Re: Remove path support from OpenBSD::Pledge
On Fri, Sep 8, 2017 at 8:40 PM, Andrew Fresh wrote: > This removes path support from the OpenBSD::Pledge perl module in > preparation for the hot new thing. > > I don't believe anyone could be using this as it would have just thrown > errors if you tried, but thought I should ask for an ok. > > so OK? > Looks good. ok guenther@
[patch] Remove redundant operation in pctr.c
Hi tech@,
Remove setting null-terminated string operation, since bzero()
has done this operation before. Sorry if I miss some points.
Thanks!
Best Regards
Nan Xiao
Index: pctr.c
===
RCS file: /cvs/src/usr.bin/pctr/pctr.c,v
retrieving revision 1.22
diff -u -p -r1.22 pctr.c
--- pctr.c 8 Feb 2015 23:40:34 - 1.22
+++ pctr.c 9 Sep 2017 03:43:36 -
@@ -169,7 +169,6 @@ pctr_cpu_creds(void)
bzero(arch, sizeof(arch));
if (sysctl(mib, 2, arch, &len, NULL, 0) == -1)
err(1, "HW_MACHINE");
- arch[len] = '\0';
if (strcmp(arch, "i386") == 0)
atype = ARCH_I386;
@@ -198,7 +197,6 @@ pctr_cpu_creds(void)
bzero(vendor, sizeof(vendor));
if (sysctl(mib, 2, vendor, &len, NULL, 0) == -1)
err(1, "CPU_CPUVENDOR");
- vendor[len] = '\0';
switch (atype) {
case ARCH_I386:
ld.so: delete obsolete __plt_{start,end} handling
It's been a year since the ldscripts have created __plt_start or __plt_end
symbols, so references to them will never resolve. Just delete the
_dl_protect_segment() calls that are dependent on one or both of those
symbols.
ok?
Philip Guenther
Index: libexec/ld.so/alpha/rtld_machine.c
===
RCS file: /data/src/openbsd/src/libexec/ld.so/alpha/rtld_machine.c,v
retrieving revision 1.61
diff -u -p -r1.61 rtld_machine.c
--- libexec/ld.so/alpha/rtld_machine.c 16 Feb 2017 13:31:10 - 1.61
+++ libexec/ld.so/alpha/rtld_machine.c 9 Sep 2017 03:34:08 -
@@ -306,11 +306,6 @@ _dl_md_reloc_got(elf_object_t *object, i
_dl_protect_segment(object, seg_start, "__got_start", "__got_end",
PROT_READ);
- /* mprotect the PLT, if it isn't already read-only */
- if (pltro == 0)
- _dl_protect_segment(object, (Elf_Addr)pltgot, "__plt_start",
- "__plt_end", PROT_READ|PROT_EXEC);
-
return (fails);
}
Index: libexec/ld.so/powerpc/rtld_machine.c
===
RCS file: /data/src/openbsd/src/libexec/ld.so/powerpc/rtld_machine.c,v
retrieving revision 1.62
diff -u -p -r1.62 rtld_machine.c
--- libexec/ld.so/powerpc/rtld_machine.c24 Jan 2017 10:59:10 -
1.62
+++ libexec/ld.so/powerpc/rtld_machine.c9 Sep 2017 03:28:38 -
@@ -573,10 +573,6 @@ _dl_md_reloc_got(elf_object_t *object, i
if (prot_exec != 0 && got_addr != NULL)
_dl_syncicache(got_addr, 4);
- /* mprotect the PLT */
- _dl_protect_segment(object, 0, "__plt_start", "__plt_end",
- PROT_READ|prot_exec);
-
return (fails);
}
Index: libexec/ld.so/sparc64/rtld_machine.c
===
RCS file: /data/src/openbsd/src/libexec/ld.so/sparc64/rtld_machine.c,v
retrieving revision 1.60
diff -u -p -r1.60 rtld_machine.c
--- libexec/ld.so/sparc64/rtld_machine.c28 Aug 2017 14:06:22 -
1.60
+++ libexec/ld.so/sparc64/rtld_machine.c9 Sep 2017 03:25:15 -
@@ -841,10 +841,6 @@ _dl_md_reloc_got(elf_object_t *object, i
if (object->traced)
lazy = 1;
- /* temporarily make the PLT writable */
- _dl_protect_segment(object, 0, "__plt_start", "__plt_end",
- PROT_READ|PROT_WRITE);
-
if (!lazy) {
fails = _dl_md_reloc_all_plt(object);
} else {
@@ -856,10 +852,6 @@ _dl_md_reloc_got(elf_object_t *object, i
/* mprotect the GOT */
_dl_protect_segment(object, 0, "__got_start", "__got_end", PROT_READ);
-
- /* mprotect the PLT */
- _dl_protect_segment(object, 0, "__plt_start", "__plt_end",
- PROT_READ|PROT_EXEC);
return (fails);
}
Remove path support from OpenBSD::Pledge
This removes path support from the OpenBSD::Pledge perl module in
preparation for the hot new thing.
I don't believe anyone could be using this as it would have just thrown
errors if you tried, but thought I should ask for an ok.
so OK?
