Re: ipsecctl(8): handle non-null-terminated strings

[Tobias Heider]

On Mon, Oct 09, 2023 at 11:55:36PM +0200, Theo Buehler wrote:
> On Mon, Oct 09, 2023 at 11:50:14PM +0200, Tobias Heider wrote:
> > On Mon, Oct 09, 2023 at 11:24:19PM +0200, Theo Buehler wrote:
> > > On Mon, Oct 09, 2023 at 10:49:53PM +0200, Tobias Heider wrote:
> > > > ipsecctl wrongly assumes that strings like the pf tag or
> > > > the identities are always null terminated.
> > > > The diff below fixes the cases that always kill my
> > > > ipsecctl -m when running a fuzzer.
> > > > 
> > > > ok?
> > > > 
> > > > Index: pfkdump.c
> > > > ===
> > > > RCS file: /mount/openbsd/cvs/src/sbin/ipsecctl/pfkdump.c,v
> > > > retrieving revision 1.57
> > > > diff -u -p -r1.57 pfkdump.c
> > > > --- pfkdump.c   7 Aug 2023 04:10:08 -   1.57
> > > > +++ pfkdump.c   9 Oct 2023 20:41:54 -
> > > > @@ -406,9 +406,11 @@ print_tag(struct sadb_ext *ext, struct s
> > > >  {
> > > > struct sadb_x_tag *stag = (struct sadb_x_tag *)ext;
> > > > char *p;
> > > > +   int plen;
> > > >  
> > > > p = (char *)(stag + 1);
> > > > -   printf("%s", p);
> > > > +   plen = (stag->sadb_x_tag_len * 8) - sizeof(*stag);
> > > 
> > > If I understand correctly this attempts to undo the computation in
> > > export_tag(). So this computes PADUP(stag->sadb_x_tag_taglen) where
> > > PADUP() rounds up to the next multiple of 8. Should this not use
> > > stag->sadb_x_tag_taglen - 1 instead, which is the strlen of the tag?
> > 
> > Thanks, I don't think this version can read out-of-bounds,
> > see explanation below, but sadb_x_tag_taglen is certainly even better.

Actually looking at net/pfkeyv2_parsemessage.c there is a good reason to
use sadb_x_tag_len here too. The generic header length field gets validated
in pfkeyv2_parsemessage() before being forwarded to userland,
sadb_x_tag_taglen doesn't.
But we might want to harden that too.

> > 
> > > 
> > > > +   printf("%.*s", plen, p);
> > > >  }
> > > >  
> > > >  static void
> > > > @@ -590,10 +592,12 @@ static void
> > > >  print_ident(struct sadb_ext *ext, struct sadb_msg *msg, int opts)
> > > >  {
> > > > struct sadb_ident *ident = (struct sadb_ident *)ext;
> > > > +   int ilen;
> > > >  
> > > > -   printf("type %s id %llu: %s",
> > > > +   ilen = (ident->sadb_ident_len * 8) - sizeof(*ident);
> > > 
> > > Similar problem here, but there doesn't seem to be an easy way to get
> > > the actual length of the identity. Doesn't this still overread?
> > 
> > Not as far as I understand it. The whole payload is sadb_ident + string + 
> > eventual
> > zero padding. We read the string until we hit the first null byte or the 
> > end of the
> > whole payload which should be safe.
> 
> Ok, if this is guaranteed to have zero padding if the length isn't a
> multiple of 8 the remainder then I have no concern apart from the extra
> parentheses.

fair enough

Re: ipsecctl(8): handle non-null-terminated strings

[Tobias Heider]

On Mon, Oct 09, 2023 at 11:24:19PM +0200, Theo Buehler wrote:
> On Mon, Oct 09, 2023 at 10:49:53PM +0200, Tobias Heider wrote:
> > ipsecctl wrongly assumes that strings like the pf tag or
> > the identities are always null terminated.
> > The diff below fixes the cases that always kill my
> > ipsecctl -m when running a fuzzer.
> > 
> > ok?
> > 
> > Index: pfkdump.c
> > ===
> > RCS file: /mount/openbsd/cvs/src/sbin/ipsecctl/pfkdump.c,v
> > retrieving revision 1.57
> > diff -u -p -r1.57 pfkdump.c
> > --- pfkdump.c   7 Aug 2023 04:10:08 -   1.57
> > +++ pfkdump.c   9 Oct 2023 20:41:54 -
> > @@ -406,9 +406,11 @@ print_tag(struct sadb_ext *ext, struct s
> >  {
> > struct sadb_x_tag *stag = (struct sadb_x_tag *)ext;
> > char *p;
> > +   int plen;
> >  
> > p = (char *)(stag + 1);
> > -   printf("%s", p);
> > +   plen = (stag->sadb_x_tag_len * 8) - sizeof(*stag);
> 
> If I understand correctly this attempts to undo the computation in
> export_tag(). So this computes PADUP(stag->sadb_x_tag_taglen) where
> PADUP() rounds up to the next multiple of 8. Should this not use
> stag->sadb_x_tag_taglen - 1 instead, which is the strlen of the tag?

Thanks, I don't think this version can read out-of-bounds,
see explanation below, but sadb_x_tag_taglen is certainly even better.

> 
> > +   printf("%.*s", plen, p);
> >  }
> >  
> >  static void
> > @@ -590,10 +592,12 @@ static void
> >  print_ident(struct sadb_ext *ext, struct sadb_msg *msg, int opts)
> >  {
> > struct sadb_ident *ident = (struct sadb_ident *)ext;
> > +   int ilen;
> >  
> > -   printf("type %s id %llu: %s",
> > +   ilen = (ident->sadb_ident_len * 8) - sizeof(*ident);
> 
> Similar problem here, but there doesn't seem to be an easy way to get
> the actual length of the identity. Doesn't this still overread?

Not as far as I understand it. The whole payload is sadb_ident + string + 
eventual
zero padding. We read the string until we hit the first null byte or the end of 
the
whole payload which should be safe.

> 
> > +   printf("type %s id %llu: %.*s",
> > lookup_name(identity_types, ident->sadb_ident_type),
> > -   ident->sadb_ident_id, (char *)(ident + 1));
> > +   ident->sadb_ident_id, ilen, (char *)(ident + 1));
> >  }
> >  
> >  static void
> > 

ipsecctl(8): handle non-null-terminated strings

[Tobias Heider]

ipsecctl wrongly assumes that strings like the pf tag or
the identities are always null terminated.
The diff below fixes the cases that always kill my
ipsecctl -m when running a fuzzer.

ok?

Index: pfkdump.c
===
RCS file: /mount/openbsd/cvs/src/sbin/ipsecctl/pfkdump.c,v
retrieving revision 1.57
diff -u -p -r1.57 pfkdump.c
--- pfkdump.c   7 Aug 2023 04:10:08 -   1.57
+++ pfkdump.c   9 Oct 2023 20:41:54 -
@@ -406,9 +406,11 @@ print_tag(struct sadb_ext *ext, struct s
 {
struct sadb_x_tag *stag = (struct sadb_x_tag *)ext;
char *p;
+   int plen;
 
p = (char *)(stag + 1);
-   printf("%s", p);
+   plen = (stag->sadb_x_tag_len * 8) - sizeof(*stag);
+   printf("%.*s", plen, p);
 }
 
 static void
@@ -590,10 +592,12 @@ static void
 print_ident(struct sadb_ext *ext, struct sadb_msg *msg, int opts)
 {
struct sadb_ident *ident = (struct sadb_ident *)ext;
+   int ilen;
 
-   printf("type %s id %llu: %s",
+   ilen = (ident->sadb_ident_len * 8) - sizeof(*ident);
+   printf("type %s id %llu: %.*s",
lookup_name(identity_types, ident->sadb_ident_type),
-   ident->sadb_ident_id, (char *)(ident + 1));
+   ident->sadb_ident_id, ilen, (char *)(ident + 1));
 }
 
 static void

Re: Some bwfm(4) diffs

[Tobias Heider]

On Sun, Oct 08, 2023 at 07:42:54PM +0200, Mark Kettenis wrote:
> Hector Martin has added support for the BCM4388 that is found on the
> last generation of Apple Macs.  Based on his commits I've managed to
> get it working on my M2 Pro mini.  I still have to clean up some of
> that stuff, but here is a forst batch of two diffs.
> 
> The changes to dev/ic/bwfm.c correspond to:
> 
> https://github.com/AsahiLinux/linux/commit/81e3cc7bec8b9d9c436f63662d8fcfda4f637807
> 
> The changes to dev/pci/if_bwfm_pci.c corrspond to:
> 
> https://github.com/AsahiLinux/linux/commit/8190add8671fc49c12d04b5ac8fced70f835e69f
> 
> Both changes seem to be a good idea and potentially affect other chips
> as well.  So if you have a machine with bwfm(4), please test.
> 
> ok?

Works fine on my m2 and looks correct to me as far as I understand
the Linux changes.

ok tobhe@

> 
> 
> Index: dev/ic/bwfm.c
> ===
> RCS file: /cvs/src/sys/dev/ic/bwfm.c,v
> retrieving revision 1.109
> diff -u -p -r1.109 bwfm.c
> --- dev/ic/bwfm.c 28 Mar 2023 14:01:42 -  1.109
> +++ dev/ic/bwfm.c 8 Oct 2023 17:29:35 -
> @@ -1089,15 +1089,9 @@ void
>  bwfm_chip_ai_reset(struct bwfm_softc *sc, struct bwfm_core *core,
>  uint32_t prereset, uint32_t reset, uint32_t postreset)
>  {
> - struct bwfm_core *core2 = NULL;
>   int i;
>  
> - if (core->co_id == BWFM_AGENT_CORE_80211)
> - core2 = bwfm_chip_get_core_idx(sc, BWFM_AGENT_CORE_80211, 1);
> -
>   bwfm_chip_ai_disable(sc, core, prereset, reset);
> - if (core2)
> - bwfm_chip_ai_disable(sc, core2, prereset, reset);
>  
>   for (i = 50; i > 0; i--) {
>   if ((sc->sc_buscore_ops->bc_read(sc,
> @@ -1110,32 +1104,12 @@ bwfm_chip_ai_reset(struct bwfm_softc *sc
>   }
>   if (i == 0)
>   printf("%s: timeout on core reset\n", DEVNAME(sc));
> - if (core2) {
> - for (i = 50; i > 0; i--) {
> - if ((sc->sc_buscore_ops->bc_read(sc,
> - core2->co_wrapbase + BWFM_AGENT_RESET_CTL) &
> - BWFM_AGENT_RESET_CTL_RESET) == 0)
> - break;
> - sc->sc_buscore_ops->bc_write(sc,
> - core2->co_wrapbase + BWFM_AGENT_RESET_CTL, 0);
> - delay(60);
> - }
> - if (i == 0)
> - printf("%s: timeout on core reset\n", DEVNAME(sc));
> - }
>  
>   sc->sc_buscore_ops->bc_write(sc,
>   core->co_wrapbase + BWFM_AGENT_IOCTL,
>   postreset | BWFM_AGENT_IOCTL_CLK);
>   sc->sc_buscore_ops->bc_read(sc,
>   core->co_wrapbase + BWFM_AGENT_IOCTL);
> - if (core2) {
> - sc->sc_buscore_ops->bc_write(sc,
> - core2->co_wrapbase + BWFM_AGENT_IOCTL,
> - postreset | BWFM_AGENT_IOCTL_CLK);
> - sc->sc_buscore_ops->bc_read(sc,
> - core2->co_wrapbase + BWFM_AGENT_IOCTL);
> - }
>  }
>  
>  void
> @@ -1338,6 +1312,7 @@ bwfm_chip_ca7_set_passive(struct bwfm_so
>  {
>   struct bwfm_core *core;
>   uint32_t val;
> + int i = 0;
>  
>   core = bwfm_chip_get_core(sc, BWFM_AGENT_CORE_ARM_CA7);
>   val = sc->sc_buscore_ops->bc_read(sc,
> @@ -1347,10 +1322,11 @@ bwfm_chip_ca7_set_passive(struct bwfm_so
>   BWFM_AGENT_IOCTL_ARMCR4_CPUHALT,
>   BWFM_AGENT_IOCTL_ARMCR4_CPUHALT);
>  
> - core = bwfm_chip_get_core(sc, BWFM_AGENT_CORE_80211);
> - sc->sc_chip.ch_core_reset(sc, core, BWFM_AGENT_D11_IOCTL_PHYRESET |
> - BWFM_AGENT_D11_IOCTL_PHYCLOCKEN, BWFM_AGENT_D11_IOCTL_PHYCLOCKEN,
> - BWFM_AGENT_D11_IOCTL_PHYCLOCKEN);
> + while ((core = bwfm_chip_get_core_idx(sc, BWFM_AGENT_CORE_80211, i++)))
> + sc->sc_chip.ch_core_disable(sc, core,
> + BWFM_AGENT_D11_IOCTL_PHYRESET |
> + BWFM_AGENT_D11_IOCTL_PHYCLOCKEN,
> + BWFM_AGENT_D11_IOCTL_PHYCLOCKEN);
>  }
>  
>  int
> Index: dev/pci/if_bwfm_pci.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_bwfm_pci.c,v
> retrieving revision 1.75
> diff -u -p -r1.75 if_bwfm_pci.c
> --- dev/pci/if_bwfm_pci.c 30 Dec 2022 14:10:17 -  1.75
> +++ dev/pci/if_bwfm_pci.c 8 Oct 2023 17:29:35 -
> @@ -134,6 +134,10 @@ struct bwfm_pci_softc {
>   bus_space_handle_t   sc_reg_ioh;
>   bus_size_t   sc_reg_ios;
>  
> + bus_space_tag_t  sc_pcie_iot;
> + bus_space_handle_t   sc_pcie_ioh;
> + bus_size_t   sc_pcie_ios;
> +
>   bus_space_tag_t  sc_tcm_iot;
>   bus_space_handle_t   sc_tcm_ioh;
>   bus_size_t   sc_tcm_ios;
> @@ -379,6 +383,10 @@ bwfm_pci_attach(struct device *parent, s
>   goto bar1;
>   }
>  
> + sc->sc_pcie_iot = sc->sc_reg_iot;
> + 

Re: ipsecctl(8): pledge stdio before parsing pfkey

[Tobias Heider]

On Mon, Oct 09, 2023 at 12:29:43AM +0200, Tobias Heider wrote:
> The diff below adds pledge("stdio") calls for the pfkey dump subset
> of ipsecctl commands.
> 
> In particular ipsecctl -s which prints all SAs or flows in the kernel
> and more importantly ipsecctl -m which contiously parses and prints every
> pfkey message forwarded by the kernel don't seem to need any additional
> privileges after setting up pfkey sockets and sysctls.
> 
> ok?

New diff after some contstructive feedback from mbuhl@.
ipsecctl -m stays the same, ipsecctl -s is a bit more complicated.
I moved SA and flow printing to the new common function ipsecctl_show()
which first does all the setup, then drops priviledges and finally
parses and prints the messages.
With this all of -sa -ssa and -sf should work properly.

diff /home/user/got/co/src
commit - 6d4ae77d67512ff88b0f7db1a1f3f79dda95dead
path + /home/user/got/co/src
blob - 51858d1a404c26e8c23259910dc399905909ef22
file + sbin/ipsecctl/ipsecctl.c
--- sbin/ipsecctl/ipsecctl.c
+++ sbin/ipsecctl/ipsecctl.c
@@ -57,10 +57,10 @@ void ipsecctl_print_flow(struct ipsec_rule 
*, int);
 voidipsecctl_print_sa(struct ipsec_rule *, int);
 voidipsecctl_print_sabundle(struct ipsec_rule *, int);
 int ipsecctl_flush(int);
-voidipsecctl_get_rules(struct ipsecctl *);
+char   *ipsecctl_get_rules(struct ipsecctl *, size_t *);
+voidipsecctl_parse_rules(struct ipsecctl *, char *, size_t);
 voidipsecctl_print_title(char *);
-voidipsecctl_show_flows(int);
-voidipsecctl_show_sas(int);
+voidipsecctl_show(int);
 int ipsecctl_monitor(int);
 voidusage(void);
 const char *ipsecctl_lookup_option(char *, const char **);
@@ -595,30 +595,37 @@ ipsecctl_flush(int opts)
return (0);
 }
 
-void
-ipsecctl_get_rules(struct ipsecctl *ipsec)
+char *
+ipsecctl_get_rules(struct ipsecctl *ipsec, size_t *need)
 {
-   struct sadb_msg *msg;
-   struct ipsec_rule *rule, *last = NULL;
int  mib[4];
-   size_t   need;
-   char*buf, *lim, *next;
+   char*buf;
 
mib[0] = CTL_NET;
mib[1] = PF_KEY;
mib[2] = PF_KEY_V2;
mib[3] = NET_KEY_SPD_DUMP;
 
-   if (sysctl(mib, 4, NULL, , NULL, 0) == -1)
+   if (sysctl(mib, 4, NULL, need, NULL, 0) == -1)
err(1, "ipsecctl_get_rules: sysctl");
-   if (need == 0)
-   return;
-   if ((buf = malloc(need)) == NULL)
+   if (*need == 0)
+   return NULL;
+   if ((buf = malloc(*need)) == NULL)
err(1, "ipsecctl_get_rules: malloc");
-   if (sysctl(mib, 4, buf, , NULL, 0) == -1)
+   if (sysctl(mib, 4, buf, need, NULL, 0) == -1)
err(1, "ipsecctl_get_rules: sysctl");
+
+   return buf;
+}
+
+void
+ipsecctl_parse_rules(struct ipsecctl *ipsec, char *buf, size_t need)
+{
+   struct sadb_msg *msg;
+   struct ipsec_rule *rule, *last = NULL;
+   char*lim, *next;
+
lim = buf + need;
-
for (next = buf; next < lim; next += msg->sadb_msg_len *
PFKEYV2_CHUNK) {
msg = (struct sadb_msg *)next;
@@ -627,13 +634,13 @@ ipsecctl_get_rules(struct ipsecctl *ipsec)
 
rule = calloc(1, sizeof(struct ipsec_rule));
if (rule == NULL)
-   err(1, "ipsecctl_get_rules: calloc");
+   err(1, "ipsecctl_parse_rules: calloc");
rule->nr = ipsec->rule_nr++;
rule->type |= RULE_FLOW;
TAILQ_INIT(>collapsed_rules);
 
if (pfkey_parse(msg, rule))
-   errx(1, "ipsecctl_get_rules: "
+   errx(1, "ipsecctl_parse_rules: "
"failed to parse PF_KEY message");
 
/*
@@ -663,108 +670,116 @@ ipsecctl_print_title(char *title)
 }
 
 void
-ipsecctl_show_flows(int opts)
+ipsecctl_show(int opts)
 {
struct ipsecctl ipsec;
struct ipsec_rule *rp;
-
-   bzero(, sizeof(ipsec));
-   ipsec.opts = opts;
-   TAILQ_INIT(_queue);
-
-   ipsecctl_get_rules();
-
-   if (opts & IPSECCTL_OPT_SHOWALL)
-   ipsecctl_print_title("FLOWS:");
-
-   if (TAILQ_FIRST(_queue) == 0) {
-   if (opts & IPSECCTL_OPT_SHOWALL)
-   printf("No flows\n");
-   return;
-   }
-
-   while ((rp = TAILQ_FIRST(_queue))) {
-   TAILQ_REMOVE(_queue, rp, rule_entry);
-
-   ipsecctl_print_rule(rp, ipsec.opts);
-
-   free(rp->src->name);
-   free(rp->src);
-   free(rp->dst->name);
-   free(rp->dst);
-   if

ipsecctl(8): pledge stdio before parsing pfkey

[Tobias Heider]

The diff below adds pledge("stdio") calls for the pfkey dump subset
of ipsecctl commands.

In particular ipsecctl -s which prints all SAs or flows in the kernel
and more importantly ipsecctl -m which contiously parses and prints every
pfkey message forwarded by the kernel don't seem to need any additional
privileges after setting up pfkey sockets and sysctls.

ok?

Index: ipsecctl.c
===
RCS file: /cvs/src/sbin/ipsecctl/ipsecctl.c,v
retrieving revision 1.85
diff -u -p -r1.85 ipsecctl.c
--- ipsecctl.c  7 Mar 2023 17:43:59 -   1.85
+++ ipsecctl.c  8 Oct 2023 22:16:59 -
@@ -625,6 +625,9 @@ ipsecctl_get_rules(struct ipsecctl *ipse
if (msg->sadb_msg_len == 0)
break;
 
+   if (pledge("stdio", NULL) == -1)
+   err(1, "pledge");
+
rule = calloc(1, sizeof(struct ipsec_rule));
if (rule == NULL)
err(1, "ipsecctl_get_rules: calloc");
@@ -739,6 +742,10 @@ ipsecctl_show_sas(int opts)
err(1, "ipsecctl_show_sas: malloc");
if (sysctl(mib, 5, buf, , NULL, 0) == -1)
err(1, "ipsecctl_show_sas: sysctl");
+
+   if (pledge("stdio", NULL) == -1)
+   err(1, "pledge");
+
sacount = 0;
lim = buf + need;
for (next = buf; next < lim;
Index: pfkey.c
===
RCS file: /cvs/src/sbin/ipsecctl/pfkey.c,v
retrieving revision 1.63
diff -u -p -r1.63 pfkey.c
--- pfkey.c 22 Oct 2021 12:30:54 -  1.63
+++ pfkey.c 8 Oct 2023 22:16:59 -
@@ -1324,6 +1324,9 @@ pfkey_monitor(int opts)
if (pfkey_promisc() < 0)
return -1;
 
+   if (pledge("stdio", NULL) == -1)
+   err(1, "pledge");
+
pfd[0].fd = fd;
pfd[0].events = POLLIN;
for (;;) {

pfkey: forward after validation

[Tobias Heider]

Like with route messages we should really only forward pfkey messages
that made it past the validation step. This fixes a lot of possible
crashes in ipsecctl -m.

ok?

diff /home/user/got/co/src
commit - 1ce2bc211dba4164679169b9248650fd1d6ba9d2
path + /home/user/got/co/src
blob - e750ae8bdbe6819473884a8c37a518171c63ad60
file + sys/net/pfkeyv2.c
--- sys/net/pfkeyv2.c
+++ sys/net/pfkeyv2.c
@@ -1162,6 +1162,10 @@ pfkeyv2_dosend(struct socket *so, void *message, int l
 
rdomain = kp->kcb_rdomain;
 
+   /* Validate message format */
+   if ((rval = pfkeyv2_parsemessage(message, len, headers)) != 0)
+   goto ret;
+
/* If we have any promiscuous listeners, send them a copy of the 
message */
if (promisc) {
struct mbuf *packet;
@@ -1208,10 +1212,6 @@ pfkeyv2_dosend(struct socket *so, void *message, int l
freeme_sz = 0;
}
 
-   /* Validate message format */
-   if ((rval = pfkeyv2_parsemessage(message, len, headers)) != 0)
-   goto ret;
-
/* use specified rdomain */
srdomain = (struct sadb_x_rdomain *) headers[SADB_X_EXT_RDOMAIN];
if (srdomain) {

Re: Reminder of bug in vi and nvi including tested diff

[Tobias Heider]

On Thu, Sep 07, 2023 at 09:04:43AM +0200, Walter Alejandro Iglesias wrote:
> Dear OpenBSD developers,
> 
> On Aug 2 I reported this bug:
> 
>   https://marc.info/?l=openbsd-bugs=169100763926909=2
> 
> After fiddling around I found a solution that works for both vi base and
> nvi from ports:
> 
>   https://marc.info/?l=openbsd-bugs=16926218514=2
> 
> Since nobody answered me in bugs@ I sent a message to ports@ and Cc:
> Anthony J. Bentley who told me to contact Zhihao Yuan, nvi developer
> upstream.  I don't use github, I don't have a github account, luckily
> after searching the web I found an email address of Zhihao.  He
> understood the issue and answered me with what seems to be a more
> consistent patch:
> 
>   https://marc.info/?l=openbsd-bugs=169277277928008=2
> 
> Which, needless to say, also works for both. vi on base and nvi on
> ports.  Below I paste a cvs version of Zhihao's patch to use it with vi
> on base.
> 
> So it only rests some OpenBSD developer here to take look.  It's not
> going to take up much of your time, everything has already been chewed
> up :-).

Thanks for the detailed bug report and fix!
Committed.

> 
> 
> Zhihao's diff translated to cvs:
> 
> Index: vi/v_paragraph.c
> ===
> RCS file: /cvs/src/usr.bin/vi/vi/v_paragraph.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 v_paragraph.c
> --- vi/v_paragraph.c  18 Apr 2017 01:45:35 -  1.9
> +++ vi/v_paragraph.c  23 Aug 2023 10:18:39 -
> @@ -41,15 +41,20 @@
>   if (p[0] == '\014') {   \
>   if (!--cnt) \
>   goto found; \
> + if (pstate == P_INTEXT && !--cnt)   \
> + goto found; \
>   continue;   \
>   }   \
>   if (p[0] != '.' || len < 2) \
>   continue;   \
>   for (lp = VIP(sp)->ps; *lp != '\0'; lp += 2)\
>   if (lp[0] == p[1] &&\
> - ((lp[1] == ' ' && len == 2) || lp[1] == p[2]) &&\
> - !--cnt) \
> - goto found; \
> + (lp[1] == ' ' && len == 2 || lp[1] == p[2])) {  \
> + if (!--cnt) \
> + goto found; \
> + if (pstate == P_INTEXT && !--cnt)   \
> + goto found; \
> + }   \
>  }
>  
>  /*
> 
> 
> -- 
> Walter
> 

wsdisplay: disable keyboard backlight with screen burner

[Tobias Heider]

Hi,

the diff below disables and restores the keyboard backlight together with
the screen on idle timeout to save a bit of battery.

ok?

diff 848795b17df6d7aac8fe7242132657e294ce39df 
0bb6b11cdeac4d4755e336594acf830b859e9d34
commit - 848795b17df6d7aac8fe7242132657e294ce39df
commit + 0bb6b11cdeac4d4755e336594acf830b859e9d34
blob - a0a3fd25717cce5888c4488c8fc8f35a5e43afe3
blob + bb5bb0ae7c868750c9f598a5bf6ef1142ab2942a
--- sys/dev/wscons/wsdisplay.c
+++ sys/dev/wscons/wsdisplay.c
@@ -156,6 +156,11 @@ struct wsdisplay_softc {
 void   wsdisplay_burner_setup(struct wsdisplay_softc *, struct wsscreen *);
 void   wsdisplay_burner(void *v);
 
+extern int (*wskbd_get_backlight)(struct wskbd_backlight *);
+extern int (*wskbd_set_backlight)(struct wskbd_backlight *);
+
+void   wsdisplay_burn_kbd(struct wsdisplay_softc *, int);
+
 struct wsdisplay_softc {
struct device sc_dv;
 
@@ -177,6 +182,7 @@ struct wsdisplay_softc {
int sc_burnout; /* current sc_burner delay (ms) */
int sc_burnman; /* nonzero if screen blanked */
int sc_burnflags;
+   struct wskbd_backlight  sc_kbdbl_saved;
 #endif
 
int sc_isconsole;
@@ -1224,6 +1230,7 @@ wsdisplay_internal_ioctl(struct wsdisplay_softc *sc, s
return (EOPNOTSUPP);
(*sc->sc_accessops->burn_screen)(sc->sc_accesscookie,
 *(u_int *)data, sc->sc_burnflags);
+   wsdisplay_burn_kbd(sc, *(u_int *)data == WSDISPLAYIO_VIDEO_ON);
sc->sc_burnman = *(u_int *)data == WSDISPLAYIO_VIDEO_OFF;
break;
 
@@ -2409,6 +2416,7 @@ wsdisplay_burner(void *v)
if (sc->sc_accessops->burn_screen) {
(*sc->sc_accessops->burn_screen)(sc->sc_accesscookie,
sc->sc_burnman, sc->sc_burnflags);
+   wsdisplay_burn_kbd(sc, sc->sc_burnman);
s = spltty();
if (sc->sc_burnman) {
sc->sc_burnout = sc->sc_burnoutintvl;
@@ -2533,6 +2541,30 @@ wsdisplay_brightness_cycle(struct device *dev)
wsdisplay_brightness_step(dev, 1);
 }
 
+#ifdef HAVE_BURNER_SUPPORT
+void
+wsdisplay_burn_kbd(struct wsdisplay_softc *sc, int on)
+{
+   struct wskbd_backlight bl;
+
+   if (wskbd_set_backlight == NULL ||
+   wskbd_get_backlight == NULL)
+   return;
+
+   if (!on) {
+   (*wskbd_get_backlight)(>sc_kbdbl_saved);
+   bl = sc->sc_kbdbl_saved;
+   bl.curval = bl.min;
+   } else {
+   bl = sc->sc_kbdbl_saved;
+   if (bl.max == 0)
+   return;
+   }
+
+   (*wskbd_set_backlight)();
+}
+#endif
+
 #ifdef HAVE_WSMOUSED_SUPPORT
 /*
  * wsmoused(8) support functions

Re: Virtio fix for testing

[Tobias Heider]

On Sun, Aug 20, 2023 at 12:23:49PM +0200, Stefan Fritsch wrote:
> Am 13.08.23 um 17:38 schrieb Tobias Heider:
> > On Sun, Aug 13, 2023 at 08:33:54AM -0400, Andrew Cagney wrote:
> > > > Hi Andrew,
> > > > 
> > > > can you share the qemu cmd you are using in your tests?
> > > > I'd like to see if I can reproduce this.
> > > 
> > > Here's pretty much everything.  Thanks for looking at it.
> > 
> > Thank you, I managed to reproduce your crash.
> > I am not yet sure what the exact problem is but you could try using
> > install73.img > instead of install73.iso. It looks like only the iso
> > triggers the bug
> for me.
> 
> -cdrom makes qemu add an ATA cdrom drive. This issue has nothing to do with
> the virtio scsi issue / fix from May.
> 
> The "wdc_atapi_start" here
> 
> >> --:-- ETAwdc_atapi_start: not ready, st = 50
> 
> also points to the problem being related to ATA.
> 

That matches what I'm seeing. I can reliably reproduce the crash here.
My debug prints show that xfer->chp seems to be garbage:

  wdcstart: xfer: 0xfd8016abeea8 xfer->chp: 0x8007f710
  wdc_free_xfer: TAILQ_REMOVE(0xfd8016abeea8)
  wdcstart: xfer: 0xfd8016abeea8 xfer->chp: 0x8007f710
  wdc_free_xfer: TAILQ_REMOVE(0xfd8016abeea8)
  wdcstart: xfer: 0xfd8016abeea8 xfer->chp: 0x75d4af0594eaf807

in:

  887 /* adjust chp, in case we have a shared queue */
  888 chp = xfer->chp;
  889
  890 if ((chp->ch_flags & WDCF_ACTIVE) != 0 ) {

I haven't had time yet to bisect if and find out when and why that happens.

trace:

wdcstart(8007f710) at wdcstart+0x38 [/usr/src/sys/dev/ic/wdc .c:890]
wdc_atapi_the_machine(8007f710,fd8016abeea8,2) at wdc_atapi_the_mac 
hine+0x14a [/usr/src/sys/dev/atapiscsi/atapiscsi.c:640]
wdc_atapi_intr(8007f710,fd8016abeea8,1) at wdc_atapi_intr+0x47 
[/usr/src/sys/dev/atapiscsi/atapiscsi.c:550]
wdcintr(8007f710) at wdcintr+0xae [/usr/g/src/sys/dev/ic/wdc.c :969]
intr_handler(8aface68,8006a100) at intr_handler+0x26 
[/usr/src/sys/arch/amd64/amd64/intr.c:537]
Xintr_ioapic_edge15_untramp() at Xintr_ioapic_edge15_untramp+0x18f Xspllower() 
at Xspllower+0x10
uvm_fault_upper(8afad0d8,8afad110,8afacfd0,0) at uvm_fa 
ult_upper+0x1b6 [/usr/src/sys/uvm/uvm_fault.c:1102]
uvm_fault(fd801785ee60,29fd78000,0,2) at uvm_fault+0xb4 
[/usr/src/sys/uvm/uvm_fault.c:0]
upageflttrap(8afad230,29fd78da8) at upageflttrap+0x4d 
[/usr/src/sys/arch/amd64/amd64/trap.c:189]
usertrap(8afad230) at usertrap+0xbd 
[/usr/src/sys/arch/amd64/amd64/trap.c:436]

Re: sshd: reduce preauth log verbosity

[Tobias Heider]

On Fri, Aug 18, 2023 at 06:43:50PM +0100, Stuart Henderson wrote:
> On 2023/08/18 17:39, Tobias Heider wrote:
> > Hi,
> > 
> > I was looking at my authlog today and as expected on a server exposed on the
> > public internet it is filled with random scanners and brute force attacks.
> > One thing I noticed is that there is a lot of information we log multiple
> > times for a each failed connection.
> > 
> > Some examples below:
> > 
> > sshd[6216]: error: kex_exchange_identification: banner line contains 
> > invalid characters
> > sshd[6216]: banner exchange: Connection from xx.97.73.149 port 64744: 
> > invalid format 
> > sshd[68416]: error: kex_exchange_identification: banner line contains 
> > invalid characters
> > sshd[68416]: banner exchange: Connection from xx.97.73.149 port 63955: 
> > invalid format 
> > 
> > There are a few more parsing errors like this that result in a print of the 
> > exact
> > issue error followed by 'goto invalid' which causes the more general 
> > "invalid format"
> > message. I think "invalid format" is enough information in most cases.
> > 
> > sshd[50752]: error: kex_exchange_identification: Connection closed by 
> > remote host 
> > sshd[50752]: Connection closed by xx.94.81.243 port 61000
> > 
> > Same as above, the kex_exchange_identification doesn't really add anything.
> > 
> > sshd[51579]: Invalid user tom from xx.134.191.142 port 35480
> > sshd[51579]: Received disconnect from xx.134.191.142 port 35480:11: Bye Bye 
> > [preauth]
> > sshd[51579]: Disconnected from invalid user tom xx.134.191.142 port 35480 
> > [preauth]
> > sshd[94857]: Invalid user long from xx.97.173.1 port 51140
> > sshd[94857]: Received disconnect from xx.97.173.1 port 51140:11: Bye Bye 
> > [preauth]
> > sshd[94857]: Disconnected from invalid user long xx.97.173.1 port 51140 
> > [preauth]
> > 
> > Here the "Disconnected" line contains all the info from "Invalid user" line.
> > Those invalid user messages make up the largest part of my log file,
> > so deduplicating them makes a huge difference.
> > 
> > Below is a diff to make some of those log to debug if the same information
> > is also logged elsewhere.
> > Is there some general interest in diffs to clean this up a bit?
> 
> There are some messages which don't show up in the "Disconnected from"
> line which may possibly give some clues about the source of connections,
> so might be of interest. If someone does want to log them, going all
> the way to debug is going to result in a *lot* more useless lines being
> logged.
> 
> So if they are getting squelched I think they would better under verbose
> rather than debug.

Right, verbose is probably a better choice.

> 
> examples...
> 
> sshd[2722]: Connection from 20.168.51.56 port 54850 on 195.95.187.26 port 22 
> rdomain "0"
> sshd[2722]: error: Received disconnect from 20.168.51.56 port 54850:3: 
> com.jcraft.jsch.JSchException: Auth fail [preauth]
> sshd[2722]: Disconnected from authenticating user root 20.168.51.56 port 
> 54850 [preauth]
> 
> sshd[50247]: Connection from 218.92.0.22 port 36077 on 195.95.187.184 port 22 
> rdomain "0"
> sshd[50247]: Received disconnect from 218.92.0.22 port 36077:11:  [preauth]
> sshd[50247]: Disconnected from authenticating user root 218.92.0.22 port 
> 36077 [preauth]
> 
> sshd[12117]: Connection from 222.71.84.234 port 53262 on 195.95.187.26 port 
> 22 rdomain "0"
> sshd[12117]: Invalid user A@0599343813A@0599343813A@0599343813 from 
> 222.71.84.234 port 53262
> sshd[12117]: Received disconnect from 222.71.84.234 port 53262:11: Normal 
> Shutdown, Thank you for playing [preauth]
> sshd[12117]: Disconnected from invalid user 
> A@0599343813A@0599343813A@0599343813 222.71.84.234 port 53262 [preauth]
> 
> sshd[83269]: Connection from 143.244.50.173 port 46078 on 195.95.187.28 port 
> 22 rdomain "0"
> sshd[83269]: Invalid user admin from 143.244.50.173 port 46078
> sshd[83269]: Received disconnect from 143.244.50.173 port 46078:11: end 
> [preauth]
> sshd[83269]: Disconnected from invalid user admin 143.244.50.173 port 46078 
> [preauth]
> 
> and I have all sorts in "kex_exchange_identification: client sent
> invalid protocol identifier"

That one should already be included with my diff. That's one of those goto
invalid cases.

Updated diff with s/debug/verbose/ below.

Index: auth.c
===
RCS file: /cvs/src/usr.bin/ssh/auth.c,v
re

sshd: reduce preauth log verbosity

[Tobias Heider]

Hi,

I was looking at my authlog today and as expected on a server exposed on the
public internet it is filled with random scanners and brute force attacks.
One thing I noticed is that there is a lot of information we log multiple
times for a each failed connection.

Some examples below:

sshd[6216]: error: kex_exchange_identification: banner line contains invalid 
characters
sshd[6216]: banner exchange: Connection from xx.97.73.149 port 64744: invalid 
format 
sshd[68416]: error: kex_exchange_identification: banner line contains invalid 
characters
sshd[68416]: banner exchange: Connection from xx.97.73.149 port 63955: invalid 
format 

There are a few more parsing errors like this that result in a print of the 
exact
issue error followed by 'goto invalid' which causes the more general "invalid 
format"
message. I think "invalid format" is enough information in most cases.

sshd[50752]: error: kex_exchange_identification: Connection closed by remote 
host 
sshd[50752]: Connection closed by xx.94.81.243 port 61000

Same as above, the kex_exchange_identification doesn't really add anything.

sshd[51579]: Invalid user tom from xx.134.191.142 port 35480
sshd[51579]: Received disconnect from xx.134.191.142 port 35480:11: Bye Bye 
[preauth]
sshd[51579]: Disconnected from invalid user tom xx.134.191.142 port 35480 
[preauth]
sshd[94857]: Invalid user long from xx.97.173.1 port 51140
sshd[94857]: Received disconnect from xx.97.173.1 port 51140:11: Bye Bye 
[preauth]
sshd[94857]: Disconnected from invalid user long xx.97.173.1 port 51140 
[preauth]

Here the "Disconnected" line contains all the info from "Invalid user" line.
Those invalid user messages make up the largest part of my log file,
so deduplicating them makes a huge difference.

Below is a diff to make some of those log to debug if the same information
is also logged elsewhere.
Is there some general interest in diffs to clean this up a bit?

Index: auth.c
===
RCS file: /cvs/src/usr.bin/ssh/auth.c,v
retrieving revision 1.160
diff -u -p -r1.160 auth.c
--- auth.c  5 Mar 2023 05:34:09 -   1.160
+++ auth.c  18 Aug 2023 14:22:55 -
@@ -431,7 +431,7 @@ getpwnamallow(struct ssh *ssh, const cha
 
pw = getpwnam(user);
if (pw == NULL) {
-   logit("Invalid user %.100s from %.100s port %d",
+   debug("Invalid user %.100s from %.100s port %d",
user, ssh_remote_ipaddr(ssh), ssh_remote_port(ssh));
return (NULL);
}
Index: kex.c
===
RCS file: /cvs/src/usr.bin/ssh/kex.c,v
retrieving revision 1.179
diff -u -p -r1.179 kex.c
--- kex.c   18 Aug 2023 01:37:41 -  1.179
+++ kex.c   18 Aug 2023 14:22:55 -
@@ -1336,7 +1336,7 @@ kex_exchange_identification(struct ssh *
len = atomicio(read, ssh_packet_get_connection_in(ssh),
, 1);
if (len != 1 && errno == EPIPE) {
-   error_f("Connection closed by remote host");
+   debug_f("Connection closed by remote host");
r = SSH_ERR_CONN_CLOSED;
goto out;
} else if (len != 1) {
@@ -1352,7 +1352,7 @@ kex_exchange_identification(struct ssh *
if (c == '\n')
break;
if (c == '\0' || expect_nl) {
-   error_f("banner line contains invalid "
+   debug_f("banner line contains invalid "
"characters");
goto invalid;
}
@@ -1362,7 +1362,7 @@ kex_exchange_identification(struct ssh *
goto out;
}
if (sshbuf_len(peer_version) > SSH_MAX_BANNER_LEN) {
-   error_f("banner line too long");
+   debug_f("banner line too long");
goto invalid;
}
}
@@ -1378,7 +1378,7 @@ kex_exchange_identification(struct ssh *
}
/* Do not accept lines before the SSH ident from a client */
if (ssh->kex->server) {
-   error_f("client sent invalid protocol identifier "
+   debug_f("client sent invalid protocol identifier "
"\"%.256s\"", cp);
free(cp);
goto invalid;

Re: IKEv2 tunnel crash when sec(4) pushed with large data

[Tobias Heider]

On Mon, Aug 14, 2023 at 02:07:12AM +, Jason Tubnor wrote:
> Hi,
> 
> Testing sec(4) between 2 end points with iperf3, iked has lost the associated 
> iface for the sec(4) point to point link. Specifically:
> 
> pfkey_sa: unsupported interface

Not sure how this can happen. Have you destroyed and recreated the interface
in between? Can you easily reproduce this?
I have added a bit more info to the error message, it now also prints the
iface id and the errno. It would be useful if you can reproduce it with those.

> 
> Here is the surround log for the event:
> 
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: recv 
> CREATE_CHILD_SA req 3 peer 4.4.4.2:64893 local 4.4.4.1:4500, 305 bytes, 
> policy 'policy1'
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: send 
> CREATE_CHILD_SA res 3 peer 4.4.4.2:64893 local 4.4.4.1:4500, 177 bytes, NAT-T
> Aug 14 11:30:54 terminator iked[93171]: pfkey_sa: unsupported interface
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #1 ENCR=AES_GCM_16-128
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #1 ENCR=AES_GCM_16-256
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #1 ESN=ESN
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #1 ESN=NONE
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 ENCR=AES_CBC-256
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 ENCR=AES_CBC-192
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 ENCR=AES_CBC-128
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 INTEGR=HMAC_SHA2_256_128
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 INTEGR=HMAC_SHA2_384_192
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 INTEGR=HMAC_SHA2_512_256
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 INTEGR=HMAC_SHA1_96
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 ESN=ESN
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_log_proposal: ESP #2 ESN=NONE
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: 
> ikev2_add_error: NO_PROPOSAL_CHOSEN
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: send 
> CREATE_CHILD_SA res 3 peer 4.4.4.2:64893 local 4.4.4.1:4500, 65 bytes, NAT-T
> Aug 14 11:30:54 terminator iked[93171]: spi=0x635987a83a22a13e: deleted 1 
> SPI: 0x37249f77
> Aug 14 11:33:04 terminator iked[93171]: spi=0xffb183f53eae6546: recv 
> IKE_SA_INIT req 0 peer 4.4.4.2:60926 local 4.4.4.1:500, 518 bytes, policy 
> 'policy2'
> Aug 14 11:33:04 terminator iked[93171]: spi=0xffb183f53eae6546: send 
> IKE_SA_INIT res 0 peer 4.4.4.2:60926 local 4.4.4.1:500, 235 bytes
> Aug 14 11:33:04 terminator iked[93171]: spi=0xffb183f53eae6546: recv IKE_AUTH 
> req 1 peer 4.4.4.2:64893 local 4.4.4.1:4500, 475 bytes, policy 'policy2'
> Aug 14 11:33:04 terminator iked[93171]: spi=0xffb183f53eae6546: send IKE_AUTH 
> res 1 peer 4.4.4.2:64893 local 4.4.4.1:4500, 341 bytes, NAT-T
> Aug 14 11:33:04 terminator iked[93171]: pfkey_sa: unsupported interface
> Aug 14 11:35:43 terminator iked[93171]: spi=0xffb183f53eae6546: sa_free: 
> reload
> Aug 14 11:37:45 terminator iked[93171]: spi=0x635987a83a22a13e: retransmit 1 
> INFORMATIONAL req 6 peer 4.4.4.2:64893 local 4.4.4.1:4500
> Aug 14 11:37:49 terminator iked[93171]: spi=0x635987a83a22a13e: retransmit 2 
> INFORMATIONAL req 6 peer 4.4.4.2:64893 local 4.4.4.1:4500
> Aug 14 11:37:57 terminator iked[93171]: spi=0x635987a83a22a13e: retransmit 3 
> INFORMATIONAL req 6 peer 4.4.4.2:64893 local 4.4.4.1:4500
> Aug 14 11:38:13 terminator iked[93171]: spi=0x635987a83a22a13e: retransmit 4 
> INFORMATIONAL req 6 peer 4.4.4.2:64893 local 4.4.4.1:4500
> Aug 14 11:38:45 terminator iked[93171]: spi=0x635987a83a22a13e: retransmit 5 
> INFORMATIONAL req 6 peer 4.4.4.2:64893 local 4.4.4.1:4500
> Aug 14 11:39:04 terminator iked[93171]: spi=0x8e5dc9e7e8a397e0: recv 
> IKE_SA_INIT req 0 peer 4.4.4.2:63301 local 4.4.4.1:500, 518 bytes, policy 
> 'policy6'
> Aug 14 11:39:04 terminator iked[93171]: spi=0x8e5dc9e7e8a397e0: send 
> IKE_SA_INIT res 0 peer 4.4.4.2:63301 local 4.4.4.1:500, 235 bytes
> Aug 14 11:39:04 terminator iked[93171]: spi=0x8e5dc9e7e8a397e0: recv IKE_AUTH 
> req 1 peer 4.4.4.2:64893 local 4.4.4.1:4500, 473 bytes, policy 'policy6'
> Aug 14 11:39:04 terminator iked[93171]: spi=0x8e5dc9e7e8a397e0: send IKE_AUTH 
> res 1 peer 4.4.4.2:64893 local 4.4.4.1:4500, 342 bytes, NAT-T
> Aug 14 11:39:04 terminator iked[93171]: spi=0x8e5dc9e7e8a397e0: 
> ikev2_childsa_enable: loaded SPIs: 0xbd533d62, 0xf7d5e5fd (enc aes-128-gcm 
> esn)
> 

Re: Virtio fix for testing

[Tobias Heider]

On Sun, Aug 13, 2023 at 08:33:54AM -0400, Andrew Cagney wrote:
> > Hi Andrew,
> >
> > can you share the qemu cmd you are using in your tests?
> > I'd like to see if I can reproduce this.
> 
> Here's pretty much everything.  Thanks for looking at it.

