Re: [armv7] introducing tipru(4)

2016-07-04 Thread Jonathan Gray 
On Tue, Jul 05, 2016 at 01:39:18AM -0400, Ian Sutton wrote:
> On Mon, Jul 4, 2016 at 10:30 PM, Jonathan Gray  wrote:
> > Lack of fdt use aside, we don't want to enable something that
> > allows userspace access to system memory like this.
> 
> I can understand this sentiment. Maybe next time..
> 
> Are you saying you are catagorically opposed to a PRU driver or just
> opposed to this driver in its current state?

I don't have time to look into how tied to the rest of the
system the pru is at the moment.

Perhaps it could only permit access at a particular securelevel
like gpio or be disabled by default.

Re: [armv7] introducing tipru(4)

2016-07-04 Thread Ian Sutton 
On Mon, Jul 4, 2016 at 10:30 PM, Jonathan Gray  wrote:
> Lack of fdt use aside, we don't want to enable something that
> allows userspace access to system memory like this.

I can understand this sentiment. Maybe next time..

Are you saying you are catagorically opposed to a PRU driver or just
opposed to this driver in its current state?

> There aren't any suser checks either.

I had checks to make certain fds were only granted to uid 0, but figured
they were redundant as MAKEDEV script sets permissions accomplishing the
same thing. 

> The toolchain to create code for it would be a port?

Yes, although it's just an assembler from TI. pasm currently compiles
sans modification & is released under an ISC-like license; it'd be
trivial to port.

https://github.com/beagleboard/am335x_pru_package/tree/master/pru_sw/utils/pasm_source

Ian

Re: ypbind: convert from select to poll

2016-07-04 Thread Jeremie Courreges-Anglas 
"Todd C. Miller"  writes:

> On Mon, 04 Jul 2016 14:45:57 +0200, Jeremie Courreges-Anglas wrote:
>
>> The two sockets we check for are SOCK_DGRAM sockets, I assumed that we
>> can't get POLLHUP on such sockets.  Wrong assumption?
>
> That should be fine then, you can only get POLLHUP for connection-oriented
> sockets.

Updated diff:
- ignore EINTR
- add a comment about POLLHUP, for people that could be tempted to copy
  the code.


Index: ypbind.c
===
RCS file: /cvs/src/usr.sbin/ypbind/ypbind.c,v
retrieving revision 1.66
diff -u -p -p -u -r1.66 ypbind.c
--- ypbind.c21 Mar 2016 00:49:36 -  1.66
+++ ypbind.c5 Jul 2016 05:30:51 -
@@ -53,6 +53,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define SERVERSDIR "/etc/yp"
 #define BINDINGDIR "/var/yp/binding"
@@ -336,10 +337,8 @@ main(int argc, char *argv[])
 {
char path[PATH_MAX];
struct sockaddr_in sin;
-   struct timeval tv;
-   fd_set *fdsrp = NULL;
-   int fdsrl = 0;
-   int width, lockfd, lsock;
+   struct pollfd *pfd = NULL;
+   int width = 0, lockfd, lsock;
socklen_t len;
int evil = 0, one = 1;
DIR *dirp;
@@ -530,44 +529,34 @@ main(int argc, char *argv[])
checkwork();
 
while (1) {
-   extern int __svc_fdsetsize;
-   extern void *__svc_fdset;
-
-   if (fdsrp == NULL || fdsrl != __svc_fdsetsize) {
-   free(fdsrp);
-
-   fdsrl = __svc_fdsetsize;
-   width = __svc_fdsetsize;
-   if (rpcsock > __svc_fdsetsize)
-   width = rpcsock;
-   if (pingsock > __svc_fdsetsize)
-   width = pingsock;
-   fdsrp = calloc(howmany(width+1, NFDBITS), 
sizeof(fd_mask));
-   if (fdsrp == NULL)
-   errx(1, "no memory");
-   }
-
-   bcopy(__svc_fdset, fdsrp, howmany(fdsrl+1, NFDBITS) *
-   sizeof(fd_mask));
-   FD_SET(rpcsock, fdsrp);
-   FD_SET(pingsock, fdsrp);
+   if (pfd == NULL || width != svc_max_pollfd + 2) {
+   width = svc_max_pollfd + 2;
+   pfd = reallocarray(pfd, width, sizeof *pfd);
+   if (pfd == NULL)
+   err(1, NULL);
+   }
 
-   tv.tv_sec = 1;
-   tv.tv_usec = 0;
+   pfd[0].fd = rpcsock;
+   pfd[0].events = POLLIN;
+   pfd[1].fd = pingsock;
+   pfd[1].events = POLLIN;
+   memcpy(pfd + 2, svc_pollfd, svc_max_pollfd);
 
-   switch (select(width+1, fdsrp, NULL, NULL, )) {
+   switch (poll(pfd, width, 1000)) {
case 0:
checkwork();
break;
case -1:
-   perror("select\n");
+   if (errno != EINTR)
+   perror("poll");
break;
default:
-   if (FD_ISSET(rpcsock, fdsrp))
+   /* No need to check for POLLHUP on UDP sockets. */
+   if (pfd[0].revents & POLLIN)
handle_replies();
-   if (FD_ISSET(pingsock, fdsrp))
+   if (pfd[1].revents & POLLIN)
handle_ping();
-   svc_getreqset2(fdsrp, width);
+   svc_getreq_poll(pfd + 2, svc_max_pollfd);
if (check)
checkwork();
break;

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: Stop mesa W^X violations

2016-07-04 Thread Jeremie Courreges-Anglas 
Mark Kettenis  writes:

>> From: j...@wxcvbn.org (Jeremie Courreges-Anglas)
>> Date: Mon, 27 Jun 2016 23:40:35 +0200
>> 
>> Mark Kettenis  writes:
>> 
>> > As reported by several people, mesa contains code that violates W^X.
>> > As a result glxgears aborts when using the swrast driver.  The diff
>> > below disables the offending code.  The code seems to deal the absence
>> > of W|X memory just fine.  There is a fallback path that is also used
>> > on SELinux systems.
>> >
>> > Note that the existing code would have worked just fine if mmap
>> > returned MAP_FAILED for W^X violations instead of terminating the
>> > program.  Not entirely sure what the long-term plans are.
>> 
>> [...]
>> 
>> 
>> The #ifdef excludes the definition of _mesa_exec_malloc and
>> _mesa_exec_free.
>> 
>>  xlock:/usr/X11R6/lib/modules/dri/i915_dri.so: undefined symbol 
>> '_mesa_exec_malloc'
>>  xlock:/usr/X11R6/lib/modules/dri/i915_dri.so: undefined symbol 
>> '_mesa_exec_free'
>>  libGL error: unable to load driver: i915_dri.so
>>  libGL error: driver pointer missing
>>  libGL error: failed to load driver: i915
>
> New diff that should fix this.

ok jca@

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: libc: simplify devname() fallback

2016-07-04 Thread Philip Guenther 
On Wed, 29 Jun 2016, Todd C. Miller wrote:
> On Wed, 29 Jun 2016 07:05:15 -0600, "Todd C. Miller" wrote:
> > Don't you need to make a copy of dp->d_name?  Returning dp->d_name
> > after closedir() seems dangerous.
> 
> Since closedir() frees dd_buf this would result in a user after free.

Yep.  Too much programming in a garbage collected language recently, I 
guess.  :-)

Revised diff below.

Philip Guenther

Index: gen/devname.c
===
RCS file: /data/src/openbsd/src/lib/libc/gen/devname.c,v
retrieving revision 1.12
diff -u -p -r1.12 devname.c
--- gen/devname.c   13 Sep 2015 08:31:47 -  1.12
+++ gen/devname.c   5 Jul 2016 05:20:49 -
@@ -37,14 +37,13 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 
 static char *
 devname_nodb(dev_t dev, mode_t type)
 {
-   static char buf[sizeof(_PATH_DEV) + NAME_MAX];
+   static char buf[NAME_MAX + 1];
char *name = NULL;
struct dirent *dp;
struct stat sb;
@@ -52,19 +51,14 @@ devname_nodb(dev_t dev, mode_t type)
 
if ((dirp = opendir(_PATH_DEV)) == NULL)
return (NULL);
-   if (strlcpy(buf, _PATH_DEV, sizeof(buf)) >= sizeof(buf))
-   return (NULL);
while ((dp = readdir(dirp)) != NULL) {
if (dp->d_type != DT_UNKNOWN && DTTOIF(dp->d_type) != type)
continue;
-   buf[sizeof(_PATH_DEV) - 1] = '\0';
-   if (strlcat(buf, dp->d_name, sizeof(buf)) >= sizeof(buf))
-   continue;
-   if (lstat(buf, ) == -1)
-   continue;
-   if (sb.st_rdev != dev || (sb.st_mode & S_IFMT) != type)
+   if (fstatat(dirfd(dirp), dp->d_name, , AT_SYMLINK_NOFOLLOW)
+   || sb.st_rdev != dev || (sb.st_mode & S_IFMT) != type)
continue;
-   name = buf + sizeof(_PATH_DEV) - 1;
+   strlcpy(buf, dp->d_name, sizeof(buf));
+   name = buf;
break;
}
closedir(dirp);

Re: libc: simplify devname() fallback

2016-07-04 Thread Philip Guenther 
On Wed, 29 Jun 2016, Marc Espie wrote:
> On Tue, Jun 28, 2016 at 09:46:30PM -0700, Philip Guenther wrote:
> > Inspired by espie@'s ttyname.c diff, here's a simplification of libc's 
> > fallback-to-scanning-/dev code for devname().  Since devname() returns 
> > the "name under /dev", this eliminates the string manipulation == win!
> > 
> > Works when tested with "stat -Lf %Sr" on a symlink to a device with 
> > /var/run/dev.db chmoded to 600.
> 
> Looks good.
> One remark below
...
> > -#include 
> >  #include 
> > +#include 
>
> Why not keep them sorted ?  The fact that stat.h will include types.h
> is an implementation detail

I was going to say that general style seems to be that if you include 
 (or ) to make it the first of the sys/* 
#includes.  But a check of style(9) shows that while that may be a general 
habit, it ain't codified.

