diff for gdb

2019-12-20 Thread YASUOKA Masahiko
When I debug kernel with kernel core, backtrace command ends around
alltraps_kern_meltdown().  The following diff fixes this problem.

ok?

Teach gdb that the trap frame should be used for for
alltraps_kern_meltdown()

Index: gnu/usr.bin/binutils/gdb/amd64obsd-tdep.c
===
RCS file: /cvs/src/gnu/usr.bin/binutils/gdb/amd64obsd-tdep.c,v
retrieving revision 1.13
diff -u -p -r1.13 amd64obsd-tdep.c
--- gnu/usr.bin/binutils/gdb/amd64obsd-tdep.c   21 Oct 2019 13:09:52 -  
1.13
+++ gnu/usr.bin/binutils/gdb/amd64obsd-tdep.c   21 Dec 2019 06:52:03 -
@@ -463,6 +463,7 @@ amd64obsd_trapframe_sniffer (const struc
   || (name[0] == 'X' && strncmp(name, "Xipi_", 5) != 0)
   || (strcmp (name, "alltraps") == 0)
   || (strcmp (name, "alltraps_kern") == 0)
+  || (strcmp (name, "alltraps_kern_meltdown") == 0)
   || (strcmp (name, "intr_fast_exit") == 0)
   || (strcmp (name, "intr_exit_recurse") == 0)));
 }



Re: unveil radioctl/fdformat/gpioctl

2019-12-20 Thread Ricardo Mestre
Hello fellow citizens!

Did we have any brave souls with the hardware below that tested this and
can give me an OK?

On 18:57 Mon 02 Dec , Ricardo Mestre wrote:
> Hi tech@
> 
> radioctl/fdformat/gpioctl need to open the device and then all operations go
> through ioctls forbidden by pledge but no further filesystem access is needed
> so it can be disallowed right afterwards.
> 
> CAVEAT: The sources for these applications are simple enough to follow, but
> unfortunately I don't have any of these devices to actually test them, so take
> this with a really tiny pinch of salt.
> 
> Comments, OK?
> 
> /mestre
> 
> Index: usr.bin/radioctl/radioctl.c
> ===
> RCS file: /cvs/src/usr.bin/radioctl/radioctl.c,v
> retrieving revision 1.20
> diff -u -p -u -r1.20 radioctl.c
> --- usr.bin/radioctl/radioctl.c   28 Jun 2019 13:35:03 -  1.20
> +++ usr.bin/radioctl/radioctl.c   2 Dec 2019 18:51:03 -
> @@ -186,6 +186,11 @@ main(int argc, char **argv)
>   if (rd == -1)
>   err(1, "%s open error", radiodev);
>  
> + if (unveil("/", "") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
>   if (ioctl(rd, RIOCGINFO, ) == -1)
>   err(1, "RIOCGINFO");
>  
> Index: usr.sbin/fdformat/fdformat.c
> ===
> RCS file: /cvs/src/usr.sbin/fdformat/fdformat.c,v
> retrieving revision 1.24
> diff -u -p -u -r1.24 fdformat.c
> --- usr.sbin/fdformat/fdformat.c  28 Jun 2019 13:32:47 -  1.24
> +++ usr.sbin/fdformat/fdformat.c  2 Dec 2019 18:51:04 -
> @@ -246,6 +246,11 @@ main(int argc, char *argv[])
>   if ((fd = opendev(argv[optind], O_RDWR, OPENDEV_PART, )) == -1)
>   err(1, "%s", devname);
>  
> + if (unveil("/", "") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
>   if (ioctl(fd, FD_GTYPE, ) == -1)
>   errx(1, "not a floppy disk: %s", devname);
>  
> Index: usr.sbin/gpioctl/gpioctl.c
> ===
> RCS file: /cvs/src/usr.sbin/gpioctl/gpioctl.c,v
> retrieving revision 1.17
> diff -u -p -u -r1.17 gpioctl.c
> --- usr.sbin/gpioctl/gpioctl.c26 Dec 2015 20:52:03 -  1.17
> +++ usr.sbin/gpioctl/gpioctl.c2 Dec 2019 18:51:04 -
> @@ -101,6 +101,11 @@ main(int argc, char *argv[])
>   if ((devfd = open(dev, O_RDWR)) == -1)
>   err(1, "%s", dev);
>  
> + if (unveil("/", "") == -1)
> + err(1, "unveil");
> + if (unveil(NULL, NULL) == -1)
> + err(1, "unveil");
> +
>   if (argc == 1) {
>   getinfo();
>   return 0;
> 



Re: attention please: host's IP stack behavior got changed slightly

2019-12-20 Thread Alexander Bluhm
On Wed, Dec 18, 2019 at 09:07:35AM +0100, Alexandr Nedvedicky wrote:
> I see. Updated diff below makes ip6_input_if() to explicitly check
> for PF_TAG_TRANSLATE_LOCALHOST tag, when ip6_forwarding is disabled.
>
> if ip6_forwarding is enabled, then the ip6_input_if() keeps current
> behavior.

