Driver request for the NeuG TRNG
Hi, I was directed this way from the IRC. I would like to make a request to anyone who is interested and has the free-time to look into writing a driver for this device. This is a link to the README at NeuG's git: http://git.gniibe.org/gitweb/?p=gnuk/neug.git;a=blob;f=README I had made a related post on reddit that has a little bit of a discussion that might help: https://www.reddit.com/r/openbsd/comments/5sfi09/will_a_usb_trng_improve_security There is a FreeBSD driver, if that helps: https://github.com/jj1bdx/freebsd-dev-trng Thanks! physkets
Re: inteldrm: setup backlight pwm alternate increment on backlight enable
On Thu, Feb 09, 2017 at 06:39:13PM -0600, joshua stein wrote: > I have no idea why there are chickens involved, but this fixes the > problem on at least the MacBookAir7,1 (Broadwell) where upon S3 > resume, the backlight value is treated as 0 or 100 despite reporting > intermediate values, so if the backlight value was anything other > than 100 at suspend time, the screen will stay off upon resume. Chicken bits are overrides for functions like clock gating, if it turns out there is a hardware bug in a particular feature these bits are used to disable them. This diff seems reasonable but it would be nice to get some tests on non-apple broadwell hardware. > > This is backported from Linux commits > 32b421e79e6b546da1d469f1229403ac9142d695 and > e29aff05f239f8dd24e9ee7816fd96726e20105a which were noted in > freedesktop.org bug 67454. > > This and the previous ACPI diff get suspend and resume working on > the MacBook Air. > > > Index: sys/dev/pci/drm/i915/i915_reg.h > === > RCS file: /cvs/src/sys/dev/pci/drm/i915/i915_reg.h,v > retrieving revision 1.11 > diff -u -p -u -p -r1.11 i915_reg.h > --- sys/dev/pci/drm/i915/i915_reg.h 25 Sep 2015 16:15:19 - 1.11 > +++ sys/dev/pci/drm/i915/i915_reg.h 10 Feb 2017 00:39:02 - > @@ -4540,9 +4540,11 @@ > #define FDI_PHASE_SYNC_OVR(pipe) (1<<(FDIA_PHASE_SYNC_SHIFT_OVR - ((pipe) * > 2))) > #define FDI_PHASE_SYNC_EN(pipe) (1<<(FDIA_PHASE_SYNC_SHIFT_EN - ((pipe) * > 2))) > #define FDI_BC_BIFURCATION_SELECT (1 << 12) > +#define SPT_PWM_GRANULARITY (1<<0) > #define SOUTH_CHICKEN2 0xc2004 > #define FDI_MPHY_IOSFSB_RESET_STATUS(1<<13) > #define FDI_MPHY_IOSFSB_RESET_CTL (1<<12) > +#define LPT_PWM_GRANULARITY (1<<5) > #define DPLS_EDP_PPS_FIX_DIS(1<<0) > > #define _FDI_RXA_CHICKEN 0xc200c > Index: sys/dev/pci/drm/i915/intel_drv.h > === > RCS file: /cvs/src/sys/dev/pci/drm/i915/intel_drv.h,v > retrieving revision 1.9 > diff -u -p -u -p -r1.9 intel_drv.h > --- sys/dev/pci/drm/i915/intel_drv.h 9 Dec 2015 05:17:44 - 1.9 > +++ sys/dev/pci/drm/i915/intel_drv.h 10 Feb 2017 00:39:02 - > @@ -168,6 +168,7 @@ struct intel_panel { > bool enabled; > bool combination_mode; /* gen 2/4 only */ > bool active_low_pwm; > + bool alternate_pwm_increment; /* lpt+ */ > struct backlight_device *device; > } backlight; > }; > Index: sys/dev/pci/drm/i915/intel_panel.c > === > RCS file: /cvs/src/sys/dev/pci/drm/i915/intel_panel.c,v > retrieving revision 1.11 > diff -u -p -u -p -r1.11 intel_panel.c > --- sys/dev/pci/drm/i915/intel_panel.c23 Sep 2015 23:12:12 - > 1.11 > +++ sys/dev/pci/drm/i915/intel_panel.c10 Feb 2017 00:39:02 - > @@ -611,7 +611,7 @@ static void bdw_enable_backlight(struct > struct drm_device *dev = connector->base.dev; > struct drm_i915_private *dev_priv = dev->dev_private; > struct intel_panel *panel = &connector->panel; > - u32 pch_ctl1, pch_ctl2; > + u32 pch_ctl1, pch_ctl2, schicken; > > pch_ctl1 = I915_READ(BLC_PWM_PCH_CTL1); > if (pch_ctl1 & BLM_PCH_PWM_ENABLE) { > @@ -620,6 +620,22 @@ static void bdw_enable_backlight(struct > I915_WRITE(BLC_PWM_PCH_CTL1, pch_ctl1); > } > > + if (HAS_PCH_LPT(dev)) { > + schicken = I915_READ(SOUTH_CHICKEN2); > + if (panel->backlight.alternate_pwm_increment) > + schicken |= LPT_PWM_GRANULARITY; > + else > + schicken &= ~LPT_PWM_GRANULARITY; > + I915_WRITE(SOUTH_CHICKEN2, schicken); > + } else { > + schicken = I915_READ(SOUTH_CHICKEN1); > + if (panel->backlight.alternate_pwm_increment) > + schicken |= SPT_PWM_GRANULARITY; > + else > + schicken &= ~SPT_PWM_GRANULARITY; > + I915_WRITE(SOUTH_CHICKEN1, schicken); > + } > + > pch_ctl2 = panel->backlight.max << 16; > I915_WRITE(BLC_PWM_PCH_CTL2, pch_ctl2); > > @@ -956,6 +972,13 @@ static int bdw_setup_backlight(struct in > struct drm_i915_private *dev_priv = dev->dev_private; > struct intel_panel *panel = &connector->panel; > u32 pch_ctl1, pch_ctl2, val; > + bool alt; > + > + if (HAS_PCH_LPT(dev)) > + alt = I915_READ(SOUTH_CHICKEN2) & LPT_PWM_GRANULARITY; > + else > + alt = I915_READ(SOUTH_CHICKEN1) & SPT_PWM_GRANULARITY; > + panel->backlight.alternate_pwm_increment = alt; > > pch_ctl1 = I915_READ(BLC_PWM_PCH_CTL1); > panel->backlight.active_low_pwm = pch_ctl1 & BLM_PCH_POLARITY; >
asmc: restore keyboard backlight on resume
After resume, the keyboard backlight is still off, so restore it (this was also helpful to figure out the machine was actually resuming). Index: sys/dev/isa/asmc.c === RCS file: /cvs/src/sys/dev/isa/asmc.c,v retrieving revision 1.30 diff -u -p -u -p -r1.30 asmc.c --- sys/dev/isa/asmc.c 22 Apr 2016 20:45:53 - 1.30 +++ sys/dev/isa/asmc.c 10 Feb 2017 00:40:15 - @@ -92,6 +92,7 @@ void asmc_update(void *); intasmc_match(struct device *, void *, void *); void asmc_attach(struct device *, struct device *, void *); intasmc_detach(struct device *, int); +intasmc_activate(struct device *, int); /* wskbd hook functions */ void asmc_backlight(void *); @@ -101,7 +102,7 @@ extern int (*wskbd_get_backlight)(struct extern int (*wskbd_set_backlight)(struct wskbd_backlight *); const struct cfattach asmc_ca = { - sizeof(struct asmc_softc), asmc_match, asmc_attach + sizeof(struct asmc_softc), asmc_match, asmc_attach, NULL, asmc_activate }; struct cfdriver asmc_cd = { @@ -355,6 +356,20 @@ asmc_detach(struct device *self, int fla task_del(systq, &sc->sc_task_backlight); asmc_try(sc, ASMC_WRITE, "LKSB", buf, 2); + return 0; +} + +int +asmc_activate(struct device *self, int act) +{ + struct asmc_softc *sc = (struct asmc_softc *)self; + + switch (act) { + case DVACT_WAKEUP: + asmc_backlight(sc); + break; + } + return 0; }
