Re: lfence for rdtsc
it definitely got better: cpu0: TSC skew=0 observed drift=0 cpu0: TSC skew=0 observed drift=0 cpu1: TSC skew=51 observed drift=0 cpu2: TSC skew=68 observed drift=0 cpu3: TSC skew=68 observed drift=0 cpu4: TSC skew=0 observed drift=0 cpu5: TSC skew=0 observed drift=0 cpu6: TSC skew=85 observed drift=0 cpu7: TSC skew=51 observed drift=0 cpu8: TSC skew=17 observed drift=0 cpu9: TSC skew=34 observed drift=0 cpu10: TSC skew=0 observed drift=0 cpu11: TSC skew=17 observed drift=0 cpu12: TSC skew=0 observed drift=0 cpu13: TSC skew=-51 observed drift=0 cpu14: TSC skew=-17 observed drift=0 cpu15: TSC skew=-17 observed drift=0
Re: userland clock_gettime proof of concept
This also handles negative skew values that my prevoius diff did not. For the last coulpe of weeks people told me that this thread is hard to follow sometimes. You can always get the latest changes here where the actual development takes place. (PR's accepted.) https://github.com/pirofti/openbsd-src/tree/vdso Paul diff --git lib/libc/arch/aarch64/gen/Makefile.inc lib/libc/arch/aarch64/gen/Makefile.inc index a7b1b73f3ef..ee198f5d611 100644 --- lib/libc/arch/aarch64/gen/Makefile.inc +++ lib/libc/arch/aarch64/gen/Makefile.inc @@ -9,4 +9,4 @@ SRCS+= fpgetmask.c fpgetround.c fpgetsticky.c SRCS+= fpsetmask.c fpsetround.c fpsetsticky.c SRCS+= fpclassifyl.c SRCS+= isfinitel.c isinfl.c isnanl.c isnormall.c -SRCS+= signbitl.c +SRCS+= signbitl.c usertc.c diff --git lib/libc/arch/aarch64/gen/usertc.c lib/libc/arch/aarch64/gen/usertc.c new file mode 100644 index 000..6551854a010 --- /dev/null +++ lib/libc/arch/aarch64/gen/usertc.c @@ -0,0 +1,21 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL; diff --git lib/libc/arch/alpha/gen/Makefile.inc lib/libc/arch/alpha/gen/Makefile.inc index a44599d2cab..2a8abd32b61 100644 --- lib/libc/arch/alpha/gen/Makefile.inc +++ lib/libc/arch/alpha/gen/Makefile.inc @@ -3,5 +3,5 @@ SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.c nan.c setjmp.S SRCS+= flt_rounds.c fpgetmask.c fpgetround.c fpgetsticky.c fpsetmask.c \ - fpsetround.c fpsetsticky.c + fpsetround.c fpsetsticky.c usertc.c SRCS+= sigsetjmp.S diff --git lib/libc/arch/alpha/gen/usertc.c lib/libc/arch/alpha/gen/usertc.c new file mode 100644 index 000..6551854a010 --- /dev/null +++ lib/libc/arch/alpha/gen/usertc.c @@ -0,0 +1,21 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL; diff --git lib/libc/arch/amd64/gen/Makefile.inc lib/libc/arch/amd64/gen/Makefile.inc index e995309ed71..f6349e2b974 100644 --- lib/libc/arch/amd64/gen/Makefile.inc +++ lib/libc/arch/amd64/gen/Makefile.inc @@ -2,6 +2,7 @@ SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.S nan.c setjmp.S \ sigsetjmp.S -SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c +SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c \ + usertc.c SRCS+= flt_rounds.S fpgetmask.S fpgetround.S fpgetsticky.S fpsetmask.S \ fpsetround.S fpsetsticky.S diff --git lib/libc/arch/amd64/gen/usertc.c lib/libc/arch/amd64/gen/usertc.c new file mode 100644 index 000..56016c8eca1 --- /dev/null +++ lib/libc/arch/amd64/gen/usertc.c @@ -0,0 +1,41 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE
Re: WireGuard patchset for OpenBSD, rev. 3
On Fri, Jun 19, 2020 at 06:46:00PM +1000, Matt Dunwoodie wrote: > Hi all, > > After the previous submission of WireGuard, we've again been through a > number of improvements. Thank you everyone for your feedback. Hi, I was wondering if there is a way to specify a routing domain/table for wgendpoint in ifconfig(8). In a VPN client setup (roadwarrior style) I'd like to keep wg0 in rdomain 0 and put the actual physical interface in rdomain 1. So that all daemons (smtpd, unwind, ...) use the VPN by default and only the strict minimum to setup the VPN runs in rdomain 1. Everything works if I set wg0 in rdomain1 and keep my re0 interface in rdomain 0, but as soon as I set rdomain 1 for re0 and rdomain 0 for wg0, the VPN cannot come up (and I see the UDP packets to port 51820 trying to go out through wg0). Thanks for your work on wireguard ! -- Matthieu Herrb
Re: userland clock_gettime proof of concept
Hi, New iteration that addresses the issues raised by Scott and Mark. a) Use sys/time.h defs by adding _LIBC b) Revert _timekeep init (breaks naddy@'s machine) c) Add TSC_SKEW_MAX thresholding when enabling tc_user d) uint->u_int Item c) adds the code needed for what Mark requested. The value is randomly set at 1,000. As I said earlier I won't do the "research" for this number, but I see a couple other people started to look into it and are discussing with Mark. Good. Paul diff --git lib/libc/arch/aarch64/gen/Makefile.inc lib/libc/arch/aarch64/gen/Makefile.inc index a7b1b73f3ef..ee198f5d611 100644 --- lib/libc/arch/aarch64/gen/Makefile.inc +++ lib/libc/arch/aarch64/gen/Makefile.inc @@ -9,4 +9,4 @@ SRCS+= fpgetmask.c fpgetround.c fpgetsticky.c SRCS+= fpsetmask.c fpsetround.c fpsetsticky.c SRCS+= fpclassifyl.c SRCS+= isfinitel.c isinfl.c isnanl.c isnormall.c -SRCS+= signbitl.c +SRCS+= signbitl.c usertc.c diff --git lib/libc/arch/aarch64/gen/usertc.c lib/libc/arch/aarch64/gen/usertc.c new file mode 100644 index 000..6551854a010 --- /dev/null +++ lib/libc/arch/aarch64/gen/usertc.c @@ -0,0 +1,21 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL; diff --git lib/libc/arch/alpha/gen/Makefile.inc lib/libc/arch/alpha/gen/Makefile.inc index a44599d2cab..2a8abd32b61 100644 --- lib/libc/arch/alpha/gen/Makefile.inc +++ lib/libc/arch/alpha/gen/Makefile.inc @@ -3,5 +3,5 @@ SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.c nan.c setjmp.S SRCS+= flt_rounds.c fpgetmask.c fpgetround.c fpgetsticky.c fpsetmask.c \ - fpsetround.c fpsetsticky.c + fpsetround.c fpsetsticky.c usertc.c SRCS+= sigsetjmp.S diff --git lib/libc/arch/alpha/gen/usertc.c lib/libc/arch/alpha/gen/usertc.c new file mode 100644 index 000..6551854a010 --- /dev/null +++ lib/libc/arch/alpha/gen/usertc.c @@ -0,0 +1,21 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL; diff --git lib/libc/arch/amd64/gen/Makefile.inc lib/libc/arch/amd64/gen/Makefile.inc index e995309ed71..f6349e2b974 100644 --- lib/libc/arch/amd64/gen/Makefile.inc +++ lib/libc/arch/amd64/gen/Makefile.inc @@ -2,6 +2,7 @@ SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.S nan.c setjmp.S \ sigsetjmp.S -SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c +SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c \ + usertc.c SRCS+= flt_rounds.S fpgetmask.S fpgetround.S fpgetsticky.S fpsetmask.S \ fpsetround.S fpsetsticky.S diff --git lib/libc/arch/amd64/gen/usertc.c lib/libc/arch/amd64/gen/usertc.c new file mode 100644 index 000..56016c8eca1 --- /dev/null +++ lib/libc/arch/amd64/gen/usertc.c @@ -0,0 +1,41 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER
Re: lfence for rdtsc
Paul Irofti wrote: > If you change the name to rdtsc_ordered(), OK. That is a weaker name. Ordered in what way, at what level; ordered against what? This is using a specific pipeline ordering known as lfence. So it might as well say lfence. That is the technical name for that type of ordering. Being vague is unhelpful.
Re: lfence for rdtsc
On Sat, Jun 20, 2020 at 10:02:19PM +0200, Mark Kettenis wrote:
> RDTSC is not a serializing instruction; to make sure we get the TSC
> value corresponding to the position of RDTSC in te instruction stream
> we need a barrier. Linux uses LFENCE on machines where it is
> available. FreeBSD seems to prefer MFENCE for AMD CPUs but uses
> LFENCE for Intel CPUs. For now my thinjing is that what's good enough
> for Linux should be good enough for us. And on amd64 LFENCE is always
> available.
>
> This diff reduces the scatter in the skew values. Before I had
> occasional outliers of more than 200 cycles. Now the maximem values I see
> are around 60 cycles.
>
> I din't changes the rdtsc() call that reads the timecounter. But
> maybe that one should change as well? Bit of a tradeof between
> performance and accoracy I think.