You have misunderstood my internsion.

Can we put the PF_TAG_TRANSLATE_LOCALHOST into ip6_input_if() like
in in_ouraddr().  Then the logic and look of the code is similar.

if (ip6_forwarding == 0 && rt->rt_ifidx != ifp->if_index &&
!((ifp->if_flags & IFF_LOOPBACK) ||
 (ifp->if_type == IFT_ENC) ||
 (m->m_pkthdr.pf.flags & PF_TAG_TRANSLATE_LOCALHOST)) {
/* received on wrong interface */

And the second question, but not for this commit, is why do we
need this block?

if (IN6_IS_ADDR_LOOPBACK(>ip6_src) ||
IN6_IS_ADDR_LOOPBACK(>ip6_dst)) {
nxt = ip6_ours(mp, offp, nxt, af);
goto out;
}

It was removed in kame here:

revision 1.189
date: 2001/04/01 09:08:57;  author: jinmei;  state: Exp;  lines: +22 -23;
clarified goto-ours logic:

1. separated checks against spoofed ::1 src/dst from the goto-ours check.
   this also fixed a bug that the kernel accepted a packet with
   src=::1, dst=invalid, rcvif=lo0
   (you can test it by 'ping6 -S ::1 fe80::%lo0", where  is not an
interface ID of lo0)
2. (experimentally) omitted a specical case for link-local destinations at a
   loopback interface.  I believe this is correct, because
   - we now have a host route for fe80::1%lo0, so we can accept a packet to
 the address using the generic logic.
   - we can reject packets to fe80::%lo0 ( != 1) by the check for
 the RTF_GATEWAY bit for rt_flags (ip6_input.c line 872).
   *** NOTE to developers:***
   this is the case for bsdi4, but please check it on other platforms.
   after the confirmation, I'll completely remove the part (currently, it's
   just escaped by '#ifdef 0')

bluhm



Re: Clarify drand48() return values

2019-12-20 Thread Alexander Nasonov
j...@bitminer.ca wrote:
> 
> Clarify that drand48 returns values not including 1.0.

It's not clear from the documentation whether drand48 can generate
a denormal number. If it can't, you can exclude 0.0 because it's
a denormal ;-)

-- 
Alex



Re: Clarify drand48() return values

2019-12-20 Thread Theo Buehler
On Fri, Dec 20, 2019 at 10:09:46AM -0800, j...@bitminer.ca wrote:
> For completeness:

thanks, committed



Re: amd64 SMEP SMAP trap panic print

2019-12-20 Thread Alexander Bluhm
On Fri, Dec 20, 2019 at 11:15:09AM -0700, Theo de Raadt wrote:
> Alexander Bluhm  wrote:
>
> > On Thu, Dec 19, 2019 at 06:25:06PM -0800, Philip Guenther wrote:
> > > For this part, should we reuse the 'faultstr' logic seen later to set the
> > > panic string and do something like, say...
> >
> > That makes sense.  I need another workaround for the stack trace
> > after calling the NULL function.  This time I tested with SMEP/SMAP
> > and ddb.panic=0/1.  I get nice traces in all cases.
> >
> > ok?
>
> I am not confident about the db_print_loc_and_inst() change.  To me it
> seems trap should recognize that the call has failed, and the fault-pc
> should not be the destination, but be rewinded to the caller.  After all
> that that is where the fault happened.

This is how I trigger the SMEP panic with a NULL function call.  pc is 0.

void (*nullfunc)(void);
sysctl_file()
{
...
(*nullfunc)();

Without the (loc != 0) check, and with ddb.panic=1 I get a double
fault.

