Add readonly flag to tftpd

[Matthew Martin]

Add a -R flag to tftpd for a read only mode. This allows for a tighter
pledge than currently possible because by default existing files can be
overwritten (but no new files created). Perhaps read only should be the
default since it is surprising that tftp can overwrite by default.

- Matthew Martin



Index: tftpd.8
===
RCS file: /cvs/src/usr.sbin/tftpd/tftpd.8,v
retrieving revision 1.5
diff -u -p -r1.5 tftpd.8
--- tftpd.8 18 Jul 2015 05:32:56 -  1.5
+++ tftpd.8 24 Jan 2016 08:49:11 -
@@ -37,7 +37,7 @@
 .Nd DARPA Trivial File Transfer Protocol daemon
 .Sh SYNOPSIS
 .Nm tftpd
-.Op Fl 46cdv
+.Op Fl 46cdRv
 .Op Fl l Ar address
 .Op Fl p Ar port
 .Op Fl r Ar socket
@@ -113,6 +113,8 @@ listens on the port indicated in the
 .Ql tftp
 service description; see
 .Xr services 5 .
+.It Fl R
+Only allow read requests.
 .It Fl r Ar socket
 Issue filename rewrite requests to the specified UNIX domain socket.
 .Nm
Index: tftpd.c
===
RCS file: /cvs/src/usr.sbin/tftpd/tftpd.c,v
retrieving revision 1.34
diff -u -p -r1.34 tftpd.c
--- tftpd.c 14 Dec 2015 16:34:55 -  1.34
+++ tftpd.c 24 Jan 2016 08:49:11 -
@@ -268,6 +268,7 @@ usage(void)
 }
 
 int  cancreate = 0;
+int  readonly = 0;
 int  verbose = 0;
 
 int
@@ -286,7 +287,7 @@ main(int argc, char *argv[])
char *port = "tftp";
int family = AF_UNSPEC;
 
-   while ((c = getopt(argc, argv, "46cdl:p:r:v")) != -1) {
+   while ((c = getopt(argc, argv, "46cdl:p:Rr:v")) != -1) {
switch (c) {
case '4':
family = AF_INET;
@@ -296,6 +297,7 @@ main(int argc, char *argv[])
break;
case 'c':
cancreate = 1;
+   readonly = 0;
break;
case 'd':
verbose = debug = 1;
@@ -306,6 +308,10 @@ main(int argc, char *argv[])
case 'p':
port = optarg;
break;
+   case 'R':
+   readonly = 1;
+   cancreate = 0;
+   break;
case 'r':
rewrite = optarg;
break;
@@ -358,8 +364,13 @@ main(int argc, char *argv[])
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
errx(1, "can't drop privileges");
 
-   if (pledge("stdio rpath wpath cpath fattr dns inet", NULL) == -1)
-   err(1, "pledge");
+   if (readonly) {
+   if (pledge("stdio rpath dns inet", NULL) == -1)
+   err(1, "pledge");
+   } else {
+   if (pledge("stdio rpath wpath cpath fattr dns inet", NULL) == 
-1)
+   err(1, "pledge");
+   }
 
event_init();
 
@@ -966,7 +977,7 @@ validate_access(struct tftp_client *clie
if ((stbuf.st_mode & (S_IRUSR >> 6)) == 0)
return (EACCESS);
} else {
-   if ((stbuf.st_mode & (S_IWUSR >> 6)) == 0)
+   if (readonly || (stbuf.st_mode & (S_IWUSR >> 6)) == 0)
return (EACCESS);
}
}

Re: keep track of HT protection in 11n mode

[Stefan Sperling]

On Thu, Jan 21, 2016 at 01:57:28AM +0100, Stefan Sperling wrote:
> On Wed, Jan 20, 2016 at 10:16:53PM +0100, Stefan Sperling wrote:
> > On Wed, Jan 20, 2016 at 10:04:11PM +0100, Stefan Sperling wrote:
> > > This diff makes us keep track of changes in the network's HT protection
> > > settings. These settings are advertised in beacons and change dynamically
> > > based on the nature of clients associated to an AP at a given moment.
> > > 
> > > Tracking these changes is rather important.
> > > If a non-11n client associates to an AP which previously had 11n clients
> > > only, we must update our wireless device's configuration accordingly or
> > > the new client might damage frames we send out.
> > 
> > This diff still has issues on iwn(4). Don't test there yet, please...
> 
> This diff works fine for me with both iwm(4) and iwn(4).
> 
> I couldn't figure out how to make proper use of iwn's RXON_ASSOC command.
> Linux uses this command to avoid having to restore a lot of state in 
> firmware when changing RXON flags. In my case sending RXON_ASSOC always
> broke Tx. I'm now using an implementation which uses RXON but works.

