Re: binutils-2.17 ownership fixes
On Thu, Sep 15, 2016 at 1:58 PM, Martin Natano wrote:
> This should do it. The 'fix' is ugly, but I couldn't find a cleaner way
> to pass the right STRIP value to libtool. Any better ideas? Ok?
...
> --- gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper 11 Sep 2016 07:42:02
> - 1.9
> +++ gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper 15 Sep 2016 20:56:45
> -
> @@ -80,6 +80,8 @@ do-config: .USE
> mv -f Makefile.tmp Makefile
> cd ${.OBJDIR} && \
> ${MAKE} ${CONFIGURE_MODULES}
> + sed -i 's,^STRIP=strip$$,STRIP=/usr/bin/strip,' \
> + ${.OBJDIR}/binutils/libtool
Instead of hacking the generated libtool post-facto, maybe just
hardcode a usable value into what generates the script?
--- ltconfig24 Apr 2011 20:14:40 - 1.1.1.1
+++ ltconfig16 Sep 2016 03:44:50 -
@@ -2331,7 +2331,7 @@ LN_S=$LN_S
NM=$NM
# A symbol stripping program
-STRIP=$STRIP
+STRIP=/usr/bin/strip
# Used to examine libraries when file_magic_cmd begins "file"
MAGIC_CMD=$MAGIC_CMD
Re: rebound quantum entanglement
Theo de Raadt [dera...@openbsd.org] wrote: > > That rebound acts like a nameserver is what prompted the idea to > > hijack the resolver. But it's really a tool that takes over certain > > duties from the libc resolver, so the libc resolver should be properly > > configurable to hand over duties, or not. 'search' is the logical > > place for this. > > So maybe the first generation Ted proposes has some problems. And > what have YOU DONE recently?? > Sorry guys. I didn't mean to shit all over Ted's first revision. I was just flabbergasted at the casual tone of this conversation, in contrast to what was being discussed. > Look, I think some people don't understand the goal. > > search won't work in roaming + non-roaming situations. There are > solutions being discussed to make that easier, they dovetail into > this slightly. > Roaming means dhclient right? SOCK_DNS sounds like a great clue. Chris
Re: rebound quantum entanglement
Ted Unangst wrote:
> So the plan is for rebound to be the 'system' resolver, with libc talking to
> rbeound and rebound talking to the cloud. The main wrinkle is how does rebound
> find the cloud? rebound.conf, but dhclient doesn't know anything about
> rebound.conf, preferring to edit resolv.conf. But if rebound reads
> resolv.conf, what does libc read? This has been a bit of a tangle until now,
> especially in scenarios like upgrades where rebound may not even be running.
Move the hijacking into the kernel. rebound sets a sysctl, and then the kernel
gives it all the dns connections. libc knows nothing. if rebound dies, dns
dies. still listening on :53 because it has to listen somewhere.
Index: sys/kern/kern_sysctl.c
===
RCS file: /cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.309
diff -u -p -r1.309 kern_sysctl.c
--- sys/kern/kern_sysctl.c 7 Sep 2016 17:30:12 - 1.309
+++ sys/kern/kern_sysctl.c 15 Sep 2016 22:03:19 -
@@ -615,6 +615,10 @@ kern_sysctl(int *name, u_int namelen, vo
return sysctl_int(oldp, oldlenp, newp, newlen, &global_ptrace);
}
#endif
+ case KERN_DNSJACKING: {
+ extern int dnsjacking;
+ return sysctl_int(oldp, oldlenp, newp, newlen, &dnsjacking);
+ }
default:
return (EOPNOTSUPP);
}
Index: sys/kern/uipc_syscalls.c
===
RCS file: /cvs/src/sys/kern/uipc_syscalls.c,v
retrieving revision 1.133
diff -u -p -r1.133 uipc_syscalls.c
--- sys/kern/uipc_syscalls.c9 Aug 2016 02:25:35 - 1.133
+++ sys/kern/uipc_syscalls.c15 Sep 2016 22:03:45 -
@@ -67,6 +67,8 @@ externstruct fileops socketops;
intcopyaddrout(struct proc *, struct mbuf *, struct sockaddr *, socklen_t,
socklen_t *);
+int dnsjacking = 0;
+
int
sys_socket(struct proc *p, void *v, register_t *retval)
{
@@ -395,6 +397,16 @@ sys_connect(struct proc *p, void *v, reg
FRELE(fp, p);
m_freem(nam);
return (error);
+ }
+ if (dnsjacking) {
+ struct sockaddr_in sin;
+ memset(&sin, 0, sizeof(sin));
+ sin.sin_len = sizeof(sin);
+ sin.sin_family = AF_INET;
+ sin.sin_port = htons(53);
+ sin.sin_addr.s_addr = INADDR_LOOPBACK;
+ memcpy(mtod(nam, void *), &sin, sizeof(sin));
+ nam->m_len = sizeof(sin);
}
}
Index: sys/sys/sysctl.h
===
RCS file: /cvs/src/sys/sys/sysctl.h,v
retrieving revision 1.165
diff -u -p -r1.165 sysctl.h
--- sys/sys/sysctl.h7 Sep 2016 17:30:12 - 1.165
+++ sys/sys/sysctl.h15 Sep 2016 22:01:48 -
@@ -113,7 +113,7 @@ struct ctlname {
#defineKERN_HOSTNAME 10 /* string: hostname */
#defineKERN_HOSTID 11 /* int: host identifier */
#defineKERN_CLOCKRATE 12 /* struct: struct clockinfo */
-/* was KERN_VNODE 13 */
+#defineKERN_DNSJACKING 13 /* hijack dns sockets */
/* was KERN_PROC 14 */
/* was KERN_FILE 15 */
#defineKERN_PROF 16 /* node: kernel profiling info
*/
@@ -200,7 +200,7 @@ struct ctlname {
{ "hostname", CTLTYPE_STRING }, \
{ "hostid", CTLTYPE_INT }, \
{ "clockrate", CTLTYPE_STRUCT }, \
- { "gap", 0 }, \
+ { "dnsjacking", CTLTYPE_INT }, \
{ "gap", 0 }, \
{ "gap", 0 }, \
{ "profiling", CTLTYPE_NODE }, \
Index: usr.sbin/rebound/rebound.8
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.8,v
retrieving revision 1.4
diff -u -p -r1.4 rebound.8
--- usr.sbin/rebound/rebound.8 4 Dec 2015 04:50:43 - 1.4
+++ usr.sbin/rebound/rebound.8 15 Sep 2016 00:57:21 -
@@ -33,9 +33,7 @@ The options are as follows:
.Bl -tag -width Ds
.It Fl c Ar config
Specify an alternative configuration file, instead of the default
-.Pa /etc/rebound.conf .
-At present, the config file consists of a single line containing the next
-hop DNS server.
+.Pa /etc/resolv.conf .
.Nm
will reload the configuration file when sent a SIGHUP signal.
.It Fl d
@@ -46,8 +44,8 @@ does not
into the background.
.El
.Sh FILES
-.Bl -tag -width "/etc/rebound.confXX" -compact
-.It Pa /etc/rebound.conf
+.Bl -tag -width "/etc/resolv.confXX" -compact
+.It Pa /etc/resolv.conf
Default
.Nm
configuration file.
Index: usr.sbin/rebound/rebound.c
===
RCS file: /cvs/src/usr.sbin/rebound/rebound.c,v
retrieving revision 1.70
diff -u -p -r1.70 rebo
Re: ifconfig(8) rdomain pseudogroup
On Thu, Sep 15, 2016 at 09:27:00PM +, Ivan Markin wrote: > Jason McIntyre: > > ...then isn't it covered by the notes already attached to "interface"? > > > > Otherwise all interfaces of the same type will be displayed (for > > example, ``fxp'' will display all fxp(4) interfaces). > > Right, it seems to be. But is 'rdomain' a type? We'll get 255 new > interface types then... > For me it's not clear from here how can I invoke particular rdomain. > Maybe it's just me. > i'm keen to try and keep ifconfig(8) as small as possible/. i hope the notes in "interface" and "group" are enough. i won;t be the one picking this up though, so i'll leave it to whoever. in my opinion, "interface" covers it mostly. if it needs to be spelled out, it's probably more logically suited to the notes in "group". jmc
Re: ifconfig(8) rdomain pseudogroup
Jason McIntyre: > Otherwise all interfaces of the same type will be displayed (for > example, ``fxp'' will display all fxp(4) interfaces). btw, what is called here 'type' is actually 'name' from above. I.e. it's driver type, not a generic type (which is 'rdomain'). -- Ivan Markin
Re: ifconfig(8) rdomain pseudogroup
Jason McIntyre: > ...then isn't it covered by the notes already attached to "interface"? > > Otherwise all interfaces of the same type will be displayed (for > example, ``fxp'' will display all fxp(4) interfaces). Right, it seems to be. But is 'rdomain' a type? We'll get 255 new interface types then... For me it's not clear from here how can I invoke particular rdomain. Maybe it's just me. -- Ivan Markin
Re: ifconfig(8) rdomain pseudogroup
On Thu, Sep 15, 2016 at 09:10:00PM +, Ivan Markin wrote: > Jason McIntyre: > > i think the "group" description of ifconfig(8) would be the more logical > > place to document this. > > Even if it is not a real group? 'rdomain' pseudogroup is only used to > display interfaces. One can't actually consider it as a group. > > -- > Ivan Markin > ...then isn't it covered by the notes already attached to "interface"? Otherwise all interfaces of the same type will be displayed (for example, ``fxp'' will display all fxp(4) interfaces). jmc
Re: ifconfig(8) rdomain pseudogroup
Jason McIntyre: > i think the "group" description of ifconfig(8) would be the more logical > place to document this. Even if it is not a real group? 'rdomain' pseudogroup is only used to display interfaces. One can't actually consider it as a group. -- Ivan Markin
Re: ifconfig(8) rdomain pseudogroup
On Thu, Sep 15, 2016 at 08:52:00PM +, Ivan Markin wrote:
> Hi tech@,
>
> After some struggling with manual looking for the interfaces attached to
> particular rdomain, I added such option to ifconfig(8). So now it
> behaves like there is a 'group' for each rdomain.
>
>
i think the "group" description of ifconfig(8) would be the more logical
place to document this.
jmc
> Index: ifconfig.8
> ===
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
> retrieving revision 1.274
> diff -u -p -r1.274 ifconfig.8
> --- ifconfig.89 Sep 2016 06:59:41 - 1.274
> +++ ifconfig.815 Sep 2016 20:42:07 -
> @@ -99,6 +99,11 @@ If no optional parameters are supplied,
> .Dq name .
> If an interface group of that name exists, all interfaces in the group
> will be shown.
> +If given name is
> +.Dq rdomain
> +all interfaces attached to the rdomain specified in
> +.Dq unit
> +will be shown.
> Otherwise all interfaces of the same type will be displayed
> (for example,
> .Dq fxp
> Index: ifconfig.c
> ===
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
> retrieving revision 1.330
> diff -u -p -r1.330 ifconfig.c
> --- ifconfig.c3 Sep 2016 13:46:57 - 1.330
> +++ ifconfig.c15 Sep 2016 20:42:07 -
> @@ -226,6 +226,7 @@ void getifgroups(void);
> void setifgroup(const char *, int);
> void unsetifgroup(const char *, int);
> void setgroupattribs(char *, int, char *[]);
> +int printrdomain(char *);
> int printgroup(char *, int);
> void setautoconf(const char *, int);
> void settrunkport(const char *, int);
> @@ -896,6 +897,39 @@ getinfo(struct ifreq *ifr, int create)
> }
>
> int
> +printrdomain(char *rdomainname)
> +{
> + struct ifaddrs *ifap = NULL;
> + struct ifaddrs *ifa;
> + size_t skip;
> + const char *estr;
> + int rdomainid;
> + int count = 0;
> +
> + skip = strcspn(rdomainname, "0123456789");
> + rdomainid = strtonum(rdomainname + skip, 0, 255, &estr);
> + if (estr != NULL)
> + errx(1, "invalid rdomain specification");
> + if (getifaddrs(&ifap) != 0)
> + err(1, "getifaddrs");
> + for (ifa = ifap; ifa; ifa = ifa->ifa_next ) {
> + if ( ifa->ifa_addr->sa_family == AF_LINK) {
> + struct if_data *data = (struct if_data *) ifa->ifa_data;
> + if (data->ifi_rdomain == rdomainid) {
> + printif(ifa->ifa_name, 0);
> + count++;
> + }
> + }
> + }
> + freeifaddrs(ifap);
> + if (count == 0) {
> + fprintf(stderr, "rdomain %d: no such rdomain\n", rdomainid);
> + exit(1);
> + }
> + return count;
> +}
> +
> +int
> printgroup(char *groupname, int ifaliases)
> {
> struct ifgroupreqifgr;
> @@ -995,6 +1029,18 @@ printif(char *ifname, int ifaliases)
> if ((oname = strdup(ifname)) == NULL)
> err(1, "strdup");
> nlen = strlen(oname);
> + /* is it an rdomain? */
> + if (!strncmp(oname, "rdomain", 7)) {
> + if (isdigit((unsigned char)oname[nlen-1])) {
> + if (printrdomain(oname) != -1) {
> + free(oname);
> + return;
> + }
> + } else {
> + errx(1, "no rdomain specified");
> + return;
> + }
> + }
> /* is it a group? */
> if (nlen && !isdigit((unsigned char)oname[nlen - 1]))
> if (printgroup(oname, ifaliases) != -1) {
>
Re: binutils-2.17 ownership fixes
> install: strip: No such file or directory
>
> Is there a better option than removing it again?
