On Tue, Dec 14, 2021 at 06:25:20PM +0900, YASUOKA Masahiko wrote:
> Yes, if there is another better idea, it will be welcome.
> For this moment, the diff is the best idea for me.
Sorry, no better idea. I have no experiance with l2pt. Codewise
the diff looks fine, but I don't understand the conse
Hi,
syzkaller has found a crash in dtclose().
panic: kernel diagnostic assertion "suser(curproc) == 0" failed: file
"/syzkaller/managers/main/kernel/sys/dev/dt/dt_dev.c", line 431
https://syzkaller.appspot.com/bug?id=5d0d657ba9f3a16981aad2a6c50667918de4c955
Basically it does an open, setuid an
Hi,
I would like to use TAILQ_FOREACH to traverse the disk list.
Code is easier to read.
ok?
bluhm
Index: kern/kern_sysctl.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/kern_sysctl.c,v
retrieving revision 1.396
diff -u -p -
Hi,
IPsec is not MP safe yet. To allow forwarding in parallel without
dirty hacks, it is better to protect IPsec input and output with
kernel lock. We do not loose much as crypto needs the kernel lock
anyway. From here we can refine the lock later.
Note that there is no kernel lock in the SPD
Hi,
syzkaller found a race in sysctl_diskinit().
https://syzkaller.appspot.com/bug?id=76838ab8f15c5f1bc22541c60c3c279314e13db0
While malloc sleeps, the disk list could change. Retry allocating
enough space until it did not change.
Not sure if this is the bug which syzkaller has found. But the
On Wed, Dec 22, 2021 at 05:20:02PM +0100, Hrvoje Popovski wrote:
> On 22.12.2021. 17:07, Hrvoje Popovski wrote:
> > i've sysupgrade box and reboot it and everything seems fine. then cvs
> > checkout it, compile and then box stuck at boot
> >
> >>> OpenBSD/amd64 BOOT 3.53
> > boot>
> > booting hd0a
Hi,
Template for option WITNESS is in the architeture GENERIC.MP file
if it is supported. It should not be in the global GENERIC config.
ok?
bluhm
Index: conf/GENERIC
===
RCS file: /data/mirror/openbsd/cvs/src/sys/conf/GENERIC,v
r
Hi,
syzkaller found a missing unlock in vnd ioctl error path.
https://syzkaller.appspot.com/bug?id=b35a411a91f835fffb793df63aa8bcd7be99ad87
ok?
bluhm
Index: dev/vnd.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/dev/vnd.c,v
retr
On Tue, Dec 21, 2021 at 04:03:22PM +0100, Alexander Bluhm wrote:
> I would like to use TAILQ_FOREACH to traverse the disk list.
> Code is easier to read.
Merged to -current.
ok?
bluhm
Index: kern/kern_sysctl.c
===
RCS file:
On Fri, Dec 03, 2021 at 08:35:45PM +0100, Alexander Bluhm wrote:
> Note that IPsec still has the workaround to disable multiple queues.
I think we can remove the ipsec_in_use workaround now. The IPsec
path is protected with the kernel lock.
There are some issues left:
- npppd l2pt ipsecflowi
On Fri, Dec 24, 2021 at 04:16:28PM +0900, YASUOKA Masahiko wrote:
> > - npppd l2pt ipsecflowinfo is not MP safe
>
> Does this mean the things we are discussing on the "Fix
> ipsp_spd_lookup() for transport mode" thread? I wonder if there is
> another issue.
In this mail thread I was concerned ab
On Fri, Dec 24, 2021 at 12:55:04AM +0100, Alexander Bluhm wrote:
> If you use only regular IPsec or forwarding, I hope it is stable.
false hope
rt_timer_add(fd81b97f5390,814218b0,802040c0,0) at rt_timer_
add+0xc7
icmp_mtudisc_clone(2438040a,0,1) at icmp_mtudisc_clone+0x
Hi,
ip_deliver() has been called without kernel lock from ip_ours() and
ip6_ours() for a long time. It looks like these two callers in ip6
input were forgotten to be unlocked.
ok?
bluhm
Index: netinet6/ip6_input.c
===
RCS file: /d
On Fri, Dec 24, 2021 at 02:04:17PM +0100, Alexander Bluhm wrote:
> On Fri, Dec 24, 2021 at 12:55:04AM +0100, Alexander Bluhm wrote:
> > If you use only regular IPsec or forwarding, I hope it is stable.