Index: gnu/usr.bin/perl/cpan/OpenBSD-Pledge//Pledge.xs
===
RCS file: /cvs/src/gnu/usr.bin/perl/cpan/OpenBSD-Pledge/Pledge.xs,v
retrieving revision 1.1
diff -u -p -r1.1 Pledge.xs
--- gnu/usr.bin/perl/cpan/OpenBSD-Pledge//Pledge.xs 29 Nov 2015 19:01:27
- 1.1
+++ gnu/usr.bin/perl/cpan/OpenBSD-Pledge//Pledge.xs 9 Sep 2017 03:19:03
-
@@ -38,27 +38,8 @@ pledgenames()
XSRETURN(i);
int
-_pledge(const char * promises, SV * paths)
-INIT:
- SSize_t numpaths = 0, n;
-
+_pledge(const char * promises)
CODE:
- if (SvOK(paths)) {
- if (SvTYPE(SvRV(paths)) != SVt_PVAV)
- croak("not an ARRAY reference");
-
- numpaths = av_top_index((AV *)SvRV(paths));
-
- const char *pledge_paths[ numpaths + 1 ];
- pledge_paths[ numpaths + 1 ] = NULL;
-
- for (n = 0; n <= numpaths; n++)
- pledge_paths[n]
- = SvPV_nolen(*av_fetch((AV *)SvRV(paths), n, 0));
-
- RETVAL = pledge(promises, pledge_paths) != -1;
- }
- else
- RETVAL = pledge(promises, NULL) != -1;
+ RETVAL = pledge(promises, NULL) != -1;
OUTPUT:
RETVAL
Index: gnu/usr.bin/perl/cpan/OpenBSD-Pledge//lib/OpenBSD/Pledge.pm
===
RCS file: /cvs/src/gnu/usr.bin/perl/cpan/OpenBSD-Pledge/lib/OpenBSD/Pledge.pm,v
retrieving revision 1.2
diff -u -p -r1.2 Pledge.pm
--- gnu/usr.bin/perl/cpan/OpenBSD-Pledge//lib/OpenBSD/Pledge.pm 3 Jul 2016
01:07:57 - 1.2
+++ gnu/usr.bin/perl/cpan/OpenBSD-Pledge//lib/OpenBSD/Pledge.pm 9 Sep 2017
03:19:03 -
@@ -10,7 +10,7 @@ our %EXPORT_TAGS = ( 'all' => [qw( pledg
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
our @EXPORT = qw( pledge ); ## no critic
'export'
-our $VERSION = '0.01';
+our $VERSION = '0.02';
require XSLoader;
XSLoader::load( 'OpenBSD::Pledge', $VERSION );
@@ -19,14 +19,11 @@ sub pledge
{
my (@promises) = @_;
- my $paths;
- $paths = pop @promises if @promises and ref $promises[-1] eq 'ARRAY';
-
my %seen;
my $promises = join q{ },
sort grep { !$seen{$_}++ } ( 'stdio', @promises );
- return _pledge( $promises, $paths );
+ return _pledge( $promises );
}
1;
@@ -41,15 +38,16 @@ OpenBSD::Pledge - Perl interface to Open
=head1 SYNOPSIS
use OpenBSD::Pledge;
+
my $file = "/usr/share/dict/words";
- pledge(qw( rpath ), [$file]) || die "Unable to pledge: $!";
+ pledge( qw( rpath ) ) || die "Unable to pledge: $!";
+ open my $fh, '<', $file or die "Unable to open $file: $!";
- open my $fh, '<', $file or die "Unable to open $file: $!\n";
- while ( readline($fh) ) {
-print if /pledge/i;
- }
+ pledge() || die "Unable to pledge again: $!";
+ print grep { /pledge/i } readline($fh);
close $fh;
+
=head1 DESCRIPTION
This module provides a perl interface to OpenBSD's L L.
@@ -58,32 +56,30 @@ Once you promise that your program will
the kernel will kill the program if it attempts to call any other
interfaces.
-=head2 EXPORT
+=head1 EXPORT
Exports L by default.
C<:all> will also export L
-=head1 METHODS
+=head1 FUNCTIONS
-=head2 pledge(@promises, [\@paths])
+=head2 pledge
-With L you can promise what abilities your program will need.
-You can pledge multiple times with more restrictive promises,
-but abilities can never be regained.
+Perl interface to L.
-This interface always promises C because L itself uses some of
-the provided system calls.
+ pledge(@promises)
-You can supply an optional array reference of paths to be used as a whitelist,
-all other paths will appear not to exist.
-You may only limit the paths once.
+The "stdio" promise is always implied,
+as L itself is useless without it.
-Returns true on success, returns false and sets C<$!> on failure.
+Returns true on success, returns false and sets $! on failure
=head2 pledgenames
Returns a list of the possible promises you can pass to L.
+
+=back
=head1 BUGS AND LIMITATIONS
Index: gnu/usr.bin/perl/cpan/OpenBSD-Pledge//t/OpenBSD-Pledge.t
===
RCS file: /cvs/src/gnu/usr.bin/perl/cpan/OpenBSD-Pledge/t/OpenBSD-Pledge.t,v
retrieving revision 1.2
diff -u -p -r1.2 OpenBSD-Pledge.t
--- gnu/usr.bin/perl/cpan/OpenBSD-Pledge//t/OpenBSD-Pledge.t3 Jul 2016
01:07:58 - 1.2
+++ gnu/usr.bin/perl/cpan/OpenBSD-Pledge//t/OpenBSD-Pledge.t9 Sep 2017
03:19:03 -
@@ -10,6 +10,7 @@ use strict;
use warnings;
use Fcntl qw( O_RDONLY O_WRONLY );
+use
mg: fix line numbering bug
When inserting a newline, only increment dotline for windows that are
displaying the same buffer as the current one.
Index: usr.bin/mg/line.c
===
RCS file: /cvs/src/usr.bin/mg/line.c,v
retrieving revision 1.58
diff -u -p -u -r1.58 line.c
--- usr.bin/mg/line.c 11 Dec 2015 20:21:23 - 1.58
+++ usr.bin/mg/line.c 9 Sep 2017 01:36:02 -
@@ -264,7 +264,8 @@ lnewline_at(struct line *lp1, int doto)
for (wp = wheadp; wp != NULL; wp = wp->w_wndp) {
if (wp->w_linep == lp1)
wp->w_linep = lp2;
- if (wp->w_dotline >= tcurwpdotline)
+ if (wp->w_dotline >= tcurwpdotline &&
+ wp->w_bufp == curwp->w_bufp)
wp->w_dotline++;
}
undo_add_boundary(FFRAND, 1);
@@ -292,7 +293,8 @@ lnewline_at(struct line *lp1, int doto)
wp->w_dotp = lp2;
wp->w_doto -= doto;
wp->w_dotline++;
- } else if (wp->w_dotline > tcurwpdotline)
+ } else if (wp->w_dotline > tcurwpdotline &&
+ wp->w_bufp == curwp->w_bufp)
wp->w_dotline++;
if (wp->w_markp == lp1 && wp->w_marko >= doto) {
wp->w_markp = lp2;
acpithinkpad fixes for brand new machines
Revision 1.50 of acpithinkpad.c made inteldrm defer to acpithinkpad
for screen brightness adjustments instead of handling it natively.
