Re: isakmpd.policy check

2018-01-04 Thread Remi Locherer 
On Thu, Jan 04, 2018 at 12:30:39PM +, Stuart Henderson wrote:
> On 2018/01/04 12:47, Martin Pieuchot wrote:
> > I'm not writing any isakmpd.policy(5) file.  I don't know anybody sane
> > we do.
> 
> This means you trust your ipsec peers not to request an invalid flow.
> That's reasonable if you run both ends and trust yourself not to fat-finger
> it but it's not really OK if you run tunnels to third parties.
> 

I was running isakmpd -K for years without understanding the risk.
Probably I'm not the exception.

The isakmpd man page says:
-K  [...] This option can be used when policies for flows
and SA establishment are arranged by other programs like
ipsecctl(8) or bgpd(8).

> > I'd like to enforce some policy based on what I write in
> > ipsec.conf(5)...
> 
> That would be a bigger change ;)

That would be a much appreciated change ;-)

> > So I don't understand why I have to pass '-K' in
> > every of the machine I setup.  If I don't specify any policy file, then
> > I'd assume isakmpd(8) would do the right thing.
> > 
> > Diff below makes '-K' the default if isakmpd.policy doesn't exist AND
> > you didn't specify a "Policy-file".
> 
> I have to say I'm not too keen on this. At the moment -K is "danger!
> flows are not checked against policy".

Re: VMD: revise check for regular files on disks

2018-01-04 Thread Jeremie Courreges-Anglas 
On Wed, Jan 03 2018, Carlos Cardenas  wrote:
> Howdy.
>
> Attached is a patch to address a TOCTOU issue with checking to
> ensure disks are regular files, reported by jca@ .
>
> Comments? Ok?

A bit late, but ok.

While here, if the S_ISREG check fails there is no meaningful errno to
report.

ok?


Index: config.c
===
RCS file: /d/cvs/src/usr.sbin/vmd/config.c,v
retrieving revision 1.39
diff -u -p -p -u -r1.39 config.c
--- config.c4 Jan 2018 15:19:56 -   1.39
+++ config.c5 Jan 2018 07:24:41 -
@@ -252,7 +252,7 @@ config_setvm(struct privsep *ps, struct 
goto fail;
}
if (S_ISREG(stat_buf.st_mode) == 0) {
-   log_warn("%s: cdrom %s is not a regular file", __func__,
+   log_warnx("%s: cdrom %s is not a regular file", 
__func__,
vcp->vcp_cdrom);
errno = VMD_CDROM_INVALID;
goto fail;
@@ -276,7 +276,7 @@ config_setvm(struct privsep *ps, struct 
goto fail;
}
if (S_ISREG(stat_buf.st_mode) == 0) {
-   log_warn("%s: disk %s is not a regular file", __func__,
+   log_warnx("%s: disk %s is not a regular file", __func__,
vcp->vcp_disks[i]);
errno = VMD_DISK_INVALID;
goto fail;

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: ksh: Fix compilation without job control

2018-01-04 Thread Jeremie Courreges-Anglas 
On Thu, Jan 04 2018, Klemens Nanni  wrote:
> A few guards are missing, with this diff ksh compiles cleanly with JOBS
> undefined.
>
> Found while looking for undesired changes after working on job control.
>
> Feedback?

Looks good, ok jca@

I kinda take job control in my shell for granted.  Todd, would it make
sense to just delete the #ifdefs?  I doubt that we'll want to ship a ksh
with no job control in space-constrained installers.

> diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c
> index 53858a37d26..7e29c2f38b8 100644
> --- a/bin/ksh/jobs.c
> +++ b/bin/ksh/jobs.c
> @@ -201,6 +201,7 @@ j_suspend(void)
>  {
>   struct sigaction sa, osa;
>  
> +#ifdef JOBS
>   /* Restore tty and pgrp. */
>   if (ttypgrp_ok) {
>   tcsetattr(tty_fd, TCSADRAIN, _state);
> @@ -218,6 +219,7 @@ j_suspend(void)
>   }
>   }
>   }
> +#endif /* JOBS */
>  
>   /* Suspend the shell. */
>   memset(, 0, sizeof(sa));
> @@ -228,6 +230,7 @@ j_suspend(void)
>  
>   /* Back from suspend, reset signals, pgrp and tty. */
>   sigaction(SIGTSTP, , NULL);
> +#ifdef JOBS
>   if (ttypgrp_ok) {
>   if (restore_ttypgrp >= 0) {
>   if (setpgid(0, kshpid) < 0) {
> @@ -246,6 +249,7 @@ j_suspend(void)
>   }
>   tty_init(true);
>   }
> +#endif /* JOBS */
>  }
>  
>  /* job cleanup before shell exit */
> @@ -1050,10 +1054,10 @@ j_waitj(Job *j,
>   j->flags &= ~(JF_WAITING|JF_W_ASYNCNOTIFY);
>  
>   if (j->flags & JF_FG) {
> - int status;
> -
>   j->flags &= ~JF_FG;
>  #ifdef JOBS
> + int status;
> +
>   if (Flag(FMONITOR) && ttypgrp_ok && j->pgrp) {
>   /*
>* Save the tty's current pgrp so it can be restored
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: mg: extract child status with WEXITSTATUS

2018-01-04 Thread Jeremie Courreges-Anglas 
On Tue, Jan 02 2018, Scott Cheloha  wrote:
> On Mon, Jan 01, 2018 at 09:07:25PM -0700, Todd C. Miller wrote:
>> On Mon, 01 Jan 2018 19:54:07 -0600, Scott Cheloha wrote:
>> 
>> > Hey,
>> >
>> > In the mg(1) *compile* buffer, currently you get incorrect
>> > output like:
>> >
>> >Command exited abnormally with code 256 at [...]
>> >
>> > Using the W* macros in  corrects this:
>> >
>> >Command exited abnormally with code 1 at [...]
>> 
>> Is it worth using an explicit message if the command was terminated
>> by a signal?
>
> Like in lieu of 128+WTERMSIG?  I don't personally see my jobs in mg
> get killed all that often, but if I did I think I'd prefer something
> with the signal name, sure.
>
> While we're at it, I'd like to move the timestamp left so it's separate
> from the other output.  I'd also like to always print the exit status,
> as "abnormally" is inapplicable for programs like diff and grep.

"abnormally" doesn't seem very useful if the status is printed indeed;
printing the status if zero doesn't look very useful though.

> Thoughts?

Disclaimer: I'm not an mg(1) user, but please see below.

