Check lo(4) rdomain before attempting to move it to another
Hi, I noticed that if you try to move an immovable lo(4) to a nonexistent rdomain, a new routing table will be created despite the operation failing with an EPERM. The following moves the rdomain/index check for lo(4) to before the creation of a nonexisting target routing table. OK? Thanks, Ayaka Index: if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.558 diff -u -p -u -r1.558 if.c --- if.c11 Jul 2018 09:08:21 - 1.558 +++ if.c6 Aug 2018 00:06:34 - @@ -1743,6 +1743,10 @@ if_setrdomain(struct ifnet *ifp, int rdo if (rdomain < 0 || rdomain > RT_TABLEID_MAX) return (EINVAL); + if ((ifp->if_flags & IFF_LOOPBACK) && + (ifp->if_index == rtable_loindex(ifp->if_rdomain))) + return (EPERM); + /* * Create the routing table if it does not exist, including its * loopback interface with unit == rdomain. @@ -1777,10 +1781,6 @@ if_setrdomain(struct ifnet *ifp, int rdo return (EINVAL); if (rdomain != ifp->if_rdomain) { - if ((ifp->if_flags & IFF_LOOPBACK) && - (ifp->if_index == rtable_loindex(ifp->if_rdomain))) - return (EPERM); - s = splnet(); /* * We are tearing down the world.
A first step towards armv7 MULTIPROCESSOR support
Diff below makes it possible to build and run a MULTIPROCESSOR kernel on armv7. It doesn't actually add any SMP support as there is no code to spin up additional CPUs. But it is a first step. The diff is mostly a cleanup of machine/cpu.h that is very similar to what I did to arm64. ok? Index: arch/arm/arm/arm32_machdep.c === RCS file: /cvs/src/sys/arch/arm/arm/arm32_machdep.c,v retrieving revision 1.55 diff -u -p -r1.55 arm32_machdep.c --- arch/arm/arm/arm32_machdep.c11 Dec 2017 05:27:40 - 1.55 +++ arch/arm/arm/arm32_machdep.c5 Aug 2018 21:55:50 - @@ -202,7 +202,7 @@ bootsync(int howto) * did not come from a user process e.g. shutdown, but must * have come from somewhere in the kernel. */ - IRQenable; + __set_cpsr_c(PSR_I, 0); printf("Warning IRQ's disabled during boot()\n"); } Index: arch/arm/arm/bcopy_page.S === RCS file: /cvs/src/sys/arch/arm/arm/bcopy_page.S,v retrieving revision 1.2 diff -u -p -r1.2 bcopy_page.S --- arch/arm/arm/bcopy_page.S 3 Jun 2018 18:58:11 - 1.2 +++ arch/arm/arm/bcopy_page.S 5 Aug 2018 21:55:50 - @@ -40,9 +40,9 @@ * Created : 08/04/95 */ -#include - #include "assym.h" + +#include /* #define BIG_LOOPS */ Index: arch/arm/arm/bcopyinout.S === RCS file: /cvs/src/sys/arch/arm/arm/bcopyinout.S,v retrieving revision 1.8 diff -u -p -r1.8 bcopyinout.S --- arch/arm/arm/bcopyinout.S 3 Jun 2018 18:58:11 - 1.8 +++ arch/arm/arm/bcopyinout.S 5 Aug 2018 21:55:50 - @@ -264,6 +264,35 @@ ENTRY(copyin) mov pc, lr /* + * r0 = user space address + * r1 = kernel space address + * r2 = length + * + * Atomically copies a 32-bit word from user space to kernel space + * + * We save/restore r4-r11: + * r4-r11 are scratch + */ +ENTRY(copyin32) + SAVE_REGS + + /* Get curcpu from TPIDRPRW. */ + mrc CP15_TPIDRPRW(r4) + ldr r4, [r4, #CI_CURPCB] + + ldr r5, [r4, #PCB_ONFAULT] + adr r3, .Lcopyfault + str r3, [r4, #PCB_ONFAULT] + + ldr r6, [r0] + str r6, [r1] + + str r5, [r4, #PCB_ONFAULT] + RESTORE_REGS + + mov pc, lr + +/* * r0 = kernel space address * r1 = user space address * r2 = length @@ -273,7 +302,6 @@ ENTRY(copyin) * We save/restore r4-r11: * r4-r11 are scratch */ - ENTRY(copyout) /* Quick exit if length is zero */ teq r2, #0 Index: arch/arm/arm/copystr.S === RCS file: /cvs/src/sys/arch/arm/arm/copystr.S,v retrieving revision 1.8 diff -u -p -r1.8 copystr.S --- arch/arm/arm/copystr.S 6 Jan 2017 00:06:02 - 1.8 +++ arch/arm/arm/copystr.S 5 Aug 2018 21:55:50 - @@ -40,9 +40,11 @@ */ #include "assym.h" + +#include + #include #include -#include .text .align 2 Index: arch/arm/arm/cpu.c === RCS file: /cvs/src/sys/arch/arm/arm/cpu.c,v retrieving revision 1.46 diff -u -p -r1.46 cpu.c --- arch/arm/arm/cpu.c 23 Feb 2018 19:08:56 - 1.46 +++ arch/arm/arm/cpu.c 5 Aug 2018 21:55:50 - @@ -341,6 +341,12 @@ cpu_clockspeed(int *freq) } #ifdef MULTIPROCESSOR + +void +cpu_boot_secondary_processors(void) +{ +} + int cpu_alloc_idle_pcb(struct cpu_info *ci) { Index: arch/arm/arm/cpufunc_asm.S === RCS file: /cvs/src/sys/arch/arm/arm/cpufunc_asm.S,v retrieving revision 1.5 diff -u -p -r1.5 cpufunc_asm.S --- arch/arm/arm/cpufunc_asm.S 21 Sep 2016 11:33:05 - 1.5 +++ arch/arm/arm/cpufunc_asm.S 5 Aug 2018 21:55:50 - @@ -42,7 +42,6 @@ * Created : 30/01/97 */ -#include #include #include Index: arch/arm/arm/cpufunc_asm_armv7.S === RCS file: /cvs/src/sys/arch/arm/arm/cpufunc_asm_armv7.S,v retrieving revision 1.15 diff -u -p -r1.15 cpufunc_asm_armv7.S --- arch/arm/arm/cpufunc_asm_armv7.S15 Jan 2018 14:11:16 - 1.15 +++ arch/arm/arm/cpufunc_asm_armv7.S5 Aug 2018 21:55:50 - @@ -15,7 +15,6 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include #include #include #include Index: arch/arm/arm/cpuswitch7.S === RCS file: /cvs/src/sys/arch/arm/arm/cpuswitch7.S,v retrieving revision 1.13 diff -u -p -r1.13 cpuswitch7.S --- arch/arm/arm/cpuswitch7.S 24 Sep 2016 21:02:31 - 1.13 +++ arch/arm/arm/cpuswitch7.S 5 Aug 2018 21:55:50 - @@ -79,10 +79,11 @@ */ #include "assym.h" -#include + #include #include
Re: reduce pledge(2) on worms(6)
> On Aug 5, 2018, at 3:18 PM, Ricardo Mestre wrote: > > Hi, > > After all ncurses initialization pledge(2) can be reduced only to > stdio/tty operations on worms(6). > > OK? And here I thought you were only doing pledge-tightening on the unimportant stuff in /usr/sbin :) ok cheloha@ signature.asc Description: Message signed with OpenPGP
reduce pledge(2) on worms(6)
Hi, After all ncurses initialization pledge(2) can be reduced only to stdio/tty operations on worms(6). OK? Index: worms.c === RCS file: /cvs/src/games/worms/worms.c,v retrieving revision 1.28 diff -u -p -u -r1.28 worms.c --- worms.c 5 Mar 2016 07:47:15 - 1.28 +++ worms.c 5 Aug 2018 20:15:07 - @@ -286,6 +286,10 @@ main(int argc, char *argv[]) refresh(); } } + + if (pledge("stdio tty", NULL) == -1) + err(1, "pledge"); + for (;;) { refresh(); if (sig_caught) {
Nuke PLEDGE_STAT for further pledge/unveil disentaglement.