attempt to execute user address 0x0 in supervisor mode
kernel: page fault trap, code=0
Stopped at  0:uvm_fault(0xfd807943d220, 0x0, 0, 1) -> e
  kernel: page fault trap, code=0
Stopped at  db_read_bytes+0x70: movzbl  0(%rdi,%rcx,1),%eax
ddb> trace
db_read_bytes(0,1,800021068f40) at db_read_bytes+0x70
db_get_value(0,1,0) at db_get_value+0x44
db_disasm(0,0) at db_disasm+0x85
db_trap(6,0) at db_trap+0xa8
db_ktrap(6,0,8000210691a0) at db_ktrap+0xb3
kerntrap(8000210691a0) at kerntrap+0x8d
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
0(800021069668,4,877eb646000,800021069698,800021124ef0,80002106
9668) at 0
kern_sysctl(800021069664,5,877eb646000,800021069698,0,0) at kern_sysctl
+0x18e
sys_sysctl(800021124ef0,800021069700,800021069760) at sys_sysctl+0x
186
syscall(8000210697d0) at syscall+0x315
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7bcb80, count: -12

In the ddb.panic=0 case it works with and without the (loc != 0) check.

attempt to execute user address 0x0 in supervisor mode
fatal page fault in supervisor mode
trap type 6 code 10 rip 0 cs 8 rflags 10282 cr2 0 cpl 0 rsp 80002103b268
gsbase 0x81f0aff0  kgsbase 0x0
panic: trap type 6, code=10, pc=0
Starting stack trace...
panic(81c440ff) at panic+0x11b
kerntrap(80002103b1b0) at kerntrap+0xf4
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
0(80002103b678,4,13ed23481000,80002103b6a8,800021035660,80002103b678)
 at 0
kern_sysctl(80002103b674,5,13ed23481000,80002103b6a8,0,0) at 
kern_sysctl+0x18e
sys_sysctl(800021035660,80002103b710,80002103b770) at 
sys_sysctl+0x186
syscall(80002103b7e0) at syscall+0x315
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7c9160, count: 249
End of stack trace.

bluhm



unwind(8): switch to ub_event_pluggable

2019-12-20 Thread Florian Obser
Ralph Dolmans from nlnetlabs points out that libunbound uses
ub_event_pluggable.c instead of ub_event.c.
( https://github.com/NLnetLabs/unbound/issues/99 )
We have been the odd one out, so switch to ub_event_pluggable, too.

This removes and adds files, to apply:
cd /usr/src/sbin/unwind
patch -Ep0 < ~/unwind_ub_event_pluggable.diff
rm obj/* # make clean would leave ub_event.{d,o} behind

Getting libevent working with libunbound was a bit fiddly to get
right. Please test this. As far as I can tell this is supposed to be a
drop-in replacement.

diff --git libunbound/util/Makefile.inc libunbound/util/Makefile.inc
index 358298fe00e..28e81b2299a 100644
--- libunbound/util/Makefile.inc
+++ libunbound/util/Makefile.inc
@@ -5,7 +5,7 @@
 SRCS+= alloc.c as112.c config_file.c configlexer.c configparser.y edns.c \
fptr_wlist.c locks.c mini_event.c module.c net_help.c netevent.c \
random.c rbtree.c regional.c rtt.c tcp_conn_limit.c timehist.c tube.c \
-   ub_event.c util_log.c winsock_event.c
+   ub_event_pluggable.c util_log.c winsock_event.c
 