> --
> Scott Cheloha
>
> Index: usr.bin/mg/grep.c
> ===
> RCS file: /cvs/src/usr.bin/mg/grep.c,v
> retrieving revision 1.45
> diff -u -p -r1.45 grep.c
> --- usr.bin/mg/grep.c 12 Oct 2017 14:12:00 -  1.45
> +++ usr.bin/mg/grep.c 3 Jan 2018 01:24:09 -
> @@ -4,6 +4,8 @@
>  
>  #include 
>  #include 
> +#include 
> +
>  #include 
>  #include 
>  #include 
> @@ -180,7 +182,7 @@ compile_mode(const char *name, const cha
>   char*buf;
>   size_t   sz;
>   ssize_t  len;
> - int  ret, n;
> + int  ret, n, signo;
>   char cwd[NFILEN], qcmd[NFILEN];
>   char timestr[NTIME];
>   time_t   t;
> @@ -226,17 +228,19 @@ compile_mode(const char *name, const cha
>   t = time(NULL);
>   strftime(timestr, sizeof(timestr), "%a %b %e %T %Y", localtime());
>   addline(bp, "");
> - if (ret != 0)
> - addlinef(bp, "Command exited abnormally with code %d"
> - " at %s", ret, timestr);
> - else
> - addlinef(bp, "Command finished at %s", timestr);
> + if (WIFEXITED(ret)) {
> + addlinef(bp, "[%s] Command exited with status %d",
> + timestr, WEXITSTATUS(ret));
> + } else {

This won't catch cases where the shell exits with 128 + the signal that
killed its child process.

> + signo = WTERMSIG(ret);
> + addlinef(bp, "[%s] Command killed by %s: %s",
> + timestr, sys_signame[signo], strsignal(signo));

I'm not thrilled by sys_signame, it's not portable, you need to do make
sure that the signal number is valid, and when adding errno values the size
of sys_signame changes -> libc major crank.  It's a shame there are no
sane standard accessors.

  (http://austingroupbugs.net/view.php?id=1138=8)

Sorry for the bikeshed but wouldn't just printing the signal
number be enough?  Also, why change the way the timestamp is printed?

I would probably do something like the diff below.


Index: grep.c
===
RCS file: /d/cvs/src/usr.bin/mg/grep.c,v
retrieving revision 1.45
diff -u -p -p -u -r1.45 grep.c
--- grep.c  12 Oct 2017 14:12:00 -  1.45
+++ grep.c  5 Jan 2018 06:36:53 -
@@ -4,6 +4,8 @@
 
 #include 
 #include 
+#include 
+
 #include 
 #include 
 #include 
@@ -226,10 +228,14 @@ compile_mode(const char *name, const cha
t = time(NULL);
strftime(timestr, sizeof(timestr), "%a %b %e %T %Y", localtime());
addline(bp, "");
-   if (ret != 0)
-   addlinef(bp, "Command exited abnormally with code %d"
-   " at %s", ret, timestr);
-   else
+   if (WIFSIGNALED(ret) || WEXITSTATUS(ret) > 128) {
+   addlinef(bp, "Command killed by signal %d at %s",
+   WIFSIGNALED(ret) ? WTERMSIG(ret) : WEXITSTATUS(ret) - 128,
+   timestr);
+   } else if (WEXITSTATUS(ret)) {
+   addlinef(bp, "Command exited with status %d at %s",
+   WEXITSTATUS(ret), timestr);
+   } else
addlinef(bp, "Command finished at %s", timestr);
 
bp->b_dotp = bfirstlp(bp);

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: update Mesa to 17.2.6

2018-01-04 Thread Theo de Raadt 
The diff below helps, and will be in snaps until the situation is
resolved.

> On Fri, Jan 05, 2018 at 12:38:27AM +0200, Lauri Tirkkonen wrote:
> > Hi,
> > 
> > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote:
> > > I'm interested in reports from people who saw corruption on Intel
> > > graphics during the brief period when Mesa 17.1.6 was in the tree.
> > 
> > Sorry for not testing this sooner; I had forgotten about seeing this
> > corruption previously. Updating to a snapshot just now (from OpenBSD
> > 6.2-current (GENERIC.MP) #305: Thu Dec 21 14:53:41 MST 2017 to OpenBSD
> > 6.2-current (GENERIC.MP) #314: Wed Jan  3 13:14:26 MST 2018) did
> > result in corruption on my X220 and jogged my memory that I've seen this
> > problem in the past... dmesg follows.
> 
> I wonder if this is exposing an inteldrm problem.
> 
> Does switching to the intel driver with xorg.conf or the below
> diff change anything?
> 
> Index: xserver/hw/xfree86/common/xf86pciBus.c
> ===
> RCS file: /cvs/xenocara/xserver/hw/xfree86/common/xf86pciBus.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 xf86pciBus.c
> --- xserver/hw/xfree86/common/xf86pciBus.c8 Dec 2017 15:02:00 -   
> 1.15
> +++ xserver/hw/xfree86/common/xf86pciBus.c4 Jan 2018 22:57:20 -
> @@ -1192,11 +1192,26 @@ xf86VideoPtrToDriverList(struct pci_devi
>   case 0xa011:
>   case 0x0042: /* XXX Ironlake is unstable with modesetting */
>   case 0x0046:
> - /* Use intel driver on 2nd and 3rd generation */
> + /* Sandy Bridge */
> + case 0x0102:
> + case 0x0112:
> + case 0x0122:
> + case 0x010a:
> + case 0x0106:
> + case 0x0116:
> + case 0x0126:
> + /* Ivy Bridge */
> + case 0x0156:
> + case 0x0166:
> + case 0x0152:
> + case 0x0162:
> + case 0x015a:
> + case 0x016a:
> + /* Use intel driver until Ivy Bridge */
>   driverList[0] = "intel";
>   break;
>   default:
> - /* Use modesetting driver on 4th generation and up */
> + /* Use modesetting driver on Haswell and up */
>   driverList[0] = "modesetting";
>   break;
>  }
>

Re: update Mesa to 17.2.6

2018-01-04 Thread Theo de Raadt 
> > On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote:
> > > I'm interested in reports from people who saw corruption on Intel
> > > graphics during the brief period when Mesa 17.1.6 was in the tree.

The issue is back.

x230.

run xpdf on a document which large regions of black and white, and
flip between pages.

It looks like something is cached and not being
pushed/invalidated/writethrough.  so it does not make it onto the
screen correctly.  there are cache-streaks which don't update on an
idle machine.

If the machine is very busy, it is hard to see these because the cache
lines get pushed earlier.

But on an idle machine, documents are unreadable.

Re: relayd and PUT

2018-01-04 Thread Alexander Bluhm 
On Wed, Dec 13, 2017 at 07:42:03AM +0100, Claudio Jeker wrote:
> On Wed, Dec 13, 2017 at 12:25:39AM +, Rivo Nurges wrote:
> > If you http PUT a "big" file through relayd, server<>relay read side
> > will eventually get a EVBUFFER_TIMEOUT. Nothing comes back from the
> > server until the PUT is done. I disabled server read timeouts for PUT
> > requests.
> 
> I have seen something similar and came to the conclusion that the timeout
> handling of relayd is not correct. As long as traffic is flowing the
> timeout should be reset (at least that is what every other implementation
> does). This is not really happening in relayd. I have seen this on GET
> requests that are huge (timeout hits in the middle of the transimit and
> kills the session).