So this gets rid of unveil's PLEDGE_STAT. Instead we use UNVEIL_INSPECT which is set by the stat and access opeerations that are needed for realpath() type traversals that effectively call stat/access for each component of a pathname before doing a final operation on the end. The intended semantic of UNVEIL_INSPECT (which is only used in the kernel) is to allow inspection of vnodes that are traversed on the way to an unveil'ed component - just like what PLEDGE_STAT did. This also removes the use of PLEDGE_STATLIE in unveil - theo and I had discussed that this was probably fine in lubljana, but I never did it then. I'll remove STATLIE later if we decide that's the way we are going. Passes regress - realpath still works, etc. etc. ok? Index: kern/kern_pledge.c === RCS file: /cvs/src/sys/kern/kern_pledge.c,v retrieving revision 1.239 diff -u -p -u -p -r1.239 kern_pledge.c --- kern/kern_pledge.c 2 Aug 2018 15:34:07 - 1.239 +++ kern/kern_pledge.c 5 Aug 2018 17:45:52 - @@ -608,14 +608,14 @@ pledge_namei(struct proc *p, struct name switch (p->p_pledge_syscall) { case SYS_access: /* tzset() needs this. */ - if ((ni->ni_pledge == (PLEDGE_RPATH | PLEDGE_STAT)) && + if (ni->ni_pledge == PLEDGE_RPATH && strcmp(path, "/etc/localtime") == 0) { ni->ni_cnd.cn_flags |= BYPASSUNVEIL; return (0); } /* when avoiding YP mode, getpw* functions touch this */ - if (ni->ni_pledge == (PLEDGE_RPATH | PLEDGE_STAT) && + if (ni->ni_pledge == PLEDGE_RPATH && strcmp(path, "/var/run/ypbind.lock") == 0) { if (p->p_p->ps_pledge & PLEDGE_GETPW) { ni->ni_cnd.cn_flags |= BYPASSUNVEIL; @@ -713,7 +713,7 @@ pledge_namei(struct proc *p, struct name break; case SYS_readlink: /* Allow /etc/malloc.conf for malloc(3). */ - if ((ni->ni_pledge == (PLEDGE_RPATH | PLEDGE_STAT)) && + if ((ni->ni_pledge == PLEDGE_RPATH) && strcmp(path, "/etc/malloc.conf") == 0) { ni->ni_cnd.cn_flags |= BYPASSUNVEIL; return (0); @@ -721,7 +721,7 @@ pledge_namei(struct proc *p, struct name break; case SYS_stat: /* DNS needs /etc/resolv.conf. */ - if ((ni->ni_pledge == (PLEDGE_RPATH | PLEDGE_STAT)) && + if ((ni->ni_pledge == PLEDGE_RPATH) && (p->p_p->ps_pledge & PLEDGE_DNS) && strcmp(path, "/etc/resolv.conf") == 0) { ni->ni_cnd.cn_flags |= BYPASSUNVEIL; @@ -732,9 +732,9 @@ pledge_namei(struct proc *p, struct name /* * Ensure each flag of ni_pledge has counterpart allowing it in -* ps_pledge. discard PLEDGE_STAT as it is unveil(2) stuff. +* ps_pledge. */ - if ((ni->ni_pledge & ~PLEDGE_STAT) & ~p->p_p->ps_pledge) + if (ni->ni_pledge & ~p->p_p->ps_pledge) return (pledge_fail(p, EPERM, (ni->ni_pledge & ~p->p_p->ps_pledge))); /* continue, and check unveil if present */ Index: kern/kern_unveil.c === RCS file: /cvs/src/sys/kern/kern_unveil.c,v retrieving revision 1.11 diff -u -p -u -p -r1.11 kern_unveil.c --- kern/kern_unveil.c 5 Aug 2018 14:23:57 - 1.11 +++ kern/kern_unveil.c 5 Aug 2018 17:45:52 - @@ -379,13 +379,20 @@ unveil_add_vnode(struct process *pr, str return (uv); } -void +int unveil_add_traversed_vnodes(struct proc *p, struct nameidata *ndp) { /* -* add the traversed vnodes with 0 flags if they -* are not already present. +* Add the traversed vnodes with the UNVEIL_INSPECT flag +* if they are not already present to allow traversal +* operations such as access and stat. This lets +* TOCTOU fans that call access on all components of +* an unveil'ed path before the final operation +* work. */ + int ret = 0; + struct unveil *uv; + if (ndp->ni_tvpsize) { size_t i; @@ -394,10 +401,15 @@ unveil_add_traversed_vnodes(struct proc if (unveil_lookup(vp, p) == NULL) { vref(vp); vp->v_uvcount++; - unveil_add_vnode(p->p_p, vp); + uv = unveil_add_vnode(p->p_p, vp); + if (uv != NULL) + uv->uv_flags = UNVEIL_INSPECT; + else + ret = E2BIG; } } } + return
libpcap supports classful network names only
