Re: Pledge for Vi and Ex
"Anthony J. Bentley" writes:
> Gregor Best writes:
> > @@ -229,6 +230,14 @@ editor(GS *gp, int argc, char *argv[])
> > }
> > if (LF_ISSET(SC_EX) && F_ISSET(gp, G_SCRIPTED))
> > silent =3D 1;
> > +
> > + if (secure) {
> > + if (pledge("stdio rpath wpath cpath fattr flock tty", NULL))
> > + err(1, "pledge");
>
> I didn't include this chunk because currently even in -S mode you need
> proc/exec for cscope.
cscope is gone now, so this can be considered again.
vi uses the proc pledge for three reasons:
- uses kill() to suspend (^Z or :suspend)
- uses vfork() for filters (the ! command)
- uses vfork() for shell expansion
All three of these are disabled when the -S flag is set, so we can pledge
never to proc/exec in that case.
ok?
Index: common/main.c
===
RCS file: /cvs/src/usr.bin/vi/common/main.c,v
retrieving revision 1.28
diff -u -p -r1.28 main.c
--- common/main.c 15 Nov 2015 01:22:36 - 1.28
+++ common/main.c 19 Nov 2015 08:40:11 -
@@ -223,6 +223,11 @@ editor(GS *gp, int argc, char *argv[])
argc -= optind;
argv += optind;
+ if (secure && pledge("stdio rpath wpath cpath fattr flock getpw tty",
NULL) == -1) {
+ perror("pledge");
+ goto err;
+ }
+
/*
* -s option is only meaningful to ex.
*
Re: [patch] was: Re: login(3) routines data integrity patch
Chris Turner wrote: > On 11/12/15 14:10, Ted Unangst wrote: > > Chris Turner wrote: > >>> > >>> The attached patch calls fsync(2) on related FD's in the login(3) > >>> routines, which corrected the problem on my test machine, > >>> and imho might be a good idea in general. > > > > AFAIK it should not be necessary to call fsync() before close(). Closing a > > file should flush all its data. The patch either does nothing, or masks a > > much > > more serious somewhere else. (The latter is a distinct possibility, but we > > can't go adding fsync to hundreds of file operations throughout the tree.) > > Will defer - > > To be clear however, in this case I'm strictly referring to the (brief) > time window between data being flushed from the process and that data then > being sync'ed to disk by the system - > > E.g., as related to fsync(2): > > " > fsync() and fdatasync() should be used by programs that require a file > to > be in a known state, for example, in building a simple transaction > facility. > " > > obviously there's still the case of physical disk caches, etc. > > I realize fsync is not done everywhere on file close, and likely rightfully > so in many/most cases - my thinking was that here specifically might be a > good place given the type of (sensitive, non-reproducable) data being stored. No, you're not wrong. The question here is what is the "transaction" that needs to be in a known state. Anything reading this file will see the cached data, so no inconsistency. also afaik, there aren't any other files which depend on this file, but which may be written out first. there's no requirement for this data to be written out in a particular order with respect to other data. The window in which the data is not written you refer to also exists before (and even during) the fsync call. That data should also be written cleanly before shutdown. fwiw other people have seen other symptoms of the system failing to fully flush write buffers before shutdown. some aspect of vfs_sync/shutdown is not trying "hard enough" to get the job done.
Re: tail -n +NUM broken [Was CVS: cvs.openbsd.org: src]
> > Modified files: > > usr.bin/tail : extern.h forward.c misc.c read.c reverse.c > > tail.c > > > > Log message: > > another try to allow tailing multiple files. maybe it works? > > commit now to allow people to test. > > I just updated to very latest snapshot and tail with plus num doesn't > work: > > OpenBSD 5.8-current (GENERIC.MP) #1636: Thu Nov 19 14:05:34 MST 2015 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > $ ps auxwww | tail -n +3 | wc -l >0 (Everyone else: Please report all tail bugs to either tech or bugs.) Definitely a regression here, the rewrite of forward() is apparently not counting the offset correctly.
Re: [PATCH 1/2] flex 2.5.39
Serguey Parkhomovsky wrote:
> * renamed parse.c, parse.h, scan.c, skel.c with init prefix so compiling
> flex outside of obj by accident wouldn't clobber the bootstrap files
Do you remember what caused you to skip using the in base yacc? The diff below
seems to work for me.
