Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

[Marius Strobl]

On Sun, Mar 20, 2016 at 07:47:58AM +0800, Erich Dollansky wrote:
> Hi,
> 
> On Sat, 19 Mar 2016 08:23:09 -0600
> Ian Lepore  wrote:
> 
> > On Sat, 2016-03-19 at 13:48 +0800, Erich Dollansky wrote:
> > > 
> > > nothing else was changed on the machine except the update. I could
> > > use
> > > 
> > > ssh 192.168.12.12
> > > 
> > > to connect to a jail running under that IP address before the update
> > > without problems.
> > > 
> > > It works now only with
> > > 
> > > ssh -Y 192.168.12.12
> > > 
> > > The /etc/ssh/ssh_config file says:
> > > 
> > > Host *
> > > ForwardX11 yes
> > > 
> > > So, it should allow to connect to all machines providing ssh and
> > > forward X11.
> > > 
> > > What did I miss?
> > 
> > If -Y works, the ssh config file option that corresponds to that is
> > ForwardX11Trusted.  ForwardX11 corresponds to -X.  (Not sure what
> > changed, just throwing out the one little crumb of info I've got.)
> > 
> I got this as an off-list reply:
> 
> Could this be related to FreeBSD-SA-16:14.openssh?

Not FreeBSD-SA-16:14.openssh and CVE-2016-3115 respectively, but
most likely the changes for CVE-2016-1908 which came in as part
of the upgrade to OpenSSH 7.2p2, i. e. (among others):
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
The xorg-server port is built with the X11 SECURITY extension
disabled. I just can suspect that the intent is to use a nested
X server such as Xephyr for securely running applications instead.
Actually, I'm surprised that such a fallback to trusted forwarding
existed. I believe it wasn't present back when ForwardX11Trusted
was introduced, essentially already causing the trouble you're now
hitting.

Marius



signature.asc
Description: PGP signature

Jenkins build is still unstable: FreeBSD_stable_10 #151

[jenkins-admin]

See 

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Jenkins build is still unstable: FreeBSD_stable_10 #145

[jenkins-admin]

See 

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

[Erich Dollansky]

Hi,

On Sat, 19 Mar 2016 08:23:09 -0600
Ian Lepore  wrote:

> On Sat, 2016-03-19 at 13:48 +0800, Erich Dollansky wrote:
> > 
> > nothing else was changed on the machine except the update. I could
> > use
> > 
> > ssh 192.168.12.12
> > 
> > to connect to a jail running under that IP address before the update
> > without problems.
> > 
> > It works now only with
> > 
> > ssh -Y 192.168.12.12
> > 
> > The /etc/ssh/ssh_config file says:
> > 
> > Host *
> > ForwardX11 yes
> > 
> > So, it should allow to connect to all machines providing ssh and
> > forward X11.
> > 
> > What did I miss?
> 
> If -Y works, the ssh config file option that corresponds to that is
> ForwardX11Trusted.  ForwardX11 corresponds to -X.  (Not sure what
> changed, just throwing out the one little crumb of info I've got.)
> 
I got this as an off-list reply:

Could this be related to FreeBSD-SA-16:14.openssh?

Erich
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Jenkins build is still unstable: FreeBSD_stable_10 #148

[jenkins-admin]

See 

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Jenkins build is still unstable: FreeBSD_stable_10 #150

[jenkins-admin]

See 

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

[Ian Lepore]

On Sat, 2016-03-19 at 13:48 +0800, Erich Dollansky wrote:
> Hi,
> 
> nothing else was changed on the machine except the update. I could
> use
> 
> ssh 192.168.12.12
> 
> to connect to a jail running under that IP address before the update
> without problems.
> 
> It works now only with
> 
> ssh -Y 192.168.12.12
> 
> The /etc/ssh/ssh_config file says:
> 
> Host *
> ForwardX11 yes
> 
> So, it should allow to connect to all machines providing ssh and
> forward X11.
> 
> What did I miss?
> 
> Erich

If -Y works, the ssh config file option that corresponds to that is
ForwardX11Trusted.  ForwardX11 corresponds to -X.  (Not sure what
changed, just throwing out the one little crumb of info I've got.)

-- Ian

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

netmap NM_MAXPIPES

[Slawa Olhovchenkov]

What purpose for limiting pipes by NM_MAXPIPES?
I am trying to balance on cores by 4 balancer thread to 12 workers and
hit this limit: every worker have 2 pipes (in and out) to every
balancer -- 4x2x12 = 96.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: 82576 + NETMAP + VLAN

[Slawa Olhovchenkov]

On Tue, Feb 16, 2016 at 12:44:46AM +0300, Slawa Olhovchenkov wrote:

> On Mon, Feb 15, 2016 at 05:02:36PM +0100, Giuseppe Lettieri wrote:
> 
> > Il 15/02/2016 16:13, Slawa Olhovchenkov ha scritto:
> > > On Mon, Feb 15, 2016 at 04:10:30PM +0100, Giuseppe Lettieri wrote:
> > >
> > >> Hi Slawa,
> > >>
> > >> I think WITNESS is seeing a false positive, since those two are always
> > >> different mutexes.
> > >>
> > >> The actual deadlock you experience should be caused by something else. I
> > >
> > > Are you sure? When deadlock occur I am see threads waiting on nm_kn_lock.
> > 
> > The deadlock I mentioned still involves nm_kn_locks, sorry if I was not 
> > clear about that. I am just saying that we never try to take the same 
> > lock that we already holding.
> > 
> > Nonetheless, there are indeed problems in the path that WITNESS has 
> > seen. The problem is that pipes have to notify the other end while 
> > called by kevent. kevent holds the nm_kn_lock on the TX src ring and the 
> > notification takes the nm_kn_lock on the RX dst ring.
> 
> Can you comment other issuses? Is this by design or is this bug?

Do you commit this fix?

> - with kevent sync for transmiting need first register
>   EVFILT_WRITE/EV_DISABLE and after every write
>   EVFILT_WRITE/EV_DISPATCH
> 
> - with kevent sync all opening /dev/netmap and registering need do
>   from same thread as kevent using for sinc (unless no RX/TX).
>   
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Jenkins build became unstable: FreeBSD_stable_10 #143

[jenkins-admin]

See 

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

DISPLAY not set inside jails after update to 10.3-PRERELEASE FreeBSD 10.3-PRERELEASE #4 r297043

[Erich Dollansky]

Hi,

nothing else was changed on the machine except the update. I could use

ssh 192.168.12.12

to connect to a jail running under that IP address before the update
without problems.

It works now only with

ssh -Y 192.168.12.12

The /etc/ssh/ssh_config file says:

Host *
ForwardX11 yes

So, it should allow to connect to all machines providing ssh and
forward X11.

What did I miss?

Erich
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"