Re: [PATCH] ksh getint cleanup
Here's a slightly updated patch which makes sure that 0x0x isn't possible On 09/03/15 21:59, Martijn van Duren wrote: Hello tech@, I gave a look to getint in var.c, which turned out to roll out it's own version of string to long conversion, without overflow checking. Attached is a diff to make the function more readable and overflow safe by using strtol, with error checking based on strtonum. I choose for returning an error on clamping instead of the clamped value, because it's dangerous to base calculations on such values, but this can be easily changed by removing the errno checking. Sincerely, Martijn van Duren Index: var.c === RCS file: /cvs/src/bin/ksh/var.c,v retrieving revision 1.43 diff -u -p -r1.43 var.c --- var.c 1 Sep 2015 13:12:31 - 1.43 +++ var.c 4 Sep 2015 06:45:53 - @@ -1,11 +1,14 @@ /* $OpenBSD: var.c,v 1.43 2015/09/01 13:12:31 tedu Exp $ */ -#include "sh.h" +#include +#include +#include #include -#include "ksh_limval.h" + #include -#include +#include "ksh_limval.h" +#include "sh.h" /* * Variables * @@ -411,11 +414,11 @@ setint(struct tbl *vq, long int n) int getint(struct tbl *vp, long int *nump, bool arith) { - char *s; - int c; - int base, neg; + char *s, *endptr; + int terrno = errno; + int base = 10; int have_base = 0; - long num; + long int num = 0; if (vp->flag&SPECIAL) getspec(vp); @@ -427,49 +430,39 @@ getint(struct tbl *vp, long int *nump, b return vp->type; } s = vp->val.s + vp->type; - if (s == NULL) /* redundant given initial test */ - s = null; - base = 10; - num = 0; - neg = 0; - if (arith && *s == '0' && *(s+1)) { - s++; - if (*s == 'x' || *s == 'X') { - s++; + + if (arith && s[0] == '0' && s[1]) { + if (s[1] == 'x' || s[1] == 'X') base = 16; - } else if (vp->flag & ZEROFIL) { - while (*s == '0') + else if (vp->flag & ZEROFIL) { + while (s[0] == '0') s++; } else base = 8; - have_base++; + have_base = 1; } - for (c = (unsigned char)*s++; c ; c = (unsigned char)*s++) { - if (c == '-') { - neg++; - } else if (c == '#') { - base = (int) num; - if (have_base || base < 2 || base > 36) -return -1; - num = 0; - have_base = 1; - } else if (letnum(c)) { - if (isdigit(c)) -c -= '0'; - else if (islower(c)) -c -= 'a' - 10; /* todo: assumes ascii */ - else if (isupper(c)) -c -= 'A' - 10; /* todo: assumes ascii */ - else -c = -1; /* _: force error */ - if (c < 0 || c >= base) -return -1; - num = num * base + c; - } else - return -1; + + errno = 0; + num = strtol(s, &endptr, base); + if (s == endptr || (*endptr != '#' && *endptr != '\0') || + errno == ERANGE) { + errno = terrno; + return -1; } - if (neg) - num = -num; + if (*endptr == '\0') { + *nump = num; + return base; + } + if (have_base || num < 2 || num > 36) + return -1; + base = (int) num; + s = endptr+1; + num = strtol(s, &endptr, base); + if (s == endptr || *endptr != '\0' || errno == ERANGE) { + errno = terrno; + return -1; + } + *nump = num; return base; }
UTF-8 string filtering
Hi, For a long time OpenBSD has been careful about filtering potentially- hostile strings that were destined for logs or TTYs using strvis(3) and friends. Unfortunately, these don't do a great job for UTF-8 strings since they mangle anything that isn't basic ASCII (not even ISO-8859-1). This shows up in ssh, where non-English speakers have complained for years about their server banners being rendered as gobbledygook, so a few years ago I wrote the patch below that used RFC3454 stringprep to try to filter hostile characters (e.g. terminal control sequences) while leaving benign Unicode characters untouched when the user's LC_CTYPE indicated they wanted UTF-8 output. The patch never got committed because I never had enough confidence in my knowledge of Unicode to be sure I'd picked the right characters, but now that OpenBSD seems have settled on UTF-8 for non-LC_CTYPE=C locales, I think it is time to revisit it. My questions: 1) Is the approach correct? (I think so) 2) Are the tables correct? I'd like someone who knows more about Unicode than me (which is not much) to weigh in. 3) Would this be better off in libutil or libc? 4) If #4, should it be done in strvis(3) itself? Comments appreciated. -d diff --git a/lib/Makefile b/lib/Makefile index ed505b4..05cf8a0 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -34,7 +34,8 @@ SRCS= ${LIB_SRCS} \ smult_curve25519_ref.c \ kexc25519.c kexc25519c.c kexc25519s.c \ roaming_dummy.c \ - chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c umac.c + chacha.c poly1305.c cipher-chachapoly.c ssh-ed25519.c hmac.c umac.c \ + utf8_stringprep.c .if (${SSH1:L} == "yes") SRCS+= cipher-3des1.c cipher-bf1.c diff --git a/misc.h b/misc.h index 53d469b..e476f1d 100644 --- a/misc.h +++ b/misc.h @@ -133,4 +133,7 @@ char*read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); +/* utf8_stringprep.c */ +int utf8_stringprep(const char *, char *, size_t); + #endif /* _MISC_H */ diff --git a/sshconnect2.c b/sshconnect2.c index 2b525ac..04120e7 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -39,6 +39,8 @@ #include #include #include +#include +#include #include "xmalloc.h" #include "ssh.h" @@ -455,21 +457,51 @@ input_userauth_error(int type, u_int32_t seq, void *ctxt) return 0; } +/* Check whether we can display UTF-8 safely */ +static int +utf8_ok(void) +{ + static int ret = -1; + char *cp; + + if (ret == -1) { + setlocale(LC_CTYPE, ""); + cp = nl_langinfo(CODESET); + ret = strcmp(cp, "UTF-8") == 0; + } + return ret; +} + /* ARGSUSED */ int input_userauth_banner(int type, u_int32_t seq, void *ctxt) { char *msg, *raw, *lang; - u_int len; + u_int done, len; debug3("input_userauth_banner"); + raw = packet_get_string(&len); lang = packet_get_string(NULL); if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { if (len > 65536) len = 65536; msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ - strnvis(msg, raw, len * 4 + 1, VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); + done = 0; + if (utf8_ok()) { + if (utf8_stringprep(raw, msg, len * 4 + 1) == 0) + done = 1; + else + debug2("%s: UTF8 stringprep failed", __func__); + } + /* +* Fallback to strnvis if UTF8 display not supported or +* conversion failed. +*/ + if (!done) { + strnvis(msg, raw, len * 4 + 1, + VIS_SAFE|VIS_OCTAL|VIS_NOSLASH); + } fprintf(stderr, "%s", msg); free(msg); } diff --git a/stringprep-tables.c b/stringprep-tables.c new file mode 100644 index 000..c02facb --- /dev/null +++ b/stringprep-tables.c @@ -0,0 +1,1321 @@ +/* Public domain. */ + +/* $OpenBSD$ */ + +/* + * Tables for RFC3454 stringprep algorithm, updated with a table of allocated + * characters generated from Unicode.6.2's UnicodeData.txt + * + * Intended to be included directly from utf8_stringprep.c + */ + +/* Unassigned characters in Unicode 6.2 */ +static const struct u32_range unassigned[] = { + { 0x0378, 0x0379 }, + { 0x037F, 0x0383 }, + { 0x038B, 0x038B }, + { 0x038D, 0x038D }, + { 0x03A2, 0x03A2 }, + { 0x0528, 0x0530 }, + { 0x0557, 0x0558 }, + { 0x0560, 0x0560 }, + { 0x0588, 0x0588 }, + { 0x058B, 0x058E }, + { 0x0590, 0x0590 }, + { 0x05C8, 0x05CF }, + { 0x05EB, 0x05EF }, + { 0x05F5, 0x05FF }, + { 0x0605, 0x0605 }, +
Re: plus58.html hrefs
Sorry, an unreferenced cpuid(6) that I couldn't resolve. - Original Message - From: "Rob Pierce" To: "tech" Sent: Friday, September 4, 2015 12:29:50 AM Subject: plus58.html hrefs There is also a reference to smu(4) that appears to be broken, as well as an unreferenced pkg(5) and cupid(6) that I couldn't resolve.