>
> false hope
>
> rt_timer_add(fd81b97f5390,814218b0,f
On Sat, Dec 25, 2021 at 09:24:07AM +0100, Hrvoje Popovski wrote:
> On 24.12.2021. 0:55, Alexander Bluhm wrote:
> > I think we can remove the ipsec_in_use workaround now. The IPsec
> > path is protected with the kernel lock.
> >
> > There are some issues left:
> &
On Sat, Dec 25, 2021 at 01:23:09PM +, Visa Hankala wrote:
> Here is a revised version of the patch.
>
> A number of fixes to event filter routines have already been committed.
>
> Changes to the previous version:
>
> * Prevent excessive use of kernel memory with poll(2). Now the code
> fol
On Mon, Jan 03, 2022 at 07:49:33PM +0300, Vitaliy Makkoveev wrote:
> Subj. The getpeername(2) sysckall is pretty simple. For inet and unix
> sockets it follows the code which was already unlocked with accept(2)
> unlocking. Just copy the 'sockaddr' structure containing the peer
> address. For key m
On Wed, Jan 12, 2022 at 05:36:01PM +0100, Mark Kettenis wrote:
> > Date: Wed, 12 Jan 2022 17:02:03 +0100
> > From: Jan Klemkow
> >
> > Hi,
> >
> > This diff enables TCP and UDP checksum offloading in ix(4) for IPv6.
> >
> > IPv6 extension headers aren't a problem in this case.
> > in6_proto_cks
On Thu, Jan 13, 2022 at 12:43:57PM -0700, Theo de Raadt wrote:
> > - m_getptr() returns the correct mbuf and offset to the header. I
> > think we can assume that a single IPv6 header, that our stack has
> > created, is in contiguous memory. The IPv4 case just above makes
> > the same assump
On Sat, Jan 15, 2022 at 09:31:21PM +0100, Christian Weisgerber wrote:
> sbin/pfctl: fix -Wunused-but-set-variable warning
>
> M sbin/pfctl/pfctl_optimize.c
OK bluhm@
> diff 7c5dd09ecd1ff078b868c9ab52aac9754cde7761
> 6e5c342a53c05496c18849837c67b7dc05ce3792
> blob - 1ab170a832dd183a2895774549ff
Errata patches for expat XML library have been released for OpenBSD
6.9 and 7.0. Errata patch for kernel vmm has been released for
OpenBSD 7.0.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata
Hi,
Compiling the kernel with option KUBSAN finds undefined behavior.
Here are some easy fixes that shift signed values too far.
kubsan: arch/amd64/amd64/identcpu.c:882:17: shift: left shift of negative value
-1
kubsan: kern/kern_descrip.c:159:30: shift: left shift of 1 by 31 places cannot
be r
Hi,
snprintf(9) allows NULL pointer if size is 0. But doing NULL pointer
arithmetic is undefined behavior. Check that size is positive
before doing that. While the use NUL char for string termination.
Pfkey import_flow() must do the NULL check before doing pointer
calculations.
ok?
bluhm
In
Hi,
TCP timers also shift undefined values.
kubsan: netinet/tcp_input.c:1027:4: shift: left shift of 67108864
by 5 places cannot be represented in type 'int'
The problem is hidden behind a bunch of macros:
TCP_SETUP_ACK(tp, tiflags, m);
#define TCP_SETUP_ACK(tp, tiflags
On Thu, Jan 20, 2022 at 07:02:43PM +, Miod Vallat wrote:
> > An unsinged TF_TIMER does not create that problem.