I know a few people have been testing this. Anyone who wants to
review? My plan is to commit this soon unless I hear objections.

> Index: dev/pci/if_iwm.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
> retrieving revision 1.75
> diff -u -p -r1.75 if_iwm.c
> --- dev/pci/if_iwm.c  7 Jan 2016 23:08:38 -   1.75
> +++ dev/pci/if_iwm.c  21 Jan 2016 00:31:38 -
> @@ -294,6 +294,8 @@ int   iwm_nvm_read_section(struct iwm_soft
>   uint16_t *);
>  void iwm_init_channel_map(struct iwm_softc *, const uint16_t * const);
>  void iwm_setup_ht_rates(struct iwm_softc *);
> +void iwm_htprot_task(void *);
> +void iwm_update_htprot(struct ieee80211com *, struct ieee80211_node *);
>  int  iwm_ampdu_rx_start(struct ieee80211com *,
>   struct ieee80211_node *, uint8_t);
>  void iwm_ampdu_rx_stop(struct ieee80211com *,
> @@ -2602,6 +2604,34 @@ iwm_mvm_sta_rx_agg(struct iwm_softc *sc,
>  }
>  
>  void
> +iwm_htprot_task(void *arg)
> +{
> + struct iwm_softc *sc = arg;
> + struct ieee80211com *ic = >sc_ic;
> + struct iwm_node *in = (void *)ic->ic_bss;
> + int error;
> +
> + /* This call updates HT protection based on in->in_ni.ni_htop1. */
> + error = iwm_mvm_mac_ctxt_changed(sc, in);
> + if (error != 0)
> + printf("%s: could not change HT protection: error %d\n",
> + DEVNAME(sc), error);
> +}
> +
> +/*
> + * This function is called by upper layer when HT protection settings in
> + * beacons have changed.
> + */
> +void
> +iwm_update_htprot(struct ieee80211com *ic, struct ieee80211_node *ni)
> +{
> + struct iwm_softc *sc = ic->ic_softc;
> +
> + /* assumes that ni == ic->ic_bss */
> + task_add(systq, >htprot_task);
> +}
> +
> +void
>  iwm_ba_task(void *arg)
>  {
>   struct iwm_softc *sc = arg;
> @@ -5878,6 +5908,7 @@ iwm_stop(struct ifnet *ifp, int disable)
>   task_del(sc->sc_eswq, >sc_eswk);
>   task_del(systq, >setrates_task);
>   task_del(systq, >ba_task);
> + task_del(systq, >htprot_task);
>  
>   sc->sc_newstate(ic, IEEE80211_S_INIT, -1);
>  
> @@ -6586,6 +6617,7 @@ iwm_preinit(struct iwm_softc *sc)
>   /* Override 802.11 state transition machine. */
>   sc->sc_newstate = ic->ic_newstate;
>   ic->ic_newstate = iwm_newstate;
> + ic->ic_update_htprot = iwm_update_htprot;
>   ic->ic_ampdu_rx_start = iwm_ampdu_rx_start;
>   ic->ic_ampdu_rx_stop = iwm_ampdu_rx_stop;
>  #ifdef notyet
> @@ -6822,6 +6854,7 @@ iwm_attach(struct device *parent, struct
>   task_set(>newstate_task, iwm_newstate_task, sc);
>   task_set(>setrates_task, iwm_setrates_task, sc);
>   task_set(>ba_task, iwm_ba_task, sc);
> + task_set(>htprot_task, iwm_htprot_task, sc);
>  
>   /*
>* We cannot read the MAC address without loading the
> Index: dev/pci/if_iwmvar.h
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwmvar.h,v
> retrieving revision 1.15
> diff -u -p -r1.15 if_iwmvar.h
> --- dev/pci/if_iwmvar.h   5 Jan 2016 18:41:15 -   1.15
> +++ dev/pci/if_iwmvar.h   20 Jan 2016 17:37:06 -
> @@ -376,6 +376,9 @@ struct iwm_softc {
>   int ba_tid;
>   uint16_tba_ssn;
>  
> + /* Task for HT protection updates. */
> + struct task htprot_task;
> +
>   bus_space_tag_t sc_st;
>   bus_space_handle_t sc_sh;
>   bus_size_t sc_sz;
> Index: dev/pci/if_iwn.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwn.c,v
> retrieving revision 1.157
> diff -u -p -r1.157 if_iwn.c
> --- dev/pci/if_iwn.c  13 Jan 2016 14:39:35 -  1.157
> +++ dev/pci/if_iwn.c  21 Jan 2016 00:42:59 -
> @@ 

bktr uiomove() conversion

[Martin Natano]

Below the conversion from uiomovei() to uiomove() for bktr. The patch
also replaces two occurrences of uio->uio_iov->iov_len with
uio->uio_resid. I don't see a reason why bktr should inspect iov_len
directly.