Hi, tcpdump(8) does support named networks, but only using the following revolting syntax: $ grep fourrev /etc/hosts 0.192.168.4 fourrev $ tcpdump net fourrev $ ping 192.168.4.1 Two aspects are wrong with that: 1. The hosts(5) entry must have leading zero octets, which is unlikely to work with other programs using hosts(5) and exceedingly ugly besides. 2. The number of leading zeros determines the prefixlen: 1 zero -> /24, 2 zeros -> /16, 3 zeros -> /8 But we really don't want classful networks in 2018... Unfortunately, the grammer provides no other way to specify the prefixlen on a named network; and of course, you cannot specify the prefixlen in hosts(5) either. So if we want to salvage the feature, we have to change the grammar to allow (and require) $ grep fournet /etc/hosts 192.168.4.0 fournet $ tcpdump net fournet/24 $ ping 192.168.4.1 Similarly, we could also support $ tcpdump net fournet mask 255.255.255.0 but i don't really see the point, so i do not include it in the diff below. Alternatively, we could just stop supporting hosts(5) after the "net" keyword and always require specifying nets numerically. I might even prefer that. If that's what we want, tell me, and i'll cook a simpler diff. Thoughts? Ingo Index: gencode.c === RCS file: /cvs/src/lib/libpcap/gencode.c,v retrieving revision 1.49 diff -u -p -r1.49 gencode.c --- gencode.c 3 Jun 2018 10:29:28 - 1.49 +++ gencode.c 5 Aug 2018 17:11:41 - @@ -2254,15 +2254,16 @@ gen_proto(v, proto, dir) } struct block * -gen_scode(name, q) +gen_scode(name, masklen, q) const char *name; + int masklen; struct qual q; { int proto = q.proto; int dir = q.dir; int tproto; u_char *eaddr; - bpf_u_int32 mask, addr; + bpf_u_int32 addr; #ifndef INET6 bpf_u_int32 **alist; #else @@ -2275,19 +2276,20 @@ gen_scode(name, q) struct block *b, *tmp; int port, real_proto; + if (masklen != -1 && q.addr != Q_NET) + bpf_error("prefixlen only supported for networks: %s/%d", + name, masklen); + switch (q.addr) { case Q_NET: + if (masklen < 0) + bpf_error("missing prefixlen for network '%s'", name); addr = pcap_nametonetaddr(name); if (addr == 0) bpf_error("unknown network '%s'", name); - /* Left justify network addr and calculate its network mask */ - mask = 0x; - while (addr && (addr & 0xff00) == 0) { - addr <<= 8; - mask <<= 8; - } - return gen_host(addr, mask, proto, dir); + return gen_host(addr, 0x << (32 - masklen), + proto, dir); case Q_DEFAULT: case Q_HOST: Index: gencode.h === RCS file: /cvs/src/lib/libpcap/gencode.h,v retrieving revision 1.18 diff -u -p -r1.18 gencode.h --- gencode.h 3 Jun 2018 10:29:28 - 1.18 +++ gencode.h 5 Aug 2018 17:11:41 - @@ -162,7 +162,7 @@ void gen_and(struct block *, struct bloc void gen_or(struct block *, struct block *); void gen_not(struct block *); -struct block *gen_scode(const char *, struct qual); +struct block *gen_scode(const char *, int, struct qual); struct block *gen_ecode(const u_char *, struct qual); struct block *gen_mcode(const char *, const char *, int, struct qual); #ifdef INET6 Index: grammar.y === RCS file: /cvs/src/lib/libpcap/grammar.y,v retrieving revision 1.19 diff -u -p -r1.19 grammar.y --- grammar.y 27 Oct 2009 23:59:30 - 1.19 +++ grammar.y 5 Aug 2018 17:11:42 - @@ -154,7 +154,8 @@ id: nid $$.q = $0.q); } | paren pid ')' { $$ = $2; } ; -nid: ID{ $$.b = gen_scode($1, $$.q = $0.q); } +nid: ID '/' NUM { $$.b = gen_scode($1, $3, $$.q = $0.q); } + | ID{ $$.b = gen_scode($1, -1, $$.q = $0.q); } | HID '/' NUM { $$.b = gen_mcode($1, NULL, $3, $$.q = $0.q); } | HID MASK HID { $$.b = gen_mcode($1, $3, 0,
do not set nwid over and over again
we just found the ess by comparing the nwid. It will not have magically changed behind our back. OK? diff --git net80211/ieee80211_node.c net80211/ieee80211_node.c index d4561bffc06..a282ed5a333 100644 --- net80211/ieee80211_node.c +++ net80211/ieee80211_node.c @@ -229,11 +229,10 @@ ieee80211_add_ess(struct ieee80211com *ic, char *nwid, int wpa, int wep) ess = malloc(sizeof(*ess), M_DEVBUF, M_NOWAIT|M_ZERO); if (ess == NULL) return (ENOMEM); + memcpy(ess->essid, nwid, ic->ic_des_esslen); + ess->esslen = ic->ic_des_esslen; } - memcpy(ess->essid, nwid, ic->ic_des_esslen); - ess->esslen = ic->ic_des_esslen; - if (wpa) { if (ic->ic_flags & (IEEE80211_F_RSNON|IEEE80211_F_PSK)) { ess->flags = IEEE80211_F_RSNON; -- I'm not entirely sure you are real.