I have commited more regression tests that check the timeout with
unidirectional traffic flow.  I could not find an error.  In theory
when we have an idle timeout in one direction, relayd checks wheter
there is trafic flowing in the other direction.  The tests set the
timeout to 2 seconds and send 5 bytes while sleeping one second
between each byte.  The timeout does not trigger.

So it seems that you encounter some corner case.  I need more
information.

- Do you use http or https?
- Do you use persistent connections?
- Do you use chunked encoding?
- Does it only occur with http or also with plain tcp?
- Does disabling socket splicing help?
- Does it happen when the connect to the server is slow?

While testing I saw that with socket splicing the timeout is handled
twice.  We get an wakeup from the idle splicing and from libevent
timeout.  I think it is sufficient to only use the idle splicing
if it is available.

Does this diff help?

bluhm

Index: relay.c
===
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.237
diff -u -p -r1.237 relay.c
--- relay.c 27 Dec 2017 15:53:30 -  1.237
+++ relay.c 4 Jan 2018 22:44:20 -
@@ -733,16 +733,21 @@ relay_connected(int fd, short sig, void 
if ((rlay->rl_conf.flags & F_TLSCLIENT) && (out->tls != NULL))
relay_tls_connected(out);
 
-   bufferevent_settimeout(bev,
-   rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec);
bufferevent_setwatermark(bev, EV_WRITE,
RELAY_MIN_PREFETCHED * proto->tcpbufsiz, 0);
bufferevent_enable(bev, EV_READ|EV_WRITE);
if (con->se_in.bev)
bufferevent_enable(con->se_in.bev, EV_READ);
 
-   if (relay_splice(>se_out) == -1)
+   switch (relay_splice(>se_out)) {
+   case 0:
+   bufferevent_settimeout(bev,
+   rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec);
+   break;
+   case -1:
relay_close(con, strerror(errno));
+   break;
+   }
 }
 
 void
@@ -784,14 +789,19 @@ relay_input(struct rsession *con)
if ((rlay->rl_conf.flags & F_TLS) && con->se_in.tls != NULL)
relay_tls_connected(>se_in);
 
-   bufferevent_settimeout(con->se_in.bev,
-   rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec);
bufferevent_setwatermark(con->se_in.bev, EV_WRITE,
RELAY_MIN_PREFETCHED * proto->tcpbufsiz, 0);
bufferevent_enable(con->se_in.bev, EV_READ|EV_WRITE);
 
-   if (relay_splice(>se_in) == -1)
+   switch (relay_splice(>se_in)) {
+   case 0:
+   bufferevent_settimeout(con->se_in.bev,
+   rlay->rl_conf.timeout.tv_sec, rlay->rl_conf.timeout.tv_sec);
+   break;
+   case -1:
relay_close(con, strerror(errno));
+   break;
+   }
 }
 
 void

Re: update Mesa to 17.2.6

2018-01-04 Thread Jonathan Gray 
On Fri, Jan 05, 2018 at 12:38:27AM +0200, Lauri Tirkkonen wrote:
> Hi,
> 
> On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote:
> > I'm interested in reports from people who saw corruption on Intel
> > graphics during the brief period when Mesa 17.1.6 was in the tree.
> 
> Sorry for not testing this sooner; I had forgotten about seeing this
> corruption previously. Updating to a snapshot just now (from OpenBSD
> 6.2-current (GENERIC.MP) #305: Thu Dec 21 14:53:41 MST 2017 to OpenBSD
> 6.2-current (GENERIC.MP) #314: Wed Jan  3 13:14:26 MST 2018) did
> result in corruption on my X220 and jogged my memory that I've seen this
> problem in the past... dmesg follows.

I wonder if this is exposing an inteldrm problem.

Does switching to the intel driver with xorg.conf or the below
diff change anything?

Index: xserver/hw/xfree86/common/xf86pciBus.c
===
RCS file: /cvs/xenocara/xserver/hw/xfree86/common/xf86pciBus.c,v
retrieving revision 1.15
diff -u -p -r1.15 xf86pciBus.c
--- xserver/hw/xfree86/common/xf86pciBus.c  8 Dec 2017 15:02:00 -   
1.15
+++ xserver/hw/xfree86/common/xf86pciBus.c  4 Jan 2018 22:57:20 -
@@ -1192,11 +1192,26 @@ xf86VideoPtrToDriverList(struct pci_devi
case 0xa011:
case 0x0042: /* XXX Ironlake is unstable with modesetting */
case 0x0046:
-   /* Use intel driver on 2nd and 3rd generation */
+   /* Sandy Bridge */
+   case 0x0102:
+   case 0x0112:
+   case 0x0122:
+   case 0x010a:
+   case 0x0106:
+   case 0x0116:
+   case 0x0126:
+   /* Ivy Bridge */
+   case 0x0156:
+   case 0x0166:
+   case 0x0152:
+   case 0x0162:
+   case 0x015a:
+   case 0x016a:
+   /* Use intel driver until Ivy Bridge */
driverList[0] = "intel";
break;
default:
-   /* Use modesetting driver on 4th generation and up */
+   /* Use modesetting driver on Haswell and up */
driverList[0] = "modesetting";
break;
 }

Re: update Mesa to 17.2.6

2018-01-04 Thread Lauri Tirkkonen 
Hi,

On Mon, Nov 27 2017 20:22:30 +1100, Jonathan Gray wrote:
> I'm interested in reports from people who saw corruption on Intel
> graphics during the brief period when Mesa 17.1.6 was in the tree.

Sorry for not testing this sooner; I had forgotten about seeing this
corruption previously. Updating to a snapshot just now (from OpenBSD
6.2-current (GENERIC.MP) #305: Thu Dec 21 14:53:41 MST 2017 to OpenBSD
6.2-current (GENERIC.MP) #314: Wed Jan  3 13:14:26 MST 2018) did
result in corruption on my X220 and jogged my memory that I've seen this
problem in the past... dmesg follows.

OpenBSD 6.2-current (GENERIC.MP) #314: Wed Jan  3 13:14:26 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8451125248 (8059MB)
avail mem = 8188076032 (7808MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
bios0: vendor LENOVO version "8DET73WW (1.43 )" date 10/12/2016
bios0: LENOVO 42915CG
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT 
SSDT DMAR UEFI UEFI UEFI
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
acpihpet0: recalibrated TSC frequency 2491918253 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.92 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP4)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP7)
acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS
acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2
acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"LEN0020" at acpi0 not configured
"SMO1200" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "45N1172" serial   403 type LION oem "SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
acpivout at acpivideo0 not configured
acpivideo1 at acpi0: VID_
cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 
1400, 1200, 1000, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0:

ksh: Fix compilation without job control

2018-01-04 Thread Klemens Nanni 
A few guards are missing, with this diff ksh compiles cleanly with JOBS
undefined.