Index: Makefile
===
RCS file: /cvs/src/usr.bin/lex/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile
--- Makefile19 Nov 2015 23:46:55 - 1.14
+++ Makefile19 Nov 2015 23:52:40 -
@@ -18,7 +18,7 @@ SRCS= buf.c ccl.c dfa.c ecs.c filter.c g
scanopt.c skel.c sym.c tables.c tables_shared.c \
tblcmp.c yylex.c
-CLEANFILES+=skel.c parse.h
+CLEANFILES+=skel.c parse.c parse.h
LDADD+=-lm
MAN = flex.1
@@ -29,10 +29,8 @@ MLINKS= flex.1 lex.1 flex.1 flex++.1
VERSION="2.5.39"
-# Our yacc is too old to compile parse.y; use bootstrapped parse.c instead
-parse.h parse.c: parse.y initparse.c initparse.h
- cp ${.CURDIR}/initparse.c parse.c
- cp ${.CURDIR}/initparse.h parse.h
+parse.h parse.c: parse.y
+ yacc -d -o parse.c ${.CURDIR}/parse.y
skel.c: flex.skl mkskel.sh flexint.h tables_shared.h
sed -e 's/m4_/m4postproc_/g' -e 's/m4preproc_/m4_/g' \
Re: tail -n +NUM broken [Was CVS: cvs.openbsd.org: src]
Ted Unangst wrote:
> > > Modified files:
> > > usr.bin/tail : extern.h forward.c misc.c read.c reverse.c
> > >tail.c
> > >
> > > Log message:
> > > another try to allow tailing multiple files. maybe it works?
> > > commit now to allow people to test.
> >
> > I just updated to very latest snapshot and tail with plus num doesn't
> > work:
> >
> > OpenBSD 5.8-current (GENERIC.MP) #1636: Thu Nov 19 14:05:34 MST 2015
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > $ ps auxwww | tail -n +3 | wc -l
> >0
>
> (Everyone else: Please report all tail bugs to either tech or bugs.)
>
> Definitely a regression here, the rewrite of forward() is apparently not
> counting the offset correctly.
So the problem is that after the for loop over files, we have:
(void)fflush(stdout);
if (!fflag || kq < 0)
return;
That code used to live a little farther down, in the loop that copied data,
and didn't break until after we hit EOF.
I think it may make sense to do the copying in the file loop instead. This
handles one case, but I think there are more. We also need to reset the offset
for each file, or later ones don't print anything.
Index: forward.c
===
RCS file: /cvs/src/usr.bin/tail/forward.c,v
retrieving revision 1.27
diff -u -p -r1.27 forward.c
--- forward.c 19 Nov 2015 17:50:04 - 1.27
+++ forward.c 20 Nov 2015 00:25:17 -
@@ -52,6 +52,16 @@ static const struct timespec *tfreopen(s
static int kq = -1;
+static void
+printtail(FILE *fp)
+{
+ int ch;
+
+ while (!feof(fp) && (ch = getc(fp)) != EOF)
+ if (putchar(ch) == EOF)
+ oerr();
+}
+
/*
* forward -- display the file, from an offset, forward.
*
@@ -75,7 +85,7 @@ static int kq = -1;
* NOREG cyclically read lines into a wrap-around array of buffers
*/
void
-forward(struct tailfile *tf, int nfiles, enum STYLE style, off_t off)
+forward(struct tailfile *tf, int nfiles, enum STYLE style, off_t origoff)
{
int ch;
struct tailfile *ctf, *ltf;
@@ -91,6 +101,7 @@ forward(struct tailfile *tf, int nfiles,
warn("kqueue");
for (i = 0; i < nfiles; i++) {
+ off_t off = origoff;
if (nfiles > 1)
printfname(tf[i].fname);
@@ -125,8 +136,11 @@ forward(struct tailfile *tf, int nfiles,
}
break;
}
- if (ch == '\n' && !--off)
+ if (ch == '\n' && !--off) {
+ if (!fflag)
+ printtail(tf[i].fp);
break;
+ }
}
break;
case RBYTES:
Re: pledge for tetris
Now that tedu moved the score file to $HOME, we can get by with
"stdio rpath wpath cpath tty".
Do some basic clean up in the manual. There's more to do, but leave
that for later.
Index: games/tetris/tetris.6
===
RCS file: /var/cvs/src/games/tetris/tetris.6,v
retrieving revision 1.16
diff -u -p -r1.16 tetris.6
--- games/tetris/tetris.6 27 Jul 2015 18:48:04 - 1.16
+++ games/tetris/tetris.6 19 Nov 2015 00:19:47 -
@@ -146,8 +146,8 @@ Scores which are the highest on a given
are marked with asterisks
.Dq * .
