Looks good to me.
Ricardo Mestre <[email protected]> wrote:
> Hi,
>
> As Timothy reported, and with the options he selected for ssh then the
> codepath
> taken will call mux_client_request_session -> mm_send_fd -> sendmsg(2). Since
> sendmsg(2) is not allowed in that codepath then pledge(2) kills the process.
>
> Please see below the trace he provided privately, and also his diff beneath it
> which adds "sendfd" to pledge(2). In my opinion it's not that bad to add yet
> another promise since a little bit later we'll reduce it into "stdio proc
> tty".
>
> Comments? OK?
>
> [New process 396642]
> Core was generated by `ssh'.
> Program terminated with signal SIGABRT, Aborted.
> #0 _thread_sys_sendmsg () at -:3
> #0 _thread_sys_sendmsg () at -:3
> No locals.
> #1 0x0000072d95537d7e in _libc_sendmsg_cancel (s=4, msg=0x7f7fffff26b0,
> flags=0) at /usr/src/lib/libc/sys/w_sendmsg.c:27
> _tib = 0x72d25280d80
> #2 0x0000072afb52cb22 in mm_send_fd (sock=4, fd=0) at
> /usr/src/usr.bin/ssh/ssh/../monitor_fdpass.c:70
> cmsg = 0xffff00000014
> msg = {
> msg_name = 0x0,
> msg_namelen = 0,
> msg_iov = 0x7f7fffff26e8,
> msg_iovlen = 1,
> msg_control = 0x7f7fffff26f8,
> msg_controllen = 24,
> msg_flags = 0
> }
> pfd = {
> fd = 4,
> events = 4,
> revents = 0
> }
> n = <optimized out>
> #3 0x0000072afb4e4183 in mux_client_request_session (fd=<optimized out>) at
> /usr/src/usr.bin/ssh/ssh/../mux.c:1944
> devnull = <optimized out>
> term = <optimized out>
> echar = <optimized out>
> m = <optimized out>
> r = <optimized out>
> i = <optimized out>
> type = <optimized out>
> rid = <optimized out>
> sid = <optimized out>
> rawmode = <optimized out>
> exitval = <optimized out>
> exitval_seen = <optimized out>
> esid = <optimized out>
> e = <optimized out>
> #4 muxclient (path=<optimized out>) at /usr/src/usr.bin/ssh/ssh/../mux.c:2359
> sock = <optimized out>
> pid = <optimized out>
> #5 0x0000072afb4d14a8 in control_persist_detach () at
> /usr/src/usr.bin/ssh/ssh/../ssh.c:1538
> pid = <optimized out>
> devnull = <optimized out>
> #6 fork_postauth () at /usr/src/usr.bin/ssh/ssh/../ssh.c:1563
> No locals.
> #7 0x0000072afb4d1630 in ssh_confirm_remote_forward (ssh=0x72d84623780,
> type=<optimized out>, seq=<optimized out>, ctxt=0x72d4049d540)
> at /usr/src/usr.bin/ssh/ssh/../ssh.c:1632
> rfwd = 0x72d4049d540
> port = <optimized out>
> r = <optimized out>
> #8 0x0000072afb4dbccc in client_global_request_reply (type=<optimized out>,
> seq=<optimized out>, ssh=0x72d84623780)
> at /usr/src/usr.bin/ssh/ssh/../clientloop.c:463
> gc = 0x72d4049de00
> #9 0x0000072afb53012b in ssh_dispatch_run (ssh=0x72d84623780, mode=1,
> done=0x72afb549810 <quit_pending>) at
> /usr/src/usr.bin/ssh/ssh/../dispatch.c:111
> seqnr = 4294911664
> type = <optimized out>
> r = <optimized out>
> #10 0x0000072afb5301ab in ssh_dispatch_run_fatal (ssh=0x72d84623780,
> mode=-55632, done=0x0) at /usr/src/usr.bin/ssh/ssh/../dispatch.c:131
> r = <optimized out>
> #11 0x0000072afb4d9601 in client_process_buffered_input_packets
> (ssh=<optimized out>) at /usr/src/usr.bin/ssh/ssh/../clientloop.c:1182
> No locals.
