libressl: crash in DES_fcrypt

[Jan Engelhardt]

libressl-2.6.2 is susceptible to an out-of-bounds read:

#include 
int main(void) {
char salt[3] = {0xf8, 0xd0, 0x00};
char out[32];
DES_fcrypt("foo", salt, out);
}

Place in libressl's fcrypt.c:
x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
Eswap0=con_salt[x]<<2;  // boom

ASM:=> 0x777a6fa8 <+56>:movzbl (%rcx,%rdx,1),%ebp
rcx = con_salt
rdx = 0xfff8


Because salt[0] is -8, x will be 0xfff8 due to
type promotion and conversion. con_salt[0xfff8]
is then evaluted, which bombs out.

openssl 1.1.x has it fixed (but 1.0.2l does not!) - their commit
seems to be 6493e4801e9edbe1ad1e256d4ce9cd55c8aa2242 in
https://github.com/openssl/openssl .

[PATCH 2/2] VMD: update regress tests

[Carlos Cardenas]

* Update regress tests for new requirement (interface name on switches)
* Add new test for interface name on switch

diff --git regress/usr.sbin/vmd/config/Makefile 
regress/usr.sbin/vmd/config/Makefile
index 16a43066415..68b5c13323a 100644
--- regress/usr.sbin/vmd/config/Makefile
+++ regress/usr.sbin/vmd/config/Makefile
@@ -4,7 +4,8 @@ VMD ?= /usr/sbin/vmd
 
 VMD_PASS=boot-keyword memory-round memory-just-enough
 VMD_FAIL=kernel-keyword too-few-ram vm-name-too-long too-many-ifs \
-boot-name-too-long disk-path-too-long too-many-disks
+boot-name-too-long disk-path-too-long too-many-disks \
+switch-no-interface
 
 REGRESS_TARGETS=
 
diff --git regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.conf 
regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.conf
index 427e5b2a015..77b1a341e44 100644
--- regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.conf
+++ regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.conf
@@ -2,6 +2,7 @@
 # Fail on kernel keyword; has been replaced by boot.
 ramdisk="/bsd.rd"
 switch "sw" {
+interface bridge0
 add vether0
 }
 vm "x" {
diff --git regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.ok 
regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.ok
index 348817b1477..c171570d330 100644
--- regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.ok
+++ regress/usr.sbin/vmd/config/vmd-fail-kernel-keyword.ok
@@ -1 +1 @@
-8: syntax error
+9: syntax error
diff --git regress/usr.sbin/vmd/config/vmd-fail-switch-no-interface.conf 
regress/usr.sbin/vmd/config/vmd-fail-switch-no-interface.conf
new file mode 100644
index 000..8afa9e91729
--- /dev/null
+++ regress/usr.sbin/vmd/config/vmd-fail-switch-no-interface.conf
@@ -0,0 +1,5 @@
+#  $OpenBSD$
+# Fail when a switch is missing interface name
+switch "x" {
+add vether0
+}
diff --git regress/usr.sbin/vmd/config/vmd-fail-switch-no-interface.ok 
regress/usr.sbin/vmd/config/vmd-fail-switch-no-interface.ok
new file mode 100644
index 000..1cdd5c14c03
--- /dev/null
+++ regress/usr.sbin/vmd/config/vmd-fail-switch-no-interface.ok
@@ -0,0 +1 @@
+5: switch "x" is missing interface name
diff --git regress/usr.sbin/vmd/config/vmd-pass-boot-keyword.conf 
regress/usr.sbin/vmd/config/vmd-pass-boot-keyword.conf
index 84124319e1e..2443c697ad0 100644
--- regress/usr.sbin/vmd/config/vmd-pass-boot-keyword.conf
+++ regress/usr.sbin/vmd/config/vmd-pass-boot-keyword.conf
@@ -2,6 +2,7 @@
 # Pass on boot keyword as it has replaced the kernel keyword.
 ramdisk="/bsd.rd"
 switch "sw" {
+interface bridge0
 add vether0
 }
 vm "x" {
-- 
2.14.2

[PATCH 1/2] VMD: Require interface to be defined in switches

[Carlos Cardenas]

* Require interface name to be defined for switches in vm.conf
** Requires user to create bridge(4) beforehand
* Remove code to create bridges on the fly
* Add code to ensure bridge really exists
* Update manpage switch and example sections

diff --git usr.sbin/vmd/parse.y usr.sbin/vmd/parse.y
index 55a9b0c7acc..a0b21fa8ef1 100644
--- usr.sbin/vmd/parse.y
+++ usr.sbin/vmd/parse.y
@@ -90,7 +90,6 @@ static struct vm_create_params*vcp;
 static struct vmd_switch   *vsw;
 static struct vmd_if   *vif;
 static struct vmd_vm   *vm;
-static unsigned int vsw_unit;
 static char vsw_type[IF_NAMESIZE];
 static int  vcp_disable;
 static size_t   vcp_nnics;
@@ -194,12 +193,17 @@ switch: SWITCH string {
vsw->sw_id = env->vmd_nswitches + 1;
vsw->sw_name = $2;
vsw->sw_flags = VMIFF_UP;
-   snprintf(vsw->sw_ifname, sizeof(vsw->sw_ifname),
-   "%s%u", vsw_type, vsw_unit++);
TAILQ_INIT(>sw_ifs);
 
vcp_disable = 0;
} '{' optnl switch_opts_l '}'   {
+   if (strnlen(vsw->sw_ifname,
+   sizeof(vsw->sw_ifname)) == 0) {
+   yyerror("switch \"%s\" is missing interface 
name",
+   vsw->sw_name);
+   YYERROR;
+   }
+
if (vcp_disable) {
log_debug("%s:%d: switch \"%s\""
" skipped (disabled)",
@@ -244,13 +248,12 @@ switch_opts   : disable   {
vsw->sw_group = $2;
}
| INTERFACE string  {
-   if (priv_getiftype($2, vsw_type, _unit) == -1 ||
+   if (priv_getiftype($2, vsw_type, NULL) == -1 ||
priv_findname(vsw_type, vmd_descsw) == -1) {
yyerror("invalid switch interface: %s", $2);
free($2);
YYERROR;
}
-   vsw_unit++;
 
if (strlcpy(vsw->sw_ifname, $2,
sizeof(vsw->sw_ifname)) >= sizeof(vsw->sw_ifname)) {
diff --git usr.sbin/vmd/priv.c usr.sbin/vmd/priv.c
index ef42549d105..d66bdcc9b4f 100644
--- usr.sbin/vmd/priv.c
+++ usr.sbin/vmd/priv.c
@@ -87,8 +87,8 @@ priv_dispatch_parent(int fd, struct privsep_proc *p, struct 
imsg *imsg)
 
