Re: iwx(4) 40MHz channel support
On Tue, Oct 12, 2021 at 02:47:54PM +0200, Stefan Sperling wrote: > > This patch adds support for 40MHz channels to iwx(4). > > Please sync your source tree before attempting to apply this patch. > I have committed some changes to this driver today which this patch > is based on. > > Works for me on AX200/AX201. Does anyone else want to do a pre-commit test? Tested with iwx0 at pci7 dev 0 function 0 "Intel Wi-Fi 6 AX200" rev 0x1a, msix iwx0: hw rev 0x340, fw ver 63.c04f3485.0, address 50:e0:85:xx:xx:xx Your diff improves performance. I also used tcpdump(8) to check if the AP supports 40MHz: 11:55:50.496408 802.11 flags=0<>: beacon, caps=421, s sid (dlink-657D-5GHz), rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, tim 0x0001, c ountry 'GB ', channel 36 limit 30dB, channel 40 limit 30dB, channel 44 limit 30d B, channel 48 limit 30dB, channel 52 limit 30dB, channel 56 limit 30dB, channel 60 limit 30dB, channel 64 limit 30dB, channel 100 limit 20dB, channel 104 limit 20dB, channel 108 limit 20dB, channel 112 limit 20dB, channel 116 limit 20dB, ch annel 132 limit 20dB, channel 136 limit 20dB, channel 140 limit 20dB, power cons traint 0dB, tpcreport 0x0c00, htcaps=<20/40MHz,LDPC,SGI@20MHz,SGI@40MHz,TXSTBC,R XSTBC 1 stream,A-MSDU 7935,DSSS/CCK@40MHz,A-MPDU max 65535,A-MPDU spacing 16.00u s,RxMCS 0x>, htop=<40MHz chan 48:44,htprot non-member,basic MCS set 0x>, 127:8 0x0040, 191:12 0xb139c103faff0c03 faff0c03, 192:5 0x012a00f0ff, vendor 0x0050f2010150f2020250f2020050f2040 150f202, rsn=, vendor 0x0050f202010103a427a442435e0062322f00, ve ndor 0x00904c33ef191f180481, vendor 0x00 904c3430070100, vendor 0x00e04c02026004, ven dor 0x0050f204104a00011010440001021054000800060050f2040001101100074449522d383432 10080002200c10470010112233445566778899aa409bcd75657d103c0001031049000600372a0001 20, Thanks, Kevin
table-procexec for opensmtpd (another try)
Hi all, I've made a refactored version of table-procexec, hopefully with a lot less redundancy in code. This patch adds the table-procexec backend which is configured with a timeout of 500 milliseconds. Currently this is hardcoded, but that is easy enough to change and shouldnt be the holdback. In case a table times out and the response has not reached smtpd, this sets the table status to indicate that and also starts an event to discard the next line coming on the socket. After which we are "clear" for communication. Comments would be very welcome and testing even more so. I am not the most proficient C coder... Cheers, Aisha diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y index 832f4f2aec9..ff7b9a9a340 100644 --- a/usr.sbin/smtpd/parse.y +++ b/usr.sbin/smtpd/parse.y @@ -2543,13 +2543,6 @@ table: TABLE STRING STRING { config = p+1; } } - if (config != NULL && *config != '/') { - yyerror("invalid backend parameter for table: %s", - $2); - free($2); - free($3); - YYERROR; - } table = table_create(conf, backend, $2, config); if (!table_config(table)) { yyerror("invalid configuration file %s for table %s", diff --git a/usr.sbin/smtpd/smtpctl/Makefile b/usr.sbin/smtpd/smtpctl/Makefile index ef8148be8c9..46831d647dc 100644 --- a/usr.sbin/smtpd/smtpctl/Makefile +++ b/usr.sbin/smtpd/smtpctl/Makefile @@ -47,7 +47,7 @@ SRCS+=table.c SRCS+= table_static.c SRCS+= table_db.c SRCS+= table_getpwnam.c -SRCS+= table_proc.c +SRCS+= table_procexec.c SRCS+= unpack_dns.c SRCS+= spfwalk.c diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index e6fc114d0a6..8ef80add4e7 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1663,6 +1663,7 @@ int table_regex_match(const char *, const char *); void table_open_all(struct smtpd *); void table_dump_all(struct smtpd *); void table_close_all(struct smtpd *); +const char *table_service_name(enum table_service ); /* to.c */ diff --git a/usr.sbin/smtpd/smtpd/Makefile b/usr.sbin/smtpd/smtpd/Makefile index b31d4e42224..64e73c3bb70 100644 --- a/usr.sbin/smtpd/smtpd/Makefile +++ b/usr.sbin/smtpd/smtpd/Makefile @@ -62,7 +62,7 @@ SRCS+=compress_gzip.c SRCS+= table_db.c SRCS+= table_getpwnam.c -SRCS+= table_proc.c +SRCS+= table_procexec.c SRCS+= table_static.c SRCS+= queue_fs.c diff --git a/usr.sbin/smtpd/table.c b/usr.sbin/smtpd/table.c index 7328cf5df6e..81102ef90e1 100644 --- a/usr.sbin/smtpd/table.c +++ b/usr.sbin/smtpd/table.c @@ -35,9 +35,8 @@ struct table_backend *table_backend_lookup(const char *); extern struct table_backend table_backend_static; extern struct table_backend table_backend_db; extern struct table_backend table_backend_getpwnam; -extern struct table_backend table_backend_proc; +extern struct table_backend table_backend_procexec; -static const char * table_service_name(enum table_service); static int table_parse_lookup(enum table_service, const char *, const char *, union lookup *); static int parse_sockaddr(struct sockaddr *, int, const char *); @@ -48,7 +47,7 @@ static struct table_backend *backends[] = { &table_backend_static, &table_backend_db, &table_backend_getpwnam, - &table_backend_proc, + &table_backend_procexec, NULL }; @@ -67,7 +66,7 @@ table_backend_lookup(const char *backend) return NULL; } -static const char * +const char * table_service_name(enum table_service s) { switch (s) { @@ -198,10 +197,9 @@ table_create(struct smtpd *conf, const char *backend, const char *name, PATH_LIBEXEC"/table-%s\"", backend); } if (stat(path, &sb) == 0) { - tb = table_backend_lookup("proc"); - (void)strlcpy(path, backend, sizeof(path)); + tb = table_backend_lookup("proc-exec"); if (config) { - (void)strlcat(path, ":", sizeof(path)); + (void)strlcat(path, " ", sizeof(path)); if (strlcat(path, config, sizeof(path)) >= sizeof(path)) fatalx("table_create: config file path too long"); diff --git a/usr.sbin/smtpd/table_proc.c b/usr.sbin/smtpd/table_proc.c deleted file mode 100644 index 56893a0fb61..000 --- a/usr.sbin/smtpd/table_proc.c +++ /dev/null @@ -1,265 +0,0 @@ -/* $OpenBSD: table_proc.c,v 1.17 2021/06/14 17:58:16 eric Exp $*/ - -/* - * Copyrig
lrint(3) and llrint(3) implementation
Currently the lib/libm/msun/run-lrint_test regress fails on powerpc64 and other platforms. Our implementation came from NetBSD, but NetBSD switched to the implementation from FreeBSD some time ago. That is the same implementation that we already use for lrintl(3) and llrintl(3). Diff below makes us use that implementation for lrint(3), lrintf(3), llrint(3) and llrintf(3) as well. This makes the regress test pass on powerpc64. ok? Index: lib/libm/src/s_llrint.c === RCS file: /cvs/src/lib/libm/src/s_llrint.c,v retrieving revision 1.6 diff -u -p -r1.6 s_llrint.c --- lib/libm/src/s_llrint.c 12 Sep 2016 19:47:02 - 1.6 +++ lib/libm/src/s_llrint.c 13 Oct 2021 23:12:11 - @@ -1,14 +1,12 @@ -/* $OpenBSD: s_llrint.c,v 1.6 2016/09/12 19:47:02 guenther Exp $ */ -/* $NetBSD: llrint.c,v 1.2 2004/10/13 15:18:32 drochner Exp $ */ +/* $OpenBSD$ */ /* - * Written by Matthias Drochner . - * Public domain. + * Written by Martynas Venckus. Public domain */ -#define LRINTNAME llrint -#define RESTYPE long long int -#define RESTYPE_MIN LLONG_MIN -#define RESTYPE_MAX LLONG_MAX +#define type double +#define rounditrint +#define dtype long long +#define fn llrint #include "s_lrint.c" Index: lib/libm/src/s_llrintf.c === RCS file: /cvs/src/lib/libm/src/s_llrintf.c,v retrieving revision 1.2 diff -u -p -r1.2 s_llrintf.c --- lib/libm/src/s_llrintf.c25 Sep 2006 22:16:48 - 1.2 +++ lib/libm/src/s_llrintf.c13 Oct 2021 23:12:11 - @@ -1,14 +1,12 @@ -/* $OpenBSD: s_llrintf.c,v 1.2 2006/09/25 22:16:48 kettenis Exp $ */ -/* $NetBSD: llrintf.c,v 1.2 2004/10/13 15:18:32 drochner Exp $ */ +/* $OpenBSD$ */ /* - * Written by Matthias Drochner . - * Public domain. + * Written by Martynas Venckus. Public domain */ -#define LRINTNAME llrintf -#define RESTYPE long long int -#define RESTYPE_MIN LLONG_MIN -#define RESTYPE_MAX LLONG_MAX +#define type float +#define rounditrintf +#define dtype long long +#define fn llrintf #include "s_lrintf.c" Index: lib/libm/src/s_lrint.c === RCS file: /cvs/src/lib/libm/src/s_lrint.c,v retrieving revision 1.11 diff -u -p -r1.11 s_lrint.c --- lib/libm/src/s_lrint.c 12 Sep 2016 19:47:02 - 1.11 +++ lib/libm/src/s_lrint.c 13 Oct 2021 23:12:11 - @@ -1,9 +1,8 @@ -/* $OpenBSD: s_lrint.c,v 1.11 2016/09/12 19:47:02 guenther Exp $ */ -/* $NetBSD: lrint.c,v 1.3 2004/10/13 15:18:32 drochner Exp $ */ +/* $OpenBSD$ */ /*- - * Copyright (c) 2004 - * Matthias Drochner. All rights reserved. + * Copyright (c) 2005 David Schultz + * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -27,75 +26,35 @@ * SUCH DAMAGE. */ -#include -#include -#include +#include #include -#include -#include -#include "math_private.h" - -#ifndef LRINTNAME -#define LRINTNAME lrint -#define RESTYPE long int -#define RESTYPE_MIN LONG_MIN -#define RESTYPE_MAX LONG_MAX +#ifndef type +#define type double +#define rounditrint +#define dtype long +#define fn lrint #endif -#define RESTYPE_BITS (sizeof(RESTYPE) * 8) - -static const double -TWO52[2]={ - 4.5035996273704960e+15, /* 0x4330, 0x */ - -4.5035996273704960e+15, /* 0xC330, 0x */ -}; - -RESTYPE -LRINTNAME(double x) +/* + * C99 says we should not raise a spurious inexact exception when an + * invalid exception is raised. Unfortunately, the set of inputs + * that overflows depends on the rounding mode when 'dtype' has more + * significant bits than 'type'. Hence, we bend over backwards for the + * sake of correctness; an MD implementation could be more efficient. + */ +dtype +fn(type x) { - u_int32_t i0, i1; - int e, s, shift; - RESTYPE res; - - GET_HIGH_WORD(i0, x); - e = i0 >> DBL_FRACHBITS; - s = e >> DBL_EXPBITS; - e = (e & 0x7ff) - DBL_EXP_BIAS; - - /* 1.0 x 2^31 (or 2^63) is already too large */ - if (e >= (int)RESTYPE_BITS - 1) - return (s ? RESTYPE_MIN : RESTYPE_MAX); /* ??? unspecified */ - - /* >= 2^52 is already an exact integer */ - if (e < DBL_FRACBITS) { - volatile double t = x; /* clip extra precision */ - /* round, using current direction */ - t += TWO52[s]; - t -= TWO52[s]; - x = t; - } - - EXTRACT_WORDS(i0, i1, x); - e = ((i0 >> DBL_FRACHBITS) & 0x7ff) - DBL_EXP_BIAS; - i0 &= 0xf; - i0 |= (1 << DBL_FRACHBITS); - - if (e < 0) - return (0); - - shift = e -
crypto dispatch error
Hi, The function crypto-dispatch() never returns an error. Make it void to avoid error handling in the callers. ok? bluhm Index: crypto/crypto.c === RCS file: /data/mirror/openbsd/cvs/src/sys/crypto/crypto.c,v retrieving revision 1.86 diff -u -p -r1.86 crypto.c --- crypto/crypto.c 13 Oct 2021 13:08:58 - 1.86 +++ crypto/crypto.c 13 Oct 2021 20:13:15 - @@ -384,10 +384,10 @@ crypto_unregister(u_int32_t driverid, in /* * Add crypto request to a queue, to be processed by a kernel thread. */ -int +void crypto_dispatch(struct cryptop *crp) { - int error = 0, lock = 1, s; + int lock = 1, s; u_int32_t hid; s = splvm(); @@ -414,8 +414,6 @@ crypto_dispatch(struct cryptop *crp) task_set(&crp->crp_task, (void (*))crypto_invoke, crp); task_add(tq, &crp->crp_task); } - - return error; } /* Index: crypto/cryptodev.h === RCS file: /data/mirror/openbsd/cvs/src/sys/crypto/cryptodev.h,v retrieving revision 1.75 diff -u -p -r1.75 cryptodev.h --- crypto/cryptodev.h 13 Oct 2021 13:08:58 - 1.75 +++ crypto/cryptodev.h 13 Oct 2021 20:13:15 - @@ -218,7 +218,7 @@ voidcrypto_init(void); intcrypto_newsession(u_int64_t *, struct cryptoini *, int); intcrypto_freesession(u_int64_t); -intcrypto_dispatch(struct cryptop *); +void crypto_dispatch(struct cryptop *); intcrypto_register(u_int32_t, int *, int (*)(u_int32_t *, struct cryptoini *), int (*)(u_int64_t), int (*)(struct cryptop *)); Index: dev/softraid_crypto.c === RCS file: /data/mirror/openbsd/cvs/src/sys/dev/softraid_crypto.c,v retrieving revision 1.141 diff -u -p -r1.141 softraid_crypto.c --- dev/softraid_crypto.c 10 May 2021 08:17:07 - 1.141 +++ dev/softraid_crypto.c 13 Oct 2021 20:13:15 - @@ -1157,7 +1157,7 @@ sr_crypto_rw(struct sr_workunit *wu) struct sr_crypto_wu *crwu; struct sr_crypto*mdd_crypto; daddr_t blkno; - int rv = 0; + int rv; DNPRINTF(SR_D_DIS, "%s: sr_crypto_rw wu %p\n", DEVNAME(wu->swu_dis->sd_sc), wu); @@ -1169,9 +1169,8 @@ sr_crypto_rw(struct sr_workunit *wu) mdd_crypto = &wu->swu_dis->mds.mdd_crypto; crwu = sr_crypto_prepare(wu, mdd_crypto, 1); crwu->cr_crp->crp_callback = sr_crypto_write; - rv = crypto_dispatch(crwu->cr_crp); - if (rv == 0) - rv = crwu->cr_crp->crp_etype; + crypto_dispatch(crwu->cr_crp); + rv = crwu->cr_crp->crp_etype; } else rv = sr_crypto_dev_rw(wu, NULL); Index: dev/softraid_raid1c.c === RCS file: /data/mirror/openbsd/cvs/src/sys/dev/softraid_raid1c.c,v retrieving revision 1.3 diff -u -p -r1.3 softraid_raid1c.c --- dev/softraid_raid1c.c 10 May 2021 08:17:07 - 1.3 +++ dev/softraid_raid1c.c 13 Oct 2021 20:06:49 - @@ -346,7 +346,7 @@ sr_raid1c_rw(struct sr_workunit *wu) struct sr_crypto_wu *crwu; struct sr_raid1c*mdd_raid1c; daddr_t blkno; - int rv = 0; + int rv; DNPRINTF(SR_D_DIS, "%s: sr_raid1c_rw wu %p\n", DEVNAME(wu->swu_dis->sd_sc), wu); @@ -359,9 +359,8 @@ sr_raid1c_rw(struct sr_workunit *wu) mdd_raid1c = &wu->swu_dis->mds.mdd_raid1c; crwu = sr_crypto_prepare(wu, &mdd_raid1c->sr1c_crypto, 1); crwu->cr_crp->crp_callback = sr_raid1c_write; - rv = crypto_dispatch(crwu->cr_crp); - if (rv == 0) - rv = crwu->cr_crp->crp_etype; + crypto_dispatch(crwu->cr_crp); + rv = crwu->cr_crp->crp_etype; } else rv = sr_raid1c_dev_rw(wu, NULL); Index: netinet/ip_ah.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ah.c,v retrieving revision 1.155 diff -u -p -r1.155 ip_ah.c --- netinet/ip_ah.c 13 Oct 2021 14:36:31 - 1.155 +++ netinet/ip_ah.c 13 Oct 2021 20:13:15 - @@ -699,8 +699,8 @@ ah_input(struct mbuf *m, struct tdb *tdb memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union)); tc->tc_rpl = tdb->tdb_rpl; - error = crypto_dispatch(crp); - return error; + crypto_dispatch(crp); + return 0; drop: m_freem(m); @@ -1145,8 +1145,8 @@ ah_output(struct mbuf *m, struct tdb *td tc->tc_rdomain = tdb->tdb_rdomain; memcpy(&tc->tc_dst, &tdb->tdb_dst, sizeof(union sockaddr_union
Re: acme-client: don't reach into X509
Theo Buehler(t...@theobuehler.org) on 2021.10.13 13:55:14 +0200: > In an upcoming libcrypto bump, we will make a few structs in libcrypto > opaque. This needs a small change in acme-client. Fetch the extension > stack using X509_get0_extensions() and iterate using the stack API. > Note that sk_*_num() returns -1 on NULL, so we won't enter the for loop > and the extsz dance is unnecessary. > > The first hunk is mostly whitespace. It only drops extsz and adds exts. ok benno@ > > Index: revokeproc.c > === > RCS file: /cvs/src/usr.sbin/acme-client/revokeproc.c,v > retrieving revision 1.17 > diff -u -p -r1.17 revokeproc.c > --- revokeproc.c 2 Jan 2021 19:04:21 - 1.17 > +++ revokeproc.c 13 Oct 2021 10:44:57 - > @@ -94,19 +94,20 @@ int > revokeproc(int fd, const char *certfile, int force, > int revocate, const char *const *alts, size_t altsz) > { > - char*der = NULL, *dercp, *der64 = NULL; > - char*san = NULL, *str, *tok; > - int rc = 0, cc, i, extsz, ssz, len; > - size_t *found = NULL; > - BIO *bio = NULL; > - FILE*f = NULL; > - X509*x = NULL; > - long lval; > - enum revokeopop, rop; > - time_t t; > - X509_EXTENSION *ex; > - ASN1_OBJECT *obj; > - size_t j; > + char*der = NULL, *dercp, *der64 = NULL; > + char*san = NULL, *str, *tok; > + int rc = 0, cc, i, ssz, len; > + size_t *found = NULL; > + BIO *bio = NULL; > + FILE*f = NULL; > + X509*x = NULL; > + long lval; > + enum revokeopop, rop; > + time_t t; > + const STACK_OF(X509_EXTENSION) *exts; > + X509_EXTENSION *ex; > + ASN1_OBJECT *obj; > + size_t j; > > /* >* First try to open the certificate before we drop privileges > @@ -164,13 +165,12 @@ revokeproc(int fd, const char *certfile, >* command line. >*/ > > - extsz = x->cert_info->extensions != NULL ? > - sk_X509_EXTENSION_num(x->cert_info->extensions) : 0; > + exts = X509_get0_extensions(x); > > /* Scan til we find the SAN NID. */ > > - for (i = 0; i < extsz; i++) { > - ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i); > + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { > + ex = sk_X509_EXTENSION_value(exts, i); > assert(ex != NULL); > obj = X509_EXTENSION_get_object(ex); > assert(obj != NULL); >
Re: Switch to kqueue based select(2)
