Re: CVS: cvs.openbsd.org: src

2022-05-23 Thread Theo de Raadt 
> CVSROOT:  /cvs
> Module name:  src
> Changes by:   an...@cvs.openbsd.org   2022/05/23 23:14:30
> 
> Modified files:
>   regress/lib/libc/sys: t_truncate.c 
> 
> Log message:
> Recent changes to truncate(2) swapped the ordering of some validations
> causing EACCESS as opposed of ESDIR to be returned while trying to
> truncate a directory as a user lacking write permissions to the same
> directory. As this behavior is reasonable, change the truncate directory
> from /etc/ to /tmp which makes the test pass both as root and non-root.

Pretty certain that is a mistake in the kernel commit.  A big part of the
discussion around that diff wasn't just fixing the rlimit problem, but
trying to make sure the order of evaluation of error was correct.  Looks
like it is wrong..

I guess the VDIR check should be put back into the two callers, not the
helper function, which will prevent the VOP_ACCESS errno from being
returned.

Maybe something like this (untested)

Index: vfs_syscalls.c
===
RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v
retrieving revision 1.357
diff -u -p -u -r1.357 vfs_syscalls.c
--- vfs_syscalls.c  23 May 2022 15:17:11 -  1.357
+++ vfs_syscalls.c  24 May 2022 05:30:59 -
@@ -2821,8 +2821,6 @@ dotruncate(struct proc *p, struct vnode 
 
if (len < 0)
return EINVAL;
-   if (vp->v_type == VDIR)
-   return EISDIR;
if ((error = vn_writechk(vp)) != 0)
return error;
if (vp->v_type == VREG && len > lim_cur_proc(p, RLIMIT_FSIZE)) {
@@ -2860,7 +2858,9 @@ sys_truncate(struct proc *p, void *v, re
return (error);
vp = nd.ni_vp;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
-   if ((error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p)) == 0)
+   if (vp->v_type == VDIR)
+   error = EISDIR;
+   else if ((error = VOP_ACCESS(vp, VWRITE, p->p_ucred, p)) == 0)
error = dotruncate(p, vp, SCARG(uap, length));
vput(vp);
return (error);
@@ -2888,7 +2888,10 @@ sys_ftruncate(struct proc *p, void *v, r
}
vp = fp->f_data;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
-   error = dotruncate(p, vp, SCARG(uap, length));
+   if (vp->v_type == VDIR)
+   error = EISDIR;
+   else
+   error = dotruncate(p, vp, SCARG(uap, length));
VOP_UNLOCK(vp);
 bad:
FRELE(fp, p);


Anton Lindqvist  wrote:

CVS: cvs.openbsd.org: src

2022-05-23 Thread Anton Lindqvist 
CVSROOT:/cvs
Module name:src
Changes by: an...@cvs.openbsd.org   2022/05/23 23:14:30

Modified files:
regress/lib/libc/sys: t_truncate.c 

Log message:
Recent changes to truncate(2) swapped the ordering of some validations
causing EACCESS as opposed of ESDIR to be returned while trying to
truncate a directory as a user lacking write permissions to the same
directory. As this behavior is reasonable, change the truncate directory
from /etc/ to /tmp which makes the test pass both as root and non-root.

CVS: cvs.openbsd.org: www

2022-05-23 Thread Tobias Heider 
CVSROOT:/cvs
Module name:www
Changes by: to...@cvs.openbsd.org   2022/05/23 11:41:34

Modified files:
openiked   : index.html releases.html 

Log message:
OpenIKED 7.1

CVS: cvs.openbsd.org: src

2022-05-23 Thread Kenneth R Westerback 
CVSROOT:/cvs
Module name:src
Changes by: k...@cvs.openbsd.org2022/05/23 10:58:11

Modified files:
distrib/loongson/ramdisk: list 
distrib/macppc/ramdisk: list 
distrib/sets/lists/base: md.loongson md.macppc 
distrib/special/fdisk: Makefile 
sbin/fdisk : Makefile 
sys/arch/loongson/stand: Makefile 
sys/arch/macppc/stand: Makefile 