switch (imsg->hdr.type) {
case IMSG_VMDOP_PRIV_IFDESCR:
-   case IMSG_VMDOP_PRIV_IFCREATE:
case IMSG_VMDOP_PRIV_IFRDOMAIN:
+   case IMSG_VMDOP_PRIV_IFEXISTS:
case IMSG_VMDOP_PRIV_IFADD:
case IMSG_VMDOP_PRIV_IFUP:
case IMSG_VMDOP_PRIV_IFDOWN:
@@ -118,13 +118,6 @@ priv_dispatch_parent(int fd, struct privsep_proc *p, 
struct imsg *imsg)
if (ioctl(env->vmd_fd, SIOCSIFDESCR, ) < 0)
log_warn("SIOCSIFDESCR");
break;
-   case IMSG_VMDOP_PRIV_IFCREATE:
-   /* Create the bridge if it doesn't exist */
-   strlcpy(ifr.ifr_name, vfr.vfr_name, sizeof(ifr.ifr_name));
-   if (ioctl(env->vmd_fd, SIOCIFCREATE, ) < 0 &&
-   errno != EEXIST)
-   log_warn("SIOCIFCREATE");
-   break;
case IMSG_VMDOP_PRIV_IFRDOMAIN:
strlcpy(ifr.ifr_name, vfr.vfr_name, sizeof(ifr.ifr_name));
ifr.ifr_rdomainid = vfr.vfr_id;
@@ -145,6 +138,13 @@ priv_dispatch_parent(int fd, struct privsep_proc *p, 
struct imsg *imsg)
errno != EEXIST)
log_warn("SIOCBRDGADD");
break;
+   case IMSG_VMDOP_PRIV_IFEXISTS:
+   /* Determine if bridge/switch exists */
+   strlcpy(ifr.ifr_name, vfr.vfr_name, sizeof(ifr.ifr_name));
+   if (ioctl(env->vmd_fd, SIOCGIFFLAGS, ) < 0)
+   fatalx("%s: bridge \"%s\" does not exist",
+   __func__, vfr.vfr_name);
+   break;
case IMSG_VMDOP_PRIV_IFUP:
case IMSG_VMDOP_PRIV_IFDOWN:
/* Set the interface status */
@@ -319,10 +319,6 @@ vm_priv_ifconfig(struct privsep *ps, struct vmd_vm *vm)
log_debug("%s: interface %s add %s", __func__,
vfbr.vfr_name, vfbr.vfr_value);
 
-   proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFCREATE,
-   , sizeof(vfbr));
-   proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFRDOMAIN,
-   , sizeof(vfbr));
proc_compose(ps, PROC_PRIV, IMSG_VMDOP_PRIV_IFADD,
   

[PATCH 0/2] VMD: require interface to be defined in switches

[Carlos Cardenas]

This patch set changes the behavior of switches in vm.conf
by requiring an interface name to be defined (previously,
it was optional).

This change also removes the responsibility of creating the underlying
bridge from vmd to the user (i.e. doas ifconfig bridge0 create).

These changes allow vmctl reload/reset to happen without error of
adding/removing bridge ports and cluttering up the system with empty bridges.

Included with the patch set are updated regression tests for vmd.

Comments? Ok?

+--+
Carlos

-- 
2.14.2

[patch] make ifconfig report 'SIOCSIFMEDIA' when ioctl fails

[Jesper Wallin]

Hi all,

First off, as always, I apologize if I'm wasting anyone's time because
I'm missing something obvious here.

So, I accidentally ran "ifconfig iwm0 mode 11g" as a regular user and
noticed it didn't throw an error.  A quick look at the code and it seems
like the error was left out intentionally.  I consulted stsp@ on IRC
about it and he explained that the 'media' subcommand will fail when
running as a regular user if we error out here.  However, after
re-adding the err(3) and doing some quick testing and trying to
understand the code some more, things do seem to work?

The err(3) was removed in rev 1.203 by deraadt@, about 9 years ago,
probably because of the reasons stsp@ explained?  Could it be that the
'media' part has been rewritten to work even if process_media_commands()
errors out?

Anyway, I just thought it's a bit confusing when ifconfig exits
normally without any notices or errors, even if the command fails.


Jesper Wallin


Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.348
diff -u -p -r1.348 ifconfig.c
--- ifconfig.c  29 Aug 2017 21:10:20 -  1.348
+++ ifconfig.c  26 Oct 2017 19:49:44 -
@@ -2449,7 +2449,7 @@ process_media_commands(void)
ifr.ifr_media = media_current;
 
if (ioctl(s, SIOCSIFMEDIA, (caddr_t)) < 0)
-   ;
+   err(1, "SIOCSIFMEDIA");
 }
 
 /* ARGSUSED */

Re: ikev2: follow rfc5903 correctly (ECP Groups)

[Markus Friedl]

ok

2017-10-24 16:25 GMT+02:00 Patrick Wildt :
> Hi,
>
> in the final RFC 5903 the computation for the DH shared secret changed.
> Instead of the full point, only the X point is included.  Unfortunately
> this is a backwards incompatible change, so older ikeds won't be com-
> patible with this change is committed.  Of course only if you use ECP.
> Anyway, this change makes us follow the RFC correctly.
>
> Source: https://tools.ietf.org/html/rfc5903 - 9.  Changes from RFC 4753
>
> ok?
>
> Patrick
>
> diff --git a/sbin/iked/dh.c b/sbin/iked/dh.c
> index a8308eec596..a3ef5f80906 100644
> --- a/sbin/iked/dh.c
> +++ b/sbin/iked/dh.c
> @@ -38,10 +38,13 @@ int modp_create_shared(struct group *, uint8_t *, uint8_t 
> *);
>  /* EC2N/ECP */
>  intec_init(struct group *);
>  intec_getlen(struct group *);
> +intec_secretlen(struct group *);
>  intec_create_exchange(struct group *, uint8_t *);
>  intec_create_shared(struct group *, uint8_t *, uint8_t *);
>
> -intec_point2raw(struct group *, const EC_POINT *, uint8_t *, size_t);
> +#define EC_POINT2RAW_FULL  0
> +#define EC_POINT2RAW_XONLY 1
> +intec_point2raw(struct group *, const EC_POINT *, uint8_t *, size_t, 
> int);
>  EC_POINT *
> ec_raw2point(struct group *, uint8_t *, size_t);
>
> @@ -293,6 +296,7 @@ group_get(uint32_t id)
> case GROUP_ECP:
> group->init = ec_init;
> group->getlen = ec_getlen;
> +   group->secretlen = ec_secretlen;
> group->exchange = ec_create_exchange;
> group->shared = ec_create_shared;
> break;
> @@ -343,6 +347,15 @@ dh_getlen(struct group *group)
> return (group->getlen(group));
>  }
>
> +int
> +dh_secretlen(struct group *group)
> +{
> +   if (group->secretlen)
> +   return (group->secretlen(group));
> +   else
> +   return (group->getlen(group));
> +}
> +
>  int
>  dh_create_exchange(struct group *group, uint8_t *buf)
>  {
> @@ -450,6 +463,20 @@ ec_getlen(struct group *group)
> return ((roundup(group->spec->bits, 8) * 2) / 8);
>  }
>
> +/*
> + * Note that the shared secret only includes the x value:
> + *
> + * See RFC 5903, 7. ECP Key Exchange Data Formats:
> + *   The Diffie-Hellman shared secret value consists of the x value of the
> + *   Diffie-Hellman common value.
> + * See also RFC 5903, 9. Changes from RFC 4753.
> + */
> +int
> +ec_secretlen(struct group *group)
> +{
> +   return (ec_getlen(group) / 2);
> +}
> +
>  int
>  ec_create_exchange(struct group *group, uint8_t *buf)
>  {
> @@ -459,7 +486,7 @@ ec_create_exchange(struct group *group, uint8_t *buf)
> bzero(buf, len);
>
> return (ec_point2raw(group, EC_KEY_get0_public_key(group->ec),
> -   buf, len));
> +   buf, len, EC_POINT2RAW_FULL));
>  }
>
>  int
> @@ -496,7 +523,8 @@ ec_create_shared(struct group *group, uint8_t *secret, 
> uint8_t *exchange)
> if (!EC_POINT_mul(ecgroup, secretp, NULL, exchangep, privkey, NULL))
> goto done;
>
> -   ret = ec_point2raw(group, secretp, secret, ec_getlen(group));
> +   ret = ec_point2raw(group, secretp, secret, ec_secretlen(group),
> +   EC_POINT2RAW_XONLY);
>
>   done:
> if (exkey != NULL)
> @@ -511,7 +539,7 @@ ec_create_shared(struct group *group, uint8_t *secret, 
> uint8_t *exchange)
>
>  int
>  ec_point2raw(struct group *group, const EC_POINT *point,
> -uint8_t *buf, size_t len)
> +uint8_t *buf, size_t len, int mode)
>  {
> const EC_GROUP  *ecgroup = NULL;
> BN_CTX  *bnctx = NULL;
> @@ -528,9 +556,19 @@ ec_point2raw(struct group *group, const EC_POINT *point,
> goto done;
>
> eclen = ec_getlen(group);
> -   if (len < eclen)
> +   switch (mode) {
> +   case EC_POINT2RAW_XONLY:
> +   xlen = eclen / 2;
> +   ylen = 0;
> +   break;
> +   case EC_POINT2RAW_FULL:
> +   xlen = ylen = eclen / 2;
> +   break;
> +   default:
> +   goto done;
> +   }
> +   if (len < xlen + ylen)
> goto done;
> -   xlen = ylen = eclen / 2;
>
> if ((ecgroup = EC_KEY_get0_group(group->ec)) == NULL)
> goto done;
> @@ -551,10 +589,12 @@ ec_point2raw(struct group *group, const EC_POINT *point,
> if (!BN_bn2bin(x, buf + xoff))
> goto done;
>
> -   yoff = (ylen - BN_num_bytes(y)) + xlen;
> -   bzero(buf + xlen, yoff - xlen);
> -   if (!BN_bn2bin(y, buf + yoff))
> -   goto done;
> +   if (ylen > 0) {
> +   yoff = (ylen - BN_num_bytes(y)) + xlen;
> +   bzero(buf + xlen, yoff - xlen);
> +   if (!BN_bn2bin(y, buf + yoff))
> +   goto done;
> +   }
>
> ret = 0;
>   done:
> diff --git a/sbin/iked/dh.h b/sbin/iked/dh.h
> index 77bb4b5ef16..7e24d4d6746 100644
> --- 