/me shrugs and puts them back into their current order

Re: libcrypto: fix BN_mod_word bug

2016-07-04 Thread Bob Beck 

ok beck@, with an appropriate commit message

On Mon, Jul 04, 2016 at 06:59:28PM -0500, Brent Cook wrote:
> I copied some of the commit text here from BoringSSL, but it's wrong for 
> LibreSSL it seems.
> 
> BN_ULLONG is not defined on all 64-bit systems as far as I can tell. So, this 
> fix is more widely applicable than Win64 for LibreSSL.
> 
> Any comments?
> 
>  - Brent
> 
> > On Jun 30, 2016, at 8:40 AM, Brent Cook  wrote:
> > 
> > On systems where we do not have BN_ULLONG (notably Win64), BN_mod_word()
> > can return incorrect results if the supplied modulus is too big.
> > 
> > Note now that BN_mod_word may fail, like BN_div_word. Handle this
> > properly and document in the man page.
> > 
> > Thanks to Brian Smith for pointing out these fixes from BoringSSL:
> > 
> > https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89
> > https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be
> > 
> > diff --git a/src/lib/libcrypto/man/BN_add_word.3 
> > b/src/lib/libcrypto/man/BN_add_word.3
> > index eb5874a..66fdc0a 100644
> > --- a/src/lib/libcrypto/man/BN_add_word.3
> > +++ b/src/lib/libcrypto/man/BN_add_word.3
> > @@ -75,7 +75,8 @@ returns the remainder of
> > .Fa a
> > divided by
> > .Fa w
> > -.Pq Li a%w .
> > +.Pq Li a%w
> > +or (BN_ULONG)-1 on error.
> > .Pp
> > For
> > .Fn BN_div_word
> > diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.c 
> > b/src/lib/libssl/src/crypto/bn/bn_prime.c
> > index 09af6a1..1dd0153 100644
> > --- a/src/lib/libssl/src/crypto/bn/bn_prime.c
> > +++ b/src/lib/libssl/src/crypto/bn/bn_prime.c
> > @@ -277,9 +277,13 @@ BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, 
> > BN_CTX *ctx_passed,
> > /* a is even => a is prime if and only if a == 2 */
> > return BN_is_word(a, 2);
> > if (do_trial_division) {
> > -   for (i = 1; i < NUMPRIMES; i++)
> > -   if (BN_mod_word(a, primes[i]) == 0)
> > +   for (i = 1; i < NUMPRIMES; i++) {
> > +   BN_ULONG mod = BN_mod_word(a, primes[i]);
> > +   if (mod == (BN_ULONG)-1)
> > +   goto err;
> > +   if (mod == 0)
> > return 0;
> > +   }
> > if (!BN_GENCB_call(cb, 1, -1))
> > goto err;
> > }
> > @@ -398,8 +402,12 @@ again:
> > if (!BN_rand(rnd, bits, 1, 1))
> > return (0);
> > /* we now have a random number 'rand' to test. */
> > -   for (i = 1; i < NUMPRIMES; i++)
> > -   mods[i] = (prime_t)BN_mod_word(rnd, (BN_ULONG)primes[i]);
> > +   for (i = 1; i < NUMPRIMES; i++) {
> > +   BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
> > +   if (mod == (BN_ULONG)-1)
> > +   return (0);
> > +   mods[i] = (prime_t)mod;
> > +   }
> > maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
> > delta = 0;
> > loop:
> > @@ -452,7 +460,10 @@ probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM 
> > *add, const BIGNUM *rem,
> > loop:
> > for (i = 1; i < NUMPRIMES; i++) {
> > /* check that rnd is a prime */
> > -   if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
> > +   BN_LONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
> > +   if (mod == (BN_ULONG)-1)
> > +   goto err;
> > +   if (mod <= 1) {
> > if (!BN_add(rnd, rnd, add))
> > goto err;
> > goto loop;
> > @@ -514,8 +525,11 @@ loop:
> > /* check that p and q are prime */
> > /* check that for p and q
> >  * gcd(p-1,primes) == 1 (except for 2) */
> > -   if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
> > -   (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
> > +   BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
> > +   BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
> > +   if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
> > +   goto err;
> > +   if (pmod == 0 || qmod == 0) {
> > if (!BN_add(p, p, padd))
> > goto err;
> > if (!BN_add(q, q, qadd))
> > diff --git a/src/lib/libssl/src/crypto/bn/bn_word.c 
> > b/src/lib/libssl/src/crypto/bn/bn_word.c
> > index 897b06d..acc7032 100644
> > --- a/src/lib/libssl/src/crypto/bn/bn_word.c
> > +++ b/src/lib/libssl/src/crypto/bn/bn_word.c
> > @@ -73,6 +73,20 @@ BN_mod_word(const BIGNUM *a, BN_ULONG w)
> > if (w == 0)
> > return (BN_ULONG) - 1;
> > 
> > +#ifndef BN_ULLONG
> > +   /* If |w| is too long and we don't have |BN_ULLONG| then we need to 
> > fall back
> > +   * to using |BN_div_word|. */
> > +   if (w > ((BN_ULONG)1 << BN_BITS4)) {
> > +   BIGNUM *tmp = BN_dup(a);
> > +   if (tmp == NULL) {
> > +   return (BN_ULONG)-1;
> > +   }
> > +

Re: ioctl.2: minor doc clarification

2016-07-04 Thread Theo de Raadt 
Incorrect.

It is up to the in-kernel ioctl code for each fd (decides subsystem)
and command to decide what it means.  Quite a few of them do take int.

Anways, I'll quote POSIX:

The arg argument represents additional information that is needed by
this specific STREAMS device to perform the requested function. The
type of arg depends upon the particular control request, but it shall
be either an integer or a pointer to a device-specific data structure.
  ^^

> ioctl param is always a pointer, previous wording implied int literal
> could be passed (results in EFAULT)
> 
> 
> Index: ioctl.2
> ===
> RCS file: /cvs/src/lib/libc/sys/ioctl.2,v
> retrieving revision 1.18
> diff -u -p -r1.18 ioctl.2
> --- ioctl.2   27 Jun 2014 21:06:33 -  1.18
> +++ ioctl.2   5 Jul 2016 00:12:27 -
> @@ -60,7 +60,7 @@ to perform the requested function.
>  .Fa arg
>  is either an
>  .Li int
> -or a pointer to a device-specific data structure, depending upon
> +pointer or a pointer to a device-specific data structure, depending upon
>  the given
>  .Fa request .
>  .Pp
>

improve wsmouse_matching

2016-07-04 Thread Ulf Brosziewski 
The diff below adds a little improvement to the wsmouse_matching
function, which is the core of the MT tracking mechanism in wsmouse.

Sadly, that mechanism isn't in use up to now, but this also means
that OKs are riskless ;-)

With small matrices - roughly, of orders up to 300 or 400 - and most
kinds of input, the current version is faster than the alternatives that
I tested some time ago. The tests included two clean and compact O(n^3)
implementations of the "Hungarian Method" as well as the Linux
equivalent of the matching function (find_reduced_matrix in input_mt.c).
The input types were random data in various ranges, "Machol-Wien" data,
and geometric data (the type that is relevant for wsmouse).

It might not matter in wsmouse, but the current version doesn't perform
well if the range and variation of the matrix values is very small, and
matrices filled with equal values belong to the worst-case inputs. To a
large extent, this is due to a flaw of the implementation; it may
trigger superfluous searches. The change below removes this defect.

OK?

