile | 26 ++ regress/sys/crypto/chachapoly/chachapoly_test.c | 438 3 files changed, 465 insertions(+) create mode 100644 regress/sys/crypto/chachapoly/Makefile create mode 100644 regress/sys/crypto/chachapoly/chachapoly_test.c diff --git regress/sys/crypto/Makefile regress/sys/crypto/Makefile index 233dac3..3991e34 100644 --- regress/sys/crypto/Makefile +++ regress/sys/crypto/Makefile @@ -8,10 +8,11 @@ SUBDIR+= key_wrap .if defined(REGRESS_FULL) || make(clean) || make(cleandir) || make(obj) SUBDIR+= enc SUBDIR+= aesctr SUBDIR+= aesxts SUBDIR+= aes +SUBDIR+= chachapoly .endif install: .include diff --git regress/sys/crypto/chachapoly/Makefile regress/sys/crypto/chachapoly/Makefile new file mode 100644 index 000..827d1d0 --- /dev/null +++ regress/sys/crypto/chachapoly/Makefile @@ -0,0 +1,26 @@ +# $OpenBSD: Makefile,v 1.2 2014/01/18 05:54:52 martynas Exp $ + +DIR=${.CURDIR}/../../../../sys + +PROG= chachapoly_test +SRCS+= poly1305.c chachapoly.c chachapoly_test.c +CDIAGFLAGS=-Wall +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wno-uninitialized +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wsign-compare +#CDIAGFLAGS+= -Wshadow + +REGRESS_TARGETS= run-regress-${PROG} + +CFLAGS+= -I${DIR} + +.PATH: ${DIR}/crypto + +run-regress-${PROG}: ${PROG} + ./${PROG} + +.include diff --git regress/sys/crypto/chachapoly/chachapoly_test.c regress/sys/crypto/chachapoly/chachapoly_test.c new file mode 100644 index 000..6e074ae --- /dev/null +++ regress/sys/crypto/chachapoly/chachapoly_test.c @@ -0,0 +1,438 @@ +/* $OpenBSD: gmac_test.c,v 1.2 2011/04/04 16:46:22 deraadt Exp $ */ + +/* + * Copyright (c) 2010,2015 Mike Belopuhov+ * Copyright (c) 2005 Markus Friedl + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include +#include +#include +#include +#include +#include + +int debug = 0; + +enum { TST_KEY, TST_IV, TST_AAD, TST_PLAIN, TST_CIPHER, TST_TAG, TST_NUM }; + +struct { + char*data[TST_NUM]; +} tests[] = { + /* Chacha20, counter=1 test vectors */ + + /* Test vector from RFC7539 2.4.2 */ + { + /* key + salt */ + "00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f " + "10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f " + "00 00 00 00", + /* iv */ + "00 00 00 4a 00 00 00 00", + /* aad */ + NULL, + /* plaintext */ + "4c 61 64 69 65 73 20 61 6e 64 20 47 65 6e 74 6c " + "65 6d 65 6e 20 6f 66 20 74 68 65 20 63 6c 61 73 " + "73 20 6f 66 20 27 39 39 3a 20 49 66 20 49 20 63 " + "6f 75 6c 64 20 6f 66 66 65 72 20 79 6f 75 20 6f " + "6e 6c 79 20 6f 6e 65 20 74 69 70 20 66 6f 72 20 " + "74 68 65 20 66 75 74 75 72 65 2c 20 73 75 6e 73 " + "63 72 65 65 6e 20 77 6f 75 6c 64 20 62 65 20 69 " + "74 2e", + /* ciphertext */ + "6e 2e 35 9a 25 68 f9 80 41 ba 07 28 dd 0d 69 81 " + "e9 7e 7a ec 1d 43 60 c2 0a 27 af cc fd 9f ae 0b " + "f9 1b 65 c5 52 47 33 ab 8f 59 3d ab cd 62 b3 57 " + "16 39 d6 24 e6 51 52 ab 8f 53 0c 35 9f 08 61 d8 " + "07 ca 0d bf 50 0d 6a 61 56 a3 8e 08 8a 22 b6 5e " + "52 bc 51 4d 16 cc f8 06
Re: Tweaks to malloc(3) manpage
> 1. I don't see much reason to mention calloc() as an alternative to > reallocarray() when it's the worse option. calloc() still remains the portable option. Something should probably still be mentioned here, otherwise people fall back to unchecked malloc -- no matter what is stated further below regarding overflow checks. > 2. Use size > 0 when testing overflow. That feels wrong. The size variables in some code contexts may mistakenly be signed, yet assigned an unsigned value from a caller. You are trying to fight a losing battle with undefined behaviour handling in modern compilers, and programmers who don't have time to use static analysis tools. In case size is signed, it would be better to FAIL the overflow check as happens currently, rather multiply a negative number, end up with a result, malloc, and then screw things up.