Re: iked: support multiple subjectAltNames

[Markus Friedl]

ok

2017-10-19 15:40 GMT+02:00 Patrick Wildt :
> Hi,
>
> so far, even if we look for our own cert, we only match the id against
> the first subjectAltName.  This means we cannot use certificates where
> we actually need a different one.  This diff changes the behaviour so
> that we check all subjectAltNames of a given certificate.
>
> ok?
>
> Patrick
>
> diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c
> index a8034411e77..543bd0b8725 100644
> --- a/sbin/iked/ca.c
> +++ b/sbin/iked/ca.c
> @@ -65,7 +65,7 @@ intca_privkey_to_method(struct iked_id *);
>  struct ibuf *
>  ca_x509_serialize(X509 *);
>  int ca_x509_subjectaltname_cmp(X509 *, struct iked_static_id *);
> -int ca_x509_subjectaltname(X509 *cert, struct iked_id *);
> +int ca_x509_subjectaltname(X509 *cert, struct iked_id *, int);
>  int ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
>  int ca_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
>
> @@ -1400,34 +1400,31 @@ ca_x509_subjectaltname_cmp(X509 *cert, struct 
> iked_static_id *id)
>  {
> struct iked_id   sanid;
> char idstr[IKED_ID_SIZE];
> -   int  ret = -1;
> -
> -   bzero(, sizeof(sanid));
> -
> -   if (ca_x509_subjectaltname(cert, ) != 0)
> -   return (-1);
> -
> -   ikev2_print_id(, idstr, sizeof(idstr));
> -
> -   /* Compare id types, length and data */
> -   if ((id->id_type != sanid.id_type) ||
> -   ((ssize_t)ibuf_size(sanid.id_buf) !=
> -   (id->id_length - id->id_offset)) ||
> -   (memcmp(id->id_data + id->id_offset,
> -   ibuf_data(sanid.id_buf),
> -   ibuf_size(sanid.id_buf)) != 0)) {
> +   int  ret = -1, lastpos = -1;
> +
> +   while (ca_x509_subjectaltname(cert, , lastpos++) == 0) {
> +   ikev2_print_id(, idstr, sizeof(idstr));
> +
> +   /* Compare id types, length and data */
> +   if ((id->id_type == sanid.id_type) &&
> +   ((ssize_t)ibuf_size(sanid.id_buf) ==
> +   (id->id_length - id->id_offset)) &&
> +   (memcmp(id->id_data + id->id_offset,
> +   ibuf_data(sanid.id_buf),
> +   ibuf_size(sanid.id_buf)) == 0)) {
> +   ret = 0;
> +   break;
> +   }
> log_debug("%s: %s mismatched", __func__, idstr);
> -   goto done;
> +   bzero(, sizeof(sanid));
> }
>
> -   ret = 0;
> - done:
> ibuf_release(sanid.id_buf);
> return (ret);
>  }
>
>  int
> -ca_x509_subjectaltname(X509 *cert, struct iked_id *id)
> +ca_x509_subjectaltname(X509 *cert, struct iked_id *id, int lastpos)
>  {
> X509_EXTENSION  *san;
> uint8_t  sanhdr[4], *data;
> @@ -1435,7 +1432,7 @@ ca_x509_subjectaltname(X509 *cert, struct iked_id *id)
> char idstr[IKED_ID_SIZE];
>
> if ((ext = X509_get_ext_by_NID(cert,
> -   NID_subject_alt_name, -1)) == -1 ||
> +   NID_subject_alt_name, lastpos)) == -1 ||
> ((san = X509_get_ext(cert, ext)) == NULL)) {
> log_debug("%s: did not find subjectAltName in certificate",
> __func__);
>

Re: Add reset option to boot command of ddb(4)

[Theo de Raadt]

This is a better plan.  All the architectures can adapt to this,
even those that have a tricky ROM-related dance.