Found while looking for undesired changes after working on job control.

Feedback?

diff --git a/bin/ksh/jobs.c b/bin/ksh/jobs.c
index 53858a37d26..7e29c2f38b8 100644
--- a/bin/ksh/jobs.c
+++ b/bin/ksh/jobs.c
@@ -201,6 +201,7 @@ j_suspend(void)
 {
struct sigaction sa, osa;
 
+#ifdef JOBS
/* Restore tty and pgrp. */
if (ttypgrp_ok) {
tcsetattr(tty_fd, TCSADRAIN, _state);
@@ -218,6 +219,7 @@ j_suspend(void)
}
}
}
+#endif /* JOBS */
 
/* Suspend the shell. */
memset(, 0, sizeof(sa));
@@ -228,6 +230,7 @@ j_suspend(void)
 
/* Back from suspend, reset signals, pgrp and tty. */
sigaction(SIGTSTP, , NULL);
+#ifdef JOBS
if (ttypgrp_ok) {
if (restore_ttypgrp >= 0) {
if (setpgid(0, kshpid) < 0) {
@@ -246,6 +249,7 @@ j_suspend(void)
}
tty_init(true);
}
+#endif /* JOBS */
 }
 
 /* job cleanup before shell exit */
@@ -1050,10 +1054,10 @@ j_waitj(Job *j,
j->flags &= ~(JF_WAITING|JF_W_ASYNCNOTIFY);
 
if (j->flags & JF_FG) {
-   int status;
-
j->flags &= ~JF_FG;
 #ifdef JOBS
+   int status;
+
if (Flag(FMONITOR) && ttypgrp_ok && j->pgrp) {
/*
 * Save the tty's current pgrp so it can be restored

Re: cross ref ocspcheck in httpd.conf(5)

2018-01-04 Thread Jason McIntyre 
On Wed, Dec 20, 2017 at 08:43:35AM +0100, Paul de Weerd wrote:
> I've been playing a bit with OCSP stapling in httpd and found the
> documentation a bit lacking / confusing.  httpd says:
> 
>   ocsp file
>   Specify an OCSP response to be stapled during TLS
>   handshakes with this server.  The file should contain a
>   DER-format OCSP response retrieved from an OCSP server
>   for the certificate in use.  The default is to not use
>   OCSP stapling.  If the OSCP response in file is empty,
>   OCSP stapling will not be used.
> 
> But from this bit of text it's not clear that we have ocspcheck(8) to
> create these files.  Only much further down is there a Xr to this
> program.  I've added a Xr in the description of the ocsp option to
> make this easier to find for the uninitiated.
> 
> While there, I was rather surprised that the file argument is relative
> to the root of the system, not the chroot of the httpd process.  That
> suggests (at least to me) that cron(8)'ing staple updates with
> ocspcheck will require an httpd reload.  Why can't that simply be read
> from the chroot during runtime, so updates to the file take effect
> without a restart?  I have my staple file in the docroot (since I
> understand it to be public data), is that a bad idea?
> 
> Anyway, thought it prudent to also add some words about this too, but
> am less convinced it's correct.
> 
> Cheers,
> 
> Paul
> 

a tweaked version of this diff committed.

thanks,
jmc

> Index: httpd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
> retrieving revision 1.87
> diff -u -p -r1.87 httpd.conf.5
> --- httpd.conf.5  29 Nov 2017 16:55:08 -  1.87
> +++ httpd.conf.5  20 Dec 2017 07:26:20 -
> @@ -557,10 +557,16 @@ should contain a DER-format OCSP respons
>  OCSP server for the
>  .Ar certificate
>  in use.
> +The
> +.Xr ocspcheck 8
> +utility can be used to create files in the proper format.
>  The default is to not use OCSP stapling.
>  If the OSCP response in
>  .Ar file
>  is empty, OCSP stapling will not be used.
> +Note that the path to
> +.Ar file
> +is not relative to the chroot.
>  .It Ic protocols Ar string
>  Specify the TLS protocols to enable for this server.
>  If not specified, the value
> 
> 
> -- 
> >[<++>-]<+++.>+++[<-->-]<.>+++[<+
> +++>-]<.>++[<>-]<+.--.[-]
>  http://www.weirdnet.nl/ 
>

Re: VMD: revise check for regular files on disks

2018-01-04 Thread Mike Larkin 
On Thu, Jan 04, 2018 at 07:14:54AM -0800, Carlos Cardenas wrote:
> Mike Larkin  wrote:
> 
> > On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote:
> > > Howdy.
> > > 
> > > Attached is a patch to address a TOCTOU issue with checking to
> > > ensure disks are regular files, reported by jca@ .
> > > 
> > > Comments? Ok?
> > > 
> > > +--+
> > > Carlos
> > 
> > > Index: config.c
> > > ===
> > > RCS file: /home/los/cvs/src/usr.sbin/vmd/config.c,v
> > > retrieving revision 1.38
> > > diff -u -p -a -u -r1.38 config.c
> > > --- config.c  3 Jan 2018 05:39:56 -   1.38
> > > +++ config.c  4 Jan 2018 03:55:47 -
> > > @@ -262,23 +262,23 @@ config_setvm(struct privsep *ps, struct 
> > >   /* Open disk images for child */
> > >   for (i = 0 ; i < vcp->vcp_ndisks; i++) {
> > >  /* Stat disk[i] to ensure it is a regular file */
> > > - if (stat(vcp->vcp_disks[i], _buf) == -1) {
> > > + if ((diskfds[i] =
> > > + open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> > 
> > O_RDONLY? Or do we actually support the SCSI write commands (ala
> > writing ISO images?)
> 
> vcp_disks represent the vioblk devices which are RDWR.
> vcp_cdrom is RDONLY since it doesn't support writing ISOs.
> 

Of course. I missed that bit. You're right. I thought this was only for
the recent cdrom changes. No concern then.

> > 
> > >   log_warn("%s: can't open disk %s", __func__,
> > >   vcp->vcp_disks[i]);
> > >   errno = VMD_DISK_MISSING;
> > >   goto fail;
> > >   }
> > > - if (S_ISREG(stat_buf.st_mode) == 0) {
> > > - log_warn("%s: disk %s is not a regular file", __func__,
> > > + if (fstat(diskfds[i], _buf) == -1) {
> > > + log_warn("%s: can't open disk %s", __func__,
> > >   vcp->vcp_disks[i]);
> > > - errno = VMD_DISK_INVALID;
> > > + errno = VMD_DISK_MISSING;
> > 
> > I'd probably stick with INVALID here since technically the image is not
> > really "missing"
> 
> Makes sense.
> 
> > 
> > >   goto fail;
> > >   }
> > > - if ((diskfds[i] =
> > > - open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> > > - log_warn("%s: can't open disk %s", __func__,
> > > + if (S_ISREG(stat_buf.st_mode) == 0) {
> > > + log_warn("%s: disk %s is not a regular file", __func__,
> > >   vcp->vcp_disks[i]);
> > > - errno = VMD_DISK_MISSING;
> > > + errno = VMD_DISK_INVALID;
> > >   goto fail;
> > >   }
> > >   }
> > 
> > ok mlarkin otherwise

Re: Remove useless includes

2018-01-04 Thread Claudio Jeker 
On Thu, Jan 04, 2018 at 03:58:07PM +0100, Martin Pieuchot wrote:
> 'struct socket' is exposed to userland via .  Most of
> our programs in base do not need it.  Since I'm going to change the
> content of this struct for MP works, I'd like to reduce the impact on
> userland.
> 
> Here's a diff to remove useless includes, ok?

