Re: Atomic signal flags for vi(1)
Ingo Schwarze wrote:
> Hi,
>
> Ingo Schwarze wrote on Wed, Sep 01, 2021 at 04:38:51PM +0200:
>
> > Note that the h_hup() and h_term() signal handlers are still unsafe
> > after this commit because they also set the "killersig" (how fitting!)
> > field in a global struct.
>
> I like it when fixing two bugs only amounts to minus: minus 14 LOC,
> 1 function, 1 global variable, 2 automatic variables, 1 struct member,
> 9 pointer dereferences, 1 #define, and minus 1 #undef.
>
> The argument that only one single GS exists applies unchanged.
>
> OK?
> Ingo
Great. This is the direction I was going to go in with it. I hadn't
thought of collapsing h_hup an h_term, though.
This makes sense as I understand the signal/event handling and a quick
test through the signals shows no difference in behavior.
Should h_term() and cl_sigterm be named something more general to
indicate that they also handle SIGHUP? Or is it good enough since it
includes all the signals that 'term'inate vi? It's not hard to follow
as-is.
Tim. (not @ :P )
>
>
> Index: cl/cl.h
> ===
> RCS file: /cvs/src/usr.bin/vi/cl/cl.h,v
> retrieving revision 1.11
> diff -u -p -r1.11 cl.h
> --- cl/cl.h 1 Sep 2021 14:28:15 - 1.11
> +++ cl/cl.h 1 Sep 2021 17:15:34 -
> @@ -11,7 +11,6 @@
> * @(#)cl.h10.19 (Berkeley) 9/24/96
> */
>
> -extern volatile sig_atomic_t cl_sighup;
> extern volatile sig_atomic_t cl_sigint;
> extern volatile sig_atomic_t cl_sigterm;
> extern volatile sig_atomic_t cl_sigwinch;
> @@ -31,7 +30,6 @@ typedef struct _cl_private {
> char*rmso, *smso; /* Inverse video terminal strings. */
> char*smcup, *rmcup; /* Terminal start/stop strings. */
>
> - int killersig; /* Killer signal. */
> #define INDX_HUP0
> #define INDX_INT1
> #define INDX_TERM 2
> Index: cl/cl_funcs.c
> ===
> RCS file: /cvs/src/usr.bin/vi/cl/cl_funcs.c,v
> retrieving revision 1.21
> diff -u -p -r1.21 cl_funcs.c
> --- cl/cl_funcs.c 1 Sep 2021 14:28:15 - 1.21
> +++ cl/cl_funcs.c 1 Sep 2021 17:15:34 -
> @@ -437,7 +437,7 @@ cl_refresh(SCR *sp, int repaint)
>* If we received a killer signal, we're done, there's no point
>* in refreshing the screen.
>*/
> - if (clp->killersig)
> + if (cl_sigterm)
> return (0);
>
> /*
> @@ -582,7 +582,7 @@ cl_suspend(SCR *sp, int *allowedp)
>* unchanged. In addition, the terminal has already been reset
>* correctly, so leave it alone.
>*/
> - if (clp->killersig) {
> + if (cl_sigterm) {
> F_CLR(clp, CL_SCR_EX_INIT | CL_SCR_VI_INIT);
> return (0);
> }
> Index: cl/cl_main.c
> ===
> RCS file: /cvs/src/usr.bin/vi/cl/cl_main.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 cl_main.c
> --- cl/cl_main.c 1 Sep 2021 14:28:15 - 1.34
> +++ cl/cl_main.c 1 Sep 2021 17:15:34 -
> @@ -33,7 +33,6 @@
>
> GS *__global_list; /* GLOBAL: List of screens. */
>
> -volatile sig_atomic_t cl_sighup;
> volatile sig_atomic_t cl_sigint;
> volatile sig_atomic_t cl_sigterm;
> volatile sig_atomic_t cl_sigwinch;
> @@ -120,9 +119,9 @@ main(int argc, char *argv[])
> }
>
> /* If a killer signal arrived, pretend we just got it. */
> - if (clp->killersig) {
> - (void)signal(clp->killersig, SIG_DFL);
> - (void)kill(getpid(), clp->killersig);
> + if (cl_sigterm) {
> + (void)signal(cl_sigterm, SIG_DFL);
> + (void)kill(getpid(), cl_sigterm);
> /* NOTREACHED */
> }
>
> @@ -215,17 +214,6 @@ term_init(char *ttype)
> }
> }
>
> -#define GLOBAL_CLP \
> - CL_PRIVATE *clp = GCLP(__global_list);
> -static void
> -h_hup(int signo)
> -{
> - GLOBAL_CLP;
> -
> - cl_sighup = 1;
> - clp->killersig = SIGHUP;
> -}
> -
> static void
> h_int(int signo)
> {
> @@ -235,10 +223,7 @@ h_int(int signo)
> static void
> h_term(int signo)
> {
> - GLOBAL_CLP;
> -
> - cl_sigterm = 1;
> - clp->killersig = SIGTERM;
> + cl_sigterm = signo;
> }
>
> static void
> @@ -246,7 +231,6 @@ h_winch(int signo)
> {
> cl_sigwinch = 1;
> }
> -#undef GLOBAL_CLP
>
> /*
> * sig_init --
> @@ -261,20 +245,19 @@ sig_init(GS *gp, SCR *sp)
>
> clp = GCLP(gp);
>
> - cl_sighup = 0;
> cl_sigint = 0;
> cl_sigterm = 0;
> cl_sigwinch = 0;
>
> if (sp == NULL) {
> - if (setsig(SIGHUP, >oact[INDX_HUP], h_hup) ||
> + if (setsig(SIGHUP, >oact[INDX_HUP], h_term) ||
> setsig(SIGINT, >oact[INDX_INT], h_int) ||
> setsig(SIGTERM, >oact[INDX_TERM], h_term) ||
>
Re: netstart routing domain loopback
On Wed, Sep 01, 2021 at 11:37:10PM +0200, Alexander Bluhm wrote:
> On Wed, Aug 18, 2021 at 04:28:13PM +0200, Alexander Bluhm wrote:
> > I want to create an enc1 interface for routing domain 1 and set
> > additional addresses on lo1. So my net config looks like this.
> >
> > ==> /etc/hostname.enc1 <==
> > rdomain 1
> >
> > ==> /etc/hostname.lo1 <==
> > rdomain 1
> > inet alias 10.188.10.74 255.255.255.255
> > ...
> >
> > /etc/netstart creates enc1 in routing domain 0, but does not place
> > it into rdomain 1 due to this error:
> > starting network
> > ifconfig: SIOCSIFRDOMAIN: Invalid argument
> >
> > With some additional debug output netstart does this:
> > { ifconfig enc1 || ifconfig enc1 create; }
> > { ifconfig lo0 || ifconfig lo0 create; }
> > { ifconfig lo1 || ifconfig lo1 create; }
> > { ifconfig enc1 || ifconfig enc1 create; }
> > ifconfig enc1 rdomain 1
> > ...
> > { ifconfig lo1 || ifconfig lo1 create; }
> > ifconfig lo1 rdomain 1
> > ifconfig lo1 inet alias 10.188.10.74 netmask 255.255.255.255
> >
> > ifconfig enc1 rdomain 1 fails as lo1 exists, but is still in routing
> > domain 0.
> >
> > To fix this, I think lo1, lo2, ... should not be created upfront.
> > Also more debug output for /etc/netstart -n is necessary to understand
> > what is going on.
>
> Debugging code has been added seperately. The following condition
> allows me to create enc1 in routing domain 1.
OK kn
> Index: etc/netstart
> ===
> RCS file: /data/mirror/openbsd/cvs/src/etc/netstart,v
> retrieving revision 1.215
> diff -u -p -r1.215 netstart
> --- etc/netstart 30 Aug 2021 16:58:52 - 1.215
> +++ etc/netstart 1 Sep 2021 15:52:56 -
> @@ -103,6 +103,9 @@ vifscreate() {
> [[ -f $_hn ]] || continue
> _if=${_hn#/etc/hostname.}
>
> + # loopback for routing domain is created by kernel
> + [[ -n "${_if##lo[1-9]*}" ]] || continue
No need for double quotes.
> if ! ifcreate $_if; then
> print -u2 "${0##*/}: create for '$_if' failed."
> fi
>
Re: netstart routing domain loopback
On Wed, Aug 18, 2021 at 04:28:13PM +0200, Alexander Bluhm wrote:
> I want to create an enc1 interface for routing domain 1 and set
> additional addresses on lo1. So my net config looks like this.
>
> ==> /etc/hostname.enc1 <==
> rdomain 1
>
> ==> /etc/hostname.lo1 <==
> rdomain 1
> inet alias 10.188.10.74 255.255.255.255
> ...
>
> /etc/netstart creates enc1 in routing domain 0, but does not place
> it into rdomain 1 due to this error:
> starting network
> ifconfig: SIOCSIFRDOMAIN: Invalid argument
>
> With some additional debug output netstart does this:
> { ifconfig enc1 || ifconfig enc1 create; }
> { ifconfig lo0 || ifconfig lo0 create; }
> { ifconfig lo1 || ifconfig lo1 create; }
> { ifconfig enc1 || ifconfig enc1 create; }
> ifconfig enc1 rdomain 1
> ...
> { ifconfig lo1 || ifconfig lo1 create; }
> ifconfig lo1 rdomain 1
> ifconfig lo1 inet alias 10.188.10.74 netmask 255.255.255.255
>
> ifconfig enc1 rdomain 1 fails as lo1 exists, but is still in routing
> domain 0.
>
> To fix this, I think lo1, lo2, ... should not be created upfront.
> Also more debug output for /etc/netstart -n is necessary to understand
> what is going on.
Debugging code has been added seperately. The following condition
allows me to create enc1 in routing domain 1.
ok?
bluhm
Index: etc/netstart
===
RCS file: /data/mirror/openbsd/cvs/src/etc/netstart,v
retrieving revision 1.215
diff -u -p -r1.215 netstart
--- etc/netstart30 Aug 2021 16:58:52 - 1.215
+++ etc/netstart1 Sep 2021 15:52:56 -
@@ -103,6 +103,9 @@ vifscreate() {
[[ -f $_hn ]] || continue
_if=${_hn#/etc/hostname.}
+ # loopback for routing domain is created by kernel
+ [[ -n "${_if##lo[1-9]*}" ]] || continue
+
if ! ifcreate $_if; then
print -u2 "${0##*/}: create for '$_if' failed."
fi
Re: libagentx: Fix thumbling after free
Bluhm asked me to rethink the freeing strategy.
Here's the end result.
On Mon, 2021-08-30 at 12:03 +0200, Martijn van Duren wrote:
> I missed this one before, since apparently it doesn't show up with
> MALLOC_OPTIONS set to "S", but it does if it is empty.
>
> This probably effects relayd if the admin has it enabled en then
> disables it via a "relayctl reload". However, I'm not able to
> reproduce it there and even if it can be triggered, chances of
> that happening in real life are slim to none.
>
> I think the comment should explain enough.
>
> OK?