.Sh FILES
-.Bl -tag -width /var/games/tetris.scoresxx
-.It Pa /var/games/tetris.scores
+.Bl -tag -width $HOME/tetris.scores
+.It Pa $HOME/tetris.scores
high score file
.El
.Sh AUTHORS
Index: games/tetris/tetris.c
===
RCS file: /var/cvs/src/games/tetris/tetris.c,v
retrieving revision 1.25
diff -u -p -r1.25 tetris.c
--- games/tetris/tetris.c 16 Nov 2014 04:49:49 - 1.25
+++ games/tetris/tetris.c 19 Nov 2015 00:10:01 -
@@ -61,7 +61,6 @@ const struct shape *curshape;
const struct shape *nextshape;
long fallrate;
intscore;
-gid_t gid, egid;
char key_msg[100];
intshowpreview, classic;
@@ -157,11 +156,10 @@ main(int argc, char *argv[])
const char *errstr;
int ch, i, j;
- keys = "jkl pq";
+ if (pledge("stdio rpath wpath cpath tty", NULL) == -1)
+ err(1, "pledge");
- gid = getgid();
- egid = getegid();
- setegid(gid);
+ keys = "jkl pq";
classic = showpreview = 0;
while ((ch = getopt(argc, argv, "ck:l:ps")) != -1)
Index: games/tetris/tetris.h
===
RCS file: /var/cvs/src/games/tetris/tetris.h,v
retrieving revision 1.10
diff -u -p -r1.10 tetris.h
--- games/tetris/tetris.h 10 Aug 2008 12:23:25 - 1.10
+++ games/tetris/tetris.h 19 Nov 2015 00:05:11 -
@@ -167,7 +167,6 @@ extern long fallrate; /* less than 1 mil
#define PRE_PENALTY 0.75
extern int score; /* the obvious thing */
-extern gid_t gid, egid;
extern charkey_msg[100];
extern int showpreview;
serious watchdog timeout issues with em driver
Have serious problems for over 7 weeks now with em driver, specifically any rev of if_em.c > 1.305. Starting with rev 1.306, released on 2015/09/30 and continuing to -current, watchdog timeouts rue the day. Unfortunately rev 1.305 no longer builds with -current as it appears the patch in rev 1.309 would be necessary. System in question is a NAT firewall, also running Unbound and DHCPD. Timeouts occur randomly and can affect both internal and external interfaces. But use of a bittorrent app on an internal client system will always trigger many such timeouts: Nov 18 12:21:17 stargate /bsd: em0: watchdog timeout -- resetting Nov 18 12:21:17 stargate /bsd: em1: watchdog timeout -- resetting Nov 18 12:22:34 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:22:34 stargate unbound: [12687:1] notice: remote address is 172.27.12.11 port 55181 Nov 18 12:22:36 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:22:36 stargate unbound: [12687:1] notice: remote address is 172.27.12.253 port 54266 Nov 18 12:22:36 stargate unbound: [22477:0] notice: sendto failed: No buffer space available Nov 18 12:22:36 stargate unbound: [22477:0] notice: remote address is 172.27.12.253 port 53257 Nov 18 12:22:37 stargate /bsd: em0: watchdog timeout -- resetting Nov 18 12:23:42 stargate /bsd: em0: watchdog timeout -- resetting Nov 18 12:28:11 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:28:11 stargate unbound: [12687:1] notice: remote address is 172.27.12.66 port 56045 Nov 18 12:28:12 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:28:12 stargate unbound: [12687:1] notice: remote address is 172.27.12.66 port 41975 Nov 18 12:28:12 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:28:12 stargate unbound: [12687:1] notice: remote address is 172.27.12.66 port 48603 Nov 18 12:28:12 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:28:12 stargate unbound: [12687:1] notice: remote address is 172.27.12.66 port 17834 Nov 18 12:28:13 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:28:13 stargate unbound: [12687:1] notice: remote address is 172.27.12.66 port 1177 Nov 18 12:28:14 stargate unbound: [12687:1] notice: sendto failed: No buffer space available Nov 18 12:28:14 stargate unbound: [12687:1] notice: remote address is 172.27.12.66 port 39013 Nov 18 12:28:15 stargate /bsd: em0: watchdog timeout -- resetting Nov 18 12:29:42 stargate /bsd: em0: watchdog timeout -- resetting Nov 18 14:00:01 stargate syslogd: restart Nov 18 16:00:01 stargate syslogd: restart Nov 19 12:00:01 stargate syslogd: restart Nov 19 16:00:01 stargate syslogd: restart Nov 19 16:08:36 stargate /bsd: em0: watchdog timeout -- resetting Nov 19 16:10:34 stargate /bsd: em0: watchdog timeout -- resetting Nov 19 16:15:04 stargate /bsd: em0: watchdog timeout -- resetting Nov 19 16:19:55 stargate last message repeated 3 times (one of the above is on the external interface em1) The timeouts don't just shutdown net access during the reset time, other problems occur. Many time the SSH server no longer accepts connections so shelling into the system is not an option: $ ssh stargate write: Connection reset by peer I've also had a system crash that I suspect (no proof at all and thankfully