inteldrm: setup backlight pwm alternate increment on backlight enable
I have no idea why there are chickens involved, but this fixes the problem on at least the MacBookAir7,1 (Broadwell) where upon S3 resume, the backlight value is treated as 0 or 100 despite reporting intermediate values, so if the backlight value was anything other than 100 at suspend time, the screen will stay off upon resume. This is backported from Linux commits 32b421e79e6b546da1d469f1229403ac9142d695 and e29aff05f239f8dd24e9ee7816fd96726e20105a which were noted in freedesktop.org bug 67454. This and the previous ACPI diff get suspend and resume working on the MacBook Air. Index: sys/dev/pci/drm/i915/i915_reg.h === RCS file: /cvs/src/sys/dev/pci/drm/i915/i915_reg.h,v retrieving revision 1.11 diff -u -p -u -p -r1.11 i915_reg.h --- sys/dev/pci/drm/i915/i915_reg.h 25 Sep 2015 16:15:19 - 1.11 +++ sys/dev/pci/drm/i915/i915_reg.h 10 Feb 2017 00:39:02 - @@ -4540,9 +4540,11 @@ #define FDI_PHASE_SYNC_OVR(pipe) (1<<(FDIA_PHASE_SYNC_SHIFT_OVR - ((pipe) * 2))) #define FDI_PHASE_SYNC_EN(pipe) (1<<(FDIA_PHASE_SYNC_SHIFT_EN - ((pipe) * 2))) #define FDI_BC_BIFURCATION_SELECT (1 << 12) +#define SPT_PWM_GRANULARITY (1<<0) #define SOUTH_CHICKEN2 0xc2004 #define FDI_MPHY_IOSFSB_RESET_STATUS (1<<13) #define FDI_MPHY_IOSFSB_RESET_CTL (1<<12) +#define LPT_PWM_GRANULARITY (1<<5) #define DPLS_EDP_PPS_FIX_DIS (1<<0) #define _FDI_RXA_CHICKEN 0xc200c Index: sys/dev/pci/drm/i915/intel_drv.h === RCS file: /cvs/src/sys/dev/pci/drm/i915/intel_drv.h,v retrieving revision 1.9 diff -u -p -u -p -r1.9 intel_drv.h --- sys/dev/pci/drm/i915/intel_drv.h9 Dec 2015 05:17:44 - 1.9 +++ sys/dev/pci/drm/i915/intel_drv.h10 Feb 2017 00:39:02 - @@ -168,6 +168,7 @@ struct intel_panel { bool enabled; bool combination_mode; /* gen 2/4 only */ bool active_low_pwm; + bool alternate_pwm_increment; /* lpt+ */ struct backlight_device *device; } backlight; }; Index: sys/dev/pci/drm/i915/intel_panel.c === RCS file: /cvs/src/sys/dev/pci/drm/i915/intel_panel.c,v retrieving revision 1.11 diff -u -p -u -p -r1.11 intel_panel.c --- sys/dev/pci/drm/i915/intel_panel.c 23 Sep 2015 23:12:12 - 1.11 +++ sys/dev/pci/drm/i915/intel_panel.c 10 Feb 2017 00:39:02 - @@ -611,7 +611,7 @@ static void bdw_enable_backlight(struct struct drm_device *dev = connector->base.dev; struct drm_i915_private *dev_priv = dev->dev_private; struct intel_panel *panel = &connector->panel; - u32 pch_ctl1, pch_ctl2; + u32 pch_ctl1, pch_ctl2, schicken; pch_ctl1 = I915_READ(BLC_PWM_PCH_CTL1); if (pch_ctl1 & BLM_PCH_PWM_ENABLE) { @@ -620,6 +620,22 @@ static void bdw_enable_backlight(struct I915_WRITE(BLC_PWM_PCH_CTL1, pch_ctl1); } + if (HAS_PCH_LPT(dev)) { + schicken = I915_READ(SOUTH_CHICKEN2); + if (panel->backlight.alternate_pwm_increment) + schicken |= LPT_PWM_GRANULARITY; + else + schicken &= ~LPT_PWM_GRANULARITY; + I915_WRITE(SOUTH_CHICKEN2, schicken); + } else { + schicken = I915_READ(SOUTH_CHICKEN1); + if (panel->backlight.alternate_pwm_increment) + schicken |= SPT_PWM_GRANULARITY; + else + schicken &= ~SPT_PWM_GRANULARITY; + I915_WRITE(SOUTH_CHICKEN1, schicken); + } + pch_ctl2 = panel->backlight.max << 16; I915_WRITE(BLC_PWM_PCH_CTL2, pch_ctl2); @@ -956,6 +972,13 @@ static int bdw_setup_backlight(struct in struct drm_i915_private *dev_priv = dev->dev_private; struct intel_panel *panel = &connector->panel; u32 pch_ctl1, pch_ctl2, val; + bool alt; + + if (HAS_PCH_LPT(dev)) + alt = I915_READ(SOUTH_CHICKEN2) & LPT_PWM_GRANULARITY; + else + alt = I915_READ(SOUTH_CHICKEN1) & SPT_PWM_GRANULARITY; + panel->backlight.alternate_pwm_increment = alt; pch_ctl1 = I915_READ(BLC_PWM_PCH_CTL1); panel->backlight.active_low_pwm = pch_ctl1 & BLM_PCH_POLARITY;
acpi: pretend to be Darwin on Apple hardware
When running on machines with a hw_vendor of "Apple Inc." or "Apple Computer, Inc.", only return 1 for an OSI check of "Darwin" and not the other Windows variants. Code in the AML of the MacBookAir7,1 (most likely all Macs) does much different things when running on Darwin systems, but the AML that checks for Darwin does this: OSYS = 0x07DC If (CondRefOf (\_OSI, Local0)) { If (_OSI ("Darwin")) { OSYS = 0x2710 } If (\_OSI ("Linux")) { OSYS = 0x03E8 } If (\_OSI ("Windows 2009")) { OSYS = 0x07D9 } [...] So we can't just add Darwin to aml_valid_osi. Without this, my MacBook Air won't suspend properly (hangs calling _PTS) and a similar change in Linux from 2014 (commit 7bc5a2bad0b8d9d1ac9f7b8b33150e4ddf197334) notes that upon resume, the Thunderbolt ports won't be powered up without pretending to be Darwin. I tested this with a Thunderbolt ethernet device and it works properly before and after suspend. Hot-plugging the Thunderbolt ethernet device after boot no longer prints these messages: ppb5 at pci4 dev 0 function 0 vendor "Intel", unknown product 0x156b rev 0x00 pci6 at ppb5 bus 6 ppb6 at pci6 dev 0 function 0 vendor "Intel", unknown product 0x156b rev 0x00: not configured by system firmware ppb7 at pci6 dev 3 function 0 vendor "Intel", unknown product 0x156b rev 0x00: not configured by system firmware ppb8 at pci6 dev 4 function 0 vendor "Intel", unknown product 0x156b rev 0x00: not configured by system firmware ppb9 at pci6 dev 5 function 0 vendor "Intel", unknown product 0x156b rev 0x00: not configured by