Re: Syspatch man page -c behaviour

2021-04-10 Thread Sebastien Marie
articular, 2 indicates that applying patches was requested but no additional patch was installed. see http://man.openbsd.org/syspatch#EXIT_STATUS Thanks. -- Sebastien Marie

mfs + cd9660: vop #define cleanup

2021-03-24 Thread Sebastien Marie
. Comments or OK ? -- Sebastien Marie blob - a662a6787ef9a6b06363441fb8778d66a29c04d0 blob + 2c54a18f3ff43c3eac65a4e520f4dcb625fa2473 --- sys/ufs/mfs/mfs_extern.h +++ sys/ufs/mfs/mfs_extern.h @@ -61,6 +61,5 @@ int mfs_close(void *); int mfs_inactive(void *); int mfs_reclaim(void *); int mfs_print

Re: namei/execve: entanglement's simplification

2021-03-24 Thread Sebastien Marie
Please withdraw for now. sys/exec.h change doesn't fit well in userland. Thanks. On Mon, Mar 22, 2021 at 11:05:06AM +0100, Sebastien Marie wrote: > Hi, > > The following diff tries to simplify a bit the entanglement of namei > data and execve(2) syscall. > > Currently, when

namei/execve: entanglement's simplification

2021-03-22 Thread Sebastien Marie
check_exec(). `ep_comm' is the other information (with ep_vp) wanted in result of check_exec() call. it will be copied to `ps_comm'. Comments or OK ? -- Sebastien Marie diff 8de782433999755fc9356c8ed8dc7b327e532351 /home/semarie/repos/openbsd/src blob - a31fa5a3269a3b568450066a1bd001317d710354 file

patch: constify and use C99-style initialization for struct execsw

2021-03-20 Thread Sebastien Marie
Hi, The following diff makes `struct execsw' to: - use C99-style initialization (grep works better with that) - use const as execsw is not modified during runtime Comments or OK ? -- Sebastien Marie diff 2533c50dc3c36fe283749b7fcaef52891806c13c /home/semarie/repos/openbsd/src blob

patch: unveil: remove some leftover of UNVEIL_INSPECT usage with ni_unveil

2021-03-11 Thread Sebastien Marie
(), for a debug printf - one in pledge_namei(), for "getpw" usage when using access("/var/run/ypbind.lock") Comments or OK ? -- Sebastien Marie diff 48cf7af2deddb13b1f53f18782fd5612c3fdc34a /home/semarie/repos/openbsd/src blob - 2de0d500e39367046a93c951aeded70bcdeb

distrib: arm64: remove gratitious customization from mr.fs

2021-02-14 Thread Sebastien Marie
the list file. The diff belows put back mr.fs target identical to others archs and make the directories to be created with directives from list file. Please note that armv7 already uses such MKDIR directives for the same purpose (usr/mdec/xxx directory creation). Comments or OK ? -- Sebastien Marie

Re: distrib: make rdsetroot -x to work again

2021-02-14 Thread Sebastien Marie
attented installation. Thanks. -- Sebastien Marie

Re: distrib: make rdsetroot -x to work again

2021-02-14 Thread Sebastien Marie
On Sun, Feb 14, 2021 at 09:54:15AM -0500, Daniel Jakots wrote: > On Sun, 14 Feb 2021 15:23:05 +0100, Sebastien Marie > wrote: > > In the alpha diff, I would put the "-R .eh_frame -R .shstrtab \" line > before the -K line so the -R things are grouped together. I put

distrib: make rdsetroot -x to work again

2021-02-14 Thread Sebastien Marie
, on my i386 test, the bsd.rd size grows to 284 bytes before gzip and 113 bytes after gzip. While here, uniformize a bit the sections removed (.comment section wasn't removed on some archs while stripping). Comments or OK ? -- Sebastien Marie Index: distrib/alpha/miniroot/Makefile

distrib: reduce differences between archs: use ${MACHINE} when possible

2021-02-14 Thread Sebastien Marie
I changed it to "OpenBSD/${MACHINE}". But the packid used isn't uniform across archs, so it might not matter. The purpose is to reduce gradually the difference of Makefile between archs. Comments or OK ? -- Sebastien Marie Index: amd64

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-20 Thread Sebastien Marie
ll have some requirements). Thanks. -- Sebastien Marie

Re: [diff] src/usr.sbin/smtpd: add a forward-file option

2020-12-19 Thread Sebastien Marie
could use it. At first step, I would keep the default smtpd.conf with "forward-file" option set. It would make smtpd(1) to default to no "forward-file" if not set (what your diff do), but set the default to with "forward-file" for OpenBSD base. Admin could remove the option if he/she doesn't use it. Thanks. -- Sebastien Marie

Re: wireguard + witness

2020-12-01 Thread Sebastien Marie
On Tue, Dec 01, 2020 at 06:59:22AM +0100, Sebastien Marie wrote: > On Mon, Nov 30, 2020 at 11:14:46PM +, Stuart Henderson wrote: > > Thought I'd try a WITNESS kernel to see if that gives any clues about > > what's going on with my APU crashing all over the place (long shot but

Re: wireguard + witness

2020-11-30 Thread Sebastien Marie
am seeing few rw_init() on r_keypair_lock. I will see if I could see the source of the problem. thanks. -- Sebastien Marie

