Re: doas: adjust yyerror() output
On Tue, Apr 26, 2016 at 8:06 PM, Ted Unangstwrote: > Gleydson Soares wrote: >> > what about just printing "doas: "? >> >> I prefer not hardcoded string, although I've committed as you pointed out, > > getprogname() doesn't seem any more portable than __progname, which is the > classic means of doing this. It's useful in cases where a program may have > more than one name, or be called via alias, or what have you. As evidenced by > the fact that a million programs use it. But... This is lateral to your main point, but: IMNSHO, getprogname() should be preferred over __progname, as functional references can be make relocatable by the tool chain more easily than data references: __progname results in a copy relocation (boo hiss) in non-PIE executables. (That's a general rule for new library interfaces: they should provide functional interfaces only and never direct data references.) Philip Guenther
Re: doas: adjust yyerror() output
Gleydson Soares wrote: > > what about just printing "doas: "? > > I prefer not hardcoded string, although I've committed as you pointed out, getprogname() doesn't seem any more portable than __progname, which is the classic means of doing this. It's useful in cases where a program may have more than one name, or be called via alias, or what have you. As evidenced by the fact that a million programs use it. But... Upon some reflection (some time ago, but not too long), I came to the conclusion that this was an example of a best practice being over practiced without regard to the rationale that recommends its use. Some of these strings will never change. There is no gain in making them "portable" or "reusable". (The man page for getprogname even happens to comment that setuid programs, which includes doas, must be extra careful because they do not control the string's contents. In your diff, it was safe, but a trivial modification that attempted to build a larger string would have a vulnerability. We avoid such mistakes in part by not doing potentially dangerous things even when safe.)
Re: doas: adjust yyerror() output
> what about just printing "doas: "? I prefer not hardcoded string, although I've committed as you pointed out,
Re: anti-ROP mechanism in libc
26 Apr. 2016 19:58 "Theo de Raadt"wrote: > > Here is a new version that does a more comprehensive test of the new > libc.so before installing it, and uses install -S > > Index: etc/rc > === > RCS file: /cvs/src/etc/rc,v > retrieving revision 1.474 > diff -u -p -u -r1.474 rc > --- etc/rc 29 Dec 2015 19:41:24 - 1.474 > +++ etc/rc 26 Apr 2016 11:56:46 - > @@ -158,6 +158,35 @@ make_keys() { > ssh-keygen -A > } > > +rebuildlibs() { > + local _l _liba _libas _tmpdir > + > + # Only choose newest > + for _liba in /usr/lib/libc.so.*.a; do > + _liba=$(ls ${_liba%%.[0-9]*}*.a | sort -n | tail -1) > + for _l in $_libas; do > + [[ $_l == $_liba ]] && continue 2 > + done > + _libas="$_libas $_liba" > + done I'm afraid sort -n would not behave the way you probably think: $ (echo 10.2; echo 10.10; echo 10.50) | sort -n 10.10 10.2 10.50 Also, you code does something strange, because $_liba will be always the same thing in the loop. > + for _liba in $_libas; do > + _tmpdir=$(mktemp -dq /tmp/_librebuild.) || return > + ( > + set -o errexit > + _lib=${_liba#/usr/lib/} > + _lib=${_lib%.a} > + cd $_tmpdir > + ar x ${_liba} > + cc -shared -o $_lib $(ls *.so | sort -R) $(cat .ldadd) > + [[ -s $_lib ]] && file $_lib | fgrep -q 'shared > object' > + LD_BIND_NOW=1 LD_LIBRARY_PATH=$_tmpdir awk 'BEGIN > {exit 0}' > + install -S -o root -g bin -m 0444 $_lib /usr/lib/$_lib > + ) > + rm -rf /tmp/_librebuild.${_tmpdir#*.} > + done > +} So I propose something like that instead: find_newest() { set -x local _l _ls _bestmaj _bestmin _maj _min for _l in /usr/lib/lib$1.so.+([0-9]).+([0-9]); do _ls=${_l%.*} _maj=${_ls##*.} _min=${_l##*.} if [ _maj -gt _bestmaj -o \ _maj -eq _bestmaj -a _min -gt _bestmin ]; then _bestmaj=$_maj _bestmin=$_min fi done if [ -n $_bestmaj ]; then echo $_bestmaj.$_bestmin else return 1 fi } rebuildlibs() { local _lib _tmpdir _v _v=$(find_newest c) || return _lib=libc.so.$_v _tmpdir=$(mktemp -dq /tmp/_librebuild.) || return ( set -o errexit cd $_tmpdir ar x ${_lib}.a cc -shared -o $_lib $(ls *.so | sort -R) $(cat .ldadd) [[ -s $_lib ]] && file $_lib | fgrep -q 'shared object' LD_BIND_NOW=1 LD_LIBRARY_PATH=$_tmpdir awk 'BEGIN {exit 0}' install -S -o root -g bin -m 0444 $_lib /usr/lib/$_lib ) } -- WBR, Vadim Zhukov
BISTRO AT THE OLD FORT INN wins 2016 customer satisfaction award!