Index: dev/pci/bktr/bktr_core.c
===
RCS file: /cvs/src/sys/dev/pci/bktr/bktr_core.c,v
retrieving revision 1.36
diff -u -p -u -r1.36 bktr_core.c
--- dev/pci/bktr/bktr_core.c14 Mar 2015 03:38:49 -  1.36
+++ dev/pci/bktr/bktr_core.c24 Jan 2016 11:25:49 -
@@ -993,7 +993,7 @@ int
 video_read(bktr_ptr_t bktr, int unit, dev_t dev, struct uio *uio)
 {
 int status;
-int count;
+size_t  count;
 
 
if (bktr->bigbuf == 0)  /* no frame buffer allocated (ioctl failed) */
@@ -1008,7 +1008,7 @@ video_read(bktr_ptr_t bktr, int unit, de
count = bktr->rows * bktr->cols *
pixfmt_table[ bktr->pixfmt ].public.Bpp;
 
-   if ((int) uio->uio_iov->iov_len < count)
+   if (uio->uio_resid < count)
return( EINVAL );
 
bktr->flags &= ~(METEOR_CAP_MASK | METEOR_WANT_MASK);
@@ -1027,7 +1027,7 @@ video_read(bktr_ptr_t bktr, int unit, de
 
status = tsleep(BKTR_SLEEP, BKTRPRI, "captur", 0);
if (!status)/* successful capture */
-   status = uiomovei((caddr_t)bktr->bigbuf, count, uio);
+   status = uiomove((caddr_t)bktr->bigbuf, count, uio);
else
printf ("%s: read: tsleep error %d\n",
bktr_name(bktr), status);
@@ -1047,7 +1047,7 @@ video_read(bktr_ptr_t bktr, int unit, de
 int
 vbi_read(bktr_ptr_t bktr, struct uio *uio, int ioflag)
 {
-   int readsize, readsize2;
+   size_t  readsize, readsize2;
int status;
 
 
@@ -1067,22 +1067,20 @@ vbi_read(bktr_ptr_t bktr, struct uio *ui
/* We cannot read more bytes than there are in
 * the circular buffer
 */
-   readsize = (int)uio->uio_iov->iov_len;
-
-   if (readsize > bktr->vbisize) readsize = bktr->vbisize;
+   readsize = ulmin(uio->uio_resid, bktr->vbisize);
 
/* Check if we can read this number of bytes without having
 * to wrap around the circular buffer */
-   if((bktr->vbistart + readsize) >= VBI_BUFFER_SIZE) {
+   if (readsize >= VBI_BUFFER_SIZE - bktr->vbistart) {
/* We need to wrap around */
 
readsize2 = VBI_BUFFER_SIZE - bktr->vbistart;
-   status = uiomovei((caddr_t)bktr->vbibuffer + bktr->vbistart, 
readsize2, uio);
+   status = uiomove((caddr_t)bktr->vbibuffer + bktr->vbistart, 
readsize2, uio);
if (status == 0)
-   status = uiomovei((caddr_t)bktr->vbibuffer, (readsize - 
readsize2), uio);
+   status = uiomove((caddr_t)bktr->vbibuffer, (readsize - 
readsize2), uio);
} else {
/* We do not need to wrap around */
-   status = uiomovei((caddr_t)bktr->vbibuffer + bktr->vbistart, 
readsize, uio);
+   status = uiomove((caddr_t)bktr->vbibuffer + bktr->vbistart, 
readsize, uio);
}
 
/* Update the number of bytes left to read */

cheers,
natano

Re: Xen virtual network (Netfront) driver

[Mike Belopuhov]

Hi Jonathon,

Thanks a lot for taking your time to test this.

On 24 January 2016 at 06:49, Jonathon Sisson  wrote:
> On Sat, Jan 23, 2016 at 02:18:17PM -0800, Jonathon Sisson wrote:
>> Speaking of testing, is there any particular area non-devs could
>> assist with at this time?  Gathering dmesgs for different instance
>> types?
>>

Trying newer kernels would be the most helpful. I've just enabled tcp/udp
checksum offloading in the xnf on Friday and would welcome any network
tests.

