pkg_add quirks log in snapshot
Hi all, i'm getting this log after update to latest snapshot pkg_add -ui quirks-3.580 signed on 2021-02-24T18:23:18Z |No change in quirks-3.580String found where operator expected at /usr/local/libdata/perl5/site_perl/OpenBSD/Quirks.pm line 2196, near ""Upstrem moved to unversioned tarballs, use the plan9port (same upstream) package instead"" (Missing semicolon on previous line?) Can't load quirk: syntax error at /usr/local/libdata/perl5/site_perl/OpenBSD/Quirks.pm line 2196, near ""Upstrem moved to unversioned tarballs, use the plan9port (same upstream) package instead"" Compilation failed in require at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 350. pkg_info bash-5.1.4 GNU Bourne Again Shell gettext-runtime-0.21p1 GNU gettext runtime libraries and programs intel-firmware-20210216v0 microcode update binaries for Intel CPUs ipcalc-1.4p0small network calculator libevent-2.1.11 event notification library libiconv-1.16p0 character set conversion library libqrencode-4.1.1 library for encoding data in a QR Code symbol lldpd-1.0.8 LLDP (802.1ab)/CDP/EDP/SONMP/FDP daemon and SNMP subagent png-1.6.37 library for manipulating PNG images quirks-3.580exceptions to pkg_add rules reposync-20210113 script to update an OpenBSD CVS repository via rsync rsync-3.2.3 mirroring/synchronization over low bandwidth links vmm-firmware-1.11.0p3 firmware binary images for vmm(4) driver wireguard-tools-1.0.20200827v0 fast and secure VPN OpenBSD 6.9-beta (GENERIC.MP) #358: Wed Feb 24 17:11:53 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17055485952 (16265MB) avail mem = 16523235328 (15757MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed9b0 (40 entries) bios0: vendor American Megatrends Inc. version "2.1" date 11/22/2019 bios0: Supermicro Super Server acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG UEFI DBG2 HPET WDDT SSDT SSDT SSDT PRAD DMAR HEST BERT ERST EINJ acpi0: wakeup devices IP2P(S4) EHC1(S4) EHC2(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) BR1A(S4) BR1B(S4) BR2A(S4) BR2B(S4) BR2C(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.30 MHz, 06-56-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.02 MHz, 06-56-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.02 MHz, 06-56-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.02 MHz, 06-56-03 cpu3:
Re: fix nvme(4): NULL deref. and empty device attachments
ok
> On 25 Feb 2021, at 02:34, Jan Klemkow wrote:
>
> Hi,
>
> While attaching the following disks, the nvme driver runs into a NULL
> dereference in nvme_scsi_capacity16() and nvme_scsi_capacity().
>
> nvme0 at pci1 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme0: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ0413002P4P0DGN
> scsibus1 at nvme0: 129 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0:
> sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
> sd1 at scsibus1 targ 2 lun 0:
> uvm_fault(0x821d00e8, 0x0, 0, 1) -> e
> kernel: page fault trap, code=0
> Stopped at nvme_scsi_capacity16+0x39: movq0(%rax),%rcx
> ddb{0}>
>
> "ns" in both functions will be NULL, if "identify" is not allocated in
> nvme_scsi_probe(). Thus, its better to just not attach this empty
> disks/LUNs.
>
> nvme0 at pci1 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme0: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ0413002P4P0DGN
> scsibus1 at nvme0: 129 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0:
> sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
> ppb1 at pci0 dev 3 function 2 "AMD 17h PCIE" rev 0x00: msi
> pci2 at ppb1 bus 98
> nvme1 at pci2 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme1: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041500C34P0DGN
> scsibus2 at nvme1: 129 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0:
> sd1: 3815447MB, 512 bytes/sector, 7814037168 sectors
> ppb2 at pci0 dev 3 function 3 "AMD 17h PCIE" rev 0x00: msi
> pci3 at ppb2 bus 99
> nvme2 at pci3 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme2: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041402Z64P0DGN
> scsibus3 at nvme2: 129 targets, initiator 0
> sd2 at scsibus3 targ 1 lun 0:
> sd2: 3815447MB, 512 bytes/sector, 7814037168 sectors
> ppb3 at pci0 dev 3 function 4 "AMD 17h PCIE" rev 0x00: msi
> pci4 at ppb3 bus 100
> nvme3 at pci4 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme3: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041403134P0DGN
> scsibus4 at nvme3: 129 targets, initiator 0
> sd3 at scsibus4 targ 1 lun 0:
> sd3: 3815447MB, 512 bytes/sector, 7814037168 sectors
>
> The following diff signals an error for the upper probing function in
> the SCSI layer to prevents further function calls in nvme(4) which would
> just leads to the upper described error and hundreds of not configured
> devices.
>
> OK?
>
> bye,
> Jan
>
> Index: dev/ic/nvme.c
> ===
> RCS file: /cvs//src/sys/dev/ic/nvme.c,v
> retrieving revision 1.90
> diff -u -p -r1.90 nvme.c
> --- dev/ic/nvme.c 9 Feb 2021 01:50:10 - 1.90
> +++ dev/ic/nvme.c 24 Feb 2021 16:01:48 -
> @@ -463,11 +463,16 @@ nvme_scsi_probe(struct scsi_link *link)
> scsi_io_put(>sc_iopool, ccb);
>
> identify = NVME_DMA_KVA(mem);
> - if (rv == 0 && lemtoh64(>nsze) > 0) {
> - /* Commit namespace if it has a size greater than zero. */
> - identify = malloc(sizeof(*identify), M_DEVBUF, M_WAITOK);
> - memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
> - sc->sc_namespaces[link->target].ident = identify;
> + if (rv == 0) {
> + if (lemtoh64(>nsze) > 0) {
> + /* Commit namespace if it has a size greater than zero.
> */
> + identify = malloc(sizeof(*identify), M_DEVBUF,
> M_WAITOK);
> + memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
> + sc->sc_namespaces[link->target].ident = identify;
> + } else {
> + /* Don't attach a namespace if its size is zero. */
> + rv = ENXIO;
> + }
> }
>
> nvme_dmamem_free(sc, mem);
>
Re: Secure by default
Dear Stuart Henderson, On Fri, Feb 19, 2021 at 8:42 PM Stuart Henderson wrote: > > On 2021/02/19 20:27, sivasubramanian muthusamy wrote: > > Dear Flint, > > > > During installation I didn't connect the network, but after installation, > > Yes. What would I do with a Computer that isn't connected? My use case is > > all about Internet :) > > Other use cases are available. Could you elaborate? Thank you. >
Re: fix nvme(4): NULL deref. and empty device attachments
Am Wed, Feb 24, 2021 at 05:34:48PM +0100 schrieb Jan Klemkow:
> Hi,
>
> While attaching the following disks, the nvme driver runs into a NULL
> dereference in nvme_scsi_capacity16() and nvme_scsi_capacity().
>
> nvme0 at pci1 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme0: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ0413002P4P0DGN
> scsibus1 at nvme0: 129 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0:
> sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
> sd1 at scsibus1 targ 2 lun 0:
> uvm_fault(0x821d00e8, 0x0, 0, 1) -> e
> kernel: page fault trap, code=0
> Stopped at nvme_scsi_capacity16+0x39: movq0(%rax),%rcx
> ddb{0}>
>
> "ns" in both functions will be NULL, if "identify" is not allocated in
> nvme_scsi_probe(). Thus, its better to just not attach this empty
> disks/LUNs.
>
> nvme0 at pci1 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme0: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ0413002P4P0DGN
> scsibus1 at nvme0: 129 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0:
> sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
> ppb1 at pci0 dev 3 function 2 "AMD 17h PCIE" rev 0x00: msi
> pci2 at ppb1 bus 98
> nvme1 at pci2 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme1: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041500C34P0DGN
> scsibus2 at nvme1: 129 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0:
> sd1: 3815447MB, 512 bytes/sector, 7814037168 sectors
> ppb2 at pci0 dev 3 function 3 "AMD 17h PCIE" rev 0x00: msi
> pci3 at ppb2 bus 99
> nvme2 at pci3 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme2: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041402Z64P0DGN
> scsibus3 at nvme2: 129 targets, initiator 0
> sd2 at scsibus3 targ 1 lun 0:
> sd2: 3815447MB, 512 bytes/sector, 7814037168 sectors
> ppb3 at pci0 dev 3 function 4 "AMD 17h PCIE" rev 0x00: msi
> pci4 at ppb3 bus 100
> nvme3 at pci4 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev
> 0x00: msix, NVMe 1.2
> nvme3: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041403134P0DGN
> scsibus4 at nvme3: 129 targets, initiator 0
> sd3 at scsibus4 targ 1 lun 0:
> sd3: 3815447MB, 512 bytes/sector, 7814037168 sectors
>
> The following diff signals an error for the upper probing function in
> the SCSI layer to prevents further function calls in nvme(4) which would
> just leads to the upper described error and hundreds of not configured
> devices.