plus58.html hrefs
There is also a reference to smu(4) that appears to be broken, as well as an unreferenced pkg(5) and cupid(6) that I couldn't resolve. Index: plus58.html === RCS file: /cvs/www/plus58.html,v retrieving revision 1.7 diff -u -p -r1.7 plus58.html --- plus58.html 2 Sep 2015 20:30:03 - 1.7 +++ plus58.html 4 Sep 2015 04:24:15 - @@ -108,7 +108,7 @@ For changes in other releases, click bel Fix a potential out-of-bounds read in http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man3/fnmatch.3";>fnmatch(3). On armv7, make use of u-boot 2015.07's unified wandboard config to provide a miniroot to cover all current wandboard variations. -5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing ed(1)-style diffs.A source code patch exists for 5.6 and 5.7. +5.6 and 5.7 SECURITY FIX: the patch utility could become desyncronized processing http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1";>ed(1)-style diffs.A source code patch exists for 5.6 and 5.7. Prevent substitution commands ("s///") with a newline in the replacement pattern from confusing http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/patch.1";>patch(1) about the state of the http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ed.1";>ed(1) child process is in. Turn off POOL_DEBUG for release. In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8), repair HSTS header output. @@ -222,7 +222,7 @@ For changes in other releases, click bel Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscalls when using http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2";>tame(2). This allows threaded programs to work. Avoid a possible NULL dereference in http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1";>openssl(1) s_server (Coverity CID 78873). Add a quirk for Cirrus Logic PD6729: earlier silicon versions of this chip would advertize themselves as multi-function devices while they are not. -In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8), don't accept sockets when syslogd reaches the file descriptor limit. Instead disable the listen event and wait for a second. +In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8), don't accept sockets when http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/syslogd.8";>syslogd(8) reaches the file descriptor limit. Instead disable the listen event and wait for a second. In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/openssl.1";>openssl(1), avoid dereferencing NULL (Coverity CID 21746). In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/tame.2";>tame(2): @@ -263,7 +263,7 @@ For changes in other releases, click bel Add label withdraw/release wildcard support. Implement MD5 authentication support. -In the installer, use the %c and %a fields in pkg.conf. +In the installer, use the %c and %a fields in http://www.openbsd.org/cgi-bin/man.cgi?query=pkg.conf&sektion=5&format=html";>pkg.conf(5). Show the tame flag in http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/ps.1";>ps(1). In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldpd.8";>ldpd(8): @@ -332,7 +332,7 @@ For changes in other releases, click bel In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/sshd.8";>sshd(8), only query each keyboard-interactive device once per authentication request regardless of how many times it is listed. In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/doas.1";>doas(1), add -s as a shorthand for "doas $SHELL". In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8), allow to change the default media type globally or per-location. -In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1), insist that manual page file name extensions must begin with a digit lest pkg.conf(5) be shown when pkg(5) is asked for. +In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/mandoc.1";>mandoc(1), insist that manual page file name extensions must begin with a digit lest http://www.openbsd.org/cgi-bin/man.cgi?query=pkg.conf&sektion=5&format=html";>pkg.conf(5) be shown when pkg(5) is asked for. Support HTTP Strict Transport Security (HSTS) in http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/httpd.8";>httpd(8). Have http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/tftpd.8";>tftpd(8) provide a block of random data when clients request the file /etc/random.seed. @@ -466,7 +466,7 @@ For changes in other releases, click bel In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cwm.1";>cwm(1), introduce "groupsearch" for group menu search. In http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/xhci.4";>xhci(4), do not trust the hardware when it says that the number o
58.html href openssl(1)
Index: 58.html === RCS file: /cvs/www/58.html,v retrieving revision 1.53 diff -u -p -r1.53 58.html --- 58.html 4 Sep 2015 02:08:46 - 1.53 +++ 58.html 4 Sep 2015 03:12:11 - @@ -460,7 +460,7 @@ to 5.8. Code improvements: - Fix incorrect comparison function in openssl(1) certhash command. + Fix incorrect comparison function in http://www.openbsd.org/cgi-bin/man.cgi?query=openssl&sektion=1";>openssl(1) certhash command. Thanks to Christian Neukirchen / Void Linux. Removal of OPENSSL_issetugid and all library getenv calls. Applications can and should no longer rely on environment variables
58.html href syslogd(8)
Index: 58.html === RCS file: /cvs/www/58.html,v retrieving revision 1.51 diff -u -p -r1.51 58.html --- 58.html 3 Sep 2015 23:19:55 - 1.51 +++ 58.html 4 Sep 2015 01:57:32 - @@ -496,7 +496,7 @@ ktion=5">syslog.conf(5) certain hosts specifically. Handle situations when the file descriptor limit is exhausted gracefully. -Since libtls handles short writes smarter, syslogd can use the +Since libtls handles short writes smarter, http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd&sektion=8";>syslogd(8) can use the complete output buffer to save messages, coping with longer TLS server down times without losing messages.
