Re: Remove path support from OpenBSD::Pledge
On Fri, Sep 8, 2017 at 8:40 PM, Andrew Fresh wrote: > This removes path support from the OpenBSD::Pledge perl module in > preparation for the hot new thing. > > I don't believe anyone could be using this as it would have just thrown > errors if you tried, but thought I should ask for an ok. > > so OK? > Looks good. ok guenther@
[patch] Remove redundant operation in pctr.c
Hi tech@, Remove setting null-terminated string operation, since bzero() has done this operation before. Sorry if I miss some points. Thanks! Best Regards Nan Xiao Index: pctr.c === RCS file: /cvs/src/usr.bin/pctr/pctr.c,v retrieving revision 1.22 diff -u -p -r1.22 pctr.c --- pctr.c 8 Feb 2015 23:40:34 - 1.22 +++ pctr.c 9 Sep 2017 03:43:36 - @@ -169,7 +169,6 @@ pctr_cpu_creds(void) bzero(arch, sizeof(arch)); if (sysctl(mib, 2, arch, &len, NULL, 0) == -1) err(1, "HW_MACHINE"); - arch[len] = '\0'; if (strcmp(arch, "i386") == 0) atype = ARCH_I386; @@ -198,7 +197,6 @@ pctr_cpu_creds(void) bzero(vendor, sizeof(vendor)); if (sysctl(mib, 2, vendor, &len, NULL, 0) == -1) err(1, "CPU_CPUVENDOR"); - vendor[len] = '\0'; switch (atype) { case ARCH_I386:
ld.so: delete obsolete __plt_{start,end} handling
It's been a year since the ldscripts have created __plt_start or __plt_end symbols, so references to them will never resolve. Just delete the _dl_protect_segment() calls that are dependent on one or both of those symbols. ok? Philip Guenther Index: libexec/ld.so/alpha/rtld_machine.c === RCS file: /data/src/openbsd/src/libexec/ld.so/alpha/rtld_machine.c,v retrieving revision 1.61 diff -u -p -r1.61 rtld_machine.c --- libexec/ld.so/alpha/rtld_machine.c 16 Feb 2017 13:31:10 - 1.61 +++ libexec/ld.so/alpha/rtld_machine.c 9 Sep 2017 03:34:08 - @@ -306,11 +306,6 @@ _dl_md_reloc_got(elf_object_t *object, i _dl_protect_segment(object, seg_start, "__got_start", "__got_end", PROT_READ); - /* mprotect the PLT, if it isn't already read-only */ - if (pltro == 0) - _dl_protect_segment(object, (Elf_Addr)pltgot, "__plt_start", - "__plt_end", PROT_READ|PROT_EXEC); - return (fails); } Index: libexec/ld.so/powerpc/rtld_machine.c === RCS file: /data/src/openbsd/src/libexec/ld.so/powerpc/rtld_machine.c,v retrieving revision 1.62 diff -u -p -r1.62 rtld_machine.c --- libexec/ld.so/powerpc/rtld_machine.c24 Jan 2017 10:59:10 - 1.62 +++ libexec/ld.so/powerpc/rtld_machine.c9 Sep 2017 03:28:38 - @@ -573,10 +573,6 @@ _dl_md_reloc_got(elf_object_t *object, i if (prot_exec != 0 && got_addr != NULL) _dl_syncicache(got_addr, 4); - /* mprotect the PLT */ - _dl_protect_segment(object, 0, "__plt_start", "__plt_end", - PROT_READ|prot_exec); - return (fails); } Index: libexec/ld.so/sparc64/rtld_machine.c === RCS file: /data/src/openbsd/src/libexec/ld.so/sparc64/rtld_machine.c,v retrieving revision 1.60 diff -u -p -r1.60 rtld_machine.c --- libexec/ld.so/sparc64/rtld_machine.c28 Aug 2017 14:06:22 - 1.60 +++ libexec/ld.so/sparc64/rtld_machine.c9 Sep 2017 03:25:15 - @@ -841,10 +841,6 @@ _dl_md_reloc_got(elf_object_t *object, i if (object->traced) lazy = 1; - /* temporarily make the PLT writable */ - _dl_protect_segment(object, 0, "__plt_start", "__plt_end", - PROT_READ|PROT_WRITE); - if (!lazy) { fails = _dl_md_reloc_all_plt(object); } else { @@ -856,10 +852,6 @@ _dl_md_reloc_got(elf_object_t *object, i /* mprotect the GOT */ _dl_protect_segment(object, 0, "__got_start", "__got_end", PROT_READ); - - /* mprotect the PLT */ - _dl_protect_segment(object, 0, "__plt_start", "__plt_end", - PROT_READ|PROT_EXEC); return (fails); }
Remove path support from OpenBSD::Pledge
This removes path support from the OpenBSD::Pledge perl module in preparation for the hot new thing. I don't believe anyone could be using this as it would have just thrown errors if you tried, but thought I should ask for an ok. so OK? Index: gnu/usr.bin/perl/cpan/OpenBSD-Pledge//Pledge.xs === RCS file: /cvs/src/gnu/usr.bin/perl/cpan/OpenBSD-Pledge/Pledge.xs,v retrieving revision 1.1 diff -u -p -r1.1 Pledge.xs --- gnu/usr.bin/perl/cpan/OpenBSD-Pledge//Pledge.xs 29 Nov 2015 19:01:27 - 1.1 +++ gnu/usr.bin/perl/cpan/OpenBSD-Pledge//Pledge.xs 9 Sep 2017 03:19:03 - @@ -38,27 +38,8 @@ pledgenames() XSRETURN(i); int -_pledge(const char * promises, SV * paths) -INIT: - SSize_t numpaths = 0, n; - +_pledge(const char * promises) CODE: - if (SvOK(paths)) { - if (SvTYPE(SvRV(paths)) != SVt_PVAV) - croak("not an ARRAY reference"); - - numpaths = av_top_index((AV *)SvRV(paths)); - - const char *pledge_paths[ numpaths + 1 ]; - pledge_paths[ numpaths + 1 ] = NULL; - - for (n = 0; n <= numpaths; n++) - pledge_paths[n] - = SvPV_nolen(*av_fetch((AV *)SvRV(paths), n, 