Re: [PATCH] bs(6): removing extra signal()
Hi Martin, Martin Kopta wrote on Sat, Aug 04, 2018 at 11:04:34PM +0200: > The original version from Bruce Holloway in 1986-03-06 [0] did only one > signal(SIGINT), but the call was probably duplicated after code cleanup by ESR > somewhere between 1986 and 1993. > > Please, confirm there is no hidden reason to call the same signal() twice. > I am unsure. > > [0] https://groups.google.com/forum/#!topic/net.games/StTQg4OiF60 Committed, thanks. Ingo > Index: bs.c > === > RCS file: /cvs/src/games/bs/bs.c,v > retrieving revision 1.39 > diff -u -p -r1.39 bs.c > --- bs.c7 Mar 2016 12:07:55 - 1.39 > +++ bs.c4 Aug 2018 20:22:43 - > @@ -255,7 +255,6 @@ intro(void) > char *tmpname; > > (void) signal(SIGINT,uninitgame); > -(void) signal(SIGINT,uninitgame); > if(signal(SIGQUIT,SIG_IGN) != SIG_IGN) > (void)signal(SIGQUIT,uninitgame);
pflogd(8): stop trying to move log files out of the way
In order to be able to safely append to existing log files, pflogd(8) attempts to validate/or move invalid/broken pflog pcap files out of the way on its own. I noticed that this is not compatible with unveil(2), as pflogd(8) would need to be able to rename(2) files in /var/log to /var/log/pflog.bad.* Currently, if pflogd(8) is unable to move the log file out of the way, it suspends logging until it receives SIGHUP/SIGALRM indicating that the log file has been moved out of the way manually. I propose that this become the default and only behaviour. pflogd(8) already reports to syslog that logging has been suspended: pflogd[93742]: Invalid/incompatible log file, move it away pflogd[93742]: Logging suspended: open error And now when resumed: pflogd[93742]: Logging resumed This part can be dropped if found to be too noisy. It looks like in the past this was used when the log format had changed incompatibly, I/O errors might indicate you have bigger issues, so we probably shouldn't be writing to disk.. Comments? Ok? :-) -Bryan. Index: pflogd.8 === RCS file: /cvs/src/sbin/pflogd/pflogd.8,v retrieving revision 1.49 diff -u -p -u -r1.49 pflogd.8 --- pflogd.830 May 2017 17:15:06 - 1.49 +++ pflogd.85 Aug 2018 12:18:34 - @@ -86,9 +86,8 @@ temporarily uses the old snaplen to keep tries to preserve the integrity of the log file against I/O errors. Furthermore, integrity of an existing log file is verified before appending. -If there is an invalid log file or an I/O error, the log file is moved -out of the way and a new one is created. -If a new file cannot be created, logging is suspended until a +If there is an invalid log file or an I/O error, logging is suspended +until a .Dv SIGHUP or a .Dv SIGALRM Index: pflogd.c === RCS file: /cvs/src/sbin/pflogd/pflogd.c,v retrieving revision 1.58 diff -u -p -u -r1.58 pflogd.c --- pflogd.c9 Sep 2017 13:02:52 - 1.58 +++ pflogd.c5 Aug 2018 12:18:34 - @@ -75,7 +75,7 @@ int flush_buffer(FILE *); int if_exists(char *); void logmsg(int, const char *, ...); void purge_buffer(void); -int reset_dump(int); +int reset_dump(void); int scan_dump(FILE *, off_t); int set_snaplen(int); void set_suspended(int); @@ -84,8 +84,6 @@ void sig_close(int); void sig_hup(int); void usage(void); -static int try_reset_dump(int); - /* buffer must always be greater than snaplen */ static intbufpkt = 0; /* number of packets in buffer */ static intbuflen = 0; /* allocated size of buffer */ @@ -238,25 +236,7 @@ set_snaplen(int snap) } int -reset_dump(int nomove) -{ - int ret; - - for (;;) { - ret = try_reset_dump(nomove); - if (ret <= 0) - break; - } - - return (ret); -} - -/* - * tries to (re)open log file, nomove flag is used with -x switch - * returns 0: success, 1: retry (log moved), -1: error - */ -int -try_reset_dump(int nomove) +reset_dump(void) { struct pcap_file_header hdr; struct stat st; @@ -323,12 +303,9 @@ try_reset_dump(int nomove) } } else if (scan_dump(fp, st.st_size)) { fclose(fp); - if (nomove || priv_move_log()) { - logmsg(LOG_ERR, - "Invalid/incompatible log file, move it away"); - return (-1); - } - return (1); + logmsg(LOG_ERR, + "Invalid/incompatible log file, move it away"); + return (-1); } dpcap = fp; @@ -641,7 +618,7 @@ main(int argc, char **argv) bufpkt = 0; } - if (reset_dump(Xflag) < 0) { + if (reset_dump() < 0) { if (Xflag) return (1); @@ -666,10 +643,14 @@ main(int argc, char **argv) if (gotsig_close) break; if (gotsig_hup) { - if (reset_dump(0)) { + int was_suspended = suspended; + if (reset_dump()) { logmsg(LOG_ERR, "Logging suspended: open error"); set_suspended(1); + } else { + if (was_suspended) + logmsg(LOG_NOTICE, "Logging resumed"); } gotsig_hup = 0; } Index: privsep.c === RCS file: /cvs/src/sbin/pflogd/privsep.c,v retrieving revision 1.30 diff -u -p -u -r1.30 privsep.c --- privsep.c 9 Sep 2017 13:02:52 - 1.30 +++ privsep.c 5 Aug 2018 12:18:34 - @@ -42,7 +42,6 @@ enum cmd_types {
Re: remove pledge(2) cpath from iked(8)
OK kn
Re: unveil: incomplete unveil_flagmatch semantic
On Sat, Aug 04, 2018 at 01:16:44PM -0600, Bob Beck wrote: > > > if ((error = namei()) != 0) > > > return (error); > > > fvp = fromnd.ni_vp; > > > @@ -2945,6 +2973,7 @@ sys_revoke(struct proc *p, void *v, regi > > > > > > NDINIT(, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); > > > nd.ni_pledge = PLEDGE_RPATH | PLEDGE_TTY; > > > + nd.ni_unveil = UNVEIL_READ; > > > > I would put UNVEIL_READ|UNVEIL_WRITE : the invalidation is a kind of > > modification. > > > > Yeah, I was on the fence on that one when I did it. You are reading > the tty device from the filesystem, but the thing you are invalidating > is actually an operation on the tty, not anything to do with the > filesystem itself - but this could go either way.. Reading carefully sys_revoke(), I saw you don't need write access at all on the device. You just need to own it (or being super user). Having only UNVEIL_READ make sens too. I am fine with it. > Theo? I want your opinion here :) -- Sebastien Marie