it hasn't re-occurred, but timing is everything) was caused by the faulty em driver: Nov 1 22:23:55 stargate /bsd: uvm_fault(0x818f9920, 0xfff7818adf60, 0, 1) -> e Nov 1 22:23:55 stargate /bsd: fatal page fault in supervisor mode Nov 1 22:23:55 stargate /bsd: trap type 6 code 0 rip 81329e69 cs 8 rflags 10286 cr2 fff7818adf60 cpl 7 rsp 8000221df76 0 Nov 1 22:23:55 stargate /bsd: panic: trap type 6, code=0, pc=81329e69 Nov 1 22:23:55 stargate /bsd: Starting stack trace... Nov 1 22:23:55 stargate /bsd: panic() at panic+0x10b Nov 1 22:23:55 stargate /bsd: trap() at trap+0x7b8 Nov 1 22:23:55 stargate /bsd: --- trap (number 6) --- Nov 1 22:23:55 stargate /bsd: trap() at trap+0x709 Nov 1 22:23:55 stargate /bsd: --- trap (number 4) --- Nov 1 22:23:55 stargate /bsd: trap() at trap+0x709 Nov 1 22:23:55 stargate /bsd: --- trap (number 4) --- Nov 1 22:23:55 stargate /bsd: bpf_filter() at bpf_filter+0x19b Nov 1 22:23:55 stargate /bsd: _bpf_mtap() at _bpf_mtap+0xf4 Nov 1 22:23:55 stargate /bsd: bpf_mtap_ether() at bpf_mtap_ether+0x39 Nov 1 22:23:55 stargate /bsd: em_start() at em_start+0xd6 Nov 1 22:23:55 stargate /bsd: nettxintr() at nettxintr+0x52 Nov 1 22:23:55 stargate /bsd: softintr_dispatch() at softintr_dispatch+0x8b Nov 1 22:23:55 stargate /bsd: Xsoftnet() at
Memory corruptions in bc(1)
I'm already cache-thrashing with all of my side projects, so if anyone's interested I'll leave this to them. A few days ago, I wanted to try American Fuzzy Lop (afl), and bc(1) seemed like a good first target: it pretty much just goes from stdin to stdout, so there's no code reorganization needed. For those not familiar, bc compiles its input to dc(1)'s syntax and forks to dc. There are many unique crash paths - 1041 before I killed afl. Most center around emit(), which emits a dc instr. Many pass NULL to fputs() in emit(). I found at least one (crashes/id:001041*) that nondeterministically passes the str pointer 0xdfdfdfdfdfdfdfdf to fputs(), which is probably uninitialized or already-freed memory. Backtrace below. malloc.conf(5) may be useful. Here's the full afl directory: http://www.sccs.swarthmore.edu/users/16/mmcconv1/bc-afl/ Core was generated by `bc'. Program terminated with signal SIGBUS, Bus error. #0 strlen () at /usr/src/lib/libc/arch/amd64/string/strlen.S:152 152 movq(%rax),%rdx /* first data in high bytes */ (gdb) bt #0 strlen () at /usr/src/lib/libc/arch/amd64/string/strlen.S:152 #1 0x19f79fa7c43d in *_libc_fputs (s=0xdfdfdfdfdfdfdfdf , fp=0x1) at /usr/src/lib/libc/stdio/fputs.c:50 #2 0x19f4ecb0f401 in emit (i=28548786530304) at /usr/src/usr.bin/bc/bc.y:810 #3 yyparse () at /usr/src/usr.bin/bc/bc.y:178 #4 0x19f4ecb13f3e in main (argc=1, argv=0x7f7fa570) at /usr/src/usr.bin/bc/bc.y:1188
atc(6): convert hand-rolled option parsing to getopt(3)
Index: games/atc/main.c
===
RCS file: /cvs/src/games/atc/main.c,v
retrieving revision 1.23
diff -u -p -r1.23 main.c
--- games/atc/main.c13 Jul 2014 14:01:04 - 1.23
+++ games/atc/main.c19 Nov 2015 22:36:50 -
@@ -46,12 +46,13 @@
#include "pathnames.h"
int
-main(int ac, char *av[])
+main(int argc, char *argv[])
{
+ int ch;
int f_usage = 0, f_list = 0, f_showscore = 0;
int f_printpath = 0;
const char *file = NULL;
- char*name, *ptr, *seed;
+ char*seed;
struct sigactionsa;
gid_t gid;
struct itimervalitv;
@@ -66,58 +67,48 @@ main(int ac, char *av[])
makenoise = 1;
seed = NULL;
- name = *av++;
- while (*av) {
-#ifndef SAVEDASH
- if (**av == '-')
- ++*av;
- else
- break;
-#endif
- ptr = *av++;
- while (*ptr) {
- switch (*ptr) {
- case '?':
- case 'u':
- f_usage++;
- break;
- case 'l':
- f_list++;
- break;
- case 's':
- case 't':
- f_showscore++;
- break;
- case 'p':
- f_printpath++;
- break;
- case 'q':
- makenoise = 0;
- break;
- case 'r':
- seed = *av;
- av++;
- break;
- case 'f':
- case 'g':
- file = *av;
- av++;
- break;
- default:
- warnx("unknown option '%c'", *ptr);
- f_usage++;
- break;
- }
- ptr++;
+ while ((ch = getopt(argc, argv, "f:g:lpqr:stu?")) != -1) {
+ switch (ch) {
+ case 'f':
+ case 'g':
+ file = optarg;
+ break;
+ case 'l':
+ f_list = 1;
+ break;
+ case 'p':
+ f_printpath = 1;
+ break;
+ case 'q':
+ makenoise = 0;
+ break;
+ case 'r':
+ seed = optarg;
+ break;
+ case 's':
+ case 't':
+ f_showscore = 1;
+ break;
+ case 'u':
+ case '?':
+ default:
+ f_usage = 1;
+ break;
}
}
+ argc -= optind;
+ argv += optind;
+
+ if (argc > 0)
+ f_usage = 1;
+
if (seed != NULL)
setseed(seed);
if (f_usage)
fprintf(stderr,
"usage: %s [-lpqstu?] [-f game] [-g game] [-r seed]\n",
- name);
+ getprogname());
if (f_showscore)
log_score(1);
if (f_list)
rt_ifp and arp
Fewer rt_ifp in arp, ok?