> #12 client_loop (ssh=0x72d84623780, have_pty=0, escape_char_arg=92236,
> ssh2_chan_id=<optimized out>) at /usr/src/usr.bin/ssh/ssh/../clientloop.c:1325
> buf =
> "cy\t\345ߍb\255\033q\005\242\vP\265/\263\b|\201\330X\354o\245\273\311\\^k*\253ѝTn\022<\025\261\244\a\342V6D[?\030\231.\001\264Xn\201\365\375H\373\021\255\256\247@\331W\247;P7\021\300~2e\362\005\264>\220\027\204\217\242\023\006\315eA\366\f\201\374\a\304*\211\235\071"
> max_fd2 = 3
> max_fd = 3
> nalloc = <error reading variable nalloc (Cannot access memory at
> address 0x0)>
> start_time = 92236.903928921995
> r = <optimized out>
> writeset = <optimized out>
> readset = <optimized out>
> len = <optimized out>
> total_time = <optimized out>
> ibytes = <optimized out>
> obytes = <optimized out>
> #13 0x0000072afb4d0384 in ssh_session2 (ssh=<optimized out>,
> pw=0x72d2e3d4800) at /usr/src/usr.bin/ssh/ssh/../ssh.c:1966
> id = <optimized out>
> tun_fwd_ifname = <optimized out>
> cp = <optimized out>
> r = <optimized out>
> devnull = <optimized out>
> #14 main (ac=<optimized out>, av=<optimized out>) at
> /usr/src/usr.bin/ssh/ssh/../ssh.c:1499
> buf =
> "/home/tbrown/.ssh\000\000\000\000\000\000\000}\r\001\000\022\000\v\000\340\231\035\000\000\000\000\000d\000\000\000\000\000\000\000\000\023\001\000\022\000\v\000\360\v\036\000\000\000\000\000\060\000\000\000\000\000\000\000^_\000\000\022\000\v\000@Q\020\000\000\000\000\000\060\000\000\000\000\000\000\000\215\271\000\000\022\000\v\000\060\364\024\000\000\000\000\000\320\000\000\000\000\000\000\000\031\322\000\000\022\000\v\000@Z\033\000\000\000\000\000\021\000\000\000\000\000\000\000\335\v\000\000\022\000\v\000\220\371\031\000\000\000\000\000\027\000\000\000\000\000\000\000\016*\000\000\022\000\v\000\020\302\r\000\000\000\000\000\060\000\000\000\000\000\000\000\362D\000\000\021\000\024\000\000"...
> cname = '\000' <repeats 16 times>, "\343l\000\000\020", '\000'
> <repeats 19 times>, "\353l\000\000\020", '\000' <repeats 19 times>,
> ".p\000\000\020", '\000' <repeats 19 times>, "\066p\000\000\020", '\000'
> <repeats 19 times>, "\306q\000\000\020", '\000' <repeats 19 times>,
> "\313q\000\000\020", '\000' <repeats 19 times>, "\311|\000\000\020", '\000'
> <repeats 19 times>, " \203\000\000\020", '\000' <repeats 19 times>...