Re: myx(4): add initialization of sc_sff_lock rwlock

2020-11-26 Thread Sebastien Marie
memtype; > > + rw_init(>sc_sff_lock, "myxsff"); > + > sc->sc_pc = pa->pa_pc; > sc->sc_tag = pa->pa_tag; > sc->sc_dmat = pa->pa_dmat; > -- Sebastien Marie

Re: drm: avoid possible deadlock in kthread_stop

2020-10-17 Thread Sebastien Marie
On Wed, Oct 14, 2020 at 08:58:04PM +0200, Mark Kettenis wrote: > > Date: Thu, 1 Oct 2020 09:09:50 +0200 > > From: Sebastien Marie > > > > Hi, > > > > Currently, when a process is calling kthread_stop(), it sets a flag > > asking the thread to st

Re: amap: KASSERT()s and local variables

2020-10-11 Thread Sebastien Marie
_anon[slot] == NULL) > + panic("amap_unadd: nothing there"); this change seems wrong. you're removing a KASSERT() and readd an explicit panic(9) (taken from few lines after) > chunk = amap_chunk_get(amap, slot, 0, PR_NOWAIT); > - if (chunk == NULL) > - panic("amap_unadd: chunk for slot %d not present", slot); > + KASSERT(chunk != NULL); > > slot = UVM_AMAP_SLOTIDX(slot); > - if (chunk->ac_anon[slot] == NULL) > - panic("amap_unadd: nothing there"); > + KASSERT(chunk->ac_anon[slot] != NULL); > > chunk->ac_anon[slot] = NULL; > chunk->ac_usedmap &= ~(1 << slot); > Thanks. -- Sebastien Marie

drm: avoid possible deadlock in kthread_stop

2020-10-01 Thread Sebastien Marie
. it follows what Linux is doing. While here, I added some comments in the locking logic for park/unpark and stop. Comments or OK ? Thanks. -- Sebastien Marie --- commit 70e71461c8598e28820f1743923cac40670f7c33 from: S├ębastien Marie date: Thu Oct 1 07:02:46

Re: btrace: add boolean AND and OR operators

2020-09-14 Thread Sebastien Marie
@a = 9; > + @b = 1; > + > + printf("a & b = %d\n", @a & @b); > + printf("a | b = %d\n", @a | @b); > +} > Index: regress/usr.sbin/btrace/boolean.ok > === > RCS file: regress/usr.sbin/btrace/boolean.ok > diff -N regress/usr.sbin/btrace/boolean.ok > --- /dev/null 1 Jan 1970 00:00:00 - > +++ regress/usr.sbin/btrace/boolean.ok14 Sep 2020 15:14:10 - > @@ -0,0 +1,2 @@ > +a & b = 1 > +a | b = 9 > -- > jasper > -- Sebastien Marie

Re: go/rust vs uvm_map_inentry()

2020-09-14 Thread Sebastien Marie
On Mon, Sep 14, 2020 at 01:25:03PM +0200, Mark Kettenis wrote: > > Date: Sun, 13 Sep 2020 19:48:19 +0200 > > From: Sebastien Marie > > > > On Sun, Sep 13, 2020 at 04:49:48PM +0200, Sebastien Marie wrote: > > > On Sun, Sep 13, 2020 at 03:29:57PM +0200, Martin Pieu

Re: go/rust vs uvm_map_inentry()

2020-09-13 Thread Sebastien Marie
On Sun, Sep 13, 2020 at 04:49:48PM +0200, Sebastien Marie wrote: > On Sun, Sep 13, 2020 at 03:29:57PM +0200, Martin Pieuchot wrote: > > I'm no longer able to reproduce the corruption while building lang/go > > with the diff below. Something relevant to threading change in go

Re: go/rust vs uvm_map_inentry()

2020-09-13 Thread Sebastien Marie
On Sun, Sep 13, 2020 at 09:15:15AM -0600, Theo de Raadt wrote: > crashes -- but without any kernel printfs? crashes and no kernel printfs -- Sebastien Marie

Re: go/rust vs uvm_map_inentry()

2020-09-13 Thread Sebastien Marie
_ACCERR, sv); > + KERNEL_UNLOCK(); > } > - KERNEL_UNLOCK(); > } > return (ok); > } > -- Sebastien Marie

Re: who(1) patch for unveil violation

2020-08-27 Thread Sebastien Marie
> + err(1, "unveil"); > + } > switch (argc) { > case 0: /* who */ > if (pledge("stdio rpath getpw", NULL) == -1) > -- Sebastien Marie

Re: smtpd: make smarthost to use SNI when relaying

2020-05-31 Thread Sebastien Marie
Hi, updated diff after millert@ and beck@ remarks: - use union to collapse in_addr + in6_addr - doesn't allocate buffer and directly use s->relay->domain->name Thanks. -- Sebastien Marie diff 73b535ef4537e8454483912fc3420bc304759e96 /home/semarie/repos/openbsd

smtpd: make smarthost to use SNI when relaying

2020-05-30 Thread Sebastien Marie
in smarthost case, the domain->name is the hostname. For SNI, we are excluding ip, so I assume it should copte with domain->name as ip. Does someone with better understanding of smtpd code source could confirm the approch is right and comment ? Please note I have only tested it on simple configuration. Thanks. -- Sebastien Marie