View this email with images. 2016 CUSTOMER SERVICE REPORT RESULTS Call Today! 866-732-9800 WE IDENTIFY OUTSTANDING BUSINESSES [IMAGE] BISTRO AT THE OLD FORT INN IS BEING HONORED AS A WINNER OF THE 2016 SPECTRUM AWARD FOR SERVICE EXCELLENCE! Congratulations are in order to you and your team at BISTRO AT THE OLD FORT INN for winning the Spectrum Award and earning a 5 star rating! Our mission is to support businesses that provide excellence in customer satisfaction. We award and give voice to those exceptional companies. Spectrum Award Winners are rated using our exclusive research and proprietary algorithm. This allows us to provide independent ratings that remove bias and uniquely recognize businesses providing exceptional customer experiences. View your 2016 Customer Satisfaction Rating online at awards.citybeatnews.com or CLICK HERE Cheers! Frequently Asked Questions -The City Beat News Team [IMAGE] [IMAGE] SHARE the GOOD NEWS [IMAGE] Start reaping the benefits of your elite, award-winning status. Refer customers and leads to your Star Page, which provides you with the third-party credibility you’ve earned and assures them that they are making the right choice in you. Don't forget to share the good news on your social media sites! View your Star Page by clicking on the link below or copy and paste the following URL into your browser:https://awards.citybeatnews.com/58120682466/YOUNGSTOWN-NY-BISTRO-AT-THE-OLD-FORT-INN UNDERSTANDING the SPECTRUM AWARD [IMAGE] * The point: Your customers are highly satisfied. * An annual rating, not like a consumer review site * One easily understood rating number * Independently researched, unbiased report * Your dedication and hard word deserves recognition! BENEFITS for AWARD WINNERS [IMAGE] * Immediate third-party credibility * Improve Brand Recognition * Improve SEO * Reassure Customers * Empower Employees ORDER YOUR AWARD MATERIALS TODAY! [IMAGE] When you need it most, awards can make the difference. Your team will thank you for providing them with the tools they need to make your business prosper. CONTACT US TODAY AT 866-732-9800 TO LEARN MORE WWW.CITYBEATNEWS.COM [IMAGE][IMAGE][IMAGE] [IMAGE] About Us Marketing Services The Stirling Alliance About the Award © City Beat News, Success Max, LLC, 121 W. Nepessing St., Lapeer, MI 48446 T: 866.732.9800 | E: customerc...@citybeatnews.com We intend to provide businesses with useful information in our emails. We hope you enjoy learning of your award status and how you can benefit from it. However, if you do not wish to receive e-mail messages from City Beat News, click unsubscribe. Start reaping the benefits of your elite, award-winning status. Refer customers and leads to your Star Page on our website, which provides you with the third-party credibility you’ve earned and assures them that are making the right choice in you. View your Star Page [insert URL here]. Start reaping the benefits of your elite, award-winning status. Refer customers and leads to your Star Page on our website, which provides you with the third-party credibility you’ve earned and assures them that are making the right choice in you. View your Star Page [insert URL here]. · The Spectrum Award is to the point: your customers are highly satisfied. · An annual rating, not like a consumer review site · One simple, easily understood rating number · Independently researched, unbiased report · The Spectrum Award is to the point: your customers are highly satisfied. · An annual rating, not like a consumer review site · One simple, easily understood rating number · Independently researched, unbiased report · The Spectrum Award is to the point: your customers are highly satisfied. · An annual rating, not like a consumer review site · One simple, easily understood rating number · Independently researched, unbiased report · The Spectrum Award is to the point: your customers are highly satisfied. · An annual rating, not like a consumer review site · One simple, easily understood rating number · Independently researched, unbiased report · Immediate third-party credibility · Improve Brand Recognition · Improve SEO · Reassure Customers · Empower Employees
Re: Moving away from softnet interrupts
2016-04-25 9:59 GMT+02:00 Martin Pieuchot: > > > The current goal of the Network SMP effort is to have a single CPU > > > process the IP forwarding path in a process context without holding > > > the KERNEL_LOCK(). To achieve this goal we're progressively moving > > > code from the softnet interrupt context to the if_input_task. In > > > the end we'll completely get rid of this soft-interrupt. > > > > > > So now would be a good time to know if moving all the code currently > > > run in a soft-interrupt context to a task uncovers any bug. I'm > > > happily running the diff below on amd64 and macppc, it even gives me > > > a small performance boost. > > > > > > I'd appreciate more tests especially on exotic archs. > > > I'm still looking for reports on different architectures. > > I ran this overnight on my edgerouter lite, it has survived a few cvs-up's and building a kernel over NFS. So octeon doesn't seem to mind the patch. -- May the most significant bit of your life be positive.
