azalia(4) enable ADC / DAC selection while running

2014-12-14 Thread Frederic Nowak
Hi!

The azalia(4) driver blocks switching between digital and analog
converters when media is playing and complains about a busy device. The
patch below allows switching converters by disconnecting the streams
before switching converters and reconnecting them afterwards. This
allows to start audio on analog outputs and switch to digital outputs
without having to restart all media, and the other way around.

Please note that I was only able to test the DAC group selection part,
because I do not have any input devices connected to my machine (see
dmesg below). It would be great if someone with a different azalia(4)
device and/or input devices could test the code as well.

The patch introduces some new functions in azalia.h that are only used
inside azalia_codec.c, but I couldn't find a different way to
connect/disconnect the streams from inside the azalia_mixer_set
function. Maybe someone has a more elegant way of doing this?


Index: azalia.h
===
RCS file: /cvs/src/sys/dev/pci/azalia.h,v
retrieving revision 1.62
diff -u -p -r1.62 azalia.h
--- azalia.h10 Sep 2010 15:11:23 -  1.62
+++ azalia.h14 Dec 2014 09:01:03 -
@@ -729,3 +729,8 @@ int azalia_mixer_get(const codec_t *, ni
 intazalia_mixer_set(codec_t *, nid_t, int, const mixer_ctrl_t *);

 intazalia_codec_enable_unsol(codec_t *);
+
+intazalia_connect_input(codec_t *);
+intazalia_connect_output(codec_t *);
+intazalia_disconnect_input(codec_t *);
+intazalia_disconnect_output(codec_t *);
Index: azalia.c
===
RCS file: /cvs/src/sys/dev/pci/azalia.c,v
retrieving revision 1.217
diff -u -p -r1.217 azalia.c
--- azalia.c24 Sep 2014 08:35:12 -  1.217
+++ azalia.c14 Dec 2014 09:01:04 -
@@ -2827,6 +2827,18 @@ azalia_codec_add_format(codec_t *this, i
 }

 int
+azalia_connect_input(codec_t *this)
+{
+   return azalia_codec_connect_stream(this-az-rstream);
+}
+
+int
+azalia_connect_output(codec_t *this)
+{
+   return azalia_codec_connect_stream(this-az-pstream);
+}
+
+int
 azalia_codec_connect_stream(stream_t *this)
 {
const codec_t *codec = this-az-codecs[this-az-codecno];
@@ -2900,6 +2912,18 @@ azalia_codec_connect_stream(stream_t *th
}

return err;
+}
+
+int
+azalia_disconnect_input(codec_t *this)
+{
+   return azalia_codec_disconnect_stream(this-az-rstream);
+}
+
+int
+azalia_disconnect_output(codec_t *this)
+{
+   return azalia_codec_disconnect_stream(this-az-pstream);
 }

 int
Index: azalia_codec.c
===
RCS file: /cvs/src/sys/dev/pci/azalia_codec.c,v
retrieving revision 1.165
diff -u -p -r1.165 azalia_codec.c
--- azalia_codec.c  10 Dec 2014 14:18:11 -  1.165
+++ azalia_codec.c  14 Dec 2014 09:01:05 -
@@ -2008,28 +2008,56 @@ azalia_mixer_set(codec_t *this, nid_t ni

/* DAC group selection */
else if (target == MI_TARGET_DAC) {
-   if (this-running)
-   return EBUSY;
+   if(this-running) {
+   err = azalia_disconnect_output(this);
+   if (err)
+   return err;
+   }
+
if (mc-un.ord = this-dacs.ngroups)
return EINVAL;
-   if (mc-un.ord != this-dacs.cur)
-   return azalia_codec_construct_format(this,
+
+   if (mc-un.ord != this-dacs.cur) {
+   err = azalia_codec_construct_format(this,
mc-un.ord, this-adcs.cur);
-   else
-   return 0;
+   if(err)
+   return err;
+
+   if(this-running) {
+   err = azalia_connect_output(this);
+   if (err)
+   return err;
+   }
+   }
+
+   return 0;
}