system firmware ppb10 at pci6 dev 6 function 0 vendor "Intel", unknown product 0x156b rev 0x00: not configured by system firmware Index: sys/dev/acpi/dsdt.c === RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v retrieving revision 1.230 diff -u -p -u -p -r1.230 dsdt.c --- sys/dev/acpi/dsdt.c 14 Jan 2017 11:32:00 - 1.230 +++ sys/dev/acpi/dsdt.c 10 Feb 2017 00:31:02 - @@ -106,6 +106,8 @@ void_aml_die(const char *fn, int line void aml_notify_task(void *, int); void acpi_poll_notify_task(void *, int); +extern char*hw_vendor; + /* * @@@: Global variables */ @@ -1505,6 +1507,21 @@ aml_callosi(struct aml_scope *scope, str struct aml_value *fa; fa = aml_getstack(scope, AMLOP_ARG0); + + if (hw_vendor != NULL && + (strcmp(hw_vendor, "Apple Inc.") == 0 || + strcmp(hw_vendor, "Apple Computer, Inc.") == 0)) { + if (strcmp(fa->v_string, "Darwin") == 0) { + dnprintf(10,"osi: returning 1 for %s on %s hardware\n", + fa->v_string, hw_vendor); + result = 1; + } else + dnprintf(10,"osi: on %s hardware, but ignoring %s\n", + hw_vendor, fa->v_string); + + return aml_allocvalue(AML_OBJTYPE_INTEGER, result, NULL); + } + for (idx=0; !result && aml_valid_osi[idx] != NULL; idx++) { dnprintf(10,"osi: %s,%s\n", fa->v_string, aml_valid_osi[idx]); result = !strcmp(fa->v_string, aml_valid_osi[idx]);
Re: netcat -U -z exit status
Alexander Bluhm writes: > Hi, > > When netcat is started with -Uz, the exit status is always 1. If > the unix connect is successful, netcat should exit with 0 and close > the socket. > > ok? Makes sense, ok. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
netcat -U -z exit status
Hi, When netcat is started with -Uz, the exit status is always 1. If the unix connect is successful, netcat should exit with 0 and close the socket. ok? bluhm Index: usr.bin/nc/netcat.c === RCS file: /data/mirror/openbsd/cvs/src/usr.bin/nc/netcat.c,v retrieving revision 1.176 diff -u -p -r1.176 netcat.c --- usr.bin/nc/netcat.c 9 Feb 2017 20:14:41 - 1.176 +++ usr.bin/nc/netcat.c 9 Feb 2017 21:17:59 - @@ -597,8 +597,9 @@ main(int argc, char *argv[]) } else if (family == AF_UNIX) { ret = 0; - if ((s = unix_connect(host)) > 0 && !zflag) { - readwrite(s, NULL); + if ((s = unix_connect(host)) > 0) { + if (!zflag) + readwrite(s, NULL); close(s); } else ret = 1;
Re: add empty /root/.ssh/authorized_keys to mtree/sets ?
On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote: > On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote: > > On 2017/02/05 09:53, Robert Peichaer wrote: > > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote: > > > > Hi, > > > > > > > > when installing 'throwaway' VMs (manually, not always using autoinstall > > > > for > > > > $REASONS) i've often found myself having to do right after the install: > > > > install -d -m 700 /root/.ssh > > > > install -m 600 /dev/null /root/.ssh/authorized_keys > > > > (or touch /root/.ssh/authorized_keys && chmod 600 > > > > /root/.ssh/authorized_keys, ymmv) > > > > > > > > those are present in /etc/skel for "real" users, so why not creating > > > > them for the root account ? install.sub also creates /mnt/root/.ssh when > > > > using autoinstall and giving an ssh pubkey, so that'll be one less step > > > > to do there. > > > > > > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not > > > > make it > > > > easier to use it ? This ways, the correct modes are set.. i often > > > > fat-fingered > > > > this, to see sshd complaining (rightly!) about bad modes on > > > > .ssh/authorized_keys. > > > > > > Conceptually I'd like this going in. > > > > +1. (On "managed" systems I use root-owned authorized_keys in a system > > directory, > > but this doesn't get in the way, and it makes things easier on ad-hoc > > installed > > systems). > > Finally built a release with this, the empty file is created in > /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own > /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays. > dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept > it > for consistency. Agree with that. > Hopefully more ppl can chime in and think of potential drawbacks this > diff exposes... FWIW, I don't see a downside to this diff. > Sets diff added too, modeled after what's done for > /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the etc/ > change. Yes, please commit the sets diff at the same time as the etc/Makefile and the mtree diff, otherwise sysmerge won't pick it up. Also, please commit this trivial diff for the installer at the same time so people won't complain about autinstall warnings. with that ok tb Index: install.sub === RCS file: /var/cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.969 diff -u -p -r1.969 install.sub --- install.sub 8 Feb 2017 23:13:02 - 1.969 +++ install.sub 9 Feb 2017 19:25:09 - @@ -2868,7 +2868,6 @@ do_install(){ # During autoinstall, add root user's public ssh key to authorized_keys. [[ -n "$_rootkey" ]] && ( umask 077 - mkdir /mnt/root/.ssh print -r -- "$_rootkey" >>/mnt/root/.ssh/authorized_keys )
Re: Fix config -p
Martin Pieuchot writes: > One of the last build system changes broke 'config -p'. Currently you > get: > > $ cd /sys/arch/amd64/conf/ > $ config -p GENERIC.MP > config -b /usr/src/sys/arch/amd64/compile/GENERIC.MP.PROF/obj -s > /usr/src/sys /usr/src/sys/arch/amd64/conf/GENERIC.MP.PROF > config: cannot read /usr/src/sys/arch/amd64/conf/GENERIC.MP.PROF: No > such file or directory > *** Error 2 in /usr/src/sys/arch/amd64/compile/GENERIC.MP.PROF > (../Makefile.inc:12 'config') > > Diff below fixes that, ok? ok -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: rip6 and icmp6stat percpu counters