>
>
> $ cd /usr/src/gnu/usr.bin/binutils-2.17
> $ doas make -f Makefile.bsd-wapper install
> [...]
> Making install in po
> test -z "/usr/bin" || /bin/sh
> /usr/src/gnu/usr.bin/binutils-2.17/binutils/../mkinstalldirs "/usr/bin"
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'objdump' '/usr/bin/objdump'
> install -c -S -o root -g bin -m 555 -s objdump /usr/bin/objdump
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'ar' '/usr/bin/ar'
> install -c -S -o root -g bin -m 555 -s ar /usr/bin/ar
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'strings' '/usr/bin/strings'
> install -c -S -o root -g bin -m 555 -s strings /usr/bin/strings
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'ranlib' '/usr/bin/ranlib'
> install -c -S -o root -g bin -m 555 -s ranlib /usr/bin/ranlib
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'objcopy' '/usr/bin/objcopy'
> install -c -S -o root -g bin -m 555 -s objcopy /usr/bin/objcopy
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'addr2line' '/usr/bin/addr2line'
> install -c -S -o root -g bin -m 555 -s addr2line /usr/bin/addr2line
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> 'readelf' '/usr/bin/readelf'
> install -c -S -o root -g bin -m 555 -s readelf /usr/bin/readelf
> install: strip: No such file or directory
> /bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
> strip-new /usr/bin/strip
> install -c -S -o root -g bin -m 555 -s strip-new /usr/bin/strip
> install: strip: No such file or directory
> [...]
>
This should do it. The 'fix' is ugly, but I couldn't find a cleaner way
to pass the right STRIP value to libtool. Any better ideas? Ok?
Index: gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper
===
RCS file: /cvs/src/gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile.bsd-wrapper
--- gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper 11 Sep 2016 07:42:02
- 1.9
+++ gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper 15 Sep 2016 20:56:45
-
@@ -80,6 +80,8 @@ do-config: .USE
mv -f Makefile.tmp Makefile
cd ${.OBJDIR} && \
${MAKE} ${CONFIGURE_MODULES}
+ sed -i 's,^STRIP=strip$$,STRIP=/usr/bin/strip,' \
+ ${.OBJDIR}/binutils/libtool
gas/doc/as.1: config.status
cd ${.OBJDIR}/gas/doc && ${MAKE} as.1
ifconfig(8) rdomain pseudogroup
Hi tech@,
After some struggling with manual looking for the interfaces attached to
particular rdomain, I added such option to ifconfig(8). So now it
behaves like there is a 'group' for each rdomain.
Index: ifconfig.8
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v
retrieving revision 1.274
diff -u -p -r1.274 ifconfig.8
--- ifconfig.8 9 Sep 2016 06:59:41 - 1.274
+++ ifconfig.8 15 Sep 2016 20:42:07 -
@@ -99,6 +99,11 @@ If no optional parameters are supplied,
.Dq name .
If an interface group of that name exists, all interfaces in the group
will be shown.
+If given name is
+.Dq rdomain
+all interfaces attached to the rdomain specified in
+.Dq unit
+will be shown.
Otherwise all interfaces of the same type will be displayed
(for example,
.Dq fxp
Index: ifconfig.c
===
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
retrieving revision 1.330
diff -u -p -r1.330 ifconfig.c
--- ifconfig.c 3 Sep 2016 13:46:57 - 1.330
+++ ifconfig.c 15 Sep 2016 20:42:07 -
@@ -226,6 +226,7 @@ voidgetifgroups(void);
void setifgroup(const char *, int);
void unsetifgroup(const char *, int);
void setgroupattribs(char *, int, char *[]);
+intprintrdomain(char *);
intprintgroup(char *, int);
void setautoconf(const char *, int);
void settrunkport(const char *, int);
@@ -896,6 +897,39 @@ getinfo(struct ifreq *ifr, int create)
}
int
+printrdomain(char *rdomainname)
+{
+ struct ifaddrs *ifap = NULL;
+ struct ifaddrs *ifa;
+ size_t skip;
+ const char *estr;
+ int rdomainid;
+ int count = 0;
+
+ skip = strcspn(rdomainname, "0123456789");
+ rdomainid = strtonum(rdomainname + skip, 0, 255, &estr);
+ if (estr != NULL)
+ errx(1, "invalid rdomain specification");
+ if (getifaddrs(&ifap) != 0)
+ err(1, "getifaddrs");
+ for (ifa = ifap; ifa; ifa = ifa->ifa_next ) {
+ if ( ifa->ifa_addr->sa_family == AF_LINK) {
+ struct if_data *data = (struct if_data *) ifa->ifa_data;
+ if (data->ifi_rdomain == rdomainid) {
+ printif(ifa->ifa_name, 0);
+ count++;
+ }
+ }
+ }
+ freeifaddrs(ifap);
+ if (count == 0) {
+ fprintf(stderr, "rdomain %d: no such rdomain\n", rdomainid);
+ exit(1);
+ }
+ return count;
+}
+
+int
printgroup(char *groupname, int ifaliases)
{
struct ifgroupreqifgr;
@@ -995,6 +1029,18 @@ printif(char *ifname, int ifaliases)
if ((oname = strdup(ifname)) == NULL)
err(1, "strdup");
nlen = strlen(oname);
+ /* is it an rdomain? */
+ if (!strncmp(oname, "rdomain", 7)) {
+ if (isdigit((unsigned char)oname[nlen-1])) {
+ if (printrdomain(oname) != -1) {
+ free(oname);
+ return;
+ }
+ } else {
+ errx(1, "no rdomain specified");
+ return;
+ }
+ }
/* is it a group? */
if (nlen && !isdigit((unsigned char)oname[nlen - 1]))
if (printgroup(oname, ifaliases) != -1) {
Re: rebound quantum entanglement
> That rebound acts like a nameserver is what prompted the idea to > hijack the resolver. But it's really a tool that takes over certain > duties from the libc resolver, so the libc resolver should be properly > configurable to hand over duties, or not. 'search' is the logical > place for this. So maybe the first generation Ted proposes has some problems. And what have YOU DONE recently?? Look, I think some people don't understand the goal. The goal is a privsep layer for the libc resolver, with external communication operating on the other side of a priv boundary. Preventing direct communication to programs, to test their soft underbellies. That is a valuable goal. Maybe YOU trust unbound to do this. Maybe you haven't gotten a grasp of how featuritis is eating it release after release, and the risk of error creeps in constantly. I am also hearing an argument for selective configuration. That's the kind of "remember to compile with the stack protector if you believe in security!" hogwash I heard around 20 years ago. Only make it secure if you need it secure! Get off my computer kidz. We know this program-libc-external-world issue with DNS needs to be solved one day. Requiring deep port 53 invasion into a host or network is patently stupid, yet accepted. As I said, unbound does not solve the problem because the software does 900 other things you don't want. I'm hearing a tone that only people who know how to configure complex situations should be secure. That stands against my principles. For this DNS problem, I think we have a number of new ideas which can fit together to do something great, and we should endeavour to integrate this stuff. That kind of thing does not happen on one round. Such harsh condemnation of the first attempt is seriously contemptable. Take a chill pill, or participate in improving it, or wait your turn. Now to the logic. search won't work in roaming + non-roaming situations. There are solutions being discussed to make that easier, they dovetail into this slightly. For Ted's current proposal I think making this libc:resolver interface communiate via an IP address is the problem. People wish to control policy via their own IP reach policies towards their own nameservers, and 127.0.0.1 is an IP that falls into that catagory of control. For instance, hijacking 127.0.0.1 immediately makes it impossible for rebound to speak to a localhost unbound, I think it is clear this design isn't quite right. If such a twisted configuration can still work, it would indicate we are on the right road. We kind of want a secret direct interface between the resolver library routines and the resolution daemon (or remote one). BTW, it has been done before -- the original Sun ypserv used to do this, and I suppose other systems have done it also. Luckily we already have a mechanism which allows us to know that a DNS lookup is being performed by libc -- the socket has been opened with SOCK_DNS. In some way, those can be directed to a rebound (if it is running) -- which can then do the standard dance of honouring /etc/resolv.conf, just like libc would have. Which would allow all other configurations to work, probably. Yes there are also not-our-resolvers which lack the SOCK_DNS flag. We want to do the right thing there. They would continue to lookup via resolv.conf, and miss out on rebound protection. Eventually when people realize programs-speaking-to-rebound prevent a host from selectively filtering port 53 to only one program (rebound), then maybe they'll want to fix those other programs/libraries. It is a long road. I don't know these ideas creates new problems. We'll just have try them out. But throwing them under the bus with +1's is basically the 'get off my lawn" argument. But at least I'll try to engage in constructive arguments with Ted, because if we can pull this cleanly it will be great.
Re: rebound quantum entanglement
On Thu, 15 Sep 2016, Chris Cappuccio wrote: > That rebound acts like a nameserver is what prompted the idea to > hijack the resolver. But it's really a tool that takes over certain > duties from the libc resolver, so the libc resolver should be properly > configurable to hand over duties, or not. 'search' is the logical > place for this. +1 to this Hidden magic configuration always causes grief.
Re: rebound quantum entanglement
Bryan Steele [bry...@gmail.com] wrote: > On Thu, Sep 15, 2016 at 10:14:51AM -0400, Ted Unangst wrote: > > Florian Obser wrote: > > > Not everything listening on localhost port 53 is a recursive resolver. > > > nsd(8) per defaults listens on 0.0.0.0 and will respond with REFUSED for > > > almost every query. asr stops in that case and does not try the next > > > resolver in the list. > > > > Ah! There's the catch. The good news is I think we can still bind to > > localhost:53 if nsd is on *:53 (right?). This matters if rebound isn't > > listening. > > Perhaps I'm confused, but what happens when rebound is stopped by the > user or it crashes? I think that would mean requests would fallback to > nsd on *:53 which as Florian mentioned, would not try the next > nameserver in resolv.conf. > This entire discussion is bat-shit crazy to me! Adding secret nameservers to resolv.conf is plain wrong. Hijacking the libc resolver is an approach for systemd, not OpenBSD. I already configure special nameservers on certain machines, that bind to 127.0.0.1, for my own reasons. In a general sense, when I configure the system to do something, and it does something different, I now have to recompile libc. What !??!?! This point that has been reached in this discussion just reinforces the idea that this approach is wrong. The sensible thing to do is add a 'search' parameter to resolv.conf. If programs parse resolv.conf themselves, and they break, we should fix them. It seems like the default should be 'search rebound file bind' and 'search rebound bind file' if no 'lookup' keyword is specified. Most users won't ever have 'search rebound' visible in their resolv.conf. That rebound acts like a nameserver is what prompted the idea to hijack the resolver. But it's really a tool that takes over certain duties from the libc resolver, so the libc resolver should be properly configurable to hand over duties, or not. 'search' is the logical place for this. Chris
Re: teach BFD how to send route messages
On 2016 Sep 15 (Thu) at 14:47:24 +0200 (+0200), Peter Hessler wrote: :On 2016 Sep 15 (Thu) at 13:28:10 +0200 (+0200), Martin Pieuchot wrote: ::On 14/09/16(Wed) 15:50, Peter Hessler wrote: ::> + ::> + bfd = pool_get(&bfd_pool_msghdr, PR_WAITOK | PR_ZERO); :: ::This doesn't make sense you're allocating memory just to pass ::arguments to the rtsock layer. I believe this functions is ::not needed. :: : :I ran into some problems with that, but I can take another look. : And fixed those problems. Was a think-o on my part. No need for the allocation. :::> @@ -376,6 +410,7 @@ bfd_send_task(void *arg) ::> bfd_set_state(sc, BFD_STATE_DOWN); ::> } ::> } ::> +bfd_prepmsg(sc); :: ::Why not call it bfd_sendmsg() and do everything you need there? :: : :Because either bfd.c needs externs to use some globals in rtsock.c, or :rtsock.c needs all of the child structures from bfd.c. : :I can look at this, as mentioned above. : I looked into it, and can move all of this into rtsock.c. Putting it into bfd.c involves way too many externs and reaching over :(. I'll call it "rt_bfdmsg()", to match the existing naming scheme in rtsock.c. -- "We don't care. We don't have to. We're the Phone Company."