Re: enhanced use-after-free detection for malloc v2
On Fri, Oct 30, 2015 at 11:51:17PM -0400, Daniel Micay wrote: > On 26/10/15 04:19 PM, Daniel Micay wrote: > > This is an improved revision of my earlier patch. > > > > It now validates the junk data in the delayed_chunks array in an atexit > > handler > > too, rather than just when allocations are swapped out. > > > > It will now catch this simple UAF 100% of the time: > > > > #include > > #include > > > > int main(void) { > > size_t i; > > char *p; > > for (i = 0; i < 32; i++) { > > p = malloc(16); > > if (!p) return 1; > > } > > > > p = malloc(16); > > if (!p) return 1; > > free(p); > > *p = 5; > > > > for (i = 0; i < 4; i++) { > > p = malloc(16); > > if (!p) return 1; > > free(p); > > } > > return 0; > > } > > > > In general, it depends on the allocation still being in the delayed chunks > > array when the use-after-free happens. This means a larger delayed chunks > > array would improve the detection rate. > > That revision was missing a NULL check as it got lost when refactoring > and the test cases weren't short enough to trigger it. Properly working > implementation: Hi Daniel, I did not have time to look into this up until now and I'm pretty sure I will not have much time in the near future. But after a casual look I consider this a very nice addition, so please do continue to persue this. To all others: please test and give Daniel feedback, -Otto > > diff --git a/stdlib/malloc.c b/stdlib/malloc.c > index 424dd77..c408594 100644 > --- a/stdlib/malloc.c > +++ b/stdlib/malloc.c > @@ -182,6 +182,7 @@ struct malloc_readonly { > int malloc_freeunmap; /* mprotect free pages PROT_NONE? */ > int malloc_hint;/* call madvice on free pages? */ > int malloc_junk;/* junk fill? */ > + int malloc_validate;/* validate junk */ > int malloc_move;/* move allocations to end of page? */ > int malloc_realloc; /* always realloc? */ > int malloc_xmalloc; /* xmalloc behaviour? */ > @@ -218,6 +219,8 @@ static void malloc_exit(void); > #define CALLER NULL > #endif > > +static void validate_delayed_chunks(void); > + > /* low bits of r->p determine size: 0 means >= page size and p->size > holding > * real size, otherwise r->size is a shift count, or 1 for malloc(0) > */ > @@ -560,6 +563,12 @@ omalloc_init(struct dir_info **dp) > case 'J': > mopts.malloc_junk = 2; > break; > + case 'v': > + mopts.malloc_validate = 0; > + break; > + case 'V': > + mopts.malloc_validate = 1; > + break; > case 'n': > case 'N': > break; > @@ -608,6 +617,9 @@ omalloc_init(struct dir_info **dp) > } > } > > + if (!mopts.malloc_junk) > + mopts.malloc_validate = 0; > + > #ifdef MALLOC_STATS > if (mopts.malloc_stats && (atexit(malloc_exit) == -1)) { > static const char q[] = "malloc() warning: atexit(2) failed." > @@ -616,6 +628,12 @@ omalloc_init(struct dir_info **dp) > } > #endif /* MALLOC_STATS */ > > + if (mopts.malloc_validate && (atexit(validate_delayed_chunks) == -1)) { > + static const char q[] = "malloc() warning: atexit(2) failed." > + " Will not be able to check for use after free\n"; > + write(STDERR_FILENO, q, sizeof(q) - 1); > + } > + > while ((mopts.malloc_canary = arc4random()) == 0) > ; > > @@ -1190,6 +1208,35 @@ malloc(size_t size) > /*DEF_STRONG(malloc);*/ > > static void > +validate_junk(void *p) { > + struct region_info *r; > + struct dir_info *pool = getpool(); > + size_t byte, sz; > + if (p == NULL) > + return; > + r = find(pool, p); > + if (r == NULL) > + wrterror("bogus pointer in validate_junk", p); > + REALSIZE(sz, r); > + for (byte = 0; byte < sz; byte++) { > + if (((char *)p)[byte] != SOME_FREEJUNK) { > + wrterror("use after free", p); > + return; > + } > + } > +} > + > +static void > +validate_delayed_chunks(void) { > + struct dir_info *pool = getpool(); > + int i; > + if (pool == NULL) > + return; > + for (i = 0; i < MALLOC_DELAYED_CHUNK_MASK + 1; i++) > + validate_junk(pool->delayed_chunks[i]); > +} > + > +static void > ofree(void *p) > { > struct dir_info *pool = getpool(); > @@ -1253,6 +1300,8 @@ ofree(void *p) > wrterror("double free", p); > return; > } > + if (mopts.malloc_validate) > +
Re: Drop register keyword from less(1)