> conn_hash =
> "@\003\244\227\263\017\204\273P\216[J\000:Z\355z\002\275\264\230-\345Q\000\064\267\225-\a\000\000^\215\177\v\375\025%n\210_\377\377\177\177\000\000ϻv\353-\a\000\000\230_\377\377\177\177\000"
> want_final_pass = <optimized out>
> opt_terminated = <optimized out>
> config_test = 0
> pw = 0x72d2e3d4800
> ssh = 0x72d84623780
> use_syslog = -920585280
> argv0 = 0x7f7fffff6238 "/usr/obj/usr.bin/ssh/ssh/ssh"
> opt = <optimized out>
> logfile = 0x1 <error: Cannot access memory at address 0x1>
> line = <optimized out>
> fwd = {
> listen_host = 0x8 <error: Cannot access memory at address 0x8>,
> listen_port = -1789955232,
> listen_path = 0x72d23b9b800 "",
> connect_host = 0x72d95463ba0 "\222)",
> connect_port = 2,
> connect_path = 0x72deb77e4b0 <environ> "\200`\377\377\177\177",
> allocated_port = 0,
> handle = 0
> }
> p = <optimized out>
> st = {
> st_mode = 16832,
> st_dev = 1067,
> st_ino = 5640193,
> st_nlink = 3,
> st_uid = 1000,
> st_gid = 1000,
> st_rdev = 22519225,
> st_atim = {
> tv_sec = 1563894442,
> tv_nsec = 132100428
> },
> st_mtim = {
> tv_sec = 1561649707,
> tv_nsec = 151782455
> },
> st_ctim = {
> tv_sec = 1561649707,
> tv_nsec = 151782455
> },
> st_size = 512,
> st_blocks = 8,
> st_blksize = 32768,
> st_flags = 0,
> st_gen = 0,
> __st_birthtim = {
> tv_sec = 0,
> tv_nsec = 0
> }
> }
> cp = <optimized out>
> i = <optimized out>
> r = <optimized out>
> was_addr = <optimized out>
> addrs = <optimized out>
> md = <optimized out>
> timeout_ms = <optimized out>
> exit_status = <optimized out>
>
> Index: clientloop.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
> retrieving revision 1.326
> diff -u -p -u -r1.326 clientloop.c
> --- clientloop.c 28 Jun 2019 13:35:04 -0000 1.326
> +++ clientloop.c 23 Jul 2019 16:42:19 -0000
> @@ -1242,7 +1242,7 @@ client_loop(struct ssh *ssh, int have_pt
> if (options.control_master &&
> !option_clear_or_none(options.control_path)) {
> debug("pledge: id");
> - if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc
> exec id tty",
> + if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd
> proc exec id tty",
> NULL) == -1)
> fatal("%s pledge(): %s", __func__, strerror(errno));
>
> On 21:17 Mon 17 Jun , Timothy Brown wrote:
> > >Sysnopsis: ssh sig aborts with pledge
> > >Category: user
> > >Environment:
> > System : OpenBSD 6.5
> > Details : OpenBSD 6.5-stable (CUSTOM) #4: Tue May 28 11:46:27
> > MDT 2019
> >
> > [email protected]:/usr/src/sys/arch/amd64/compile/CUSTOM
> >
> > Architecture: OpenBSD.amd64
> > Machine : amd64
> > >Description:
> > I think I have found a bug in ssh. A bit of my background, I am running
> > OpenBSD 6.5 (and have found the same in a -current VM). I am trying to
> > remote forward my gpg-agent (backed by a Yubikey) to a server. This
> > gets stopped by `pledge()`. This is a pretty long message, sorry.
> >
> > Here's the dmesg:
> >
> > ugen0 at uhub3 port 2 configuration 1 "Yubico Yubikey NEO OTP+U2F+CCID" rev
> > 2.00/3.46 addr 7
> > ssh[85935]: pledge "sendfd", syscall 28
> >
> > If I `ktrace` ssh this is what I get:
> >
> > 85935 ssh CALL sendmsg(4,0x7f7ffffea810,0)
> > 85935 ssh STRU struct msghdr { name=0x0, namelen=0,
> > iov=0x7f7ffffea848, iovlen=1, control=0x7f7ffffea858, controllen=24,
> > flags=0 }
> > 85935 ssh STRU struct iovec { base=0x7f7ffffea87f, len=1 }
> > 85935 ssh STRU struct cmsghdr { len=20, level=SOL_SOCKET,
> > type=SCM_RIGHTS, data=0 }
> > 85935 ssh PLDG sendmsg, "sendfd", errno 1 Operation not permitted
> > 85935 ssh PSIG SIGABRT SIG_DFL
> > 85935 ssh NAMI "ssh.core"
> >
> > >How-To-Repeat:
> > Here's the relevant parts of my .ssh/config (please note the actual