OK userland should not include this
 
> Index: sbin/mount_nfs/mount_nfs.c
> ===
> RCS file: /cvs/src/sbin/mount_nfs/mount_nfs.c,v
> retrieving revision 1.53
> diff -u -p -r1.53 mount_nfs.c
> --- sbin/mount_nfs/mount_nfs.c27 May 2016 19:45:04 -  1.53
> +++ sbin/mount_nfs/mount_nfs.c4 Jan 2018 14:48:07 -
> @@ -36,7 +36,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  #include 
>  #include 
>  
> Index: sbin/nfsd/nfsd.c
> ===
> RCS file: /cvs/src/sbin/nfsd/nfsd.c,v
> retrieving revision 1.37
> diff -u -p -r1.37 nfsd.c
> --- sbin/nfsd/nfsd.c  31 Aug 2017 06:50:56 -  1.37
> +++ sbin/nfsd/nfsd.c  4 Jan 2018 14:48:32 -
> @@ -40,7 +40,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  
>  #include 
>  #include 
> Index: sbin/umount/umount.c
> ===
> RCS file: /cvs/src/sbin/umount/umount.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 umount.c
> --- sbin/umount/umount.c  16 Dec 2016 17:44:59 -  1.27
> +++ sbin/umount/umount.c  4 Jan 2018 14:48:56 -
> @@ -34,7 +34,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  
>  #include 
>  #include 
> Index: usr.bin/showmount/showmount.c
> ===
> RCS file: /cvs/src/usr.bin/showmount/showmount.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 showmount.c
> --- usr.bin/showmount/showmount.c 21 Jan 2017 11:32:04 -  1.21
> +++ usr.bin/showmount/showmount.c 4 Jan 2018 14:50:45 -
> @@ -36,7 +36,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  
>  #include 
>  #include 
> Index: usr.sbin/identd/identd.c
> ===
> RCS file: /cvs/src/usr.sbin/identd/identd.c,v
> retrieving revision 1.38
> diff -u -p -r1.38 identd.c
> --- usr.sbin/identd/identd.c  4 Jul 2017 01:09:42 -   1.38
> +++ usr.sbin/identd/identd.c  4 Jan 2018 14:52:34 -
> @@ -19,7 +19,7 @@
>  #include 
>  #include 
>  #include 
> -#include 
> +#include 
>  #include 
>  #include 
>  #include 
> Index: usr.sbin/npppd/common/radish.c
> ===
> RCS file: /cvs/src/usr.sbin/npppd/common/radish.c,v
> retrieving revision 1.5
> diff -u -p -r1.5 radish.c
> --- usr.sbin/npppd/common/radish.c30 May 2017 17:52:05 -  1.5
> +++ usr.sbin/npppd/common/radish.c4 Jan 2018 14:52:58 -
> @@ -41,7 +41,6 @@
>  
>  #include 
>  #include 
> -#include 
>  #include 
>  #include 
>  #include 
> Index: usr.sbin/snmpd/agentx.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v
> retrieving revision 1.10
> diff -u -p -r1.10 agentx.c
> --- usr.sbin/snmpd/agentx.c   5 Dec 2015 06:42:18 -   1.10
> +++ usr.sbin/snmpd/agentx.c   4 Jan 2018 14:53:30 -
> @@ -17,7 +17,7 @@
>  
>  #include 
>  #include 
> -#include 
> +#include 
>  #include 
>  #include 
>  
> Index: usr.sbin/snmpd/traphandler.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 traphandler.c
> --- usr.sbin/snmpd/traphandler.c  12 Aug 2017 04:29:57 -  1.9
> +++ usr.sbin/snmpd/traphandler.c  4 Jan 2018 14:53:42 -
> @@ -18,7 +18,6 @@
>  
>  #include 
>  #include 
> -#include 
>  #include 
>  #include 
>  #include 
> 

-- 
:wq Claudio

Re: VMD: revise check for regular files on disks

2018-01-04 Thread Carlos Cardenas 
Mike Larkin  wrote:

> On Wed, Jan 03, 2018 at 08:03:56PM -0800, Carlos Cardenas wrote:
> > Howdy.
> > 
> > Attached is a patch to address a TOCTOU issue with checking to
> > ensure disks are regular files, reported by jca@ .
> > 
> > Comments? Ok?
> > 
> > +--+
> > Carlos
> 
> > Index: config.c
> > ===
> > RCS file: /home/los/cvs/src/usr.sbin/vmd/config.c,v
> > retrieving revision 1.38
> > diff -u -p -a -u -r1.38 config.c
> > --- config.c3 Jan 2018 05:39:56 -   1.38
> > +++ config.c4 Jan 2018 03:55:47 -
> > @@ -262,23 +262,23 @@ config_setvm(struct privsep *ps, struct 
> > /* Open disk images for child */
> > for (i = 0 ; i < vcp->vcp_ndisks; i++) {
> >  /* Stat disk[i] to ensure it is a regular file */
> > -   if (stat(vcp->vcp_disks[i], _buf) == -1) {
> > +   if ((diskfds[i] =
> > +   open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> 
> O_RDONLY? Or do we actually support the SCSI write commands (ala
> writing ISO images?)

vcp_disks represent the vioblk devices which are RDWR.
vcp_cdrom is RDONLY since it doesn't support writing ISOs.

> 
> > log_warn("%s: can't open disk %s", __func__,
> > vcp->vcp_disks[i]);
> > errno = VMD_DISK_MISSING;
> > goto fail;
> > }
> > -   if (S_ISREG(stat_buf.st_mode) == 0) {
> > -   log_warn("%s: disk %s is not a regular file", __func__,
> > +   if (fstat(diskfds[i], _buf) == -1) {
> > +   log_warn("%s: can't open disk %s", __func__,
> > vcp->vcp_disks[i]);
> > -   errno = VMD_DISK_INVALID;
> > +   errno = VMD_DISK_MISSING;
> 
> I'd probably stick with INVALID here since technically the image is not
> really "missing"

Makes sense.