Index: netinet/if_ether.c
===
RCS file: /cvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.188
diff -u -p -r1.188 if_ether.c
--- netinet/if_ether.c 18 Nov 2015 13:58:02 - 1.188
+++ netinet/if_ether.c 19 Nov 2015 10:52:54 -
@@ -621,7 +621,7 @@ in_arpinput(struct mbuf *m)
rt->rt_flags &= ~RTF_REJECT;
/* Notify userland that an ARP resolution has been done. */
if (la->la_asked || changed)
- rt_sendmsg(rt, RTM_RESOLVE, rt->rt_ifp->if_rdomain);
+ rt_sendmsg(rt, RTM_RESOLVE, ifp->if_rdomain);
la->la_asked = 0;
while ((len = ml_len(>la_ml)) != 0) {
mh = ml_dequeue(>la_ml);
@@ -680,7 +680,6 @@ out:
sa.sa_len = sizeof(sa);
ifp->if_output(ifp, m, , NULL);
if_put(ifp);
- return;
}
/*
@@ -691,13 +690,16 @@ arptfree(struct rtentry *rt)
{
struct llinfo_arp *la = (struct llinfo_arp *)rt->rt_llinfo;
struct sockaddr_dl *sdl = satosdl(rt->rt_gateway);
+ struct ifnet *ifp;
+ ifp = if_get(rt->rt_ifidx);
if ((sdl != NULL) && (sdl->sdl_family == AF_LINK)) {
sdl->sdl_alen = 0;
la->la_asked = 0;
}
- rtdeletemsg(rt, rt->rt_ifp->if_rdomain);
+ rtdeletemsg(rt, ifp->if_rdomain);
+ if_put(ifp);
}
/*
@@ -742,8 +744,10 @@ arpproxy(struct in_addr in, unsigned int
int found = 0;
rt = arplookup(in.s_addr, 0, SIN_PROXY, rtableid);
- if (rt == NULL)
+ if (!rtisvalid(rt)) {
+ rtfree(rt);
return (0);
+ }
/* Check that arp information are correct. */
sdl = satosdl(rt->rt_gateway);
@@ -752,10 +756,16 @@ arpproxy(struct in_addr in, unsigned int
return (0);
}
- ifp = rt->rt_ifp;
+ ifp = if_get(rt->rt_ifidx);
+ if (ifp == NULL) {
+ rtfree(rt);
+ return (0);
+ }
+
if (!memcmp(LLADDR(sdl), LLADDR(ifp->if_sadl), sdl->sdl_alen))
found = 1;
+ if_put(ifp);
rtfree(rt);
return (found);
}
rt_ifp and pf(4)
Stop using rt_ifp. While here put some NCARP... ok?