>
> OK?
I think this is the correct way to fix it. The issue essentially is
that we still return "ok" even though the size is zero. And we should
probably fail similarly as if it didn't exist. FreeBSD has a similar
check here, which explains it a little:
/*
* If the size of is zero, chances are this isn't a valid
* namespace (eg one that's not been configured yet). The
* standard says the entire id will be zeros, so this is a
* cheap way to test for that.
*/
if (ns->data.nsze == 0)
return (ENXIO);
I wondered if this block of code could be written a bit differently, but
I couldn't make it look any better.
ok patrick@ fwiw
> bye,
> Jan
>
> Index: dev/ic/nvme.c
> ===
> RCS file: /cvs//src/sys/dev/ic/nvme.c,v
> retrieving revision 1.90
> diff -u -p -r1.90 nvme.c
> --- dev/ic/nvme.c 9 Feb 2021 01:50:10 - 1.90
> +++ dev/ic/nvme.c 24 Feb 2021 16:01:48 -
> @@ -463,11 +463,16 @@ nvme_scsi_probe(struct scsi_link *link)
> scsi_io_put(>sc_iopool, ccb);
>
> identify = NVME_DMA_KVA(mem);
> - if (rv == 0 && lemtoh64(>nsze) > 0) {
> - /* Commit namespace if it has a size greater than zero. */
> - identify = malloc(sizeof(*identify), M_DEVBUF, M_WAITOK);
> - memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
> - sc->sc_namespaces[link->target].ident = identify;
> + if (rv == 0) {
> + if (lemtoh64(>nsze) > 0) {
> + /* Commit namespace if it has a size greater than zero.
> */
> + identify = malloc(sizeof(*identify), M_DEVBUF,
> M_WAITOK);
> + memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
> + sc->sc_namespaces[link->target].ident = identify;
> + } else {
> + /* Don't attach a namespace if its size is zero. */
> + rv = ENXIO;
> + }
> }
>
> nvme_dmamem_free(sc, mem);
>
fix nvme(4): NULL deref. and empty device attachments
Hi,
While attaching the following disks, the nvme driver runs into a NULL
dereference in nvme_scsi_capacity16() and nvme_scsi_capacity().
nvme0 at pci1 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev 0x00:
msix, NVMe 1.2
nvme0: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ0413002P4P0DGN
scsibus1 at nvme0: 129 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0:
sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
sd1 at scsibus1 targ 2 lun 0:
uvm_fault(0x821d00e8, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at nvme_scsi_capacity16+0x39: movq0(%rax),%rcx
ddb{0}>
"ns" in both functions will be NULL, if "identify" is not allocated in
nvme_scsi_probe(). Thus, its better to just not attach this empty
disks/LUNs.
nvme0 at pci1 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev 0x00:
msix, NVMe 1.2
nvme0: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ0413002P4P0DGN
scsibus1 at nvme0: 129 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0:
sd0: 3815447MB, 512 bytes/sector, 7814037168 sectors
ppb1 at pci0 dev 3 function 2 "AMD 17h PCIE" rev 0x00: msi
pci2 at ppb1 bus 98
nvme1 at pci2 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev 0x00:
msix, NVMe 1.2
nvme1: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041500C34P0DGN
scsibus2 at nvme1: 129 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0:
sd1: 3815447MB, 512 bytes/sector, 7814037168 sectors
ppb2 at pci0 dev 3 function 3 "AMD 17h PCIE" rev 0x00: msi
pci3 at ppb2 bus 99
nvme2 at pci3 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev 0x00:
msix, NVMe 1.2
nvme2: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041402Z64P0DGN
scsibus3 at nvme2: 129 targets, initiator 0
sd2 at scsibus3 targ 1 lun 0:
sd2: 3815447MB, 512 bytes/sector, 7814037168 sectors
ppb3 at pci0 dev 3 function 4 "AMD 17h PCIE" rev 0x00: msi
pci4 at ppb3 bus 100
nvme3 at pci4 dev 0 function 0 vendor "Intel", unknown product 0x0a54 rev 0x00:
msix, NVMe 1.2
nvme3: INTEL SSDPE2KX040T8, firmware VDV10170, serial PHLJ041403134P0DGN
scsibus4 at nvme3: 129 targets, initiator 0
sd3 at scsibus4 targ 1 lun 0:
sd3: 3815447MB, 512 bytes/sector, 7814037168 sectors
The following diff signals an error for the upper probing function in
the SCSI layer to prevents further function calls in nvme(4) which would
just leads to the upper described error and hundreds of not configured
devices.
OK?
bye,
Jan
Index: dev/ic/nvme.c
===
RCS file: /cvs//src/sys/dev/ic/nvme.c,v
retrieving revision 1.90
diff -u -p -r1.90 nvme.c
--- dev/ic/nvme.c 9 Feb 2021 01:50:10 - 1.90
+++ dev/ic/nvme.c 24 Feb 2021 16:01:48 -
@@ -463,11 +463,16 @@ nvme_scsi_probe(struct scsi_link *link)
scsi_io_put(>sc_iopool, ccb);
identify = NVME_DMA_KVA(mem);
- if (rv == 0 && lemtoh64(>nsze) > 0) {
- /* Commit namespace if it has a size greater than zero. */
- identify = malloc(sizeof(*identify), M_DEVBUF, M_WAITOK);
- memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
- sc->sc_namespaces[link->target].ident = identify;
+ if (rv == 0) {
+ if (lemtoh64(>nsze) > 0) {
+ /* Commit namespace if it has a size greater than zero.
*/
+ identify = malloc(sizeof(*identify), M_DEVBUF,
M_WAITOK);
+ memcpy(identify, NVME_DMA_KVA(mem), sizeof(*identify));
+ sc->sc_namespaces[link->target].ident = identify;
+ } else {
+ /* Don't attach a namespace if its size is zero. */
+ rv = ENXIO;
+ }
}
nvme_dmamem_free(sc, mem);
Re: quiz: Fix multi-line questions (trailing newline)
Hi all,
v2 below following some feedback from Christian (naddy@, thanks!). Only
change is the malloc + strlcpy is replaced with a strdup.
Thanks,
Alex
diff --git games/quiz/quiz.c games/quiz/quiz.c
index 073c1700719..f6eac5027e8 100644
--- games/quiz/quiz.c
+++ games/quiz/quiz.c
@@ -110,7 +110,8 @@ get_file(const char *file)
{
FILE *fp;
QE *qp;
- size_t len;
+ ssize_t len;
+ size_t size;
char *lp;
if ((fp = fopen(file, "r")) == NULL)
@@ -123,9 +124,11 @@ get_file(const char *file)
*/
qp =
qsize = 0;
- while ((lp = fgetln(fp, )) != NULL) {
+ lp = NULL;
+ size = 0;
+ while ((len = getline(, , fp)) != -1) {
if (lp[len - 1] == '\n')
- --len;
+ lp[len - 1] = '\0';
if (qp->q_text && qp->q_text[0] != '\0' &&
qp->q_text[strlen(qp->q_text) - 1] == '\\')
qp->q_text = appdstr(qp->q_text, lp, len);
@@ -133,16 +136,17 @@ get_file(const char *file)
if ((qp->q_next = malloc(sizeof(QE))) == NULL)
errx(1, "malloc");
qp = qp->q_next;
- if ((qp->q_text = malloc(len + 1)) == NULL)
- errx(1, "malloc");
- /* lp may not be zero-terminated; cannot use strlcpy */
- strncpy(qp->q_text, lp, len);
- qp->q_text[len] = '\0';
+ qp->q_text = strdup(lp);
+ if (qp->q_text == NULL)
+ err(1, NULL);
qp->q_asked = qp->q_answered = FALSE;
qp->q_next = NULL;
++qsize;
}
}
+ free(lp);
+ if (ferror(fp))
+ err(1, "getline");
(void)fclose(fp);
}
@@ -334,11 +338,9 @@ appdstr(char *s, const char *tp, size_t len)
if (*(mp - 1) == '\\')
--mp;
- while ((ch = *mp++ = *tp++) && ch != '\n')
+ /* tp guaranteed null-terminated, copy in full */
+ while ((ch = *mp++ = *tp++) != '\0')
;
- if (*(mp - 2) == '\\')
- mp--;
- *mp = '\0';
free(s);
return (m);
Re: LibreSSL legacy verifier regression
On Wed, Feb 24, 2021 at 09:00:05PM +0100, Theo Buehler wrote:
> On Wed, Feb 24, 2021 at 06:47:00AM +0100, Jan Klemkow wrote:
> > Hi,
> >
> > another co-worker of mine has found an other regress in the LibreSSL
> > legacy verifier. I took his diff and made a test for our regression
> > framework.