>
> martijn@
Index: agentx.c
===
RCS file: /cvs/src/lib/libagentx/agentx.c,v
retrieving revision 1.10
diff -u -p -r1.10 agentx.c
--- agentx.c2 Jun 2021 08:40:09 - 1.10
+++ agentx.c1 Sep 2021 20:51:09 -
@@ -270,10 +270,12 @@ agentx_reset(struct agentx *ax)
struct agentx_session *axs, *tsas;
struct agentx_request *axr;
struct agentx_get *axg;
+ int axfree = ax->ax_free;
ax_free(ax->ax_ax);
ax->ax_ax = NULL;
ax->ax_fd = -1;
+ ax->ax_free = 1;
ax->ax_cstate = AX_CSTATE_CLOSE;
@@ -289,52 +291,52 @@ agentx_reset(struct agentx *ax)
TAILQ_REMOVE(&(ax->ax_getreqs), axg, axg_ax_getreqs);
}
- if (ax->ax_dstate == AX_DSTATE_CLOSE) {
- agentx_free_finalize(ax);
- return;
- }
+ if (ax->ax_dstate == AX_DSTATE_OPEN)
+ agentx_start(ax);
- agentx_start(ax);
+ if (!axfree)
+ agentx_free_finalize(ax);
}
void
agentx_free(struct agentx *ax)
{
struct agentx_session *axs, *tsas;
+ int axfree;
if (ax == NULL)
return;
- if (ax->ax_dstate == AX_DSTATE_CLOSE) {
-/* Malloc throws abort on invalid pointers as well */
+ axfree = ax->ax_free;
+ ax->ax_free = 1;
+
+ /* Malloc throws abort on invalid pointers as well */
+ if (ax->ax_dstate == AX_DSTATE_CLOSE)
agentx_log_ax_fatalx(ax, "%s: double free", __func__);
- }
ax->ax_dstate = AX_DSTATE_CLOSE;
- if (!TAILQ_EMPTY(&(ax->ax_sessions))) {
- TAILQ_FOREACH_SAFE(axs, &(ax->ax_sessions), axs_ax_sessions,
- tsas) {
- if (axs->axs_dstate != AX_DSTATE_CLOSE)
- agentx_session_free(axs);
- }
- } else
+ TAILQ_FOREACH_SAFE(axs, &(ax->ax_sessions), axs_ax_sessions, tsas) {
+ if (axs->axs_dstate != AX_DSTATE_CLOSE)
+ agentx_session_free(axs);
+ }
+ if (!axfree)
agentx_free_finalize(ax);
}
static void
agentx_free_finalize(struct agentx *ax)
{
-#ifdef AX_DEBUG
- if (ax->ax_dstate != AX_DSTATE_CLOSE)
- agentx_log_ax_fatalx(ax, "%s: agentx not closing",
- __func__);
- if (!TAILQ_EMPTY(&(ax->ax_sessions)))
- agentx_log_ax_fatalx(ax, "%s: agentx still has sessions",
- __func__);
- if (!RB_EMPTY(&(ax->ax_requests)))
- agentx_log_ax_fatalx(ax,
- "%s: agentx still has pending requests", __func__);
-#endif
+ struct agentx_session *axs, *taxs;
+
+ ax->ax_free = 0;
+
+ TAILQ_FOREACH_SAFE(axs, &(ax->ax_sessions), axs_ax_sessions, taxs)
+ agentx_session_free_finalize(axs);
+
+ if (!TAILQ_EMPTY(&(ax->ax_sessions)) ||
+ !RB_EMPTY(&(ax->ax_requests)) ||
+ ax->ax_dstate != AX_DSTATE_CLOSE)
+ return;
ax_free(ax->ax_ax);
ax->ax_nofd(ax, ax->ax_cookie, 1);
@@ -477,6 +479,7 @@ agentx_session_close_finalize(struct ax_
struct agentx_session *axs = cookie;
struct agentx *ax = axs->axs_ax;
struct agentx_context *axc, *tsac;
+ int axfree = ax->ax_free;
#ifdef AX_DEBUG
if (axs->axs_cstate != AX_CSTATE_WAITCLOSE)
@@ -492,19 +495,19 @@ agentx_session_close_finalize(struct ax_
}
axs->axs_cstate = AX_CSTATE_CLOSE;
+ ax->ax_free = 1;
agentx_log_axs_info(axs, "closed");
TAILQ_FOREACH_SAFE(axc, &(axs->axs_contexts), axc_axs_contexts, tsac)
agentx_context_reset(axc);
- if (axs->axs_dstate == AX_DSTATE_CLOSE)
- agentx_session_free_finalize(axs);
- else {
- if (ax->ax_cstate == AX_CSTATE_OPEN)
- if (agentx_session_start(axs) == -1)
- return -1;
- }
+ if (ax->ax_cstate == AX_CSTATE_OPEN &&
+ axs->axs_dstate == AX_DSTATE_OPEN)
+ agentx_session_start(axs);
+ if (!axfree)
+ agentx_free_finalize(ax);
+
return 0;
}
@@ -512,10 +515,16 @@ void
agentx_session_free(struct agentx_session *axs)
{
struct agentx_context *axc, *tsac;
+ struct agentx
Re: update to tcpdump(8)
Le Wed, Sep 01, 2021 at 06:42:54PM +0100, Jason McIntyre a écrit : > On Wed, Sep 01, 2021 at 06:15:04PM +0200, Denis Fondras wrote: > > I was searching for the sampling command of tcpdump but could not find it > > in the > > manual. In fact it is missing some primitives compared to pcap-filter > > manual. > > > > hi. > > it looks like there's a whole heap of duplication going on here. does > tcpdump support just a subset of the syntax in pcap-filter(3), or are > they exactly the same? > > i wonder if we can whack all the tcpdump text, or just inline the exact > text of pcap-filter.3 if it really needs to be there (or vice-versa if > tcpdump.8 is more authorative). > > or do they differ? > tcpdump uses libpcap to decode the filter so as far as I can tell, they are the same. I would find it good to have only a pointer to pcap-filter manual in tcpdump manual instead of the full list of primitives.
Re: update to tcpdump(8)
On Wed, Sep 01, 2021 at 06:15:04PM +0200, Denis Fondras wrote: > I was searching for the sampling command of tcpdump but could not find it in > the > manual. In fact it is missing some primitives compared to pcap-filter manual. > hi. it looks like there's a whole heap of duplication going on here. does tcpdump support just a subset of the syntax in pcap-filter(3), or are they exactly the same? i wonder if we can whack all the tcpdump text, or just inline the exact text of pcap-filter.3 if it really needs to be there (or vice-versa if tcpdump.8 is more authorative). or do they differ? jmc > Index: tcpdump.8 > === > RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v > retrieving revision 1.111 > diff -u -p -r1.111 tcpdump.8 > --- tcpdump.8 17 Aug 2020 06:29:29 - 1.111 > +++ tcpdump.8 1 Sep 2021 16:05:20 - > @@ -583,10 +583,26 @@ for details). > .It Cm src net Ar net > True if the IP source address of the packet has a network number of > .Ar net . > -.It Cm net Ar net > -True if either the IP source or destination address of the packet > -has a network number of > -.Ar net . > +.It Cm net Ar net Ns / Ns Ar len > +True if the IPv4/v6 address matches > +.Ar net > +with a netmask > +.Ar len > +bits wide. > +May be qualified with > +.Cm src > +or > +.Cm dst . > +.It Cm net Ar net Cm mask Ar netmask > +True if the IPv4 address matches > +.Ar net > +with the specific > +.Ar netmask . > +May be qualified with > +.Cm src > +or > +.Cm dst . > +Note that this syntax is not valid for IPv6 networks. > .It Cm dst port Ar port > True if the packet is IP/TCP or IP/UDP and has a destination port value of > .Ar port . > @@ -634,12 +650,15 @@ True if the packet has a length greater > This is equivalent to: > .Pp > .D1 Cm len >= Ar length > -.It Cm ip proto Ar proto > -True if the packet is an IP packet (see > +.It Cm sample Ar samplerate > +True if the packet has been randomly selected or sampled at a rate of 1 per > +.Ar samplerate . > +.It Cm ip proto Ar protocol > +True if the packet is an IPv4 packet (see > .Xr ip 4 ) > of protocol type > -.Ar proto . > -.Ar proto > +.Ar protocol . > +.Ar protocol > can be a number or name from > .Xr protocols 5 , > such as > @@ -650,13 +669,18 @@ or > These identifiers are also keywords and must be escaped > using a backslash character > .Pq Sq \e . > +Note that this primitive does not chase the protocol header chain. > +.It Cm ip6 proto Ar protocol > +True if the packet is an IPv6 packet of protocol type > +.Ar protocol . > +Note that this primitive does not chase the protocol header chain. > .It Cm ether broadcast > True if the packet is an Ethernet broadcast packet. > The > .Cm ether > keyword is optional. > .It Cm ip broadcast > -True if the packet is an IP broadcast packet. > +True if the packet is an IPv4 broadcast packet. > It checks for both the all-zeroes and all-ones broadcast conventions > and looks up the local subnet mask. > .It Cm ether multicast > @@ -670,10 +694,12 @@ This is shorthand for > .Dc . > .It Cm ip multicast > True if the packet is an IP multicast packet. > -.It Cm ether proto Ar proto > +.It Cm ip6 multicast > +True if the packet is an IPv6 multicast packet. > +.It Cm ether proto Ar protocol > True if the packet is of ether type > -.Ar proto . > -.Ar proto > +.Ar protocol . > +.Ar protocol > can be a number or one of the names > .Cm ip , > .Cm ip6 , > @@ -835,6 +861,53 @@ Valid directions are: > .Ar fromds , > .Ar dstods , > or a numeric value. > +.It Cm vlan Op Ar vlan_id > +True if the packet is an IEEE 802.1Q VLAN packet. > +If > +.Ar vlan_id > +is specified, only true if the packet has the specified ID. > +Note that the first > +.Cm vlan > +keyword encountered in > +.Ar expression > +changes the decoding offsets for the remainder of > +.Ar expression > +on the assumption that the packet is a VLAN packet. > +This expression may be used more than once, to filter on VLAN hierarchies. > +Each use of that expression increments the filter offsets by 4. > +.Pp > +For example, > +to filter on VLAN 200 encapsulated within VLAN 100: > +.Pp > +.Dl vlan 100 && vlan 200 > +.Pp > +To filter IPv4 protocols encapsulated in VLAN 300 encapsulated within any > +higher order VLAN: > +.Pp > +.Dl vlan && vlan 300 && ip > +.It mpls Op Ar label > +True if the packet is an MPLS (Multi-Protocol Label Switching) packet. > +If > +.Ar label > +is specified, only true if the packet has the specified label. > +Note that the first > +.Cm mpls > +keyword encountered in > +.Ar expression > +changes the decoding offsets for the remainder of > +.Ar expression > +on the assumption that the packet is an MPLS packet. > +This expression may be used more than once, to filter on MPLS labels. > +Each use of that expression increments the filter offsets by 4. > +.Pp > +For example, > +to filter on MPLS label 42 first and requires the next label to be 12: > +.Pp > +.Dl mpls 42 &&
Re: Atomic signal flags for vi(1)
Hi,
Ingo Schwarze wrote on Wed, Sep 01, 2021 at 04:38:51PM +0200:
> Note that the h_hup() and h_term() signal handlers are still unsafe
> after this commit because they also set the "killersig" (how fitting!)
> field in a global struct.
I like it when fixing two bugs only amounts to minus: minus 14 LOC,
1 function, 1 global variable, 2 automatic variables, 1 struct member,
9 pointer dereferences, 1 #define, and minus 1 #undef.
The argument that only one single GS exists applies unchanged.
OK?
Ingo
Index: cl/cl.h
===
RCS file: /cvs/src/usr.bin/vi/cl/cl.h,v
retrieving revision 1.11
diff -u -p -r1.11 cl.h
--- cl/cl.h 1 Sep 2021 14:28:15 - 1.11
+++ cl/cl.h 1 Sep 2021 17:15:34 -
@@ -11,7 +11,6 @@
* @(#)cl.h10.19 (Berkeley) 9/24/96
*/
-extern volatile sig_atomic_t cl_sighup;
extern volatile sig_atomic_t cl_sigint;
extern volatile sig_atomic_t cl_sigterm;
extern volatile sig_atomic_t cl_sigwinch;
@@ -31,7 +30,6 @@ typedef struct _cl_private {
char*rmso, *smso; /* Inverse video terminal strings. */
char*smcup, *rmcup; /* Terminal start/stop strings. */
- int killersig; /* Killer signal. */
#defineINDX_HUP0
#defineINDX_INT1
#defineINDX_TERM 2
Index: cl/cl_funcs.c
===
RCS file: /cvs/src/usr.bin/vi/cl/cl_funcs.c,v
retrieving revision 1.21
diff -u -p -r1.21 cl_funcs.c
--- cl/cl_funcs.c 1 Sep 2021 14:28:15 - 1.21
+++ cl/cl_funcs.c 1 Sep 2021 17:15:34 -
@@ -437,7 +437,7 @@ cl_refresh(SCR *sp, int repaint)
* If we received a killer signal, we're done, there's no point
* in refreshing the screen.
*/
- if (clp->killersig)
+ if (cl_sigterm)
return (0);
/*
@@ -582,7 +582,7 @@ cl_suspend(SCR *sp, int *allowedp)
* unchanged. In addition, the terminal has already been reset
* correctly, so leave it alone.