Re: random(4): use arc4random_ctx_buf() for large device reads

2020-05-25 Thread Sebastien Marie
On Mon, May 25, 2020 at 05:27:37PM +0200, Christian Weisgerber wrote: > Sebastien Marie: > > > > For large reads from /dev/random, use the arc4random_ctx_*() functions > > > instead of hand-rolling the same code to set up a temporary ChaCha > > > instance. >

Re: random(4): use arc4random_ctx_buf() for large device reads

2020-05-25 Thread Sebastien Marie
myctx) > - explicit_bzero(, sizeof(lctx)); > + arc4random_ctx_free(lctx); > explicit_bzero(buf, POOLBYTES); > free(buf, M_TEMP, POOLBYTES); > return ret; > -- > Christian "naddy" Weisgerber na...@mips.inka.de > -- Sebastien Marie

Re: pledge(2) sndioctl(1)

2020-05-22 Thread Sebastien Marie
On Fri, May 22, 2020 at 06:57:00AM +0200, Sebastien Marie wrote: > On Thu, May 21, 2020 at 11:07:39PM +0100, Ricardo Mestre wrote: > > Hi, > > > > After the handle sioctl_hdl `hdl' is opened (which in itself requires rw fs > > access and opening an unix socket) then

Re: pledge(2) sndioctl(1)

2020-05-21 Thread Sebastien Marie
you might have tested only a part of the code path. I didn't look deeper. So it might fine, but it could also break some configurations. Thanks. -- Sebastien Marie

patch: usbdevs(8) cleanup

2019-12-21 Thread Sebastien Marie
ement") - move some variables declaration to deeper block I could do incremental changes too. Comments or OK ? -- Sebastien Marie diff da270b4d7186cb04c0a40c70d7f708d48fe543a9 /home/semarie/repos/openbsd/src blob - 165f668b527d6e794e57a62842e313fbf620e22e file + usr.sbin/usbdevs/usbdev

Re: snmp(1): Add set command

2019-10-03 Thread Sebastien Marie
ket. > > Reason: notWritable (That object does not support modification) > > > > Thanks. > > > I agree, but considering this is also part of all the other command, OK > to commit this as is and fix it for all the other in one sweep? hep, it doesn't add more problems that what is already in. ok semarie@ as it. -- Sebastien Marie

Re: snmp(1): Add set command

2019-10-03 Thread Sebastien Marie
nmp: Can't parse oid 192.168.1.5: Not writable (I changed the oid because with 'private' I am able to write to sysContact.0) But even if the agent is wrong, I think it is dangerous to bindly trust the other side of accessing a memory chunk. Before using the value, it should be checked against the valid range to avoid uncontrolled memory access. For me, for such ill response, snmp should exit with error. FYI, snmpset does the following: $ snmpset -v2c -c public 192.168.92.5 sysDescr.0 = "test" Error in packet. Reason: notWritable (That object does not support modification) Thanks. -- Sebastien Marie

Re: snmp(1): Add set command

2019-10-03 Thread Sebastien Marie
tr = argv[i + 2]; > + strl = 0; > + do { > + lval = strtoll(tmpstr, , 16); > + if (endstr[0] != ' ' && endstr[0] != '\t' && > + endstr[0] != '\0') > + errx(1, "%s: Bad value notation (%s)", > + argv[i], argv[i + 2]); > + if (tmpstr == endstr) { > + tmpstr++; > + continue; > + } > + if (lval < 0 || lval > 0xff) > + errx(1, "%s: Bad value notation (%s)", > + argv[i], argv[i + 2]); > + str[strl++] = (unsigned char) lval; > + tmpstr = endstr + 1; > + } while (endstr[0] != '\0'); > + goto pastestring; > + default: > + usage(); > + } > + if (vblist == NULL) > + vblist = varbind; > + } > + > + return vblist; > } > > __dead void > -- Sebastien Marie

snmp: invalid error message

2019-10-03 Thread Sebastien Marie
: sysDescr.0: Unknown object identifier The first command returns valid values. For the second, where the third oid is invalid, the error message speak about the first oid. The following diff corrects the error message by picking the right argv element. Comments or OK ? -- Sebastien Marie Index

patch: libtool: copte with potentially undefined dependency_libs and libdir

2019-09-26 Thread Sebastien Marie
) ? -- Sebastien Marie Index: LT/LaFile.pm === RCS file: /cvs/src/usr.bin/libtool/LT/LaFile.pm,v retrieving revision 1.23 diff -u -p -r1.23 LaFile.pm --- LT/LaFile.pm5 Sep 2014 10:36:39 - 1.23 +++ LT/LaFile.pm26 Sep

smtpd: parse.y copy/paste error

2019-09-21 Thread Sebastien Marie
Hi, A copy/paste error is present in parse.y, due to late addition of "srs key backup secrets". - grammar needs a | to make the following part of 'srs' section - the backup secret is $4 (and not $3) Comments or OK ? -- Sebastien Marie diff 3a973d3129d0b88d07e9b2c5cb9e9cfcaf79