>
> This also changes the skew print message (stolen from what Theo put in
> snaps). Printing the CPU number makes it easier to get statistics for
> a specific CPU. Diff also enabled the debug message. Maybe it should
> be committed this way and then disabled again later such that we can
> get some statistics?
>
> comments? ok?
If you change the name to rdtsc_ordered(), OK.
By the way, if you want to continue in this direction you can look into
adding support for the TSC_ADJUST MSR to synchronize TSC across CPUs
as described in Section 17.17.3 from the Intel manual.
> Index: arch/amd64/amd64/tsc.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/tsc.c,v
> retrieving revision 1.16
> diff -u -p -r1.16 tsc.c
> --- arch/amd64/amd64/tsc.c6 Apr 2020 00:01:08 - 1.16
> +++ arch/amd64/amd64/tsc.c20 Jun 2020 20:01:46 -
> @@ -100,9 +100,9 @@ get_tsc_and_timecount(struct timecounter
> int i;
>
> for (i = 0; i < RECALIBRATE_MAX_RETRIES; i++) {
> - tsc1 = rdtsc();
> + tsc1 = rdtsc_lfence();
> n = (tc->tc_get_timecount(tc) & tc->tc_counter_mask);
> - tsc2 = rdtsc();
> + tsc2 = rdtsc_lfence();
>
> if ((tsc2 - tsc1) < RECALIBRATE_SMI_THRESHOLD) {
> *count = n;
> @@ -216,8 +216,9 @@ tsc_get_timecount(struct timecounter *tc
> void
> tsc_timecounter_init(struct cpu_info *ci, uint64_t cpufreq)
> {
> +#define TSC_DEBUG
> #ifdef TSC_DEBUG
> - printf("%s: TSC skew=%lld observed drift=%lld\n", __func__,
> + printf("%s: TSC skew=%lld observed drift=%lld\n", ci->ci_dev->dv_xname,
> (long long)ci->ci_tsc_skew, (long long)tsc_drift_observed);
> #endif
>
> @@ -276,12 +277,12 @@ tsc_read_bp(struct cpu_info *ci, uint64_
>
> /* Flag it and read our TSC. */
> atomic_setbits_int(>ci_flags, CPUF_SYNCTSC);
> - bptsc = (rdtsc() >> 1);
> + bptsc = (rdtsc_lfence() >> 1);
>
> /* Wait for remote to complete, and read ours again. */
> while ((ci->ci_flags & CPUF_SYNCTSC) != 0)
> membar_consumer();
> - bptsc += (rdtsc() >> 1);
> + bptsc += (rdtsc_lfence() >> 1);
>
> /* Wait for the results to come in. */
> while (tsc_sync_cpu == ci)
> @@ -317,11 +318,11 @@ tsc_post_ap(struct cpu_info *ci)
> /* Wait for go-ahead from primary. */
> while ((ci->ci_flags & CPUF_SYNCTSC) == 0)
> membar_consumer();
> - tsc = (rdtsc() >> 1);
> + tsc = (rdtsc_lfence() >> 1);
>
> /* Instruct primary to read its counter. */
> atomic_clearbits_int(>ci_flags, CPUF_SYNCTSC);
> - tsc += (rdtsc() >> 1);
> + tsc += (rdtsc_lfence() >> 1);
>
> /* Post result. Ensure the whole value goes out atomically. */
> (void)atomic_swap_64(_sync_val, tsc);
> Index: arch/amd64/include/cpufunc.h
> ===
> RCS file: /cvs/src/sys/arch/amd64/include/cpufunc.h,v
> retrieving revision 1.34
> diff -u -p -r1.34 cpufunc.h
> --- arch/amd64/include/cpufunc.h 28 Jun 2019 21:54:05 - 1.34
> +++ arch/amd64/include/cpufunc.h 20 Jun 2020 20:01:46 -
> @@ -292,6 +292,15 @@ rdtsc(void)
> }
>
> static __inline u_int64_t
> +rdtsc_lfence(void)
> +{
> + uint32_t hi, lo;
> +
> + __asm volatile("lfence; rdtsc" : "=d" (hi), "=a" (lo));
> + return (((uint64_t)hi << 32) | (uint64_t) lo);
> +}
> +
> +static __inline u_int64_t
> rdpmc(u_int pmc)
> {
> uint32_t hi, lo;
Re: userland clock_gettime proof of concept
> b) Revert _timekeep init (breaks naddy@'s machine)
Robert helped properly track down this issue to a silly null-ref. This
new diff addresses this and also does not initialize _timekeep as Mark
wanted.
diff --git lib/libc/arch/aarch64/gen/Makefile.inc
lib/libc/arch/aarch64/gen/Makefile.inc
index a7b1b73f3ef..ee198f5d611 100644
--- lib/libc/arch/aarch64/gen/Makefile.inc
+++ lib/libc/arch/aarch64/gen/Makefile.inc
@@ -9,4 +9,4 @@ SRCS+= fpgetmask.c fpgetround.c fpgetsticky.c
SRCS+= fpsetmask.c fpsetround.c fpsetsticky.c
SRCS+= fpclassifyl.c
SRCS+= isfinitel.c isinfl.c isnanl.c isnormall.c
-SRCS+= signbitl.c
+SRCS+= signbitl.c usertc.c
diff --git lib/libc/arch/aarch64/gen/usertc.c lib/libc/arch/aarch64/gen/usertc.c
new file mode 100644
index 000..6551854a010
--- /dev/null
+++ lib/libc/arch/aarch64/gen/usertc.c
@@ -0,0 +1,21 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2020 Paul Irofti
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL;
diff --git lib/libc/arch/alpha/gen/Makefile.inc
lib/libc/arch/alpha/gen/Makefile.inc
index a44599d2cab..2a8abd32b61 100644
--- lib/libc/arch/alpha/gen/Makefile.inc
+++ lib/libc/arch/alpha/gen/Makefile.inc
@@ -3,5 +3,5 @@
SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.c nan.c setjmp.S
SRCS+= flt_rounds.c fpgetmask.c fpgetround.c fpgetsticky.c fpsetmask.c \
- fpsetround.c fpsetsticky.c
+ fpsetround.c fpsetsticky.c usertc.c
SRCS+= sigsetjmp.S
diff --git lib/libc/arch/alpha/gen/usertc.c lib/libc/arch/alpha/gen/usertc.c
new file mode 100644
index 000..6551854a010
--- /dev/null
+++ lib/libc/arch/alpha/gen/usertc.c
@@ -0,0 +1,21 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2020 Paul Irofti
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL;
diff --git lib/libc/arch/amd64/gen/Makefile.inc
lib/libc/arch/amd64/gen/Makefile.inc
index e995309ed71..f6349e2b974 100644
--- lib/libc/arch/amd64/gen/Makefile.inc
+++ lib/libc/arch/amd64/gen/Makefile.inc
@@ -2,6 +2,7 @@
SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.S nan.c setjmp.S \
sigsetjmp.S
-SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c
+SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c \
+ usertc.c
SRCS+= flt_rounds.S fpgetmask.S fpgetround.S fpgetsticky.S fpsetmask.S \
fpsetround.S fpsetsticky.S
diff --git lib/libc/arch/amd64/gen/usertc.c lib/libc/arch/amd64/gen/usertc.c
new file mode 100644
index 000..56016c8eca1
--- /dev/null
+++ lib/libc/arch/amd64/gen/usertc.c
@@ -0,0 +1,41 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2020 Paul Irofti
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+static inline u_int
+rdtsc(void)
+{
+
Re: WireGuard patchset for OpenBSD, rev. 3
On Fri, Jun 19, 2020 at 06:46:00PM +1000, Matt Dunwoodie wrote: > Hi all, > > After the previous submission of WireGuard, we've again been through a > number of improvements. Thank you everyone for your feedback. Hi, While giving wireguard a try, I found that this patch is needed to fix ifconfig(8) documentation : diff --git sbin/ifconfig/ifconfig.8 sbin/ifconfig/ifconfig.8 index 29edeb60793..93429b4c103 100644 --- sbin/ifconfig/ifconfig.8 +++ sbin/ifconfig/ifconfig.8 @@ -2056,7 +2056,7 @@ Packets on a VLAN interface without a tag set will use a value of .Op Cm wgpsk Ar presharedkey .Op Fl wgpsk .Op Cm wgpka Ar persistent-keepalive -.Op Cm wgpip Ar ip port +.Op Cm wgendpoint Ar ip port .Op Cm wgaip Ar allowed-ip/prefix .Oc .Op Fl wgpeerall @@ -2137,7 +2137,7 @@ By default this functionality is disabled, equivalent to a value of 0. This is often used to ensure a peer will be accessible when protected by a firewall, as is when behind a NAT address. A value of 25 is commonly used. -.It Cm wgpip Ar ip port +.It Cm wgendpoint Ar ip port Set the IP address and port to send the encapsulated packets to. If the peer changes address, the local interface will update the address after receiving a correctly authenticated packet. -- Matthieu Herrb
Re: WireGuard patchset for OpenBSD, rev. 3
On Sun, Jun 21, 2020 at 12:52:53PM +0200, Matthieu Herrb wrote: > On Fri, Jun 19, 2020 at 06:46:00PM +1000, Matt Dunwoodie wrote: > > Hi all, > > > > After the previous submission of WireGuard, we've again been through a > > number of improvements. Thank you everyone for your feedback. > > Hi, > > While giving wireguard a try, I found that this patch is needed to fix > ifconfig(8) documentation : Oh yeah, I hit that too. OK by me. > > diff --git sbin/ifconfig/ifconfig.8 sbin/ifconfig/ifconfig.8 > index 29edeb60793..93429b4c103 100644 > --- sbin/ifconfig/ifconfig.8 > +++ sbin/ifconfig/ifconfig.8 > @@ -2056,7 +2056,7 @@ Packets on a VLAN interface without a tag set will use > a value of > .Op Cm wgpsk Ar presharedkey > .Op Fl wgpsk > .Op Cm wgpka Ar persistent-keepalive > -.Op Cm wgpip Ar ip port > +.Op Cm wgendpoint Ar ip port > .Op Cm wgaip Ar allowed-ip/prefix > .Oc > .Op Fl wgpeerall > @@ -2137,7 +2137,7 @@ By default this functionality is disabled, equivalent > to a value of 0. > This is often used to ensure a peer will be accessible when protected by > a firewall, as is when behind a NAT address. > A value of 25 is commonly used. > -.It Cm wgpip Ar ip port > +.It Cm wgendpoint Ar ip port > Set the IP address and port to send the encapsulated packets to. > If the peer changes address, the local interface will update the address > after receiving a correctly authenticated packet. > > -- > Matthieu Herrb >
fsck_ffs: faster with lots of cylinder groups
Hi,
both phase 1 and phase 5 need cylinder group metadata. This diff
keeps the cg data read in phase 1 in memory to be used by phase 5 if
possible. From FreeBSD.