Re: 58.html
I have applied this along with the other amdcf(4) diff you sent, thanks! On Thu, Sep 03, 2015 at 08:41:25PM -0400, Rob Pierce wrote: > href tar and cpio? > > Index: 58.html > === > RCS file: /cvs/www/58.html,v > retrieving revision 1.51 > diff -u -p -r1.51 58.html > --- 58.html 3 Sep 2015 23:19:55 - 1.51 > +++ 58.html 4 Sep 2015 00:39:18 - > @@ -143,7 +143,7 @@ to 5.8. > > sudo in base has been replaced with href="http://www.openbsd.org/cgi-bin/man.cgi?query=doas&sektion=1";>doas(1), > sudo is available as a package. > href="http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1";>file(1) > has been replaced with a new modern implementation, including sandbox and > privilege separation. > - href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1";>pax(1) > (and tar(1) and cpio(1)) now prevent archive extraction from escaping the > current directory via symlinks; href="http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1";>tar(1) > without -P option now strips up through any ".." path > components. > + href="http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1";>pax(1) > (and href="http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1";>tar(1) > and href="http://www.openbsd.org/cgi-bin/man.cgi?query=cpio&sektion=1";>cpio(1)) > now prevent archive extraction from escaping the current directory via > symlinks; href="http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1";>tar(1) > without -P option now strips up through any ".." path > components. > Improved kernel checks of ELF headers. > ... > >
58.html href amdcf
Index: 58.html === RCS file: /cvs/www/58.html,v retrieving revision 1.51 diff -u -p -r1.51 58.html --- 58.html 3 Sep 2015 23:19:55 - 1.51 +++ 58.html 4 Sep 2015 01:37:53 - @@ -78,7 +78,7 @@ to 5.8. http://www.openbsd.org/cgi-bin/man.cgi?query=wscons&sec=4";>wscons(4) works with even more odd trackpads. Added http://www.openbsd.org/cgi-bin/man.cgi?query=pvbus&sec=4";>pvbus(4) paravirtual device tree root on virtual machines that are running on hypervisors. New octdwctwo(4) driver for USB support on OpenBSD/octeon. -New amdcf(4) driver for embedded flash on OpenBSD/octeon. +New http://www.openbsd.org/cgi-bin/man.cgi?query=amdcf&sec=4";>amdcf(4) driver for embedded flash on OpenBSD/octeon. ...
[patch] use USBD_NO_COPY in ugen_do_write()
Similiar to [1], this patch uses the USBD_NO_COPY flag to utilize the DMA buffer directly within ugen_do_write() of ugen(4). Grant References 1. MARC.info - 'do bulk reads with one transfer in ugen(4)' thread http://marc.info/?t=14411465081&r=1&w=2 Index: ugen.c === RCS file: /cvs/src/sys/dev/usb/ugen.c,v retrieving revision 1.86 diff -u -p -d -r1.86 ugen.c --- ugen.c 3 Sep 2015 07:50:22 - 1.86 +++ ugen.c 3 Sep 2015 20:43:57 - @@ -645,6 +645,7 @@ ugen_do_write(struct ugen_softc *sc, int u_int32_t n; int flags, error = 0; char buf[UGEN_BBSIZE]; + void *ptr = 0; struct usbd_xfer *xfer; usbd_status err; @@ -666,7 +667,7 @@ ugen_do_write(struct ugen_softc *sc, int return (EIO); } #endif - flags = USBD_SYNCHRONOUS; + flags = USBD_SYNCHRONOUS | USBD_NO_COPY; if (sce->timeout == 0) flags |= USBD_CATCH; @@ -675,12 +676,17 @@ ugen_do_write(struct ugen_softc *sc, int xfer = usbd_alloc_xfer(sc->sc_udev); if (xfer == 0) return (EIO); - while ((n = min(UGEN_BBSIZE, uio->uio_resid)) != 0) { - error = uiomovei(buf, n, uio); + if ((n = uio->uio_resid) != 0) { + ptr = usbd_alloc_buffer(xfer, n); + if (ptr == NULL) { + error = ENOMEM; + goto done; + } + error = uiomovei(ptr, n, uio); if (error) - break; + goto done; DPRINTFN(1, ("ugenwrite: transfer %d bytes\n", n)); - usbd_setup_xfer(xfer, sce->pipeh, 0, buf, n, + usbd_setup_xfer(xfer, sce->pipeh, 0, NULL, n, flags, sce->timeout, NULL); err = usbd_transfer(xfer); if (err) { @@ -691,9 +697,9 @@ ugen_do_write(struct ugen_softc *sc, int error = ETIMEDOUT; else error = EIO; - break; } } + done: usbd_free_xfer(xfer); break; case UE_INTERRUPT:
58.html
href tar and cpio? Index: 58.html === RCS file: /cvs/www/58.html,v retrieving revision 1.51 diff -u -p -r1.51 58.html --- 58.html 3 Sep 2015 23:19:55 - 1.51 +++ 58.html 4 Sep 2015 00:39:18 - @@ -143,7 +143,7 @@ to 5.8. sudo in base has been replaced with http://www.openbsd.org/cgi-bin/man.cgi?query=doas&sektion=1";>doas(1), sudo is available as a package. http://www.openbsd.org/cgi-bin/man.cgi?query=file&sektion=1";>file(1) has been replaced with a new modern implementation, including sandbox and privilege separation. -http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1";>pax(1) (and tar(1) and cpio(1)) now prevent archive extraction from escaping the current directory via symlinks; http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1";>tar(1) without -P option now strips up through any ".." path components. +http://www.openbsd.org/cgi-bin/man.cgi?query=pax&sektion=1";>pax(1) (and http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1";>tar(1) and http://www.openbsd.org/cgi-bin/man.cgi?query=cpio&sektion=1";>cpio(1)) now prevent archive extraction from escaping the current directory via symlinks; http://www.openbsd.org/cgi-bin/man.cgi?query=tar&sektion=1";>tar(1) without -P option now strips up through any ".." path components. Improved kernel checks of ELF headers. ...