Re: binutils-2.17 ownership fixes
Theo Buehler writes:
> On Sat, Sep 10, 2016 at 07:01:20PM -0700, Philip Guenther wrote:
>> On Sat, 10 Sep 2016, Philip Guenther wrote:
>> > Same diff as binutils, with same open question:
>> >
>> > > Maybe we should add ${INSTALL_STRIP} to the INSTALL_PROGRAM assignment
>> > > here?
>>
>> Here's the combined diff that does that.
>>
>> (Note to self: if you set DEBUG in /etc/mk.conf, INSTALL_STRIP isn't set)
>>
>> ok?
>
> Adding ${INSTALL_STRIP} here resulted in 10 times the following warning
> during 'make build':
>
> install: strip: No such file or directory
I saw the same thing today, but did not investigate.
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: binutils-2.17 ownership fixes
On Sat, Sep 10, 2016 at 07:01:20PM -0700, Philip Guenther wrote:
> On Sat, 10 Sep 2016, Philip Guenther wrote:
> > Same diff as binutils, with same open question:
> >
> > > Maybe we should add ${INSTALL_STRIP} to the INSTALL_PROGRAM assignment
> > > here?
>
> Here's the combined diff that does that.
>
> (Note to self: if you set DEBUG in /etc/mk.conf, INSTALL_STRIP isn't set)
>
> ok?
Adding ${INSTALL_STRIP} here resulted in 10 times the following warning
during 'make build':
install: strip: No such file or directory
Is there a better option than removing it again?
$ cd /usr/src/gnu/usr.bin/binutils-2.17
$ doas make -f Makefile.bsd-wapper install
[...]
Making install in po
test -z "/usr/bin" || /bin/sh
/usr/src/gnu/usr.bin/binutils-2.17/binutils/../mkinstalldirs "/usr/bin"
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
'objdump' '/usr/bin/objdump'
install -c -S -o root -g bin -m 555 -s objdump /usr/bin/objdump
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555 'ar'
'/usr/bin/ar'
install -c -S -o root -g bin -m 555 -s ar /usr/bin/ar
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
'strings' '/usr/bin/strings'
install -c -S -o root -g bin -m 555 -s strings /usr/bin/strings
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
'ranlib' '/usr/bin/ranlib'
install -c -S -o root -g bin -m 555 -s ranlib /usr/bin/ranlib
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
'objcopy' '/usr/bin/objcopy'
install -c -S -o root -g bin -m 555 -s objcopy /usr/bin/objcopy
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
'addr2line' '/usr/bin/addr2line'
install -c -S -o root -g bin -m 555 -s addr2line /usr/bin/addr2line
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
'readelf' '/usr/bin/readelf'
install -c -S -o root -g bin -m 555 -s readelf /usr/bin/readelf
install: strip: No such file or directory
/bin/sh ./libtool --mode=install install -c -S -s -o root -g bin -m 555
strip-new /usr/bin/strip
install -c -S -o root -g bin -m 555 -s strip-new /usr/bin/strip
install: strip: No such file or directory
[...]
Re: Improve error message in rcctl(8)
Antoine,
I've been following this thread and noted that you did add _rc_check_name
to rc.subr and call it in rcctl. This looks clean and comprehensive. Two
thoughts, however:
1. I had to look at the pattern match in _rc_check_name for a while
before I understood it; the suggestion below makes it clearer for
someone like myself
2. The second suggestion handles the edge case where the argument to rcctl
matches the name of a subdirectory of rc.d. Note that ls_rcscripts()
earlier in the script has the same test
John
Index: etc/rc.d/rc.subr
===
RCS file: /cvs/src/etc/rc.d/rc.subr,v
retrieving revision 1.116
diff -u -p -r1.116 rc.subr
--- etc/rc.d/rc.subr7 Sep 2016 13:12:42 - 1.116
+++ etc/rc.d/rc.subr15 Sep 2016 15:58:29 -
@@ -61,7 +61,7 @@ _rc_rm_runfile() {
}
_rc_check_name() {
- [[ $1 == +([_[:alpha:]])+(|[_[:alnum:]]) ]]
+ [[ $1 == +([_[:alpha:]])*([_[:alnum:]]) ]]
}
_rc_do() {
Index: usr.sbin/rcctl/rcctl.sh
===
RCS file: /cvs/src/usr.sbin/rcctl/rcctl.sh,v
retrieving revision 1.105
diff -u -p -r1.105 rcctl.sh
--- usr.sbin/rcctl/rcctl.sh 7 Sep 2016 13:13:13 - 1.105
+++ usr.sbin/rcctl/rcctl.sh 15 Sep 2016 15:58:29 -
@@ -141,8 +141,8 @@ svc_is_avail()
local _svc=$1
_rc_check_name "${_svc}" || return
- [ -x "/etc/rc.d/${_svc}" ] && return
- svc_is_special ${_svc}
+ [[ -x "/etc/rc.d/${_svc}" && ! -d "/etc/rc.d/${_svc}" ]] \
+ || svc_is_special ${_svc}
}
svc_is_base()
Sent: Tuesday, September 06, 2016 at 2:13 PM
From: "Antoine Jacoutot"
To: "Anthony Coulter"
Cc: tech@openbsd.org
Subject: Re: Improve error message in rcctl(8)
On Tue, Sep 06, 2016 at 04:09:49PM -0400, Anthony Coulter wrote:
> Regarding Jiri's suggestion: Here is a diff that makes
> `rcctl ls all' only list executable files with valid service
> names.
>
> This diff also fixes two problems with my original submission:
> 1. The use of `[' instead of `[[' causes filename expansion to
> take place on the right-hand side of the comparison; you get
> different results depending on which directory you're sitting
> in when you test. I have switched to `[[' to fix that problem.
> 2. There was a stray closing brace that somehow did not cause
> problems in testing.
That's not enough. It cannot start with a digit either.
I'm working on a better diff.
> Index: usr.sbin/rcctl/rcctl.sh
> ===
> RCS file: /open/anoncvs/cvs/src/usr.sbin/rcctl/rcctl.sh,v
> retrieving revision 1.104
> diff -u -p -r1.104 rcctl.sh
> --- usr.sbin/rcctl/rcctl.sh 30 Jul 2016 06:25:21 - 1.104
> +++ usr.sbin/rcctl/rcctl.sh 6 Sep 2016 20:03:33 -
> @@ -53,8 +53,8 @@ ls_rcscripts()
>
> cd /etc/rc.d && set -- *
> for _s; do
> - [[ ${_s} = *.* ]] && continue
> - [ ! -d "${_s}" ] && echo "${_s}"
> + [[ "${_s}" != +([_0-9A-Za-z]) ]] && continue
> + [ -x "${_s}" ] && echo "${_s}"
> done
> }
>
> @@ -182,7 +182,7 @@ svc_is_meta()
> svc_is_special()
> {
> local _svc=$1
> - [ -n "${_svc}" ] || return
> + [[ "${_svc}" = +([_0-9A-Za-z]) ]] || return
>
> local _cached _ret
>
>
--
Antoine
netinet bcopy->memcpy
Hello -
Here is another diff to switch some bcopy's to memcpy's.
Most bcopy's are on freshly alloc'd memory.
for netinet/
Index: ip_ah.c
===
RCS file: /cvs/src/sys/netinet/ip_ah.c,v
retrieving revision 1.122
diff -u -p -r1.122 ip_ah.c
--- ip_ah.c 13 Sep 2016 19:56:55 - 1.122
+++ ip_ah.c 15 Sep 2016 16:14:33 -
@@ -151,7 +151,7 @@ ah_init(struct tdb *tdbp, struct xformsw
tdbp->tdb_amxkeylen = ii->ii_authkeylen;
tdbp->tdb_amxkey = malloc(tdbp->tdb_amxkeylen, M_XDATA, M_WAITOK);
- bcopy(ii->ii_authkey, tdbp->tdb_amxkey, tdbp->tdb_amxkeylen);
+ memcpy(tdbp->tdb_amxkey, ii->ii_authkey, tdbp->tdb_amxkeylen);
/* Initialize crypto session. */
memset(&cria, 0, sizeof(cria));
@@ -312,7 +312,7 @@ ah_massage_headers(struct mbuf **m0, int
/* Zeroize all other options. */
count = ptr[off + 1];
- bcopy(ipseczeroes, ptr, count);
+ memcpy(ptr, ipseczeroes, count);
off += count;
break;
}
@@ -422,7 +422,7 @@ ah_massage_headers(struct mbuf **m0, int
/* If mutable option, zeroize. */
if (ptr[count] & IP6OPT_MUTABLE)
- bcopy(ipseczeroes, ptr + count,
+ memcpy(ptr + count, ipseczeroes,
ptr[count + 1]);
count += ad;
@@ -642,7 +642,7 @@ ah_input(struct mbuf *m, struct tdb *tdb
if ((tdb->tdb_wnd > 0) && (tdb->tdb_flags & TDBF_ESN)) {
esn = htonl(esn);
- bcopy(&esn, crda->crd_esn, 4);
+ memcpy(crda->crd_esn, &esn, 4);
crda->crd_flags |= CRD_F_ESN;
}
@@ -689,7 +689,7 @@ ah_input(struct mbuf *m, struct tdb *tdb
tc->tc_spi = tdb->tdb_spi;
tc->tc_proto = tdb->tdb_sproto;
tc->tc_rdomain = tdb->tdb_rdomain;
- bcopy(&tdb->tdb_dst, &tc->tc_dst, sizeof(union sockaddr_union));
+ memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
return crypto_dispatch(crp);
}
@@ -1114,7 +1114,7 @@ ah_output(struct mbuf *m, struct tdb *td
u_int32_t esn;
esn = htonl((u_int32_t)(tdb->tdb_rpl >> 32));
- bcopy(&esn, crda->crd_esn, 4);
+ memcpy(crda->crd_esn, &esn, 4);
crda->crd_flags |= CRD_F_ESN;
}
@@ -1138,9 +1138,8 @@ ah_output(struct mbuf *m, struct tdb *td
*/
switch (tdb->tdb_dst.sa.sa_family) {
case AF_INET:
- bcopy(((caddr_t)(tc + 1)) +
- offsetof(struct ip, ip_len),
- (caddr_t) &iplen, sizeof(u_int16_t));
+ memcpy((caddr_t) &iplen, ((caddr_t)(tc + 1)) +
+ offsetof(struct ip, ip_len), sizeof(u_int16_t));
iplen = htons(ntohs(iplen) + rplen + ahx->authsize);
m_copyback(m, offsetof(struct ip, ip_len),
sizeof(u_int16_t), &iplen, M_NOWAIT);
@@ -1148,9 +1147,8 @@ ah_output(struct mbuf *m, struct tdb *td
#ifdef INET6
case AF_INET6:
- bcopy(((caddr_t)(tc + 1)) +
- offsetof(struct ip6_hdr, ip6_plen),
- (caddr_t) &iplen, sizeof(u_int16_t));
+ memcpy((caddr_t) &iplen, ((caddr_t)(tc + 1)) +
+ offsetof(struct ip6_hdr, ip6_plen), sizeof(u_int16_t));
iplen = htons(ntohs(iplen) + rplen + ahx->authsize);
m_copyback(m, offsetof(struct ip6_hdr, ip6_plen),
sizeof(u_int16_t), &iplen, M_NOWAIT);
@@ -1188,7 +1186,7 @@ ah_output(struct mbuf *m, struct tdb *td
tc->tc_spi = tdb->tdb_spi;
tc->tc_proto = tdb->tdb_sproto;
tc->tc_rdomain = tdb->tdb_rdomain;
- bcopy(&tdb->tdb_dst, &tc->tc_dst, sizeof(union sockaddr_union));
+ memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union));
return crypto_dispatch(crp);
}
Index: ip_esp.c
===
RCS file: /cvs/src/sys/netinet/ip_esp.c,v
retrieving revision 1.140
diff -u -p -r1.140 ip_esp.c
--- ip_esp.c13 Sep 2016 19:56:55 - 1.140
+++ ip_esp.c15 Sep 2016 16:14:33 -
@@ -262,7 +262,7 @@ esp_init(struct tdb *tdbp, struct xforms
tdbp->tdb_emxkeylen = ii->ii_enckeylen;
tdbp->tdb_emxkey = malloc(tdbp->tdb_emxkeylen, M_XDATA,
M_WAITOK);
- bcopy(ii->ii_enckey, tdbp->tdb_emxkey, tdbp->tdb_emxkeylen);
+ memcpy(tdbp->tdb_emxkey, ii->ii_enckey, tdbp->tdb_emxkeylen);
memset(&crie, 0, sizeof(crie));
@
Re: video(1): Use read(2) to read file specified with -i
On Thu, Sep 15, 2016 at 02:57:16PM +0200, Jeremie Courreges-Anglas wrote: > [...] > I think this is the right way to work around the problem and make > video(1) more user-friendly. However, I doubt that the manpage bits are > relevant. So I'd like to commit only the .c diff. > > Thoughts? > [...] Fine with me. On second thought, adding the manpage bits was overkill. -- Gregor
Re: rebound quantum entanglement
On 2016/09/15 06:23, Jiri B wrote: > On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > > > What about this: > > > > > > Add "rebound" as possible value to the lookup keyword in resolv.conf. > > > If this is set the libc resolver sends dns requests to the unix socket > > > /var/run/rebound.sock where rebound listens. rebound can use the > > > nameservers from /etc/resolv.conf without the risk of creating "loops". > > > > > > Remi > > > > > > > Non-standard things in resolv.conf hurt; some programs parse this directly. > > Why not having rebound as proxy and use PF anchor for that? > Or having a sysctl knob to "hijack" it somehow? There are certainly plenty of use cases where having it as a hijacking proxy would be a problem (for example, when you want to do a direct DNS lookup from an auth server). On 2016/09/15 13:42, Remi Locherer wrote: > On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > > > > Non-standard things in resolv.conf hurt; some programs parse this directly. > > I did not think of this. Was there a big fallout in 2009 when the family > option was added? How do programs that parse /etc/resolv.conf directly deal > with "lookup yp"? (I know, lookup yp hase been removed recently). Not sure about "family". There were definitely problems with the extension to allow using a particular port.