> >
> > The legacy verifier seems not to check the certificate if no root CA was
> > given. The following test creates an expired certificate and tries to
> > verify it. In one case it found the expected error in another, it does
> > not.
>
> Thanks for the report and the test case, that's very helpful. The diff
> at the end addresses this.
>
> The verifier does not find the expected error because it now bails out
> earlier. This is a consequence of a refactoring of X509_verify_cert()
> (x509_vfy.c r1.75) that was done to integrate the new verifier.
>
> https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/x509/x509_vfy.c.diff?r1=1.74=1.75
>
> What happens is that x509_legacy_verify_build_chain() returns ok == 0 in
> your test case. The safety net at the end of x509_verify_cert_legacy()
> sets ctx->error to X509_V_ERR_UNSPECIFIED (so the unchecked call to
> X509_verify_cert() in your regress test actually indicates verification
> failure).
>
>
> The diff below restores the previous behavior and fixes a bug.
>
> Prior to the the refactoring, each 'goto end' in the code that is now in
> x509_legacy_verify_build_chain() would stop validation, while in other
> cases validation would have carried on. So indicate this via the return
> value and return ok via a pointer.
>
> The bug is that the return value check of x509_legacy_verify_build_chain()
> should have been if (ok <= 0), not if (!ok).
>
>
> Regarding your regress diff: I don't think we want to land it as it is.
>
> The verifier lives in libcrypto/x509, so the regress test belongs in
> there.
>
> We really need to come up with an extensible design that can check a
> number of such cases (and ideally includes the bulk of your openssl/x509
> regress tests). I don't want to add a directory for every bug in the
> verifier or legacy verifier. As jsing already mentioned, I expect that
> we want to commit the test certs so we don't need perl modules from
> ports to run the regress. Then we want to add generating scripts and a
> README that gives instructions on how to regenerate the certs if needed.
>
> I would like to have one C program that runs all tests in a loop (or
> perhaps one C program per family of regressions). It would be nice if
> this C program could also be compiled against OpenSSL 1.1.1 so we can
> easily check for differences of behavior (see x509/bettertls/Makefile
> for an example that does this). For your test program this just means:
> don't access csc->blah, but use X509_STORE_CTX_get_blah(csc) instead.
>
> Why does the test set TRUSTED_FIRST?
>
> The code also needs a bit of cleaning. There are a number of unchecked
> return values, for example strdup and sk_*_push, and csc is leaked
> after X509_verify_cert().
>
> It would also be nice to run this test against the new verifier.
Missed an obvious simplification.
Index: x509/x509_vfy.c
===
RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v
retrieving revision 1.85
diff -u -p -r1.85 x509_vfy.c
--- x509/x509_vfy.c 11 Feb 2021 04:56:43 - 1.85
+++ x509/x509_vfy.c 24 Feb 2021 20:19:34 -
@@ -240,12 +240,13 @@ x509_vfy_check_id(X509_STORE_CTX *ctx) {
* Oooh..
*/
static int
-X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad)
+X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
{
X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
int bad_chain = 0;
X509_VERIFY_PARAM *param = ctx->param;
- int depth, i, ok = 0;
+ int ok = 0, ret = 0;
+ int depth, i;
int num, j, retry, trust;
int (*cb) (int xok, X509_STORE_CTX *xctx);
STACK_OF(X509) *sktmp = NULL;
@@ -517,11 +518,15 @@ X509_verify_cert_legacy_build_chain(X509
if (!ok)
goto end;
}
+
+ ret = 1;
end:
sk_X509_free(sktmp);
X509_free(chain_ss);
*bad = bad_chain;
- return ok;
+ *out_ok = ok;
+
+ return ret;
}
static int
@@ -531,8 +536,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *
ctx->error = X509_V_OK; /* Initialize to OK */
- ok = X509_verify_cert_legacy_build_chain(ctx, _chain);
- if (!ok)
+ if (!X509_verify_cert_legacy_build_chain(ctx, _chain, ))
goto end;
/* We have the chain complete: now we need to check its purpose */
Re: LibreSSL legacy verifier regression
On Wed, Feb 24, 2021 at 06:47:00AM +0100, Jan Klemkow wrote:
> Hi,
>
> another co-worker of mine has found an other regress in the LibreSSL
> legacy verifier. I took his diff and made a test for our regression
> framework.
>
> The legacy verifier seems not to check the certificate if no root CA was
> given. The following test creates an expired certificate and tries to
> verify it. In one case it found the expected error in another, it does
> not.
Thanks for the report and the test case, that's very helpful. The diff
at the end addresses this.
The verifier does not find the expected error because it now bails out
earlier. This is a consequence of a refactoring of X509_verify_cert()
(x509_vfy.c r1.75) that was done to integrate the new verifier.
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/x509/x509_vfy.c.diff?r1=1.74=1.75
What happens is that x509_legacy_verify_build_chain() returns ok == 0 in
your test case. The safety net at the end of x509_verify_cert_legacy()
sets ctx->error to X509_V_ERR_UNSPECIFIED (so the unchecked call to
X509_verify_cert() in your regress test actually indicates verification
failure).
The diff below restores the previous behavior and fixes a bug.
Prior to the the refactoring, each 'goto end' in the code that is now in
x509_legacy_verify_build_chain() would stop validation, while in other
cases validation would have carried on. So indicate this via the return
value and return ok via a pointer.
The bug is that the return value check of x509_legacy_verify_build_chain()
should have been if (ok <= 0), not if (!ok).
Regarding your regress diff: I don't think we want to land it as it is.
The verifier lives in libcrypto/x509, so the regress test belongs in
there.
We really need to come up with an extensible design that can check a
number of such cases (and ideally includes the bulk of your openssl/x509
regress tests). I don't want to add a directory for every bug in the
verifier or legacy verifier. As jsing already mentioned, I expect that
we want to commit the test certs so we don't need perl modules from
ports to run the regress. Then we want to add generating scripts and a
README that gives instructions on how to regenerate the certs if needed.
I would like to have one C program that runs all tests in a loop (or
perhaps one C program per family of regressions). It would be nice if
this C program could also be compiled against OpenSSL 1.1.1 so we can
easily check for differences of behavior (see x509/bettertls/Makefile
for an example that does this). For your test program this just means:
don't access csc->blah, but use X509_STORE_CTX_get_blah(csc) instead.
Why does the test set TRUSTED_FIRST?
The code also needs a bit of cleaning. There are a number of unchecked
return values, for example strdup and sk_*_push, and csc is leaked
after X509_verify_cert().
It would also be nice to run this test against the new verifier.
Index: x509/x509_vfy.c
===
RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v
retrieving revision 1.85
diff -u -p -r1.85 x509_vfy.c
--- x509/x509_vfy.c 11 Feb 2021 04:56:43 - 1.85
+++ x509/x509_vfy.c 24 Feb 2021 19:09:03 -
@@ -240,7 +240,7 @@ x509_vfy_check_id(X509_STORE_CTX *ctx) {
* Oooh..