Log message:
Neither macppc nor the retired loongson have any remaining useful
information in /usr/mdec/mbr. Stop telling fdisk(8) that macppc
and loongson HAS_MBR, and don't bother including the file in the
base set.

macppc build/install tests and ok gkoehler@
loongson is gone deraadt@

CVS: cvs.openbsd.org: src

2022-05-23 Thread Todd C . Miller 
CVSROOT:/cvs
Module name:src
Changes by: mill...@cvs.openbsd.org 2022/05/23 09:17:11

Modified files:
lib/libc/sys   : truncate.2 
sys/kern   : vfs_syscalls.c 

Log message:
Respect RLIMIT_FSIZE when extending a file via truncat(2)/ftruncate(2).
This refactors the commin parts of sys_truncate() and sys_ftruncate()
into dotruncate().  If the new size of the file is larger than the
RLIMIT_FSIZE limit _and_ the file is being extended, not truncated,
return EFBIG.  Adapted from a diff by Piotr Durlej.
With help from and OK by deraadt@ guenther@.

CVS: cvs.openbsd.org: src

2022-05-23 Thread Theo Buehler 
CVSROOT:/cvs
Module name:src
Changes by: t...@cvs.openbsd.org2022/05/23 08:10:18

Modified files:
usr.sbin/rpki-client: mft.c roa.c 

Log message:
Improve #ifdefs for STACK_OF() helpers.

Discussed with claudio

CVS: cvs.openbsd.org: src

2022-05-23 Thread Theo de Raadt 
CVSROOT:/cvs
Module name:src
Changes by: dera...@cvs.openbsd.org 2022/05/23 07:40:12

Modified files:
usr.sbin/bgpd  : bgpd.h kroute.c parse.y rde_peer.c rde_rib.c 
 rde_trie.c rde_update.c 

Log message:
whitespaces found when I went checking for something else

CVS: cvs.openbsd.org: src

2022-05-23 Thread Claudio Jeker 
CVSROOT:/cvs
Module name:src
Changes by: clau...@cvs.openbsd.org 2022/05/23 07:39:14

Modified files:
usr.sbin/rpki-client: main.c 

Log message:
There is no need to be quiet by default anymore and also stdout is
perfectly fine. So switch the stats output at the end of the run to
simply use printtf(3) and no longer depend on -v flag.
OK tb@

CVS: cvs.openbsd.org: src

2022-05-23 Thread David Gwynne 
CVSROOT:/cvs
Module name:src
Changes by: d...@cvs.openbsd.org2022/05/23 05:37:22

Modified files:
sys/dev/fdt: ehci_fdt.c 

Log message:
add support for the ehci controller on marvell 3720 boards.

the marvell controllers have two quirks compared to standard ehci
controllers, but they're small enough that they can be dealt with
here rather than creating a specific glue driver (like imxehci has).

the first quirk is that the ehci registers are offset in the window
advertised by the device tree. this is handled by having ehci_fdt
always present a bus space subregion to ehci, and defaults the
offset to 0. marvell controllers provide the right offset into their
register window so the subregion code can find the right place for
ehci to operate on.

the other quirk is that marvell controllers need to be forced to
host mode with the extra EHCI_USBMODE register.

this makes ehci work on espressobins and gl-mv1000 boards.

tested by me and dtucker@
ok kettenis@ patrick@

CVS: cvs.openbsd.org: src

2022-05-23 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2022/05/23 05:17:35

Modified files:
sys/net: pf.c 

Log message:
In pf the kernel paniced if IP options in packet within ICMP payload
were truncated.  Drop such packets instead.
Reported-by: syzbot+91abd3aa2fdfe900f...@syzkaller.appspotmail.com
OK sashan@ claudio@

CVS: cvs.openbsd.org: src

2022-05-23 Thread Alexander Bluhm 
CVSROOT:/cvs
Module name:src
Changes by: bl...@cvs.openbsd.org   2022/05/23 03:54:18

Modified files:
sys/net: pf.c 

Log message:
Fix white space.