Hi Seiya, On Sat, 18 Feb 2017 12:46:06 +0000 Seiya Kawashima <[email protected]> wrote:
> >Synopsis: ldapd(8) hangs when receiving large data > >Category: system > >Environment: > System : OpenBSD 6.0 > Details : OpenBSD 6.0-current (GENERIC.MP) #0: Thu Feb > 16 19:58:50 CST 2017 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > >Description: > Hi, > > Thank you for your time to look at this bug report. > > ldapd(8) hangs when it receives partial LDAPMessages due to > the message sizes. conn_read() in /ldapd/conn.c is supposed to be > called to read partial LDAPMessages by libevent until it receives > complete LDAPMessages . In theory, conn_read() is called by libevent > whenever data for reading is available. However, it doesn't work this > way. What happens is that conn_read() is called once and nothing > happens any further. As the result, ldapd(8) hangs. It seemed to me > that ldapd(8) was waiting for more data from ldapadd as expected but > ldapadd was also waiting for something to send the rest of the data > to ldapd(8). So ldapadd was the one that didn't send the rest of the > data to ldapd(8). To prove this point, once I killed ldapadd while > they were hanging, ldapd(8) started receiving the rest of the data > and stored the data without hanging at this time. ldapd(8) can't > simply wait for more data to read but needs to do something to let > ldapadd keep sending the rest of the data. I found a fix for this > issue but I've not yet found any references about the fix on RFCs > 4511, 4513 and 4514 and the source code at > https://github.com/openldap/openldap so unfortunately I'm not quite > sure if this one would be the right fix. The fix came from my > experiments. > > Thank you > Seiya I reproduced the issue with both OpenBSD 6.0 plus patches 1 through 17 applied and OpenBSD current (as of today). The image I used show the issue for both versions. When switching TLS off, however, the issue doesn't show up. I didn't try with non-self-signed certificates, however (will probably try tomorrow). Differences in the ldapd(8) output (self-signed TLS certificate, no TLS) are below for both OpenBSD versions. Anyway, the ldapadd operation completes, even when ldapadd hangs (you can check with ldapsearch afterwards; ldapadd gives a lot more output if you use the "-d 7" switch, where you can see the jpeg image is transported to the ldapd(8) server. It doesn't show the "add:..." output though, because it's running in a loop. With "-d 7" it repeats the following output over and over: --- snip --- ** ld 0x557e29a78770 Outstanding Requests: * msgid 2, origid 2, status InProgress outstanding referrals 0, parent count 0 ld 0x557e29a78770 request count 1 (abandoned 0) ** ld 0x557e29a78770 Response Queue: Empty ld 0x557e29a78770 response count 0 ldap_chkResponseList ld 0x557e29a78770 msgid 2 all 1 ldap_chkResponseList returns ld 0x557e29a78770 NULL ldap_int_select ldap_result ld 0x557e29a78770 msgid 2 wait4msg ld 0x557e29a78770 msgid 2 (timeout 100000 usec) wait4msg continue ld 0x557e29a78770 msgid 2 all 1 ** ld 0x557e29a78770 Connections: * host: r310 port: 636 (default) refcnt: 2 status: Connected last used: Mon Feb 27 20:14:07 2017 --- snip --- I'm very hesitant about patching the file ber.c; BER is the encoding of LDAP messages, and shouldn't concern itself about transport and getting full or partial messages. I'll dig a little more the next couple of days. --- Differences of ldapd(8) output tls / without tls --- ldapd OpenBSD 6.0 w/ Patches 1 through 17 applied --- (OpenBSD 6.0 (GENERIC) #2: Tue Feb 21 08:31:58 CET 