>
> Why don't you simply append an U suffix to TF_TMR_REXMT?
There are a lot of TF_ flags. Ususally we dont put an U to hex
flags. The only one that is used for shifting is TF_TMR
On Fri, Jan 14, 2022 at 05:59:24PM +0100, Claudio Jeker wrote:
> On Fri, Jan 14, 2022 at 04:44:49PM +, Stuart Henderson wrote:
> > On 2022/01/14 16:52, Rafael Sadowski wrote:
> > > On Fri Jan 14, 2022 at 03:17:21PM +0100, Tobias Heider wrote:
> > > > Hi,
> > > >
> > > > clang ships with a pret
Hi,
Since clang 13 each Perl or Perl XS module compile spits out a lot
of -Wcompound-token-split-by-macro warnings. E.g. p5-Net-SSLeay
produces 3882 warnings generated. You cannot spot anything useful.
The problem is burried deeply in the Perl macros and copied to
everywhere.
If we compile Perl
:25PM +0100, Alexander Bluhm wrote:
> Hi,
>
> Since clang 13 each Perl or Perl XS module compile spits out a lot
> of -Wcompound-token-split-by-macro warnings. E.g. p5-Net-SSLeay
> produces 3882 warnings generated. You cannot spot anything useful.
> The problem is burried deeply
On Thu, Jan 20, 2022 at 06:36:36PM -0700, Theo de Raadt wrote:
> > Alternatives are:
> > - put U to every TF_ TCP flag
> > - put U to all TF_TMR_ timer flags
> > - put U to TF_TMR_REXMT retransmit timer flag
> > - cast TF_TIMER to unsigned (what I did)
> > - cast to unsigned in the TCP_TIMER_ARM, T
On Fri, Jan 21, 2022 at 08:39:34AM -0800, Andrew Hewus Fresh wrote:
> On Fri, Jan 21, 2022 at 04:34:13PM +0100, Marc Espie wrote:
> > So I don't really think perl requires any change.
> >
> > Possibly hacking a bit on ports that use an outdated version of ppport.h
>
> Updating ppport.h seems reaso
Errata patches for macppc kernel trap handler have been released
for OpenBSD 6.9 and 7.0.
Source code patches can be found on the respective errata page:
https://www.openbsd.org/errata69.html
https://www.openbsd.org/errata70.html
Hi,
https://syzkaller.appspot.com/bug?id=a6475751c2856d5ea5586f7120d14db1e00bf253
I think these crashes are caused by an af-to rule that has no
translation address family naf. Preventing such a rule in the
kernel might help.
ok?
bluhm
Index: net/pf_ioctl.c
Hi
There are more undefined behaviour reports in our network drivers
kubsan: dev/pci/if_em_hw.c:7625:38: shift: left shift of 65535 by 16 places
cannot be represented in type 'int'
kubsan: dev/pci/if_ix.c:3403:18: shift: left shift of 255 by 24 places cannot
be represented in type 'int'
kubsan:
On Sun, Jan 23, 2022 at 10:29:22PM -0800, Greg Steuck wrote:
> As I was staring a bit more at sysctl related code this pattern caught
> my attention. Looks like a few lines can disappear and hopefully code
> expressivity goes up.
>
> Anybody like this?
OK bluhm@
> >From 3b52f9ad743fe9b5931607747
On Sat, Jan 22, 2022 at 02:24:51AM +0100, Marc Espie wrote:
> Or we can automate this with something like this:
>
> Index: perl.port.mk
> ===
> RCS file: /cvs/ports/infrastructure/mk/perl.port.mk,v
> retrieving revision 1.32
> diff -u
On Tue, Jan 25, 2022 at 05:13:01PM +0100, Alexander Bluhm wrote:
> On Sat, Jan 22, 2022 at 02:24:51AM +0100, Marc Espie wrote:
> > Or we can automate this with something like this:
> >
> > Index: perl.port.mk
> > =
On Tue, Jan 25, 2022 at 12:05:48PM -0800, Andrew Hewus Fresh wrote:
> On Tue, Jan 25, 2022 at 06:45:12PM +0100, Alexander Bluhm wrote:
> > On Tue, Jan 25, 2022 at 05:13:01PM +0100, Alexander Bluhm wrote:
> > > On Sat, Jan 22, 2022 at 02:24:51AM +0100, Marc Espie wrote:
> >
Hi,
There were some problems with ix(4) and ixl(4) hardware checksumming
for the output path on strict alignment architectures.