Index: net/pf.c
===
RCS file: /cvs/src/sys/net/pf.c,v
retrieving revision 1.950
diff -u -p -r1.950 pf.c
--- net/pf.c12 Nov 2015 10:07:14 - 1.950
+++ net/pf.c19 Nov 2015 11:05:37 -
@@ -36,6 +36,7 @@
*/
#include "bpfilter.h"
+#include "carp.h"
#include "pflog.h"
#include "pfsync.h"
#include "pflow.h"
@@ -2595,9 +2596,11 @@ pf_match_rcvif(struct mbuf *m, struct pf
if (ifp == NULL)
return (0);
+#if NCARP > 0
if (ifp->if_type == IFT_CARP && ifp->if_carpdev)
kif = (struct pfi_kif *)ifp->if_carpdev->if_pf_kif;
else
+#endif
kif = (struct pfi_kif *)ifp->if_pf_kif;
if_put(ifp);
@@ -5347,7 +5350,6 @@ pf_routable(struct pf_addr *addr, sa_fam
struct sockaddr_in6 *dst6;
#endif /* INET6 */
struct rtentry *rt, *rt0 = NULL;
- struct ifnet*ifp;
check_mpath = 0;
memset(, 0, sizeof(ss));
@@ -5397,13 +5399,20 @@ pf_routable(struct pf_addr *addr, sa_fam
ret = 0;
rt = rt0;
do {
- if (rt->rt_ifp->if_type == IFT_CARP)
- ifp = rt->rt_ifp->if_carpdev;
- else
- ifp = rt->rt_ifp;
-
- if (kif->pfik_ifp == ifp)
+ if (rt->rt_ifidx == kif->pfik_ifp->if_index) {
ret = 1;
+#if NCARP > 0
+ } else {
+ struct ifnet*ifp;
+
+ ifp = if_get(rt->rt_ifidx);
+ if (ifp != NULL && ifp->if_type == IFT_CARP &&
+ ifp->if_carpdev == kif->pfik_ifp)
+ ret = 1;
+ if_put(ifp);
+#endif
+ }
+
#ifndef SMALL_KERNEL
rt = rtable_mpath_next(rt);
#else
@@ -5512,7 +5521,7 @@ pf_route(struct mbuf **m, struct pf_rule
goto bad;
}
- ifp = rt->rt_ifp;
+ ifp = if_get(rt->rt_ifidx);
if (rt->rt_flags & RTF_GATEWAY)
dst = satosin(rt->rt_gateway);
@@ -5607,6 +5616,8 @@ pf_route(struct mbuf **m, struct pf_rule
done:
if (r->rt != PF_DUPTO)
*m = NULL;
+ if (!r->rt)
+ if_put(ifp);
rtfree(rt);
return;
@@ -6312,9 +6323,11 @@ pf_test(sa_family_t af, int fwdir, struc
if (!pf_status.running)
return (PF_PASS);
+#if NCARP > 0
if (ifp->if_type == IFT_CARP && ifp->if_carpdev)
kif = (struct pfi_kif *)ifp->if_carpdev->if_pf_kif;
else
+#endif
kif = (struct pfi_kif *)ifp->if_pf_kif;
if (kif == NULL) {
rt_ifp in tcp_mss()
Stop using rt_ifp, ok?
Index: netinet/tcp_input.c
===
RCS file: /cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.308
diff -u -p -r1.308 tcp_input.c
--- netinet/tcp_input.c 6 Nov 2015 11:20:56 - 1.308
+++ netinet/tcp_input.c 19 Nov 2015 11:12:56 -
@@ -2988,8 +2988,6 @@ tcp_mss(struct tcpcb *tp, int offer)
if (rt == NULL)
goto out;
- ifp = rt->rt_ifp;
-
switch (tp->pf) {
#ifdef INET6
case AF_INET6:
@@ -3004,6 +3002,7 @@ tcp_mss(struct tcpcb *tp, int offer)
goto out;
}
+ ifp = if_get(rt->rt_ifidx);
/*
* if there's an mtu associated with the route and we support
* path MTU discovery for the underlying protocol family, use it.
@@ -3025,7 +3024,7 @@ tcp_mss(struct tcpcb *tp, int offer)
mss = rt->rt_rmx.rmx_mtu - iphlen -
sizeof(struct tcphdr);
}
- } else if (!ifp) {
+ } else if (ifp == NULL) {
/*
* ifp may be null and rmx_mtu may be zero in certain
* v6 cases (e.g., if ND wasn't able to resolve the
@@ -3053,7 +3052,7 @@ tcp_mss(struct tcpcb *tp, int offer)
mssopt = ifp->if_mtu - iphlen - sizeof(struct tcphdr);
mssopt = max(tcp_mssdflt, mssopt);
}
-
+ if_put(ifp);
out:
/*
* The current mss, t_maxseg, is initialized to the default value.
pledge route(8) with '-n' flag
Hi,
I gave it another go to further reduce the pledge promises in route(8),
and this is what I could come up with:
Remove the initial pledge and join the 2 switch cases, then apply a
specific pledge depending on the codepath:
flush route, show and monitor use "stdio" if -n is used, otherwise it
uses "stdio rpath dns".
add/change/delete route on the other hand cannot be done with this
condition since nflag is not verified anywhere in the newroute()
function, and it doesn't matter if it's used or not. That being said it
starts with "stdio rpath dns" and after the loop to parse the arguments
and modifiers it can be reduced to "stdio".
While here I also changed 0 to SHUT_RD in order to use the symbolic name
instead of the hardcoded value.
As a side note I inspected route(8)'s source code on FreeBSD and NetBSD
and they also suffer from the same "problem" with nflag when changing
routes, maybe it's still there just for compatibility? As far as I can
remember I never used -n when changing routes because it just works. I
don't think it should be reported to bugs@ though since it's not an
issue per se.
Also adding mikeb@, bennob@ and claudio@ to the conversation as per
theo@'s advise.
Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.179
diff -u -p -u -r1.179 route.c
--- route.c 25 Oct 2015 09:37:08 - 1.179
+++ route.c 19 Nov 2015 14:46:32 -
@@ -224,17 +224,6 @@ main(int argc, char **argv)
case K_FLUSH:
exit(flushroutes(argc, argv));
break;
- }
-
- if (nflag) {
- if (pledge("stdio rpath dns", NULL) == -1)
- err(1, "pledge");
- } else {
- if (pledge("stdio rpath dns", NULL) == -1)
- err(1, "pledge");
- }
-
- switch (kw) {
case K_GET:
uid = 0;
/* FALLTHROUGH */
@@ -330,7 +319,7 @@ flushroutes(int argc, char **argv)
}
if (nflag) {
- if (pledge("stdio rpath dns", NULL) == -1)
+ if (pledge("stdio", NULL) == -1)
err(1, "pledge");
} else {
if (pledge("stdio rpath dns", NULL) == -1)
@@ -445,12 +434,15 @@ newroute(int argc, char **argv)
int key;
uint8_t prio = 0;
struct hostent *hp = NULL;
+
+ if (pledge("stdio rpath dns", NULL) == -1)
+ err(1, "pledge");
if (uid)
errx(1, "must be root to alter routing table");
cmd = argv[0];
if (*cmd != 'g')
- shutdown(s, 0); /* Don't want to read back our messages */
+ shutdown(s, SHUT_RD); /* Don't want to read back our messages */
while (--argc > 0) {
if (**(++argv)== '-') {
switch (key = keyword(1 + *argv)) {
@@ -630,6 +622,10 @@ newroute(int argc, char **argv)
usage(NULL);
}
}
+
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+
if (forcehost)
ishost = 1;
if (forcenet)
@@ -1090,8 +1086,13 @@ monitor(int argc, char *argv[])
char msg[2048];
time_t now;
- if (pledge("stdio rpath dns", NULL) == -1)
- err(1, "pledge");
+ if (nflag) {
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+ } else {
+ if (pledge("stdio rpath dns", NULL) == -1)
+ err(1, "pledge");
+ }
verbose = 1;
if (debugonly) {
Index: show.c
===
RCS file: /cvs/src/sbin/route/show.c,v
retrieving revision 1.102
diff -u -p -u -r1.102 show.c
--- show.c 23 Oct 2015 15:03:25 - 1.102
+++ show.c 19 Nov 2015 14:46:35 -
@@ -146,7 +146,7 @@ p_rttables(int af, u_int tableid, int ha
}
if (nflag) {
- if (pledge("stdio rpath dns", NULL) == -1)
+ if (pledge("stdio", NULL) == -1)
err(1, "pledge");
} else {
if (pledge("stdio rpath dns", NULL) == -1)
trunk vs busy ports
IFF_OACTIVE means the hardware ring is full, not if it is busy. perhaps a better check is to see whether there are pending packets on the send queue? i could also argue we dont need the check at all, but this is less of a semantic change. ok? Index: if_trunk.c === RCS file: /cvs/src/sys/net/if_trunk.c,v retrieving revision 1.124 diff -u -p -r1.124 if_trunk.c --- if_trunk.c 20 Nov 2015 05:33:54 - 1.124 +++ if_trunk.c 20 Nov 2015 05:35:07 - @@ -296,7 +296,7 @@ trunk_port_create(struct trunk_softc *tr return (ENOSPC); /* New trunk port has to be in an idle state */ - if (ifp->if_flags & IFF_OACTIVE) + if (!ifq_empty(>if_snd)) return (EBUSY); /* Check if port has already been associated to a trunk */
ntpd pledge, needs "unix" to talk to ntpctl
Hi, I noticed that ntpd would die if I tried to use ntpctl to check on it: [...] 29946 ntpd CALL poll(0xda8993ab5c0,4,1000) 29946 ntpd RET poll 1 29946 ntpd CALL kbind(0x7f7c2558,0x18,0x7bb3facd5f812ed9) 29946 ntpd RET kbind 0 29946 ntpd CALL accept(5,0x7f7c2630,0x7f7c262c) 29946 ntpd PLDG accept, "unix", errno 1 Operation not permitted 29946 ntpd PSIG SIGABRT SIG_DFL [...] I also get ntpd(): syscall 30 "unix" in the console. Cheer, ps. is tech@ the right list for these sorts of things? -- :: Andreas Kusalananda Kähäri :: Bioinformatics Developer :: Uppsala, Sweden ::--
[patch] fortune(6): fix missing negative in manpage
If you are willing to be offended, then quit using -o? It should be the opposite. Index: fortune.6 === RCS file: /cvs/src/games/fortune/fortune/fortune.6,v retrieving revision 1.14 diff -u -p -r1.14 fortune.6 --- fortune.6 25 Sep 2015 17:37:23 - 1.14 +++ fortune.6 19 Nov 2015 15:46:46 - @@ -86,7 +86,7 @@ Choose only from potentially offensive a Please, please, please request a potentially offensive fortune if and only if you believe, deep down in your heart, that you are willing to be offended. -(And that if you are, you'll just quit using +(And that if you aren't, you'll just quit using .Fl o rather than give us grief about it, okay?)
sppp_subr vs if_start and a use after free
once you enqueue an mbuf, you no longer own it. therefore you cant
read the length out of it.
this reads the length first, then tries to enq it.
also, call if_start instead of a bare call to the underlying start
routine.
ok?