smtpd: smtpc: ssl_check_name() dead assignment

2019-09-21 Thread Sebastien Marie
the match value ? Thanks. -- Sebastien Marie diff ea5e035f4d57ede9f18c82c5c9decc5f46c1925a /home/semarie/repos/openbsd/src blob - fb6d711d95f3a8203e44d6662002a32c92a89629 file + usr.sbin/smtpd/smtpc.c --- usr.sbin/smtpd/smtpc.c +++ usr.sbin/smtpd/smtpc.c @@ -351,10 +351,10

smtpd: smtp_session.c: remove simple dead assignment

2019-09-21 Thread Sebastien Marie
Hi, The following diff removes a simple i=0 dead assignment. There is no need to set it before entering the for() loop which will set it anyway. Comments or OK ? -- Sebastien Marie diff ea5e035f4d57ede9f18c82c5c9decc5f46c1925a /home/semarie/repos/openbsd/src blob

smtpd: report_smtp_broadcast: error out on unexpected direction

2019-09-21 Thread Sebastien Marie
fatal. Please note that it makes a logic error in smtpd to be visible instead of accessing uninitialized memory. I am not expecting direction to come from external source. Comments or OK ? -- Sebastien Marie diff ea5e035f4d57ede9f18c82c5c9decc5f46c1925a /home/semarie/re

smtpd: ecdsa_engine_init: properly initialize errstr on error

2019-09-21 Thread Sebastien Marie
e function. Comments or OK ? Thanks. -- Sebastien Marie diff ea5e035f4d57ede9f18c82c5c9decc5f46c1925a /home/semarie/repos/openbsd/src blob - 7afcfb7d247e78677368cdf983e1fedb6bcda0b7 file + usr.sbin/smtpd/ca.c --- usr.sbin/smtpd/ca.c +++ usr.sbin/smtpd/ca.c @@ -705,8 +705,10 @@ ecdsa_engine

Re: Make filter line handling more developer friendly

2019-08-26 Thread Sebastien Marie
strchr(buffer, '|')) == NULL) > - return 0; > - *ep = 0; > + ep = strchr(buffer, '|'); > + ep[0] = '\0'; is it possible to buffer to not have '|' ? if yes, you could deference NULL. -- Sebastien Marie

Re: smtpd: Allow labels containing "@"

2019-07-23 Thread Sebastien Marie
st(struct relayhost *rela > relay->port = 0; > > /* first, we extract the label if any */ > - if ((q = strchr(p, '@')) != NULL) { > + if ((q = strrchr(p, '@')) != NULL) { > *q = 0; > if (strlcpy(relay->authlabel, p, sizeof (relay->authlabel)) > >= sizeof (relay->authlabel)) > -- Sebastien Marie

Re: pipe: revisiting pipe: step 2: pipe_create() / pipe_free()

2019-07-15 Thread Sebastien Marie
On Mon, Jul 15, 2019 at 12:14:00PM +0200, Sebastien Marie wrote: > Hi, > > Next move in revisiting pipe initialization. > > After some discussion with mpi@, it seems better to have the whole > `struct pipe' allocation and initialization inside pipe_create() > function

pipe: revisiting pipe: step 2: pipe_create() / pipe_free()

2019-07-15 Thread Sebastien Marie
to return early, and move the whole if-body in the function. It is more readable, and match what we usually do in such case. This way, pipe_create() and pipe_free() are symetric: allocation in one, and free in another. Comments or OK ? -- Sebastien Marie Index: sys/kern/sys_pipe.c

pipe: rename PIPE_WANT flag

2019-07-13 Thread Sebastien Marie
descriptive. No functional changes intented. Comments or OK ? -- Sebastien Marie Index: sys/kern/sys_pipe.c === --- sys/kern/sys_pipe.c.orig2019-07-13 07:06:05.239550881 +0200 +++ sys/kern/sys_pipe.c 2019-07-13 07:07:48.780729506

pipe: revisit pipe initialisation and buffer allocation

2019-07-13 Thread Sebastien Marie
the whole function body inside the if-body. No functional change intented. Two KASSERT() added to pipespace(), one for the lock, another for ensuring the buffer is empty before realloc. Comments or OK ? -- Sebastien Marie Index: kern/sys_pipe.c

pipe(2) and pipe2(2) : nolock

2019-06-24 Thread Sebastien Marie
db perhaps) ? For testing, please regenerate syscalls after applying the diff, and before compiling the kernel: $ cd /sys/kern && make syscalls Comments or OK ? -- Sebastien Marie Index: kern/syscalls.master === RCS file:

Re: sppp: remove duplicate initialisation

2019-06-22 Thread Sebastien Marie
rst_counter[IDX_CHAP] = sp->lcp.max_configure; > > /* > -- Sebastien Marie

Re: free(9) size & mallocaray for M_IPMOPTS

2019-06-09 Thread Sebastien Marie
FS); > *im6op = im6o; > @@ -2138,7 +2136,7 @@ ip6_setmoptions(int optname, struct ip6_ > im6o->im6o_hlim == ip6_defmcasthlim && > im6o->im6o_loop == IPV6_DEFAULT_MULTICAST_LOOP && > LIST_EMPTY(>im6o_memberships)) { > - free(*im6op, M_IPMOPTS, 0); > + free(*im6op, M_IPMOPTS, sizeof(*im6o)); > *im6op = NULL; > } > > @@ -2202,7 +2200,7 @@ ip6_freemoptions(struct ip6_moptions *im > LIST_REMOVE(imm, i6mm_chain); > in6_leavegroup(imm); > } > - free(im6o, M_IPMOPTS, 0); > + free(im6o, M_IPMOPTS, sizeof(*im6o)); > } > > /* > -- Sebastien Marie