Thank you, I managed to reproduce your crash.
I am not yet sure what the exact problem is but you could try using 
install73.img
instead of install73.iso. It looks like only the iso triggers the bug for me.

> 
> virt-install \
> --connect=qemu:///system \
>  --check=path_in_use=off \
>  --graphics=none \
>  --virt-type=kvm \
>  --noreboot \
>  --console=pty,target_type=serial \
>  --cpu=host-passthrough \
>  --network=network:swandefault,model=virtio \
>  --rng=type=random,device=/dev/random \
>  --security=type=static,model=dac,label='1000:107',relabel=yes \
> --vcpus=1 \
> --memory=2048 \
> --name=w.openbsd-base \
> --os-variant=openbsd7.3 \
> --disk=path=/home/libreswan/pool/w.openbsd-base.qcow2,size=10,bus=virtio,format=qcow2
> \
> --filesystem=target=pool,type=mount,accessmode=squash,source=/home/libreswan/pool
> \
> --cdrom=/home/libreswan/pool/w.openbsd-base.iso
> 
> base.conf which gets added to the iso looks like:
> 
> #install.conf file for OpenBSD
> Terminal type? = com0
> System hostname = openbsd
> Which network interface do you wish to configure? = vio0
> IPv4 address for = dhcp
> DNS Domain name = testing.libreswan.org
> Password for root account? =
> $2a$12$YZ8bMn19IHPQpBoD6Xf/re/4pp2kbJtVkIl/Mc4G3WA96qyG7/6qW
> Start sshd(8) by default = yes
> Start ntpd(8) by default? = no
> NTP server? (hostname or 'default') = default
> Do you expect to run the X Window System? = no
> Do you want the X Window System to be started by xdm(1)? = no
> Which speed should com0 use? (or 'done') = 19200
> What timezone are you in? = EST
> Change the default console to com0? = yes
> Setup a user? = no
> Allow root ssh login = yes
> Use (W)hole disk or (E)dit the MBR? = W
> URL to autopartitioning template for disklabel? = file:/base.disk
> Which disk is the root disk? = sd0
> Use DUIDs rather than device names in fstab? = yes
> Which disk do you wish to initialize? = done
> Set name(s)? = all
> Location of sets? = cd0
> oPathname to the sets = 7.1/amd64
> Directory does not contain SHA256.sig. Continue without verification? = yes
> 
> this is the console log, part way through pexpect feeds the VM
> commands to start the installer:
> 
> cannot open cd0a:/etc/random.seed: No such file or directory
> booting cd0a:/7.3/amd64/bsd.rd: 3973828+1655808+3882568+0+708608
> [109+444720+297256]=0xa76648
> entry point at 0x81001000
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2023 OpenBSD. All rights reserved.  https://www.OpenBSD.org
> 
> OpenBSD 7.3-current (RAMDISK_CD) #1262: Sat Aug 12 11:54:24 MDT 2023
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
> real mem = 2130542592 (2031MB)
> avail mem = 2062016512 (1966MB)
> random: good seed from bootblocks
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf59a0 (9 entries)
> bios0: vendor SeaBIOS version "1.16.2-1.fc38" date 04/01/2014
> bios0: QEMU Standard PC (i440FX + PIIX, 1996)
> acpi0 at bios0: ACPI 1.0
> acpi0: tables DSDT FACP APIC WAET
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: AMD Ryzen 9 3950X 16-Core Processor, 3500.43 MHz, 17-71-00
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,CPCTR,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,STIBP,SSBD,IBPB,STIBP,SSBD,VIRTSSBD,XSAVEOPT,XSAVEC,XGETBV1
> cpu0: 64KB 64b/line 2-way D-cache, 64KB 64b/line 2-way I-cache
> cpu0: 512KB 64b/line 16-way L2 cache
> cpu0: apic clock running at 1000MHz
> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
> acpiprt0 at acpi0: bus 0 (PCI0)
> "ACPI0006" at acpi0 not configured
> acpipci0 at acpi0 PCI0
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "QEMU0002" at acpi0 not configured
> com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
> com0: console
> acpicmos0 at acpi0
> "ACPI0010" at acpi0 not configured
> acpicpu at acpi0 not configured
> pvbus0 at mainbus0: KVM
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
> "Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
> channel 0 wired to compatibility, channel 1 wired to compatibility
> atapiscsi0 at pciide0 channel 0 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0:  removable
> cd0(pciide0:0:0): 

Re: Virtio fix for testing

[Tobias Heider]

On Sat, Aug 12, 2023 at 06:41:17PM -0400, Andrew Cagney wrote:
> On Sat, 12 Aug 2023 at 16:18, Stuart Henderson  wrote:
> 
> > > Is there a way to get an updated ISO or kernel with the fix?
> > > (we're already adding an installer config file to the ISO, so why not a 
> > > kernel)
> > >
> > > Andrew
> > >
> >
> > It was committed to -current, so if you're able to use a snapshot
> > build (https://cdn.openbsd.org/pub/OpenBSD/snapshots) that would
> > likely be the simplest fix.
> 
> Greg, Stuart, thanks for the pointers.  Unfortunately I had no luck:
> 
> OpenBSD 7.3-current (RAMDISK_CD) #1262: Sat Aug 12 11:54:24 MDT 2023
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
> ...
> Installing base73.tgz19% |  | 72320 KB
> 00:25 ETAwdc_atapi_start: not ready, st = 50
> Installing base73.tgz22% |* | 83840 KB
> 00:27 ETAfatal protection fault in supervisor mode
> trap type 4 code 0 rip 81008c29 cs 8 rflags 10286 cr2
> 251d44000 cpl 6 rsp 800021749050
> gsbase 0x81908ff0  kgsbase 0x0
> panic: trap type 4, code=0, pc=81008c29
> syncing disks...
> 
> I guess I've a different problem.  Now I need a cheat sheet on how to
> pull a backtrace :-/
> 

Hi Andrew,

can you share the qemu cmd you are using in your tests?
I'd like to see if I can reproduce this.

Tobias

Re: sec(4): route based ipsec vpns

[Tobias Heider]

On Mon, Aug 07, 2023 at 02:22:23PM +1000, David Gwynne wrote:
> tobhe@ wrote the iked bits, so he'll commit them when he's ready.
> 
> your config looks pretty much the same as mine except you specify a lot
> more stuff around lifetimes and crypto than i do. maybe try without "tunnel
> esp"?
> 
> dlg

The config in the previous mail looks ok. You will need the "from any to any"
for now but I'm planning to adjust the default.

Below is the latest state of my iked diff. The previous version had a small
bug in pfkey preventing SAs from getting deleted properly. 

diff cfdc039572fed1d8c9081b6d9557ce9b85e89697 
a2b839af1fa9d47730731e392e3c8dd0e9f7dd1e
commit - cfdc039572fed1d8c9081b6d9557ce9b85e89697
commit + a2b839af1fa9d47730731e392e3c8dd0e9f7dd1e
blob - 2c7fbe14af3dad6fe38af607e9f870324e2be55c
blob + 6449f3cc2d423daee6294b71ca098247a296886a
--- sbin/iked/iked.h
+++ sbin/iked/iked.h
@@ -260,6 +260,7 @@ struct iked_policy {
 #define IKED_POLICY_SKIP0x10
 #define IKED_POLICY_IPCOMP  0x20
 #define IKED_POLICY_TRANSPORT   0x40
+#define IKED_POLICY_ROUTING 0x80
 
int  pol_refcnt;
 
blob - bf6bf0fb0d43ef17ebe71368dfbc4bf28628a1f8
blob + 25e5098dd29b03426aa2d9a03c324f13dc8cdecf
--- sbin/iked/ikev2.c
+++ sbin/iked/ikev2.c
@@ -6532,63 +6532,65 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa 
peer_changed = (memcmp(>sa_peer_loaded, >sa_peer,
sizeof(sa->sa_peer_loaded)) != 0);
 
-   TAILQ_FOREACH(flow, >sa_flows, flow_entry) {
-   /* re-load the flow if the peer for the flow has changed */
-   reload = 0;
-   if (flow->flow_loaded) {
-   if (!peer_changed) {
-   log_debug("%s: flow already loaded %p",
-   __func__, flow);
-   continue;
+   if (!(sa->sa_policy->pol_flags & IKED_POLICY_ROUTING)) {
+   TAILQ_FOREACH(flow, >sa_flows, flow_entry) {
+   /* re-load the flow if the peer for the flow has 
changed */
+   reload = 0;
+   if (flow->flow_loaded) {
+   if (!peer_changed) {
+   log_debug("%s: flow already loaded %p",
+   __func__, flow);
+   continue;
+   }
+   RB_REMOVE(iked_flows, >sc_activeflows, 
flow);
+   (void)pfkey_flow_delete(env, flow);
+   flow->flow_loaded = 0; /* we did RB_REMOVE */
+   reload = 1;
}
-   RB_REMOVE(iked_flows, >sc_activeflows, flow);
-   (void)pfkey_flow_delete(env, flow);
-   flow->flow_loaded = 0; /* we did RB_REMOVE */
-   reload = 1;
-   }
 
-   if (pfkey_flow_add(env, flow) != 0) {
-   log_debug("%s: failed to load flow", __func__);
-   goto done;
-   }
+   if (pfkey_flow_add(env, flow) != 0) {
+   log_debug("%s: failed to load flow", __func__);
+   goto done;
+   }
 
-   if ((oflow = RB_FIND(iked_flows, >sc_activeflows, flow))
-   != NULL) {
-   log_debug("%s: replaced old flow %p with %p",
-   __func__, oflow, flow);
-   oflow->flow_loaded = 0;
-   RB_REMOVE(iked_flows, >sc_activeflows, oflow);
-   }
+   if ((oflow = RB_FIND(iked_flows, >sc_activeflows, 
flow))
+   != NULL) {
+   log_debug("%s: replaced old flow %p with %p",
+   __func__, oflow, flow);
+   oflow->flow_loaded = 0;
+   RB_REMOVE(iked_flows, >sc_activeflows, 
oflow);
+   }
 
-   RB_INSERT(iked_flows, >sc_activeflows, flow);
+   RB_INSERT(iked_flows, >sc_activeflows, flow);
 
-   log_debug("%s: %sloaded flow %p", __func__,
-   reload ? "re" : "", flow);
+   log_debug("%s: %sloaded flow %p", __func__,
+   reload ? "re" : "", flow);
 
-   /* append flow to log buffer */
-   if (flow->flow_dir == IPSP_DIRECTION_OUT &&
-   flow->flow_prenat.addr_af != 0)
-   snprintf(prenat_mask, sizeof(prenat_mask), "%d",
-   flow->flow_prenat.addr_mask);
-   else
-   prenat_mask[0] = '\0';
-   if (flow->flow_dir == IPSP_DIRECTION_OUT) {

Re: iked: add print_hexbuf() to hexdump an ibuf

[Tobias Heider]

On Fri, Jul 28, 2023 at 12:06:54PM +0200, Claudio Jeker wrote:
> As suggested by tb@ add print_hexbuf() to hexdump an ibuf.
> Use this in place where a full ibuf is dumped. In some cases
> print_hex() is still used because the length is not the full
> ibuf or an offset is used.
> 
> -- 
> :wq Claudio

ok tobhe@

> 
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.222
> diff -u -p -r1.222 iked.h
> --- iked.h18 Jul 2023 15:07:41 -  1.222
> +++ iked.h28 Jul 2023 09:59:30 -
> @@ -1242,6 +1242,7 @@ const char *
>  void  lc_idtype(char *);
>  void  print_hex(const uint8_t *, off_t, size_t);
>  void  print_hexval(const uint8_t *, off_t, size_t);
> +void  print_hexbuf(struct ibuf *);
>  const char *
>print_bits(unsigned short, unsigned char *);
>  int   sockaddr_cmp(struct sockaddr *, struct sockaddr *, int);
> Index: ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.375
> diff -u -p -r1.375 ikev2.c
> --- ikev2.c   28 Jul 2023 07:31:38 -  1.375
> +++ ikev2.c   28 Jul 2023 10:00:48 -
> @@ -1443,7 +1443,7 @@ ikev2_init_ike_sa_peer(struct iked *env,
>  
>   log_debug("%s: added cookie, len %zu", __func__,
>   ibuf_size(cookie));
> - print_hex(ibuf_data(cookie), 0, ibuf_size(cookie));
> + print_hexbuf(cookie);
>  
>   if (ikev2_next_payload(pld, len, IKEV2_PAYLOAD_SA) == -1)
>   goto done;
> @@ -5738,7 +5738,7 @@ ikev2_sa_keys(struct iked *env, struct i
>  
>   log_debug("%s: DHSECRET with %zu bytes", SPI_SA(sa, __func__),
>   ibuf_length(dhsecret));
> - print_hex(ibuf_data(dhsecret), 0, ibuf_length(dhsecret));
> + print_hexbuf(dhsecret);
>  
>   if (!key) {
>   /*
> @@ -5810,7 +5810,7 @@ ikev2_sa_keys(struct iked *env, struct i
>   }
>  
>   log_debug("%s: S with %zu bytes", SPI_SA(sa, __func__), ibuf_length(s));
> - print_hex(ibuf_data(s), 0, ibuf_length(s));
> + print_hexbuf(s);
>  
>   /*
>* Get the size of the key material we need and the number
> @@ -5850,31 +5850,27 @@ ikev2_sa_keys(struct iked *env, struct i
>  
>   log_debug("%s: SK_d with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_d));
> - print_hex(ibuf_data(sa->sa_key_d), 0, ibuf_length(sa->sa_key_d));
> + print_hexbuf(sa->sa_key_d);
>   if (!isaead) {
>   log_debug("%s: SK_ai with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_iauth));
> - print_hex(ibuf_data(sa->sa_key_iauth), 0,
> - ibuf_length(sa->sa_key_iauth));
> + print_hexbuf(sa->sa_key_iauth);
>   log_debug("%s: SK_ar with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_rauth));
> - print_hex(ibuf_data(sa->sa_key_rauth), 0,
> - ibuf_length(sa->sa_key_rauth));
> + print_hexbuf(sa->sa_key_rauth);
>   }
>   log_debug("%s: SK_ei with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_iencr));
> - print_hex(ibuf_data(sa->sa_key_iencr), 0,
> - ibuf_length(sa->sa_key_iencr));
> + print_hexbuf(sa->sa_key_iencr);
>   log_debug("%s: SK_er with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_rencr));
> - print_hex(ibuf_data(sa->sa_key_rencr), 0,
> - ibuf_length(sa->sa_key_rencr));
> + print_hexbuf(sa->sa_key_rencr);
>   log_debug("%s: SK_pi with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_iprf));
> - print_hex(ibuf_data(sa->sa_key_iprf), 0, ibuf_length(sa->sa_key_iprf));
> + print_hexbuf(sa->sa_key_iprf);
>   log_debug("%s: SK_pr with %zu bytes", __func__,
>   ibuf_length(sa->sa_key_rprf));
> - print_hex(ibuf_data(sa->sa_key_rprf), 0, ibuf_length(sa->sa_key_rprf));
> + print_hexbuf(sa->sa_key_rprf);
>  
>   ret = 0;
>  
> @@ -5954,11 +5950,11 @@ ikev2_prfplus(struct iked_hash *prf, str
>  
>   log_debug("%s: T%d with %zu bytes", __func__,
>   pad, ibuf_length(t1));
> - print_hex(ibuf_data(t1), 0, ibuf_length(t1));
> + print_hexbuf(t1);
>   }
>  
>   log_debug("%s: Tn with %zu bytes", __func__, ibuf_length(t));
> - print_hex(ibuf_data(t), 0, ibuf_length(t));
> + print_hexbuf(t);
>  
>   ibuf_free(t1);
>  
> Index: ikev2_msg.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v
> retrieving revision 1.98
> diff -u -p -r1.98 ikev2_msg.c
> --- ikev2_msg.c   28 Jul 2023 07:31:38 -  1.98
> +++ ikev2_msg.c   28 Jul 2023 10:01:22 -
> @@ -446,7 +446,7 @@ ikev2_msg_encrypt(struct iked *env, stru
>   goto done;
>  
>   log_debug("%s: padded length %zu", __func__, ibuf_size(src));
> - 

Re: iked: more ibuf cleanup

[Tobias Heider]

On Thu, Jul 27, 2023 at 03:31:32PM +0200, Claudio Jeker wrote:
> Use ibuf_data() instead of direct access to ibuf->buf.
> In some cases use ibuf_add_buf().
> 
> -- 
> :wq Claudio

ok tobhe@

> 
> Index: crypto.c
> ===
> RCS file: /cvs/src/sbin/iked/crypto.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 crypto.c
> --- crypto.c  6 Jun 2023 13:27:49 -   1.44
> +++ crypto.c  27 Jul 2023 13:28:59 -
> @@ -327,7 +327,7 @@ hash_free(struct iked_hash *hash)
>  void
>  hash_init(struct iked_hash *hash)
>  {
> - HMAC_Init_ex(hash->hash_ctx, hash->hash_key->buf,
> + HMAC_Init_ex(hash->hash_ctx, ibuf_data(hash->hash_key),
>   ibuf_length(hash->hash_key), hash->hash_priv, NULL);
>  }
>  
> @@ -572,7 +572,7 @@ cipher_init(struct iked_cipher *encr, in
>   encr->encr_saltlength), encr->encr_saltlength);
>   if (nonce == NULL)
>   return (-1);
> - if (ibuf_add(nonce, ibuf_data(encr->encr_iv) , 
> ibuf_size(encr->encr_iv)) != 0)
> + if (ibuf_add_buf(nonce, encr->encr_iv) != 0)
>   goto done;
>   if (EVP_CipherInit_ex(encr->encr_ctx, NULL, NULL,
>   ibuf_data(encr->encr_key), ibuf_data(nonce), enc) != 1)
> Index: dh.c
> ===
> RCS file: /cvs/src/sbin/iked/dh.c,v
> retrieving revision 1.32
> diff -u -p -r1.32 dh.c
> --- dh.c  3 Dec 2022 22:34:35 -   1.32
> +++ dh.c  27 Jul 2023 08:27:36 -
> @@ -401,7 +401,7 @@ dh_create_exchange(struct dh_group *grou
>   if (buf == NULL)
>   return -1;
>   *bufp = buf;
> - return (group->exchange(group, buf->buf));
> + return (group->exchange(group, ibuf_data(buf)));
>  }
>  
>  int
> @@ -419,7 +419,7 @@ dh_create_shared(struct dh_group *group,
>   if (buf == NULL)
>   return -1;
>   *secretp = buf;
> - return (group->shared(group, buf->buf, exchange->buf));
> + return (group->shared(group, ibuf_data(buf), ibuf_data(exchange)));
>  }
>  
>  int
> @@ -801,7 +801,7 @@ kemsx_create_exchange2(struct dh_group *
>   buf = ibuf_new(NULL, need);
>   if (buf == NULL)
>   return -1;
> - cp = buf->buf;
> + cp = ibuf_data(buf);
>   memcpy(cp, kemsx->public,
>   crypto_kem_sntrup761_PUBLICKEYBYTES);
>   cp += crypto_kem_sntrup761_PUBLICKEYBYTES;
> @@ -819,8 +819,8 @@ kemsx_create_exchange2(struct dh_group *
>   buf = ibuf_new(NULL, need);
>   if (buf == NULL)
>   return -1;
> - cp = buf->buf;
> - pk = iexchange->buf;
> + cp = ibuf_data(buf);
> + pk = ibuf_data(iexchange);
>   crypto_kem_sntrup761_enc(cp, kemsx->kemkey, pk);
>   cp += crypto_kem_sntrup761_CIPHERTEXTBYTES;
>   }
> @@ -850,7 +850,7 @@ kemsx_create_shared2(struct dh_group *gr
>   return (-1);
>  
>   have = ibuf_size(exchange);
> - cp = exchange->buf;
> + cp = ibuf_data(exchange);
>   if (kemsx->initiator) {
>   /* input */
>   need = crypto_kem_sntrup761_CIPHERTEXTBYTES +
> @@ -878,7 +878,7 @@ kemsx_create_shared2(struct dh_group *gr
>   EVP_DigestInit_ex(ctx, EVP_sha512(), NULL) != 1 ||
>   EVP_DigestUpdate(ctx, kemsx->kemkey, sizeof(kemsx->kemkey)) != 1 ||
>   EVP_DigestUpdate(ctx, shared, sizeof(shared)) != 1 ||
> - EVP_DigestFinal_ex(ctx, buf->buf, ) != 1) {
> + EVP_DigestFinal_ex(ctx, ibuf_data(buf), ) != 1) {
>   EVP_MD_CTX_free(ctx);
>   ibuf_free(buf);
>   return (-1);
> Index: ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.374
> diff -u -p -r1.374 ikev2.c
> --- ikev2.c   18 Jul 2023 15:07:41 -  1.374
> +++ ikev2.c   27 Jul 2023 13:28:15 -
> @@ -5738,14 +5738,14 @@ ikev2_sa_keys(struct iked *env, struct i
>  
>   log_debug("%s: DHSECRET with %zu bytes", SPI_SA(sa, __func__),
>   ibuf_length(dhsecret));
> - print_hex(dhsecret->buf, 0, ibuf_length(dhsecret));
> + print_hex(ibuf_data(dhsecret), 0, ibuf_length(dhsecret));
>  
>   if (!key) {
>   /*
>* Set PRF key to generate SKEYSEED = prf(Ni | Nr, g^ir)
>*/
> - if ((ninr = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL ||
> - ibuf_add(ninr, sa->sa_rnonce->buf, rlen) != 0) {
> + if ((ninr = ibuf_new(ibuf_data(sa->sa_inonce), ilen)) == NULL ||
> + ibuf_add(ninr, ibuf_data(sa->sa_rnonce), rlen) != 0) {
>   log_info("%s: failed to get nonce key buffer",
>   SPI_SA(sa, __func__));
>   goto done;
> @@ 

Re: Onyx driver set_input support

[Tobias Heider]

On Wed, Aug 10, 2022 at 11:08:43AM +, jon@elytron.openbsd.amsterdam wrote:
> Hello everyone. The following diff adds support for
> switching the record.source with the macppc onyx
> driver. I'm still unsure how to get mixerctl or 
> sndctl to set the volume, any hints appreciated.
> 
> Drew some inspiration from 
> https://git.sipsolutions.net/snd-aoa.git

Nice! This does fix the built-in mic on my PowerBook G4.

ok anyone?

> 
> Index: arch/macppc/dev/onyx.c
> ===
> RCS file: /cvs/src/sys/arch/macppc/dev/onyx.c,v
> retrieving revision 1.15
> diff -u -p -u -p -r1.15 onyx.c
> --- arch/macppc/dev/onyx.c21 Mar 2022 19:22:39 -  1.15
> +++ arch/macppc/dev/onyx.c10 Aug 2022 11:07:14 -
> @@ -59,6 +59,7 @@
>  /* PCM3052 registers */
>  #define PCM3052_REG_LEFT_VOLUME  0x41
>  #define PCM3052_REG_RIGHT_VOLUME 0x42
> +#define PCM3052_REG_ADC_CONTROL  0x48
>  
>  /* XXX */
>  #define onyx_softc i2s_softc
> @@ -71,6 +72,7 @@ int onyx_match(struct device *, void *, 
>  void onyx_attach(struct device *, struct device *, void *);
>  void onyx_defer(struct device *);
>  void onyx_set_volume(struct onyx_softc *, int, int);
> +void onyx_set_input(struct onyx_softc *, int);
>  
>  const struct cfattach onyx_ca = {
>   sizeof(struct onyx_softc), onyx_match, onyx_attach
> @@ -143,6 +145,7 @@ onyx_attach(struct device *parent, struc
>   struct onyx_softc *sc = (struct onyx_softc *)self;
>  
>   sc->sc_setvolume = onyx_set_volume;
> + sc->sc_setinput = onyx_set_input;
>  
>   i2s_attach(parent, sc, aux);
>   config_defer(self, onyx_defer);
> @@ -169,6 +172,7 @@ onyx_defer(struct device *dev)
>  
>   deq_reset(sc);
>   onyx_set_volume(sc, 192, 192);
> + onyx_set_input(sc, 1);
>  }
>  
>  void
> @@ -186,4 +190,25 @@ onyx_set_volume(struct onyx_softc *sc, i
>   data = 128 + (right >> 1);
>   kiic_write(sc->sc_i2c, PCM3052_I2C_ADDR,
>   PCM3052_REG_RIGHT_VOLUME, , 1);
> +}
> +
> +void
> +onyx_set_input(struct onyx_softc *sc, int mask)
> +{
> + uint8_t data = 0;
> +
> + sc->sc_record_source = mask;
> +
> + switch (mask) {
> + case1 << 0: /* microphone */
> + data = 0x20;
> + break;
> + case1 << 1: /* line in */
> + data = 0;
> + break;
> + }
> + data |= 12; /* bump volume */
> +
> + kiic_write(sc->sc_i2c, PCM3052_I2C_ADDR,
> + PCM3052_REG_ADC_CONTROL, , 1);
>  }
> 

Re: [Diff] Keyboard backlight support for late powerbooks, plus keybindings

[Tobias Heider]

On Sun, Jul 23, 2023 at 09:16:40PM +, jon@elytron.openbsd.amsterdam wrote:
> If I'm not mistaken, all wskbd_{get,set}_backlight uses are in the
> following drivers: acpicbkbd, acpithinkpad, asmc, pwmleds, and now
> my implementation in adb. It is my impression that they are roughly
> the same code, I have collected them below to ease their inspection.

This doesn't look too bad actually but I am not quite sure about pwm.
A common way to solve this is adding a task to do the heavy lifiting and
then invoking that from interrupt context.

In wskbd.c there is a wskbd_brightness_task() which you could use as a
reference for a new wskbd_kbd_backlight_task().

> 
> I would also like to acknowledge the kind help of jcs@, whom I
> approached back when I made my first post on this matter (before
> the key shortcuts, wsconsctl only) upon coming across his acpicbkbd(4).
> 
> (installed in dev/acpi/amsc.c:319)
> 
> int
> asmc_get_backlight(struct wskbd_backlight *kbl)
> {
>   struct asmc_softc *sc = asmc_cd.cd_devs[0];
> 
>   KASSERT(sc != NULL);
>   kbl->min = 0;
>   kbl->max = 0xff;
>   kbl->curval = sc->sc_backlight;
>   return 0;
> }
> 
> int
> asmc_set_backlight(struct wskbd_backlight *kbl)
> {
>   struct asmc_softc *sc = asmc_cd.cd_devs[0];
> 
>   KASSERT(sc != NULL);
>   if (kbl->curval > 0xff)
> return EINVAL;
>   sc->sc_backlight = kbl->curval;
>   task_add(systq, >sc_task_backlight);
>   return 0;
> }
> 
> (installed in dev/acpi/acpicbkbd.c:94)
> 
> int
> acpicbkbd_get_backlight(struct wskbd_backlight *kbl)
> {
>   struct acpicbkbd_softc *sc = acpicbkbd_cd.cd_devs[0];
> 
>   KASSERT(sc != NULL);
> 
>   kbl->min = 0;
>   kbl->max = ACPICBKBD_MAX_BACKLIGHT;
>   kbl->curval = sc->sc_backlight;
> 
>   return 0;
> }
> 
> int
> acpicbkbd_set_backlight(struct wskbd_backlight *kbl)
> {
>   struct acpicbkbd_softc *sc = acpicbkbd_cd.cd_devs[0];
> 
>   KASSERT(sc != NULL);
> 
>   if (kbl->curval > ACPICBKBD_MAX_BACKLIGHT)
> return EINVAL;
> 
>   sc->sc_backlight = kbl->curval;
> 
>   acpi_addtask(sc->sc_acpi, acpicbkbd_write_backlight, sc, 0);
>   acpi_wakeup(sc->sc_acpi);
> 
>   return 0;
> }
> 
> (installed in dev/acpi/acpithinkpad.c:347)
> 
> int
> thinkpad_get_kbd_backlight(struct wskbd_backlight *kbl)
> {
>   struct acpithinkpad_softc *sc = acpithinkpad_cd.cd_devs[0];
> 
>   KASSERT(sc != NULL);
> 
>   kbl->min = 0;
>   kbl->max = (sc->sc_thinklight >> 8) & 0x0f;
>   kbl->curval = sc->sc_thinklight & 0x0f;
> 
>   if (kbl->max == 0)
> return (ENOTTY);
> 
>   return 0;
> }
> 
> int
> thinkpad_set_kbd_backlight(struct wskbd_backlight *kbl)
> {
>   struct acpithinkpad_softc *sc = acpithinkpad_cd.cd_devs[0];
>   int maxval;
> 
>   KASSERT(sc != NULL);
> 
>   maxval = (sc->sc_thinklight >> 8) & 0x0f;
> 
>   if (maxval == 0)
> return (ENOTTY);
> 
>   if (kbl->curval > maxval)
> return EINVAL;
> 
>   sc->sc_thinklight &= ~0xff;
>   sc->sc_thinklight |= kbl->curval;
>   acpi_addtask(sc->sc_acpi, thinkpad_set_thinklight, sc, 0);
>   acpi_wakeup(sc->sc_acpi);
>   return 0;
> }
> 
> (installed in pwmleds.c:102)
> int
> pwmleds_get_kbd_backlight(struct wskbd_backlight *kbl)
> {
>   struct pwmleds_softc *sc;
>   struct pwm_state ps;
>   int error;
> 
>   sc = pwmleds_kbd_backlight();
>   if (sc == NULL)
> return ENOTTY;
> 
>   error = pwm_get_state(sc->sc_pwm, );
>   if (error)
> return error;
> 
>   kbl->min = 0;
>   kbl->max = sc->sc_max_brightness;
>   kbl->curval = (ps.ps_enabled) ?
>   ((uint64_t)ps.ps_pulse_width * kbl->max) / ps.ps_period : 0;
>   return 0;
> }
> 
> int
> pwmleds_set_kbd_backlight(struct wskbd_backlight *kbl)
> {
>   struct pwmleds_softc *sc;
>   struct pwm_state ps;
> 
>   sc = pwmleds_kbd_backlight();
>   if (sc == NULL)
> return ENOTTY;
> 
>   if (kbl->curval < 0 || kbl->curval > sc->sc_max_brightness)
> return EINVAL;
> 
>   pwm_init_state(sc->sc_pwm, );
>   ps.ps_pulse_width =
>   ((uint64_t)kbl->curval * ps.ps_period) / sc->sc_max_brightness;
>   ps.ps_enabled = (ps.ps_pulse_width > 0);
>   return pwm_set_state(sc->sc_pwm, );
> }

Re: [Diff] Keyboard backlight support for late powerbooks, plus keybindings

[Tobias Heider]

On Sat, Jul 22, 2023 at 08:59:04PM -0400, George Koehler wrote:
> On Wed, 19 Jul 2023 02:03:26 +0200
> Tobias Heider  wrote:
> 
> > > ok anyone?
> > 
> > No one interested in working keyboard backlight shortcuts?
> > Don't get scared by the powerbook part, a lot of this is reusable for other 
> > laptop models.
> 
> The arch/macppc/* part is ok gkoehler@, except for 2 minor style
> issues at the top of adb.c.  I have an issue with the wscons part.
> See my comments below.
> 
> On Fri, 14 Jul 2023 17:53:41 + (UTC)
> jon@elytron.openbsd.amsterdam wrote:
> 
> > Index: arch/macppc/dev/adb.c
> > ===
> > RCS file: /cvs/src/sys/arch/macppc/dev/adb.c,v
> > retrieving revision 1.50
> > diff -u -p -r1.50 adb.c
> > --- arch/macppc/dev/adb.c   11 Apr 2023 00:45:07 -  1.50
> > +++ arch/macppc/dev/adb.c   13 Jul 2023 21:17:17 -
> > @@ -102,6 +102,8 @@
> >  #include 
> >  #include 
> >  
> > +#include 
> > +
> >  #include "apm.h"
> >  
> >  #define printf_intr printf
> 
> 1st minor style issue: Please move this next to one of the other
> #include  lines.
> 
> > @@ -242,6 +244,12 @@ void   setsoftadb(void);
> >  intadb_intr(void *arg);
> >  void   adb_cuda_autopoll(void);
> >  void   adb_cuda_fileserver_mode(void);
> > +uint8_t pmu_backlight; /* keyboard backlight value */
> > +intpmu_get_backlight(struct wskbd_backlight *);
> > +intpmu_set_backlight(struct wskbd_backlight *);
> > +extern int (*wskbd_get_backlight)(struct wskbd_backlight *);
> > +extern int (*wskbd_set_backlight)(struct wskbd_backlight *);
> > +
> >  
> >  #ifndef SMALL_KERNEL
> >  void   adb_shutdown(void *);
> 
> 2nd minor style issue: Please delete the extra space before
> "pmu_backlight".
> 
> > @@ -1730,8 +1738,11 @@ adbattach(struct device *parent, struct 
> >  
> > if (adbHardware == ADB_HW_CUDA)
> > adb_cuda_fileserver_mode();
> > -   if (adbHardware == ADB_HW_PMU)
> > +   if (adbHardware == ADB_HW_PMU) {
> > +   wskbd_get_backlight = pmu_get_backlight;
> > +   wskbd_set_backlight = pmu_set_backlight;
> > pmu_fileserver_mode(1);
> > +   }
> >  
> > /*
> >  * XXX If the machine doesn't have an ADB bus (PowerBook5,6+)
> 
> This code enables pmu_{get,set}_backlight for almost all macppc
> models, including those without a keyboard backlight.  I am ok with
> this, because I don't know how to detect exactly which models do or
> don't have a backlight.
> 
> I booted this diff on an iMac G4 Flat Panel (PowerMac6,1), which
> has no internal keyboard (so no backlight).  It boots with
> "wsconsctl keyboard.backlight" at 0%.  Commands like "wsconsctl
> keyboard.backlight=100" change the number but have no other effect.
> 
> I also booted it on an older PowerBook G4 (PowerBook5,4).  This has
> a different keyboard backlight; this diff doesn't support it, so
> "wsconsctl keyboard.backlight=100" does nothing.
> 
> > @@ -1757,4 +1768,20 @@ adbattach(struct device *parent, struct 
> > if (adbHardware == ADB_HW_CUDA)
> > adb_cuda_autopoll();
> > adb_polling = 0;
> > +}
> > +
> > +int
> > +pmu_get_backlight(struct wskbd_backlight *kbl)
> > +{
> > +   kbl->min = 0;
> > +   kbl->max = 0xff;
> > +   kbl->curval = pmu_backlight;
> > +   return 0;
> > +}
> > +
> > +int
> > +pmu_set_backlight(struct wskbd_backlight *kbl)
> > +{
> > +   pmu_backlight = kbl->curval;
> > +   return pmu_set_kbl(pmu_backlight);
> >  }
> > Index: arch/macppc/dev/pm_direct.c
> > ===
> > RCS file: /cvs/src/sys/arch/macppc/dev/pm_direct.c,v
> > retrieving revision 1.34
> > diff -u -p -r1.34 pm_direct.c
> > --- arch/macppc/dev/pm_direct.c 28 Dec 2022 07:40:23 -  1.34
> > +++ arch/macppc/dev/pm_direct.c 13 Jul 2023 21:17:24 -
> > @@ -853,3 +853,22 @@ pmu_fileserver_mode(int on)
> > }
> > pmgrop();
> >  }
> > +
> > +int
> > +pmu_set_kbl(unsigned int level)
> > +{
> > +   if (level > 0xff)
> > +   return (EINVAL);
> > +
> > +   PMData p;
> > +
> > +   p.command = 0x4F;
> > +   p.num_data = 3;
> > +   p.s_buf = p.r_buf = p.data;
> > +   p.data[0] = 0;
> > +   p.data[1] = 0;
> > +   p.data[2]

Re: [Diff] Keyboard backlight support for late powerbooks, plus keybindings

[Tobias Heider]

On Fri, Jul 14, 2023 at 09:17:20PM +0200, Tobias Heider wrote:
> On Fri, Jul 14, 2023 at 05:53:41PM +, jon@elytron.openbsd.amsterdam wrote:
> > Hello everyone. After a tobhe@'s recent patch [1] to add suspend
> > keysyms for other mac laptops, and a brief consultation with him,
> > I am reposting an updated version of my keyboard backlight
> > patch [2], which you can find below:
> > 
> > [1] https://marc.info/?l=openbsd-tech=168884670208963=2
> > 
> > [2] https://marc.info/?l=openbsd-tech=167755750511636=2
> 
> Hi,
> 
> the diff looks good to me except for maybe the numlock bit in hidkbd
> which seems unrelated to the rest of the changes, but we can drop that
> before committing.
> One thing I am never quite sure about is the keycode to internal key 
> translation,
> I am assuming you just picked 234 - 236 incrementally. Maybe miod@ (cc) knows 
> if
> there are better ones to use here.
> 
> I have also tested it and verified it works on my PowerBook G4.
> 
> ok anyone?

No one interested in working keyboard backlight shortcuts?
Don't get scared by the powerbook part, a lot of this is reusable for other 
laptop models.

> 
> > 
> > Index: arch/macppc/dev/adb.c
> > ===
> > RCS file: /cvs/src/sys/arch/macppc/dev/adb.c,v
> > retrieving revision 1.50
> > diff -u -p -r1.50 adb.c
> > --- arch/macppc/dev/adb.c   11 Apr 2023 00:45:07 -  1.50
> > +++ arch/macppc/dev/adb.c   13 Jul 2023 21:17:17 -
> > @@ -102,6 +102,8 @@
> >  #include 
> >  #include 
> >  
> > +#include 
> > +
> >  #include "apm.h"
> >  
> >  #define printf_intr printf
> > @@ -242,6 +244,12 @@ void   setsoftadb(void);
> >  intadb_intr(void *arg);
> >  void   adb_cuda_autopoll(void);
> >  void   adb_cuda_fileserver_mode(void);
> > +uint8_t pmu_backlight; /* keyboard backlight value */
> > +intpmu_get_backlight(struct wskbd_backlight *);
> > +intpmu_set_backlight(struct wskbd_backlight *);
> > +extern int (*wskbd_get_backlight)(struct wskbd_backlight *);
> > +extern int (*wskbd_set_backlight)(struct wskbd_backlight *);
> > +
> >  
> >  #ifndef SMALL_KERNEL
> >  void   adb_shutdown(void *);
> > @@ -1730,8 +1738,11 @@ adbattach(struct device *parent, struct 
> >  
> > if (adbHardware == ADB_HW_CUDA)
> > adb_cuda_fileserver_mode();
> > -   if (adbHardware == ADB_HW_PMU)
> > +   if (adbHardware == ADB_HW_PMU) {
> > +   wskbd_get_backlight = pmu_get_backlight;
> > +   wskbd_set_backlight = pmu_set_backlight;
> > pmu_fileserver_mode(1);
> > +   }
> >  
> > /*
> >  * XXX If the machine doesn't have an ADB bus (PowerBook5,6+)
> > @@ -1757,4 +1768,20 @@ adbattach(struct device *parent, struct 
> > if (adbHardware == ADB_HW_CUDA)
> > adb_cuda_autopoll();
> > adb_polling = 0;
> > +}
> > +
> > +int
> > +pmu_get_backlight(struct wskbd_backlight *kbl)
> > +{
> > +   kbl->min = 0;
> > +   kbl->max = 0xff;
> > +   kbl->curval = pmu_backlight;
> > +   return 0;
> > +}
> > +
> > +int
> > +pmu_set_backlight(struct wskbd_backlight *kbl)
> > +{
> > +   pmu_backlight = kbl->curval;
> > +   return pmu_set_kbl(pmu_backlight);
> >  }
> > Index: arch/macppc/dev/pm_direct.c
> > ===
> > RCS file: /cvs/src/sys/arch/macppc/dev/pm_direct.c,v
> > retrieving revision 1.34
> > diff -u -p -r1.34 pm_direct.c
> > --- arch/macppc/dev/pm_direct.c 28 Dec 2022 07:40:23 -  1.34
> > +++ arch/macppc/dev/pm_direct.c 13 Jul 2023 21:17:24 -
> > @@ -853,3 +853,22 @@ pmu_fileserver_mode(int on)
> > }
> > pmgrop();
> >  }
> > +
> > +int
> > +pmu_set_kbl(unsigned int level)
> > +{
> > +   if (level > 0xff)
> > +   return (EINVAL);
> > +
> > +   PMData p;
> > +
> > +   p.command = 0x4F;
> > +   p.num_data = 3;
> > +   p.s_buf = p.r_buf = p.data;
> > +   p.data[0] = 0;
> > +   p.data[1] = 0;
> > +   p.data[2] = level;
> > +   pmgrop();
> > +   return (0);
> > +}
> > +
> > Index: arch/macppc/dev/pm_direct.h
> > ===
> > RCS file: /cvs/src/sys/arch/macppc/dev/pm_direct.h,v
> > retrieving revision 1.15
> > diff -u -p -r1.15 pm_direct.h
> > --- ar

Re: iked: s/ibuf_cat/ibuf_add_buf/

[Tobias Heider]

On Tue, Jul 18, 2023 at 03:16:12PM +0200, Claudio Jeker wrote:
> ibuf_cat() is the same as ibuf_add_buf() so use the latter.

ok tobhe@

> 
> -- 
> :wq Claudio
> 
> Index: eap.c
> ===
> RCS file: /cvs/src/sbin/iked/eap.c,v
> retrieving revision 1.24
> diff -u -p -r1.24 eap.c
> --- eap.c 23 May 2023 13:57:14 -  1.24
> +++ eap.c 18 Jul 2023 13:11:27 -
> @@ -112,7 +112,7 @@ eap_identity_request(struct iked *env, s
>   if ((pld = ikev2_add_payload(e)) == NULL)
>   goto done;
>   firstpayload = IKEV2_PAYLOAD_IDr;
> - if (ibuf_cat(e, id->id_buf) != 0)
> + if (ibuf_add_buf(e, id->id_buf) != 0)
>   goto done;
>   len = ibuf_size(id->id_buf);
>  
> @@ -127,7 +127,7 @@ eap_identity_request(struct iked *env, s
>   if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
>   goto done;
>   cert->cert_type = certid->id_type;
> - if (ibuf_cat(e, certid->id_buf) != 0)
> + if (ibuf_add_buf(e, certid->id_buf) != 0)
>   goto done;
>   len = ibuf_size(certid->id_buf) + sizeof(*cert);
>  
> @@ -142,7 +142,7 @@ eap_identity_request(struct iked *env, s
>   if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
>   goto done;
>   cert->cert_type = sa->sa_scert[i].id_type;
> - if (ibuf_cat(e, sa->sa_scert[i].id_buf) != 0)
> + if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) != 0)
>   goto done;
>   len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert);
>   }
> @@ -157,7 +157,7 @@ eap_identity_request(struct iked *env, s
>   if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL)
>   goto done;
>   auth->auth_method = sa->sa_localauth.id_type;
> - if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0)
> + if (ibuf_add_buf(e, sa->sa_localauth.id_buf) != 0)
>   goto done;
>   len = ibuf_size(sa->sa_localauth.id_buf) + sizeof(*auth);
>  
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.221
> diff -u -p -r1.221 iked.h
> --- iked.h16 Jul 2023 15:21:46 -  1.221
> +++ iked.h18 Jul 2023 13:11:31 -
> @@ -1268,7 +1268,6 @@ struct ibuf *
>ibuf_new(const void *, size_t);
>  struct ibuf *
>ibuf_static(void);
> -int   ibuf_cat(struct ibuf *, struct ibuf *);
>  size_tibuf_length(struct ibuf *);
>  int   ibuf_setsize(struct ibuf *, size_t);
>  struct ibuf *
> Index: ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.373
> diff -u -p -r1.373 ikev2.c
> --- ikev2.c   16 Jul 2023 15:21:46 -  1.373
> +++ ikev2.c   18 Jul 2023 13:13:37 -
> @@ -1609,7 +1609,7 @@ ikev2_init_ike_auth(struct iked *env, st
>   if ((pld = ikev2_add_payload(e)) == NULL)
>   goto done;
>   firstpayload = IKEV2_PAYLOAD_IDi;
> - if (ibuf_cat(e, id->id_buf) != 0)
> + if (ibuf_add_buf(e, id->id_buf) != 0)
>   goto done;
>   len = ibuf_size(id->id_buf);
>  
> @@ -1623,7 +1623,7 @@ ikev2_init_ike_auth(struct iked *env, st
>   goto done;
>   if ((pld = ikev2_add_payload(e)) == NULL)
>   goto done;
> - if (ibuf_cat(e, peerid.id_buf) != 0)
> + if (ibuf_add_buf(e, peerid.id_buf) != 0)
>   goto done;
>   len = ibuf_size(peerid.id_buf);
>   }
> @@ -1639,7 +1639,7 @@ ikev2_init_ike_auth(struct iked *env, st
>   if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
>   goto done;
>   cert->cert_type = certid->id_type;
> - if (ibuf_cat(e, certid->id_buf) != 0)
> + if (ibuf_add_buf(e, certid->id_buf) != 0)
>   goto done;
>   len = ibuf_size(certid->id_buf) + sizeof(*cert);
>  
> @@ -1654,7 +1654,7 @@ ikev2_init_ike_auth(struct iked *env, st
>   if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
>   goto done;
>   cert->cert_type = sa->sa_scert[i].id_type;
> - if (ibuf_cat(e, sa->sa_scert[i].id_buf) != 0)
> + if (ibuf_add_buf(e, sa->sa_scert[i].id_buf) != 0)
>   goto done;
>   len = ibuf_size(sa->sa_scert[i].id_buf) + sizeof(*cert);
>   }
> @@ -1679,7 +1679,7 @@ ikev2_init_ike_auth(struct iked *env, st
>   if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL)
>   goto done;
>   auth->auth_method = sa->sa_localauth.id_type;
> - if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0)
> + if 

Re: iked: more ibuf cleanup

[Tobias Heider]

On Sun, Jul 16, 2023 at 04:24:15PM +0200, Claudio Jeker wrote:
> Rename ibuf_get() to ibuf_getdata() by merging the two functions together.
> I want to use ibuf_get() as part of the ibuf API so this needs to move.
> Also use ibuf_add_zero() in a place of ibuf_reserve() and remove a check
> for buf->buf == NULL in ibuf_length() which has nothing to do there.
> 
> -- 
> :wq Claudio

ok tobhe@

> 
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.220
> diff -u -p -r1.220 iked.h
> --- iked.h28 Jun 2023 14:10:24 -  1.220
> +++ iked.h16 Jul 2023 13:45:20 -
> @@ -1271,9 +1271,8 @@ struct ibuf *
>  int   ibuf_cat(struct ibuf *, struct ibuf *);
>  size_tibuf_length(struct ibuf *);
>  int   ibuf_setsize(struct ibuf *, size_t);
> -void *ibuf_getdata(struct ibuf *, size_t);
>  struct ibuf *
> -  ibuf_get(struct ibuf *, size_t);
> +  ibuf_getdata(struct ibuf *, size_t);
>  struct ibuf *
>ibuf_dup(struct ibuf *);
>  struct ibuf *
> Index: ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.372
> diff -u -p -r1.372 ikev2.c
> --- ikev2.c   28 Jun 2023 14:10:24 -  1.372
> +++ ikev2.c   16 Jul 2023 13:54:01 -
> @@ -5829,16 +5829,20 @@ ikev2_sa_keys(struct iked *env, struct i
>   goto done;
>   }
>  
> - /* ibuf_get() returns a new buffer from the next read offset */
> - if ((sa->sa_key_d = ibuf_get(t, hash_length(prf))) == NULL ||
> + /* ibuf_getdata() returns a new buffer from the next read offset */
> + if ((sa->sa_key_d = ibuf_getdata(t, hash_length(prf))) == NULL ||
>   (!isaead &&
> - (sa->sa_key_iauth = ibuf_get(t, hash_keylength(integr))) == NULL) ||
> + (sa->sa_key_iauth = ibuf_getdata(t, hash_keylength(integr))) ==
> + NULL) ||
>   (!isaead &&
> - (sa->sa_key_rauth = ibuf_get(t, hash_keylength(integr))) == NULL) ||
> - (sa->sa_key_iencr = ibuf_get(t, cipher_keylength(encr))) == NULL ||
> - (sa->sa_key_rencr = ibuf_get(t, cipher_keylength(encr))) == NULL ||
> - (sa->sa_key_iprf = ibuf_get(t, hash_length(prf))) == NULL ||
> - (sa->sa_key_rprf = ibuf_get(t, hash_length(prf))) == NULL) {
> + (sa->sa_key_rauth = ibuf_getdata(t, hash_keylength(integr))) ==
> + NULL) ||
> + (sa->sa_key_iencr = ibuf_getdata(t, cipher_keylength(encr))) ==
> + NULL ||
> + (sa->sa_key_rencr = ibuf_getdata(t, cipher_keylength(encr))) ==
> + NULL ||
> + (sa->sa_key_iprf = ibuf_getdata(t, hash_length(prf))) == NULL ||
> + (sa->sa_key_rprf = ibuf_getdata(t, hash_length(prf))) == NULL) {
>   log_debug("%s: failed to get SA keys", SPI_SA(sa, __func__));
>   goto done;
>   }
> @@ -6307,13 +6311,13 @@ ikev2_childsa_negotiate(struct iked *env
>   csa->csa_spi.spi_size = 4;
>   }
>  
> - if (encrxf && (csa->csa_encrkey = ibuf_get(keymat,
> + if (encrxf && (csa->csa_encrkey = ibuf_getdata(keymat,
>   encrxf->xform_keylength / 8)) == NULL) {
>   log_debug("%s: failed to get CHILD SA encryption key",
>   __func__);
>   goto done;
>   }
> - if (integrxf && (csa->csa_integrkey = ibuf_get(keymat,
> + if (integrxf && (csa->csa_integrkey = ibuf_getdata(keymat,
>   integrxf->xform_keylength / 8)) == NULL) {
>   log_debug("%s: failed to get CHILD SA integrity key",
>   __func__);
> @@ -6340,13 +6344,13 @@ ikev2_childsa_negotiate(struct iked *env
>   csb->csa_local = csa->csa_peer;
>   csb->csa_peer = csa->csa_local;
>  
> - if (encrxf && (csb->csa_encrkey = ibuf_get(keymat,
> + if (encrxf && (csb->csa_encrkey = ibuf_getdata(keymat,
>   encrxf->xform_keylength / 8)) == NULL) {
>   log_debug("%s: failed to get CHILD SA encryption key",
>   __func__);
>   goto done;
>   }
> - if (integrxf && (csb->csa_integrkey = ibuf_get(keymat,
> + if (integrxf && (csb->csa_integrkey = ibuf_getdata(keymat,
>   integrxf->xform_keylength / 8)) == NULL) {
>   log_debug("%s: failed to get CHILD SA integrity key",
>   __func__);
> Index: imsg_util.c
> ===
> RCS file: /cvs/src/sbin/iked/imsg_util.c,v
> retrieving revision 1.19
> diff -u -p -r1.19 imsg_util.c
> --- imsg_util.c   19 Jun 2023 17:19:50 -  1.19
> +++ imsg_util.c   16 Jul 2023 13:59:29 -
> @@ -55,7 +55,7 @@ ibuf_new(const void *data, size_t len)
>  

Re: [Diff] Keyboard backlight support for late powerbooks, plus keybindings

[Tobias Heider]

On Fri, Jul 14, 2023 at 05:53:41PM +, jon@elytron.openbsd.amsterdam wrote:
> Hello everyone. After a tobhe@'s recent patch [1] to add suspend
> keysyms for other mac laptops, and a brief consultation with him,
> I am reposting an updated version of my keyboard backlight
> patch [2], which you can find below:
> 
> [1] https://marc.info/?l=openbsd-tech=168884670208963=2
> 
> [2] https://marc.info/?l=openbsd-tech=167755750511636=2

Hi,

the diff looks good to me except for maybe the numlock bit in hidkbd
which seems unrelated to the rest of the changes, but we can drop that
before committing.
One thing I am never quite sure about is the keycode to internal key 
translation,
I am assuming you just picked 234 - 236 incrementally. Maybe miod@ (cc) knows if
there are better ones to use here.