/* ADC selection */
else if (target == MI_TARGET_ADC) {
-   if (this-running)
-   return EBUSY;
+   if(this-running) {
+   err = azalia_disconnect_input(this);
+   if (err)
+   return err;
+   }
+
if (mc-un.ord = this-adcs.ngroups)
return EINVAL;
-   if (mc-un.ord != this-adcs.cur)
-   return azalia_codec_construct_format(this,
+
+   if (mc-un.ord != this-adcs.cur) {
+   err = azalia_codec_construct_format(this,
this-dacs.cur, mc-un.ord);
-   else
-   return 0;
+   if(err)
+   return err;
+
+   if(this-running) 

Fix some vulnerabilities in file(1)

2014-12-14 Thread Florian Riehm
Hi,

the attached patch fixes two vulnerabilities in file(1):

CVE-2014-2270: A specifically crafted Portable Executable (PE) can trigger
out-of-bounds read.

CVE-2014-1943: A malicious input file could trigger infinite recursion in
libmagic(3).

The patch is based on a FreeBSD security advisory and fixes from the file
developers upstream. I had to do some adaptions because our version of file is a
bit older. We are not affected by the two other CVEs (CVE-2012-1571,
CVE-2012-1571) referred by the FreeBSD SA.

For further Information see:
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:16.file.asc
http://security.FreeBSD.org/patches/SA-14:16/file-8.4.patch

I have ignored the 80 characters limit sometimes to keep the diff to upstream
smaller.
The regression tests for file were successful.

I have another patch which fixes the vulnerabilities described in
https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc .
I will submit it if the first part is committed to make reviewers job easier.

Regards

Florian Riehm

Index: ascmagic.c
===
RCS file: /cvs/src/usr.bin/file/ascmagic.c,v
retrieving revision 1.12
diff -u -p -r1.12 ascmagic.c
--- ascmagic.c  18 May 2014 17:50:11 -  1.12
+++ ascmagic.c  14 Dec 2014 14:10:55 -
@@ -175,7 +175,8 @@ file_ascmagic(struct magic_set *ms, cons
}
if ((utf8_end = encode_utf8(utf8_buf, mlen, ubuf, ulen)) == NULL)
goto done;
-   if (file_softmagic(ms, utf8_buf, utf8_end - utf8_buf, TEXTTEST) != 0) {
+   if (file_softmagic(ms, utf8_buf, utf8_end - utf8_buf,
+   0, TEXTTEST) != 0) {
rv = 1;
goto done;
}
Index: file.h
===
RCS file: /cvs/src/usr.bin/file/file.h,v
retrieving revision 1.24
diff -u -p -r1.24 file.h
--- file.h  18 May 2014 17:50:11 -  1.24
+++ file.h  14 Dec 2014 14:10:55 -
@@ -332,7 +332,8 @@ protected int file_zmagic(struct magic_s
 const unsigned char *, size_t);
 protected int file_ascmagic(struct magic_set *, const unsigned char *, size_t);
 protected int file_is_tar(struct magic_set *, const unsigned char *, size_t);
-protected int file_softmagic(struct magic_set *, const unsigned char *, 
size_t, int);
+protected int file_softmagic(struct magic_set *, const unsigned char *, size_t,
+size_t, int);
 protected struct mlist *file_apprentice(struct magic_set *, const char *, int);
 protected uint64_t file_signextend(struct magic_set *, struct magic *,
 uint64_t);
Index: funcs.c
===
RCS file: /cvs/src/usr.bin/file/funcs.c,v
retrieving revision 1.8
diff -u -p -r1.8 funcs.c
--- funcs.c 18 May 2014 17:50:11 -  1.8
+++ funcs.c 14 Dec 2014 14:10:55 -
@@ -181,7 +181,7 @@ file_buffer(struct magic_set *ms, int fd
(m = file_is_tar(ms, buf, nb)) == 0) {
/* try tests in /etc/magic (or surrogate magic file) */
if ((ms-flags  MAGIC_NO_CHECK_SOFT) != 0 ||
-   (m = file_softmagic(ms, buf, nb, BINTEST)) == 0) {
+   (m = file_softmagic(ms, buf, nb, 0, BINTEST)) == 0) {
/* try known keywords, check whether it is ASCII */
if ((ms-flags  MAGIC_NO_CHECK_ASCII) != 0 ||
(m = file_ascmagic(ms, buf, nb)) == 0) {
Index: softmagic.c
===
RCS file: /cvs/src/usr.bin/file/softmagic.c,v
retrieving revision 1.17
diff -u -p -r1.17 softmagic.c
--- softmagic.c 17 Apr 2013 15:01:26 -  1.17
+++ softmagic.c 14 Dec 2014 14:10:56 -
@@ -39,9 +39,9 @@
 