[patch] push the KERNEL_LOCK deeper on read(2) and write(2)

2019-06-05 Thread Sebastien Marie
I take care of calling ptsignal() with the KERNEL_LOCK() too, as it requires the lock (it is asserted). Others functions should be fine to be called without the KERNEL_LOCK, as they are already used in such context. Thanks. -- Sebastien Marie Index: kern/s

Re: stack trace / free(0) in isascan()

2019-05-09 Thread Sebastien Marie
xe9 > free with zero size: (127) > Starting stack trace... > free(8013f800,7f,0,8013f800,cf43c4f465284185,0) at free+0xd8 > hid_is_collection(80070c00,41,ff,10002,a6cb281b844568fc,3) at > hid_is_collection+0xe9 I am leaving others free() calls to people that would like to play this game too. -- Sebastien Marie

Re: stack trace / free(0) in isascan()

2019-05-09 Thread Sebastien Marie
NOWAIT|M_ZERO); 431 if (dev == NULL) 432 panic("config_make_softc: allocation for device softc failed"); So calling free() with cf->cf_attach->ca_devsize should be fine. Diff below. OK ? -- Sebastien Marie Index: dev/isa/isa.c ===

Re: dwxe: resetting interface on watchdog timeout

2019-04-17 Thread Sebastien Marie
On Wed, Apr 17, 2019 at 04:32:04PM -0700, Jungle Boogie wrote: > On Wed 17 Apr 2019 9:44 AM, Sebastien Marie wrote: > > Hi, > > > > With a pine64, I am experimenting regulary dwxe watchdog > > timeout. Usually it is a sign that something doesn't work in the driver &g

dwxe: resetting interface on watchdog timeout

2019-04-17 Thread Sebastien Marie
, it will try to: - down the interface (if it is up) - reset it - up the interface (if it called down previously) With it, I have a "stable" connection to the board via network. Comments or OK ? -- Sebastien Marie Index:

-msave-args : uninitialized variable

2019-02-04 Thread Sebastien Marie
is able to compile correctly. -- Sebastien Marie Index: lib/Target/X86/X86Subtarget.h === RCS file: /cvs/src/gnu/llvm/lib/Target/X86/X86Subtarget.h,v retrieving revision 1.4 diff -u -p -r1.4 X86Subtarget.h --- lib/Target/X86/X86Subtarget.h

add /etc/unwind.conf to changelist(5)

2019-01-29 Thread Sebastien Marie
Hi, Does it make sens to add unwind.conf to changelist ? I am not proposing /etc/unwind/trustanchor/root.key as the content change regulary (it has `last_queried' information in comment for example). Thanks. -- Sebastien Marie Index: changelist

Re: unveil file(1)

2019-01-04 Thread Sebastien Marie
will die as the usual code when using unveil(2) is: if (unveil(path, perm) == -1) err(EXIT_FAILURE, "unveil"); Regards. -- Sebastien Marie

Re: video(1) pledge (& updated kernel diff)

2018-12-30 Thread Sebastien Marie
On Sun, Dec 30, 2018 at 10:58:58AM +0100, Landry Breuil wrote: > On Sat, Dec 29, 2018 at 09:30:22AM +0100, Sebastien Marie wrote: > > On Fri, Dec 28, 2018 at 09:41:06PM +0100, Landry Breuil wrote: > > > I think you pledged too early. > > > > "

Re: video(1) pledge (& updated kernel diff)

2018-12-30 Thread Sebastien Marie
On Sun, Dec 30, 2018 at 10:58:58AM +0100, Landry Breuil wrote: > On Sat, Dec 29, 2018 at 09:30:22AM +0100, Sebastien Marie wrote: > > On Fri, Dec 28, 2018 at 09:41:06PM +0100, Landry Breuil wrote: > > > > I would separate the addition of pledge(2) and unrelated fixes. >

Re: video(1) pledge (& updated kernel diff)

2018-12-29 Thread Sebastien Marie
edge.h 28 Dec 2018 20:23:02 - > @@ -62,6 +62,7 @@ > #define PLEDGE_ERROR 0x0004ULL /* ENOSYS instead of kill */ > #define PLEDGE_WROUTE0x0008ULL /* interface address > ioctls */ > #define PLEDGE_UNVEIL0x0010ULL /* allow unveil() */ > +#define PLEDGE_VIDEO 0x00200800ULL /* video ioctls */ I suspect a copy/paste error: PLEDGE_VIDEO contains 2 bits sets (there is a '8' after the '2'). and space vs tab between the name and the value. > /* > * Bits outside PLEDGE_USERSET are used by the kernel itself > @@ -111,6 +112,7 @@ > { PLEDGE_ERROR, "error" }, > { PLEDGE_WROUTE,"wroute" }, > { PLEDGE_UNVEIL,"unveil" }, > + { PLEDGE_VIDEO, "video" }, > { 0, NULL }, > }; > #endif Thanks for the recall. -- Sebastien Marie

