witness kernel - lock order reversal

[Michael Price]

Not sure where to send this. Let me know if another list is better.

If this is more helpful with a snapshot kernel instead of the one I
compiled let me know that as well.

Michael

Jun  1 16:17:10 ports /bsd:  1st 0x81d179b0 _lock
(_lock) @ /usr/src/sys/kern/kern_synch.c:444
Jun  1 16:17:10 ports /bsd:  2nd 0x80281270 _priv->irq_lock
(_priv->irq_lock) @ /usr/src/sys/dev/pci/drm/i915/intel_lrc.c:1645
Jun  1 16:17:10 ports /bsd: lock order "_priv->irq_lock"(mutex) ->
"_lock"(sched_lock) first seen at:
Jun  1 16:17:10 ports /bsd: #0  witness_checkorder+0x494
Jun  1 16:17:10 ports /bsd: #1  ___mp_lock+0x70
Jun  1 16:17:10 ports /bsd: #2  wakeup_n+0x39
Jun  1 16:17:10 ports /bsd: #3  task_add+0x85
Jun  1 16:17:10 ports /bsd: #4  gen6_rps_boost+0x110
Jun  1 16:17:10 ports /bsd: #5  __i915_wait_request+0x137
Jun  1 16:17:10 ports /bsd: #6
i915_gem_object_wait_rendering__nonblocking+0x1c6
Jun  1 16:17:10 ports /bsd: #7  i915_gem_set_domain_ioctl+0xce
Jun  1 16:17:10 ports /bsd: #8  drm_do_ioctl+0x203
Jun  1 16:17:10 ports /bsd: #9  drmioctl+0xe9
Jun  1 16:17:10 ports /bsd: #10 VOP_IOCTL+0x4d
Jun  1 16:17:10 ports /bsd: #11 vn_ioctl+0x5e
Jun  1 16:17:10 ports /bsd: #12 sys_ioctl+0x439
Jun  1 16:17:10 ports /bsd: #13 syscall+0x31d
Jun  1 16:17:10 ports /bsd: #14 Xsyscall_untramp+0xc0
Jun  1 16:17:10 ports /bsd: lock order "_lock"(sched_lock) ->
"_priv->irq_lock"(mutex) first seen at:
Jun  1 16:17:10 ports /bsd: #0  witness_checkorder+0x494
Jun  1 16:17:10 ports /bsd: #1  _mtx_enter+0x31
Jun  1 16:17:10 ports /bsd: #2  gen8_logical_ring_put_irq+0x36
Jun  1 16:17:10 ports /bsd: #3  __i915_wait_request+0x344
Jun  1 16:17:10 ports /bsd: #4
i915_gem_object_wait_rendering__nonblocking+0x1c6
Jun  1 16:17:10 ports /bsd: #5  i915_gem_set_domain_ioctl+0xce
Jun  1 16:17:10 ports /bsd: #6  drm_do_ioctl+0x203
Jun  1 16:17:10 ports /bsd: #7  drmioctl+0xe9
Jun  1 16:17:10 ports /bsd: #8  VOP_IOCTL+0x4d
Jun  1 16:17:10 ports /bsd: #9  vn_ioctl+0x5e
Jun  1 16:17:10 ports /bsd: #10 sys_ioctl+0x439
Jun  1 16:17:10 ports /bsd: #11 syscall+0x31d
Jun  1 16:17:10 ports /bsd: #12 Xsyscall_untramp+0xc0

Re: interface queue transmit mitigation (again)

[Michael Price]

On Tue, Mar 27, 2018 at 9:30 PM David Gwynne  wrote:

> On Thu, Mar 15, 2018 at 03:25:46PM +0100, Martin Pieuchot wrote:
> > On 14/03/18(Wed) 13:00, David Gwynne wrote:
> > > this adds transmit mitigation back to the tree.
> > >
> > > it is basically the same diff as last time. the big difference this
> > > time is that all the tunnel drivers all defer ip_output calls, which
> > > avoids having to play games with NET_LOCK in the ifq transmit paths.
> >
> > Comments inline.
> >
> > > +   if (ifq_len(ifq) >= min(4, ifq->ifq_maxlen)) {
> >
> > Why 4?  DragonFly recently bumped `ifsq_stage_cntmax' to 16.  Did you
> > try other values?  They also have an XXX comment that this value should
> > be per-interface.  Why?
>
> their default was 4, and they'd done some research on it. if they
> moved to 16 there would be a reason for it.