> On Thu, Oct 26, 2017 at 10:32:42PM +1100, Jonathan Gray wrote:
> > What specifically?  Skip if_downall() if rebooting from ddb?
> > That could perhaps even be done for RB_NOSYNC.
> 
> I thought of someting like a big hammer.  Skip everything except
> the final call in boot() that causes the machine to reset.  The
> command is only reachable form ddb and useful if nothing else can
> reboot the machine.
> 
> Here is an example implementation for amd64.
> 
> bluhm
> 
> Index: arch/amd64/amd64/machdep.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/machdep.c,v
> retrieving revision 1.234
> diff -u -p -r1.234 machdep.c
> --- arch/amd64/amd64/machdep.c23 Oct 2017 15:41:29 -  1.234
> +++ arch/amd64/amd64/machdep.c26 Oct 2017 11:43:55 -
> @@ -713,6 +713,9 @@ struct pcb dumppcb;
>  __dead void
>  boot(int howto)
>  {
> + if ((howto & RB_RESET) != 0)
> + goto reset;
> +
>   if ((howto & RB_POWERDOWN) != 0)
>   lid_action = 0;
>  
> @@ -770,6 +773,7 @@ haltsys:
>   printf("rebooting...\n");
>   if (cpureset_delay > 0)
>   delay(cpureset_delay * 1000);
> +reset:
>   cpu_reset();
>   for (;;)
>   continue;
> Index: sys/reboot.h
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/sys/reboot.h,v
> retrieving revision 1.17
> diff -u -p -r1.17 reboot.h
> --- sys/reboot.h  11 Jul 2014 14:36:44 -  1.17
> +++ sys/reboot.h  26 Oct 2017 11:41:56 -
> @@ -56,6 +56,7 @@
>  #define  RB_POWERDOWN0x1000  /* attempt to power down machine */
>  #define  RB_SERCONS  0x2000  /* use serial console if available */
>  #define  RB_USERREQ  0x4000  /* boot() called at user request (e.g. 
> ddb) */
> +#define  RB_RESET0x8000  /* do not try to cleanup, only for ddb 
> */
>  
>  /*
>   * Constants for converting boot-style device number to type,
> 

Re: adjust Makefile.armv7 for clang

[Theo de Raadt]

I'm ready whenever you guys are.  I have sets ready.

strip exception handling info for armv7 kernels

[Mark Kettenis]

Similar to what we do on other architectures with .eh_frame.  Reduces
the growth when compiling kernels with clang.

Index: arch/arm/conf/ldscript.tail
===
RCS file: /cvs/src/sys/arch/arm/conf/ldscript.tail,v
retrieving revision 1.4
diff -u -p -r1.4 ldscript.tail
--- arch/arm/conf/ldscript.tail 27 Jun 2009 14:44:39 -  1.4
+++ arch/arm/conf/ldscript.tail 26 Oct 2017 15:29:41 -
@@ -49,5 +49,9 @@
   _end = .;
   _bss_end__ = . ; __bss_end__ = . ; __end__ = . ;
   PROVIDE (end = .);
+  /DISCARD/ :
+  {
+*(.ARM.exidx)
+  }
 }
 

Re: adjust Makefile.armv7 for clang

[Mark Kettenis]

> Date: Thu, 26 Oct 2017 15:15:34 +0200 (CEST)
> From: Mark Kettenis 
> 
> > Date: Thu, 26 Oct 2017 15:51:28 +1100
> > From: Jonathan Gray 
> > 
> > Also add aliases for additional eabi calls clang emits.
> 
> I'm not certain the aliases are correct.  So please hold off on that
> for now.

Seems our __divsi3 and __udivsi3 implementations store the remainder
in r1 already, so the aliases should work.

ok kettenis@

Re: adjust Makefile.armv7 for clang

[Mark Kettenis]

> Date: Thu, 26 Oct 2017 15:51:28 +1100
> From: Jonathan Gray 
> 
> Also add aliases for additional eabi calls clang emits.

I'm not certain the aliases are correct.  So please hold off on that
for now.

The makefile changes more or less match what I had in my tree, but
your versions is better.  Please go ahead and check that in.

> Index: lib/libkern/arch/arm/divsi3.S
> ===
> RCS file: /cvs/src/sys/lib/libkern/arch/arm/divsi3.S,v
> retrieving revision 1.4
> diff -u -p -r1.4 divsi3.S
> --- lib/libkern/arch/arm/divsi3.S 22 Sep 2016 19:43:25 -  1.4
> +++ lib/libkern/arch/arm/divsi3.S 26 Oct 2017 04:36:24 -
> @@ -387,4 +387,6 @@ L_udivide_l1:
>   mov pc, lr
>  
>  STRONG_ALIAS(__aeabi_idiv, __divsi3)
> +STRONG_ALIAS(__aeabi_idivmod, __divsi3)
>  STRONG_ALIAS(__aeabi_uidiv, __udivsi3)
> +STRONG_ALIAS(__aeabi_uidivmod, __udivsi3)
> Index: arch/armv7/conf/Makefile.armv7
> ===
> RCS file: /cvs/src/sys/arch/armv7/conf/Makefile.armv7,v
> retrieving revision 1.36
> diff -u -p -r1.36 Makefile.armv7
> --- arch/armv7/conf/Makefile.armv728 Sep 2017 16:16:34 -  1.36
> +++ arch/armv7/conf/Makefile.armv726 Oct 2017 04:36:24 -
> @@ -25,9 +25,15 @@ INCLUDES=  -nostdinc -I$S -I. -I$S/arch
>  CPPFLAGS=${INCLUDES} ${IDENT} ${PARAM} -D_KERNEL -D__${_mach}__ -MD -MP
>  CWARNFLAGS=  -Werror -Wall -Wimplicit-function-declaration \
>   -Wno-uninitialized -Wno-pointer-sign \
> + -Wno-address-of-packed-member -Wno-constant-conversion \
>   -Wframe-larger-than=2047
>  
> -CMACHFLAGS=  -msoft-float -march=armv6 -Wa,-march=armv7a
> +CMACHFLAGS=  -msoft-float
> +.if ${COMPILER_VERSION:Mgcc4}
> +CMACHFLAGS+= -march=armv6 -Wa,-march=armv7a
> +.else
> +CMACHFLAGS+= -march=armv7a
> +.endif
>  CMACHFLAGS+= -ffreestanding ${NOPIE_FLAGS}
>  SORTR=   sort -R
>  .if ${IDENT:M-DNO_PROPOLICE}
> @@ -36,6 +42,9 @@ CMACHFLAGS+=-fno-stack-protector
>  .if ${IDENT:M-DSMALL_KERNEL}
>  SORTR=   cat
>  .endif
> +.if ${COMPILER_VERSION:Mclang}
> +NO_INTEGR_AS=-no-integrated-as
> +.endif
>  
>  DEBUG?=  -g
>  COPTS?=  -O2
> @@ -93,7 +102,7 @@ LINKFLAGS+=-S
>  assym.h: $S/kern/genassym.sh Makefile \
>${_archdir}/${_arch}/genassym.cf ${_machdir}/${_mach}/genassym.cf
>   cat ${_archdir}/${_arch}/genassym.cf ${_machdir}/${_mach}/genassym.cf | 
> \
> - sh $S/kern/genassym.sh ${CC} ${CFLAGS} ${CPPFLAGS} -MF assym.P > 
> assym.h.tmp
> + sh $S/kern/genassym.sh ${CC} ${NO_INTEGR_AS} ${CFLAGS} ${CPPFLAGS} 
> -MF assym.P > assym.h.tmp
>   sed '1s/.*/assym.h: \\/' assym.P > assym.d
>   sort -u assym.h.tmp > assym.h
>  
> 
> 

Re: Add reset option to boot command of ddb(4)

[Alexander Bluhm]

On Thu, Oct 26, 2017 at 10:32:42PM +1100, Jonathan Gray wrote:
> What specifically?  Skip if_downall() if rebooting from ddb?
> That could perhaps even be done for RB_NOSYNC.

I thought of someting like a big hammer.  Skip everything except
the final call in boot() that causes the machine to reset.  The
command is only reachable form ddb and useful if nothing else can
reboot the machine.