Re: pwd_check tweak

2018-12-09 Thread Sebastien Marie
; - { > - "^([0-9][a-z]){1,4}$", > - REG_EXTENDED|REG_NOSUB|REG_ICASE, > - "Please use a more complicated password." > - } > }; > > int > -- Sebastien Marie

ld.lld/ld.bfd difference in -rpath management

2018-10-27 Thread Sebastien Marie
. Thanks. -- Sebastien Marie

Re: unveil xserver's priv proc

2018-10-16 Thread Sebastien Marie
close(socks[1]); > > - if (pledge("stdio rpath wpath sendfd proc", NULL) == -1) > + for (dev = allowed_devices; dev->name != NULL; dev++) { > + if (unveil(dev->name, "rw") == -1) > + err(1, "unveil"); > + } > + if (pledge("stdio rpath wpath sendfd", NULL) == -1) > err(1, "pledge"); > > while (1) { > -- Sebastien Marie

savecore: unveil bug

2018-09-28 Thread Sebastien Marie
to reboot). Thanks. -- Sebastien Marie Index: savecore.c === RCS file: /cvs/src/sbin/savecore/savecore.c,v retrieving revision 1.58 diff -u -p -r1.58 savecore.c --- savecore.c 24 Sep 2018 21:26:38 - 1.58 +++ savecore.c 28 Sep

Re: yacc + unveil

2018-09-25 Thread Sebastien Marie
to just move the first pledge() > down? > you could try with the "tmppath" promise. I will allow opening/creating files on /tmp and unlinking them (but not sure it will cover all yacc need as it is designed for mkstemp(3) family). Unveil for such operations are fine too, without explicit unveil(2) call. -- Sebastien Marie

Re: c++ headers with latest lib{c++,c++abi,unwind} update / out-of-sync sets

2018-09-14 Thread Sebastien Marie
On Fri, Sep 14, 2018 at 05:19:47PM +1000, Jonathan Gray wrote: > On Fri, Sep 14, 2018 at 06:18:12AM +0200, Sebastien Marie wrote: > > Hi, > > > > I noticed the following new headers are installed: > > > > /usr/include/c++/v1/__refstring > > /usr/inclu

c++ headers with latest lib{c++,c++abi,unwind} update / out-of-sync sets

2018-09-13 Thread Sebastien Marie
Hi, I noticed the following new headers are installed: /usr/include/c++/v1/__refstring /usr/include/c++/v1/__undef___deallocate /usr/include/c++/v1/__undef_min_max but they aren't present in sets. The following diff should resync them. Thanks. -- Sebastien Marie Index: clang.amd64

Re: add missing break on kern_pledge.c

2018-09-12 Thread Sebastien Marie
files which where only intented for open(2). it shouldn't be a big problem, but there is also some checks for activation yp stuff in this section. Thanks. -- Sebastien Marie > Index: kern_pledge.c > === > RCS file: /cvs/s

Re: drm_wait_one_vblank() fix

2018-09-11 Thread Sebastien Marie
I am able to boot with a second screen attached to VGA without problem. before when connected during boot, the output was only on VGA and LVDS was black. Thanks. -- Sebastien Marie > Index: dev/pci/drm/drm_irq.c > =

Re: xidle: launching program on timeout without active-area

2018-09-03 Thread Sebastien Marie
ping On Tue, Aug 14, 2018 at 06:15:08AM +0200, Sebastien Marie wrote: > ping > > On Wed, Jul 25, 2018 at 02:13:49PM +0200, Sebastien Marie wrote: > > On Wed, Jul 25, 2018 at 12:55:48PM +0200, Claudio Jeker wrote: > > > On Wed, Jul 25, 2018 at 12:27:29PM +020

Re: xidle: launching program on timeout without active-area

2018-08-13 Thread Sebastien Marie
ping On Wed, Jul 25, 2018 at 02:13:49PM +0200, Sebastien Marie wrote: > On Wed, Jul 25, 2018 at 12:55:48PM +0200, Claudio Jeker wrote: > > On Wed, Jul 25, 2018 at 12:27:29PM +0200, Sebastien Marie wrote: > > > On Mon, Jul 16, 2018 at 11:37:41AM +0200, Sebastien Marie wrote: >

Re: Nuke PLEDGE_STAT for further pledge/unveil disentaglement.

2018-08-06 Thread Sebastien Marie
E 0x4000ULL > -#define PLEDGE_YPACTIVE 0x8000ULL /* YP use detected and > allowed */ > +#define PLEDGE_STATLIE 0x2000ULL > +#define PLEDGE_YPACTIVE 0x4000ULL /* YP use detected and > allowed */ > > #ifdef PLEDGENAMES > static struct { please don't change PLEDGE_YPACTIVE neither PLEDGE_STATLIE bits. they starts wih high bit set and go to lower. -- Sebastien Marie

Re: unveil: incomplete unveil_flagmatch semantic

2018-08-05 Thread Sebastien Marie
_revoke(), I saw you don't need write access at all on the device. You just need to own it (or being super user). Having only UNVEIL_READ make sens too. I am fine with it. > Theo? I want your opinion here :) -- Sebastien Marie