Re: rebound quantum entanglement
On Thu, Sep 15, 2016 at 10:14:51AM -0400, Ted Unangst wrote: > Florian Obser wrote: > > Not everything listening on localhost port 53 is a recursive resolver. > > nsd(8) per defaults listens on 0.0.0.0 and will respond with REFUSED for > > almost every query. asr stops in that case and does not try the next > > resolver in the list. > > Ah! There's the catch. The good news is I think we can still bind to > localhost:53 if nsd is on *:53 (right?). This matters if rebound isn't > listening. Perhaps I'm confused, but what happens when rebound is stopped by the user or it crashes? I think that would mean requests would fallback to nsd on *:53 which as Florian mentioned, would not try the next nameserver in resolv.conf. -Bryan.
Re: teach BFD how to send route messages
On 2016 Sep 15 (Thu) at 16:18:46 +0200 (+0200), Henning Brauer wrote: :* Peter Hessler [2016-09-15 14:48]: :> On 2016 Sep 15 (Thu) at 13:28:10 +0200 (+0200), Martin Pieuchot wrote: :> :By the way 'softc' is generally for device drivers, you might prefer :> :something like bfdd (d for descriptor). :> There's be a whole lot of bikeshedding about this topic, I would prefer :> not to change it for now. : :errm, no. please fix. :softc is clear to any developer who's spent time in kernel land, and :this is abuse. misleading as f***. Based on the above, and a few private comments, I will change the name away from bfd_softc. bfdd is fine with me, and I'm planning on using bd_ as its variable prefix. -- For those who like this sort of thing, this is the sort of thing they like. -- Abraham Lincoln
timeout_set_proc(9)
After discussing with a few people about a new "timed task" API I came to the conclusion that mixing timeouts and tasks will result in: - always including a 'struct timeout' in a 'struct task', or the other the way around or - introducing a new data structure, hence API. Since I'd like to keep the change as small as possible when converting existing timeout_set(9), neither option seem a good fit. So I decided to add a new kernel thread, curiously named "softclock", that will offer his stack to the poor timeout handlers that need one. With this approach, converting a timeout is just a matter of doing: s/timeout_set/timeout_set_proc/ Diff below includes the conversions I need for the "netlock". I'm waiting for feedbacks and a better name to document the new function. Comments? Index: net/if_pflow.c === RCS file: /cvs/src/sys/net/if_pflow.c,v retrieving revision 1.61 diff -u -p -r1.61 if_pflow.c --- net/if_pflow.c 29 Apr 2016 08:55:03 - 1.61 +++ net/if_pflow.c 15 Sep 2016 14:19:10 - @@ -548,15 +548,16 @@ pflow_init_timeouts(struct pflow_softc * if (timeout_initialized(&sc->sc_tmo_tmpl)) timeout_del(&sc->sc_tmo_tmpl); if (!timeout_initialized(&sc->sc_tmo)) - timeout_set(&sc->sc_tmo, pflow_timeout, sc); + timeout_set_proc(&sc->sc_tmo, pflow_timeout, sc); break; case PFLOW_PROTO_10: if (!timeout_initialized(&sc->sc_tmo_tmpl)) - timeout_set(&sc->sc_tmo_tmpl, pflow_timeout_tmpl, sc); + timeout_set_proc(&sc->sc_tmo_tmpl, pflow_timeout_tmpl, + sc); if (!timeout_initialized(&sc->sc_tmo)) - timeout_set(&sc->sc_tmo, pflow_timeout, sc); + timeout_set_proc(&sc->sc_tmo, pflow_timeout, sc); if (!timeout_initialized(&sc->sc_tmo6)) - timeout_set(&sc->sc_tmo6, pflow_timeout6, sc); + timeout_set_proc(&sc->sc_tmo6, pflow_timeout6, sc); timeout_add_sec(&sc->sc_tmo_tmpl, PFLOW_TMPL_TIMEOUT); break; Index: net/if_pfsync.c === RCS file: /cvs/src/sys/net/if_pfsync.c,v retrieving revision 1.231 diff -u -p -r1.231 if_pfsync.c --- net/if_pfsync.c 15 Sep 2016 02:00:18 - 1.231 +++ net/if_pfsync.c 15 Sep 2016 14:19:10 - @@ -328,9 +328,9 @@ pfsync_clone_create(struct if_clone *ifc IFQ_SET_MAXLEN(&ifp->if_snd, IFQ_MAXLEN); ifp->if_hdrlen = sizeof(struct pfsync_header); ifp->if_mtu = ETHERMTU; - timeout_set(&sc->sc_tmo, pfsync_timeout, sc); - timeout_set(&sc->sc_bulk_tmo, pfsync_bulk_update, sc); - timeout_set(&sc->sc_bulkfail_tmo, pfsync_bulk_fail, sc); + timeout_set_proc(&sc->sc_tmo, pfsync_timeout, sc); + timeout_set_proc(&sc->sc_bulk_tmo, pfsync_bulk_update, sc); + timeout_set_proc(&sc->sc_bulkfail_tmo, pfsync_bulk_fail, sc); if_attach(ifp); if_alloc_sadl(ifp); @@ -1723,7 +1723,7 @@ pfsync_defer(struct pf_state *st, struct sc->sc_deferred++; TAILQ_INSERT_TAIL(&sc->sc_deferrals, pd, pd_entry); - timeout_set(&pd->pd_tmo, pfsync_defer_tmo, pd); + timeout_set_proc(&pd->pd_tmo, pfsync_defer_tmo, pd); timeout_add_msec(&pd->pd_tmo, 20); schednetisr(NETISR_PFSYNC); Index: netinet/ip_carp.c === RCS file: /cvs/src/sys/netinet/ip_carp.c,v retrieving revision 1.293 diff -u -p -r1.293 ip_carp.c --- netinet/ip_carp.c 25 Jul 2016 16:44:04 - 1.293 +++ netinet/ip_carp.c 15 Sep 2016 14:19:11 - @@ -831,9 +831,9 @@ carp_new_vhost(struct carp_softc *sc, in vhe->vhid = vhid; vhe->advskew = advskew; vhe->state = INIT; - timeout_set(&vhe->ad_tmo, carp_send_ad, vhe); - timeout_set(&vhe->md_tmo, carp_master_down, vhe); - timeout_set(&vhe->md6_tmo, carp_master_down, vhe); + timeout_set_proc(&vhe->ad_tmo, carp_send_ad, vhe); + timeout_set_proc(&vhe->md_tmo, carp_master_down, vhe); + timeout_set_proc(&vhe->md6_tmo, carp_master_down, vhe); KERNEL_ASSERT_LOCKED(); /* touching carp_vhosts */ Index: netinet/tcp_timer.h === RCS file: /cvs/src/sys/netinet/tcp_timer.h,v retrieving revision 1.13 diff -u -p -r1.13 tcp_timer.h --- netinet/tcp_timer.h 6 Jul 2011 23:44:20 - 1.13 +++ netinet/tcp_timer.h 15 Sep 2016 14:19:11 - @@ -116,7 +116,7 @@ const char *tcptimers[] = * Init, arm, disarm, and test TCP timers. */ #defineTCP_TIMER_INIT(tp, timer) \ - timeout_set(&(tp)->t_timer[(timer)], tcp_timer_funcs[(timer)], tp)
Re: rebound quantum entanglement
* Ted Unangst [2016-09-15 16:15]: > The good news is I think we can still bind to > localhost:53 if nsd is on *:53 (right?). right. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: teach BFD how to send route messages
* Peter Hessler [2016-09-15 14:48]: > On 2016 Sep 15 (Thu) at 13:28:10 +0200 (+0200), Martin Pieuchot wrote: > :By the way 'softc' is generally for device drivers, you might prefer > :something like bfdd (d for descriptor). > There's be a whole lot of bikeshedding about this topic, I would prefer > not to change it for now. errm, no. please fix. softc is clear to any developer who's spent time in kernel land, and this is abuse. misleading as f***. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual & Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: rebound quantum entanglement
Florian Obser wrote: > Not everything listening on localhost port 53 is a recursive resolver. > nsd(8) per defaults listens on 0.0.0.0 and will respond with REFUSED for > almost every query. asr stops in that case and does not try the next > resolver in the list. Ah! There's the catch. The good news is I think we can still bind to localhost:53 if nsd is on *:53 (right?). This matters if rebound isn't listening.
Re: random malloc junk
Otto Moerbeek wrote:
> On Wed, Sep 14, 2016 at 12:53:05PM -0400, Ted Unangst wrote:
>
> > Daniel Micay wrote:
> > >
> > > The current OpenBSD code only wipes up to MALLOC_MAXCHUNK with junk @ 1,
> > > and it similarly doesn't wipe at all with 'U' (even though junk-on-free
> > > also serves the purpose of preventing information leaks, not just
> > > mitigating use-after-free). IMO, optimizing large allocation perf like
> > > this isn't worthwhile.