I have also tested it and verified it works on my PowerBook G4.

ok anyone?

> 
> Index: arch/macppc/dev/adb.c
> ===
> RCS file: /cvs/src/sys/arch/macppc/dev/adb.c,v
> retrieving revision 1.50
> diff -u -p -r1.50 adb.c
> --- arch/macppc/dev/adb.c 11 Apr 2023 00:45:07 -  1.50
> +++ arch/macppc/dev/adb.c 13 Jul 2023 21:17:17 -
> @@ -102,6 +102,8 @@
>  #include 
>  #include 
>  
> +#include 
> +
>  #include "apm.h"
>  
>  #define printf_intr printf
> @@ -242,6 +244,12 @@ void setsoftadb(void);
>  int  adb_intr(void *arg);
>  void adb_cuda_autopoll(void);
>  void adb_cuda_fileserver_mode(void);
> +uint8_t   pmu_backlight; /* keyboard backlight value */
> +int  pmu_get_backlight(struct wskbd_backlight *);
> +int  pmu_set_backlight(struct wskbd_backlight *);
> +extern int (*wskbd_get_backlight)(struct wskbd_backlight *);
> +extern int (*wskbd_set_backlight)(struct wskbd_backlight *);
> +
>  
>  #ifndef SMALL_KERNEL
>  void adb_shutdown(void *);
> @@ -1730,8 +1738,11 @@ adbattach(struct device *parent, struct 
>  
>   if (adbHardware == ADB_HW_CUDA)
>   adb_cuda_fileserver_mode();
> - if (adbHardware == ADB_HW_PMU)
> + if (adbHardware == ADB_HW_PMU) {
> + wskbd_get_backlight = pmu_get_backlight;
> + wskbd_set_backlight = pmu_set_backlight;
>   pmu_fileserver_mode(1);
> + }
>  
>   /*
>* XXX If the machine doesn't have an ADB bus (PowerBook5,6+)
> @@ -1757,4 +1768,20 @@ adbattach(struct device *parent, struct 
>   if (adbHardware == ADB_HW_CUDA)
>   adb_cuda_autopoll();
>   adb_polling = 0;
> +}
> +
> +int
> +pmu_get_backlight(struct wskbd_backlight *kbl)
> +{
> + kbl->min = 0;
> + kbl->max = 0xff;
> + kbl->curval = pmu_backlight;
> + return 0;
> +}
> +
> +int
> +pmu_set_backlight(struct wskbd_backlight *kbl)
> +{
> + pmu_backlight = kbl->curval;
> + return pmu_set_kbl(pmu_backlight);
>  }
> Index: arch/macppc/dev/pm_direct.c
> ===
> RCS file: /cvs/src/sys/arch/macppc/dev/pm_direct.c,v
> retrieving revision 1.34
> diff -u -p -r1.34 pm_direct.c
> --- arch/macppc/dev/pm_direct.c   28 Dec 2022 07:40:23 -  1.34
> +++ arch/macppc/dev/pm_direct.c   13 Jul 2023 21:17:24 -
> @@ -853,3 +853,22 @@ pmu_fileserver_mode(int on)
>   }
>   pmgrop();
>  }
> +
> +int
> +pmu_set_kbl(unsigned int level)
> +{
> + if (level > 0xff)
> + return (EINVAL);
> +
> + PMData p;
> +
> + p.command = 0x4F;
> + p.num_data = 3;
> + p.s_buf = p.r_buf = p.data;
> + p.data[0] = 0;
> + p.data[1] = 0;
> + p.data[2] = level;
> + pmgrop();
> + return (0);
> +}
> +
> Index: arch/macppc/dev/pm_direct.h
> ===
> RCS file: /cvs/src/sys/arch/macppc/dev/pm_direct.h,v
> retrieving revision 1.15
> diff -u -p -r1.15 pm_direct.h
> --- arch/macppc/dev/pm_direct.h   21 Oct 2022 22:42:36 -  1.15
> +++ arch/macppc/dev/pm_direct.h   13 Jul 2023 21:17:24 -
> @@ -67,6 +67,7 @@ struct pmu_battery_info
>  };
>  
>  int pm_battery_info(int, struct pmu_battery_info *);
> +int pmu_set_kbl(unsigned int);
>  
>  void pm_eject_pcmcia(int);
>  void pmu_fileserver_mode(int);
> Index: dev/hid/hidkbd.c
> ===
> RCS file: /cvs/src/sys/dev/hid/hidkbd.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 hidkbd.c
> --- dev/hid/hidkbd.c  9 Jul 2023 08:02:13 -   1.9
> +++ dev/hid/hidkbd.c  13 Jul 2023 21:17:42 -
> @@ -143,6 +143,10 @@ static const struct hidkbd_translation a
>   { 60, 127 },/* F3 -> audio mute */
>   { 61, 129 },/* F4 -> audio lower */
>   { 62, 128 },/* F5 -> audio raise */
> + { 63, 83 }, /* F6 -> num lock */
> + { 65, 234 },/* F8 -> backlight toggle*/
> + { 66, 236 },/* F9 -> backlight lower */
> + { 67, 235 },/* F10 -> backlight raise*/
>  #else
>   { 63, 102 },/* F6 -> sleep */
>   { 67, 127 },/* F10 

Re: Remove ENGINE use from relayd

[Tobias Heider]

On Thu, Jul 13, 2023 at 05:44:03AM +0200, Theo Buehler wrote:
> This is analogous to the change that op committed to smtpd a few days
> ago. Instead of using ENGINE to make RSA use privsep via imsg, create
> an RSA method that has custom priv_enc/priv_dec methods, replace the
> default RSA method. Ditch numerous wrappers that extract the default
> methods on the fly only to add a log call.
> 
> This removes a lot of boilerplate and shows more clearly where the
> actual magic happens. Regress exercises this code and passes.

Nice, that is a lot of boilerplate. ok tobhe@

> 
> Index: ca.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
> retrieving revision 1.42
> diff -u -p -r1.42 ca.c
> --- ca.c  11 Jun 2023 10:30:26 -  1.42
> +++ ca.c  11 Jul 2023 18:21:47 -
> @@ -41,20 +41,8 @@ voidca_launch(void);
>  int   ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
>  int   ca_dispatch_relay(int, struct privsep_proc *, struct imsg *);
>  
> -int   rsae_pub_enc(int, const u_char *, u_char *, RSA *, int);
> -int   rsae_pub_dec(int,const u_char *, u_char *, RSA *, int);
>  int   rsae_priv_enc(int, const u_char *, u_char *, RSA *, int);
>  int   rsae_priv_dec(int, const u_char *, u_char *, RSA *, int);
> -int   rsae_mod_exp(BIGNUM *, const BIGNUM *, RSA *, BN_CTX *);
> -int   rsae_bn_mod_exp(BIGNUM *, const BIGNUM *, const BIGNUM *,
> - const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
> -int   rsae_init(RSA *);
> -int   rsae_finish(RSA *);
> -int   rsae_sign(int, const u_char *, u_int, u_char *, u_int *,
> - const RSA *);
> -int   rsae_verify(int dtype, const u_char *m, u_int, const u_char *,
> - u_int, const RSA *);
> -int   rsae_keygen(RSA *, int, BIGNUM *, BN_GENCB *);
>  
>  static struct relayd *env = NULL;
>  
> @@ -301,7 +289,7 @@ ca_dispatch_relay(int fd, struct privsep
>   * RSA privsep engine (called from unprivileged processes)
>   */
>  
> -const RSA_METHOD *rsa_default = NULL;
> +static const RSA_METHOD *rsa_default;
>  static RSA_METHOD *rsae_method;
>  
>  static int
> @@ -417,20 +405,6 @@ rsae_send_imsg(int flen, const u_char *f
>  }
>  
>  int
> -rsae_pub_enc(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_pub_enc(rsa_default)(flen, from, to, rsa, padding);
> -}
> -
> -int
> -rsae_pub_dec(int flen,const u_char *from, u_char *to, RSA *rsa,int padding)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_pub_dec(rsa_default)(flen, from, to, rsa, padding);
> -}
> -
> -int
>  rsae_priv_enc(int flen, const u_char *from, u_char *to, RSA *rsa, int 
> padding)
>  {
>   DPRINTF("%s:%d", __func__, __LINE__);
> @@ -444,69 +418,10 @@ rsae_priv_dec(int flen, const u_char *fr
>   return rsae_send_imsg(flen, from, to, rsa, padding, IMSG_CA_PRIVDEC);
>  }
>  
> -int
> -rsae_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_mod_exp(rsa_default)(r0, I, rsa, ctx);
> -}
> -
> -int
> -rsae_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
> -const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_bn_mod_exp(rsa_default)(r, a, p, m, ctx, m_ctx);
> -}
> -
> -int
> -rsae_init(RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - if (RSA_meth_get_init(rsa_default) == NULL)
> - return 1;
> - return RSA_meth_get_init(rsa_default)(rsa);
> -}
> -
> -int
> -rsae_finish(RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - if (RSA_meth_get_finish(rsa_default) == NULL)
> - return 1;
> - return RSA_meth_get_finish(rsa_default)(rsa);
> -}
> -
> -int
> -rsae_sign(int type, const u_char *m, u_int m_length, u_char *sigret,
> -u_int *siglen, const RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_sign(rsa_default)(type, m, m_length,
> - sigret, siglen, rsa);
> -}
> -
> -int
> -rsae_verify(int dtype, const u_char *m, u_int m_length, const u_char *sigbuf,
> -u_int siglen, const RSA *rsa)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_verify(rsa_default)(dtype, m, m_length,
> - sigbuf, siglen, rsa);
> -}
> -
> -int
> -rsae_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
> -{
> - DPRINTF("%s:%d", __func__, __LINE__);
> - return RSA_meth_get_keygen(rsa_default)(rsa, bits, e, cb);
> -}
> -
>  void
>  ca_engine_init(struct relayd *x_env)
>  {
> - ENGINE  *e = NULL;
> - const char  *errstr, *name;
> + const char  *errstr;
>  
>   if (env == NULL)
>   env = x_env;
> @@ -514,68 +429,25 @@ ca_engine_init(struct relayd *x_env)
>   if (rsa_default != NULL)
>   return;
>  
> - if ((rsae_method = 

Re: m2: add suspend keyboard shortcut

[Tobias Heider]

On Sat, Jul 08, 2023 at 07:33:01PM +0200, Tobias Heider wrote:
> On Sat, Jul 08, 2023 at 04:06:33PM +, Miod Vallat wrote:
> > > Now that we have request_sleep() we can add a new internal KS_Cmd_Sleep
> > > keycode, map it into the macbook keyboard, catch in wskbd and go to sleep.
> > > 
> > > ok?
> > 
> > > --- sys/dev/usb/ukbdmap.c
> > > +++ sys/dev/usb/ukbdmap.c
> > > @@ -176,6 +176,7 @@ static const keysym_t ukbd_keydesc_us[] = {
> > >  KC(127), KS_AudioMute,
> > >  KC(128), KS_AudioRaise,
> > >  KC(129), KS_AudioLower,
> > > +KC(130), KS_Cmd_Sleep,
> > >  KC(224), KS_Cmd1,KS_Control_L,
> > >  KC(225), KS_Shift_L,
> > >  KC(226), KS_Cmd2,KS_Alt_L,
> > 
> > This file is generated, so the changes would be lost eventually.
> > 
> > You should add this in makemap.awk in the block starting at line 330.
> > Also, that block mentions the use of keysym 102 for suspend, rather than
> > 130 (which you probably picked randomly), so I would prefer if you
> > would use 102, this would allow this feature to also work on more
> > systems.
> 
> Right, I should have known that. Here is an update with all the fixes
> you requested including always returning 1, 102 as id and the awk script.
> I will of course commit in two steps but included it all in the same
> diff for convenience.
> 
> ok?
> 

Another set of minor fixes. Adjusted a comment and ordered some cases.

ok?

diff 4cfcaa1dc85fba5c0672ef2787341ee6cc639979 
54e9e6e4cef8b11d5e0feeec9d653a59eedd3392
commit - 4cfcaa1dc85fba5c0672ef2787341ee6cc639979
commit + 54e9e6e4cef8b11d5e0feeec9d653a59eedd3392
blob - c1faded214af03befd904994c6b8a9606f6b64c8
blob + 5469509f51b5410c261fa6f18b68157499480883
--- sys/dev/hid/hidkbd.c
+++ sys/dev/hid/hidkbd.c
@@ -144,6 +144,7 @@ static const struct hidkbd_translation apple_fn_trans[
{ 61, 129 },/* F4 -> audio lower */
{ 62, 128 },/* F5 -> audio raise */
 #else
+   { 63, 102 },/* F6 -> sleep */
{ 67, 127 },/* F10 -> audio mute */
{ 68, 129 },/* F11 -> audio lower */
{ 69, 128 },/* F12 -> audio raise */
@@ -557,11 +558,12 @@ hidkbd_decode(struct hidkbd *kbd, struct hidkbd_data *
wskbd_rawinput(kbd->sc_wskbddev, cbuf, j);
 
/*
-* Pass audio and brightness keys to wskbd_input anyway.
+* Pass audio, brightness and sleep keys to wskbd_input anyway.
 */
for (i = 0; i < nkeys; i++) {
key = ibuf[i];
switch (key & CODEMASK) {
+   case 102:
case 127:
case 128:
case 129:
blob - 8a258dc9bf71251c002f5edb290c011537943ea6
blob + 6f18b7170d87d3b1239cf8550105e06fb9870bf6
--- sys/dev/usb/makemap.awk
+++ sys/dev/usb/makemap.awk
@@ -329,7 +329,7 @@ $1 == "#define" || $1 == "#undef" {
# the ``menu'' key.
#
if (nmaps++ == 0) {
-   # 102 Suspend
+   lines[102] = "KC(102),\tKS_Cmd_Sleep,"
lines[116] = "KC(116),\tKS_Open,"
lines[117] = "KC(117),\tKS_Help,"
lines[118] = "KC(118),\tKS_Props,"
blob - da8a33e47dfe3e1c86990ae4e21914138d4fb785
blob + 918eb8526a7c2d8ad6e52385c83711fe6a6a3a98
--- sys/dev/usb/ukbdmap.c
+++ sys/dev/usb/ukbdmap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ukbdmap.c,v 1.47 2023/01/23 09:38:03 nicm Exp $   */
+/* $OpenBSD$   */
 
 /*
  * THIS FILE IS AUTOMAGICALLY GENERATED.  DO NOT EDIT.
@@ -150,6 +150,7 @@ static const keysym_t ukbd_keydesc_us[] = {
 KC(98),KS_KP_Insert,   KS_KP_0,
 KC(99),KS_KP_Delete,   KS_KP_Decimal,
 KC(101),   KS_Menu,
+KC(102),   KS_Cmd_Sleep,
 KC(104),   KS_f13,
 KC(105),   KS_f14,
 KC(106),   KS_f15,
blob - d651f119cb873b6712d678c866ee2ff0f067edaf
blob + e0fd80a19e348a88a38195f8f56161c697a32cd3
--- sys/dev/wscons/wskbd.c
+++ sys/dev/wscons/wskbd.c
@@ -1513,6 +1513,13 @@ internal_command(struct wskbd_softc *sc, u_int *type, 
if (*type != WSCONS_EVENT_KEY_DOWN)
return (0);
 
+#ifdef SUSPEND
+   if (ksym == KS_Cmd_Sleep) {
+   request_sleep(SLEEP_SUSPEND);
+   return (1);
+   }
+#endif
+
 #ifdef HAVE_SCROLLBACK_SUPPORT
 #if NWSDISPLAY > 0
switch (ksym) {
blob - 881510d1e7b40edbcc11a228b71d84c2aad63f0f
blob + d3d34cca8297ef03dbc310ac97b44c1759ed7da0
--- sys/dev/wscons/wsksymdef.h
+++ sys/dev/wscons/wsksymdef.h
@@ -667,6 +667,7 @@
 #define KS_Cmd_ScrollBack  0xf42c
 #define KS_Cmd_ScrollFwd   0xf42d
 #define KS_Cmd_KbdReset0xf42e
+#define KS_Cmd_Sleep   0xf42f
 
 /*
  * Group 5 (internal)

Re: m2: add suspend keyboard shortcut

[Tobias Heider]

On Sat, Jul 08, 2023 at 04:06:33PM +, Miod Vallat wrote:
> > Now that we have request_sleep() we can add a new internal KS_Cmd_Sleep
> > keycode, map it into the macbook keyboard, catch in wskbd and go to sleep.
> > 
> > ok?
> 
> > --- sys/dev/usb/ukbdmap.c
> > +++ sys/dev/usb/ukbdmap.c
> > @@ -176,6 +176,7 @@ static const keysym_t ukbd_keydesc_us[] = {
> >  KC(127),   KS_AudioMute,
> >  KC(128),   KS_AudioRaise,
> >  KC(129),   KS_AudioLower,
> > +KC(130),   KS_Cmd_Sleep,
> >  KC(224),   KS_Cmd1,KS_Control_L,
> >  KC(225),   KS_Shift_L,
> >  KC(226),   KS_Cmd2,KS_Alt_L,
> 
> This file is generated, so the changes would be lost eventually.
> 
> You should add this in makemap.awk in the block starting at line 330.
> Also, that block mentions the use of keysym 102 for suspend, rather than
> 130 (which you probably picked randomly), so I would prefer if you
> would use 102, this would allow this feature to also work on more
> systems.

Right, I should have known that. Here is an update with all the fixes
you requested including always returning 1, 102 as id and the awk script.
I will of course commit in two steps but included it all in the same
diff for convenience.

ok?

diff 4cfcaa1dc85fba5c0672ef2787341ee6cc639979 refs/heads/acpi
commit - 4cfcaa1dc85fba5c0672ef2787341ee6cc639979
commit + e5107675c0ac640f66a3461f4efa50b84f735ae0
blob - c1faded214af03befd904994c6b8a9606f6b64c8
blob + a88fa9e3d9d6fa12c84b64b992bb6008398777b1
--- sys/dev/hid/hidkbd.c
+++ sys/dev/hid/hidkbd.c
@@ -144,6 +144,7 @@ static const struct hidkbd_translation apple_fn_trans[
{ 61, 129 },/* F4 -> audio lower */
{ 62, 128 },/* F5 -> audio raise */
 #else
+   { 63, 102 },/* F6 -> sleep */
{ 67, 127 },/* F10 -> audio mute */
{ 68, 129 },/* F11 -> audio lower */
{ 69, 128 },/* F12 -> audio raise */
@@ -565,6 +566,7 @@ hidkbd_decode(struct hidkbd *kbd, struct hidkbd_data *
case 127:
case 128:
case 129:
+   case 102:
case 232:
case 233:
wskbd_input(kbd->sc_wskbddev,
blob - 8a258dc9bf71251c002f5edb290c011537943ea6
blob + 6f18b7170d87d3b1239cf8550105e06fb9870bf6
--- sys/dev/usb/makemap.awk
+++ sys/dev/usb/makemap.awk
@@ -329,7 +329,7 @@ $1 == "#define" || $1 == "#undef" {
# the ``menu'' key.
#
if (nmaps++ == 0) {
-   # 102 Suspend
+   lines[102] = "KC(102),\tKS_Cmd_Sleep,"
lines[116] = "KC(116),\tKS_Open,"
lines[117] = "KC(117),\tKS_Help,"
lines[118] = "KC(118),\tKS_Props,"
blob - da8a33e47dfe3e1c86990ae4e21914138d4fb785
blob + 918eb8526a7c2d8ad6e52385c83711fe6a6a3a98
--- sys/dev/usb/ukbdmap.c
+++ sys/dev/usb/ukbdmap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ukbdmap.c,v 1.47 2023/01/23 09:38:03 nicm Exp $   */
+/* $OpenBSD$   */
 
 /*
  * THIS FILE IS AUTOMAGICALLY GENERATED.  DO NOT EDIT.
@@ -150,6 +150,7 @@ static const keysym_t ukbd_keydesc_us[] = {
 KC(98),KS_KP_Insert,   KS_KP_0,
 KC(99),KS_KP_Delete,   KS_KP_Decimal,
 KC(101),   KS_Menu,
+KC(102),   KS_Cmd_Sleep,
 KC(104),   KS_f13,
 KC(105),   KS_f14,
 KC(106),   KS_f15,
blob - d651f119cb873b6712d678c866ee2ff0f067edaf
blob + e0fd80a19e348a88a38195f8f56161c697a32cd3
--- sys/dev/wscons/wskbd.c
+++ sys/dev/wscons/wskbd.c
@@ -1513,6 +1513,13 @@ internal_command(struct wskbd_softc *sc, u_int *type, 
if (*type != WSCONS_EVENT_KEY_DOWN)
return (0);
 
+#ifdef SUSPEND
+   if (ksym == KS_Cmd_Sleep) {
+   request_sleep(SLEEP_SUSPEND);
+   return (1);
+   }
+#endif
+
 #ifdef HAVE_SCROLLBACK_SUPPORT
 #if NWSDISPLAY > 0
switch (ksym) {
blob - 881510d1e7b40edbcc11a228b71d84c2aad63f0f
blob + d3d34cca8297ef03dbc310ac97b44c1759ed7da0
--- sys/dev/wscons/wsksymdef.h
+++ sys/dev/wscons/wsksymdef.h
@@ -667,6 +667,7 @@
 #define KS_Cmd_ScrollBack  0xf42c
 #define KS_Cmd_ScrollFwd   0xf42d
 #define KS_Cmd_KbdReset0xf42e
+#define KS_Cmd_Sleep   0xf42f
 
 /*
  * Group 5 (internal)

m2: add suspend keyboard shortcut

[Tobias Heider]

Now that we have request_sleep() we can add a new internal KS_Cmd_Sleep
keycode, map it into the macbook keyboard, catch in wskbd and go to sleep.

ok?

diff 4cfcaa1dc85fba5c0672ef2787341ee6cc639979 
16365606ee1145b5ae95e7bb74a7d9a411d0004a
commit - 4cfcaa1dc85fba5c0672ef2787341ee6cc639979
commit + 16365606ee1145b5ae95e7bb74a7d9a411d0004a
blob - c1faded214af03befd904994c6b8a9606f6b64c8
blob + ca1037cf81d7ce85f448aa16f63086a361d3b86c
--- sys/dev/hid/hidkbd.c
+++ sys/dev/hid/hidkbd.c
@@ -144,6 +144,7 @@ static const struct hidkbd_translation apple_fn_trans[
{ 61, 129 },/* F4 -> audio lower */
{ 62, 128 },/* F5 -> audio raise */
 #else
+   { 63, 130 },/* F6 -> sleep */
{ 67, 127 },/* F10 -> audio mute */
{ 68, 129 },/* F11 -> audio lower */
{ 69, 128 },/* F12 -> audio raise */
@@ -565,6 +566,7 @@ hidkbd_decode(struct hidkbd *kbd, struct hidkbd_data *
case 127:
case 128:
case 129:
+   case 130:
case 232:
case 233:
wskbd_input(kbd->sc_wskbddev,
blob - da8a33e47dfe3e1c86990ae4e21914138d4fb785
blob + 973ff475d06d3e5f58cdf937d89a50b0d755f135
--- sys/dev/usb/ukbdmap.c
+++ sys/dev/usb/ukbdmap.c
@@ -176,6 +176,7 @@ static const keysym_t ukbd_keydesc_us[] = {
 KC(127),   KS_AudioMute,
 KC(128),   KS_AudioRaise,
 KC(129),   KS_AudioLower,
+KC(130),   KS_Cmd_Sleep,
 KC(224),   KS_Cmd1,KS_Control_L,
 KC(225),   KS_Shift_L,
 KC(226),   KS_Cmd2,KS_Alt_L,
blob - d651f119cb873b6712d678c866ee2ff0f067edaf
blob + ce1a6e3c0f1e337b5f8fb5907f2f6c5de21767a8
--- sys/dev/wscons/wskbd.c
+++ sys/dev/wscons/wskbd.c
@@ -1513,6 +1513,11 @@ internal_command(struct wskbd_softc *sc, u_int *type, 
if (*type != WSCONS_EVENT_KEY_DOWN)
return (0);
 
+#ifdef SUSPEND
+   if (ksym == KS_Cmd_Sleep)
+   return request_sleep(SLEEP_SUSPEND);
+#endif
+
 #ifdef HAVE_SCROLLBACK_SUPPORT
 #if NWSDISPLAY > 0
switch (ksym) {
blob - 881510d1e7b40edbcc11a228b71d84c2aad63f0f
blob + d3d34cca8297ef03dbc310ac97b44c1759ed7da0
--- sys/dev/wscons/wsksymdef.h
+++ sys/dev/wscons/wsksymdef.h
@@ -667,6 +667,7 @@
 #define KS_Cmd_ScrollBack  0xf42c
 #define KS_Cmd_ScrollFwd   0xf42d
 #define KS_Cmd_KbdReset0xf42e
+#define KS_Cmd_Sleep   0xf42f
 
 /*
  * Group 5 (internal)

Re: request_sleep: new machine independent sleep api

[Tobias Heider]

On July 8, 2023 11:36:21 AM GMT+03:00, Mark Kettenis  
wrote:
>> Date: Sat, 8 Jul 2023 10:10:51 +0200
>> From: Tobias Heider 
>> 
>> This diff adds request_sleep(), a MI way of sending the machine to sleep in a
>> safe thread. Support is limited to amd64, i386 and arm64 at the moment, 
>> macppc
>> is currently an empty stub since it doesn't implement a sleep task (yet).
>> 
>> Once this works, my next plan is adding a Ks_Cmd_Sleep keybinding that is 
>> handled
>> in wskbd to get the suspend button working on my m2.
>> 
>> I also tested this on a bunch of different archs and kernel configs.
>> 
>> ok?
>
>Should the macppc version return EOPNOTSUPP?

Sure, sounds a bit more descriptive.

>
>> diff 6c06be8c9470ada9d77f3ea989b6ed3d857ec4e6 
>> a896f4652f8b00e4f2bbd64d751c85560c264222
>> commit - 6c06be8c9470ada9d77f3ea989b6ed3d857ec4e6
>> commit + a896f4652f8b00e4f2bbd64d751c85560c264222
>> blob - 63d45d3697e4093cf5751308851d470bf5dc62bb
>> blob + 721d18a4ae212c80f44313a3cd27f4191146c3d6
>> --- sys/arch/arm64/dev/aplsmc.c
>> +++ sys/arch/arm64/dev/aplsmc.c
>> @@ -366,7 +366,6 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, ui
>>  extern int allowpowerdown;
>>  #ifdef SUSPEND
>>  extern int cpu_suspended;
>> -extern void suspend(void);
>>  
>>  if (cpu_suspended) {
>>  switch (SMC_EV_TYPE(data)) {
>> @@ -433,7 +432,7 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, ui
>>  }
>>  case 1:
>>  #ifdef SUSPEND
>> -suspend();
>> +request_sleep(SLEEP_SUSPEND);
>>  #endif
>>  break;
>>  case 2:
>> blob - 2ccc822991480c6b4f4dd44f263ac945a141a6bf
>> blob + 4491ca380d08182244a8157874fc51bcc9665f26
>> --- sys/arch/arm64/dev/apm.c
>> +++ sys/arch/arm64/dev/apm.c
>> @@ -57,11 +57,14 @@ struct taskq *suspend_taskq;
>>  #endif
>>  
>>  #ifdef SUSPEND
>> -struct taskq *suspend_taskq;
>> +struct taskq *sleep_taskq;
>>  struct task suspend_task;
>>  voiddo_suspend(void *);
>> -voidsuspend(void);
>> +#ifdef HIBERNATE
>> +struct task hibernate_task;
>> +voiddo_hibernate(void *);
>>  #endif
>> +#endif
>>  
>>  struct apm_softc {
>>  struct device sc_dev;
>> @@ -128,9 +131,12 @@ apmattach(struct device *parent, struct device *self, 
>>  apmattach(struct device *parent, struct device *self, void *aux)
>>  {
>>  #ifdef SUSPEND
>> -suspend_taskq = taskq_create("suspend", 1, IPL_NONE, 0);
>> +sleep_taskq = taskq_create("sleep", 1, IPL_NONE, 0);
>>  task_set(_task, do_suspend, NULL);
>> +#ifdef HIBERNATE
>> +task_set(_task, do_hibernate, NULL);
>>  #endif
>> +#endif
>>  
>>  acpiapm_open = apmopen;
>>  acpiapm_close = apmclose;
>> @@ -224,7 +230,7 @@ apmioctl(dev_t dev, u_long cmd, caddr_t data, int flag
>>  error = EBADF;
>>  break;
>>  }
>> -suspend();
>> +error = request_sleep(SLEEP_SUSPEND);
>>  break;
>>  #ifdef HIBERNATE
>>  case APM_IOC_HIBERNATE:
>> @@ -234,11 +240,7 @@ apmioctl(dev_t dev, u_long cmd, caddr_t data, int flag
>>  error = EBADF;
>>  break;
>>  }
>> -if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL) {
>> -error = EOPNOTSUPP;
>> -break;
>> -}
>> -sleep_state(NULL, SLEEP_HIBERNATE);
>> +error = request_sleep(SLEEP_HIBERNATE);
>>  break;
>>  #endif
>>  #endif
>> @@ -358,13 +360,36 @@ void
>>  sleep_state(v, SLEEP_SUSPEND);
>>  }
>>  
>> +#ifdef HIBERNATE
>>  void
>> -suspend(void)
>> +do_hibernate(void *v)
>>  {
>> -if (suspend_taskq)
>> -task_add(suspend_taskq, _task);
>> +sleep_state(v, SLEEP_HIBERNATE);
>>  }
>> +#endif
>>  
>> +int
>> +request_sleep(int sleepmode)
>> +{
>> +if (sleep_taskq == NULL)
>> +return EINVAL;
>> +
>> +switch (sleepmode) {
>> +case SLEEP_SUSPEND:
>> +task_add(sleep_taskq, _task);
>> +break;
>> +#ifdef HIBERNATE
>> +case SLEEP_HIBERNATE:
>> +if (get_hibernate_io_function(swdevt[0].sw_dev) 

request_sleep: new machine independent sleep api

[Tobias Heider]

This diff adds request_sleep(), a MI way of sending the machine to sleep in a
safe thread. Support is limited to amd64, i386 and arm64 at the moment, macppc
is currently an empty stub since it doesn't implement a sleep task (yet).

Once this works, my next plan is adding a Ks_Cmd_Sleep keybinding that is 
handled
in wskbd to get the suspend button working on my m2.

I also tested this on a bunch of different archs and kernel configs.

ok?

diff 6c06be8c9470ada9d77f3ea989b6ed3d857ec4e6 
a896f4652f8b00e4f2bbd64d751c85560c264222
commit - 6c06be8c9470ada9d77f3ea989b6ed3d857ec4e6
commit + a896f4652f8b00e4f2bbd64d751c85560c264222
blob - 63d45d3697e4093cf5751308851d470bf5dc62bb
blob + 721d18a4ae212c80f44313a3cd27f4191146c3d6
--- sys/arch/arm64/dev/aplsmc.c
+++ sys/arch/arm64/dev/aplsmc.c
@@ -366,7 +366,6 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, ui
extern int allowpowerdown;
 #ifdef SUSPEND
extern int cpu_suspended;
-   extern void suspend(void);
 
if (cpu_suspended) {
switch (SMC_EV_TYPE(data)) {
@@ -433,7 +432,7 @@ aplsmc_handle_notification(struct aplsmc_softc *sc, ui
}
case 1:
 #ifdef SUSPEND
-   suspend();
+   request_sleep(SLEEP_SUSPEND);
 #endif
break;
case 2:
blob - 2ccc822991480c6b4f4dd44f263ac945a141a6bf
blob + 4491ca380d08182244a8157874fc51bcc9665f26
--- sys/arch/arm64/dev/apm.c
+++ sys/arch/arm64/dev/apm.c
@@ -57,11 +57,14 @@ struct taskq *suspend_taskq;
 #endif
 
 #ifdef SUSPEND
-struct taskq *suspend_taskq;
+struct taskq *sleep_taskq;
 struct task suspend_task;
 void   do_suspend(void *);
-void   suspend(void);
+#ifdef HIBERNATE
+struct task hibernate_task;
+void   do_hibernate(void *);
 #endif
+#endif
 
 struct apm_softc {
struct device sc_dev;
@@ -128,9 +131,12 @@ apmattach(struct device *parent, struct device *self, 
 apmattach(struct device *parent, struct device *self, void *aux)
 {
 #ifdef SUSPEND
-   suspend_taskq = taskq_create("suspend", 1, IPL_NONE, 0);
+   sleep_taskq = taskq_create("sleep", 1, IPL_NONE, 0);
task_set(_task, do_suspend, NULL);
+#ifdef HIBERNATE
+   task_set(_task, do_hibernate, NULL);
 #endif
+#endif
 
acpiapm_open = apmopen;
acpiapm_close = apmclose;
@@ -224,7 +230,7 @@ apmioctl(dev_t dev, u_long cmd, caddr_t data, int flag
error = EBADF;
break;
}
-   suspend();
+   error = request_sleep(SLEEP_SUSPEND);
break;
 #ifdef HIBERNATE
case APM_IOC_HIBERNATE:
@@ -234,11 +240,7 @@ apmioctl(dev_t dev, u_long cmd, caddr_t data, int flag
error = EBADF;
break;
}
-   if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL) {
-   error = EOPNOTSUPP;
-   break;
-   }
-   sleep_state(NULL, SLEEP_HIBERNATE);
+   error = request_sleep(SLEEP_HIBERNATE);
break;
 #endif
 #endif
@@ -358,13 +360,36 @@ void
sleep_state(v, SLEEP_SUSPEND);
 }
 
+#ifdef HIBERNATE
 void
-suspend(void)
+do_hibernate(void *v)
 {
-   if (suspend_taskq)
-   task_add(suspend_taskq, _task);
+   sleep_state(v, SLEEP_HIBERNATE);
 }
+#endif
 
+int
+request_sleep(int sleepmode)
+{
+   if (sleep_taskq == NULL)
+   return EINVAL;
+
+   switch (sleepmode) {
+   case SLEEP_SUSPEND:
+   task_add(sleep_taskq, _task);
+   break;
+#ifdef HIBERNATE
+   case SLEEP_HIBERNATE:
+   if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL)
+   return EOPNOTSUPP;
+   task_add(sleep_taskq, _task);
+   break;
+#endif
+   }
+
+   return 0;
+}
+
 #ifdef MULTIPROCESSOR
 
 void
blob - 9082d868f963b80cf0f64453914146a980020883
blob + 52166ca3bfcb826f8c47835024804e5d59061f96
--- sys/arch/macppc/dev/apm.c
+++ sys/arch/macppc/dev/apm.c
@@ -337,6 +337,12 @@ apmkqfilter(dev_t dev, struct knote *kn)
 
 #ifdef SUSPEND
 
+int
+request_sleep(int sleepmode)
+{
+   return 0;
+}
+
 #ifdef MULTIPROCESSOR
 
 void
blob - f7d59513aad484983a8932671c1d06fb4474f550
blob + 59adebc66708d6a1d1c2168e6d01675ae776dca3
--- sys/dev/acpi/acpi_apm.c
+++ sys/dev/acpi/acpi_apm.c
@@ -109,13 +109,16 @@ acpiioctl(dev_t dev, u_long cmd, caddr_t data, int fla
s = splbio();
/* fake APM */
switch (cmd) {
+#ifdef SUSPEND
case APM_IOC_SUSPEND:
case APM_IOC_STANDBY:
if ((flag & FWRITE) == 0) {
error = EBADF;
break;
}
-   acpi_addtask(sc, acpi_sleep_task, sc, SLEEP_SUSPEND);
+   error = request_sleep(SLEEP_SUSPEND);
+   if (error)
+   break;
acpi_wakeup(sc);

Re: gitignore: got + cvs coexistence

[Tobias Heider]

On Fri, Jul 07, 2023 at 02:02:49PM +0200, Alexander Hall wrote:
> On July 7, 2023 12:50:55 PM GMT+02:00, Stefan Sperling  wrote:
> >On Fri, Jul 07, 2023 at 12:26:16PM +0200, Tobias Heider wrote:
> >> For bigger changesets I have started experimenting with using got.
> >> I don't like to have the whole tree on disk twice so I keep my got and CVS
> >> checkouts in the same directory.
> >
> >Curious. I am not sure how well that will work in practice but
> >if it works for you then why not. I usually keep them separate,
> >using temporary CVS checkouts for commits to CVS.
> >
> >> A downside of this approach is of course that got always lists all the 
> >> unknown
> >> CVS dirs in got status. Does anything speak against ignoring them via 
> >> gitignore?
> >
> >In any case, I doubt anyone would ever want to check their CVS directories
> >into Git. So ok by me.
> 
> Are there cases when CVS is not a proper directory, as in "**/CVS/" (or just 
> "CVS/" which would work the same AFAIK)?

CVS/ does not seem to work for me, but that could be a got limitation.

> 
> /Alexander
> 
> >
> >> diff 7efd0ea99b79bbbda1539b1ae5c635ebfa688970 
> >> 99115307e40554b41e9d62708e81599b0337da96
> >> commit - 7efd0ea99b79bbbda1539b1ae5c635ebfa688970
> >> commit + 99115307e40554b41e9d62708e81599b0337da96
> >> blob - 3fdff78bcab1fcf6493998cb99b64ff5a5da4f63
> >> blob + f07392d0d0015dac869ec1d55affd353aafba670
> >> --- .gitignore
> >> +++ .gitignore
> >> @@ -1,2 +1,3 @@
> >>  **/obj
> >>  **/tags
> >> +**/CVS
> >> 
> >> 
> >

gitignore: got + cvs coexistence

[Tobias Heider]

For bigger changesets I have started experimenting with using got.
I don't like to have the whole tree on disk twice so I keep my got and CVS
checkouts in the same directory.
A downside of this approach is of course that got always lists all the unknown
CVS dirs in got status. Does anything speak against ignoring them via gitignore?

diff 7efd0ea99b79bbbda1539b1ae5c635ebfa688970 
99115307e40554b41e9d62708e81599b0337da96
commit - 7efd0ea99b79bbbda1539b1ae5c635ebfa688970
commit + 99115307e40554b41e9d62708e81599b0337da96
blob - 3fdff78bcab1fcf6493998cb99b64ff5a5da4f63
blob + f07392d0d0015dac869ec1d55affd353aafba670
--- .gitignore
+++ .gitignore
@@ -1,2 +1,3 @@
 **/obj
 **/tags
+**/CVS

Re: acpi: move acpiioctl to x86

[Tobias Heider]

On Wed, Jul 05, 2023 at 04:53:33PM +0200, Tobias Heider wrote:
> I am planning to restructure the APM/sleep APIs to make it easier to suspend
> from more places like as a suspend keyboard shortcut.
> 
> The acpiioctl handler is x86 specific code which is currently built on all
> platforms but only hooked up on i386 and amd64.  It is also in the way of
> my plans, so I'd prefer if we move it to acpi_x86.c where all the other
> x86-only acpi code lives.
> 

The previous diff wasn't enough to solve the problem and broke RAMDISK,
so here's a next try.  This moves anything /dev/apm related to the
new acpi_apm.c file which is only included on i386 and amd64 and properly
handles SMALL_KERNEL.

Some apm related code (apm_apminfo, acpi_sleep_task) remains in acpi.c for
now because it is also used by arm64 or called from MI paths.
I plan to clean up the sleep task in the follow-up diff but this one is
big enough already.

Tested on amd64, i386, macppc and arm64 with GENERIC.MP and RAMDISK.