> I decided to spin up one of each instance type and grab the console
> output in case it would be beneficial to the on-going work:
>
> http://update.j3z.org/dmesg/c3.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c3.4xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c3.8xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c3.large_dmesg.txt
> http://update.j3z.org/dmesg/c3.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c4.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c4.4xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c4.8xlarge_dmesg.txt
> http://update.j3z.org/dmesg/c4.large_dmesg.txt
> http://update.j3z.org/dmesg/c4.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/d2.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/d2.4xlarge_dmesg.txt
> http://update.j3z.org/dmesg/d2.8xlarge_dmesg.txt
> http://update.j3z.org/dmesg/d2.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/g2.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/g2.8xlarge_dmesg.txt
> http://update.j3z.org/dmesg/i2.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/i2.4xlarge_dmesg.txt
> http://update.j3z.org/dmesg/i2.8xlarge_dmesg.txt
> http://update.j3z.org/dmesg/i2.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/m3.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/m3.large_dmesg.txt
> http://update.j3z.org/dmesg/m3.medium_dmesg.txt
> http://update.j3z.org/dmesg/m3.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/m4.10xlarge_dmesg.txt
> http://update.j3z.org/dmesg/m4.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/m4.4xlarge_dmesg.txt
> http://update.j3z.org/dmesg/m4.large_dmesg.txt
> http://update.j3z.org/dmesg/m4.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/r3.2xlarge_dmesg.txt
> http://update.j3z.org/dmesg/r3.4xlarge_dmesg.txt
> http://update.j3z.org/dmesg/r3.8xlarge_dmesg.txt
> http://update.j3z.org/dmesg/r3.large_dmesg.txt
> http://update.j3z.org/dmesg/r3.xlarge_dmesg.txt
> http://update.j3z.org/dmesg/t2.large_dmesg.txt
> http://update.j3z.org/dmesg/t2.medium_dmesg.txt
> http://update.j3z.org/dmesg/t2.micro_dmesg.txt
> http://update.j3z.org/dmesg/t2.nano_dmesg.txt
> http://update.j3z.org/dmesg/t2.small_dmesg.txt
>
> If it is deemed helpful, I can keep them updated as
> new AMIs come out.
>

It would be very interesting to see newer code run on these.

> Thanks!
>
> -Jonathon

Cheers,
Mike

Re: Firefox, malloc(3) and threads

[Mark Kettenis]

> From: "Peter N. M. Hansteen" 
> Date: Sun, 24 Jan 2016 23:10:41 +0100
> 
> On 01/22/16 22:46, Mark Kettenis wrote:
> > Firefox makes a lot of concurrent malloc(3) calls.  The locking to
> > make malloc(3) thread-safe is a bit...suboptimal.  This diff makes
> > things better by using a mutex instead of spinlock.  If you're running
> > Firefox you want to try it; it makes video watchable on some machines.
> > If you're not running Firefox you want to try it; to make sure it
> > doesn't break things.
> 
> Running this since early Saturday, Firefox is definitely more responsive
> than earlier.
> 
> I haven't tried running other resource hogs such as LibreOffice with
> several large documents, but I guess I could try that too if it's a
> relevant scenario.

Please do!

Re: libgen.h: unreachable decls

[Philip Guenther]

On Sun, Jan 24, 2016 at 9:14 PM, Jérémie Courrèges-Anglas
 wrote:
> I noticed those a while ago, the #if 0 is there since the beginning.
> Can't see the point in keeping this as is.
>
> ok?

ok guenther@

libgen.h: unreachable decls

[Jérémie Courrèges-Anglas]

I noticed those a while ago, the #if 0 is there since the beginning.
Can't see the point in keeping this as is.

ok?

Index: libgen.h
===
RCS file: /cvs/src/include/libgen.h,v
retrieving revision 1.7
diff -u -p -p -u -r1.7 libgen.h
--- libgen.h17 Jun 2003 21:56:23 -  1.7
+++ libgen.h22 Nov 2015 21:11:40 -
@@ -22,16 +22,8 @@
 #include 
 
 __BEGIN_DECLS
-
 char   *basename(const char *);
 char   *dirname(const char *);
-#if 0
-char   *regcmp(const char *, ...);
-char   *regex(const char *, const char *, ...);
-
-extern char *__loc1;
-#endif
-
 __END_DECLS
 
 #endif /* _LIBGEN_H_ */


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Add readonly flag to tftpd

[Stuart Henderson]

On 2016/01/25 04:32, Jérémie Courrèges-Anglas wrote:
> 
> Hi Matthew,
> 
> Matthew Martin  writes:
> 
> > On Sun, Jan 24, 2016 at 03:05:28AM -0600, Matthew Martin wrote:
> >> Add a -R flag to tftpd for a read only mode. This allows for a tighter
> >> pledge than currently possible because by default existing files can be
> >> overwritten (but no new files created). Perhaps read only should be the
> >> default since it is surprising that tftp can overwrite by default.
> 
> Files have to be world-writable to be overwritten ; thus except for the
> tighter pledge request, I don't see the benefit.  What use case do you
> have in mind?