*/
- if (clp->killersig) {
+ if (cl_sigterm) {
F_CLR(clp, CL_SCR_EX_INIT | CL_SCR_VI_INIT);
return (0);
}
Index: cl/cl_main.c
===
RCS file: /cvs/src/usr.bin/vi/cl/cl_main.c,v
retrieving revision 1.34
diff -u -p -r1.34 cl_main.c
--- cl/cl_main.c1 Sep 2021 14:28:15 - 1.34
+++ cl/cl_main.c1 Sep 2021 17:15:34 -
@@ -33,7 +33,6 @@
GS *__global_list; /* GLOBAL: List of screens. */
-volatile sig_atomic_t cl_sighup;
volatile sig_atomic_t cl_sigint;
volatile sig_atomic_t cl_sigterm;
volatile sig_atomic_t cl_sigwinch;
@@ -120,9 +119,9 @@ main(int argc, char *argv[])
}
/* If a killer signal arrived, pretend we just got it. */
- if (clp->killersig) {
- (void)signal(clp->killersig, SIG_DFL);
- (void)kill(getpid(), clp->killersig);
+ if (cl_sigterm) {
+ (void)signal(cl_sigterm, SIG_DFL);
+ (void)kill(getpid(), cl_sigterm);
/* NOTREACHED */
}
@@ -215,17 +214,6 @@ term_init(char *ttype)
}
}
-#defineGLOBAL_CLP \
- CL_PRIVATE *clp = GCLP(__global_list);
-static void
-h_hup(int signo)
-{
- GLOBAL_CLP;
-
- cl_sighup = 1;
- clp->killersig = SIGHUP;
-}
-
static void
h_int(int signo)
{
@@ -235,10 +223,7 @@ h_int(int signo)
static void
h_term(int signo)
{
- GLOBAL_CLP;
-
- cl_sigterm = 1;
- clp->killersig = SIGTERM;
+ cl_sigterm = signo;
}
static void
@@ -246,7 +231,6 @@ h_winch(int signo)
{
cl_sigwinch = 1;
}
-#undef GLOBAL_CLP
/*
* sig_init --
@@ -261,20 +245,19 @@ sig_init(GS *gp, SCR *sp)
clp = GCLP(gp);
- cl_sighup = 0;
cl_sigint = 0;
cl_sigterm = 0;
cl_sigwinch = 0;
if (sp == NULL) {
- if (setsig(SIGHUP, >oact[INDX_HUP], h_hup) ||
+ if (setsig(SIGHUP, >oact[INDX_HUP], h_term) ||
setsig(SIGINT, >oact[INDX_INT], h_int) ||
setsig(SIGTERM, >oact[INDX_TERM], h_term) ||
setsig(SIGWINCH, >oact[INDX_WINCH], h_winch)
)
err(1, NULL);
} else
- if (setsig(SIGHUP, NULL, h_hup) ||
+ if (setsig(SIGHUP, NULL, h_term) ||
setsig(SIGINT, NULL, h_int) ||
setsig(SIGTERM, NULL, h_term) ||
setsig(SIGWINCH, NULL, h_winch)
Index: cl/cl_read.c
===
RCS file: /cvs/src/usr.bin/vi/cl/cl_read.c,v
retrieving revision 1.22
diff -u -p -r1.22 cl_read.c
--- cl/cl_read.c1 Sep 2021 14:28:15 - 1.22
+++ cl/cl_read.c1 Sep 2021 17:15:34 -
@@ -62,13 +62,15
update to tcpdump(8)
I was searching for the sampling command of tcpdump but could not find it in the manual. In fact it is missing some primitives compared to pcap-filter manual. Index: tcpdump.8 === RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v retrieving revision 1.111 diff -u -p -r1.111 tcpdump.8 --- tcpdump.8 17 Aug 2020 06:29:29 - 1.111 +++ tcpdump.8 1 Sep 2021 16:05:20 - @@ -583,10 +583,26 @@ for details). .It Cm src net Ar net True if the IP source address of the packet has a network number of .Ar net . -.It Cm net Ar net -True if either the IP source or destination address of the packet -has a network number of -.Ar net . +.It Cm net Ar net Ns / Ns Ar len +True if the IPv4/v6 address matches +.Ar net +with a netmask +.Ar len +bits wide. +May be qualified with +.Cm src +or +.Cm dst . +.It Cm net Ar net Cm mask Ar netmask +True if the IPv4 address matches +.Ar net +with the specific +.Ar netmask . +May be qualified with +.Cm src +or +.Cm dst . +Note that this syntax is not valid for IPv6 networks. .It Cm dst port Ar port True if the packet is IP/TCP or IP/UDP and has a destination port value of .Ar port . @@ -634,12 +650,15 @@ True if the packet has a length greater This is equivalent to: .Pp .D1 Cm len >= Ar length -.It Cm ip proto Ar proto -True if the packet is an IP packet (see +.It Cm sample Ar samplerate +True if the packet has been randomly selected or sampled at a rate of 1 per +.Ar samplerate . +.It Cm ip proto Ar protocol +True if the packet is an IPv4 packet (see .Xr ip 4 ) of protocol type -.Ar proto . -.Ar proto +.Ar protocol . +.Ar protocol can be a number or name from .Xr protocols 5 , such as @@ -650,13 +669,18 @@ or These identifiers are also keywords and must be escaped using a backslash character .Pq Sq \e . +Note that this primitive does not chase the protocol header chain. +.It Cm ip6 proto Ar protocol +True if the packet is an IPv6 packet of protocol type +.Ar protocol . +Note that this primitive does not chase the protocol header chain. .It Cm ether broadcast True if the packet is an Ethernet broadcast packet. The .Cm ether keyword is optional. .It Cm ip broadcast -True if the packet is an IP broadcast packet. +True if the packet is an IPv4 broadcast packet. It checks for both the all-zeroes and all-ones broadcast conventions and looks up the local subnet mask. .It Cm ether multicast @@ -670,10 +694,12 @@ This is shorthand for .Dc . .It Cm ip multicast True if the packet is an IP multicast packet. -.It Cm ether proto Ar proto +.It Cm ip6 multicast +True if the packet is an IPv6 multicast packet. +.It Cm ether proto Ar protocol True if the packet is of ether type -.Ar proto . -.Ar proto +.Ar protocol . +.Ar protocol can be a number or one of the names .Cm ip , .Cm ip6 , @@ -835,6 +861,53 @@ Valid directions are: .Ar fromds , .Ar dstods , or a numeric value. +.It Cm vlan Op Ar vlan_id +True if the packet is an IEEE 802.1Q VLAN packet. +If +.Ar vlan_id +is specified, only true if the packet has the specified ID. +Note that the first +.Cm vlan +keyword encountered in +.Ar expression +changes the decoding offsets for the remainder of +.Ar expression +on the assumption that the packet is a VLAN packet. +This expression may be used more than once, to filter on VLAN hierarchies. +Each use of that expression increments the filter offsets by 4. +.Pp +For example, +to filter on VLAN 200 encapsulated within VLAN 100: +.Pp +.Dl vlan 100 && vlan 200 +.Pp +To filter IPv4 protocols encapsulated in VLAN 300 encapsulated within any +higher order VLAN: +.Pp +.Dl vlan && vlan 300 && ip +.It mpls Op Ar label +True if the packet is an MPLS (Multi-Protocol Label Switching) packet. +If +.Ar label +is specified, only true if the packet has the specified label. +Note that the first +.Cm mpls +keyword encountered in +.Ar expression +changes the decoding offsets for the remainder of +.Ar expression +on the assumption that the packet is an MPLS packet. +This expression may be used more than once, to filter on MPLS labels. +Each use of that expression increments the filter offsets by 4. +.Pp +For example, +to filter on MPLS label 42 first and requires the next label to be 12: +.Pp +.Dl mpls 42 && mpls 12 +.Pp +To filter on network 192.0.2.0/24 transported inside packets with label 42: +.Pp +.Dl mpls 42 && net 192.0.2.0/24 .It Xo .Cm atalk , .Cm ip ,
Re: diff(1)ing hardlinks
On Wed, 01 Sep 2021 01:33:34 +0200, Alexander Hall wrote: > If two files to be compared share the same inode, it should > be reasonable to consider them identical. > > This gives a substantial speedup when comparing directory > structures with many hardlinked files, e.g. when using > rsnapshot for incremental backup. OK millert@ - todd
Re: Import timeout(1) from NetBSD
It needs pledge.
> +#include
This is wrong, it should be
> +#include
> +#include
> +
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +#define EXIT_TIMEOUT 124
> +
> +static sig_atomic_t sig_chld = 0;
> +static sig_atomic_t sig_term = 0;
> +static sig_atomic_t sig_alrm = 0;
> +static sig_atomic_t sig_ign = 0;
> +
> +static void __dead
> +usage(void)
> +{
> + fprintf(stderr, "Usage: %s [--signal sig | -s sig] [--preserve-status]"
lower case usage:
> + " [--kill-after time | -k time] [--foreground] "
> + " \n", getprogname());
This should not use <>, ingo and jmc are going to scream at you.
setprogname/getprogname use is excessive, this could simply be the text
"timeout"
> + errno = 0;
> + sig = strtol(str, , 10);
> +
> + if (str[0] == '\0' || *ep != '\0')
> + goto err;
> + if (errno == ERANGE && (sig == LONG_MAX || sig == LONG_MIN))
> + goto err;
strtonum will simplify this.
> + return;
> + }
> +
> + switch(signo) {
> + case 0:
I don't understand what the 0 does here.
> + case SIGINT:
> + case SIGHUP:
> + case SIGQUIT:
> + case SIGTERM:
> + sig_term = signo;
> + break;
> + case SIGCHLD:
> + sig_chld = 1;
> + break;
> + case SIGALRM:
> + sig_alrm = 1;
> + break;
> + }
> +}
> +main(int argc, char **argv)
> +{
> + int ch;
> + unsigned long i;
> + int foreground, preserve;
> + int error, pstat, status;
> + int killsig = SIGTERM;
> + pid_t pgid, pid, cpid;
> + double first_kill;
> + double second_kill;
> + booltimedout = false;
> + booldo_second_kill = false;
> + struct sigaction signals;
> + int signums[] = {
> + -1,
> + SIGTERM,
> + SIGINT,
> + SIGHUP,
> + SIGCHLD,
> + SIGALRM,
> + SIGQUIT,
> + };
Weird indent.
> +
> + setprogname(argv[0]);
setprogname discussion at the top
> +
> + foreground = preserve = 0;
> + second_kill = 0;
> + cpid = -1;
> + pgid = -1;
This defines variables *after* code:
> +
> + const struct option longopts[] = {
> + { "preserve-status", no_argument, ,1 },
> + { "foreground", no_argument, , 1 },
> + { "kill-after", required_argument, NULL,'k'},
> + { "signal", required_argument, NULL,'s'},
> + { "help",no_argument, NULL,'h'},
> + { NULL, 0, NULL, 0 }
> + };
can likely do pledge("stdio proc exec") around here.
> +
> + while ((ch = getopt_long(argc, argv, "+k:s:h", longopts, NULL)) != -1) {
> + switch (ch) {
> + case 'k':
> + do_second_kill = true;
> + second_kill = parse_duration(optarg);
> + break;
> + case 's':
> + killsig = parse_signal(optarg);
> + break;
> + case 0:
> + break;
> + case 'h':
'h' is pointless.
> + default:
> + usage();
> + break;
> + }
> + }
> +
> + argc -= optind;
> + argv += optind;
> +
> + if (argc < 2)
> + usage();
> +
> + first_kill = parse_duration(argv[0]);
> + argc--;
> + argv++;
> +
> + if (!foreground) {
> + pgid = setpgid(0,0);
> +
> + if (pgid == -1)
> + err(EX_OSERR, "setpgid()");
> + }
> +
> + memset(, 0, sizeof(signals));
> + sigemptyset(_mask);
> +
> + if (killsig != SIGKILL && killsig != SIGSTOP)
> + signums[0] = killsig;
> +
> + for (i = 0; i < sizeof(signums) / sizeof(signums[0]); i ++)
> + sigaddset(_mask, signums[i]);
> +
> + signals.sa_handler = sig_handler;
> + signals.sa_flags = SA_RESTART;
> +
> + for (i = 0; i < sizeof(signums) / sizeof(signums[0]); i ++) {
> + if (signums[i] != -1 && signums[i] != 0 &&
> + sigaction(signums[i], , NULL) == -1)
> + err(EX_OSERR, "sigaction()");
> + }
> +
> + signal(SIGTTIN, SIG_IGN);
> + signal(SIGTTOU, SIG_IGN);
> +
> + pid = fork();
> + if (pid == -1)
> + err(EX_OSERR, "fork()");
> + else if (pid == 0) {
> + /* child process */
> + signal(SIGTTIN, SIG_DFL);
> + signal(SIGTTOU, SIG_DFL);
> +
> + error = execvp(argv[0], argv);
> + if (error == -1)
> + err(EX_UNAVAILABLE, "exec()");
> + }
Re: [diff] src/usr.sbin/smtpd: table_diff lacks some lookup kinds
August 29, 2021 10:16 PM, gil...@poolp.org wrote:
> Hellow,
>
> The K_STRING and K_REGEX lookup kinds are missing from table_db even though
> nothing prevents
> them from working technically. The following diff is enough to allow db
> tables to be used on
> regex or string contexts.
>
> Index: table_db.c
> ===
> RCS file: /cvs/src/usr.sbin/smtpd/table_db.c,v
> retrieving revision 1.22
> diff -u -p -r1.22 table_db.c
> --- table_db.c 23 Jan 2021 16:11:11 - 1.22
> +++ table_db.c 29 Aug 2021 20:08:30 -
> @@ -55,7 +55,9 @@ static char *table_db_get_entry_match(vo
>
> struct table_backend table_backend_db = {
> "db",
> -
> K_ALIAS|K_CREDENTIALS|K_DOMAIN|K_NETADDR|K_USERINFO|K_SOURCE|K_MAILADDR|K_ADDRNAME|K_MAILADDRMAP,
> + K_ALIAS|K_CREDENTIALS|K_DOMAIN|K_NETADDR|K_USERINFO|
> + K_SOURCE|K_MAILADDR|K_ADDRNAME|K_MAILADDRMAP|K_RELAYHOST|
> + K_STRING|K_REGEX,
> table_db_config,
> NULL,
> NULL,
the complete diff would be better:
Index: table_db.c
===
RCS file: /cvs/src/usr.sbin/smtpd/table_db.c,v
retrieving revision 1.22
diff -u -p -r1.22 table_db.c
--- table_db.c 23 Jan 2021 16:11:11 - 1.22
+++ table_db.c 1 Sep 2021 11:19:02 -
@@ -55,7 +55,9 @@ static char *table_db_get_entry_match(vo
struct table_backend table_backend_db = {
"db",
-
K_ALIAS|K_CREDENTIALS|K_DOMAIN|K_NETADDR|K_USERINFO|K_SOURCE|K_MAILADDR|K_ADDRNAME|K_MAILADDRMAP,
+ K_ALIAS|K_CREDENTIALS|K_DOMAIN|K_NETADDR|K_USERINFO|
+ K_SOURCE|K_MAILADDR|K_ADDRNAME|K_MAILADDRMAP|K_RELAYHOST|
+ K_STRING|K_REGEX,
table_db_config,
NULL,
NULL,
@@ -72,7 +74,8 @@ static struct keycmp {
} keycmp[] = {
{ K_DOMAIN, table_domain_match },
{ K_NETADDR, table_netaddr_match },
- { K_MAILADDR, table_mailaddr_match }
+ { K_MAILADDR, table_mailaddr_match },
+ { K_REGEX, table_regex_match },
};
struct dbhandle {
Re: regress: don't needlessly fiddle with MALLOC_OPTIONS
On Wed, Sep 01, 2021 at 01:42:41PM +0200, Jasper Lievisse Adriaanse wrote:
> Hi,
>
> As discussed earlier with bluhm, regress tests shouldn't set or modify
> MALLOC_OPTIONS (except under very specific situations, like malloc tests).
> It would be better to set the options globally through sysctl when
> running the suite, as bluhm does.