longjmp without sigreturn on sparc64
Diff below simplifies setjmp(3) and longjmp(3) on sparc64 by not using sigreturn(2). This basically uses the logic from _setjmp(3) and _longjmp(3) to save and restore the state (but additionally saves and restores the signal mask). I believe this may make us lose the capability to longjmp() out of a signal handler when running on an alternate stack. But that shouldn't be a big issue since on amd64 we don't go through extra hoops to support that either. The setjmp regression tests still pass with this, except for the setjmp-fpu test which already fails on sparc64 (and amd64). ok? Index: libc/arch/sparc64/gen/setjmp.S === RCS file: /cvs/src/lib/libc/arch/sparc64/gen/setjmp.S,v retrieving revision 1.5 diff -u -p -r1.5 setjmp.S --- libc/arch/sparc64/gen/setjmp.S 29 Jan 2004 18:56:14 - 1.5 +++ libc/arch/sparc64/gen/setjmp.S 26 Apr 2016 13:00:51 - @@ -34,9 +34,7 @@ * SUCH DAMAGE. */ -#define _LOCORE #include -#include /* * C library -- setjmp, longjmp @@ -45,71 +43,39 @@ * will generate a "return(v)" from * the last call to * setjmp(a) - * by restoring registers from the stack, - * and a struct sigcontext, see + * by restoring the previous context. + * The previous signal state is restored. */ #include "SYS.h" #define STACK_T_SZ ENTRY(setjmp) - /* -* We use the part of the sigcontext structure, the sp, pc, and npc -* fields, for the sigaltstack call so we don't need to get our own -* stackframe. It won't be filled out till later anyway. -*/ mov %o0, %o3/* Save our jmp_buf in %o3 */ - stx %sp, [%o3 + 0x08] /* sc.sc_sp = sp (both ours and caller's) */ - add %o7, 8, %o0 - stx %o0, [%o3 + 0x10] /* sc.sc_pc = return_pc */ - add %o7, 12, %o0 - stx %o0, [%o3 + 0x18] /* sc.sc_npc = return_pc + 4 */ - stx %g0, [%o3 + 0x20] /* sc.sc_psr = (clean psr) */ - stx %fp, [%o3 + 0x28] /* sc.sc_g1 = %fp (misuse, but what the heck) */ - /* sc.sc_o0 = random(), set in longjmp */ - mov 1, %o0 /* SIG_BLOCK */ - mov SYS_sigprocmask, %g1 + mov SYS_sigprocmask, %g1 clr %o1 /* sigprocmask(SIG_BLOCK, 0) */ t ST_SYSCALL + stx %o0, [%o3 + 0x10] - st %o0, [%o3 + 0x38] /* sc.sc_mask = current mask; */ - - mov SYS_sigaltstack, %g1 - clr %o0 /* sigaltstack(NULL, ) */ - add %o3, 0x40, %o1 /* (foo being the sigcontext sc_mask) */ - t ST_SYSCALL - - lduw[%o3 + 0x40+0x10], %o0 /* foo.ss_flags */ - and %o0, 1, %o1 /* onstack = foo.ss_flags & 1; */ - st %o1, [%o3 + 0x00] /* sc.sc_onstack = current onstack; */ - - retl/* return 0 */ -clr%o0 + stx %sp, [%o3 + 0x00] /* store caller's stack pointer */ + stx %o7, [%o3 + 0x08] /* ... and return pc */ + retl +clr%o0 /* return 0 */ -/* - * All we need to do here is force sigreturn to load a new stack pointer, - * new, and appropriate %o0 return value from the sigcontext built - * in setjmp. The %i and %l registers will be reloaded from the place to - * which %sp points, due to sigreturn() semantics (sigreturn does not modify - * the window pointer in the psr, hence it must force all windows to reload). - */ ENTRY(longjmp) save%sp, -CC64FSZ, %sp - ldx [%i0 + 0x08], %o2 /* make sure sc->sc_sp, sc->sc_fp nonzero */ - ldx [%i0 + 0x28], %o3 - orcc%o2, %o3, %g0 - bz,pn %xcc, Lbotch -nop - movrz %i1, 1, %i1 /* if (v == 0) v = 1; */ - st %i1, [%i0 + 0x34] /* sc.sc_o0 = v; */ - mov SYS_sigreturn, %g1 - mov %i0, %o0 - t ST_SYSCALL /* sigreturn(scp); */ - -Lbotch: - /* oops, caller botched it */ - call_C_LABEL(longjmperror) -nop - unimp 0 + flushw + + mov 3, %o0 /* SIG_SETMASK */ + ldx [%i0 + 0x10], %o1 + mov SYS_sigprocmask, %g1 + t ST_SYSCALL + + ldx [%i0 + 0x00], %fp + ldx [%i0 + 0x08], %i7 + mov 1, %i0 + movrnz %i1, %i1, %i0 ! compute v ? v : 1 + ret +restore
Re: anti-ROP mechanism in libc
Here is a new version that does a more comprehensive test of the new libc.so before installing it, and uses install -S Index: etc/rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.474 diff -u -p -u -r1.474 rc --- etc/rc 29 Dec 2015 19:41:24 - 1.474 +++ etc/rc 26 Apr 2016 11:56:46 - @@ -158,6 +158,35 @@ make_keys() { ssh-keygen -A } +rebuildlibs() { + local _l _liba _libas _tmpdir + + # Only choose newest + for _liba in /usr/lib/libc.so.*.a; do + _liba=$(ls ${_liba%%.[0-9]*}*.a | sort -n | tail -1) + for _l in $_libas; do + [[ $_l == $_liba ]] && continue 2 + done + _libas="$_libas $_liba" + done + + for _liba in $_libas; do + _tmpdir=$(mktemp -dq /tmp/_librebuild.) || return + ( + set -o errexit + _lib=${_liba#/usr/lib/} + _lib=${_lib%.a} + cd $_tmpdir + ar x ${_liba} + cc -shared -o $_lib $(ls *.so | sort -R) $(cat .ldadd) + [[ -s $_lib ]] && file $_lib | fgrep -q 'shared object' + LD_BIND_NOW=1 LD_LIBRARY_PATH=$_tmpdir awk 'BEGIN {exit 0}' + install -S -o root -g bin -m 0444 $_lib /usr/lib/$_lib + ) + rm -rf /tmp/_librebuild.${_tmpdir#*.} + done +} + # Check filesystems, optionally by using a fsck(8) flag. # Usage: do_fsck [-flag] do_fsck() { @@ -337,6 +366,8 @@ mount -s /usr >/dev/null 2>&1 mount -s /var >/dev/null 2>&1 random_seed + +rebuildlibs # Clean up left-over files. rm -f /etc/nologin /var/spool/lock/LCK.* /var/spool/uucp/STST/* Index: share/mk/bsd.lib.mk === RCS file: /cvs/src/share/mk/bsd.lib.mk,v retrieving revision 1.74 diff -u -p -u -r1.74 bsd.lib.mk --- share/mk/bsd.lib.mk 26 Oct 2015 10:43:42 - 1.74 +++ share/mk/bsd.lib.mk 25 Apr 2016 08:58:26 - @@ -174,6 +174,15 @@ FULLSHLIBNAME=lib${LIB}.so.${SHLIB_MAJOR _LIBS+=${FULLSHLIBNAME} .endif +.if defined(LIBREBUILD) +_LIBS+=${FULLSHLIBNAME}.a + +.if exists(${.CURDIR}/Symbols.list) +SYMBOLSMAP=Symbols.map +.endif + +.endif + .if defined(VERSION_SCRIPT) ${FULLSHLIBNAME}: ${VERSION_SCRIPT} LDADD+=-Wl,--version-script=${VERSION_SCRIPT} @@ -209,7 +218,13 @@ ${FULLSHLIBNAME}: ${SOBJS} ${DPADD} @echo building shared ${LIB} library \(version ${SHLIB_MAJOR}.${SHLIB_MINOR}\) @rm -f ${.TARGET} ${CC} -shared ${PICFLAG} -o ${.TARGET} \ - `${LORDER} ${SOBJS}|tsort -q` ${LDADD} + `echo ${SOBJS} | tr ' ' '\n' | sort -R` ${LDADD} + +${FULLSHLIBNAME}.a: ${SOBJS} + @echo building shared ${LIB} library \(version ${SHLIB_MAJOR}.