I have merged jan@'s diffs and added some sanity checks and
workarounds.
- If the first mbuf is not aligned or not contigous, use m_copydata()
to extract the IP, IPv6
Hi,
kubsan: netinet6/nd6.c:948:42: type mismatch: member access within null pointer
of type 'struct in6_ifaddr'
kubsan: netinet6/nd6_nbr.c:640:43: type mismatch: member access within null
pointer of type 'struct in6_ifaddr'
This codes works as ifaddr ia_ifa is the first field of in6_ifaddr.
So
On Sun, Jan 09, 2022 at 02:54:43PM +0100, Otto Moerbeek wrote:
> currently malloc does cache a number of free'ed regions up to 128k in
> size. This cache is indexed by size (in # of pages), so it is very
> quick to check.
>
> Some programs allocate and deallocate larger allocations in a frantic
>
On Wed, Jan 26, 2022 at 11:05:51AM +0100, Claudio Jeker wrote:
> On Wed, Jan 26, 2022 at 01:29:42AM +0100, Alexander Bluhm wrote:
> > Hi,
> >
> > There were some problems with ix(4) and ixl(4) hardware checksumming
> > for the output path on strict alignment architectu
Errata patches for kernel Intel GPU driver and expat XML library
have been released for OpenBSD 6.9 and 7.0.
Binary updates for the amd64, i386 and arm64 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/er
On Tue, Feb 01, 2022 at 08:00:36AM +0100, Otto Moerbeek wrote:
> > Are you running with any malloc flags?
>
> This bug report enabled me to find a bug that would pop up if G mode
> is enabled.
>
> New diff below. New tests appreciated.
It passed a full regress run on amd64 with vm.malloc_conf CF
Hi,
With the new m_pullup() code, I see crashes on armv7 and sparc64.
regress/sbin/slaacd sends some IPv6 ND6 packets over pair(4) from
scapy. It crashes after m_pullup() in ipv6_check().
run-parse-ra
ifconfig pair1 destroy 2>/dev/null || true
ifconfig pair2 destroy 2>/dev/null || true
Hi,
sensorsd(8) reports an unveil failure due to chdir / . An additional
"r" permission would be necessary.
- chdir before unveil, do not unveil /
- use absolute config path after chdir, also necessary for SIGHUP
- /etc/sensorsd.conf.db must be unveiled, cgetent(3) tries to open it
ok?
bluhm
On Thu, Jul 02, 2020 at 12:39:47PM -0600, Theo de Raadt wrote:
> The unveil("/", "x") is to support command executation:
Of course. Forgot that.
bluhm
Index: usr.sbin/sensorsd/sensorsd.c
===
RCS file: /data/mirror/openbsd/cvs/src/u
On Fri, Jul 24, 2020 at 01:20:29PM -0500, Scott Cheloha wrote:
> tcp_close() schedules the reaper timeout to run immediately.
> Does it need to run *immediately*? Can it wait for one tick?
It does not matter. Free has to happen after timeout thread has
been run. Some other timeout may be waitin
On Sat, Jul 25, 2020 at 08:20:21PM +0900, YASUOKA Masahiko wrote:
> Currently SO_BINDANY is usable without any divert or divert-reply
> rule.
This is why we have the divert-reply feature. Just mark the states
with that keyword when you want to use them with SO_BINDANY.
See man setsockopt
Is tha
On Sat, Jul 25, 2020 at 09:37:37PM +0900, YASUOKA Masahiko wrote:
> Is this part a reason why we have "divert-reply"?