Index: arch/amd64/conf/files.amd64
===
RCS file: /cvs/src/sys/arch/amd64/conf/files.amd64,v
retrieving revision 1.108
diff -u -p -r1.108 files.amd64
--- arch/amd64/conf/files.amd64 26 Apr 2023 15:11:21 -  1.108
+++ arch/amd64/conf/files.amd64 7 Jul 2023 09:32:42 -
@@ -237,6 +237,7 @@ attach  acpi at bios
 file   arch/amd64/amd64/acpi_machdep.c acpi
 file   arch/amd64/amd64/acpi_wakecode.Sacpi & !small_kernel
 file   dev/acpi/acpi_x86.c acpi & suspend & !small_kernel
+file   dev/acpi/acpi_apm.c acpi
 
 device acpipci
 attach acpipci at acpi
Index: arch/i386/conf/files.i386
===
RCS file: /cvs/src/sys/arch/i386/conf/files.i386,v
retrieving revision 1.249
diff -u -p -r1.249 files.i386
--- arch/i386/conf/files.i386   17 Jan 2023 10:10:11 -  1.249
+++ arch/i386/conf/files.i386   7 Jul 2023 09:32:42 -
@@ -377,6 +377,7 @@ attach  acpi at bios
 file   arch/i386/i386/acpi_machdep.c   acpi
 file   arch/i386/i386/acpi_wakecode.S  acpi & !small_kernel
 file   dev/acpi/acpi_x86.c acpi & suspend & !small_kernel
+file   dev/acpi/acpi_apm.c acpi
 
 #
 # IPMI
Index: dev/acpi/acpi.c
===
RCS file: /cvs/src/sys/dev/acpi/acpi.c,v
retrieving revision 1.424
diff -u -p -r1.424 acpi.c
--- dev/acpi/acpi.c 7 Jul 2023 07:37:59 -   1.424
+++ dev/acpi/acpi.c 7 Jul 2023 09:32:42 -
@@ -28,10 +28,6 @@
 #include 
 #include 
 
-#ifdef HIBERNATE
-#include 
-#endif
-
 #include 
 #include 
 
@@ -47,10 +43,6 @@
 #include 
 
 #include 
-#define APMUNIT(dev)   (minor(dev)&0xf0)
-#define APMDEV(dev)(minor(dev)&0x0f)
-#define APMDEV_NORMAL  0
-#define APMDEV_CTL 8
 
 #include "wd.h"
 
@@ -3384,134 +3376,6 @@ acpi_apminfo(struct apm_power_info *pi)
return 0;
 }
 
-int
-acpiopen(dev_t dev, int flag, int mode, struct proc *p)
-{
-   int error = 0;
-   struct acpi_softc *sc;
-   int s;
-
-   if (!acpi_cd.cd_ndevs || APMUNIT(dev) != 0 ||
-   !(sc = acpi_cd.cd_devs[APMUNIT(dev)]))
-   return (ENXIO);
-
-   s = splbio();
-   switch (APMDEV(dev)) {
-   case APMDEV_CTL:
-   if (!(flag & FWRITE)) {
-   error = EINVAL;
-   break;
-   }
-   if (sc->sc_flags & SCFLAG_OWRITE) {
-   error = EBUSY;
-   break;
-   }
-   sc->sc_flags |= SCFLAG_OWRITE;
-   break;
-   case APMDEV_NORMAL:
-   if (!(flag & FREAD) || (flag & FWRITE)) {
-   error = EINVAL;
-   break;
-   }
-   sc->sc_flags |= SCFLAG_OREAD;
-   break;
-   default:
-   error = ENXIO;
-   break;
-   }
-   splx(s);
-   return (error);
-}
-
-int
-acpiclose(dev_t dev, int flag, int mode, struct proc *p)
-{
-   int error = 0;
-   struct acpi_softc *sc;
-   int s;
-
-   if (!acpi_cd.cd_ndevs || APMUNIT(dev) != 0 ||
-   !(sc = acpi_cd.cd_devs[APMUNIT(dev)]))
-   return (ENXIO);
-
-   s = splbio();
-   switch (APMDEV(dev)) {
-   case APMDEV_CTL:
-   sc->sc_flags &= ~SCFLAG_OWRITE;
-   break;
-   case APMDEV_NORMAL:
-   sc->sc_flags &= ~SCFLAG_OREAD;
-   break;
-   default:
-   error = ENXIO;
-   break;
-   }
-   splx(s);
-   return (error);
-}
-
-int
-acpiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
-{
-   int error = 0;
-   struct acpi_softc *sc;
-   struct apm_power_info

acpi: move acpiioctl to x86

[Tobias Heider]

I am planning to restructure the APM/sleep APIs to make it easier to suspend
from more places like as a suspend keyboard shortcut.

The acpiioctl handler is x86 specific code which is currently built on all
platforms but only hooked up on i386 and amd64.  It is also in the way of
my plans, so I'd prefer if we move it to acpi_x86.c where all the other
x86-only acpi code lives.

ok?

Index: dev/acpi//acpi.c
===
RCS file: /mount/openbsd/cvs/src/sys/dev/acpi/acpi.c,v
retrieving revision 1.421
diff -u -p -r1.421 acpi.c
--- dev/acpi//acpi.c29 Jun 2023 20:58:08 -  1.421
+++ dev/acpi//acpi.c5 Jul 2023 13:37:18 -
@@ -3439,58 +3439,6 @@ acpiclose(dev_t dev, int flag, int mode,
return (error);
 }
 
-int
-acpiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
-{
-   int error = 0;
-   struct acpi_softc *sc;
-   struct apm_power_info *pi = (struct apm_power_info *)data;
-   int s;
-
-   if (!acpi_cd.cd_ndevs || APMUNIT(dev) != 0 ||
-   !(sc = acpi_cd.cd_devs[APMUNIT(dev)]))
-   return (ENXIO);
-
-   s = splbio();
-   /* fake APM */
-   switch (cmd) {
-   case APM_IOC_SUSPEND:
-   case APM_IOC_STANDBY:
-   if ((flag & FWRITE) == 0) {
-   error = EBADF;
-   break;
-   }
-   acpi_addtask(sc, acpi_sleep_task, sc, SLEEP_SUSPEND);
-   acpi_wakeup(sc);
-   break;
-#ifdef HIBERNATE
-   case APM_IOC_HIBERNATE:
-   if ((error = suser(p)) != 0)
-   break;
-   if ((flag & FWRITE) == 0) {
-   error = EBADF;
-   break;
-   }
-   if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL) {
-   error = EOPNOTSUPP;
-   break;
-   }
-   acpi_addtask(sc, acpi_sleep_task, sc, SLEEP_HIBERNATE);
-   acpi_wakeup(sc);
-   break;
-#endif
-   case APM_IOC_GETPOWER:
-   error = acpi_apminfo(pi);
-   break;
-
-   default:
-   error = ENOTTY;
-   }
-
-   splx(s);
-   return (error);
-}
-
 void   acpi_filtdetach(struct knote *);
 intacpi_filtread(struct knote *, long);
 
@@ -3571,12 +3519,6 @@ acpiopen(dev_t dev, int flag, int mode, 
 
 int
 acpiclose(dev_t dev, int flag, int mode, struct proc *p)
-{
-   return (ENXIO);
-}
-
-int
-acpiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
 {
return (ENXIO);
 }
Index: dev/acpi//acpi_x86.c
===
RCS file: /mount/openbsd/cvs/src/sys/dev/acpi/acpi_x86.c,v
retrieving revision 1.15
diff -u -p -r1.15 acpi_x86.c
--- dev/acpi//acpi_x86.c6 Mar 2022 15:12:00 -   1.15
+++ dev/acpi//acpi_x86.c5 Jul 2023 14:33:40 -
@@ -17,15 +17,86 @@
  */
 
 #include 
+#include 
 #include 
 #include 
 
+#ifdef HIBERNATE
+#include 
+#endif
+
+#include 
+#include 
+
 #include 
 #include 
 #include 
 #include 
 
 #include 
+#define APMUNIT(dev)   (minor(dev)&0xf0)
+
+#ifndef SMALL_KERNEL
+extern struct cfdriver acpi_cd;
+
+int
+acpiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
+{
+   int error = 0;
+   struct acpi_softc *sc;
+   struct apm_power_info *pi = (struct apm_power_info *)data;
+   int s;
+
+   if (!acpi_cd.cd_ndevs || APMUNIT(dev) != 0 ||
+   !(sc = acpi_cd.cd_devs[APMUNIT(dev)]))
+   return (ENXIO);
+
+   s = splbio();
+   /* fake APM */
+   switch (cmd) {
+   case APM_IOC_SUSPEND:
+   case APM_IOC_STANDBY:
+   if ((flag & FWRITE) == 0) {
+   error = EBADF;
+   break;
+   }
+   acpi_addtask(sc, acpi_sleep_task, sc, SLEEP_SUSPEND);
+   acpi_wakeup(sc);
+   break;
+#ifdef HIBERNATE
+   case APM_IOC_HIBERNATE:
+   if ((error = suser(p)) != 0)
+   break;
+   if ((flag & FWRITE) == 0) {
+   error = EBADF;
+   break;
+   }
+   if (get_hibernate_io_function(swdevt[0].sw_dev) == NULL) {
+   error = EOPNOTSUPP;
+   break;
+   }
+   acpi_addtask(sc, acpi_sleep_task, sc, SLEEP_HIBERNATE);
+   acpi_wakeup(sc);
+   break;
+#endif
+   case APM_IOC_GETPOWER:
+   error = acpi_apminfo(pi);
+   break;
+
+   default:
+   error = ENOTTY;
+   }
+
+   splx(s);
+   return (error);
+}
+#else /* SMALL_KERNEL */
+int
+acpiioctl(dev_t dev, u_long cmd, caddr_t data, int flag, struct proc *p)
+{
+   return (ENXIO);
+}
+#endif /* SMALL_KERNEL */
 
 int
 sleep_showstate(void *v, int 

apldcms: enable mtbuttons

[Tobias Heider]

This diff optionally enables the new multi touch mouse button behaviour
for apldcms.

ok?

diff f3d7c2e4ca7de4e46cc3e888ef8fbfe71829307f 
63e5d5edf5e8315206aa117b1d3a6be78e7fdd94
commit - f3d7c2e4ca7de4e46cc3e888ef8fbfe71829307f
commit + 63e5d5edf5e8315206aa117b1d3a6be78e7fdd94
blob - 7f4d8fb56f0b979976cf0d841801b332d6d6926e
blob + f50fe203685c610696266f346829d8db1346c275
--- sys/arch/arm64/dev/apldc.c
+++ sys/arch/arm64/dev/apldc.c
@@ -1289,6 +1289,10 @@ const struct wsmouse_accessops apldcms_accessops = {
 void   apldcms_disable(void *);
 intapldcms_ioctl(void *, u_long, caddr_t, int, struct proc *);
 
+static struct wsmouse_param apldcms_wsmousecfg[] = {
+   { WSMOUSECFG_MTBTN_MAXDIST, 0 }, /* 0: Compute a default value. */
+};
+
 const struct wsmouse_accessops apldcms_accessops = {
.enable = apldcms_enable,
.disable = apldcms_disable,
@@ -1350,7 +1354,8 @@ apldcms_configure(struct apldcms_softc *sc)
hw->mt_slots = UBCMTP_MAX_FINGERS;
hw->flags = WSMOUSEHW_MT_TRACKING;
 
-   return wsmouse_configure(sc->sc_wsmousedev, NULL, 0);
+   return wsmouse_configure(sc->sc_wsmousedev, apldcms_wsmousecfg,
+   nitems(apldcms_wsmousecfg));
 }
 
 void

Re: wsmouse(4): multi-touch buttons again

[Tobias Heider]

On Wed, Jun 28, 2023 at 12:03:41AM +0200, Ulf Brosziewski wrote:
> This version of the diff adds a wsconsctl field, named "mouse.tp.
> mtbuttons", and an update to the wsmouse.4 page.  Apart from that, it
> contains only stylistic changes.
> 
> The new wsconsctl field is just a boolean, I don't think that it would
> make sense to include the distance filter in the configuration options.
> However, if a default value is derived from the length of the touchpad
> diagonal, it might be too high for over-sized touchpads.  If that turns
> out to be a problem, the proper place to fix it is the hardware driver.
> 
> OK?

Thank you! Looks good and works as intended here.

I also have a diff to enable it for another Apple touch pad
but this diff is already big enough so I'll just send that
once this is in.

One minor comment inline, other than that ok tobhe@.

> 
> On 2/21/23 20:10, Ulf Brosziewski wrote:
> > This diff is an extension of Tobias Heider's proposal, which aims at
> > providing "Apple-like" button inputs on clickpads.  I have added some
> > things in order to approximate the behaviour of other input drivers.
> > 
> > [...]>
> > The feature won't work decently on small touchpads, and it cannot work
> > on touchpads without MT-support in our kernel.  wsmouse checks whether
> > a touchpad
> > 1) has MT support,
> > 2) is a clickpad,
> > 3) its resolution is reported to wsmouse,
> > 4) it reports a horizontal size greater than 100mm, and
> > 5) a vertical size greater than 60mm.
> > 
> > If these conditions aren't met, wsmouse sets the distance limit to -1,
> > which blocks the MTBUTTONS feature.  I think only imt(4) touchpads can
> > meet these criteria; however, the value can be overridden manually or
> > programmatically, and ubcmtp and aplms do this on initialization.
> > These drivers don't report resolution values; the distance limit will
> > be set to a fourth of the length of the touchpad diagonal.  That's a
> > workaround based on a wild guess, and I couldn't test it with Apple
> > hardware.  If you want to apply it to an Elantech-v4 touchpad run by
> > pms(4), try
> > 
> > # wsconsctl mouse.param=143:0,72:1
> > 
> > (A change from -1 to 0 will trigger the workaround.)
> > 
> > 
> > [...]
> Index: src/sbin/wsconsctl/mouse.c
> ===
> RCS file: /cvs/src/sbin/wsconsctl/mouse.c,v
> retrieving revision 1.20
> diff -u -p -r1.20 mouse.c
> --- src/sbin/wsconsctl/mouse.c19 Aug 2019 21:42:33 -  1.20
> +++ src/sbin/wsconsctl/mouse.c27 Jun 2023 18:54:31 -
> @@ -57,6 +57,7 @@ struct field mouse_field_tab[] = {
>  { "reverse_scrolling",   _revscroll, FMT_CFG,FLG_NORDBACK },
>  /* touchpad-specific options: */
>  { "tp.tapping",  _tapping,   FMT_CFG,FLG_NORDBACK },
> +{ "tp.mtbuttons",_mtbuttons, FMT_CFG,
> FLG_NORDBACK },
>  { "tp.scaling",  _scaling,   FMT_CFG,FLG_NORDBACK },
>  { "tp.swapsides",_swapsides, FMT_CFG,
> FLG_NORDBACK },
>  { "tp.disable",  _disable,   FMT_CFG,FLG_NORDBACK },
> @@ -69,6 +70,10 @@ struct field mouse_field_tab[] = {
> 
>  static int dev_index = -1;
> 
> +static struct wsmouse_parameters mtbtn_maxdist = {
> +(struct wsmouse_param[]) { { WSMOUSECFG_MTBTN_MAXDIST, 0 } }, 1
> +};
> +
> 
>  void
>  mouse_init(int devfd, int devidx) {
> @@ -91,6 +96,12 @@ mouse_init(int devfd, int devidx) {
>   if (f->format == FMT_CFG) {
>   f->flags &= ~FLG_DEAD;
>   }
> + /* Hide the 'mtbuttons' field if the feature is unavailable. */
> + if (mousecfg_get_field(_maxdist) ||
> + mtbtn_maxdist.params[0].value < 0) {
> + f = field_by_value(mouse_field_tab, _mtbuttons);
> + f->flags |= FLG_DEAD;
> + }
>   } else {
>   for (f = mouse_field_tab; f->name != NULL; f++)
>   if (f->format == FMT_CFG) {
> Index: src/sbin/wsconsctl/mousecfg.c
> ===
> RCS file: /cvs/src/sbin/wsconsctl/mousecfg.c,v
> retrieving revision 1.9
> diff -u -p -r1.9 mousecfg.c
> --- src/sbin/wsconsctl/mousecfg.c 3 Mar 2021 19:44:37 -   1.9
> +++ src/sbin/wsconsctl/mousecfg.c 27 Jun 2023 18:54:31 -
> @@ -35,30 +35,15 @@
>  #define nitems(_a)   (sizeof((_a)) / sizeof((_a)[0]))
>  #endif
> 
> -#define BASE_FIRST   WSMOUSECFG_DX_SCALE
> -#define BASE_LASTWSMOUSECFG_REVERSE_SCROLLING
> -#define TP_FILTER_FIRST  WSMOUSECFG_DX_MAX
> -#define TP_FILTER_LAST   WSMOUSECFG_SMOOTHING
> -#define TP_FEATURES_FIRSTWSMOUSECFG_SOFTBUTTONS
> -#define TP_FEATURES_LAST WSMOUSECFG_DISABLE
> -#define TP_SETUP_FIRST   WSMOUSECFG_LEFT_EDGE
> -#define TP_SETUP_LAST 

Re: iked processes are orphans

[Tobias Heider]

On Wed, Jun 28, 2023 at 08:38:16AM +, Gerhard Roth wrote:
> Hi Tobi,
> 
> a recent change to iked.c moved the call to daemon() behind proc_init().
> Now iked forks all its children and afterwards daemonizes itself into
> background leaving the kids behind orphaned.
> 
> The patch below restores the parent/child relationship. With it, the
> parent calls daemon() first. And by putting the daemon() call into
> proc_init() we make sure that any re-execed child won't call daemon()
> again.
> 
> Gerhard

Hi Gerhard,

thanks for the fix!
I wonder if vmd where i copied this chunk from has the same bug.

ok tobhe@

> 
> 
> Index: sbin/iked/iked.c
> ===
> RCS file: /cvs/src/sbin/iked/iked.c,v
> retrieving revision 1.65
> diff -u -p -u -p -r1.65 iked.c
> --- sbin/iked/iked.c  25 Jun 2023 08:07:04 -  1.65
> +++ sbin/iked/iked.c  28 Jun 2023 08:30:28 -
> @@ -203,8 +203,6 @@ main(int argc, char *argv[])
>  
>   setproctitle("parent");
>   log_procinit("parent");
> - if (!debug && daemon(0, 0) == -1)
> - err(1, "failed to daemonize");
>  
>   event_init();
>  
> Index: sbin/iked/proc.c
> ===
> RCS file: /cvs/src/sbin/iked/proc.c,v
> retrieving revision 1.38
> diff -u -p -u -p -r1.38 proc.c
> --- sbin/iked/proc.c  5 Mar 2023 22:17:22 -   1.38
> +++ sbin/iked/proc.c  28 Jun 2023 08:30:28 -
> @@ -205,6 +205,8 @@ proc_init(struct privsep *ps, struct pri
>  
>   if (proc_id == PROC_PARENT) {
>   privsep_process = PROC_PARENT;
> + if (!debug && daemon(0, 0) == -1)
> + fatal("failed to daemonize");
>   proc_setup(ps, procs, nproc);
>  
>   /*
> 

Re: smtpd, relayd, iked: drop ssl_init

[Tobias Heider]

On Sat, Jun 24, 2023 at 08:40:01PM +0200, Theo Buehler wrote:
> On Sat, Jun 24, 2023 at 08:15:40PM +0200, Omar Polo wrote:
> > while talking about a related matter with tb and jsing, jsing noted
> > that ssl_init() in smtpd is completely useless.  All its loading is
> > already done automatically by libcrypto at runtime, and judging by the
> > implementation of the called functions there's no need to actually
> > force the initialization.
> > 
> > There is similar code in relayd and iked, so apply the same treatment.
> > 
> > I've tested smtpd and it works just as fine as before, don't use
> > relayd but the regression suite is happy.  I don't use iked, so some
> > testing with it is welcomed.  Not that I expect any sort of breakage,
> > this is almost a no-op.
> 
> It is a noop. Before doing anything, both LibreSSL and OpenSSL libcrypto
> will call OPENSSL_init_crypto(0, NULL) and libssl will do similar. This
> will call all these initialization functions (it is a bit convoluted,
> but it is the case).
> 
> ok tb
> 
> (I only meant iked diff should go to tech because I don't want to ok
> things behind tobhe's back).
> 

Thanks! ok tobhe@

Re: iked: introduce print_addr()

[Tobias Heider]

On Tue, Jun 13, 2023 at 10:57:06AM +0200, Theo Buehler wrote:
> There are a lot of print_host() calls that have an explicit cast and
> pass NULL, 0 as second and third arguments. This is responsible for a
> lot of awkward line wrapping. The exlicit casts can be avoided by
> using a function with a void * argument. This is no less typesafe than
> having explicit casts.

ok tobhe@

> 
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.215
> diff -u -p -r1.215 iked.h
> --- iked.h12 Jun 2023 09:02:31 -  1.215
> +++ iked.h13 Jun 2023 08:47:59 -
> @@ -1252,6 +1252,8 @@ uint32_t
>prefixlen2mask(uint8_t);
>  const char *
>print_host(struct sockaddr *, char *, size_t);
> +const char *
> +  print_addr(void *);
>  char *get_string(uint8_t *, size_t);
>  const char *
>print_proto(uint8_t);
> Index: ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.369
> diff -u -p -r1.369 ikev2.c
> --- ikev2.c   13 Jun 2023 08:45:41 -  1.369
> +++ ikev2.c   13 Jun 2023 08:48:00 -
> @@ -669,8 +669,8 @@ ikev2_recv(struct iked *env, struct iked
>   print_map(hdr->ike_exchange, ikev2_exchange_map),
>   msg->msg_response ? "res" : "req",
>   msg->msg_msgid,
> - print_host((struct sockaddr *)>msg_peer, NULL, 0),
> - print_host((struct sockaddr *)>msg_local, NULL, 0),
> + print_addr(>msg_peer),
> + print_addr(>msg_local),
>   ibuf_length(msg->msg_data),
>   msg->msg_policy->pol_name);
>   log_debug("%s: ispi %s rspi %s", __func__,
> @@ -783,8 +783,7 @@ ikev2_recv(struct iked *env, struct iked
>   sa->sa_fd = msg->msg_fd;
>  
>   log_debug("%s: updated SA to peer %s local %s", __func__,
> - print_host((struct sockaddr *)>sa_peer.addr, NULL, 0),
> - print_host((struct sockaddr *)>sa_local.addr, NULL, 0));
> + print_addr(>sa_peer.addr), print_addr(>sa_local.addr));
>  
>  done:
>   if (initiator)
> @@ -1101,16 +1100,13 @@ ikev2_ike_auth_recv(struct iked *env, st
>   if (sa->sa_cp == IKEV2_CP_REPLY) {
>   if (sa->sa_cp_addr)
>   log_info("%s: obtained lease: %s", SPI_SA(sa, __func__),
> - print_host((struct sockaddr *)>sa_cp_addr->addr,
> - NULL, 0));
> + print_addr(>sa_cp_addr->addr));
>   if (sa->sa_cp_addr6)
>   log_info("%s: obtained lease: %s", SPI_SA(sa, __func__),
> - print_host((struct sockaddr 
> *)>sa_cp_addr6->addr,
> - NULL, 0));
> + print_addr(>sa_cp_addr6->addr));
>   if (sa->sa_cp_dns)
>   log_info("%s: obtained DNS: %s", SPI_SA(sa, __func__),
> - print_host((struct sockaddr *)>sa_cp_dns->addr,
> - NULL, 0));
> + print_addr(>sa_cp_dns->addr));
>   }
>  
>   return ikev2_ike_auth(env, sa);
> @@ -1296,8 +1292,7 @@ ikev2_enable_natt(struct iked *env, stru
>  
>   log_debug("%s: detected NAT, enabling UDP encapsulation,"
>   " updated SA to peer %s local %s", __func__,
> - print_host((struct sockaddr *)>sa_peer.addr, NULL, 0),
> - print_host((struct sockaddr *)>sa_local.addr, NULL, 0));
> + print_addr(>sa_peer.addr), print_addr(>sa_local.addr));
>  }
>  
>  void
> @@ -1318,9 +1313,7 @@ ikev2_init_ike_sa(struct iked *env, void
>  
>   if (ikev2_init_ike_sa_peer(env, pol, >pol_peer, NULL))
>   log_debug("%s: failed to initiate with peer %s",
> - __func__,
> - print_host((struct sockaddr *)>pol_peer.addr,
> - NULL, 0));
> + __func__, print_addr(>pol_peer.addr));
>   }
>  
>   timer_set(env, >sc_inittmr, ikev2_init_ike_sa, NULL);
> @@ -2326,7 +2319,7 @@ ikev2_nat_detection(struct iked *env, st
>   frompeer ? "peer" : "local",
>   print_spi(betoh64(ispi), 8),
>   print_spi(betoh64(rspi), 8),
> - print_host(src, NULL, 0));
> + print_addr(src));
>   ss = src;
>   break;
>   case IKEV2_N_NAT_DETECTION_DESTINATION_IP:
> @@ -2334,7 +2327,7 @@ ikev2_nat_detection(struct iked *env, st
>   frompeer ? "peer" : "local",
>   print_spi(betoh64(ispi), 8),
>   print_spi(betoh64(rspi), 8),
> - print_host(dst, NULL, 0));
> + print_addr(dst));
>   ss = dst;
>   break;
>   default:
> @@ -5225,12 +5218,12 @@ ikev2_ike_sa_keepalive(struct iked *env,
>   (struct sockaddr *)>sa_local.addr, 

Re: iked replace ibuf_advance() with ibuf_reserve()

[Tobias Heider]

On Tue, May 23, 2023 at 03:20:27PM +0200, Claudio Jeker wrote:
> Another mechanical diff. Replace ibuf_advance() with ibuf_reserve().
> 
> Again ibuf_advance() just calls ibuf_reserve().

ok too

> -- 
> :wq Claudio
> 
> Index: eap.c
> ===
> RCS file: /cvs/src/sbin/iked/eap.c,v
> retrieving revision 1.23
> diff -u -p -r1.23 eap.c
> --- eap.c 23 May 2023 13:12:19 -  1.23
> +++ eap.c 23 May 2023 13:16:04 -
> @@ -51,7 +51,7 @@ eap_add_id_request(struct ibuf *e)
>  {
>   struct eap_message  *eap;
>  
> - if ((eap = ibuf_advance(e, sizeof(*eap))) == NULL)
> + if ((eap = ibuf_reserve(e, sizeof(*eap))) == NULL)
>   return (-1);
>   eap->eap_code = EAP_CODE_REQUEST;
>   eap->eap_id = 0;
> @@ -124,7 +124,7 @@ eap_identity_request(struct iked *env, s
>   /* CERT payload */
>   if ((pld = ikev2_add_payload(e)) == NULL)
>   goto done;
> - if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL)
> + if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
>   goto done;
>   cert->cert_type = certid->id_type;
>   if (ibuf_cat(e, certid->id_buf) != 0)
> @@ -139,7 +139,7 @@ eap_identity_request(struct iked *env, s
>   goto done;
>   if ((pld = ikev2_add_payload(e)) == NULL)
>   goto done;
> - if ((cert = ibuf_advance(e, sizeof(*cert))) == NULL)
> + if ((cert = ibuf_reserve(e, sizeof(*cert))) == NULL)
>   goto done;
>   cert->cert_type = sa->sa_scert[i].id_type;
>   if (ibuf_cat(e, sa->sa_scert[i].id_buf) != 0)
> @@ -154,7 +154,7 @@ eap_identity_request(struct iked *env, s
>   /* AUTH payload */
>   if ((pld = ikev2_add_payload(e)) == NULL)
>   goto done;
> - if ((auth = ibuf_advance(e, sizeof(*auth))) == NULL)
> + if ((auth = ibuf_reserve(e, sizeof(*auth))) == NULL)
>   goto done;
>   auth->auth_method = sa->sa_localauth.id_type;
>   if (ibuf_cat(e, sa->sa_localauth.id_buf) != 0)
> @@ -193,7 +193,7 @@ eap_challenge_request(struct iked *env, 
>   if ((e = ibuf_static()) == NULL)
>   return (-1);
>  
> - if ((eap = ibuf_advance(e, sizeof(*eap))) == NULL)
> + if ((eap = ibuf_reserve(e, sizeof(*eap))) == NULL)
>   goto done;
>   eap->eap_code = EAP_CODE_REQUEST;
>   eap->eap_id = eap_id + 1;
> @@ -205,7 +205,7 @@ eap_challenge_request(struct iked *env, 
>   eap->eap_length = htobe16(sizeof(*eap) +
>   sizeof(*ms) + strlen(name));
>  
> - if ((ms = ibuf_advance(e, sizeof(*ms))) == NULL)
> + if ((ms = ibuf_reserve(e, sizeof(*ms))) == NULL)
>   return (-1);
>   ms->msc_opcode = EAP_MSOPCODE_CHALLENGE;
>   ms->msc_id = eap->eap_id;
> @@ -244,7 +244,7 @@ eap_message_send(struct iked *env, struc
>   if ((e = ibuf_static()) == NULL)
>   return (-1);
>  
> - if ((resp = ibuf_advance(e, sizeof(*resp))) == NULL)
> + if ((resp = ibuf_reserve(e, sizeof(*resp))) == NULL)
>   goto done;
>   resp->eap_code = eap_code;
>   resp->eap_id = eap_id;
> @@ -278,7 +278,7 @@ eap_mschap_challenge(struct iked *env, s
>  
>   msg = " M=Welcome";
>  
> - if ((resp = ibuf_advance(eapmsg, sizeof(*resp))) == NULL)
> + if ((resp = ibuf_reserve(eapmsg, sizeof(*resp))) == NULL)
>   goto done;
>   resp->eap_code = EAP_CODE_REQUEST;
>   resp->eap_id = eap_id + 1;
> @@ -286,7 +286,7 @@ eap_mschap_challenge(struct iked *env, s
>   success_size + strlen(msg));
>   resp->eap_type = EAP_TYPE_MSCHAP_V2;
>  
> - if ((mss = ibuf_advance(eapmsg, sizeof(*mss))) == NULL)
> + if ((mss = ibuf_reserve(eapmsg, sizeof(*mss))) == NULL)
>   goto done;
>   mss->mss_opcode = EAP_MSOPCODE_SUCCESS;
>   mss->mss_id = msr_id;
> @@ -314,13 +314,13 @@ eap_mschap_success(struct iked *env, str
>  
>   if ((eapmsg = ibuf_static()) == NULL)
>   return (-1);
> - if ((resp = ibuf_advance(eapmsg, sizeof(*resp))) == NULL)
> + if ((resp = ibuf_reserve(eapmsg, sizeof(*resp))) == NULL)
>   goto done;
>   resp->eap_code = EAP_CODE_RESPONSE;
>   resp->eap_id = eap_id;
>   resp->eap_length = htobe16(sizeof(*resp) + sizeof(*ms));
>   resp->eap_type = EAP_TYPE_MSCHAP_V2;
> - if ((ms = ibuf_advance(eapmsg, sizeof(*ms))) == NULL)
> + if ((ms = ibuf_reserve(eapmsg, sizeof(*ms))) == NULL)
>   goto done;
>   ms->ms_opcode = EAP_MSOPCODE_SUCCESS;
>  
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.212
> diff -u -p -r1.212 

Re: iked imsg_util.c cleanup

[Tobias Heider]

On Tue, May 23, 2023 at 11:56:18AM +0200, Claudio Jeker wrote:
> There is a lot of duplication in iked's imsg_util.c
> Now here is a minimal diff removing all extra parts added that are not
> needed anymore. The removal of ibuf_zero() depends partially on my
> previous imsg diff.
> 
> With my imsg diff allocation are always zeroed so no need to call
> imsg_zero(). In ibuf_release() there is no need to call ibuf_zero() since
> the imsg API is already using freezero(). Also the NULL check is not
> needed. I moved the memset() into ibuf_reserve() so that can also go away.
> 
> Iked does some rather unholy things with ibufs which I want to slowly
> clean up. This is step 1.
> -- 
> :wq Claudio

I am looking forward this.

ok tobhe@

> 
> Index: iked.h
> ===
> RCS file: /cvs/src/sbin/iked/iked.h,v
> retrieving revision 1.210
> diff -u -p -r1.210 iked.h
> --- iked.h5 Mar 2023 22:17:22 -   1.210
> +++ iked.h22 May 2023 15:29:07 -
> @@ -1282,7 +1282,6 @@ struct ibuf *
>ibuf_random(size_t);
>  int   ibuf_prepend(struct ibuf *, void *, size_t);
>  void *ibuf_advance(struct ibuf *, size_t);
> -void  ibuf_zero(struct ibuf *);
>  int   ibuf_strcat(struct ibuf **, const char *);
>  int   ibuf_strlen(struct ibuf *);
>  
> Index: imsg_util.c
> ===
> RCS file: /cvs/src/sbin/iked/imsg_util.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 imsg_util.c
> --- imsg_util.c   17 May 2021 08:14:37 -  1.13
> +++ imsg_util.c   22 May 2023 15:28:39 -
> @@ -42,12 +42,6 @@ ibuf_cat(struct ibuf *dst, struct ibuf *
>   return (ibuf_add(dst, src->buf, ibuf_size(src)));
>  }
>  
> -void
> -ibuf_zero(struct ibuf *buf)
> -{
> - explicit_bzero(buf->buf, buf->wpos);
> -}
> -
>  struct ibuf *
>  ibuf_new(const void *data, size_t len)
>  {
> @@ -57,8 +51,6 @@ ibuf_new(const void *data, size_t len)
>   IKED_MSGBUF_MAX)) == NULL)
>   return (NULL);
>  
> - ibuf_zero(buf);
> -
>   if (len == 0)
>   return (buf);
>  
> @@ -80,37 +72,19 @@ ibuf_new(const void *data, size_t len)
>  struct ibuf *
>  ibuf_static(void)
>  {
> - struct ibuf *buf;
> -
> - if ((buf = ibuf_open(IKED_MSGBUF_MAX)) == NULL)
> - return (NULL);
> -
> - ibuf_zero(buf);
> -
> - return (buf);
> + return ibuf_open(IKED_MSGBUF_MAX);
>  }
>  
>  void *
>  ibuf_advance(struct ibuf *buf, size_t len)
>  {
> - void*ptr;
> -
> - if ((ptr = ibuf_reserve(buf, len)) != NULL)
> - memset(ptr, 0, len);
> -
> - return (ptr);
> + return ibuf_reserve(buf, len);
>  }
>  
>  void
>  ibuf_release(struct ibuf *buf)
>  {
> - if (buf == NULL)
> - return;
> - if (buf->buf != NULL) {
> - ibuf_zero(buf);
> - free(buf->buf);
> - }
> - free(buf);
> + ibuf_free(buf);
>  }
>  
>  size_t
> 

apldc/aplhidev: enable LEDs in xorg

[Tobias Heider]

This patch enables the capslock LED on apple m1/m2 laptops in xenocara.
Console mode was already working by setting the correct accessop, for
X we are missing an ioctl handler.

Only tested on apldc but the aplhidev code looks identical so the fix
should be the same.

Index: apldc.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/apldc.c,v
retrieving revision 1.6
diff -u -p -r1.6 apldc.c
--- apldc.c 26 Mar 2023 09:34:06 -  1.6
+++ apldc.c 9 Apr 2023 20:52:25 -
@@ -1169,6 +1169,9 @@ apldckbd_ioctl(void *v, u_long cmd, cadd
/* XXX: should we set something else? */
*(u_int *)data = WSKBD_TYPE_USB;
return 0;
+   case WSKBDIO_SETLEDS:
+   apldckbd_set_leds(v, *(int *)data);
+   return 0;
default:
return hidkbd_ioctl(kbd, cmd, data, flag, p);
}
Index: aplhidev.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/aplhidev.c,v
retrieving revision 1.10
diff -u -p -r1.10 aplhidev.c
--- aplhidev.c  21 Nov 2022 14:39:23 -  1.10
+++ aplhidev.c  9 Apr 2023 20:52:25 -
@@ -596,6 +596,9 @@ aplkbd_ioctl(void *v, u_long cmd, caddr_
/* XXX: should we set something else? */
*(u_int *)data = WSKBD_TYPE_USB;
return 0;
+   case WSKBDIO_SETLEDS:
+   aplkbd_set_leds(v, *(int *)data);
+   return 0;
default:
return hidkbd_ioctl(kbd, cmd, data, flag, p);
}

Re: ps(1): fix command alignment

[Tobias Heider]

On Wed, Mar 08, 2023 at 01:37:18AM +0100, Tobias Heider wrote:
> Hi,
> 
> I was playing with ps today and noticed that the alignment of everything
> following the "command" keyword seems to be broken currently.  An easy way
> to test this is running ps -axo command,uid which gives me a wrongly aligned
> uid for some processes:
> 
> /usr/X11R6/bin/X35
> X: [priv] (Xorg)0
> xenodm: :0 (xeno)0
> 
> It look like this was broken in 1.83 which introduces print_comm_name() but

Oops, print.c - rev 1.85 is what i meant

ps(1): fix command alignment

[Tobias Heider]

Hi,

I was playing with ps today and noticed that the alignment of everything
following the "command" keyword seems to be broken currently.  An easy way
to test this is running ps -axo command,uid which gives me a wrongly aligned
uid for some processes:

/usr/X11R6/bin/X35
X: [priv] (Xorg)0
xenodm: :0 (xeno)0

It look like this was broken in 1.83 which introduces print_comm_name() but
wrongly assumes the returned value is the length difference when it actually
is the updated length value. With this fixed I get a correctly aligned output:

/usr/X11R6/bin/X35
X: [priv] (Xorg) 0
xenodm: :0 (xeno 0

ok?

diff --git bin/ps/print.c bin/ps/print.c
index 21709700847..65fa9ee9eb0 100644
--- bin/ps/print.c
+++ bin/ps/print.c
@@ -182,7 +182,7 @@ command(const struct pinfo *pi, VARENT *ve)
}
putchar('(');
left--;
-   left -= print_comm_name(kp, left, 0);
+   left = print_comm_name(kp, left, 0);
if (left == 0)
return;
putchar(')');
@@ -193,7 +193,7 @@ command(const struct pinfo *pi, VARENT *ve)
putchar(' ');
left--;
}
-   left -= print_comm_name(kp, left, 0);
+   left = print_comm_name(kp, left, 0);
}
}
if (ve->next != NULL)

Re: Authentication in OpenIKED

[Tobias Heider]

On Wed, Mar 01, 2023 at 04:53:00PM +, Stuart Henderson wrote:
> [from misc]
> > > I don't see that in the iked.conf manual. There is some reference to not
> > > using psk in /etc/examples/iked.conf but it's not clear whether that's
> > > because of the need to share a single psk with all endpoints connecting
> > > via the same iked.conf configuration line (certainly a problem when
> > > you have multiple users from unknown IPs but perhaps not if used for
> > > separately-configured lan-to-lan tunnels with strong randomly generated
> > > psks) or whether it's something else.
> > 
> > We should probably remove that comment.
> > 
> > I think there is actually no reason to avoid PSK in IKEv2 if both endpoints
> > are trusted. Of course it doesn't scale well and all security considerations
> > for shared WiFi passwords apply here as well, but there isn't an obvious
> > weakeness like the plain text passphrase being sent over the network.
> > Expecting people to generate X509 certificates for simple peer-to-peer 
> > setups
> > seems a lot worse.
> 
> How about this? Show a strong psk in the example, plus the existing
> "win7" config is a bit strange, using 'config address' to set a fixed
> single address while tunnelling a subnet, so I've replaced it with a
> config that is probably more common in real life where the tunnel is
> used for all traffic (which is a bit more tricky to configure if
> you're new to this).

Definitly better than what we had before. Thanks!

> 
> 
> Index: iked.conf
> ===
> RCS file: /cvs/src/etc/examples/iked.conf,v
> retrieving revision 1.1
> diff -u -p -r1.1 iked.conf
> --- iked.conf 11 Jul 2014 21:20:10 -  1.1
> +++ iked.conf 1 Mar 2023 16:50:12 -
> @@ -6,13 +6,14 @@
>  #user "user1" "password123"
>  #user "user2" "password456"
> 
> -# Configuration for clients connecting with EAP authentication.
> +# Configuration for clients connecting with EAP authentication
> +# and sending all traffic over the IKEv2 tunnel.
>  # Remember to set up a PKI, see ikectl(8) for more information.
> -#ikev2 "win7" passive esp \
> -#from 10.1.0.0/24 to 10.2.0.0/24 \
> +#ikev2 "eapclient" passive esp \
> +#from any to dynamic \
>  #local any peer any \
>  #eap "mschap-v2" \
> -#config address 10.2.0.1 \
> +#config address 10.2.0.0/24 \
>  #config name-server 10.1.0.2 \
>  #tag "$name-$id"
> 
> @@ -22,4 +23,4 @@
>  #from 10.5.0.0/24 to 10.1.0.0/24 \
>  #from 10.5.0.0/24 to 172.16.1.0/24 \
>  #local 192.168.1.1 peer 192.168.2.1 \
> -#psk "you-should-not-use-psk-authentication!"
> +#psk "tyBNv13zuo3rg1WVXlaI1g1tTYNzwk962mMUYIvaLh2x8vvvyA"
> 

Re: wsmouse(4): multi-touch buttons again

[Tobias Heider]

On Thu, Feb 23, 2023 at 10:25:15AM -0600, joshua stein wrote:
> On Thu, 23 Feb 2023 at 17:05:53 +0100, Tobias Heider wrote:
> > Wow, thank you for looking into this! I've used your version for a few days
> > now and it works really well for me (on a m2 macbook air).  I actually think
> > the default works so well that we can default to 0 for param 143.
> > 
> > IMO we can add it to the tree at this point to give others the change to
> > test it before the diff gets even bigger.
> 
> But please add properly named knobs to wsconsctl for this first, and 
> preferably for all of the other hidden settings that were added with 
> wstpad.  Expecting users to enable, let alone find, 
> "mouse.tp.param=72:1" is ridiculous.
> 
> On one of my laptops I wanted to disable the middle soft button and 
> had to dig through the code to figure out that I had to use 
> "wsconsctl mouse.tp.param=65:0".
> 

Absolutely. I assumed once it goes in it gets a name.

I called it tp.mtbuttons in my intitial diff because that was the
best thing I could come up with.  The libinput docs call it
"clickfinger" behavior [1]. I don't have a strong preference as
long as it has a name.

[1] 
https://wayland.freedesktop.org/libinput/doc/latest/clickpad-softbuttons.html#clickfinger

Re: wsmouse(4): multi-touch buttons again

[Tobias Heider]

On Tue, Feb 21, 2023 at 08:10:36PM +0100, Ulf Brosziewski wrote:
> This diff is an extension of Tobias Heider's proposal, which aims at
> providing "Apple-like" button inputs on clickpads.  I have added some
> things in order to approximate the behaviour of other input drivers.
> 
> It's a quick shot, and I have no idea whether it is sufficient in
> practice, it certainly needs thorough testing.
> 
> The wsconsctl part doesn't provide a named field yet.  With a
> recompiled wsconsctl and kernel, the command
> 
> # wsconsctl mouse.param=72:1
> 
> activates the feature, if it is available (see below).
> 
> The patch contains a simple filter for distinguishing the two-finger
> inputs that should trigger right-button events from the ones that
> shouldn't:  If the distance between two contacts is small, the driver
> generates a right-button event; if it is greater than some threshold
> value, the second contact will be ignored.
> 
> When a touch is resting in the bottom area, it will be ignored, and no
> further filtering applies to the other touches.
> 
> You can inspect the threshold value with
> 
> # wsconsctl mouse.param=143
> 
> and change it with
> 
> # wsconsctl mouse.param=143:
> 
> The value is given in device units.  If the driver for your touchpad is
> imt(4), the default should correspond, roughly, to a distance of 35mm.
> The threshold is reduced by one third if a two-finger click involves a
> touch in the bottom area.  (On medium-sized touchpads, this may be
> necessary to leave enough room for left-button clicks performed by the
> thumb while the pointer-controlling touch remains on the touchpad.)
> 
> The feature won't work decently on small touchpads, and it cannot work
> on touchpads without MT-support in our kernel.  wsmouse checks whether
> a touchpad
> 1) has MT support,
> 2) is a clickpad,
> 3) its resolution is reported to wsmouse,
> 4) it reports a horizontal size greater than 100mm, and
> 5) a vertical size greater than 60mm.
> 
> If these conditions aren't met, wsmouse sets the distance limit to -1,
> which blocks the MTBUTTONS feature.  I think only imt(4) touchpads can
> meet these criteria; however, the value can be overridden manually or
> programmatically, and ubcmtp and aplms do this on initialization.
> These drivers don't report resolution values; the distance limit will
> be set to a fourth of the length of the touchpad diagonal.  That's a
> workaround based on a wild guess, and I couldn't test it with Apple
> hardware.  If you want to apply it to an Elantech-v4 touchpad run by
> pms(4), try
> 
> # wsconsctl mouse.param=143:0,72:1
> 
> (A change from -1 to 0 will trigger the workaround.)

Wow, thank you for looking into this! I've used your version for a few days
now and it works really well for me (on a m2 macbook air).  I actually think
the default works so well that we can default to 0 for param 143.

IMO we can add it to the tree at this point to give others the change to
test it before the diff gets even bigger.

> 
> 
> diff --git a/sbin/wsconsctl/mousecfg.c b/sbin/wsconsctl/mousecfg.c
> index 76a9984bd86..d6609218372 100644
> --- a/sbin/wsconsctl/mousecfg.c
> +++ b/sbin/wsconsctl/mousecfg.c
> @@ -40,9 +40,9 @@
>  #define TP_FILTER_FIRST  WSMOUSECFG_DX_MAX
>  #define TP_FILTER_LAST   WSMOUSECFG_SMOOTHING
>  #define TP_FEATURES_FIRSTWSMOUSECFG_SOFTBUTTONS
> -#define TP_FEATURES_LAST WSMOUSECFG_DISABLE
> +#define TP_FEATURES_LAST WSMOUSECFG_MTBUTTONS
>  #define TP_SETUP_FIRST   WSMOUSECFG_LEFT_EDGE
> -#define TP_SETUP_LASTWSMOUSECFG_TAP_THREE_BTNMAP
> +#define TP_SETUP_LASTWSMOUSECFG_MTBTN_MAXDIST
>  #define LOG_FIRSTWSMOUSECFG_LOG_INPUT
>  #define LOG_LAST WSMOUSECFG_LOG_EVENTS
> 
> diff --git a/sys/arch/arm64/dev/aplhidev.c b/sys/arch/arm64/dev/aplhidev.c
> index 265c5196168..b3bf4838fe8 100644
> --- a/sys/arch/arm64/dev/aplhidev.c
> +++ b/sys/arch/arm64/dev/aplhidev.c
> @@ -680,6 +680,10 @@ struct ubcmtp_finger {
>  /* Use a constant, synaptics-compatible pressure value for now. */
>  #define DEFAULT_PRESSURE 40
> 
> +static struct wsmouse_param aplms_wsmousecfg[] = {
> + { WSMOUSECFG_MTBTN_MAXDIST, 0 }, /* 0: Compute a default value. */
> +};
> +
>  struct aplms_softc {
>   struct device   sc_dev;
>   struct device   *sc_wsmousedev;
> @@ -759,7 +763,8 @@ aplms_configure(struct aplms_softc *sc)
>   hw->mt_slots = UBCMTP_MAX_FINGERS;
>   hw->flags = WSMOUSEHW_MT_TRACKING;
> 
> - return wsmouse_configure(sc->sc_wsmousedev, NULL, 0);
> + return wsmouse_configure(sc->sc_wsmousedev,
> + aplms_wsmousecfg, nitems(aplms_wsmousecfg));
>  }
> 
>  void
> diff --git a/sys/dev/hid/hidmt.c b/sys/dev/hid/hidmt.c
> index 62b500a4f44..9e01fe597bf 100644
> --- a/sys/dev/hid/hidmt.c
> +++ b/sys/dev/hid/hidmt.c
> @@ -103,7 +103,7 @@ hidmt_get_resolution(struct hid_item *h)
>   phy_extent *= 10;
> 

proc.c: remove some dead code

[Tobias Heider]

Many of our networking daemons use proc.c to set up processes and ipc. I 
couldn't
find two that are actually exactly the same, but it looks like none of them are 
ever
using proc_ispeer, so here is a diff to delete it from all of them.