> > hostname
> > is made-up here):
> >
> > Host www
> > Hostname www.example.com
> > ForwardX11 no
> > RemoteForward /home/tbrown/.gnupg/S.gpg-agent
> > /home/tbrown/.gnupg/S.gpg-agent.extra
> > ExitOnForwardFailure yes
> > Host *
> > Compression yes
> > ServerAliveInterval 30
> > ServerAliveCountMax 4
> > ControlMaster auto
> > ControlPath ~/.ssh/mux/%h_%p_%r
> > ControlPersist 4h
> >
> > If I crank up the debugging to ssh (`ssh -vvv www`):
> >
> > debug1: channel 1: new [mux-control]
> > debug3: channel_post_mux_listener: new mux channel 1 fd 5
> > debug3: mux_master_read_cb: channel 1: hello sent
> > debug2: set_control_persist_exit_time: cancel scheduled exit
> > debug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4
> > debug2: mux_master_process_hello: channel 1 slave version 4
> > debug2: mux_client_hello_exchange: master version 4
> > debug3: mux_client_forwards: request forwardings: 0 local, 1 remote
> > debug1: Requesting forwarding of remote forward
> > /home/tbrown/.gnupg/S.gpg-agent:-2 ->
> > /home/tbrown/.gnupg/S.gpg-agent.extra:-2
> > debug3: mux_master_read_cb: channel 1 packet type 0x10000006 len 92
> > debug2: mux_master_process_open_fwd: channel 1: request remote forward
> > /home/tbrown/.gnupg/S.gpg-agent:-2 ->
> > /home/tbrown/.gnupg/S.gpg-agent.extra:-2
> > debug2: mux_master_process_open_fwd: found existing forwarding
> > debug3: mux_client_request_session: entering
> > debug3: mux_client_request_alive: entering
> > debug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4
> > debug2: mux_master_process_alive_check: channel 1: alive check
> > debug3: mux_client_request_alive: done pid = 93478
> > debug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 57
> > debug2: mux_master_process_new_session: channel 1: request tty 1, X 0,
> > agent 0, subsys 0, term "rxvt-unicode-256color", cmd "", env 0
> > debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
> > mm_receive_fd: recvmsg: expected received 1 got 0
> > mux_master_process_new_session: failed to receive fd 0 from slave
> > debug1: channel 1: mux_rcb failed
> > debug2: channel 1: zombie
> > debug2: channel 1: gc: notify user
> > debug3: mux_master_control_cleanup_cb: entering for channel 1
> > debug2: channel 1: gc: user detached
> > debug2: channel 1: zombie
> > debug2: channel 1: garbage collecting
> > debug1: channel 1: free: mux-control, nchannels 2
> > debug3: channel 1: status: The following connections are open:
> >
> > Abort trap (core dumped)
> > debug2: set_control_persist_exit_time: schedule exit in 14400 seconds
> >
> > >Fix:
> >
> > In looking at the ssh source, I think it is because there is no
> > `sendfd` in
> > the `pledge()` call:
> >
> > Index: clientloop.c
> > ===================================================================
> > RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
> > retrieving revision 1.324
> > diff -u -p -r1.324 clientloop.c
> > --- clientloop.c 12 Jun 2019 11:31:50 -0000 1.324
> > +++ clientloop.c 17 Jun 2019 20:45:51 -0000
> > @@ -1243,7 +1243,7 @@ client_loop(struct ssh *ssh, int have_pt
> > if (options.control_master &&
> > !option_clear_or_none(options.control_path)) {
> > debug("pledge: id");
> > - if (pledge("stdio rpath wpath cpath unix inet dns recvfd proc
> > exec id tty",
> > + if (pledge("stdio rpath wpath cpath unix inet dns recvfd sendfd
> > proc exec id tty",
> > NULL) == -1)
> > fatal("%s pledge(): %s", __func__, strerror(errno));
> >
> >
> > After applying this patch, I no longer the the sig abort:
> >
> > debug1: channel 1: new [mux-control]