>
> So remove most cases of MALLOC_OPTIONS from regress and amend the
> manpage guidelines accordingly.
>
> OK?
OK bluhm@
> diff 9ca4957b0bf957d4e3a97547c791aeac34911aaf /usr/src
> blob - a40fad57e604ca5bf7ccfee8c91bcb68bbb46456
> file + regress/bin/csh/Makefile
> --- regress/bin/csh/Makefile
> +++ regress/bin/csh/Makefile
> @@ -20,7 +20,6 @@ REGRESS_TARGETS+= env
> .SUFFIXES: .in
>
> .in:
> - env -i MALLOC_OPTIONS=S ${CSH} <${.CURDIR}/${@}.in 2>&1 | \
> - diff -u ${.CURDIR}/${@}.ok -
> + ${CSH} <${.CURDIR}/${@}.in 2>&1 | diff -u ${.CURDIR}/${@}.ok -
>
> .include
> blob - 3341dabb1403688df8f8e16fa2e31dcd3739d108
> file + regress/bin/csh/filec.sh
> --- regress/bin/csh/filec.sh
> +++ regress/bin/csh/filec.sh
> @@ -50,8 +50,7 @@ cd ~
> !
>
> HOME=$tmp
> -MALLOC_OPTIONS=S
> -export HOME MALLOC_OPTIONS
> +export HOME
>
> # NL: Execute command.
> testseq "echo a\n" "? echo a\r\na\r\n? "
> blob - aee8864d3f8965a05eb4ca63f0ee80979d4d1591
> file + regress/bin/ksh/edit/emacs.sh
> --- regress/bin/ksh/edit/emacs.sh
> +++ regress/bin/ksh/edit/emacs.sh
> @@ -25,10 +25,9 @@ EDITOR=
> ENV=
> HISTFILE=
> MAIL=
> -MALLOC_OPTIONS=S
> PS1=' # '
> VISUAL=emacs
> -export EDITOR ENV HISTFILE MAIL MALLOC_OPTIONS PS1 VISUAL
> +export EDITOR ENV HISTFILE MAIL PS1 VISUAL
>
> # The function testseq() sets up a pseudo terminal and feeds its first
> # argument to a shell on standard input. It then checks that output
> blob - be15c4d1ee8d04be8f36c6f0d647241edbeb70f1
> file + regress/bin/ksh/edit/vi.sh
> --- regress/bin/ksh/edit/vi.sh
> +++ regress/bin/ksh/edit/vi.sh
> @@ -25,10 +25,9 @@ EDITOR=
> ENV=
> HISTFILE=
> MAIL=
> -MALLOC_OPTIONS=S
> PS1=' # '
> VISUAL=vi
> -export EDITOR ENV HISTFILE MAIL MALLOC_OPTIONS PS1 VISUAL
> +export EDITOR ENV HISTFILE MAIL PS1 VISUAL
>
> # The function testseq() sets up a pseudo terminal and feeds its first
> # argument to a shell on standard input. It then checks that output
> blob - 4a35e2664dba5fab3029d832bf181cd63bfa8c0a
> file + regress/bin/ksh/th
> --- regress/bin/ksh/th
> +++ regress/bin/ksh/th
> @@ -56,8 +56,7 @@
> #missing, NAME is removed from the
> #environment. Programs are run with
> #the following minimal environment:
> -#USER, LOGNAME, HOME, PATH, SHELL,
> -#MALLOC_OPTIONS=S
> +#USER, LOGNAME, HOME, PATH, SHELL
> #(values from the current environment
> #takes higher precedence).
> #file-setup mps Used to create files, directories
> @@ -233,10 +232,8 @@ grep($do_test{$_} = 1, @ARGV);
> $all_tests = @ARGV == 0;
>
> # Set up a very minimal environment
> -%new_env = (
> -MALLOC_OPTIONS => 'S',
> -);
> -foreach $env (('USER', 'LOGNAME', 'HOME', 'PATH', 'SHELL',
> 'MALLOC_OPTIONS')) {
> +%new_env = ();
> +foreach $env (('USER', 'LOGNAME', 'HOME', 'PATH', 'SHELL')) {
> $new_env{$env} = $ENV{$env} if defined $ENV{$env};
> }
> if (defined $opt_e) {
> blob - f70d94bd6299646db94cbd0ef873bda47536d474
> file + regress/usr.bin/doas/Makefile
> --- regress/usr.bin/doas/Makefile
> +++ regress/usr.bin/doas/Makefile
> @@ -114,8 +114,7 @@ ${t}:
> /bin/echo $$tdir/bin/echo; \
> ${SUDO} install -o ${BINOWN} -g ${BINGRP} -m 4555 \
> /usr/bin/doas $$tdir/usr/bin/doas; \
> - ${SUDO} env MALLOC_OPTIONS=S chroot -u nobody $$tdir \
> - /usr/bin/doas echo okay
> + ${SUDO} chroot -u nobody $$tdir /usr/bin/doas echo okay
> . endif
> .endfor
>
> blob - 7b9898b8ed49bbb82e891f12a98415ac996f9033
> file + regress/usr.bin/mail/send.sh
> --- regress/usr.bin/mail/send.sh
> +++ regress/usr.bin/mail/send.sh
> @@ -43,8 +43,7 @@ set ask
> !
>
> HOME=$tmp
> -MALLOC_OPTIONS=S
> -export HOME MALLOC_OPTIONS
> +export HOME
>
> # VERASE: Delete character.
> testseq "\0177" "Subject: "
> blob - 64237f6cc9abe1803f2082d0c8d0b91d214b58da
> file + regress/usr.bin/make/Makefile
> --- regress/usr.bin/make/Makefile
> +++ regress/usr.bin/make/Makefile
> @@ -8,191 +8,190 @@ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t
>
> REGRESS_EXPECTED_FAILURES = t14 t17 t18
>
> -MALLOC_OPTIONS?=J
> t1: t1.out
> - env -i PATH=${PATH} MALLOC_OPTIONS=${MALLOC_OPTIONS} ${MAKE} -e -r -f
> ${.CURDIR}/mk1 | diff - t1.out
> + env -i PATH=${PATH} ${MAKE} -e -r -f ${.CURDIR}/mk1 | diff - t1.out
>
> # This is a POSIX test. pmake does not pass variables to
Import timeout(1) from NetBSD
Hi,
FreeBSD/NetBSD/DragonFly and GNU 'coreutils' have a utility called
timeout(1) which allows you to kill a process after X time.
Importing timeout would remove the only reason I have coreutils
installed :-)
I retrieved timeout.{c,1} from
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/timeout/?only_with_tag=MAIN
and make two between what I copied from netbsd and what is below:
* changed 'sys_nsig' to 'NSIG' (thanks millert for the hint)
* appled style(9) in a few places
Thoughts?
Kind regards,
Job
Index: timeout/Makefile
===
RCS file: timeout/Makefile
diff -N timeout/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -
+++ timeout/Makefile1 Sep 2021 15:08:57 -
@@ -0,0 +1,5 @@
+# $OpenBSD: Makefile,v 1.3 1997/09/21 11:51:14 deraadt Exp $
+
+PROG= timeout
+
+.include
Index: timeout/timeout.1
===
RCS file: timeout/timeout.1
diff -N timeout/timeout.1
--- /dev/null 1 Jan 1970 00:00:00 -
+++ timeout/timeout.1 1 Sep 2021 15:08:57 -
@@ -0,0 +1,133 @@
+.\"$NetBSD: timeout.1,v 1.4 2016/10/13 06:22:26 dholland Exp $
+.\"
+.\" Copyright (c) 2014 Baptiste Daroussin
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"notice, this list of conditions and the following disclaimer in the
+.\"documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD: head/usr.bin/timeout/timeout.1 268861 2014-07-18 22:56:59Z bapt $
+.\"
+.Dd July 19, 2014
+.Dt TIMEOUT 1
+.Os
+.Sh NAME
+.Nm timeout
+.Nd run a command with a time limit
+.Sh SYNOPSIS
+.Nm
+.Op Fl Fl signal Ar sig | Fl s Ar sig
+.Op Fl Fl preserve-status
+.Op Fl Fl kill-after Ar time | Fl k Ar time
+.Op Fl Fl foreground
+.Ao Ar duration Ac
+.Ao Ar command Ac
+.Ao Ar args ... Ac
+.Sh DESCRIPTION
+.Nm
+starts the
+.Ar command
+with its
+.Ar args .
+If
+.Ar command
+is still running after
+.Ar duration ,
+it is killed.
+By default,
+.Dv SIGTERM
+is sent.
+.Bl -tag -width "-k time, --kill-after time"
+.It Fl Fl preserve-status
+Always exits with the same status as
+.Ar command
+even if it times out.
+.It Fl Fl foreground
+Do not propagate timeout to the
+.Ar command
+children.
+.It Fl s Ar sig , Fl Fl signal Ar sig
+Specify the signal to send on timeout.
+By default,
+.Dv SIGTERM
+is sent.
+.It Fl k Ar time , Fl Fl kill-after Ar time
+Send a second kill signal if
+.Ar command
+is still running after
+.Ar time
+after the first signal was sent.
+.El
+.Sh DURATION FORMAT
+.Ar duration
+and
+.Ar time
+can be integer or decimal numbers.
+Values without unit symbols are interpreted as seconds.
+.Pp
+Supported unit symbols are:
+.Bl -tag -width indent -compact
+.It s
+seconds
+.It m
+minutes
+.It h
+hours
+.It d
+days
+.El
+.Sh EXIT STATUS
+If the timeout was not reached, the exit status of
+.Ar command
+is returned.
+.Pp
+If the timeout was reached and
+.Fl Fl preserve-status
+is set, the exit status of
+.Ar command
+is returned.
+If
+.Fl Fl preserve-status
+is not set, an exit status of 124 is returned.
+.Pp
+If
+.Ar command
+exits after receiving a signal, the exit status returned is the signal number
plus 128.
+.Sh SEE ALSO
+.Xr kill 1 ,
+.Xr signal 3
+.Sh HISTORY
+A
+.Nm
+utility appeared in a development branch of
+.Fx 11
+and was imported into
+.Nx 7 .
+The
+.Fx
+work is compatible with GNU
+.Nm
+by
+.An Padraig Brady ,
+from GNU Coreutils 8.21.
+The
+.Nm
+utility first appeared in GNU Coreutils 7.0.
Index: timeout/timeout.c
===
RCS file: timeout/timeout.c
diff -N timeout/timeout.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ timeout/timeout.c 1 Sep 2021 15:08:57 -
@@ -0,0 +1,349 @@
+/* $NetBSD: timeout.c,v 1.4 2014/08/05 08:20:02 christos Exp $ */
+
+/*-
+ *
Re: Atomic signal flags for vi(1)
Hi Tim,
trondd wrote on Tue, Aug 24, 2021 at 07:45:33PM -0400:
> "Theo de Raadt" wrote:
>> +h_alrm(int signo)
>> +{
>> + GLOBAL_CLP;
>> +
>> + F_SET(clp, CL_SIGALRM);
>>
>> F_SET is |=, which is not atomic.
>>
>> This is unsafe. Safe signal handlers need to make single stores to
>> atomic-sized variables, which tend to be int-sized, easier to declare
>> as sig_atomic_t. Most often these are global scope with the following
>> type:
>>
>> volatile sig_atomic_t variable
>>
>> I can see you copied an existing practice. Sadly all the other
>> signal handlers are also broken in the same way.
>>
>> The flag bits should be replaced with seperate sig_atomic_t variables.
> Ok. Took a swing at converting the signal handling to sig_atomic_t flags.
> No additional changes added other than removing a redundant check of the
> flags in cl_read.c. Seemed to be a pretty straight-forward conversion and
> I haven't found any change in behavior.
Committed, thank you.
Ingo
CVSROOT:/cvs
Module name:src
Changes by: schwa...@cvs.openbsd.org2021/09/01 08:28:15
Modified files:
usr.bin/vi/cl : cl.h cl_funcs.c cl_main.c cl_read.c
Log message:
As a first step towards safe signal handling, improve the h_int()
and h_winch() signal handlers to make one single store to a
sig_atomic_t variable. Note that the h_hup() and h_term() signal
handlers are still unsafe after this commit because they also set
the "killersig" (how fitting!) field in a global struct.
Despite storing information in static global variables rather than
in structs passed around as arguments, this patch does not cause a
change in behaviour because there is always exactly one GS object,
initialized using gs_init() called from the top of main(), and
screen_init() stores a pointer to this one and only GS object in
the .gp member of each and every SCR object. Talk about useless
abstraction...
Problem pointed out by deraadt@.
Patch from Tim on tech@.
OK deraadt@.