0)); - - RETVAL = pledge(promises, pledge_paths) != -1; - } - else - RETVAL = pledge(promises, NULL) != -1; + RETVAL = pledge(promises, NULL) != -1; OUTPUT: RETVAL Index: gnu/usr.bin/perl/cpan/OpenBSD-Pledge//lib/OpenBSD/Pledge.pm === RCS file: /cvs/src/gnu/usr.bin/perl/cpan/OpenBSD-Pledge/lib/OpenBSD/Pledge.pm,v retrieving revision 1.2 diff -u -p -r1.2 Pledge.pm --- gnu/usr.bin/perl/cpan/OpenBSD-Pledge//lib/OpenBSD/Pledge.pm 3 Jul 2016 01:07:57 - 1.2 +++ gnu/usr.bin/perl/cpan/OpenBSD-Pledge//lib/OpenBSD/Pledge.pm 9 Sep 2017 03:19:03 - @@ -10,7 +10,7 @@ our %EXPORT_TAGS = ( 'all' => [qw( pledg our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); our @EXPORT = qw( pledge ); ## no critic 'export' -our $VERSION = '0.01'; +our $VERSION = '0.02'; require XSLoader; XSLoader::load( 'OpenBSD::Pledge', $VERSION ); @@ -19,14 +19,11 @@ sub pledge { my (@promises) = @_; - my $paths; - $paths = pop @promises if @promises and ref $promises[-1] eq 'ARRAY'; - my %seen; my $promises = join q{ }, sort grep { !$seen{$_}++ } ( 'stdio', @promises ); - return _pledge( $promises, $paths ); + return _pledge( $promises ); } 1; @@ -41,15 +38,16 @@ OpenBSD::Pledge - Perl interface to Open =head1 SYNOPSIS use OpenBSD::Pledge; + my $file = "/usr/share/dict/words"; - pledge(qw( rpath ), [$file]) || die "Unable to pledge: $!"; + pledge( qw( rpath ) ) || die "Unable to pledge: $!"; + open my $fh, '<', $file or die "Unable to open $file: $!"; - open my $fh, '<', $file or die "Unable to open $file: $!\n"; - while ( readline($fh) ) { -print if /pledge/i; - } + pledge() || die "Unable to pledge again: $!"; + print grep { /pledge/i } readline($fh); close $fh; + =head1 DESCRIPTION This module provides a perl interface to OpenBSD's L L. @@ -58,32 +56,30 @@ Once you promise that your program will the kernel will kill the program if it attempts to call any other interfaces. -=head2 EXPORT +=head1 EXPORT Exports L by default. C<:all> will also export L -=head1 METHODS +=head1 FUNCTIONS -=head2 pledge(@promises, [\@paths]) +=head2 pledge -With L you can promise what abilities your program will need. -You can pledge multiple times with more restrictive promises, -but abilities can never be regained. +Perl interface to L. -This interface always promises C because L itself uses some of -the provided system calls. + pledge(@promises) -You can supply an optional array reference of paths to be used as a whitelist, -all other paths will appear not to exist. -You may only limit the paths once. +The "stdio" promise is always implied, +as L itself is useless without it. -Returns true on success, returns false and sets C<$!> on failure. +Returns true on success, returns false and sets $! on failure =head2 pledgenames Returns a list of the possible promises you can pass to L. + +=back =head1 BUGS AND LIMITATIONS Index: gnu/usr.bin/perl/cpan/OpenBSD-Pledge//t/OpenBSD-Pledge.t === RCS file: /cvs/src/gnu/usr.bin/perl/cpan/OpenBSD-Pledge/t/OpenBSD-Pledge.t,v retrieving revision 1.2 diff -u -p -r1.2 OpenBSD-Pledge.t --- gnu/usr.bin/perl/cpan/OpenBSD-Pledge//t/OpenBSD-Pledge.t3 Jul 2016 01:07:58 - 1.2 +++ gnu/usr.bin/perl/cpan/OpenBSD-Pledge//t/OpenBSD-Pledge.t9 Sep 2017 03:19:03 - @@ -10,6 +10,7 @@ use strict; use warnings; use Fcntl qw( O_RDONLY O_WRONLY ); +use
mg: fix line numbering bug
When inserting a newline, only increment dotline for windows that are displaying the same buffer as the current one. Index: usr.bin/mg/line.c === RCS file: /cvs/src/usr.bin/mg/line.c,v retrieving revision 1.58 diff -u -p -u -r1.58 line.c --- usr.bin/mg/line.c 11 Dec 2015 20:21:23 - 1.58 +++ usr.bin/mg/line.c 9 Sep 2017 01:36:02 - @@ -264,7 +264,8 @@ lnewline_at(struct line *lp1, int doto) for (wp = wheadp; wp != NULL; wp = wp->w_wndp) { if (wp->w_linep == lp1) wp->w_linep = lp2; - if (wp->w_dotline >= tcurwpdotline) + if (wp->w_dotline >= tcurwpdotline && + wp->w_bufp == curwp->w_bufp) wp->w_dotline++; } undo_add_boundary(FFRAND, 1); @@ -292,7 +293,8 @@ lnewline_at(struct line *lp1, int doto) wp->w_dotp = lp2; wp->w_doto -= doto; wp->w_dotline++; - } else if (wp->w_dotline > tcurwpdotline) + } else if (wp->w_dotline > tcurwpdotline && + wp->w_bufp == curwp->w_bufp) wp->w_dotline++; if (wp->w_markp == lp1 && wp->w_marko >= doto) { wp->w_markp = lp2;
acpithinkpad fixes for brand new machines