That was needed to avoid some synchronization issues on machines
where the hardware buttons do the backlight adjustment on their own,
and just notify acpithinkpad of the change.
On brand new machines like the X1C5, the screen adjustment buttons
don't do anything on their own and don't even notify acpithinkpad
anymore, instead requiring a WMI driver to get notified. Since
acpithinkpad is still forcing screen backlight changes to go through
the proprietary ACPI interface, it is still limited to 10 levels of
backlight adjustment which are oddly defined.
I thought about just reverting 1.55 so that acpithinkpad wouldn't
even bother attaching to these new machines which now use HID
LEN0268, so that inteldrm could take over brightness adjustment and
give you the full 100 levels of adjustment.
However, controlling keyboard backlight through wscons still has to
be done through acpithinkpad, so the driver still has to attach. As
is, the driver was not getting notification of keyboard backlight
changes either, so the "wsconsctl keyboard.backlight" value would
get out of sync with the hardware if you adjusted the backlight with
Fn+Space.
This diff fixes the keyboard backlight events coming through, and
also makes it not take over backlight adjustment on these new
machines (LEN0268 and anything in the future).
Eventually these machines will need a WMI driver to respond to other
hardware keys and react accordingly, though many other kinds of
laptops can also benefit from that driver.
I'm not pushing to commit this before the lock, so it would be nice
to have testing on a wide variety of ThinkPads to make sure the
keyboard backlight change doesn't break anything.
Index: sys/dev/acpi/acpithinkpad.c
===
RCS file: /cvs/src/sys/dev/acpi/acpithinkpad.c,v
retrieving revision 1.58
diff -u -p -u -p -r1.58 acpithinkpad.c
--- sys/dev/acpi/acpithinkpad.c 12 Aug 2017 17:33:51 - 1.58
+++ sys/dev/acpi/acpithinkpad.c 8 Sep 2017 21:39:12 -
@@ -41,6 +41,8 @@
#defineTHINKPAD_HKEY_VERSION1 0x0100
#defineTHINKPAD_HKEY_VERSION2 0x0200
+#defineTHINKPAD_KEYLIGHT_MASK 0x2
+
#defineTHINKPAD_CMOS_VOLUME_DOWN 0x00
#defineTHINKPAD_CMOS_VOLUME_UP 0x01
#defineTHINKPAD_CMOS_VOLUME_MUTE 0x02
@@ -136,6 +138,7 @@ struct acpithinkpad_softc {
const char *sc_thinklight_set;
uint64_t sc_brightness;
+ int sc_fw_brightness;
};
extern void acpiec_read(struct acpiec_softc *, u_int8_t, int, u_int8_t *);
@@ -195,6 +198,17 @@ const char *acpithinkpad_hids[] = {
0
};
+/*
+ * Older machines which need backlight control done in firmware/ACPI. Newer
+ * machines rely on inteldrm to do adjustments since hardware keys don't come
+ * through here.
+ */
+const char *acpithinkpad_fw_hids[] = {
+ "IBM0068",
+ "LEN0068",
+ 0
+};
+
int
thinkpad_match(struct device *parent, void *match, void *aux)
{
@@ -272,6 +286,9 @@ thinkpad_attach(struct device *parent, s
sc->sc_acpi = (struct acpi_softc *)parent;
sc->sc_devnode = aa->aaa_node;
+ sc->sc_fw_brightness = acpi_matchhids(aa, acpithinkpad_fw_hids,
+ sc->sc_dev.dv_xname);
+
printf("\n");
#if NAUDIO > 0 && NWSKBD > 0
@@ -299,8 +316,8 @@ thinkpad_attach(struct device *parent, s
wskbd_set_backlight = thinkpad_set_backlight;
}
- if (aml_evalinteger(sc->sc_acpi, sc->sc_devnode, "PBLG",
- 0, NULL, &sc->sc_brightness) == 0) {
+ if (sc->sc_fw_brightness && aml_evalinteger(sc->sc_acpi,
+ sc->sc_devnode, "PBLG", 0, NULL, &sc->sc_brightness) == 0) {
ws_get_param = thinkpad_get_param;
ws_set_param = thinkpad_set_param;
}
@@ -323,6 +340,9 @@ thinkpad_enable_events(struct acpithinkp
printf("%s: no MHKA\n", DEVNAME(sc));
return (1);
}
+
+ /* Make sure keyboard backlight events are enabled */
+ mask |= THINKPAD_KEYLIGHT_MASK;
/* Update hotkey mask */
bzero(args, sizeof(args));
[PATCH] urng.4 - Altusmetrum -> Altus Metrum
Hi all, According to their web pages[0][1] Altus Metrum name comprises two words - both capitalised. [0] http://altusmetrum.org/ [1] http://shop.gag.com/about-magento-demo-store Regards, Raf Index: share/man/man4/urng.4 === RCS file: /cvs/src/share/man/man4/urng.4,v retrieving revision 1.2 diff -u -p -r1.2 urng.4 --- share/man/man4/urng.4 29 Aug 2017 06:12:36 - 1.2 +++ share/man/man4/urng.4 8 Sep 2017 21:13:14 - @@ -34,14 +34,14 @@ and stirs it into the system entropy poo .Xr add_true_randomness 9 . .Sh HARDWARE The following devices are supported by this driver: -.Bl -tag -width "Altusmetrum" +.Bl -tag -width "Altus Metrum" .It Araneus Alea II Capable of delivering 100kbit/sec of hardware-generated entropy. The product documentation states that the USB interface used by the Alea II is the same as that used by its predecessor the Alea I; theoretically this means that the Alea I should work but this has not been tested. -.It Altusmetrum ChaosKey 1.0 +.It Altus Metrum ChaosKey 1.0 This device is capable of providing entropy at 10Mbit/s. .El .Sh SEE ALSO
pflogd fork+exec (redux)
>From lessons learned with tcpdump and talking to deraadt@ and bluhm@,
this reworks pflogd to re-exec its unpriv child instead of the priv
parent, my initial understanding of the syslogd privsep design was off
and pflogd doesn't need any such clever approach.