Yes.
Divert rules pass packets to the local network stack. With divert-to
you specify the socket address. This works for incomming connections.
The divert-to address can be 127.
OK bluhm@
On Sat, Sep 12, 2020 at 05:49:52PM +0200, Klemens Nanni wrote:
> Index: if_trunk.c
> ===
> RCS file: /cvs/src/sys/net/if_trunk.c,v
> retrieving revision 1.149
> diff -u -p -r1.149 if_trunk.c
> --- if_trunk.c28 Jul 20
Hi,
A while ago dhill@ pointed out that syslogd TCP sockets will stay
open forever if a client aborts the connection silently. As syslogd
does not write anything into incoming connections, it will not
recognize failure and the socket will stay forever.
Setting TCP keep alive on the listen socket
On Tue, Oct 20, 2020 at 10:14:13AM +1000, David Gwynne wrote:
> such a diff looks like this. it adds a "global" flag that you can set on
> interfaces.
Making addresses on loopback interfaces globally accessible is
against the idea of the strong host model. Current behavior is a
consequence when w
On Fri, Oct 30, 2020 at 09:59:09AM -0600, Theo de Raadt wrote:
> 1 - historically it requires a file to be pre-created. In the rc scripts,
> this is a touch. That grabs the umask and ownership of root's run of
> /etc/rc.
> 2 - could we do better, in some way?
We could do the same as we d
On Mon, Oct 12, 2020 at 11:20:50AM +0200, Gerhard Roth wrote:
> ix(4) relies on link-state change interrupts the update the link state
> via if_link_state_change(). However, after ixgbe_stop() all interrupts
> for the device are disabled and there won't be any IXGBE_EICR_LSC
> interrupt.
>
> Simpl
On Wed, Dec 02, 2020 at 12:43:28AM +0100, Alexandr Nedvedicky wrote:
> the fix is to apply synproxy action on inbound packets only. Diff below
> does that exactly. Furthermore it also makes pfctl(8) to emit warning,
> when synproxy is being used in outbound/unbound rule:
Sounds reasonable.
> lump
On Fri, Dec 04, 2020 at 01:08:53AM +0100, Alexandr Nedvedicky wrote:
> below is updated diff. The new diff also updates pf.conf(5) manpage.
OK bluhm@
A note for the man page.
> @@ -2126,6 +2126,9 @@ will not work if
> .Xr pf 4
> operates on a
> .Xr bridge 4 .
> +Also
> +.Cm synproxy state
> +
Hi,
I would like to remove a useless kernel lock during socket splicing.
We have a socket "so" that splices data to socket "sosp". Everytime
when space in sosp gets available, we add a task to move data from
so to sosp. Additionally we call sowakeup() from sowwakeup(). I
have added this as it
On Thu, Jul 04, 2019 at 10:47:22AM +0200, Claudio Jeker wrote:
> Would it be possible to use some #defined flags here instead of 1,2,3?
> Maybe use FREAD/FWRITE or define something new.
Makes code longer, but more readable.
ok?
bluhm
Index: sys/kern/uipc_socket.c
===
Hi,
If an unlink fails due to unveil, the reference count of the inode
is not decremented. You cannot unmount the file system anymore.
I have added unveilleak.c that triggers the breakage.
dd if=/dev/zero of=diskimage bs=512 count=4k
vnconfig vnd0 diskimage
newfs vnd0c
mount /dev/vnd0c /mnt
unve
On Thu, Jul 04, 2019 at 10:03:20PM +0200, Moritz Buhl wrote:
> - yyerror("rule label too long (max %d chars)",
> + yyerror("rule label too long (max %ld chars)",
> sizeof(r->label)-1);
> yyerror("rule qname too
Hi,
When syslogd(8) parent exists, the file cleanup code does not work
anymore. unveil(2) prevents removal.
Removing the UNIX domain sockets is not necessary. They are harmless
and unlinked before a new bind. I removed that code.
/var/run/syslog.pid is a common feature so we want to keep it.