 util_log.c:
ln -s ${.CURDIR}/libunbound/util/log.c $@
diff --git libunbound/util/ub_event.c libunbound/util/ub_event.c
deleted file mode 100644
index 9af476ad408..000
--- libunbound/util/ub_event.c
+++ /dev/null
@@ -1,466 +0,0 @@
-/*
- * util/ub_event.c - directly call libevent (compatability) functions
- *
- * Copyright (c) 2007, NLnet Labs. All rights reserved.
- *
- * This software is open source.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * Redistributions of source code must retain the above copyright notice,
- * this list of conditions and the following disclaimer.
- * 
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * 
- * Neither the name of the NLNET LABS nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
- * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
- * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
- * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
- * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * \file
- *
- * This file contains and implementation for the indirection layer for 
pluggable
- * events that transparently passes it either directly to libevent, or calls
- * the libevent compatibility layer functions.
- */
-#include "config.h"
-#include 
-#include "util/ub_event.h"
-#include "util/log.h"
-#include "util/netevent.h"
-#include "util/tube.h"
-
-/* We define libevent structures here to hide the libevent stuff. */
-
-#ifdef USE_MINI_EVENT
-#  ifdef USE_WINSOCK
-#include "util/winsock_event.h"
-#  else
-#include "util/mini_event.h"
-#  endif /* USE_WINSOCK */
-#else /* USE_MINI_EVENT */
-   /* we use libevent */
-#  ifdef HAVE_EVENT_H
-#include 
-#  else
-#include "event2/event.h"
-#include "event2/event_struct.h"
-#include "event2/event_compat.h"
-#  endif
-#endif /* USE_MINI_EVENT */
-
-#if UB_EV_TIMEOUT != EV_TIMEOUT || UB_EV_READ != EV_READ || \
-UB_EV_WRITE != EV_WRITE || UB_EV_SIGNAL != EV_SIGNAL || \
-UB_EV_PERSIST != EV_PERSIST 
-/* Only necessary for libev */ 
-#  define NATIVE_BITS(b) ( \
- (((b) & UB_EV_TIMEOUT) ? EV_TIMEOUT : 0) \
-   | (((b) & UB_EV_READ   ) ? EV_READ: 0) \
-   | (((b) & UB_EV_WRITE  ) ? EV_WRITE   : 0) \
-   | (((b) & UB_EV_SIGNAL ) ? EV_SIGNAL  : 0) \
-   | (((b) & UB_EV_PERSIST) ? EV_PERSIST : 0))
-
-#  define UB_EV_BITS(b) ( \
- (((b) & EV_TIMEOUT) ? UB_EV_TIMEOUT : 0) \
-   | (((b) & EV_READ   ) ? UB_EV_READ: 0) \
-   | (((b) & EV_WRITE  ) ? UB_EV_WRITE   : 0) \
-   | (((b) & EV_SIGNAL ) ? UB_EV_SIGNAL  : 0) \
-   | (((b) & EV_PERSIST) ? UB_EV_PERSIST : 0))
-
-#  define UB_EV_BITS_CB(C) void my_ ## C (int fd, short bits, void *arg) \
-   { (C)(fd, UB_EV_BITS(bits), arg); }
-
-UB_EV_BITS_CB(comm_point_udp_callback);
-UB_EV_BITS_CB(comm_point_udp_ancil_callback)
-UB_EV_BITS_CB(comm_point_tcp_accept_callback)
-UB_EV_BITS_CB(comm_point_tcp_handle_callback)
-UB_EV_BITS_CB(comm_timer_callback)

Re: amd64 SMEP SMAP trap panic print

2019-12-20 Thread Theo de Raadt
Alexander Bluhm  wrote:

> On Thu, Dec 19, 2019 at 06:25:06PM -0800, Philip Guenther wrote:
> > For this part, should we reuse the 'faultstr' logic seen later to set the
> > panic string and do something like, say...
> 
> That makes sense.  I need another workaround for the stack trace
> after calling the NULL function.  This time I tested with SMEP/SMAP
> and ddb.panic=0/1.  I get nice traces in all cases.
> 
> ok?

I am not confident about the db_print_loc_and_inst() change.  To me it
seems trap should recognize that the call has failed, and the fault-pc
should not be the destination, but be rewinded to the caller.  After all
that that is where the fault happened.