${SHLIB_MINOR}\) ar + @rm -f ${.TARGET} + @echo ${PICFLAG} ${LDADD} > .ldadd + ar cq ${FULLSHLIBNAME}.a ${SOBJS} .ldadd ${SYMBOLSMAP} # all .do files... DOBJS+=${OBJS:.o=.do} @@ -290,6 +305,10 @@ realinstall: .if !defined(NOPIC) && defined(SHLIB_MAJOR) && defined(SHLIB_MINOR) ${INSTALL} ${INSTALL_COPY} -S -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ ${FULLSHLIBNAME} ${DESTDIR}${LIBDIR} +.if defined(LIBREBUILD) + ${INSTALL} ${INSTALL_COPY} -S -o ${LIBOWN} -g ${LIBGRP} -m ${LIBMODE} \ + ${FULLSHLIBNAME}.a ${DESTDIR}${LIBDIR} +.endif .endif .if defined(LINKS) && !empty(LINKS) . for lnk file in ${LINKS} Index: lib/libc/Makefile === RCS file: /cvs/src/lib/libc/Makefile,v retrieving revision 1.38 diff -u -p -u -r1.38 Makefile --- lib/libc/Makefile 10 Nov 2015 04:14:03 - 1.38 +++ lib/libc/Makefile 28 Mar 2016 04:08:34 - @@ -6,6 +6,7 @@ .include LIB=c +LIBREBUILD=y CLEANFILES+=tags Symbols.map CFLAGS+=-Wimplicit #CFLAGS+=-Werror Index: distrib/sets/lists/base/md.alpha === RCS file: /cvs/src/distrib/sets/lists/base/md.alpha,v retrieving revision 1.1097 diff -u -p -u -r1.1097 md.alpha --- distrib/sets/lists/base/md.alpha26 Apr 2016 05:54:20 - 1.1097 +++ distrib/sets/lists/base/md.alpha26 Apr 2016 07:02:07 - @@ -61,6 +61,11 @@ ./sbin/kbd ./sbin/mount_ntfs ./sbin/wsconsctl +./usr/lib/gcc-lib/alpha-unknown-openbsd5.9 +./usr/lib/gcc-lib/alpha-unknown-openbsd5.9/4.2.1 +./usr/lib/gcc-lib/alpha-unknown-openbsd5.9/4.2.1/collect2 +./usr/lib/gcc-lib/alpha-unknown-openbsd5.9/4.2.1/libgcc.a +./usr/lib/gcc-lib/alpha-unknown-openbsd5.9/4.2.1/specs ./usr/libdata/perl5/alpha-openbsd ./usr/libdata/perl5/alpha-openbsd/5.20.2 ./usr/libdata/perl5/alpha-openbsd/5.20.2/.packlist Index: distrib/sets/lists/base/md.amd64 === RCS
Re: MP-safe TX for cnmac(4)
On Tue, Apr 26, 2016 at 05:29:43PM +1000, David Gwynne wrote: > > > On 25 Apr 2016, at 02:13, Visa Hankalawrote: > > > > This adds MP-safe TX for cnmac(4). OK? > > nearly. see inline. Here is a new try. ifq_serialize() is just what the code needs. Thanks! To simplify things a bit, octeon_eth_tick_free() now uses a constant timeout. Index: arch/octeon/dev/if_cnmac.c === RCS file: src/sys/arch/octeon/dev/if_cnmac.c,v retrieving revision 1.38 diff -u -p -r1.38 if_cnmac.c --- arch/octeon/dev/if_cnmac.c 13 Apr 2016 11:34:00 - 1.38 +++ arch/octeon/dev/if_cnmac.c 26 Apr 2016 09:41:49 - @@ -173,6 +173,7 @@ int octeon_eth_reset(struct octeon_eth_s intocteon_eth_configure(struct octeon_eth_softc *); intocteon_eth_configure_common(struct octeon_eth_softc *); +void octeon_eth_free_task(void *); void octeon_eth_tick_free(void *arg); void octeon_eth_tick_misc(void *); @@ -290,6 +291,7 @@ octeon_eth_attach(struct device *parent, cn30xxgmx_stats_init(sc->sc_gmx_port); + task_set(>sc_free_task, octeon_eth_free_task, sc); timeout_set(>sc_tick_misc_ch, octeon_eth_tick_misc, sc); timeout_set(>sc_tick_free_ch, octeon_eth_tick_free, sc); @@ -317,6 +319,7 @@ octeon_eth_attach(struct device *parent, strncpy(ifp->if_xname, sc->sc_dev.dv_xname, sizeof(ifp->if_xname)); ifp->if_softc = sc; ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; + ifp->if_xflags = IFXF_MPSAFE; ifp->if_ioctl = octeon_eth_ioctl; ifp->if_start = octeon_eth_start; ifp->if_watchdog = octeon_eth_watchdog; @@ -742,7 +745,7 @@ octeon_eth_ioctl(struct ifnet *ifp, u_lo error = 0; } - octeon_eth_start(ifp); + if_start(ifp); splx(s); return (error); @@ -959,18 +962,17 @@ octeon_eth_start(struct ifnet *ifp) struct octeon_eth_softc *sc = ifp->if_softc; struct mbuf *m; + if (__predict_false(!cn30xxgmx_link_status(sc->sc_gmx_port))) { + IFQ_PURGE(>if_snd); + return; + } + /* * performance tuning * presend iobdma request */ octeon_eth_send_queue_flush_prefetch(sc); - if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(>if_snd)) - goto last; - - if (__predict_false(!cn30xxgmx_link_status(sc->sc_gmx_port))) - goto last; - for (;;) { octeon_eth_send_queue_flush_fetch(sc); /* XXX */ @@ -980,6 +982,7 @@ octeon_eth_start(struct ifnet *ifp) * and bail out. */ if (octeon_eth_send_queue_is_full(sc)) { + ifq_set_oactive(>if_snd); return; } /* XXX */ @@ -1008,7 +1011,6 @@ octeon_eth_start(struct ifnet *ifp) octeon_eth_send_queue_flush_prefetch(sc); } -last: octeon_eth_send_queue_flush_fetch(sc); } @@ -1019,13 +1021,14 @@ octeon_eth_watchdog(struct ifnet *ifp) printf("%s: device timeout\n", sc->sc_dev.dv_xname); + octeon_eth_stop(ifp, 0); + octeon_eth_configure(sc); SET(ifp->if_flags, IFF_RUNNING); - ifq_clr_oactive(>if_snd); ifp->if_timer = 0; - octeon_eth_start(ifp); + ifq_restart(>if_snd); } int @@ -1066,6 +1069,8 @@ octeon_eth_stop(struct ifnet *ifp, int d { struct octeon_eth_softc *sc = ifp->if_softc; + CLR(ifp->if_flags, IFF_RUNNING); + timeout_del(>sc_tick_misc_ch); timeout_del(>sc_tick_free_ch); timeout_del(>sc_resume_ch); @@ -1074,13 +1079,12 @@ octeon_eth_stop(struct ifnet *ifp, int d cn30xxgmx_port_enable(sc->sc_gmx_port, 0); - /* Mark the interface as down and cancel the watchdog timer. */ - CLR(ifp->if_flags, IFF_RUNNING); + intr_barrier(octeon_eth_pow_recv_ih); + ifq_barrier(>if_snd); + ifq_clr_oactive(>if_snd); ifp->if_timer = 0; - intr_barrier(octeon_eth_pow_recv_ih); - return 0; } @@ -1361,6 +1365,26 @@ octeon_eth_recv_intr(void *data, uint64_ /* tick */ +void +octeon_eth_free_task(void *arg) +{ + struct octeon_eth_softc *sc = arg; + struct ifnet *ifp = >sc_arpcom.ac_if; + + if (ml_len(>sc_sendq) > 0) { + octeon_eth_send_queue_flush_prefetch(sc); + octeon_eth_send_queue_flush_fetch(sc); + octeon_eth_send_queue_flush(sc); + } + + if (ifq_is_oactive(>if_snd)) { + ifq_clr_oactive(>if_snd); + octeon_eth_start(ifp); + } + + timeout_add_sec(>sc_tick_free_ch, 1); +} + /* * octeon_eth_tick_free * @@ -1371,25 +1395,9 @@ void octeon_eth_tick_free(void *arg) { struct octeon_eth_softc *sc = arg; - int timo; - int s; - - s = splnet(); - /*
Re: openssl: ocsp: needs to pledge "dns" promise
Yes, ok.. ocsp will need dns. -Bob On Tue, Apr 26, 2016 at 11:19:33AM +0200, Sebastien Marie wrote: > Hi, > > It has been reported to landry and me a pledge problem with the > following openssl command: > > $ /usr/bin/openssl ocsp -issuer bla.sub+ca -cert bla.crt -url > http://ocsp.startssl.com/sub/class2/server/ca -header Host ocsp.startssl.com > -respout /tmp/ocsp.rv8rDSvf6f > abort (core dumped) > > and dmesg: > openssl(15019): syscall 97 "dns" > > backtrace at https://gist.github.com/kAworu/dc30ead97d3b44b5cabb67b134362820 > > After testing, the following diff corrects the problem. > > OK ? > -- > Sebastien Marie > > > Index: ocsp.c > === > RCS file: /cvs/src/usr.bin/openssl/ocsp.c,v > retrieving revision 1.7 > diff -u -p -r1.7 ocsp.c > --- ocsp.c17 Oct 2015 15:00:11 - 1.7 > +++ ocsp.c26 Apr 2016 09:08:54 - > @@ -147,7 +147,7 @@ ocsp_main(int argc, char **argv) > const char *errstr = NULL; > > if (single_execution) { > - if (pledge("stdio inet rpath wpath cpath", NULL) == -1) { > + if (pledge("stdio inet dns rpath wpath cpath", NULL) == -1) { > perror("pledge"); > exit(1); > } >