On Mon, Jul 01, 2019 at 11:43:17AM -0300, Martin Pieuchot wrote:
> What's your goal? Are you trying to find bugs by increasing the amount
> of code coverage?
Having coverage for system calls is a good thing. Checking where
the differences between NetBSD and OpenBSD are, is also good.
> I don't
On Wed, Jul 10, 2019 at 12:18:33PM -0600, Theo de Raadt wrote:
> > Ofcourse there are also custom sets, like site${VERSION}-*.tgz . Which is
> > something to keep in mind.
>
> Yeah, we could delete support for that entirely
I use site.tgz to configure my regression test machines. This is
a useful
Hi,
I am running machines with a very large number of mbuf. netstat
-m output looks strange, I suspect integer overflow in kernel and
userland.
So I would like to convert kernel variables and calculations for
mbuf memory to long. The problem does not affect 32 bit machines,
they do not support
Hi,
Convert struct unpcb malloc(9) to pool_get(9).
ok?
bluhm
Index: kern/uipc_proto.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/uipc_proto.c,v
retrieving revision 1.17
diff -u -p -r1.17 uipc_proto.c
--- kern/uipc_proto.c
Hi,
Initialize struct inpcb pool not on demand, but during initialization.
Avoids MP problems and removes a global variable.
ok?
bluhm
Index: netinet/in_pcb.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/in_pcb.c,v
retrie
Hi,
When the kernel reaches the sysclt kern.maxclusters limit, operations
get stuck while holding the net lock. Increasing the limit does
not help as there is no wakeup of the pools. So run through the
mbuf pool request list when the limit changes.
There seem to more problems when recovering fr
Hi,
Convert struct pkpcb malloc(9) to pool_get(9). PCB for pfkey is
only used in process context, so pass PR_WAITOK to pool_init(9).
The possible sleep in pool_put(9) should not hurt, as pfkeyv2_detach()
is only called by soclose(9).
ok?
bluhm
Index: net/pfkeyv2.c
=
On Tue, Jul 16, 2019 at 02:34:52PM +0200, Klemens Nanni wrote:
> Rebased diff after bluhm's conflicting realpath/POSIX fix.
I have seen a similar problem with immuatble chflags(2).
# rm /etc/hosts
# chflags uchg /etc
# ifconfig vio0
ifconfig: unveil: Operation not permitted
Adding EPERM to the l
Hi,
The function unveil_add_vnode() does not use the parameter rootvnode.
It is even more confusing as rootvnode is also a global variable.
ok?
bluhm
Index: kern/kern_unveil.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/ker
On Tue, Jul 16, 2019 at 09:01:24PM -0300, Martin Pieuchot wrote:
> On 16/07/19(Tue) 22:45, Alexander Bluhm wrote:
> > Hi,
> >
> > Convert struct pkpcb malloc(9) to pool_get(9). PCB for pfkey is
> > only used in process context, so pass PR_WAITOK to pool_init(9).
> &g
On Sun, Jul 14, 2019 at 02:57:54PM +0200, Klemens Nanni wrote:
> We also fail to mention that condition in the ERRORS section.
Moritz, can you create a man page ERRORS diff?
> > - if (msg->msg_type < 0) {
> > + if (msg->msg_type <= 0) {
> OK kn, although I'd go with `< 1' as that matches the
Hi,
Same thing for routing socket as for IPsec pfkey PCB.
Convert struct rtpcb malloc(9) to pool_get(9).
ok?
bluhm
Index: net/rtsock.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/rtsock.c,v
retrieving revision 1.288
diff -u
On Tue, Jul 16, 2019 at 08:58:43PM -0300, Martin Pieuchot wrote:
> On 16/07/19(Tue) 21:35, Alexander Bluhm wrote:
> > Hi,
> >
> > When the kernel reaches the sysclt kern.maxclusters limit, operations
> > get stuck while holding the net lock. Increasing the limit does
On Wed, Jul 17, 2019 at 04:35:22PM -0300, Martin Pieuchot wrote:
> Diff below is a rework of Eygene's submission to avoid duplicating the
> logic leading to the re-enqueue of a packet based on a matching MAC
> address.