2017) --- without-tls.log Mon Feb 27 16:56:58 2017 +++ with-tls.log Mon Feb 27 16:57:08 2017 @@ -2,16 +2,19 @@ [--------------------] parsing schema file '/etc/ldap/core.schema' [--------------------] parsing schema file '/etc/ldap/inetorgperson.schema' [--------------------] parsing schema file '/etc/ldap/nis.schema' + [--------------------] loading certificate file /etc/ldap/certs/vio0.crt + [--------------------] loading key file /etc/ldap/certs/vio0.key [--------------------] parsing namespace dc=example,dc=com [--------------------] deny 1F access to any scope 0 by any [--------------------] allow 10 access to ou=people,dc=example,dc=com scope 1 by any [--------------------] allow 01 access to any scope 0 by @ [--------------------] allow 02 access to any scope 0 by @ [--------------------] startup - [--------------------] listening on 192.168.131.146:389 + [--------------------] listening on 192.168.131.146:636 [--------------------] opening namespace dc=example,dc=com [--------------------] ldape: entering event loop [--------------------] accepted connection from 192.168.131.26 on fd 9 + [--------------------] conn_tls_init: switching to TLS [--------------------] consumed 46 bytes [--------------------] received request on fd 9 len 44 class: universal(0) type: sequence(16) encoding 16 @@ -141,12 +144,5 @@ len 1 class: universal(0) type: enumerated(10) encoding 10 value 0 len 0 class: universal(0) type: octet-string(4) encoding 4 string "" len 0 class: universal(0) type: octet-string(4) encoding 4 string "" - [--------------------] consumed 7 bytes - [--------------------] received request on fd 9 -len 5 class: universal(0) type: sequence(16) encoding 16 - len 1 class: universal(0) type: integer(2) encoding 2 value 3 - len 0 class: application(1) type: unbind(2) encoding 4 string "" - [--------------------] got request type 2, id 3 - [--------------------] current bind dn = cn=admin,dc=example,dc=com [--------------------] end-of-file on connection 9 [--------------------] closing connection 9 --- Differences of ldapd(8) output tls / without tls --- ldapd OpenBSD current --- (OpenBSD 6.0-current (GENERIC) #0: Mon Feb 27 17:15:05 CET 2017) --- wotls.log Mon Feb 27 20:20:48 2017 +++ wtls.log Mon Feb 27 20:20:40 2017 @@ -1,4 +1,6 @@ [---------------------] parsing config /etc/ldapd.conf + [---------------------] loading certificate file /etc/ldap/certs/bnx0.crt + [---------------------] loading key file /etc/ldap/certs/bnx0.key [---------------------] parsing schema file '/etc/ldap/core.schema' [---------------------] parsing schema file '/etc/ldap/inetorgperson.schema' [---------------------] parsing schema file '/etc/ldap/nis.schema' @@ -13,6 +15,8 @@ [---------------------] allow 02 access to any scope 0 by @ [---------------------] startup [---------------------] parsing config /etc/ldapd.conf + [---------------------] loading certificate file /etc/ldap/certs/bnx0.crt + [---------------------] loading key file /etc/ldap/certs/bnx0.key [---------------------] parsing schema file '/etc/ldap/core.schema' [---------------------] parsing schema file '/etc/ldap/inetorgperson.schema' [---------------------] parsing schema file '/etc/ldap/nis.schema' @@ -25,7 +29,7 @@ [---------------------] allow 10 access to ou=people,dc=example,dc=com scope 1 by any [---------------------] allow 01 access to any scope 0 by @ [---------------------] allow 02 access to any scope 0 by @ - [---------------------] listening on 192.168.131.129:389 + [---------------------] listening on 192.168.131.129:636 [---------------------] listening on 127.0.0.1:389 [---------------------] listening on fe80:2::1:389 [---------------------] listening on ::1:389 @@ -34,6 +38,7 @@ [---------------------] opening namespace dc=example,dc=com [---------------------] ldape: entering event loop [---------------------] accepted connection from 192.168.131.26 on fd 16 + [---------------------] conn_tls_init: switching to TLS [---------------------] consumed 46 bytes [---------------------] got request type 0, id 1 [---------------------] bind dn = cn=admin,dc=example,dc=com @@ -50,8 +55,5 @@ [---------------------] indexing cn=robert smith,ou=people,dc=example,dc=com on sn [---------------------] indexing rdn on @ou=people,cn=robert smith [---------------------] sending response 9 with result 0 - [---------------------] consumed 7 bytes - [---------------------] got request type 2, id 3 - [---------------------] current bind dn = cn=admin,dc=example,dc=com [---------------------] end-of-file on connection 16 [---------------------] closing connection 16 Best regards Robert > > >How-To-Repeat: > 1. Make ldapadd work with self signed certificates for this > bug. Please use the content below for your ~/.ldaprc, otherwise > ldapadd would not work with self signed certificates. > > # This is a LDAP client configuration file. > URI ldap:// ldaps:// > TLS_REQCERT allow > > 2. Generate a self signed certificate for this bug. Please > type the command, starttls(8) below to generate a self signed > certificate. Please change the interface, re0 for your environment. > > openssl genrsa -out /etc/ldap/certs/re0.key 4096 > openssl req -x509 -new -key /etc/ldap/certs/re0.key \ > -out /etc/ldap/certs/re0.crt -days 365 > > 3. Set up a simple /etc/ldapd.conf. Please use the content > below for your /etc/ldapd.conf. > > schema "/etc/ldap/core.schema" > schema "/etc/ldap/inetorgperson.schema" > schema "/etc/ldap/nis.schema" > > # Please change the interface accordingly for your > environment. listen on re0 ldaps > > namespace "dc=example,dc=com" { > rootdn "cn=admin,dc=example,dc=com" > rootpw "secret" > index objectClass > index cn > index ou > index uid > index uidNumber > index gidNumber > index mail > index sn > deny access to any by any > allow bind access to children of > "ou=people,dc=example,dc=com" by any allow read access to any by self > allow write access to any by self > } > > 4. Type the command below to run ldapd(8) in verbose debug > mode. > > /usr/sbin/ldapd -vv -d > > 5. Create a simple DIT via ldapadd. Please type the command > like below and adjust the values for -H and -f flags accordingly for > your environment. > > ldapadd -vv -H ldaps://192.168.0.118 -x -D > "cn=admin,dc=example,dc=com" \ -w secret > -f ./sample-1-people-create.txt > > Please use the content below as an LDIF file to reproduce > the issue. > > ## This LDIF is from > http://www.zytrax.com/books/ldap/ch5/index.html#step1-ldif ## DEFINE > DIT ROOT/BASE/SUFFIX #### ## uses RFC 2377 format > ## replace example and com as necessary below > ## or for experimentation leave as is > > ## dcObject is an AUXILLIARY objectclass and MUST > ## have a STRUCTURAL objectclass (organization in this > case) ## this is an ENTRY sequence and is preceded by a BLANK line > > dn: dc=example,dc=com > dc: example > description: My wonderful company as much text as you want > to place in this line up to 32K continuation data for the line above > must have <CR> or <CR><LF> i.e. ENTER works > on both Windows and *nix system - new line MUST begin > with ONE SPACE objectClass: dcObject > objectClass: organization > o: Example, Inc. > > ## FIRST Level hierarchy - people > ## uses mixed upper and lower case for objectclass > ## this is an ENTRY sequence and is preceded by a BLANK > line > > dn: ou=people, dc=example,dc=com > ou: people > description: All people in organisation > objectclass: organizationalunit > > 6. Add a person as inetOrgPerson objectClass under ou=people > specifying a file for the person's jpegPhoto attribute. Please type > the command below to add the person. Also please specify a large > enough file for the jpegPhoto attribute so that conn_read() > in /ldapd/conn.c needs to be called multiple times to get a complete > LDAPMessage. If it's successful at the first time, try it a couple of > more times. You will be able to see the hang. Please adjust the > values for -H and -f flags accordingly for your environment. > > ldapadd -vv -H ldaps://192.168.0.118 -x -D > "cn=admin,dc=example,dc=com" \ -w secret -f ./sample-1-people-add.txt > > Please use the content below as an LDIF file to make > ldapd(8) and ldapadd hang. > > dn: cn=Robert Smith,ou=people,dc=example,dc=com > objectclass: inetOrgPerson > cn: Robert Smith > cn: Robert J Smith > cn: bob smith > sn: smith > uid: rjsmith > ## Please specify a file that would cause conn_read() to > be called ## multiple times. I tried around 2KB, 3KB, 5KB and 13KB > files for ## jpegPhoto attribute. > jpegPhoto:< > file:///home/seiyak/Documents/samples/LDAP/sample.jpeg userpassword: > rJsmitH carlicense: HISCAR 123 > homephone: 555-111-2222 > mail: [email protected] > mail: [email protected] > mail: [email protected] > description: swell guy > ou: Human Resources > > This is the output when the hang happens on ldapd(8). > > Feb 17 04:01:28.030 [79095] accepted connection from > 192.168.0.115 on fd 12 Feb 17 04:01:28.030 [79095] conn_tls_init: > switching to TLS Feb 17 04:01:28.062 [79095] consumed 46 bytes > Feb 17 04:01:28.062 [79095] received request on fd 12 > len 44 class: universal(0) type: sequence(16) encoding 16 > len 1 class: universal(0) type: integer(2) encoding 2 > value 1 len 39 class: application(1) type: bind(0) encoding 16 > len 1 class: universal(0) type: integer(2) encoding 2 > value 3 len 26 class: universal(0) type: octet-string(4) encoding 4 > string "cn=admin,dc=example,dc=com" len 6 class: context(2) type: > auth simple(0) encoding 4 string "secret" Feb 17 04:01:28.062 [79095] > got request type 0, id 1 Feb 17 04:01:28.062 [79095] bind dn = > cn=admin,dc=example,dc=com Feb 17 04:01:28.062 [79095] successfully > authenticated as cn=admin,dc=example,dc=com Feb 17 04:01:28.062 > [79095] sending response 1 with result 0 Feb 17 04:01:28.062 [79095] > sending response on fd 12 len 12 class: universal(0) type: > sequence(16) encoding 16 len 1 class: universal(0) type: integer(2) > encoding 2 value 1 len 7 class: application(1) type: bind(1) encoding > 16 len 1 class: universal(0) type: enumerated(10) encoding 10 value 0 > len 0 class: universal(0) type: octet-string(4) > encoding 4 string "" len 0 class: universal(0) type: octet-string(4) > encoding 4 string "" # ldapd(8) hangs here and no more output is > produced until I kill ladpadd. > > This is the output when the hang happens on ldapadd. > > ldap_initialize( ldaps://192.168.0.118:636/??base ) > add objectclass: > inetOrgPerson > add cn: > Robert Smith > Robert J Smith > bob smith > add sn: > smith > add uid: > rjsmith > add jpegPhoto: > NOT ASCII (2568 bytes) > add userpassword: > rJsmitH > add carlicense: > HISCAR 123 > add homephone: > 555-111-2222 > add mail: > [email protected] > [email protected] > [email protected] > add description: > swell guy > add