-Otto
On an empty 30T fileystem:
$ time obj/fsck_ffs -f /dev/sd3a
2m44.10s real 0m13.21s user 0m07.38s system
$ time doas obj/fsck_ffs -f /dev/sd3a
1m32.81s real 0m12.86s user 0m05.25s system
The difference will be less if a fileystem is filled up, but still nice.
-Otto
Index: fsck.h
===
RCS file: /cvs/src/sbin/fsck_ffs/fsck.h,v
retrieving revision 1.32
diff -u -p -r1.32 fsck.h
--- fsck.h 5 Jan 2018 09:33:47 - 1.32
+++ fsck.h 21 Jun 2020 12:48:50 -
@@ -136,7 +136,6 @@ struct bufarea {
struct bufarea bufhead;/* head of list of other blks in
filesys */
struct bufarea sblk; /* file system superblock */
struct bufarea asblk; /* alternate file system superblock */
-struct bufarea cgblk; /* cylinder group blocks */
struct bufarea *pdirbp;/* current directory contents */
struct bufarea *pbp; /* current inode block */
struct bufarea *getdatablk(daddr_t, long);
@@ -148,9 +147,7 @@ struct bufarea *getdatablk(daddr_t, long
(bp)->b_flags = 0;
#definesbdirty() sblk.b_dirty = 1
-#definecgdirty() cgblk.b_dirty = 1
#definesblock (*sblk.b_un.b_fs)
-#definecgrp(*cgblk.b_un.b_cg)
enum fixstate {DONTKNOW, NOFIX, FIX, IGNORE};
@@ -275,9 +272,13 @@ struct ufs2_dinode ufs2_zino;
#defineFOUND 0x10
union dinode *ginode(ino_t);
+struct bufarea *cglookup(u_int cg);
struct inoinfo *getinoinfo(ino_t);
void getblk(struct bufarea *, daddr_t, long);
ino_t allocino(ino_t, int);
+void *Malloc(size_t);
+void *Calloc(size_t, size_t);
+void *Reallocarray(void *, size_t, size_t);
int(*info_fn)(char *, size_t);
char *info_filesys;
Index: inode.c
===
RCS file: /cvs/src/sbin/fsck_ffs/inode.c,v
retrieving revision 1.49
diff -u -p -r1.49 inode.c
--- inode.c 16 Sep 2018 02:43:11 - 1.49
+++ inode.c 21 Jun 2020 12:48:50 -
@@ -370,7 +370,7 @@ setinodebuf(ino_t inum)
partialsize = inobufsize;
}
if (inodebuf == NULL &&
- (inodebuf = malloc((unsigned)inobufsize)) == NULL)
+ (inodebuf = Malloc((unsigned)inobufsize)) == NULL)
errexit("Cannot allocate space for inode buffer\n");
}
@@ -401,7 +401,7 @@ cacheino(union dinode *dp, ino_t inumber
blks = howmany(DIP(dp, di_size), sblock.fs_bsize);
if (blks > NDADDR)
blks = NDADDR + NIADDR;
- inp = malloc(sizeof(*inp) + (blks ? blks - 1 : 0) * sizeof(daddr_t));
+ inp = Malloc(sizeof(*inp) + (blks ? blks - 1 : 0) * sizeof(daddr_t));
if (inp == NULL)
errexit("cannot allocate memory for inode cache\n");
inpp = [inumber % numdirs];
@@ -423,10 +423,10 @@ cacheino(union dinode *dp, ino_t inumber
inp->i_blks[NDADDR + i] = DIP(dp, di_ib[i]);
if (inplast == listmax) {
newlistmax = listmax + 100;
- newinpsort = reallocarray(inpsort,
+ newinpsort = Reallocarray(inpsort,
(unsigned)newlistmax, sizeof(struct inoinfo *));
if (newinpsort == NULL)
- errexit("cannot increase directory list");
+ errexit("cannot increase directory list\n");
inpsort = newinpsort;
listmax = newlistmax;
}
@@ -582,7 +582,8 @@ allocino(ino_t request, int type)
{
ino_t ino;
union dinode *dp;
- struct cg *cgp =
+ struct bufarea *cgbp;
+ struct cg *cgp;
int cg;
time_t t;
struct inostat *info;
@@ -602,7 +603,7 @@ allocino(ino_t request, int type)
unsigned long newalloced, i;
newalloced = MINIMUM(sblock.fs_ipg,
MAXIMUM(2 * inostathead[cg].il_numalloced, 10));
- info = calloc(newalloced, sizeof(struct inostat));
+ info = Calloc(newalloced, sizeof(struct inostat));
if (info == NULL) {
pwarn("cannot alloc %zu bytes to extend inoinfo\n",
sizeof(struct inostat) * newalloced);
@@ -619,7 +620,8 @@ allocino(ino_t request, int type)
inostathead[cg].il_numalloced = newalloced;
info = inoinfo(ino);
}
- getblk(, cgtod(, cg), sblock.fs_cgsize);
+ cgbp = cglookup(cg);
+ cgp = cgbp->b_un.b_cg;
if (!cg_chkmagic(cgp))
pfatal("CG %d: BAD MAGIC NUMBER\n", cg);
setbit(cg_inosused(cgp), ino % sblock.fs_ipg);
@@ -637,7 +639,7 @@ allocino(ino_t request, int type)
default:
Re: WireGuard patchset for OpenBSD, rev. 3
Along that line, does wireguard have any problems using alias addresses? It's not a problem with IKEv1 but it is with IKEv2. Thanks! Chris
Re: userland clock_gettime proof of concept
Paul Irofti:
> This also handles negative skew values that my prevoius diff did not.
> --- sys/arch/amd64/amd64/tsc.c
> +++ sys/arch/amd64/amd64/tsc.c
> @@ -216,6 +217,8 @@ tsc_get_timecount(struct timecounter *tc)
> void
> tsc_timecounter_init(struct cpu_info *ci, uint64_t cpufreq)
> {
> + CPU_INFO_ITERATOR cii;
> +
> #ifdef TSC_DEBUG
> printf("%s: TSC skew=%lld observed drift=%lld\n", __func__,
> (long long)ci->ci_tsc_skew, (long long)tsc_drift_observed);
> @@ -244,8 +247,16 @@ tsc_timecounter_init(struct cpu_info *ci, uint64_t
> cpufreq)
> printf("ERROR: %lld cycle TSC drift observed\n",
> (long long)tsc_drift_observed);
> tsc_timecounter.tc_quality = -1000;
> + tsc_timecounter.tc_user = 0;
> tsc_is_invariant = 0;
> }
> + CPU_INFO_FOREACH(cii, ci) {
> + if (ci->ci_tsc_skew < -TSC_SKEW_MAX ||
> + ci->ci_tsc_skew > TSC_SKEW_MAX) {
> + tsc_timecounter.tc_user = 0;
> + break;
> + }
> + }
>
> tc_init(_timecounter);
> }
If the output order from TSC_DEBUG in dmesg reflects the actual
execution order, then the relative call order is this:
cpu0 tsc_timecounter_init
cpu1 cpu_start_secondary
cpu1 tsc_timecounter_init
cpu2 cpu_start_secondary
cpu2 tsc_timecounter_init
cpu3 cpu_start_secondary
cpu3 tsc_timecounter_init
That CPU_INFO_FOREACH() loop would execute in the very first cpu0
tsc_timecounter_init() call, _before_ the skews of the other CPUs
are determined in the subsequent cpu_start_secondary() calls.
So, instead, I think the skew check needs to move to the top of
tsc_timecounter_init, where each secondary CPU checks its own skew
value and knocks out tsc_timecounter.tc_user if there is a problem.
Unless I'm misunderstanding the whole thing.