> Index: cl/cl.h
> ===
> RCS file: /cvs/src/usr.bin/vi/cl/cl.h,v
> retrieving revision 1.10
> diff -u -p -r1.10 cl.h
> --- cl/cl.h 27 May 2016 09:18:11 - 1.10
> +++ cl/cl.h 24 Aug 2021 23:34:27 -
> @@ -11,6 +11,11 @@
> * @(#)cl.h10.19 (Berkeley) 9/24/96
> */
>
> +extern volatile sig_atomic_t cl_sighup;
> +extern volatile sig_atomic_t cl_sigint;
> +extern volatile sig_atomic_t cl_sigterm;
> +extern volatile sig_atomic_t cl_sigwinch;
> +
> typedef struct _cl_private {
> CHAR_T ibuf[256]; /* Input keys. */
>
> @@ -45,11 +50,7 @@ typedef struct _cl_private {
> #define CL_RENAME_OK0x0004 /* User wants the windows renamed. */
> #define CL_SCR_EX_INIT 0x0008 /* Ex screen initialized. */
> #define CL_SCR_VI_INIT 0x0010 /* Vi screen initialized. */
> -#define CL_SIGHUP 0x0020 /* SIGHUP arrived. */
> -#define CL_SIGINT 0x0040 /* SIGINT arrived. */
> -#define CL_SIGTERM 0x0080 /* SIGTERM arrived. */
> -#define CL_SIGWINCH 0x0100 /* SIGWINCH arrived. */
> -#define CL_STDIN_TTY0x0200 /* Talking to a terminal. */
> +#define CL_STDIN_TTY0x0020 /* Talking to a terminal. */
> u_int32_t flags;
> } CL_PRIVATE;
>
> Index: cl/cl_funcs.c
> ===
> RCS file: /cvs/src/usr.bin/vi/cl/cl_funcs.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 cl_funcs.c
> --- cl/cl_funcs.c 27 May 2016 09:18:11 - 1.20
> +++ cl/cl_funcs.c 24 Aug 2021 23:34:27 -
> @@ -601,7 +601,7 @@ cl_suspend(SCR *sp, int *allowedp)
> if (cl_ssize(sp, 1, NULL, NULL, ))
> return (1);
> if (changed)
> - F_SET(CLP(sp), CL_SIGWINCH);
> + cl_sigwinch = 1;
>
> return (0);
> }
> Index: cl/cl_main.c
> ===
> RCS file: /cvs/src/usr.bin/vi/cl/cl_main.c,v
> retrieving revision 1.33
> diff -u -p -r1.33 cl_main.c
> --- cl/cl_main.c 5 May 2016 20:36:41 - 1.33
> +++ cl/cl_main.c 24 Aug 2021 23:34:27 -
> @@ -33,6 +33,11 @@
>
> GS *__global_list; /* GLOBAL: List of screens. */
>
> +volatile sig_atomic_t cl_sighup;
> +volatile sig_atomic_t cl_sigint;
> +volatile sig_atomic_t cl_sigterm;
> +volatile sig_atomic_t cl_sigwinch;
> +
> static void cl_func_std(GS *);
> static CL_PRIVATE *cl_init(GS *);
> static GS *gs_init(void);
> @@ -217,16 +222,14 @@ h_hup(int signo)
> {
> GLOBAL_CLP;
>
> - F_SET(clp, CL_SIGHUP);
> + cl_sighup = 1;
> clp->killersig = SIGHUP;
> }
>
> static void
> h_int(int signo)
> {
> - GLOBAL_CLP;
> -
> - F_SET(clp, CL_SIGINT);
> + cl_sigint = 1;
> }
>
> static void
> @@ -234,16 +237,14 @@ h_term(int signo)
> {
> GLOBAL_CLP;
>
> - F_SET(clp,
Re: Incorrect IPL when pool_get(9) is called under rwlock
On Wed, Sep 01, 2021 at 08:53:35AM +0200, Martin Pieuchot wrote:
> syzkaller reported [0] the following lock ordering issue:
>
> db{0}> trace
> db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
> panic(82464b8f) at panic+0x177 sys/kern/subr_prf.c:202
> witness_checkorder(82838c20,9,0) at witness_checkorder+0x11eb
> sys/kern/subr_witness.c:833
> __mp_lock(82838a18) at __mp_lock+0xa1 read_rflags
> machine/cpufunc.h:195 [inline]
> __mp_lock(82838a18) at __mp_lock+0xa1 intr_disable
> machine/cpufunc.h:216 [inline]
> __mp_lock(82838a18) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
> intr_handler(80002123ad80,80255d80) at intr_handler+0x5e
> sys/arch/amd64/amd64/intr.c:532
> Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f
> Xspllower() at Xspllower+0x19
> mtx_enter_try(829b8d10) at mtx_enter_try+0x100
> mtx_enter(829b8d10) at mtx_enter+0x4b sys/kern/kern_lock.c:266
> pool_get(829b8d10,9) at pool_get+0xbf sys/kern/subr_pool.c:581
> vm_create(80b29000,8000211922a8) at vm_create+0x261
> sys/arch/amd64/amd64/vmm.c:1526
> vmmioctl(a00,c5005601,80b29000,1,8000211922a8) at vmmioctl+0x1f2
> VOP_IOCTL(fd806e213830,c5005601,80b29000,1,fd807f7d8840,8000211922a8)
> at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
> vn_ioctl(fd806e4aca28,c5005601,80b29000,8000211922a8) at
> vn_ioctl+0xba sys/kern/vfs_vnops.c:531
> sys_ioctl(8000211922a8,80002123b398,80002123b3e0) at
> sys_ioctl+0x4a2
>
>
> The issue is that pool_get(9) at line 1526 is done after grabbing the
> `vm_lock'. If an interrupt needing the KERNEL_LOCK() occurs at that
> moment the above mentionned lock ordering problem could cause a
> deadlock.
>
> To prevent such issue we generally mark the pool with IPL_MPFLOOR.
>
> [0]
> https://syzkaller.appspot.com/bug?id=c73756cc996a58a625da35fbaa90ba6b9e0c60dc
>
ok mlarkin@
> Index: arch/amd64/amd64/vmm.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
> retrieving revision 1.287
> diff -u -p -r1.287 vmm.c
> --- arch/amd64/amd64/vmm.c31 Aug 2021 17:40:59 - 1.287
> +++ arch/amd64/amd64/vmm.c1 Sep 2021 06:45:38 -
> @@ -430,7 +430,7 @@ vmm_attach(struct device *parent, struct
>
> pool_init(_pool, sizeof(struct vm), 0, IPL_NONE, PR_WAITOK,
> "vmpool", NULL);
> - pool_init(_pool, sizeof(struct vcpu), 64, IPL_NONE, PR_WAITOK,
> + pool_init(_pool, sizeof(struct vcpu), 64, IPL_MPFLOOR, PR_WAITOK,
> "vcpupl", NULL);
>
> vmm_softc = sc;
Re: uaq(4): aquantia usb ethernet driver
On 8/31/2021 8:46 PM, Jonathan Matthew wrote: Here's a driver for the Aquantia USB ethernet devices I just added to usbdevs. These are somewhat interesting because they theoretically go up to 5GbE and support jumbo frames (not implemented yet). While working on this I noticed that it doesn't receive 15-25% of the packets it should, even at very low packet rates, when connected to ehci(4) controllers. No such packet loss occurs with an xhci(4) controller. I'm not sure if this is a problem with our ehci driver or a poor hardware interaction. ok? uaq0 at uhub0 port 2 configuration 1 interface 0 "QNAP? Pacific?" rev 2.10/1.01 addr 2 uaq0: ver 3.1.6, address 24:5e:be:4d:9b:07 media: Ethernet autoselect (5000baseT full-duplex) When I first booted my system I found I couldn't get it to establish a link at anything above 1 Gbps. I unplugged the adapter, plugged it back into a Windows laptop to double check it would indeed work, which it did, and then plugged it back into the OpenBSD laptop. I noticed it was working as expected. Kinda weird. Appears to be working Ok so far and with IPv6 too.
Re: iked(8): client-side DNS support via resolvd(8)
On 2021-09-01 13:28 +02, Tobias Heider wrote:
> Here's an updated diff with the following changes:
>
> - Send the ifidx of the configured 'iface' instead of ifidx 0 to prevent
> name collisions
> - Cache the first received DNS server locally for cleanup/resending.
> - Handle RTP_PROPOSAL_SOLICIT by resending the cached server.
> - Remove the cached server from resolvd on cleanup.
>
> There is no easy way to support multiple DNS servers from different peers
> at the moment. For now, iked will always propose the first DNS server it
> receives and simply ignore the rest. There is room for improvement here,
> but i would rather do this in a follow-up diff.
>
> ok?
the DNS bits look correct. There seem to be unrelated fixes in here?
One comment inline.
>
> Index: config.c
> ===
> RCS file: /cvs/src/sbin/iked/config.c,v
> retrieving revision 1.79
> diff -u -p -r1.79 config.c
> --- config.c 13 May 2021 15:20:48 - 1.79
> +++ config.c 1 Sep 2021 11:26:51 -
> @@ -174,6 +174,7 @@ config_free_sa(struct iked *env, struct
>
> free(sa->sa_cp_addr);
> free(sa->sa_cp_addr6);
> + free(sa->sa_cp_dns);
>
> free(sa->sa_tag);
> free(sa);
> Index: iked.c
> ===
> RCS file: /cvs/src/sbin/iked/iked.c,v
> retrieving revision 1.57
> diff -u -p -r1.57 iked.c
> --- iked.c13 May 2021 15:20:48 - 1.57
> +++ iked.c1 Sep 2021 11:26:51 -
> @@ -459,6 +459,9 @@ parent_dispatch_ikev2(int fd, struct pri
> case IMSG_IF_ADDADDR:
> case IMSG_IF_DELADDR:
> return (vroute_getaddr(env, imsg));
> + case IMSG_VDNS_ADD:
> + case IMSG_VDNS_DEL:
> + return (vroute_getdns(env, imsg));
> case IMSG_VROUTE_ADD:
> case IMSG_VROUTE_DEL:
> return (vroute_getroute(env, imsg));
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.192
> diff -u -p -r1.192 iked.h
> --- iked.h23 Jun 2021 12:11:40 - 1.192
> +++ iked.h1 Sep 2021 11:26:51 -
> @@ -429,6 +429,7 @@ struct iked_sa {
> int sa_cp; /* XXX */
> struct iked_addr*sa_cp_addr;/* requested address */
> struct iked_addr*sa_cp_addr6; /* requested address */
> + struct iked_addr*sa_cp_dns; /* requested dns */
>
> struct iked_policy *sa_policy;
> struct timeval sa_timecreated;
> @@ -611,6 +612,7 @@ struct iked_message {
> int msg_cp;
> struct iked_addr*msg_cp_addr; /* requested address */
> struct iked_addr*msg_cp_addr6; /* requested address */
> + struct iked_addr*msg_cp_dns;/* requested dns */
>
> /* MOBIKE */
> int msg_update_sa_addresses;
> @@ -752,6 +754,7 @@ struct iked {
>
> int sc_pfkey; /* ike process */
> struct event sc_pfkeyev;
> + struct event sc_routeev;
> uint8_t sc_certreqtype;
> struct ibuf *sc_certreq;
> void*sc_vroute;
> @@ -975,6 +978,8 @@ void vroute_init(struct iked *);
> int vroute_setaddr(struct iked *, int, struct sockaddr *, int, unsigned int);
> void vroute_cleanup(struct iked *);
> int vroute_getaddr(struct iked *, struct imsg *);
> +int vroute_setdns(struct iked *, int, struct sockaddr *, unsigned int);
> +int vroute_getdns(struct iked *, struct imsg *);
> int vroute_setaddroute(struct iked *, uint8_t, struct sockaddr *,
> uint8_t, struct sockaddr *);
> int vroute_setcloneroute(struct iked *, uint8_t, struct sockaddr *,
> Index: ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.325
> diff -u -p -r1.325 ikev2.c
> --- ikev2.c 29 Jun 2021 15:39:20 - 1.325
> +++ ikev2.c 1 Sep 2021 11:26:51 -
> @@ -998,6 +998,13 @@ ikev2_ike_auth_recv(struct iked *env, st
> log_info("%s: obtained lease: %s", SPI_SA(sa, __func__),
> print_host((struct sockaddr
> *)>sa_cp_addr6->addr, NULL, 0));
> }
> + if (msg->msg_cp_dns) {
> + sa->sa_cp_dns = msg->msg_cp_dns;
> + msg->msg_cp_dns = NULL;
> + log_debug("%s: DNS: %s", __func__,
> + print_host((struct sockaddr *)>sa_cp_dns->addr,
> + NULL, 0));
> + }
> sa->sa_cp = msg->msg_cp;
> }
>
> @@ -4508,6 +4515,8 @@ ikev2_ikesa_enable(struct iked *env, str
> sa->sa_cp_addr = NULL;
> nsa->sa_cp_addr6 =
regress: don't needlessly fiddle with MALLOC_OPTIONS
Hi,
As discussed earlier with bluhm, regress tests shouldn't set or modify
MALLOC_OPTIONS (except under very specific situations, like malloc tests).
It would be better to set the options globally through sysctl when
running the suite, as bluhm does.
So remove most cases of MALLOC_OPTIONS from regress and amend the
manpage guidelines accordingly.
OK?
diff 9ca4957b0bf957d4e3a97547c791aeac34911aaf /usr/src
blob - a40fad57e604ca5bf7ccfee8c91bcb68bbb46456
file + regress/bin/csh/Makefile
--- regress/bin/csh/Makefile
+++ regress/bin/csh/Makefile
@@ -20,7 +20,6 @@ REGRESS_TARGETS+= env
.SUFFIXES: .in
.in:
- env -i MALLOC_OPTIONS=S ${CSH} <${.CURDIR}/${@}.in 2>&1 | \
- diff -u ${.CURDIR}/${@}.ok -
+ ${CSH} <${.CURDIR}/${@}.in 2>&1 | diff -u ${.CURDIR}/${@}.ok -
.include
blob - 3341dabb1403688df8f8e16fa2e31dcd3739d108
file + regress/bin/csh/filec.sh
--- regress/bin/csh/filec.sh
+++ regress/bin/csh/filec.sh
@@ -50,8 +50,7 @@ cd ~
!