> > debug3: channel_post_mux_listener: new mux channel 1 fd 5
> > debug3: mux_master_read_cb: channel 1: hello sent
> > debug2: set_control_persist_exit_time: cancel scheduled exit
> > debug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4
> > debug2: mux_master_process_hello: channel 1 slave version 4
> > debug2: mux_client_hello_exchange: master version 4
> > debug3: mux_client_forwards: request forwardings: 0 local, 1 remote
> > debug1: Requesting forwarding of remote forward
> > /home/tbrown/.gnupg/S.gpg-agent:-2 ->
> > /home/tbrown/.gnupg/S.gpg-agent.extra:-2
> > debug3: mux_master_read_cb: channel 1 packet type 0x10000006 len 92
> > debug2: mux_master_process_open_fwd: channel 1: request remote forward
> > /home/tbrown/.gnupg/S.gpg-agent:-2 ->
> > /home/tbrown/.gnupg/S.gpg-agent.extra:-2
> > debug2: mux_master_process_open_fwd: found existing forwarding
> > debug3: mux_client_request_session: entering
> > debug3: mux_client_request_alive: entering
> > debug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4
> > debug2: mux_master_process_alive_check: channel 1: alive check
> > debug3: mux_client_request_alive: done pid = 29222
> > debug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 57
> > debug2: mux_master_process_new_session: channel 1: request tty 1, X 0,
> > agent 0, subsys 0, term "rxvt-unicode-256color", cmd "", env 0
> > debug3: mm_receive_fd: recvmsg: Resource temporarily unavailable
> > debug3: mux_client_request_session: session request sent
> > debug3: mux_master_process_new_session: got fds stdin 6, stdout 7, stderr 8
> > debug1: channel 2: new [client-session]
> > debug2: mux_master_process_new_session: channel_new: 2 linked to control
> > channel 1
> > debug2: channel 2: send open
> > debug3: send packet: type 90
> > debug3: receive packet: type 91
> > debug2: channel_input_open_confirmation: channel 2: callback start
> > debug2: client_session2_setup: id 2
> > debug2: channel 2: request pty-req confirm 1
> > debug3: send packet: type 98
> > debug2: channel 2: request shell confirm 1
> > debug3: send packet: type 98
> > debug3: mux_session_confirm: sending success reply
> > debug2: channel_input_open_confirmation: channel 2: callback done
> > debug2: channel 2: open confirm rwindow 0 rmax 32768
> > debug3: receive packet: type 99
> > debug2: channel_input_status_confirm: type 99 id 2
> > debug2: PTY allocation request accepted on channel 2
> > debug2: channel 2: rcvd adjust 2097152
> > debug3: receive packet: type 99
> > debug2: channel_input_status_confirm: type 99 id 2
> > debug2: shell request accepted on channel 2
> > Last login: Mon Jun 17 20:37:06 2019 from X.X.X.X
> > OpenBSD 6.5 (GENERIC) #3: Sat Apr 13 14:42:43 MDT 2019
> >
> > Welcome to OpenBSD: The proactively secure Unix-like operating system.
> >
> > www$
> >
> > I was wondering if I'm on the right track here? If not does anybody have any
> > possible pointers?
> >
> > Regards
> > Timothy
> >
> >
> > dmesg:
> > OpenBSD 6.5-stable (CUSTOM) #4: Tue May 28 11:46:27 MDT 2019
> > [email protected]:/usr/src/sys/arch/amd64/compile/CUSTOM
> > real mem = 8473624576 (8081MB)
> > avail mem = 8207187968 (7826MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed7d0 (84 entries)
> > bios0: vendor Dell Inc. version "A15" date 01/23/2018
> > bios0: Dell Inc. XPS 13 9343
> > acpi0 at bios0: rev 2
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT SSDT TPM2
> > SSDT ASF! SSDT SSDT SSDT SSDT PCCT SSDT SSDT SSDT SLIC MSDM DMAR CSRT BGRT
> > acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4)
> > PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4)
> > PXSX(S4) RP05(S4) [...]