openssl: ocsp: needs to pledge "dns" promise
Hi, It has been reported to landry and me a pledge problem with the following openssl command: $ /usr/bin/openssl ocsp -issuer bla.sub+ca -cert bla.crt -url http://ocsp.startssl.com/sub/class2/server/ca -header Host ocsp.startssl.com -respout /tmp/ocsp.rv8rDSvf6f abort (core dumped) and dmesg: openssl(15019): syscall 97 "dns" backtrace at https://gist.github.com/kAworu/dc30ead97d3b44b5cabb67b134362820 After testing, the following diff corrects the problem. OK ? -- Sebastien Marie Index: ocsp.c === RCS file: /cvs/src/usr.bin/openssl/ocsp.c,v retrieving revision 1.7 diff -u -p -r1.7 ocsp.c --- ocsp.c 17 Oct 2015 15:00:11 - 1.7 +++ ocsp.c 26 Apr 2016 09:08:54 - @@ -147,7 +147,7 @@ ocsp_main(int argc, char **argv) const char *errstr = NULL; if (single_execution) { - if (pledge("stdio inet rpath wpath cpath", NULL) == -1) { + if (pledge("stdio inet dns rpath wpath cpath", NULL) == -1) { perror("pledge"); exit(1); }
Re: MP-safe TX for cnmac(4)
> On 25 Apr 2016, at 02:13, Visa Hankalawrote: > > This adds MP-safe TX for cnmac(4). OK? nearly. see inline. > > Index: arch/octeon/dev/if_cnmac.c > === > RCS file: src/sys/arch/octeon/dev/if_cnmac.c,v > retrieving revision 1.38 > diff -u -p -r1.38 if_cnmac.c > --- arch/octeon/dev/if_cnmac.c13 Apr 2016 11:34:00 - 1.38 > +++ arch/octeon/dev/if_cnmac.c24 Apr 2016 15:35:04 - > @@ -285,6 +285,7 @@ octeon_eth_attach(struct device *parent, > octeon_eth_gsc[sc->sc_port] = sc; > > ml_init(>sc_sendq); > + mtx_init(>sc_sendq_mtx, IPL_NET); this is unnecessary because the ifq machinery makes sure that the call to the drivers start routine is serialised. the driver doesn't have to do it again. > sc->sc_soft_req_thresh = 15/* XXX */; > sc->sc_ext_callback_cnt = 0; > > @@ -317,6 +318,7 @@ octeon_eth_attach(struct device *parent, > strncpy(ifp->if_xname, sc->sc_dev.dv_xname, sizeof(ifp->if_xname)); > ifp->if_softc = sc; > ifp->if_flags = IFF_BROADCAST | IFF_SIMPLEX | IFF_MULTICAST; > + ifp->if_xflags = IFXF_MPSAFE; > ifp->if_ioctl = octeon_eth_ioctl; > ifp->if_start = octeon_eth_start; > ifp->if_watchdog = octeon_eth_watchdog; > @@ -742,7 +744,7 @@ octeon_eth_ioctl(struct ifnet *ifp, u_lo > error = 0; > } > > - octeon_eth_start(ifp); > + if_start(ifp); > > splx(s); > return (error); > @@ -959,18 +961,19 @@ octeon_eth_start(struct ifnet *ifp) > struct octeon_eth_softc *sc = ifp->if_softc; > struct mbuf *m; > > + if (__predict_false(!cn30xxgmx_link_status(sc->sc_gmx_port))) { > + IFQ_PURGE(>if_snd); > + return; > + } > + > + mtx_enter(>sc_sendq_mtx); > + > /* >* performance tuning >* presend iobdma request >*/ > octeon_eth_send_queue_flush_prefetch(sc); > > - if (!