--
Christian "naddy" Weisgerber na...@mips.inka.de
Re: lfence for rdtsc
> Date: Sun, 21 Jun 2020 16:55:56 +0100 > From: Stuart Henderson > > On 2020/06/21 18:46, Paul Irofti wrote: > > > > > > În 21 iunie 2020 16:30:43 EEST, Theo de Raadt a scris: > > >Paul Irofti wrote: > > > > > >> If you change the name to rdtsc_ordered(), OK. > > > > > >That is a weaker name. > > > > > >Ordered in what way, at what level; ordered against what? > > > > > >This is using a specific pipeline ordering known as lfence. > > >So it might as well say lfence. That is the technical name for > > >that type of ordering. Being vague is unhelpful. > > > > > > Ok then, if you think that's best. > > > > Any idea why in > https://www.intel.com/content/www/us/en/embedded/training/ia-32-ia-64-benchmark-code-execution-paper.html > they are using cpuid to serialize access instead of lfence? Yes; LFENCE only exists on machines with SSE2. So if you want something that works on older (32-bit) CPUs you need to use a different instruction. CPUID is the canonical choice for that.
Re: sample unbound.conf tweak
On Sun, Jun 21, 2020 at 04:47:22PM +0100, Stuart Henderson wrote: > An "uncomment" was left in when we reenabled dnssec by default, > and it seems a bit pointless to say "comment out to disable". ok? Reads better, yes. > Index: unbound.conf > === > RCS file: /cvs/src/etc/unbound.conf,v > retrieving revision 1.19 > diff -u -p -r1.19 unbound.conf > --- unbound.conf7 Nov 2019 15:46:37 - 1.19 > +++ unbound.conf21 Jun 2020 15:46:34 - > @@ -19,12 +19,12 @@ server: > hide-identity: yes > hide-version: yes > > - # Perform DNSSEC validation. Comment out the below option to > disable. Your MUA broke this line, it seems. > + # Perform DNSSEC validation. > # > auto-trust-anchor-file: "/var/unbound/db/root.key" > val-log-level: 2 > > - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains > + # Synthesize NXDOMAINs from DNSSEC NSEC chains. > # https://tools.ietf.org/html/rfc8198 > # > aggressive-nsec: yes >
Re: userland clock_gettime proof of concept
Paul Irofti:
> > b) Revert _timekeep init (breaks naddy@'s machine)
>
> Robert helped properly track down this issue to a silly null-ref.
If that was indeed the problem...
> --- lib/libc/dlfcn/init.c
> +++ lib/libc/dlfcn/init.c
> @@ -105,6 +107,14 @@ _libc_preinit(int argc, char **argv, char **envp,
> dl_cb_cb *cb)
> phnum = aux->au_v;
> break;
> #endif /* !PIC */
> + case AUX_openbsd_timekeep:
> + if (_tc_get_timecount) {
> + _timekeep = (void *)aux->au_v;
> + if (_timekeep &&
> + _timekeep->tk_version != TK_VERSION)
> + _timekeep = NULL;
> + }
> + break;
> }
> }
>
... how could aux->au_v be NULL here?
--
Christian "naddy" Weisgerber na...@mips.inka.de
vlan and bridge panic with latest snapshot
Hi all,
with today's snapshot from 21-Jun-2020 09:34
OpenBSD 6.7-current (GENERIC.MP) #286: Sun Jun 21 08:51:29 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
if i do "ifconfig vlan" i'm getting assert
x3550m4# ifconfig vlan
vlan100: flags=8splassert: vlan_ioctl: want 2 have 0
Starting stack trace...
vlan_ioctl(80bb4800,c02069d3,800021f6f5d0) at vlan_ioctl+0x65
ifioctl(fd8785005668,c02069d3,800021f6f5d0,800021ffb130) at
ifioctl+0x91c
soo_ioctl(fd8784e6d630,c02069d3,800021f6f5d0,800021ffb130)
at soo_ioctl+0x171
sys_ioctl(800021ffb130,800021f6f6e0,800021f6f740) at
sys_ioctl+0x2df
syscall(800021f6f7b0) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7e53d0, count: 251
End of stack trace.
with ifconfig bridge0 up everything seems fine but ifconfig bridge0
destroy and ifconfig after that get me panic ..
x3550m4# ifconfig
lo0: flags=8049 msplassert: vlan_ioctl:
want 2 have 0
Starting stack trace...
vlan_ioctl(80bb4800,c02069d3,800021f6f510) at vlan_ioctl+0x65
ifioctl(fd8785005668,c02069d3,800021f6f510,800021ffb130) at
ifioctl+0x91c
soo_ioctl(fd8784e6d630,c02069d3,800021f6f510,800021ffb130)
at soo_ioctl+0x171
sys_ioctl(800021ffb130,800021f6f620,800021f6f680) at
sys_ioctl+0x2df
syscall(800021f6f6f0) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ddd20, count: 251
End of stack trace.
tu 32768
indexpanic: netlock: lock not held
Stopped at db_enter+0x10: popq%rbp
TIDPIDUID PRFLAGS PFLAGS CPU COMMAND
*505095 3193 0 0x3 03K ifconfig
db_enter() at db_enter+0x10
panic(81dbfaab) at panic+0x128
rw_exit_write(820e6138) at rw_exit_write+0xb5
bridge_ioctl(81754000,c02069d3,800021f6f510) at
bridge_ioctl+0x42
ifioctl(fd8785005668,c02069d3,800021f6f510,800021ffb130) at
ifioctl+0x91c
soo_ioctl(fd8784e6d630,c02069d3,800021f6f510,800021ffb130)
at soo_ioctl+0x171
sys_ioctl(800021ffb130,800021f6f620,800021f6f680) at
sys_ioctl+0x2df
syscall(800021f6f6f0) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ddd20, count: 6
https://www.openbsd.org/ddb.html describes the minimum info required in
bugreports. Insufficient info makes it difficult to find and fix bugs.
ddb{3}> show panic
netlock: lock not held
ddb{3}> trace
db_enter() at db_enter+0x10
panic(81dbfaab) at panic+0x128
rw_exit_write(820e6138) at rw_exit_write+0xb5
bridge_ioctl(81754000,c02069d3,800021f6f510) at
bridge_ioctl+0x42
ifioctl(fd8785005668,c02069d3,800021f6f510,800021ffb130) at
ifioctl+0x91c
soo_ioctl(fd8784e6d630,c02069d3,800021f6f510,800021ffb130)
at soo_ioctl+0x171
sys_ioctl(800021ffb130,800021f6f620,800021f6f680) at
sys_ioctl+0x2df
syscall(800021f6f6f0) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ddd20, count: -9
Re: sample unbound.conf tweak
On 2020/06/21 18:29, Klemens Nanni wrote: > On Sun, Jun 21, 2020 at 04:47:22PM +0100, Stuart Henderson wrote: > > An "uncomment" was left in when we reenabled dnssec by default, > > and it seems a bit pointless to say "comment out to disable". ok? > Reads better, yes. > > > Index: unbound.conf > > === > > RCS file: /cvs/src/etc/unbound.conf,v > > retrieving revision 1.19 > > diff -u -p -r1.19 unbound.conf > > --- unbound.conf7 Nov 2019 15:46:37 - 1.19 > > +++ unbound.conf21 Jun 2020 15:46:34 - > > @@ -19,12 +19,12 @@ server: > > hide-identity: yes > > hide-version: yes > > > > - # Perform DNSSEC validation. Comment out the below option to > > disable. > Your MUA broke this line, it seems. editor actually. thanks. > > > + # Perform DNSSEC validation. > > # > > auto-trust-anchor-file: "/var/unbound/db/root.key" > > val-log-level: 2 > > > > - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains > > + # Synthesize NXDOMAINs from DNSSEC NSEC chains. > > # https://tools.ietf.org/html/rfc8198 > > # > > aggressive-nsec: yes > > >
Re: userland clock_gettime proof of concept
On Sun, Jun 21, 2020 at 08:18:57PM +0200, Christian Weisgerber wrote: > Paul Irofti: > > > Can't test right now, but if you enable the TSC_DEBUG in cpu.c or if you > > put a printf in the CPU_INFO_FOREACH you will probably see the correct > > skew values. > > It's worse: CPU_INFO_FOREACH() only sees cpu0. The others aren't > attached yet. Right. Just reproduced it here. This moves the check at the top so that each CPU checks its own skew and disables tc_user if necessary. diff --git lib/libc/arch/aarch64/gen/Makefile.inc lib/libc/arch/aarch64/gen/Makefile.inc index a7b1b73f3ef..ee198f5d611 100644 --- lib/libc/arch/aarch64/gen/Makefile.inc +++ lib/libc/arch/aarch64/gen/Makefile.inc @@ -9,4 +9,4 @@ SRCS+= fpgetmask.c fpgetround.c fpgetsticky.c SRCS+= fpsetmask.c fpsetround.c fpsetsticky.c SRCS+= fpclassifyl.c SRCS+= isfinitel.c isinfl.c isnanl.c isnormall.c -SRCS+= signbitl.c +SRCS+= signbitl.c usertc.c diff --git lib/libc/arch/aarch64/gen/usertc.c lib/libc/arch/aarch64/gen/usertc.c new file mode 100644 index 000..6551854a010 --- /dev/null +++ lib/libc/arch/aarch64/gen/usertc.c @@ -0,0 +1,21 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL; diff --git lib/libc/arch/alpha/gen/Makefile.inc lib/libc/arch/alpha/gen/Makefile.inc index a44599d2cab..2a8abd32b61 100644 --- lib/libc/arch/alpha/gen/Makefile.inc +++ lib/libc/arch/alpha/gen/Makefile.inc @@ -3,5 +3,5 @@ SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.c nan.c setjmp.S SRCS+= flt_rounds.c fpgetmask.c fpgetround.c fpgetsticky.c fpsetmask.c \ - fpsetround.c fpsetsticky.c + fpsetround.c fpsetsticky.c usertc.c SRCS+= sigsetjmp.S diff --git lib/libc/arch/alpha/gen/usertc.c lib/libc/arch/alpha/gen/usertc.c new file mode 100644 index 000..6551854a010 --- /dev/null +++ lib/libc/arch/alpha/gen/usertc.c @@ -0,0 +1,21 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#include +#include + +int (*const _tc_get_timecount)(struct timekeep *, u_int *) = NULL; diff --git lib/libc/arch/amd64/gen/Makefile.inc lib/libc/arch/amd64/gen/Makefile.inc index e995309ed71..f6349e2b974 100644 --- lib/libc/arch/amd64/gen/Makefile.inc +++ lib/libc/arch/amd64/gen/Makefile.inc @@ -2,6 +2,7 @@ SRCS+= _setjmp.S fabs.S infinity.c ldexp.c modf.S nan.c setjmp.S \ sigsetjmp.S -SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c +SRCS+= fpclassifyl.c isfinitel.c isinfl.c isnanl.c isnormall.c signbitl.c \ + usertc.c SRCS+= flt_rounds.S fpgetmask.S fpgetround.S fpgetsticky.S fpsetmask.S \ fpsetround.S fpsetsticky.S diff --git lib/libc/arch/amd64/gen/usertc.c lib/libc/arch/amd64/gen/usertc.c new file mode 100644 index 000..56016c8eca1 --- /dev/null +++ lib/libc/arch/amd64/gen/usertc.c @@ -0,0 +1,41 @@ +/* $OpenBSD$ */ +/* + * Copyright (c) 2020 Paul Irofti + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER
Re: WireGuard patchset for OpenBSD, rev. 3
On Sun, Jun 21, 2020 at 10:06:52AM -0400, Sonic wrote: > Along that line, does wireguard have any problems using alias > addresses? It's not a problem with IKEv1 but it is with IKEv2. > > Thanks! > > Chris I still don't see how this is a problem with IKEv2, so don't spread any rumours and instead have a look at my response to your mail on misc@. Patrick
Re: userland clock_gettime proof of concept
Paul Irofti: [Unrelated, just to mark where we're at] > Right. Just reproduced it here. This moves the check at the top so that > each CPU checks its own skew and disables tc_user if necessary. I tweaked the patch locally to make _timekeep a visible global symbol in libc. Printing its value has revealed two issues: * The timekeep page is mapped to the same address for every process. It changes across reboots, but once running, it's always the same. kettenis suggested - vaddr_t va; + vaddr_t va = 0; in exec_timekeep_map(), but that doesn't make a difference. * I'm indeed seeing init(8) with _timekeep == NULL. -- Christian "naddy" Weisgerber na...@mips.inka.de
sample unbound.conf tweak
An "uncomment" was left in when we reenabled dnssec by default, and it seems a bit pointless to say "comment out to disable". ok? Index: unbound.conf === RCS file: /cvs/src/etc/unbound.conf,v retrieving revision 1.19 diff -u -p -r1.19 unbound.conf --- unbound.conf7 Nov 2019 15:46:37 - 1.19 +++ unbound.conf21 Jun 2020 15:46:34 - @@ -19,12 +19,12 @@ server: hide-identity: yes hide-version: yes - # Perform DNSSEC validation. Comment out the below option to disable. + # Perform DNSSEC validation. # auto-trust-anchor-file: "/var/unbound/db/root.key" val-log-level: 2 - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains + # Synthesize NXDOMAINs from DNSSEC NSEC chains. # https://tools.ietf.org/html/rfc8198 # aggressive-nsec: yes
Re: lfence for rdtsc
În 21 iunie 2020 16:30:43 EEST, Theo de Raadt a scris: >Paul Irofti wrote: > >> If you change the name to rdtsc_ordered(), OK. > >That is a weaker name. > >Ordered in what way, at what level; ordered against what? > >This is using a specific pipeline ordering known as lfence. >So it might as well say lfence. That is the technical name for >that type of ordering. Being vague is unhelpful. Ok then, if you think that's best.
Re: userland clock_gettime proof of concept
On Sun, Jun 21, 2020 at 05:44:36PM +0200, Christian Weisgerber wrote:
> Paul Irofti:
>
> > This also handles negative skew values that my prevoius diff did not.
>
> > --- sys/arch/amd64/amd64/tsc.c
> > +++ sys/arch/amd64/amd64/tsc.c
> > @@ -216,6 +217,8 @@ tsc_get_timecount(struct timecounter *tc)
> > void
> > tsc_timecounter_init(struct cpu_info *ci, uint64_t cpufreq)
> > {
> > + CPU_INFO_ITERATOR cii;
> > +
> > #ifdef TSC_DEBUG
> > printf("%s: TSC skew=%lld observed drift=%lld\n", __func__,
> > (long long)ci->ci_tsc_skew, (long long)tsc_drift_observed);
> > @@ -244,8 +247,16 @@ tsc_timecounter_init(struct cpu_info *ci, uint64_t
> > cpufreq)
> > printf("ERROR: %lld cycle TSC drift observed\n",
> > (long long)tsc_drift_observed);
> > tsc_timecounter.tc_quality = -1000;
> > + tsc_timecounter.tc_user = 0;
> > tsc_is_invariant = 0;
> > }
> > + CPU_INFO_FOREACH(cii, ci) {
> > + if (ci->ci_tsc_skew < -TSC_SKEW_MAX ||
> > + ci->ci_tsc_skew > TSC_SKEW_MAX) {
> > + tsc_timecounter.tc_user = 0;
> > + break;
> > + }
> > + }
> >
> > tc_init(_timecounter);
> > }
>
> If the output order from TSC_DEBUG in dmesg reflects the actual
> execution order, then the relative call order is this:
>
> cpu0 tsc_timecounter_init
> cpu1 cpu_start_secondary
> cpu1 tsc_timecounter_init
> cpu2 cpu_start_secondary
> cpu2 tsc_timecounter_init
> cpu3 cpu_start_secondary
> cpu3 tsc_timecounter_init
>
> That CPU_INFO_FOREACH() loop would execute in the very first cpu0
> tsc_timecounter_init() call, _before_ the skews of the other CPUs
> are determined in the subsequent cpu_start_secondary() calls.
>
> So, instead, I think the skew check needs to move to the top of
> tsc_timecounter_init, where each secondary CPU checks its own skew
> value and knocks out tsc_timecounter.tc_user if there is a problem.
>
> Unless I'm misunderstanding the whole thing.
I think the diff is fine as the skew is computed during cpu_hatch which
is the first function called after the MP_TRAMPOLINE and before
timecounter_init().
Can't test right now, but if you enable the TSC_DEBUG in cpu.c or if you
put a printf in the CPU_INFO_FOREACH you will probably see the correct
skew values.
If you test before I do and you don't see them, please let me know.
Thanks,
Paul
Re: sample unbound.conf tweak
On Sun, Jun 21, 2020 at 04:47:22PM +0100, Stuart Henderson wrote: > An "uncomment" was left in when we reenabled dnssec by default, > and it seems a bit pointless to say "comment out to disable". ok? > makes sense, ok with me. > > Index: unbound.conf > === > RCS file: /cvs/src/etc/unbound.conf,v > retrieving revision 1.19 > diff -u -p -r1.19 unbound.conf > --- unbound.conf7 Nov 2019 15:46:37 - 1.19 > +++ unbound.conf21 Jun 2020 15:46:34 - > @@ -19,12 +19,12 @@ server: > hide-identity: yes > hide-version: yes > > - # Perform DNSSEC validation. Comment out the below option to > disable. > + # Perform DNSSEC validation. > # > auto-trust-anchor-file: "/var/unbound/db/root.key" > val-log-level: 2 > > - # Uncomment to synthesize NXDOMAINs from DNSSEC NSEC chains > + # Synthesize NXDOMAINs from DNSSEC NSEC chains. > # https://tools.ietf.org/html/rfc8198 > # > aggressive-nsec: yes >
Re: lfence for rdtsc
On Sun, Jun 21, 2020 at 04:55:56PM +0100, Stuart Henderson wrote: > On 2020/06/21 18:46, Paul Irofti wrote: > > > > > > În 21 iunie 2020 16:30:43 EEST, Theo de Raadt a scris: > > >Paul Irofti wrote: > > > > > >> If you change the name to rdtsc_ordered(), OK. > > > > > >That is a weaker name. > > > > > >Ordered in what way, at what level; ordered against what? > > > > > >This is using a specific pipeline ordering known as lfence. > > >So it might as well say lfence. That is the technical name for > > >that type of ordering. Being vague is unhelpful. > > > > > > Ok then, if you think that's best. > > > > Any idea why in > https://www.intel.com/content/www/us/en/embedded/training/ia-32-ia-64-benchmark-code-execution-paper.html > they are using cpuid to serialize access instead of lfence? If I remember correctly it is because it is also a serializing instruction, but nowadays it is more expensive than lfence.
install npppd.conf with mode 0600
We installing `npppd-users' with uid:gid root:wheel and mode 0600
because it consists sensitive data but mode for npppd.conf is 0640.
npppd.conf can also have radius passwords and nothing requires to allow
it be readable by group. So set it's permissions to 0600.