On Thu, Feb 09, 2017 at 08:39:42PM +0100, Jeremie Courreges-Anglas wrote: > Initial diff committed. The diff below should save a few bytes. > > ok? OK bluhm@ > Index: icmp6.c > === > RCS file: /d/cvs/src/sys/netinet6/icmp6.c,v > retrieving revision 1.200 > diff -u -p -p -u -r1.200 icmp6.c > --- icmp6.c 9 Feb 2017 15:23:35 - 1.200 > +++ icmp6.c 9 Feb 2017 18:55:52 - > @@ -156,57 +156,60 @@ icmp6_init(void) > void > icmp6_errcount(int type, int code) > { > + enum icmp6stat_counters c = icp6s_ounknown; > + > switch (type) { > case ICMP6_DST_UNREACH: > switch (code) { > case ICMP6_DST_UNREACH_NOROUTE: > - icmp6stat_inc(icp6s_odst_unreach_noroute); > - return; > + c = icp6s_odst_unreach_noroute; > + break; > case ICMP6_DST_UNREACH_ADMIN: > - icmp6stat_inc(icp6s_odst_unreach_admin); > - return; > + c = icp6s_odst_unreach_admin; > + break; > case ICMP6_DST_UNREACH_BEYONDSCOPE: > - icmp6stat_inc(icp6s_odst_unreach_beyondscope); > - return; > + c = icp6s_odst_unreach_beyondscope; > + break; > case ICMP6_DST_UNREACH_ADDR: > - icmp6stat_inc(icp6s_odst_unreach_addr); > - return; > + c = icp6s_odst_unreach_addr; > + break; > case ICMP6_DST_UNREACH_NOPORT: > - icmp6stat_inc(icp6s_odst_unreach_noport); > - return; > + c = icp6s_odst_unreach_noport; > + break; > } > break; > case ICMP6_PACKET_TOO_BIG: > - icmp6stat_inc(icp6s_opacket_too_big); > - return; > + c = icp6s_opacket_too_big; > + break; > case ICMP6_TIME_EXCEEDED: > switch (code) { > case ICMP6_TIME_EXCEED_TRANSIT: > - icmp6stat_inc(icp6s_otime_exceed_transit); > - return; > + c = icp6s_otime_exceed_transit; > + break; > case ICMP6_TIME_EXCEED_REASSEMBLY: > - icmp6stat_inc(icp6s_otime_exceed_reassembly); > - return; > + c = icp6s_otime_exceed_reassembly; > + break; > } > break; > case ICMP6_PARAM_PROB: > switch (code) { > case ICMP6_PARAMPROB_HEADER: > - icmp6stat_inc(icp6s_oparamprob_header); > - return; > + c = icp6s_oparamprob_header; > + break; > case ICMP6_PARAMPROB_NEXTHEADER: > - icmp6stat_inc(icp6s_oparamprob_nextheader); > - return; > + c = icp6s_oparamprob_nextheader; > + break; > case ICMP6_PARAMPROB_OPTION: > - icmp6stat_inc(icp6s_oparamprob_option); > - return; > + c = icp6s_oparamprob_option; > + break; > } > break; > case ND_REDIRECT: > - icmp6stat_inc(icp6s_oredirect); > - return; > + c = icp6s_oredirect; > + break; > } > - icmp6stat_inc(icp6s_ounknown); > + > + icmp6stat_inc(c); > } > > /* > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: rip6 and icmp6stat percpu counters
Jeremie Courreges-Anglas writes: > In icmp6_errcount() we could save a few function calls but I preferred > to keep the conversion as mechanical as possible. Initial diff committed. The diff below should save a few bytes. ok? Index: icmp6.c === RCS file: /d/cvs/src/sys/netinet6/icmp6.c,v retrieving revision 1.200 diff -u -p -p -u -r1.200 icmp6.c --- icmp6.c 9 Feb 2017 15:23:35 - 1.200 +++ icmp6.c 9 Feb 2017 18:55:52 - @@ -156,57 +156,60 @@ icmp6_init(void) void icmp6_errcount(int type, int code) { + enum icmp6stat_counters c = icp6s_ounknown; + switch (type) { case ICMP6_DST_UNREACH: switch (code) { case ICMP6_DST_UNREACH_NOROUTE: - icmp6stat_inc(icp6s_odst_unreach_noroute); - return; + c = icp6s_odst_unreach_noroute; + break; case ICMP6_DST_UNREACH_ADMIN: - icmp6stat_inc(icp6s_odst_unreach_admin); - return; + c = icp6s_odst_unreach_admin; + break; case ICMP6_DST_UNREACH_BEYONDSCOPE: - icmp6stat_inc(icp6s_odst_unreach_beyondscope); - return; + c = icp6s_odst_unreach_beyondscope; + break; case ICMP6_DST_UNREACH_ADDR: - icmp6stat_inc(icp6s_odst_unreach_addr); - return; + c = icp6s_odst_unreach_addr; + break; case ICMP6_DST_UNREACH_NOPORT: - icmp6stat_inc(icp6s_odst_unreach_noport); - return; + c = icp6s_odst_unreach_noport; + break; } break; case ICMP6_PACKET_TOO_BIG: - icmp6stat_inc(icp6s_opacket_too_big); - return; + c = icp6s_opacket_too_big; + break; case ICMP6_TIME_EXCEEDED: switch (code) { case ICMP6_TIME_EXCEED_TRANSIT: - icmp6stat_inc(icp6s_otime_exceed_transit); - return; + c = icp6s_otime_exceed_transit; + break; case ICMP6_TIME_EXCEED_REASSEMBLY: - icmp6stat_inc(icp6s_otime_exceed_reassembly); - return; + c = icp6s_otime_exceed_reassembly; + break; } break; case ICMP6_PARAM_PROB: switch (code) { case ICMP6_PARAMPROB_HEADER: - icmp6stat_inc(icp6s_oparamprob_header); - return; + c = icp6s_oparamprob_header; + break; case ICMP6_PARAMPROB_NEXTHEADER: - icmp6stat_inc(icp6s_oparamprob_nextheader); - return; + c = icp6s_oparamprob_nextheader; + break; case ICMP6_PARAMPROB_OPTION: - icmp6stat_inc(icp6s_oparamprob_option); - return; + c = icp6s_oparamprob_option; + break; } break; case ND_REDIRECT: - icmp6stat_inc(icp6s_oredirect); - return; + c = icp6s_oredirect; + break; } - icmp6stat_inc(icp6s_ounknown); + + icmp6stat_inc(c); } /* -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: ldpad(8): fix deletion of individual attribute values
On 2017-02-06 1:31, Robert Klein wrote: TL;DR: OpenBSD's ldapd(8) has issues when deleting individual attribute values. Patch below. I am not an OpenBSD developer, so take what I have to say with that in mind... I haven't had a chance to test this yet, but looking at your code and reading the explanation makes sense. I did notice it looked like one line had spaces creep in instead of tabs ("next = v->be_next;"), and the comment for case LDAP_MOD_DELETE doesn't have a column of asterisks (or the general style guideline of "Make them real sentences."). ZHANG Huangbin reported a misbehaviour in ldapd(8)'s MOD_DELETE operation when connecting to ldapd(8) with the python-ldap library. In ldapd(8) The MOD_DELETE operation always deletes all values of an attribute and not only those specified in the request. (Mails from Zhang Huangbin to bugs@ on May 18, 2016 and December 30, 2016). I reproduced this issue connecting to ldapd(8) with the openLDAP