 
 private int match(struct magic_set *, struct magic *, uint32_t,
-const unsigned char *, size_t, int);
+const unsigned char *, size_t, int, int);
 private int mget(struct magic_set *, const unsigned char *,
-struct magic *, size_t, unsigned int);
+struct magic *, size_t, unsigned int, int);
 private int magiccheck(struct magic_set *, struct magic *);
 private int32_t mprint(struct magic_set *, struct magic *);
 private void mdebug(uint32_t, const char *, size_t);
@@ -54,6 +54,7 @@ private void cvt_16(union VALUETYPE *, c
 private void cvt_32(union VALUETYPE *, const struct magic *);
 private void cvt_64(union VALUETYPE *, const struct magic *);
 
+#define OFFSET_OOB(n, o, i)((n)  (o) || (i)  ((n) - (o)))
 /*
  * Macro to give description string according to whether we want plain
  * text or MIME type
@@ -66,12 +67,13 @@ private void cvt_64(union VALUETYPE *, c
  */
 /*ARGSUSED1*/  /* nbytes passed for regularity, maybe need later */
 protected int
-file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, 
int mode)
+file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes,
+  size_t level, int mode)
 {

acpicpu _CST handling for mwait

2014-12-14 Thread Philip Guenther

Some time ago, I had added support for using the MWAIT instruction in the 
idle loop.  Various people found that made their boxes run hot, to the 
point that several developers diked it out of their own builds; I've 
committed one of those yesteryad pending a proper fix.

So, to start on that: the diff below expands our handling of the ACPI _CST 
values to detect the Intel functional fixed hardware register type for 
C-state control and report it in the acpicpu dmesg lines, ala:

acpicpu0 at acpi0: C3, C2, C1(mwait), PSS

I have diff on top of this that adds callbacks and amd64 bits to properly 
notify CPUs of the C1 type and thus enable mwait use if the _CST specifies 
it, but let's first see if the _CST output matches our expectations.


IN PARTICULAR, IF YOUR BOX RAN HOT WITH MWAIT, please run with this diff 
report your dmesg!


Philip


Index: dev/acpi/acpicpu.c
===
RCS file: /cvs/src/sys/dev/acpi/acpicpu.c,v
retrieving revision 1.62
diff -u -p -r1.62 acpicpu.c
--- dev/acpi/acpicpu.c  9 Dec 2014 06:58:29 -   1.62
+++ dev/acpi/acpicpu.c  14 Dec 2014 21:41:44 -
@@ -111,7 +111,8 @@ struct acpicpu_softc {
 
int sc_pss_len;
int sc_ppc;
-   int sc_level;
+   short   sc_level;
+   u_int8_tsc_cst_c1_type;
struct acpicpu_pss  *sc_pss;
 