remove pledge(2) cpath from iked(8)
Hi, Here's one more diff which removes the ability of iked(8) to create/delete additional files by removing cpath promise from pledge(2). OK? Index: control.c === RCS file: /cvs/src/sbin/iked/control.c,v retrieving revision 1.25 diff -u -p -u -r1.25 control.c --- control.c 17 Jan 2017 22:10:55 - 1.25 +++ control.c 5 Aug 2018 09:57:24 - @@ -65,10 +65,9 @@ control_run(struct privsep *ps, struct p /* * pledge in the control process: * stdio - for malloc and basic I/O including events. -* cpath - for unlinking the control socket. * unix - for the control socket. */ - if (pledge("stdio cpath unix", NULL) == -1) + if (pledge("stdio unix", NULL) == -1) fatal("pledge"); } @@ -149,16 +148,6 @@ control_listen(struct control_sock *cs) evtimer_set(>cs_evt, control_accept, cs); return (0); -} - -void -control_cleanup(struct control_sock *cs) -{ - if (cs->cs_name == NULL) - return; - event_del(>cs_ev); - event_del(>cs_evt); - (void)unlink(cs->cs_name); } /* ARGSUSED */ Index: iked.h === RCS file: /cvs/src/sbin/iked/iked.h,v retrieving revision 1.118 diff -u -p -u -r1.118 iked.h --- iked.h 16 Mar 2018 12:31:09 - 1.118 +++ iked.h 5 Aug 2018 09:57:25 - @@ -648,7 +648,6 @@ void parent_reload(struct iked *, int, pid_t control(struct privsep *, struct privsep_proc *); int control_init(struct privsep *, struct control_sock *); int control_listen(struct control_sock *); -voidcontrol_cleanup(struct control_sock *); /* config.c */ struct iked_policy * Index: proc.c === RCS file: /cvs/src/sbin/iked/proc.c,v retrieving revision 1.30 diff -u -p -u -r1.30 proc.c --- proc.c 9 Jan 2017 14:49:21 - 1.30 +++ proc.c 5 Aug 2018 09:57:25 - @@ -291,9 +291,6 @@ proc_shutdown(struct privsep_proc *p) { struct privsep *ps = p->p_ps; - if (p->p_id == PROC_CONTROL && ps) - control_cleanup(>ps_csock); - if (p->p_shutdown != NULL) (*p->p_shutdown)();
Re: [PATCH] Pluggable disk formats for vmd (qcow2 preparation)
And, as promised, the preview of the approach to qcow2. Current state: - I can install and boot OpenBSD on qcow2 on OpenBSD. However, I can't take that disk image and give it to qemu, it boots but then dies a few seconds after it starts to do file system access: $ qemu-system-x86_64 -m 2048 -hda obsd.qc2 \ -netdev user,id=mynet0,hostfwd=tcp:127.0.0.1:7922-:22 \ -device e1000,netdev=mynet0 -smp 2 Gives the following error: qcow2: Marking image as corrupt: Preventing invalid write on metadata (overlaps with active L2 table); further corruption events will be suppressed - Snapshots have not been implemented, although the code theoretically won't clobber on-disk snapshots made with qemu. This has not been tested. - There's no tool to create or manage disk images. This still needs to be implemented. - There's no way to specify that an image is a qcow2 image: vmd probes it based on the header, which has a very slim theoretical possibility of misidentifying a raw disk. - And so on. --- diff --git usr.sbin/vmd/Makefile usr.sbin/vmd/Makefile index 24c1d1b1d4a..b6db6c782d6 100644 --- usr.sbin/vmd/Makefile +++ usr.sbin/vmd/Makefile @@ -6,7 +6,7 @@ PROG= vmd SRCS= vmd.c control.c log.c priv.c proc.c config.c vmm.c SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c SRCS+= ns8250.c i8253.c vmboot.c ufs.c disklabel.c dhcp.c packet.c -SRCS+= parse.y atomicio.c vioscsi.c vioraw.c +SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c CFLAGS+= -Wall -I${.CURDIR} CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes diff --git usr.sbin/vmd/vioqcow2.c usr.sbin/vmd/vioqcow2.c new file mode 100644 index 000..553506d467f --- /dev/null +++ usr.sbin/vmd/vioqcow2.c @@ -0,0 +1,612 @@ +/* $OpenBSD: $ */ + +/* + * Copyright (c) 2018 Ori Bernstein + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include /* PAGE_SIZE */ +#include +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "pci.h" +#include "vmd.h" +#include "vmm.h" +#include "virtio.h" + +#define QCOW2_COMPRESSED 0x4000ull +#define QCOW2_INPLACE 0x8000ull + +enum { + ICFEATURE_DIRTY = 1 << 0, + ICFEATURE_CORRUPT = 1 << 1, +}; + +enum { + ACFEATURE_BITEXT= 1 << 0, +}; + +struct qcdisk { + pthread_rwlock_t lock; + struct qcdisk *base; + int fd; + + char *l1; + char *scratch; + off_t end; + + uint32_t version; + + uint64_t backingoff; + uint32_t backingsz; + + uint32_t clustershift; + uint32_t clustersz; + off_tsz; /* in bytes */ + uint32_t cryptmethod; + + uint32_t l1size; + uint64_t l1off; + + uint64_t refoff; + uint32_t refsize; + + uint32_t nsnap; + uint64_t snapoff; + + /* v3 features */ + uint64_t incompatfeatures; + uint64_t autoclearfeatures; + uint32_t refcountsz; + uint32_t headersz; +}; + +extern char *__progname; + +static int move_cluster(struct qcdisk *, off_t, off_t); +static off_t xlate(struct qcdisk *, off_t, int *); +static off_t mkcluster(struct qcdisk *, off_t, off_t); +static int inc_refcount(struct qcdisk *, off_t, int); +static uint32_t getbe32(char **, char *); +static uint64_t getbe64(char **, char *); +static uint16_t unpackbe16(char *); +static uint32_t unpackbe32(char *); +static uint64_t unpackbe64(char *); +static void packbe16(char *p, uint32_t v); +//static void packbe32(char *p, uint32_t v); +static void packbe64(char *, uint64_t); +static int qc2_openpath(struct qcdisk *, char *, int); +static int qc2_open(struct qcdisk *, int); +static ssize_t qc2_pread(void *, char *, size_t, off_t); +static ssize_t qc2_pwrite(void *, char *, size_t, off_t); +static void qc2_close(void *); + +int +virtio_init_qcow2(struct virtio_backing *file, off_t *szp, int fd) +{ + struct qcdisk *diskp; + + diskp = malloc(sizeof(int*)); + if (diskp == NULL) + return -1; + if
Re: ifconfig join: show list of configured ess ids