ou: > Human Resources > adding new entry "cn=Robert > Smith,ou=people,dc=example,dc=com" # ldapadd hangs here and no more > output is produced. Once I kill # ldapadd, the rest of the data is > sent to ldapd(8) and it can # process the complete LDAPMessage > escaping from the hang. > > The code from /ldapd/ber.c below is where ldapd(8) tries > to read complete LDAPMessages calling conn_read() multiple times. You > might want to put a debug message to show r and totlen before line > 1102 on /ldapd/ber.c to see how many bytes are currently available > and how many more bytes need to be read for a complete LDAPMessage. > > 1095 DPRINTF("ber read element size %zd\n", len); > 1096 totlen += r + len; > 1097 > 1098 /* If using an external buffer and the total size > of the element 1099 * is larger then the external buffer don't > bother to continue. */ 1100 if (ber->fd == -1 && len > > ber->br_rend - ber->br_rptr) { 1101 errno = ECANCELED; > 1102 return -1; > 1103 } > > >Fix: > Based on my experiments, ldapd(8) needs to send a response via > send_result_ldap() or send_ldap_extended_response() > in /ldapd/ldape.c every time ldapd(8) reads partial LDAPMessages. For > this purpose, I modified ber_read_elements() and ber_read_element() > in /ldapd/ber.c, conn_dispatch() in /ldapd/conn.c and copied > send_ldap_extended_response() as send_ldap_extended_response2() > in /ldapd/conn.c. Please take a look at the diffs below. Once the fix > is in place, please recompile ldapd(8) and return ldapd(8) and > ldapadd. At this time, no hang happens. Please type the command below > to search and verify the value for the jpegPhoto attribute. Please > also adjust the values for -H flag and ldapsearch-jpegPhoto-HO0LQD > accordingly for your environment. > > ldapsearch -tt -T ./ -LLL -H ldaps://192.168.0.118 -x -D > "cn=admin,dc=example,dc=com" \ -w secret -b "cn=Robert > Smith,ou=people,dc=example,dc=com" jpegPhoto openssl dgst -sha1 > ldapsearch-jpegPhoto-HO0LQD openssl dgst > -sha1 /home/seiyak/Documents/samples/LDAP/sample.jpeg > > Index: ber.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ldapd/ber.c,v > retrieving revision 1.12 > diff -u -p -r1.12 ber.c > --- ber.c 11 Feb 2017 20:40:03 -0000 1.12 > +++ ber.c 18 Feb 2017 01:36:05 -0000 > @@ -815,12 +815,13 @@ ber_read_elements(struct ber *ber, struc > > DPRINTF("read ber elements, root %p\n", root); > > - if (ber_read_element(ber, root) == -1) { > - /* Cleanup if root was allocated by us */ > - if (elm == NULL) > - ber_free_elements(root); > - return NULL; > - } > + /* ber elements might be spread over multiple buffers. In > such a case, > + * parsing ber fails since it's a partial message but the > caller still > + * needs to send a response to the client. Otherwise a hang > would > + * occur. the caller needs to free root no matter parsing ber > is > + * succeesful or not. > + */ > + ber_read_element(ber, root); > > return root; > } > @@ -1081,7 +1082,7 @@ ber_read_element(struct ber *ber, struct > long long val = 0; > struct ber_element *next; > unsigned long type; > - int i, class, cstruct; > + int i, class, cstruct, err = -1; > ssize_t len, r, totlen = 0; > u_char c; > > @@ -1098,8 +1099,10 @@ ber_read_element(struct ber *ber, struct > /* If using an external buffer and the total size of the > element > * is larger then the external buffer don't bother to > continue. */ if (ber->fd == -1 && len > ber->br_rend - ber->br_rptr) { > + /* Keep working on partial message. */ > errno = ECANCELED; > - return -1; > + len = ber->br_rend - ber->br_rptr; > + err = 0; > } > > elm->be_type = type; > @@ -1186,6 +1189,12 @@ ber_read_element(struct ber *ber, struct > next = next->be_next; > } > break; > + } > + > + if(err == 0){ > + /* Let the caller know it's a partial message. */ > + errno = ECANCELED; > + totlen = -1; > } > return totlen; > } > Index: conn.c > =================================================================== > RCS file: /cvs/src/usr.sbin/ldapd/conn.c,v > retrieving revision 1.14 > diff -u -p -r1.14 conn.c > --- conn.c 20 Jan 2017 11:55:08 -0000 1.14 > +++ conn.c 18 Feb 2017 01:36:05 -0000 > @@ -29,6 +29,11 @@ > int conn_dispatch(struct conn *conn); > int conn_tls_init(struct conn *); > unsigned long ldap_application(struct ber_element *elm); > +/* Copied from /ldapd/ldape.c and renamed to > send_ldap_extended_response2(). */ +void > send_ldap_extended_response2(struct conn *conn, > + int msgid, unsigned long type, > + long long result_code, > + const char *extended_oid); > > struct conn_list conn_list; > > @@ -137,10 +142,53 @@ request_dispatch(struct request *req) > } > } > > +/* Copied from /ldapd/ldape.c and renamed to > send_ldap_extended_response2(). > + */ > +void > +send_ldap_extended_response2(struct conn *conn, int msgid, unsigned > long type, > + long long result_code, const char *extended_oid) > +{ > + int rc; > + struct ber_element *root, *elm; > + void *buf; > + > + log_debug("sending response %u with result %lld", type, > result_code); + > + if ((root = ber_add_sequence(NULL)) == NULL) > + goto fail; > + > + elm = ber_printf_elements(root, "d{tEss", > + msgid, BER_CLASS_APP, type, result_code, "", ""); > + if (elm == NULL) > + goto fail; > + > + if (extended_oid) > + if (ber_add_string(elm, extended_oid) == NULL) > + goto fail; > + > + ldap_debug_elements(root, type, "sending response on fd %d", > conn->fd); + > + rc = ber_write_elements(&conn->ber, root); > + ber_free_elements(root); > + > + if (rc < 0) > + log_warn("failed to create ldap result"); > + else { > + ber_get_writebuf(&conn->ber, &buf); > + if (bufferevent_write(conn->bev, buf, rc) != 0) > + log_warn("failed to send ldap result"); > + } > + > + return; > +fail: > + if (root) > + ber_free_elements(root); > +} > + > int > conn_dispatch(struct conn *conn) > { > - int class; > + int class, err; > struct request *req; > u_char *rptr; > > @@ -155,18 +203,9 @@ conn_dispatch(struct conn *conn) > req->conn = conn; > rptr = conn->ber.br_rptr; /* save where we start > reading */ > > - if ((req->root = ber_read_elements(&conn->ber, NULL)) == > NULL) { > - if (errno != ECANCELED) { > - log_warnx("protocol error"); > - hexdump(rptr, conn->ber.br_rend - rptr, > - "failed to parse request from %zi bytes:", > - conn->ber.br_rend - rptr); > - conn_disconnect(conn); > - } > - request_free(req); > - return -1; > - } > - log_debug("consumed %d bytes", conn->ber.br_rptr - rptr); > + req->root = ber_read_elements(&conn->ber, NULL); > + /* Store errno from ber_read_elements(). */ > + err = errno; > > /* Read message id and request type. > */ > @@ -179,6 +218,19 @@ conn_dispatch(struct conn *conn) > request_free(req); > return -1; > } > + > + if(err == ECANCELED){ > + /* Let LDAP client keep sending leftover data to > ldapd. > + * Need to respond to each partial LDAPMessage, > otherwise > + * the client would not send the rest of the message. > + */ > + send_ldap_extended_response2(conn, req->msgid, > req->type + 1, > + LDAP_SUCCESS, NULL); > + request_free(req); > + return -1; > + } > + > + log_debug("consumed %d bytes", conn->ber.br_rptr - rptr); > > ldap_debug_elements(req->root, req->type, > "received request on fd %d", conn->fd); > > dmesg: > OpenBSD 