I can also send a diff with my previous attempt reverted if that helps
ease review.
-Bryan.
Index: pflogd.c
===
RCS file: /cvs/src/sbin/pflogd/pflogd.c,v
retrieving revision 1.57
diff -u -p -u -r1.57 pflogd.c
--- sbin/pflogd/pflogd.c8 Sep 2017 13:34:29 - 1.57
+++ sbin/pflogd/pflogd.c8 Sep 2017 15:03:21 -
@@ -54,7 +54,6 @@ pcap_t *hpcap;
static FILE *dpcap;
int Debug = 0;
-static int privchild = 0;
static int snaplen = DEF_SNAPLEN;
static int cur_snaplen = DEF_SNAPLEN;
@@ -534,13 +533,13 @@ dump_packet(u_char *user, const struct p
int
main(int argc, char **argv)
{
- int ch, np, ret, Xflag = 0;
+ int ch, np, ret, Pflag = 0, Xflag = 0;
pcap_handler phandler = dump_packet;
const char *errstr = NULL;
ret = 0;
- while ((ch = getopt(argc, argv, "Dxd:f:i:P:s:")) != -1) {
+ while ((ch = getopt(argc, argv, "Dxd:f:i:Ps:")) != -1) {
switch (ch) {
case 'D':
Debug = 1;
@@ -556,10 +555,9 @@ main(int argc, char **argv)
case 'i':
interface = optarg;
break;
- case 'P': /* used internally, exec the parent */
- privchild = strtonum(optarg, 2, INT_MAX, &errstr);
- if (errstr)
- errx(1, "priv child %s: %s", errstr, optarg);
+ case 'P': /* used internally, exec the child */
+ if (strcmp("-P", argv[1]) == 0)
+ Pflag = 1;
break;
case 's':
snaplen = strtonum(optarg, 0, PFLOGD_MAXSNAPLEN,
@@ -593,9 +591,12 @@ main(int argc, char **argv)
if (!Debug) {
openlog("pflogd", LOG_PID, LOG_DAEMON);
- if (daemon(0, 0)) {
- logmsg(LOG_WARNING, "Failed to become daemon: %s",
- strerror(errno));
+ if (!Pflag) {
+ if (daemon(0, 0)) {
+ logmsg(LOG_WARNING,
+ "Failed to become daemon: %s",
+ strerror(errno));
+ }
}
}
@@ -611,11 +612,8 @@ main(int argc, char **argv)
argc += optind;
argv -= optind;
- if (privchild > 1)
- priv_exec(privchild, argc, argv);
-
/* Privilege separation begins here */
- priv_init(argc, argv);
+ priv_init(Pflag, argc, argv);
if (pledge("stdio recvfd", NULL) == -1)
err(1, "pledge");
Index: pflogd.h
===
RCS file: /cvs/src/sbin/pflogd/pflogd.h,v
retrieving revision 1.6
diff -u -p -u -r1.6 pflogd.h
--- sbin/pflogd/pflogd.h5 Sep 2017 15:41:25 - 1.6
+++ sbin/pflogd/pflogd.h8 Sep 2017 15:03:21 -
@@ -34,8 +34,7 @@
void logmsg(int priority, const char *message, ...);
/* Privilege separation */
-void priv_init(int, char **);
-__dead void priv_exec(int, int, char **);
+void priv_init(int, int, char **);
intpriv_init_pcap(int);
intpriv_set_snaplen(int snaplen);
intpriv_open_log(void);
Index: privsep.c
===
RCS file: /cvs/src/sbin/pflogd/privsep.c,v
retrieving revision 1.29
diff -u -p -u -r1.29 privsep.c
--- sbin/pflogd/privsep.c 6 Sep 2017 12:43:16 - 1.29
+++ sbin/pflogd/privsep.c 8 Sep 2017 15:03:21 -
@@ -63,26 +63,20 @@ extern pcap_t *hpcap;
/* based on syslogd privsep */
void
-priv_init(int argc, char *argv[])
+priv_init(int Pflag, int argc, char *argv[])
{
- int i, nargc, socks[2];
+ int i, fd = -1, bpfd = -1, nargc, socks[2], cmd;
+ int snaplen, ret, olderrno;
struct passwd *pw;
- char childnum[11], **privargv;
-
- /* Create sockets */
- if (socketpair(AF_LOCAL, SOCK_STREAM, PF_UNSPEC, socks) == -1)
- err(1, "socketpair() failed");
+ char **nargv;
+ unsigned int buflen;
pw = getpwnam("_pflogd");
if (pw == NULL)
errx(1, "unknown user _pflogd");
endpwent();
- child_pid = fork();
- if (child_pid < 0)
- err(1, "fork() failed");
-
- if (!child_pid) {
+ if (Pflag) {
gid_t gidset[1];
/* Child - drop privileges and return */
@@ -98,47 +92,36 @@ priv_init(int argc, char *argv[])
err(1, "setgroups() failed");
if (setresui
Re: SSE2 instructions emitted in libcompiler_rt
On Fri, Sep 08, 2017 at 10:15:25AM -0700, Mike Larkin wrote:
> On Thu, Sep 07, 2017 at 06:52:34PM +0200, Christian Weisgerber wrote:
> > Christian Weisgerber:
> >
> > > > Maybe this would already help? Would at least not throw stones into the
> > > > way of the next person doing an upgrade of compiler-rt...