Here is an example implementation for amd64.

bluhm

Index: arch/amd64/amd64/machdep.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/machdep.c,v
retrieving revision 1.234
diff -u -p -r1.234 machdep.c
--- arch/amd64/amd64/machdep.c  23 Oct 2017 15:41:29 -  1.234
+++ arch/amd64/amd64/machdep.c  26 Oct 2017 11:43:55 -
@@ -713,6 +713,9 @@ struct pcb dumppcb;
 __dead void
 boot(int howto)
 {
+   if ((howto & RB_RESET) != 0)
+   goto reset;
+
if ((howto & RB_POWERDOWN) != 0)
lid_action = 0;
 
@@ -770,6 +773,7 @@ haltsys:
printf("rebooting...\n");
if (cpureset_delay > 0)
delay(cpureset_delay * 1000);
+reset:
cpu_reset();
for (;;)
continue;
Index: sys/reboot.h
===
RCS file: /data/mirror/openbsd/cvs/src/sys/sys/reboot.h,v
retrieving revision 1.17
diff -u -p -r1.17 reboot.h
--- sys/reboot.h11 Jul 2014 14:36:44 -  1.17
+++ sys/reboot.h26 Oct 2017 11:41:56 -
@@ -56,6 +56,7 @@
 #defineRB_POWERDOWN0x1000  /* attempt to power down machine */
 #defineRB_SERCONS  0x2000  /* use serial console if available */
 #defineRB_USERREQ  0x4000  /* boot() called at user request (e.g. 
ddb) */
+#defineRB_RESET0x8000  /* do not try to cleanup, only for ddb 
*/
 
 /*
  * Constants for converting boot-style device number to type,

Re: Add reset option to boot command of ddb(4)

[Jonathan Gray]

On Thu, Oct 26, 2017 at 01:12:53PM +0200, Alexander Bluhm wrote:
> On Thu, Oct 26, 2017 at 08:08:35PM +1100, Jonathan Gray wrote:
> > No, cpu_reset() is MD this will break ddb on all non x86 archs besides
> > landisk.
> 
> Would it make sense to implement a boot(RB_RESET) that works
> everywhere?
> 
> Problem is that when adding MP locks to the kernel, ddb boot reboot
> does not work reliably.  We need something that does not run code
> that may allocate locks.
> 
> bluhm

What specifically?  Skip if_downall() if rebooting from ddb?
That could perhaps even be done for RB_NOSYNC.

Re: Add reset option to boot command of ddb(4)

[Alexander Bluhm]

On Thu, Oct 26, 2017 at 08:08:35PM +1100, Jonathan Gray wrote:
> No, cpu_reset() is MD this will break ddb on all non x86 archs besides
> landisk.

Would it make sense to implement a boot(RB_RESET) that works
everywhere?

Problem is that when adding MP locks to the kernel, ddb boot reboot
does not work reliably.  We need something that does not run code
that may allocate locks.

bluhm

Re: Add reset option to boot command of ddb(4)

[Stuart Henderson]

On 2017/10/26 10:42, Florian Riehm wrote:
> Hi,
> 
> Sometimes I see systems hanging in ddb(4) after panic(9) and the "boot reboot"
> command doesn't work anymore, i.e. of filesystem or locking issues.
> Bluhm@ suggested to me to use "call cpu_reset" in such situations.
> 
> I would like to introduce a command 'boot reset' to do this.

cpu_reset is MD.

Re: Kill deprecated IPv6 ioctl(2)s

[Jonathan Gray]

On Wed, Oct 25, 2017 at 12:20:45PM +0200, Martin Pieuchot wrote:
> Diff below remove some more deprecated ioctl(2).  The first group below
> correspond to features now deprecated by slaacd(8):
> 
>   SIOCSIFINFO_FLAGS, SIOCSNDFLUSH_IN6, SIOCSPFXFLUSH_IN6, SIOCSRTRFLUSH_IN6
> 
> Removing those might break some ports.  This is good!  Because now they
> are broken at compile time and can be fixed.  Currently they might or
> might not work.  On codesearch.debian.net only dhcpcd5 seems to try to use
> them.
> 
> The second group of ioctl(2)s is not used in base and should be used
> conditionally in ports, so it should be safe:
>   SIOCGIFADDR_IN6, SIOCGIFSTAT_IN6, SIOCGIFSTAT_ICMP6
> 
> Diff below also move some define around in netinet6/in6_var.h to reduce
> the number of #ifdef _KERNEL chunks.
> 
> ok?

ok jsg@

> 
> Index: netinet6/in6.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6.c,v
> retrieving revision 1.215
> diff -u -p -r1.215 in6.c
> --- netinet6/in6.c24 Oct 2017 09:30:15 -  1.215
> +++ netinet6/in6.c25 Oct 2017 10:06:05 -
> @@ -213,13 +213,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>   return (EOPNOTSUPP);
>  
>   switch (cmd) {
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
> - case SIOCSIFINFO_FLAGS:
> - if (!privileged)
> - return (EPERM);
> - /* FALLTHROUGH */
>   case SIOCGIFINFO_IN6:
>   case SIOCGNBRINFO_IN6:
>   return (nd6_ioctl(cmd, data, ifp));
> @@ -241,17 +234,11 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>   case SIOCAIFADDR_IN6:
>   sa6 = >ifra_addr;
>   break;
> - case SIOCGIFADDR_IN6:
>   case SIOCGIFDSTADDR_IN6:
>   case SIOCGIFNETMASK_IN6:
>   case SIOCDIFADDR_IN6:
>   case SIOCGIFAFLAG_IN6:
> - case SIOCSNDFLUSH_IN6:
> - case SIOCSPFXFLUSH_IN6:
> - case SIOCSRTRFLUSH_IN6:
>   case SIOCGIFALIFETIME_IN6:
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
>   sa6 = >ifr_addr;
>   break;
>   case SIOCSIFADDR:
> @@ -313,9 +300,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>  
>   break;
>  
> - case SIOCGIFADDR_IN6:
> - /* This interface is basically deprecated. use SIOCGIFCONF. */
> - /* FALLTHROUGH */
>   case SIOCGIFAFLAG_IN6:
>   case SIOCGIFNETMASK_IN6:
>   case SIOCGIFDSTADDR_IN6:
> @@ -328,10 +312,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>  
>   switch (cmd) {
>  
> - case SIOCGIFADDR_IN6:
> - ifr->ifr_addr = ia6->ia_addr;
> - break;
> -
>   case SIOCGIFDSTADDR_IN6:
>   if ((ifp->if_flags & IFF_POINTOPOINT) == 0)
>   return (EINVAL);
> @@ -349,10 +329,6 @@ in6_ioctl(u_long cmd, caddr_t data, stru
>   case SIOCGIFAFLAG_IN6:
>   ifr->ifr_ifru.ifru_flags6 = ia6->ia6_flags;
>   break;
> -
> - case SIOCGIFSTAT_IN6:
> - case SIOCGIFSTAT_ICMP6:
> - return (EOPNOTSUPP);
>  
>   case SIOCGIFALIFETIME_IN6:
>   ifr->ifr_ifru.ifru_lifetime = ia6->ia6_lifetime;
> Index: netinet6/in6_var.h
> ===
> RCS file: /cvs/src/sys/netinet6/in6_var.h,v
> retrieving revision 1.70
> diff -u -p -r1.70 in6_var.h
> --- netinet6/in6_var.h24 Oct 2017 09:36:13 -  1.70
> +++ netinet6/in6_var.h25 Oct 2017 10:06:05 -
> @@ -278,40 +278,21 @@ struct  in6_aliasreq {
>  #define IFA_IN6(x)   (&((struct sockaddr_in6 *)((x)->ifa_addr))->sin6_addr)
>  #define IFA_DSTIN6(x)(&((struct sockaddr_in6 
> *)((x)->ifa_dstaddr))->sin6_addr)
>  
> -#ifdef _KERNEL
> -#define IN6_ARE_MASKED_ADDR_EQUAL(d, a, m)   (   \
> - (((d)->s6_addr32[0] ^ (a)->s6_addr32[0]) & (m)->s6_addr32[0]) == 0 && \
> - (((d)->s6_addr32[1] ^ (a)->s6_addr32[1]) & (m)->s6_addr32[1]) == 0 && \
> - (((d)->s6_addr32[2] ^ (a)->s6_addr32[2]) & (m)->s6_addr32[2]) == 0 && \
> - (((d)->s6_addr32[3] ^ (a)->s6_addr32[3]) & (m)->s6_addr32[3]) == 0 )
> -#endif /* _KERNEL */
> -
> -#define SIOCGIFADDR_IN6  _IOWR('i', 33, struct in6_ifreq)
> +#define SIOCDIFADDR_IN6   _IOW('i', 25, struct in6_ifreq)
> +#define SIOCAIFADDR_IN6   _IOW('i', 26, struct in6_aliasreq)
>  
>  #define SIOCGIFDSTADDR_IN6   _IOWR('i', 34, struct in6_ifreq)
>  #define SIOCGIFNETMASK_IN6   _IOWR('i', 37, struct in6_ifreq)
>  
> -#define SIOCDIFADDR_IN6   _IOW('i', 25, struct in6_ifreq)
> -#define SIOCAIFADDR_IN6   _IOW('i', 26, struct in6_aliasreq)
> -
>  #define SIOCGIFAFLAG_IN6 _IOWR('i', 73, struct in6_ifreq)
>  
>  #define SIOCGIFINFO_IN6  _IOWR('i', 108, struct in6_ndireq)
> -#define SIOCSNDFLUSH_IN6 _IOWR('i', 77, struct in6_ifreq)
>  #define SIOCGNBRINFO_IN6 _IOWR('i', 78, struct in6_nbrinfo)