On 13/10/21(Wed) 11:41, Alexander Bluhm wrote: > On Sat, Oct 02, 2021 at 09:10:13AM +0200, Martin Pieuchot wrote: > > ok? > > OK bluhm@ > > > + /* Maxium number of events per iteration */ > > Maximum > > > +int > > +pselcollect(struct proc *p, struct kevent *kevp, fd_set *pobits[3], > > +int *ncollected) > > +{ > > +#ifdef DIAGNOSTIC > > + /* Filter out and lazily delete spurious events */ > > + if ((unsigned long)kevp->udata != p->p_kq_serial) { > > + DPRINTFN(0, "select fd %u mismatched serial %lu\n", > > + (int)kevp->ident, p->p_kq_serial); > > + kevp->flags = EV_DISABLE|EV_DELETE; > > + kqueue_register(p->p_kq, kevp, p); > > + return (0); > > + } > > +#endif > > Why is it DIAGNOSTIC? Either it should not happen, then call panic(). > Or it is a valid corner case, then remove #ifdef DIAGNOSTIC. > > Different behavior with and without DIAGNOSTIC seems bad. Indeed. It should not be in DIAGNOSTIC, that's a leftover from previous iteration of the diff, I'll fix both points before committing. Thanks for the review.
patch: vnode lock: remove vop_generic_{,is,un}lock functions
Hi, The following diff removes vop_generic_{,un,is}lock functions. These functions are only stubs (returning 0). Replace them by using nullop function (same behaviour). There is no intented behaviour changes. While here, I reordered some vop_islocked member in structs to be next others vop_{,un}lock members. Note that I intent to reintroduce vop_generic_{,un,is}lock functions later, but for now it is simplier to just remove them. Comments or OK ? -- Sebastien Marie diff 5543f5ef435017650e5c7febf3b39d036a3c0b60 /home/semarie/repos/openbsd/src blob - c018508380a9c91644585eec77e5070cf0c4f00c file + sys/kern/spec_vnops.c --- sys/kern/spec_vnops.c +++ sys/kern/spec_vnops.c @@ -89,9 +89,9 @@ const struct vops spec_vops = { .vop_abortop= vop_generic_badop, .vop_inactive = spec_inactive, .vop_reclaim= nullop, - .vop_lock = vop_generic_lock, - .vop_unlock = vop_generic_unlock, - .vop_islocked = vop_generic_islocked, + .vop_lock = nullop, + .vop_unlock = nullop, + .vop_islocked = nullop, .vop_bmap = vop_generic_bmap, .vop_strategy = spec_strategy, .vop_print = spec_print, blob - b661ba724de5453b6489d74935f3155ba7771de9 file + sys/kern/vfs_default.c --- sys/kern/vfs_default.c +++ sys/kern/vfs_default.c @@ -167,37 +167,6 @@ vop_generic_abortop(void *v) return (0); } -/* - * Stubs to use when there is no locking to be done on the underlying object. - * A minimal shared lock is necessary to ensure that the underlying object - * is not revoked while an operation is in progress. So, an active shared - * count should be maintained in an auxiliary vnode lock structure. However, - * that's not done now. - */ -int -vop_generic_lock(void *v) -{ - return (0); -} - -/* - * Decrement the active use count. (Not done currently) - */ -int -vop_generic_unlock(void *v) -{ - return (0); -} - -/* - * Return whether or not the node is in use. (Not done currently) - */ -int -vop_generic_islocked(void *v) -{ - return (0); -} - const struct filterops generic_filtops = { .f_flags= FILTEROP_ISFD, .f_attach = NULL, blob - 65ef86619a77d7a6858595757eb52a4308604ebb file + sys/kern/vfs_sync.c --- sys/kern/vfs_sync.c +++ sys/kern/vfs_sync.c @@ -267,9 +267,9 @@ const struct vops sync_vops = { .vop_fsync = sync_fsync, .vop_inactive = sync_inactive, .vop_reclaim= nullop, - .vop_lock = vop_generic_lock, - .vop_unlock = vop_generic_unlock, - .vop_islocked = vop_generic_islocked, + .vop_lock = nullop, + .vop_unlock = nullop, + .vop_islocked = nullop, .vop_print = sync_print }; blob - a2a4643c4649ece502b8af46328cd953a7a93450 file + sys/miscfs/deadfs/dead_vnops.c --- sys/miscfs/deadfs/dead_vnops.c +++ sys/miscfs/deadfs/dead_vnops.c @@ -89,11 +89,11 @@ const struct vops dead_vops = { .vop_inactive = dead_inactive, .vop_reclaim= nullop, .vop_lock = dead_lock, - .vop_unlock = vop_generic_unlock, + .vop_unlock = nullop, + .vop_islocked = nullop, .vop_bmap = dead_bmap, .vop_strategy = dead_strategy, .vop_print = dead_print, - .vop_islocked = vop_generic_islocked, .vop_pathconf = dead_ebadf, .vop_advlock= dead_ebadf, .vop_bwrite = nullop, blob - f2d49e4322df91b95dbe4ae650cdc9abee4bd1ef file + sys/miscfs/fifofs/fifo_vnops.c --- sys/miscfs/fifofs/fifo_vnops.c +++ sys/miscfs/fifofs/fifo_vnops.c @@ -91,12 +91,12 @@ const struct vops fifo_vops = { .vop_abortop= vop_generic_badop, .vop_inactive = fifo_inactive, .vop_reclaim= fifo_reclaim, - .vop_lock = vop_generic_lock, - .vop_unlock = vop_generic_unlock, + .vop_lock = nullop, + .vop_unlock = nullop, + .vop_islocked = nullop, .vop_bmap = vop_generic_bmap, .vop_strategy = vop_generic_badop, .vop_print = fifo_print, - .vop_islocked = vop_generic_islocked, .vop_pathconf = fifo_pathconf, .vop_advlock= fifo_advlock, .vop_bwrite = nullop blob - fa334e23c17fe3ad5ef07a32f5b25807d7225ae8 file + sys/ntfs/ntfs_vnops.c --- sys/ntfs/ntfs_vnops.c +++ sys/ntfs/ntfs_vnops.c @@ -668,9 +668,9 @@ const struct vops ntfs_vops = { .vop_reclaim= ntfs_reclaim, .vop_print = ntfs_print, .vop_pathconf = ntfs_pathconf, - .vop_islocked = vop_generic_islocked, - .vop_unlock = vop_generic_unlock, - .vop_lock = vop_generic_lock, + .vop_islocked = nullop, + .vop_unlock = nullop, + .vop_lock = nullop, .vop_lookup = ntfs_lookup, .vop_access = ntfs_access, .vop_close = ntfs_close, blob - 3668f954a9aab3fd49ed5e41e7d4a
ipsec redundant null checks
Hi, These NULL checks are never reached. The compiler optimizes away the first one as m->m_pkthdr dereference m before the check. All callers of ipsec_common_input_cb() never call it with NULL as they dereference m before. ok? bluhm Index: netinet/ipsec_input.c === RCS file: /cvs/src/sys/netinet/ipsec_input.c,v retrieving revision 1.182 diff -u -p -r1.182 ipsec_input.c --- netinet/ipsec_input.c 5 Oct 2021 11:45:26 - 1.182 +++ netinet/ipsec_input.c 13 Oct 2021 14:49:42 - @@ -203,12 +203,6 @@ ipsec_common_input(struct mbuf *m, int s ipsecstat_pkt(ipsec_ipackets, ipsec_ibytes, m->m_pkthdr.len); IPSEC_ISTAT(esps_input, ahs_input, ipcomps_input); - if (m == NULL) { - DPRINTF("NULL packet received"); - IPSEC_ISTAT(esps_hdrops, ahs_hdrops, ipcomps_hdrops); - return EINVAL; - } - if ((sproto == IPPROTO_IPCOMP) && (m->m_flags & M_COMP)) { DPRINTF("repeated decompression"); ipcompstat_inc(ipcomps_pdrops); @@ -479,13 +473,6 @@ ipsec_common_input_cb(struct mbuf *m, st sproto = tdbp->tdb_sproto; tdbp->tdb_last_used = gettime(); - - /* Sanity check */ - if (m == NULL) { - /* The called routine will print a message if necessary */ - IPSEC_ISTAT(esps_badkcr, ahs_badkcr, ipcomps_badkcr); - return -1; - } /* Fix IPv4 header */ if (af == AF_INET) {
Re: isakmpd: remove ifdefs for prehistoric OPENSSL_VERSIONs
On Wed, Oct 13, 2021 at 01:46:04PM +0200, Theo Buehler wrote: > I don't think anyone will want to compile this against OpenSSL 0.9.7 or > earlier. Calling OpenSSL_add_all_algorithms() has not been necessary > for a few years, so let's remove libcrypto.c. OK bluhm@ > Index: Makefile > === > RCS file: /cvs/src/sbin/isakmpd/Makefile,v > retrieving revision 1.89 > diff -u -p -r1.89 Makefile > --- Makefile 11 Feb 2021 19:41:05 - 1.89 > +++ Makefile 13 Oct 2021 10:36:08 - > @@ -38,7 +38,7 @@ SRCS= app.c attribute.c cert.c connecti > field.c hash.c if.c ike_auth.c ike_main_mode.c \ > ike_phase_1.c ike_quick_mode.c init.c ipsec.c ipsec_fld.c \ > ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \ > - key.c libcrypto.c log.c message.c \ > + key.c log.c message.c \ > prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \ > ui.c util.c x509.c \ > pf_key_v2.c policy.c ike_aggressive.c isakmp_cfg.c \ > Index: init.c > === > RCS file: /cvs/src/sbin/isakmpd/init.c,v > retrieving revision 1.43 > diff -u -p -r1.43 init.c > --- init.c15 Jan 2018 09:54:48 - 1.43 > +++ init.c13 Oct 2021 10:33:53 - > @@ -71,7 +71,6 @@ init(void) > group_init(); > ipsec_init(); > isakmp_doi_init(); > - libcrypto_init(); > > timer_init(); > > Index: key.c > === > RCS file: /cvs/src/sbin/isakmpd/key.c,v > retrieving revision 1.26 > diff -u -p -r1.26 key.c > --- key.c 3 Feb 2017 08:23:46 - 1.26 > +++ key.c 13 Oct 2021 10:35:35 - > @@ -119,19 +119,12 @@ key_internalize(int type, int private, u > return strdup((char *)data); > case ISAKMP_KEY_RSA: > switch (private) { > -#if OPENSSL_VERSION_NUMBER >= 0x00907000L > case ISAKMP_KEYTYPE_PUBLIC: > return