client tools (instead of the pyton-ldap library). To illustrate the issue, lets take this LDAP entry (take note of the "memberUID" attribute and its values): dn: cn=detectives,ou=Group,dc=example,dc=org objectClass: posixGroup cn: detectives gidNumber: 1012 memberUID: dasinger memberUID: wergard memberUID: gems memberUID: amberdon description: Detectives of the Kyth Interstaller Detective Agency To delete the memberUID value of "amberdon" from this entry you submit the following LDIF to the ldapd server: dn: cn=detectives,ou=group,dc=example,dc=org changeType: modify delete: memberUid memberUid: amberdon I'm using the openLDAP command line tool "ldapmodify" for this. The LDIF above is the contents of a file "del_amberdon.ldif": ldapmodify -x -h $HOST -p 389 -D $BINDDN -w $PASSWD del_amberdon.ldif The expected result would be a "detectives" group of: dn: cn=detectives,ou=Group,dc=example,dc=org objectClass: posixGroup cn: detectives gidNumber: 1012 memberUID: dasinger memberUID: wergard memberUID: gems description: Detectives of the Kyth Interstaller Detective Agency However, ldapd(8) now has removed all values for the "memberUID" attribute (in LDAP parlance "the entire attribute is removed") and you get the following entry:: dn: cn=detectives,ou=Group,dc=example,dc=org objectClass: posixGroup cn: detectives gidNumber: 1012 description: Detectives of the Kyth Interstaller Detective Agency Looking at the source, I found these issues (suggested fixes in parentheses, tentative patch attached): - in modify.c:ldap_modify(), lines 298 ff., in case LDAP_MOD_DELETE there was a check for BER_TYPE_SET, however 1. AttributeValues are always in a set, even if it is empty (PartialAttribute, see RFC4511, Section 4.1.7), so that check couldn't have worked, even if the right variable had been checked --- see next point. 2. The `vals' variable has a value of SET, however the variable checked, `vals->be_sup' is already an element of the set, that is, either it has a type of EOC (when there are no attribute values), or it has a type of OCTETSTRING and contains the first attribute value. (Look for a type of BER_TYPE_OCTETSTRING instead). - in attributes.c:ldap_del_values(), lines 222 ff. 1. the elements inspected (variables `vk' and `xk') are not those containing the attribute values; the attribute values are in `v' and `x', `xk' and `vk' are (probably) uninitialized. (Use `v' and `x' instead.) 2. When freeing the element found, current `v' is freed, and `v->be_next' has no meaning anymore. (Use `next' variable to save the pointer.) 3. Setting `prev' to `v' is wrong when an element has been removed. (Set a flag if element is removed and re-set `prev' only if the flag isn't set.) - in ber.c:ber_free_elements() the current and all following elements are freed. (Add ber_free_element() which frees only the current element and use this function in attributes.c:ldap_del_values().) Index: attributes.c === RCS file: /cvs/src/usr.sbin/ldapd/attributes.c,v retrieving revision 1.4 diff -u -p -r1.4 attributes.c --- attributes.c20 Jan 2017 11:55:08 - 1.4 +++ attributes.c1 Feb 2017 14:34:42 - @@ -207,9 +207,9 @@ int ldap_del_values(struct ber_element *elm, struct ber_element *vals) { char*attr; - struct ber_element *old_vals, *v, *x, *vk, *xk, *prev; + struct ber_element *old_vals, *v, *x, *prev, *next; struct ber_element *removed; - + int removed_p; assert(elm); assert(vals); assert(vals->be_sub); @@ -220,19 +220,25 @@ ldap_del_values(struct ber_element *elm, } prev = old_vals; - for (v = old_vals->be_sub; v; v = v->be_next) { - vk = v->be_sub; + removed_p = 0; + for (v = old_vals->be_sub; v; v = next) { +
Re: add empty /root/.ssh/authorized_keys to mtree/sets ?
On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote: > On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote: > > On 2017/02/05 09:53, Robert Peichaer wrote: > > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote: > > > > Hi, > > > > > > > > when installing 'throwaway' VMs (manually, not always using autoinstall > > > > for > > > > $REASONS) i've often found myself having to do right after the install: > > > > install -d -m 700 /root/.ssh > > > > install -m 600 /dev/null /root/.ssh/authorized_keys > > > > (or touch /root/.ssh/authorized_keys && chmod 600 > > > > /root/.ssh/authorized_keys, ymmv) > > > > > > > > those are present in /etc/skel for "real" users, so why not creating > > > > them for the root account ? install.sub also creates /mnt/root/.ssh when > > > > using autoinstall and giving an ssh pubkey, so that'll be one less step > > > > to do there. > > > > > > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not > > > > make it > > > > easier to use it ? This ways, the correct modes are set.. i often > > > > fat-fingered > > > > this, to see sshd complaining (rightly!) about bad modes on > > > > .ssh/authorized_keys. > > > > > > Conceptually I'd like this going in. > > > > +1. (On "managed" systems I use root-owned authorized_keys in a system > > directory, > > but this doesn't get in the way, and it makes things easier on ad-hoc > > installed > > systems). > > Finally built a release with this, the empty file is created in > /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own > /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays. > dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept > it > for consistency. > Hopefully more ppl can chime in and think of potential drawbacks this > diff exposes... One of the drawbacks i see is that ppl *might* get a security alert from changelist if the (empty) file suddenly appears after an upgrade... but i think we can/should live with that ? Landry
Re: add empty /root/.ssh/authorized_keys to mtree/sets ?