> > > -snip-
> > >
> > > Yes, that's better... but errors out:
> > > make: don't know how to make floatdixf.c.c (prerequisite of:
> > > floatdixf.c.o)
> >
> > Oh, it's a typo. The fixed version looks fine to me.
> > However, I don't know how to test that these functions actually work.
> >
> > Index: Makefile
> > ===
> > RCS file: /cvs/src/lib/libcompiler_rt/Makefile,v
> > retrieving revision 1.9
> > diff -u -p -r1.9 Makefile
> > --- Makefile4 Aug 2017 12:00:59 - 1.9
> > +++ Makefile7 Sep 2017 16:47:31 -
> > @@ -89,17 +89,11 @@ GEN_SRCS= absvdi2 \
> > fixunsxfti \
> > fixxfdi \
> > fixxfti \
> > - floatdidf \
> > - floatdisf \
> > - floatdixf \
> > floatsidf \
> > floatsisf \
> > floattidf \
> > floattisf \
> > floattixf \
> > - floatundidf \
> > - floatundisf \
> > - floatundixf \
> > floatunsidf \
> > floatunsisf \
> > floatuntidf \
> > @@ -164,6 +158,22 @@ GEN_SRCS= absvdi2 \
> > umoddi3 \
> > umodsi3 \
> > umodti3
> > +
> > +.if ${RTARCH} == "i386"
> > +SRCS+= floatdidf.c \
> > + floatdisf.c \
> > + floatdixf.c \
> > + floatundidf.c \
> > + floatundisf.c \
> > + floatundixf.c
> > +.else
> > +GEN_SRCS+= floatdidf \
> > + floatdisf \
> > + floatdixf \
> > + floatundidf \
> > + floatundisf \
> > + floatundixf
> > +.endif
> >
> > .for file in ${GEN_SRCS}
> > . if exists(${.CURDIR}/${RTARCH}/${file}.S)
> > --
> > Christian "naddy" Weisgerber na...@mips.inka.de
> >
>
> ok mlarkin if you want to head this way. Thanks for the later verification
> that these don't appear to be used on i386 base anyway.
>
ok patrick as well
Re: SSE2 instructions emitted in libcompiler_rt
On Thu, Sep 07, 2017 at 06:52:34PM +0200, Christian Weisgerber wrote:
> Christian Weisgerber:
>
> > > Maybe this would already help? Would at least not throw stones into the
> > > way of the next person doing an upgrade of compiler-rt...
> > -snip-
> >
> > Yes, that's better... but errors out:
> > make: don't know how to make floatdixf.c.c (prerequisite of: floatdixf.c.o)
>
> Oh, it's a typo. The fixed version looks fine to me.
> However, I don't know how to test that these functions actually work.
>
> Index: Makefile
> ===
> RCS file: /cvs/src/lib/libcompiler_rt/Makefile,v
> retrieving revision 1.9
> diff -u -p -r1.9 Makefile
> --- Makefile 4 Aug 2017 12:00:59 - 1.9
> +++ Makefile 7 Sep 2017 16:47:31 -
> @@ -89,17 +89,11 @@ GEN_SRCS= absvdi2 \
> fixunsxfti \
> fixxfdi \
> fixxfti \
> - floatdidf \
> - floatdisf \
> - floatdixf \
> floatsidf \
> floatsisf \
> floattidf \
> floattisf \
> floattixf \
> - floatundidf \
> - floatundisf \
> - floatundixf \
> floatunsidf \
> floatunsisf \
> floatuntidf \
> @@ -164,6 +158,22 @@ GEN_SRCS=absvdi2 \
> umoddi3 \
> umodsi3 \
> umodti3
> +
> +.if ${RTARCH} == "i386"
> +SRCS+= floatdidf.c \
> + floatdisf.c \
> + floatdixf.c \
> + floatundidf.c \
> + floatundisf.c \
> + floatundixf.c
> +.else
> +GEN_SRCS+= floatdidf \
> + floatdisf \
> + floatdixf \
> + floatundidf \
> + floatundisf \
> + floatundixf
> +.endif
>
> .for file in ${GEN_SRCS}
> .if exists(${.CURDIR}/${RTARCH}/${file}.S)
> --
> Christian "naddy" Weisgerber na...@mips.inka.de
>
ok mlarkin if you want to head this way. Thanks for the later verification
that these don't appear to be used on i386 base anyway.
/usr/src/distrib/notes/arm64/whatis
The arm64 hardware file listing the actual supported systems was updated recently, but the "whatis" file still has this: "OpenBSD/arm64 runs on the Pine64 and the Raspberry Pi 3. Hardware support is currently limited, but this port is a heavy work in progress." I don't think it needs an actual list of supported machines here as the one in arm64/hardware gets assembled into the same output file (INSTALL.arm64), but I'm not sure what we'd want to say here instead. Any ideas?
Re: more pax warning fixes
On Fri, Sep 08, 2017 at 07:01:03AM +0200, Otto Moerbeek wrote:
> Indeed, better diff,
OK bluhm@
> Index: tar.c
> ===
> RCS file: /cvs/src/bin/pax/tar.c,v
> retrieving revision 1.63
> diff -u -p -r1.63 tar.c
> --- tar.c 26 Aug 2016 04:11:16 - 1.63
> +++ tar.c 8 Sep 2017 05:00:10 -
> @@ -1209,7 +1209,7 @@ static int
> rd_xheader(ARCHD *arcn, int global, off_t size)
> {
> char buf[MAXXHDRSZ];
> - unsigned long len;
> + long len;
> char *delim, *keyword;
> char *nextp, *p, *end;
> int pad, ret = 0;
> @@ -1247,8 +1247,8 @@ rd_xheader(ARCHD *arcn, int global, off_
> break;
> }
> errno = 0;
> - len = strtoul(p, &delim, 10);
> - if (*delim != ' ' || (errno == ERANGE && len == ULONG_MAX) ||
> + len = strtol(p, &delim, 10);
> + if (*delim != ' ' || (errno == ERANGE && len == LONG_MAX) ||
> len < MINXHDRSZ) {
> paxwarn(1, "Invalid extended header record length");
> ret = -1;
>
Re: more pax warning fixes
On Fri, 08 Sep 2017 07:01:03 +0200, Otto Moerbeek wrote: > Indeed, better diff, OK millert@ - todd
Re: SSE2 instructions emitted in libcompiler_rt
On 2017-09-07, Christian Weisgerber wrote: > However, I don't know how to test that these functions actually work. FWIW, I checked all *.o files from a make build of base, but there are no references to __float(di|undi)[dsx]f. I guess nothing uses these functions and clang doesn't generate code to call them. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: [patch] Remove local nameservers from dhclient.conf during an upgrade.