pppd: remove unused function
The get_host_seed() function in pppd is unused and can be removed. Index: pppd.h === RCS file: /cvs/src/usr.sbin/pppd/pppd.h,v retrieving revision 1.19 diff -u -p -u -r1.19 pppd.h --- pppd.h 12 Jun 2015 14:18:25 - 1.19 +++ pppd.h 3 Sep 2015 20:28:34 - @@ -309,7 +309,6 @@ void unlock(void); /* Delete previously int daemon(int, int); /* Detach us from terminal session */ void logwtmp(const char *, const char *, const char *); /* Write entry to wtmp file */ -int get_host_seed(void); /* Get host-dependent random number seed */ #ifdef PPP_FILTER int set_filters(struct bpf_program *pass, struct bpf_program *active); /* Set filter programs in kernel */ Index: sys-bsd.c === RCS file: /cvs/src/usr.sbin/pppd/sys-bsd.c,v retrieving revision 1.26 diff -u -p -u -r1.26 sys-bsd.c --- sys-bsd.c 27 Oct 2009 23:59:53 - 1.26 +++ sys-bsd.c 3 Sep 2015 20:28:35 - @@ -1440,15 +1440,6 @@ GetMask(addr) } /* - * Use the hostid as part of the random number seed. - */ -int -get_host_seed() -{ -return gethostid(); -} - -/* * lock - create a lock file for the named lock device */ #defineLOCK_PREFIX "/var/spool/lock/LCK.." With this diff there is no user of gethostid() left in base. Has the time come for [gs]ethostid to be removed from libc? The manual page suggests they have been dropped in 4.4BSD - those functions have survived way past their expiry date already. cheers, natano
Re: nfs pool diff
>The only pool_get() call uses PR_WAITOK, and the pool_put() calls are >only done from the nfsd main loop, so process context. OK. Thanks that explains how one makes sure.. >No I'm not an NFS hacker! 3 kettenis Actually lots of people are NFS hackers. 1 aaron 1 damien 1 dlg 1 doug 1 espie 1 hugh 1 itojun 1 kstailey 1 markus 1 mikeb 1 mk 1 naddy 1 nordin 1 provos 1 ray 1 rees 1 smurph 2 briggs 2 florian 2 graichen 2 grange 2 jmc 2 pvalchev 3 claudio 3 fgsch 3 hin 3 jasper 3 kettenis 3 oga 3 sf 3 sturm 4 henning 4 jsing 5 angelos 6 avsm 6 brad 6 djm 6 jason 7 otto 8 krw 9 assar 9 bluhm 9 dm 12 ericj 12 mpi 15 marius 18 tholo 19 nate 21 pedro 23 guenther 25 ho 25 miod 26 beck 28 jsg 63 tedu 64 millert 72 mickey 89 csapuntz 123 art 127 blambert 144 niklas 195 deraadt 301 thib 63 people. All of them to blame equally, I will say from a high position...
nfs pool diff
The only pool_get() call uses PR_WAITOK, and the pool_put() calls are only done from the nfsd main loop, so process context. No I'm not an NFS hacker! ok? Index: nfs_syscalls.c === RCS file: /cvs/src/sys/nfs/nfs_syscalls.c,v retrieving revision 1.103 diff -u -p -r1.103 nfs_syscalls.c --- nfs_syscalls.c 15 Jul 2015 22:16:42 - 1.103 +++ nfs_syscalls.c 3 Sep 2015 20:59:28 - @@ -547,7 +547,7 @@ nfsrv_init(int terminating) if (!terminating) pool_init(&nfsrv_descript_pl, sizeof(struct nfsrv_descript), - 0, 0, 0, "ndscpl", &pool_allocator_nointr); + 0, 0, PR_WAITOK, "ndscpl", NULL); } #endif /* NFSSERVER */
catopen/catgets: out of boundary access
Hi, our catopen implementation does not check the parsed message catalog, making it vulnerable to all sorts of out of boundary accesses. Take this minimalistic proof of concept file: $ printf '\xff\x88\xff\x89\x01\x00\x00\x00' > poc.cat If you are too lazy to write code to open it yourself, take this one: ---poc.c--- #include #include #include int main(int argc, char *argv[]) { nl_catd cat; if (argc != 2) { fprintf(stderr, "usage: poc file.cat\n"); return (1); } if ((cat = catopen(argv[1], 0)) == (nl_catd) -1) err(2, "catopen"); printf("%s\n", catgets(cat, 1, 1, "default text")); catclose(cat); return (0); } ---poc.c--- $ ./poc $PWD/poc.cat # yes, it takes an absolute path Segmentation fault (core dumped) $ _ I've added all sorts of checks, making sure that whatever offset and index is inside the catalog is actually valid. Unfortunately it looks rather messy, because I even have to check if there are negative values in it -- it's all int32_t. There are also cases in which catopen() returns -1 but does not set errno properly. I took the glibc approach and set errno to EINVAL whenever we encounter an invalid value. Also, make sure that we directly ignore files which are too small or too large. Successfully passes the libc.cat files we have in base, so I'm rather confident that there are no false positives. Any advices to make this look nicer though? Or how to handle INT_MAX and int32_t types? They are basically the same, can I trust that it's true on all our archs? Tobias Index: lib/libc/nls/catopen.c === RCS file: /cvs/src/lib/libc/nls/catopen.c,v retrieving revision 1.16 diff -u -p -u -p -r1.16 catopen.c --- catopen.c 16 Jan 2015 16:48:51 - 1.16 +++ catopen.c 3 Sep 2015 20:48:07 - @@ -30,20 +30,24 @@ #define _NLS_PRIVATE -#include -#include -#include #include #include #include -#include +#include #include +#include #include +#include +#include +#include + +#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) #define NLS_DEFAULT_PATH "/usr/share/nls/%L/%N.cat:/usr/share/nls/%l.