Index: dev/wscons/wsmouse.c
===
RCS file: /cvs/src/sys/dev/wscons/wsmouse.c,v
retrieving revision 1.30
diff -u -p -r1.30 wsmouse.c
--- dev/wscons/wsmouse.c6 Jun 2016 22:32:47 -   1.30
+++ dev/wscons/wsmouse.c4 Jul 2016 23:15:58 -
@@ -1125,11 +1125,13 @@ wsmouse_matching(int *matrix, int m, int
for (; p < alt; *p++ = 0) {}
for (col = 0; col < n; col++) {
delta = INT_MAX;
-   for (i = 0, p = matrix + col; i < m; i++, p += n)
-   if ((d = *p - red[i]) <= delta) {
+   for (i = 0, p = matrix + col; i < m; i++, p += n) {
+   d = *p - red[i];
+   if (d < delta || (d == delta && r2c[i] < 0)) {
delta = d;
row = i;
}
+   }
cd[col] = delta;
if (r2c[row] < 0) {
r2c[row] = col;
@@ -1151,7 +1153,8 @@ wsmouse_matching(int *matrix, int m, int
mc[i] = j;
}
d -= red[i];
-   if (d <= delta) {
+   if (d < delta || (d == delta
+   && r2c[i] < 0)) {
delta = d;
row = i;
}

Re: libcrypto: fix BN_mod_word bug

2016-07-04 Thread Brent Cook 
I copied some of the commit text here from BoringSSL, but it's wrong for 
LibreSSL it seems.

BN_ULLONG is not defined on all 64-bit systems as far as I can tell. So, this 
fix is more widely applicable than Win64 for LibreSSL.

Any comments?

 - Brent

> On Jun 30, 2016, at 8:40 AM, Brent Cook  wrote:
> 
> On systems where we do not have BN_ULLONG (notably Win64), BN_mod_word()
> can return incorrect results if the supplied modulus is too big.
> 
> Note now that BN_mod_word may fail, like BN_div_word. Handle this
> properly and document in the man page.
> 
> Thanks to Brian Smith for pointing out these fixes from BoringSSL:
> 
> https://boringssl.googlesource.com/boringssl/+/67cb49d045f04973ddba0f92fe8a8ad483c7da89
> https://boringssl.googlesource.com/boringssl/+/44bedc348d9491e63c7ed1438db100a4b8a830be
> 
> diff --git a/src/lib/libcrypto/man/BN_add_word.3 
> b/src/lib/libcrypto/man/BN_add_word.3
> index eb5874a..66fdc0a 100644
> --- a/src/lib/libcrypto/man/BN_add_word.3
> +++ b/src/lib/libcrypto/man/BN_add_word.3
> @@ -75,7 +75,8 @@ returns the remainder of
> .Fa a
> divided by
> .Fa w
> -.Pq Li a%w .
> +.Pq Li a%w
> +or (BN_ULONG)-1 on error.
> .Pp
> For
> .Fn BN_div_word
> diff --git a/src/lib/libssl/src/crypto/bn/bn_prime.c 
> b/src/lib/libssl/src/crypto/bn/bn_prime.c
> index 09af6a1..1dd0153 100644
> --- a/src/lib/libssl/src/crypto/bn/bn_prime.c
> +++ b/src/lib/libssl/src/crypto/bn/bn_prime.c
> @@ -277,9 +277,13 @@ BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, 
> BN_CTX *ctx_passed,
>   /* a is even => a is prime if and only if a == 2 */
>   return BN_is_word(a, 2);
>   if (do_trial_division) {
> - for (i = 1; i < NUMPRIMES; i++)
> - if (BN_mod_word(a, primes[i]) == 0)
> + for (i = 1; i < NUMPRIMES; i++) {
> + BN_ULONG mod = BN_mod_word(a, primes[i]);
> + if (mod == (BN_ULONG)-1)
> + goto err;
> + if (mod == 0)
>   return 0;
> + }
>   if (!BN_GENCB_call(cb, 1, -1))
>   goto err;
>   }
> @@ -398,8 +402,12 @@ again:
>   if (!BN_rand(rnd, bits, 1, 1))
>   return (0);
>   /* we now have a random number 'rand' to test. */
> - for (i = 1; i < NUMPRIMES; i++)
> - mods[i] = (prime_t)BN_mod_word(rnd, (BN_ULONG)primes[i]);
> + for (i = 1; i < NUMPRIMES; i++) {
> + BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
> + if (mod == (BN_ULONG)-1)
> + return (0);
> + mods[i] = (prime_t)mod;
> + }
>   maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
>   delta = 0;
> loop:
> @@ -452,7 +460,10 @@ probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM 
> *add, const BIGNUM *rem,
> loop:
>   for (i = 1; i < NUMPRIMES; i++) {
>   /* check that rnd is a prime */
> - if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
> + BN_LONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
> + if (mod == (BN_ULONG)-1)
> + goto err;
> + if (mod <= 1) {
>   if (!BN_add(rnd, rnd, add))
>   goto err;
>   goto loop;
> @@ -514,8 +525,11 @@ loop:
>   /* check that p and q are prime */
>   /* check that for p and q
>* gcd(p-1,primes) == 1 (except for 2) */
> - if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
> - (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
> + BN_ULONG pmod = BN_mod_word(p, (BN_ULONG)primes[i]);
> + BN_ULONG qmod = BN_mod_word(q, (BN_ULONG)primes[i]);
> + if (pmod == (BN_ULONG)-1 || qmod == (BN_ULONG)-1)
> + goto err;
> + if (pmod == 0 || qmod == 0) {
>   if (!BN_add(p, p, padd))
>   goto err;
>   if (!BN_add(q, q, qadd))
> diff --git a/src/lib/libssl/src/crypto/bn/bn_word.c 
> b/src/lib/libssl/src/crypto/bn/bn_word.c
> index 897b06d..acc7032 100644
> --- a/src/lib/libssl/src/crypto/bn/bn_word.c
> +++ b/src/lib/libssl/src/crypto/bn/bn_word.c
> @@ -73,6 +73,20 @@ BN_mod_word(const BIGNUM *a, BN_ULONG w)
>   if (w == 0)
>   return (BN_ULONG) - 1;
> 
> +#ifndef BN_ULLONG
> + /* If |w| is too long and we don't have |BN_ULLONG| then we need to 
> fall back
> + * to using |BN_div_word|. */
> + if (w > ((BN_ULONG)1 << BN_BITS4)) {
> + BIGNUM *tmp = BN_dup(a);
> + if (tmp == NULL) {
> + return (BN_ULONG)-1;
> + }
> + ret = BN_div_word(tmp, w);
> + BN_free(tmp);
> + return ret;
> + }
> +#endif
> +
>   bn_check_top(a);
>   w &= BN_MASK2;
>   for (i = a->top - 1; i >= 0; i--) {
> diff --git

Re: Stop mesa W^X violations

2016-07-04 Thread Mark Kettenis 
> From: j...@wxcvbn.org (Jeremie Courreges-Anglas)
> Date: Mon, 27 Jun 2016 23:40:35 +0200
> 
> Mark Kettenis  writes:
> 
> > As reported by several people, mesa contains code that violates W^X.
> > As a result glxgears aborts when using the swrast driver.  The diff
> > below disables the offending code.  The code seems to deal the absence
> > of W|X memory just fine.  There is a fallback path that is also used
> > on SELinux systems.
> >
> > Note that the existing code would have worked just fine if mmap
> > returned MAP_FAILED for W^X violations instead of terminating the
> > program.  Not entirely sure what the long-term plans are.
> 
> [...]
> 
> 
> The #ifdef excludes the definition of _mesa_exec_malloc and
> _mesa_exec_free.
> 
>  xlock:/usr/X11R6/lib/modules/dri/i915_dri.so: undefined symbol 
> '_mesa_exec_malloc'
>  xlock:/usr/X11R6/lib/modules/dri/i915_dri.so: undefined symbol 
> '_mesa_exec_free'
>  libGL error: unable to load driver: i915_dri.so
>  libGL error: driver pointer missing
>  libGL error: failed to load driver: i915

New diff that should fix this.