On Fri, Sep 08, 2017 at 12:29:57PM +0100, Raf Czlonka wrote: > > One small comment regarding your patch - since a good while, sed(1) > can do in place file edits so the above is a useless use of cat :^) > Hehe, that too. Thanks for pointing it out! It's been a long week with way too little sleep. ;-) *hides in shame*
Re: [patch] Remove local nameservers from dhclient.conf during an upgrade.
On Fri, Sep 08, 2017 at 06:39:55AM -0400, Jiri B wrote: > > ^^ if you would append a dns server which it provided by dhcp to your > regular /etc/dhclient.conf, then it should work find, shouldn't it? > it would try first one, fail, try second one. > > and your changed doesn't work for servers with do use static ip > settings and have local dns in /etc/resolv.conf. am I not right? > > j. Yeah, you're absolutely right. Ignore this patch. I wanted to avoid adding an extra nameserver to prevent unknowingly "leaking" DNS traffic in case unbound went away. But yeah, it's also stupid to bloat /bsd.rd with a fix for an uncommon cases like this. :-) Jesper Wallin
Re: vmd(8): Improve RFC 2132 compliance (DHCP)
Hi,
thank you for the patch and the detailed explanation.
I knew that Android is having similar problems under vmd, maybe that's
also because of busybox' udhcpc.
I have to clarify that vmd does not implement "DHCP" but "BOOTP".
I picked BOOTP because it was simpler to implement and totally sufficient
for vmd's use case: we don't need lease times, stateful configuration, or
any of the fancy DHCP options. Less code and complexity.
My assumption was that DHCP is a superset of BOOTP; most DHCP
clients support BOOTP responses (with vendor extensions). udhcpc is
the first DHCP-only client that I've seen.
But now I stumbled over RFC 1534 where it says:
"3. DHCP clients and BOOTP servers
A DHCP client MAY use a reply from a BOOTP server if the
configuration returned from the BOOTP server is acceptable to the
DHCP client. A DHCP client MUST assume that an IP address returned
in a message from a BOOTP server has an infinite lease. A DHCP
client SHOULD choose to use a reply from a DHCP server in preference
to a reply from a BOOTP server."
So udhcpc is stupid but it is actually not wrong.
So I'm wondering if your diff is the right approach: should we add the
minimal DHCP-in-BOOTP fields as a workaround for udhcpc or should
we rather change it to be some kind of minimal RFC-compliant DHCP?
Reyk
> On 08.09.2017, at 06:42, Anthony Coulter wrote:
>
> The DHCP client available in the Alpine Linux installer (udhcpc, part
> of BusyBox) does not accept responses that do not include the DHCP
> message type option. Worse, it expects the message type to be
> DHCPOFFER in some circumstances and DHCPREQUEST in others. The DHCP
> server in vmd omits this option entirely, which makes it impossible
> to install Alpine Linux in a virtual machine configured with "-L".
>
> The simplest fix would be to use "resp.options[6] == DHCPOFFER" instead
> of is_discover (see the patch below) because in practice the DHCP
> message type will be the first option present after the magic cookie.
> This was the first thing I tried, and it worked. But it's incorrect.
>
> RFC 1534 says that requests with no message type can be treated as
> BOOTP and not DHCP messages. It also says that we can send DHCP options
> to BOOTP messages if we so desire, so it doesn't really matter whether
> we initialize is_discover to zero or one.
>
> Note that udhcpc also complains about two more options (server ID and
> lease time) that are missing from the response message. I didn't do
> anything about this because udhcpc uses sensible defaults.
>
> I've tested this change with udhcpc (in a virtual Alpine Linux system)
> and dhclient (in a virtual OpenBSD system) and it works for both. I
> have not tried anything else.
>
> Regards,
> Anthony Coulter
>
> Index: dhcp.c
> ===
> RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v
> retrieving revision 1.3
> diff -u -p -u -p -r1.3 dhcp.c
> --- dhcp.c24 Apr 2017 07:14:27 - 1.3
> +++ dhcp.c8 Sep 2017 04:12:10 -
> @@ -44,6 +44,7 @@ dhcp_request(struct vionet_dev *dev, cha
> struct dhcp_packet req, resp;
> struct in_addr in, mask;
> size_t resplen, o;
> + int is_discover = 1;
>
> if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header)))
> return (-1);
> @@ -76,6 +77,15 @@ dhcp_request(struct vionet_dev *dev, cha
> if (req.ciaddr.s_addr != 0 || req.file[0] != '\0' || req.hops != 0)
> return (-1);
>
> + for (o = DHCP_OPTIONS_COOKIE_LEN;
> + o + offsetof(struct dhcp_packet, options) < buflen &&
> + req.options[o] != DHO_END;
> + o += req.options[o+1] + 2)
> + if (req.options[o] == DHO_DHCP_MESSAGE_TYPE) {
> + is_discover = (req.options[o+2] == DHCPDISCOVER);
> + break;
> + }
> +
> memset(&resp, 0, sizeof(resp));
> resp.op = BOOTREPLY;
> resp.htype = req.htype;
> @@ -123,6 +133,10 @@ dhcp_request(struct vionet_dev *dev, cha
> memcpy(&resp.options,
> DHCP_OPTIONS_COOKIE, DHCP_OPTIONS_COOKIE_LEN);
> o+= DHCP_OPTIONS_COOKIE_LEN;
> +
> + resp.options[o++] = DHO_DHCP_MESSAGE_TYPE;
> + resp.options[o++] = 1;
> + resp.options[o++] = is_discover ? DHCPOFFER : DHCPACK;
>
> resp.options[o++] = DHO_SUBNET_MASK;
> resp.options[o++] = sizeof(mask);
>
Re: [patch] Remove local nameservers from dhclient.conf during an upgrade.