> >
> > this requires some analysis of what programs do in the wild. some programs
> > preemptively malloc large buffers, but don't touch them. it would be a
> > serious
> > reqression for free to fault in new pages, just to ditry them, then turn
> > around and unmap them. some of this is because i believe the code is doing
> > things at the wrong time. if you want to dirty whole pages, it should be
> > when
> > they go on the freelist, not immediately.
>
> Something like this?
didn't look too closely, but looks good from a distance. :)
>
> -Otto
>
> Index: malloc.c
> ===
> RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
> retrieving revision 1.195
> diff -u -p -r1.195 malloc.c
> --- malloc.c 1 Sep 2016 10:41:02 - 1.195
> +++ malloc.c 15 Sep 2016 06:09:28 -
> @@ -376,6 +376,12 @@ unmap(struct dir_info *d, void *p, size_
> for (i = 0; i < mopts.malloc_cache; i++) {
> r = &d->free_regions[(i + offset) & (mopts.malloc_cache - 1)];
> if (r->p == NULL) {
> + if (mopts.malloc_junk && !mopts.malloc_freeunmap) {
> + size_t amt = mopts.malloc_junk == 1 ?
> + MALLOC_MAXCHUNK :
> + PAGEROUND(sz) - mopts.malloc_guard;
> + memset(p, SOME_FREEJUNK, amt);
> + }
> if (mopts.malloc_hint)
> madvise(p, sz, MADV_FREE);
> if (mopts.malloc_freeunmap)
> @@ -1335,11 +1341,6 @@ ofree(struct dir_info *argpool, void *p)
> wrterror(pool, "mprotect", NULL);
> }
> STATS_SUB(pool->malloc_guarded, mopts.malloc_guard);
> - }
> - if (mopts.malloc_junk && !mopts.malloc_freeunmap) {
> - size_t amt = mopts.malloc_junk == 1 ? MALLOC_MAXCHUNK :
> - PAGEROUND(sz) - mopts.malloc_guard;
> - memset(p, SOME_FREEJUNK, amt);
> }
> unmap(pool, p, PAGEROUND(sz));
> delete(pool, r);
>
>
Re: teach BFD how to send route messages
> :By the way 'softc' is generally for device drivers, you might prefer > :something like bfdd (d for descriptor). > > There's be a whole lot of bikeshedding about this topic, I would prefer > not to change it for now. It should be changed. mpi is right. That variable naming should only refer per-instance state of a driver, direct out of autoconf. It should never appear far away from autoconf. It would be like declaring char *i, and int p.
Re: video(1): Use read(2) to read file specified with -i
Gregor Best writes:
> Hi,
Hi,
> video(1) fails to read files that were previously recorded with -o
> somefile, unless -g (to select read(2) as the input method) is also
> specified:
>
>$ video -o foo
>^C
>$ video -i foo
>video: ioctl VIDIOC_REQBUFS: Bad file descriptor
>$ video -g -i foo
>[ plays the file ]
>
> mmap-mode doesn't work here because it uses a few v4l2-specific ioctls
> to talk to the video device.
>
> The patch below fixes that by always using read(2) when the -i option is
> used.
I think this is the right way to work around the problem and make
video(1) more user-friendly. However, I doubt that the manpage bits are
relevant. So I'd like to commit only the .c diff.
Thoughts?
Index: video.c
===
RCS file: /cvs/xenocara/app/video/video.c,v
retrieving revision 1.19
diff -u -p -p -u -r1.19 video.c
--- video.c 6 Jun 2016 19:31:22 - 1.19
+++ video.c 15 Sep 2016 12:41:25 -
@@ -1805,6 +1805,7 @@ main(int argc, char *argv[])
err++;
} else {
vid.mode = (vid.mode & ~M_IN_DEV) | M_IN_FILE;
+ vid.mmap_on = 0; /* mmap mode does not work for
files */
snprintf(vid.iofile, sizeof(vid.iofile),
optarg);
}
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: teach BFD how to send route messages
On 2016 Sep 15 (Thu) at 13:28:10 +0200 (+0200), Martin Pieuchot wrote:
:On 14/09/16(Wed) 15:50, Peter Hessler wrote:
:> This is a work-in-progress diff that I would like to commit. I can print
:> a few things, but there is a problem when trying to bring in more
:> fields. Printing is also ugly, but I can fix that in-tree.
:
:Well you're mixing multiples things in one diff, could you keep one
:topic per diff?
:
Yes, sorry about that.
:> While here, I print the descr's as ints, the same way Juniper does it.
:
:I'm not sure which part of the diff I should look at.
:
Ignore this part. I will take care of that seperately.
:> I also had to add RTM_INVALIDATE, to keep the ordering correct.
:
:This change is ok mpi@.
:
:> Am I tying this into route(8) and rtsock.c correctly?
:
:I think so, more comments below.
:
:> Index: sbin/route/route.c
:> ===
:> RCS file: /cvs/openbsd/src/sbin/route/route.c,v
:> retrieving revision 1.190
:> diff -u -p -u -p -r1.190 route.c
:> --- sbin/route/route.c 4 Sep 2016 09:41:03 - 1.190
:> +++ sbin/route/route.c 14 Sep 2016 10:20:04 -
:> @@ -41,6 +41,10 @@
:> #include
:> #include
:>
:> +#include
:> +#include
:> +#include
:
:You should guard kernel-only structures inside "#ifdef _KERNEL", no need
:to export bfd_softc to userland. This will prevent you from polluting
:the namespace an need to include kernel headers.
:
OK, will do.
:By the way 'softc' is generally for device drivers, you might prefer
:something like bfdd (d for descriptor).
There's be a whole lot of bikeshedding about this topic, I would prefer
not to change it for now.
:> #include
:> #include
:>
:> @@ -90,6 +94,7 @@ voidsodump(sup, char *);
:> char*priorityname(uint8_t);
:> uint8_t getpriority(char *);
:> void print_getmsg(struct rt_msghdr *, int);
:> +void print_bfdmsg(struct bfd_msghdr *);
:> const char *get_linkstate(int, int);
:> void print_rtmsg(struct rt_msghdr *, int);
:> void pmsg_common(struct rt_msghdr *);
:> @@ -1240,6 +1245,7 @@ char *msgtypes[] = {
:> "RTM_IFINFO: iface status change",
:> "RTM_IFANNOUNCE: iface arrival/departure",
:> "RTM_DESYNC: route socket overflow",
:> +"RTM_INVALIDATE: invalidate cache of L2 route",
:> "RTM_BFD: bidirectional forwarding detection",
:> };
:>
:> @@ -1277,6 +1283,7 @@ print_rtmsg(struct rt_msghdr *rtm, int m
:> struct if_msghdr *ifm;
:> struct ifa_msghdr *ifam;
:> struct if_announcemsghdr *ifan;
:> +struct bfd_msghdr *bfd;
:> char ifname[IF_NAMESIZE];
:>
:> if (verbose == 0)
:> @@ -1333,7 +1340,9 @@ print_rtmsg(struct rt_msghdr *rtm, int m
:> printf("\n");
:> break;
:> case RTM_BFD:
:> -printf("bfd\n");/* XXX - expand*/
:> +bfd = (struct bfd_msghdr *)rtm;
:> +printf(", BFD ");
:> +print_bfdmsg(bfd);
:
:I wonder if the BFD code shouldn't be under #ifdef SMALL, you should
:check with deraadt@ if it grows the size of route(8).
:
I'm happy to add that, sure. The kernel side should not be compiled
under SMALL either.
:> break;
:> default:
:> printf(", priority %d, table %u, ifidx %u, ",
:> @@ -1524,6 +1533,48 @@ print_getmsg(struct rt_msghdr *rtm, int
:> putchar('\n');
:> }
:> #undef RTA_IGN
:> +}
:> +
:> +void
:> +print_bfdmsg(struct bfd_msghdr *bfd)
:> +{
:> +printf("mode ");
:> +switch (bfd->mode) {
:> +case BFD_MODE_ASYNC:
:> +printf("ASYNC");
:> +break;
:> +case BFD_MODE_DEMAND:
:> +printf("DEMAND");
:> +break;
:> +}
:> +printf(" state ");
:> +switch (bfd->state) {
:> +case BFD_STATE_ADMINDOWN:
:> +printf("AdminDown");
:> +break;
:> +case BFD_STATE_DOWN:
:> +printf("Down");
:> +break;
:> +case BFD_STATE_INIT:
:> +printf("Init");
:> +break;
:> +case BFD_STATE_UP:
:> +printf("Up");
:> +break;
:> +}
:> +printf(" error %d", bfd->error);
:> +printf(" localdiscr %u", bfd->localdiscr);
:> +printf(" remotediscr %u", bfd->remotediscr);
:> +printf(" localdiag %u", bfd->localdiag);
:> +printf(" remotediag %u", bfd->remotediag);
:> +printf(" uptime %lld", bfd->uptime);
:> +printf(" lastuptime %lld", bfd->lastuptime);
:> +
:> +printf(" mintx %ums", bfd->mintx / 1000);
:> +printf(" minrx %ums", bfd->minrx / 1000);
:> +printf(" multiplier %ux", bfd->multiplier);
:
:In this output you're mixing UPERCASE, camelCase and lowercase, is it on
:purpose?
:
Partially on purpose. This part will get a lot more fixes to make it
easier to read and to deal with.
I can lowercase everything, that is fine.
:Another remark, could you prefix the field name of your "struct bfd_msghdr"
:with ``bfdm_'
Re: rebound quantum entanglement
On Wed, Sep 14, 2016 at 09:19:07PM -0400, Ted Unangst wrote: > So the plan is for rebound to be the 'system' resolver, with libc talking to > rbeound and rebound talking to the cloud. The main wrinkle is how does rebound > find the cloud? rebound.conf, but dhclient doesn't know anything about > rebound.conf, preferring to edit resolv.conf. But if rebound reads > resolv.conf, what does libc read? This has been a bit of a tangle until now, > especially in scenarios like upgrades where rebound may not even be running. > > And so I present the following diff to enable a smooth transition. It's > 'quantum' because it works whether or not rebound is running. No need to open > the box. > > 1. rebound reads resolv.conf. This remains the config file for upstream DNS. > > 2. libc now prepends its nameserver list with localhost, thus always searching > for rebound. If it's not running, we just continue down the list. Not everything listening on localhost port 53 is a recursive resolver. nsd(8) per defaults listens on 0.0.0.0 and will respond with REFUSED for almost every query. asr stops in that case and does not try the next resolver in the list. -- I'm not entirely sure you are real.
Re: CPUID: Check for PTM and HWP features
Thanks for noticing this!
Here's an updated diff. I also included Hardware Duty Cycling (HDC) tests.