%c/%N.cat:/usr/share/nls/%l/%N.cat" #define NLS_DEFAULT_LANG "C" -static nl_catd load_msgcat(const char *); +static nl_catd load_msgcat(const char *); +static int verify_msgcat(nl_catd); /* ARGSUSED */ nl_catd @@ -173,24 +177,106 @@ load_msgcat(const char *path) return (nl_catd) -1; } + if (st.st_size > INT_MAX || st.st_size < sizeof (struct _nls_cat_hdr)) { + errno = EINVAL; + close (fd); + return (nl_catd) -1; + } + data = mmap(0, (size_t) st.st_size, PROT_READ, MAP_SHARED, fd, (off_t)0); close (fd); - if (data == MAP_FAILED) { + if (data == MAP_FAILED) return (nl_catd) -1; - } - if (ntohl(((struct _nls_cat_hdr *) data)->__magic) != _NLS_MAGIC) { - munmap(data, (size_t) st.st_size); - return (nl_catd) -1; - } + if (ntohl(((struct _nls_cat_hdr *) data)->__magic) != _NLS_MAGIC) + goto invalid; - if ((catd = malloc(sizeof (*catd))) == 0) { - munmap(data, (size_t) st.st_size); - return (nl_catd) -1; - } + if ((catd = malloc(sizeof (*catd))) == 0) + goto invalid; catd->__data = data; catd->__size = st.st_size; + + if (verify_msgcat(catd)) { + free(catd); + goto invalid; + } + return catd; + +invalid: + munmap(data, (size_t) st.st_size); + errno = EINVAL; + return (nl_catd) -1; } + +static int +verify_msgcat(nl_catd catd) +{ + struct _nls_cat_hdr *cat; + struct _nls_set_hdr *set; + struct _nls_msg_hdr *msg; + size_t remain; + int i, j, msgs, off; + + remain = catd->__size; + cat = (struct _nls_cat_hdr *) catd->__data; + + /* catalog must contain at least one set and no negative offsets */ + if (ntohl(cat->__nsets) < 1 || + ntohl(cat->__msg_hdr_offset) < 0 || + ntohl(cat->__msg_txt_offset) < 0) + return (1); + + remain -= sizeof (*cat); + + /* check if offsets or set size overflow */ + if (remain <= ntohl(cat->__msg_hdr_offset) || + remain <= ntohl(cat->__msg_txt_offset) || + remain / sizeof (*set) < ntohl(cat->__nsets)) + return (1); + + set = (struct _nls_set_hdr *) ((char *) catd->__data + sizeof (*cat)); + + /* make sure that msg has space for at least one index */ + if (remain - ntohl(cat->__msg_hdr_offset) < sizeof(*msg)) + return (1); + + msg = (struct _nls_msg_hdr *) ((char *) catd->__data + sizeof (*cat) + + ntohl(cat->__msg_hdr_offset)); + + /* validate and retrieve la
Re: linux compat pool diff
On Thu, Sep 03, 2015 at 10:54:17PM +0200, Mark Kettenis wrote: > These are only ever used from system call implementation and therefore > never from interrupt context. > > ok? > > > Index: sys/compat/linux/linux_futex.c > === > RCS file: /cvs/src/sys/compat/linux/linux_futex.c,v > retrieving revision 1.16 > diff -u -p -r1.16 linux_futex.c > --- sys/compat/linux/linux_futex.c20 Aug 2014 06:03:20 - 1.16 > +++ sys/compat/linux/linux_futex.c3 Sep 2015 20:53:02 - > @@ -415,10 +415,10 @@ futex_pool_init(void) > DPRINTF(("Inside futex_pool_init()\n")); > > if (!futex_pool_initialized) { > - pool_init(&futex_pool, sizeof(struct futex), 0, 0, PR_DEBUGCHK, > - "futexpl", &pool_allocator_nointr); > + pool_init(&futex_pool, sizeof(struct futex), 0, 0, > + PR_WAITOK | PR_DEBUGCHK, "futexpl", NULL); > pool_init(&futex_wp_pool, sizeof(struct waiting_proc), 0, 0, > - PR_DEBUGCHK, "futexwppl", &pool_allocator_nointr); > + PR_WAITOK | PR_DEBUGCHK, "futexwppl", NULL); > futex_pool_initialized = 1; > } > } > ok mlarkin
linux compat pool diff
These are only ever used from system call implementation and therefore never from interrupt context. ok? Index: sys/compat/linux/linux_futex.c === RCS file: /cvs/src/sys/compat/linux/linux_futex.c,v retrieving revision 1.16 diff -u -p -r1.16 linux_futex.c --- sys/compat/linux/linux_futex.c 20 Aug 2014 06:03:20 - 1.16 +++ sys/compat/linux/linux_futex.c 3 Sep 2015 20:53:02 - @@ -415,10 +415,10 @@ futex_pool_init(void) DPRINTF(("Inside futex_pool_init()\n")); if (!futex_pool_initialized) { - pool_init(&futex_pool, sizeof(struct futex), 0, 0, PR_DEBUGCHK, - "futexpl", &pool_allocator_nointr); + pool_init(&futex_pool, sizeof(struct futex), 0, 0, + PR_WAITOK | PR_DEBUGCHK, "futexpl", NULL); pool_init(&futex_wp_pool, sizeof(struct waiting_proc), 0, 0, - PR_DEBUGCHK, "futexwppl", &pool_allocator_nointr); + PR_WAITOK | PR_DEBUGCHK, "futexwppl", NULL); futex_pool_initialized = 1; } }
Re: [patch] do bulk reads with one transfer in ugen(4)
On Thu, Sep 03, 2015 at 09:52:57AM +0200, Martin Pieuchot wrote: > On 01/09/15(Tue) 22:26, Grant Czajkowski wrote: > > In ugen(4), bulk reads of length > UGEN_BBSIZE are split into > > multiple transfers. This patch instead sends a single > > transfer utilizing USBD_NO_COPY. > > Committed with one tweak below. Do not hesitate to elaborate *why* > you'd like to see such change committed, it might not be obvious to > all the tech@ readers ;) Thanks Martin, I will keep that in mind in the future. The intent of this change is to reduce the amount of copying done by using the DMA buffer directly and simplify the code by removing the while loop. > > @@ -541,14 +541,19 @@ ugen_do_read(struct ugen_softc *sc, int > > xfer = usbd_alloc_xfer(sc->sc_udev); > > if (xfer == 0) > > return (ENOMEM); > > - flags = USBD_SYNCHRONOUS; > > + flags = USBD_SYNCHRONOUS | USBD_NO_COPY; > > if (sce->state & UGEN_SHORT_OK) > > flags |= USBD_SHORT_XFER_OK; > > if (sce->timeout == 0) > > flags |= USBD_CATCH; > > - while ((n = min(UGEN_BBSIZE, uio->uio_resid)) != 0) { > > + if ((n = uio->uio_resid) != 0) { > > + buf = usbd_alloc_buffer(xfer, n); > > + if (buf == 0) { > > I changed this into "if (buff == NULL)" since we compare pointers to > NULL. I know that ugen(4) needs a bit of cleanup in this regard, feel > free to convert them if you wish :) >