struct acpicpu_pct  sc_pct;
@@ -120,6 +121,8 @@ struct acpicpu_softc {
u_int32_t   sc_pct_ctrl_as;
u_int32_t   sc_pct_stat_len;
u_int32_t   sc_pct_ctrl_len;
+   u_int64_t   sc_cst_c1_addr; /* or mwait hint */
+
/*
 * XXX: _PPC Change listener
 * PPC changes can occur when for example a machine is disconnected
@@ -135,6 +138,7 @@ voidacpicpu_add_cstatepkg(struct aml
 intacpicpu_getppc(struct acpicpu_softc *);
 intacpicpu_getpct(struct acpicpu_softc *);
 intacpicpu_getpss(struct acpicpu_softc *);
+intacpicpu_getcst(struct acpicpu_softc *);
 struct acpi_cstate *acpicpu_add_cstate(struct acpicpu_softc *, int, int, int,
 int);
 void   acpicpu_set_pdc(struct acpicpu_softc *);
@@ -284,13 +288,11 @@ acpicpu_add_cstate(struct acpicpu_softc 
 
switch (type) {
case ACPI_STATE_C2:
-   if (latency  ACPI_MAX_C2_LATENCY || !address ||
-   (sc-sc_flags  FLAGS_NO_C2))
+   if (!address || (sc-sc_flags  FLAGS_NO_C2))
goto bad;
break;
case ACPI_STATE_C3:
-   if (latency  ACPI_MAX_C3_LATENCY || !address ||
-   (sc-sc_flags  FLAGS_NO_C3))
+   if (!address || (sc-sc_flags  FLAGS_NO_C3))
goto bad;
break;
}
@@ -315,6 +317,7 @@ void
 acpicpu_add_cstatepkg(struct aml_value *val, void *arg)
 {
struct acpicpu_softc*sc = arg;
+   int64_t state;
 
 #if defined(ACPI_DEBUG)  !defined(SMALL_KERNEL)
aml_showvalue(val, 0);
@@ -322,11 +325,77 @@ acpicpu_add_cstatepkg(struct aml_value *
if (val-type != AML_OBJTYPE_PACKAGE || val-length != 4)
return;
 
-   acpicpu_add_cstate(sc, val-v_package[1]-v_integer,
-   val-v_package[2]-v_integer,
+   state = val-v_package[1]-v_integer;
+
+   /*
+* Is there an C1 state implemented via either I/O then halt
+* or mwait?  Look for a generic register which is of
+* Functional Fixed Hardware type for intel
+*/
+   if (state == 1  val-v_package[0]-type == AML_OBJTYPE_BUFFER) {
+   u_int8_t *buf = val-v_package[0]-v_buffer;
+
+   if (buf[0] == LR_GENREGISTER 
+   buf[1] == 0x0C/* length (low) */
+   buf[2] == 0x00/* length (high) */
+   buf[3] == GAS_FUNCTIONAL_FIXED 
+   buf[4] == 0x01) {   /* vendor == intel */
+
+   /* extract the bottom 32 bit of address */
+   sc-sc_cst_c1_addr = buf[8] + (buf[9]  8) +
+   (buf[10]  16) + (buf[11]  24);
+
+   switch (buf[5]) {
+   case CST_C1_HALT:
+   sc-sc_cst_c1_type = CST_C1_HALT;
+   break;
+
+   case CST_C1_IO_HALT:
+   sc-sc_cst_c1_type = CST_C1_IO_HALT;
+
+   /* extract the top 32 bits of address */
+   sc-sc_cst_c1_addr +=
+   (u_int64_t)(buf[12] + (buf[13]  8) +
+   (buf[14]  16) + (buf[15]  24))  32;
+   break;
+
+   case CST_C1_MWAIT:
+   /* skip if bus master avoidance required */

Re: Want to help upstream software improve their random?

2014-12-14 Thread Kamil Rytarowski
 Sent: Friday, December 12, 2014 at 5:02 AM
 From: Theo de Raadt dera...@cvs.openbsd.org
 To: t...@cvs.openbsd.org
 Subject: Want to help upstream software improve their random?