OK florian@ On Sat, Aug 04, 2018 at 09:12:27PM +0200, Sebastian Benoit wrote: > Hi, > > with this diff, > > ifconfig join > > will print the list of networks that are configured for autojoin. > > $ ifconfig iwm0 join > iwm0: flags=208843 mtu 1500 > lladdr a4:7f:da:a4:d7:c1 > index 1 priority 4 llprio 3 > groups: wlan egress > media: IEEE802.11 autoselect (HT-MCS12 mode 11n) > status: active > ieee80211: join fn0rd chan 6 bssid 62:62:b5:d3:56:a7 62% wpakey > wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp > join: gesamtkunstwerk > fn0rd > Gaeste > WLAN > > > comments? oks? > > (benno_join_list_5.diff) > > diff --git sbin/ifconfig/ifconfig.c sbin/ifconfig/ifconfig.c > index 9bfb1751aab..de6aabf4fba 100644 > --- sbin/ifconfig/ifconfig.c > +++ sbin/ifconfig/ifconfig.c > @@ -163,6 +163,7 @@ int newaddr = 0; > int af = AF_INET; > int explicit_prefix = 0; > int Lflag = 1; > +int show_join = 0; > > int showmediaflag; > int showcapsflag; > @@ -633,6 +634,7 @@ void in6_status(int); > void in6_getaddr(const char *, int); > void in6_getprefix(const char *, int); > void ieee80211_status(void); > +void join_status(void); > void ieee80211_listchans(void); > void ieee80211_listnodes(void); > void ieee80211_printnode(struct ieee80211_nodereq *); > @@ -1656,7 +1658,7 @@ setifjoin(const char *val, int d) > int len; > > if (val == NULL) { > - /* TODO: display the list of join'd networks */ > + show_join = 1; > return; > } > > @@ -2292,14 +2294,68 @@ ieee80211_status(void) > putchar(' '); > printb_status(ifr.ifr_flags, IEEE80211_F_USERBITS); > } > - > putchar('\n'); > + if (show_join) > + join_status(); > if (shownet80211chans) > ieee80211_listchans(); > else if (shownet80211nodes) > ieee80211_listnodes(); > } > > +void > +join_status(void) > +{ > + struct ieee80211_joinreq_all ja; > + struct ieee80211_join *jn = NULL; > + int jsz = IEEE80211_CACHE_SIZE; > + int ojsz; > + int i; > + int r; > + > + bzero(, sizeof(ja)); > + jn = recallocarray(NULL, 0, jsz, sizeof(*jn)); > + if (jn == NULL) > + err(1, "recallocarray"); > + ojsz = jsz; > + while (1) { > + ja.ja_node = jn; > + ja.ja_size = jsz * sizeof(*jn); > + strlcpy(ja.ja_ifname, name, sizeof(ja.ja_ifname)); > + > + if ((r = ioctl(s, SIOCG80211JOINALL, )) != 0) { > + if (errno == E2BIG) { > + jsz += IEEE80211_CACHE_SIZE; > + if (jsz > 10*IEEE80211_CACHE_SIZE) { > + warn("SIOCG80211JOINALL"); > + return; > + } > + jn = recallocarray(jn, ojsz, jsz, sizeof(*jn)); > + if (jn == NULL) > + err(1, "recallocarray"); > + ojsz = jsz; > + continue; > + } else if (errno != ENOENT) > + warn("SIOCG80211JOINALL"); > + return; > + } > + break; > + } > + > + if (!ja.ja_nodes) > + return; > + > + fputs("\tjoin:\t", stdout); > + for (i = 0; i < ja.ja_nodes; i++) { > + if (i > 0) > + printf("\t\t"); > + if (jn[i].i_len > IEEE80211_NWID_LEN) > + jn[i].i_len = IEEE80211_NWID_LEN; > + print_string(jn[i].i_nwid, jn[i].i_len); > + putchar('\n'); > + } > +} > + > void > ieee80211_listchans(void) > { > diff --git sys/net80211/ieee80211.h sys/net80211/ieee80211.h > index d7be80a4562..b02cb7924d3 100644 > --- sys/net80211/ieee80211.h > +++ sys/net80211/ieee80211.h > @@ -1023,4 +1023,6 @@ enum ieee80211_htprot { > IEEE80211_HTPROT_NONHT_MIXED/* non-HT STA associated to our BSS */ > }; > > +#define IEEE80211_CACHE_SIZE100 > + > #endif /* _NET80211_IEEE80211_H_ */ > diff --git sys/net80211/ieee80211_ioctl.c sys/net80211/ieee80211_ioctl.c > index 4d6b7eb1b71..b41b4fe09d8 100644 > --- sys/net80211/ieee80211_ioctl.c > +++ sys/net80211/ieee80211_ioctl.c > @@ -391,8 +391,10 @@ ieee80211_ioctl(struct ifnet *ifp, u_long cmd, caddr_t > data) > struct ieee80211com *ic = (void *)ifp; > struct ifreq *ifr = (struct ifreq *)data; > int i, error = 0; > + size_t len; > struct ieee80211_nwid nwid; > struct ieee80211_join join; > + struct ieee80211_joinreq_all *ja; > struct ieee80211_ess *ess; > struct ieee80211_wpapsk *psk; > struct ieee80211_keyavail *ka; > @@ -488,6 +490,26 @@
Re: remove pledge(2) cpath from switchd(8)
OK florian@ On Sat, Aug 04, 2018 at 12:18:45PM +0100, Ricardo Mestre wrote: > Hi, > > Here's another one for switchd(8) which removes cpath promise from pledge(2) > > OK? > > Index: control.c > === > RCS file: /cvs/src/usr.sbin/switchd/control.c,v > retrieving revision 1.8 > diff -u -p -u -r1.8 control.c > --- control.c 17 Jan 2017 22:10:56 - 1.8 > +++ control.c 3 Aug 2018 06:53:38 - > @@ -70,11 +70,10 @@ control_run(struct privsep *ps, struct p > /* >* pledge in the control process: >* stdio - for malloc and basic I/O including events. > - * cpath - for managing the control socket. >* unix - for the control socket. >* recvfd - for the proc fd exchange. >*/ > - if (pledge("stdio cpath unix recvfd", NULL) == -1) > + if (pledge("stdio unix recvfd", NULL) == -1) > fatal("pledge"); > } > > @@ -194,16 +193,6 @@ control_listen(struct control_sock *cs) > evtimer_set(>cs_evt, control_accept, cs); > > return (0); > -} > - > -void > -control_cleanup(struct control_sock *cs) > -{ > - if (cs->cs_name == NULL) > - return; > - event_del(>cs_ev); > - event_del(>cs_evt); > - (void)unlink(cs->cs_name); > } > > /* ARGSUSED */ > Index: proc.c > === > RCS file: /cvs/src/usr.sbin/switchd/proc.c,v > retrieving revision 1.12 > diff -u -p -u -r1.12 proc.c > --- proc.c29 May 2017 12:56:26 - 1.12 > +++ proc.c3 Aug 2018 06:53:38 - > @@ -475,9 +475,6 @@ proc_shutdown(struct privsep_proc *p) > { > struct privsep *ps = p->p_ps; > > - if (p->p_id == PROC_CONTROL && ps) > - control_cleanup(>ps_csock); > - > if (p->p_shutdown != NULL) > (*p->p_shutdown)(); > > Index: proc.h > === > RCS file: /cvs/src/usr.sbin/switchd/proc.h,v > retrieving revision 1.6 > diff -u -p -u -r1.6 proc.h > --- proc.h9 Jan 2017 14:49:22 - 1.6 > +++ proc.h3 Aug 2018 06:53:38 - > @@ -160,7 +160,6 @@ intproc_flush_imsg(struct privsep *, e > /* control.c */ > int control_init(struct privsep *, struct control_sock *); > int control_listen(struct control_sock *); > -void control_cleanup(struct control_sock *); > struct ctl_conn > *control_connbyfd(int); > void control(struct privsep *, struct privsep_proc *); > -- I'm not entirely sure you are real.