HOME=$tmp
-MALLOC_OPTIONS=S
-export HOME MALLOC_OPTIONS
+export HOME
# NL: Execute command.
testseq "echo a\n" "? echo a\r\na\r\n? "
blob - aee8864d3f8965a05eb4ca63f0ee80979d4d1591
file + regress/bin/ksh/edit/emacs.sh
--- regress/bin/ksh/edit/emacs.sh
+++ regress/bin/ksh/edit/emacs.sh
@@ -25,10 +25,9 @@ EDITOR=
ENV=
HISTFILE=
MAIL=
-MALLOC_OPTIONS=S
PS1=' # '
VISUAL=emacs
-export EDITOR ENV HISTFILE MAIL MALLOC_OPTIONS PS1 VISUAL
+export EDITOR ENV HISTFILE MAIL PS1 VISUAL
# The function testseq() sets up a pseudo terminal and feeds its first
# argument to a shell on standard input. It then checks that output
blob - be15c4d1ee8d04be8f36c6f0d647241edbeb70f1
file + regress/bin/ksh/edit/vi.sh
--- regress/bin/ksh/edit/vi.sh
+++ regress/bin/ksh/edit/vi.sh
@@ -25,10 +25,9 @@ EDITOR=
ENV=
HISTFILE=
MAIL=
-MALLOC_OPTIONS=S
PS1=' # '
VISUAL=vi
-export EDITOR ENV HISTFILE MAIL MALLOC_OPTIONS PS1 VISUAL
+export EDITOR ENV HISTFILE MAIL PS1 VISUAL
# The function testseq() sets up a pseudo terminal and feeds its first
# argument to a shell on standard input. It then checks that output
blob - 4a35e2664dba5fab3029d832bf181cd63bfa8c0a
file + regress/bin/ksh/th
--- regress/bin/ksh/th
+++ regress/bin/ksh/th
@@ -56,8 +56,7 @@
# missing, NAME is removed from the
# environment. Programs are run with
# the following minimal environment:
-# USER, LOGNAME, HOME, PATH, SHELL,
-# MALLOC_OPTIONS=S
+# USER, LOGNAME, HOME, PATH, SHELL
# (values from the current environment
# takes higher precedence).
# file-setup mps Used to create files, directories
@@ -233,10 +232,8 @@ grep($do_test{$_} = 1, @ARGV);
$all_tests = @ARGV == 0;
# Set up a very minimal environment
-%new_env = (
-MALLOC_OPTIONS => 'S',
-);
-foreach $env (('USER', 'LOGNAME', 'HOME', 'PATH', 'SHELL', 'MALLOC_OPTIONS')) {
+%new_env = ();
+foreach $env (('USER', 'LOGNAME', 'HOME', 'PATH', 'SHELL')) {
$new_env{$env} = $ENV{$env} if defined $ENV{$env};
}
if (defined $opt_e) {
blob - f70d94bd6299646db94cbd0ef873bda47536d474
file + regress/usr.bin/doas/Makefile
--- regress/usr.bin/doas/Makefile
+++ regress/usr.bin/doas/Makefile
@@ -114,8 +114,7 @@ ${t}:
/bin/echo $$tdir/bin/echo; \
${SUDO} install -o ${BINOWN} -g ${BINGRP} -m 4555 \
/usr/bin/doas $$tdir/usr/bin/doas; \
- ${SUDO} env MALLOC_OPTIONS=S chroot -u nobody $$tdir \
- /usr/bin/doas echo okay
+ ${SUDO} chroot -u nobody $$tdir /usr/bin/doas echo okay
. endif
.endfor
blob - 7b9898b8ed49bbb82e891f12a98415ac996f9033
file + regress/usr.bin/mail/send.sh
--- regress/usr.bin/mail/send.sh
+++ regress/usr.bin/mail/send.sh
@@ -43,8 +43,7 @@ set ask
!
HOME=$tmp
-MALLOC_OPTIONS=S
-export HOME MALLOC_OPTIONS
+export HOME
# VERASE: Delete character.
testseq "\0177" "Subject: "
blob - 64237f6cc9abe1803f2082d0c8d0b91d214b58da
file + regress/usr.bin/make/Makefile
--- regress/usr.bin/make/Makefile
+++ regress/usr.bin/make/Makefile
@@ -8,191 +8,190 @@ REGRESS_TARGETS= t1 t2 t3 t4 t5 t6 t7 t8 t
REGRESS_EXPECTED_FAILURES = t14 t17 t18
-MALLOC_OPTIONS?=J
t1: t1.out
- env -i PATH=${PATH} MALLOC_OPTIONS=${MALLOC_OPTIONS} ${MAKE} -e -r -f
${.CURDIR}/mk1 | diff - t1.out
+ env -i PATH=${PATH} ${MAKE} -e -r -f ${.CURDIR}/mk1 | diff - t1.out
# This is a POSIX test. pmake does not pass variables to submakes until
# after OpenBSD 2.7.
t2:
- cd ${.CURDIR} && env -i PATH=${PATH} MALLOC_OPTIONS=${MALLOC_OPTIONS}
${MAKE} -r -f mk2| diff - t2.out
+ cd ${.CURDIR} && env -i PATH=${PATH} ${MAKE} -r -f mk2| diff - t2.out
t3:
- cd ${.CURDIR} && env -i PATH=${PATH} MALLOC_OPTIONS=${MALLOC_OPTIONS}
${MAKE} -r
Re: iked(8): client-side DNS support via resolvd(8)
Here's an updated diff with the following changes:
- Send the ifidx of the configured 'iface' instead of ifidx 0 to prevent
name collisions
- Cache the first received DNS server locally for cleanup/resending.
- Handle RTP_PROPOSAL_SOLICIT by resending the cached server.
- Remove the cached server from resolvd on cleanup.
There is no easy way to support multiple DNS servers from different peers
at the moment. For now, iked will always propose the first DNS server it
receives and simply ignore the rest. There is room for improvement here,
but i would rather do this in a follow-up diff.
ok?
Index: config.c
===
RCS file: /cvs/src/sbin/iked/config.c,v
retrieving revision 1.79
diff -u -p -r1.79 config.c
--- config.c13 May 2021 15:20:48 - 1.79
+++ config.c1 Sep 2021 11:26:51 -
@@ -174,6 +174,7 @@ config_free_sa(struct iked *env, struct
free(sa->sa_cp_addr);
free(sa->sa_cp_addr6);
+ free(sa->sa_cp_dns);
free(sa->sa_tag);
free(sa);
Index: iked.c
===
RCS file: /cvs/src/sbin/iked/iked.c,v
retrieving revision 1.57
diff -u -p -r1.57 iked.c
--- iked.c 13 May 2021 15:20:48 - 1.57
+++ iked.c 1 Sep 2021 11:26:51 -
@@ -459,6 +459,9 @@ parent_dispatch_ikev2(int fd, struct pri
case IMSG_IF_ADDADDR:
case IMSG_IF_DELADDR:
return (vroute_getaddr(env, imsg));
+ case IMSG_VDNS_ADD:
+ case IMSG_VDNS_DEL:
+ return (vroute_getdns(env, imsg));
case IMSG_VROUTE_ADD:
case IMSG_VROUTE_DEL:
return (vroute_getroute(env, imsg));
Index: iked.h
===
RCS file: /cvs/src/sbin/iked/iked.h,v
retrieving revision 1.192
diff -u -p -r1.192 iked.h
--- iked.h 23 Jun 2021 12:11:40 - 1.192
+++ iked.h 1 Sep 2021 11:26:51 -
@@ -429,6 +429,7 @@ struct iked_sa {
int sa_cp; /* XXX */
struct iked_addr*sa_cp_addr;/* requested address */
struct iked_addr*sa_cp_addr6; /* requested address */
+ struct iked_addr*sa_cp_dns; /* requested dns */
struct iked_policy *sa_policy;
struct timeval sa_timecreated;
@@ -611,6 +612,7 @@ struct iked_message {
int msg_cp;
struct iked_addr*msg_cp_addr; /* requested address */
struct iked_addr*msg_cp_addr6; /* requested address */
+ struct iked_addr*msg_cp_dns;/* requested dns */
/* MOBIKE */
int msg_update_sa_addresses;
@@ -752,6 +754,7 @@ struct iked {
int sc_pfkey; /* ike process */
struct event sc_pfkeyev;
+ struct event sc_routeev;
uint8_t sc_certreqtype;
struct ibuf *sc_certreq;
void*sc_vroute;
@@ -975,6 +978,8 @@ void vroute_init(struct iked *);
int vroute_setaddr(struct iked *, int, struct sockaddr *, int, unsigned int);
void vroute_cleanup(struct iked *);
int vroute_getaddr(struct iked *, struct imsg *);
+int vroute_setdns(struct iked *, int, struct sockaddr *, unsigned int);
+int vroute_getdns(struct iked *, struct imsg *);
int vroute_setaddroute(struct iked *, uint8_t, struct sockaddr *,
uint8_t, struct sockaddr *);
int vroute_setcloneroute(struct iked *, uint8_t, struct sockaddr *,
Index: ikev2.c
===
RCS file: /cvs/src/sbin/iked/ikev2.c,v
retrieving revision 1.325
diff -u -p -r1.325 ikev2.c
--- ikev2.c 29 Jun 2021 15:39:20 - 1.325
+++ ikev2.c 1 Sep 2021 11:26:51 -
@@ -998,6 +998,13 @@ ikev2_ike_auth_recv(struct iked *env, st
log_info("%s: obtained lease: %s", SPI_SA(sa, __func__),
print_host((struct sockaddr
*)>sa_cp_addr6->addr, NULL, 0));
}
+ if (msg->msg_cp_dns) {
+ sa->sa_cp_dns = msg->msg_cp_dns;
+ msg->msg_cp_dns = NULL;
+ log_debug("%s: DNS: %s", __func__,
+ print_host((struct sockaddr *)>sa_cp_dns->addr,
+ NULL, 0));
+ }
sa->sa_cp = msg->msg_cp;
}
@@ -4508,6 +4515,8 @@ ikev2_ikesa_enable(struct iked *env, str
sa->sa_cp_addr = NULL;
nsa->sa_cp_addr6 = sa->sa_cp_addr6;
sa->sa_cp_addr6 = NULL;
+ nsa->sa_cp_dns = sa->sa_cp_dns;
+ sa->sa_cp_dns = NULL;
/* Transfer other attributes */
if (sa->sa_dstid_entry_valid) {
sa_dstid_remove(env, sa);
Index:
Re: rpki-client exclude files from rsync fetch
Job Snijders wrote: > On Wed, Sep 01, 2021 at 11:14:15AM +0200, Claudio Jeker wrote: > > On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote: > > > RPKI repository can only include a few specific files, everything else is > > > just ignored and deleted after every fetch. Since openrsync supports > > > --exclude-file now we can use this to limit what is actually accepted by > > > the client. > > > > > > I used a config file in /etc/rpki instead of using multiple --exclude / > > > --include arguments. Mostly to keep the execvp argv short. > > > > > > What you think? > > > > It seems using a config file to keep the argv list short is too > > controversial and all alternate suggestions are worse. > > So just add the include/exclude list as arguments. > > Looks good. > > $ ps axuwww | fgrep rsync > _rpki-cl 85084 0.0 0.0 816 1500 p4 S+pU 10:51AM0:00.01 > rpki-client: rsync (rpki-client) > _rpki-cl 5288 0.8 0.1 16228 17576 p4 R+pU/1 10:52AM0:06.85 openrsync > -rt --no-motd --timeout=180 --include=* --include=*.cer --include=*.crl > --include=*.gbr --include=*.mft --include=*.roa --exclude=* > rsync://rpki.arin.net/repository rsync/rpki.arin.net/repository w
Re: diff(1)ing hardlinks
On Wed, Sep 01, 2021 at 01:12:20PM +0200, Stefan Sperling wrote: > On Wed, Sep 01, 2021 at 01:33:34AM +0200, Alexander Hall wrote: > > If two files to be compared share the same inode, it should > > be reasonable to consider them identical. > > > > This gives a substantial speedup when comparing directory > > structures with many hardlinked files, e.g. when using > > rsnapshot for incremental backup. > > > > Comments? OK? > > ok stsp@ > > I have a side-project where I'll consider adding this, too. And OpenCVS/OpenRCS contain derived files (diff_internals.c / diff.c) which could also benefit from this change.
Re: rpki-client exclude files from rsync fetch
On Wed, Sep 01, 2021 at 11:14:15AM +0200, Claudio Jeker wrote: > On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote: > > RPKI repository can only include a few specific files, everything else is > > just ignored and deleted after every fetch. Since openrsync supports > > --exclude-file now we can use this to limit what is actually accepted by > > the client. > > > > I used a config file in /etc/rpki instead of using multiple --exclude / > > --include arguments. Mostly to keep the execvp argv short. > > > > What you think? > > It seems using a config file to keep the argv list short is too > controversial and all alternate suggestions are worse. > So just add the include/exclude list as arguments. Looks good. $ ps axuwww | fgrep rsync _rpki-cl 85084 0.0 0.0 816 1500 p4 S+pU 10:51AM0:00.01 rpki-client: rsync (rpki-client) _rpki-cl 5288 0.8 0.1 16228 17576 p4 R+pU/1 10:52AM0:06.85 openrsync -rt --no-motd --timeout=180 --include=* --include=*.cer --include=*.crl --include=*.gbr --include=*.mft --include=*.roa --exclude=* rsync://rpki.arin.net/repository rsync/rpki.arin.net/repository OK job@
Re: diff(1)ing hardlinks
On Wed, Sep 01, 2021 at 01:33:34AM +0200, Alexander Hall wrote:
> If two files to be compared share the same inode, it should
> be reasonable to consider them identical.