Re: wireless ioctl & multicast

[Jonathan Gray]

On Wed, Oct 25, 2017 at 03:41:31PM +0200, Martin Pieuchot wrote:
> On 25/10/17(Wed) 15:37, Martin Pieuchot wrote:
> > Diff below moves the common code to add/remove multicast filters
> > to ieee80211_ioctl(9).  Wireless drivers that do things slightly
> > differently are left untouched for the moment.
> > 
> > ok?
> 
> Updated diff.

ok jsg@

> 
> Index: dev/ic/acx.c
> ===
> RCS file: /cvs/src/sys/dev/ic/acx.c,v
> retrieving revision 1.120
> diff -u -p -r1.120 acx.c
> --- dev/ic/acx.c  22 Jan 2017 10:17:37 -  1.120
> +++ dev/ic/acx.c  25 Oct 2017 13:31:27 -
> @@ -837,7 +837,6 @@ acx_ioctl(struct ifnet *ifp, u_long cmd,
>  {
>   struct acx_softc *sc = ifp->if_softc;
>   struct ieee80211com *ic = >sc_ic;
> - struct ifreq *ifr;
>   int s, error = 0;
>   uint8_t chan;
>  
> @@ -855,16 +854,6 @@ acx_ioctl(struct ifnet *ifp, u_long cmd,
>   if (ifp->if_flags & IFF_RUNNING)
>   error = acx_stop(sc);
>   }
> - break;
> - case SIOCADDMULTI:
> - case SIOCDELMULTI:
> - ifr = (struct ifreq *)data;
> - error = (cmd == SIOCADDMULTI) ?
> - ether_addmulti(ifr, >ic_ac) :
> - ether_delmulti(ifr, >ic_ac);
> -
> - if (error == ENETRESET)
> - error = 0;
>   break;
>   case SIOCS80211CHANNEL:
>   /* allow fast channel switching in monitor mode */
> Index: dev/ic/bwi.c
> ===
> RCS file: /cvs/src/sys/dev/ic/bwi.c,v
> retrieving revision 1.126
> diff -u -p -r1.126 bwi.c
> --- dev/ic/bwi.c  8 Sep 2017 05:36:52 -   1.126
> +++ dev/ic/bwi.c  25 Oct 2017 13:31:16 -
> @@ -7107,7 +7107,6 @@ bwi_ioctl(struct ifnet *ifp, u_long cmd,
>  {
>   struct bwi_softc *sc = ifp->if_softc;
>   struct ieee80211com *ic = >sc_ic;
> - struct ifreq *ifr;
>   int s, error = 0;
>   uint8_t chan;
>  
> @@ -7125,16 +7124,6 @@ bwi_ioctl(struct ifnet *ifp, u_long cmd,
>   if (ifp->if_flags & IFF_RUNNING)
>   bwi_stop(sc, 1);
>   }
> - break;
> -case SIOCADDMULTI:
> -case SIOCDELMULTI:
> - ifr = (struct ifreq *)data;
> - error = (cmd == SIOCADDMULTI) ?
> - ether_addmulti(ifr, >ic_ac) :
> - ether_delmulti(ifr, >ic_ac);
> -
> - if (error == ENETRESET)
> - error = 0;
>   break;
>   case SIOCS80211CHANNEL:
>   /* allow fast channel switching in monitor mode */
> Index: dev/ic/rtwn.c
> ===
> RCS file: /cvs/src/sys/dev/ic/rtwn.c,v
> retrieving revision 1.35
> diff -u -p -r1.35 rtwn.c
> --- dev/ic/rtwn.c 23 Sep 2017 13:57:41 -  1.35
> +++ dev/ic/rtwn.c 25 Oct 2017 13:32:05 -
> @@ -1434,7 +1434,6 @@ rtwn_ioctl(struct ifnet *ifp, u_long cmd
>  {
>   struct rtwn_softc *sc = ifp->if_softc;
>   struct ieee80211com *ic = >sc_ic;
> - struct ifreq *ifr;
>   int s, error = 0;
>  
>   s = splnet();
> @@ -1462,15 +1461,6 @@ rtwn_ioctl(struct ifnet *ifp, u_long cmd
>   if (ifp->if_flags & IFF_RUNNING)
>   rtwn_stop(ifp);
>   }
> - break;
> - case SIOCADDMULTI:
> - case SIOCDELMULTI:
> - ifr = (struct ifreq *)data;
> - error = (cmd == SIOCADDMULTI) ?
> - ether_addmulti(ifr, >ic_ac) :
> - ether_delmulti(ifr, >ic_ac);
> - if (error == ENETRESET)
> - error = 0;
>   break;
>   case SIOCS80211CHANNEL:
>   error = ieee80211_ioctl(ifp, cmd, data);
> Index: dev/ic/malo.c
> ===
> RCS file: /cvs/src/sys/dev/ic/malo.c,v
> retrieving revision 1.115
> diff -u -p -r1.115 malo.c
> --- dev/ic/malo.c 8 Sep 2017 05:36:52 -   1.115
> +++ dev/ic/malo.c 25 Oct 2017 13:31:09 -
> @@ -933,7 +933,6 @@ malo_ioctl(struct ifnet *ifp, u_long cmd
>  {
>   struct malo_softc *sc = ifp->if_softc;
>   struct ieee80211com *ic = >sc_ic;
> - struct ifreq *ifr;
>   int s, error = 0;
>   uint8_t chan;
>  
> @@ -951,16 +950,6 @@ malo_ioctl(struct ifnet *ifp, u_long cmd
>   if (ifp->if_flags & IFF_RUNNING)
>   malo_stop(sc);
>   }
> - break;
> -case SIOCADDMULTI:
> -case SIOCDELMULTI:
> - ifr = (struct ifreq *)data;
> - error = (cmd == SIOCADDMULTI) ?
> - ether_addmulti(ifr, >ic_ac) :
> - ether_delmulti(ifr, >ic_ac);
> -
> - if (error == ENETRESET)
> - 