Revision 1.50 of acpithinkpad.c made inteldrm defer to acpithinkpad for screen brightness adjustments instead of handling it natively. That was needed to avoid some synchronization issues on machines where the hardware buttons do the backlight adjustment on their own, and just notify acpithinkpad of the change. On brand new machines like the X1C5, the screen adjustment buttons don't do anything on their own and don't even notify acpithinkpad anymore, instead requiring a WMI driver to get notified. Since acpithinkpad is still forcing screen backlight changes to go through the proprietary ACPI interface, it is still limited to 10 levels of backlight adjustment which are oddly defined. I thought about just reverting 1.55 so that acpithinkpad wouldn't even bother attaching to these new machines which now use HID LEN0268, so that inteldrm could take over brightness adjustment and give you the full 100 levels of adjustment. However, controlling keyboard backlight through wscons still has to be done through acpithinkpad, so the driver still has to attach. As is, the driver was not getting notification of keyboard backlight changes either, so the "wsconsctl keyboard.backlight" value would get out of sync with the hardware if you adjusted the backlight with Fn+Space. This diff fixes the keyboard backlight events coming through, and also makes it not take over backlight adjustment on these new machines (LEN0268 and anything in the future). Eventually these machines will need a WMI driver to respond to other hardware keys and react accordingly, though many other kinds of laptops can also benefit from that driver. I'm not pushing to commit this before the lock, so it would be nice to have testing on a wide variety of ThinkPads to make sure the keyboard backlight change doesn't break anything. Index: sys/dev/acpi/acpithinkpad.c === RCS file: /cvs/src/sys/dev/acpi/acpithinkpad.c,v retrieving revision 1.58 diff -u -p -u -p -r1.58 acpithinkpad.c --- sys/dev/acpi/acpithinkpad.c 12 Aug 2017 17:33:51 - 1.58 +++ sys/dev/acpi/acpithinkpad.c 8 Sep 2017 21:39:12 - @@ -41,6 +41,8 @@ #defineTHINKPAD_HKEY_VERSION1 0x0100 #defineTHINKPAD_HKEY_VERSION2 0x0200 +#defineTHINKPAD_KEYLIGHT_MASK 0x2 + #defineTHINKPAD_CMOS_VOLUME_DOWN 0x00 #defineTHINKPAD_CMOS_VOLUME_UP 0x01 #defineTHINKPAD_CMOS_VOLUME_MUTE 0x02 @@ -136,6 +138,7 @@ struct acpithinkpad_softc { const char *sc_thinklight_set; uint64_t sc_brightness; + int sc_fw_brightness; }; extern void acpiec_read(struct acpiec_softc *, u_int8_t, int, u_int8_t *); @@ -195,6 +198,17 @@ const char *acpithinkpad_hids[] = { 0 }; +/* + * Older machines which need backlight control done in firmware/ACPI. Newer + * machines rely on inteldrm to do adjustments since hardware keys don't come + * through here. + */ +const char *acpithinkpad_fw_hids[] = { + "IBM0068", + "LEN0068", + 0 +}; + int thinkpad_match(struct device *parent, void *match, void *aux) { @@ -272,6 +286,9 @@ thinkpad_attach(struct device *parent, s sc->sc_acpi = (struct acpi_softc *)parent; sc->sc_devnode = aa->aaa_node; + sc->sc_fw_brightness = acpi_matchhids(aa, acpithinkpad_fw_hids, + sc->sc_dev.dv_xname); + printf("\n"); #if NAUDIO > 0 && NWSKBD > 0 @@ -299,8 +316,8 @@ thinkpad_attach(struct device *parent, s wskbd_set_backlight = thinkpad_set_backlight; } - if (aml_evalinteger(sc->sc_acpi, sc->sc_devnode, "PBLG", - 0, NULL, &sc->sc_brightness) == 0) { + if (sc->sc_fw_brightness && aml_evalinteger(sc->sc_acpi, + sc->sc_devnode, "PBLG", 0, NULL, &sc->sc_brightness) == 0) { ws_get_param = thinkpad_get_param; ws_set_param = thinkpad_set_param; } @@ -323,6 +340,9 @@ thinkpad_enable_events(struct acpithinkp printf("%s: no MHKA\n", DEVNAME(sc)); return (1); } + + /* Make sure keyboard backlight events are enabled */ + mask |= THINKPAD_KEYLIGHT_MASK; /* Update hotkey mask */ bzero(args, sizeof(args));
[PATCH] urng.4 - Altusmetrum -> Altus Metrum
Hi all, According to their web pages[0][1] Altus Metrum name comprises two words - both capitalised. [0] http://altusmetrum.org/ [1] http://shop.gag.com/about-magento-demo-store Regards, Raf Index: share/man/man4/urng.4 === RCS file: /cvs/src/share/man/man4/urng.4,v retrieving revision 1.2 diff -u -p -r1.2 urng.4 --- share/man/man4/urng.4 29 Aug 2017 06:12:36 - 1.2 +++ share/man/man4/urng.4 8 Sep 2017 21:13:14 - @@ -34,14 +34,14 @@ and stirs it into the system entropy poo .Xr add_true_randomness 9 . .Sh HARDWARE The following devices are supported by this driver: -.Bl -tag -width "Altusmetrum" +.Bl -tag -width "Altus Metrum" .It Araneus Alea II Capable of delivering 100kbit/sec of hardware-generated entropy. The product documentation states that the USB interface used by the Alea II is the same as that used by its predecessor the Alea I; theoretically this means that the Alea I should work but this has not been tested. -.It Altusmetrum ChaosKey 1.0 +.It Altus Metrum ChaosKey 1.0 This device is capable of providing entropy at 10Mbit/s. .El .Sh SEE ALSO
pflogd fork+exec (redux)