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 2893.78 MHz, 06-3d-04
> > cpu0:
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 99MHz
> > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> > cpu1 at mainbus0: apid 2 (application processor)
> > cpu1: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 2893.31 MHz, 06-3d-04
> > cpu1:
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt 0, core 1, package 0
> > cpu2 at mainbus0: apid 1 (application processor)
> > cpu2: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 2893.31 MHz, 06-3d-04
> > cpu2:
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu2: 256KB 64b/line 8-way L2 cache
> > cpu2: smt 1, core 0, package 0
> > cpu3 at mainbus0: apid 3 (application processor)
> > cpu3: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 2893.31 MHz, 06-3d-04
> > cpu3:
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
> > cpu3: 256KB 64b/line 8-way L2 cache
> > cpu3: smt 1, core 1, package 0
> > ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 20, 40 pins
> > acpimadt0: bogus nmi for apid 0
> > acpimadt0: bogus nmi for apid 2
> > acpimadt0: bogus nmi for apid 1
> > acpimadt0: bogus nmi for apid 3
> > acpimcfg0 at acpi0
> > acpimcfg0: addr 0xf8000000, bus 0-63
> > acpihpet0 at acpi0: 14318179 Hz
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpiprt1 at acpi0: bus -1 (PEG0)
> > acpiprt2 at acpi0: bus -1 (PEG1)
> > acpiprt3 at acpi0: bus -1 (PEG2)
> > acpiprt4 at acpi0: bus 1 (RP01)
> > acpiprt5 at acpi0: bus -1 (RP02)
> > acpiprt6 at acpi0: bus -1 (RP03)
> > acpiprt7 at acpi0: bus 2 (RP04)
> > acpiprt8 at acpi0: bus -1 (RP05)
> > acpiprt9 at acpi0: bus -1 (RP06)
> > acpiprt10 at acpi0: bus -1 (RP07)
> > acpiprt11 at acpi0: bus -1 (RP08)
> > acpiec0 at acpi0
> > acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33),
> > C1(1000@1 mwait.1), PSS
> > acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33),
> > C1(1000@1 mwait.1), PSS
> > acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33),
> > C1(1000@1 mwait.1), PSS
> > acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33),
> > C1(1000@1 mwait.1), PSS
> > acpipwrres0 at acpi0: PG00, resource for PEG0
> > acpipwrres1 at acpi0: PG01, resource for PEG1
> > acpipwrres2 at acpi0: PG02, resource for PEG2
> > acpitz0 at acpi0: critical temperature is 107 degC
> > acpipwrres3 at acpi0: FN00, resource for FAN0
> > acpipwrres4 at acpi0: FN01, resource for FAN1
> > acpipwrres5 at acpi0: FN02, resource for FAN2
> > acpipwrres6 at acpi0: FN03, resource for FAN3
> > acpipwrres7 at acpi0: FN04, resource for FAN4
> > acpitz1 at acpi0: critical temperature is 105 degC
> > acpitz2 at acpi0: critical temperature is 105 degC
> > acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
> > acpicmos0 at acpi0
> > "INT3403" at acpi0 not configured
> > "INT3403" at acpi0 not configured
> > "INT3403" at acpi0 not configured
> > "INT3403" at acpi0 not configured
> > "INTL9C60" at acpi0 not configured
> > dwiic0 at acpi0 I2C0 addr 0xfe103000/0x1000 irq 7
> > iic0 at dwiic0
> > dwiic1 at acpi0 I2C1 addr 0xfe105000/0x1000 irq 7
> > iic1 at dwiic1
> > ihidev0 at iic1 addr 0x2c irq 39, vendor 0x6cb product 0x76ad, DLL0665
> > ihidev0: 14 report ids
> > imt0 at ihidev0: clickpad, 3 contacts
> > wsmouse0 at imt0 mux 0
> > "INT3402" at acpi0 not configured
> > "PNP0C14" at acpi0 not configured
> > acpibtn0 at acpi0: LID0
> > acpibtn1 at acpi0: PBTN
> > acpibtn2 at acpi0: SBTN
> > acpiac0 at acpi0: AC unit online
> > acpibat0 at acpi0: BAT0 model "DELL RWT1R43" serial 9564 type LION oem "SMP"
> > "MSFT0101" at acpi0 not configured