Index: src/gallium/auxiliary/rtasm/rtasm_execmem.c
===
RCS file: /cvs/xenocara/lib/mesa/src/gallium/auxiliary/rtasm/rtasm_execmem.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 rtasm_execmem.c
--- src/gallium/auxiliary/rtasm/rtasm_execmem.c 22 Nov 2015 02:43:24 -  
1.1.1.1
+++ src/gallium/auxiliary/rtasm/rtasm_execmem.c 4 Jul 2016 21:38:46 -
@@ -69,6 +69,16 @@ static struct mem_block *exec_heap = NUL
 static unsigned char *exec_mem = NULL;
 
 
+#ifdef __OpenBSD__
+
+static int
+init_heap(void)
+{
+   return 0;
+}
+
+#else
+
 static int
 init_heap(void)
 {
@@ -82,6 +92,8 @@ init_heap(void)
 
return (exec_mem != MAP_FAILED);
 }
+
+#endif
 
 
 void *
Index: src/mapi/u_execmem.c
===
RCS file: /cvs/xenocara/lib/mesa/src/mapi/u_execmem.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 u_execmem.c
--- src/mapi/u_execmem.c22 Nov 2015 02:45:44 -  1.1.1.1
+++ src/mapi/u_execmem.c4 Jul 2016 21:38:48 -
@@ -45,8 +45,15 @@ static unsigned int head = 0;
 
 static unsigned char *exec_mem = (unsigned char *)0;
 
+#if defined(__OpenBSD__)
 
-#if defined(__linux__) || defined(__OpenBSD__) || defined(_NetBSD__) || 
defined(__sun) || defined(__HAIKU__)
+static int
+init_map(void)
+{
+  return 0;
+}
+
+#elif defined(__linux__) || defined(_NetBSD__) || defined(__sun) || 
defined(__HAIKU__)
 
 #include 
 #include 
Index: src/mesa/main/execmem.c
===
RCS file: /cvs/xenocara/lib/mesa/src/mesa/main/execmem.c,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 execmem.c
--- src/mesa/main/execmem.c 22 Nov 2015 02:39:37 -  1.1.1.1
+++ src/mesa/main/execmem.c 4 Jul 2016 21:38:48 -
@@ -36,7 +36,20 @@
 
 
 
-#if defined(__linux__) || defined(__OpenBSD__) || defined(_NetBSD__) || 
defined(__sun) || defined(__HAIKU__)
+#if defined(__OpenBSD__)
+
+void *
+_mesa_exec_malloc(GLuint size)
+{
+   return NULL;
+}
+
+void
+_mesa_exec_free(void *addr)
+{
+}
+
+#elif defined(__linux__) || defined(_NetBSD__) || defined(__sun) || 
defined(__HAIKU__)
 
 /*
  * Allocate a large block of memory which can hold code then dole it out

Re: xdm halt & reboot buttons

2016-07-04 Thread Alexander Hall 


On July 4, 2016 11:06:28 PM GMT+02:00, Alexander Hall  
wrote:
> 
>
>On July 4, 2016 5:51:06 PM GMT+02:00, Bob Beck 
>wrote:
>>>
>>> Thinking of it again, you could possibly just use the action
>>arguments for
>>> a more generic "execute-program" action.
>>>
>>
>>Ahhh.. are you insane? The way you get a generic "execute program"
>>action is to LOG IN TO THE DAMN MACHINE!
>
>Heh, I think I need to clarify myself, in that what I'm talking about
>is probably not obvious unless you actually read the code (if even
>then).
>
>The "generic" action would be how to internally solve adding the
>required functionality and bind it to a key or two. It would not be
>configurable by the user, but could be used by an admin to add any
>pre-authentication 

pre-authentication *action or command*

> he or she wishes, be it halt -p, zzz or *shrug*
>uptime. 
>
>That said, maybe this is handing out more than a reasonable amount of
>rope and ammo for hurting the system. 
>
>/Alexander 
>
>>
>>Why don't you guys just make an option so someone can set up their
>>machine to auto-log-in to the xdm without
>>a password - that gives you all the functionality people have
>>obviously been clamouring for in 30 years of unix
>>so that it can be exactly like Windows 95.

Re: xdm halt & reboot buttons

2016-07-04 Thread Alexander Hall 
 

On July 4, 2016 5:51:06 PM GMT+02:00, Bob Beck  wrote:
>>
>> Thinking of it again, you could possibly just use the action
>arguments for
>> a more generic "execute-program" action.
>>
>
>Ahhh.. are you insane? The way you get a generic "execute program"
>action is to LOG IN TO THE DAMN MACHINE!

Heh, I think I need to clarify myself, in that what I'm talking about is 
probably not obvious unless you actually read the code (if even then).

The "generic" action would be how to internally solve adding the required 
functionality and bind it to a key or two. It would not be configurable by the 
user, but could be used by an admin to add any pre-authentication he or she 
wishes, be it halt -p, zzz or *shrug* uptime. 

That said, maybe this is handing out more than a reasonable amount of rope and 
ammo for hurting the system. 

/Alexander 

>
>Why don't you guys just make an option so someone can set up their
>machine to auto-log-in to the xdm without
>a password - that gives you all the functionality people have
>obviously been clamouring for in 30 years of unix
>so that it can be exactly like Windows 95.

Re: does true.c need command line arguments?

2016-07-04 Thread Theo de Raadt 
> On 2016-07-04 22:17, Theo de Raadt wrote:
> > Absolutely no way for your change.
> > 
> > It is correct.
> > 
> >> I'm just wondering if true.c does really need int argc and char 
> >> *argv[]
> >> rather than void (src/usr.bin/true/true.c), if not:
> >> 
> >> Index: true.c
> >> ===
> >> RCS file: /cvs/src/usr.bin/true/true.c,v
> >> retrieving revision 1.1
> >> diff -r1.1 true.c
> >> 6c6
> >> < main(int argc, char *argv[])
> >> ---
> >> > main(void)
> >> 
> 
> I didn't get it, could you explain why the main function should have 
> these arguments since the program does not have to parse command line 
> arguments?

Because main() is specified to take those arguments.

And also... because your proposal fixes absolutely nothing.

Re: does true.c need command line arguments?

2016-07-04 Thread Theo de Raadt 
Absolutely no way for your change.

It is correct.

> I'm just wondering if true.c does really need int argc and char *argv[] 
> rather than void (src/usr.bin/true/true.c), if not:
> 
> Index: true.c
> ===
> RCS file: /cvs/src/usr.bin/true/true.c,v
> retrieving revision 1.1
> diff -r1.1 true.c
> 6c6
> < main(int argc, char *argv[])
> ---
> > main(void)
>

does true.c need command line arguments?

2016-07-04 Thread Ali H. Fardan 
I'm just wondering if true.c does really need int argc and char *argv[] 
rather than void (src/usr.bin/true/true.c), if not:


Index: true.c
===
RCS file: /cvs/src/usr.bin/true/true.c,v
retrieving revision 1.1
diff -r1.1 true.c
6c6
< main(int argc, char *argv[])
---

main(void)

Re: ypbind: convert from select to poll

2016-07-04 Thread Todd C. Miller 
On Mon, 04 Jul 2016 14:45:57 +0200, Jeremie Courreges-Anglas wrote:

> The two sockets we check for are SOCK_DGRAM sockets, I assumed that we
> can't get POLLHUP on such sockets.  Wrong assumption?

That should be fine then, you can only get POLLHUP for connection-oriented
sockets.

 - todd

Re: xdm halt & reboot buttons

2016-07-04 Thread Bob Beck 
I mean, in all seriousness, what you want to do is probably more
safely accomplished by having a way for the "owner"
of the machine to configure it to just log them in without a password,
and then pop a program like xlock that locks their
screen and presents the hibernate suspend and other such bullshit buttons.

It would be safer than you guys trying to screw around and do this as
root and dropping to someone-but-not-the-logged-in-user

I'd never use it.. I think you're nuts. but at least then you aren't
trying to make a security sensitive program that has one
job (log the damn user in) become a swiss-army-clusterfuck


On Mon, Jul 4, 2016 at 9:51 AM, Bob Beck  wrote:
>>
>> Thinking of it again, you could possibly just use the action arguments for
>> a more generic "execute-program" action.
>>
>
> Ahhh.. are you insane? The way you get a generic "execute program"
> action is to LOG IN TO THE DAMN MACHINE!
>
> Why don't you guys just make an option so someone can set up their
> machine to auto-log-in to the xdm without
> a password - that gives you all the functionality people have
> obviously been clamouring for in 30 years of unix
> so that it can be exactly like Windows 95.

Re: xdm halt & reboot buttons

2016-07-04 Thread Theo de Raadt 
> On Mon, Jul 4, 2016 at 6:42 AM, Craig Skinner  wrote:
> > On 2016-07-02 Sat 11:21 AM |, Bob Beck wrote:
> >> On Saturday, 2 July 2016, Craig Skinner  wrote:
> >> >
> >> > xmessage is now run as '_x11', shutdown as 'operator', and the status
> >> > items as 'nobody'. Only user _x11's xmessage windows are pkilled.
> >> >
> >>
> >> Do not use nobody.
> >>
> >> that is a very bad practice.  may as well call nobody NFS.
> >>
> >
> > Thanks Bob;- user 'nobody' nuked & replaced by 'operator'.
> 
> 
> That's probably not better - now a bug in xdm can read your raw
> disks..  You need to rethink this

EXACTLY.

Craig, you are taking a program which should run with less privilege;
but because you want features, you are creating a worst-case scenario
that is very dangerous.

Re: IPv6 forwarding path without KERNEL_LOCK

2016-07-04 Thread Alexander Bluhm 
On Mon, Jul 04, 2016 at 01:03:22PM +0200, Martin Pieuchot wrote:
> + if (ip6_hbhchcheck(m, , , )) {
> + if_put(ifp);
> + return; /* m have already been freed */
>   }

As ip6_hbhchcheck() does ip6 = mtod(m, struct ip6_hdr *) after
ip6_hopopts_input() you have to add this here, too.

/* adjust pointer */
ip6 = mtod(m, struct ip6_hdr *);

> +int
> +ip6_hbhchcheck(struct mbuf *m, int *offp, int *nxtp, int *oursp)
> +{
> + struct ip6_hdr *ip6;
> + u_int32_t plen, rtalert = ~0;
> + int ours, off, nxt;

ours may be used uninitialized.