> 
> bluhm
> 
> 1. SMEP, ddb.panic=0
> 
> attempt to execute user address 0x0 in supervisor mode
> fatal page fault in supervisor mode
> trap type 6 code 10 rip 0 cs 8 rflags 10286 cr2 0 cpl 0 rsp 80001feee048
> gsbase 0x80001fb5aff0  kgsbase 0x0
> panic: trap type 6, code=10, pc=0
> Starting stack trace...
> panic(81c5759e) at panic+0x11b
> kerntrap(80001feedf90) at kerntrap+0x114
> alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
> 0(80001feee458,4,8975d881000,80001feee488,800058c0,80001feee458)
>  at 0
> kern_sysctl(80001feee454,5,8975d881000,80001feee488,0,0) at 
> kern_sysctl+0x18e
> sys_sysctl(800058c0,80001feee4f0,80001feee550) at 
> sys_sysctl+0x186
> syscall(80001feee5c0) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7bb490, count: 249
> End of stack trace.
> 
> 2. SMEP, ddb.panic=1
> 
> attempt to execute user address 0x0 in supervisor mode
> kernel: page fault trap, code=0
> Stopped at  0
> ddb{3}> show panic
> kernel page fault
> attempt to execute user address 0x0 in supervisor mode
> 0(804cf190,0,17,80001feee7b8,0,23bcd315000) at 0
> sysctl_file(80001feee788,4,23bcd315000,80001feee7b8,80000018) 
> a
> t sysctl_file+0x75c
> end trace frame: 0x80001feee760, count: 0
> ddb{3}> trace
> 0(804cf190,0,17,80001feee7b8,0,23bcd315000) at 0
> sysctl_file(80001feee788,4,23bcd315000,80001feee7b8,80000018) 
> a
> t sysctl_file+0x75c
> kern_sysctl(80001feee784,5,23bcd315000,80001feee7b8,0,0) at 
> kern_sysctl
> +0x18e
> sys_sysctl(80000018,80001feee820,80001feee880) at 
> sys_sysctl+0x
> 186
> syscall(80001feee8f0) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7facd0, count: -5
> ddb{3}>
> 
> 3. SMAP, ddb.panic=0
> 
> attempt to access user address 0x2af5846a000 in supervisor mode
> fatal page fault in supervisor mode
> trap type 6 code 3 rip 812d1c75 cs 8 rflags 10202 cr2 2af5846a000 cpl 
> 0 rsp 80001feee4e8
> gsbase 0x80001fb63ff0  kgsbase 0x0
> panic: trap type 6, code=3, pc=812d1c75
> Starting stack trace...
> panic(81c59b90) at panic+0x11b
> kerntrap(80001feee430) at kerntrap+0x114
> alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
> memcpy() at memcpy+0x15
> kern_sysctl(80001feee8f4,5,2af5846a000,80001feee928,0,0) at 
> kern_sysctl+0x18e
> sys_sysctl(80001650,80001feee990,80001feee9f0) at 
> sys_sysctl+0x186
> syscall(80001feeea60) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7d7d00, count: 249
> End of stack trace.
> 
> 4. SMAP, ddb.panic=1
> 
> attempt to access user address 0x3e88d674000 in supervisor mode
> kernel: page fault trap, code=0
> Stopped at  memcpy+0x15:repe movsq  (%rsi),%es:(%rdi)
> ddb{1}> show panic
> kernel page fault
> attempt to access user address 0x3e88d674000 in supervisor mode
> memcpy() at memcpy+0x15
> end trace frame: 0x80001feee7f0, count: 0
> ddb{1}> trace
> memcpy() at memcpy+0x15
> kern_sysctl(80001feee814,5,3e88d674000,80001feee848,0,0) at 
> kern_sysctl
> +0x18e
> sys_sysctl(80001650,80001feee8b0,80001feee910) at 
> sys_sysctl+0x
> 186
> syscall(80001feee980) at syscall+0x389
> Xsyscall() at Xsyscall+0x128
> end of kernel
> end trace frame: 0x7f7d9bf0, count: -5
> ddb{1}>
> 
> Index: arch/amd64/amd64/db_trace.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/db_trace.c,v
> retrieving revision 1.47
> diff -u -p -r1.47 db_trace.c
> --- arch/amd64/amd64/db_trace.c   10 Nov 2019 10:03:33 -  1.47
> +++ arch/amd64/amd64/db_trace.c   20 Dec 2019 16:15:46 -
> @@ -150,7 +150,7 @@ db_stack_trace_print(db_expr_t addr, int
>   name = NULL;
>   }
> 
> - if (lastframe == 0 && sym == NULL) {
> + if (lastframe == 0 && sym == NULL && callpc != 0) {
>   /* Symbol not found, peek at code */
>   unsigned long instr = db_get_value(callpc, 8, 0);
> 
> Index: arch/amd64/amd64/trap.c
> 

Re: Clarify drand48() return values

2019-12-20 Thread j
For completeness:


Index: src/lib/libc/stdlib/rand48.3
===
RCS file: /cvs/src/lib/libc/stdlib/rand48.3,v
retrieving revision 1.20
diff -u -r1.20 rand48.3
--- src/lib/libc/stdlib/rand48.310 Nov 2015 23:48:18 -  1.20
+++ src/lib/libc/stdlib/rand48.320 Dec 2019 18:07:57 -
@@ -101,7 +101,7 @@
 return values of type double.
 The full 48 bits of r(n+1) are
 loaded into the mantissa of the returned value, with the exponent set
-such that the values produced lie in the interval [0.0, 1.0].
+such that the values produced lie in the interval [0.0, 1.0).
 .Pp
 .Fn lrand48
 and



Re: amd64 SMEP SMAP trap panic print

2019-12-20 Thread Alexander Bluhm
On Thu, Dec 19, 2019 at 06:25:06PM -0800, Philip Guenther wrote:
> For this part, should we reuse the 'faultstr' logic seen later to set the
> panic string and do something like, say...