On Sun, Feb 05, 2017 at 08:37:31PM +, Stuart Henderson wrote: > On 2017/02/05 09:53, Robert Peichaer wrote: > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote: > > > Hi, > > > > > > when installing 'throwaway' VMs (manually, not always using autoinstall > > > for > > > $REASONS) i've often found myself having to do right after the install: > > > install -d -m 700 /root/.ssh > > > install -m 600 /dev/null /root/.ssh/authorized_keys > > > (or touch /root/.ssh/authorized_keys && chmod 600 > > > /root/.ssh/authorized_keys, ymmv) > > > > > > those are present in /etc/skel for "real" users, so why not creating > > > them for the root account ? install.sub also creates /mnt/root/.ssh when > > > using autoinstall and giving an ssh pubkey, so that'll be one less step > > > to do there. > > > > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not > > > make it > > > easier to use it ? This ways, the correct modes are set.. i often > > > fat-fingered > > > this, to see sshd complaining (rightly!) about bad modes on > > > .ssh/authorized_keys. > > > > Conceptually I'd like this going in. > > +1. (On "managed" systems I use root-owned authorized_keys in a system > directory, > but this doesn't get in the way, and it makes things easier on ad-hoc > installed > systems). Finally built a release with this, the empty file is created in /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays. dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept it for consistency. Hopefully more ppl can chime in and think of potential drawbacks this diff exposes... Sets diff added too, modeled after what's done for /etc/skel/.ssh/authorized_keys - dunno if it should be commited along the etc/ change. Landry Index: etc/Makefile === RCS file: /cvs/src/etc/Makefile,v retrieving revision 1.449 diff -u -r1.449 Makefile --- etc/Makefile2 Feb 2017 21:35:05 - 1.449 +++ etc/Makefile9 Feb 2017 17:13:00 - @@ -110,6 +110,8 @@ ${DESTDIR}/root/.Xdefaults; \ ${INSTALL} -c -o root -g wheel -m 644 dot.cvsrc \ ${DESTDIR}/root/.cvsrc; \ + ${INSTALL} -c -o root -g wheel -m 600 /dev/null \ + ${DESTDIR}/root/.ssh/authorized_keys; \ rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \ ${INSTALL} -c -o root -g wheel -m 644 dot.cshrc \ ${DESTDIR}/.cshrc; \ Index: etc/mtree/4.4BSD.dist === RCS file: /cvs/src/etc/mtree/4.4BSD.dist,v retrieving revision 1.293 diff -u -r1.293 4.4BSD.dist --- etc/mtree/4.4BSD.dist 27 Dec 2016 09:17:52 - 1.293 +++ etc/mtree/4.4BSD.dist 9 Feb 2017 17:13:00 - @@ -118,6 +118,8 @@ mnt .. root mode=0700 +.ssh uname=root mode=0700 +.. .. sbin .. Index: distrib/sets/lists/base/mi === RCS file: /cvs/src/distrib/sets/lists/base/mi,v retrieving revision 1.820 diff -u -r1.820 mi --- distrib/sets/lists/base/mi 7 Feb 2017 21:32:48 - 1.820 +++ distrib/sets/lists/base/mi 9 Feb 2017 17:12:42 - @@ -232,6 +232,7 @@ ./home ./mnt ./root +./root/.ssh ./sbin ./sbin/atactl ./sbin/badsect Index: distrib/sets/lists/etc/mi === RCS file: /cvs/src/distrib/sets/lists/etc/mi,v retrieving revision 1.211 diff -u -r1.211 mi --- distrib/sets/lists/etc/mi 1 Oct 2016 16:58:29 - 1.211 +++ distrib/sets/lists/etc/mi 9 Feb 2017 17:12:42 - @@ -50,6 +50,7 @@ ./root/.cvsrc ./root/.login ./root/.profile +./root/.ssh/authorized_keys ./var/crash/minfree ./var/cron/at.deny ./var/cron/cron.deny
Re: Test wanted: free unix domain (a.k.a SOCKET_LOCK())
On Thu, 09 Feb 2017 08:27:51 -0700, "Todd C. Miller" wrote: > On Thu, 09 Feb 2017 12:36:44 +0100, Martin Pieuchot wrote: > > > dtucker@ reported an interesting recursion [0]. His trace shows that > > a thread executing unp_detach() MUST NOT be holding the NET_LOCK(). > > > > So here's a new version of my SOCKET_LOCK() diff that does exactly > > that. That means sofree(9) won't grab the NET_LOCK() for unix sockets > > which makes uipc_usrreq() completely NET_LOCK() free. > > The NET_ASSERT_UNLOCKED() in the PRU_BIND case in uipc_usrreq() > appears to be superfluous since you've added an assert before the > switch() too. Also, since unp_connect() is only called via uipc_usrreq() there is no need for NET_ASSERT_UNLOCKED() in unp_connect(). - todd
unbound 1.6.1rc1
Here's an update to the release candidate for 1.6.1. Tests/feedback welcome. Diff is 600K so it's at https://junkpile.org/unbound-1.6.1rc1.diff rather than inline. Small change compared to upstream, we don't install the library so autoconf has been edited to avoid requiring contrib/libunbound.pc.in. Here's the changelog since the last version we have (1.5.9), there were one or two things backported already but not much. 9 February 2017: Wouter - tag 1.6.1rc1. 8 February 2017: Wouter - Fix for type name change and fix warning on windows compile. 7 February 2017: Wouter - Include root trust anchor id 20326 in unbound-anchor. 6 February 2017: Wouter - Fix compile on solaris of the fix to use $host detect. 4 February 2017: Wouter - fix root_anchor test for updated icannbundle.pem lower certificates. 26 January 2017: Wouter - Fix 1211: Fix can't enable interface-automatic if no IPv6 with more helpful error message. 20 January 2017: Wouter - Increase MAX_MODULE to 16. 19 January 2017: Wouter - Fix to Rename ub_callback_t to ub_callback_type, because POSIX reserves _t typedefs. - Fix to rename internally used types from _t to _type, because _t type names are reserved by POSIX. - iana portlist update 12 January 2017: Wouter - Fix to also block meta types 128 through to 248 with formerr. - Fix #1206: Some view-related commands are missing from 'unbound-control -h' 9 January 2017: Wouter - Fix #1202: Fix code comment that packed_rrset_data is not always 'packed'. 6 January 2017: Wouter - Fix #1201: Fix missing unlock in answer_from_cache error condition. 5 January 2017: Wouter - Fix to return formerr for queries for meta-types, to avoid packet amplification if this meta-type is sent on to upstream. - Fix #1184: Log DNS replies. This includes the same logging information that DNS queries and response code and response size, patch from Larissa Feng. - Fix #1185: Source IP rate limiting, patch from Larissa Feng. 3 January 2017: Wouter - configure --enable-systemd and lets unbound use systemd sockets if you enable use-systemd: yes in unbound.conf. Also there are contrib/unbound.socket and contrib/unbound.service: systemd files for unbound, install them in /usr/lib/systemd/system. Contributed by Sami Kerola and Pavel Odintsov. - Fix reload chdir failure when also chrooted to that directory. 2 January 2017: Wouter - Fix #1194: Cross build fails when $host isn't `uname` for getentropy. 