less is code imported on a regular basis from upstream. Look at the commit log. > Every one of these is in a var declaration, so a megadiff is probably > the easiest way to do it. > > ok? > > > Index: brac.c > === > RCS file: /cvs/src/usr.bin/less/brac.c,v > retrieving revision 1.6 > diff -u -p -r1.6 brac.c > --- brac.c25 Apr 2014 13:38:21 - 1.6 > +++ brac.c1 Nov 2015 19:19:16 - > @@ -25,13 +25,13 @@ > */ > public void > match_brac(obrac, cbrac, forwdir, n) > - register int obrac; > - register int cbrac; > + int obrac; > + int cbrac; > int forwdir; > int n; > { > - register int c; > - register int nest; > + int c; > + int nest; > POSITION pos; > int (*chget)(); > > Index: ch.c > === > RCS file: /cvs/src/usr.bin/less/ch.c,v > retrieving revision 1.10 > diff -u -p -r1.10 ch.c > --- ch.c 25 Apr 2014 13:38:21 - 1.10 > +++ ch.c 1 Nov 2015 19:19:16 - > @@ -144,11 +144,11 @@ static int ch_addbuf(); > int > ch_get() > { > - register struct buf *bp; > - register struct bufnode *bn; > - register int n; > - register int slept; > - register int h; > + struct buf *bp; > + struct bufnode *bn; > + int n; > + int slept; > + int h; > POSITION pos; > POSITION len; > > @@ -410,8 +410,8 @@ end_logfile() > public void > sync_logfile() > { > - register struct buf *bp; > - register struct bufnode *bn; > + struct buf *bp; > + struct bufnode *bn; > int warned = FALSE; > BLOCKNUM block; > BLOCKNUM nblocks; > @@ -448,9 +448,9 @@ sync_logfile() > buffered(block) > BLOCKNUM block; > { > - register struct buf *bp; > - register struct bufnode *bn; > - register int h; > + struct buf *bp; > + struct bufnode *bn; > + int h; > > h = BUFHASH(block); > FOR_BUFS_IN_CHAIN(h, bn) > @@ -468,7 +468,7 @@ buffered(block) > */ > public int > ch_seek(pos) > - register POSITION pos; > + POSITION pos; > { > BLOCKNUM new_block; > POSITION len; > @@ -537,8 +537,8 @@ ch_end_seek() > public int > ch_beg_seek() > { > - register struct bufnode *bn; > - register struct bufnode *firstbn; > + struct bufnode *bn; > + struct bufnode *firstbn; > > /* >* Try a plain ch_seek first. > @@ -595,7 +595,7 @@ ch_tell() > public int > ch_forw_get() > { > - register int c; > + int c; > > if (thisfile == NULL) > return (EOI); > @@ -658,7 +658,7 @@ ch_setbufspace(bufspace) > public void > ch_flush() > { > - register struct bufnode *bn; > + struct bufnode *bn; > > if (thisfile == NULL) > return; > @@ -725,8 +725,8 @@ ch_flush() > static int > ch_addbuf() > { > - register struct buf *bp; > - register struct bufnode *bn; > + struct buf *bp; > + struct bufnode *bn; > > /* >* Allocate and initialize a new buffer and link it > @@ -750,7 +750,7 @@ ch_addbuf() > static void > init_hashtbl() > { > - register int h; > + int h; > > for (h = 0; h < BUFHASH_SIZE; h++) > { > @@ -765,7 +765,7 @@ init_hashtbl() > static void > ch_delbufs() > { > - register struct bufnode *bn; > + struct bufnode *bn; > > while (ch_bufhead != END_OF_CHAIN) > { > Index: charset.c > === > RCS file: /cvs/src/usr.bin/less/charset.c,v > retrieving revision 1.10 > diff -u -p -r1.10 charset.c > --- charset.c 25 Apr 2014 13:38:21 - 1.10 > +++ charset.c 1 Nov 2015 19:19:16 - > @@ -134,9 +134,9 @@ public int binattr = AT_STANDOUT; > ichardef(s) > char *s; > { > - register char *cp; > - register int n; > - register char v; > + char *cp; > + int n; > + char v; > > n = 0; > v = 0; > @@ -189,11 +189,11 @@ ichardef(s) > */ > static int > icharset(name, no_error) > - register char *name; > + char *name; > int no_error; > { > - register struct charset *p; > - register struct cs_alias *a; > + struct charset *p; > + struct cs_alias *a; > > if (name == NULL || *name == '\0') > return (0); > @@ -233,7 +233,7 @@ icharset(name, no_error) > static void > ilocale() > { > - register int c; > + int c; > > for (c = 0; c < (int) sizeof(chardef); c++) > { > Index: cmdbuf.c > === > RCS file: /cvs/src/usr.bin/less/cmdbuf.c,v > retrieving revision 1.7 > diff -u -p -r1.7 cmdbuf.c > --- cmdbuf.c 25 Apr 2014 13:38:21 - 1.7 > +++ cmdbuf.c 1 Nov 2015 19:19:16 - > @@ -525,7 +525,7 @@ cmd_ichar(cs, clen) > static int >
Re: enhanced use-after-free detection for malloc v2