Re: unveil: incomplete unveil_flagmatch semantic

2018-08-04 Thread Sebastien Marie
On Sat, Aug 04, 2018 at 10:40:11AM -0600, Bob Beck wrote: > On Fri, Aug 03, 2018 at 06:31:00AM +0200, Sebastien Marie wrote: > > On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote: > > > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote: > > > > y

Re: unveil: incomplete unveil_flagmatch semantic

2018-08-02 Thread Sebastien Marie
On Thu, Aug 02, 2018 at 03:42:03PM +0200, Sebastien Marie wrote: > On Mon, Jul 30, 2018 at 07:55:35AM -0600, Bob Beck wrote: > > yeah the latter will be the way to go > > > > new diff with direct lookup using an indirection table. > new (emergency) version with PL

Re: panic: unveil_nipledge_lookup: unexpected pledge bits: 8589934592 after update to recent -current

2018-08-02 Thread Sebastien Marie
erate the panic if the program is used with unveil(2)... bad. > Any idea how to bring up my system again? wait for a new snapshot or rebuild a kernel from source (possibly from another system, as using chown(2) with unveil(2) will generate the panic). Sorry. -- Sebastien Marie

Re: unveil: incomplete unveil_flagmatch semantic

2018-08-02 Thread Sebastien Marie
ome names for constants/variable could have better names, but I had no inspiration. Thanks. -- Sebastien Marie Index: sys/pledge.h === RCS file: /cvs/src/sys/sys/pledge.h,v retrieving revision 1.37 diff -u -p -r1.37 pledge.h --- sys/pledge.h

Re: fix segfault on radiusd(8)

2018-08-01 Thread Sebastien Marie
lly use strlen() and checking for NULL before zeroing it. -- Sebastien Marie > Index: radiusd.c > === > RCS file: /cvs/src/usr.sbin/radiusd/radiusd.c,v > retrieving revision 1.20 > diff -u -p -u -r1.20 ra

bsd.port.mk: make clean=build && make : failed

2018-08-01 Thread Sebastien Marie
{WRKDIR}/bin/${_wrap} before the printf. Thanks. -- Sebastien Marie Index: /usr/ports/infrastructure/mk/bsd.port.mk === RCS file: /cvs/ports/infrastructure/mk/bsd.port.mk,v retrieving revision 1.1434 diff -u -p -r1.1434 bsd.po

Re: unveil: incomplete unveil_flagmatch semantic

2018-07-31 Thread Sebastien Marie
te namespace for UNVEIL and PLEDGE flags - UNVEIL flags are `int' values (instead of uint64_t) - add `ni_unveil' member to `struct nameidata' - complete `ni_unveil' from `ni_pledge' in namei() -- Sebastien Marie Index: sys/namei.h === RC

Re: unveil: incomplete unveil_flagmatch semantic

2018-07-30 Thread Sebastien Marie
s more readable, but it is called often (for checking each compoment) thanks. -- Sebastien Marie Index: sys/proc.h === RCS file: /cvs/src/sys/sys/proc.h,v retrieving revision 1.254 diff -u -p -r1.254 proc.h --- sys/proc.h 28 Jul 2018 18

unveil: incomplete unveil_flagmatch semantic

2018-07-30 Thread Sebastien Marie
UNVEIL_READ|UNVEIL_WRITE (requiring both) any others => panic(9) This way, we could be really exhaustive in unveil_flagmatch() without having to bother for future PLEDGE flag addition (as we will panic(9) if some developer doesn't add it where intented). Thanks. -- Sebastien Marie

Re: unveil in sndiod

2018-07-30 Thread Sebastien Marie
unveil(2) is unnecessary. In fact, if you called unveil(2) previously, when you will call pledge(2), the kernel code will check if you need your unveil configuration or not, and free it if it isn't the case. -- Sebastien Marie

Re: [bugfix] xterm(1) needs "cpath" pledge(2)

2018-07-29 Thread Sebastien Marie
On Sun, Jul 29, 2018 at 08:43:22AM +0200, Matthieu Herrb wrote: > On Sun, Jul 29, 2018 at 07:28:19AM +0200, Sebastien Marie wrote: > > > > but to decide, we should know *what* triggered this behaviour. > > Hi, > > After digging a bit, there is at least the 'Print All

Re: [bugfix] xterm(1) needs "cpath" pledge(2)

2018-07-28 Thread Sebastien Marie
hings could help too to track the problem. there is a open(2) call somewhere: the pledge violation is proof of that. but the solution isn't necessary to allow this file creation (by bindly extending the pledge promises). it could be to disallow the file creation. but to decide, we should know *what* triggered this behaviour. personally, I like to know that xterm is unable to create a file. thanks. -- Sebastien Marie

unveil: unused ps_uvactive in process

2018-07-28 Thread Sebastien Marie
Hi, The field ps_uvactive in `struct process` is unused. Generally, for checking if unveil is active, checks are done on (ps_uvvcount != 0) or (ps->ps_uvpaths != NULL). I assume the field is a left over from previous developpment. The kernel still build fine without it. Thanks. -- Sebast

unveil(2) man page clarification about path type (is a directory or not)

2018-07-28 Thread Sebastien Marie
led paths." instead of "for pledged paths". Thanks. -- Sebastien Marie Index: /home/semarie/repos/openbsd/src/lib/libc/sys/unveil.2 === RCS file: /cvs/src/lib/libc/sys/unveil.2,v retrieving revision 1.5 diff -u -p -r1.