> + *offp = off;
> + *nxtp = nxt;
> + *oursp = ours;

I would prefer to use the passed values as *off, *nxt, *ours directly
than to use another set of local variables.  This also fixes
initialization problem.

bluhm

Re: Expand IN6_IFF_NOTREADY

2016-07-04 Thread Alexander Bluhm 
On Mon, Jul 04, 2016 at 01:12:24PM +0200, Martin Pieuchot wrote:
> I find IPv6 address states (flags) really hard to follow.  This macro
> doesn't seem to help as it is not always used.  I'd like to get rid of
> it, any concern?

OK bluhm@

> 
> After applying this diff you'll see that some patterns appear and they
> make me wonder, are some IN6_IFF_DETACHED missing?
> 
> Index: netinet6/icmp6.c
> ===
> RCS file: /cvs/src/sys/netinet6/icmp6.c,v
> retrieving revision 1.185
> diff -u -p -r1.185 icmp6.c
> --- netinet6/icmp6.c  29 Mar 2016 11:57:51 -  1.185
> +++ netinet6/icmp6.c  4 Jul 2016 11:06:29 -
> @@ -1229,13 +1229,14 @@ icmp6_reflect(struct mbuf *m, size_t off
>   /*
>* If the incoming packet was addressed directly to us (i.e. unicast),
>* use dst as the src for the reply.
> -  * The IN6_IFF_NOTREADY case would be VERY rare, but is possible
> -  * (for example) when we encounter an error while forwarding procedure
> -  * destined to a duplicated address of ours.
> +  * The IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED case would be VERY rare,
> +  * but is possible (for example) when we encounter an error while
> +  * forwarding procedure destined to a duplicated address of ours.
>*/
>   TAILQ_FOREACH(ia6, _ifaddr, ia_list)
>   if (IN6_ARE_ADDR_EQUAL(, >ia_addr.sin6_addr) &&
> - (ia6->ia6_flags & (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY)) == 0) 
> {
> + (ia6->ia6_flags & (IN6_IFF_ANYCAST|IN6_IFF_TENTATIVE|
> + IN6_IFF_DUPLICATED)) == 0) {
>   src = 
>   break;
>   }
> @@ -1621,9 +1622,8 @@ icmp6_redirect_output(struct mbuf *m0, s
>   {
>   /* get ip6 linklocal address for ifp(my outgoing interface). */
>   struct in6_ifaddr *ia6;
> - if ((ia6 = in6ifa_ifpforlinklocal(ifp,
> -  IN6_IFF_NOTREADY|
> -  IN6_IFF_ANYCAST)) == NULL)
> + if ((ia6 = in6ifa_ifpforlinklocal(ifp, IN6_IFF_TENTATIVE|
> + IN6_IFF_DUPLICATED|IN6_IFF_ANYCAST)) == NULL)
>   goto fail;
>   ifp_ll6 = >ia_addr.sin6_addr;
>   }
> Index: netinet6/in6.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6.c,v
> retrieving revision 1.187
> diff -u -p -r1.187 in6.c
> --- netinet6/in6.c13 Jun 2016 10:34:40 -  1.187
> +++ netinet6/in6.c4 Jul 2016 11:06:29 -
> @@ -1637,7 +1637,8 @@ in6_ifawithscope(struct ifnet *oifp, str
>* Don't use an address before completing DAD
>* nor a duplicated address.
>*/
> - if (ifatoia6(ifa)->ia6_flags & IN6_IFF_NOTREADY)
> + if (ifatoia6(ifa)->ia6_flags &
> + (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
>   continue;
>  
>   /* XXX: is there any case to allow anycasts? */
> Index: netinet6/in6_pcb.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6_pcb.c,v
> retrieving revision 1.92
> diff -u -p -r1.92 in6_pcb.c
> --- netinet6/in6_pcb.c11 Apr 2016 21:24:29 -  1.92
> +++ netinet6/in6_pcb.c4 Jul 2016 11:06:29 -
> @@ -208,9 +208,8 @@ in6_pcbaddrisavail(struct inpcb *inp, st
>* flag to control the bind(2) behavior against
>* deprecated addresses (default: forbid bind(2)).
>*/
> - if (ifa &&
> - ifatoia6(ifa)->ia6_flags &
> - (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED))
> + if (ifa && ifatoia6(ifa)->ia6_flags & (IN6_IFF_ANYCAST|
> + IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED|IN6_IFF_DETACHED))
>   return (EADDRNOTAVAIL);
>   }
>   if (lport) {
> Index: netinet6/in6_src.c
> ===
> RCS file: /cvs/src/sys/netinet6/in6_src.c,v
> retrieving revision 1.74
> diff -u -p -r1.74 in6_src.c
> --- netinet6/in6_src.c30 Jun 2016 12:36:27 -  1.74
> +++ netinet6/in6_src.c4 Jul 2016 11:06:29 -
> @@ -130,8 +130,8 @@ in6_selectsrc(struct in6_addr **in6src, 
>   if_put(ifp); /* put reference from in6_selectif */
>  
>   ia6 = ifatoia6(ifa_ifwithaddr(sin6tosa(), rtableid));
> - if (ia6 == NULL ||
> - (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY)))
> + if (ia6 == NULL || (ia6->ia6_flags &
> +  (IN6_IFF_ANYCAST|IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)))
>   return (EADDRNOTAVAIL);
>  
>   pi->ipi6_addr = sa6.sin6_addr; /* XXX: this overrides pi */

Re: ypbind: convert from select to poll

2016-07-04 Thread Jeremie Courreges-Anglas 
"Todd C. Miller"  writes:

> On Mon, 04 Jul 2016 12:43:12 +0200, Jeremie Courreges-Anglas wrote:
>
>> Showing this to a wider audience,
>> 
>> This was initially prompted by a diff to replace calloc with
>> reallocarray.  As noted by guenther, there is a problem with the
>> comparisons between width, rpcsock and pingsock; this, plus the fd_set
>> allocation inconvenience would be easily fixed by moving from select to
>> poll.
>> 
>> I do not use YP so tests are more than welcome.
>
> You need to check POLLHUP as well as POLLIN.

The two sockets we check for are SOCK_DGRAM sockets, I assumed that we
can't get POLLHUP on such sockets.  Wrong assumption?

> It would also be
> good to handle EINTR.

ack

-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: xdm halt & reboot buttons

2016-07-04 Thread Craig Skinner 
On 2016-07-02 Sat 11:21 AM |, Bob Beck wrote:
> On Saturday, 2 July 2016, Craig Skinner  wrote:
> >
> > xmessage is now run as '_x11', shutdown as 'operator', and the status
> > items as 'nobody'. Only user _x11's xmessage windows are pkilled.
> >
> 
> Do not use nobody.
> 
> that is a very bad practice.  may as well call nobody NFS.
> 

Thanks Bob;- user 'nobody' nuked & replaced by 'operator'.

Anything else to get sorted?

--- /etc/X11/xdm/Xsetup_0   2016/06/28 14:20:18 1.1
+++ /etc/X11/xdm/Xsetup_0   2016/07/04 13:20:56
@@ -1,8 +1,51 @@
 #!/bin/sh
-# $OpenBSD: Xsetup_0,v 1.1 2016/06/28 13:20:18 craig Exp $
+# $OpenBSD: Xsetup_0,v 1.17 2016/07/04 12:23:59 craig Exp $
+
+# Convenience GUI button items:
+alias su_x11='su -s /bin/sh _x11 -c'
+alias su_optr='su -s /bin/sh operator -c'
+
+function _xdm_machine_shutdown
+{
+   su_x11 "xmessage -geometry +0+0 -buttons 'Shutdown:20,Reboot:21' ' 
Machine:'"
+   case $? in
+   20)
+   su_optr "shutdown -hp now 'xdm login screen'"
+   ;;
+   21)
+   su_optr "shutdown -r now 'xdm login screen'"
+   ;;
+   esac
+}
+
+function _xdm_machine_status
+{
+   while true
+   do
+   su_x11 "xmessage -geometry -0+0 -buttons 'Battery:30,Load:31' ' 
Status:'"
+   case $? in
+   30)
+   su_optr 'apm'
+   ;;
+   31)
+   su_optr 'uptime'
+   ;;
+   # TODO:
+   #32)
+   #   su_optr 'some-wifi-status-thing'
+   #   ;;
+   *)
+   break
+   ;;
+   esac
+   done
+}
+
 if [ "$DISPLAY" = ":0" -o "$DISPLAY" = ":0.0" ]
 then
xconsole -geometry 480x130-0-0 -daemon -notify -verbose -fn fixed 
-exitOnFail
+   _xdm_machine_shutdown >/dev/console 2>&1 &
+   _xdm_machine_status >/dev/console 2>&1 &
 fi
 
 #sxpm OpenBSD.xpm &
--- /etc/X11/xdm/GiveConsole2015/06/30 16:44:10 1.2
+++ /etc/X11/xdm/GiveConsole2016/07/02 13:18:32
@@ -1,6 +1,11 @@
 #!/bin/sh
 # Assign ownership of the console to the invoking user
-# $OpenBSD: GiveConsole,v 1.2 2015/06/30 15:44:10 craig Exp $
+# $OpenBSD: GiveConsole,v 1.4 2016/07/02 12:24:40 craig Exp $
+#
+
+# Started in Xsetup_0
+pkill -U _x11 -x xmessage
+
 #
 # By convention, both xconsole and xterm -C check that the
 # console is owned by the invoking user and is readable before attaching

Re: ypbind: convert from select to poll

2016-07-04 Thread Todd C. Miller 
On Mon, 04 Jul 2016 12:43:12 +0200, Jeremie Courreges-Anglas wrote:

> Showing this to a wider audience,
> 
> This was initially prompted by a diff to replace calloc with
> reallocarray.  As noted by guenther, there is a problem with the
> comparisons between width, rpcsock and pingsock; this, plus the fd_set
> allocation inconvenience would be easily fixed by moving from select to
> poll.
> 
> I do not use YP so tests are more than welcome.