>
> The bug first explained by Eygene [0] happens when multiple members of
> a b
Hi,
Can we track unveil(2) violators in process accounting lastcomm(1)?
This makes it easier to find them.
$ lastcomm | grep -e '-[A-Z]U'
pflogd -FU root__ 0.00 secs Thu Jul 18 14:19 (2:33:22.00)
Seems that pflogd(8) has to be investigated.
Also we keep record about programs
On Wed, Jul 24, 2019 at 09:25:57PM +0200, Klemens Nanni wrote:
> This snuck through
>
> revision 1.84
> date: 2018/12/04 18:00:57; author: tedu; state: Exp; lines: +44 -30;
> redo the debug logging to be more like everything else.
> ok kn
>
> Where the direct syslog(3) ca
On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> Hi,
>
> Can we track unveil(2) violators in process accounting lastcomm(1)?
> This makes it easier to find them.
Could I put that in? Process accounting is cheap and does not hurt.
I have added it localy to my dai
On Thu, Jul 18, 2019 at 04:13:10PM +0200, Alexander Bluhm wrote:
> $ lastcomm | grep -e '-[A-Z]U'
> pflogd -FU root__ 0.00 secs Thu Jul 18 14:19 (2:33:22.00)
Oops, I have forgotten to show the userland part of my diff.
Do we want unveil violators in the dai
On Thu, Jul 25, 2019 at 12:00:48PM +0200, Alexander Bluhm wrote:
> Do we want unveil violators in the daily mail? We can turn it off
> if we get too many false positives.
Janne Johansson recommend to mention lastcomm(1) in unveil(2) man
page. Diff for daily, lastcomm(1), unveil(2). Kern
Hi,
When setting immutable flags on directories with chflags(1), unveil(2)
behaves poorly.
# rm /etc/hosts
# chflags uchg /etc
# ifconfig vio0
ifconfig: unveil: Operation not permitted
Adding another exception for EPERM fixes this.
ok?
bluhm
Index: kern/vfs_lookup.c
==
Hi,
Can we move the unveil function prototypes into the namei.h header
file? This guarantees consistency. Protected by _KERNEL, survived
make build.
ok?
bluhm
Index: kern/vfs_lookup.c
===
RCS file: /data/mirror/openbsd/cvs/src/sy
On Sat, Jul 27, 2019 at 12:41:24AM +0200, Mark Kettenis wrote:
> > Date: Sat, 27 Jul 2019 00:09:11 +0200
> > From: Alexander Bluhm
> >
> > Hi,
> >
> > Can we move the unveil function prototypes into the namei.h header
> > file? This guarantees co
Hi,
When we needed the kernel lock for local IP packet delivery, mpi@
introduced a queue to grab the lock for multiple packets.
Now we have only netlock for both IP and protocol input. So the
queue is not necessary anymore. It just switches CPU and decreases
performance.
To get TCP running on
Hi,
I have found more unveil functions that are used in separate C
files. They should have common prototypes in the namei.h header.
It is #ifdef _KERNEL and survived a make build.
ok?
bluhm
Index: kern/kern_unveil.c
===
RCS file:
Hi,
I am trying to hunt some ENOBUFS bugs reported from the socket
layer. This may also happen if pool(9) or malloc(9) fails, so this
an easy first step. A system call should not fail due to temporary
memory shortage. It is the kernel's job to handle that, usually
by sleeping.
So from socreate
On Thu, Jul 18, 2019 at 11:31:26PM +1000, David Gwynne wrote:
> > And I have to do ifconfig vio0 down and ifconfig vio0 up to receive
> > packets on the interface again.