Index: sbin/iked/proc.c
===
RCS file: /cvs/src/sbin/iked/proc.c,v
retrieving revision 1.35
diff -u -p -r1.35 proc.c
--- sbin/iked/proc.c20 Apr 2021 21:11:56 -  1.35
+++ sbin/iked/proc.c15 Feb 2023 10:56:52 -
@@ -39,23 +39,10 @@ enum privsep_procid privsep_process;
 voidproc_open(struct privsep *, struct privsep_proc *,
struct privsep_proc *, size_t);
 voidproc_close(struct privsep *);
-int proc_ispeer(struct privsep_proc *, unsigned int, enum privsep_procid);
 voidproc_shutdown(struct privsep_proc *);
 voidproc_sig_handler(int, short, void *);
 voidproc_range(struct privsep *, enum privsep_procid, int *, int *);
 int proc_dispatch_null(int, struct privsep_proc *, struct imsg *);
-
-int
-proc_ispeer(struct privsep_proc *procs, unsigned int nproc,
-enum privsep_procid type)
-{
-   unsigned inti;
-
-   for (i = 0; i < nproc; i++)
-   if (procs[i].p_id == type)
-   return (1);
-   return (0);
-}
 
 void
 proc_init(struct privsep *ps, struct privsep_proc *procs, unsigned int nproc)
Index: usr.sbin/httpd/proc.c
===
RCS file: /cvs/src/usr.sbin/httpd/proc.c,v
retrieving revision 1.41
diff -u -p -r1.41 proc.c
--- usr.sbin/httpd/proc.c   4 Dec 2021 06:52:58 -   1.41
+++ usr.sbin/httpd/proc.c   15 Feb 2023 10:56:52 -
@@ -43,23 +43,10 @@ void proc_open(struct privsep *, int, i
 voidproc_accept(struct privsep *, int, enum privsep_procid,
unsigned int);
 voidproc_close(struct privsep *);
-int proc_ispeer(struct privsep_proc *, unsigned int, enum privsep_procid);
 voidproc_shutdown(struct privsep_proc *);
 voidproc_sig_handler(int, short, void *);
 voidproc_range(struct privsep *, enum privsep_procid, int *, int *);
 int proc_dispatch_null(int, struct privsep_proc *, struct imsg *);
-
-int
-proc_ispeer(struct privsep_proc *procs, unsigned int nproc,
-enum privsep_procid type)
-{
-   unsigned inti;
-
-   for (i = 0; i < nproc; i++)
-   if (procs[i].p_id == type)
-   return (1);
-   return (0);
-}
 
 enum privsep_procid
 proc_getid(struct privsep_proc *procs, unsigned int nproc,
Index: usr.sbin/relayd/proc.c
===
RCS file: /cvs/src/usr.sbin/relayd/proc.c,v
retrieving revision 1.43
diff -u -p -r1.43 proc.c
--- usr.sbin/relayd/proc.c  3 Sep 2022 20:07:31 -   1.43
+++ usr.sbin/relayd/proc.c  15 Feb 2023 10:56:52 -
@@ -43,23 +43,10 @@ void proc_open(struct privsep *, int, i
 voidproc_accept(struct privsep *, int, enum privsep_procid,
unsigned int);
 voidproc_close(struct privsep *);
-int proc_ispeer(struct privsep_proc *, unsigned int, enum privsep_procid);
 voidproc_shutdown(struct privsep_proc *);
 voidproc_sig_handler(int, short, void *);
 voidproc_range(struct privsep *, enum privsep_procid, int *, int *);
 int proc_dispatch_null(int, struct privsep_proc *, struct imsg *);
-
-int
-proc_ispeer(struct privsep_proc *procs, unsigned int nproc,
-enum privsep_procid type)
-{
-   unsigned inti;
-
-   for (i = 0; i < nproc; i++)
-   if (procs[i].p_id == type)
-   return (1);
-   return (0);
-}
 
 enum privsep_procid
 proc_getid(struct privsep_proc *procs, unsigned int nproc,
Index: usr.sbin/snmpd/proc.c
===
RCS file: /cvs/src/usr.sbin/snmpd/proc.c,v
retrieving revision 1.27
diff -u -p -r1.27 proc.c
--- usr.sbin/snmpd/proc.c   30 Jun 2020 17:11:49 -  1.27
+++ usr.sbin/snmpd/proc.c   15 Feb 2023 10:56:52 -
@@ -43,23 +43,10 @@ void proc_open(struct privsep *, int, i
 voidproc_accept(struct privsep *, int, enum privsep_procid,
unsigned int);
 voidproc_close(struct privsep *);
-int proc_ispeer(struct privsep_proc *, unsigned int, enum privsep_procid);
 voidproc_shutdown(struct privsep_proc *);
 voidproc_sig_handler(int, short, void *);
 voidproc_range(struct privsep *, enum privsep_procid, int *, int *);
 int proc_dispatch_null(int, struct privsep_proc *, struct imsg *);
-
-int
-proc_ispeer(struct privsep_proc *procs, unsigned int nproc,
-enum privsep_procid type)
-{
-   unsigned inti;
-
-   for (i = 0; i < nproc; i++)
-   if (procs[i].p_id == type)
-   return (1);
-   return (0);
-}
 
 enum privsep_procid
 proc_getid(struct privsep_proc *procs, unsigned int nproc,
Index: 

iked(8): support multiple name servers as client

[Tobias Heider]

Hi,

iked currently enforces an arbitrary limit of only a single remote name
server.  As we have found out, a good reason to support more than one
is to have a backup when the connection to that server fails for some
reason.

With the diff below we can support all the name servers we get and
fall back to the next one if one connection dies.

ok?

Index: vroute.c
===
RCS file: /cvs/src/sbin/iked/vroute.c,v
retrieving revision 1.17
diff -u -p -r1.17 vroute.c
--- vroute.c18 Jul 2022 19:32:16 -  1.17
+++ vroute.c8 Feb 2023 20:46:13 -
@@ -76,12 +76,14 @@ TAILQ_HEAD(vroute_routes, vroute_route);
 struct vroute_dns {
struct  sockaddr_storagevd_addr;
int vd_ifidx;
+   TAILQ_ENTRY(vroute_dns) vd_entry;
 };
+TAILQ_HEAD(vroute_dnss, vroute_dns);
 
 struct iked_vroute_sc {
struct vroute_addrs  ivr_addrs;
struct vroute_routes ivr_routes;
-   struct vroute_dns   *ivr_dns;
+   struct vroute_dnss   ivr_dnss;
struct event ivr_routeev;
int  ivr_iosock;
int  ivr_iosock6;
@@ -103,6 +105,7 @@ vroute_rtmsg_cb(int fd, short events, vo
 {
struct iked *env = (struct iked *) arg;
struct iked_vroute_sc   *ivr = env->sc_vroute;
+   struct vroute_dns   *dns;
static uint8_t  *buf;
struct rt_msghdr*rtm;
ssize_t  n;
@@ -133,11 +136,12 @@ vroute_rtmsg_cb(int fd, short events, vo
 
switch(rtm->rtm_type) {
case RTM_PROPOSAL:
-   if (rtm->rtm_priority == RTP_PROPOSAL_SOLICIT &&
-   ivr->ivr_dns) {
-   log_debug("%s: got solicit", __func__);
-   vroute_dodns(env, (struct sockaddr 
*)>ivr_dns->vd_addr, 1,
-   ivr->ivr_dns->vd_ifidx);
+   if (rtm->rtm_priority == RTP_PROPOSAL_SOLICIT) {
+   TAILQ_FOREACH(dns, >ivr_dnss, vd_entry) {
+   log_debug("%s: got solicit", __func__);
+   vroute_dodns(env, (struct sockaddr *) 
>vd_addr,
+   1, dns->vd_ifidx);
+   }
}
break;
default:
@@ -171,6 +175,7 @@ vroute_init(struct iked *env)
fatal("%s: setsockopt(ROUTE_MSGFILTER)", __func__);
 
TAILQ_INIT(>ivr_addrs);
+   TAILQ_INIT(>ivr_dnss);
TAILQ_INIT(>ivr_routes);
 
ivr->ivr_pid = getpid();
@@ -189,6 +194,7 @@ vroute_cleanup(struct iked *env)
struct iked_vroute_sc   *ivr = env->sc_vroute;
struct vroute_addr  *addr;
struct vroute_route *route;
+   struct vroute_dns   *dns;
 
while ((addr = TAILQ_FIRST(>ivr_addrs))) {
if_indextoname(addr->va_ifidx, ifname);
@@ -209,10 +215,11 @@ vroute_cleanup(struct iked *env)
free(route);
}
 
-   if (ivr->ivr_dns) {
-   vroute_dodns(env, (struct sockaddr *)>ivr_dns->vd_addr, 0,
-   ivr->ivr_dns->vd_ifidx);
-   free(ivr->ivr_dns);
+   while ((dns = TAILQ_FIRST(>ivr_dnss))) {
+   vroute_dodns(env, (struct sockaddr *)>vd_addr, 0,
+   dns->vd_ifidx);
+   TAILQ_REMOVE(>ivr_dnss, dns, vd_entry);
+   free(dns);
}
 }
 
@@ -334,7 +341,6 @@ vroute_setdns(struct iked *env, int add,
 int
 vroute_getdns(struct iked *env, struct imsg *imsg)
 {
-   struct iked_vroute_sc   *ivr = env->sc_vroute;
struct sockaddr *dns;
uint8_t *ptr;
size_t   left;
@@ -361,12 +367,8 @@ vroute_getdns(struct iked *env, struct i
 
add = (imsg->hdr.type == IMSG_VDNS_ADD);
if (add) {
-   if (ivr->ivr_dns != NULL)
-   return (0);
vroute_insertdns(env, ifidx, dns);
} else {
-   if (ivr->ivr_dns == NULL)
-   return (0);
vroute_removedns(env, ifidx, dns);
}
 
@@ -432,19 +434,23 @@ vroute_insertdns(struct iked *env, int i
memcpy(>vd_addr, addr, addr->sa_len);
dns->vd_ifidx = ifidx;
 
-   ivr->ivr_dns = dns;
+   TAILQ_INSERT_TAIL(>ivr_dnss, dns, vd_entry);
 }
 
 void
 vroute_removedns(struct iked *env, int ifidx, struct sockaddr *addr)
 {
struct iked_vroute_sc   *ivr = env->sc_vroute;
+   struct vroute_dns   *dns, *tdns;
+
+   TAILQ_FOREACH_SAFE(dns, >ivr_dnss, vd_entry, tdns) {
+   if (ifidx != dns->vd_ifidx)
+   continue;
+   if (sockaddr_cmp(addr, (struct sockaddr *) >vd_addr, -1))
+   continue;
 
-   if (ifidx == ivr->ivr_dns->vd_ifidx &&
-   sockaddr_cmp(addr, (struct sockaddr *)
- 

Re: wsmouse(4): Apple-like multi-touch buttons

[Tobias Heider]

On Mon, Sep 19, 2022 at 11:16:51AM +0200, Ulf Brosziewski wrote:
> Is there enough interest in this feature among OpenBSD users?  I haven't
> seen many requests for it, if any.  Moreover, is it a good idea to configure
> different input methods on this or that hardware just because another OS
> has different defaults?
> 
> Just in case the answer to these questions turns out to be "yes", here are
> some remarks on the diff.

I do still believe that there is interest in this feature based on the feedback
I got from other devs. Having it available as a non-default option as kettenis@
said would be good enough.

Below is a revised version of the diff that adds a new mouse.tp.mtbuttons config
option. It can either be enabled via wsconsctl mouse.tp.mtbuttons=1 or by
adding mouse.tp.mtbuttons=1 to your /etc/wsconsctl.conf.

ok?

Index: sys/dev/wscons/wsconsio.h
===
RCS file: /cvs/src/sys/dev/wscons/wsconsio.h,v
retrieving revision 1.98
diff -u -p -r1.98 wsconsio.h
--- sys/dev/wscons/wsconsio.h   15 Jul 2022 17:57:27 -  1.98
+++ sys/dev/wscons/wsconsio.h   5 Feb 2023 15:35:39 -
@@ -319,6 +319,7 @@ enum wsmousecfg {
WSMOUSECFG_SWAPSIDES,   /* invert soft-button/scroll areas */
WSMOUSECFG_DISABLE, /* disable all output except for
   clicks in the top-button area */
+   WSMOUSECFG_MTBUTTONS,   /* multi-touch buttons */
 
/*
 * Touchpad options
Index: sys/dev/wscons/wstpad.c
===
RCS file: /cvs/src/sys/dev/wscons/wstpad.c,v
retrieving revision 1.31
diff -u -p -r1.31 wstpad.c
--- sys/dev/wscons/wstpad.c 9 Jun 2022 22:17:18 -   1.31
+++ sys/dev/wscons/wstpad.c 5 Feb 2023 15:35:39 -
@@ -72,6 +72,7 @@
 enum tpad_handlers {
SOFTBUTTON_HDLR,
TOPBUTTON_HDLR,
+   MTBUTTON_HDLR,
TAP_HDLR,
F2SCROLL_HDLR,
EDGESCROLL_HDLR,
@@ -149,6 +150,7 @@ struct tpad_touch {
 #define WSTPAD_HORIZSCROLL (1 << 5)
 #define WSTPAD_SWAPSIDES   (1 << 6)
 #define WSTPAD_DISABLE (1 << 7)
+#define WSTPAD_MTBUTTONS   (1 << 8)
 
 #define WSTPAD_MT  (1 << 31)
 
@@ -646,7 +648,17 @@ wstpad_softbuttons(struct wsmouseinput *
}
 
if (tp->softbutton == 0 && PRIMARYBTN_CLICKED(tp)) {
-   tp->softbutton = wstpad_get_sbtn(input, top);
+   if (hdlr == MTBUTTON_HDLR) {
+   switch (tp->contacts) {
+   case 2:
+   tp->softbutton = RIGHTBTN;
+   break;
+   case 3:
+   tp->softbutton = MIDDLEBTN;
+   break;
+   }
+   } else
+   tp->softbutton = wstpad_get_sbtn(input, top);
if (tp->softbutton)
*cmds |= 1 << SOFTBUTTON_DOWN;
}
@@ -1237,12 +1249,14 @@ wstpad_process_input(struct wsmouseinput
cmds = 0;
handlers = tp->handlers;
if (DISABLE(tp))
-   handlers &= ((1 << TOPBUTTON_HDLR) | (1 << SOFTBUTTON_HDLR));
+   handlers &= ((1 << TOPBUTTON_HDLR) | (1 << SOFTBUTTON_HDLR) |
+   (1 << MTBUTTON_HDLR));
 
FOREACHBIT(handlers, hdlr) {
switch (hdlr) {
case SOFTBUTTON_HDLR:
case TOPBUTTON_HDLR:
+   case MTBUTTON_HDLR:
wstpad_softbuttons(input, , hdlr);
continue;
case TAP_HDLR:
@@ -1621,6 +1635,8 @@ wstpad_configure(struct wsmouseinput *in
 
tp->handlers = 0;
 
+   if (tp->features & WSTPAD_MTBUTTONS)
+   tp->handlers |= 1 << MTBUTTON_HDLR;
if (tp->features & WSTPAD_SOFTBUTTONS)
tp->handlers |= 1 << SOFTBUTTON_HDLR;
if (tp->features & WSTPAD_TOPBUTTONS)
@@ -1691,7 +1707,7 @@ wstpad_set_param(struct wsmouseinput *in
return (EINVAL);
 
switch (key) {
-   case WSMOUSECFG_SOFTBUTTONS ... WSMOUSECFG_DISABLE:
+   case WSMOUSECFG_SOFTBUTTONS ... WSMOUSECFG_MTBUTTONS:
switch (key) {
case WSMOUSECFG_SOFTBUTTONS:
flag = WSTPAD_SOFTBUTTONS;
@@ -1717,6 +1733,9 @@ wstpad_set_param(struct wsmouseinput *in
case WSMOUSECFG_DISABLE:
flag = WSTPAD_DISABLE;
break;
+   case WSMOUSECFG_MTBUTTONS:
+   flag = WSTPAD_MTBUTTONS;
+   break;
}
if (val)
tp->features |= flag;
@@ -1785,7 +1804,7 @@ wstpad_get_param(struct wsmouseinput *in
return (EINVAL);
 
switch (key) {
-   case WSMOUSECFG_SOFTBUTTONS ... WSMOUSECFG_DISABLE:
+   case 

Re: openssh: update ed25519 and squash into a single file

[Tobias Heider]

On Sat, Jan 14, 2023 at 04:29:04PM +1100, Damien Miller wrote:
> 
> 
> On Fri, 13 Jan 2023, Damien Miller wrote:
> 
> > Hi,
> > 
> > Forewarning: this is a big, noisy diff. Also on Github at
> > https://github.com/djmdjm/openssh-wip/pull/18
> > 
> > This updates the ED25519 code to the latest version of SUPERCOP (20221122),
> > but the real motivation for this is to move the ED25519 code to the same
> > approach we use for the Streamlined NTRUPrime code: using a shell-script
> > to extract the bits we want from SUPERCOP and squish them all into a
> > single file.
> > 
> > This removes a bunch of exported function names, a bit of unused
> > code and means that all the ED25519 code is in a single file rather
> > than eight.
> > 
> > To review this, it's probably best to run the shellscript locally
> > (use sh ed25519.sh /path/to/directory/with/supercop) and inspect the
> > output. Apart from the original ed25519.c (assembled from the keypair.c,
> > sign.c and open.c files in SUPERCOP) there are no substantial changes.
> 
> Here's a better way to look at the substantive changes:
> 
> 1. Assemble the existing ed25519 code in the same order as how this
>patch arranges things:
> 
> cat verify.c fe25519.h fe25519.c sc25519.h sc25519.c \
> ge25519.h ge25519.c ed25519.c | \
> sed -e '/#include "ge25519_base.data"/r ge25519_base.data' \
> -e '/#include.*/d'  > ed25519.c.old
> 
> 2. Apply the patch
> 
> 3. Diff the original and new code (below)
> 
> This isn't completely without noise, but it lets you see the substantive
> changes clearly.
> 
> -d

works and looks a lot cleaner than before.

ok tobhe@

> 
> 
> 
> 
> --- /tmp/ed25519.cSat Jan 14 16:25:09 2023
> +++ ed25519.c Sat Jan 14 16:25:41 2023
> @@ -1,12 +1,30 @@
> -/* $OpenBSD: verify.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
> +/*  $OpenBSD: $ */
>  
>  /*
> - * Public Domain, Author: Daniel J. Bernstein
> - * Copied from nacl-20110221/crypto_verify/32/ref/verify.c
> + * Public Domain, Authors:
> + * - Daniel J. Bernstein
> + * - Niels Duif
> + * - Tanja Lange
> + * - lead: Peter Schwabe
> + * - Bo-Yin Yang
>   */
>  
> +#include 
>  
> -int crypto_verify_32(const unsigned char *x,const unsigned char *y)
> +#include "crypto_api.h"
> +
> +#define int8 crypto_int8
> +#define uint8 crypto_uint8
> +#define int16 crypto_int16
> +#define uint16 crypto_uint16
> +#define int32 crypto_int32
> +#define uint32 crypto_uint32
> +#define int64 crypto_int64
> +#define uint64 crypto_uint64
> +
> +/* from supercop-20221122/crypto_verify/32/ref/verify.c */
> +
> +static int crypto_verify_32(const unsigned char *x,const unsigned char *y)
>  {
>unsigned int differentbits = 0;
>  #define F(i) differentbits |= x[i] ^ y[i];
> @@ -44,14 +62,7 @@
>F(31)
>return (1 & ((differentbits - 1) >> 8)) - 1;
>  }
> -/* $OpenBSD: fe25519.h,v 1.3 2013/12/09 11:03:45 markus Exp $ */
> -
> -/*
> - * Public Domain, Authors: Daniel J. Bernstein, Niels Duif, Tanja Lange,
> - * Peter Schwabe, Bo-Yin Yang.
> - * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.h
> - */
> -
> +/* from supercop-20221122/crypto_sign/ed25519/ref/fe25519.h */
>  #ifndef FE25519_H
>  #define FE25519_H
>  
> @@ -80,52 +91,45 @@
>  }
>  fe25519;
>  
> -void fe25519_freeze(fe25519 *r);
> +static void fe25519_freeze(fe25519 *r);
>  
> -void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
> +static void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
>  
> -void fe25519_pack(unsigned char r[32], const fe25519 *x);
> +static void fe25519_pack(unsigned char r[32], const fe25519 *x);
>  
> -int fe25519_iszero(const fe25519 *x);
> +static int fe25519_iszero(const fe25519 *x);
>  
> -int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
> +static int fe25519_iseq_vartime(const fe25519 *x, const fe25519 *y);
>  
> -void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
> +static void fe25519_cmov(fe25519 *r, const fe25519 *x, unsigned char b);
>  
> -void fe25519_setone(fe25519 *r);
> +static void fe25519_setone(fe25519 *r);
>  
> -void fe25519_setzero(fe25519 *r);
> +static void fe25519_setzero(fe25519 *r);
>  
> -void fe25519_neg(fe25519 *r, const fe25519 *x);
> +static void fe25519_neg(fe25519 *r, const fe25519 *x);
>  
>  unsigned char fe25519_getparity(const fe25519 *x);
>  
> -void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
> +static void fe25519_add(fe25519 *r, const fe25519 *x, const fe25519 *y);
>  
> -void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
> +static void fe25519_sub(fe25519 *r, const fe25519 *x, const fe25519 *y);
>  
> -void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
> +static void fe25519_mul(fe25519 *r, const fe25519 *x, const fe25519 *y);
>  
> -void fe25519_square(fe25519 *r, const fe25519 *x);
> +static void fe25519_square(fe25519 *r, const fe25519 *x);
>  
> -void fe25519_invert(fe25519 *r, const fe25519 *x);
> +static void fe25519_invert(fe25519 *r, const 

OpenIKED 7.2 released

[Tobias Heider]

We have released OpenIKED 7.2, which will be arriving in the
OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  * Added iked connection statistics counters that can be viewed with
'ikectl show stats'

  * Added support for sending certificate chains in multiple CERT payloads.

  * Added OpenIKED vendor ID payload to improve interoperability with older
versions

  * Improved policy lookup by respecting the srcnat property

  * Fixed nonce comparison bug which lead to sporadic failures because
the wrong Child SA got deleted.

  * Fixed interoperability with implementations sending more than one CERT
payload

  * Fixed a bug where NAT-T was not working correctly on Linux

  * Fixed various bugs and memory leaks.

OpenIKED is known to compile and run on OpenBSD, FreeBSD, NetBSD, macOS
and the Linux distributions Arch, Debian, Fedora and Ubuntu.

It is our hope that packagers take interest and help adapt OpenIKED to
more distributions.

OpenIKED can be downloaded from any of the mirrors listed at
https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED
directory.

General bugs may be reported to b...@openbsd.org. Portable bugs
may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.

Apple arm64 lid_action

[Tobias Heider]

This is the boilerplate code to route lid_action through to aplsmc(4) which I
previously sent as part of another diff.  Depending on how we are going to use
it, the aplsmc(4) part might need a bit of refinement to distinguish between
LID_OPEN/CLOSE events. 

Index: arch/arm64/arm64/acpi_machdep.c
===
RCS file: /cvs/src/sys/arch/arm64/arm64/acpi_machdep.c,v
retrieving revision 1.20
diff -u -p -r1.20 acpi_machdep.c
--- arch/arm64/arm64/acpi_machdep.c 13 Sep 2022 17:14:54 -  1.20
+++ arch/arm64/arm64/acpi_machdep.c 25 Nov 2022 21:22:09 -
@@ -36,7 +36,6 @@
 
 #include "apm.h"
 
-intlid_action;
 intpwr_action = 1;
 
 intacpi_fdt_match(struct device *, void *, void *);
Index: arch/arm64/arm64/machdep.c
===
RCS file: /cvs/src/sys/arch/arm64/arm64/machdep.c,v
retrieving revision 1.77
diff -u -p -r1.77 machdep.c
--- arch/arm64/arm64/machdep.c  24 Nov 2022 14:43:16 -  1.77
+++ arch/arm64/arm64/machdep.c  25 Nov 2022 21:22:09 -
@@ -71,6 +71,7 @@ void (*cpuresetfn)(void);
 void (*powerdownfn)(void);
 
 int cold = 1;
+int lid_action = 1;
 
 struct vm_map *exec_map = NULL;
 struct vm_map *phys_map = NULL;
@@ -322,6 +323,10 @@ extern uint64_t cpu_id_aa64pfr1;
  * machine dependent system variables.
  */
 
+const struct sysctl_bounded_args cpuctl_vars[] = {
+   { CPU_LIDACTION, _action, 0, 2 },
+};
+
 int
 cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 size_t newlen, struct proc *p)
@@ -372,7 +377,8 @@ cpu_sysctl(int *name, u_int namelen, voi
case CPU_ID_AA64ZFR0:
return sysctl_rdquad(oldp, oldlenp, newp, 0);
default:
-   return (EOPNOTSUPP);
+   return (sysctl_bounded_arr(cpuctl_vars, nitems(cpuctl_vars),
+   name, namelen, oldp, oldlenp, newp, newlen));
}
/* NOTREACHED */
 }
Index: arch/arm64/dev/aplsmc.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/aplsmc.c,v
retrieving revision 1.19
diff -u -p -r1.19 aplsmc.c
--- arch/arm64/dev/aplsmc.c 25 Nov 2022 20:33:11 -  1.19
+++ arch/arm64/dev/aplsmc.c 25 Nov 2022 21:22:09 -
@@ -37,6 +37,7 @@
 
 #include "apm.h"
 
+extern int lid_action;
 extern void (*simplefb_burn_hook)(u_int);
 
 extern void (*cpuresetfn)(void);
@@ -390,6 +391,14 @@ aplsmc_handle_notification(struct aplsmc
default:
printf("%s: SMV_EV_TYPE_LID 0x%016llx\n",
   sc->sc_dev.dv_xname, data);
+   break;
+   }
+   switch (lid_action) {
+   case 1: 
+   /* XXX: suspend */
+   break;
+   case 2:
+   /* XXX: hibernate */
break;
}
break;
Index: arch/arm64/include/cpu.h
===
RCS file: /cvs/src/sys/arch/arm64/include/cpu.h,v
retrieving revision 1.31
diff -u -p -r1.31 cpu.h
--- arch/arm64/include/cpu.h24 Nov 2022 14:43:16 -  1.31
+++ arch/arm64/include/cpu.h25 Nov 2022 21:22:09 -
@@ -36,7 +36,8 @@
 #defineCPU_ID_AA64PFR1 9
 #defineCPU_ID_AA64SMFR0   10
 #defineCPU_ID_AA64ZFR011
-#defineCPU_MAXID  12   /* number of valid machdep ids 
*/
+#defineCPU_LIDACTION  12
+#defineCPU_MAXID  13   /* number of valid machdep ids 
*/
 
 #defineCTL_MACHDEP_NAMES { \
{ 0, 0 }, \

Re: aplsmc(4): disable backlight when lid is closed

[Tobias Heider]

On Thu, Nov 24, 2022 at 08:36:48PM +0100, Mark Kettenis wrote:
> > Date: Thu, 24 Nov 2022 19:04:03 +0100
> > From: Tobias Heider 
> > 
> > The diff below disables the screen backlight on apple silicon macs when the
> > lid is closed.
> 
> Can we distinguish lid close events from lid open events?  Might make
> more sense to base the decision to turn the display off based on that
> instead of toggling a variable.
> 
> > Normally, we suspend or hibernate depending on the value of
> > machdep.lid_action.  Since suspend doesn't work reliably yet I think
> > this is a good intermediate solution to save some power while the
> > laptop is idling.
> 
> Even though acpibtn(4) documents 0 as "Do nothing", doesn't it make
> sense to always turn off the display backlight when the lid gets
> closed?
> 
> Then we could actually implement 1 as suspend but just set lid_action
> to 0?

Ok, so let's leave lid_action out of this for now and unconditionally
blank/unblank on lid events. How do you like this?

Index: arch/arm64/dev/aplsmc.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/aplsmc.c,v
retrieving revision 1.18
diff -u -p -r1.18 aplsmc.c
--- arch/arm64/dev/aplsmc.c 14 Nov 2022 11:11:17 -  1.18
+++ arch/arm64/dev/aplsmc.c 24 Nov 2022 22:24:13 -
@@ -37,6 +37,8 @@
 
 #include "apm.h"
 
+extern void (*simplefb_burn_hook)(u_int);
+
 extern void (*cpuresetfn)(void);
 extern void (*powerdownfn)(void);
 
@@ -96,6 +98,10 @@ struct aplsmc_sensor {
 #define SMC_PWRBTN_TOUCHID 0x06
 #define SMC_PWRBTN_LONG0xfe
 
+/* Lid events */
+#define SMC_LID_OPEN   0x00
+#define SMC_LID_CLOSE  0x01
+
 #define APLSMC_BE  (1 << 0)
 #define APLSMC_HIDDEN  (1 << 1)
 
@@ -372,7 +378,20 @@ aplsmc_handle_notification(struct aplsmc
}
break;
case SMC_EV_TYPE_LID:
-   /* XXX Handle lid events. */
+   switch (SMC_EV_SUBTYPE(data)) {
+   case SMC_LID_OPEN:
+   if (simplefb_burn_hook)
+   simplefb_burn_hook(1);
+   break;
+   case SMC_LID_CLOSE:
+   if (simplefb_burn_hook)
+   simplefb_burn_hook(0);
+   break;
+   default:
+   printf("%s: SMV_EV_TYPE_LID 0x%016llx\n",
+  sc->sc_dev.dv_xname, data);
+   break;
+   }
break;
default:
 #ifdef APLSMC_DEBUG

aplsmc(4): disable backlight when lid is closed

[Tobias Heider]

The diff below disables the screen backlight on apple silicon macs when the
lid is closed.

Normally, we suspend or hibernate depending on the value of machdep.lid_action.
Since suspend doesn't work reliably yet I think this is a good intermediate
solution to save some power while the laptop is idling.

ok?

Index: arch/arm64/arm64/acpi_machdep.c
===
RCS file: /cvs/src/sys/arch/arm64/arm64/acpi_machdep.c,v
retrieving revision 1.20
diff -u -p -r1.20 acpi_machdep.c
--- arch/arm64/arm64/acpi_machdep.c 13 Sep 2022 17:14:54 -  1.20
+++ arch/arm64/arm64/acpi_machdep.c 24 Nov 2022 17:57:09 -
@@ -36,7 +36,6 @@
 
 #include "apm.h"
 
-intlid_action;
 intpwr_action = 1;
 
 intacpi_fdt_match(struct device *, void *, void *);
Index: arch/arm64/arm64/machdep.c
===
RCS file: /cvs/src/sys/arch/arm64/arm64/machdep.c,v
retrieving revision 1.77
diff -u -p -r1.77 machdep.c
--- arch/arm64/arm64/machdep.c  24 Nov 2022 14:43:16 -  1.77
+++ arch/arm64/arm64/machdep.c  24 Nov 2022 17:57:09 -
@@ -71,6 +71,7 @@ void (*cpuresetfn)(void);
 void (*powerdownfn)(void);
 
 int cold = 1;
+int lid_action = 1;
 
 struct vm_map *exec_map = NULL;
 struct vm_map *phys_map = NULL;
@@ -322,6 +323,10 @@ extern uint64_t cpu_id_aa64pfr1;
  * machine dependent system variables.
  */
 
+const struct sysctl_bounded_args cpuctl_vars[] = {
+   { CPU_LIDACTION, _action, 0, 2 },
+};
+
 int
 cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 size_t newlen, struct proc *p)
@@ -372,7 +377,8 @@ cpu_sysctl(int *name, u_int namelen, voi
case CPU_ID_AA64ZFR0:
return sysctl_rdquad(oldp, oldlenp, newp, 0);
default:
-   return (EOPNOTSUPP);
+   return (sysctl_bounded_arr(cpuctl_vars, nitems(cpuctl_vars),
+   name, namelen, oldp, oldlenp, newp, newlen));
}
/* NOTREACHED */
 }
Index: arch/arm64/dev/aplsmc.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/aplsmc.c,v
retrieving revision 1.18
diff -u -p -r1.18 aplsmc.c
--- arch/arm64/dev/aplsmc.c 14 Nov 2022 11:11:17 -  1.18
+++ arch/arm64/dev/aplsmc.c 24 Nov 2022 17:57:09 -
@@ -37,6 +37,9 @@
 
 #include "apm.h"
 
+extern int lid_action;
+extern void (*simplefb_burn_hook)(u_int);
+
 extern void (*cpuresetfn)(void);
 extern void (*powerdownfn)(void);
 
@@ -124,6 +127,8 @@ struct aplsmc_softc {
struct ksensor  sc_sensors[APLSMC_MAX_SENSORS];
int sc_nsensors;
struct ksensordev   sc_sensordev;
+
+   int sc_wakeup;
 };
 
 struct aplsmc_softc *aplsmc_sc;
@@ -326,6 +331,8 @@ aplsmc_attach(struct device *parent, str
sensordev_install(>sc_sensordev);
sensor_task_register(sc, aplsmc_refresh_sensors, 5);
 
+   sc->sc_wakeup = 0;
+
 #if NAPM > 0
apm_setinfohook(aplsmc_apminfo);
 #endif
@@ -372,7 +379,14 @@ aplsmc_handle_notification(struct aplsmc
}
break;
case SMC_EV_TYPE_LID:
-   /* XXX Handle lid events. */
+   switch (lid_action) {
+   case 1: /* Suspend */
+   case 2: /* Hibernate */
+   if (simplefb_burn_hook)
+   simplefb_burn_hook(sc->sc_wakeup);
+   sc->sc_wakeup = !sc->sc_wakeup;
+   break;
+   }
break;
default:
 #ifdef APLSMC_DEBUG
Index: arch/arm64/include/cpu.h
===
RCS file: /cvs/src/sys/arch/arm64/include/cpu.h,v
retrieving revision 1.31
diff -u -p -r1.31 cpu.h
--- arch/arm64/include/cpu.h24 Nov 2022 14:43:16 -  1.31
+++ arch/arm64/include/cpu.h24 Nov 2022 17:57:09 -
@@ -36,7 +36,8 @@
 #defineCPU_ID_AA64PFR1 9
 #defineCPU_ID_AA64SMFR0   10
 #defineCPU_ID_AA64ZFR011
-#defineCPU_MAXID  12   /* number of valid machdep ids 
*/
+#defineCPU_LIDACTION  12
+#defineCPU_MAXID  13   /* number of valid machdep ids 
*/
 
 #defineCTL_MACHDEP_NAMES { \
{ 0, 0 }, \

Re: installboot(8): copy apple-boot to ESP

[Tobias Heider]

On Mon, Nov 21, 2022 at 03:09:25PM +, Klemens Nanni wrote:
> On Mon, Nov 21, 2022 at 03:42:37PM +0100, Tobias Heider wrote:
> > Here is a more cleaned up version of the previous diff.  I moved all the
> > firmware logic to a new write_firmware() function.  This should be easy
> > to extend if we decide to ship more firmware this way.
> 
> This seems more tidy.
> 
> > 
> > The diff passes regress and manual tests with and without $ESP/m1n1/,
> > /etc/firmware and /etc/firmware/apple-boot.bin.
> 
> Reads good, but I haven't compile- or run-tested it.
> 
> Comments inline.

One more version with your comments addressed.
better?

Index: efi_installboot.c
===
RCS file: /cvs/src/usr.sbin/installboot/efi_installboot.c,v
retrieving revision 1.7
diff -u -p -r1.7 efi_installboot.c
--- efi_installboot.c   6 Nov 2022 12:33:41 -   1.7
+++ efi_installboot.c   21 Nov 2022 17:58:19 -
@@ -70,6 +70,7 @@
 
 static int create_filesystem(struct disklabel *, char);
 static voidwrite_filesystem(struct disklabel *, char);
+static int write_firmware(const char *, const char *);
 static int findgptefisys(int, struct disklabel *);
 static int findmbrfat(int, struct disklabel *);
 
@@ -308,6 +309,13 @@ write_filesystem(struct disklabel *dl, c
goto umount;
}
 
+   dst[mntlen] = '\0';
+   rslt = write_firmware(root, dst);
+   if (rslt == -1) {
+   warnx("unable to write firmware");
+   goto umount;
+   }
+
rslt = 0;
 
 umount:
@@ -325,6 +333,61 @@ rmdir:
 
if (rslt == -1)
exit(1);
+}
+
+static int
+write_firmware(const char *root, const char *mnt)
+{
+   char dst[PATH_MAX];
+   char fw[PATH_MAX];
+   char *src;
+   struct stat st;
+   int rslt;
+
+   strlcpy(dst, mnt, sizeof(dst));
+
+   /* Skip if no /etc/firmware exists */
+   rslt = snprintf(fw, sizeof(fw), "%s/%s", root, "etc/firmware");
+   if (rslt < 0 || rslt >= PATH_MAX) {
+   warnx("unable to build /etc/firmware path");
+   return -1;
+   }
+   if ((stat(fw, ) != 0) || !S_ISDIR(st.st_mode))
+   return 0;
+
+   /* Copy apple-boot firmware to /m1n1/boot.bin if available */
+   src = fileprefix(fw, "/apple-boot.bin");
+   if (src == NULL)
+   return -1;
+   if (access(src, R_OK) == 0) {
+   if (strlcat(dst, "/m1n1", sizeof(dst)) >= sizeof(dst)) {
+   rslt = -1;
+   warnx("unable to build /m1n1 path");
+   goto cleanup;
+   }
+   if ((stat(dst, ) != 0) || !S_ISDIR(st.st_mode)) {
+   rslt = 0;
+   goto cleanup;
+   }
+   if (strlcat(dst, "/boot.bin", sizeof(dst)) >= sizeof(dst)) {
+   rslt = -1;
+   warnx("unable to build /m1n1/boot.bin path");
+   goto cleanup;
+   }
+   if (verbose)
+   fprintf(stderr, "%s %s to %s\n",
+   (nowrite ? "would copy" : "copying"),
+   src, dst);
+   if (!nowrite)
+   rslt = filecopy(src, dst);
+   if (rslt == -1)
+   goto cleanup;
+   }
+   rslt = 0;
+
+ cleanup:
+   free(src);
+   return rslt;
 }
 
 /*

Re: installboot(8): copy apple-boot to ESP

[Tobias Heider]

On Sat, Nov 19, 2022 at 08:27:18PM +0100, Tobias Heider wrote:
> On Sat, Nov 19, 2022 at 07:25:52PM +0100, Mark Kettenis wrote:
> > > Date: Sat, 19 Nov 2022 18:44:19 +0100
> > > From: Tobias Heider 
> > > 
> > > On Sat, Nov 19, 2022 at 06:33:51PM +0100, Mark Kettenis wrote:
> > > > > Date: Sat, 19 Nov 2022 18:26:36 +0100
> > > > > From: Tobias Heider 
> > > > > 
> > > > > Here is the promised last diff we need to enable Apple M* bootloader 
> > > > > updates.
> > > > > 
> > > > > With this, installboot(8) will pick up apple-boot.bin from the 
> > > > > firmware
> > > > > directory and writes it to $ESP/m1n1/boot.bin if both file and target
> > > > > directory exist.
> > > > > Creation of the m1n1/ directory is expected to happen during the 
> > > > > initial
> > > > > Asahi Linux EFI environment installation so it is safe to assume it is
> > > > > already there when we need it.
> > > > > 
> > > > > Running this on my M2 gives me:
> > > > > 
> > > > > kischt# installboot -v sd0  
> > > > > Using / as root
> > > > > installing bootstrap on /dev/rsd0c
> > > > > using first-stage /usr/mdec/BOOTAA64.EFI
> > > > > copying /etc/firmware/apple-boot.bin to 
> > > > > /tmp/installboot.0JSQ0XrWRB/m1n1/boot.bin
> > > > > copying /usr/mdec/BOOTAA64.EFI to 
> > > > > /tmp/installboot.0JSQ0XrWRB/efi/boot/bootaa64.efi
> > > > > writing /tmp/installboot.0JSQ0XrWRB/efi/boot/startup.nsh
> > > > 
> > > > Hmm...
> > > > 
> > > > > Index: efi_installboot.c
> > > > > ===
> > > > > RCS file: /cvs/src/usr.sbin/installboot/efi_installboot.c,v
> > > > > retrieving revision 1.6
> > > > > diff -u -p -r1.6 efi_installboot.c
> > > > > --- efi_installboot.c 14 Sep 2022 16:43:00 -  1.6
> > > > > +++ efi_installboot.c 19 Nov 2022 16:45:36 -
> > > > > @@ -191,6 +191,7 @@ write_filesystem(struct disklabel *dl, c
> > > > >   struct msdosfs_args args;
> > > > >   char cmd[60];
> > > > >   char dst[PATH_MAX];
> > > > > + struct stat st;
> > > > >   char *src;
> > > > >   size_t mntlen, pathlen, srclen;
> > > > >   int rslt;
> > > > > @@ -245,7 +246,36 @@ write_filesystem(struct disklabel *dl, c
> > > > >   }
> > > > >   }
> > > > >  
> > > > > + /* Copy apple-boot firmware to /m1n1/boot.bin if available */
> > > > > + src = fileprefix(root, "/etc/firmware/apple-boot.bin");
> > > > > + if (src == NULL) {
> > > > > + rslt = -1;
> > > > > + goto umount;
> > > > 
> > > > Doesn't this mean that if /etc/firmware/apple-boot.bin doesn't exist,
> > > > we won't write the OpenBSD bootloader to the filesystem?  That would
> > > > be wrong.
> > > > 
> > > > So I think the Apple "magic" needs to be done at the end of the
> > > > function.
> > > 
> > > That is what I also first thought, but fileprefix() just concats the 
> > > strings
> > > and doesn't actually touch the file system.  This is also why I added my 
> > > own
> > > stat() && S_ISDIR() check below to make sure the directory exists.
> > > 
> > > Wit apple-boot manually deleted I get:
> > > 
> > > kischt# installboot -v sd0
> > > Using / as root
> > > installing bootstrap on /dev/rsd0c
> > > using first-stage /usr/mdec/BOOTAA64.EFI
> > > copying /usr/mdec/BOOTAA64.EFI to 
> > > /tmp/installboot.Tm5s4GRaRT/efi/boot/bootaa64.efi
> > > writing /tmp/installboot.Tm5s4GRaRT/efi/boot/startup.nsh
> > 
> > Hmm, but it will still fail if the /etc/firmware directory doesn't
> > exist under the "root".  Which may be the case if you are using the -r
> > option?
> > 
> 
> Right, regress also trips over this.
> 
> Moving the whole block inside fileprefix() != NULL is not enough since
> that would still print the error message.  We might have to add our own
> check fore $root/etc/firmware, although that duplicates some of the
&g

Re: installboot(8): copy apple-boot to ESP

[Tobias Heider]

On Sat, Nov 19, 2022 at 07:25:52PM +0100, Mark Kettenis wrote:
> > Date: Sat, 19 Nov 2022 18:44:19 +0100
> > From: Tobias Heider 
> > 
> > On Sat, Nov 19, 2022 at 06:33:51PM +0100, Mark Kettenis wrote:
> > > > Date: Sat, 19 Nov 2022 18:26:36 +0100
> > > > From: Tobias Heider 
> > > > 
> > > > Here is the promised last diff we need to enable Apple M* bootloader 
> > > > updates.
> > > > 
> > > > With this, installboot(8) will pick up apple-boot.bin from the firmware
> > > > directory and writes it to $ESP/m1n1/boot.bin if both file and target
> > > > directory exist.
> > > > Creation of the m1n1/ directory is expected to happen during the initial
> > > > Asahi Linux EFI environment installation so it is safe to assume it is
> > > > already there when we need it.
> > > > 
> > > > Running this on my M2 gives me:
> > > > 
> > > > kischt# installboot -v sd0  
> > > > Using / as root
> > > > installing bootstrap on /dev/rsd0c
> > > > using first-stage /usr/mdec/BOOTAA64.EFI
> > > > copying /etc/firmware/apple-boot.bin to 
> > > > /tmp/installboot.0JSQ0XrWRB/m1n1/boot.bin
> > > > copying /usr/mdec/BOOTAA64.EFI to 
> > > > /tmp/installboot.0JSQ0XrWRB/efi/boot/bootaa64.efi
> > > > writing /tmp/installboot.0JSQ0XrWRB/efi/boot/startup.nsh
> > > 
> > > Hmm...
> > > 
> > > > Index: efi_installboot.c
> > > > ===
> > > > RCS file: /cvs/src/usr.sbin/installboot/efi_installboot.c,v
> > > > retrieving revision 1.6
> > > > diff -u -p -r1.6 efi_installboot.c
> > > > --- efi_installboot.c   14 Sep 2022 16:43:00 -  1.6
> > > > +++ efi_installboot.c   19 Nov 2022 16:45:36 -
> > > > @@ -191,6 +191,7 @@ write_filesystem(struct disklabel *dl, c
> > > > struct msdosfs_args args;
> > > > char cmd[60];
> > > > char dst[PATH_MAX];
> > > > +   struct stat st;
> > > > char *src;
> > > > size_t mntlen, pathlen, srclen;
> > > > int rslt;
> > > > @@ -245,7 +246,36 @@ write_filesystem(struct disklabel *dl, c
> > > > }
> > > > }
> > > >  
> > > > +   /* Copy apple-boot firmware to /m1n1/boot.bin if available */
> > > > +   src = fileprefix(root, "/etc/firmware/apple-boot.bin");
> > > > +   if (src == NULL) {
> > > > +   rslt = -1;
> > > > +   goto umount;
> > > 
> > > Doesn't this mean that if /etc/firmware/apple-boot.bin doesn't exist,
> > > we won't write the OpenBSD bootloader to the filesystem?  That would
> > > be wrong.
> > > 
> > > So I think the Apple "magic" needs to be done at the end of the
> > > function.
> > 
> > That is what I also first thought, but fileprefix() just concats the strings
> > and doesn't actually touch the file system.  This is also why I added my own
> > stat() && S_ISDIR() check below to make sure the directory exists.
> > 
> > Wit apple-boot manually deleted I get:
> > 
> > kischt# installboot -v sd0
> > Using / as root
> > installing bootstrap on /dev/rsd0c
> > using first-stage /usr/mdec/BOOTAA64.EFI
> > copying /usr/mdec/BOOTAA64.EFI to 
> > /tmp/installboot.Tm5s4GRaRT/efi/boot/bootaa64.efi
> > writing /tmp/installboot.Tm5s4GRaRT/efi/boot/startup.nsh
> 
> Hmm, but it will still fail if the /etc/firmware directory doesn't
> exist under the "root".  Which may be the case if you are using the -r
> option?
> 

Right, regress also trips over this.