6.0-current (GENERIC.MP) #0: Thu Feb 16 19:58:50 CST 2017 > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 4152004608 (3959MB) > avail mem = 4021501952 (3835MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebe20 (44 entries) > bios0: vendor AMI version "80.06" date 04/11/2014 > bios0: Hewlett-Packard HP 200 G1 MT > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT MSDM MCFG LPIT SLIC HPET SSDT SSDT > SSDT UEFI DBGP acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) > PXSX(S4) PXSX(S4) PWRB(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz, 2417.21 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu0: 1MB 64b/line 16-way L2 cache cpu0: TSC frequency 2417213510 Hz > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 83MHz > cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz, 2416.67 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 4 (application processor) > cpu2: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz, 2416.67 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 6 (application processor) > cpu3: Intel(R) Pentium(R) CPU J2850 @ 2.41GHz, 2416.67 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins > acpimadt0: bogus nmi for apid 0 > acpimadt0: bogus nmi for apid 4 > acpimadt0: bogus nmi for apid 6 > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (RP01) > acpiprt2 at acpi0: bus -1 (ITPC) > acpiprt3 at acpi0: bus 3 (RP02) > acpiprt4 at acpi0: bus 4 (RP03) > acpiprt5 at acpi0: bus 9 (RP04) > acpiec0 at acpi0: not present > acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS > acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS > acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS > acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS > acpipwrres0 at acpi0: PLPE > acpipwrres1 at acpi0: PLPE > acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1 > acpipwrres3 at acpi0: FN00, resource for FAN0 > acpitz0 at acpi0: critical temperature is 90 degC > "PNP0501" at acpi0 not configured > "DMA0F28" at acpi0 not configured > acpibtn0 at acpi0: PWRB > acpibtn1 at acpi0: SLPB > "PNP0C14" at acpi0 not configured > "PNP0C0B" at acpi0 not configured > acpivideo0 at acpi0: GFX0 > cpu0: Enhanced SpeedStep 2417 MHz: speeds: 2407, 2324, 2241, 2158, > 2075, 1992, 1909, 1826, 1743, 1660, 1577, 1494, 1411, 1328 MHz pci0 > at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Bay Trail > Host" rev 0x0a inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail > Video" rev 0x0a drm0 at inteldrm0 > inteldrm0: msi > inteldrm0: 1024x768, 32bpp > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) > wsdisplay0: screen 1-5 added (std, vt100 emulation) > ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0a: msi, > AHCI 1.3 ahci0: port 0: 3.0Gb/s > ahci0: port 1: 1.5Gb/s > scsibus1 at ahci0: 32 targets > sd0 at scsibus1 targ 0 lun 0: <ATA, TOSHIBA DT01ACA0, MS1O> SCSI3 > 0/direct fixed naa.5000039ffcc7f26b sd0: 476940MB, 512 bytes/sector, > 976773168 sectors cd0 at scsibus1 targ 1 lun 0: <hp, DVD-RAM GHB0N, > RK03> ATAPI 5/cdrom removable xhci0 at pci0 dev 20 function 0 "Intel > RK03> Bay Trail xHCI" rev 0x0a: msi > usb0 at xhci0: USB revision 3.0 > uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev > 3.00/1.00 addr 1 "Intel Bay Trail TXE" rev 0x0a at pci0 dev 26 > function 0 not configured azalia0 at pci0 dev 27 function 0 "Intel > Bay Trail HD Audio" rev 0x0a: msi azalia0: codecs: Realtek ALC221, > Intel/0x2882, using Realtek ALC221 audio0 at azalia0 > ppb0 at pci0 dev 28 function 0 "Intel Bay Trail I2C" rev 0x0a: msi > pci1 at ppb0 bus 1 > ppb1 at pci1 dev 0 