23 December 2016: Ralph - Fix #1190: Do not echo back EDNS options in local-zone error response. - iana portlist update 21 December 2016: Ralph - Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built with Nettle 19 December 2016: Ralph - Fix #1191: remove comment about view deletion. 15 December 2016: Wouter - iana portlist update - 64bit is default for windows builds. - Fix inet_ntop and inet_pton warnings in windows compile. 14 December 2016: Wouter - Fix #1178: attempt to fix setup error at end, pop result values at end of install. 13 December 2016: Wouter - Fix #1182: Fix Resource leak (socket), at startup. - Fix unbound-control and ipv6 only. 9 December 2016: Wouter - Fix #1176: stack size too small for Alpine Linux. 8 December 2016: Wouter - Fix downcast warnings from visual studio in sldns code. - tag 1.6.0rc1 which became 1.6.0 on 15 dec, and trunk is 1.6.1. 7 December 2016: Ralph - Add DSA support for OpenSSL 1.1.0 - Fix remote control without cert for LibreSSL 6 December 2016: George - Added generic EDNS code for registering known EDNS option codes, bypassing the cache response stage and uniquifying mesh states. Four EDNS option lists were added to module_qstate (module_qstate.edns_opts_*) to store EDNS options from/to front/back side. - Added two flags to module_qstate (no_cache_lookup, no_cache_store) that control the modules' cache interactions. - Added code for registering inplace callback functions. The registered functions can be called just before replying with local data or Chaos, replying from cache, replying with SERVFAIL, replying with a resolved query, sending a query to a nameserver. The functions can inspect the available data and maybe change response/query related data (i.e. append EDNS options). - Updated Python module for the above. - Updated Python documentation. 5 December 2016: Ralph - Fix #1173: differ local-zone type deny from unset tag_actions element. 5 December 2016: Wouter - Fix #1170: document that 'i
Re: Test wanted: free unix domain (a.k.a SOCKET_LOCK())
On Thu, 09 Feb 2017 12:36:44 +0100, Martin Pieuchot wrote: > dtucker@ reported an interesting recursion [0]. His trace shows that > a thread executing unp_detach() MUST NOT be holding the NET_LOCK(). > > So here's a new version of my SOCKET_LOCK() diff that does exactly > that. That means sofree(9) won't grab the NET_LOCK() for unix sockets > which makes uipc_usrreq() completely NET_LOCK() free. The NET_ASSERT_UNLOCKED() in the PRU_BIND case in uipc_usrreq() appears to be superfluous since you've added an assert before the switch() too. - todd
Re: [WWW] faq/current.html - acme.conf -> acme-client.conf
Theo Buehler(t...@math.ethz.ch) on 2017.02.09 14:07:12 +0100: > On Thu, Feb 09, 2017 at 12:53:53PM +, Raf Czlonka wrote: > > Hi all, > > > > There a typo in the acme-client config file name in faq/current.html[0] > > > > Patch below? > > Applied. Thanks. > > > > > [0] https://www.openbsd.org/faq/current.html > > > > Cheers, > > > > Raf > > > > P.S. Given that the config file supports includes, what do people > > think of changing it to something along the lines of: > > > > It is recommended that you leave all current content of the > > new /etc/acme-client.conf untouched, put your domain { } > > sections in separate files and use the _include_ keyword. > > This will make future upgrades easier. > > Isn't this overkill? The domain rules are only a few lines. yes, it is. For current.html anyway. I have some ideas for features where you want to do that anyway, but if that happens it belongs into the manpage.
OSPFd stucks in EXCHG/EXSTA
Hey, ospfd on 6.0-stable stucks in EXCHG/EXSTA while neighboring with Dell N3048 switch. According to some documentation around, this is due to MTU mismatch. This is not in my case. N3048: system jumbo mtu 1512 obsd: trunk1: flags=8943 mtu 1500 lladdr 00:25:90:78:62:b6 description: HW_INTERNAL index 12 priority 0 llprio 3 trunk: trunkproto lacp trunk id: [(8000,00:25:90:78:62:b6,4064,,), (0001,f8:b1:56:61:a1:e4,02AE,,)] trunkport bnx1 active,collecting,distributing trunkport em1 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet 10.4.255.27 netmask 0xffe0 broadcast 10.4.255.31 ping with diff size of pkts and tcpdump reveals that there is no MTU mismatch. Restart of ospfd does not helps, only REBOOT. I decided to dig into this and found that changing MTU size on trunk1 can reproduce this 100%. Actually value does not changes, but problem with ospfd can be triggered this way: # ifconfig trunk1 mtu 1500 # rcctl restart ospfd and now ospfd will be stuck in EXCHG/EXSTA. Reboot helps always. Then I tried to put mtu for each face involved in trunk1. Result is then same - triggered with ’ifconfig trunk1 mtu 1500’. # cat /etc/hostname.bnx1 up mtu 1500 # cat /etc/hostname.em1 up mtu 1500 Any ideas? Br mxb
Re: [WWW] faq/current.html - acme.conf -> acme-client.conf
On Thu, Feb 09, 2017 at 12:53:53PM +, Raf Czlonka wrote: > Hi all, > > There a typo in the acme-client config file name in faq/current.html[0] > > Patch below? Applied. Thanks. > > [0] https://www.openbsd.org/faq/current.html > > Cheers, > > Raf > > P.S. Given that the config file supports includes, what do people > think of changing it to something along the lines of: > > It is recommended that you leave all current content of the > new /etc/acme-client.conf untouched, put your domain { } > sections in separate files and use the _include_ keyword. > This will make future upgrades easier. Isn't this overkill? The domain rules are only a few lines.
[WWW] faq/current.html - acme.conf -> acme-client.conf
Hi all, There a typo in the acme-client config file name in faq/current.html[0] Patch below? [0] https://www.openbsd.org/faq/current.html Cheers, Raf P.S. Given that the config file supports includes, what do people think of changing it to something along the lines of: It is recommended that you leave all current content of the new /etc/acme-client.conf untouched, put your domain { } sections in separate files and use the _include_ keyword. This will make future upgrades easier. Index: faq/current.html === RCS file: /cvs/www/faq/current.html,v retrieving revision 1.780 diff -u -p -r1.780 current.html --- faq/current.html5 Feb 2017 07:02:51 - 1.780 +++ faq/current.html9 Feb 2017 12:43:39 - @@ -581,7 +581,7 @@ cp -p /etc/acme/privkey.pem /etc/acme/le It is recommended that you leave all current content of the new -/etc/acme.conf untouched and append your domain { } sections. +/etc/acme-client.conf untouched and append your domain { } sections. This will make future upgrades easier.