[PATCH] ksh getint cleanup
Hello tech@, I gave a look to getint in var.c, which turned out to roll out it's own version of string to long conversion, without overflow checking. Attached is a diff to make the function more readable and overflow safe by using strtol, with error checking based on strtonum. I choose for returning an error on clamping instead of the clamped value, because it's dangerous to base calculations on such values, but this can be easily changed by removing the errno checking. Sincerely, Martijn van Duren Index: var.c === RCS file: /cvs/src/bin/ksh/var.c,v retrieving revision 1.43 diff -u -p -r1.43 var.c --- var.c 1 Sep 2015 13:12:31 - 1.43 +++ var.c 3 Sep 2015 19:39:44 - @@ -1,11 +1,14 @@ /* $OpenBSD: var.c,v 1.43 2015/09/01 13:12:31 tedu Exp $ */ -#include "sh.h" +#include +#include +#include #include -#include "ksh_limval.h" + #include -#include +#include "ksh_limval.h" +#include "sh.h" /* * Variables * @@ -411,11 +414,11 @@ setint(struct tbl *vq, long int n) int getint(struct tbl *vp, long int *nump, bool arith) { - char *s; - int c; - int base, neg; + char *s, *endptr; + int terrno = errno; + int base = 10; int have_base = 0; - long num; + long int num = 0; if (vp->flag&SPECIAL) getspec(vp); @@ -427,49 +430,41 @@ getint(struct tbl *vp, long int *nump, b return vp->type; } s = vp->val.s + vp->type; - if (s == NULL) /* redundant given initial test */ - s = null; - base = 10; - num = 0; - neg = 0; - if (arith && *s == '0' && *(s+1)) { + + if (arith && s[0] == '0' && s[1]) { s++; - if (*s == 'x' || *s == 'X') { + if (s[0] == 'x' || s[0] == 'X') { s++; base = 16; } else if (vp->flag & ZEROFIL) { - while (*s == '0') + while (s[0] == '0') s++; } else base = 8; - have_base++; + have_base = 1; } - for (c = (unsigned char)*s++; c ; c = (unsigned char)*s++) { - if (c == '-') { - neg++; - } else if (c == '#') { - base = (int) num; - if (have_base || base < 2 || base > 36) -return -1; - num = 0; - have_base = 1; - } else if (letnum(c)) { - if (isdigit(c)) -c -= '0'; - else if (islower(c)) -c -= 'a' - 10; /* todo: assumes ascii */ - else if (isupper(c)) -c -= 'A' - 10; /* todo: assumes ascii */ - else -c = -1; /* _: force error */ - if (c < 0 || c >= base) -return -1; - num = num * base + c; - } else - return -1; + + errno = 0; + num = strtol(s, &endptr, base); + if (s == endptr || (*endptr != '#' && *endptr != '\0') || + errno == ERANGE) { + errno = terrno; + return -1; } - if (neg) - num = -num; + if (*endptr == '\0') { + *nump = num; + return base; + } + if (have_base || num < 2 || num > 36) + return -1; + base = (int) num; + s = endptr+1; + num = strtol(s, &endptr, base); + if (s == endptr || *endptr != '\0' || errno == ERANGE) { + errno = terrno; + return -1; + } + *nump = num; return base; }
syslogd: dropped 1 message
Hi, In sendsyslog(2) I got the plural s of messages right. The messages of syslogd(8) should be alike. ok? bluhm Index: usr.sbin/syslogd/syslogd.c === RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.182 diff -u -p -r1.182 syslogd.c --- usr.sbin/syslogd/syslogd.c 3 Sep 2015 14:50:53 - 1.182 +++ usr.sbin/syslogd/syslogd.c 3 Sep 2015 14:52:54 - @@ -1155,8 +1155,10 @@ tcp_writecb(struct bufferevent *bufev, v if (f->f_un.f_forw.f_dropped > 0 && EVBUFFER_LENGTH(f->f_un.f_forw.f_bufev->output) < MAX_TCPBUF) { snprintf(ebuf, sizeof(ebuf), - "syslogd: dropped %d messages to loghost \"%s\"", - f->f_un.f_forw.f_dropped, f->f_un.f_forw.f_loghost); + "syslogd: dropped %d message%s to loghost \"%s\"", + f->f_un.f_forw.f_dropped, + f->f_un.f_forw.f_dropped == 1 ? "" : "s", + f->f_un.f_forw.f_loghost); f->f_un.f_forw.f_dropped = 0; logmsg(LOG_SYSLOG|LOG_WARNING, ebuf, LocalHostName, ADDDATE); } @@ -1863,8 +1865,8 @@ init_signalcb(int signum, short event, v if (tcpbuf_dropped > 0) { snprintf(ebuf, sizeof(ebuf), - "syslogd: dropped %d messages to remote loghost", - tcpbuf_dropped); + "syslogd: dropped %d message%s to remote loghost", + tcpbuf_dropped, tcpbuf_dropped == 1 ? "" : "s"); tcpbuf_dropped = 0; logmsg(LOG_SYSLOG|LOG_WARNING, ebuf, LocalHostName, ADDDATE); } @@ -1913,8 +1915,8 @@ die(int signo) if (tcpbuf_dropped > 0) { snprintf(ebuf, sizeof(ebuf), - "syslogd: dropped %d messages to remote loghost", - tcpbuf_dropped); + "syslogd: dropped %d message%s to remote loghost", + tcpbuf_dropped, tcpbuf_dropped == 1 ? "" : "s"); tcpbuf_dropped = 0; logmsg(LOG_SYSLOG|LOG_WARNING, ebuf, LocalHostName, ADDDATE); }
Re: Changes to network memory allocation/reporting?