I don't see why it would be surprising that tftpd can write files, it's
expected behaviour from a tftpd and the manual talks about writing to
files in a reasonably prominent place on the first page.

Re: Firefox, malloc(3) and threads

[Adam Wolk]

On Fri, 22 Jan 2016 22:46:39 +0100 (CET)
Mark Kettenis  wrote:

> Firefox makes a lot of concurrent malloc(3) calls.  The locking to
> make malloc(3) thread-safe is a bit...suboptimal.  This diff makes
> things better by using a mutex instead of spinlock.  If you're running
> Firefox you want to try it; it makes video watchable on some machines.
> If you're not running Firefox you want to try it; to make sure it
> doesn't break things.
> 
> Enjoy,
> 
> Mark
>  '

Applied to a Jan 15h snapshot sources. Youtube is not fully 'watchable'
on firefox but feels significantly better. I can also now watch full
screen youtube videos on chromium 1920x1080 with no stutter (lenovo
g50-70).

Generally gnome 3 feels a bit snappier especially on first load,
bringing up the menu searching for 'terminal' leads to a faster
rendering of the results. This might be just 'imagined' by me.

On a more measurable front. I ran the octane benchmark against firefox
post and before the patch. It resulted in a slight improvement from
12486 to 12826 score [1].

cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.93 MHz
cpu1: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
cpu2: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
cpu3: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b
running Intel Haswell Mobile for the gfx card. 

Regards,
Adam

[1] - https://twitter.com/mulander/status/691327370985345024

Re: Add readonly flag to tftpd

[Matthew Martin]

On Sun, Jan 24, 2016 at 03:05:28AM -0600, Matthew Martin wrote:
> Add a -R flag to tftpd for a read only mode. This allows for a tighter
> pledge than currently possible because by default existing files can be
> overwritten (but no new files created). Perhaps read only should be the
> default since it is surprising that tftp can overwrite by default.
> 
> - Matthew Martin

This time not forgetting usage(). (Thanks Jason.)


Index: tftpd.8
===
RCS file: /cvs/src/usr.sbin/tftpd/tftpd.8,v
retrieving revision 1.5
diff -u -p -r1.5 tftpd.8
--- tftpd.8 18 Jul 2015 05:32:56 -  1.5
+++ tftpd.8 24 Jan 2016 18:09:07 -
@@ -37,7 +37,7 @@
 .Nd DARPA Trivial File Transfer Protocol daemon
 .Sh SYNOPSIS
 .Nm tftpd
-.Op Fl 46cdv
+.Op Fl 46cdRv
 .Op Fl l Ar address
 .Op Fl p Ar port
 .Op Fl r Ar socket
@@ -113,6 +113,8 @@ listens on the port indicated in the
 .Ql tftp
 service description; see
 .Xr services 5 .
+.It Fl R
+Only allow read requests.
 .It Fl r Ar socket
 Issue filename rewrite requests to the specified UNIX domain socket.
 .Nm
Index: tftpd.c
===
RCS file: /cvs/src/usr.sbin/tftpd/tftpd.c,v
retrieving revision 1.34
diff -u -p -r1.34 tftpd.c
--- tftpd.c 14 Dec 2015 16:34:55 -  1.34
+++ tftpd.c 24 Jan 2016 18:09:07 -
@@ -262,12 +262,13 @@ __dead void
 usage(void)
 {
extern char *__progname;
-   fprintf(stderr, "usage: %s [-46cdv] [-l address] [-p port] [-r socket]"
+   fprintf(stderr, "usage: %s [-46cdRv] [-l address] [-p port] [-r socket]"
" directory\n", __progname);
exit(1);
 }
 
 int  cancreate = 0;
+int  readonly = 0;
 int  verbose = 0;
 
 int
@@ -286,7 +287,7 @@ main(int argc, char *argv[])
char *port = "tftp";
int family = AF_UNSPEC;
 