You need to check POLLHUP as well as POLLIN.  It would also be
good to handle EINTR.

 - todd

Expand IN6_IFF_NOTREADY

2016-07-04 Thread Martin Pieuchot 
I find IPv6 address states (flags) really hard to follow.  This macro
doesn't seem to help as it is not always used.  I'd like to get rid of
it, any concern?

After applying this diff you'll see that some patterns appear and they
make me wonder, are some IN6_IFF_DETACHED missing?

Index: netinet6/icmp6.c
===
RCS file: /cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.185
diff -u -p -r1.185 icmp6.c
--- netinet6/icmp6.c29 Mar 2016 11:57:51 -  1.185
+++ netinet6/icmp6.c4 Jul 2016 11:06:29 -
@@ -1229,13 +1229,14 @@ icmp6_reflect(struct mbuf *m, size_t off
/*
 * If the incoming packet was addressed directly to us (i.e. unicast),
 * use dst as the src for the reply.
-* The IN6_IFF_NOTREADY case would be VERY rare, but is possible
-* (for example) when we encounter an error while forwarding procedure
-* destined to a duplicated address of ours.
+* The IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED case would be VERY rare,
+* but is possible (for example) when we encounter an error while
+* forwarding procedure destined to a duplicated address of ours.
 */
TAILQ_FOREACH(ia6, _ifaddr, ia_list)
if (IN6_ARE_ADDR_EQUAL(, >ia_addr.sin6_addr) &&
-   (ia6->ia6_flags & (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY)) == 0) 
{
+   (ia6->ia6_flags & (IN6_IFF_ANYCAST|IN6_IFF_TENTATIVE|
+   IN6_IFF_DUPLICATED)) == 0) {
src = 
break;
}
@@ -1621,9 +1622,8 @@ icmp6_redirect_output(struct mbuf *m0, s
{
/* get ip6 linklocal address for ifp(my outgoing interface). */
struct in6_ifaddr *ia6;
-   if ((ia6 = in6ifa_ifpforlinklocal(ifp,
-IN6_IFF_NOTREADY|
-IN6_IFF_ANYCAST)) == NULL)
+   if ((ia6 = in6ifa_ifpforlinklocal(ifp, IN6_IFF_TENTATIVE|
+   IN6_IFF_DUPLICATED|IN6_IFF_ANYCAST)) == NULL)
goto fail;
ifp_ll6 = >ia_addr.sin6_addr;
}
Index: netinet6/in6.c
===
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.187
diff -u -p -r1.187 in6.c
--- netinet6/in6.c  13 Jun 2016 10:34:40 -  1.187
+++ netinet6/in6.c  4 Jul 2016 11:06:29 -
@@ -1637,7 +1637,8 @@ in6_ifawithscope(struct ifnet *oifp, str
 * Don't use an address before completing DAD
 * nor a duplicated address.
 */
-   if (ifatoia6(ifa)->ia6_flags & IN6_IFF_NOTREADY)
+   if (ifatoia6(ifa)->ia6_flags &
+   (IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED))
continue;
 
/* XXX: is there any case to allow anycasts? */
Index: netinet6/in6_pcb.c
===
RCS file: /cvs/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.92
diff -u -p -r1.92 in6_pcb.c
--- netinet6/in6_pcb.c  11 Apr 2016 21:24:29 -  1.92
+++ netinet6/in6_pcb.c  4 Jul 2016 11:06:29 -
@@ -208,9 +208,8 @@ in6_pcbaddrisavail(struct inpcb *inp, st
 * flag to control the bind(2) behavior against
 * deprecated addresses (default: forbid bind(2)).
 */
-   if (ifa &&
-   ifatoia6(ifa)->ia6_flags &
-   (IN6_IFF_ANYCAST|IN6_IFF_NOTREADY|IN6_IFF_DETACHED))
+   if (ifa && ifatoia6(ifa)->ia6_flags & (IN6_IFF_ANYCAST|
+   IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED|IN6_IFF_DETACHED))
return (EADDRNOTAVAIL);
}
if (lport) {
Index: netinet6/in6_src.c
===
RCS file: /cvs/src/sys/netinet6/in6_src.c,v
retrieving revision 1.74
diff -u -p -r1.74 in6_src.c
--- netinet6/in6_src.c  30 Jun 2016 12:36:27 -  1.74
+++ netinet6/in6_src.c  4 Jul 2016 11:06:29 -
@@ -130,8 +130,8 @@ in6_selectsrc(struct in6_addr **in6src, 
if_put(ifp); /* put reference from in6_selectif */
 
ia6 = ifatoia6(ifa_ifwithaddr(sin6tosa(), rtableid));
-   if (ia6 == NULL ||
-   (ia6->ia6_flags & (IN6_IFF_ANYCAST | IN6_IFF_NOTREADY)))
+   if (ia6 == NULL || (ia6->ia6_flags &
+(IN6_IFF_ANYCAST|IN6_IFF_TENTATIVE|IN6_IFF_DUPLICATED)))
return (EADDRNOTAVAIL);
 
pi->ipi6_addr = sa6.sin6_addr; /* XXX: this overrides pi */
Index: netinet6/in6_var.h
===
RCS file: /cvs/src/sys/netinet6/in6_var.h,v
retrieving revision 1.63
diff -u -p -r1.63

IPv6 forwarding path without KERNEL_LOCK

2016-07-04 Thread Martin Pieuchot 
One of my trees now contain all the necessary plumbing to run the IPv6
forwarding path (mostly) without holding the KERNEL_LOCK.  In other
words we should be able to unlock IPv6 and legacy IP at the same time.

However it's a bit tricky to enqueue packets for local delivery in IPv6
because of the Hop-by-Hop options header processing.  So the solution I
came up with is to delay the option parsing a bit and call it ether from
the forwarding path or from the local delivery path.  In order to do
that without code duplication, I introduced the function below.

This should be straightforward, ok?

Index: netinet6/ip6_input.c
===
RCS file: /cvs/src/sys/netinet6/ip6_input.c,v
retrieving revision 1.160
diff -u -p -r1.160 ip6_input.c
--- netinet6/ip6_input.c19 May 2016 11:34:40 -  1.160
+++ netinet6/ip6_input.c4 Jul 2016 10:50:35 -
@@ -122,6 +122,7 @@ struct ip6stat ip6stat;
 void ip6_init2(void *);
 int ip6_check_rh0hdr(struct mbuf *, int *);
 
+int ip6_hbhchcheck(struct mbuf *, int *, int *, int *);
 int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
 struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
 
@@ -192,7 +193,6 @@ ip6_input(struct mbuf *m)
struct ip6_hdr *ip6;
int off, nest;
u_int16_t src_scope, dst_scope;
-   u_int32_t plen, rtalert = ~0;
int nxt, ours = 0;
 #if NPF > 0
struct in6_addr odst;
@@ -495,76 +495,10 @@ ip6_input(struct mbuf *m)
}
 
   hbhcheck:
-   /*
-* Process Hop-by-Hop options header if it's contained.
-* m may be modified in ip6_hopopts_input().
-* If a JumboPayload option is included, plen will also be modified.
-*/
-   plen = (u_int32_t)ntohs(ip6->ip6_plen);
-   off = sizeof(struct ip6_hdr);
-   if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
-   struct ip6_hbh *hbh;
-
-   if (ip6_hopopts_input(, , , )) {
-   if_put(ifp);
-   return; /* m have already been freed */
-   }
 