d2i_RSAPublicKey(NULL, > (const u_int8_t **)&data, datalen); > case ISAKMP_KEYTYPE_PRIVATE: > return d2i_RSAPrivateKey(NULL, > (const u_int8_t **)&data, datalen); > -#else > - case ISAKMP_KEYTYPE_PUBLIC: > - return d2i_RSAPublicKey(NULL, &data, datalen); > - case ISAKMP_KEYTYPE_PRIVATE: > - return d2i_RSAPrivateKey(NULL, &data, datalen); > -#endif > default: > log_error("key_internalize: not public or private " > "RSA key passed"); > Index: libcrypto.c > === > RCS file: libcrypto.c > diff -N libcrypto.c > --- libcrypto.c 8 Apr 2005 22:32:10 - 1.19 > +++ /dev/null 1 Jan 1970 00:00:00 - > @@ -1,44 +0,0 @@ > -/* $OpenBSD: libcrypto.c,v 1.19 2005/04/08 22:32:10 cloder Exp $ */ > -/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */ > - > -/* > - * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. > - * Copyright (c) 1999, 2000 Angelos D. Keromytis. All rights reserved. > - * > - * Redistribution and use in source and binary forms, with or without > - * modification, are permitted provided that the following conditions > - * are met: > - * 1. Redistributions of source code must retain the above copyright > - *notice, this list of conditions and the following disclaimer. > - * 2. Redistributions in binary form must reproduce the above copyright > - *notice, this list of conditions and the following disclaimer in the > - *documentation and/or other materials provided with the distribution. > - * > - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR > - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES > - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. > - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, > - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT > - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, > - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY > - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT > - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF > - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > - */ > - > -/* > - * This code was written under funding by Ericsson Radio Systems. > - */ > - > -#include "libcrypto.h" > - > -void > -libcrypto_init(void) > -{ > - /* Add all algorithms known by SSL */ > -#if OPENSSL_VERSION_NUMBER >= 0x00905100L > - OpenSSL_add_all_algorithms(); > -#else > - SSLeay_add_all_algorithms(); > -#endif
acme-client: don't reach into X509
In an upcoming libcrypto bump, we will make a few structs in libcrypto opaque. This needs a small change in acme-client. Fetch the extension stack using X509_get0_extensions() and iterate using the stack API. Note that sk_*_num() returns -1 on NULL, so we won't enter the for loop and the extsz dance is unnecessary. The first hunk is mostly whitespace. It only drops extsz and adds exts. Index: revokeproc.c === RCS file: /cvs/src/usr.sbin/acme-client/revokeproc.c,v retrieving revision 1.17 diff -u -p -r1.17 revokeproc.c --- revokeproc.c2 Jan 2021 19:04:21 - 1.17 +++ revokeproc.c13 Oct 2021 10:44:57 - @@ -94,19 +94,20 @@ int revokeproc(int fd, const char *certfile, int force, int revocate, const char *const *alts, size_t altsz) { - char*der = NULL, *dercp, *der64 = NULL; - char*san = NULL, *str, *tok; - int rc = 0, cc, i, extsz, ssz, len; - size_t *found = NULL; - BIO *bio = NULL; - FILE*f = NULL; - X509*x = NULL; - long lval; - enum revokeopop, rop; - time_t t; - X509_EXTENSION *ex; - ASN1_OBJECT *obj; - size_t j; + char*der = NULL, *dercp, *der64 = NULL; + char*san = NULL, *str, *tok; + int rc = 0, cc, i, ssz, len; + size_t *found = NULL; + BIO *bio = NULL; + FILE*f = NULL; + X509*x = NULL; + long lval; + enum revokeopop, rop; + time_t t; + const STACK_OF(X509_EXTENSION) *exts; + X509_EXTENSION *ex; + ASN1_OBJECT *obj; + size_t j; /* * First try to open the certificate before we drop privileges @@ -164,13 +165,12 @@ revokeproc(int fd, const char *certfile, * command line. */ - extsz = x->cert_info->extensions != NULL ? - sk_X509_EXTENSION_num(x->cert_info->extensions) : 0; + exts = X509_get0_extensions(x); /* Scan til we find the SAN NID. */ - for (i = 0; i < extsz; i++) { - ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i); + for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { + ex = sk_X509_EXTENSION_value(exts, i); assert(ex != NULL); obj = X509_EXTENSION_get_object(ex); assert(obj != NULL);