Index: arch/amd64/include/specialreg.h
===
RCS file: /cvs/src/sys/arch/amd64/include/specialreg.h,v
retrieving revision 1.48
diff -u -p -u -p -r1.48 specialreg.h
--- arch/amd64/include/specialreg.h 10 Sep 2016 17:15:44 - 1.48
+++ arch/amd64/include/specialreg.h 15 Sep 2016 12:05:46 -
@@ -220,6 +220,9 @@
*/
#defineTPM_SENSOR 0x0001 /* Digital temp sensor */
#defineTPM_ARAT0x0004 /* APIC Timer Always Running */
+#defineTPM_PTM 0x0040 /* Package Thermal Management
*/
+#defineTPM_HWP 0x0080 /* Hardware P-states */
+#defineTPM_HDC 0x2000 /* Hardware Duty Cycling */
/*
* "Architectural Performance Monitoring" bits (CPUID function 0x0a):
@@ -414,6 +417,16 @@
#define MSR_MC3_STATUS 0x411
#define MSR_MC3_ADDR 0x412
#define MSR_MC3_MISC 0x413
+
+/* Hardware P state interface */
+#define MSR_PPERF 0x64e
+#define MSR_PERF_LIMIT_REASONS 0x64f
+#define MSR_PM_ENABLE 0x770
+#define MSR_HWP_CAPABILITIES 0x771
+#define MSR_HWP_REQUEST_PKG0x772
+#define MSR_HWP_INTERRUPT 0x773
+#define MSR_HWP_REQUEST0x774
+#define MSR_HWP_STATUS 0x777
/* VIA MSR */
#define MSR_CENT_TMTEMPERATURE 0x1423 /* Thermal monitor temperature */
Index: arch/i386/include/specialreg.h
===
RCS file: /cvs/src/sys/arch/i386/include/specialreg.h,v
retrieving revision 1.57
diff -u -p -u -p -r1.57 specialreg.h
--- arch/i386/include/specialreg.h 3 Sep 2016 13:35:03 - 1.57
+++ arch/i386/include/specialreg.h 15 Sep 2016 12:05:47 -
@@ -205,6 +205,9 @@
*/
#defineTPM_SENSOR 0x0001 /* Digital temp sensor */
#defineTPM_ARAT0x0004 /* APIC Timer Always Running */
+#defineTPM_PTM 0x0040 /* Package Thermal Management
*/
+#defineTPM_HWP 0x0080 /* Hardware P-states */
+#defineTPM_HDC 0x2000 /* Hardware Duty Cycling */
/*
* "Architectural Performance Monitoring" bits (CPUID function 0x0a):
@@ -396,6 +399,16 @@
#define MSR_MC3_STATUS 0x411
#define MSR_MC3_ADDR 0x412
#define MSR_MC3_MISC 0x413
+
+/* Hardware P state interface */
+#define MSR_PPERF 0x64e
+#define MSR_PERF_LIMIT_REASONS 0x64f
+#define MSR_PM_ENABLE 0x770
+#define MSR_HWP_CAPABILITIES 0x771
+#define MSR_HWP_REQUEST_PKG0x772
+#define MSR_HWP_INTERRUPT 0x773
+#define MSR_HWP_REQUEST0x774
+#define MSR_HWP_STATUS 0x777
/* VIA MSRs */
#define MSR_CENT_TMTEMPERATURE 0x1423 /* Thermal monitor temperature */
Index: arch/amd64/amd64/identcpu.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.74
diff -u -p -u -p -r1.74 identcpu.c
--- arch/amd64/amd64/identcpu.c 3 Sep 2016 12:12:43 - 1.74
+++ arch/amd64/amd64/identcpu.c 15 Sep 2016 12:05:47 -
@@ -199,6 +199,9 @@ const struct {
}, cpu_tpm_eaxfeatures[] = {
{ TPM_SENSOR, "SENSOR" },
{ TPM_ARAT, "ARAT" },
+ { TPM_PTM, "PTM" },
+ { TPM_HWP, "HWP" },
+ { TPM_HDC, "HDC" },
}, cpu_cpuid_perf_eax[] = {
{ CPUIDEAX_VERID, "PERF" },
}, cpu_cpuid_apmi_edx[] = {
Index: arch/i386/i386/machdep.c
===
RCS file: /cvs/src/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.589
diff -u -p -u -p -r1.589 machdep.c
--- arch/i386/i386/machdep.c3 Sep 2016 12:12:43 - 1.589
+++ arch/i386/i386/machdep.c15 Sep 2016 12:05:47 -
@@ -1089,6 +1089,9 @@ const struct cpu_cpuid_feature cpu_seff0
const struct cpu_cpuid_feature cpu_tpm_eaxfeatures[] = {
{ TPM_SENSOR, "SENSOR" },
{ TPM_ARAT, "ARAT" },
+ { TPM_PTM, "PTM" },
+ { TPM_HWP, "HWP" },
+ { TPM_HDC, "HDC" },
};
const struct cpu_cpuid_feature i386_cpuid_eaxperf[] = {
Re: rebound quantum entanglement
On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > On 2016/09/15 10:39, Remi Locherer wrote: > > On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > > > wont this also mean if it is not running i have to wait for the > > > > > localhost > > > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, > > > > > etc) so i > > > > > slow everything down for a timeout? > > > > > > > > Not if he connects to the TCP port 53 instead of the UDP; it looks like > > > > rebound binds to both. > > > > > > OK. But I suspect this is multiple system-call roundtrip for everyone > > > not running rebound. > > > > What about this: > > > > Add "rebound" as possible value to the lookup keyword in resolv.conf. > > If this is set the libc resolver sends dns requests to the unix socket > > /var/run/rebound.sock where rebound listens. rebound can use the > > nameservers from /etc/resolv.conf without the risk of creating "loops". > > > > Remi > > > > Non-standard things in resolv.conf hurt; some programs parse this directly. I did not think of this. Was there a big fallout in 2009 when the family option was added? How do programs that parse /etc/resolv.conf directly deal with "lookup yp"? (I know, lookup yp hase been removed recently).
Re: CPUID: Check for PTM and HWP features
On Thu, Sep 15, 2016 at 01:42:33PM +0300, Paul Irofti wrote:
> Hi,
>
> The following diff adds checks for Package Thermal Management and
> Hardware P-states in the Thermal and Power Management CPUID Leaf.
>
> I also added the the Hardware P-States MSRs for a Skylake firmware fix
> that I will send later toady. I don't mind if that should go in a separate
> commit.
>
> Tested only on amd64, i386 tests welcomed! Ok?
>
>
> Index: arch/amd64/include/specialreg.h
> ===
> RCS file: /cvs/src/sys/arch/amd64/include/specialreg.h,v
> retrieving revision 1.48
> diff -u -p -u -p -r1.48 specialreg.h
> --- arch/amd64/include/specialreg.h 10 Sep 2016 17:15:44 - 1.48
> +++ arch/amd64/include/specialreg.h 15 Sep 2016 10:36:48 -
> @@ -220,6 +220,8 @@
> */
> #define TPM_SENSOR 0x0001 /* Digital temp sensor */
> #define TPM_ARAT0x0004 /* APIC Timer Always Running */
> +#define TPM_PTM 0x0006 /* Package Thermal Management
> */
> +#define TPM_HWP 0x0007 /* Hardware P-states */
Those are not single bits.
The Thermal and Power Management Leaf has eax documented as:
Bit 00: Digital temperature sensor is supported if set.
Bit 01: Intel Turbo Boost Technology Available (see description of
IA32_MISC_ENABLE[38]).
Bit 02: ARAT. APIC-Timer-always-running feature is supported if set.
Bit 03: Reserved.
Bit 04: PLN. Power limit notification controls are supported if set.
Bit 05: ECMD. Clock modulation duty cycle extension is supported if set.
Bit 06: PTM. Package thermal management is supported if set.
Bit 07: HWP. HWP base registers (IA32_PM_ENABLE[bit 0], IA32_HWP_CAPABILITIES,
IA32_HWP_REQUEST, IA32_HWP_STATUS) are supported if set.
Bit 08: HWP_Notification. IA32_HWP_INTERRUPT MSR is supported if set.
Bit 09: HWP_Activity_Window. IA32_HWP_REQUEST[bits 41:32] is supported if set.
Bit 10: HWP_Energy_Performance_Preference. IA32_HWP_REQUEST[bits 31:24] is
supported if set.
Bit 11: HWP_Package_Level_Request. IA32_HWP_REQUEST_PKG MSR is supported if set.
Bit 12: Reserved.
Bit 13: HDC. HDC base registers IA32_PKG_HDC_CTL, IA32_PM_CTL1,
IA32_THREAD_STALL MSRs are
supported if set.
Bits 31 - 15: Reserved.
So they should be (1 << 6) 0x40, and (1 << 7) 0x80 instead.
>
> /*
>* "Architectural Performance Monitoring" bits (CPUID function 0x0a):
> @@ -414,6 +416,16 @@
> #define MSR_MC3_STATUS 0x411
> #define MSR_MC3_ADDR 0x412
> #define MSR_MC3_MISC 0x413
> +
> +/* Hardware P state interface */
> +#define MSR_PPERF0x64e
> +#define MSR_PERF_LIMIT_REASONS 0x64f
> +#define MSR_PM_ENABLE0x770
> +#define MSR_HWP_CAPABILITIES 0x771
> +#define MSR_HWP_REQUEST_PKG 0x772
> +#define MSR_HWP_INTERRUPT0x773
> +#define MSR_HWP_REQUEST 0x774
> +#define MSR_HWP_STATUS 0x777
>
> /* VIA MSR */
> #define MSR_CENT_TMTEMPERATURE 0x1423 /* Thermal monitor temperature
> */
> Index: arch/i386/include/specialreg.h
> ===
> RCS file: /cvs/src/sys/arch/i386/include/specialreg.h,v
> retrieving revision 1.57
> diff -u -p -u -p -r1.57 specialreg.h
> --- arch/i386/include/specialreg.h3 Sep 2016 13:35:03 - 1.57
> +++ arch/i386/include/specialreg.h15 Sep 2016 10:36:48 -
> @@ -205,6 +205,8 @@
> */
> #define TPM_SENSOR 0x0001 /* Digital temp sensor */
> #define TPM_ARAT0x0004 /* APIC Timer Always Running */
> +#define TPM_PTM 0x0006 /* Package Thermal Management
> */
> +#define TPM_HWP 0x0007 /* Hardware P-states */
>
> /*
> * "Architectural Performance Monitoring" bits (CPUID function 0x0a):
> @@ -396,6 +398,16 @@
> #define MSR_MC3_STATUS 0x411
> #define MSR_MC3_ADDR 0x412
> #define MSR_MC3_MISC 0x413
> +
> +/* Hardware P state interface */
> +#define MSR_PPERF0x64e
> +#define MSR_PERF_LIMIT_REASONS 0x64f
> +#define MSR_PM_ENABLE0x770
> +#define MSR_HWP_CAPABILITIES 0x771
> +#define MSR_HWP_REQUEST_PKG 0x772
> +#define MSR_HWP_INTERRUPT0x773
> +#define MSR_HWP_REQUEST 0x774
> +#define MSR_HWP_STATUS 0x777
>
> /* VIA MSRs */
> #define MSR_CENT_TMTEMPERATURE 0x1423 /* Thermal monitor temperature
> */
> Index: arch/amd64/amd64/identcpu.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
> retrieving revision 1.74
> diff -u -p -u -p -r1.74 identcpu.c
> --- arch/amd64/amd64/identcpu.c 3 Sep 2016 12:12:43 - 1.74
> +++ arch/amd64/amd64/identcpu.c 15 Sep 2016 10:36:48 -
> @@ -199,6 +199,8 @@ const struct {
> }, cpu_tpm_eaxfeatures[] = {
> { TPM_SENSOR, "SENSOR" },
> { TPM_ARAT,
Re: teach BFD how to send route messages
On 14/09/16(Wed) 15:50, Peter Hessler wrote:
> This is a work-in-progress diff that I would like to commit. I can print
> a few things, but there is a problem when trying to bring in more
> fields. Printing is also ugly, but I can fix that in-tree.
Well you're mixing multiples things in one diff, could you keep one
topic per diff?
> While here, I print the descr's as ints, the same way Juniper does it.
I'm not sure which part of the diff I should look at.
> I also had to add RTM_INVALIDATE, to keep the ordering correct.
This change is ok mpi@.
> Am I tying this into route(8) and rtsock.c correctly?
I think so, more comments below.
> Index: sbin/route/route.c
> ===
> RCS file: /cvs/openbsd/src/sbin/route/route.c,v
> retrieving revision 1.190
> diff -u -p -u -p -r1.190 route.c
> --- sbin/route/route.c4 Sep 2016 09:41:03 - 1.190
> +++ sbin/route/route.c14 Sep 2016 10:20:04 -
> @@ -41,6 +41,10 @@
> #include
> #include
>
> +#include
> +#include
> +#include
You should guard kernel-only structures inside "#ifdef _KERNEL", no need
to export bfd_softc to userland. This will prevent you from polluting
the namespace an need to include kernel headers.
By the way 'softc' is generally for device drivers, you might prefer
something like bfdd (d for descriptor).