That makes sense.  I need another workaround for the stack trace
after calling the NULL function.  This time I tested with SMEP/SMAP
and ddb.panic=0/1.  I get nice traces in all cases.

ok?

bluhm

1. SMEP, ddb.panic=0

attempt to execute user address 0x0 in supervisor mode
fatal page fault in supervisor mode
trap type 6 code 10 rip 0 cs 8 rflags 10286 cr2 0 cpl 0 rsp 80001feee048
gsbase 0x80001fb5aff0  kgsbase 0x0
panic: trap type 6, code=10, pc=0
Starting stack trace...
panic(81c5759e) at panic+0x11b
kerntrap(80001feedf90) at kerntrap+0x114
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
0(80001feee458,4,8975d881000,80001feee488,800058c0,80001feee458)
 at 0
kern_sysctl(80001feee454,5,8975d881000,80001feee488,0,0) at 
kern_sysctl+0x18e
sys_sysctl(800058c0,80001feee4f0,80001feee550) at 
sys_sysctl+0x186
syscall(80001feee5c0) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7bb490, count: 249
End of stack trace.

2. SMEP, ddb.panic=1

attempt to execute user address 0x0 in supervisor mode
kernel: page fault trap, code=0
Stopped at  0
ddb{3}> show panic
kernel page fault
attempt to execute user address 0x0 in supervisor mode
0(804cf190,0,17,80001feee7b8,0,23bcd315000) at 0
sysctl_file(80001feee788,4,23bcd315000,80001feee7b8,80000018) a
t sysctl_file+0x75c
end trace frame: 0x80001feee760, count: 0
ddb{3}> trace
0(804cf190,0,17,80001feee7b8,0,23bcd315000) at 0
sysctl_file(80001feee788,4,23bcd315000,80001feee7b8,80000018) a
t sysctl_file+0x75c
kern_sysctl(80001feee784,5,23bcd315000,80001feee7b8,0,0) at kern_sysctl
+0x18e
sys_sysctl(80000018,80001feee820,80001feee880) at sys_sysctl+0x
186
syscall(80001feee8f0) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7facd0, count: -5
ddb{3}>

3. SMAP, ddb.panic=0

attempt to access user address 0x2af5846a000 in supervisor mode
fatal page fault in supervisor mode
trap type 6 code 3 rip 812d1c75 cs 8 rflags 10202 cr2 2af5846a000 cpl 0 
rsp 80001feee4e8
gsbase 0x80001fb63ff0  kgsbase 0x0
panic: trap type 6, code=3, pc=812d1c75
Starting stack trace...
panic(81c59b90) at panic+0x11b
kerntrap(80001feee430) at kerntrap+0x114
alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b
memcpy() at memcpy+0x15
kern_sysctl(80001feee8f4,5,2af5846a000,80001feee928,0,0) at 
kern_sysctl+0x18e
sys_sysctl(80001650,80001feee990,80001feee9f0) at 
sys_sysctl+0x186
syscall(80001feeea60) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7d7d00, count: 249
End of stack trace.

4. SMAP, ddb.panic=1

attempt to access user address 0x3e88d674000 in supervisor mode
kernel: page fault trap, code=0
Stopped at  memcpy+0x15:repe movsq  (%rsi),%es:(%rdi)
ddb{1}> show panic
kernel page fault
attempt to access user address 0x3e88d674000 in supervisor mode
memcpy() at memcpy+0x15
end trace frame: 0x80001feee7f0, count: 0
ddb{1}> trace
memcpy() at memcpy+0x15
kern_sysctl(80001feee814,5,3e88d674000,80001feee848,0,0) at kern_sysctl
+0x18e
sys_sysctl(80001650,80001feee8b0,80001feee910) at sys_sysctl+0x
186
syscall(80001feee980) at syscall+0x389
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7d9bf0, count: -5
ddb{1}>

Index: arch/amd64/amd64/db_trace.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/db_trace.c,v
retrieving revision 1.47
diff -u -p -r1.47 db_trace.c
--- arch/amd64/amd64/db_trace.c 10 Nov 2019 10:03:33 -  1.47
+++ arch/amd64/amd64/db_trace.c 20 Dec 2019 16:15:46 -
@@ -150,7 +150,7 @@ db_stack_trace_print(db_expr_t addr, int
name = NULL;
}

-   if (lastframe == 0 && sym == NULL) {
+   if (lastframe == 0 && sym == NULL && callpc != 0) {
/* Symbol not found, peek at code */
unsigned long instr = db_get_value(callpc, 8, 0);

Index: arch/amd64/amd64/trap.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/amd64/trap.c,v
retrieving revision 1.77
diff -u -p -r1.77 trap.c
--- arch/amd64/amd64/trap.c 6 Sep 2019 12:22:01 -   1.77
+++ arch/amd64/amd64/trap.c 20 Dec 2019 17:16:18 -
@@ -77,6 +77,7 @@
 #include 
 #include 
 #include 
+#include 

 #include 

@@ -132,6 +133,24 @@ static inline void verify_smap(const cha
 static inline void debug_trap(struct trapframe *_frame, struct proc *_p,
 long _type);

+static inline int
+fault(const 

Re: Add sizes for free() in clct(4)

2019-12-20 Thread Jan Klemkow
On Fri, Dec 20, 2019 at 05:26:56PM +0100, Frederic Cambus wrote:
> Here is a diff to add sizes for free() in clct(4).
> 
> Similar diff to the ones previously sent for other audio drivers.
> 
> Comments? OK?