Moving the whole block inside fileprefix() != NULL is not enough since
that would still print the error message.  We might have to add our own
check fore $root/etc/firmware, although that duplicates some of the
code in fileprefix().

Index: efi_installboot.c
===
RCS file: /cvs/src/usr.sbin/installboot/efi_installboot.c,v
retrieving revision 1.7
diff -u -p -r1.7 efi_installboot.c
--- efi_installboot.c   6 Nov 2022 12:33:41 -   1.7
+++ efi_installboot.c   19 Nov 2022 19:19:28 -
@@ -194,6 +194,8 @@ write_filesystem(struct disklabel *dl, c
struct msdosfs_args args;
char cmd[60];
char dst[PATH_MAX];
+   char fw[PATH_MAX];
+   struct stat st;
char *s

Re: installboot(8): copy apple-boot to ESP

[Tobias Heider]

On Sat, Nov 19, 2022 at 06:33:51PM +0100, Mark Kettenis wrote:
> > Date: Sat, 19 Nov 2022 18:26:36 +0100
> > From: Tobias Heider 
> > 
> > Here is the promised last diff we need to enable Apple M* bootloader 
> > updates.
> > 
> > With this, installboot(8) will pick up apple-boot.bin from the firmware
> > directory and writes it to $ESP/m1n1/boot.bin if both file and target
> > directory exist.
> > Creation of the m1n1/ directory is expected to happen during the initial
> > Asahi Linux EFI environment installation so it is safe to assume it is
> > already there when we need it.
> > 
> > Running this on my M2 gives me:
> > 
> > kischt# installboot -v sd0  
> > Using / as root
> > installing bootstrap on /dev/rsd0c
> > using first-stage /usr/mdec/BOOTAA64.EFI
> > copying /etc/firmware/apple-boot.bin to 
> > /tmp/installboot.0JSQ0XrWRB/m1n1/boot.bin
> > copying /usr/mdec/BOOTAA64.EFI to 
> > /tmp/installboot.0JSQ0XrWRB/efi/boot/bootaa64.efi
> > writing /tmp/installboot.0JSQ0XrWRB/efi/boot/startup.nsh
> 
> Hmm...
> 
> > Index: efi_installboot.c
> > ===
> > RCS file: /cvs/src/usr.sbin/installboot/efi_installboot.c,v
> > retrieving revision 1.6
> > diff -u -p -r1.6 efi_installboot.c
> > --- efi_installboot.c   14 Sep 2022 16:43:00 -  1.6
> > +++ efi_installboot.c   19 Nov 2022 16:45:36 -
> > @@ -191,6 +191,7 @@ write_filesystem(struct disklabel *dl, c
> > struct msdosfs_args args;
> > char cmd[60];
> > char dst[PATH_MAX];
> > +   struct stat st;
> > char *src;
> > size_t mntlen, pathlen, srclen;
> > int rslt;
> > @@ -245,7 +246,36 @@ write_filesystem(struct disklabel *dl, c
> > }
> > }
> >  
> > +   /* Copy apple-boot firmware to /m1n1/boot.bin if available */
> > +   src = fileprefix(root, "/etc/firmware/apple-boot.bin");
> > +   if (src == NULL) {
> > +   rslt = -1;
> > +   goto umount;
> 
> Doesn't this mean that if /etc/firmware/apple-boot.bin doesn't exist,
> we won't write the OpenBSD bootloader to the filesystem?  That would
> be wrong.
> 
> So I think the Apple "magic" needs to be done at the end of the
> function.

That is what I also first thought, but fileprefix() just concats the strings
and doesn't actually touch the file system.  This is also why I added my own
stat() && S_ISDIR() check below to make sure the directory exists.

Wit apple-boot manually deleted I get:

kischt# installboot -v sd0
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/BOOTAA64.EFI
copying /usr/mdec/BOOTAA64.EFI to 
/tmp/installboot.Tm5s4GRaRT/efi/boot/bootaa64.efi
writing /tmp/installboot.Tm5s4GRaRT/efi/boot/startup.nsh

> 
> > +   }
> > +   pathlen = strlen(dst);
> > +   if (strlcat(dst, "/m1n1", sizeof(dst)) >= sizeof(dst)) {
> > +   rslt = -1;
> > +   warn("unable to build /m1n1 path");
> > +   goto umount;
> > +   }
> > +   if ((access(src, R_OK) == 0) &&
> > +   (stat(dst, ) == 0) && S_ISDIR(st.st_mode)) {
> > +   if (strlcat(dst, "/boot.bin", sizeof(dst)) >= sizeof(dst)) {
> > +   rslt = -1;
> > +   warn("unable to build /m1n1/boot.bin path");
> > +   goto umount;
> > +   }
> > +   if (verbose)
> > +   fprintf(stderr, "%s %s to %s\n",
> > +   (nowrite ? "would copy" : "copying"), src, dst);
> > +   if (!nowrite)
> > +   rslt = filecopy(src, dst);
> > +   if (rslt == -1)
> > +   goto umount;
> > +   }
> > +
> > /* Create "/efi/boot" directory in .. */
> > +   dst[pathlen] = '\0';
> > if (strlcat(dst, "/efi", sizeof(dst)) >= sizeof(dst)) {
> > rslt = -1;
> > warn("unable to build /efi directory");
> > 
> > 

installboot(8): copy apple-boot to ESP

[Tobias Heider]

Here is the promised last diff we need to enable Apple M* bootloader updates.

With this, installboot(8) will pick up apple-boot.bin from the firmware
directory and writes it to $ESP/m1n1/boot.bin if both file and target
directory exist.
Creation of the m1n1/ directory is expected to happen during the initial
Asahi Linux EFI environment installation so it is safe to assume it is
already there when we need it.

Running this on my M2 gives me:

kischt# installboot -v sd0  
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/BOOTAA64.EFI
copying /etc/firmware/apple-boot.bin to 
/tmp/installboot.0JSQ0XrWRB/m1n1/boot.bin
copying /usr/mdec/BOOTAA64.EFI to 
/tmp/installboot.0JSQ0XrWRB/efi/boot/bootaa64.efi
writing /tmp/installboot.0JSQ0XrWRB/efi/boot/startup.nsh

Index: efi_installboot.c
===
RCS file: /cvs/src/usr.sbin/installboot/efi_installboot.c,v
retrieving revision 1.6
diff -u -p -r1.6 efi_installboot.c
--- efi_installboot.c   14 Sep 2022 16:43:00 -  1.6
+++ efi_installboot.c   19 Nov 2022 16:45:36 -
@@ -191,6 +191,7 @@ write_filesystem(struct disklabel *dl, c
struct msdosfs_args args;
char cmd[60];
char dst[PATH_MAX];
+   struct stat st;
char *src;
size_t mntlen, pathlen, srclen;
int rslt;
@@ -245,7 +246,36 @@ write_filesystem(struct disklabel *dl, c
}
}
 
+   /* Copy apple-boot firmware to /m1n1/boot.bin if available */
+   src = fileprefix(root, "/etc/firmware/apple-boot.bin");
+   if (src == NULL) {
+   rslt = -1;
+   goto umount;
+   }
+   pathlen = strlen(dst);
+   if (strlcat(dst, "/m1n1", sizeof(dst)) >= sizeof(dst)) {
+   rslt = -1;
+   warn("unable to build /m1n1 path");
+   goto umount;
+   }
+   if ((access(src, R_OK) == 0) &&
+   (stat(dst, ) == 0) && S_ISDIR(st.st_mode)) {
+   if (strlcat(dst, "/boot.bin", sizeof(dst)) >= sizeof(dst)) {
+   rslt = -1;
+   warn("unable to build /m1n1/boot.bin path");
+   goto umount;
+   }
+   if (verbose)
+   fprintf(stderr, "%s %s to %s\n",
+   (nowrite ? "would copy" : "copying"), src, dst);
+   if (!nowrite)
+   rslt = filecopy(src, dst);
+   if (rslt == -1)
+   goto umount;
+   }
+
/* Create "/efi/boot" directory in .. */
+   dst[pathlen] = '\0';
if (strlcat(dst, "/efi", sizeof(dst)) >= sizeof(dst)) {
rslt = -1;
warn("unable to build /efi directory");

Help testing Apple M1/M2 bootloader update

[Tobias Heider]

Hi all,

we are working on automated bootloader and device-tree updates for Apple
Silicon machines.  This is necessary because both drivers and device trees
are moving targets and without a way to update both we end up in situations
where drivers suddenly stop working.

All of the fw_update(8) infrastructure is already in place, the only thing
missing is installboot(8) automatically copying the new binary to the EFI
system partition.  Before we enable this for everyone we would like to
gather some test feedback to make sure everything works as expected.

For the following you will need a M1/M2 machine running OpenBSD snapshots
with a new enough Asahi bootloader. The easiest way to test that is to check
that you have a M1N1 subdirectory on your EFI system partition. If you don't,
this won't work for you and you will likely need to reinstall at some point
in the future.

To install and test the new bootloader by hand:

1. sysupgrade to the newest snapshot
2. Make sure fw_update downloaded the new bootloader to 
/etc/firmware/apple-boot.bin
3. Install the firmware to your ESP:
  3.1 Mount your EFI system partition (likely your only MSDOS partition)
  `mount /dev/sd0l /mnt` for me
  3.2 Backup /mnt/M1N1/BOOT.BIN to /mnt/M1N1/BOOT.BIN.old
  (if this does not exist, stop here. Your installation is too old)
  3.3 Copy /etc/firmware/apple-boot.bin to /mnt/M1N1/BOOT.BIN
  3.4 umount /mnt
4. Reboot and be greeted with the new bootloader

In the unlikely case that something went wrong, restore /mnt/M1N1/BOOT.BIN from
your backup. In any case, please let us know how it went.

Cheers,
Tobias

Re: libcrypto: fix leak in BN_mpi2bn()

[Tobias Heider]

On Tue, Nov 08, 2022 at 11:06:43AM -0700, Todd C. Miller wrote:
> On Tue, 08 Nov 2022 18:33:48 +0100, Tobias Heider wrote:
> 
> > If ain == NULL then a points to newly malloced memory which should be
> > freed when BN_bin2bn() fails.
> 
> We don't have an "ain" function argument in LibreSSL so you will
> need a larger diff.  Perhaps something like this (untested).
> 
>  - todd

huh right, mixed them up. Updated diff looks ok to me.

> 
> Index: lib/libcrypto/bn/bn_mpi.c
> ===
> RCS file: /cvs/src/lib/libcrypto/bn/bn_mpi.c,v
> retrieving revision 1.8
> diff -u -p -u -r1.8 bn_mpi.c
> --- lib/libcrypto/bn/bn_mpi.c 29 Jan 2017 17:49:22 -  1.8
> +++ lib/libcrypto/bn/bn_mpi.c 8 Nov 2022 18:03:36 -
> @@ -92,8 +92,9 @@ BN_bn2mpi(const BIGNUM *a, unsigned char
>  }
>  
>  BIGNUM *
> -BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
> +BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
>  {
> + BIGNUM *a = ain;
>   long len;
>   int neg = 0;
>  
> @@ -121,8 +122,11 @@ BN_mpi2bn(const unsigned char *d, int n,
>   d += 4;
>   if ((*d) & 0x80)
>   neg = 1;
> - if (BN_bin2bn(d, (int)len, a) == NULL)
> + if (BN_bin2bn(d, (int)len, a) == NULL) {
> + if (ain == NULL)
> + BN_free(a);
>   return (NULL);
> + }
>   a->neg = neg;
>   if (neg) {
>   BN_clear_bit(a, BN_num_bits(a) - 1);
> 

libcrypto: fix leak in x509_name_ex_d2i()

[Tobias Heider]

nm.a is initialized to NULL until it gets alloced by x509_name_ex_new().
The following 'goto err' should free nm.a before returning.

ok?

Index: asn1/x_name.c
===
RCS file: /cvs/src/lib/libcrypto/asn1/x_name.c,v
retrieving revision 1.37
diff -u -p -r1.37 x_name.c
--- asn1/x_name.c   25 Dec 2021 13:17:48 -  1.37
+++ asn1/x_name.c   8 Nov 2022 17:45:08 -
@@ -340,6 +340,7 @@ x509_name_ex_d2i(ASN1_VALUE **val, const
  err:
if (nm.x != NULL)
X509_NAME_free(nm.x);
+   free(nm.a);
ASN1error(ERR_R_NESTED_ASN1_ERROR);
return 0;
 }

libcrypto: fix leak in BN_mpi2bn()

[Tobias Heider]

If ain == NULL then a points to newly malloced memory which should be
freed when BN_bin2bn() fails.

ok?

Index: bn/bn_mpi.c
===
RCS file: /cvs/src/lib/libcrypto/bn/bn_mpi.c,v
retrieving revision 1.8
diff -u -p -r1.8 bn_mpi.c
--- bn/bn_mpi.c 29 Jan 2017 17:49:22 -  1.8
+++ bn/bn_mpi.c 8 Nov 2022 17:30:33 -
@@ -121,8 +121,11 @@ BN_mpi2bn(const unsigned char *d, int n,
d += 4;
if ((*d) & 0x80)
neg = 1;
-   if (BN_bin2bn(d, (int)len, a) == NULL)
+   if (BN_bin2bn(d, (int)len, a) == NULL) {
+   if (ain == NULL)
+   BN_free(a);
return (NULL);
+   }
a->neg = neg;
if (neg) {
BN_clear_bit(a, BN_num_bits(a) - 1);

libcrypto: leak in DSA_print()

[Tobias Heider]

Same diff as for RSA_print(). Old version leaks when EVP_PKEY_set1_DSA()
fails.

ok?

Index: dsa/dsa_prn.c
===
RCS file: /cvs/src/lib/libcrypto/dsa/dsa_prn.c,v
retrieving revision 1.6
diff -u -p -r1.6 dsa_prn.c
--- dsa/dsa_prn.c   29 Jan 2017 17:49:22 -  1.6
+++ dsa/dsa_prn.c   8 Nov 2022 17:22:08 -
@@ -98,12 +98,16 @@ int
 DSA_print(BIO *bp, const DSA *x, int off)
 {
EVP_PKEY *pk;
-   int ret;
+   int ret = 0;
+
+   if ((pk = EVP_PKEY_new()) == NULL)
+   goto out;
+
+   if (!EVP_PKEY_set1_DSA(pk, (DSA *)x))
+   goto out;
 
-   pk = EVP_PKEY_new();
-   if (!pk || !EVP_PKEY_set1_DSA(pk, (DSA *)x))
-   return 0;
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+ out:
EVP_PKEY_free(pk);
return ret;
 }

libcrypto: leak in RSA_print()

[Tobias Heider]

If EVP_PKEY_set1_RSA() returns 0 we seem leak pk here.

ok?

Index: rsa/rsa_prn.c
===
RCS file: /cvs/src/lib/libcrypto/rsa/rsa_prn.c,v
retrieving revision 1.7
diff -u -p -r1.7 rsa_prn.c
--- rsa/rsa_prn.c   29 Jan 2017 17:49:23 -  1.7
+++ rsa/rsa_prn.c   8 Nov 2022 11:59:28 -
@@ -85,8 +85,10 @@ RSA_print(BIO *bp, const RSA *x, int off
int ret;
 
pk = EVP_PKEY_new();
-   if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+   if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x)) {
+   EVP_PKEY_free(pk);
return 0;
+   }
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
return ret;

Re: wsmouse(4): Apple-like multi-touch buttons

[Tobias Heider]

On Sun, Sep 18, 2022 at 02:21:06PM +0200, Tobias Heider wrote:
> Hi,
> 
> the diff below adds a new mouse type WSMOUSE_TYPE_APPLE which emulates Apples
> touchpad behaviour.  Instead of mapping soft-buttons to an area on the pad,
> the different mouse buttons are mapped to single-finger, two-finger and
> three-finger clicks as is the default in macos.
> 
> The diff enables the new mode on apldcms(4) and aplms(4) which are the drivers
> used by Apple silicon laptops.
> 
> Tested on an m2 air by me and an m1 by robert@.
> 
> ok?

Here's an updated version that does not add a new WSMOUSE_TYPE and as such does
not require any changes in X.  Instead I just pass the button configuration via
params in wsmouse_configure().

To make this work I had to fix a bug in wstpad where the CONFIGURE flag is not
set after initial configuration, which causes all values to be overwritten with
the defaults on each reconfigure triggered from wsmouse_set_params().

diff --git sys/arch/arm64/dev/apldc.c sys/arch/arm64/dev/apldc.c
index 09a03c734da..7962a3c645a 100644
--- sys/arch/arm64/dev/apldc.c
+++ sys/arch/arm64/dev/apldc.c
@@ -1317,6 +1317,11 @@ const struct wsmouse_accessops apldcms_accessops = {
.ioctl = apldcms_ioctl,
 };
 
+static struct wsmouse_param apldcms_params[] = {
+   { WSMOUSECFG_SOFTBUTTONS, 0 },
+   { WSMOUSECFG_MTBUTTONS, 1 },
+};
+
 int apldcms_match(struct device *, void *, void *);
 voidapldcms_attach(struct device *, struct device *, void *);
 
@@ -1372,7 +1377,7 @@ apldcms_configure(struct apldcms_softc *sc)
hw->mt_slots = UBCMTP_MAX_FINGERS;
hw->flags = WSMOUSEHW_MT_TRACKING;
 
-   return wsmouse_configure(sc->sc_wsmousedev, NULL, 0);
+   return wsmouse_configure(sc->sc_wsmousedev, apldcms_params, 2);
 }
 
 void
diff --git sys/arch/arm64/dev/aplhidev.c sys/arch/arm64/dev/aplhidev.c
index 2b00f7e217d..ecfb5b8f4eb 100644
--- sys/arch/arm64/dev/aplhidev.c
+++ sys/arch/arm64/dev/aplhidev.c
@@ -608,6 +608,11 @@ const struct wsmouse_accessops aplms_accessops = {
.ioctl = aplms_ioctl,
 };
 
+static struct wsmouse_param aplms_params[] = {
+   { WSMOUSECFG_SOFTBUTTONS, 0 },
+   { WSMOUSECFG_MTBUTTONS, 1 },
+};
+
 int aplms_match(struct device *, void *, void *);
 voidaplms_attach(struct device *, struct device *, void *);
 
@@ -663,7 +668,7 @@ aplms_configure(struct aplms_softc *sc)
hw->mt_slots = UBCMTP_MAX_FINGERS;
hw->flags = WSMOUSEHW_MT_TRACKING;
 
-   return wsmouse_configure(sc->sc_wsmousedev, NULL, 0);
+   return wsmouse_configure(sc->sc_wsmousedev, aplms_params, 2);
 }
 
 void
diff --git sys/dev/wscons/wsconsio.h sys/dev/wscons/wsconsio.h
index de483493360..497e9a32db7 100644
--- sys/dev/wscons/wsconsio.h
+++ sys/dev/wscons/wsconsio.h
@@ -313,6 +313,7 @@ enum wsmousecfg {
WSMOUSECFG_SOFTBUTTONS = 64,/* 2 soft-buttons at the bottom edge */
WSMOUSECFG_SOFTMBTN,/* add a middle-button area */
WSMOUSECFG_TOPBUTTONS,  /* 3 soft-buttons at the top edge */
+   WSMOUSECFG_MTBUTTONS,   /* multi-finger buttons */
WSMOUSECFG_TWOFINGERSCROLL, /* enable two-finger scrolling */
WSMOUSECFG_EDGESCROLL,  /* enable edge scrolling */
WSMOUSECFG_HORIZSCROLL, /* enable horizontal edge scrolling */
diff --git sys/dev/wscons/wstpad.c sys/dev/wscons/wstpad.c
index be074b89fb8..4384370545e 100644
--- sys/dev/wscons/wstpad.c
+++ sys/dev/wscons/wstpad.c
@@ -72,6 +72,7 @@
 enum tpad_handlers {
SOFTBUTTON_HDLR,
TOPBUTTON_HDLR,
+   MTBUTTON_HDLR,
TAP_HDLR,
F2SCROLL_HDLR,
EDGESCROLL_HDLR,
@@ -149,6 +150,7 @@ struct tpad_touch {
 #define WSTPAD_HORIZSCROLL (1 << 5)
 #define WSTPAD_SWAPSIDES   (1 << 6)
 #define WSTPAD_DISABLE (1 << 7)
+#define WSTPAD_MTBUTTONS   (1 << 8)
 
 #define WSTPAD_MT  (1 << 31)
 
@@ -646,7 +648,23 @@ wstpad_softbuttons(struct wsmouseinput *input, u_int 
*cmds, int hdlr)
}
 
if (tp->softbutton == 0 && PRIMARYBTN_CLICKED(tp)) {
-   tp->softbutton = wstpad_get_sbtn(input, top);
+   if (hdlr == MTBUTTON_HDLR) {
+   switch (tp->contacts) {
+   case 2:
+   tp->softbutton = RIGHTBTN;
+   break;
+   case 3:
+   tp->softbutton = MIDDLEBTN;
+   break;
+   case 1:
+   tp->softbutton = LEFTBTN;
+   break;
+   default:
+   tp->softbutton = 0;
+   break;
+   }
+   } else
+   tp->softbutton = wstpad_get_sbtn(input, to

wsmouse(4): Apple-like multi-touch buttons

[Tobias Heider]

Hi,

the diff below adds a new mouse type WSMOUSE_TYPE_APPLE which emulates Apples
touchpad behaviour.  Instead of mapping soft-buttons to an area on the pad,
the different mouse buttons are mapped to single-finger, two-finger and
three-finger clicks as is the default in macos.

The diff enables the new mode on apldcms(4) and aplms(4) which are the drivers
used by Apple silicon laptops.

Tested on an m2 air by me and an m1 by robert@.

ok?

diff --git sys/arch/arm64/dev/apldc.c sys/arch/arm64/dev/apldc.c
index 09a03c734da..f261c19b13b 100644
--- sys/arch/arm64/dev/apldc.c
+++ sys/arch/arm64/dev/apldc.c
@@ -1363,7 +1363,7 @@ apldcms_configure(struct apldcms_softc *sc)
struct wsmousehw *hw = wsmouse_get_hw(sc->sc_wsmousedev);
 
/* The values below are for the MacBookPro17,1 */
-   hw->type = WSMOUSE_TYPE_TOUCHPAD;
+   hw->type = WSMOUSE_TYPE_APPLE;
hw->hw_type = WSMOUSEHW_CLICKPAD;
hw->x_min = -6046;
hw->x_max = 6536;
diff --git sys/arch/arm64/dev/aplhidev.c sys/arch/arm64/dev/aplhidev.c
index 2b00f7e217d..290520e85cb 100644
--- sys/arch/arm64/dev/aplhidev.c
+++ sys/arch/arm64/dev/aplhidev.c
@@ -654,7 +654,7 @@ aplms_configure(struct aplms_softc *sc)
struct wsmousehw *hw = wsmouse_get_hw(sc->sc_wsmousedev);
 
/* The values below are for the MacBookPro17,1 */
-   hw->type = WSMOUSE_TYPE_TOUCHPAD;
+   hw->type = WSMOUSE_TYPE_APPLE;
hw->hw_type = WSMOUSEHW_CLICKPAD;
hw->x_min = -6046;
hw->x_max = 6536;
diff --git sys/dev/wscons/wsconsio.h sys/dev/wscons/wsconsio.h
index de483493360..67b46da8d1f 100644
--- sys/dev/wscons/wsconsio.h
+++ sys/dev/wscons/wsconsio.h
@@ -245,6 +245,7 @@ struct wskbd_encoding_data {
 #defineWSMOUSE_TYPE_ELANTECH   18  /* Elantech touchpad */
 #defineWSMOUSE_TYPE_SYNAP_SBTN 19  /* Synaptics soft 
buttons */
 #defineWSMOUSE_TYPE_TOUCHPAD   20  /* Generic touchpad */
+#defineWSMOUSE_TYPE_APPLE  21  /* Apple touchpad */
 
 /* Set resolution.  Not applicable to all mouse types. */
 #defineWSMOUSEIO_SRES  _IOW('W', 33, u_int)
@@ -313,6 +314,7 @@ enum wsmousecfg {
WSMOUSECFG_SOFTBUTTONS = 64,/* 2 soft-buttons at the bottom edge */
WSMOUSECFG_SOFTMBTN,/* add a middle-button area */
WSMOUSECFG_TOPBUTTONS,  /* 3 soft-buttons at the top edge */
+   WSMOUSECFG_MTBUTTONS,   /* multi-finger buttons */
WSMOUSECFG_TWOFINGERSCROLL, /* enable two-finger scrolling */
WSMOUSECFG_EDGESCROLL,  /* enable edge scrolling */
WSMOUSECFG_HORIZSCROLL, /* enable horizontal edge scrolling */
diff --git sys/dev/wscons/wstpad.c sys/dev/wscons/wstpad.c
index be074b89fb8..9a74fa65908 100644
--- sys/dev/wscons/wstpad.c
+++ sys/dev/wscons/wstpad.c
@@ -72,6 +72,7 @@
 enum tpad_handlers {
SOFTBUTTON_HDLR,
TOPBUTTON_HDLR,
+   MTBUTTON_HDLR,
TAP_HDLR,
F2SCROLL_HDLR,
EDGESCROLL_HDLR,
@@ -149,6 +150,7 @@ struct tpad_touch {
 #define WSTPAD_HORIZSCROLL (1 << 5)
 #define WSTPAD_SWAPSIDES   (1 << 6)
 #define WSTPAD_DISABLE (1 << 7)
+#define WSTPAD_MTBUTTONS   (1 << 8)
 
 #define WSTPAD_MT  (1 << 31)
 
@@ -646,7 +648,23 @@ wstpad_softbuttons(struct wsmouseinput *input, u_int 
*cmds, int hdlr)
}
 
if (tp->softbutton == 0 && PRIMARYBTN_CLICKED(tp)) {
-   tp->softbutton = wstpad_get_sbtn(input, top);
+   if (hdlr == MTBUTTON_HDLR) {
+   switch (tp->contacts) {
+   case 2:
+   tp->softbutton = RIGHTBTN;
+   break;
+   case 3:
+   tp->softbutton = MIDDLEBTN;
+   break;
+   case 1:
+   tp->softbutton = LEFTBTN;
+   break;
+   default:
+   tp->softbutton = 0;
+   break;
+   }
+   } else
+   tp->softbutton = wstpad_get_sbtn(input, top);
if (tp->softbutton)
*cmds |= 1 << SOFTBUTTON_DOWN;
}
@@ -1237,12 +1255,14 @@ wstpad_process_input(struct wsmouseinput *input, struct 
evq_access *evq)
cmds = 0;
handlers = tp->handlers;
if (DISABLE(tp))
-   handlers &= ((1 << TOPBUTTON_HDLR) | (1 << SOFTBUTTON_HDLR));
+   handlers &= ((1 << TOPBUTTON_HDLR) | (1 << SOFTBUTTON_HDLR) |
+   (1 << MTBUTTON_HDLR));
 
FOREACHBIT(handlers, hdlr) {
switch (hdlr) {
case SOFTBUTTON_HDLR:
case TOPBUTTON_HDLR:
+   case MTBUTTON_HDLR:
wstpad_softbuttons(input, , hdlr);

gpiobl(4): enable/disable screen backlight on apple silicon laptops

[Tobias Heider]

Hi,

below is a diff for a new driver to control the screen backlight on
Apple Silicon laptops via 'gpio-backlight'.  This allows disabling the
screen via wsconsctl or hotkeys once they are hooked up.
The task is needed because aplsmc(4) sleeps in aplsmc_set_pin() which
crashes when called via hotkey.

ok?

diff --git sys/arch/arm64/conf/GENERIC sys/arch/arm64/conf/GENERIC
index bc88d2c9a59..c4a80a84de6 100644
--- sys/arch/arm64/conf/GENERIC
+++ sys/arch/arm64/conf/GENERIC
@@ -138,6 +138,7 @@ amdgpu* at pci?
 drm*   at amdgpu?
 wsdisplay* at amdgpu?
 
+gpiobl*at fdt?
 gpiocharger*   at fdt?
 gpiokeys*  at fdt?
 gpioleds*  at fdt?
diff --git sys/dev/fdt/files.fdt sys/dev/fdt/files.fdt
index 6a721edfa3e..3bf3ca4f26e 100644
--- sys/dev/fdt/files.fdt
+++ sys/dev/fdt/files.fdt
@@ -601,6 +601,10 @@ device dapmic
 attach dapmic at i2c
 file   dev/fdt/dapmic.cdapmic
 
+device gpiobl
+attach gpiobl at fdt
+file   dev/fdt/gpiobl.cgpiobl
+
 device gpiocharger
 attach gpiocharger at fdt
 file   dev/fdt/gpiocharger.c   gpiocharger
diff --git sys/dev/fdt/gpiobl.c sys/dev/fdt/gpiobl.c
new file mode 100644
index 000..f9774df20f2
--- /dev/null
+++ sys/dev/fdt/gpiobl.c
@@ -0,0 +1,127 @@
+/* $OpenBSD$   */
+/*
+ * Copyright (c) 2022 Tobias Heider 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+
+struct gpiobl_softc {
+   struct device   sc_dev;
+   int sc_on;
+   uint32_tsc_gpio[3];
+   struct task sc_task;
+};
+
+struct gpiobl_softc *sc_gpiobl;
+
+intgpiobl_match(struct device *, void *, void *);
+void   gpiobl_attach(struct device *, struct device *, void *);
+
+const struct cfattach gpiobl_ca = {
+   sizeof(struct gpiobl_softc), gpiobl_match, gpiobl_attach
+};
+
+struct cfdriver gpiobl_cd = {
+   NULL, "gpiobl", DV_DULL
+};
+
+void gpiobl_task(void *);
+int gpiobl_get_param(struct wsdisplay_param *);
+int gpiobl_set_param(struct wsdisplay_param *);
+
+int
+gpiobl_match(struct device *parent, void *match, void *aux)
+{
+   struct fdt_attach_args *faa = aux;
+
+   return OF_is_compatible(faa->fa_node, "gpio-backlight");
+}
+
+
+void
+gpiobl_attach(struct device *parent, struct device *self, void *aux)
+{
+   struct gpiobl_softc *sc = (struct gpiobl_softc *)self;
+   struct fdt_attach_args *faa = aux;
+   size_t len;
+
+   len = OF_getproplen(faa->fa_node, "gpios");
+   if (len <= 0)
+   return;
+   OF_getpropintarray(faa->fa_node, "gpios", sc->sc_gpio, len);
+   gpio_controller_config_pin(sc->sc_gpio, GPIO_CONFIG_OUTPUT);
+
+   sc->sc_on = OF_getpropbool(faa->fa_node, "default-on");
+   sc_gpiobl = sc;
+
+   task_set(>sc_task, gpiobl_task, sc);
+   ws_get_param = gpiobl_get_param;
+   ws_set_param = gpiobl_set_param;
+   printf("\n");
+}
+
+void
+gpiobl_task(void *args)
+{
+   struct gpiobl_softc *sc = args;
+   gpio_controller_set_pin(>sc_gpio[0], sc->sc_on);
+}
+
+int
+gpiobl_get_param(struct wsdisplay_param *dp)
+{
+   struct gpiobl_softc *sc = (struct gpiobl_softc *)sc_gpiobl;
+
+   switch (dp->param) {
+   case WSDISPLAYIO_PARAM_BRIGHTNESS:
+   dp->min = 0;
+   dp->max = 1;
+   dp->curval = sc->sc_on;
+   return 0;
+   default:
+   return -1;
+   }
+}
+
+int
+gpiobl_set_param(struct wsdisplay_param *dp)
+{
+   struct gpiobl_softc *sc = (struct gpiobl_softc *)sc_gpiobl;
+
+   switch (dp->param) {
+   case WSDISPLAYIO_PARAM_BRIGHTNESS:
+   if (dp->curval == sc->sc_on)
+   return 0;
+   sc->sc_on = !sc->sc_on;
+   task_add(systq, >sc_task);
+   return 0;
+   default:
+   return -1;
+   }
+}

Re: apldckbd(4): add fn key combose for Page Up/Down

[Tobias Heider]

On Wed, Sep 14, 2022 at 11:56:48AM +, Miod Vallat wrote:
> > Hey,
> > 
> > the diff below adds FN key combos for Page Up, Page Down and some more
> > on the M2 keyboard.  Most of the logic was copied from ukbd.
> 
> This means most of the munging logic should move from ukbd into hidkbd,
> but that can be done later.

Right, that was also my idea. For now I'd be happy to have them working
at all.

> 
> If you don't want to do this yet, you need to address two points:
> - the result of the hid_locate() call should be checked.
> - because of this, invocation of apldckbd_munge() should only happen if
>   that call had succeeded.
> 

Updated diff below.

diff --git a/sys/arch/arm64/dev/apldc.c b/sys/arch/arm64/dev/apldc.c
index 1db551988e6..0ffac192b3f 100644
--- a/sys/arch/arm64/dev/apldc.c
+++ b/sys/arch/arm64/dev/apldc.c
@@ -1066,6 +1066,22 @@ struct apldckbd_softc {
struct apldchidev_softc *sc_hidev;
struct hidkbd   sc_kbd;
int sc_spl;
+   struct hid_location sc_fn;
+   int sc_has_fn;
+};
+
+struct apldckbd_translation {
+   uint8_t original;
+   uint8_t translation;
+};
+
+static const struct apldckbd_translation apldckbd_trans_table[] = {
+   { 40, 73 }, /* return -> insert */
+   { 42, 76 }, /* backspace -> delete */
+   { 79, 77 }, /* right -> end */
+   { 80, 74 }, /* left -> home */
+   { 81, 78 }, /* down -> page down */
+   { 82, 75 }  /* up -> page up */
 };
 
 void   apldckbd_cngetc(void *, u_int *, int *);
@@ -1122,6 +1138,9 @@ apldckbd_attach(struct device *parent, struct device 
*self, void *aux)
 
printf("\n");
 
+   sc->sc_has_fn = hid_locate(aa->aa_desc, aa->aa_desclen,
+   HID_USAGE2(HUP_APPLE, HUG_FN_KEY), 1, hid_input, >sc_fn, NULL);
+
if (kbd->sc_console_keyboard) {
extern struct wskbd_mapdata ukbd_keymapdata;
 
@@ -1133,14 +1152,41 @@ apldckbd_attach(struct device *parent, struct device 
*self, void *aux)
hidkbd_attach_wskbd(kbd, KB_US | KB_DEFAULT, _accessops);
 }
 
+void
+apldckbd_munge(void *v, uint8_t *ibuf, size_t ilen)
+{
+   struct apldckbd_softc *sc = v;
+   struct hidkbd *kbd = >sc_kbd;
+   uint8_t *pos, *spos, *epos;
+   const struct apldckbd_translation *tbl;
+   size_t tsize;
+
+   if (!hid_get_data(ibuf, ilen, >sc_fn))
+   return;
+
+   spos = ibuf + kbd->sc_keycodeloc.pos / 8;
+   epos = spos + kbd->sc_nkeycode;
+
+   for (pos = spos; pos != epos; pos++) {
+   tbl = apldckbd_trans_table;
+   tsize = nitems(apldckbd_trans_table);
+   for (; tsize != 0; tbl++, tsize--)
+   if (tbl->original == *pos)
+   *pos = tbl->translation;
+   }
+}
+
 void
 apldckbd_intr(struct device *self, uint8_t *packet, size_t packetlen)
 {
struct apldckbd_softc *sc = (struct apldckbd_softc *)self;
struct hidkbd *kbd = >sc_kbd;
 
-   if (kbd->sc_enabled)
+   if (kbd->sc_enabled) {
+   if (sc->sc_has_fn)
+   apldckbd_munge(sc, [1], packetlen - 1);
hidkbd_input(kbd, [1], packetlen - 1);
+   }
 }
 
 int
-- 
2.37.2

apldckbd(4): add fn key combose for Page Up/Down

[Tobias Heider]

Hey,

the diff below adds FN key combos for Page Up, Page Down and some more
on the M2 keyboard.  Most of the logic was copied from ukbd.
This makes scrolling tmux a lot more fun.

ok?

diff --git a/sys/arch/arm64/dev/apldc.c b/sys/arch/arm64/dev/apldc.c
index 82a17df59b5..a4db46d8a92 100644
--- a/sys/arch/arm64/dev/apldc.c
+++ b/sys/arch/arm64/dev/apldc.c
@@ -1066,6 +1066,21 @@ struct apldckbd_softc {
struct apldchidev_softc *sc_hidev;
struct hidkbd   sc_kbd;
int sc_spl;
+   struct hid_location sc_fn;
+};
+
+struct apldckbd_translation {
+   uint8_t original;
+   uint8_t translation;
+};
+
+static const struct apldckbd_translation apldckbd_trans_table[] = {
+   { 40, 73 }, /* return -> insert */
+   { 42, 76 }, /* backspace -> delete */
+   { 79, 77 }, /* right -> end */
+   { 80, 74 }, /* left -> home */
+   { 81, 78 }, /* down -> page down */
+   { 82, 75 }  /* up -> page up */
 };
 
 void   apldckbd_cngetc(void *, u_int *, int *);
@@ -1122,6 +1137,9 @@ apldckbd_attach(struct device *parent, struct device 
*self, void *aux)
 
printf("\n");
 
+   hid_locate(aa->aa_desc, aa->aa_desclen, HID_USAGE2(HUP_APPLE, 
HUG_FN_KEY),
+   1, hid_input, >sc_fn, NULL);
+
if (kbd->sc_console_keyboard) {
extern struct wskbd_mapdata ukbd_keymapdata;
 
@@ -1133,14 +1151,40 @@ apldckbd_attach(struct device *parent, struct device 
*self, void *aux)
hidkbd_attach_wskbd(kbd, KB_US | KB_DEFAULT, _accessops);
 }
 
+void
+apldckbd_munge(void *v, uint8_t *ibuf, size_t ilen)
+{
+   struct apldckbd_softc *sc = v;
+   struct hidkbd *kbd = >sc_kbd;
+   uint8_t *pos, *spos, *epos;
+   const struct apldckbd_translation *tbl;
+   size_t tsize;
+
+   if (!hid_get_data(ibuf, ilen, >sc_fn))
+   return;
+
+   spos = ibuf + kbd->sc_keycodeloc.pos / 8;
+   epos = spos + kbd->sc_nkeycode;
+
+   for (pos = spos; pos != epos; pos++) {
+   tbl = apldckbd_trans_table;
+   tsize = nitems(apldckbd_trans_table);
+   for (; tsize != 0; tbl++, tsize--)
+   if (tbl->original == *pos)
+   *pos = tbl->translation;
+   }
+}
+
 void
 apldckbd_intr(struct device *self, uint8_t *packet, size_t packetlen)
 {
struct apldckbd_softc *sc = (struct apldckbd_softc *)self;
struct hidkbd *kbd = >sc_kbd;
 
-   if (kbd->sc_enabled)
+   if (kbd->sc_enabled) {
+   apldckbd_munge(sc, [1], packetlen - 1);
hidkbd_input(kbd, [1], packetlen - 1);
+   }
 }
 
 int
-- 
2.37.3

iked: generate stronger ECDSA keys by default

[Tobias Heider]

Hi,

we currently generate one pair of 2048 bit RSA keys for isakmpd and iked by
default on new installations.  In 2022 this seems a little outdated and iked
has had proper support for EC keys for quite some time now, so I propose we
switch to P-256 ECDSA keys by default.   

It looks like isakmpd does not support ECDSA, so we will have to generate
a separate pair of keys for iked.  I think we should also consider updating
the isakmpd keys to RSA 4096 but I don't have a test setup to see if this
would cause any interop problems.

ok?

diff --git a/etc/rc b/etc/rc
index 480e55f07c4..5528e888396 100644
--- a/etc/rc
+++ b/etc/rc
@@ -139,7 +139,7 @@ make_keys() {
local _iked_pub=/etc/iked/local.pub
 
if [[ ! -f $_isakmpd_key ]]; then
-   echo -n "openssl: generating isakmpd/iked RSA keys... "
+   echo -n "openssl: generating isakmpd RSA keys... "
if openssl genrsa -out $_isakmpd_key 2048 >/dev/null 2>&1 &&
chmod 600 $_isakmpd_key &&
openssl rsa -out $_isakmpd_pub -in $_isakmpd_key \
@@ -151,10 +151,15 @@ make_keys() {
fi
 
if [[ ! -f $_iked_key ]]; then
-   # Just copy the generated isakmpd key
-   cp $_isakmpd_key $_iked_key
-   chmod 600 $_iked_key
-   cp $_isakmpd_pub $_iked_pub
+   echo -n "openssl: generating iked ECDSA keys... "
+   if openssl ecparam -genkey -name prime256v1 -out $_iked_key 
>/dev/null 2>&1 &&
+   chmod 600 $_iked_key &&
+   openssl ec -out $_iked_pub -in $_iked_key \
+   -pubout >/dev/null 2>&1; then
+   echo done.
+   else
+   echo failed.
+   fi
fi
 
ssh-keygen -A

Re: Bug in iked

[Tobias Heider]

On Wed, Jun 22, 2022 at 01:02:17PM +, Sibar Soumi wrote:
> Dear OpenBSD developers
> 
>  
> 
> I would like to report an error in iked.
> 
>  
> 
> The error occurs with the processing logic in case of simultaneous Child SA 
> rekeying. That is, by simultaneous rekeying, two Child SAs are created and 
> “the SA created with the lowest of the four nonces used in the two exchanges 
> SHOULD be closed by the endpoint that created it” (RFC7296 section 2.8.1).
> 
>  
> 
> This decision is made in the iked implementation in ikev2.c in the if block 
> from L4390 
> 
>   until L4407 
> 
>  .
> 
>  
> 
> But nr is not set to the minimum nonce for exchange initiated by peer but by 
> us, and ni which comes from sa->sa_simulat is already set to the minimum 
> nonce for exchange initiated by peer.
> 
>  
> 
> Therefore, the comment in line 4393 shall be corrected and the comparison in 
> line 4402 shall be “ikev2_nonce_cmp(nr, ni) < 0” instead of 
> “ikev2_nonce_cmp(ni, nr) < 0” because the SA that has just been created by us 
> shall be deleted, if nr 
>  
> 
> Best regards
> 
>  
> 
>  
> 
> Sibar Soumi
> 
> Software Developer
> 
>  
> 
> achelos GmbH | Vattmannstraße 1 | 33100 Paderborn | GERMANY 
> 
> sibar.so...@achelos.de   | www.achelos.de 
>   | www.iot.achelos.com 
>   | Follow us: LinkedIn 
>   | XING 
>    | YouTube 
>  
> 
>  
> 
> Die achelos GmbH ist nach ISO 9001 und ISO 27001 zertifiziert. | achelos GmbH 
> is certified according to ISO 9001 and ISO 27001.
> 
> Geschäftsführung | Executive Board: Kathrin Asmuth, Thomas Freitag
> 
> Registergericht | register court: Paderborn, HRB 8817 | USt-IdNr. | VAT ID 
> number: DE260414872
> 
>  
> 
> Diese Mitteilung ist vertraulich. Wenn Sie nicht der beabsichtigte Empfänger 
> sind, ist jegliche Verwendung, Beeinträchtigung, 
> 
> Offenlegung oder Vervielfältigung dieses Materials unautorisiert und 
> verboten. Bitte informieren Sie uns umgehend und 
> 
> vernichten Sie die E-Mail. | This communication is confidential. If you are 
> not the intended recipient, any use, interference with, 
> 
> disclosure or copying of this material is unauthorised and prohibited. Please 
> inform us immediately and destroy the email.
> 

Hi Sibar,

thanks for the report!
It looks like you are right, the current comparison is indeed wrong.
I think the best fix would be to switch ni and nr, which I think was the
original intention here. ni should be the nonce for the exchange where
we are initiator, nr is where we are responder.
RFC7296 says that when our nonce < peer nonce we delete our simultaneously
proposed child SA, so this should fix the comparsion below at

4402 if (ikev2_nonce_cmp(ni, nr) < 0) {
4403 ret = ikev2_childsa_delete_proposed(env, sa,
4404 >sa_proposals);

Below is my proposed fix.

ok?

Index: ikev2.c
===
RCS file: /cvs/src/sbin/iked/ikev2.c,v
retrieving revision 1.347
diff -u -p -r1.347 ikev2.c
--- ikev2.c 28 May 2022 18:51:16 -  1.347
+++ ikev2.c 3 Jul 2022 12:20:33 -
@@ -4387,14 +4387,14 @@ ikev2_init_create_child_sa(struct iked *
sa->sa_rnonce = msg->msg_nonce;
msg->msg_nonce = NULL;
 
-   if (csa && (ni = sa->sa_simult) != NULL) {
+   if (csa && (nr = sa->sa_simult) != NULL) {
log_info("%s: resolving simultaneous CHILD SA rekeying",
SPI_SA(sa, __func__));
-   /* set nr to minimum nonce for exchange initiated by peer */
+   /* set ni to minimum nonce for exchange initiated by us */
if (ikev2_nonce_cmp(sa->sa_inonce, sa->sa_rnonce) < 0)
-   nr = sa->sa_inonce;
+   ni = sa->sa_inonce;
else
-   nr = sa->sa_rnonce;
+   ni = sa->sa_rnonce;
/*
 * If the exchange initated by us has smaller nonce,
 * then we have to delete our SAs.