Index: usr.sbin/npppd/Makefile
===
RCS file: /cvs/src/usr.sbin/npppd/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- usr.sbin/npppd/Makefile 14 Mar 2013 16:20:46 - 1.6
+++ usr.sbin/npppd/Makefile 21 Jun 2020 13:37:50 -
@@ -6,7 +6,7 @@
SUBDIR+= npppd
distribution:
- ${INSTALL} -C -o root -g wheel -m 0640 ${.CURDIR}/npppd/npppd.conf \
+ ${INSTALL} -C -o root -g wheel -m 0600 ${.CURDIR}/npppd/npppd.conf \
${DESTDIR}/etc/npppd/npppd.conf
${INSTALL} -C -o root -g wheel -m 0600 ${.CURDIR}/npppd/npppd-users \
${DESTDIR}/etc/npppd/npppd-users
Re: lfence for rdtsc
> From: "Theo de Raadt" > Date: Sun, 21 Jun 2020 07:30:43 -0600 > > Paul Irofti wrote: > > > If you change the name to rdtsc_ordered(), OK. > > That is a weaker name. > > Ordered in what way, at what level; ordered against what? > > This is using a specific pipeline ordering known as lfence. > So it might as well say lfence. That is the technical name for > that type of ordering. Being vague is unhelpful. But maybe the default rdtsc() should include the lfence. And then we could have rdtsc_unordered() for this cases that don't care about ordering. As I wrote in my first mail, cpu_rnd_messybits() may want to use that. And maybe one of the network stack people should investigate what the impact of having the fence in the timecounter is?
Re: lfence for rdtsc
On 2020/06/21 18:46, Paul Irofti wrote: > > > În 21 iunie 2020 16:30:43 EEST, Theo de Raadt a scris: > >Paul Irofti wrote: > > > >> If you change the name to rdtsc_ordered(), OK. > > > >That is a weaker name. > > > >Ordered in what way, at what level; ordered against what? > > > >This is using a specific pipeline ordering known as lfence. > >So it might as well say lfence. That is the technical name for > >that type of ordering. Being vague is unhelpful. > > > Ok then, if you think that's best. > Any idea why in https://www.intel.com/content/www/us/en/embedded/training/ia-32-ia-64-benchmark-code-execution-paper.html they are using cpuid to serialize access instead of lfence?
Re: userland clock_gettime proof of concept
Paul Irofti wrote: > > > > Ãn 22 iunie 2020 01:26:16 EEST, Christian Weisgerber a > scris: > >Christian Weisgerber: > > > >> I tweaked the patch locally to make _timekeep a visible global > >> symbol in libc. > >> > >> Printing its value has revealed two issues: > >> > >> * The timekeep page is mapped to the same address for every process. > >> It changes across reboots, but once running, it's always the same. > >> kettenis suggested > >> - vaddr_t va; > >> + vaddr_t va = 0; > >> in exec_timekeep_map(), but that doesn't make a difference. > > > >But that's the kernel mapping, and my observation concerns the > >userland mapping. So based on this, I moved ps_timekeep up into > >the fields of struct process that are zeroed on creation. > >With that, _timekeep is always 0 for all processes. :-/ > > > I don't understand what problem you are trying to solve. Is it that timekeep > is the same? That's because we create only one page and the address gets > copied on fork. The diff was not designed to have timekeep zero'd on every > process so it doesn't account for it. And I think you aren't listening. He is saying it is at the same VA in *every* userland process. Since most processes do use this little system call execve, it is implausible for it to be at the same place, just like it is implausible for the signal tramp to be same place, or ld.so, or libc.
Re: use libc base64 code instead of libcrypt for ifconfig wg key handling
On Mon, 22 Jun 2020 11:01:05 +1000, David Gwynne wrote: > libc has undocumented base64 encoding and decoding funtionality. this > cuts ifconfig over to using it instead of the code in libcrypto. > > whether the libc functionality should be "blessed" and documented is a > separate issue. OK millert@ - todd
Re: WireGuard patchset for OpenBSD, rev. 3
On Sun, 21 Jun 2020 15:54:00 +0200 Matthieu Herrb wrote: > Hi, > > I was wondering if there is a way to specify a routing domain/table > for wgendpoint in ifconfig(8). > > In a VPN client setup (roadwarrior style) I'd like to keep wg0 in > rdomain 0 and put the actual physical interface in rdomain 1. So that > all daemons (smtpd, unwind, ...) use the VPN by default and only the > strict minimum to setup the VPN runs in rdomain 1. > > Everything works if I set wg0 in rdomain1 and keep my re0 interface in > rdomain 0, but as soon as I set rdomain 1 for re0 and rdomain 0 for > wg0, the VPN cannot come up (and I see the UDP packets to port 51820 > trying to go out through wg0). Yes, this is most certainly possible (I have this configuration in a couple of places). If you haven't found it yet, the "wgrtable" option (see ifconfig(8)) will allow you to achieve this.
systat.1: Trim ":" description, support line kill character
The manual's wording is untouched since import in 1995, engine.c however
came to be in 2008 as "New display engine for systat" from canacar.
While characte erase (^h) works, word erase (^w) is not implemented and
line kill (^u) is supported but as ^g instead.
I see no value in documenting this either way, so remove the lines from
the manual but also support the actual line kill character for.
Feedback? OK?
Index: engine.c
===
RCS file: /cvs/src/usr.bin/systat/engine.c,v
retrieving revision 1.25
diff -u -p -r1.25 engine.c
--- engine.c12 Jan 2020 20:51:08 - 1.25
+++ engine.c22 Jun 2020 03:35:40 -
@@ -1204,6 +1204,7 @@ cmd_keyboard(int ch)
break;
case 0x1b:
case CTRL_G:
+ case CTRL_U:
if (cmd_len > 0) {
cmdbuf[0] = '\0';
cmd_len = 0;
Index: engine.h
===
RCS file: /cvs/src/usr.bin/systat/engine.h,v
retrieving revision 1.12
diff -u -p -r1.12 engine.h
--- engine.h12 Jan 2020 20:51:08 - 1.12
+++ engine.h22 Jun 2020 03:36:21 -
@@ -36,6 +36,7 @@
#define CTRL_L 12
#define CTRL_N 14
#define CTRL_P 16
+#define CTRL_U 21
#define CTRL_V 22
#define META_V 246
Index: systat.1
===
RCS file: /cvs/src/usr.bin/systat/systat.1,v
retrieving revision 1.117
diff -u -p -r1.117 systat.1
--- systat.123 Apr 2020 07:57:27 - 1.117
+++ systat.122 Jun 2020 03:09:25 -
@@ -172,9 +172,6 @@ These are:
.It Ic \&:
Move the cursor to the command line and interpret the input
line typed as a command.
-While entering a command the
-current character erase, word erase, and line kill characters
-may be used.
.It Ic o
Select the next ordering which sorts the rows according to a
combination of columns.
systat.1: Remove ^z mention
Suspending systat with ^Z is done by the shell iff job control is enabled, not systat itself. Try `set +m' to disable job control or start systat in a terminal without a shell, e.g. `xterm -e systat', to confirm that ^z does nothing in these cases. Feedback? OK? Index: systat.1 === RCS file: /cvs/src/usr.bin/systat/systat.1,v retrieving revision 1.117 diff -u -p -r1.117 systat.1 --- systat.123 Apr 2020 07:57:27 - 1.117 +++ systat.122 Jun 2020 04:02:06 - @@ -211,9 +210,6 @@ Scroll current view up by one line. Scroll current view down by one page. .It Ic Alt-V | Aq Ic Page Up Scroll current view up by one page. -.It Ic ^Z -Suspend -.Nm . .El .Pp The following commands are interpreted by the
Re: install npppd.conf with mode 0600
The line in etc/mtree/special should be updated as well.
npppd.conf type=file mode=0640 uname=root gname=wheel
other than that, ok yasuoka
On Sun, 21 Jun 2020 16:48:44 +0300
Vitaliy Makkoveev wrote:
> We installing `npppd-users' with uid:gid root:wheel and mode 0600
> because it consists sensitive data but mode for npppd.conf is 0640.
> npppd.conf can also have radius passwords and nothing requires to allow
> it be readable by group. So set it's permissions to 0600.
>
> Index: usr.sbin/npppd/Makefile
> ===
> RCS file: /cvs/src/usr.sbin/npppd/Makefile,v
> retrieving revision 1.6
> diff -u -p -r1.6 Makefile
> --- usr.sbin/npppd/Makefile 14 Mar 2013 16:20:46 - 1.6
> +++ usr.sbin/npppd/Makefile 21 Jun 2020 13:37:50 -
> @@ -6,7 +6,7 @@
> SUBDIR+= npppd
>
> distribution:
> - ${INSTALL} -C -o root -g wheel -m 0640 ${.CURDIR}/npppd/npppd.conf \
> + ${INSTALL} -C -o root -g wheel -m 0600 ${.CURDIR}/npppd/npppd.conf \
> ${DESTDIR}/etc/npppd/npppd.conf
> ${INSTALL} -C -o root -g wheel -m 0600 ${.CURDIR}/npppd/npppd-users \
> ${DESTDIR}/etc/npppd/npppd-users
Re: userland clock_gettime proof of concept
În 22 iunie 2020 01:26:16 EEST, Christian Weisgerber a scris: >Christian Weisgerber: > >> I tweaked the patch locally to make _timekeep a visible global >> symbol in libc. >> >> Printing its value has revealed two issues: >> >> * The timekeep page is mapped to the same address for every process. >> It changes across reboots, but once running, it's always the same. >> kettenis suggested >> - vaddr_t va; >> + vaddr_t va = 0; >> in exec_timekeep_map(), but that doesn't make a difference. > >But that's the kernel mapping, and my observation concerns the >userland mapping. So based on this, I moved ps_timekeep up into >the fields of struct process that are zeroed on creation. >With that, _timekeep is always 0 for all processes. :-/ I don't understand what problem you are trying to solve. Is it that timekeep is the same? That's because we create only one page and the address gets copied on fork. The diff was not designed to have timekeep zero'd on every process so it doesn't account for it.
use libc base64 code instead of libcrypt for ifconfig wg key handling
libc has undocumented base64 encoding and decoding funtionality. this
cuts ifconfig over to using it instead of the code in libcrypto.
whether the libc functionality should be "blessed" and documented is a
separate issue.
ok?