OK jan@
 
> Index: sys/dev/pci/cs4281.c
> ===
> RCS file: /cvs/src/sys/dev/pci/cs4281.c,v
> retrieving revision 1.36
> diff -u -p -r1.36 cs4281.c
> --- sys/dev/pci/cs4281.c  19 Sep 2016 06:46:44 -  1.36
> +++ sys/dev/pci/cs4281.c  20 Dec 2019 15:56:40 -
> @@ -1187,7 +1187,7 @@ cs4281_malloc(void *addr, int direction,
>   error = cs4281_allocmem(sc, size, pool, flags, p);
>  
>   if (error) {
> - free(p, pool, 0);
> + free(p, pool, sizeof(*p));
>   return (0);
>   }
>  
> @@ -1212,7 +1212,7 @@ cs4281_free(void *addr, void *ptr, int p
>   bus_dmamem_unmap(sc->sc_dmatag, p->addr, p->size);
>   bus_dmamem_free(sc->sc_dmatag, p->segs, p->nsegs);
>   *pp = p->next;
> - free(p, pool, 0);
> + free(p, pool, sizeof(*p));
>   return;
>   }
>   }
> 



Add sizes for free() in clct(4)

2019-12-20 Thread Frederic Cambus
Hi tech@,

Here is a diff to add sizes for free() in clct(4).

Similar diff to the ones previously sent for other audio drivers.

Comments? OK?

Index: sys/dev/pci/cs4281.c
===
RCS file: /cvs/src/sys/dev/pci/cs4281.c,v
retrieving revision 1.36
diff -u -p -r1.36 cs4281.c
--- sys/dev/pci/cs4281.c19 Sep 2016 06:46:44 -  1.36
+++ sys/dev/pci/cs4281.c20 Dec 2019 15:56:40 -
@@ -1187,7 +1187,7 @@ cs4281_malloc(void *addr, int direction,
error = cs4281_allocmem(sc, size, pool, flags, p);
 
if (error) {
-   free(p, pool, 0);
+   free(p, pool, sizeof(*p));
return (0);
}
 
@@ -1212,7 +1212,7 @@ cs4281_free(void *addr, void *ptr, int p
bus_dmamem_unmap(sc->sc_dmatag, p->addr, p->size);
bus_dmamem_free(sc->sc_dmatag, p->segs, p->nsegs);
*pp = p->next;
-   free(p, pool, 0);
+   free(p, pool, sizeof(*p));
return;
}
}



Re: ublink(4), led(4) and ledctl(1)

2019-12-20 Thread Martin Pieuchot
On 19/12/19(Thu) 18:37, Stuart Henderson wrote:
> While it's nice to have basic support in the kernel, for people using
> these devices for sequences / controlling a chain of neopixels / etc
> they're going to need a custom kernel with the driver disabled in order
> to access it from userland.

Which features do you need that are currently missing in led(4)?



Re: bgpctl: split out show functions into own file

2019-12-20 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2019.12.20 08:24:34 +0100:
> This diff just moves most show related functions into a new file.
> It is mostly mechanical (remove function from bgpctl.c and add it to
> output.c).
> 
> OK?

ok

did you check that bgplg etc still build (i dont see why they should not).