> > "INT340F" at acpi0 not configured
> > "INT3400" at acpi0 not configured
> > "PNP0C0B" at acpi0 not configured
> > "PNP0C0B" at acpi0 not configured
> > "PNP0C0B" at acpi0 not configured
> > "PNP0C0B" at acpi0 not configured
> > "PNP0C0B" at acpi0 not configured
> > acpivideo0 at acpi0: GFX0
> > acpivout0 at acpivideo0: LCD_
> > cpu0: using VERW MDS workaround
> > cpu0: Enhanced SpeedStep 2893 MHz: speeds: 2401, 2400, 2300, 2100, 2000,
> > 1900, 1700, 1600, 1400, 1300, 1200, 1000, 900, 800, 600, 500 MHz
> > pci0 at mainbus0 bus 0
> > pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x09
> > inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 5500" rev 0x09
> > drm0 at inteldrm0
> > inteldrm0: msi
> > inteldrm0: 3200x1440, 32bpp
> > error: [drm:pid0:intel_dp_link_training_channel_equalization] *ERROR* 5.4
> > Gbps link rate without HBR2/TPS3 support
> > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> > azalia0 at pci0 dev 3 function 0 "Intel Core 5G HD Audio" rev 0x09: msi
> > azalia0: no supported codecs
> > "Intel Core 5G Thermal" rev 0x09 at pci0 dev 4 function 0 not configured
> > xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi, xHCI
> > 1.0
> > usb0 at xhci0: USB revision 3.0
> > uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
> > 3.00/1.00 addr 1
> > "Intel 9 Series MEI" rev 0x03 at pci0 dev 22 function 0 not configured
> > azalia1 at pci0 dev 27 function 0 "Intel 9 Series HD Audio" rev 0x03: msi
> > azalia1: codecs: Realtek/0x0288
> > audio0 at azalia1
> > ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 0xe3: msi
> > pci1 at ppb0 bus 1
> > ppb1 at pci0 dev 28 function 3 "Intel 9 Series PCIE" rev 0xe3: msi
> > pci2 at ppb1 bus 2
> > iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 8260" rev 0x3a,
> > msi
> > ehci0 at pci0 dev 29 function 0 "Intel 9 Series USB" rev 0x03: apic 2 int 21
> > usb1 at ehci0: USB revision 2.0
> > uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev
> > 2.00/1.00 addr 1
> > pcib0 at pci0 dev 31 function 0 "Intel 9 Series LPC" rev 0x03
> > ahci0 at pci0 dev 31 function 2 "Intel 9 Series AHCI" rev 0x03: msi, AHCI
> > 1.3
> > ahci0: port 3: 6.0Gb/s
> > scsibus1 at ahci0: 32 targets
> > sd0 at scsibus1 targ 3 lun 0: <ATA, SAMSUNG SSD PM85, EXT2> SCSI3 0/direct
> > fixed naa.5002538844584d30
> > sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
> > ichiic0 at pci0 dev 31 function 3 "Intel 9 Series SMBus" rev 0x03: apic 2
> > int 18
> > iic2 at ichiic0
> > pchtemp0 at pci0 dev 31 function 6 "Intel 9 Series Thermal" rev 0x03
> > isa0 at pcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> > pckbd0 at pckbc0 (kbd slot)
> > wskbd0 at pckbd0: console keyboard, using wsdisplay0
> > pcppi0 at isa0 port 0x61
> > spkr0 at pcppi0
> > vmm0 at mainbus0: VMX/EPT
> > efifb at mainbus0 not configured
> > uhub2 at uhub0 port 2 configuration 1 interface 0 "Asmedia ASM107x" rev
> > 2.10/1.00 addr 2
> > uhub3 at uhub2 port 3 configuration 1 interface 0 "Alcor Micro product
> > 0x6254" rev 2.00/1.00 addr 3
> > uhidev0 at uhub3 port 1 configuration 1 interface 0 "Metadot - Das Keyboard
> > D4269" rev 1.10/1.00 addr 4
> > uhidev0: iclass 3/1
> > ukbd0 at uhidev0: 8 variable keys, 6 key codes
> > wskbd1 at ukbd0 mux 1
> > wskbd1: connecting to wsdisplay0
> > uhidev1 at uhub3 port 1 configuration 1 interface 1 "Metadot - Das Keyboard
> > D4269" rev 1.10/1.00 addr 4
> > uhidev1: iclass 3/0, 3 report ids
> > uhid0 at uhidev1 reportid 1: input=0, output=0, feature=7
> > uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0
> > uhid2 at uhidev1 reportid 3: input=3, output=0, feature=0