*/
static int
-X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad)
+X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
{
X509 *x, *xtmp, *xtmp2, *chain_ss = NULL;
int bad_chain = 0;
@@ -517,11 +517,21 @@ X509_verify_cert_legacy_build_chain(X509
if (!ok)
goto end;
}
+
+ sk_X509_free(sktmp);
+ X509_free(chain_ss);
+ *bad = bad_chain;
+ *out_ok = ok;
+
+ return 1;
+
end:
sk_X509_free(sktmp);
X509_free(chain_ss);
*bad = bad_chain;
- return ok;
+ *out_ok = ok;
+
+ return 0;
}
static int
@@ -531,8 +541,7 @@ X509_verify_cert_legacy(X509_STORE_CTX *
ctx->error = X509_V_OK; /* Initialize to OK */
- ok = X509_verify_cert_legacy_build_chain(ctx, _chain);
- if (!ok)
+ if (!X509_verify_cert_legacy_build_chain(ctx, _chain, ))
goto end;
/* We have the chain complete: now we need to check its purpose */
Re: have m_copydata use a void * instead of caddr_t
I agree.
Alexander Bluhm wrote:
> On Wed, Feb 24, 2021 at 04:27:03PM +1000, David Gwynne wrote:
> > it's a start though. cocci and i came up with this to push in after.
>
> Less casting is better. OK bluhm@
>
> > Index: arch/armv7/sunxi/sxie.c
> > ===
> > RCS file: /cvs/src/sys/arch/armv7/sunxi/sxie.c,v
> > retrieving revision 1.29
> > diff -u -p -r1.29 sxie.c
> > --- arch/armv7/sunxi/sxie.c 10 Jul 2020 13:26:36 - 1.29
> > +++ arch/armv7/sunxi/sxie.c 24 Feb 2021 06:19:13 -
> > @@ -524,7 +524,7 @@ sxie_start(struct ifnet *ifp)
> > SXIWRITE4(sc, SXIE_TXPKTLEN0 + (fifo * 4), m->m_pkthdr.len);
> >
> > /* copy the actual packet to fifo XXX through 'align buffer' */
> > - m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)td);
> > + m_copydata(m, 0, m->m_pkthdr.len, td);
> > bus_space_write_multi_4(sc->sc_iot, sc->sc_ioh,
> > SXIE_TXIO0,
> > (uint32_t *)td, SXIE_ROUNDUP(m->m_pkthdr.len, 4) >> 2);
> > Index: arch/octeon/dev/octcrypto.c
> > ===
> > RCS file: /cvs/src/sys/arch/octeon/dev/octcrypto.c,v
> > retrieving revision 1.3
> > diff -u -p -r1.3 octcrypto.c
> > --- arch/octeon/dev/octcrypto.c 10 Mar 2019 14:20:44 - 1.3
> > +++ arch/octeon/dev/octcrypto.c 24 Feb 2021 06:19:13 -
> > @@ -739,7 +739,7 @@ octcrypto_authenc_gmac(struct cryptop *c
> > } else {
> > if (crp->crp_flags & CRYPTO_F_IMBUF)
> > m_copydata((struct mbuf *)crp->crp_buf,
> > - crde->crd_inject, ivlen, (uint8_t *)iv);
> > + crde->crd_inject, ivlen, iv);
> > else
> > cuio_copydata((struct uio *)crp->crp_buf,
> > crde->crd_inject, ivlen, (uint8_t *)iv);
> > @@ -1035,10 +1035,8 @@ octcrypto_authenc_hmac(struct cryptop *c
> > memcpy(iv, crde->crd_iv, ivlen);
> > } else {
> > if (crp->crp_flags & CRYPTO_F_IMBUF)
> > - m_copydata(
> > - (struct mbuf *)crp->crp_buf,
> > - crde->crd_inject, ivlen,
> > - (uint8_t *)iv);
> > + m_copydata((struct mbuf *)crp->crp_buf,
> > + crde->crd_inject, ivlen, iv);
> > else
> > cuio_copydata(
> > (struct uio *)crp->crp_buf,
> > Index: dev/ic/acx.c
> > ===
> > RCS file: /cvs/src/sys/dev/ic/acx.c,v
> > retrieving revision 1.124
> > diff -u -p -r1.124 acx.c
> > --- dev/ic/acx.c10 Jul 2020 13:26:37 - 1.124
> > +++ dev/ic/acx.c24 Feb 2021 06:19:13 -
> > @@ -2373,7 +2373,7 @@ acx_set_probe_resp_tmplt(struct acx_soft
> > IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
> > *(u_int16_t *)wh->i_seq = 0;
> >
> > - m_copydata(m, 0, m->m_pkthdr.len, (caddr_t));
> > + m_copydata(m, 0, m->m_pkthdr.len, );
> > len = m->m_pkthdr.len + sizeof(resp.size);
> > m_freem(m);
> >
> > @@ -2427,7 +2427,7 @@ acx_set_beacon_tmplt(struct acx_softc *s
> > return (1);
> > }
> >
> > - m_copydata(m, 0, off, (caddr_t));
> > + m_copydata(m, 0, off, );
> > len = off + sizeof(beacon.size);
> >
> > if (acx_set_tmplt(sc, ACXCMD_TMPLT_BEACON, , len) != 0) {
> > @@ -2442,7 +2442,7 @@ acx_set_beacon_tmplt(struct acx_softc *s
> > return (0);
> > }
> >
> > - m_copydata(m, off, len, (caddr_t));
> > + m_copydata(m, off, len, );
> > len += sizeof(beacon.size);
> > m_freem(m);
> >
> > Index: dev/ic/an.c
> > ===
> > RCS file: /cvs/src/sys/dev/ic/an.c,v
> > retrieving revision 1.77
> > diff -u -p -r1.77 an.c
> > --- dev/ic/an.c 8 Dec 2020 04:37:27 - 1.77
> > +++ dev/ic/an.c 24 Feb 2021 06:19:13 -
> > @@ -781,7 +781,7 @@ an_mwrite_bap(struct an_softc *sc, int i
> > len = min(m->m_len, totlen);
> >
> > if ((mtod(m, u_long) & 0x1) || (len & 0x1)) {
> > - m_copydata(m, 0, totlen, (caddr_t)>sc_buf.sc_txbuf);
> > + m_copydata(m, 0, totlen, >sc_buf.sc_txbuf);
> > cnt = (totlen + 1) / 2;
> > an_swap16((u_int16_t *)>sc_buf.sc_txbuf, cnt);
> > CSR_WRITE_MULTI_STREAM_2(sc, AN_DATA0,
> > @@ -1126,7 +1126,7 @@ an_start(struct ifnet *ifp)
> > if (ic->ic_flags & IEEE80211_F_WEPON)
> > wh->i_fc[1] |= IEEE80211_FC1_WEP;
> >
Re: have m_copydata use a void * instead of caddr_t
On Wed, Feb 24, 2021 at 04:27:03PM +1000, David Gwynne wrote:
> it's a start though. cocci and i came up with this to push in after.