>
> This gives a substantial speedup when comparing directory
> structures with many hardlinked files, e.g. when using
> rsnapshot for incremental backup.
>
> Comments? OK?
ok stsp@
I have a side-project where I'll consider adding this, too.
> /Alexander
>
> Index: diffreg.c
> ===
> RCS file: /cvs/src/usr.bin/diff/diffreg.c,v
> retrieving revision 1.93
> diff -u -p -r1.93 diffreg.c
> --- diffreg.c 28 Jun 2019 13:35:00 - 1.93
> +++ diffreg.c 31 Aug 2021 23:07:51 -
> @@ -429,6 +429,10 @@ files_differ(FILE *f1, FILE *f2, int fla
> if ((flags & (D_EMPTY1|D_EMPTY2)) || stb1.st_size != stb2.st_size ||
> (stb1.st_mode & S_IFMT) != (stb2.st_mode & S_IFMT))
> return (1);
> +
> + if (stb1.st_dev == stb2.st_dev && stb1.st_ino == stb2.st_ino)
> + return (0);
> +
> for (;;) {
> i = fread(buf1, 1, sizeof(buf1), f1);
> j = fread(buf2, 1, sizeof(buf2), f2);
>
>
Re: async traceroute(8)
Stuart Henderson wrote: > On 2021/09/01 11:25, Florian Obser wrote: > > So traceroute sends one probe, waits upto 5^W3 seconds for an answer to > > arrive, sends the next probe and so on. > > > > This makes it a bit faster (10x on a path with two intermediate systems > > not answering) by sending probes, waiting for the answer and doing > > reverse DNS lookups async. > > Basics are working here with icmp and udp. -A doesn't work reliably, > try it with an empty cache - I think it only prints if the route lookup > had a reply before the rdns lookup. interesting, this will need to be found and fixed. > I don't know libevent, is it possible to reset the timer and skip the > 30ms delay if a response is received? Currently it's a little slower > for the case where all hops respond. that is an interesting idea also, it can be even faster. claudio/florian and i have talked a lot about trying to send back-to-back packets to a single ttl target, because it may trigger control plane protection filters in those intermediate hops. but increasing the pace to other targets, is fine. > Hosts that don't respond result in a lot of *'s printed quickly, maybe > scrolling the useful output off the terminal. The overall output is the > same as the sequential version if you actually leave it to finish but > most users would have hit ^C by then. I don't know what could be done > to improve it (suppressing multiple * * * lines might help?) but user > experience with that isn't great as-is. Try mp3.com for an example. there are two proposals for this, which would diverge the output: 15 * * * [repeating to ttl 64] or 15 * * * [repeating to ttl 64] how often do people run scripts against traceroute output, which will care about this change in format. I also considered a third option -- to meter the * * * printout lines rate to 3/second, but this kind of conflicts with the goal for speeding things up.
Re: async traceroute(8)
On 2021/09/01 11:25, Florian Obser wrote: > So traceroute sends one probe, waits upto 5^W3 seconds for an answer to > arrive, sends the next probe and so on. > > This makes it a bit faster (10x on a path with two intermediate systems > not answering) by sending probes, waiting for the answer and doing > reverse DNS lookups async. Basics are working here with icmp and udp. -A doesn't work reliably, try it with an empty cache - I think it only prints if the route lookup had a reply before the rdns lookup. I don't know libevent, is it possible to reset the timer and skip the 30ms delay if a response is received? Currently it's a little slower for the case where all hops respond. Hosts that don't respond result in a lot of *'s printed quickly, maybe scrolling the useful output off the terminal. The overall output is the same as the sequential version if you actually leave it to finish but most users would have hit ^C by then. I don't know what could be done to improve it (suppressing multiple * * * lines might help?) but user experience with that isn't great as-is. Try mp3.com for an example.
Re: rpki-client add http_proxy support
On Wed, Sep 01, 2021 at 09:38:55AM +, Job Snijders wrote:
> On Tue, Aug 31, 2021 at 09:58:54AM +0200, Claudio Jeker wrote:
> > This diff improves the http code by a) adding an IO timeout and b)
> > implementing http_proxy support.
> >
> > Works for me using tinyproxy as proxy server.
>
> OK?
Already fixed :)
> Index: http.c
> ===
> RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
> retrieving revision 1.37
> diff -u -p -r1.37 http.c
> --- http.c1 Sep 2021 08:09:41 - 1.37
> +++ http.c1 Sep 2021 09:38:29 -
> @@ -658,7 +658,7 @@ http_new(struct http_request *req)
> LIST_INSERT_HEAD(, conn, entry);
> http_conn_count++;
>
> - if (proxy.proxyhost == NULL) {
> + if (proxy.proxyhost != NULL) {
> if (http_resolv(>res0, proxy.proxyhost,
> proxy.proxyport) == -1) {
> http_req_fail(req->id);
> @@ -796,7 +796,7 @@ http_connect_done(struct http_connection
> conn->res0 = NULL;
> conn->res = NULL;
>
> - if (proxy.proxyhost == NULL)
> + if (proxy.proxyhost != NULL)
> return proxy_connect(conn);
> return http_tls_connect(conn);
> }
>
--
:wq Claudio
Re: rpki-client add http_proxy support
On Tue, Aug 31, 2021 at 09:58:54AM +0200, Claudio Jeker wrote:
> This diff improves the http code by a) adding an IO timeout and b)
> implementing http_proxy support.
>
> Works for me using tinyproxy as proxy server.
OK?
Index: http.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/http.c,v
retrieving revision 1.37
diff -u -p -r1.37 http.c
--- http.c 1 Sep 2021 08:09:41 - 1.37
+++ http.c 1 Sep 2021 09:38:29 -
@@ -658,7 +658,7 @@ http_new(struct http_request *req)
LIST_INSERT_HEAD(, conn, entry);
http_conn_count++;
- if (proxy.proxyhost == NULL) {
+ if (proxy.proxyhost != NULL) {
if (http_resolv(>res0, proxy.proxyhost,
proxy.proxyport) == -1) {
http_req_fail(req->id);
@@ -796,7 +796,7 @@ http_connect_done(struct http_connection
conn->res0 = NULL;
conn->res = NULL;
- if (proxy.proxyhost == NULL)
+ if (proxy.proxyhost != NULL)
return proxy_connect(conn);
return http_tls_connect(conn);
}
async traceroute(8)
So traceroute sends one probe, waits upto 5^W3 seconds for an answer to
arrive, sends the next probe and so on.
This makes it a bit faster (10x on a path with two intermediate systems
not answering) by sending probes, waiting for the answer and doing
reverse DNS lookups async.
Please test.
diff --git Makefile Makefile
index c9797ab7244..6b745132ff1 100644
--- Makefile
+++ Makefile
@@ -8,6 +8,8 @@ CFLAGS+= -Wall -I${.CURDIR}
CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
CFLAGS+= -Wmissing-declarations
CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual
+LDADD= -levent
+DPADD= ${LIBEVENT}
MAN= traceroute.8
diff --git traceroute.8 traceroute.8
index cc211c14083..4e8d0d5f52a 100644
--- traceroute.8
+++ traceroute.8
@@ -42,7 +42,7 @@
.Nd print the route packets take to network host
.Sh SYNOPSIS
.Nm traceroute\ \&
-.Op Fl AcDdIlnSvx
+.Op Fl ADdIlnSvx
.Op Fl f Ar first_ttl
.Op Fl g Ar gateway_addr
.Op Fl m Ar max_ttl
@@ -56,7 +56,7 @@
.Ar host
.Op Ar datalen
.Nm traceroute6
-.Op Fl AcDdIlnSv
+.Op Fl ADdIlnSv
.Op Fl f Ar first_hop
.Op Fl m Ar max_hop
.Op Fl p Ar port
@@ -91,11 +91,6 @@ The options are as follows:
Look up the AS number for each hop address.
Uses the DNS service described at
.Lk https://www.team-cymru.com/IP-ASN-mapping.html#dns
-.It Fl c
-Do not increment the destination port number in successive UDP packets.
-Rather, all UDP packets will have the same destination port, as set via the
-.Fl p
-flag (or 33434 if none is specified).
.It Fl D
Dump the packet data to standard error before transmitting it.
.It Fl d
diff --git traceroute.c traceroute.c
index 21ee76dba1c..6bbd027081c 100644
--- traceroute.c
+++ traceroute.c
@@ -249,6 +249,7 @@
#include
#include
+#include
#include
#include
#include
@@ -271,33 +272,44 @@ int sndsock;/* send (udp) socket file
descriptor */
intrcvhlim;
struct in6_pktinfo *rcvpktinfo;
- int datalen;/* How much data */
+intdatalen;/* How much data */
char *hostname;
u_int16_t srcport;
-void usage(int);
+void usage(void);
#defineTRACEROUTE_USER "_traceroute"
+void sock_read(int, short, void *);
+void send_timer(int, short, void *);
+
+struct tr_conf *conf; /* configuration defaults */
+struct tr_result *tr_results;
+struct sockaddr_in from4, to4;
+struct sockaddr_in6 from6, to6;
+struct sockaddr*from, *to;
+struct msghdr rcvmhdr;
+int v6flag;
+int*waiting_ttls;
+int last_tos = 0;
+
int
main(int argc, char *argv[])
{
int mib[4] = { CTL_NET, PF_INET, IPPROTO_IP, IPCTL_DEFTTL };
charhbuf[NI_MAXHOST];
- struct tr_conf *conf; /* configuration defaults */
- struct sockaddr_in from4, to4;
- struct sockaddr_in6 from6, to6;
- struct sockaddr *from, *to;
struct addrinfo hints, *res;
struct hostent *hp;
struct ip *ip = NULL;
struct iovec rcviov[2];
- struct msghdrrcvmhdr;
static u_char *rcvcmsgbuf;
struct passwd *pw;
+ struct event sock_ev;
+ struct event timer_ev;
+ struct timeval tv = {0, 0};
long l;
socklen_tlen;
@@ -305,25 +317,18 @@ main(int argc, char *argv[])
int ch;
int on = 1;
- int seq = 0;
int error;
- int curwaittime;
int headerlen; /* How long packet's header is */
int i;
- int last_tos = 0;
int packetlen;
- int probe;
int rcvcmsglen;
int rcvsock4, rcvsock6;
int sndsock4, sndsock6;
u_int32_ttmprnd;
int v4sock_errno, v6sock_errno;
- int v6flag = 0;
- int xflag = 0; /* show ICMP extension header */
char*dest;
const char *errstr;
- u_int8_t ttl;
uid_touid, uid;
gid_tgid;
@@ -337,7 +342,6 @@ main(int argc, char *argv[])
if ((conf = calloc(1, sizeof(*conf))) == NULL)
err(1,NULL);
- conf->incflag = 1;
conf->first_ttl = 1;
conf->proto = IPPROTO_UDP;
conf->max_ttl = IPDEFTTL;
@@ -421,15 +425,12 @@ main(int argc, char *argv[])
err(1, "sysctl");
conf->max_ttl = i;
- while ((ch = getopt(argc, argv, v6flag ? "AcDdf:Ilm:np:q:Ss:t:w:vV:" :
- "AcDdf:g:Ilm:nP:p:q:Ss:t:V:vw:x")) != -1)
+ while ((ch = getopt(argc, argv, v6flag ? "ADdf:Ilm:np:q:Ss:t:w:vV:" :
+ "ADdf:g:Ilm:nP:p:q:Ss:t:V:vw:x")) != -1)
Re: rpki-client exclude files from rsync fetch
On Tue, Aug 31, 2021 at 02:23:57PM +0200, Claudio Jeker wrote:
> RPKI repository can only include a few specific files, everything else is
> just ignored and deleted after every fetch. Since openrsync supports
> --exclude-file now we can use this to limit what is actually accepted by
> the client.
>
> I used a config file in /etc/rpki instead of using multiple --exclude /
> --include arguments. Mostly to keep the execvp argv short.
>
> What you think?
It seems using a config file to keep the argv list short is too
controversial and all alternate suggestions are worse.
So just add the include/exclude list as arguments.
--
:wq Claudio
Index: rsync.c
===
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving revision 1.24
diff -u -p -r1.24 rsync.c
--- rsync.c 19 Apr 2021 17:04:35 - 1.24
+++ rsync.c 1 Sep 2021 09:08:06 -
@@ -277,8 +277,14 @@ proc_rsync(char *prog, char *bind_addr,
args[i++] = (char *)prog;
args[i++] = "-rt";
args[i++] = "--no-motd";
- args[i++] = "--timeout";
- args[i++] = "180";
+ args[i++] = "--timeout=180";
+ args[i++] = "--include=*/";
+ args[i++] = "--include=*.cer";
+ args[i++] = "--include=*.crl";
+ args[i++] = "--include=*.gbr";
+ args[i++] = "--include=*.mft";
+ args[i++] = "--include=*.roa";
+ args[i++] = "--exclude=*";
if (bind_addr != NULL) {
args[i++] = "--address";
args[i++] = (char *)bind_addr;
Re: [patch] pool_sethardlimit(9): Actually print warnmess to console
Ping?
On Sat, Aug 21, 2021 at 08:21:55PM +0200, Jesper Wallin wrote:
> Hi tech@
>
> I'm trying to add log message when the pf(4) state table becomes
> exhausted/full. After reading the code, I learned that it's using
> pool_sethardlimit(9) to manage the resources.
>
> Conveniently, pool_sethardlimit(9) takes the argument warnmess, which is
> printed to the console when the limits are reached. Unfortunately, it
> seems like this isn't true and I can't find anywhere in the source where
> it actually does this.