Not my business, but how do you handle cases of rand()  srand()-like
calls from software like awk?

What is and what should be the result of:
for w in `seq 1 10`; do awk 'BEGIN{print int(rand() * 32767)}'; done

or

for w in `seq 1 10`; do awk 'BEGIN{srand(); print int(rand() * 32767)}'; done



tcpdump non-blocking/immediate mode patch

2014-12-14 Thread Simon Mages
Hi,

tcpdump feels a bit laggy or slow some times when i use it for live
debugging.

The following patch adds a new flag, '-b', to tcpdump. With this flag,
tcpdump
sets BIOCIMMEDIATE on the bpf(4) device. With BIOCIMMEDIATE set, the output
is fluent.

Index: usr.sbin/tcpdump/privsep.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.c,v
retrieving revision 1.30
diff -u -p -r1.30 privsep.c
--- usr.sbin/tcpdump/privsep.c 22 Sep 2011 09:12:30 - 1.30
+++ usr.sbin/tcpdump/privsep.c 14 Dec 2014 22:40:14 -
@@ -318,7 +318,7 @@ priv_init(int argc, char **argv)
 static void
 impl_open_bpf(int fd, int *bpfd)
 {
- int snaplen, promisc, err;
+ int snaplen, promisc, immediate, err;
  u_int dlt, dirfilt;
  char device[IFNAMSIZ];
  size_t iflen;
@@ -327,12 +327,13 @@ impl_open_bpf(int fd, int *bpfd)

  must_read(fd, snaplen, sizeof(int));
  must_read(fd, promisc, sizeof(int));
+ must_read(fd, immediate, sizeof(int));
  must_read(fd, dlt, sizeof(u_int));
  must_read(fd, dirfilt, sizeof(u_int));
  iflen = read_string(fd, device, sizeof(device), __func__);
  if (iflen == 0)
  errx(1, Invalid interface size specified);
- *bpfd = pcap_live(device, snaplen, promisc, dlt, dirfilt);
+ *bpfd = pcap_live(device, snaplen, promisc, immediate, dlt, dirfilt);
  err = errno;
  if (*bpfd  0)
  logmsg(LOG_DEBUG,
Index: usr.sbin/tcpdump/privsep.h
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep.h,v
retrieving revision 1.7
diff -u -p -r1.7 privsep.h
--- usr.sbin/tcpdump/privsep.h 25 Aug 2009 06:59:17 - 1.7
+++ usr.sbin/tcpdump/privsep.h 14 Dec 2014 22:40:14 -
@@ -47,10 +47,10 @@ int priv_init(int, char **);
 voidpriv_init_done(void);

 int setfilter(int, int, char *);
-int pcap_live(const char *, int, int, u_int, u_int);
+int pcap_live(const char *, int, int, int, u_int, u_int);

 struct bpf_program *priv_pcap_setfilter(pcap_t *, int, u_int32_t);
-pcap_t *priv_pcap_live(const char *, int, int, int, char *, u_int,
+pcap_t *priv_pcap_live(const char *, int, int, int, int, char *, u_int,
 u_int);
 pcap_t *priv_pcap_offline(const char *, char *);

Index: usr.sbin/tcpdump/privsep_pcap.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep_pcap.c,v
retrieving revision 1.17
diff -u -p -r1.17 privsep_pcap.c
--- usr.sbin/tcpdump/privsep_pcap.c 14 Nov 2012 03:33:04 - 1.17
+++ usr.sbin/tcpdump/privsep_pcap.c 14 Dec 2014 22:40:14 -
@@ -172,8 +172,8 @@ priv_pcap_setfilter(pcap_t *hpcap, int o