Less casting is better. OK bluhm@
> Index: arch/armv7/sunxi/sxie.c
> ===
> RCS file: /cvs/src/sys/arch/armv7/sunxi/sxie.c,v
> retrieving revision 1.29
> diff -u -p -r1.29 sxie.c
> --- arch/armv7/sunxi/sxie.c 10 Jul 2020 13:26:36 - 1.29
> +++ arch/armv7/sunxi/sxie.c 24 Feb 2021 06:19:13 -
> @@ -524,7 +524,7 @@ sxie_start(struct ifnet *ifp)
> SXIWRITE4(sc, SXIE_TXPKTLEN0 + (fifo * 4), m->m_pkthdr.len);
>
> /* copy the actual packet to fifo XXX through 'align buffer' */
> - m_copydata(m, 0, m->m_pkthdr.len, (caddr_t)td);
> + m_copydata(m, 0, m->m_pkthdr.len, td);
> bus_space_write_multi_4(sc->sc_iot, sc->sc_ioh,
> SXIE_TXIO0,
> (uint32_t *)td, SXIE_ROUNDUP(m->m_pkthdr.len, 4) >> 2);
> Index: arch/octeon/dev/octcrypto.c
> ===
> RCS file: /cvs/src/sys/arch/octeon/dev/octcrypto.c,v
> retrieving revision 1.3
> diff -u -p -r1.3 octcrypto.c
> --- arch/octeon/dev/octcrypto.c 10 Mar 2019 14:20:44 - 1.3
> +++ arch/octeon/dev/octcrypto.c 24 Feb 2021 06:19:13 -
> @@ -739,7 +739,7 @@ octcrypto_authenc_gmac(struct cryptop *c
> } else {
> if (crp->crp_flags & CRYPTO_F_IMBUF)
> m_copydata((struct mbuf *)crp->crp_buf,
> - crde->crd_inject, ivlen, (uint8_t *)iv);
> + crde->crd_inject, ivlen, iv);
> else
> cuio_copydata((struct uio *)crp->crp_buf,
> crde->crd_inject, ivlen, (uint8_t *)iv);
> @@ -1035,10 +1035,8 @@ octcrypto_authenc_hmac(struct cryptop *c
> memcpy(iv, crde->crd_iv, ivlen);
> } else {
> if (crp->crp_flags & CRYPTO_F_IMBUF)
> - m_copydata(
> - (struct mbuf *)crp->crp_buf,
> - crde->crd_inject, ivlen,
> - (uint8_t *)iv);
> + m_copydata((struct mbuf *)crp->crp_buf,
> + crde->crd_inject, ivlen, iv);
> else
> cuio_copydata(
> (struct uio *)crp->crp_buf,
> Index: dev/ic/acx.c
> ===
> RCS file: /cvs/src/sys/dev/ic/acx.c,v
> retrieving revision 1.124
> diff -u -p -r1.124 acx.c
> --- dev/ic/acx.c 10 Jul 2020 13:26:37 - 1.124
> +++ dev/ic/acx.c 24 Feb 2021 06:19:13 -
> @@ -2373,7 +2373,7 @@ acx_set_probe_resp_tmplt(struct acx_soft
> IEEE80211_ADDR_COPY(wh->i_addr3, ni->ni_bssid);
> *(u_int16_t *)wh->i_seq = 0;
>
> - m_copydata(m, 0, m->m_pkthdr.len, (caddr_t));
> + m_copydata(m, 0, m->m_pkthdr.len, );
> len = m->m_pkthdr.len + sizeof(resp.size);
> m_freem(m);
>
> @@ -2427,7 +2427,7 @@ acx_set_beacon_tmplt(struct acx_softc *s
> return (1);
> }
>
> - m_copydata(m, 0, off, (caddr_t));
> + m_copydata(m, 0, off, );
> len = off + sizeof(beacon.size);
>
> if (acx_set_tmplt(sc, ACXCMD_TMPLT_BEACON, , len) != 0) {
> @@ -2442,7 +2442,7 @@ acx_set_beacon_tmplt(struct acx_softc *s
> return (0);
> }
>
> - m_copydata(m, off, len, (caddr_t));
> + m_copydata(m, off, len, );
> len += sizeof(beacon.size);
> m_freem(m);
>
> Index: dev/ic/an.c
> ===
> RCS file: /cvs/src/sys/dev/ic/an.c,v
> retrieving revision 1.77
> diff -u -p -r1.77 an.c
> --- dev/ic/an.c 8 Dec 2020 04:37:27 - 1.77
> +++ dev/ic/an.c 24 Feb 2021 06:19:13 -
> @@ -781,7 +781,7 @@ an_mwrite_bap(struct an_softc *sc, int i
> len = min(m->m_len, totlen);
>
> if ((mtod(m, u_long) & 0x1) || (len & 0x1)) {
> - m_copydata(m, 0, totlen, (caddr_t)>sc_buf.sc_txbuf);
> + m_copydata(m, 0, totlen, >sc_buf.sc_txbuf);
> cnt = (totlen + 1) / 2;
> an_swap16((u_int16_t *)>sc_buf.sc_txbuf, cnt);
> CSR_WRITE_MULTI_STREAM_2(sc, AN_DATA0,
> @@ -1126,7 +1126,7 @@ an_start(struct ifnet *ifp)
> if (ic->ic_flags & IEEE80211_F_WEPON)
> wh->i_fc[1] |= IEEE80211_FC1_WEP;
> m_copydata(m, 0, sizeof(struct ieee80211_frame),
> - (caddr_t)_whdr);
> + _whdr);
>
Re: Sky Lake-E PCI ids.
Few more ids added to also support W-22xx systems with no "unknown" intel. diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index ba975d05548..190634d6c35 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -4188,6 +4188,58 @@ product INTEL ATOMC2000_PCU_SMB 0x1f3c Atom C2000 PCU SMBus product INTEL I354_BP_1GBPS 0x1f40 I354 product INTEL I354_SGMII 0x1f41 I354 SGMII product INTEL I354_BP_2_5GBPS 0x1f45 I354 +product INTEL SKYLAKE_E_UBOX_1 0x2014 Sky Lake-E Ubox Registers +product INTEL SKYLAKE_E_UBOX_2 0x2015 Sky Lake-E Ubox Registers +product INTEL SKYLAKE_E_UBOX_3 0x2016 Sky Lake-E Ubox Registers +product INTEL SKYLAKE_E_M2PCI 0x2018 Sky Lake-E M2PCI Registers +product INTEL SKYLAKE_E_DMI3 0x2020 Sky Lake-E DMI3 Registers +product INTEL SKYLAKE_E_CBDMA 0x2021 Sky Lake-E CBDMA Registers +product INTEL SKYLAKE_E_MMVTD 0x2024 Sky Lake-E MM/VT-d Configuration Registers +product INTEL SKYLAKE_E_RAS 0x2025 Sky Lake-E RAS +product INTEL SKYLAKE_E_IOAPIC 0x2026 Sky Lake-E IOAPIC +product INTEL SKYLAKE_E_PCIE_RPA 0x2030 Sky Lake-E PCI Express Root Port A +product INTEL SKYLAKE_E_PCIE_RPB 0x2031 Sky Lake-E PCI Express Root Port B +product INTEL SKYLAKE_E_PCIE_RPC 0x2032 Sky Lake-E PCI Express Root Port C +product INTEL SKYLAKE_E_PCIE_RPD 0x2033 Sky Lake-E PCI Express Root Port D +product INTEL SKYLAKE_E_VTD 0x2034 Sky Lake-E VT-d +product INTEL SKYLAKE_E_RAS_CR 0x2035 Sky Lake-E RAS Configuration Registers +product INTEL SKYLAKE_E_IOAPIC_CR 0x2036 Sky Lake-E IO xAPIC Configuration Registers +product INTEL SKYLAKE_E_IMC_1 0x2040 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_2 0x2041 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_3 0x2042 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_4 0x2043 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_5 0x2044 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_LM_CH_1 0x2045 Sky Lake-E LM Channel 1 +product INTEL SKYLAKE_E_LMS_CH_1 0x2046 Sky Lake-E LMS Channel 1 +product INTEL SKYLAKE_E_LMDP_CH_1 0x2047 Sky Lake-E LMDP Channel 1 +product INTEL SKYLAKE_E_DECS_CH_2 0x2048 Sky Lake-E DECS Channel 2 +product INTEL SKYLAKE_E_LM_CH_2 0x2049 Sky Lake-E LM Channel 2 +product INTEL SKYLAKE_E_LMS_CH_2 0x204a Sky Lake-E LMS Channel 2 +product INTEL SKYLAKE_E_LMDP_CH_2 0x204b Sky Lake-E LMDP Channel 2 +product INTEL SKYLAKE_E_M3KTI_1 0x204c Sky Lake-E M3KTI Registers +product INTEL SKYLAKE_E_M3KTI_2 0x204d Sky Lake-E M3KTI Registers +product INTEL SKYLAKE_E_M3KTI_3 0x204e Sky Lake-E M3KTI Registers +product INTEL SKYLAKE_E_CHA_1 0x2054 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_2 0x2055 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_3 0x2056 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_4 0x2057 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_IMC_6 0x2066 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_DDRIO_1 0x2068 Sky Lake-E DDRIO Registers +product INTEL SKYLAKE_E_DDRIO_2 0x2069 Sky Lake-E DDRIO Registers +product INTEL SKYLAKE_E_DDRIO_3 0x206e Sky Lake-E DDRIO Registers +product INTEL SKYLAKE_E_DDRIO_4 0x206f Sky Lake-E DDRIO Registers +product INTEL SKYLAKE_E_PCU_1 0x2078 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_2 0x207a Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_3 0x2080 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_4 0x2081 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_5 0x2082 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_6 0x2083 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_7 0x2084 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_8 0x2085 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_9 0x2086 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_DDRIO_5 0x2088 Sky Lake-E DDRIO Registers +product INTEL SKYLAKE_E_CHA_5 0x208d Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_6 0x208e Sky Lake-E CHA Registers product INTEL BSW_HB 0x2280 Braswell Host product INTEL BSW_HDA 0x2284 Braswell HD Audio product INTEL BSW_SIO_DMA_2 0x2286 Braswell SIO DMA @@ -6001,6 +6053,7 @@ product INTEL Q250_LPC 0xa2c7 Q250 LPC product INTEL B250_LPC 0xa2c8 B250 LPC product INTEL Z370_LPC 0xa2c9 Z370 LPC product INTEL X299_LPC 0xa2d2 X299 LPC +product INTEL C422_LPC 0xa2d3 C422 LPC product INTEL 200SERIES_I2C_1 0xa2e0 200 Series I2C product INTEL 200SERIES_I2C_2 0xa2e1 200 Series I2C product INTEL 200SERIES_I2C_3 0xa2e2 200 Series I2C On 2/24/21 5:01 PM, Karel Gardas wrote: Hello, attach patch adds some
Sky Lake-E PCI ids.