>
> The patch below add this functionality, even if it's not really used
> right now. It's being called from the following files:
>
> /usr/src/sys/net/pf_ioctl.c
> /usr/src/sys/net/pf_norm.c
> /usr/src/sys/netinet/tcp_subr.c
> /usr/src/sys/netinet/tcp_usrreq.c
>
> And it seems like warnmess is NULL everywhere.
>
>
> Index: kern/subr_pool.c
> ===
> RCS file: /cvs/src/sys/kern/subr_pool.c,v
> retrieving revision 1.234
> diff -u -p -r1.234 subr_pool.c
> --- kern/subr_pool.c 15 Jun 2021 05:24:46 - 1.234
> +++ kern/subr_pool.c 21 Aug 2021 15:09:33 -
> @@ -624,6 +624,14 @@ good:
> fail:
> pp->pr_nfail++;
> pl_leave(pp, >pr_lock);
> + if (pp->pr_hardlimit_warning != NULL &&
> + (pp->pr_hardlimit_ratecap.tv_sec == 0 ||
> + pp->pr_hardlimit_warning_last.tv_sec == 0 ||
> + getuptime() - pp->pr_hardlimit_warning_last.tv_sec >
> + pp->pr_hardlimit_ratecap.tv_sec)) {
> + printf("%s\n", pp->pr_hardlimit_warning);
> + pp->pr_hardlimit_warning_last.tv_sec = getuptime();
> + }
> return (NULL);
> }
>
>
Re: diff(1)ing hardlinks
shocking this test wasn't already in place.
Alexander Hall wrote:
> If two files to be compared share the same inode, it should
> be reasonable to consider them identical.
>
> This gives a substantial speedup when comparing directory
> structures with many hardlinked files, e.g. when using
> rsnapshot for incremental backup.
>
> Comments? OK?
>
> /Alexander
>
> Index: diffreg.c
> ===
> RCS file: /cvs/src/usr.bin/diff/diffreg.c,v
> retrieving revision 1.93
> diff -u -p -r1.93 diffreg.c
> --- diffreg.c 28 Jun 2019 13:35:00 - 1.93
> +++ diffreg.c 31 Aug 2021 23:07:51 -
> @@ -429,6 +429,10 @@ files_differ(FILE *f1, FILE *f2, int fla
> if ((flags & (D_EMPTY1|D_EMPTY2)) || stb1.st_size != stb2.st_size ||
> (stb1.st_mode & S_IFMT) != (stb2.st_mode & S_IFMT))
> return (1);
> +
> + if (stb1.st_dev == stb2.st_dev && stb1.st_ino == stb2.st_ino)
> + return (0);
> +
> for (;;) {
> i = fread(buf1, 1, sizeof(buf1), f1);
> j = fread(buf2, 1, sizeof(buf2), f2);
>
Re: Incorrect IPL when pool_get(9) is called under rwlock
On Wed, Sep 01, 2021 at 08:53:35AM +0200, Martin Pieuchot wrote:
> syzkaller reported [0] the following lock ordering issue:
>
> db{0}> trace
> db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
> panic(82464b8f) at panic+0x177 sys/kern/subr_prf.c:202
> witness_checkorder(82838c20,9,0) at witness_checkorder+0x11eb
> sys/kern/subr_witness.c:833
> __mp_lock(82838a18) at __mp_lock+0xa1 read_rflags
> machine/cpufunc.h:195 [inline]
> __mp_lock(82838a18) at __mp_lock+0xa1 intr_disable
> machine/cpufunc.h:216 [inline]
> __mp_lock(82838a18) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
> intr_handler(80002123ad80,80255d80) at intr_handler+0x5e
> sys/arch/amd64/amd64/intr.c:532
> Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f
> Xspllower() at Xspllower+0x19
> mtx_enter_try(829b8d10) at mtx_enter_try+0x100
> mtx_enter(829b8d10) at mtx_enter+0x4b sys/kern/kern_lock.c:266
> pool_get(829b8d10,9) at pool_get+0xbf sys/kern/subr_pool.c:581
> vm_create(80b29000,8000211922a8) at vm_create+0x261
> sys/arch/amd64/amd64/vmm.c:1526
> vmmioctl(a00,c5005601,80b29000,1,8000211922a8) at vmmioctl+0x1f2
> VOP_IOCTL(fd806e213830,c5005601,80b29000,1,fd807f7d8840,8000211922a8)
> at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
> vn_ioctl(fd806e4aca28,c5005601,80b29000,8000211922a8) at
> vn_ioctl+0xba sys/kern/vfs_vnops.c:531
> sys_ioctl(8000211922a8,80002123b398,80002123b3e0) at
> sys_ioctl+0x4a2
>
>
> The issue is that pool_get(9) at line 1526 is done after grabbing the
> `vm_lock'. If an interrupt needing the KERNEL_LOCK() occurs at that
> moment the above mentionned lock ordering problem could cause a
> deadlock.
>
> To prevent such issue we generally mark the pool with IPL_MPFLOOR.
>
> [0]
> https://syzkaller.appspot.com/bug?id=c73756cc996a58a625da35fbaa90ba6b9e0c60dc
>
Thanks, will take a look. This was introduced yesterday with the new vcpu
locking
diff.
-ml
> Index: arch/amd64/amd64/vmm.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
> retrieving revision 1.287
> diff -u -p -r1.287 vmm.c
> --- arch/amd64/amd64/vmm.c31 Aug 2021 17:40:59 - 1.287
> +++ arch/amd64/amd64/vmm.c1 Sep 2021 06:45:38 -
> @@ -430,7 +430,7 @@ vmm_attach(struct device *parent, struct
>
> pool_init(_pool, sizeof(struct vm), 0, IPL_NONE, PR_WAITOK,
> "vmpool", NULL);
> - pool_init(_pool, sizeof(struct vcpu), 64, IPL_NONE, PR_WAITOK,
> + pool_init(_pool, sizeof(struct vcpu), 64, IPL_MPFLOOR, PR_WAITOK,
> "vcpupl", NULL);
>
> vmm_softc = sc;
>
Incorrect IPL when pool_get(9) is called under rwlock
syzkaller reported [0] the following lock ordering issue:
db{0}> trace
db_enter() at db_enter+0x18 sys/arch/amd64/amd64/db_interface.c:440
panic(82464b8f) at panic+0x177 sys/kern/subr_prf.c:202
witness_checkorder(82838c20,9,0) at witness_checkorder+0x11eb
sys/kern/subr_witness.c:833
__mp_lock(82838a18) at __mp_lock+0xa1 read_rflags machine/cpufunc.h:195
[inline]
__mp_lock(82838a18) at __mp_lock+0xa1 intr_disable
machine/cpufunc.h:216 [inline]
__mp_lock(82838a18) at __mp_lock+0xa1 sys/kern/kern_lock.c:142
intr_handler(80002123ad80,80255d80) at intr_handler+0x5e
sys/arch/amd64/amd64/intr.c:532
Xintr_ioapic_edge20_untramp() at Xintr_ioapic_edge20_untramp+0x18f
Xspllower() at Xspllower+0x19
mtx_enter_try(829b8d10) at mtx_enter_try+0x100
mtx_enter(829b8d10) at mtx_enter+0x4b sys/kern/kern_lock.c:266
pool_get(829b8d10,9) at pool_get+0xbf sys/kern/subr_pool.c:581
vm_create(80b29000,8000211922a8) at vm_create+0x261
sys/arch/amd64/amd64/vmm.c:1526
vmmioctl(a00,c5005601,80b29000,1,8000211922a8) at vmmioctl+0x1f2
VOP_IOCTL(fd806e213830,c5005601,80b29000,1,fd807f7d8840,8000211922a8)
at VOP_IOCTL+0x9a sys/kern/vfs_vops.c:295
vn_ioctl(fd806e4aca28,c5005601,80b29000,8000211922a8) at
vn_ioctl+0xba sys/kern/vfs_vnops.c:531
sys_ioctl(8000211922a8,80002123b398,80002123b3e0) at sys_ioctl+0x4a2
The issue is that pool_get(9) at line 1526 is done after grabbing the
`vm_lock'. If an interrupt needing the KERNEL_LOCK() occurs at that
moment the above mentionned lock ordering problem could cause a
deadlock.
To prevent such issue we generally mark the pool with IPL_MPFLOOR.
[0]
https://syzkaller.appspot.com/bug?id=c73756cc996a58a625da35fbaa90ba6b9e0c60dc
Index: arch/amd64/amd64/vmm.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/vmm.c,v
retrieving revision 1.287
diff -u -p -r1.287 vmm.c
--- arch/amd64/amd64/vmm.c 31 Aug 2021 17:40:59 - 1.287
+++ arch/amd64/amd64/vmm.c 1 Sep 2021 06:45:38 -
@@ -430,7 +430,7 @@ vmm_attach(struct device *parent, struct
pool_init(_pool, sizeof(struct vm), 0, IPL_NONE, PR_WAITOK,
"vmpool", NULL);
- pool_init(_pool, sizeof(struct vcpu), 64, IPL_NONE, PR_WAITOK,
+ pool_init(_pool, sizeof(struct vcpu), 64, IPL_MPFLOOR, PR_WAITOK,
"vcpupl", NULL);
vmm_softc = sc;
Re: uaq(4): aquantia usb ethernet driver
On Wed, Sep 01, 2021 at 10:46:01AM +1000, Jonathan Matthew wrote: > > Here's a driver for the Aquantia USB ethernet devices I just added > to usbdevs. These are somewhat interesting because they theoretically > go up to 5GbE and support jumbo frames (not implemented yet). > > While working on this I noticed that it doesn't receive 15-25% of the packets > it should, even at very low packet rates, when connected to ehci(4) > controllers. > No such packet loss occurs with an xhci(4) controller. I'm not sure if this > is a problem with our ehci driver or a poor hardware interaction. I tested your diff with the following device: uaq0 at uhub0 port 19 configuration 1 interface 0 "QNAP QNAP QNA-UC5G1T USB to 5GbE Adapter" rev 3.20/1.01 addr 4 uaq0: ver 2.5.30, address 24:5e:be:xx:xx:xx I noticed that if the device connects to an xhci controller and connects to a Gigabit switch, I'll get a bunch of messages while running iperf3: uaq0: offset mismatch, got 5232 expected 49969927280 uaq0: offset mismatch, got -25912 expected 149128480565874 uaq0: offset mismatch, got 2192 expected 55976167568 ... Apart from that it's working fine. > ok? ok kevlo@
Re: acpibtn.4: Mention sleep putton, lid status and machdep.{lid,pwr}action
On Tue, Aug 31, 2021 at 11:51:37PM +, Klemens Nanni wrote: > landry added the sensor back in 2013 and suspend via sleep button also works > (at least on ThinkPads). > > machdep.*action are super useful and I dislike grepping /etc/examples/ > for to read about them. > > acpibtn(4) is the most prominent driver supporting, so documenting them > there seems fine and finally pleases my muscle memory: > > $ man -k any=lidaction > acpibtn(4) - ACPI button > > suspend/hibernate wording is taken from apm(8). > sysctl value list style is taken from sysctl(2)'s KERN_POOL_DEBUG. > > Feedback? OK? > hi. i think this is a good change - it makes the page more helpful. i have only one tweak, inline: > Index: acpibtn.4 > === > RCS file: /cvs/src/share/man/man4/acpibtn.4,v > retrieving revision 1.5 > diff -u -p -r1.5 acpibtn.4 > --- acpibtn.4 16 Jul 2013 16:05:48 - 1.5 > +++ acpibtn.4 31 Aug 2021 23:37:20 - > @@ -25,17 +25,59 @@ > .Sh DESCRIPTION > The > .Nm > -driver is used to handle the event triggered when the user presses an ACPI > -button. > -Currently, the only event handled is the press of a power button which > -causes the system to perform a regular system shutdown and power off the > -machine if the > +driver handles events triggered by ACPI buttons. > +Currently, only power button, sleep button and lid status events are > supported. > +.Pp > +The power button event is handled according to the > +.Va machdep.pwraction > +.Xr sysctl 8 . > +Valid values are: > +.Pp > +.Bl -tag -width 3n -offset indent -compact > +.It 0 > +Do nothing. > +.It 1 > +Perform a regular system shutdown and power off the machine if the > .Va hw.allowpowerdown > +sysctl is set to 1. > +.It 2 > +Put the system into suspend (deep sleep) state. > +.El > +.Pp > +The sleep button event puts the system into suspend (deep sleep) state. > +.Pp > +The lid status event is handled according to the > +.Va machdep.lidaction > +sysctl. > +Valid values are: > +.Pp > +.Bl -tag -width 3n -offset indent -compact > +.It 0 > +Do nothing. > +.It 1 > +Put the system into suspend (deep sleep) state. > +.It 2 > +Put the system into hibernation. > +System memory is saved to disk (swap space) > +and the machine is powered down. > +For machines supporting the > +.Xr acpi 4 > +style hibernate functionality, on resume a full kernel > +boot will occur, followed by the reading of the saved > +memory image. > +The image will then be unpacked and the system resumed > +at the point immediately after the hibernation request. > +.El > +.Pp > +The lid status is set up as sensor and can be monitored using i think you should say "as a sensor". jmc > .Xr sysctl 8 > -is set to 1. > +or > +.Xr sensorsd 8 . > .Sh SEE ALSO > .Xr acpi 4 , > -.Xr intro 4 > +.Xr intro 4 , > +.Xr sensorsd 8 , > +.Xr sysctl 8 > .Sh HISTORY > The > .Nm >