Index: if_spppsubr.c
===
RCS file: /cvs/src/sys/net/if_spppsubr.c,v
retrieving revision 1.146
diff -u -p -r1.146 if_spppsubr.c
--- if_spppsubr.c 11 Nov 2015 01:49:17 - 1.146
+++ if_spppsubr.c 20 Nov 2015 03:46:10 -
@@ -997,14 +997,15 @@ sppp_cp_send(struct sppp *sp, u_short pr
sppp_print_bytes ((u_char*) (lh+1), len);
addlog(">\n");
}
+
+ len = m->m_pkthdr.len + sp->pp_framebytes;
if (mq_enqueue(>pp_cpq, m) != 0) {
- ++ifp->if_oerrors;
- m = NULL;
+ ifp->if_oerrors++;
+ return;
}
- if (!(ifp->if_flags & IFF_OACTIVE))
- (*ifp->if_start) (ifp);
- if (m != NULL)
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+
+ ifp->if_obytes += len;
+ if_start(ifp);
}
/*
@@ -4101,14 +4102,15 @@ sppp_auth_send(const struct cp *cp, stru
sppp_print_bytes((u_char*) (lh+1), len);
addlog(">\n");
}
+
+ len = m->m_pkthdr.len + sp->pp_framebytes;
if (mq_enqueue(>pp_cpq, m) != 0) {
- ++ifp->if_oerrors;
- m = NULL;
+ ifp->if_oerrors++;
+ return;
}
- if (! (ifp->if_flags & IFF_OACTIVE))
- (*ifp->if_start) (ifp);
- if (m != NULL)
- ifp->if_obytes += m->m_pkthdr.len + sp->pp_framebytes;
+
+ ifp->if_obytes += len;
+ if_start(ifp);
}
/*
does openssl get to use dns?
To demonstrate:
openssl s_client -connect www.google.com:443
A fix, probably not the full or correct one:
Index: openssl.c
===
RCS file: /cvs/src/usr.bin/openssl/openssl.c,v
retrieving revision 1.19
diff -u -p -u -r1.19 openssl.c
--- openssl.c 17 Oct 2015 07:51:10 - 1.19
+++ openssl.c 20 Nov 2015 06:06:47 -
@@ -438,7 +438,7 @@ main(int argc, char **argv)
arg.data = NULL;
arg.count = 0;
- if (pledge("stdio inet rpath wpath cpath proc flock tty", NULL) == -1) {
+ if (pledge("stdio inet rpath wpath cpath proc flock tty dns", NULL) ==
-1) {
fprintf(stderr, "openssl: pledge: %s\n", strerror(errno));
exit(1);
}
Index: s_client.c
===
RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.23
diff -u -p -u -r1.23 s_client.c
--- s_client.c 17 Oct 2015 15:00:11 - 1.23
+++ s_client.c 20 Nov 2015 06:06:47 -
@@ -365,7 +365,7 @@ s_client_main(int argc, char **argv)
long socket_mtu = 0;
if (single_execution) {
- if (pledge("stdio inet rpath wpath cpath tty", NULL) == -1) {
+ if (pledge("stdio inet rpath wpath cpath tty dns", NULL) == -1)
{
perror("pledge");
exit(1);
}
--
Todd Fries .. t...@fries.net
|\ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC\ 1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com\ 1.866.792.3418 (FAX)
| PO Box 16169, Oklahoma City, OK 73113-2169 \ sip:freedae...@ekiga.net
| "..in support of free software solutions." \ sip:4052279...@ekiga.net
\
37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt
Question about shm_open and sem_open
Hello,
I have a question about source code of shm_open and sem_open functions.
int
shm_open(const char *path, int flags, mode_t mode)
{
(skipped)
if (sb,st_uid != getuid()) {
close(fd);
errno = EPERM;
return -1;
}
(skipped)
}
I know the UID comparison is used to avoid share memory accessed by
different user. Similar code also existed in sem_open function.
My question is, why it is getuid(), why not use geteuid()?
I am not sure if it is bug or not, but I think it is more reasonable
if it checked
by effective user id,
Any comments?
BRs,
Joey
Re: Question about shm_open and sem_open
游俊德 wrote:
> Hello,
>
> I have a question about source code of shm_open and sem_open functions.
>
> int
> shm_open(const char *path, int flags, mode_t mode)
> {
> (skipped)
>
> if (sb,st_uid != getuid()) {
> close(fd);
>errno = EPERM;
> return -1;
> }
>
> (skipped)
> }
>
> I know the UID comparison is used to avoid share memory accessed by
> different user. Similar code also existed in sem_open function.
>
> My question is, why it is getuid(), why not use geteuid()?
> I am not sure if it is bug or not, but I think it is more reasonable
> if it checked
> by effective user id,
geteuid may be better. though i would hope the difference doesn't matter.