Hello, attach patch adds some SkyLake-E related PCI ids. Tested on Kontron/Fujitsu D3598-B with Intel Xeon W-2123. Thanks for review, comment(s) and/or commit. Karel diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index ba975d05548..10d98d3ce2b 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -4188,6 +4188,53 @@ product INTEL ATOMC2000_PCU_SMB 0x1f3c Atom C2000 PCU SMBus product INTEL I354_BP_1GBPS 0x1f40 I354 product INTEL I354_SGMII 0x1f41 I354 SGMII product INTEL I354_BP_2_5GBPS 0x1f45 I354 +product INTEL SKYLAKE_E_UBOX_1 0x2014 Sky Lake-E Ubox Registers +product INTEL SKYLAKE_E_UBOX_2 0x2015 Sky Lake-E Ubox Registers +product INTEL SKYLAKE_E_UBOX_3 0x2016 Sky Lake-E Ubox Registers +product INTEL SKYLAKE_E_M2PCI 0x2018 Sky Lake-E M2PCI Registers +product INTEL SKYLAKE_E_DMI3 0x2020 Sky Lake-E DMI3 Registers +product INTEL SKYLAKE_E_CBDMA 0x2021 Sky Lake-E CBDMA Registers +product INTEL SKYLAKE_E_MMVTD 0x2024 Sky Lake-E MM/VT-d Configuration Registers +product INTEL SKYLAKE_E_RAS 0x2025 Sky Lake-E RAS +product INTEL SKYLAKE_E_IOAPIC 0x2026 Sky Lake-E IOAPIC +product INTEL SKYLAKE_E_PCIE_RPA 0x2030 Sky Lake-E PCI Express Root Port A +product INTEL SKYLAKE_E_PCIE_RPB 0x2031 Sky Lake-E PCI Express Root Port B +product INTEL SKYLAKE_E_PCIE_RPC 0x2032 Sky Lake-E PCI Express Root Port C +product INTEL SKYLAKE_E_PCIE_RPD 0x2033 Sky Lake-E PCI Express Root Port D +product INTEL SKYLAKE_E_VTD 0x2034 Sky Lake-E VT-d +product INTEL SKYLAKE_E_RAS_CR 0x2035 Sky Lake-E RAS Configuration Registers +product INTEL SKYLAKE_E_IOAPIC_CR 0x2036 Sky Lake-E IO xAPIC Configuration Registers +product INTEL SKYLAKE_E_IMC_1 0x2040 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_2 0x2041 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_3 0x2042 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_4 0x2043 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_IMC_5 0x2044 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_LM_CH_1 0x2045 Sky Lake-E LM Channel 1 +product INTEL SKYLAKE_E_LMS_CH_1 0x2046 Sky Lake-E LMS Channel 1 +product INTEL SKYLAKE_E_LMDP_CH_1 0x2047 Sky Lake-E LMDP Channel 1 +product INTEL SKYLAKE_E_DECS_CH_2 0x2048 Sky Lake-E DECS Channel 2 +product INTEL SKYLAKE_E_LM_CH_2 0x2049 Sky Lake-E LM Channel 2 +product INTEL SKYLAKE_E_LMS_CH_2 0x204a Sky Lake-E LMS Channel 2 +product INTEL SKYLAKE_E_LMDP_CH_2 0x204b Sky Lake-E LMDP Channel 2 +product INTEL SKYLAKE_E_M3KTI_1 0x204c Sky Lake-E M3KTI Registers +product INTEL SKYLAKE_E_M3KTI_2 0x204d Sky Lake-E M3KTI Registers +product INTEL SKYLAKE_E_M3KTI_3 0x204e Sky Lake-E M3KTI Registers +product INTEL SKYLAKE_E_IMC_6 0x2066 Sky Lake-E Integrated Memory Controller +product INTEL SKYLAKE_E_CHA_1 0x2054 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_2 0x2055 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_3 0x2056 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_4 0x2057 Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_PCU_1 0x2078 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_2 0x207a Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_3 0x2080 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_4 0x2081 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_5 0x2082 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_6 0x2083 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_7 0x2084 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_8 0x2085 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_PCU_9 0x2086 Sky Lake-E PCU Registers +product INTEL SKYLAKE_E_CHA_5 0x208d Sky Lake-E CHA Registers +product INTEL SKYLAKE_E_CHA_6 0x208e Sky Lake-E CHA Registers product INTEL BSW_HB 0x2280 Braswell Host product INTEL BSW_HDA 0x2284 Braswell HD Audio product INTEL BSW_SIO_DMA_2 0x2286 Braswell SIO DMA @@ -6001,6 +6048,7 @@ product INTEL Q250_LPC 0xa2c7 Q250 LPC product INTEL B250_LPC 0xa2c8 B250 LPC product INTEL Z370_LPC 0xa2c9 Z370 LPC product INTEL X299_LPC 0xa2d2 X299 LPC +product INTEL C422_LPC 0xa2d3 C422 LPC product INTEL 200SERIES_I2C_1 0xa2e0 200 Series I2C product INTEL 200SERIES_I2C_2 0xa2e1 200 Series I2C product INTEL 200SERIES_I2C_3 0xa2e2 200 Series I2C
patch: split off some port-modules(5) documentation
This is mostly mechanical, split off the largest modules documentation off the
main
page.
Note that some of this could use some reformatting and reparagraphing and even
proper
English, but this is a bit daunting until the split-off is done.
okay ?
Index: Makefile
===
RCS file: /cvs/src/share/man/man5/Makefile,v
retrieving revision 1.58
diff -u -p -r1.58 Makefile
--- Makefile29 Nov 2020 20:14:06 - 1.58
+++ Makefile24 Feb 2021 15:07:04 -
@@ -7,8 +7,11 @@ MAN= acct.5 ar.5 bsd.port.mk.5 bsd.port.
fs.5 fstab.5 genassym.cf.5 group.5 hostname.if.5 hosts.5 installurl.5 \
intro.5 login.conf.5 mandoc.db.5 mixerctl.conf.5 \
mk.conf.5 moduli.5 motd.5 mygate.5 myname.5 netgroup.5 passwd.5 \
- pf.conf.5 pf.os.5 port-modules.5 printcap.5 protocols.5 \
- ranlib.5 remote.5 resolv.conf.5 rpc.5 ruby-module.5 \
+ pf.conf.5 pf.os.5 port-modules.5 \
+ cargo-module.5 gnome-module.5 go-module.5 python-module.5
qmake-module.5 \
+ ruby-module.5 \
+ printcap.5 protocols.5 \
+ ranlib.5 remote.5 resolv.conf.5 rpc.5 \
services.5 shells.5 \
spamd.conf.5 sysctl.conf.5 utmp.5 wsconsctl.conf.5
Index: cargo-module.5
===
RCS file: cargo-module.5
diff -N cargo-module.5
--- /dev/null 1 Jan 1970 00:00:00 -
+++ cargo-module.5 24 Feb 2021 15:07:04 -
@@ -0,0 +1,122 @@
+.\"$OpenBSD$
+.\"
+.\" Copyright (c) 2008 Marc Espie
+.\"
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"notice, this list of conditions and the following disclaimer in the
+.\"documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE DEVELOPERS ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE DEVELOPERS BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd $Mdocdate$
+.Dt CARGO-MODULE 5
+.Os
+.Sh NAME
+.Nm cargo-module
+.Nd devel/cargo port module
+.Sh DESCRIPTION
+This manual page documents the behavior of setting
+.Li MODULE=Devel/cargo
+in the
+.Xr ports 7
+tree.