-   while ((c = getopt(argc, argv, "46cdl:p:r:v")) != -1) {
+   while ((c = getopt(argc, argv, "46cdl:p:Rr:v")) != -1) {
switch (c) {
case '4':
family = AF_INET;
@@ -296,6 +297,7 @@ main(int argc, char *argv[])
break;
case 'c':
cancreate = 1;
+   readonly = 0;
break;
case 'd':
verbose = debug = 1;
@@ -306,6 +308,10 @@ main(int argc, char *argv[])
case 'p':
port = optarg;
break;
+   case 'R':
+   readonly = 1;
+   cancreate = 0;
+   break;
case 'r':
rewrite = optarg;
break;
@@ -358,8 +364,13 @@ main(int argc, char *argv[])
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
errx(1, "can't drop privileges");
 
-   if (pledge("stdio rpath wpath cpath fattr dns inet", NULL) == -1)
-   err(1, "pledge");
+   if (readonly) {
+   if (pledge("stdio rpath dns inet", NULL) == -1)
+   err(1, "pledge");
+   } else {
+   if (pledge("stdio rpath wpath cpath fattr dns inet", NULL) == 
-1)
+   err(1, "pledge");
+   }
 
event_init();
 
@@ -966,7 +977,7 @@ validate_access(struct tftp_client *clie
if ((stbuf.st_mode & (S_IRUSR >> 6)) == 0)
return (EACCESS);
} else {
-   if ((stbuf.st_mode & (S_IWUSR >> 6)) == 0)
+   if (readonly || (stbuf.st_mode & (S_IWUSR >> 6)) == 0)
return (EACCESS);
}
}

Re: ntpd: really enable debug messages

[Brent Cook]

On Sat, Jan 23, 2016 at 08:48:22PM +0100, Reyk Floeter wrote:
> On Sat, Jan 23, 2016 at 12:39:19PM -0600, Brent Cook wrote:
> > I'm going with this instead. That way it works like the manual
> > specifies already (-v enables logging debug messages)
> >
>
> Yes, the -v flag is better, but see below.
>
> > cvs server: Diffing .
> > Index: ntpd.c
> > ===
> > RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v
> > retrieving revision 1.103
> > diff -u -p -r1.103 ntpd.c
> > --- ntpd.c  11 Jan 2016 15:30:56 -  1.103
> > +++ ntpd.c  23 Jan 2016 18:36:52 -
> > @@ -138,7 +138,7 @@ main(int argc, char *argv[])
> > switch (ch) {
> > case 'd':
> > lconf.debug = 1;
> > -   log_verbose(1);
> > +   log_verbose(2);
>
> This will get overridden by the various log_init() calls later.
>
> You should better set a "verbose" variable in the switch statements
> and call log_verbose() after the various log_init() calls later
> (ntpd's puristic privsep has to call it in various places).
>
>   log_init(..)
>   log_verbose(verbose)
>
> Splitting log_init() and log_verbose() allowed us to change the
> verbose flag during runtime; for example "relayctl verbose" allows to
> toggle the flag and calls log_verbose() internally.  Maybe ntpctl is
> too minimalistic for it, but I would prefer if ntpd could follow the
> same/similar semantics in its main().
>

How's this? It makes the logic look just like relayd. This was a good
exercise, because I found a nice bug while trying to exercise the
log_debug messages. ok?

Index: ntpd.h
===
RCS file: /cvs/src/usr.sbin/ntpd/ntpd.h,v
retrieving revision 1.127
diff -u -p -r1.127 ntpd.h
--- ntpd.h  19 Dec 2015 20:44:35 -  1.127
+++ ntpd.h  24 Jan 2016 19:07:25 -
@@ -213,9 +213,10 @@ struct ntpd_conf {
struct ntp_status   status;
struct ntp_freq freq;
u_int32_t   scale;
+   int debug;
+   int verbose;
u_int8_tlisten_all;
u_int8_tsettime;
-   u_int8_tdebug;
u_int8_tnoaction;
u_int8_tfilters;
time_t  constraint_last;
Index: ntpd.c
===
RCS file: /cvs/src/usr.sbin/ntpd/ntpd.c,v
retrieving revision 1.103
diff -u -p -r1.103 ntpd.c
--- ntpd.c  11 Jan 2016 15:30:56 -  1.103
+++ ntpd.c  24 Jan 2016 19:07:25 -
@@ -132,18 +132,16 @@ main(int argc, char *argv[])

memset(, 0, sizeof(lconf));

-   log_init(1, LOG_DAEMON);/* log to stderr until daemonized */
-
while ((ch = getopt(argc, argv, "df:nsSv")) != -1) {
switch (ch) {
case 'd':
-   lconf.debug = 1;
-   log_verbose(1);
+   lconf.debug = 2;
break;
case 'f':
conffile = optarg;
break;
case 'n':
+   lconf.debug = 2;
lconf.noaction = 1;
break;
case 's':
@@ -153,7 +151,7 @@ main(int argc, char *argv[])
lconf.settime = 0;
break;
case 'v':
-   log_verbose(1);
+   lconf.verbose++;
break;
default:
usage();
@@ -161,6 +159,9 @@ main(int argc, char *argv[])
}
}