Re: Add reset option to boot command of ddb(4)

[Jonathan Gray]

On Thu, Oct 26, 2017 at 10:42:17AM +0200, Florian Riehm wrote:
> Hi,
> 
> Sometimes I see systems hanging in ddb(4) after panic(9) and the "boot reboot"
> command doesn't work anymore, i.e. of filesystem or locking issues.
> Bluhm@ suggested to me to use "call cpu_reset" in such situations.
> 
> I would like to introduce a command 'boot reset' to do this.
> 
> ok?

No, cpu_reset() is MD this will break ddb on all non x86 archs besides
landisk.

> 
> friehm
> 
> 
> Index: share/man/man4//ddb.4
> ===
> RCS file: /cvs/src/share/man/man4/ddb.4,v
> retrieving revision 1.91
> diff -u -p -r1.91 ddb.4
> --- share/man/man4//ddb.4 29 Sep 2017 09:36:04 -  1.91
> +++ share/man/man4//ddb.4 26 Oct 2017 08:18:44 -
> @@ -379,6 +379,10 @@ Just halt.
>  Just reboot.
>  .It Ic boot poweroff
>  Power down the machine whenever possible; if it fails, just halt.
> +.It Ic boot reset
> +Restart the machine by resetting the CPU. Useful in situations were
> +.Ic boot reboot
> +does not work anymore.
>  .El
>  .\" 
>  .It Xo
> Index: sys/ddb/db_command.c
> ===
> RCS file: /cvs/src/sys/ddb/db_command.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 db_command.c
> --- sys/ddb/db_command.c  19 Oct 2017 16:58:05 -  1.79
> +++ sys/ddb/db_command.c  26 Oct 2017 08:18:55 -
> @@ -105,6 +105,7 @@ void  db_boot_dump_cmd(db_expr_t, int, db
>  void db_boot_halt_cmd(db_expr_t, int, db_expr_t, char *);
>  void db_boot_reboot_cmd(db_expr_t, int, db_expr_t, char *);
>  void db_boot_poweroff_cmd(db_expr_t, int, db_expr_t, char *);
> +void db_boot_reset_cmd(db_expr_t, int, db_expr_t, char *);
>  void db_stack_trace_cmd(db_expr_t, int, db_expr_t, char *);
>  void db_dmesg_cmd(db_expr_t, int, db_expr_t, char *);
>  void db_show_panic_cmd(db_expr_t, int, db_expr_t, char *);
> @@ -606,6 +607,7 @@ struct db_command db_boot_cmds[] = {
>   { "halt",   db_boot_halt_cmd,   0,  0 },
>   { "reboot", db_boot_reboot_cmd, 0,  0 },
>   { "poweroff",   db_boot_poweroff_cmd,   0,  0 },
> + { "reset",  db_boot_reset_cmd,  0,  0 },
>   { NULL, }
>  };
> @@ -812,6 +814,12 @@ void
>  db_boot_poweroff_cmd(db_expr_t addr, int haddr, db_expr_t count, char *modif)
>  {
>   reboot(RB_NOSYNC | RB_HALT | RB_POWERDOWN | RB_TIMEBAD | RB_USERREQ);
> +}
> +
> +void
> +db_boot_reset_cmd(db_expr_t addr, int haddr, db_expr_t count, char *modif)
> +{
> + cpu_reset();
>  }
>  void
> 

libfuse: fuse.c null checks and others

[Helg Bredow]

I've included different minor patches below as one patch. I haven't split into 
separate patches since the changes are not complex and easy to audit. 

Here's what it does:

Almost all functions in fuse.c do not check if the arguments are null. This 
patch adds null checks where appropriate.

Some arguments are incorrectly flagged as unused. Delete "unused" if the 
argument is used in the function.

The wrong version macro is used in dump_version() and is inconsistent with that 
used in fuse_version(). FUSE_USE_VERSION is intended to be defined by file 
system to specify which backward compatible version of libfuse they require.

fuse_loop_mt() is not implemented so return -1 rather than success. If a file 
system tries to call it then it should be obvious that it's not going to work.

fuse_main() declared redundant variables due to the lack of NULL checks before 
assignment. We now check for NULL so can safely pass NULL instead.

Tested with a regression test that passes all NULL arguments to exported 
functions.

Something to consider is that fuse_is_lib_option() is deprecated. Should we 
remove it from libfuse to stay strictly at version 26?


Index: fuse.c
===
RCS file: /cvs/src/lib/libfuse/fuse.c,v
retrieving revision 1.31
diff -u -p -r1.31 fuse.c
--- fuse.c  25 Oct 2017 09:29:46 -  1.31
+++ fuse.c  25 Oct 2017 12:54:48 -
@@ -71,6 +71,9 @@ fuse_loop(struct fuse *fuse)
ssize_t n;
int ret;
 
+   if (fuse == NULL)
+   return (-1);
+
fuse->fc->kq = kqueue();
if (fuse->fc->kq == -1)
return (-1);
@@ -156,6 +159,9 @@ fuse_mount(const char *dir, unused struc
struct fuse_chan *fc;
const char *errcause;
 
+   if (dir == NULL)
+   return (NULL);
+
fc = calloc(1, sizeof(*fc));
if (fc == NULL)
return (NULL);
@@ -197,9 +203,9 @@ bad:
 }
 
 void
-fuse_unmount(const char *dir, unused struct fuse_chan *ch)
+fuse_unmount(const char *dir, struct fuse_chan *ch)
 {
-   if (ch->dead)
+   if (ch == NULL || ch->dead)
return;
 
if (unmount(dir, MNT_UPDATE) == -1)
@@ -207,7 +213,7 @@ fuse_unmount(const char *dir, unused str
 }
 
 int
-fuse_is_lib_option(unused const char *opt)
+fuse_is_lib_option(const char *opt)
 {
return (fuse_opt_match(fuse_core_opts, opt));
 }
@@ -215,6 +221,9 @@ fuse_is_lib_option(unused const char *op
 int
 fuse_chan_fd(struct fuse_chan *ch)
 {
+   if (ch == NULL)
+   return (-1);
+
return (ch->fd);
 }
 
@@ -227,17 +236,20 @@ fuse_get_session(struct fuse *f)
 int
 fuse_loop_mt(unused struct fuse *fuse)
 {
-   return (0);
+   return (-1);
 }
 
 struct fuse *
 fuse_new(struct fuse_chan *fc, unused struct fuse_args *args,
 const struct fuse_operations *ops, unused size_t size,
-unused void *userdata)
+void *userdata)
 {
struct fuse *fuse;
struct fuse_vnode *root;
 
+   if (fc == NULL || ops == NULL)
+   return (NULL);
+
if ((fuse = calloc(1, sizeof(*fuse))) == NULL)
return (NULL);
 