Re: remove pledge(2) cpath from vmd(8)
OK florian@ On Sat, Aug 04, 2018 at 12:21:46PM +0100, Ricardo Mestre wrote: > Hi, > > And here's another one that also removes cpath promise from vmd(8) > > OK? > > Index: control.c > === > RCS file: /cvs/src/usr.sbin/vmd/control.c,v > retrieving revision 1.28 > diff -u -p -u -r1.28 control.c > --- control.c 13 Jul 2018 08:42:49 - 1.28 > +++ control.c 3 Aug 2018 06:56:29 - > @@ -67,12 +67,11 @@ control_run(struct privsep *ps, struct p > /* >* pledge in the control process: >* stdio - for malloc and basic I/O including events. > - * cpath - for managing the control socket. >* unix - for the control socket. >* recvfd - for the proc fd exchange. >* sendfd - for send and receive. >*/ > - if (pledge("stdio cpath unix recvfd sendfd", NULL) == -1) > + if (pledge("stdio unix recvfd sendfd", NULL) == -1) > fatal("pledge"); > } > > @@ -203,15 +202,6 @@ control_listen(struct control_sock *cs) > evtimer_set(>cs_evt, control_accept, cs); > > return (0); > -} > - > -void > -control_cleanup(struct control_sock *cs) > -{ > - if (cs->cs_name == NULL) > - return; > - event_del(>cs_ev); > - event_del(>cs_evt); > } > > /* ARGSUSED */ > Index: proc.c > === > RCS file: /cvs/src/usr.sbin/vmd/proc.c,v > retrieving revision 1.16 > diff -u -p -u -r1.16 proc.c > --- proc.c4 Nov 2017 07:40:31 - 1.16 > +++ proc.c3 Aug 2018 06:56:29 - > @@ -475,9 +475,6 @@ proc_shutdown(struct privsep_proc *p) > { > struct privsep *ps = p->p_ps; > > - if (p->p_id == PROC_CONTROL && ps) > - control_cleanup(>ps_csock); > - > if (p->p_shutdown != NULL) > (*p->p_shutdown)(); > > Index: proc.h > === > RCS file: /cvs/src/usr.sbin/vmd/proc.h,v > retrieving revision 1.14 > diff -u -p -u -r1.14 proc.h > --- proc.h15 Jul 2018 14:36:54 - 1.14 > +++ proc.h3 Aug 2018 06:56:29 - > @@ -69,11 +69,6 @@ struct control_sock { > }; > TAILQ_HEAD(control_socks, control_sock); > > -struct { > - struct event ev; > - int fd; > -} control_state; > - > struct ctl_conn { > TAILQ_ENTRY(ctl_conn)entry; > uint8_t flags; > @@ -197,7 +192,6 @@ void control(struct privsep *, struct p > int control_init(struct privsep *, struct control_sock *); > int control_reset(struct control_sock *); > int control_listen(struct control_sock *); > -void control_cleanup(struct control_sock *); > > /* log.c */ > void log_init(int, int); > -- I'm not entirely sure you are real.
Re: remove pledge(2) cpath from eigrpd(8)
On Sat, Aug 04, 2018 at 12:12:06PM +0100, Ricardo Mestre wrote: > Hi, > > As we discussed, here's a diff to revert back my previous commit on > eigrpd(8) and remove cpath promise entirely since if the socket is not > deleted at shutdown it won't cause any harm. > > OK? I'd prefer to get rid of csock from the global struct since it's now uninitialized in main. With that tweak OK florian@ diff --git control.c control.c index 8c2909700a3..b315b1839ef 100644 --- control.c +++ control.c @@ -100,16 +100,6 @@ control_listen(void) return (0); } -void -control_cleanup(char *path) -{ - if (path == NULL) - return; - event_del(_state.ev); - event_del(_state.evt); - unlink(path); -} - /* ARGSUSED */ static void control_accept(int listenfd, short event, void *bula) diff --git control.h control.h index 298c2d9aa99..02312080bc0 100644 --- control.h +++ control.h @@ -36,7 +36,6 @@ struct ctl_conn { intcontrol_init(char *); intcontrol_listen(void); -void control_cleanup(char *); intcontrol_imsg_relay(struct imsg *); #endif /* _CONTROL_H_ */ diff --git eigrpd.c eigrpd.c index fe59c7c3a21..377650bdf7d 100644 --- eigrpd.c +++ eigrpd.c @@ -168,8 +168,6 @@ main(int argc, char *argv[]) else if (eflag) eigrpe(debug, global.cmd_opts & EIGRPD_OPT_VERBOSE, sockname); - global.csock = sockname; - mib[0] = CTL_NET; mib[1] = PF_INET; mib[2] = IPPROTO_IP; @@ -271,7 +269,7 @@ main(int argc, char *argv[]) eigrpd_conf->rdomain) == -1) fatalx("kr_init failed"); - if (pledge("stdio rpath cpath inet sendfd", NULL) == -1) + if (pledge("stdio rpath inet sendfd", NULL) == -1) fatal("pledge"); event_dispatch(); @@ -293,7 +291,6 @@ eigrpd_shutdown(void) msgbuf_clear(_rde->ibuf.w); close(iev_rde->ibuf.fd); - control_cleanup(global.csock); kr_shutdown(); config_clear(eigrpd_conf); diff --git eigrpd.h eigrpd.h index 214224e32c4..16fd5f97da2 100644 --- eigrpd.h +++ eigrpd.h @@ -339,7 +339,6 @@ struct eigrpd_global { int eigrp_socket_v6; struct in_addr mcast_addr_v4; struct in6_addr mcast_addr_v6; - char*csock; }; extern struct eigrpd_global global; diff --git eigrpe.c eigrpe.c index afe92e68206..4c58ee583f9 100644 --- eigrpe.c +++ eigrpe.c @@ -76,8 +76,7 @@ eigrpe(int debug, int verbose, char *sockname) log_verbose(verbose); /* create eigrpd control socket outside chroot */ - global.csock = sockname; - if (control_init(global.csock) == -1) + if (control_init(sockname) == -1) fatalx("control socket setup failed"); if (inet_pton(AF_INET, AllEIGRPRouters_v4, _addr_v4) != 1) -- I'm not entirely sure you are real.