isakmpd: remove ifdefs for prehistoric OPENSSL_VERSIONs
I don't think anyone will want to compile this against OpenSSL 0.9.7 or earlier. Calling OpenSSL_add_all_algorithms() has not been necessary for a few years, so let's remove libcrypto.c. Index: Makefile === RCS file: /cvs/src/sbin/isakmpd/Makefile,v retrieving revision 1.89 diff -u -p -r1.89 Makefile --- Makefile11 Feb 2021 19:41:05 - 1.89 +++ Makefile13 Oct 2021 10:36:08 - @@ -38,7 +38,7 @@ SRCS= app.c attribute.c cert.c connecti field.c hash.c if.c ike_auth.c ike_main_mode.c \ ike_phase_1.c ike_quick_mode.c init.c ipsec.c ipsec_fld.c \ ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \ - key.c libcrypto.c log.c message.c \ + key.c log.c message.c \ prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \ ui.c util.c x509.c \ pf_key_v2.c policy.c ike_aggressive.c isakmp_cfg.c \ Index: init.c === RCS file: /cvs/src/sbin/isakmpd/init.c,v retrieving revision 1.43 diff -u -p -r1.43 init.c --- init.c 15 Jan 2018 09:54:48 - 1.43 +++ init.c 13 Oct 2021 10:33:53 - @@ -71,7 +71,6 @@ init(void) group_init(); ipsec_init(); isakmp_doi_init(); - libcrypto_init(); timer_init(); Index: key.c === RCS file: /cvs/src/sbin/isakmpd/key.c,v retrieving revision 1.26 diff -u -p -r1.26 key.c --- key.c 3 Feb 2017 08:23:46 - 1.26 +++ key.c 13 Oct 2021 10:35:35 - @@ -119,19 +119,12 @@ key_internalize(int type, int private, u return strdup((char *)data); case ISAKMP_KEY_RSA: switch (private) { -#if OPENSSL_VERSION_NUMBER >= 0x00907000L case ISAKMP_KEYTYPE_PUBLIC: return d2i_RSAPublicKey(NULL, (const u_int8_t **)&data, datalen); case ISAKMP_KEYTYPE_PRIVATE: return d2i_RSAPrivateKey(NULL, (const u_int8_t **)&data, datalen); -#else - case ISAKMP_KEYTYPE_PUBLIC: - return d2i_RSAPublicKey(NULL, &data, datalen); - case ISAKMP_KEYTYPE_PRIVATE: - return d2i_RSAPrivateKey(NULL, &data, datalen); -#endif default: log_error("key_internalize: not public or private " "RSA key passed"); Index: libcrypto.c === RCS file: libcrypto.c diff -N libcrypto.c --- libcrypto.c 8 Apr 2005 22:32:10 - 1.19 +++ /dev/null 1 Jan 1970 00:00:00 - @@ -1,44 +0,0 @@ -/* $OpenBSD: libcrypto.c,v 1.19 2005/04/08 22:32:10 cloder Exp $*/ -/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $*/ - -/* - * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist. All rights reserved. - * Copyright (c) 1999, 2000 Angelos D. Keromytis. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - *notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - *notice, this list of conditions and the following disclaimer in the - *documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * This code was written under funding by Ericsson Radio Systems. - */ - -#include "libcrypto.h" - -void -libcrypto_init(void) -{ - /* Add all algorithms known by SSL */ -#if OPENSSL_VERSION_NUMBER >= 0x00905100L - OpenSSL_add_all_algorithms(); -#else - SSLeay_add_all_algorithms(); -#endif -} Index: libcrypto.h === RCS file: /cvs/src/sbin/isakmpd/libcrypto.h,v retrieving revision 1.18 diff -u -p -r1.18 libcrypto.h --- libcrypto.h 11 Jul 2014 10:01
Re: Switch to kqueue based select(2)
On Sat, Oct 02, 2021 at 09:10:13AM +0200, Martin Pieuchot wrote: > ok? OK bluhm@ > + /* Maxium number of events per iteration */ Maximum > +int > +pselcollect(struct proc *p, struct kevent *kevp, fd_set *pobits[3], > +int *ncollected) > +{ > +#ifdef DIAGNOSTIC > + /* Filter out and lazily delete spurious events */ > + if ((unsigned long)kevp->udata != p->p_kq_serial) { > + DPRINTFN(0, "select fd %u mismatched serial %lu\n", > + (int)kevp->ident, p->p_kq_serial); > + kevp->flags = EV_DISABLE|EV_DELETE; > + kqueue_register(p->p_kq, kevp, p); > + return (0); > + } > +#endif Why is it DIAGNOSTIC? Either it should not happen, then call panic(). Or it is a valid corner case, then remove #ifdef DIAGNOSTIC. Different behavior with and without DIAGNOSTIC seems bad.