> > uhidev2 at uhub3 port 3 configuration 1 interface 0 "Logitech USB Receiver"
> > rev 2.00/12.03 addr 5
> > uhidev2: iclass 3/1
> > ukbd1 at uhidev2: 8 variable keys, 6 key codes
> > wskbd2 at ukbd1 mux 1
> > wskbd2: connecting to wsdisplay0
> > uhidev3 at uhub3 port 3 configuration 1 interface 1 "Logitech USB Receiver"
> > rev 2.00/12.03 addr 5
> > uhidev3: iclass 3/1, 8 report ids
> > ums0 at uhidev3 reportid 2: 16 buttons, Z and W dir
> > wsmouse1 at ums0 mux 0
> > uhid3 at uhidev3 reportid 3: input=4, output=0, feature=0
> > uhid4 at uhidev3 reportid 4: input=1, output=0, feature=0
> > uhid5 at uhidev3 reportid 8: input=1, output=0, feature=0
> > uhidev4 at uhub3 port 3 configuration 1 interface 2 "Logitech USB Receiver"
> > rev 2.00/12.03 addr 5
> > uhidev4: iclass 3/0, 33 report ids
> > uhid6 at uhidev4 reportid 16: input=6, output=6, feature=0
> > uhid7 at uhidev4 reportid 17: input=19, output=19, feature=0
> > uhid8 at uhidev4 reportid 32: input=14, output=14, feature=0
> > uhid9 at uhidev4 reportid 33: input=31, output=31, feature=0
> > uhidev5 at uhub0 port 4 configuration 1 interface 0 "ELAN Touchscreen" rev
> > 2.00/11.11 addr 6
> > uhidev5: iclass 3/0, 68 report ids
> > ums1 at uhidev5 reportid 1: 1 button, tip
> > wsmouse2 at ums1 mux 0
> > uhid10 at uhidev5 reportid 2: input=64, output=0, feature=0
> > uhid11 at uhidev5 reportid 3: input=0, output=31, feature=0
> > uhid12 at uhidev5 reportid 4: input=19, output=0, feature=0
> > uhid13 at uhidev5 reportid 10: input=0, output=0, feature=1
> > ums2 at uhidev5 reportid 68
> > ums2: mouse has no X report
> > axen0 at uhub0 port 12 configuration 1 interface 0 "ASIX Elec. Corp.
> > AX88179" rev 3.00/1.00 addr 7
> > axen0: AX88179, address 00:50:b6:27:a3:7b
> > rgephy0 at axen0 phy 3: RTL8169S/8110S/8211 PHY, rev. 5
> > uhub4 at uhub1 port 1 configuration 1 interface 0 "Intel Rate Matching Hub"
> > rev 2.00/0.03 addr 2
> > vscsi0 at root
> > scsibus2 at vscsi0: 256 targets
> > softraid0 at root
> > scsibus3 at softraid0: 256 targets
> > sd1 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006> SCSI2 0/direct fixed
> > sd1: 244197MB, 512 bytes/sector, 500116577 sectors
> > softraid0: volume sd1 is roaming, it used to be sd2, updating metadata
> > root on sd1a (804085ad887f27d8.a) swap on sd1b dump on sd1b
> > iwm0: hw rev 0x200, fw ver 16.242414.0, address e4:b3:18:08:db:2b
> >
> > usbdevs:
> > Controller /dev/usb0:
> > addr 01: 8086:0000 Intel, xHCI root hub
> > super speed, self powered, config 1, rev 1.00
> > driver: uhub0
> > addr 02: 043e:9a10 Asmedia, ASM107x
> > high speed, self powered, config 1, rev 1.00, iSerial 0000000A00FE
> > driver: uhub2
> > addr 03: 058f:6254 Alcor Micro, product 0x6254
> > high speed, self powered, config 1, rev 1.00
> > driver: uhub3
> > addr 04: 24f0:0142 Metadot - Das Keyboard, D4269
> > full speed, power 100 mA, config 1, rev 1.00
> > driver: uhidev0
> > driver: uhidev1
> > addr 05: 046d:c52b Logitech, USB Receiver
> > full speed, power 98 mA, config 1, rev 12.03
> > driver: uhidev2
> > driver: uhidev3
> > driver: uhidev4
> > addr 06: 04f3:20d0 ELAN, Touchscreen
> > full speed, self powered, config 1, rev 11.11
> > driver: uhidev5
> > addr 07: 1050:0116 Yubico, Yubikey NEO OTP+U2F+CCID
> > full speed, power 30 mA, config 1, rev 3.46
> > driver: uhidev6
> > driver: uhidev7
> > driver: ugen0
> > Controller /dev/usb1:
> > addr 01: 8086:0000 Intel, EHCI root hub
> > high speed, self powered, config 1, rev 1.00
> > driver: uhub1
> > addr 02: 8087:8001 Intel, Rate Matching Hub
> > high speed, self powered, config 1, rev 0.03
> > driver: uhub4
> >
>