+.Pp
+Automates download and compilation of dependencies of a Rust project using
+.Xr cargo 1 .
+During
+.Cm fetch ,
+static dependencies ("crates") listed in
+.Ev MODCARGO_CRATES
+are downloaded using
+.Ev MODCARGO_DIST_SUBDIR
+as
+.Ev DIST_SUBDIR .
+During
+.Cm post-extract ,
+crates defined in
+.Ev MODCARGO_CRATES
+are moved to the
+.Ev MODCARGO_VENDOR_DIR
+directory.
+During
+.Cm post-patch ,
+crate-metadata are generated using
+.Pa devel/cargo-generate-vendor .
+With
+.Ev CONFIGURE_STYLE
+set to
+.Sq cargo ,
+cargo is configured to use
+.Ev MODCARGO_VENDOR_DIR
+instead of the standard crates-io network source.
+Finally, any crates listed in
+.Ev MODCARGO_CRATES_UPDATE
+are updated.
+.Ev MODCARGO_RUSTFLAGS
+can be used to pass custom flags to all
+.Xr rustc 1
+invocations.
+.Pp
+.Pa lang/rust ,
+.Pa devel/cargo
+and
+.Pa devel/cargo-generate-vendor
+are added to
+.Ev BUILD_DEPENDS .
+By default
+.Ev MASTER_SITES9
+is used to download the crates.
+.Pp
+This module defines:
+.Bl -tag -width MODCARGO_CRATES_UPDATE
+.It MODCARGO_CARGOTOML
+Path to cargo manifest.
+Defaults to
+.Pa ${WRKSRC}/Cargo.toml .
+.It MODCARGO_CRATES
+Crates that will be downloaded by the module.
+.It MODCARGO_CRATES_UPDATE
+List of crates to update, overriding the version listed in Cargo.lock.
+.It MODCARGO_FEATURES
+List of features to be used when building.
+.It MODCARGO_VENDOR_DIR
+Name of the local directory for vendoring crates.
+Defaults to
+.Pa ${WRKSRC}/modcargo-crates .
+.El
+.Pp
+This module adds three
+.Xr make 1
+targets:
+.Bl -tag -width modcargo-gen-crates-licenses
+.It Cm modcargo-metadata
+Rerun the generation of crates' metadata.
+.It Cm modcargo-gen-crates
+Generate the
+.Ev MODCARGO_CRATES
+list from Cargo.lock (a preliminary crates list is not required).
+.It Cm modcargo-gen-crates-licenses
+Generate the
+.Ev MODCARGO_CRATES
+list with license
uvm: modify `uvmexp.swpgonly' atomically
As soon as the upper part of the page fault handler is executed w/o
KERNEL_LOCK(), uvm_anfree_list() will also be executed without it.
To not corrupt the value of `uvmexp.swpgonly' counter, use atomic
operations to modify it.
ok?
Index: uvm/uvm_anon.c
===
RCS file: /cvs/src/sys/uvm/uvm_anon.c,v
retrieving revision 1.51
diff -u -p -r1.51 uvm_anon.c
--- uvm/uvm_anon.c 19 Jan 2021 13:21:36 - 1.51
+++ uvm/uvm_anon.c 24 Feb 2021 09:48:41 -
@@ -120,9 +120,9 @@ uvm_anfree_list(struct vm_anon *anon, st
}
} else {
if (anon->an_swslot != 0) {
- /* this page is no longer only in swap. */
+ /* This page is no longer only in swap. */
KASSERT(uvmexp.swpgonly > 0);
- uvmexp.swpgonly--;
+ atomic_dec_int();
}
}
anon->an_lock = NULL;
Index: uvm/uvm_aobj.c
===
RCS file: /cvs/src/sys/uvm/uvm_aobj.c,v
retrieving revision 1.90
diff -u -p -r1.90 uvm_aobj.c
--- uvm/uvm_aobj.c 11 Jan 2021 18:51:09 - 1.90
+++ uvm/uvm_aobj.c 24 Feb 2021 09:50:39 -
@@ -381,7 +381,7 @@ uao_free(struct uvm_aobj *aobj)
* this page is no longer
* only in swap.
*/
- uvmexp.swpgonly--;
+ atomic_dec_int();
}
next = LIST_NEXT(elt, list);
@@ -400,7 +400,7 @@ uao_free(struct uvm_aobj *aobj)
if (slot) {
uvm_swap_free(slot, 1);
/* this page is no longer only in swap. */
- uvmexp.swpgonly--;
+ atomic_dec_int();
}
}
free(aobj->u_swslots, M_UVMAOBJ, aobj->u_pages * sizeof(int));
@@ -1549,6 +1549,6 @@ uao_dropswap_range(struct uvm_object *uo
*/
if (swpgonlydelta > 0) {
KASSERT(uvmexp.swpgonly >= swpgonlydelta);
- uvmexp.swpgonly -= swpgonlydelta;
+ atomic_add_int(, -swpgonlydelta);
}
}
Index: uvm/uvm_km.c
===
RCS file: /cvs/src/sys/uvm/uvm_km.c,v
retrieving revision 1.139
diff -u -p -r1.139 uvm_km.c
--- uvm/uvm_km.c15 Dec 2020 22:14:42 - 1.139
+++ uvm/uvm_km.c24 Feb 2021 09:52:19 -
@@ -242,6 +242,7 @@ uvm_km_pgremove(struct uvm_object *uobj,
struct vm_page *pp;
voff_t curoff;
int slot;
+ int swpgonlydelta = 0;
KASSERT(uobj->pgops == _pager);
@@ -262,8 +263,13 @@ uvm_km_pgremove(struct uvm_object *uobj,
uvm_pagefree(pp);
uvm_unlock_pageq();
} else if (slot != 0) {
- uvmexp.swpgonly--;
+ swpgonlydelta++;
}
+ }
+
+ if (swpgonlydelta > 0) {
+ KASSERT(uvmexp.swpgonly >= swpgonlydelta);
+ atomic_add_int(, -swpgonlydelta);
}
}
Index: uvm/uvm_pdaemon.c
===
RCS file: /cvs/src/sys/uvm/uvm_pdaemon.c,v
retrieving revision 1.88
diff -u -p -r1.88 uvm_pdaemon.c
--- uvm/uvm_pdaemon.c 24 Nov 2020 13:49:09 - 1.88
+++ uvm/uvm_pdaemon.c 24 Feb 2021 09:53:48 -
@@ -485,7 +485,7 @@ uvmpd_scan_inactive(struct pglist *pglst
if (p->pg_flags & PG_CLEAN) {
if (p->pg_flags & PQ_SWAPBACKED) {
/* this page now lives only in swap */
- uvmexp.swpgonly++;
+ atomic_inc_int();
}
/* zap all mappings with pmap_page_protect... */
@@ -963,7 +963,7 @@ uvmpd_drop(struct pglist *pglst)
if (p->pg_flags & PG_CLEAN) {
if (p->pg_flags & PQ_SWAPBACKED) {
/* this page now lives only in swap */
- uvmexp.swpgonly++;
+ atomic_inc_int();
}
/* zap all mappings with pmap_page_protect... */
Index: uvm/uvm_swap.c
===
RCS file: /cvs/src/sys/uvm/uvm_swap.c,v
retrieving revision 1.148
diff -u -p -r1.148 uvm_swap.c
--- uvm/uvm_swap.c 14 Dec 2020 13:29:18 - 1.148
+++ uvm/uvm_swap.c 24 Feb 2021 09:55:36 -
@@
LibreSSL legacy verifier regression
Hi,
another co-worker of mine has found an other regress in the LibreSSL
legacy verifier. I took his diff and made a test for our regression
framework.