@@ -275,8 +287,11 @@ fuse_daemonize(unused int foreground)
 }
 
 void
-fuse_destroy(unused struct fuse *f)
+fuse_destroy(struct fuse *f)
 {
+   if (f == NULL)
+   return;
+
close(f->fc->fd);
free(f->fc->dir);
free(f->fc);
@@ -322,7 +337,7 @@ fuse_remove_signal_handlers(unused struc
 }
 
 int
-fuse_set_signal_handlers(unused struct fuse_session *se)
+fuse_set_signal_handlers(struct fuse_session *se)
 {
sigse = se;
signal(SIGHUP, ifuse_get_signal);
@@ -344,7 +359,7 @@ dump_help(void)
 static void
 dump_version(void)
 {
-   fprintf(stderr, "FUSE library version %i\n", FUSE_USE_VERSION);
+   fprintf(stderr, "FUSE library version %i\n", FUSE_VERSION);
 }
 
 static int
@@ -453,6 +468,9 @@ fuse_version(void)
 void
 fuse_teardown(struct fuse *fuse, char *mp)
 {
+   if (fuse == NULL || mp == NULL)
+   return;
+
fuse_unmount(mp, fuse->fc);
fuse_destroy(fuse);
 }
@@ -500,10 +518,8 @@ int
 fuse_main(int argc, char **argv, const struct fuse_operations *ops, void *data)
 {
struct fuse *fuse;
-   char *mp = NULL;
-   int mt;
 
-   fuse = fuse_setup(argc, argv, ops, sizeof(*ops), , , data);
+   fuse = fuse_setup(argc, argv, ops, sizeof(*ops), NULL, NULL, data);
if (!fuse)
return (-1);
 

Add reset option to boot command of ddb(4)

[Florian Riehm]

Hi,

Sometimes I see systems hanging in ddb(4) after panic(9) and the "boot reboot"
command doesn't work anymore, i.e. of filesystem or locking issues.
Bluhm@ suggested to me to use "call cpu_reset" in such situations.

I would like to introduce a command 'boot reset' to do this.

ok?

friehm


Index: share/man/man4//ddb.4
===
RCS file: /cvs/src/share/man/man4/ddb.4,v
retrieving revision 1.91
diff -u -p -r1.91 ddb.4
--- share/man/man4//ddb.4   29 Sep 2017 09:36:04 -  1.91
+++ share/man/man4//ddb.4   26 Oct 2017 08:18:44 -
@@ -379,6 +379,10 @@ Just halt.
 Just reboot.
 .It Ic boot poweroff
 Power down the machine whenever possible; if it fails, just halt.
+.It Ic boot reset
+Restart the machine by resetting the CPU. Useful in situations were
+.Ic boot reboot
+does not work anymore.
 .El
 .\" 
 .It Xo
Index: sys/ddb/db_command.c
===
RCS file: /cvs/src/sys/ddb/db_command.c,v
retrieving revision 1.79
diff -u -p -r1.79 db_command.c
--- sys/ddb/db_command.c19 Oct 2017 16:58:05 -  1.79
+++ sys/ddb/db_command.c26 Oct 2017 08:18:55 -
@@ -105,6 +105,7 @@ voiddb_boot_dump_cmd(db_expr_t, int, db
 void   db_boot_halt_cmd(db_expr_t, int, db_expr_t, char *);
 void   db_boot_reboot_cmd(db_expr_t, int, db_expr_t, char *);
 void   db_boot_poweroff_cmd(db_expr_t, int, db_expr_t, char *);
+void   db_boot_reset_cmd(db_expr_t, int, db_expr_t, char *);
 void   db_stack_trace_cmd(db_expr_t, int, db_expr_t, char *);
 void   db_dmesg_cmd(db_expr_t, int, db_expr_t, char *);
 void   db_show_panic_cmd(db_expr_t, int, db_expr_t, char *);
@@ -606,6 +607,7 @@ struct db_command db_boot_cmds[] = {
{ "halt", db_boot_halt_cmd,   0,  0 },
{ "reboot",   db_boot_reboot_cmd, 0,  0 },
{ "poweroff", db_boot_poweroff_cmd,   0,  0 },
+   { "reset",db_boot_reset_cmd,  0,  0 },
{ NULL, }
 };
 
@@ -812,6 +814,12 @@ void

 db_boot_poweroff_cmd(db_expr_t addr, int haddr, db_expr_t count, char *modif)
 {
reboot(RB_NOSYNC | RB_HALT | RB_POWERDOWN | RB_TIMEBAD | RB_USERREQ);
+}
+
+void
+db_boot_reset_cmd(db_expr_t addr, int haddr, db_expr_t count, char *modif)
+{
+   cpu_reset();
 }
 
 void

Re: "max" field in "netstat -m" is ambiguous

[Claudio Jeker]

On Wed, Oct 25, 2017 at 11:46:05PM +0200, Mike Belopuhov wrote:
> On Wed, Oct 25, 2017 at 21:56 +0200, Claudio Jeker wrote:
> > On Wed, Oct 25, 2017 at 01:39:35PM -0600, Todd C. Miller wrote:
> > > On Wed, 25 Oct 2017 19:46:56 +0200, Mike Belopuhov wrote:
> > > 
> > > > I think we can extend this by adding an additional number for the
> > > > upper boundary (kern.maxclusters), like so:
> > > > 
> > > >   saru:usr.bin/netstat% ./obj/netstat -m
> > > >   539 mbufs in use:
> > > > 385 mbufs allocated to data
> > > > 13 mbufs allocated to packet headers
> > > > 141 mbufs allocated to socket names and addresses
> > > >   19/144 mbuf 2048 byte clusters in use (current/peak)
> > > >   0/45 mbuf 2112 byte clusters in use (current/peak)
> > > >   256/312 mbuf 4096 byte clusters in use (current/peak)
> > > >   0/48 mbuf 8192 byte clusters in use (current/peak)
> > > >   0/28 mbuf 9216 byte clusters in use (current/peak)
> > > >   0/40 mbuf 12288 byte clusters in use (current/peak)
> > > >   0/40 mbuf 16384 byte clusters in use (current/peak)
> > > >   0/40 mbuf 65536 byte clusters in use (current/peak)
> > > >   5876 out of 524288 Kbytes allocated to network (20% in use)
> > > >   0 requests for memory denied
> > > >   0 requests for memory delayed
> > > >   0 calls to protocol drain routines
> > > 
> > > That's definitely an improvement.  OK millert@
> > > 
> > 
> > The math for the percentage in use is doing something different at least
> > 20% of 524288 is not 5876. AFAIK the percentage is calculated against the
> > pool size and not the maximum size.
> 
> Correct and I didn't say otherwise. I wrote:
> 
>   This shows how much backing memory has been allocated by all cluster
>   pools from the UVM and percentage of how much of it has been taken
>   out by pool_get operations.
> 
> It's 20% of 5876K that is in use.
> 
> > Would be great if netstat could show the current and peak memory usage.
> >
> 
> Current is 5876.  Maximum is 524288.  Do you want to display them in
> the x/y/z format?
> 
>   5876//524288 Kbytes allocated to network, 20% in use (current/peak/max)
> 
> Something like this? Any other ideas?

I think that would be an improvement. I normally look for peak values. The
current is normally not interesting when tuning systems. 
Maybe we can even drop the use percentage since it more confusing than
anything.

-- 
:wq Claudio