>From lessons learned with tcpdump and talking to deraadt@ and bluhm@, this reworks pflogd to re-exec its unpriv child instead of the priv parent, my initial understanding of the syslogd privsep design was off and pflogd doesn't need any such clever approach. I can also send a diff with my previous attempt reverted if that helps ease review. -Bryan. Index: pflogd.c === RCS file: /cvs/src/sbin/pflogd/pflogd.c,v retrieving revision 1.57 diff -u -p -u -r1.57 pflogd.c --- sbin/pflogd/pflogd.c8 Sep 2017 13:34:29 - 1.57 +++ sbin/pflogd/pflogd.c8 Sep 2017 15:03:21 - @@ -54,7 +54,6 @@ pcap_t *hpcap; static FILE *dpcap; int Debug = 0; -static int privchild = 0; static int snaplen = DEF_SNAPLEN; static int cur_snaplen = DEF_SNAPLEN; @@ -534,13 +533,13 @@ dump_packet(u_char *user, const struct p int main(int argc, char **argv) { - int ch, np, ret, Xflag = 0; + int ch, np, ret, Pflag = 0, Xflag = 0; pcap_handler phandler = dump_packet; const char *errstr = NULL; ret = 0; - while ((ch = getopt(argc, argv, "Dxd:f:i:P:s:")) != -1) { + while ((ch = getopt(argc, argv, "Dxd:f:i:Ps:")) != -1) { switch (ch) { case 'D': Debug = 1; @@ -556,10 +555,9 @@ main(int argc, char **argv) case 'i': interface = optarg; break; - case 'P': /* used internally, exec the parent */ - privchild = strtonum(optarg, 2, INT_MAX, &errstr); - if (errstr) - errx(1, "priv child %s: %s", errstr, optarg); + case 'P': /* used internally, exec the child */ + if (strcmp("-P", argv[1]) == 0) + Pflag = 1; break; case 's': snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN, @@ -593,9 +591,12 @@ main(int argc, char **argv) if (!Debug) { openlog("pflogd", LOG_PID, LOG_DAEMON); - if (daemon(0, 0)) { - logmsg(LOG_WARNING, "Failed to become daemon: %s", - strerror(errno)); + if (!Pflag) { + if (daemon(0, 0)) { + logmsg(LOG_WARNING, + "Failed to become daemon: %s", + strerror(errno)); + } } } @@ -611,11 +612,8 @@ main(int argc, char **argv) argc += optind; argv -= optind; - if (privchild > 1) - priv_exec(privchild, argc, argv); - /* Privilege separation begins here */ - priv_init(argc, argv); + priv_init(Pflag, argc, argv); if (pledge("stdio recvfd", NULL) == -1) err(1, "pledge"); Index: pflogd.h === RCS file: /cvs/src/sbin/pflogd/pflogd.h,v retrieving revision 1.6 diff -u -p -u -r1.6 pflogd.h --- sbin/pflogd/pflogd.h5 Sep 2017 15:41:25 - 1.6 +++ sbin/pflogd/pflogd.h8 Sep 2017 15:03:21 - @@ -34,8 +34,7 @@ void logmsg(int priority, const char *message, ...); /* Privilege separation */ -void priv_init(int, char **); -__dead void priv_exec(int, int, char **); +void priv_init(int, int, char **); intpriv_init_pcap(int); intpriv_set_snaplen(int snaplen); intpriv_open_log(void); Index: privsep.c === RCS file: /cvs/src/sbin/pflogd/privsep.c,v retrieving revision 1.29 diff -u -p -u -r1.29 privsep.c --- sbin/pflogd/privsep.c 6 Sep 2017 12:43:16 - 1.29 +++ sbin/pflogd/privsep.c 8 Sep 2017 15:03:21 - @@ -63,26 +63,20 @@ extern pcap_t *hpcap; /* based on syslogd privsep */ void -priv_init(int argc, char *argv[]) +priv_init(int Pflag, int argc, char *argv[]) { - int i, nargc, socks[2]; + int i, fd = -1, bpfd = -1, nargc, socks[2], cmd; + int snaplen, ret, olderrno; struct passwd *pw; - char childnum[11], **privargv; - - /* Create sockets */ - if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, socks) == -1) - err(1, "socketpair() failed"); + char **nargv; + unsigned int buflen; pw = getpwnam("_pflogd"); if (pw == NULL) errx(1, "unknown user _pflogd"); endpwent(); - child_pid = fork(); - if (child_pid < 0) - err(1, "fork() failed"); - - if (!child_pid) { + if (Pflag) { gid_t gidset[1]; /* Child - drop privileges and return */ @@ -98,47 +92,36 @@ priv_init(int argc, char *argv[]) err(1, "setgroups() failed"); if (setresui
Re: SSE2 instructions emitted in libcompiler_rt
On Fri, Sep 08, 2017 at 10:15:25AM -0700, Mike Larkin wrote: > On Thu, Sep 07, 2017 at 06:52:34PM +0200, Christian Weisgerber wrote: > > Christian Weisgerber: > > > > > > Maybe this would already help? Would at least not throw stones into the > > > > way of the next person doing an upgrade of compiler-rt... > > > -snip- > > > > > > Yes, that's better... but errors out: > > > make: don't know how to make floatdixf.c.c (prerequisite of: > > > floatdixf.c.o) > > > > Oh, it's a typo. The fixed version looks fine to me. > > However, I don't know how to test that these functions actually work. > > > > Index: Makefile > > === > > RCS file: /cvs/src/lib/libcompiler_rt/Makefile,v > > retrieving revision 1.9 > > diff -u -p -r1.9 Makefile > > --- Makefile4 Aug 2017 12:00:59 - 1.9 > > +++ Makefile7 Sep 2017 16:47:31 - > > @@ -89,17 +89,11 @@ GEN_SRCS= absvdi2 \ > > fixunsxfti \ > > fixxfdi \ > > fixxfti \ > > - floatdidf \ > > - floatdisf \ > > - floatdixf \ > > floatsidf \ > > floatsisf \ > > floattidf \ > > floattisf \ > > floattixf \ > > - floatundidf \ > > - floatundisf \ > > - floatundixf \ > > floatunsidf \ > > floatunsisf \ > > floatuntidf \ > > @@ -164,6 +158,22 @@ GEN_SRCS= absvdi2 \ > > umoddi3 \ > > umodsi3 \ > > umodti3 > > + > > +.if ${RTARCH} == "i386" > > +SRCS+= floatdidf.c \ > > + floatdisf.c \ > > + floatdixf.c \ > > + floatundidf.c \ > > + floatundisf.c \ > > + floatundixf.c > > +.else > > +GEN_SRCS+= floatdidf \ > > + floatdisf \ > > + floatdixf \ > > + floatundidf \ > > + floatundisf \ > > + floatundixf > > +.endif > > > > .for file in ${GEN_SRCS} > > . if exists(${.CURDIR}/${RTARCH}/${file}.S) > > -- > > Christian "naddy" Weisgerber na...@mips.inka.de > > > > ok mlarkin if you want to head this way. Thanks for the later verification > that these don't appear to be used on i386 base anyway. > ok patrick as well
Re: SSE2 instructions emitted in libcompiler_rt
On Thu, Sep 07, 2017 at 06:52:34PM +0200, Christian Weisgerber wrote: > Christian Weisgerber: > > > > Maybe this would already help? Would at least not throw stones into the > > > way of the next person doing an upgrade of compiler-rt... > > -snip- > > > > Yes, that's better... but errors out: > > make: don't know how to make floatdixf.c.c (prerequisite of: floatdixf.c.o) > > Oh, it's a typo. The fixed version looks fine to me. > However, I don't know how to test that these functions actually work. > > Index: Makefile > === > RCS file: /cvs/src/lib/libcompiler_rt/Makefile,v > retrieving revision 1.9 > diff -u -p -r1.9 Makefile > --- Makefile 4 Aug 2017 12:00:59 - 1.9 > +++ Makefile 7 Sep 2017 16:47:31 - > @@ -89,17 +89,11 @@ GEN_SRCS= absvdi2 \ > fixunsxfti \ > fixxfdi \ > fixxfti \ > - floatdidf \ > - floatdisf \ > - floatdixf \ > floatsidf \ > floatsisf \ > floattidf \ > floattisf \ > floattixf \ > - floatundidf \ > - floatundisf \ > - floatundixf \ > floatunsidf \ > floatunsisf \ > floatuntidf \ > @@ -164,6 +158,22 @@ GEN_SRCS=absvdi2 \ > umoddi3 \ > umodsi3 \ > umodti3 > + > +.if ${RTARCH} == "i386" > +SRCS+= floatdidf.c \ > + floatdisf.c \ > + floatdixf.c \ > + floatundidf.c \ > + floatundisf.c \ > + floatundixf.c > +.else > +GEN_SRCS+= floatdidf \ > + floatdisf \ > + floatdixf \ > + floatundidf \ > + floatundisf \ > + floatundixf > +.endif > > .for file in ${GEN_SRCS} > .if exists(${.CURDIR}/${RTARCH}/${file}.S) > -- > Christian "naddy" Weisgerber na...@mips.inka.de > ok mlarkin if you want to head this way. Thanks for the later verification that these don't appear to be used on i386 base anyway.
/usr/src/distrib/notes/arm64/whatis
The arm64 hardware file listing the actual supported systems was updated recently, but the "whatis" file still has this: "OpenBSD/arm64 runs on the Pine64 and the Raspberry Pi 3. Hardware support is currently limited, but this port is a heavy work in progress." I don't think it needs an actual list of supported machines here as the one in arm64/hardware gets assembled into the same output file (INSTALL.arm64), but I'm not sure what we'd want to say here instead. Any ideas?
Re: more pax warning fixes
On Fri, Sep 08, 2017 at 07:01:03AM +0200, Otto Moerbeek wrote: > Indeed, better diff, OK bluhm@ > Index: tar.c > === > RCS file: /cvs/src/bin/pax/tar.c,v > retrieving revision 1.63 > diff -u -p -r1.63 tar.c > --- tar.c 26 Aug 2016 04:11:16 - 1.63 > +++ tar.c 8 Sep 2017 05:00:10 - > @@ -1209,7 +1209,7 @@ static int > rd_xheader(ARCHD *arcn, int global, off_t size) > { > char buf[MAXXHDRSZ]; > - unsigned long len; > + long len; > char *delim, *keyword; > char *nextp, *p, *end; > int pad, ret = 0; > @@ -1247,8 +1247,8 @@ rd_xheader(ARCHD *arcn, int global, off_ > break; > } > errno = 0; > - len = strtoul(p, &delim, 10); > - if (*delim != ' ' || (errno == ERANGE && len == ULONG_MAX) || > + len = strtol(p, &delim, 10); > + if (*delim != ' ' || (errno == ERANGE && len == LONG_MAX) || > len < MINXHDRSZ) { > paxwarn(1, "Invalid extended header record length"); > ret = -1; >
Re: more pax warning fixes
On Fri, 08 Sep 2017 07:01:03 +0200, Otto Moerbeek wrote: > Indeed, better diff, OK millert@ - todd
Re: SSE2 instructions emitted in libcompiler_rt
On 2017-09-07, Christian Weisgerber wrote: > However, I don't know how to test that these functions actually work. FWIW, I checked all *.o files from a make build of base, but there are no references to __float(di|undi)[dsx]f. I guess nothing uses these functions and clang doesn't generate code to call them. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: [patch] Remove local nameservers from dhclient.conf during an upgrade.