 /* privileged part of priv_pcap_live */
 int
-pcap_live(const char *device, int snaplen, int promisc, u_int dlt,
-u_int dirfilt)
+pcap_live(const char *device, int snaplen, int promisc, int immediate,
+u_int dlt, u_int dirfilt)
 {
  char bpf[sizeof /dev/bpf00];
  int fd, n = 0;
@@ -204,6 +204,10 @@ pcap_live(const char *device, int snaple
  if (promisc)
  /* this is allowed to fail */
  ioctl(fd, BIOCPROMISC, NULL);
+
+ if (immediate  ioctl(fd, BIOCIMMEDIATE, immediate)  0)
+ goto error;
+
  if (ioctl(fd, BIOCSDIRFILT, dirfilt)  0)
  goto error;

@@ -223,7 +227,7 @@ pcap_live(const char *device, int snaple
  * unprivileged part.
  */
 pcap_t *
-priv_pcap_live(const char *dev, int slen, int prom, int to_ms,
+priv_pcap_live(const char *dev, int slen, int prom, int imme, int to_ms,
 char *ebuf, u_int dlt, u_int dirfilt)
 {
  int fd, err;
@@ -251,6 +255,7 @@ priv_pcap_live(const char *dev, int slen
  write_command(priv_fd, PRIV_OPEN_BPF);
  must_write(priv_fd, slen, sizeof(int));
  must_write(priv_fd, prom, sizeof(int));
+ must_write(priv_fd, imme, sizeof(int));
  must_write(priv_fd, dlt, sizeof(u_int));
  must_write(priv_fd, dirfilt, sizeof(u_int));
  write_string(priv_fd, dev);
Index: usr.sbin/tcpdump/tcpdump.8
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v
retrieving revision 1.83
diff -u -p -r1.83 tcpdump.8
--- usr.sbin/tcpdump/tcpdump.8 3 Jun 2014 02:57:29 - 1.83
+++ usr.sbin/tcpdump/tcpdump.8 14 Dec 2014 22:40:15 -
@@ -28,7 +28,7 @@
 .Sh SYNOPSIS
 .Nm tcpdump
 .Bk -words
-.Op Fl AadefILlNnOopqStvXx
+.Op Fl AabdefILlNnOopqStvXx
 .Op Fl c Ar count
 .Op Fl D Ar direction
 .Oo Fl E Oo Ar espalg : Oc Ns
@@ -61,6 +61,9 @@ The smaller of the entire packet or
 bytes will be printed.
 .It Fl a
 Attempt to convert network and broadcast addresses to names.
+.It Fl b
+Disables read blocking on the bpf(4) buffer. With this so called
+``immediate mode'' reads return immediately upon packet reception.
 .It Fl c Ar count
 Exit after receiving
 .Ar count
Index: usr.sbin/tcpdump/tcpdump.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.c,v
retrieving revision 1.66
diff -u -p -r1.66 tcpdump.c
--- usr.sbin/tcpdump/tcpdump.c 30 Jun 2014 04:25:11 - 1.66
+++ usr.sbin/tcpdump/tcpdump.c 14 Dec 2014 22:40:15 

Re: Want to help upstream software improve their random?

2014-12-14 Thread Theo de Raadt
  Sent: Friday, December 12, 2014 at 5:02 AM
  From: Theo de Raadt dera...@cvs.openbsd.org
  To: t...@cvs.openbsd.org
  Subject: Want to help upstream software improve their random?
 
 
 Not my business, but how do you handle cases of rand()  srand()-like
 calls from software like awk?

awk in OpenBSD has been true-random since this commit:


CVSROOT:/cvs
Module name:src
Changes by: mill...@cvs.openbsd.org 2011/04/20 16:28:39

Modified files:
usr.bin/awk: run.c

Log message:
Stash the old seed when srand() is called and use it as the return
value as per POSIX and the fine manual.  Fix sent upstream to bwk.
OK deraadt@




If you use srand() directly in awk, it reverts to the standards-defined
behaviour.  The same semantic is present in our ksh.