(without mangling it this time...) diff --git a/stdlib/malloc.c b/stdlib/malloc.c index 424dd77..c408594 100644 --- a/stdlib/malloc.c +++ b/stdlib/malloc.c @@ -182,6 +182,7 @@ struct malloc_readonly { int malloc_freeunmap; /* mprotect free pages PROT_NONE? */ int malloc_hint;/* call madvice on free pages? */ int malloc_junk;/* junk fill? */ + int malloc_validate;/* validate junk */ int malloc_move;/* move allocations to end of page? */ int malloc_realloc; /* always realloc? */ int malloc_xmalloc; /* xmalloc behaviour? */ @@ -218,6 +219,8 @@ static void malloc_exit(void); #define CALLER NULL #endif +static void validate_delayed_chunks(void); + /* low bits of r->p determine size: 0 means >= page size and p->size holding * real size, otherwise r->size is a shift count, or 1 for malloc(0) */ @@ -560,6 +563,12 @@ omalloc_init(struct dir_info **dp) case 'J': mopts.malloc_junk = 2; break; + case 'v': + mopts.malloc_validate = 0; + break; + case 'V': + mopts.malloc_validate = 1; + break; case 'n': case 'N': break; @@ -608,6 +617,9 @@ omalloc_init(struct dir_info **dp) } } + if (!mopts.malloc_junk) + mopts.malloc_validate = 0; + #ifdef MALLOC_STATS if (mopts.malloc_stats && (atexit(malloc_exit) == -1)) { static const char q[] = "malloc() warning: atexit(2) failed." @@ -616,6 +628,12 @@ omalloc_init(struct dir_info **dp) } #endif /* MALLOC_STATS */ + if (mopts.malloc_validate && (atexit(validate_delayed_chunks) == -1)) { + static const char q[] = "malloc() warning: atexit(2) failed." + " Will not be able to check for use after free\n"; + write(STDERR_FILENO, q, sizeof(q) - 1); + } + while ((mopts.malloc_canary = arc4random()) == 0) ; @@ -1190,6 +1208,35 @@ malloc(size_t size) /*DEF_STRONG(malloc);*/ static void +validate_junk(void *p) { + struct region_info *r; + struct dir_info *pool = getpool(); + size_t byte, sz; + if (p == NULL) + return; + r = find(pool, p); + if (r == NULL) + wrterror("bogus pointer in validate_junk", p); + REALSIZE(sz, r); + for (byte = 0; byte < sz; byte++) { + if (((char *)p)[byte] != SOME_FREEJUNK) { + wrterror("use after free", p); + return; + } + } +} + +static void +validate_delayed_chunks(void) { + struct dir_info *pool = getpool(); + int i; + if (pool == NULL) + return; + for (i = 0; i < MALLOC_DELAYED_CHUNK_MASK + 1; i++) + validate_junk(pool->delayed_chunks[i]); +} + +static void ofree(void *p) { struct dir_info *pool = getpool(); @@ -1253,6 +1300,8 @@ ofree(void *p) wrterror("double free", p); return; } + if (mopts.malloc_validate) + validate_junk(p); pool->delayed_chunks[i] = tmp; } if (p != NULL) {
nd6 pool
Hi, To make the nd6 code more like arp, I would like to replace the llinfo malloc(9) with pool_get(9). ok? bluhm Index: netinet/if_ether.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/if_ether.c,v retrieving revision 1.179 diff -u -p -r1.179 if_ether.c --- netinet/if_ether.c 27 Oct 2015 15:22:58 - 1.179 +++ netinet/if_ether.c 1 Nov 2015 19:47:45 - @@ -215,7 +215,7 @@ arp_rtrequest(struct ifnet *ifp, int req la = pool_get(_pool, PR_NOWAIT | PR_ZERO); rt->rt_llinfo = (caddr_t)la; if (la == NULL) { - log(LOG_DEBUG, "%s: malloc failed\n", __func__); + log(LOG_DEBUG, "%s: pool get failed\n", __func__); break; } arp_inuse++; Index: netinet6/nd6.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/nd6.c,v retrieving revision 1.168 diff -u -p -r1.168 nd6.c --- netinet6/nd6.c 1 Nov 2015 17:02:44 - 1.168 +++ netinet6/nd6.c 1 Nov 2015 19:47:45 - @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -82,6 +83,7 @@ int nd6_debug = 1; int nd6_debug = 0; #endif +struct pool nd6_pool; /* pool for llinfo_nd6 structures */ static int nd6_inuse, nd6_allocated; struct llinfo_nd6 llinfo_nd6 = {_nd6, _nd6}; @@ -123,6 +125,8 @@ nd6_init(void) return; } + pool_init(_pool, sizeof(struct llinfo_nd6), 0, 0, 0, "nd6", NULL); + /* initialization of the default router list */ TAILQ_INIT(_defrouter); @@ -996,10 +1000,10 @@ nd6_rtrequest(struct ifnet *ifp, int req * Case 2: This route may come from cloning, or a manual route * add with a LL address. */ - ln = malloc(sizeof(*ln), M_RTABLE, M_NOWAIT | M_ZERO); + ln = pool_get(_pool, PR_NOWAIT | PR_ZERO); rt->rt_llinfo = (caddr_t)ln; if (ln == NULL) { - log(LOG_DEBUG, "%s: malloc failed\n", __func__); + log(LOG_DEBUG, "%s: pool get failed\n", __func__); break; } nd6_inuse++; @@ -1126,7 +1130,7 @@ nd6_rtrequest(struct ifnet *ifp, int req rt->rt_llinfo = NULL; rt->rt_flags &= ~RTF_LLINFO; m_freem(ln->ln_hold); - free(ln, M_RTABLE, 0); + pool_put(_pool, ln); } }
Re: ChachaPoly-03: Chacha20-Poly1305 AEAD construction as per RFC7634