> #include
> #include
>
> @@ -90,6 +94,7 @@ void sodump(sup, char *);
> char *priorityname(uint8_t);
> uint8_t getpriority(char *);
> void print_getmsg(struct rt_msghdr *, int);
> +void print_bfdmsg(struct bfd_msghdr *);
> const char *get_linkstate(int, int);
> void print_rtmsg(struct rt_msghdr *, int);
> void pmsg_common(struct rt_msghdr *);
> @@ -1240,6 +1245,7 @@ char *msgtypes[] = {
> "RTM_IFINFO: iface status change",
> "RTM_IFANNOUNCE: iface arrival/departure",
> "RTM_DESYNC: route socket overflow",
> + "RTM_INVALIDATE: invalidate cache of L2 route",
> "RTM_BFD: bidirectional forwarding detection",
> };
>
> @@ -1277,6 +1283,7 @@ print_rtmsg(struct rt_msghdr *rtm, int m
> struct if_msghdr *ifm;
> struct ifa_msghdr *ifam;
> struct if_announcemsghdr *ifan;
> + struct bfd_msghdr *bfd;
> char ifname[IF_NAMESIZE];
>
> if (verbose == 0)
> @@ -1333,7 +1340,9 @@ print_rtmsg(struct rt_msghdr *rtm, int m
> printf("\n");
> break;
> case RTM_BFD:
> - printf("bfd\n");/* XXX - expand*/
> + bfd = (struct bfd_msghdr *)rtm;
> + printf(", BFD ");
> + print_bfdmsg(bfd);
I wonder if the BFD code shouldn't be under #ifdef SMALL, you should
check with deraadt@ if it grows the size of route(8).
> break;
> default:
> printf(", priority %d, table %u, ifidx %u, ",
> @@ -1524,6 +1533,48 @@ print_getmsg(struct rt_msghdr *rtm, int
> putchar('\n');
> }
> #undef RTA_IGN
> +}
> +
> +void
> +print_bfdmsg(struct bfd_msghdr *bfd)
> +{
> + printf("mode ");
> + switch (bfd->mode) {
> + case BFD_MODE_ASYNC:
> + printf("ASYNC");
> + break;
> + case BFD_MODE_DEMAND:
> + printf("DEMAND");
> + break;
> + }
> + printf(" state ");
> + switch (bfd->state) {
> + case BFD_STATE_ADMINDOWN:
> + printf("AdminDown");
> + break;
> + case BFD_STATE_DOWN:
> + printf("Down");
> + break;
> + case BFD_STATE_INIT:
> + printf("Init");
> + break;
> + case BFD_STATE_UP:
> + printf("Up");
> + break;
> + }
> + printf(" error %d", bfd->error);
> + printf(" localdiscr %u", bfd->localdiscr);
> + printf(" remotediscr %u", bfd->remotediscr);
> + printf(" localdiag %u", bfd->localdiag);
> + printf(" remotediag %u", bfd->remotediag);
> + printf(" uptime %lld", bfd->uptime);
> + printf(" lastuptime %lld", bfd->lastuptime);
> +
> + printf(" mintx %ums", bfd->mintx / 1000);
> + printf(" minrx %ums", bfd->minrx / 1000);
> + printf(" multiplier %ux", bfd->multiplier);
In this output you're mixing UPERCASE, camelCase and lowercase, is it on
purpose?
Another remark, could you prefix the field name of your "struct bfd_msghdr"
with ``bfdm_''? This would make your code coherent with the existing
if_msghr, ifa_msghr, if_announcemsghdr and rt_msghdr.
> +
> + printf("\n");
I'd keep the pmsg_addrs() idiom, especially calling fflush(stdout).
> }
> Index: sys/net/bfd.c
> ===
> RCS file: /cvs/openbsd/src/sys/net/bfd.c,v
> retrieving revision 1.24
> diff -u -p -u -p -r1.24 bfd.c
> --- sys/net/bfd.c 13 Sep 2016 07:56:05 - 1.24
> +++ sys/net/bfd.c 14 Sep 2016 10:48:39 -
> @@ -161,7 +161,7 @@ struct bfd_state {
> uint32_tAuthSeqKnown;
> };
>
> -stru
CPUID: Check for PTM and HWP features
Hi,
The following diff adds checks for Package Thermal Management and
Hardware P-states in the Thermal and Power Management CPUID Leaf.
I also added the the Hardware P-States MSRs for a Skylake firmware fix
that I will send later toady. I don't mind if that should go in a separate
commit.
Tested only on amd64, i386 tests welcomed! Ok?
Index: arch/amd64/include/specialreg.h
===
RCS file: /cvs/src/sys/arch/amd64/include/specialreg.h,v
retrieving revision 1.48
diff -u -p -u -p -r1.48 specialreg.h
--- arch/amd64/include/specialreg.h 10 Sep 2016 17:15:44 - 1.48
+++ arch/amd64/include/specialreg.h 15 Sep 2016 10:36:48 -
@@ -220,6 +220,8 @@
*/
#defineTPM_SENSOR 0x0001 /* Digital temp sensor */
#defineTPM_ARAT0x0004 /* APIC Timer Always Running */
+#defineTPM_PTM 0x0006 /* Package Thermal Management
*/
+#defineTPM_HWP 0x0007 /* Hardware P-states */
/*
* "Architectural Performance Monitoring" bits (CPUID function 0x0a):
@@ -414,6 +416,16 @@
#define MSR_MC3_STATUS 0x411
#define MSR_MC3_ADDR 0x412
#define MSR_MC3_MISC 0x413
+
+/* Hardware P state interface */
+#define MSR_PPERF 0x64e
+#define MSR_PERF_LIMIT_REASONS 0x64f
+#define MSR_PM_ENABLE 0x770
+#define MSR_HWP_CAPABILITIES 0x771
+#define MSR_HWP_REQUEST_PKG0x772
+#define MSR_HWP_INTERRUPT 0x773
+#define MSR_HWP_REQUEST0x774
+#define MSR_HWP_STATUS 0x777
/* VIA MSR */
#define MSR_CENT_TMTEMPERATURE 0x1423 /* Thermal monitor temperature */
Index: arch/i386/include/specialreg.h
===
RCS file: /cvs/src/sys/arch/i386/include/specialreg.h,v
retrieving revision 1.57
diff -u -p -u -p -r1.57 specialreg.h
--- arch/i386/include/specialreg.h 3 Sep 2016 13:35:03 - 1.57
+++ arch/i386/include/specialreg.h 15 Sep 2016 10:36:48 -
@@ -205,6 +205,8 @@
*/
#defineTPM_SENSOR 0x0001 /* Digital temp sensor */
#defineTPM_ARAT0x0004 /* APIC Timer Always Running */
+#defineTPM_PTM 0x0006 /* Package Thermal Management
*/
+#defineTPM_HWP 0x0007 /* Hardware P-states */
/*
* "Architectural Performance Monitoring" bits (CPUID function 0x0a):
@@ -396,6 +398,16 @@
#define MSR_MC3_STATUS 0x411
#define MSR_MC3_ADDR 0x412
#define MSR_MC3_MISC 0x413
+
+/* Hardware P state interface */
+#define MSR_PPERF 0x64e
+#define MSR_PERF_LIMIT_REASONS 0x64f
+#define MSR_PM_ENABLE 0x770
+#define MSR_HWP_CAPABILITIES 0x771
+#define MSR_HWP_REQUEST_PKG0x772
+#define MSR_HWP_INTERRUPT 0x773
+#define MSR_HWP_REQUEST0x774
+#define MSR_HWP_STATUS 0x777
/* VIA MSRs */
#define MSR_CENT_TMTEMPERATURE 0x1423 /* Thermal monitor temperature */
Index: arch/amd64/amd64/identcpu.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.74
diff -u -p -u -p -r1.74 identcpu.c
--- arch/amd64/amd64/identcpu.c 3 Sep 2016 12:12:43 - 1.74
+++ arch/amd64/amd64/identcpu.c 15 Sep 2016 10:36:48 -
@@ -199,6 +199,8 @@ const struct {
}, cpu_tpm_eaxfeatures[] = {
{ TPM_SENSOR, "SENSOR" },
{ TPM_ARAT, "ARAT" },
+ { TPM_PTM, "PTM" },
+ { TPM_HWP, "HWP" },
}, cpu_cpuid_perf_eax[] = {
{ CPUIDEAX_VERID, "PERF" },
}, cpu_cpuid_apmi_edx[] = {
Index: arch/i386/i386/machdep.c
===
RCS file: /cvs/src/sys/arch/i386/i386/machdep.c,v
retrieving revision 1.589
diff -u -p -u -p -r1.589 machdep.c
--- arch/i386/i386/machdep.c3 Sep 2016 12:12:43 - 1.589
+++ arch/i386/i386/machdep.c15 Sep 2016 10:36:49 -
@@ -1089,6 +1089,8 @@ const struct cpu_cpuid_feature cpu_seff0
const struct cpu_cpuid_feature cpu_tpm_eaxfeatures[] = {
{ TPM_SENSOR, "SENSOR" },
{ TPM_ARAT, "ARAT" },
+ { TPM_PTM, "PTM" },
+ { TPM_HWP, "HWP" },
};
const struct cpu_cpuid_feature i386_cpuid_eaxperf[] = {
Re: rebound quantum entanglement
On 2016/09/15 10:39, Remi Locherer wrote: > On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > > wont this also mean if it is not running i have to wait for the > > > > localhost > > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) > > > > so i > > > > slow everything down for a timeout? > > > > > > Not if he connects to the TCP port 53 instead of the UDP; it looks like > > > rebound binds to both. > > > > OK. But I suspect this is multiple system-call roundtrip for everyone > > not running rebound. > > What about this: > > Add "rebound" as possible value to the lookup keyword in resolv.conf. > If this is set the libc resolver sends dns requests to the unix socket > /var/run/rebound.sock where rebound listens. rebound can use the > nameservers from /etc/resolv.conf without the risk of creating "loops". > > Remi > Non-standard things in resolv.conf hurt; some programs parse this directly.
Re: rebound quantum entanglement
On Wed, Sep 14, 2016 at 08:10:29PM -0600, Theo de Raadt wrote: > > > wont this also mean if it is not running i have to wait for the localhost > > > attempt to fail before the resolver moves on? (ASR_STATE_NEXT_NS, etc) so > > > i > > > slow everything down for a timeout? > > > > Not if he connects to the TCP port 53 instead of the UDP; it looks like > > rebound binds to both. > > OK. But I suspect this is multiple system-call roundtrip for everyone > not running rebound. What about this: Add "rebound" as possible value to the lookup keyword in resolv.conf. If this is set the libc resolver sends dns requests to the unix socket /var/run/rebound.sock where rebound listens. rebound can use the nameservers from /etc/resolv.conf without the risk of creating "loops". Remi
Re: rebound quantum entanglement
On Wed, Sep 14, 2016 at 09:19:07PM -0400, Ted Unangst wrote: > And so I present the following diff to enable a smooth transition. It's > 'quantum' because it works whether or not rebound is running. No need to open > the box. I'm sure there's a cat(ch)... -- Erling Westenvik
Re: LibreSSL selects weak digest for (EC)DH
Sorry, I attached wrong patch file.
I re-post the patch file again.
On Thu, Sep 15, 2016 at 04:10:55PM +0900, Kinichiro Inoguchi wrote:
> Hi,
>
> I would like to fix this SNI issue.
>
> reported by @davidben
> https://github.com/libressl-portable/openbsd/issues/69
>
> #3560: OpenSSL selects weak digest for (EC)DH
> https://rt.openssl.org/Ticket/Display.html?id=3560
>
> original OpenSSL commit is here.
> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
>
> I will add a patch for this.
> ok ?
Index: ssl_lib.c
===
RCS file: /cvs/src/lib/libssl/ssl_lib.c,v
retrieving revision 1.116
diff -u -p -u -r1.116 ssl_lib.c
--- ssl_lib.c 25 Oct 2015 15:52:49 - 1.116
+++ ssl_lib.c 15 Sep 2016 07:25:34 -
@@ -2847,13 +2847,22 @@ SSL_get_SSL_CTX(const SSL *ssl)
SSL_CTX *
SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
+ CERT *ocert = ssl->cert;
if (ssl->ctx == ctx)
return (ssl->ctx);
if (ctx == NULL)
ctx = ssl->initial_ctx;
- if (ssl->cert != NULL)
- ssl_cert_free(ssl->cert);
ssl->cert = ssl_cert_dup(ctx->cert);
+ if (ocert != NULL) {
+ int i;
+ /* Copy negotiated digests from original */
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ CERT_PKEY *cpk = ocert->pkeys + i;
+ CERT_PKEY *rpk = ssl->cert->pkeys + i;
+ rpk->digest = cpk->digest;
+ }
+ ssl_cert_free(ocert);
+ }
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
Re: OMAP4/5 Wake-up generator driver
> Date: Thu, 15 Sep 2016 14:53:14 +1000
> From: Jonathan Gray
>
> It turns out on OMAP4/OMAP5 there is a "Wake-up generator"
> interrupt controller that routes interrupts to the GIC and does power
> management comparable to imx with the i.MX6 General Power Controller
> (GPC).