Re: Possible segfault in iked

[Tobias Heider]

On Sat, May 28, 2022 at 03:17:07PM +0200, Gerhard Roth wrote:
> Hi,
> 
> since there's a 'sa_free(sa)' followed by a 'continue' a few lines down
> from the RB_FOREACH(), we must use RB_FOREACH_SAFE() instead.
> 
> Gerhard

ok tobhe@

> 
> 
> Index: sbin/iked/ikev2.c
> ===
> RCS file: /cvs/src/sbin/iked/ikev2.c,v
> retrieving revision 1.346
> diff -u -p -C6 -u -p -r1.346 ikev2.c
> --- sbin/iked/ikev2.c 14 Mar 2022 12:58:55 -  1.346
> +++ sbin/iked/ikev2.c 28 May 2022 13:08:29 -
> @@ -223,13 +223,13 @@ ikev2_shutdown(struct privsep_proc *p)
>  }
>  
>  int
>  ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg)
>  {
>   struct iked *env = p->p_env;
> - struct iked_sa  *sa;
> + struct iked_sa  *sa, *satmp;
>   struct iked_policy  *pol, *old;
>  
>   switch (imsg->hdr.type) {
>   case IMSG_CTL_RESET:
>   return (config_getreset(env, imsg));
>   case IMSG_CTL_COUPLE:
> @@ -242,13 +242,13 @@ ikev2_dispatch_parent(int fd, struct pri
>   timer_del(env, >sc_inittmr);
>   TAILQ_FOREACH(pol, >sc_policies, pol_entry) {
>   if (policy_generate_ts(pol) == -1)
>   fatalx("%s: too many traffic selectors", 
> __func__);
>   }
>   /* Find new policies for dangling SAs */
> - RB_FOREACH(sa, iked_sas, >sc_sas) {
> + RB_FOREACH_SAFE(sa, iked_sas, >sc_sas, satmp) {
>   if (sa->sa_state != IKEV2_STATE_ESTABLISHED) {
>   sa_state(env, sa, IKEV2_STATE_CLOSING);
>   ikev2_ike_sa_setreason(sa, "reload");
>   sa_free(env, sa);
>   continue;
>   }
> 

OpenIKED 7.1 released

[Tobias Heider]

We have released OpenIKED 7.1, which will be arriving in the
OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  * Added 'ikectl show certinfo' command to print loaded CAs and certificates

  * Improved IKEv2 Message Fragmentation with more reliable retransmission logic

  * Take "Destination ID" payload into consideration when matching policy for
incoming handshake to allow finer control over flow configuration

  * Changed the "proto" config field to optionally accept a list of protocols

  * Added support for using AppArmor to limit process privileges on Linux.

  * Hardened default build flags

  * Fixed a bug where authentication via local certificates did not work
as intended

  * Fixed handshake proposal matching bug

  * Fixed a bug where alive timer was not reset on config reloading

  * Fixed a bug where iked sent zero-prefixed NAT-T messages on port 500
causing parsing errors.

  * Fixed several memory leaks

  * Added a new portable regression test

OpenIKED is known to compile and run on FreeBSD, NetBSD, macOS
and the Linux distributions Arch, Debian, Fedora and Ubuntu.

It is our hope that packagers take interest and help adapt
OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at
https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED
directory.

General bugs may be reported to b...@openbsd.org. Portable bugs
may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.

Re: iked problems with Apple clients in 7.1

[Tobias Heider]

On Sat, May 21, 2022 at 12:51:19PM +0100, Stuart Henderson wrote:
> On 2022/05/21 13:44, Tobias Heider wrote:
> > On Fri, May 20, 2022 at 03:41:12PM +0100, Stuart Henderson wrote:
> > > I ran into problems with Apple clients failing to connect to
> > > iked after updating a machine to 7.1, introduced by
> > > https://github.com/openbsd/src/commit/e3f5cf2ee26929d75dc2df9e86d97c36b2a94268
> > > 
> > > spi=0xac3d46687441f957: recv IKE_SA_INIT req 0 peer rrr.rrr.rrr.rr:49436 
> > > local lll.ll.lll.lll:500, 308 bytes, policy 'default'
> > > spi=0xac3d46687441f957: send IKE_SA_INIT res 0 peer rrr.rrr.rrr.rr:49436 
> > > local lll.ll.lll.lll:500, 341 bytes
> > > spi=0xac3d46687441f957: recv IKE_AUTH req 1 peer rrr.rrr.rrr.rr:64892 
> > > local lll.ll.lll.lll:4500, 368 bytes, policy 'default'
> > > policy_test: localid mismatch
> > > spi=0xac3d46687441f957: ikev2_ike_auth_recv: no compatible policy found
> > > spi=0xac3d46687441f957: ikev2_send_auth_failed: authentication failed for
> > > spi=0xac3d46687441f957: send IKE_AUTH res 1 peer rrr.rrr.rrr.rr:64892 
> > > local lll.ll.lll.lll:4500, 80 bytes, NAT-T
> > > spi=0xac3d46687441f957: sa_free: authentication failed
> > > 
> > > I don't have full details of config done on the other side nor any
> > > fruit-based phones to test from myself, did anyone already run into this
> > > and figure out a way around it?
> > 
> > Hey Stuart,
> > 
> > I haven't seen this before but I have a theory.
> > Based on the commit you pointed out the problem is probably the
> > `dstid kk.kkk.kkk.kkk` line which was ignored before this change.
> > 
> > This should be easy to check without access to the other device if
> > you enable verbose logging on your server and look for "ikev2_pld_id"
> > above the error. I suspect that the ID sent by your apple peer might
> > actually be a different one than kk.kkk.kkk.kkk.
> > 
> > Another thing you could try is just removing the dstid part and see
> > if that works.
> 
> Oh sorry I wasn't clear about which one the apple was using - the one with
> "kk.kkk.kkk.kkk" is a lan-to-lan configuration (fixed IP on both endpoints) -
> the apple is expected to be using the first "from 0.0.0.0/0 to dynamic" one
> which doesn't have any dstid set, and that's the only one where the IP 
> matches.

Oh, makes sense.  I think it may still be related to the IDs, so checking if
ikev2_pld_id matches what you expect for srcid might be a good start.
Maybe the apple client is sending something different than 
""
in their dstid.

If this doesn't help we could try adding a few printfs to see why the policy
fails to match.

> 
> 
> > > 
> > > I'm currently running code backed out to "cvs up -D'2021/11/26 15:00'"
> > > as a workaround.  My config looks like
> > > 
> > > -
> > > set fragmentation
> > > 
> > > ikev2 "default" passive esp from 0.0.0.0/0 to dynamic \
> > >  \
> > >   local lll.ll.lll.lll \
> > >   peer any \
> > >  \
> > >   ikesa enc aes-128-gcm group curve25519 group ecp521 group ecp256 group 
> > > modp2048 \
> > >   ikesa enc aes-128 enc aes-256 auth hmac-sha2-256 auth hmac-sha1 group 
> > > curve25519 group ecp521 group ecp256 group modp2048 group modp1024 \
> > >  \
> > >   childsa enc aes-128-gcm group curve25519 group ecp521 group ecp256 
> > > group modp2048 \
> > >   childsa enc aes-128 enc aes-256 auth hmac-sha2-256 auth hmac-sha1 group 
> > > curve25519 group ecp521 group ecp256 group modp2048 group modp1024 \
> > >  \
> > >   childsa enc aes-128 enc aes-256 auth hmac-sha2-256 auth hmac-sha1 \
> > >  \
> > >   srcid "" \
> > >   lifetime 3h bytes 5G \
> > >   eap "mschap-v2" \
> > >   config address ttt.ttt.tt.ttt/26 \
> > >   config name-server lll.ll.lll.aa \
> > >   config name-server lll.ll.lll.bb \
> > >   tag "$name-$id"
> > > 
> > > ikev2 "keysim" active tunnel esp from 0.0.0.0/0 to 100.70.76.0/22 \
> > >   local lll.ll.lll.lll peer kk.kkk.kkk.kkk \
> > >   ikesa auth hmac-sha2-256 enc aes-256 group modp3072 \
> > >   childsa auth hmac-sha2-256 enc aes-256 group modp3072 \
> > >   srcid lll.ll.lll.lll dstid kk.kkk.kkk.kkk \
> > >   lifetime 3h bytes 20G \
> > >   psk  \
> > >   tag "keysim"
> > > 
> > > include "/etc/iked.users"
> > > -
> > > 
> > 
> 

Re: iked problems with Apple clients in 7.1

[Tobias Heider]

On Fri, May 20, 2022 at 03:41:12PM +0100, Stuart Henderson wrote:
> I ran into problems with Apple clients failing to connect to
> iked after updating a machine to 7.1, introduced by
> https://github.com/openbsd/src/commit/e3f5cf2ee26929d75dc2df9e86d97c36b2a94268
> 
> spi=0xac3d46687441f957: recv IKE_SA_INIT req 0 peer rrr.rrr.rrr.rr:49436 
> local lll.ll.lll.lll:500, 308 bytes, policy 'default'
> spi=0xac3d46687441f957: send IKE_SA_INIT res 0 peer rrr.rrr.rrr.rr:49436 
> local lll.ll.lll.lll:500, 341 bytes
> spi=0xac3d46687441f957: recv IKE_AUTH req 1 peer rrr.rrr.rrr.rr:64892 local 
> lll.ll.lll.lll:4500, 368 bytes, policy 'default'
> policy_test: localid mismatch
> spi=0xac3d46687441f957: ikev2_ike_auth_recv: no compatible policy found
> spi=0xac3d46687441f957: ikev2_send_auth_failed: authentication failed for
> spi=0xac3d46687441f957: send IKE_AUTH res 1 peer rrr.rrr.rrr.rr:64892 local 
> lll.ll.lll.lll:4500, 80 bytes, NAT-T
> spi=0xac3d46687441f957: sa_free: authentication failed
> 
> I don't have full details of config done on the other side nor any
> fruit-based phones to test from myself, did anyone already run into this
> and figure out a way around it?

Hey Stuart,

I haven't seen this before but I have a theory.
Based on the commit you pointed out the problem is probably the
`dstid kk.kkk.kkk.kkk` line which was ignored before this change.

This should be easy to check without access to the other device if
you enable verbose logging on your server and look for "ikev2_pld_id"
above the error. I suspect that the ID sent by your apple peer might
actually be a different one than kk.kkk.kkk.kkk.

Another thing you could try is just removing the dstid part and see
if that works.

> 
> I'm currently running code backed out to "cvs up -D'2021/11/26 15:00'"
> as a workaround.  My config looks like
> 
> -
> set fragmentation
> 
> ikev2 "default" passive esp from 0.0.0.0/0 to dynamic \
>  \
>   local lll.ll.lll.lll \
>   peer any \
>  \
>   ikesa enc aes-128-gcm group curve25519 group ecp521 group ecp256 group 
> modp2048 \
>   ikesa enc aes-128 enc aes-256 auth hmac-sha2-256 auth hmac-sha1 group 
> curve25519 group ecp521 group ecp256 group modp2048 group modp1024 \
>  \
>   childsa enc aes-128-gcm group curve25519 group ecp521 group ecp256 group 
> modp2048 \
>   childsa enc aes-128 enc aes-256 auth hmac-sha2-256 auth hmac-sha1 group 
> curve25519 group ecp521 group ecp256 group modp2048 group modp1024 \
>  \
>   childsa enc aes-128 enc aes-256 auth hmac-sha2-256 auth hmac-sha1 \
>  \
>   srcid "" \
>   lifetime 3h bytes 5G \
>   eap "mschap-v2" \
>   config address ttt.ttt.tt.ttt/26 \
>   config name-server lll.ll.lll.aa \
>   config name-server lll.ll.lll.bb \
>   tag "$name-$id"
> 
> ikev2 "keysim" active tunnel esp from 0.0.0.0/0 to 100.70.76.0/22 \
>   local lll.ll.lll.lll peer kk.kkk.kkk.kkk \
>   ikesa auth hmac-sha2-256 enc aes-256 group modp3072 \
>   childsa auth hmac-sha2-256 enc aes-256 group modp3072 \
>   srcid lll.ll.lll.lll dstid kk.kkk.kkk.kkk \
>   lifetime 3h bytes 20G \
>   psk  \
>   tag "keysim"
> 
> include "/etc/iked.users"
> -
> 

Re: iked(8): support for intermediate CAs and multiple CERT payloads

[Tobias Heider]

On Fri, May 14, 2021 at 09:23:02PM +0100, Stuart Henderson wrote:
> On 2021/05/14 21:14, Tobias Heider wrote:
> > On Thu, May 13, 2021 at 02:39:37PM +0900, Katsuhiro Ueno wrote:
> > > Hi,
> > > 
> > > I would be happy if iked(8) supports intermediate CAs and sends the
> > > entire certificate chain to the clients. The diff attached adds
> > > supports for intermediate CAs and multiple CERT payloads to iked(8).
> > > 
> > > What I would like to do is to use a LetsEncrypt certificate as a
> > > server certificate of IKEv2 EAP and establish VPN connections with
> > > Windows clients. However, I could not complete it because of the
> > > following reasons.
> > > * LetsEncrypt server certificate is issued by an intermediate CA
> > >   and therefore the certificate of the intermediate CA is needed to
> > >   check the validity of the server certificate.
> > > * Windows expects the IKEv2 server to send the intermediate CA's
> > >   certificate in addition to the server certificate to check the
> > >   validity.
> > > * On the other hand, iked(8) is not capable of dealing with
> > >   certificate chains and sending multiple certificates (multiple
> > >   CERT payloads) to the clients.
> > > Consequently, Windows fails to verify the certificate and therefore
> > > VPN connection cannot be established.
> > > 
> > > To overcome this, I added an (ad-hoc) support for certificate chain
> > > and multiple CERT payloads. The diff attached is the changes that I
> > > made. It works fine for me but I am not sure whether or not it works
> > > for everyone and everywhere. Tests and comments are greatly
> > > appreciated.
> > > 
> > > Many thanks,
> > > Katsuhiro Ueno
> > 
> > Hi Katsuhiro,
> > 
> > thank you for the diff!
> > As Stuart said this is a very welcome addition and the diff looks good to 
> > me.
> > 
> > Unfortunately I don't have a Windows machine here to test with, so it would 
> > be
> > nice if anyone reading this could give it a try on their Windows setup.
> > 
> > I will try running a few more tests with Strongswan clients and commit it
> > once I'm sure everything still works.
> > 
> > - Tobias
> > 
> 
> Tested with Android strongswan. If I write the intermediate and
> root certificates to ca/ca.crt and the server certificate to
> certs/$HOSTNAME.crt then I'm able to connect.
> 
> I haven't tested Windows yet, I'll try to locate a machine to test with
> at the weekend.
> 
> The certificate arrangement is a little awkward to work with typical
> ACME infrastructure used with standard TLS servers:
> 
> For a standard server the root certificate would not normally need to
> be present at all; only server and intermediate certs are needed (though
> possibly this may be different for IKEv2).  As such, ACME clients don't
> normally fetch this certificate so it must be retrieved separately.
> 
> Also typically for a TLS server, any intermediates would be stored
> alongside the server certificate (fullchain.pem in the usual acme-client
> config). Storing that in a separate file isn't difficult ("chain" rather
> than "full chain" for acme-client) but, combined with the above need
> to store the CA in that same file, it does mean some extra fiddling is
> required.
> 
> So to use this diff as-is with acme-client, something like this is needed
> (I haven't tested the whole thing put together but I think it's right),
> 
> domain key "/etc/iked/private/local.key"
> domain certificate "/etc/iked/certs/hostname.crt"
> domain chain certificate "/etc/iked/ca/chain.crt"
> 
> 
> 
> ftp -o /etc/iked/ca/ca.p7c $(openssl x509 -in /etc/iked/ca/chain.crt -text 
> -noout | grep 'CA Issuers' | cut -d: -f2-)
> 
> (cat /etc/iked/ca/chain.crt; openssl pkcs7 -inform DER -in 
> /etc/iked/ca/ca.p7c -print_certs) > /etc/iked/ca/ca.crt
> 
> At least it's going to need some doc to show what goes where. But it
> would be much simpler to work with if it would at least accept "full
> chain" in the single certs/hostname.crt file.
> 

Here is an updated version of the diff working with -current iked since
I was reminded of this missing feature lately.
Stuart is probably right in that we should support fullchain.pem style
chains in a single file, but this is something we can fix in-tree.

It would be nice if we could get someone to test if it works with
Windows.

Index: ca.c
===
RCS file: /cvs/src/sbin/iked/ca.c,v
retrieving revisio

ssh: double fclose() in sshkey_save_public()

[Tobias Heider]

Hey,

it looks like in sshkey_save_public() the same fd will be closed twice
if the first fclose() returns something other than 0.

The patch below should make sure everything only gets closed once.
I moved the close() call and refactored a bit to improve readability.

Index: authfile.c
===
RCS file: /cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.142
diff -u -p -r1.142 authfile.c
--- authfile.c  1 Jan 2022 01:55:30 -   1.142
+++ authfile.c  10 May 2022 21:38:29 -
@@ -496,20 +496,25 @@ sshkey_save_public(const struct sshkey *
return SSH_ERR_SYSTEM_ERROR;
if ((f = fdopen(fd, "w")) == NULL) {
r = SSH_ERR_SYSTEM_ERROR;
+   close(fd);
goto fail;
}
if ((r = sshkey_write(key, f)) != 0)
goto fail;
fprintf(f, " %s\n", comment);
-   if (ferror(f) || fclose(f) != 0) {
+   if (ferror(f)) {
r = SSH_ERR_SYSTEM_ERROR;
+   goto fail;
+   }
+   if (fclose(f) != 0) {
+   r = SSH_ERR_SYSTEM_ERROR;
+   f = NULL;
  fail:
-   oerrno = errno;
-   if (f != NULL)
+   if (f != NULL) {
+   oerrno = errno;
fclose(f);
-   else
-   close(fd);
-   errno = oerrno;
+   errno = oerrno;
+   }
return r;
}
return 0;

Re: ipsec policy refcount

[Tobias Heider]

On Tue, Mar 08, 2022 at 08:17:13PM +0100, Alexander Bluhm wrote:
> Hi,
> 
> In IPsec policy replace integer refcount with atomic refcount.
> 
> It is a bit strange that ipo_refcnt is never taken, but let's go
> towards MP safety in small steps.
> 
> ok?
> 
> bluhm

ok tobhe@

> 
> Index: net/pfkeyv2.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/net/pfkeyv2.c,v
> retrieving revision 1.231
> diff -u -p -r1.231 pfkeyv2.c
> --- net/pfkeyv2.c 25 Feb 2022 23:51:03 -  1.231
> +++ net/pfkeyv2.c 8 Mar 2022 18:44:28 -
> @@ -1996,7 +1996,7 @@ pfkeyv2_send(struct socket *so, void *me
>  
>   TAILQ_INIT(>ipo_acquires);
>   ipo->ipo_rdomain = rdomain;
> - ipo->ipo_ref_count = 1;
> + refcnt_init(>ipo_refcnt);
>  
>   /* Add SPD entry */
>   if ((rnh = spd_table_get(rdomain)) == NULL ||
> Index: netinet/ip_ipsp.h
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.h,v
> retrieving revision 1.235
> diff -u -p -r1.235 ip_ipsp.h
> --- netinet/ip_ipsp.h 2 Mar 2022 20:16:43 -   1.235
> +++ netinet/ip_ipsp.h 8 Mar 2022 18:43:38 -
> @@ -281,7 +281,7 @@ struct ipsec_policy {
>   u_int8_tipo_sproto; /* ESP/AH; if zero, use system 
> dflts */
>   u_int   ipo_rdomain;
>  
> - int ipo_ref_count;
> + struct refcnt   ipo_refcnt;
>  
>   struct tdb  *ipo_tdb;   /* [p] Cached TDB entry */
>  
> Index: netinet/ip_spd.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_spd.c,v
> retrieving revision 1.113
> diff -u -p -r1.113 ip_spd.c
> --- netinet/ip_spd.c  6 Mar 2022 15:24:50 -   1.113
> +++ netinet/ip_spd.c  8 Mar 2022 18:44:32 -
> @@ -666,11 +666,10 @@ ipsec_delete_policy(struct ipsec_policy 
>   struct ipsec_acquire *ipa;
>   struct radix_node_head *rnh;
>   struct radix_node *rn = (struct radix_node *)ipo;
> - int err = 0;
>  
>   NET_ASSERT_LOCKED();
>  
> - if (--ipo->ipo_ref_count > 0)
> + if (refcnt_rele(>ipo_refcnt) == 0)
>   return 0;
>  
>   /* Delete from SPD. */
> @@ -699,7 +698,7 @@ ipsec_delete_policy(struct ipsec_policy 
>  
>   pool_put(_policy_pool, ipo);
>  
> - return err;
> + return 0;
>  }
>  
>  void
> 

Re: mvpcie(4): fix panic if "reset-gpios" is not available

[Tobias Heider]

On Mon, Feb 14, 2022 at 12:00:24PM +1100, Jonathan Gray wrote:
> On Sun, Feb 13, 2022 at 03:17:27PM +0100, Theo Buehler wrote:
> > On Sun, Feb 13, 2022 at 02:30:21PM +0100, Tobias Heider wrote:
> > > OF_getproplen() will return -1 if "reset-gpios" is not found which
> > > currently causes a panic:
> > > 
> > > panic: malloc: allocation too large, type = 2, size = 4294967295
> > > 
> > > Below is a fix.
> > 
> > There are more of these:
> > 
> > dev/ofw/ofw_regulator.c:336:if ((glen = OF_getproplen(node, "gpios")) 
> > <= 0)
> > dev/ofw/ofw_regulator.c:338:if ((slen = OF_getproplen(node, "states")) 
> > <= 0)
> > dev/ofw/ofw_regulator.c:401:if ((glen = OF_getproplen(node, "gpios")) 
> > <= 0)
> > dev/ofw/ofw_regulator.c:403:if ((slen = OF_getproplen(node, "states")) 
> > <= 0)
> > 
> > where glen and slen are size_t and

ok tobhe@

> 
> Index: ofw_regulator.c
> ===
> RCS file: /cvs/src/sys/dev/ofw/ofw_regulator.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 ofw_regulator.c
> --- ofw_regulator.c   23 Dec 2020 11:58:36 -  1.15
> +++ ofw_regulator.c   14 Feb 2022 00:55:28 -
> @@ -328,8 +328,7 @@ regulator_gpio_get(int node)
>  {
>   uint32_t *gpio, *gpios, *states;
>   uint32_t idx, value;
> - size_t glen, slen;
> - int i;
> + int glen, slen, i;
>  
>   pinctrl_byname(node, "default");
>  
> @@ -377,10 +376,9 @@ int
>  regulator_gpio_set(int node, uint32_t value)
>  {
>   uint32_t *gpio, *gpios, *states;
> - size_t glen, slen;
>   uint32_t min, max;
>   uint32_t idx;
> - int i;
> + int glen, slen, i;
>  
>   pinctrl_byname(node, "default");
>  

Re: mvdog(4): add support for armada-380-wdg

[Tobias Heider]

On Sun, Feb 13, 2022 at 03:47:28PM +0100, Mark Kettenis wrote:
> 
> I'm not sure this code should share a driver with the A3700 code.  The
> hardware doesn't seem to share any commonalities except for the
> Marvell name.  Linux has a separate driver which it calls "orion_wdt".
> So maybe mvodog(4) is a good name for a separate driver.
> 
> Also, since this block doesn't seem to be used on any 64-bit SoCs, the
> driver probably belongs in sys/arch/armv7/marvell/.
> 
> Cheers,
> 
> Mark
> 

Makes sense. Below is a diff adding mvodog(4) for armv7.
I also renamed the constants to A380_* for patrick@

diff --git sys/arch/armv7/conf/GENERIC sys/arch/armv7/conf/GENERIC
index d8cf637e1c6..c2ded46e895 100644
--- sys/arch/armv7/conf/GENERIC
+++ sys/arch/armv7/conf/GENERIC
@@ -187,6 +187,7 @@ usb*at dwctwo?
 # Marvell SoC
 mvacc* at fdt? early 1
 mvagc* at fdt?
+mvodog*at fdt?
 mvsysctrl* at fdt?
 mvmbus*at fdt?
 mvxhci*at fdt?
diff --git sys/arch/armv7/conf/RAMDISK sys/arch/armv7/conf/RAMDISK
index eb969297500..57375f10497 100644
--- sys/arch/armv7/conf/RAMDISK
+++ sys/arch/armv7/conf/RAMDISK
@@ -173,6 +173,7 @@ usb*at dwctwo?
 # Marvell SoC
 mvacc* at fdt? early 1
 mvagc* at fdt?
+mvodog*at fdt?
 mvsysctrl* at fdt?
 mvmbus*at fdt?
 mvxhci*at fdt?
diff --git sys/arch/armv7/marvell/files.marvell 
sys/arch/armv7/marvell/files.marvell
index b0ceb1768e2..d9e67565f96 100644
--- sys/arch/armv7/marvell/files.marvell
+++ sys/arch/armv7/marvell/files.marvell
@@ -35,3 +35,7 @@ file  arch/armv7/marvell/mvpcie.c mvpcie
 device mvpxa: sdmmcbus, sdhc
 attach mvpxa at fdt
 file   arch/armv7/marvell/mvpxa.c  mvpxa
+
+device mvodog
+attach mvodog at fdt
+file   arch/armv7/marvell/mvodog.c mvodog
diff --git sys/arch/armv7/marvell/mvodog.c sys/arch/armv7/marvell/mvodog.c
new file mode 100644
index 000..c011cb1cffe
--- /dev/null
+++ sys/arch/armv7/marvell/mvodog.c
@@ -0,0 +1,99 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2022 Tobias Heider 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+#define A380_RSTOUT_MASK_BIT   (1 << 10)
+#define A380_RSTOUT_ENABLE_BIT (1 << 8)
+#define A380_WDT_ENABLE_BIT(1 << 8)
+
+struct mvodog_softc {
+   struct devicesc_dev;
+   bus_space_tag_t  sc_iot;
+   bus_space_handle_t   sc_ioh;
+   bus_space_handle_t   sc_ioh_rout;
+   bus_space_handle_t   sc_ioh_routmask;
+};
+
+int mvodog_match(struct device *, void *, void *);
+voidmvodog_attach(struct device *, struct device *, void *);
+
+const struct cfattach mvodog_ca = {
+   sizeof (struct mvodog_softc), mvodog_match, mvodog_attach
+};
+
+struct cfdriver mvodog_cd = {
+   NULL, "mvodog", DV_DULL
+};
+
+int
+mvodog_match(struct device *parent, void *cfdata, void *aux)
+{
+   struct fdt_attach_args *faa = aux;
+
+   return OF_is_compatible(faa->fa_node, "marvell,armada-380-wdt");
+}
+
+void
+mvodog_attach(struct device *parent, struct device *self, void *aux)
+{
+   struct mvodog_softc *sc = (struct mvodog_softc *)self;
+   struct fdt_attach_args *faa = aux;
+
+   if (faa->fa_nreg < 1) {
+   printf(": no registers\n");
+   return;
+   }
+
+   sc->sc_iot = faa->fa_iot;
+   if (bus_space_map(sc->sc_iot, faa->fa_reg[0].addr,
+   faa->fa_reg[0].size, 0, >sc_ioh)) {
+   printf(": can't map registers\n");
+   return;
+   }
+   if (bus_space_map(sc->sc_iot, faa->fa_reg[1].addr,
+   faa->fa_reg[1].size, 0, >sc_ioh_rout)) {
+   printf(": can't map registers\n");
+   return;
+   }
+   if (bus_space_map(sc->sc_iot, faa->fa_reg[2].addr,
+   faa->fa_reg[2].size, 0, >sc_ioh_routmask)) {
+   printf(": can't map registers\n");
+  

mvpcie(4): fix panic if "reset-gpios" is not available

[Tobias Heider]

OF_getproplen() will return -1 if "reset-gpios" is not found which
currently causes a panic:

panic: malloc: allocation too large, type = 2, size = 4294967295

Below is a fix.

ok?

Index: mvpcie.c
===
RCS file: /mount/openbsd/cvs/src/sys/arch/armv7/marvell/mvpcie.c,v
retrieving revision 1.5
diff -u -p -r1.5 mvpcie.c
--- mvpcie.c24 Oct 2021 17:52:27 -  1.5
+++ mvpcie.c13 Feb 2022 13:24:17 -
@@ -106,7 +106,7 @@ struct mvpcie_port {
int  po_fn;
 
uint32_t*po_gpio;
-   size_t   po_gpiolen;
+   int  po_gpiolen;
 
struct arm32_pci_chipset po_pc;
int  po_bus;
@@ -353,7 +353,7 @@ mvpcie_port_attach(struct mvpcie_softc *
po->po_bridge_iolimit = 1;
 
po->po_gpiolen = OF_getproplen(po->po_node, "reset-gpios");
-   if (po->po_gpiolen) {
+   if (po->po_gpiolen > 0) {
po->po_gpio = malloc(po->po_gpiolen, M_DEVBUF, M_WAITOK);
OF_getpropintarray(po->po_node, "reset-gpios",
po->po_gpio, po->po_gpiolen);

mvdog(4): add support for armada-380-wdg

[Tobias Heider]

Hey,

I'm trying to get the Turris Omnia running and one thing missing
is a driver for the armada-380-wdg.  We already have a similar driver
called mvdog(4) that currently only supports the armada-3700 watchdog.
The diff below adds support for disabling the armada-380-wdg.

ok?

Index: mvdog.c
===
RCS file: /mount/openbsd/cvs/src/sys/dev/fdt/mvdog.c,v
retrieving revision 1.2
diff -u -p -r1.2 mvdog.c
--- mvdog.c 24 Oct 2021 17:52:26 -  1.2
+++ mvdog.c 13 Feb 2022 13:11:06 -
@@ -33,6 +33,10 @@
 
 #define WDT_TIMER_SELECT   0x64
 
+#define ARMADA_380_RSTOUT_MASK_BIT (1 << 10)
+#define ARMADA_380_RSTOUT_ENABLE_BIT   (1 << 8)
+#define ARMADA_380_WDT_ENABLE_BIT  (1 << 8)
+
 #define HREAD4(sc, reg)
\
(bus_space_read_4((sc)->sc_iot, (sc)->sc_ioh, (reg)))
 #define HWRITE4(sc, reg, val)  \
@@ -47,6 +51,8 @@ struct mvdog_softc {
bus_space_tag_t  sc_iot;
bus_space_handle_t   sc_ioh;
struct regmap   *sc_rm;
+   bus_space_handle_t   sc_ioh_rout;
+   bus_space_handle_t   sc_ioh_routmask;
 };
 
 int mvdog_match(struct device *, void *, void *);
@@ -65,7 +71,8 @@ mvdog_match(struct device *parent, void 
 {
struct fdt_attach_args *faa = aux;
 
-   return OF_is_compatible(faa->fa_node, "marvell,armada-3700-wdt");
+   return OF_is_compatible(faa->fa_node, "marvell,armada-3700-wdt") ||
+   OF_is_compatible(faa->fa_node, "marvell,armada-380-wdt");
 }
 
 void
@@ -86,17 +93,39 @@ mvdog_attach(struct device *parent, stru
return;
}
 
-   sc->sc_rm = regmap_byphandle(OF_getpropint(faa->fa_node,
-   "marvell,system-controller", 0));
-   if (sc->sc_rm == NULL) {
-   printf(": can't get regmap\n");
-   return;
-   }
-
printf("\n");
 
-   /* Disable watchdog timer. */
-   HCLR4(sc, CNTR_CTRL(CNTR_WDOG), CNTR_CTRL_ENABLE);
-   HCLR4(sc, CNTR_CTRL(CNTR_RETRIGGER), CNTR_CTRL_ENABLE);
-   regmap_write_4(sc->sc_rm, WDT_TIMER_SELECT, 0);
+   if (OF_is_compatible(faa->fa_node, "marvell,armada-3700-wdt")) {
+   sc->sc_rm = regmap_byphandle(OF_getpropint(faa->fa_node,
+   "marvell,system-controller", 0));
+   if (sc->sc_rm == NULL) {
+   printf(": can't get regmap\n");
+   return;
+   }
+
+   /* Disable watchdog timer. */
+   HCLR4(sc, CNTR_CTRL(CNTR_WDOG), CNTR_CTRL_ENABLE);
+   HCLR4(sc, CNTR_CTRL(CNTR_RETRIGGER), CNTR_CTRL_ENABLE);
+   regmap_write_4(sc->sc_rm, WDT_TIMER_SELECT, 0);
+   } else {
+   if (bus_space_map(sc->sc_iot, faa->fa_reg[1].addr,
+   faa->fa_reg[1].size, 0, >sc_ioh_rout)) {
+   printf(": can't map registers\n");
+   return;
+   }
+   if (bus_space_map(sc->sc_iot, faa->fa_reg[2].addr,
+   faa->fa_reg[2].size, 0, >sc_ioh_routmask)) {
+   printf(": can't map registers\n");
+   return;
+   }
+
+   /* Disable watchdog timer. */
+   bus_space_write_4(sc->sc_iot, sc->sc_ioh_routmask, 0,
+   bus_space_read_4(sc->sc_iot, sc->sc_ioh_routmask, 0) |
+   ARMADA_380_RSTOUT_MASK_BIT);
+   bus_space_write_4(sc->sc_iot, sc->sc_ioh_rout, 0,
+   bus_space_read_4(sc->sc_iot, sc->sc_ioh_rout, 0) &
+   ~ARMADA_380_RSTOUT_ENABLE_BIT);
+   HCLR4(sc, 0, ARMADA_380_WDT_ENABLE_BIT);
+   }
 }

clang: compile static analyzer

[Tobias Heider]

Hi,

clang ships with a pretty useful static analyzer to find all kinds of bugs
in C and C++ code:

https://clang-analyzer.llvm.org/

I use it regularly to check my own diffs and found plenty of bugs I could
have missed otherwise.  While we have the code in base we don't actually
build it into our libclang currently, so the only ways to use it are
manually modifying the Makefiles or installing llvm from ports.

I was wondering if anyone else uses this and if there was any interest to
have this in our base clang?

diff --git gnu/usr.bin/clang/Makefile gnu/usr.bin/clang/Makefile
index 6cf71d36cf8..b47abc02474 100644
--- gnu/usr.bin/clang/Makefile
+++ gnu/usr.bin/clang/Makefile
@@ -39,6 +39,11 @@ SUBDIR+=libclangSerialization
 SUBDIR+=libclangFrontend
 SUBDIR+=libclangRewriteFrontend
 SUBDIR+=libclangFrontendTool
+SUBDIR+=libclangASTMatchers
+SUBDIR+=libclangCrossTU
+SUBDIR+=libclangStaticAnalyzer
+SUBDIR+=libclangIndex
+SUBDIR+=libclangTooling
 
 SUBDIR+=clang
 
diff --git gnu/usr.bin/clang/clang/Makefile gnu/usr.bin/clang/clang/Makefile
index 76535ee8842..7d3847f883d 100644
--- gnu/usr.bin/clang/clang/Makefile
+++ gnu/usr.bin/clang/clang/Makefile
@@ -43,6 +43,11 @@ LLVM_LIBDEPS=LLVM \
clangEdit \
clangAST \
clangLex \
-   clangBasic
+   clangBasic \
+   clangStaticAnalyzer \
+   clangCrossTU \
+   clangASTMatchers \
+   clangIndex \
+   clangTooling \
 
 .include 
diff --git gnu/usr.bin/clang/include/clang/Config/config.h 
gnu/usr.bin/clang/include/clang/Config/config.h
index 02a049bf2be..93494d6a0b1 100644
--- gnu/usr.bin/clang/include/clang/Config/config.h
+++ gnu/usr.bin/clang/include/clang/Config/config.h
@@ -78,7 +78,7 @@
 /* Enable each functionality of modules */
 #define CLANG_ENABLE_ARCMT 0
 #define CLANG_ENABLE_OBJC_REWRITER 0
-#define CLANG_ENABLE_STATIC_ANALYZER 0
+#define CLANG_ENABLE_STATIC_ANALYZER 1
 
 /* Spawn a new process clang.exe for the CC1 tool invocation, when necessary */
 #define CLANG_SPAWN_CC1 0
diff --git gnu/usr.bin/clang/libclangASTMatchers/Makefile 
gnu/usr.bin/clang/libclangASTMatchers/Makefile
new file mode 100644
index 000..76c79c738cb
--- /dev/null
+++ gnu/usr.bin/clang/libclangASTMatchers/Makefile
@@ -0,0 +1,25 @@
+LIB=   clangASTMatchers
+NOPIC=
+NOPROFILE=
+
+CPPFLAGS+=  ${CLANG_INCLUDES}
+
+.include 
+
+# Core
+SRCS+= ASTMatchFinder.cpp \
+   ASTMatchersInternal.cpp \
+   GtestMatchers.cpp \
+   Diagnostics.cpp \
+   Marshallers.cpp \
+   Parser.cpp \
+   Registry.cpp \
+   VariantValue.cpp \
+
+.PATH: ${.CURDIR}/../../../llvm/clang/lib/ASTMatchers
+.PATH: ${.CURDIR}/../../../llvm/clang/lib/ASTMatchers/Dynamic
+
+install:
+   @# Nothing here so far ...
+
+.include 
diff --git gnu/usr.bin/clang/libclangAnalysis/Makefile 
gnu/usr.bin/clang/libclangAnalysis/Makefile
index 25669a34cc0..7be18f24685 100644
--- gnu/usr.bin/clang/libclangAnalysis/Makefile
+++ gnu/usr.bin/clang/libclangAnalysis/Makefile
@@ -23,6 +23,7 @@ SRCS= AnalysisDeclContext.cpp \
ExprMutationAnalyzer.cpp \
IssueHash.cpp \
LiveVariables.cpp \
+   MacroExpansionContext.cpp \
ObjCNoReturn.cpp \
PathDiagnostic.cpp \
PostOrderCFGView.cpp \
diff --git gnu/usr.bin/clang/libclangCrossTU/Makefile 
gnu/usr.bin/clang/libclangCrossTU/Makefile
new file mode 100644
index 000..59541bce012
--- /dev/null
+++ gnu/usr.bin/clang/libclangCrossTU/Makefile
@@ -0,0 +1,17 @@
+LIB=   clangCrossTU
+NOPIC=
+NOPROFILE=
+
+CPPFLAGS+= -I ${.CURDIR}/../../../llvm/clang/lib/CrossTU
+CPPFLAGS+=  ${CLANG_INCLUDES}
+
+.include 
+
+SRCS+= CrossTranslationUnit.cpp \
+
+.PATH: ${.CURDIR}/../../../llvm/clang/lib/CrossTU/
+
+install:
+   @# Nothing here so far ...
+
+.include 
diff --git gnu/usr.bin/clang/libclangIndex/Makefile 
gnu/usr.bin/clang/libclangIndex/Makefile
new file mode 100644
index 000..b31d906a5ee
--- /dev/null
+++ gnu/usr.bin/clang/libclangIndex/Makefile
@@ -0,0 +1,18 @@
+LIB=   clangIndex
+NOPIC=
+NOPROFILE=
+
+CPPFLAGS+= -I ${.CURDIR}/../../../llvm/clang/lib/Index
+CPPFLAGS+=  ${CLANG_INCLUDES}
+
+.include 
+
+SRCS+= CommentToXML.cpp \
+   USRGeneration.cpp \
+
+.PATH: ${.CURDIR}/../../../llvm/clang/lib/Index/
+
+install:
+   @# Nothing here so far ...
+
+.include 
diff --git gnu/usr.bin/clang/libclangStaticAnalyzer/Makefile 
gnu/usr.bin/clang/libclangStaticAnalyzer/Makefile
new file mode 100644
index 000..6d152afe283
--- /dev/null
+++ gnu/usr.bin/clang/libclangStaticAnalyzer/Makefile
@@ -0,0 +1,206 @@
+LIB=   clangStaticAnalyzer
+NOPIC=
+NOPROFILE=
+
+CPPFLAGS+= -I ${.CURDIR}/../../../llvm/clang/lib/StaticAnalyzer/Checkers
+CPPFLAGS+=  ${CLANG_INCLUDES}
+
+.include 
+
+# Core
+SRCS+= APSIntType.cpp \
+   AnalysisManager.cpp \
+   AnalyzerOptions.cpp \
+   BasicValueFactory.cpp \
+   BlockCounter.cpp \
+   

Re: sdmmc: fix malloc error handling in sdmmc_mem_send_scr()

[Tobias Heider]

On Mon, Jan 10, 2022 at 04:20:36PM +0100, Stefan Sperling wrote:
> On Mon, Jan 10, 2022 at 03:50:45PM +0100, Tobias Heider wrote:
> > Makes sense. I also fixed the one in sdmmc_mem_send_cxd_data().
> 
> Doesn't build here, there a few errors like this:
> 
> /usr/src/sys/dev/sdmmc/sdmmc_mem.c:483:1: error: unused label 'out' 
> [-Werror,-Wu
> nused-label] 
> 
> I like Visa's idea of using early 'return ENOMEM' instead of goto.

I removed the unused goto labels and cleaned up the error handling.
We don't need to check for (ptr != NULL) and in one case we can
merge two 'if (error == 0)' blocks.

ok?

Index: sdmmc_mem.c
===
RCS file: /mount/openbsd/cvs/src/sys/dev/sdmmc/sdmmc_mem.c,v
retrieving revision 1.36
diff -u -p -r1.36 sdmmc_mem.c
--- sdmmc_mem.c 27 Mar 2021 14:36:28 -  1.36
+++ sdmmc_mem.c 10 Jan 2022 05:20:37 -
@@ -466,7 +466,7 @@ sdmmc_mem_send_scr(struct sdmmc_softc *s
 
ptr = malloc(datalen, M_DEVBUF, M_NOWAIT | M_ZERO);
if (ptr == NULL)
-   goto out;
+   return ENOMEM;
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;
@@ -480,9 +480,7 @@ sdmmc_mem_send_scr(struct sdmmc_softc *s
if (error == 0)
memcpy(scr, ptr, datalen);
 
-out:
-   if (ptr != NULL)
-   free(ptr, M_DEVBUF, datalen);
+   free(ptr, M_DEVBUF, datalen);
 
return error;
 }
@@ -528,10 +526,8 @@ sdmmc_mem_send_cxd_data(struct sdmmc_sof
int error = 0;
 
ptr = malloc(datalen, M_DEVBUF, M_NOWAIT | M_ZERO);
-   if (ptr == NULL) {
-   error = ENOMEM;
-   goto out;
-   }
+   if (ptr == NULL)
+   return ENOMEM;
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;
@@ -549,9 +545,7 @@ sdmmc_mem_send_cxd_data(struct sdmmc_sof
if (error == 0)
memcpy(data, ptr, datalen);
 
-out:
-   if (ptr != NULL)
-   free(ptr, M_DEVBUF, datalen);
+   free(ptr, M_DEVBUF, datalen);
 
return error;
 }
@@ -608,7 +602,7 @@ sdmmc_mem_sd_switch(struct sdmmc_functio
 
ptr = malloc(statlen, M_DEVBUF, M_NOWAIT | M_ZERO);
if (ptr == NULL)
-   goto out;
+   return ENOMEM;
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;
@@ -620,15 +614,12 @@ sdmmc_mem_sd_switch(struct sdmmc_functio
cmd.c_flags = SCF_CMD_ADTC | SCF_CMD_READ | SCF_RSP_R1;
 
error = sdmmc_mmc_command(sc, );
-   if (error == 0)
+   if (error == 0) {
memcpy(status, ptr, statlen);
-
-out:
-   if (ptr != NULL)
-   free(ptr, M_DEVBUF, statlen);
-
-   if (error == 0)
sdmmc_be512_to_bitfield512(status);
+   }
+
+   free(ptr, M_DEVBUF, statlen);
 
return error;
 }

Re: sdmmc: fix malloc error handling in sdmmc_mem_send_scr()

[Tobias Heider]

On Mon, Jan 10, 2022 at 02:39:58PM +, Visa Hankala wrote:
> On Mon, Jan 10, 2022 at 03:21:49PM +0100, Tobias Heider wrote:
> > On Mon, Jan 10, 2022 at 01:41:53PM +, Visa Hankala wrote:
> > > On Mon, Jan 10, 2022 at 01:12:10PM +0100, Tobias Heider wrote:
> > > > sdmmc_mem_send_scr() tries to malloc() with M_NOWAIT and returns 0 on
> > > > error,  which leads to sdmmc_mem_sd_init() passing uninitialized stack
> > > > memory to sdmmc_mem_decode_scr().
> > > > The diff below makes sdmmc_mem_send_scr() return ENOMEM if malloc fails.
> > > > 
> > > > ok?
> > > 
> > > OK visa@
> > > 
> > > Isn't there a similar problem with M_NOWAIT in sdmmc_mem_sd_switch()?
> > > 
> > 
> > Right, here's an updated diff that fixes both.
> 
> Looks better. However, could the error branches return ENOMEM directly
> instead of using goto out?

Makes sense. I also fixed the one in sdmmc_mem_send_cxd_data().

diff --git a/sys/dev/sdmmc/sdmmc_mem.c b/sys/dev/sdmmc/sdmmc_mem.c
index fae8d63912d..d46b1d612be 100644
--- a/sys/dev/sdmmc/sdmmc_mem.c
+++ b/sys/dev/sdmmc/sdmmc_mem.c
@@ -466,7 +466,7 @@ sdmmc_mem_send_scr(struct sdmmc_softc *sc, uint32_t *scr)
 
ptr = malloc(datalen, M_DEVBUF, M_NOWAIT | M_ZERO);
if (ptr == NULL)
-   goto out;
+   return ENOMEM;
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;
@@ -528,10 +528,8 @@ sdmmc_mem_send_cxd_data(struct sdmmc_softc *sc, int 
opcode, void *data,
int error = 0;
 
ptr = malloc(datalen, M_DEVBUF, M_NOWAIT | M_ZERO);
-   if (ptr == NULL) {
-   error = ENOMEM;
-   goto out;
-   }
+   if (ptr == NULL)
+   return ENOMEM;
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;
@@ -608,7 +606,7 @@ sdmmc_mem_sd_switch(struct sdmmc_function *sf, int mode, 
int group,
 
ptr = malloc(statlen, M_DEVBUF, M_NOWAIT | M_ZERO);
if (ptr == NULL)
-   goto out;
+   return ENOMEM;
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;

Re: remove ieee80211_find_node_for_beacon()

[Tobias Heider]

On Mon, Jan 10, 2022 at 11:00:52AM +0100, Stefan Sperling wrote:
> Ping. I have had zero feedback on this so far. Anyone?