On Tue, Oct 27, 2015 at 14:16 +0100, Mike Belopuhov wrote: > On Mon, Oct 26, 2015 at 18:29 +0100, Mike Belopuhov wrote: > > OK? > > > > Update due to poly1305.{c,h} changes. > 3rd update. I've been asked to use numbers (20 for Chacha and 1305 for Poly) in function/object names more consistently or rather always. This also includes a minor change in the Update method: due to the fact that we use a stock poly1305.c implementation that supports arbitrary input lengths we can use the same trick reyk@ does in his Libressl code and avoid additional code performing a data copy into a temporary buffer. Note that this will *not* avoid data copy: when poly1305_update is called on an incomplete buffer it will store up to 15 last bytes of input in the buffer within its context and will perform an actual computation when remaining bytes (data or zeroes) are provided or poly1305_finish is called whichever occurs first. Therefore this change just simplifies the Chacha20_Poly1305_Update method slightly. I have verified that this passes test vectors (an update is needed due to the change of function names) and works against old code as well as against itself in IPsec. Please note that the next diff ChachaPoly-04 will require an update as well due to the function name changes. OK? --- sys/crypto/chachapoly.c | 107 sys/crypto/chachapoly.h | 66 + 2 files changed, 173 insertions(+) create mode 100644 sys/crypto/chachapoly.c create mode 100644 sys/crypto/chachapoly.h diff --git sys/crypto/chachapoly.c sys/crypto/chachapoly.c new file mode 100644 index 000..647a8dd --- /dev/null +++ sys/crypto/chachapoly.c @@ -0,0 +1,107 @@ +/* + * Copyright (c) 2015 Mike Belopuhov + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +#include +#include +#include + +int +chacha20_setkey(void *sched, u_int8_t *key, int len) +{ + struct chacha20_ctx *ctx = (struct chacha20_ctx *)sched; + + if (len != CHACHA20_KEYSIZE + CHACHA20_SALT) + return (-1); + + /* initial counter is 1 */ + ctx->nonce[0] = 1; + memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE, + CHACHA20_SALT); + chacha_keysetup((chacha_ctx *)>block, key, CHACHA20_KEYSIZE * 8); + return (0); +} + +void +chacha20_reinit(caddr_t key, u_int8_t *iv) +{ + struct chacha20_ctx *ctx = (struct chacha20_ctx *)key; + + chacha_ivsetup((chacha_ctx *)ctx->block, iv, ctx->nonce); +} + +void +chacha20_crypt(caddr_t key, u_int8_t *data) +{ + struct chacha20_ctx *ctx = (struct chacha20_ctx *)key; + + chacha_encrypt_bytes((chacha_ctx *)ctx->block, data, data, + CHACHA20_BLOCK_LEN); +} + +void +Chacha20_Poly1305_Init(CHACHA20_POLY1305_CTX *ctx) +{ + memset(ctx, 0, sizeof(*ctx)); +} + +void +Chacha20_Poly1305_Setkey(CHACHA20_POLY1305_CTX *ctx, const uint8_t *key, +uint16_t klen) +{ + /* salt is part of the nonce */ + memcpy(ctx->nonce + CHACHA20_CTR, key + CHACHA20_KEYSIZE, + CHACHA20_SALT); + chacha_keysetup((chacha_ctx *)>chacha, key, CHACHA20_KEYSIZE * 8); +} + +void +Chacha20_Poly1305_Reinit(CHACHA20_POLY1305_CTX *ctx, const uint8_t *iv, +uint16_t ivlen) +{ + /* initial counter is 0 */ + chacha_ivsetup((chacha_ctx *)>chacha, iv, ctx->nonce); + chacha_encrypt_bytes((chacha_ctx *)>chacha, ctx->key, ctx->key, + POLY1305_KEYLEN); + poly1305_init((poly1305_state *)>poly, ctx->key); +} + +int +Chacha20_Poly1305_Update(CHACHA20_POLY1305_CTX *ctx, const uint8_t *data, +uint16_t len) +{ + static const char zeroes[POLY1305_BLOCK_LEN]; + size_t rem; + + poly1305_update((poly1305_state *)>poly, data, len); + + /* Number of bytes in the last 16 byte block */ + rem = (len + POLY1305_BLOCK_LEN) & (POLY1305_BLOCK_LEN - 1); + if (rem > 0) + poly1305_update((poly1305_state *)>poly, zeroes, + POLY1305_BLOCK_LEN - rem); + return (0); +} + +void +Chacha20_Poly1305_Final(uint8_t tag[POLY1305_TAGLEN], +CHACHA20_POLY1305_CTX *ctx) +{ + poly1305_finish((poly1305_state *)>poly, tag); + explicit_bzero(ctx, sizeof(*ctx)); +} diff --git
Drop register keyword from less(1)
Every one of these is in a var declaration, so a megadiff is probably the easiest way to do it. ok? Index: brac.c === RCS file: /cvs/src/usr.bin/less/brac.c,v retrieving revision 1.6 diff -u -p -r1.6 brac.c --- brac.c 25 Apr 2014 13:38:21 - 1.6 +++ brac.c 1 Nov 2015 19:19:16 - @@ -25,13 +25,13 @@ */ public void match_brac(obrac, cbrac, forwdir, n) - register int obrac; - register int cbrac; + int obrac; + int cbrac; int forwdir; int n; { - register int c; - register int nest; + int c; + int nest; POSITION pos; int (*chget)(); Index: ch.c === RCS file: /cvs/src/usr.bin/less/ch.c,v retrieving revision 1.10 diff -u -p -r1.10 ch.c --- ch.c25 Apr 2014 13:38:21 - 1.10 +++ ch.c1 Nov 2015 19:19:16 - @@ -144,11 +144,11 @@ static int ch_addbuf(); int ch_get() { - register struct buf *bp; - register struct