On Fri, Sep 08, 2017 at 12:29:57PM +0100, Raf Czlonka wrote: > > One small comment regarding your patch - since a good while, sed(1) > can do in place file edits so the above is a useless use of cat :^) > Hehe, that too. Thanks for pointing it out! It's been a long week with way too little sleep. ;-) *hides in shame*
Re: [patch] Remove local nameservers from dhclient.conf during an upgrade.
On Fri, Sep 08, 2017 at 06:39:55AM -0400, Jiri B wrote: > > ^^ if you would append a dns server which it provided by dhcp to your > regular /etc/dhclient.conf, then it should work find, shouldn't it? > it would try first one, fail, try second one. > > and your changed doesn't work for servers with do use static ip > settings and have local dns in /etc/resolv.conf. am I not right? > > j. Yeah, you're absolutely right. Ignore this patch. I wanted to avoid adding an extra nameserver to prevent unknowingly "leaking" DNS traffic in case unbound went away. But yeah, it's also stupid to bloat /bsd.rd with a fix for an uncommon cases like this. :-) Jesper Wallin
Re: vmd(8): Improve RFC 2132 compliance (DHCP)
Hi, thank you for the patch and the detailed explanation. I knew that Android is having similar problems under vmd, maybe that's also because of busybox' udhcpc. I have to clarify that vmd does not implement "DHCP" but "BOOTP". I picked BOOTP because it was simpler to implement and totally sufficient for vmd's use case: we don't need lease times, stateful configuration, or any of the fancy DHCP options. Less code and complexity. My assumption was that DHCP is a superset of BOOTP; most DHCP clients support BOOTP responses (with vendor extensions). udhcpc is the first DHCP-only client that I've seen. But now I stumbled over RFC 1534 where it says: "3. DHCP clients and BOOTP servers A DHCP client MAY use a reply from a BOOTP server if the configuration returned from the BOOTP server is acceptable to the DHCP client. A DHCP client MUST assume that an IP address returned in a message from a BOOTP server has an infinite lease. A DHCP client SHOULD choose to use a reply from a DHCP server in preference to a reply from a BOOTP server." So udhcpc is stupid but it is actually not wrong. So I'm wondering if your diff is the right approach: should we add the minimal DHCP-in-BOOTP fields as a workaround for udhcpc or should we rather change it to be some kind of minimal RFC-compliant DHCP? Reyk > On 08.09.2017, at 06:42, Anthony Coulter wrote: > > The DHCP client available in the Alpine Linux installer (udhcpc, part > of BusyBox) does not accept responses that do not include the DHCP > message type option. Worse, it expects the message type to be > DHCPOFFER in some circumstances and DHCPREQUEST in others. The DHCP > server in vmd omits this option entirely, which makes it impossible > to install Alpine Linux in a virtual machine configured with "-L". > > The simplest fix would be to use "resp.options[6] == DHCPOFFER" instead > of is_discover (see the patch below) because in practice the DHCP > message type will be the first option present after the magic cookie. > This was the first thing I tried, and it worked. But it's incorrect. > > RFC 1534 says that requests with no message type can be treated as > BOOTP and not DHCP messages. It also says that we can send DHCP options > to BOOTP messages if we so desire, so it doesn't really matter whether > we initialize is_discover to zero or one. > > Note that udhcpc also complains about two more options (server ID and > lease time) that are missing from the response message. I didn't do > anything about this because udhcpc uses sensible defaults. > > I've tested this change with udhcpc (in a virtual Alpine Linux system) > and dhclient (in a virtual OpenBSD system) and it works for both. I > have not tried anything else. > > Regards, > Anthony Coulter > > Index: dhcp.c > === > RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v > retrieving revision 1.3 > diff -u -p -u -p -r1.3 dhcp.c > --- dhcp.c24 Apr 2017 07:14:27 - 1.3 > +++ dhcp.c8 Sep 2017 04:12:10 - > @@ -44,6 +44,7 @@ dhcp_request(struct vionet_dev *dev, cha > struct dhcp_packet req, resp; > struct in_addr in, mask; > size_t resplen, o; > + int is_discover = 1; > > if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header))) > return (-1); > @@ -76,6 +77,15 @@ dhcp_request(struct vionet_dev *dev, cha > if (req.ciaddr.s_addr != 0 || req.file[0] != '\0' || req.hops != 0) > return (-1); > > + for (o = DHCP_OPTIONS_COOKIE_LEN; > + o + offsetof(struct dhcp_packet, options) < buflen && > + req.options[o] != DHO_END; > + o += req.options[o+1] + 2) > + if (req.options[o] == DHO_DHCP_MESSAGE_TYPE) { > + is_discover = (req.options[o+2] == DHCPDISCOVER); > + break; > + } > + > memset(&resp, 0, sizeof(resp)); > resp.op = BOOTREPLY; > resp.htype = req.htype; > @@ -123,6 +133,10 @@ dhcp_request(struct vionet_dev *dev, cha > memcpy(&resp.options, > DHCP_OPTIONS_COOKIE, DHCP_OPTIONS_COOKIE_LEN); > o+= DHCP_OPTIONS_COOKIE_LEN; > + > + resp.options[o++] = DHO_DHCP_MESSAGE_TYPE; > + resp.options[o++] = 1; > + resp.options[o++] = is_discover ? DHCPOFFER : DHCPACK; > > resp.options[o++] = DHO_SUBNET_MASK; > resp.options[o++] = sizeof(mask); >
Re: [patch] Remove local nameservers from dhclient.conf during an upgrade.