> -- 
> :wq Claudio
> 
> ? obj
> Index: Makefile
> ===
> RCS file: /cvs/src/usr.sbin/bgpctl/Makefile,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile
> --- Makefile  25 Jun 2019 07:44:20 -  1.15
> +++ Makefile  20 Dec 2019 07:20:26 -
> @@ -3,7 +3,7 @@
>  .PATH:   ${.CURDIR}/../bgpd
>  
>  PROG=bgpctl
> -SRCS=bgpctl.c parser.c mrtparser.c util.c
> +SRCS=bgpctl.c output.c parser.c mrtparser.c util.c
>  CFLAGS+= -Wall
>  CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
>  CFLAGS+= -Wmissing-declarations
> Index: bgpctl.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpctl/bgpctl.c,v
> retrieving revision 1.253
> diff -u -p -r1.253 bgpctl.c
> --- bgpctl.c  20 Dec 2019 07:18:51 -  1.253
> +++ bgpctl.c  20 Dec 2019 07:20:27 -
> @@ -2,6 +2,7 @@
>  
>  /*
>   * Copyright (c) 2003 Henning Brauer 
> + * Copyright (c) 2004-2019 Claudio Jeker 
>   * Copyright (c) 2016 Job Snijders 
>   * Copyright (c) 2016 Peter Hessler 
>   *
> @@ -38,49 +39,20 @@
>  #include "bgpd.h"
>  #include "session.h"
>  #include "rde.h"
> +
> +#include "bgpctl.h"
>  #include "parser.h"
>  #include "mrtparser.h"
>  
> -enum neighbor_views {
> - NV_DEFAULT,
> - NV_TIMERS
> -};
> -
> -#define EOL0(flag)   ((flag & F_CTL_SSV) ? ';' : '\n')
> -
>  int   main(int, char *[]);
>  int   show(struct imsg *, struct parse_result *);
> -char *fmt_peer(const char *, const struct bgpd_addr *, int);
> -void  show_summary(struct peer *);
> -void  show_neighbor_full(struct peer *, struct parse_result *);
> -void  show_neighbor(struct peer *, struct parse_result *res);
> -void  print_neighbor_capa_mp(struct peer *);
> -void  print_neighbor_capa_restart(struct peer *);
> -void  print_neighbor_msgstats(struct peer *);
>  void  print_timer(const char *, time_t);
> -const char   *fmt_timeframe(time_t t);
> -void  show_fib_flags(u_int16_t);
> -void  show_fib(struct kroute_full *);
> -void  show_fib_table(struct ktable *);
> -void  show_nexthop(struct ctl_show_nexthop *);
> -void  show_interface(struct ctl_show_interface *);
> -void  print_prefix(struct bgpd_addr *, u_int8_t, u_int8_t, u_int8_t);
> -const char *  print_origin(u_int8_t, int);
> -const char *  print_ovs(u_int8_t, int);
> -void  print_flags(u_int8_t, int);
> -void  show_rib(struct ctl_show_rib *, u_char *, size_t,
> - struct parse_result *);
> -void  show_rib_brief(struct ctl_show_rib *, u_char *, size_t);
> -void  show_rib_detail(struct ctl_show_rib *, u_char *, size_t, int);
>  void  show_attr(void *, u_int16_t, int);
>  void  show_communities(u_char *, size_t, int);
>  void  show_community(u_char *, u_int16_t);
>  void  show_large_community(u_char *, u_int16_t);
>  void  show_ext_community(u_char *, u_int16_t);
> -void  show_rib_mem(struct rde_memstats *);
> -void  show_rib_hash(struct rde_hashstats *);
>  void  send_filterset(struct imsgbuf *, struct filter_set_head *);
> -const char   *get_errstr(u_int8_t, u_int8_t);
>  void  show_mrt_dump_neighbors(struct mrt_rib *, struct mrt_peer *,
>   void *);
>  void  show_mrt_dump(struct mrt_rib *, struct mrt_peer *, void *);
> @@ -89,10 +61,7 @@ voidshow_mrt_state(struct mrt_bgp_sta
>  void  show_mrt_msg(struct mrt_bgp_msg *, void *);
>  const char   *msg_type(u_int8_t);
>  void  network_bulk(struct parse_result *);
> -const char   *print_auth_method(enum auth_method);
>  int   match_aspath(void *, u_int16_t, struct filter_as *);
> -void  show_head(struct parse_result *);
> -void  show_result(u_int);
>  
>  struct imsgbuf   *ibuf;
>  struct mrt_parser show_mrt = { show_mrt_dump, show_mrt_state, show_mrt_msg };
> @@ -537,46 +506,6 @@ fmt_peer(const char *descr, const struct
>   return (p);
>  }
>  
> -void
> -show_summary(struct peer *p)
> -{
> - char*s;
> - const char  *a;
> - size_t  alen;
> -
> - s = fmt_peer(p->conf.descr, >conf.remote_addr,
> - p->conf.remote_masklen);
> -
> - a = log_as(p->conf.remote_as);
> - alen = strlen(a);
> - /* max displayed length of the peers name is 28 */
> - if (alen < 28) {
> - if (strlen(s) > 28 - alen)
> - s[28 - alen] = '\0';
> - } else
> - alen = 0;