Test wanted: free unix domain (a.k.a SOCKET_LOCK())
dtucker@ reported an interesting recursion [0]. His trace shows that a thread executing unp_detach() MUST NOT be holding the NET_LOCK(). So here's a new version of my SOCKET_LOCK() diff that does exactly that. That means sofree(9) won't grab the NET_LOCK() for unix sockets which makes uipc_usrreq() completely NET_LOCK() free. Please test and report back. [0] https://marc.info/?l=openbsd-misc&m=148661605114230&w=2 Index: kern/sys_socket.c === RCS file: /cvs/src/sys/kern/sys_socket.c,v retrieving revision 1.28 diff -u -p -r1.28 sys_socket.c --- kern/sys_socket.c 31 Jan 2017 12:16:20 - 1.28 +++ kern/sys_socket.c 9 Feb 2017 11:21:44 - @@ -38,6 +38,7 @@ #include #include #include +#include #include #include #include @@ -127,10 +128,10 @@ soo_ioctl(struct file *fp, u_long cmd, c } if (IOCGROUP(cmd) == 'r') return (EOPNOTSUPP); - NET_LOCK(s); + SOCKET_LOCK(so, s); error = ((*so->so_proto->pr_usrreq)(so, PRU_CONTROL, (struct mbuf *)cmd, (struct mbuf *)data, (struct mbuf *)NULL, p)); - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (error); } @@ -187,10 +188,10 @@ soo_stat(struct file *fp, struct stat *u ub->st_mode |= S_IWUSR | S_IWGRP | S_IWOTH; ub->st_uid = so->so_euid; ub->st_gid = so->so_egid; - NET_LOCK(s); + SOCKET_LOCK(so, s); (void) ((*so->so_proto->pr_usrreq)(so, PRU_SENSE, (struct mbuf *)ub, NULL, NULL, p)); - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (0); } Index: kern/uipc_socket.c === RCS file: /cvs/src/sys/kern/uipc_socket.c,v retrieving revision 1.176 diff -u -p -r1.176 uipc_socket.c --- kern/uipc_socket.c 1 Feb 2017 20:59:47 - 1.176 +++ kern/uipc_socket.c 9 Feb 2017 11:21:44 - @@ -135,16 +135,16 @@ socreate(int dom, struct socket **aso, i so->so_egid = p->p_ucred->cr_gid; so->so_cpid = p->p_p->ps_pid; so->so_proto = prp; - NET_LOCK(s); + SOCKET_LOCK(so, s); error = (*prp->pr_usrreq)(so, PRU_ATTACH, NULL, (struct mbuf *)(long)proto, NULL, p); if (error) { so->so_state |= SS_NOFDREF; sofree(so); - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (error); } - NET_UNLOCK(s); + SOCKET_UNLOCK(s); *aso = so; return (0); } @@ -154,9 +154,9 @@ sobind(struct socket *so, struct mbuf *n { int s, error; - NET_LOCK(s); + SOCKET_LOCK(so, s); error = (*so->so_proto->pr_usrreq)(so, PRU_BIND, NULL, nam, NULL, p); - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (error); } @@ -171,11 +171,11 @@ solisten(struct socket *so, int backlog) if (isspliced(so) || issplicedback(so)) return (EOPNOTSUPP); #endif /* SOCKET_SPLICE */ - NET_LOCK(s); + SOCKET_LOCK(so, s); error = (*so->so_proto->pr_usrreq)(so, PRU_LISTEN, NULL, NULL, NULL, curproc); if (error) { - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (error); } if (TAILQ_FIRST(&so->so_q) == NULL) @@ -185,15 +185,13 @@ solisten(struct socket *so, int backlog) if (backlog < sominconn) backlog = sominconn; so->so_qlimit = backlog; - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (0); } void sofree(struct socket *so) { - NET_ASSERT_LOCKED(); - if (so->so_pcb || (so->so_state & SS_NOFDREF) == 0) return; if (so->so_head) { @@ -232,7 +230,7 @@ soclose(struct socket *so) struct socket *so2; int s, error = 0; - NET_LOCK(s); + SOCKET_LOCK(so, s); if (so->so_options & SO_ACCEPTCONN) { while ((so2 = TAILQ_FIRST(&so->so_q0)) != NULL) { (void) soqremque(so2, 0); @@ -256,7 +254,7 @@ soclose(struct socket *so) (so->so_state & SS_NBIO)) goto drop; while (so->so_state & SS_ISCONNECTED) { - error = rwsleep(&so->so_timeo, &netlock, + error = sosleep(so, &so->so_timeo, PSOCK | PCATCH, "netcls", so->so_linger * hz); if (error) @@ -276,7 +274,7 @@ discard: panic("soclose NOFDREF: so %p, so_type %d", so, so->so_type); so->so_state |= SS_NOFDREF; sofree(so); - NET_UNLOCK(s); + SOCKET_UNLOCK(s); return (error); } @@ -294,7 +292,7 @@ soaccept(struct socket *so, struct mbuf { int error = 0; - NET_ASSERT_LOCKED(); + SOCKET_ASSERT_LOCKED(so
Fix config -p
One of the last build system changes broke 'config -p'. Currently you get: $ cd /sys/arch/amd64/conf/ $ config -p GENERIC.MP config -b /usr/src/sys/arch/amd64/compile/GENERIC.MP.PROF/obj -s /usr/src/sys /usr/src/sys/arch/amd64/conf/GENERIC.MP.PROF config: cannot read /usr/src/sys/arch/amd64/conf/GENERIC.MP.PROF: No such file or directory *** Error 2 in /usr/src/sys/arch/amd64/compile/GENERIC.MP.PROF (../Makefile.inc:12 'config') Diff below fixes that, ok? Index: alpha/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/alpha/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- alpha/compile/Makefile.inc 5 Nov 2016 15:48:52 - 1.3 +++ alpha/compile/Makefile.inc 9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: amd64/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/amd64/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- amd64/compile/Makefile.inc 5 Nov 2016 15:48:53 - 1.3 +++ amd64/compile/Makefile.inc 9 Feb 2017 10:13:51 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: arm64/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/arm64/compile/Makefile.inc,v retrieving revision 1.1 diff -u -p -r1.1 Makefile.inc --- arm64/compile/Makefile.inc 17 Dec 2016 23:38:33 - 1.1 +++ arm64/compile/Makefile.inc 9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: armv7/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/armv7/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- armv7/compile/Makefile.inc 5 Nov 2016 15:48:53 - 1.3 +++ armv7/compile/Makefile.inc 9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: hppa/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/hppa/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- hppa/compile/Makefile.inc 5 Nov 2016 15:48:53 - 1.3 +++ hppa/compile/Makefile.inc 9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: i386/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/i386/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- i386/compile/Makefile.inc 5 Nov 2016 15:48:53 - 1.3 +++ i386/compile/Makefile.inc 9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: landisk/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/landisk/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- landisk/compile/Makefile.inc5 Nov 2016 15:48:53 - 1.3 +++ landisk/compile/Makefile.inc9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T:S/.PROF$//} .endif cleandir clean: Index: loongson/compile/Makefile.inc === RCS file: /cvs/src/sys/arch/loongson/compile/Makefile.inc,v retrieving revision 1.3 diff -u -p -r1.3 Makefile.inc --- loongson/compile/Makefile.inc 5 Nov 2016 15:48:53 - 1.3 +++ loongson/compile/Makefile.inc 9 Feb 2017 10:13:53 - @@ -9,7 +9,7 @@ config: .else .PHONY: config clean config: - config -b ${.OBJDIR} -s ${SYSDIR} ${CONFDIR}/${.CURDIR:T} + config -b ${.OBJDIR} -s $