(ifp->if_flags & IFF_RUNNING) || ifq_is_oactive(>if_snd)) > - goto last; > - > - if (__predict_false(!cn30xxgmx_link_status(sc->sc_gmx_port))) > - goto last; > - > for (;;) { > octeon_eth_send_queue_flush_fetch(sc); /* XXX */ > > @@ -980,13 +983,16 @@ octeon_eth_start(struct ifnet *ifp) >* and bail out. >*/ > if (octeon_eth_send_queue_is_full(sc)) { > + mtx_leave(>sc_sendq_mtx); not directly related to these changes, but the driver should ifq_set_oactive() in this situation. > return; > } > /* XXX */ > > IFQ_DEQUEUE(>if_snd, m); > - if (m == NULL) > + if (m == NULL) { > + mtx_leave(>sc_sendq_mtx); > return; > + } > > OCTEON_ETH_TAP(ifp, m, BPF_DIRECTION_OUT); > > @@ -1008,8 +1014,9 @@ octeon_eth_start(struct ifnet *ifp) > octeon_eth_send_queue_flush_prefetch(sc); > } > > -last: > octeon_eth_send_queue_flush_fetch(sc); > + > + mtx_leave(>sc_sendq_mtx); > } > > void > @@ -1025,7 +1032,7 @@ octeon_eth_watchdog(struct ifnet *ifp) > ifq_clr_oactive(>if_snd); > ifp->if_timer = 0; > > - octeon_eth_start(ifp); > + if_start(ifp); i think you mean ifq_restart here. > } > > int > @@ -1066,6 +1073,8 @@ octeon_eth_stop(struct ifnet *ifp, int d > { > struct octeon_eth_softc *sc = ifp->if_softc; > > + CLR(ifp->if_flags, IFF_RUNNING); > + > timeout_del(>sc_tick_misc_ch); > timeout_del(>sc_tick_free_ch); > timeout_del(>sc_resume_ch); > @@ -1074,13 +1083,12 @@ octeon_eth_stop(struct ifnet *ifp, int d > > cn30xxgmx_port_enable(sc->sc_gmx_port, 0); > > - /* Mark the interface as down and cancel the watchdog timer. */ > - CLR(ifp->if_flags, IFF_RUNNING); > + intr_barrier(octeon_eth_pow_recv_ih); > + ifq_barrier(>if_snd); > + > ifq_clr_oactive(>if_snd); > ifp->if_timer = 0; > > - intr_barrier(octeon_eth_pow_recv_ih); > - > return 0; > } > > @@ -1372,9 +1380,8 @@ octeon_eth_tick_free(void *arg) > { > struct octeon_eth_softc *sc = arg; > int timo; > - int s; > > - s = splnet(); > + mtx_enter(>sc_sendq_mtx); > /* XXX */ > if (ml_len(>sc_sendq) > 0) { > octeon_eth_send_queue_flush_prefetch(sc); > @@ -1389,7 +1396,7 @@ octeon_eth_tick_free(void *arg) >timo = 10; > timeout_add_msec(>sc_tick_free_ch, 1000 * timo / hz); > /* XXX */ > - splx(s); > + mtx_leave(>sc_sendq_mtx); ah, i see why you want the mutex now. you could serialise that work with the start routine via ifq_serialize(). cnmac doesnt interrupt for completions? > } > > /* > Index: arch/octeon/dev/if_cnmacvar.h > === > RCS file:
Re: failure to send a udp packet is not a fatal error
On Tue, Apr 26, 2016 at 01:43:31PM +1000, David Gwynne wrote: > the tftp proxy on the firewall is dying these days. i managed to > track the failure down to an error sending the udp packet on. > > rather than err, i think it more appropriate to warn and let the > client retry in this situation. > > ok? > > Index: tftp-proxy.c > === > RCS file: /cvs/src/usr.sbin/tftp-proxy/tftp-proxy.c,v > retrieving revision 1.18 > diff -u -p -r1.18 tftp-proxy.c > --- tftp-proxy.c 24 Feb 2016 16:34:47 - 1.18 > +++ tftp-proxy.c 26 Apr 2016 03:41:39 - > @@ -869,7 +869,7 @@ unprivproc_pop(int fd, short events, voi > if (sendto(s, r->buf, r->buflen, 0, > (struct sockaddr *)>addrs.dst, > r->addrs.dst.ss_len) == -1) > - lerr(1, "%s: unable to send", __func__); > + lwarn("%s: unable to send", __func__); > > close(s); > > Makes sense to me. UDP can bubble up many errors from the network stack so it sure makes sense to not die on an error. OK claudio@ -- :wq Claudio