On Fri, Sep 08, 2017 at 12:12:09PM +0200, Jesper Wallin wrote:
> Hi all,
>
> I have a local unbound running for caching purposes as well as ensuring
> that my DNS traffic is encrypted, using DNS-over-TLS. This works just
> fine, except for when I try to run the snapshot upgrade process.
>
> The installer will copy my on-disk configuration and try to setup the
> network, using the "supersede domain-name-servers 127.0.0.1;" in my
> /etc/dhclient.conf. This gives me no errors, of course, since nothing
> is wrong with the configuration. But since no nameserver is running on
> localhost, we're unable to resolve hosts. The first indication of this
> is "Unable to connect using https. Use http instead?" which is somewhat
> unclear, as it led me to believe it's an issue with TLS.
>
> Anyway, the patch below will basically try to ignore any local
> nameservers when copying the on-disk configuration. My first approach
> was to check if we could resolve a hostname instead, before givig the
> https error, but seeing that host, dig or nslookup is unavailable, I
> decided to go with this instead.
>
>
> Jesper Wallin
>
>
> Index: distrib/miniroot/install.sub
> ===
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.1035
> diff -u -p -r1.1035 install.sub
> --- distrib/miniroot/install.sub 25 Aug 2017 18:21:30 - 1.1035
> +++ distrib/miniroot/install.sub 8 Sep 2017 09:25:51 -
> @@ -2258,6 +2258,13 @@ enable_network() {
> fi
> done
>
> + # Remove local nameservers since they are unavailable.
> + if [ -f "/etc/dhclient.conf" ]; then
> + cat /etc/dhclient.conf | sed -E \
> + '/supersede +domain-name-servers +.*(127.0.0.1|::1)/d' \
> + > /etc/dhclient.conf
> + fi
^^ if you would append a dns server which it provided by dhcp to your
regular /etc/dhclient.conf, then it should work find, shouldn't it?
it would try first one, fail, try second one.
and your changed doesn't work for servers with do use static ip
settings and have local dns in /etc/resolv.conf. am I not right?
j.
[patch] Remove local nameservers from dhclient.conf during an upgrade.
Hi all,
I have a local unbound running for caching purposes as well as ensuring
that my DNS traffic is encrypted, using DNS-over-TLS. This works just
fine, except for when I try to run the snapshot upgrade process.
The installer will copy my on-disk configuration and try to setup the
network, using the "supersede domain-name-servers 127.0.0.1;" in my
/etc/dhclient.conf. This gives me no errors, of course, since nothing
is wrong with the configuration. But since no nameserver is running on
localhost, we're unable to resolve hosts. The first indication of this
is "Unable to connect using https. Use http instead?" which is somewhat
unclear, as it led me to believe it's an issue with TLS.
Anyway, the patch below will basically try to ignore any local
nameservers when copying the on-disk configuration. My first approach
was to check if we could resolve a hostname instead, before givig the
https error, but seeing that host, dig or nslookup is unavailable, I
decided to go with this instead.
Jesper Wallin
Index: distrib/miniroot/install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1035
diff -u -p -r1.1035 install.sub
--- distrib/miniroot/install.sub25 Aug 2017 18:21:30 - 1.1035
+++ distrib/miniroot/install.sub8 Sep 2017 09:25:51 -
@@ -2258,6 +2258,13 @@ enable_network() {
fi
done
+ # Remove local nameservers since they are unavailable.
+ if [ -f "/etc/dhclient.conf" ]; then
+ cat /etc/dhclient.conf | sed -E \
+ '/supersede +domain-name-servers +.*(127.0.0.1|::1)/d' \
+ > /etc/dhclient.conf
+ fi
+
# Create a minimal hosts file.
echo "127.0.0.1\tlocalhost" >/tmp/i/hosts
echo "::1\t\tlocalhost" >>/tmp/i/hosts
vmd(8): Improve RFC 2132 compliance (DHCP)
The DHCP client available in the Alpine Linux installer (udhcpc, part
of BusyBox) does not accept responses that do not include the DHCP
message type option. Worse, it expects the message type to be
DHCPOFFER in some circumstances and DHCPREQUEST in others. The DHCP
server in vmd omits this option entirely, which makes it impossible
to install Alpine Linux in a virtual machine configured with "-L".
The simplest fix would be to use "resp.options[6] == DHCPOFFER" instead
of is_discover (see the patch below) because in practice the DHCP
message type will be the first option present after the magic cookie.
This was the first thing I tried, and it worked. But it's incorrect.
RFC 1534 says that requests with no message type can be treated as
BOOTP and not DHCP messages. It also says that we can send DHCP options
to BOOTP messages if we so desire, so it doesn't really matter whether
we initialize is_discover to zero or one.
Note that udhcpc also complains about two more options (server ID and
lease time) that are missing from the response message. I didn't do
anything about this because udhcpc uses sensible defaults.
I've tested this change with udhcpc (in a virtual Alpine Linux system)
and dhclient (in a virtual OpenBSD system) and it works for both. I
have not tried anything else.