The legacy verifier seems not to check the certificate if no root CA was
given. The following test creates an expired certificate and tries to
verify it. In one case it found the expected error in another, it does
not.
OK?
bye,
Jan
Index: lib/libcrypto/Makefile
===
RCS file: /cvs/src/regress/lib/libcrypto/Makefile,v
retrieving revision 1.41
diff -u -p -r1.41 Makefile
--- lib/libcrypto/Makefile 26 Dec 2020 00:48:56 - 1.41
+++ lib/libcrypto/Makefile 24 Feb 2021 05:29:51 -
@@ -23,6 +23,7 @@ SUBDIR += ecdsa
SUBDIR += engine
SUBDIR += evp
SUBDIR += exp
+SUBDIR += expcert
SUBDIR += free
SUBDIR += gcm128
SUBDIR += gost
Index: lib/libcrypto/expcert/Makefile
===
RCS file: lib/libcrypto/expcert/Makefile
diff -N lib/libcrypto/expcert/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -
+++ lib/libcrypto/expcert/Makefile 24 Feb 2021 05:39:38 -
@@ -0,0 +1,29 @@
+# $OpenBSD$
+
+LDFLAGS += -lcrypto
+
+PROG = expcrt
+
+PKG_REQUIRE != pkg_info -e 'p5-IO-Socket-SSL-*'
+.if empty (PKG_REQUIRE)
+regress:
+ @echo "missing package p5-IO-Socket-SSL"
+ @echo SKIPPED
+.endif
+
+REGRESS_TARGETS = test-chain-with-root-CA
+REGRESS_TARGETS += test-chain-without-root-CA
+REGRESS_SETUP_ONCE = create-certs
+
+REGRESS_EXPECTED_FAILURES = test-chain-without-root-CA
+
+create-certs: create-certs.pl ${PROG}
+ perl ${.CURDIR}/create-certs.pl
+
+test-chain-with-root-CA:
+ ./expcrt -e 10 -r
+
+test-chain-without-root-CA:
+ ./expcrt -e 10
+
+.include
Index: lib/libcrypto/expcert/create-certs.pl
===
RCS file: lib/libcrypto/expcert/create-certs.pl
diff -N lib/libcrypto/expcert/create-certs.pl
--- /dev/null 1 Jan 1970 00:00:00 -
+++ lib/libcrypto/expcert/create-certs.pl 24 Feb 2021 05:27:46 -
@@ -0,0 +1,46 @@
+#!/usr/bin/perl
+
+# Copyright (c) 2021 Anton Borowka
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+use strict;
+use warnings;
+
+use IO::Socket::SSL::Utils;
+
+my %certs;
+
+@{$certs{root}}{qw/cert key/} = CERT_create(
+CA => 1,
+not_after => time() + 31536,
+subject => { commonName => 'Root CA' },
+);
+
+@{$certs{intermediate}}{qw/cert key/} = CERT_create(
+CA => 1,
+issuer => [@{$certs{root}}{qw/cert key/}],
+not_after => time() + 31536,
+subject => { commonName => 'Intermediate CA' },
+);
+
+@{$certs{expired}}{qw/cert key/} = CERT_create(
+issuer => [@{$certs{intermediate}}{qw/cert key/}],
+not_before => time() - 7200,
+not_after => time() - 3600,
+subject => { commonName => 'Expired' },
+);
+
+for (sort keys %certs) {
+PEM_cert2file($certs{$_}{cert}, "$_.crt");
+}
Index: lib/libcrypto/expcert/expcrt.c
===
RCS file: lib/libcrypto/expcert/expcrt.c
diff -N lib/libcrypto/expcert/expcrt.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ lib/libcrypto/expcert/expcrt.c 24 Feb 2021 05:27:46 -
@@ -0,0 +1,218 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2021 Jan Klemkow
+ * Copyright (c) 2021 Anton Borowka
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+#include
+#include
+#include
+
+#include
+#include
+#include
+
+int error_found = 0;
+int expected_error = 0;
+
+static int
Re: pdaemon vs anon locking
On 17/02/21(Wed) 11:56, Martin Pieuchot wrote:
> Diff below adds anon locking to the page daemon. It will become
> necessary to guarantee exclusive access to an anon as soon as the
> KERNEL_LOCK() is removed from the fault handler.
Anyone? This should have been part of the already committed anon
locking.
> Index: uvm/uvm_pdaemon.c
> ===
> RCS file: /cvs/src/sys/uvm/uvm_pdaemon.c,v
> retrieving revision 1.88
> diff -u -p -r1.88 uvm_pdaemon.c
> --- uvm/uvm_pdaemon.c 24 Nov 2020 13:49:09 - 1.88
> +++ uvm/uvm_pdaemon.c 17 Feb 2021 10:05:43 -
> @@ -460,7 +460,13 @@ uvmpd_scan_inactive(struct pglist *pglst
> if (p->pg_flags & PQ_ANON) {
> anon = p->uanon;
> KASSERT(anon != NULL);
> + if (rw_enter(anon->an_lock,
> + RW_WRITE|RW_NOSLEEP)) {
> + /* lock failed, skip this page */
> + continue;
> + }
> if (p->pg_flags & PG_BUSY) {
> + rw_exit(anon->an_lock);
> uvmexp.pdbusy++;
> /* someone else owns page, skip it */
> continue;
> @@ -504,6 +510,7 @@ uvmpd_scan_inactive(struct pglist *pglst
>
> /* remove from object */
> anon->an_page = NULL;
> + rw_exit(anon->an_lock);
> }
> continue;
> }
> @@ -513,6 +520,9 @@ uvmpd_scan_inactive(struct pglist *pglst
>* free target when all the current pageouts complete.
>*/
> if (free + uvmexp.paging > uvmexp.freetarg << 2) {
> + if (anon) {
> + rw_exit(anon->an_lock);
> + }
> continue;
> }
>
> @@ -525,6 +535,9 @@ uvmpd_scan_inactive(struct pglist *pglst
> if ((p->pg_flags & PQ_SWAPBACKED) && uvm_swapisfull()) {
> dirtyreacts++;
> uvm_pageactivate(p);
> + if (anon) {
> + rw_exit(anon->an_lock);
> + }
> continue;
> }
>
> @@ -591,6 +604,8 @@ uvmpd_scan_inactive(struct pglist *pglst
> >pg_flags,
> PG_BUSY);
> UVM_PAGE_OWN(p, NULL);
> + if (anon)
> + rw_exit(anon->an_lock);
> continue;
> }
> swcpages = 0; /* cluster is empty */
> @@ -622,6 +637,9 @@ uvmpd_scan_inactive(struct pglist *pglst
>*/
> if (swap_backed) {
> if (p) {/* if we just added a page to cluster */
> + if (anon)
> + rw_exit(anon->an_lock);
> +
> /* cluster not full yet? */
> if (swcpages < swnpages)
> continue;
> @@ -730,6 +748,12 @@ uvmpd_scan_inactive(struct pglist *pglst
> /* relock p's object: page queues not lock yet, so
>* no need for "try" */
>
> + /* !swap_backed case: already locked... */
> + if (swap_backed) {
> + if (anon)
> + rw_enter(anon->an_lock, RW_WRITE);
> + }
> +
> #ifdef DIAGNOSTIC
> if (result == VM_PAGER_UNLOCK)
> panic("pagedaemon: pageout returned "
> @@ -754,6 +778,7 @@ uvmpd_scan_inactive(struct pglist *pglst
> anon->an_page = NULL;
> p->uanon = NULL;
>
> + rw_exit(anon->an_lock);
> uvm_anfree(anon); /* kills anon */
> pmap_page_protect(p, PROT_NONE);
> anon = NULL;
> @@ -787,6 +812,8 @@ uvmpd_scan_inactive(struct pglist *pglst
>* the inactive queue can't be re-queued [note: not
>* true for active queue]).
>*/
> +