On Fri, Sep 08, 2017 at 12:12:09PM +0200, Jesper Wallin wrote: > Hi all, > > I have a local unbound running for caching purposes as well as ensuring > that my DNS traffic is encrypted, using DNS-over-TLS. This works just > fine, except for when I try to run the snapshot upgrade process. > > The installer will copy my on-disk configuration and try to setup the > network, using the "supersede domain-name-servers 127.0.0.1;" in my > /etc/dhclient.conf. This gives me no errors, of course, since nothing > is wrong with the configuration. But since no nameserver is running on > localhost, we're unable to resolve hosts. The first indication of this > is "Unable to connect using https. Use http instead?" which is somewhat > unclear, as it led me to believe it's an issue with TLS. > > Anyway, the patch below will basically try to ignore any local > nameservers when copying the on-disk configuration. My first approach > was to check if we could resolve a hostname instead, before givig the > https error, but seeing that host, dig or nslookup is unavailable, I > decided to go with this instead. > > > Jesper Wallin > > > Index: distrib/miniroot/install.sub > === > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.1035 > diff -u -p -r1.1035 install.sub > --- distrib/miniroot/install.sub 25 Aug 2017 18:21:30 - 1.1035 > +++ distrib/miniroot/install.sub 8 Sep 2017 09:25:51 - > @@ -2258,6 +2258,13 @@ enable_network() { > fi > done > > + # Remove local nameservers since they are unavailable. > + if [ -f "/etc/dhclient.conf" ]; then > + cat /etc/dhclient.conf | sed -E \ > + '/supersede +domain-name-servers +.*(127.0.0.1|::1)/d' \ > + > /etc/dhclient.conf > + fi ^^ if you would append a dns server which it provided by dhcp to your regular /etc/dhclient.conf, then it should work find, shouldn't it? it would try first one, fail, try second one. and your changed doesn't work for servers with do use static ip settings and have local dns in /etc/resolv.conf. am I not right? j.
[patch] Remove local nameservers from dhclient.conf during an upgrade.
Hi all, I have a local unbound running for caching purposes as well as ensuring that my DNS traffic is encrypted, using DNS-over-TLS. This works just fine, except for when I try to run the snapshot upgrade process. The installer will copy my on-disk configuration and try to setup the network, using the "supersede domain-name-servers 127.0.0.1;" in my /etc/dhclient.conf. This gives me no errors, of course, since nothing is wrong with the configuration. But since no nameserver is running on localhost, we're unable to resolve hosts. The first indication of this is "Unable to connect using https. Use http instead?" which is somewhat unclear, as it led me to believe it's an issue with TLS. Anyway, the patch below will basically try to ignore any local nameservers when copying the on-disk configuration. My first approach was to check if we could resolve a hostname instead, before givig the https error, but seeing that host, dig or nslookup is unavailable, I decided to go with this instead. Jesper Wallin Index: distrib/miniroot/install.sub === RCS file: /cvs/src/distrib/miniroot/install.sub,v retrieving revision 1.1035 diff -u -p -r1.1035 install.sub --- distrib/miniroot/install.sub25 Aug 2017 18:21:30 - 1.1035 +++ distrib/miniroot/install.sub8 Sep 2017 09:25:51 - @@ -2258,6 +2258,13 @@ enable_network() { fi done + # Remove local nameservers since they are unavailable. + if [ -f "/etc/dhclient.conf" ]; then + cat /etc/dhclient.conf | sed -E \ + '/supersede +domain-name-servers +.*(127.0.0.1|::1)/d' \ + > /etc/dhclient.conf + fi + # Create a minimal hosts file. echo "127.0.0.1\tlocalhost" >/tmp/i/hosts echo "::1\t\tlocalhost" >>/tmp/i/hosts
vmd(8): Improve RFC 2132 compliance (DHCP)
The DHCP client available in the Alpine Linux installer (udhcpc, part of BusyBox) does not accept responses that do not include the DHCP message type option. Worse, it expects the message type to be DHCPOFFER in some circumstances and DHCPREQUEST in others. The DHCP server in vmd omits this option entirely, which makes it impossible to install Alpine Linux in a virtual machine configured with "-L". The simplest fix would be to use "resp.options[6] == DHCPOFFER" instead of is_discover (see the patch below) because in practice the DHCP message type will be the first option present after the magic cookie. This was the first thing I tried, and it worked. But it's incorrect. RFC 1534 says that requests with no message type can be treated as BOOTP and not DHCP messages. It also says that we can send DHCP options to BOOTP messages if we so desire, so it doesn't really matter whether we initialize is_discover to zero or one. Note that udhcpc also complains about two more options (server ID and lease time) that are missing from the response message. I didn't do anything about this because udhcpc uses sensible defaults. I've tested this change with udhcpc (in a virtual Alpine