>
> / {
> #address-cells = <0x0001>;
> #size-cells = <0x0001>;
> compatible = "ti,omap4-panda-es", "ti,omap4-panda", "ti,omap4460",
> "ti,omap4430", "ti,omap4";
> interrupt-parent = <0x0001>;
> model = "TI OMAP4 PandaBoard-ES";
> ...
>
> interrupt-controller@48241000 {
> compatible = "arm,cortex-a9-gic";
> interrupt-controller;
> #interrupt-cells = <0x0003>;
> reg = <0x48241000 0x1000 0x48240100 0x0100>;
> interrupt-parent = <0x0004>;
> linux,phandle = <0x0004>;
> phandle = <0x0004>;
> };
>
> interrupt-controller@48281000 {
> compatible = "ti,omap4-wugen-mpu";
> interrupt-controller;
> #interrupt-cells = <0x0003>;
> reg = <0x48281000 0x1000>;
> interrupt-parent = <0x0004>;
> linux,phandle = <0x0001>;
> phandle = <0x0001>;
> };
>
> Reusing the imxgpc code to handle this allows interrupts on ommc(4) with
> the pandaboard to work again and the board can now find it's root disk
> once again.
Go for it.
The wakeup issue is cited in the "Linus ARM rant" thread as a flaw of
the GIC, so we can expect this sort of wakeup interrupt controller to
appear om other "platforms" as well. This is why we implement the
"parent" establish and disestablish functions.
> Index: omap/files.omap
> ===
> RCS file: /cvs/src/sys/arch/armv7/omap/files.omap,v
> retrieving revision 1.17
> diff -u -p -r1.17 files.omap
> --- omap/files.omap 15 Aug 2016 13:42:49 - 1.17
> +++ omap/files.omap 15 Sep 2016 04:33:56 -
> @@ -42,6 +42,10 @@ device intc
> attach intc at fdt
> file arch/armv7/omap/intc.c intc
>
> +device omwugen
> +attach omwugen at fdt
> +file arch/armv7/omap/omwugen.c omwugen
> +
> device gptimer
> attach gptimer at omap
> file arch/armv7/omap/gptimer.c gptimer
> Index: conf/GENERIC
> ===
> RCS file: /cvs/src/sys/arch/armv7/conf/GENERIC,v
> retrieving revision 1.53
> diff -u -p -r1.53 GENERIC
> --- conf/GENERIC 12 Sep 2016 08:28:44 - 1.53
> +++ conf/GENERIC 15 Sep 2016 04:33:56 -
> @@ -63,6 +63,7 @@ omapid* at omap?
>
> # OMAP on-chip devices
> intc*at fdt? # OMAP3 interrupt controller
> +omwugen* at fdt? # Wake-up generator
> #edma* at omap?# OMAP3 dma controller
> prcm*at omap?# power/clock controller
> sitaracm*at omap?# sitara control module
> Index: conf/RAMDISK
> ===
> RCS file: /cvs/src/sys/arch/armv7/conf/RAMDISK,v
> retrieving revision 1.48
> diff -u -p -r1.48 RAMDISK
> --- conf/RAMDISK 21 Aug 2016 06:36:23 - 1.48
> +++ conf/RAMDISK 15 Sep 2016 04:33:56 -
> @@ -61,6 +61,7 @@ omapid* at omap?
>
> # OMAP on-chip devices
> intc*at fdt? # OMAP3 interrupt controller
> +omwugen* at fdt? # Wake-up generator
> #edma* at omap?# OMAP3 dma controller
> prcm*at omap?# power/clock controller
> sitaracm*at omap?# sitara control module
> --- /dev/null Thu Sep 15 14:35:46 2016
> +++ omap/omwugen.cThu Sep 15 14:22:00 2016
> @@ -0,0 +1,63 @@
> +/* $OpenBSD$ */
> +/*
> + * Copyright (c) 2016 Mark Kettenis
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +#include
> +#include
> +#include
> +
> +#include
> +
> +#include
> +
> +struct omwugen_softc {
> + struct device sc_dev;
> + struct interrupt_controller sc_ic;
> +};
> +
> +int omwugen_match(struct device *, void *, void *);
> +void omwugen_attach(struct device *,
LibreSSL selects weak digest for (EC)DH
Hi,
I would like to fix this SNI issue.
reported by @davidben
https://github.com/libressl-portable/openbsd/issues/69
#3560: OpenSSL selects weak digest for (EC)DH
https://rt.openssl.org/Ticket/Display.html?id=3560
original OpenSSL commit is here.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=4e05aedbcab7f7f83a887e952ebdcc5d4f2291e4
I will add a patch for this.
ok ?
Index: ssl_lib.c
===
RCS file: /cvs/src/lib/libssl/ssl_lib.c,v
retrieving revision 1.116
diff -u -p -u -r1.116 ssl_lib.c
--- ssl_lib.c 25 Oct 2015 15:52:49 - 1.116
+++ ssl_lib.c 15 Sep 2016 06:52:52 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.116 2015/10/25 15:52:49 doug Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.115 2015/10/19 17:59:39 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -2847,13 +2847,22 @@ SSL_get_SSL_CTX(const SSL *ssl)
SSL_CTX *
SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
{
+ CERT *ocert = ssl->cert;
if (ssl->ctx == ctx)
return (ssl->ctx);
if (ctx == NULL)
ctx = ssl->initial_ctx;
- if (ssl->cert != NULL)
- ssl_cert_free(ssl->cert);
ssl->cert = ssl_cert_dup(ctx->cert);
+ if (ocert != NULL) {
+ int i;
+ /* Copy negotiated digests from original */
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+ CERT_PKEY *cpk = ocert->pkeys + i;
+ CERT_PKEY *rpk = ssl->cert->pkeys + i;
+ rpk->digest = cpk->digest;
+ }
+ ssl_cert_free(ocert);
+ }
CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
SSL_CTX_free(ssl->ctx); /* decrement reference count */
ssl->ctx = ctx;
move buf_rb_bufs to RBT
RBT_PROTOTYPE needs to be able to see RBT_HEAD, so this shuffles
the headers a bit.
otherwise it just maps RB code to RBT.
ok?
Index: sys/buf.h
===
RCS file: /cvs/src/sys/sys/buf.h,v
retrieving revision 1.103
diff -u -p -r1.103 buf.h
--- sys/buf.h 23 May 2016 09:31:28 - 1.103
+++ sys/buf.h 15 Sep 2016 06:59:58 -
@@ -48,9 +48,6 @@
struct buf;
struct vnode;
-struct buf_rb_bufs;
-RB_PROTOTYPE(buf_rb_bufs, buf, b_rbbufs, rb_buf_compare);
-
LIST_HEAD(bufhead, buf);
/*
@@ -140,7 +137,7 @@ extern struct bio_ops {
/* The buffer header describes an I/O operation in the kernel. */
struct buf {
- RB_ENTRY(buf) b_rbbufs; /* vnode "hash" tree */
+ RBT_ENTRY(buf) b_rbbufs;/* vnode "hash" tree */
LIST_ENTRY(buf) b_list; /* All allocated buffers. */
LIST_ENTRY(buf) b_vnbufs; /* Buffer's associated vnode. */
TAILQ_ENTRY(buf) b_freelist;/* Free list position if not active. */
Index: sys/vnode.h
===
RCS file: /cvs/src/sys/sys/vnode.h,v
retrieving revision 1.135
diff -u -p -r1.135 vnode.h
--- sys/vnode.h 23 May 2016 09:31:28 - 1.135
+++ sys/vnode.h 15 Sep 2016 06:59:58 -
@@ -80,7 +80,9 @@ enum vtagtype {
*/
LIST_HEAD(buflists, buf);
-RB_HEAD(buf_rb_bufs, buf);
+RBT_HEAD(buf_rb_bufs, buf);
+RBT_PROTOTYPE(buf_rb_bufs, buf, b_rbbufs, rb_buf_compare);
+
RB_HEAD(namecache_rb_cache, namecache);
struct uvm_vnode;
Index: kern/vfs_bio.c
===
RCS file: /cvs/src/sys/kern/vfs_bio.c,v
retrieving revision 1.177
diff -u -p -r1.177 vfs_bio.c
--- kern/vfs_bio.c 15 Sep 2016 02:00:16 - 1.177
+++ kern/vfs_bio.c 15 Sep 2016 06:59:58 -
@@ -247,8 +247,7 @@ bufadjust(int newbufpages)
(bcstats.numbufpages > targetpages)) {
bufcache_take(bp);
if (bp->b_vp) {
- RB_REMOVE(buf_rb_bufs,
- &bp->b_vp->v_bufs_tree, bp);
+ RBT_REMOVE(buf_rb_bufs, &bp->b_vp->v_bufs_tree, bp);
brelvp(bp);
}
buf_put(bp);
@@ -758,8 +757,7 @@ brelse(struct buf *bp)
}
if (bp->b_vp) {
- RB_REMOVE(buf_rb_bufs, &bp->b_vp->v_bufs_tree,
- bp);
+ RBT_REMOVE(buf_rb_bufs, &bp->b_vp->v_bufs_tree, bp);
brelvp(bp);
}
bp->b_vp = NULL;
@@ -826,7 +824,7 @@ incore(struct vnode *vp, daddr_t blkno)
/* Search buf lookup tree */
b.b_lblkno = blkno;
- bp = RB_FIND(buf_rb_bufs, &vp->v_bufs_tree, &b);
+ bp = RBT_FIND(buf_rb_bufs, &vp->v_bufs_tree, &b);
if (bp != NULL && ISSET(bp->b_flags, B_INVAL))
bp = NULL;
@@ -862,7 +860,7 @@ getblk(struct vnode *vp, daddr_t blkno,
start:
s = splbio();
b.b_lblkno = blkno;
- bp = RB_FIND(buf_rb_bufs, &vp->v_bufs_tree, &b);
+ bp = RBT_FIND(buf_rb_bufs, &vp->v_bufs_tree, &b);
if (bp != NULL) {
if (ISSET(bp->b_flags, B_BUSY)) {
SET(bp->b_flags, B_WANTED);
@@ -945,7 +943,7 @@ buf_get(struct vnode *vp, daddr_t blkno,
(bp = bufcache_getanycleanbuf())) {
bufcache_take(bp);
if (bp->b_vp) {
- RB_REMOVE(buf_rb_bufs,
+ RBT_REMOVE(buf_rb_bufs,
&bp->b_vp->v_bufs_tree, bp);
brelvp(bp);
}
@@ -1006,7 +1004,7 @@ buf_get(struct vnode *vp, daddr_t blkno,
bp->b_blkno = bp->b_lblkno = blkno;
bgetvp(vp, bp);
- if (RB_INSERT(buf_rb_bufs, &vp->v_bufs_tree, bp))
+ if (RBT_INSERT(buf_rb_bufs, &vp->v_bufs_tree, bp))
panic("buf_get: dup lblk vp %p bp %p", vp, bp);
} else {
bp->b_vnbufs.le_next = NOLIST;
Index: kern/vfs_subr.c
===
RCS file: /cvs/src/sys/kern/vfs_subr.c,v
retrieving revision 1.251
diff -u -p -r1.251 vfs_subr.c
--- kern/vfs_subr.c 15 Sep 2016 02:00:16 - 1.251
+++ kern/vfs_subr.c 15 Sep 2016 06:59:58 -
@@ -122,11 +122,11 @@ void printlockedvnodes(void);
struct pool vnode_pool;
struct pool uvm_vnode_pool;
-static int rb_buf_compare(struct buf *b1, struct buf *b2);
-RB_GENERATE(buf_rb_bufs, buf, b_rbbufs, rb_buf_compare);
+static inline int rb_buf_compare(const struct buf *b1, const struct buf *b2);
+RBT_GENERATE(buf_rb_bufs, buf, b_rbbufs, rb_buf_compare);
-static int
-rb_buf_compare(struct buf *b1, struct buf *b2)
+static inline int
+rb_buf_compare(const struct buf *b1, const struct