Martin Pieuchot wrote: > On 02/09/15(Wed) 08:45, trondd wrote: > > I just noticed on my -current systems, memory reporting from netstat -m > > seems to show that memory is overcommited. > > > > $ netstat -m > > 535 mbufs in use: > > 289 mbufs allocated to data > > 8 mbufs allocated to packet headers > > 238 mbufs allocated to socket names and addresses > > 171/288/6144 mbuf 2048 byte clusters in use (current/peak/max) > > 0/8/6144 mbuf 4096 byte clusters in use (current/peak/max) > > 0/8/6144 mbuf 8192 byte clusters in use (current/peak/max) > > 0/14/6146 mbuf 9216 byte clusters in use (current/peak/max) > > 0/10/6150 mbuf 12288 byte clusters in use (current/peak/max) > > 0/8/6144 mbuf 16384 byte clusters in use (current/peak/max) > > 0/8/6144 mbuf 65536 byte clusters in use (current/peak/max) > > 272 Kbytes allocated to network (174% in use) <--- > > 0 requests for memory denied > > 0 requests for memory delayed > > 0 calls to protocol drain routines > > > > I see this on all -current systems, but not on 5.7-stable. I didn't see > > this on my system that was last updated to -current July 26. > > It does change the allocated Kbytes eventually but I saw it as high as 280% > > and rarely below 100%. > > This is a side effect of the *8 pool change. Diff below fixes it, ok? ok
mkhybrid minor fixes
mkhybrid(8) does not seem to be maintained upstream. Here are a few minor fixes to it: - buffer overflows, spotted by -Wbounded. They are caused by the way char name[] is defined in struct iso_directory_record in src/iso9660.h; unfortunately too much of the code will require adjustments, should the field be replaced with a sizeless array. - always false comparisons on `unsigned char' architectures (arm, powerpc). Index: src/eltorito.c === RCS file: /OpenBSD/src/gnu/usr.sbin/mkhybrid/src/eltorito.c,v retrieving revision 1.3 diff -u -p -r1.3 eltorito.c --- src/eltorito.c 8 Mar 2008 15:36:12 - 1.3 +++ src/eltorito.c 3 Sep 2015 17:04:25 - @@ -127,7 +127,7 @@ void FDECL1(get_torito_desc, struct elto memset(boot_desc, 0, sizeof(*boot_desc)); boot_desc->id[0] = 0; -memcpy(boot_desc->id2, ISO_STANDARD_ID, sizeof(ISO_STANDARD_ID)); +memcpy(boot_desc->id2, ISO_STANDARD_ID, sizeof(ISO_STANDARD_ID) - 1); boot_desc->version[0] = 1; memcpy(boot_desc->system_id, EL_TORITO_ID, sizeof(EL_TORITO_ID)); Index: src/joliet.c === RCS file: /OpenBSD/src/gnu/usr.sbin/mkhybrid/src/joliet.c,v retrieving revision 1.2 diff -u -p -r1.2 joliet.c --- src/joliet.c8 Mar 2008 15:36:12 - 1.2 +++ src/joliet.c3 Sep 2015 17:04:25 - @@ -229,7 +229,7 @@ static void FDECL1(get_joliet_vol_desc, * Set this one up. */ memcpy(jvol_desc->root_directory_record, &jroot_record, -sizeof(struct iso_directory_record)); +sizeof(jvol_desc->root_directory_record)); /* * Finally, we have a bunch of strings to convert to Unicode. Index: src/mkisofs.h === RCS file: /OpenBSD/src/gnu/usr.sbin/mkhybrid/src/mkisofs.h,v retrieving revision 1.3 diff -u -p -r1.3 mkisofs.h --- src/mkisofs.h 8 Aug 2013 05:30:23 - 1.3 +++ src/mkisofs.h 3 Sep 2015 17:04:25 - @@ -486,8 +486,8 @@ extern void * DECL(e_malloc,(size_t)); #define NEED_SP 16 #define PREV_SESS_DEV (sizeof(dev_t) >= 4 ? 0x7ffd : 0x7ffd) -#define TABLE_INODE(sizeof(ino_t) >= 8 ? 0x7ffe : 0x7ffe) -#define UNCACHED_INODE (sizeof(ino_t) >= 8 ? 0x7fff : 0x7fff) +#define TABLE_INODE(sizeof(ino_t) >= 8 ? 0x7ffeLL : 0x7ffe) +#define UNCACHED_INODE (sizeof(ino_t) >= 8 ? 0x7fffLL : 0x7fff) #define UNCACHED_DEVICE(sizeof(dev_t) >= 4 ? 0x7fff : 0x7fff) #ifdef VMS Index: src/multi.c === RCS file: /OpenBSD/src/gnu/usr.sbin/mkhybrid/src/multi.c,v retrieving revision 1.2 diff -u -p -r1.2 multi.c --- src/multi.c 8 Mar 2008 15:36:12 - 1.2 +++ src/multi.c 3 Sep 2015 17:04:25 - @@ -801,9 +801,9 @@ struct iso_directory_record * FDECL1(mer * Get the location and size of the root directory. */ rootp = (struct iso_directory_record *) -malloc(sizeof(struct iso_directory_record)); +calloc(1, sizeof(struct iso_directory_record)); - memcpy(rootp, pri->root_directory_record, sizeof(*rootp)); + memcpy(rootp, pri->root_directory_record, sizeof(pri->root_directory_record)); return rootp; } Index: src/name.c === RCS file: /OpenBSD/src/gnu/usr.sbin/mkhybrid/src/name.c,v retrieving revision 1.2 diff -u -p -r1.2 name.c --- src/name.c 8 Mar 2008 15:36:12 - 1.2 +++ src/name.c 3 Sep 2015 17:04:25 - @@ -211,7 +211,7 @@ int FDECL3(iso9660_file_length, } if(current_length < 30) { - if( *pnt < 0 ) + if( (signed char)*pnt < 0 ) { *result++ = '_'; } @@ -279,7 +279,7 @@ int FDECL3(iso9660_file_length, switch (*pnt) { default: - if( *pnt < 0 ) + if( (signed char)*pnt < 0 ) { *result++ = '_'; } Index: src/tree.c === RCS file: /OpenBSD/src/gnu/usr.sbin/mkhybrid/src/tree.c,v retrieving revision 1.5 diff -u -p -r1.5 tree.c --- src/tree.c 8 Aug 2013 03:16:13 - 1.5 +++ src/tree.c 3 Sep 2015 17:04:26 - @@ -1037,7 +1037,7 @@ FDECL3(insert_file_entry,struct director intdeep_flag; #ifdef APPLE_HYB intx_hfs = 0; - inthtype; + inthtype = 0; #endif /* APPLE_HYB */ status = stat_filter(whole_path, &statbuf); @@ -1263,7 +1263,7 @@ FDECL3(insert_file_entry,struct director #ifdef APPLE_HYB /* Should we exclude this HFS file ? - o
Re: Changes to network memory allocation/reporting?
On Thu, September 3, 2015 6:35 am, Martin Pieuchot wrote: > > This is a side effect of the *8 pool change. Diff below fixes it, ok? > I can confirm the patch applies and fixes the numbers. Can't speak to the accuracy of the math, though. Tim.
Re: Changes to network memory allocation/reporting?