+   /* log to stderr until daemonized */
+   log_init(lconf.debug ? lconf.debug : 1, LOG_DAEMON);
+
argc -= optind;
argv += optind;
if (argc > 0)
@@ -190,6 +191,7 @@ main(int argc, char *argv[])
reset_adjtime();
if (!lconf.settime) {
log_init(lconf.debug, LOG_DAEMON);
+   log_verbose(lconf.verbose);
if (!lconf.debug)
if (daemon(1, 0))
fatal("daemon");
@@ -269,6 +271,7 @@ main(int argc, char *argv[])
lconf.settime = 0;
timeout = INFTIM;
log_init(lconf.debug, LOG_DAEMON);
+   log_verbose(lconf.verbose);
log_warnx("no reply received in time, skipping initial "
"time setting");
   

Re: Xen virtual network (Netfront) driver

[Jonathon Sisson]

On Sun, Jan 24, 2016 at 02:16:37PM +0100, Mike Belopuhov wrote:
> Hi Jonathon,
> 
> Thanks a lot for taking your time to test this.
>
No, thank you guys for all of the work you're doing to get
this working.  I'm just a user heh.
 
> 
> Trying newer kernels would be the most helpful. I've just enabled tcp/udp
> checksum offloading in the xnf on Friday and would welcome any network
> tests.
>
I rebuilt with a source checkout earlier today, and after
rebooting to the new kernel I can't seem to get a dhcp lease.
I'm working on building userland to determine if there is
some issue with dhclient, but I haven't finished that step
yet.  Has anyone else noted the dhcp issue? 
 

Re: Firefox, malloc(3) and threads

[Ville Valkonen]

On 24 January 2016 at 20:47, Adam Wolk  wrote:
> On Fri, 22 Jan 2016 22:46:39 +0100 (CET)
> Mark Kettenis  wrote:
>
>> Firefox makes a lot of concurrent malloc(3) calls.  The locking to
>> make malloc(3) thread-safe is a bit...suboptimal.  This diff makes
>> things better by using a mutex instead of spinlock.  If you're running
>> Firefox you want to try it; it makes video watchable on some machines.
>> If you're not running Firefox you want to try it; to make sure it
>> doesn't break things.
>>
>> Enjoy,
>>
>> Mark
>>  '
>
> Applied to a Jan 15h snapshot sources. Youtube is not fully 'watchable'
> on firefox but feels significantly better. I can also now watch full
> screen youtube videos on chromium 1920x1080 with no stutter (lenovo
> g50-70).
>
> Generally gnome 3 feels a bit snappier especially on first load,
> bringing up the menu searching for 'terminal' leads to a faster
> rendering of the results. This might be just 'imagined' by me.
>
> On a more measurable front. I ran the octane benchmark against firefox
> post and before the patch. It resulted in a slight improvement from
> 12486 to 12826 score [1].
>
> cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.93 MHz
> cpu1: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
> cpu2: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
> cpu3: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 1895.62 MHz
> inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b
> running Intel Haswell Mobile for the gfx card.
>
> Regards,
> Adam
>
> [1] - https://twitter.com/mulander/status/691327370985345024


Hi,

pretty much the same results here, though running Lenovo X250 with i7-5600U.

Dankuwel Mark, nice finding.

--
Regards,
Ville Valkonen

Re: Xen virtual network (Netfront) driver

[Mike Belopuhov]

On 24 January 2016 at 20:55, Jonathon Sisson  wrote:
> On Sun, Jan 24, 2016 at 02:16:37PM +0100, Mike Belopuhov wrote:
>> Hi Jonathon,
>>
>> Thanks a lot for taking your time to test this.
>>
> No, thank you guys for all of the work you're doing to get
> this working.  I'm just a user heh.
>
>>
>> Trying newer kernels would be the most helpful. I've just enabled tcp/udp
>> checksum offloading in the xnf on Friday and would welcome any network
>> tests.
>>
> I rebuilt with a source checkout earlier today, and after
> rebooting to the new kernel I can't seem to get a dhcp lease.
> I'm working on building userland to determine if there is
> some issue with dhclient, but I haven't finished that step
> yet.  Has anyone else noted the dhcp issue?
>

I haven't seen that on my test box (not AWS), but maybe reverting
the minimum number of rx slots back to 32 can help?