Regards,
Anthony Coulter
Index: dhcp.c
===
RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 dhcp.c
--- dhcp.c 24 Apr 2017 07:14:27 - 1.3
+++ dhcp.c 8 Sep 2017 04:12:10 -
@@ -44,6 +44,7 @@ dhcp_request(struct vionet_dev *dev, cha
struct dhcp_packet req, resp;
struct in_addr in, mask;
size_t resplen, o;
+ int is_discover = 1;
if (buflen < (ssize_t)(BOOTP_MIN_LEN + sizeof(struct ether_header)))
return (-1);
@@ -76,6 +77,15 @@ dhcp_request(struct vionet_dev *dev, cha
if (req.ciaddr.s_addr != 0 || req.file[0] != '\0' || req.hops != 0)
return (-1);
+ for (o = DHCP_OPTIONS_COOKIE_LEN;
+ o + offsetof(struct dhcp_packet, options) < buflen &&
+ req.options[o] != DHO_END;
+ o += req.options[o+1] + 2)
+ if (req.options[o] == DHO_DHCP_MESSAGE_TYPE) {
+ is_discover = (req.options[o+2] == DHCPDISCOVER);
+ break;
+ }
+
memset(&resp, 0, sizeof(resp));
resp.op = BOOTREPLY;
resp.htype = req.htype;
@@ -123,6 +133,10 @@ dhcp_request(struct vionet_dev *dev, cha
memcpy(&resp.options,
DHCP_OPTIONS_COOKIE, DHCP_OPTIONS_COOKIE_LEN);
o+= DHCP_OPTIONS_COOKIE_LEN;
+
+ resp.options[o++] = DHO_DHCP_MESSAGE_TYPE;
+ resp.options[o++] = 1;
+ resp.options[o++] = is_discover ? DHCPOFFER : DHCPACK;
resp.options[o++] = DHO_SUBNET_MASK;
resp.options[o++] = sizeof(mask);
Re: [PATCH v3 2/2] VMD: Prevent vmd crashing when stopping a stopped vm
On Thu, Sep 07, 2017 at 04:47:53PM -0700, Carlos Cardenas wrote:
> * Fix logic handling stopping a VM. Prevents VMD from crashing.
> * Add additional error code to notify the user that a vm cannot be
> stopped when not running.
> * Add additional log_debug statements.
>
I split this one into a few commits - one for the spaces vs tab issue,
one for the wrong comment at the end, and a third for everything else.
Thanks for these diffs, with these, vm termination is more predictable
with better error messages. There is still one case that doesn't work,
I'll follow up with you off-list.
See inline below for one other place I fixed.
-ml
> diff --git usr.sbin/vmctl/vmctl.c usr.sbin/vmctl/vmctl.c
> index 64d82ca847d..d1517d0d26d 100644
> --- usr.sbin/vmctl/vmctl.c
> +++ usr.sbin/vmctl/vmctl.c
> @@ -206,7 +206,7 @@ vm_start_complete(struct imsg *imsg, int *ret, int
> autoconnect)
> break;
> case VMD_DISK_INVALID:
> warnx("specified disk image(s) are "
> -"not regular files");
> + "not regular files");
> *ret = ENOENT;
> break;
> default:
> @@ -439,12 +439,19 @@ terminate_vm_complete(struct imsg *imsg, int *ret)
> vmr = (struct vmop_result *)imsg->data;
> res = vmr->vmr_result;
> if (res) {
> - errno = res;
> - if (res == ENOENT)
> + switch (res) {
> + case VMD_VM_STOP_INVALID:
> + warnx("cannot stop vm that is not running");
> + *ret = EINVAL;
> + break;
> + case ENOENT:
> warnx("vm not found");
> - else
> + *ret = EIO;
> + break;
> + default:
> warn("terminate vm command failed");
> - *ret = EIO;
> + *ret = EIO;
> + }
> } else {
> warnx("sent request to terminate vm %d", vmr->vmr_id);
> *ret = 0;
> @@ -453,6 +460,7 @@ terminate_vm_complete(struct imsg *imsg, int *ret)
> warnx("unexpected response received from vmd");
> *ret = EINVAL;
> }
> + errno = *ret;
>
> return (1);
> }
> diff --git usr.sbin/vmd/vmd.h usr.sbin/vmd/vmd.h
> index 22da6d58a7b..1240339db52 100644
> --- usr.sbin/vmd/vmd.h
> +++ usr.sbin/vmd/vmd.h
> @@ -54,6 +54,7 @@
> #define VMD_BIOS_MISSING 1001
> #define VMD_DISK_MISSING 1002
> #define VMD_DISK_INVALID 1003
> +#define VMD_VM_STOP_INVALID 1004
>
> /* 100.64.0.0/10 from rfc6598 (IPv4 Prefix for Shared Address Space) */
> #define VMD_DHCP_PREFIX "100.64.0.0/10"
> diff --git usr.sbin/vmd/vmm.c usr.sbin/vmd/vmm.c
> index 0e5ed1ed605..e3ff3be2f35 100644
> --- usr.sbin/vmd/vmm.c
> +++ usr.sbin/vmd/vmm.c
> @@ -150,29 +150,45 @@ vmm_dispatch_parent(int fd, struct privsep_proc *p,
> struct imsg *imsg)
>
> if (id == 0) {
> res = ENOENT;
> - } else if ((vm = vm_getbyvmid(id)) != NULL &&
> - vm->vm_shutdown == 0) {
> - log_debug("%s: sending shutdown request to vm %d",
> - __func__, id);
> -
> - /*
> - * Request reboot but mark the VM as shutting down.
> - * This way we can terminate the VM after the triple
> - * fault instead of reboot and avoid being stuck in
> - * the ACPI-less powerdown ("press any key to reboot")
> - * of the VM.
> - */
> - vm->vm_shutdown = 1;
> - if (imsg_compose_event(&vm->vm_iev,
> - IMSG_VMDOP_VM_REBOOT, 0, 0, -1, NULL, 0) == -1)
> - res = errno;
> - else
> - res = 0;
> + } else if ((vm = vm_getbyvmid(id)) != NULL) {
> + if (vm->vm_shutdown == 0) {
> + log_debug("%s: sending shutdown req to vm %d",
> + __func__, id);
> +
> + /*
> + * Request reboot but mark the VM as shutting
> + * down. This way we can terminate the VM after
> + * the triple fault instead of reboot and
> + * avoid being stuck in the ACPI-less powerdown
> + * ("press any key to reboot") of the VM.
> + */
> +