> 
> > goto fail;
> > }
> > -   if ((diskfds[i] =
> > -   open(vcp->vcp_disks[i], O_RDWR)) == -1) {
> > -   log_warn("%s: can't open disk %s", __func__,
> > +   if (S_ISREG(stat_buf.st_mode) == 0) {
> > +   log_warn("%s: disk %s is not a regular file", __func__,
> > vcp->vcp_disks[i]);
> > -   errno = VMD_DISK_MISSING;
> > +   errno = VMD_DISK_INVALID;
> > goto fail;
> > }
> > }
> 
> ok mlarkin otherwise

Re: Remove useless includes

2018-01-04 Thread Mark Kettenis 
> Date: Thu, 4 Jan 2018 15:58:07 +0100
> From: Martin Pieuchot 
> 
> 'struct socket' is exposed to userland via .  Most of
> our programs in base do not need it.  Since I'm going to change the
> content of this struct for MP works, I'd like to reduce the impact on
> userland.
> 
> Here's a diff to remove useless includes, ok?

ok kettenis@

> Index: sbin/mount_nfs/mount_nfs.c
> ===
> RCS file: /cvs/src/sbin/mount_nfs/mount_nfs.c,v
> retrieving revision 1.53
> diff -u -p -r1.53 mount_nfs.c
> --- sbin/mount_nfs/mount_nfs.c27 May 2016 19:45:04 -  1.53
> +++ sbin/mount_nfs/mount_nfs.c4 Jan 2018 14:48:07 -
> @@ -36,7 +36,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  #include 
>  #include 
>  
> Index: sbin/nfsd/nfsd.c
> ===
> RCS file: /cvs/src/sbin/nfsd/nfsd.c,v
> retrieving revision 1.37
> diff -u -p -r1.37 nfsd.c
> --- sbin/nfsd/nfsd.c  31 Aug 2017 06:50:56 -  1.37
> +++ sbin/nfsd/nfsd.c  4 Jan 2018 14:48:32 -
> @@ -40,7 +40,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  
>  #include 
>  #include 
> Index: sbin/umount/umount.c
> ===
> RCS file: /cvs/src/sbin/umount/umount.c,v
> retrieving revision 1.27
> diff -u -p -r1.27 umount.c
> --- sbin/umount/umount.c  16 Dec 2016 17:44:59 -  1.27
> +++ sbin/umount/umount.c  4 Jan 2018 14:48:56 -
> @@ -34,7 +34,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  
>  #include 
>  #include 
> Index: usr.bin/showmount/showmount.c
> ===
> RCS file: /cvs/src/usr.bin/showmount/showmount.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 showmount.c
> --- usr.bin/showmount/showmount.c 21 Jan 2017 11:32:04 -  1.21
> +++ usr.bin/showmount/showmount.c 4 Jan 2018 14:50:45 -
> @@ -36,7 +36,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  
>  #include 
>  #include 
> Index: usr.sbin/identd/identd.c
> ===
> RCS file: /cvs/src/usr.sbin/identd/identd.c,v
> retrieving revision 1.38
> diff -u -p -r1.38 identd.c
> --- usr.sbin/identd/identd.c  4 Jul 2017 01:09:42 -   1.38
> +++ usr.sbin/identd/identd.c  4 Jan 2018 14:52:34 -
> @@ -19,7 +19,7 @@
>  #include 
>  #include 
>  #include 
> -#include 
> +#include 
>  #include 
>  #include 
>  #include 
> Index: usr.sbin/npppd/common/radish.c
> ===
> RCS file: /cvs/src/usr.sbin/npppd/common/radish.c,v
> retrieving revision 1.5
> diff -u -p -r1.5 radish.c
> --- usr.sbin/npppd/common/radish.c30 May 2017 17:52:05 -  1.5
> +++ usr.sbin/npppd/common/radish.c4 Jan 2018 14:52:58 -
> @@ -41,7 +41,6 @@
>  
>  #include 
>  #include 
> -#include 
>  #include 
>  #include 
>  #include 
> Index: usr.sbin/snmpd/agentx.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v
> retrieving revision 1.10
> diff -u -p -r1.10 agentx.c
> --- usr.sbin/snmpd/agentx.c   5 Dec 2015 06:42:18 -   1.10
> +++ usr.sbin/snmpd/agentx.c   4 Jan 2018 14:53:30 -
> @@ -17,7 +17,7 @@
>  
>  #include 
>  #include 
> -#include 
> +#include 
>  #include 
>  #include 
>  
> Index: usr.sbin/snmpd/traphandler.c
> ===
> RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 traphandler.c
> --- usr.sbin/snmpd/traphandler.c  12 Aug 2017 04:29:57 -  1.9
> +++ usr.sbin/snmpd/traphandler.c  4 Jan 2018 14:53:42 -
> @@ -18,7 +18,6 @@
>  
>  #include 
>  #include 
> -#include 
>  #include 
>  #include 
>  #include 
> 
>

Remove useless includes

2018-01-04 Thread Martin Pieuchot 
'struct socket' is exposed to userland via .  Most of
our programs in base do not need it.  Since I'm going to change the
content of this struct for MP works, I'd like to reduce the impact on
userland.

Here's a diff to remove useless includes, ok?