bufnode *bn; - register int n; - register int slept; - register int h; + struct buf *bp; + struct bufnode *bn; + int n; + int slept; + int h; POSITION pos; POSITION len; @@ -410,8 +410,8 @@ end_logfile() public void sync_logfile() { - register struct buf *bp; - register struct bufnode *bn; + struct buf *bp; + struct bufnode *bn; int warned = FALSE; BLOCKNUM block; BLOCKNUM nblocks; @@ -448,9 +448,9 @@ sync_logfile() buffered(block) BLOCKNUM block; { - register struct buf *bp; - register struct bufnode *bn; - register int h; + struct buf *bp; + struct bufnode *bn; + int h; h = BUFHASH(block); FOR_BUFS_IN_CHAIN(h, bn) @@ -468,7 +468,7 @@ buffered(block) */ public int ch_seek(pos) - register POSITION pos; + POSITION pos; { BLOCKNUM new_block; POSITION len; @@ -537,8 +537,8 @@ ch_end_seek() public int ch_beg_seek() { - register struct bufnode *bn; - register struct bufnode *firstbn; + struct bufnode *bn; + struct bufnode *firstbn; /* * Try a plain ch_seek first. @@ -595,7 +595,7 @@ ch_tell() public int ch_forw_get() { - register int c; + int c; if (thisfile == NULL) return (EOI); @@ -658,7 +658,7 @@ ch_setbufspace(bufspace) public void ch_flush() { - register struct bufnode *bn; + struct bufnode *bn; if (thisfile == NULL) return; @@ -725,8 +725,8 @@ ch_flush() static int ch_addbuf() { - register struct buf *bp; - register struct bufnode *bn; + struct buf *bp; + struct bufnode *bn; /* * Allocate and initialize a new buffer and link it @@ -750,7 +750,7 @@ ch_addbuf() static void init_hashtbl() { - register int h; + int h; for (h = 0; h < BUFHASH_SIZE; h++) { @@ -765,7 +765,7 @@ init_hashtbl() static void ch_delbufs() { - register struct bufnode *bn; + struct bufnode *bn; while (ch_bufhead != END_OF_CHAIN) { Index: charset.c === RCS file: /cvs/src/usr.bin/less/charset.c,v retrieving revision 1.10 diff -u -p -r1.10 charset.c --- charset.c 25 Apr 2014 13:38:21 - 1.10 +++ charset.c 1 Nov 2015 19:19:16 - @@ -134,9 +134,9 @@ public int binattr = AT_STANDOUT; ichardef(s) char *s; { - register char *cp; - register int n; - register char v; + char *cp; + int n; + char v; n = 0; v = 0; @@ -189,11 +189,11 @@ ichardef(s) */ static int icharset(name, no_error) - register char *name; + char *name; int no_error; { - register struct charset *p; - register struct cs_alias *a; + struct charset *p; + struct cs_alias *a; if (name == NULL || *name == '\0') return (0); @@ -233,7 +233,7 @@ icharset(name, no_error) static void ilocale() { - register int c; + int c; for (c = 0; c < (int) sizeof(chardef); c++) { Index: cmdbuf.c === RCS file: /cvs/src/usr.bin/less/cmdbuf.c,v retrieving revision 1.7 diff -u -p -r1.7 cmdbuf.c --- cmdbuf.c25 Apr 2014 13:38:21 - 1.7 +++ cmdbuf.c1 Nov 2015 19:19:16 - @@ -525,7 +525,7 @@ cmd_ichar(cs, clen) static int cmd_erase() { - register char *s; + char *s; int clen; if (cp == cmdbuf) Index: command.c === RCS file: /cvs/src/usr.bin/less/command.c,v retrieving revision
Re: inteldrm(4) diff that needs testing
On Oct 26 13:31:14, h...@stare.cz wrote: > On Oct 24 23:48:01, mark.kette...@xs4all.nl wrote: > > The diff below makes inteldrm(4) attach directly to pci(4) instead of > > vga(1). Because inteldrm(4) depends on intagp(4), this also make > > intagp(4) a child of inteldrm(4). Ultimately I'd like to integrate > > intagp(4) into inteldrm(4), but that's going to be a bit more work. > > > > This diff is needed to make inteldrm(4) work when OpenBSD gets booted > > by UEFI firmware. It will also make inteldrm(4) work on machines with > > discrete graphics. > > > > This diff needs to be tested on a wide range of hardware. So if you > > have a machine with inteldrm(4), please give it a shot. I'm > > particularly interested in testing on an x40. > > This is an old MacBook2,1 running current/amd64. > Both dmesg below, this is the hightlight of the dmesg diff: > > -vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 > -intagp0 at vga1 > +inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 > +intagp0 at inteldrm0 > agp0 at intagp0: aperture at 0xc000, size 0x1000 > -inteldrm0 at vga1 > drm0 at inteldrm0 > inteldrm0: apic 1 int 16 > inteldrm0: 1280x800 > -wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) > +wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) > wsdisplay0: screen 1-5 added (std, vt100 emulation) > "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured > vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and > Frequency, rev 0x03) at pci0 dev 7 function 0 not configured > > With the patch applied, X seems to run just fine, > including video-heavy things like firefox or mplayer . > > It suspends but does not resume correctly; the resume does happen > (see below for /var/log/messages), but the screen is mostly black > with seemingly random color patches. > > Unfortunately, I do not have any other access to the machine right now > (will try again on one of my networks where I can connect remotely). I can confirm the machine does wake up and can be accessed remotely; but the screen remains garbled. This is with the latest current/amd64 snapshot and a kernel compiled with the patch. (Is the patch already in?) Please let me know if I can help test it further. Jan > > > Before: > > OpenBSD 5.8-current (GENERIC.MP) #1537: Tue Oct 20 09:44:09 MDT 2015 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 3171901440 (3024MB) > avail mem = 3071705088 (2929MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (37 entries) > bios0: vendor Apple Inc. version "MB21.88Z.00A5.B07.0706270922" date 06/27/07 > bios0: Apple Inc. MacBook2,1 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT > acpi0: wakeup devices ADP1(S3) LID0(S3) PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) > USB3(S3) USB4(S3) USB7(S3) EC__(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.61 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR > cpu0: 4MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 166MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.26 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR > cpu1: 4MB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins > ioapic0: misconfigured as apic 0, remapped to apid 1 > acpimcfg0 at acpi0 addr 0xf000, bus 0-255 > acpiec0 at acpi0 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (RP01) > acpiprt2 at acpi0: bus 2 (RP02) > acpiprt3 at acpi0: bus 3 (PCIB) > acpicpu0 at acpi0: !C3(100@55 mwait@0x31), !C2(500@1 mwait@0x10), C1(1000@1 > mwait), PSS > acpicpu1 at acpi0: !C3(100@55 mwait@0x31), !C2(500@1 mwait@0x10), C1(1000@1 > mwait), PSS > acpiac0 at acpi0: AC unit online > acpibtn0 at acpi0: LID0 > acpibtn1 at acpi0: PWRB > acpibtn2 at acpi0: SLPB > acpibat0 at acpi0: BAT0 model "15253732082930497" type 15253732284385612 oem > "15253732284387396" > acpivideo0 at acpi0: GFX0 > cpu0: Enhanced SpeedStep 2161 MHz: speeds: 2167, 2000, 1833, 1667, 1500, > 1333, 1000 MHz > memory map conflict 0xbef0/0x10 > memory map
Merge bugfix from NetBSD's mountd(8)
The two most recent diffs here: http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.sbin/mountd/mountd.c?only_with_tag=MAIN Here's the referenced PR: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=48282 Essentially, we daemonize after rather than before registering the service. Diff below. Is anyone running an NFS server on -current willing to test? Index: mountd.c === RCS file: /cvs/src/sbin/mountd/mountd.c,v retrieving revision 1.81 diff -u -p -r1.81 mountd.c --- mountd.c20 Aug 2015 22:16:35 - 1.81 +++ mountd.c2 Nov 2015 06:12:12 - @@ -242,6 +242,24 @@ main(int argc, char *argv[]) get_mountlist(); if (debug) fprintf(stderr, "Here we go.\n"); + + signal(SIGHUP, (void (*)(int)) new_exportlist); + signal(SIGTERM, (void (*)(int)) send_umntall); + signal(SIGSYS, SIG_IGN); + if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL || + (tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) { + syslog(LOG_ERR, "Can't create socket"); + exit(1); + } + pmap_unset(RPCPROG_MNT, RPCMNT_VER1); + pmap_unset(RPCPROG_MNT, RPCMNT_VER3); + if (!svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, IPPROTO_UDP) || + !svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, IPPROTO_UDP) || + !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, IPPROTO_TCP) || + !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, IPPROTO_TCP)) { + syslog(LOG_ERR, "Can't register mount"); + exit(1); + } if (debug == 0) { daemon(0, 0); signal(SIGINT, SIG_IGN); @@ -263,24 +281,6 @@ main(int argc, char *argv[]) if (pidfile) { fprintf(pidfile, "%ld\n", (long)getpid()); fclose(pidfile); - } - - signal(SIGHUP, (void (*)(int)) new_exportlist); - signal(SIGTERM, (void (*)(int)) send_umntall); - signal(SIGSYS, SIG_IGN); - if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL || - (tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) { - syslog(LOG_ERR, "Can't create socket"); - exit(1); - } - pmap_unset(RPCPROG_MNT, RPCMNT_VER1); - pmap_unset(RPCPROG_MNT, RPCMNT_VER3); - if (!svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, IPPROTO_UDP) || - !svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, IPPROTO_UDP) || - !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, IPPROTO_TCP) || - !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, IPPROTO_TCP)) { - syslog(LOG_ERR, "Can't register mount"); - exit(1); } mountd_svc_run(); syslog(LOG_ERR, "Mountd died");