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pv/if_xnf.c.diff?r1=1.9=1.10

Re: Use HTML entities when referring to tables in www/opensmtpd/faq/example1.html

[Joerg Jung]

On Sat, Jan 23, 2016 at 10:21:38PM +, Michael Savage wrote:
> The page at http://www.openbsd.org/opensmtpd/faq/example1.html doesn't
> display correctly because browsers try to interpret /
> as HTML tags. This patch replaces < and > with  and .

This fix was committed by TJ.  I also fixed two more instances.

Thanks for reporting.
 
> Index: example1.html
> ===
> RCS file: /cvs/www/opensmtpd/faq/example1.html,v
> retrieving revision 1.1
> diff -u -p -r1.1 example1.html
> --- example1.html   22 Jan 2016 19:58:33 -  1.1
> +++ example1.html   23 Jan 2016 22:17:05 -
> @@ -146,9 +146,9 @@ listen on all port 587 filter sub tls-re
>  #limit mta for domain gmail.com inet4
> 
>  # allow local messages
> -accept from local for local alias  deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to
> +accept from local for local alias aliases deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to
>  # allow virtual domains
> -accept from any for domain  virtual  deliver to lmtp
> "/var/dovecot/lmtp" rcpt-to
> +accept from any for domain domains virtual virtuals
> deliver to lmtp "/var/dovecot/lmtp" rcpt-to
>  # allow outgoing mails
>  accept from local for any relay
>  
> 

Re: Xen virtual network (Netfront) driver

[Jonathon Sisson]

On Sun, Jan 24, 2016 at 09:08:32PM +0100, Mike Belopuhov wrote:
> On 24 January 2016 at 20:55, Jonathon Sisson  wrote:
> > On Sun, Jan 24, 2016 at 02:16:37PM +0100, Mike Belopuhov wrote:
> >> Hi Jonathon,
> >>
> >> Thanks a lot for taking your time to test this.
> >>
> > No, thank you guys for all of the work you're doing to get
> > this working.  I'm just a user heh.
> >
> >>
> >> Trying newer kernels would be the most helpful. I've just enabled tcp/udp
> >> checksum offloading in the xnf on Friday and would welcome any network
> >> tests.
> >>
> > I rebuilt with a source checkout earlier today, and after
> > rebooting to the new kernel I can't seem to get a dhcp lease.
> > I'm working on building userland to determine if there is
> > some issue with dhclient, but I haven't finished that step
> > yet.  Has anyone else noted the dhcp issue?
> >
> 
> I haven't seen that on my test box (not AWS), but maybe reverting
> the minimum number of rx slots back to 32 can help?
> 
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pv/if_xnf.c.diff?r1=1.9=1.10
> 
Reverting to 32 fixed the dhcp issue.

I'll go ahead and get those dmesgs for you now =)

Thanks again!

Re: DDB causing lost keystrokes on Dell iDRAC console (not inside ddb)

[Hrvoje Popovski]

On 23.1.2016. 23:29, Adam McDougall wrote:
> Hello,
> 
> I have a few Dell servers which I've installed OpenBSD for testing
> but ran into a problem with keystroke loss on the console when used
> through the Dell iDRAC remote graphical console.  Surprisingly it
> operates perfectly fine in the installer (thankfully) but when booted
> from a formal install, I lose 25-50% of my keystrokes.  The speed that
> I type does not matter, the keys I type do not matter, they are randomly
> lost.  This is any typing, for example at the login prompt (where it
> becomes very difficult to login).
> 
> Example:
> login: Tisis metypingat he onole
> 
> should have shown: This is me typing at the console
> 
> I was able to determine having "option DDB" in the kernel is a single
> factor leading to keystroke loss.  If I recompile the GENERIC amd64
> 5.8 kernel without DDB, I have no keystroke loss.  Also, if I enter
> DDB while the kernel is running, I have no keystroke loss.
> 
> I have noticed this issue on 5.8 release, a recent 5.9 snapshot,
> and at least the Dell models R420 and R430.  The iDRAC supplies a
> virtual usb keyboard to the OS.  I have not had this issue with other
> OSes.  I should generally be able to perform further tests as requested
> especially this weekend.
> 
> Does anyone have suggestions?  Can I disable DDB without recompiling?
> Thanks.
> 

Hi,

please see...
http://marc.info/?l=openbsd-tech=143700306821021=2


month ago i tried to install snapshot on r630 and fc630 and i manage to
do that but i was hard and painful :)

it seems it works when you keep the key pressed down for one second or
so - then character on the console will be shown. this works for me for
idrac7 and 8 :)