On 02/09/15(Wed) 08:45, trondd wrote: > I just noticed on my -current systems, memory reporting from netstat -m > seems to show that memory is overcommited. > > $ netstat -m > 535 mbufs in use: > 289 mbufs allocated to data > 8 mbufs allocated to packet headers > 238 mbufs allocated to socket names and addresses > 171/288/6144 mbuf 2048 byte clusters in use (current/peak/max) > 0/8/6144 mbuf 4096 byte clusters in use (current/peak/max) > 0/8/6144 mbuf 8192 byte clusters in use (current/peak/max) > 0/14/6146 mbuf 9216 byte clusters in use (current/peak/max) > 0/10/6150 mbuf 12288 byte clusters in use (current/peak/max) > 0/8/6144 mbuf 16384 byte clusters in use (current/peak/max) > 0/8/6144 mbuf 65536 byte clusters in use (current/peak/max) > 272 Kbytes allocated to network (174% in use) <--- > 0 requests for memory denied > 0 requests for memory delayed > 0 calls to protocol drain routines > > I see this on all -current systems, but not on 5.7-stable. I didn't see > this on my system that was last updated to -current July 26. > It does change the allocated Kbytes eventually but I saw it as high as 280% > and rarely below 100%. This is a side effect of the *8 pool change. Diff below fixes it, ok? Index: mbuf.c === RCS file: /cvs/src/usr.bin/netstat/mbuf.c,v retrieving revision 1.35 diff -u -p -r1.35 mbuf.c --- mbuf.c 20 Jan 2015 18:26:57 - 1.35 +++ mbuf.c 3 Sep 2015 10:33:05 - @@ -84,7 +84,6 @@ mbpr(void) struct kinfo_pool pool; struct mbtypes *mp; size_t size; - int page_size = getpagesize(); if (nmbtypes != 256) { fprintf(stderr, @@ -167,19 +166,22 @@ mbpr(void) mbstat.m_mtypes[i], plural(mbstat.m_mtypes[i]), i); } - totmem = (mbpool.pr_npages * (unsigned long)page_size); + totmem = (mbpool.pr_npages * mbpool.pr_pgsize); totused = mbpool.pr_nout * mbpool.pr_size; for (i = 0; i < mclp; i++) { - printf("%u/%lu/%lu mbuf %d byte clusters in use (current/peak/max)\n", + printf("%u/%lu/%lu mbuf %d byte clusters in use" + " (current/peak/max)\n", mclpools[i].pr_nout, - (u_long)mclpools[i].pr_hiwat * mclpools[i].pr_itemsperpage, - (u_long)mclpools[i].pr_maxpages * mclpools[i].pr_itemsperpage, + (unsigned long) + (mclpools[i].pr_hiwat * mclpools[i].pr_itemsperpage), + (unsigned long) + (mclpools[i].pr_maxpages * mclpools[i].pr_itemsperpage), mclpools[i].pr_size); - totmem += (mclpools[i].pr_npages * (unsigned long)page_size); + totmem += (mclpools[i].pr_npages * mclpools[i].pr_pgsize); totused += mclpools[i].pr_nout * mclpools[i].pr_size; } - totpct = (totmem == 0)? 0 : (totused/(totmem / 100)); + totpct = (totmem == 0) ? 0 : (totused/(totmem / 100)); printf("%lu Kbytes allocated to network (%d%% in use)\n", totmem / 1024, totpct); printf("%lu requests for memory denied\n", mbstat.m_drops);
arpproxy() & global list of interfaces
In the IPv4 forwarding case your kernel checks if its is doing ARP proxy for the destination to decide if it needs to send an ICMP redirect msg. Currently arpproxy() does an iteration on the global list of interfaces. This will be not allowed as soon as we go SMP. This list MUST not be used in interrupt context. But this is actually not needed because if you add an ARP entry that matches one of your lladdr, with: # arp -s 204.1.2.3 00:90:27:bb:cc:dd pub The entry will be attached on the corresponding interface, so we can simplify the check as below. Ok? Index: netinet/if_ether.c === RCS file: /cvs/src/sys/netinet/if_ether.c,v retrieving revision 1.162 diff -u -p -r1.162 if_ether.c --- netinet/if_ether.c 19 Aug 2015 11:05:33 - 1.162 +++ netinet/if_ether.c 3 Sep 2015 08:59:30 - @@ -826,29 +826,24 @@ arplookup(u_int32_t addr, int create, in * Check whether we do proxy ARP for this address and we point to ourselves. */ int -arpproxy(struct in_addr in, u_int rdomain) +arpproxy(struct in_addr in, unsigned int rtableid) { + struct sockaddr_dl *sdl; struct rtentry *rt; - struct llinfo_arp *la; struct ifnet *ifp; int found = 0; - rt = arplookup(in.s_addr, 0, SIN_PROXY, rdomain); + rt = arplookup(in.s_addr, 0, SIN_PROXY, rtableid); if (rt == NULL) return (0); - la = ((struct llinfo_arp *)rt->rt_llinfo); - TAILQ_FOREACH(ifp, &ifnet, if_list) { - if (ifp->if_rdomain != rdomain) - continue; + sdl = (struct sockaddr_dl *)rt->rt_gateway; + if (sdl->sdl_alen != ETHER_ADDR_LEN) + return (0); - if (!memcmp(LLADDR((struct sockaddr_dl *)la->la_rt->rt_gateway), - LLADDR(ifp->if_sadl), - ETHER_ADDR_LEN)) { - found = 1; - break; - } - } + ifp = rt->rt_ifp; + if (!memcmp(LLADDR(sdl), LLADDR(ifp->if_sadl), sdl->sdl_alen)) + found = 1; return (found); } Index: netinet/if_ether.h === RCS file: /cvs/src/sys/netinet/if_ether.h,v retrieving revision 1.57 diff -u -p -r1.57 if_ether.h --- netinet/if_ether.h 23 Jun 2015 13:20:17 - 1.57 +++ netinet/if_ether.h 3 Sep 2015 08:59:30 - @@ -272,7 +280,7 @@ extern struct ifnet *revarp_ifp; #endif /* NFSCLIENT */ void arprequest(struct ifnet *, u_int32_t *, u_int32_t *, u_int8_t *); -int arpproxy(struct in_addr, u_int); +int arpproxy(struct in_addr, unsigned int); void revarpinput(struct mbuf *); void in_revarpinput(struct mbuf *); void revarprequest(struct ifnet *);
Re: [patch] do bulk reads with one transfer in ugen(4)
Hello Grant, On 01/09/15(Tue) 22:26, Grant Czajkowski wrote: > In ugen(4), bulk reads of length > UGEN_BBSIZE are split into > multiple transfers. This patch instead sends a single > transfer utilizing USBD_NO_COPY. Committed with one tweak below. Do not hesitate to elaborate *why* you'd like to see such change committed, it might not be obvious to all the tech@ readers ;) > @@ -541,14 +541,19 @@ ugen_do_read(struct ugen_softc *sc, int > xfer = usbd_alloc_xfer(sc->sc_udev); > if (xfer == 0) > return (ENOMEM); > - flags = USBD_SYNCHRONOUS; > + flags = USBD_SYNCHRONOUS | USBD_NO_COPY; > if (sce->state & UGEN_SHORT_OK) > flags |= USBD_SHORT_XFER_OK; > if (sce->timeout == 0) > flags |= USBD_CATCH; > - while ((n = min(UGEN_BBSIZE, uio->uio_resid)) != 0) { > + if ((n = uio->uio_resid) != 0) { > + buf = usbd_alloc_buffer(xfer, n); > + if (buf == 0) { I changed this into "if (buff == NULL)" since we compare pointers to NULL. I know that ugen(4) needs a bit of cleanup in this regard, feel free to convert them if you wish :)