-   /* adjust pointer */
-   ip6 = mtod(m, struct ip6_hdr *);
-
-   /*
-* if the payload length field is 0 and the next header field
-* indicates Hop-by-Hop Options header, then a Jumbo Payload
-* option MUST be included.
-*/
-   if (ip6->ip6_plen == 0 && plen == 0) {
-   /*
-* Note that if a valid jumbo payload option is
-* contained, ip6_hopopts_input() must set a valid
-* (non-zero) payload length to the variable plen.
-*/
-   ip6stat.ip6s_badoptions++;
-   icmp6_error(m, ICMP6_PARAM_PROB,
-   ICMP6_PARAMPROB_HEADER,
-   (caddr_t)>ip6_plen - (caddr_t)ip6);
-   if_put(ifp);
-   return;
-   }
-   IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
-   sizeof(struct ip6_hbh));
-   if (hbh == NULL) {
-   ip6stat.ip6s_tooshort++;
-   if_put(ifp);
-   return;
-   }
-   nxt = hbh->ip6h_nxt;
-
-   /*
-* accept the packet if a router alert option is included
-* and we act as an IPv6 router.
-*/
-   if (rtalert != ~0 && ip6_forwarding)
-   ours = 1;
-   } else
-   nxt = ip6->ip6_nxt;
-
-   /*
-* Check that the amount of data in the buffers
-* is as at least much as the IPv6 header would have us expect.
-* Trim mbufs if longer than we expect.
-* Drop packet if shorter than we expect.
-*/
-   if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
-   ip6stat.ip6s_tooshort++;
-   goto bad;
-   }
-   if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
-   if (m->m_len == m->m_pkthdr.len) {
-   m->m_len = sizeof(struct ip6_hdr) + plen;
-   m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
-   } else
-   m_adj(m, sizeof(struct ip6_hdr) + plen - 
m->m_pkthdr.len);
+   if (ip6_hbhchcheck(m, , , )) {
+   if_put(ifp);
+   return; /* m have already been freed */
}
 
/*
@@ -640,6 +574,93 @@ ip6_input(struct mbuf *m)
m_freem(m);
 }
 
+int
+ip6_hbhchcheck(struct mbuf *m, int *offp, int *nxtp, int *oursp)
+{
+   struct ip6_hdr *ip6;
+   u_int32_t plen, rtalert = ~0;
+   int ours, off, nxt;
+
+   ip6 = mtod(m, struct ip6_hdr *);
+
+   /*
+* Process Hop-by-Hop options header if it's contained.
+

ypbind: convert from select to poll

2016-07-04 Thread Jeremie Courreges-Anglas 

Showing this to a wider audience,

This was initially prompted by a diff to replace calloc with
reallocarray.  As noted by guenther, there is a problem with the
comparisons between width, rpcsock and pingsock; this, plus the fd_set
allocation inconvenience would be easily fixed by moving from select to
poll.

I do not use YP so tests are more than welcome.

Comments / ok?


Index: ypbind.c
===
RCS file: /cvs/src/usr.sbin/ypbind/ypbind.c,v
retrieving revision 1.66
diff -u -p -p -u -r1.66 ypbind.c
--- ypbind.c21 Mar 2016 00:49:36 -  1.66
+++ ypbind.c1 Jul 2016 21:33:53 -
@@ -53,6 +53,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #define SERVERSDIR "/etc/yp"
 #define BINDINGDIR "/var/yp/binding"
@@ -336,10 +337,8 @@ main(int argc, char *argv[])
 {
char path[PATH_MAX];
struct sockaddr_in sin;
-   struct timeval tv;
-   fd_set *fdsrp = NULL;
-   int fdsrl = 0;
-   int width, lockfd, lsock;
+   struct pollfd *pfd = NULL;
+   int width = 0, lockfd, lsock;
socklen_t len;
int evil = 0, one = 1;
DIR *dirp;
@@ -530,44 +529,32 @@ main(int argc, char *argv[])
checkwork();
 
while (1) {
-   extern int __svc_fdsetsize;
-   extern void *__svc_fdset;
-
-   if (fdsrp == NULL || fdsrl != __svc_fdsetsize) {
-   free(fdsrp);
-
-   fdsrl = __svc_fdsetsize;
-   width = __svc_fdsetsize;
-   if (rpcsock > __svc_fdsetsize)
-   width = rpcsock;
-   if (pingsock > __svc_fdsetsize)
-   width = pingsock;
-   fdsrp = calloc(howmany(width+1, NFDBITS), 
sizeof(fd_mask));
-   if (fdsrp == NULL)
-   errx(1, "no memory");
-   }
-
-   bcopy(__svc_fdset, fdsrp, howmany(fdsrl+1, NFDBITS) *
-   sizeof(fd_mask));
-   FD_SET(rpcsock, fdsrp);
-   FD_SET(pingsock, fdsrp);
+   if (pfd == NULL || width != svc_max_pollfd + 2) {
+   width = svc_max_pollfd + 2;
+   pfd = reallocarray(pfd, width, sizeof *pfd);
+   if (pfd == NULL)
+   err(1, NULL);
+   }
 
-   tv.tv_sec = 1;
-   tv.tv_usec = 0;
+   pfd[0].fd = rpcsock;
+   pfd[0].events = POLLIN;
+   pfd[1].fd = pingsock;
+   pfd[1].events = POLLIN;
+   memcpy(pfd + 2, svc_pollfd, svc_max_pollfd);
 
-   switch (select(width+1, fdsrp, NULL, NULL, )) {
+   switch (poll(pfd, width, 1000)) {
case 0:
checkwork();
break;
case -1:
-   perror("select\n");
+   perror("poll");
break;
default:
-   if (FD_ISSET(rpcsock, fdsrp))
+   if (pfd[0].revents & POLLIN)
handle_replies();
-   if (FD_ISSET(pingsock, fdsrp))
+   if (pfd[1].revents & POLLIN)
handle_ping();
-   svc_getreqset2(fdsrp, width);
+   svc_getreq_poll(pfd + 2, svc_max_pollfd);
if (check)
checkwork();
break;


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

[armv7] introducing tipru(4)

2016-07-04 Thread Ian Sutton 
I have written some software to support the PRU (Programmable Realtime
Unit) integrated in Texas Instrument's line of ARM SoCs, specifically
the am335x chips. The PRU is a 32-bit realtime processor that exists as
a subsystem on the SoC. You can read more about it in the linked man
pages.

Included below is a omap/am335x/sitara-specific device driver [tipru(4)] 
and userspace utility [pructl(1)]. Both are complete and fully 
documented in their respective man pages which I have also uploaded for 
convenience:

http://ce.gl/tipru.4.html
http://ce.gl/pructl.1.html

You can find the userspace utility at http://ce.gl/pructl.tar.gz

A simple demonstration of the driver in action, after loading and 
executing code that generates a 129KHz square wave:

http://ce.gl/tipru.jpg

I have done my best to make this code as palpable as possible but I'm
sure there are still outstanding issues. Any advice/pointers are
welcome, I have both the time and the inclination to get this code
tree-ready.

Ian

Index: etc/etc.armv7/MAKEDEV
===
RCS file: /cvs/src/etc/etc.armv7/MAKEDEV,v
retrieving revision 1.19
diff -u -p -r1.19 MAKEDEV
--- etc/etc.armv7/MAKEDEV   21 May 2016 22:15:09 -  1.19
+++ etc/etc.armv7/MAKEDEV   4 Jul 2016 08:54:16 -
@@ -4,7 +4,7 @@
 # generated from:
 #
 #  OpenBSD: etc.armv7/MAKEDEV.md,v 1.12 2016/05/21 21:30:22 kettenis Exp 
-#  OpenBSD: MAKEDEV.common,v 1.88 2016/05/21 15:17:49 deraadt Exp 
+#  OpenBSD: MAKEDEV.common,v 1.89 2016/05/26 16:29:51 deraadt Exp 
 #  OpenBSD: MAKEDEV.mi,v 1.82 2016/03/12 17:58:59 espie Exp 
 #  OpenBSD: MAKEDEV.sub,v 1.14 2005/02/07 06:14:18 david Exp 
 #
@@ -59,6 +59,7 @@
 #  usb*Bus control devices used by usbd for attach/detach
 # Special purpose devices:
 #  apm Power management device
+#  tipru   Programmable realtime unit
 #  audio*  Audio devices
 #  bio ioctl tunnel pseudo-device
 #  bktr*   Video frame grabbers
@@ -231,7 +232,7 @@ vscsi*)
;;
 
 video*)
-   M video$U  c 38 $U 600 
+   M video$U  c 38 $U 600
MKlist[${#MKlist[*]}]=";[ -e video ] || ln -s video$U video"
;;
 
@@ -328,6 +329,10 @@ audio*)
MKlist[${#MKlist[*]}]=";[ -e audioctl ] || ln -s audioctl$U audioctl"
;;
 