Index: Makefile
===
RCS file: /cvs/src/sbin/ifconfig/Makefile,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile
--- Makefile21 Jun 2020 12:20:06 - 1.16
+++ Makefile21 Jun 2020 23:15:34 -
@@ -4,7 +4,7 @@ PROG= ifconfig
SRCS= ifconfig.c brconfig.c sff.c
MAN= ifconfig.8
-LDADD= -lutil -lm -lcrypto
+LDADD= -lutil -lm
DPADD= ${LIBUTIL}
.include
Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.422
diff -u -p -r1.422 ifconfig.c
--- ifconfig.c 21 Jun 2020 12:20:06 - 1.422
+++ ifconfig.c 21 Jun 2020 23:15:35 -
@@ -5673,14 +5673,12 @@ setifpriority(const char *id, int param)
* space.
*/
#define WG_BASE64_KEY_LEN (4 * ((WG_KEY_LEN + 2) / 3))
-#define WG_TMP_KEY_LEN (WG_BASE64_KEY_LEN / 4 * 3)
#define WG_LOAD_KEY(dst, src, fn_name) do {\
- uint8_t _tmp[WG_TMP_KEY_LEN]; \
+ uint8_t _tmp[WG_KEY_LEN]; int _r; \
if (strlen(src) != WG_BASE64_KEY_LEN) \
errx(1, fn_name " (key): invalid length"); \
- if (EVP_DecodeBlock(_tmp, src, \
- WG_BASE64_KEY_LEN) != WG_TMP_KEY_LEN) \
- errx(1, fn_name " (key): invalid base64"); \
+ if ((_r = b64_pton(src, _tmp, sizeof(_tmp))) != sizeof(_tmp))
\
+ errx(1, fn_name " (key): invalid base64 %d/%zu", _r,
sizeof(_tmp)); \
memcpy(dst, _tmp, WG_KEY_LEN); \
} while (0)
@@ -5899,13 +5897,15 @@ wg_status(void)
if (wg_interface->i_flags & WG_INTERFACE_HAS_RTABLE)
printf("\twgrtable %d\n", wg_interface->i_rtable);
if (wg_interface->i_flags & WG_INTERFACE_HAS_PUBLIC) {
- EVP_EncodeBlock(key, wg_interface->i_public, WG_KEY_LEN);
+ b64_ntop(wg_interface->i_public, WG_KEY_LEN,
+ key, sizeof(key));
printf("\twgpubkey %s\n", key);
}
wg_peer = _interface->i_peers[0];
for (i = 0; i < wg_interface->i_peers_count; i++) {
- EVP_EncodeBlock(key, wg_peer->p_public, WG_KEY_LEN);
+ b64_ntop(wg_peer->p_public, WG_KEY_LEN,
+ key, sizeof(key));
printf("\twgpeer %s\n", key);
if (wg_peer->p_flags & WG_PEER_HAS_PSK)
mailwrapper: hostsat and purgestat symlinks
Doing "*stat " in my shell I came across those two entries
under /usr/bin/ which are undocumented:
$ man -k any~'^(host|purge)stat$'
man: nothing appropriate
/etc/mailer.conf has no entries for them but mailer.conf(5)' EXAMPLES
section demonstrates using them with the mail/sendmail port.
CVS log has it that we've been installing those two symlinks two
mailwrapper since its import from NetBSD in 1999 and mentioning the
examples since 2001, but I couldn't find a specific commit that
eventually removed their supporting code.
All other symlinks to mailwrapper(8) (sendmail, newaliases, mailq and
mailmap) have their own manual pages and respective argv specific code
under /usr/src/usr.sbin/.
Assuming that purgestat and hoststat usage/code went away with removing
sendmail from base at latest, can their symlinks be considered leftovers
and removed?
Index: distrib/sets/lists/base/mi
===
RCS file: /cvs/src/distrib/sets/lists/base/mi,v
retrieving revision 1.990
diff -u -p -r1.990 mi
--- distrib/sets/lists/base/mi 16 Jun 2020 09:37:03 - 1.990
+++ distrib/sets/lists/base/mi 22 Jun 2020 00:48:53 -
@@ -411,7 +411,6 @@
./usr/bin/help
./usr/bin/hexdump
./usr/bin/host
-./usr/bin/hoststat
./usr/bin/htpasswd
./usr/bin/id
./usr/bin/ident
@@ -510,7 +509,6 @@
./usr/bin/printenv
./usr/bin/printf
./usr/bin/prove
-./usr/bin/purgestat
./usr/bin/quota
./usr/bin/radioctl
./usr/bin/rcs
Index: usr.sbin/mailwrapper/Makefile
===
RCS file: /cvs/src/usr.sbin/mailwrapper/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- usr.sbin/mailwrapper/Makefile 11 Sep 2016 07:06:30 - 1.6
+++ usr.sbin/mailwrapper/Makefile 22 Jun 2020 00:46:59 -
@@ -11,11 +11,8 @@ afterinstall:
ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/newaliases
ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/mailq
ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/sbin/makemap
- ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/hoststat
- ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/purgestat
chown -h ${BINOWN}:${BINGRP} ${DESTDIR}/usr/sbin/sendmail \
${DESTDIR}/usr/bin/newaliases ${DESTDIR}/usr/bin/mailq \
- ${DESTDIR}/usr/sbin/makemap ${DESTDIR}/usr/bin/hoststat \
- ${DESTDIR}/usr/bin/purgestat
+ ${DESTDIR}/usr/sbin/makemap
.include
systat.1: document "s" command
Feedback? OK? Index: systat.1 === RCS file: /cvs/src/usr.bin/systat/systat.1,v retrieving revision 1.117 diff -u -p -r1.117 systat.1 --- systat.123 Apr 2020 07:57:27 - 1.117 +++ systat.122 Jun 2020 03:53:15 - @@ -188,6 +185,8 @@ Quit .Nm . .It Ic r Reverse the selected ordering if supported by the view. +.It Ic s +Change the screen refresh interval in seconds. .It Ic \&, Print numbers with thousand separators, where applicable. .It Ic ^A | Aq Ic Home
Re: userland clock_gettime proof of concept
> Date: Mon, 22 Jun 2020 02:06:39 +0300 > From: Paul Irofti > > În 22 iunie 2020 00:15:59 EEST, Christian Weisgerber a > scris: > >Paul Irofti: > > > >[Unrelated, just to mark where we're at] > >> Right. Just reproduced it here. This moves the check at the top so > >that > >> each CPU checks its own skew and disables tc_user if necessary. > > > >I tweaked the patch locally to make _timekeep a visible global > >symbol in libc. > > > >Printing its value has revealed two issues: > > > >* The timekeep page is mapped to the same address for every process. > > It changes across reboots, but once running, it's always the same. > > kettenis suggested > > - vaddr_t va; > > + vaddr_t va = 0; > > in exec_timekeep_map(), but that doesn't make a difference. > > The va is set a few lines down the line. No point in > initialization. This is identical behavior to the emul mapping > before timekeep. Well, uvm_map() picks a virtual address based on the value of va that is passed in. If it is zero, it picks a random address. If not, it uses the value as a hint and tries to pick something nearby. So passing in stack garbage is a bad thing. > > >* I'm indeed seeing init(8) with _timekeep == NULL. > > Probably because it is the first process? If you want to follow this > read the kernel init bits and the syscall exec bits. Possible. The way process 1 is created is a bit of a hack. Anyway, _timekeep = NULL should not be a problem; the code should fall back on using system calls in that case.
Re: use libc base64 code instead of libcrypt for ifconfig wg key handling
On Mon, 22 Jun 2020 11:01:05 +1000
David Gwynne wrote:
> libc has undocumented base64 encoding and decoding funtionality. this
> cuts ifconfig over to using it instead of the code in libcrypto.
>
> whether the libc functionality should be "blessed" and documented is a
> separate issue.
>
> ok?
>
> Index: Makefile
> ===
> RCS file: /cvs/src/sbin/ifconfig/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile 21 Jun 2020 12:20:06 - 1.16
> +++ Makefile 21 Jun 2020 23:15:34 -
> @@ -4,7 +4,7 @@ PROG= ifconfig
> SRCS=ifconfig.c brconfig.c sff.c
> MAN= ifconfig.8
>
> -LDADD= -lutil -lm -lcrypto
> +LDADD= -lutil -lm
> DPADD= ${LIBUTIL}
>
> .include
> Index: ifconfig.c
> ===
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.422
> diff -u -p -r1.422 ifconfig.c
> --- ifconfig.c21 Jun 2020 12:20:06 - 1.422
> +++ ifconfig.c21 Jun 2020 23:15:35 -
> @@ -5673,14 +5673,12 @@ setifpriority(const char *id, int param)
> * space.