Linux system) and dhclient (in a virtual OpenBSD system) and it works for both. I have not tried anything else. Regards, Anthony Coulter Index: dhcp.c === RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v retrieving revision 1.3 diff -u -p -u -p -r1.3 dhcp.c --- dhcp.c 24 Apr 2017 07:14:27 - 1.3 +++ dhcp.c 8 Sep 2017 04:12:10 - @@ -44,6 +44,7 @@ dhcp_request(struct vionet_dev *dev, cha struct dhcp_packet req, resp; struct in_addr in, mask; size_t resplen, o; + int is_discover = 1; if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header))) return (-1); @@ -76,6 +77,15 @@ dhcp_request(struct vionet_dev *dev, cha if (req.ciaddr.s_addr != 0 || req.file[0] != '\0' || req.hops != 0) return (-1); + for (o = DHCP_OPTIONS_COOKIE_LEN; + o + offsetof(struct dhcp_packet, options) < buflen && + req.options[o] != DHO_END; + o += req.options[o+1] + 2) + if (req.options[o] == DHO_DHCP_MESSAGE_TYPE) { + is_discover = (req.options[o+2] == DHCPDISCOVER); + break; + } + memset(&resp, 0, sizeof(resp)); resp.op = BOOTREPLY; resp.htype = req.htype; @@ -123,6 +133,10 @@ dhcp_request(struct vionet_dev *dev, cha memcpy(&resp.options, DHCP_OPTIONS_COOKIE, DHCP_OPTIONS_COOKIE_LEN); o+= DHCP_OPTIONS_COOKIE_LEN; + + resp.options[o++] = DHO_DHCP_MESSAGE_TYPE; + resp.options[o++] = 1; + resp.options[o++] = is_discover ? DHCPOFFER : DHCPACK; resp.options[o++] = DHO_SUBNET_MASK; resp.options[o++] = sizeof(mask);
Re: [PATCH v3 2/2] VMD: Prevent vmd crashing when stopping a stopped vm
On Thu, Sep 07, 2017 at 04:47:53PM -0700, Carlos Cardenas wrote: > * Fix logic handling stopping a VM. Prevents VMD from crashing. > * Add additional error code to notify the user that a vm cannot be > stopped when not running. > * Add additional log_debug statements. > I split this one into a few commits - one for the spaces vs tab issue, one for the wrong comment at the end, and a third for everything else. Thanks for these diffs, with these, vm termination is more predictable with better error messages. There is still one case that doesn't work, I'll follow up with you off-list. See inline below for one other place I fixed. -ml > diff --git usr.sbin/vmctl/vmctl.c usr.sbin/vmctl/vmctl.c > index 64d82ca847d..d1517d0d26d 100644 > --- usr.sbin/vmctl/vmctl.c > +++ usr.sbin/vmctl/vmctl.c > @@ -206,7 +206,7 @@ vm_start_complete(struct imsg *imsg, int *ret, int > autoconnect) > break; > case VMD_DISK_INVALID: > warnx("specified disk image(s) are " > -"not regular files"); > + "not regular files"); > *ret = ENOENT; > break; > default: > @@ -439,12 +439,19 @@ terminate_vm_complete(struct imsg *imsg, int *ret) > vmr = (struct vmop_result *)imsg->data; > res = vmr->vmr_result; > if (res) { > - errno = res; > - if (res == ENOENT) > + switch (res) { > + case VMD_VM_STOP_INVALID: > + warnx("cannot stop vm that is not running"); > + *ret = EINVAL; > + break; > + case ENOENT: > warnx("vm not found"); > - else > + *ret = EIO; > + break; > + default: > warn("terminate vm command failed"); > - *ret = EIO; > + *ret = EIO; > + } > } else { > warnx("sent request to terminate vm %d", vmr->vmr_id); > *ret = 0; > @@ -453,6 +460,7 @@ terminate_vm_complete(struct imsg *imsg, int *ret) > warnx("unexpected response received from vmd"); > *ret = EINVAL; > } > + errno = *ret; > > return (1); > } > diff --git usr.sbin/vmd/vmd.h usr.sbin/vmd/vmd.h > index 22da6d58a7b..1240339db52 100644 > --- usr.sbin/vmd/vmd.h > +++ usr.sbin/vmd/vmd.h > @@ -54,6 +54,7 @@ > #define VMD_BIOS_MISSING 1001 > #define VMD_DISK_MISSING 1002 > #define VMD_DISK_INVALID 1003 > +#define VMD_VM_STOP_INVALID 1004 > > /* 100.64.0.0/10 from rfc6598 (IPv4 Prefix for Shared Address Space) */ > #define VMD_DHCP_PREFIX "100.64.0.0/10" > diff --git usr.sbin/vmd/vmm.c usr.sbin/vmd/vmm.c > index 0e5ed1ed605..e3ff3be2f35 100644 > --- usr.sbin/vmd/vmm.c > +++ usr.sbin/vmd/vmm.c > @@ -150,29 +150,45 @@ vmm_dispatch_parent(int fd, struct privsep_proc *p, > struct imsg *imsg) > > if (id == 0) { > res = ENOENT; > - } else if ((vm = vm_getbyvmid(id)) != NULL && > - vm->vm_shutdown == 0) { > - log_debug("%s: sending shutdown request to vm %d", > - __func__, id); > - > - /* > - * Request reboot but mark the VM as shutting down. > - * This way we can terminate the VM after the triple > - * fault instead of reboot and avoid being stuck in > - * the ACPI-less powerdown ("press any key to reboot") > - * of the VM. > - */ > - vm->vm_shutdown = 1; > - if (imsg_compose_event(&vm->vm_iev, > - IMSG_VMDOP_VM_REBOOT, 0, 0, -1, NULL, 0) == -1) > - res = errno; > - else > - res = 0; > + } else if ((vm = vm_getbyvmid(id)) != NULL) { > + if (vm->vm_shutdown == 0) { > + log_debug("%s: sending shutdown req to vm %d", > + __func__, id); > + > + /* > + * Request reboot but mark the VM as shutting > + * down. This way we can terminate the VM after > + * the triple fault instead of reboot and > + * avoid being stuck in the ACPI-less powerdown > + * ("press any key to reboot") of the VM. > + */ > +