>
> Can you look at systat mb when this happens to check what value
> vio0 has in the ALIVE column? If ALIVE is 0, it means the r
Hi,
unveil(2) allocates 1024 bytes on the stack. That is a lot. Better
use namei pool like sys___realpath() does.
ok?
bluhm
Index: kern/vfs_syscalls.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/vfs_syscalls.c,v
retrievin
On Tue, Aug 06, 2019 at 06:57:49AM +0200, Sebastien Marie wrote:
> On Mon, Aug 05, 2019 at 07:21:22PM +0200, Alexander Bluhm wrote:
> > unveil(2) allocates 1024 bytes on the stack. That is a lot. Better
> > use namei pool like sys___realpath() does.
>
> There is a missin
On Thu, Aug 08, 2019 at 01:40:06PM +0200, Claudio Jeker wrote:
> Just use O_CLOEXEC or SOCK_CLOEXEC on everything. There is no reason to
> keep any kind of file descriptor over an exec call. At least this way
> I'm sure that no fds will leak into the childs.
>
> OK?
OK bluhm@
> Index: carp.c
> ==
Hi,
after renaming a directory that has a mountpoint in its subtree,
umount will fail.
# rm -rf /mnt/FOO
# mkdir -p /mnt/foo/bar
# mount -t mfs /dev/sd0b /mnt/foo/bar
# mv /mnt/foo /mnt/FOO
# umount /mnt/foo/bar
umount: /mnt/foo/bar: No such file or directory
# umount /mnt/FOO/bar
umount: /mnt/FO
Hi,
in rev 1.273 RTM_LOCK has been removed from net/rtsock.c. Since
then the big switch in rtm_output() has RTM_CHANGE as a single case.
It does not make sense to check rtm_type again.
For easier review I provide the diff -w output. Otherwise you would
mostly see the indent change.
ok?
bluhm
Hi,
The kernel may crash as there is not enough input validation in
routing messages.
https://syzkaller.appspot.com/bug?id=e2076a6518b49730aefe64acf0a266f8e79685a5
Here the name of a routing label is not NUL terminated, but there
are more things that can go wrong. So I added some checks for
inc
Hi,
route(8) should provide the storage for struct sockaddr_dl to the
kernel when creating an IFP address. Instead it uses inet/inet6
autodetection also for the link address type.
Currently nothing bad happens as the kernel uses only the field
sdl_index which is within the size of a sockaddr_in.
Hi,
As soon as our kernel does input validation, I find bugs in userland.
The IFP address in arp(8) used some 0 bytes at locations depending
on sizeof(long) as sockaddr_dl. We were lucky and it worked.
Use the correct size and the algorithm from route(8) for arp(8).
ok?
bluhm
Index: usr.sbin/
On Thu, Aug 29, 2019 at 02:21:47PM +0200, Tobias Heider wrote:
> This check is done twice. The diff removes the second one.
>
> ok?
OK bluhm@
> Index: ikev2.c
> ===
> RCS file: /mount/openbsd/cvs/src/sbin/iked/ikev2.c,v
> retrieving
Hi,
The kernel uses rtm_addrs as a bit field for addresses that are
included in the routing message. The significance of the bits has
to be consistent with the order of the addresss. In route(8) store
addresses in ascending order of RTA values. This allows to use
MPLS routes together with route
On Thu, Aug 29, 2019 at 05:31:04PM +0200, Claudio Jeker wrote:
> I don't think this is the right way to do this. The consumer of rtinfo
> need to check the values based on their needs. Ideally we add some helpers
> to make that easier. I think it is close to impossible to properly
> validate the so
Hi,
The algorithm in route(8) and arp(6) is still not correct. While
the values written to the kernel are fine, the bytes for padding
are taken from memory after the sockaddr structs.
In route(8) the union of sockaddr can be made larger so that the
padding is taken from there.
In arp(8) we know
On Fri, Aug 30, 2019 at 09:54:49PM +0200, Claudio Jeker wrote:
> Just throw a struct sockaddr_storage in that union. It will make sure
> there is enough space for everything and then you can skip the MAXIMUM
> dance you do now.
Yes, that is much nicer. Although I have to work around this
compiler
601 - 700 of 2368 matches
Mail list logo