Index: sbin/mount_nfs/mount_nfs.c
===
RCS file: /cvs/src/sbin/mount_nfs/mount_nfs.c,v
retrieving revision 1.53
diff -u -p -r1.53 mount_nfs.c
--- sbin/mount_nfs/mount_nfs.c  27 May 2016 19:45:04 -  1.53
+++ sbin/mount_nfs/mount_nfs.c  4 Jan 2018 14:48:07 -
@@ -36,7 +36,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 
Index: sbin/nfsd/nfsd.c
===
RCS file: /cvs/src/sbin/nfsd/nfsd.c,v
retrieving revision 1.37
diff -u -p -r1.37 nfsd.c
--- sbin/nfsd/nfsd.c31 Aug 2017 06:50:56 -  1.37
+++ sbin/nfsd/nfsd.c4 Jan 2018 14:48:32 -
@@ -40,7 +40,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include 
 #include 
Index: sbin/umount/umount.c
===
RCS file: /cvs/src/sbin/umount/umount.c,v
retrieving revision 1.27
diff -u -p -r1.27 umount.c
--- sbin/umount/umount.c16 Dec 2016 17:44:59 -  1.27
+++ sbin/umount/umount.c4 Jan 2018 14:48:56 -
@@ -34,7 +34,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include 
 #include 
Index: usr.bin/showmount/showmount.c
===
RCS file: /cvs/src/usr.bin/showmount/showmount.c,v
retrieving revision 1.21
diff -u -p -r1.21 showmount.c
--- usr.bin/showmount/showmount.c   21 Jan 2017 11:32:04 -  1.21
+++ usr.bin/showmount/showmount.c   4 Jan 2018 14:50:45 -
@@ -36,7 +36,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include 
 #include 
Index: usr.sbin/identd/identd.c
===
RCS file: /cvs/src/usr.sbin/identd/identd.c,v
retrieving revision 1.38
diff -u -p -r1.38 identd.c
--- usr.sbin/identd/identd.c4 Jul 2017 01:09:42 -   1.38
+++ usr.sbin/identd/identd.c4 Jan 2018 14:52:34 -
@@ -19,7 +19,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 #include 
Index: usr.sbin/npppd/common/radish.c
===
RCS file: /cvs/src/usr.sbin/npppd/common/radish.c,v
retrieving revision 1.5
diff -u -p -r1.5 radish.c
--- usr.sbin/npppd/common/radish.c  30 May 2017 17:52:05 -  1.5
+++ usr.sbin/npppd/common/radish.c  4 Jan 2018 14:52:58 -
@@ -41,7 +41,6 @@
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
Index: usr.sbin/snmpd/agentx.c
===
RCS file: /cvs/src/usr.sbin/snmpd/agentx.c,v
retrieving revision 1.10
diff -u -p -r1.10 agentx.c
--- usr.sbin/snmpd/agentx.c 5 Dec 2015 06:42:18 -   1.10
+++ usr.sbin/snmpd/agentx.c 4 Jan 2018 14:53:30 -
@@ -17,7 +17,7 @@
 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 
Index: usr.sbin/snmpd/traphandler.c
===
RCS file: /cvs/src/usr.sbin/snmpd/traphandler.c,v
retrieving revision 1.9
diff -u -p -r1.9 traphandler.c
--- usr.sbin/snmpd/traphandler.c12 Aug 2017 04:29:57 -  1.9
+++ usr.sbin/snmpd/traphandler.c4 Jan 2018 14:53:42 -
@@ -18,7 +18,6 @@
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include

Re: isakmpd.policy check

2018-01-04 Thread Stuart Henderson 
On 2018/01/04 12:47, Martin Pieuchot wrote:
> I'm not writing any isakmpd.policy(5) file.  I don't know anybody sane
> we do.

This means you trust your ipsec peers not to request an invalid flow.
That's reasonable if you run both ends and trust yourself not to fat-finger
it but it's not really OK if you run tunnels to third parties.

> I'd like to enforce some policy based on what I write in
> ipsec.conf(5)...

That would be a bigger change ;)

> So I don't understand why I have to pass '-K' in
> every of the machine I setup.  If I don't specify any policy file, then
> I'd assume isakmpd(8) would do the right thing.
> 
> Diff below makes '-K' the default if isakmpd.policy doesn't exist AND
> you didn't specify a "Policy-file".

I have to say I'm not too keen on this. At the moment -K is "danger!
flows are not checked against policy".

isakmpd.policy check

2018-01-04 Thread Martin Pieuchot 
I'm not writing any isakmpd.policy(5) file.  I don't know anybody sane
we do.  I'd like to enforce some policy based on what I write in
ipsec.conf(5)...  So I don't understand why I have to pass '-K' in
every of the machine I setup.  If I don't specify any policy file, then
I'd assume isakmpd(8) would do the right thing.

Diff below makes '-K' the default if isakmpd.policy doesn't exist AND
you didn't specify a "Policy-file".

ok?

Index: conf.c
===
RCS file: /cvs/src/sbin/isakmpd/conf.c,v
retrieving revision 1.107
diff -u -p -r1.107 conf.c
--- conf.c  27 Oct 2017 08:29:32 -  1.107
+++ conf.c  4 Jan 2018 11:41:25 -
@@ -514,7 +514,6 @@ conf_load_defaults(int tr)
conf_set(tr, "General", "Exchange-max-time", CONF_DFLT_EXCH_MAX_TIME,
0, 1);
conf_set(tr, "General", "Use-Keynote", CONF_DFLT_USE_KEYNOTE, 0, 1);
-   conf_set(tr, "General", "Policy-file", CONF_DFLT_POLICY_FILE, 0, 1);
conf_set(tr, "General", "Pubkey-directory", CONF_DFLT_PUBKEY_DIR, 0,
1);
 
Index: policy.c
===
RCS file: /cvs/src/sbin/isakmpd/policy.c,v
retrieving revision 1.97
diff -u -p -r1.97 policy.c
--- policy.c22 Nov 2013 04:12:47 -  1.97
+++ policy.c4 Jan 2018 11:42:07 -
@@ -1937,14 +1937,18 @@ policy_init(void)
 
/* Get policy file from configuration.  */
policy_file = conf_get_str("General", "Policy-file");
-   if (!policy_file)
-   policy_file = CONF_DFLT_POLICY_FILE;
-
-   /* Open policy file.  */
-   fd = monitor_open(policy_file, O_RDONLY, 0);
-   if (fd == -1)
-   log_fatal("policy_init: open (\"%s\", O_RDONLY) failed",
-   policy_file);
+   if (!policy_file) {
+   /* Try to open default policy file.  */
+   fd = monitor_open(CONF_DFLT_POLICY_FILE, O_RDONLY, 0);
+   if (fd == -1)
+   return;
+   } else {
+   /* Open policy file.  */
+   fd = monitor_open(policy_file, O_RDONLY, 0);
+   if (fd == -1)
+   log_fatal("policy_init: open (\"%s\", O_RDONLY) failed",
+   policy_file);
+   }
 
/* Check file modes and collect file size */
if (check_file_secrecy_fd(fd, policy_file, )) {

Re: use inline functions instead of __statement

2018-01-04 Thread Joerg Sonnenberger 
On Thu, Jan 04, 2018 at 09:35:36AM +1000, David Gwynne wrote:
> these days you can use inline functions to get the same effect, but
> it is a more obvious and standard language feature.

If you want to go that way, you still should very likely mark the
functions as always_inline, otherwise the debugging experience will be a
lot more annoying. That said, at least for clang it would be even better
to just use the builtin.

Joerg

Re: Intel CPU Security Flaw Kernel Memory Leak (no microcode update) SW workarounds only

2018-01-04 Thread Tom Smyth 
Hello all,
there are 2 papers on the following site discussing the CPU Security Flaws

https://spectreattack.com/

I hope this helps

Tom Smyth

Re: [PATCH] Additional pledge(2) documentation

2018-01-04 Thread Sebastien Marie 
On Thu, Jan 04, 2018 at 03:02:23AM -0600, William Orr wrote:
> Hey,
> 
> I was working on an application that uses pledge, and without diving
> into the source, I found it difficult to figure out what sysctl's are
> permitted at different pledge levels.
> 
> This documents the set of different sysctl ops that are allowed at
> different pledge levels, and adds some additional documentation around
> ioctl's as well.
> 

Documenting pledge(2) is complex: it should document the expected
behaviour, and not the implementation details.