> */
> #define WG_BASE64_KEY_LEN (4 * ((WG_KEY_LEN + 2) / 3))
> -#define WG_TMP_KEY_LEN (WG_BASE64_KEY_LEN / 4 * 3)
> #define WG_LOAD_KEY(dst, src, fn_name) do {
> \
> - uint8_t _tmp[WG_TMP_KEY_LEN];
> \
> + uint8_t _tmp[WG_KEY_LEN]; int _r;
> \ if (strlen(src) != WG_BASE64_KEY_LEN)
> \ errx(1, fn_name " (key): invalid length");
> \
> - if (EVP_DecodeBlock(_tmp, src,
> \
> - WG_BASE64_KEY_LEN) != WG_TMP_KEY_LEN)
> \
> - errx(1, fn_name " (key): invalid base64");
> \
> + if ((_r = b64_pton(src, _tmp, sizeof(_tmp))) !=
> sizeof(_tmp)) \
> + errx(1, fn_name " (key): invalid base64 %d/%zu", _r,
> sizeof(_tmp));\ memcpy(dst, _tmp, WG_KEY_LEN);
> \ } while (0)
>
> @@ -5899,13 +5897,15 @@ wg_status(void)
> if (wg_interface->i_flags & WG_INTERFACE_HAS_RTABLE)
> printf("\twgrtable %d\n", wg_interface->i_rtable);
> if (wg_interface->i_flags & WG_INTERFACE_HAS_PUBLIC) {
> - EVP_EncodeBlock(key, wg_interface->i_public,
> WG_KEY_LEN);
> + b64_ntop(wg_interface->i_public, WG_KEY_LEN,
> + key, sizeof(key));
> printf("\twgpubkey %s\n", key);
> }
>
> wg_peer = _interface->i_peers[0];
> for (i = 0; i < wg_interface->i_peers_count; i++) {
> - EVP_EncodeBlock(key, wg_peer->p_public, WG_KEY_LEN);
> + b64_ntop(wg_peer->p_public, WG_KEY_LEN,
> + key, sizeof(key));
> printf("\twgpeer %s\n", key);
>
> if (wg_peer->p_flags & WG_PEER_HAS_PSK)
looks good to me.
- Matt
Re: use libc base64 code instead of libcrypt for ifconfig wg key handling
In that case you can also delete: ifconfig.c:#include
Re: use libc base64 code instead of libcrypt for ifconfig wg key handling
On Sun, Jun 21, 2020 at 7:01 PM David Gwynne wrote:
>
> libc has undocumented base64 encoding and decoding funtionality. this
> cuts ifconfig over to using it instead of the code in libcrypto.
>
> whether the libc functionality should be "blessed" and documented is a
> separate issue.
>
> ok?
OK zx2c4
But, if you really want to get mega-crypto-nerd on this, we could
replace it with the constant time base64 functions from
wireguard-tools (I'm happy to s/gpl/mit/):
https://git.zx2c4.com/wireguard-tools/tree/src/encoding.c key_{to,from}_base64
Bitsliced fixed-length base64 like this prevents potential cache
timing attacks from the usual lookup table-based implementation.
However, by most reasonable measures from most reasonable people, it's
totally overkill.
Re: userland clock_gettime proof of concept
Christian Weisgerber: > I tweaked the patch locally to make _timekeep a visible global > symbol in libc. > > Printing its value has revealed two issues: > > * The timekeep page is mapped to the same address for every process. > It changes across reboots, but once running, it's always the same. > kettenis suggested > - vaddr_t va; > + vaddr_t va = 0; > in exec_timekeep_map(), but that doesn't make a difference. But that's the kernel mapping, and my observation concerns the userland mapping. So based on this, I moved ps_timekeep up into the fields of struct process that are zeroed on creation. With that, _timekeep is always 0 for all processes. :-/ -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: userland clock_gettime proof of concept
În 22 iunie 2020 00:15:59 EEST, Christian Weisgerber a scris: >Paul Irofti: > >[Unrelated, just to mark where we're at] >> Right. Just reproduced it here. This moves the check at the top so >that >> each CPU checks its own skew and disables tc_user if necessary. > >I tweaked the patch locally to make _timekeep a visible global >symbol in libc. > >Printing its value has revealed two issues: > >* The timekeep page is mapped to the same address for every process. > It changes across reboots, but once running, it's always the same. > kettenis suggested > - vaddr_t va; > + vaddr_t va = 0; > in exec_timekeep_map(), but that doesn't make a difference. The va is set a few lines down the line. No point in initialization. This is identical behavior to the emul mapping before timekeep. >* I'm indeed seeing init(8) with _timekeep == NULL. Probably because it is the first process? If you want to follow this read the kernel init bits and the syscall exec bits.
Re: lfence for rdtsc
Mark Kettenis wrote: > But maybe the default rdtsc() should include the lfence. And then we > could have rdtsc_unordered() for this cases that don't care about > ordering. Right. But I don't like the word 'order', because it is too vague. There are layers of ordering, speculation, asyncronous execution, etc. and lfence just deals with some of them. > As I wrote in my first mail, cpu_rnd_messybits() may want to use that. > And maybe one of the network stack people should investigate what the > impact of having the fence in the timecounter is? cpu_rnd_messybits is indifferent. It is amusing to capture some speculation side effect, but if we don't, it isn't the end of the world. A few days ago, we didn't even know this aspect existed...
Re: use libc base64 code instead of libcrypt for ifconfig wg key handling
On Sun, Jun 21, 2020 at 07:15:15PM -0600, Theo de Raadt wrote:
> In that case you can also delete:
>
> ifconfig.c:#include
indeed i can.
Index: Makefile
===
RCS file: /cvs/src/sbin/ifconfig/Makefile,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile
--- Makefile21 Jun 2020 12:20:06 - 1.16
+++ Makefile22 Jun 2020 01:22:20 -
@@ -4,7 +4,7 @@ PROG= ifconfig
SRCS= ifconfig.c brconfig.c sff.c
MAN= ifconfig.8
-LDADD= -lutil -lm -lcrypto
+LDADD= -lutil -lm
DPADD= ${LIBUTIL}
.include
Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.422
diff -u -p -r1.422 ifconfig.c
--- ifconfig.c 21 Jun 2020 12:20:06 - 1.422
+++ ifconfig.c 22 Jun 2020 01:22:20 -
@@ -94,7 +94,6 @@
#include
#include
-#include
#include
#include
@@ -5673,14 +5672,12 @@ setifpriority(const char *id, int param)
* space.
*/
#define WG_BASE64_KEY_LEN (4 * ((WG_KEY_LEN + 2) / 3))
-#define WG_TMP_KEY_LEN (WG_BASE64_KEY_LEN / 4 * 3)
#define WG_LOAD_KEY(dst, src, fn_name) do {\
- uint8_t _tmp[WG_TMP_KEY_LEN]; \
+ uint8_t _tmp[WG_KEY_LEN]; int _r; \
if (strlen(src) != WG_BASE64_KEY_LEN) \
errx(1, fn_name " (key): invalid length"); \
- if (EVP_DecodeBlock(_tmp, src, \
- WG_BASE64_KEY_LEN) != WG_TMP_KEY_LEN) \
- errx(1, fn_name " (key): invalid base64"); \
+ if ((_r = b64_pton(src, _tmp, sizeof(_tmp))) != sizeof(_tmp))
\
+ errx(1, fn_name " (key): invalid base64 %d/%zu", _r,
sizeof(_tmp)); \
memcpy(dst, _tmp, WG_KEY_LEN); \
} while (0)
@@ -5899,13 +5896,15 @@ wg_status(void)
if (wg_interface->i_flags & WG_INTERFACE_HAS_RTABLE)
printf("\twgrtable %d\n", wg_interface->i_rtable);
if (wg_interface->i_flags & WG_INTERFACE_HAS_PUBLIC) {
- EVP_EncodeBlock(key, wg_interface->i_public, WG_KEY_LEN);
+ b64_ntop(wg_interface->i_public, WG_KEY_LEN,
+ key, sizeof(key));
printf("\twgpubkey %s\n", key);
}
wg_peer = _interface->i_peers[0];
for (i = 0; i < wg_interface->i_peers_count; i++) {
- EVP_EncodeBlock(key, wg_peer->p_public, WG_KEY_LEN);
+ b64_ntop(wg_peer->p_public, WG_KEY_LEN,
+ key, sizeof(key));
printf("\twgpeer %s\n", key);
if (wg_peer->p_flags & WG_PEER_HAS_PSK)
Re: userland clock_gettime proof of concept
Paul Irofti: > Can't test right now, but if you enable the TSC_DEBUG in cpu.c or if you > put a printf in the CPU_INFO_FOREACH you will probably see the correct > skew values. It's worse: CPU_INFO_FOREACH() only sees cpu0. The others aren't attached yet. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: Retire
On 2020-06-20, Christian Weisgerber wrote: >> Well... they something in ports might still look at them in >> >> >> Can someone from ports speak about this? > > I have started an amd64 bulk build without . There were no build failures attributable to this. The header can be removed. -- Christian "naddy" Weisgerber na...@mips.inka.de