Re: unveil(2) usage in base

2018-07-26 Thread Sebastien Marie
t = pml->pml_map.pm_port; suspirious change in pledge(2) - before: "stdio rpath inet" - after: "stdio inet" (and diff unrelated to unveil(2)) > Index: usr.sbin/vmctl/main.c > === > RCS file: /cvs/src/usr.sbin/vmctl/main.c,v > retrieving revision 1.39 > diff -u -p -u -r1.39 main.c > --- usr.sbin/vmctl/main.c 12 Jul 2018 14:53:37 - 1.39 > +++ usr.sbin/vmctl/main.c 25 Jul 2018 17:04:20 - > @@ -158,9 +166,14 @@ parse(int argc, char *argv[]) > res.action = ctl->action; > res.ctl = ctl; > > + if (unveil(SOCKET_NAME, "r") == -1) > + err(1, "unveil"); > + > if (!ctl->has_pledge) { > /* pledge(2) default if command doesn't have its own pledge */ > - if (pledge("stdio rpath exec unix getpw", NULL) == -1) > + if (unveil(VMCTL_CU, "x") == -1) > + err(1, "unveil"); > + if (pledge("stdio rpath exec unix getpw paths", NULL) == -1) > err(1, "pledge"); "paths" isn't a know promise name (it should be "unveil") > } > if (ctl->main(, argc, argv) != 0) -- Sebastien Marie

Re: xidle: launching program on timeout without active-area

2018-07-25 Thread Sebastien Marie
On Wed, Jul 25, 2018 at 12:55:48PM +0200, Claudio Jeker wrote: > On Wed, Jul 25, 2018 at 12:27:29PM +0200, Sebastien Marie wrote: > > On Mon, Jul 16, 2018 at 11:37:41AM +0200, Sebastien Marie wrote: > > > > > xidle(1) seems great for such purpose. But I didn't found

Re: xidle: launching program on timeout without active-area

2018-07-25 Thread Sebastien Marie
On Mon, Jul 16, 2018 at 11:37:41AM +0200, Sebastien Marie wrote: > Hi, > > I am looking at a way to auto-logout some workstation on inactivity. ping. no problem if there is no interest for such thing in xidle, I will write a dedicated app for that. > xidle(1) seems great for

unveil: return EPERM when locked

2018-07-18 Thread Sebastien Marie
ements. Thanks. -- Sebastien Marie Index: kern/vfs_syscalls.c === RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v retrieving revision 1.294 diff -u -p -r1.294 vfs_syscalls.c --- kern/vfs_syscalls.c 13 Jul 2018 09:36:00 - 1.294 ++

Re: unveil(2) for spamlogd(8)

2018-07-18 Thread Sebastien Marie
if (pledge("stdio rpath wpath flock unveil", NULL) == -1) > err(1, "pledge"); > } > + > + if (unveil(PATH_SPAMD_DB, "rw") == -1) > + err(1, "unveil"); > > pcap_loop(hpcap, -1, phandler, NULL); > > Thanks. -- Sebastien Marie

Re: call for testing: rad(8) - a rtadvd(8) replacement

2018-07-18 Thread Sebastien Marie
n. It could have value for RA/RS where it isn't sent by rad(8) itself, and if it is on some configured interface for rad(8). For others cases, I am unsure. Thanks for the clarification. -- Sebastien Marie

unveil: incorrect type flags on unvname_new()

2018-07-16 Thread Sebastien Marie
Hi, While reviewing unveil(2) code, I found an incorrect type on unvname_new() function: flags argument should be uint64_t. It is called by unveil_add_name() which uses uint64_t for flags, and store the value in struct unvname un_flags member which is uint64_t. Thanks. -- Sebastien Marie

xidle: launching program on timeout without active-area

2018-07-16 Thread Sebastien Marie
s ? Or any proposition to more straighfull approch ? Thanks. -- Sebastien Marie Index: xidle.1 === RCS file: /cvs/xenocara/app/xidle/xidle.1,v retrieving revision 1.4 diff -u -p -r1.4 xidle.1 --- xidle.1 9 Nov 2017 19:13:03 -

rad(8): add rad.conf to changelist(5)

2018-07-13 Thread Sebastien Marie
Hi, As rad(8) is linked in the build, I think it makes sens to add rad.conf to changelist ? Thanks. -- Sebastien Marie Index: changelist === RCS file: /cvs/src/etc/changelist,v retrieving revision 1.120 diff -u -p -r1.120

Re: use-after-free in ieee80211_defrag() [from NetBSD]

2018-06-24 Thread Sebastien Marie
On Thu, Jun 21, 2018 at 07:46:12PM +0200, Sebastien Marie wrote: > Hi, > > m...@netbsd.org has corrected an use-after-free on NetBSD on similar > code we have. > > Fix use-after-free, m_cat can free m. > > http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/net8021

use-after-free in ieee80211_defrag() [from NetBSD]

2018-06-21 Thread Sebastien Marie
of m_cat() inside the kernel, and they seems corrects. Thanks. -- Sebastien Marie Index: net80211/ieee80211_input.c === RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v retrieving revision 1.201 diff -u -p -r1.201 ieee80211_input.c ---

  1   2   3   >