Re: Merge bugfix from NetBSD's mountd(8)
Michael McConville wrote: > Diff below. Is anyone running an NFS server on -current willing to > test? Disregard, this needs more initial testing (by me) first. It's hanging when registering the service. > Index: mountd.c > === > RCS file: /cvs/src/sbin/mountd/mountd.c,v > retrieving revision 1.81 > diff -u -p -r1.81 mountd.c > --- mountd.c 20 Aug 2015 22:16:35 - 1.81 > +++ mountd.c 2 Nov 2015 06:12:12 - > @@ -242,6 +242,24 @@ main(int argc, char *argv[]) > get_mountlist(); > if (debug) > fprintf(stderr, "Here we go.\n"); > + > + signal(SIGHUP, (void (*)(int)) new_exportlist); > + signal(SIGTERM, (void (*)(int)) send_umntall); > + signal(SIGSYS, SIG_IGN); > + if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL || > + (tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) { > + syslog(LOG_ERR, "Can't create socket"); > + exit(1); > + } > + pmap_unset(RPCPROG_MNT, RPCMNT_VER1); > + pmap_unset(RPCPROG_MNT, RPCMNT_VER3); > + if (!svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, > IPPROTO_UDP) || > + !svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, > IPPROTO_UDP) || > + !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, > IPPROTO_TCP) || > + !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, > IPPROTO_TCP)) { > + syslog(LOG_ERR, "Can't register mount"); > + exit(1); > + } > if (debug == 0) { > daemon(0, 0); > signal(SIGINT, SIG_IGN); > @@ -263,24 +281,6 @@ main(int argc, char *argv[]) > if (pidfile) { > fprintf(pidfile, "%ld\n", (long)getpid()); > fclose(pidfile); > - } > - > - signal(SIGHUP, (void (*)(int)) new_exportlist); > - signal(SIGTERM, (void (*)(int)) send_umntall); > - signal(SIGSYS, SIG_IGN); > - if ((udptransp = svcudp_create(RPC_ANYSOCK)) == NULL || > - (tcptransp = svctcp_create(RPC_ANYSOCK, 0, 0)) == NULL) { > - syslog(LOG_ERR, "Can't create socket"); > - exit(1); > - } > - pmap_unset(RPCPROG_MNT, RPCMNT_VER1); > - pmap_unset(RPCPROG_MNT, RPCMNT_VER3); > - if (!svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, > IPPROTO_UDP) || > - !svc_register(udptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, > IPPROTO_UDP) || > - !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER1, mntsrv, > IPPROTO_TCP) || > - !svc_register(tcptransp, RPCPROG_MNT, RPCMNT_VER3, mntsrv, > IPPROTO_TCP)) { > - syslog(LOG_ERR, "Can't register mount"); > - exit(1); > } > mountd_svc_run(); > syslog(LOG_ERR, "Mountd died"); >
ftp(1): pledge smaller subset in SMALL version
Hi there, at the moment ftp pledges "proc exec" in its SMALL version, but not otherwise. This seems wrong, because the SMALL version does not support interactive mode (which needs "proc exec" for e.g. the page command), while the !SMALL version does. The patch below switches the two pledges, so that the SMALL version pledges a smaller subset. Cheers, Frederic Index: usr.bin/ftp/main.c === RCS file: /cvs/src/usr.bin/ftp/main.c,v retrieving revision 1.104 diff -u -p -r1.104 main.c --- usr.bin/ftp/main.c 18 Oct 2015 03:39:37 - 1.104 +++ usr.bin/ftp/main.c 2 Nov 2015 05:29:39 - @@ -444,21 +444,21 @@ main(volatile int argc, char *argv[]) if (isurl(argv[0])) { if (pipeout) { #ifndef SMALL - if (pledge("stdio rpath dns tty inet fattr", + if (pledge("stdio rpath dns tty inet proc exec fattr", NULL) == -1) err(1, "pledge"); #else - if (pledge("stdio rpath dns tty inet proc exec fattr", + if (pledge("stdio rpath dns tty inet fattr", NULL) == -1) err(1, "pledge"); #endif } else { #ifndef SMALL - if (pledge("stdio rpath wpath cpath dns tty inet fattr", + if (pledge("stdio rpath wpath cpath dns tty inet proc exec fattr", NULL) == -1) err(1, "pledge"); #else - if (pledge("stdio rpath wpath cpath dns tty inet proc exec fattr", + if (pledge("stdio rpath wpath cpath dns tty inet fattr", NULL) == -1) err(1, "pledge"); #endif