[PATCH] Pluggable disk formats for vmd (qcow2 preparation)
This change introduces a 'struct virtio_backing' which makes the disk i/o pluggable, providing 'backing->{pread,pwrite}' calls that can be replaced by different disk i/o drivers. This is necessary preparation for adding qcow2 support, which will come as a follow up patch. I'll be posting a preview of it in a follow up email. diff --git usr.sbin/vmd/Makefile usr.sbin/vmd/Makefile index 7ea090f8886..24c1d1b1d4a 100644 --- usr.sbin/vmd/Makefile +++ usr.sbin/vmd/Makefile @@ -6,7 +6,7 @@ PROG= vmd SRCS= vmd.c control.c log.c priv.c proc.c config.c vmm.c SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c SRCS+= ns8250.c i8253.c vmboot.c ufs.c disklabel.c dhcp.c packet.c -SRCS+= parse.y atomicio.c vioscsi.c +SRCS+= parse.y atomicio.c vioscsi.c vioraw.c CFLAGS+= -Wall -I${.CURDIR} CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes diff --git usr.sbin/vmd/vioraw.c usr.sbin/vmd/vioraw.c new file mode 100644 index 000..ffd352d0e37 --- /dev/null +++ usr.sbin/vmd/vioraw.c @@ -0,0 +1,67 @@ +#include /* PAGE_SIZE */ +#include + +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "pci.h" +#include "vmd.h" +#include "vmm.h" +#include "virtio.h" + +static ssize_t +raw_pread(void *file, char *buf, size_t len, off_t off) +{ + return pread(*(int *)file, buf, len, off); +} + +static ssize_t +raw_pwrite(void *file, char *buf, size_t len, off_t off) +{ + return pwrite(*(int *)file, buf, len, off); +} + +static void +raw_close(void *file) +{ + close(*(int *)file); + free(file); +} + +int +virtio_init_raw(struct virtio_backing *file, off_t *szp, int fd) +{ + off_t sz; + int *fdp; + + sz = lseek(fd, 0, SEEK_END); + if (sz == -1) + return -1; + + fdp = malloc(sizeof(int*)); + *fdp = fd; + file->p = fdp; + file->pread = raw_pread; + file->pwrite = raw_pwrite; + file->close = raw_close; + *szp = sz / 512; + return 0; +} + diff --git usr.sbin/vmd/vioscsi.c usr.sbin/vmd/vioscsi.c index 93867887598..af504f0550d 100644 --- usr.sbin/vmd/vioscsi.c +++ usr.sbin/vmd/vioscsi.c @@ -197,7 +197,7 @@ vioscsi_start_read(struct vioscsi_dev *dev, off_t block, ssize_t n_blocks) goto nomem; info->len = n_blocks * VIOSCSI_BLOCK_SIZE_CDROM; info->offset = block * VIOSCSI_BLOCK_SIZE_CDROM; - info->fd = dev->fd; + info->file = >file; return info; @@ -210,7 +210,10 @@ nomem: static const uint8_t * vioscsi_finish_read(struct ioinfo *info) { - if (pread(info->fd, info->buf, info->len, info->offset) != info->len) { + struct virtio_backing *f; + + f = info->file; + if (f->pread(f->p, info->buf, info->len, info->offset) != info->len) { info->error = errno; log_warn("vioscsi read error"); return NULL; diff --git usr.sbin/vmd/virtio.c usr.sbin/vmd/virtio.c index 4622ef4943f..d019bccb945 100644 --- usr.sbin/vmd/virtio.c +++ usr.sbin/vmd/virtio.c @@ -361,7 +361,7 @@ vioblk_start_read(struct vioblk_dev *dev, off_t sector, ssize_t sz) goto nomem; info->len = sz; info->offset = sector * VIRTIO_BLK_SECTOR_SIZE; - info->fd = dev->fd; + info->file = >file; return info; @@ -375,7 +375,10 @@ nomem: static const uint8_t * vioblk_finish_read(struct ioinfo *info) { - if (pread(info->fd, info->buf, info->len, info->offset) != info->len) { + struct virtio_backing *file; + + file = info->file; + if (file->pread(file->p, info->buf, info->len, info->offset) != info->len) { info->error = errno; log_warn("vioblk read error"); return NULL; @@ -398,7 +401,7 @@ vioblk_start_write(struct vioblk_dev *dev, off_t sector, goto nomem; info->len = len; info->offset = sector * VIRTIO_BLK_SECTOR_SIZE; - info->fd = dev->fd; + info->file = >file; if (read_mem(addr, info->buf, len)) { vioblk_free_info(info); @@ -416,7 +419,10 @@ nomem: static int vioblk_finish_write(struct ioinfo *info) { - if (pwrite(info->fd, info->buf, info->len, info->offset) != info->len) { + struct virtio_backing *file; + + file = info->file; + if (file->pwrite(file->p, info->buf, info->len, info->offset) != info->len) { log_warn("vioblk write error"); return EIO; } @@ -1739,6 +1745,16 @@ vmmci_io(int dir, uint16_t reg, uint32_t *data, uint8_t *intr, return (0); } +static int +virtio_init_disk(struct virtio_backing *file, off_t *sz, int fd) +{ + /* +* This is where we slot in disk type selection. +* Right now, there's only raw. +*/ +
Re: [PATCH] cu(1) man page: ~>, ~D and restricted mode
On Sat, Aug 04, 2018 at 11:11:28PM +0100, Jason McIntyre wrote: > On Sat, Aug 04, 2018 at 04:05:44PM -0500, Kris Katterjohn wrote: > > On Sat, Aug 04, 2018 at 09:05:36PM +0100, Jason McIntyre wrote: > > > fair enough. could you submit an updated diff, please? > > > > Sure. New diff below. > > > > I used the same style that appears in the description of the restricted > > shell in the ksh man page. > > > > Cheers, > > Kris Katterjohn > > > > hi. i think this is better. i'd be tempted to remove "i.e.\&" from the > diff too, but that's academic. > > i'll commit it tomorrow if no one has objected. > diff below is what i finally committed. thanks for the mail. jmc Index: cu.1 === RCS file: /cvs/src/usr.bin/cu/cu.1,v retrieving revision 1.17 diff -u -r1.17 cu.1 --- cu.110 Dec 2017 07:34:38 - 1.17 +++ cu.15 Aug 2018 06:09:26 - @@ -76,7 +76,19 @@ Start .Nm in restricted mode. -This prevents all local filesystem operations and command executions. +This prevents all local filesystem operations +.Po +.Cm ~R , +.Cm ~X , +and +.Cm ~> +.Pc +and command executions +.Po +.Cm ~C +and +.Cm ~$ +.Pc . .It Fl s Ar speed | Fl Ar speed Set the speed of the connection. The default is 9600. @@ -108,7 +120,7 @@ .It Ic ~^D No or Ic ~. Drop the connection and exit. Only the connection is dropped \(en the login session is not terminated. -.It Ic ~\*(Gt +.It Ic ~> Copy file from local to remote. .Nm prompts for the name of a local file to transmit. @@ -119,7 +131,6 @@ The command string sent to the local .Ux system is processed by the shell. -This command is not allowed in restricted mode. .It Ic ~# Send a .Dv BREAK @@ -134,25 +145,20 @@ The child program will be run with the following arrangement of file descriptors: .Bd -literal -offset indent -0 \*(Lt-\*(Gt remote tty in -1 \*(Lt-\*(Gt remote tty out -2 \*(Lt-\*(Gt local tty stderr +0 <-> remote tty in +1 <-> remote tty out +2 <-> local tty stderr .Ed -.Pp -This command is not allowed in restricted mode. .It Ic ~D Deassert the data terminal ready (DTR) line briefly. -This command is not allowed in restricted mode. .It Ic ~R Record all output from the remote system to a file. If the given file already exists, it is appended to. If no file is specified, any existing recording is stopped. -This command is not allowed in restricted mode. .It Ic ~S Change the speed of the connection. .It Ic ~X Send a file with the XMODEM protocol. -This command is not allowed in restricted mode. .It Ic ~? Get a summary of the tilde escapes. .El