Thanks.
-- 
Sebastien Marie

[PATCH] Additional pledge(2) documentation

2018-01-04 Thread William Orr 
Hey,

I was working on an application that uses pledge, and without diving
into the source, I found it difficult to figure out what sysctl's are
permitted at different pledge levels.

This documents the set of different sysctl ops that are allowed at
different pledge levels, and adds some additional documentation around
ioctl's as well.

Thanks!

Index: lib/libc/sys/pledge.2
===
RCS file: /cvs/src/lib/libc/sys/pledge.2,v
retrieving revision 1.48
diff -u -b -w -p -r1.48 pledge.2
--- lib/libc/sys/pledge.2   12 Dec 2017 11:11:18 -  1.48
+++ lib/libc/sys/pledge.2   4 Jan 2018 08:51:41 -
@@ -141,6 +141,25 @@ support:
 .Xr getifaddrs 3 ,
 .Xr uname 3 ,
 system sensor readings.
+Specifically:
+.Va hw.sensors.* ,
+.Va kern.domainname ,
+.Va kern.hostname ,
+.Va net.route.0.0.rt_ifnames ,
+.Va kern.ostype ,
+.Va kern.osrelease ,
+.Va kern.osversion ,
+.Va kern.clockrate ,
+.Va kern.argmax ,
+.Va kern.ngroups ,
+.Va kern.sysvshm ,
+.Va kern.posix1version ,
+.Va hw.machine ,
+.Va hw.pagesize ,
+.Va vm.psstrings ,
+.Va hw.ncpu ,
+and
+.Va vm.loadavg .
 .Pp
 .It Fn pledge
 Can only reduce permissions for
@@ -322,6 +341,14 @@ domains:
 .Xr setsockopt 2 ,
 .Xr getsockopt 2 .
 .Pp
+The following
+.Xr sysctl 2
+operations are allowed:
+.Pp
+.Va net.route.0.0.rt_iflist ,
+.Va net.route.0.inet.rt_iflist ,
+.Va net.route.0.inet6.rt_iflist
+.Pp
 .Xr setsockopt 2
 has been reduced in functionality substantially.
 .It Va mcast
@@ -390,6 +417,15 @@ a few system calls become able to allow
 .Xr recvfrom 2 ,
 .Xr socket 2 ,
 .Xr connect 2 .
+.Pp
+The following
+.Xr sysctl 2
+operations are allowed:
+.Pp
+.Va net.route.0.0.rt_iflist ,
+.Va net.route.0.inet.rt_iflist ,
+.Va net.route.0.inet6.rt_iflist
+.Pp
 .It Va getpw
 This allows read-only opening of files in
 .Pa /etc
@@ -491,19 +527,39 @@ and
 .Xr adjfreq 2
 system calls.
 .It Va ps
-Allows enough
+Allows the following
 .Xr sysctl 3
 interfaces to allow inspection of processes operating on the system using
 programs like
-.Xr ps 1 .
+.Xr ps 1 :
+.Pp
+.Va kern.fscale ,
+.Va kern.boottime ,
+.Va kern.consdev ,
+.Va kern.cptime ,
+.Va kern.cptime2 ,
+.Va kern.procargs.* ,
+.Va kern.proc.* ,
+.Va kern.proc_cwd.* ,
+.Va kern.physmem ,
+.Va kern.ccpu ,
+.Va vm.maxslp
 .It Va vminfo
-Allows enough
+Allows the following
 .Xr sysctl 3
 interfaces to allow inspection of the system's virtual memory by
 programs like
 .Xr top 1
 and
-.Xr vmstat 8 .
+.Xr vmstat 8 :
+.Pp
+.Va vm.uvmexp ,
+.Va vfs.generic.bcachestat ,
+.Va kern.fscale ,
+.Va kern.boottime ,
+.Va kern.consdev ,
+.Va kern.cptime ,
+.Va kern.cptime2
 .It Va id
 Allows the following system calls which can change the rights of a
 process:
@@ -562,6 +618,85 @@ Allow
 operation for statistics collection from a
 .Xr bpf 4
 device.
+.It Va disklabel
+Allows a subset of
+.Xr ioctl 2
+operations on
+.Xr diskmap 4
+devices:
+.Pp
+.Dv DIOCGDINFO ,
+.Dv DIOCGPDINFO ,
+.Dv DIOCRLDINFO ,
+.Dv DIOCWDINFO ,
+.Dv BIOCDISK ,
+.Dv BIOCINQ ,
+.Dv BIOCINSTALLBOOT ,
+.Dv BIOCVOL ,
+.Dv DIOCMAP .
+.Pp
+Also enables the use of the following
+.Xr sysctl 2
+operations:
+.Pp
+.Va kern.rawpartition ,
+.Va kern.maxpartitions ,
+.Va machdep.chr2blk .
+.It Va route
+Allows a subset of read-only
+.Xr ioctl 2
+operations on network interfaces:
+.Pp
+.Dv SIOCGIFADDR ,
+.Dv SIOCGIFAFLAG_IN6 ,
+.Dv SIOCGIFALIFETIME_IN6 ,
+.Dv SIOCGIFDESCR ,
+.Dv SIOCGIFFLAGS ,
+.Dv SIOCGIFMETRIC ,
+.Dv SIOCGIFGMEMB ,
+.Dv SIOCGIFRDOMAIN ,
+.Dv SIOCGIFDSTADDR_IN6 ,
+.Dv SIOCGIFNETMASK_IN6 ,
+.Dv SIOCGIFXFLAGS ,
+.Dv SIOCGNBRINFO_IN6 ,
+.Dv SIOCGIFINFO_IN6 ,
+.Dv SIOCGIFMEDIA .
+.Pp
+Also allows the following
+.Xr sysctl 2
+operations:
+.Pp
+.Va net.route.0.*.dump ,
+.Va net.route.0.0.rt_table ,
+.Va net.route.0.inet.rt_table ,
+.Va net.route.0.inet6.rt_table ,
+.Va net.route.0.0.flags.llinfo ,
+.Va net.route.0.inet.flags.llinfo ,
+.Va net.route.0.inet6.flags.llinfo ,
+.Va net.route.0.0.rt_iflist ,
+.Va net.route.0.inet.rt_iflist ,
+.Va net.route.0.inet6.rt_iflist .
+.It Va vmm
+Allows the following
+.Xr ioctl 2
+operations on the
+.Xr vmm 4
+device:
+.Pp
+.Dv VMM_IOC_TERM ,
+.Dv VMM_IOC_RUN ,
+.Dv VMM_IOC_RESETCPU ,
+.Dv VMM_IOC_INTR ,
+.Dv VMM_IOC_READREGS ,
+.Dv VMM_IOC_WRITEREGS .
+.Pp
+In combination with
+.Va proc ,
+it additionally allows:
+.Pp
+.Dv VMM_IOC_CREATE
+and
+.Dv VMM_IOC_INFO .
 .It Va error
 Rather than killing the process upon violation, indicate error with
 .Er ENOSYS .