Makes sense, I remember that part of the code making problems before.
ok tobhe.

> 
> On Tue, Jan 04, 2022 at 02:35:52PM +0100, Stefan Sperling wrote:
> > The function ieee80211_find_node_for_beacon() was added by reyk on 2005.
> > At the time, net80211 nodes were stored in a hash table keyed on hashes
> > the node's source MAC addresses.
> > The purpose of ieee80211_find_node_for_beacon() was to avoid storing
> > duplicate nodes with the same source MAC address in a given hash bucket.
> > Hash collisions on differing MAC addresses were valid, but collisions
> > on the same address had to be avoided.
> > 
> > Later on, the node table data structure was changed from a hash table
> > to an RB tree which is still in use today. The RB tree can only store a
> > single node per MAC address. However, find_node_for_beacon() was kept
> > regardless, now documented to serve a different purpose.
> > Its new purpose is to tell apart different nodes which happen to use
> > the same MAC address and hence cannot both be stored in the RB tree.
> > The idea is to help the net80211 stack to pick the "better" one of two
> > such APs while it is scanning for access points. The comment also claims
> > this function would avoid "bloat" of the nodes tree, which is obviously
> > related to the function's original purpose.
> > 
> > There are several problems with this:
> > 
> > The code which decides which node is "better" can erroneously match
> > an AP against itself, in case the AP uses a hidden SSID.
> > This prevents state updates for such APs.
> > Just a bit further down, the code looks up the same node again
> > and performs all of the intended updates. Simply skipping the
> > ieee80211_find_node_for_beacon() check makes state updates work.
> > (I have received a patch submission which fixes probe responses
> > for iwm/iwx in order to interop with hidden SSID APs. And that
> > patch contains a workaround for this problem, which prompted me
> > to look into it.)
> > 
> > The intention of avoiding "bloat" makes no sense.
> > There cannot be "bloat" of the node tree. Worst case we could end up
> > leaking memory when we replace an existing node in the tree with a
> > new node which has the same address (we would lose track of the pointer
> > to memory which stores the original node, and would never be able to
> > free this memory). There is no code in place which would prevent such
> > a leak. Simply always updating the existing node we have allocated is
> > the safer choice in the absence of proper collision handling.
> > 
> > My opinion is that this function should simply be removed.
> > It is an incomplete attempt at dealing with an edge case (MAC address
> > collisions), which is not a problem this function alone could ever
> > hope to solve completely.
> > 
> > ok?
> > 
> > diff d32c3633e170510dd593f1e288e78acfddaff882 
> > 32e6a77a0992dc0014e72c20005dfd9631b2055b
> > blob - bb6367fd1d5dd9f4641fedd96491069a8f0878dc
> > blob + 51d05f49c8b1ea58ea891f7b0f817e3bf94bed08
> > --- sys/net80211/ieee80211_input.c
> > +++ sys/net80211/ieee80211_input.c
> > @@ -1751,37 +1751,7 @@ ieee80211_recv_probe_resp(struct ieee80211com *ic, 
> > str
> > ic->ic_stats.is_rx_chanmismatch++;
> > return;
> > }
> > -   /*
> > -* Use mac, channel and rssi so we collect only the
> > -* best potential AP with the equal bssid while scanning.
> > -* Collecting all potential APs may result in bloat of
> > -* the node tree. This call will return NULL if the node
> > -* for this APs does not exist or if the new node is the
> > -* potential better one.
> > -*/
> > -   ni = ieee80211_find_node_for_beacon(ic, wh->i_addr2,
> > -   >ic_channels[chan], ssid, rxi->rxi_rssi);
> > -   if (ni != NULL) {
> > -   /*
> > -* If we are doing a directed scan for an AP with a hidden SSID
> > -* we must collect the SSID from a probe response to override
> > -* a non-zero-length SSID filled with zeroes that we may have
> > -* received earlier in a beacon.
> > -*/
> > -   if (isprobe && ssid[1] != 0 && ni->ni_essid[0] == '\0') {
> > -   ni->ni_esslen = ssid[1];
> > -   memset(ni->ni_essid, 0, sizeof(ni->ni_essid));
> > -   /* we know that ssid[1] <= IEEE80211_NWID_LEN */
> > -   memcpy(ni->ni_essid, [2], ssid[1]);
> > -   }
> >  
> > -   /* Update channel in case AP has switched */
> > -   if (ic->ic_opmode == IEEE80211_M_STA)
> > -   ni->ni_chan = rni->ni_chan;
> > -
> > -   return;
> > -   }
> > -
> >  #ifdef IEEE80211_DEBUG
> > if (ieee80211_debug > 1 &&
> > (ni == NULL || ic->ic_state == IEEE80211_S_SCAN ||
> > @@ -1977,6 +1947,13 @@ ieee80211_recv_probe_resp(struct ieee80211com *ic, 
> > str
> > 

Re: sdmmc: fix malloc error handling in sdmmc_mem_send_scr()

[Tobias Heider]

On Mon, Jan 10, 2022 at 01:41:53PM +, Visa Hankala wrote:
> On Mon, Jan 10, 2022 at 01:12:10PM +0100, Tobias Heider wrote:
> > sdmmc_mem_send_scr() tries to malloc() with M_NOWAIT and returns 0 on
> > error,  which leads to sdmmc_mem_sd_init() passing uninitialized stack
> > memory to sdmmc_mem_decode_scr().
> > The diff below makes sdmmc_mem_send_scr() return ENOMEM if malloc fails.
> > 
> > ok?
> 
> OK visa@
> 
> Isn't there a similar problem with M_NOWAIT in sdmmc_mem_sd_switch()?
> 

Right, here's an updated diff that fixes both.

diff --git a/sys/dev/sdmmc/sdmmc_mem.c b/sys/dev/sdmmc/sdmmc_mem.c
index fae8d63912d..dfb72ec4bf8 100644
--- a/sys/dev/sdmmc/sdmmc_mem.c
+++ b/sys/dev/sdmmc/sdmmc_mem.c
@@ -465,8 +465,10 @@ sdmmc_mem_send_scr(struct sdmmc_softc *sc, uint32_t *scr)
int error = 0;
 
ptr = malloc(datalen, M_DEVBUF, M_NOWAIT | M_ZERO);
-   if (ptr == NULL)
+   if (ptr == NULL) {
+   error = ENOMEM;
goto out;
+   }
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;
@@ -607,8 +609,10 @@ sdmmc_mem_sd_switch(struct sdmmc_function *sf, int mode, 
int group,
gsft = (group - 1) << 2;
 
ptr = malloc(statlen, M_DEVBUF, M_NOWAIT | M_ZERO);
-   if (ptr == NULL)
+   if (ptr == NULL) {
+   error = ENOMEM;
goto out;
+   }
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;

sdmmc: fix malloc error handling in sdmmc_mem_send_scr()

[Tobias Heider]

sdmmc_mem_send_scr() tries to malloc() with M_NOWAIT and returns 0 on
error,  which leads to sdmmc_mem_sd_init() passing uninitialized stack
memory to sdmmc_mem_decode_scr().
The diff below makes sdmmc_mem_send_scr() return ENOMEM if malloc fails.

ok?

diff --git a/sys/dev/sdmmc/sdmmc_mem.c b/sys/dev/sdmmc/sdmmc_mem.c
index fae8d63912d..715c412e6ea 100644
--- a/sys/dev/sdmmc/sdmmc_mem.c
+++ b/sys/dev/sdmmc/sdmmc_mem.c
@@ -465,8 +465,10 @@ sdmmc_mem_send_scr(struct sdmmc_softc *sc, uint32_t *scr)
int error = 0;
 
ptr = malloc(datalen, M_DEVBUF, M_NOWAIT | M_ZERO);
-   if (ptr == NULL)
+   if (ptr == NULL) {
+   error = ENOMEM;
goto out;
+   }
 
memset(, 0, sizeof(cmd));
cmd.c_data = ptr;

iked: cleanup libcrypto *_free calls

[Tobias Heider]

Hey,

tb@ noticed that we do a lot of redundant explicit NULL checks before
calling libcrypto *_free() functions.  A few of the free() calls can also
be avoided by using X509_get0_pubkey() instead of X509_get_pubkey().

ok?

Index: ca.c
===
RCS file: /cvs/src/sbin/iked/ca.c,v
retrieving revision 1.83
diff -u -p -r1.83 ca.c
--- ca.c8 Dec 2021 19:17:35 -   1.83
+++ ca.c13 Dec 2021 13:25:55 -
@@ -187,10 +187,8 @@ ca_reset(struct privsep *ps)
store->ca_pubkey.id_type == IKEV2_ID_NONE)
fatalx("ca_reset: keys not loaded");
 
-   if (store->ca_cas != NULL)
-   X509_STORE_free(store->ca_cas);
-   if (store->ca_certs != NULL)
-   X509_STORE_free(store->ca_certs);
+   X509_STORE_free(store->ca_cas);
+   X509_STORE_free(store->ca_certs);
 
if ((store->ca_cas = X509_STORE_new()) == NULL)
fatalx("ca_reset: failed to get ca store");
@@ -483,9 +481,8 @@ ca_getcert(struct iked *env, struct imsg
cert = ca_by_subjectaltname(store->ca_certs, );
if (cert) {
log_debug("%s: found local cert", __func__);
-   if ((certkey = X509_get_pubkey(cert)) != NULL) {
+   if ((certkey = X509_get0_pubkey(cert)) != NULL) {
ret = ca_pubkey_serialize(certkey, );
-   EVP_PKEY_free(certkey);
if (ret == 0) {
ptr = ibuf_data(key.id_buf);
len = ibuf_length(key.id_buf);
@@ -1045,7 +1042,7 @@ ca_cert_local(struct iked *env, X509  *c
if ((localpub = ca_id_to_pkey(>ca_pubkey)) == NULL)
goto done;
 
-   if ((certkey = X509_get_pubkey(cert)) == NULL) {
+   if ((certkey = X509_get0_pubkey(cert)) == NULL) {
log_info("%s: no public key in cert", __func__);
goto done;
}
@@ -1057,10 +1054,8 @@ ca_cert_local(struct iked *env, X509  *c
 
ret = 1;
  done:
-   if (certkey != NULL)
-   EVP_PKEY_free(certkey);
-   if (localpub != NULL)
-   EVP_PKEY_free(localpub);
+   EVP_PKEY_free(localpub);
+
return (ret);
 }
 
@@ -1092,8 +1087,7 @@ ca_cert_info(const char *msg, X509 *cert
log_info("%s: subject: %s", msg, buf);
ca_x509_subjectaltname_log(cert, msg);
 out:
-   if (rawserial)
-   BIO_free(rawserial);
+   BIO_free(rawserial);
 }
 
 int
@@ -1112,10 +1106,9 @@ ca_subjectpubkey_digest(X509 *x509, uint
 * that includes the public key type (eg. RSA) and the
 * public key value (see 3.7 of RFC7296).
 */
-   if ((pkey = X509_get_pubkey(x509)) == NULL)
+   if ((pkey = X509_get0_pubkey(x509)) == NULL)
return (-1);
buflen = i2d_PUBKEY(pkey, );
-   EVP_PKEY_free(pkey);
if (buflen == 0)
return (-1);
if (!EVP_Digest(buf, buflen, md, size, EVP_sha1(), NULL)) {
@@ -1245,10 +1238,9 @@ ca_pubkey_serialize(EVP_PKEY *key, struc
 
ret = 0;
  done:
-   if (rsa != NULL)
-   RSA_free(rsa);
-   if (ec != NULL)
-   EC_KEY_free(ec);
+   RSA_free(rsa);
+   EC_KEY_free(ec);
+
return (ret);
 }
 
@@ -1317,10 +1309,9 @@ ca_privkey_serialize(EVP_PKEY *key, stru
 
ret = 0;
  done:
-   if (rsa != NULL)
-   RSA_free(rsa);
-   if (ec != NULL)
-   EC_KEY_free(ec);
+   RSA_free(rsa);
+   EC_KEY_free(ec);
+
return (ret);
 }
 
@@ -1354,14 +1345,11 @@ ca_id_to_pkey(struct iked_id *pubkey)
out = localkey;
localkey = NULL;
  done:
-   if (localkey != NULL)
-   EVP_PKEY_free(localkey);
-   if (localrsa != NULL)
-   RSA_free(localrsa);
-   if (localec != NULL)
-   EC_KEY_free(localec);
-   if (rawcert != NULL)
-   BIO_free(rawcert);
+   EVP_PKEY_free(localkey);
+   RSA_free(localrsa);
+   EC_KEY_free(localec);
+   BIO_free(rawcert);
+
return (out);
 }
 
@@ -1403,11 +1391,8 @@ ca_privkey_to_method(struct iked_id *pri
print_map(method, ikev2_auth_map));
 
  out:
-   if (ec != NULL)
-   EC_KEY_free(ec);
-   if (rawcert != NULL)
-   BIO_free(rawcert);
-
+   EC_KEY_free(ec);
+   BIO_free(rawcert);
return (method);
 }
 
@@ -1630,19 +1615,12 @@ ca_validate_pubkey(struct iked *env, str
ca_sslerror(__func__);
  done:
ibuf_release(idp.id_buf);
-   if (localkey != NULL)
-   EVP_PKEY_free(localkey);
-   if (peerrsa != NULL)
-   RSA_free(peerrsa);
-   if (peerec != NULL)
-   EC_KEY_free(peerec);
-   if (localrsa != NULL)
-   RSA_free(localrsa);
-   if (rawcert != 

tdb_delete_locked for pfkey

[Tobias Heider]

Hi,

the diff below adds tdb_delete_locked() for use in pfkeyv2_sa_flush().
This way we won't have to worry about keeping the inline code and
tdb_delete() in sync.

ok?

Index: net/pfkeyv2.c
===
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.225
diff -u -p -r1.225 pfkeyv2.c
--- net/pfkeyv2.c   1 Dec 2021 22:34:31 -   1.225
+++ net/pfkeyv2.c   3 Dec 2021 17:19:57 -
@@ -1042,18 +1042,8 @@ int
 pfkeyv2_sa_flush(struct tdb *tdb, void *satype_vp, int last)
 {
if (!(*((u_int8_t *) satype_vp)) ||
-   tdb->tdb_satype == *((u_int8_t *) satype_vp)) {
-   /* keep in sync with tdb_delete() */
-   NET_ASSERT_LOCKED();
-
-   if (tdb->tdb_flags & TDBF_DELETED)
-   return (0);
-   tdb->tdb_flags |= TDBF_DELETED;
-   tdb_unlink_locked(tdb);
-   tdb_unbundle(tdb);
-   tdb_deltimeouts(tdb);
-   tdb_unref(tdb);
-   }
+   tdb->tdb_satype == *((u_int8_t *) satype_vp))
+   tdb_delete_locked(tdb);
return (0);
 }
 
Index: netinet/ip_ipsp.c
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.260
diff -u -p -r1.260 ip_ipsp.c
--- netinet/ip_ipsp.c   2 Dec 2021 12:39:15 -   1.260
+++ netinet/ip_ipsp.c   3 Dec 2021 17:19:57 -
@@ -90,6 +90,7 @@ void  tdb_firstuse(void *);
 void   tdb_soft_timeout(void *);
 void   tdb_soft_firstuse(void *);
 inttdb_hash(u_int32_t, union sockaddr_union *, u_int8_t);
+void   tdb_dodelete(struct tdb *, int locked);
 
 int ipsec_in_use = 0;
 u_int64_t ipsec_last_added = 0;
@@ -977,13 +978,29 @@ tdb_unref(struct tdb *tdb)
 void
 tdb_delete(struct tdb *tdbp)
 {
-   /* keep in sync with pfkeyv2_sa_flush() */
+   tdb_dodelete(tdbp, 0);
+}
+
+void
+tdb_delete_locked(struct tdb *tdbp)
+{
+   MUTEX_ASSERT_LOCKED(_sadb_mtx);
+   tdb_dodelete(tdbp, 1);
+}
+
+void
+tdb_dodelete(struct tdb *tdbp, int locked)
+{
NET_ASSERT_LOCKED();
 
if (tdbp->tdb_flags & TDBF_DELETED)
return;
tdbp->tdb_flags |= TDBF_DELETED;
-   tdb_unlink(tdbp);
+   if (locked)
+   tdb_unlink_locked(tdbp);
+   else
+   tdb_unlink(tdbp);
+
/* release tdb_onext/tdb_inext references */
tdb_unbundle(tdbp);
/* delete timeouts and release references */
Index: netinet/ip_ipsp.h
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.h,v
retrieving revision 1.226
diff -u -p -r1.226 ip_ipsp.h
--- netinet/ip_ipsp.h   1 Dec 2021 22:34:31 -   1.226
+++ netinet/ip_ipsp.h   3 Dec 2021 17:19:57 -
@@ -569,6 +569,7 @@ struct  tdb *gettdbbysrcdst_dir(u_int, u_
 void   puttdb(struct tdb *);
 void   puttdb_locked(struct tdb *);
 void   tdb_delete(struct tdb *);
+void   tdb_delete_locked(struct tdb *);
 struct tdb *tdb_alloc(u_int);
 struct tdb *tdb_ref(struct tdb *);
 void   tdb_unref(struct tdb *);

Re: ipsec: refactor TDBF_DELETED

[Tobias Heider]

On Fri, Nov 26, 2021 at 01:17:22AM +0300, Vitaliy Makkoveev wrote:
> On Thu, Nov 25, 2021 at 10:59:25PM +0100, Alexander Bluhm wrote:
> > On Thu, Nov 25, 2021 at 05:13:16PM +0100, Tobias Heider wrote:
> > > Now with the missing parts from pfkeyv2.c as noticed by Hrvoje.
> > 
> > We have this code in pfkeyv2_send()
> > 
> > if (headers[SADB_EXT_ADDRESS_SRC] ||
> > headers[SADB_EXT_ADDRESS_PROXY]) {
> > tdb_unlink(sa2);
> > import_address((struct sockaddr 
> > *)>tdb_src,
> > headers[SADB_EXT_ADDRESS_SRC]);
> > import_address((struct sockaddr 
> > *)>tdb_dst,
> > headers[SADB_EXT_ADDRESS_PROXY]);
> > puttdb(sa2);
> > }
> > }
> > NET_UNLOCK();
> > 
> > Without the deleted flag, the pointers removed by tdb_unlink() and
> > set by puttdb() guarantee that tdb_delete() is not called twice.
> > In this piece of code they are missing for a short time.
> > 
> > Net lock takes care of this.  There should be a comment that describes
> > this.
> > 
> > /*
> >  * NET_LOCK prevents tdb_delete() between
> >  * tdb_unlink() and puttdb().
> >  */
> > tdb_unlink(sa2);
> > ...
> > puttdb(sa2);
> > 
> > Or we don't want to rely on net lock.  Then we need a common mutex
> > to pretect this.
> > 
> > mtx_enter(_sadb_mtx);
> > tdb_unlink_locked(tdbp);
> > ...
> > puttdb_locked(sa2);
> > mtx_leave(_sadb_mtx);
> > 
> 
> Without regarding on this diff this could be right direction because
> `tdb_sadb_mtx' mutex(9) protects TDB hash consistency.
> 

I agree that the mutex is the better solution. Updated diff below.

Index: net/pfkeyv2.c
===
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.222
diff -u -p -r1.222 pfkeyv2.c
--- net/pfkeyv2.c   25 Nov 2021 13:46:02 -  1.222
+++ net/pfkeyv2.c   25 Nov 2021 22:36:31 -
@@ -1046,11 +1046,8 @@ pfkeyv2_sa_flush(struct tdb *tdb, void *
/* keep in sync with tdb_delete() */
NET_ASSERT_LOCKED();
 
-   if (tdb->tdb_flags & TDBF_DELETED)
+   if (tdb_unlink_locked(tdb) == 0)
return (0);
-   tdb->tdb_flags |= TDBF_DELETED;
-
-   tdb_unlink_locked(tdb);
tdb_unbundle(tdb);
tdb_deltimeouts(tdb);
tdb_unref(tdb);
@@ -1438,12 +1435,14 @@ pfkeyv2_send(struct socket *so, void *me
 #endif
if (headers[SADB_EXT_ADDRESS_SRC] ||
headers[SADB_EXT_ADDRESS_PROXY]) {
-   tdb_unlink(sa2);
+   mtx_enter(_sadb_mtx);
+   tdb_unlink_locked(sa2);
import_address((struct sockaddr *)>tdb_src,
headers[SADB_EXT_ADDRESS_SRC]);
import_address((struct sockaddr *)>tdb_dst,
headers[SADB_EXT_ADDRESS_PROXY]);
-   puttdb(sa2);
+   puttdb_locked(sa2);
+   mtx_leave(_sadb_mtx);
}
}
NET_UNLOCK();
Index: netinet/ip_ipsp.c
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.254
diff -u -p -r1.254 ip_ipsp.c
--- netinet/ip_ipsp.c   25 Nov 2021 13:46:02 -  1.254
+++ netinet/ip_ipsp.c   25 Nov 2021 22:36:31 -
@@ -794,9 +794,16 @@ tdb_rehash(void)
 void
 puttdb(struct tdb *tdbp)
 {
+   mtx_enter(_sadb_mtx);
+   puttdb_locked(tdbp);
+   mtx_leave(_sadb_mtx);
+}
+
+void
+puttdb_locked(struct tdb *tdbp)
+{
u_int32_t hashval;
 
-   mtx_enter(_sadb_mtx);
hashval = tdb_hash(tdbp->tdb_spi, >tdb_dst, tdbp->tdb_sproto);
 
/*
@@ -832,18 +839,20 @@ puttdb(struct tdb *tdbp)
 #endif /* IPSEC */
 
ipsec_last_added = getuptime();
-   mtx_leave(_sadb_mtx);
 }
 
-void
+int
 tdb_unlink(struct tdb *tdbp)

Re: ipsec: refactor TDBF_DELETED

[Tobias Heider]

On Thu, Nov 25, 2021 at 03:50:29PM +0100, Tobias Heider wrote:
> As discussed in the previous thread we can simplify the tdb cleanup
> code by removing the TDBF_DELETED flag and instead checking if the
> tdb was already unlinked.
> 
> ok?
> 

Now with the missing parts from pfkeyv2.c as noticed by Hrvoje.

Index: net/pfkeyv2.c
===
RCS file: /cvs/src/sys/net/pfkeyv2.c,v
retrieving revision 1.222
diff -u -p -r1.222 pfkeyv2.c
--- net/pfkeyv2.c   25 Nov 2021 13:46:02 -  1.222
+++ net/pfkeyv2.c   25 Nov 2021 16:10:51 -
@@ -1046,11 +1046,8 @@ pfkeyv2_sa_flush(struct tdb *tdb, void *
/* keep in sync with tdb_delete() */
NET_ASSERT_LOCKED();
 
-   if (tdb->tdb_flags & TDBF_DELETED)
+   if (tdb_unlink_locked(tdb) == 0)
return (0);
-   tdb->tdb_flags |= TDBF_DELETED;
-
-   tdb_unlink_locked(tdb);
tdb_unbundle(tdb);
tdb_deltimeouts(tdb);
tdb_unref(tdb);
Index: netinet/ip_ipsp.c
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.254
diff -u -p -r1.254 ip_ipsp.c
--- netinet/ip_ipsp.c   25 Nov 2021 13:46:02 -  1.254
+++ netinet/ip_ipsp.c   25 Nov 2021 16:10:51 -
@@ -835,15 +835,18 @@ puttdb(struct tdb *tdbp)
mtx_leave(_sadb_mtx);
 }
 
-void
+int
 tdb_unlink(struct tdb *tdbp)
 {
+   int r;
+
mtx_enter(_sadb_mtx);
-   tdb_unlink_locked(tdbp);
+   r = tdb_unlink_locked(tdbp);
mtx_leave(_sadb_mtx);
+   return (r);
 }
 
-void
+int
 tdb_unlink_locked(struct tdb *tdbp)
 {
struct tdb *tdbpp;
@@ -851,6 +854,9 @@ tdb_unlink_locked(struct tdb *tdbp)
 
MUTEX_ASSERT_LOCKED(_sadb_mtx);
 
+   if (tdbp->tdb_dnext == NULL && tdbp->tdb_snext == NULL)
+   return (0);
+
hashval = tdb_hash(tdbp->tdb_spi, >tdb_dst, tdbp->tdb_sproto);
 
if (tdbh[hashval] == tdbp) {
@@ -907,6 +913,8 @@ tdb_unlink_locked(struct tdb *tdbp)
ipsecstat_inc(ipsec_prevtunnels);
}
 #endif /* IPSEC */
+
+   return (1);
 }
 
 void
@@ -968,11 +976,8 @@ tdb_delete(struct tdb *tdbp)
/* keep in sync with pfkeyv2_sa_flush() */
NET_ASSERT_LOCKED();
 
-   if (tdbp->tdb_flags & TDBF_DELETED)
+   if (tdb_unlink(tdbp) == 0)
return;
-   tdbp->tdb_flags |= TDBF_DELETED;
-
-   tdb_unlink(tdbp);
/* release tdb_onext/tdb_inext references */
tdb_unbundle(tdbp);
/* delete timeouts and release references */
Index: netinet/ip_ipsp.h
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.h,v
retrieving revision 1.222
diff -u -p -r1.222 ip_ipsp.h
--- netinet/ip_ipsp.h   25 Nov 2021 13:46:02 -  1.222
+++ netinet/ip_ipsp.h   25 Nov 2021 16:10:51 -
@@ -337,7 +337,6 @@ struct tdb {/* tunnel 
descriptor blo
 #defineTDBF_ALLOCATIONS0x8 /* Check the flows counters */
 #defineTDBF_INVALID0x00010 /* This SPI is not valid 
yet/anymore */
 #defineTDBF_FIRSTUSE   0x00020 /* Expire after first use */
-#defineTDBF_DELETED0x00040 /* This TDB has already been 
deleted */
 #defineTDBF_SOFT_TIMER 0x00080 /* Soft expiration */
 #defineTDBF_SOFT_BYTES 0x00100 /* Soft expiration */
 #defineTDBF_SOFT_ALLOCATIONS   0x00200 /* Soft expiration */
@@ -352,7 +351,7 @@ struct tdb {/* tunnel 
descriptor blo
 
 #define TDBF_BITS ("\20" \
"\1UNIQUE\2TIMER\3BYTES\4ALLOCATIONS" \
-   "\5INVALID\6FIRSTUSE\7DELETED\10SOFT_TIMER" \
+   "\5INVALID\6FIRSTUSE\10SOFT_TIMER" \
"\11SOFT_BYTES\12SOFT_ALLOCATIONS\13SOFT_FIRSTUSE\14PFS" \
"\15TUNNELING" \
"\21USEDTUNNEL\22UDPENCAP\23PFSYNC\24PFSYNC_RPL" \
@@ -571,8 +570,8 @@ struct  tdb *tdb_ref(struct tdb *);
 void   tdb_unref(struct tdb *);
 void   tdb_free(struct tdb *);
 inttdb_init(struct tdb *, u_int16_t, struct ipsecinit *);
-void   tdb_unlink(struct tdb *);
-void   tdb_unlink_locked(struct tdb *);
+inttdb_unlink(struct tdb *);
+inttdb_unlink_locked(struct tdb *);
 void   tdb_unbundle(struct tdb *);
 void   tdb_deltimeouts(struct tdb *);
 inttdb_walk(u_int, int (*)(struct tdb *, void *, int), void *);

ipsec: refactor TDBF_DELETED

[Tobias Heider]

As discussed in the previous thread we can simplify the tdb cleanup
code by removing the TDBF_DELETED flag and instead checking if the
tdb was already unlinked.

ok?

Index: ip_ipsp.c
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.c,v
retrieving revision 1.254
diff -u -p -r1.254 ip_ipsp.c
--- ip_ipsp.c   25 Nov 2021 13:46:02 -  1.254
+++ ip_ipsp.c   25 Nov 2021 14:39:03 -
@@ -835,15 +835,18 @@ puttdb(struct tdb *tdbp)
mtx_leave(_sadb_mtx);
 }
 
-void
+int
 tdb_unlink(struct tdb *tdbp)
 {
+   int r;
+
mtx_enter(_sadb_mtx);
-   tdb_unlink_locked(tdbp);
+   r = tdb_unlink_locked(tdbp);
mtx_leave(_sadb_mtx);
+   return (r);
 }
 
-void
+int
 tdb_unlink_locked(struct tdb *tdbp)
 {
struct tdb *tdbpp;
@@ -851,6 +854,9 @@ tdb_unlink_locked(struct tdb *tdbp)
 
MUTEX_ASSERT_LOCKED(_sadb_mtx);
 
+   if (tdbp->tdb_dnext == NULL && tdbp->tdb_snext == NULL)
+   return (0);
+
hashval = tdb_hash(tdbp->tdb_spi, >tdb_dst, tdbp->tdb_sproto);
 
if (tdbh[hashval] == tdbp) {
@@ -907,6 +913,8 @@ tdb_unlink_locked(struct tdb *tdbp)
ipsecstat_inc(ipsec_prevtunnels);
}
 #endif /* IPSEC */
+
+   return (1);
 }
 
 void
@@ -968,11 +976,8 @@ tdb_delete(struct tdb *tdbp)
/* keep in sync with pfkeyv2_sa_flush() */
NET_ASSERT_LOCKED();
 
-   if (tdbp->tdb_flags & TDBF_DELETED)
+   if (tdb_unlink(tdbp) == 0)
return;
-   tdbp->tdb_flags |= TDBF_DELETED;
-
-   tdb_unlink(tdbp);
/* release tdb_onext/tdb_inext references */
tdb_unbundle(tdbp);
/* delete timeouts and release references */
Index: ip_ipsp.h
===
RCS file: /cvs/src/sys/netinet/ip_ipsp.h,v
retrieving revision 1.222
diff -u -p -r1.222 ip_ipsp.h
--- ip_ipsp.h   25 Nov 2021 13:46:02 -  1.222
+++ ip_ipsp.h   25 Nov 2021 14:39:03 -
@@ -337,7 +337,6 @@ struct tdb {/* tunnel 
descriptor blo
 #defineTDBF_ALLOCATIONS0x8 /* Check the flows counters */
 #defineTDBF_INVALID0x00010 /* This SPI is not valid 
yet/anymore */
 #defineTDBF_FIRSTUSE   0x00020 /* Expire after first use */
-#defineTDBF_DELETED0x00040 /* This TDB has already been 
deleted */
 #defineTDBF_SOFT_TIMER 0x00080 /* Soft expiration */
 #defineTDBF_SOFT_BYTES 0x00100 /* Soft expiration */
 #defineTDBF_SOFT_ALLOCATIONS   0x00200 /* Soft expiration */
@@ -352,7 +351,7 @@ struct tdb {/* tunnel 
descriptor blo
 
 #define TDBF_BITS ("\20" \
"\1UNIQUE\2TIMER\3BYTES\4ALLOCATIONS" \
-   "\5INVALID\6FIRSTUSE\7DELETED\10SOFT_TIMER" \
+   "\5INVALID\6FIRSTUSE\10SOFT_TIMER" \
"\11SOFT_BYTES\12SOFT_ALLOCATIONS\13SOFT_FIRSTUSE\14PFS" \
"\15TUNNELING" \
"\21USEDTUNNEL\22UDPENCAP\23PFSYNC\24PFSYNC_RPL" \
@@ -571,8 +570,8 @@ struct  tdb *tdb_ref(struct tdb *);
 void   tdb_unref(struct tdb *);
 void   tdb_free(struct tdb *);
 inttdb_init(struct tdb *, u_int16_t, struct ipsecinit *);
-void   tdb_unlink(struct tdb *);
-void   tdb_unlink_locked(struct tdb *);
+inttdb_unlink(struct tdb *);
+inttdb_unlink_locked(struct tdb *);
 void   tdb_unbundle(struct tdb *);
 void   tdb_deltimeouts(struct tdb *);
 inttdb_walk(u_int, int (*)(struct tdb *, void *, int), void *);

Re: IPsec tdb ref counting

[Tobias Heider]

On Wed, Nov 24, 2021 at 03:52:26PM +0100, Alexander Bluhm wrote:
> On Wed, Nov 24, 2021 at 05:12:36PM +0300, Vitaliy Makkoveev wrote:
> > Understood. But his means we encoded double unref when we calling
> > tdb_unref() just after tdb_delete(tdb). To me it looks better to avoid
> > this and rework handlers like below:
> 
> I have tried this before.  It creates a tdb leak.  The double unref
> is correct.  tdb_delete() must only be called once.
> 
> > tdb_timeout(void *v)
> > {
> > struct tdb *tdb = v;
> > 
> > NET_LOCK();
> > if (tdb->tdb_flags & TDBF_TIMER) {
> > /* If it's an "invalid" TDB do a silent expiration. */
> > if (!(tdb->tdb_flags & TDBF_INVALID)) {
> > ipsecstat_inc(ipsec_exctdb);
> > pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD);
> > }
> > /* tdb_delete() calls tdb_unref() */
> > tdb_delete(tdb);
> > } else {
> > /* decrement refcount of the timeout argument */
> > tdb_unref(tdb);
> > }
> > NET_UNLOCK();
> > }
> > 
> > Also we could rework tdb_delete() to set the 'TDBF_DELETED' flag and do
> > not tdb_unref() passed `tdb'. It's assumed that caller should unref this
> > `tdb'. I like this because we will not kill `tdb' passed to (*xf_input)()
> > and (*xf_output)().
> 
> If the caller needs a tdb ref, he has to refcount it.  The tdb_delete()
> decrements the refcount that was added during allocation.
> 
> My next diff will add a refcount in ip_output_ipsec_lookup() to
> address this.  The current diff is complicated enough.  I want to
> commit something that does neither leak nor crash.  After that I
> can add more refcounts.  Finally I will run in parallel.
> 
> I cannot put everything in one gigantic diff.
> 
> bluhm
> 

Here's the promised diff without TDBF_DELETED. Instead of setting the flag we
can just check if the tdb has already been unlinked. 

Index: net/if_bridge.c
===
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.358
diff -u -p -r1.358 if_bridge.c
--- net/if_bridge.c 11 Nov 2021 18:08:17 -  1.358
+++ net/if_bridge.c 24 Nov 2021 19:11:19 -
@@ -1567,20 +1567,28 @@ bridge_ipsec(struct ifnet *ifp, struct e
tdb->tdb_xform != NULL) {
if (tdb->tdb_first_use == 0) {
tdb->tdb_first_use = gettime();
-   if (tdb->tdb_flags & TDBF_FIRSTUSE)
-   timeout_add_sec(>tdb_first_tmo,
-   tdb->tdb_exp_first_use);
-   if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE)
-   timeout_add_sec(>tdb_sfirst_tmo,
-   tdb->tdb_soft_first_use);
+   if (tdb->tdb_flags & TDBF_FIRSTUSE) {
+   if (timeout_add_sec(
+   >tdb_first_tmo,
+   tdb->tdb_exp_first_use))
+   tdb_ref(tdb);
+   }
+   if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) {
+   if (timeout_add_sec(
+   >tdb_sfirst_tmo,
+   tdb->tdb_soft_first_use))
+   tdb_ref(tdb);
+   }
}
 
prot = (*(tdb->tdb_xform->xf_input))(, tdb, hlen,
off);
+   tdb_unref(tdb);
if (prot != IPPROTO_DONE)
ip_deliver(, , prot, af);
return (1);
} else {
+   tdb_unref(tdb);
  skiplookup:
/* XXX do an input policy lookup */
return (0);
Index: net/if_pfsync.c
===
RCS file: /cvs/src/sys/net/if_pfsync.c,v
retrieving revision 1.298
diff -u -p -r1.298 if_pfsync.c
--- net/if_pfsync.c 11 Nov 2021 12:35:01 -  1.298
+++ net/if_pfsync.c 24 Nov 2021 19:11:19 -
@@ -1325,11 +1325,13 @@ pfsync_update_net_tdb(struct pfsync_tdb 
/* Neither replay nor byte counter should ever decrease. */
if (pt->rpl < tdb->tdb_rpl ||
pt->cur_bytes < tdb->tdb_cur_bytes) {
+   tdb_unref(tdb);
goto bad;
}
 
tdb->tdb_rpl = pt->rpl;
tdb->tdb_cur_bytes = pt->cur_bytes;
+   tdb_unref(tdb);
}
return;
 
Index: net/pfkeyv2.c

Re: IPsec tdb ref counting

[Tobias Heider]

On Tue, Nov 23, 2021 at 02:18:26PM +0100, Alexander Bluhm wrote:
> On Tue, Nov 23, 2021 at 06:54:59AM +0100, Hrvoje Popovski wrote:
> > after 24 hours hitting sasyncd setup one box panic
> 
> Thanks for testing.
> 
> I have reduced my iked lifetime to about 10 seconds and got the
> same panic on my new 8 core test machine.
> 
> ddb{2}> trace
> db_enter() at db_enter+0x10
> panic(81eaa8e3) at panic+0xbf
> pool_do_get(821e64d8,9,8000238b0524) at pool_do_get+0x35c
> pool_get(821e64d8,9) at pool_get+0x93
> tdb_alloc(0) at tdb_alloc+0x62
> reserve_spi(0,100,,80d41254,80d41238,32,cbd2b00c6d3d3ec
> d) at reserve_spi+0xfc
> pfkeyv2_send(fd8739174900,81b3ba80,50) at pfkeyv2_send+0x19c6
> pfkeyv2_output(fd80948cea00,fd8739174900,0,0) at pfkeyv2_output+0x8a
> pfkeyv2_usrreq(fd8739174900,9,fd80948cea00,0,0,8000238857b0) at 
> pfk
> eyv2_usrreq+0x1b0
> sosend(fd8739174900,0,8000238b0b60,0,0,0) at sosend+0x3a9
> dofilewritev(8000238857b0,3,8000238b0b60,0,8000238b0c60) at 
> dofilew
> ritev+0x14d
> sys_writev(8000238857b0,8000238b0c00,8000238b0c60) at 
> sys_writev+0x
> d2
> syscall(8000238b0cd0) at syscall+0x3a9
> Xsyscall() at Xsyscall+0x128
> 
> > ddb{3}> show tdb
> 
> You have to add the pool item addr to this command.
> 
> I additionally have refcount tracing diff on my machine.  With that
> I see this result:
> 
> ddb{2}> show panic
> *cpu2: pool_do_get: tdb free list modified: page 0x8801; item 
> addr 0
> x8801c998; offset 0x28=0xdeadbeee
> 
> ddb{2}> show tdb /f 0x8801c998
> tdb at 0x8801c998
>  hnext: 0x4c38c8f8ffb0cab5
>  dnext: 0xff2c2a5ac7964242
>  snext: 0xdeadbeefdeadbeef
> ...
>  tdb_trace[78]: 350309838: refs 5 -1 cpu2 ipsec_forward_check:1081
>  tdb_trace[79]: 350309839: refs 4 +1 cpu2 gettdb_dir:358
>  tdb_trace[80]: 350309840: refs 5 -1 cpu2 ipsec_common_input:355
>  tdb_trace[81]: 350309841: refs 4 +1 cpu2 gettdb_dir:358
>  tdb_trace[82]: 350309842: refs 5 -1 cpu2 ipsec_forward_check:1081
>  tdb_trace[83]: 350310888: refs 4 -1 cpu2 ipsp_spd_lookup:529
>  tdb_trace[84]: 350816099: refs 3 -1 cpu0 tdb_soft_timeout:726
>  tdb_trace[85]: 351266117: refs 2 +1 cpu2 gettdb_dir:358
>  tdb_trace[86]: 351266118: refs 3 +0 cpu2 pfkeyv2_send:1599
>  tdb_trace[87]: 351266119: refs 3 -1 cpu2 tdb_delete0:997
>  tdb_trace[88]: 351271898: refs 2 -1 cpu2 pfkeyv2_send:2143
>  tdb_trace[89]: 351300368: refs 1 +0 cpu0 tdb_timeout:688
>  tdb_trace[90]: 351300369: refs 1 -1 cpu0 tdb_delete0:997
>  tdb_trace[91]: 351300370: refs 3735928559 -1 cpu0 tdb_timeout:691
> 
> I will try mvs@ IPL_NET fix and think a bit more about the problem.
> 
> bluhm
> 

It looks like the problem is that we are calling tdb_delete() twice, once from
pfkey_send() and again from tdb_timeout(). My guess is that the timeout task
is already scheduled and waiting for NETLOCK, which is why tdb_deltimeouts()
can't delete it.
The diff below adds a flag to prevent the TDB from being deleted more than once.
This should fix the problem above.

Index: sys/net/if_bridge.c
===
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.358
diff -u -p -r1.358 if_bridge.c
--- sys/net/if_bridge.c 11 Nov 2021 18:08:17 -  1.358
+++ sys/net/if_bridge.c 23 Nov 2021 15:12:53 -
@@ -1567,20 +1567,28 @@ bridge_ipsec(struct ifnet *ifp, struct e
tdb->tdb_xform != NULL) {
if (tdb->tdb_first_use == 0) {
tdb->tdb_first_use = gettime();
-   if (tdb->tdb_flags & TDBF_FIRSTUSE)
-   timeout_add_sec(>tdb_first_tmo,
-   tdb->tdb_exp_first_use);
-   if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE)
-   timeout_add_sec(>tdb_sfirst_tmo,
-   tdb->tdb_soft_first_use);
+   if (tdb->tdb_flags & TDBF_FIRSTUSE) {
+   if (timeout_add_sec(
+   >tdb_first_tmo,
+   tdb->tdb_exp_first_use))
+   tdb_ref(tdb);
+   }
+   if (tdb->tdb_flags & TDBF_SOFT_FIRSTUSE) {
+   if (timeout_add_sec(
+   >tdb_sfirst_tmo,
+   tdb->tdb_soft_first_use))
+   tdb_ref(tdb);
+   }
}
 
prot = (*(tdb->tdb_xform->xf_input))(, tdb, hlen,
 

OpenIKED 7.0 released

[Tobias Heider]

We have released OpenIKED 7.0, which will be arriving in the
OpenIKED directory of your local OpenBSD mirror soon.

This release includes the following changes to the previous release:

  * Added client-side support for DNS configuration via
OpenBSD resolvd(8) and systemd-resolved(8)

  * Added an experimental post-quantum hybrid key exchange method
based on Streamlined NTRU Prime (coupled with X25519) as
sntrup761x25519

  * Added support to compile and run on macOS

  * Increased default data bytes limit for Child SAs to 4 GB,
preventing excessive rekeying and lost data in high performance
setups.

  * Fixed a problem where no flows are loaded when a single config
address without pool is configured

  * Fixed a bug that broke pfkey acquire on non-OpenBSD systems

OpenIKED is known to compile and run on FreeBSD, NetBSD,
macOS and the Linux distributions Arch, Debian and Fedora.

It is our hope that packagers take interest and help adapt
OpenIKED to more distributions.

OpenIKED can be downloaded from any of the mirrors listed at
https://www.openbsd.org/ftp.html, from the /pub/OpenBSD/OpenIKED
directory.

General bugs may be reported to b...@openbsd.org.  Portable bugs
may be filed at https://github.com/openiked/openiked-portable.

We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.

Re: diff: ipsec.conf(5), clarify "aes" accepts 128:256 bits

[Tobias Heider]

On Wed, Nov 03, 2021 at 02:55:11PM +0900, YASUOKA Masahiko wrote:
> Hi,
> 
> On Tue, 2 Nov 2021 07:03:43 +
> Jason McIntyre  wrote:
> > On Tue, Nov 02, 2021 at 12:02:07PM +0900, YASUOKA Masahiko wrote:
> >> I'd like to clarify "aes" in ipsec.conf accepts 128:256 bits.
> >> 
> >> sbin/ipsecctl/ike.c:
> >> 201 case ENCXF_AES:
> >> 202 enc_alg = "AES";
> >> 203 key_length = "128,128:256";
> >> 204 break;
> >> 
> >> 
> >> ok?
> >> 
> >> Clarify "aes" will accept keys which length is in 128:256 bits.
> >> 
> > 
> > i notice that the enc lists in ipsec.conf.5 and iked.conf.5 differ.
> > aren;t they supposed to be in sync?
> > 
> > for example, iked.conf.5 doesn;t mention "aes" or "aesctr". also the
> > *-gmac and *-gcm-12 discrepancy.
> 
> As for "aes", *only isakmpd(8)* supports "aes" keyword or having a
> range for the key length.  So there isn't need to sync it to
> iked.conf.5.
> 
> Also I belive "aesctr" is to support 160:288 range for key length, but
> the implemention doesn't seem to be completed.  I have another plan to
> handle this separately, then I'll update the man page.
> 
> 
> Other than the key length range, it seems there are some differences
> between iked.conf.5 and ipsec.conf.5.
> 
> 1. "-gcm-12" 
>missing this in ipsec.conf.5 is ok since isakmpd(8) doesn't support
>it yet.  (It is actually an alias ID for "-gcm" though.)
> 
> 2. "-gmac" and "null"
>iked.conf.5 has a separeted list for them to clarify they don't do
>encryption.  Applied the same to isakmpd.conf.5.
> 
> 3. "chacha20-poly1305"
>It is missing in ipsec.conf.5.
> 
> 4. explanation of "[IKE only]" or "[phase 2]"
>It is missing in ipsec.conf.5.  Copied the section from iked.conf
>and modified it.
> 
> 5. explanation of "keysize" for AES-CTR and so on
>The explanation in ipsec.conf.5 is better.  Copied that to
>iked.conf.5.
> 
> 6. "cast"
>ipsecctl(8) program doesn't support "cast" keyword actually,
>it supports "cast128" instead.  Correct "cast" to "cast128"
> 
> 
> ok?
> 
> +Transforms followed by
> +.Bq IKE only
> +can only be used with the
> +.Ic ike
> +keyword, transforms with

The ciphers that have [phase 2 only, IKE only] are all counter based
AES modes that can only be safely used with a common unique IV per SA.
This can not be done with manual SAs but can be negotiated as part of
the IKE handshake.
I interpret [IKE only] here as: can only be used with automatic keying/IKE.
Otherwise it would also make little sense to have both for the same cipher.