+tipru*)
+   M tipru c 29 0 200
+   ;;
+
 apm*)
M apm   c 34 0 644
M apmctlc 34 8 644
@@ -469,14 +474,14 @@ local)
;;
 
 all)
-   R gpio0 gpio1 gpio2 gpio3 gpio4 gpio5 gpio6 gpio7 gpio8 vnd0
-   R vnd1 vnd2 vnd3 sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7 sd8 sd9 cd0
-   R cd1 rd0 tap0 tap1 tap2 tap3 tun0 tun1 tun2 tun3 bio pty0
-   R diskmap vscsi0 ch0 bpf fuse pppx hotplug ptm local wscons
-   R pci0 pci1 pci2 pci3 uall rmidi0 rmidi1 rmidi2 rmidi3 rmidi4
-   R rmidi5 rmidi6 rmidi7 tuner0 radio0 video0 video1 uk0 random
-   R tty00 tty01 tty02 tty03 tty04 tty05 tty06 tty07 tty08 tty09
-   R tty0a tty0b apm pf wd0 wd1 wd2 wd3 std st0 st1 fd
+   R tipru0 gpio0 gpio1 gpio2 gpio3 gpio4 gpio5 gpio6 gpio7
+   R gpio8 vnd0 vnd1 vnd2 vnd3 sd0 sd1 sd2 sd3 sd4 sd5 sd6 sd7
+   R sd8 sd9 cd0 cd1 rd0 tap0 tap1 tap2 tap3 tun0 tun1 tun2 tun3
+   R bio pty0 diskmap vscsi0 ch0 bpf fuse pppx hotplug ptm local
+   R wscons pci0 pci1 pci2 pci3 uall rmidi0 rmidi1 rmidi2 rmidi3
+   R rmidi4 rmidi5 rmidi6 rmidi7 tuner0 radio0 video0 video1 uk0
+   R random tty00 tty01 tty02 tty03 tty04 tty05 tty06 tty07 tty08
+   R tty09 tty0a tty0b apm pf wd0 wd1 wd2 wd3 std st0 st1 fd
;;
 
 wd*|sd*)
Index: etc/etc.armv7/MAKEDEV.md
===
RCS file: /cvs/src/etc/etc.armv7/MAKEDEV.md,v
retrieving revision 1.12
diff -u -p -r1.12 MAKEDEV.md
--- etc/etc.armv7/MAKEDEV.md21 May 2016 21:30:22 -  1.12
+++ etc/etc.armv7/MAKEDEV.md4 Jul 2016 08:54:16 -
@@ -27,6 +27,8 @@ dnl ADVISED OF THE POSSIBILITY OF SUCH D
 dnl
 dnl
 __devitem(apm, apm, Power management device)dnl
+__devitem(tipru, tipru, Programmable realtime unit)dnl
+_mkdev(tipru, tipru*, {-M tipru c major_tipru_c 0 200-})dnl
 _TITLE(make)
 _DEV(all)
 _DEV(ramdisk)
@@ -64,6 +66,7 @@ _DEV(ulpt, 66)
 _DEV(usb, 64)
 _TITLE(spec)
 _DEV(apm, 34)
+_DEV(tipru, 29)
 _DEV(au, 36)
 _DEV(bio, 52)
 _DEV(bktr, 75)
@@ -114,3 +117,4 @@ target(all, cd, 0, 1)dnl
 target(all, sd, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9)dnl
 target(all, vnd, 0, 1, 2, 3)dnl
 target(all, gpio, 0, 1, 2, 3, 4, 5, 6, 7, 8)dnl
+target(all, tipru, 0)dnl
Index: share/man/man4/man4.armv7/tipru.4
===
RCS file: share/man/man4/man4.armv7/tipru.4
diff -N share/man/man4/man4.armv7/tipru.4
--- /dev/null   1 Jan 1970 00:00:00 -
+++ share/man/man4/man4.armv7/tipru.4   4 Jul 2016 08:54:22 -
@@ -0,0 +1,113 @@
+.\" Copyright (c) 2016 Ian Sutton 
+.\"
+.\" Permission to use, copy, modify, and distribute this

Re: show current tx rate for associated nodes

2016-07-04 Thread Martin Pieuchot 
On 03/07/16(Sun) 15:23, Stefan Sperling wrote:
> For hostap interfaces, ifconfig scan currently shows the maximum supported
> Rx Rate or RX MCS of associated stations. E.g. for an iwn(4) device associated
> to an athn(4) AP in 11g mode, the AP will show 'HT-MCS7' in ifconfig scan:
> 
>   # ifconfig athn0 scan | grep 34:13:e8:d0:60:a9
>   lladdr 34:13:e8:d0:60:a9 77dBm HT-MCS7 short_preamble,short_slottime assoc
> 
> It shows that 'HT-MCS7' is the maximum supported rate by iwn(4).
> Showing the maximum supported rate makes sense when searching for APs.
> But on an AP it is more useful to show the current Tx rate our AP is
> using to send frames to the associated node.
> The diff below implements this, and we get:
> 
>   # ifconfig athn0 scan | grep 34:13:e8:d0:60:a9
>   lladdr 34:13:e8:d0:60:a9 80dBm 24M short_preamble,short_slottime assoc
> 
> Requires ifconfig to be recompiled to run on the new kernel.

I like this, it is in my opinion more user-friendly.  

> Index: sbin/ifconfig/ifconfig.c
> ===
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.324
> diff -u -p -r1.324 ifconfig.c
> --- sbin/ifconfig/ifconfig.c  15 Jun 2016 19:39:33 -  1.324
> +++ sbin/ifconfig/ifconfig.c  3 Jul 2016 12:59:05 -
> @@ -2341,8 +2341,19 @@ ieee80211_printnode(struct ieee80211_nod
>  
>   if (nr->nr_pwrsave)
>   printf("powersave ");
> - /* Only print the fastest rate */
> - if (nr->nr_max_rxrate) {
> + /* 
> +  * Print our current Tx rate for associated nodes.
> +  * Print the fastest supported rate for APs.
> +  */
> + if ((nr->nr_flags & (IEEE80211_NODEREQ_AP)) == 0) {
> + if (nr->nr_flags & IEEE80211_NODEREQ_HT) {
> + printf("HT-MCS%d ", nr->nr_txmcs);
> + } else if (nr->nr_rates) {
> + printf("%uM ",
> + (nr->nr_rates[nr->nr_txrate] & IEEE80211_RATE_VAL)
> + / 2);
> + }
> + } else if (nr->nr_max_rxrate) {
>   printf("%uM HT ", nr->nr_max_rxrate);
>   } else if (nr->nr_rxmcs[0] != 0) {
>   for (i = IEEE80211_HT_NUM_MCS - 1; i >= 0; i--) {
> @@ -2351,9 +2362,8 @@ ieee80211_printnode(struct ieee80211_nod
>   }
>   printf("HT-MCS%d ", i);
>   } else if (nr->nr_nrates) {
> - printf("%uM",
> + printf("%uM ",
>   (nr->nr_rates[nr->nr_nrates - 1] & IEEE80211_RATE_VAL) / 2);
> - putchar(' ');
>   }
>   /* ESS is the default, skip it */
>   nr->nr_capinfo &= ~IEEE80211_CAPINFO_ESS;
> Index: sys/net80211/ieee80211_ioctl.c
> ===
> RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
> retrieving revision 1.41
> diff -u -p -r1.41 ieee80211_ioctl.c
> --- sys/net80211/ieee80211_ioctl.c28 Apr 2016 13:50:14 -  1.41
> +++ sys/net80211/ieee80211_ioctl.c3 Jul 2016 13:00:32 -
> @@ -112,6 +112,9 @@ ieee80211_node2req(struct ieee80211com *
>   memcpy(nr->nr_rxmcs, ni->ni_rxmcs, sizeof(nr->nr_rxmcs));
>   nr->nr_max_rxrate = ni->ni_max_rxrate;
>   nr->nr_tx_mcs_set = ni->ni_tx_mcs_set;
> + nr->nr_txmcs = ni->ni_txmcs;
> + if (ni->ni_flags & IEEE80211_NODE_HT)
> + nr->nr_flags |= IEEE80211_NODEREQ_HT;
>  }
>  
>  void
> Index: sys/net80211/ieee80211_ioctl.h
> ===
> RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.h,v
> retrieving revision 1.26
> diff -u -p -r1.26 ieee80211_ioctl.h
> --- sys/net80211/ieee80211_ioctl.h28 Apr 2016 14:46:10 -  1.26
> +++ sys/net80211/ieee80211_ioctl.h3 Jul 2016 12:58:58 -
> @@ -339,6 +339,7 @@ struct ieee80211_nodereq {
>   uint8_t nr_rxmcs[howmany(80,NBBY)];
>   uint16_tnr_max_rxrate;  /* in Mb/s, 0 <= rate <= 1023 */
>   uint8_t nr_tx_mcs_set;
> + uint8_t nr_txmcs;
>  };
>  
>  #define IEEE80211_NODEREQ_STATE(_s)  (1 << _s)
> @@ -352,6 +353,7 @@ struct ieee80211_nodereq {
>  #define IEEE80211_NODEREQ_AP 0x01/* access point */
>  #define IEEE80211_NODEREQ_AP_BSS 0x02/* current bss access point */
>  #define IEEE80211_NODEREQ_COPY   0x04/* add node with flags 
> */
> +#define IEEE80211_NODEREQ_HT 0x08/* HT negotiated */
>  
>  #define SIOCG80211NODE   _IOWR('i', 211, struct 
> ieee80211_nodereq)
>  #define SIOCS80211NODE_IOW('i', 212, struct 
> ieee80211_nodereq)
>