Would it be this commit?

https://marc.info/?l=dragonfly-commits=151401707632544=2

Comments include test data.

Michael

Re: More useful: something like doasedit (was: Utility to safely edit doas.conf)

[Michael Price]

Perhaps I am just dense, but what problem does sudoedit solve that is not
easily solved with groups and chmod?

Michael

On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek  wrote:

> Hi,
>
> to prevent privilege escalation by allowing 'sudo vi' (simple by
> invoking a shell from within vi) there is a special command 'sudoedit'.
> So far I can see this is missing currently if I use doas instead of
> sudo.
>
> So adding a similar command is more helpful to secure a system than
> special editors for every config file.
>
> Kind regards
> Felix
>
> On 28.02.2018 18:22, Frans Haarman wrote:
> > I've wondered about the usefulness of something like 'rcctl edit
> > bgpd'and a
> > bgpd_conf=/etc/bgpd.conf in rc.conf.
> >
> > Together with a 'rcctl clone' creating rc.d/bgpd symlink and
> > rc.conf.local
> > flags.
> >
> > Might make it easier running multiple of the same daemons?
> >
> > Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
> > bgpd confirm'.
> >
> > Just wondering out loud now :)
> >
> > Regards,
> > Frans
> >
> > Op woensdag 28 februari 2018 heeft Theo de Raadt 
> > het
> > volgende geschreven:
> >> Yeah.
> >>
> >> And I suppose we also need seperate programs for all the other files
> >> in /etc?
> >>
> >> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
> >> visshd, vissh, etc
> >>
> >> After all, someone could create unsafe configurations, and lots of
> > handholding
> >> is needed everywhere, yes?
> >>
> >> I'm sorry, but I disagree.  The tooling already exists to let you do
> >> this carefully.  It is up to people to use their brains. And your
> >> script doesn't have any locking, so it is still error prone.
> >>
> >> I really don't see the point of these wrappers.
> >>
> >>> The following is a shell script to safely edit /etc/doas.conf so that
> >>> you
> > avoid locking yourself out with a bad config. I managed to do this
> > myself,
> > so thought it might be useful to a wider audience.
> >>>
> >>> It is inspired by the 'visudo' tool: it copies doas.conf to a
> >>> temporary
> > directory then opens it in vi. When you exit vi it checks the format of
> > the
> > config file, and if it passes then it will overwrite the original one
> > then
> > delete the copy. If it fails a warning is shown, and the file is
> > re-opened
> > for editing.
> >>>
> >>> It will not create /etc/doas.conf if it does not already exist (I
> >>> could
> > add a separate warning for this if needed).
> >>>
> >>> diff -u /dev/null usr.bin/doas/vidoas
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +
> >>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
> >>> @@ -0,0 +1,36 @@
> >>> +#!/bin/sh
> >>> +
> >>> +# $OpenBSD$
> >>> +#
> >>> +# Copyright (c) 2018 Anthony Perkins 
> >>> +#
> >>> +# Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +# purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +# copyright notice and this permission notice appear in all copies.
> >>> +#
> >>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE FOR
> >>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
> >>> DAMAGES
> >>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
> >>> AN
> >>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
> >>> OUT OF
> >>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >>> +
> >>> +doasconf=/etc/doas.conf
> >>> +tempfile=$(mktemp -t doas. || exit 1)
> >>> +if [ -w $doasconf ]; then
> >>> +cp $doasconf $tempfile
> >>> +vi $tempfile
> >>> +while ! doas -C $tempfile; do
> >>> +echo "Press Enter to retry, Ctrl-C to abort."
> >>> +read
> >>> +vi $tempfile
> >>> +done
> >>> +if doas -C $tempfile; then
> >>> +cp -f $tempfile $doasconf
> >>> +rm -f $tempfile
> >>> +fi
> >>> +else
> >>> +echo "$doasconf is not writable by this user."
> >>> +exit 1
> >>> +fi
> >>> diff -u /dev/null usr.bin/doas/vidoas.1
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +
> >>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
> >>> @@ -0,0 +1,44 @@
> >>> +.\" $OpenBSD$
> >>> +.\"
> >>> +.\"Copyright (c) 2018 Anthony Perkins 
> >>> +.\"
> >>> +.\"Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +.\"purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +.\"copyright notice and this permission notice appear in all copies.
> >>> +.\"
> >>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE
> > FOR
> >>> +.\"ANY SPECIAL,