function 0 "ITExpress IT8893E PCIE-PCI" rev 0x52 > pci2 at ppb1 bus 2 > re0 at pci2 dev 0 function 0 "D-Link DGE-528T" rev 0x10: > RTL8169/8110SB (0x1000), apic 1 int 16, address 1c:7e:e5:2a:a0:50 > rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 3 ppb2 at pci0 > dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0a: msi pci3 at ppb2 > bus 3 re1 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: > RTL8168G/8111G (0x4c00), msi, address 10:60:4b:91:85:83 rgephy1 at > re1 phy 7: RTL8251 PHY, rev. 0 ppb3 at pci0 dev 28 function 2 "Intel > Bay Trail PCIE" rev 0x0a: msi pci4 at ppb3 bus 4 > ppb4 at pci4 dev 0 function 0 "TI XIO3130 PCIE-PCIE upstream" rev 0x02 > pci5 at ppb4 bus 5 > ppb5 at pci5 dev 0 function 0 "TI XIO3130 PCIE-PCIE downstream" rev > 0x02 pci6 at ppb5 bus 6 > re2 at pci6 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:e0:4c:80:62:93 rgephy2 at re2 phy 7: > RTL8169S/8110S/8211 PHY, rev. 4 ppb6 at pci5 dev 1 function 0 "TI > XIO3130 PCIE-PCIE downstream" rev 0x02 pci7 at ppb6 bus 7 > re3 at pci7 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:e0:4c:80:62:94 rgephy3 at re3 phy 7: > RTL8169S/8110S/8211 PHY, rev. 4 ppb7 at pci5 dev 2 function 0 "TI > XIO3130 PCIE-PCIE downstream" rev 0x02 pci8 at ppb7 bus 8 > ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x0a: msi > pci9 at ppb8 bus 9 > ppb9 at pci9 dev 0 function 0 "TI XIO3130 PCIE-PCIE upstream" rev 0x02 > pci10 at ppb9 bus 10 > ppb10 at pci10 dev 0 function 0 "TI XIO3130 PCIE-PCIE downstream" rev > 0x02 pci11 at ppb10 bus 11 > re4 at pci11 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:e0:4c:80:59:28 rgephy4 at re4 phy 7: > RTL8169S/8110S/8211 PHY, rev. 4 ppb11 at pci10 dev 1 function 0 "TI > XIO3130 PCIE-PCIE downstream" rev 0x02 pci12 at ppb11 bus 12 > re5 at pci12 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E > (0x2c00), msi, address 00:e0:4c:80:59:29 rgephy5 at re5 phy 7: > RTL8169S/8110S/8211 PHY, rev. 4 ppb12 at pci10 dev 2 function 0 "TI > XIO3130 PCIE-PCIE downstream" rev 0x02 pci13 at ppb12 bus 13 > ehci0 at pci0 dev 29 function 0 "Intel Bay Trail EHCI" rev 0x0a: apic > 1 int 23 ehci0: halt timeout > usb1 at ehci0: USB revision 2.0 > uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev > 2.00/1.00 addr 1 pcib0 at pci0 dev 31 function 0 "Intel Bay Trail > LPC" rev 0x0a ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail > SMBus" rev 0x0a: apic 1 int 18 iic0 at ichiic0 > spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM > isa0 at pcib0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > pckbd0 at pckbc0 (kbd slot) > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > vmm disabled by firmware > vmm at mainbus0 not configured > uhidev0 at uhub0 port 2 configuration 1 interface 0 "Hewlett Packard > HP USB Keyboard" rev 1.10/2.07 addr 2 uhidev0: iclass 3/1 > ukbd0 at uhidev0: 8 variable keys, 6 key codes > wskbd1 at ukbd0 mux 1 > wskbd1: connecting to wsdisplay0 > uhidev1 at uhub0 port 2 configuration 1 interface 1 "Hewlett Packard > HP USB Keyboard" rev 1.10/2.07 addr 2 uhidev1: iclass 3/0, 2 report > ids uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0 > uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0 > uhidev2 at uhub0 port 3 configuration 1 interface 0 "PixArt HP USB > Optical Mouse" rev 2.00/1.00 addr 3 uhidev2: iclass 3/1 > ums0 at uhidev2: 3 buttons, Z dir > wsmouse0 at ums0 mux 0 > uhub2 at uhub0 port 4 configuration 1 interface 0 "Alcor Micro > product 0x6254" rev 2.00/1.00 addr 4 uhub3 at uhub1 port 1 > configuration 1 interface 0 "Intel product 0x07e6" rev 2.00/0.10 addr > 2 vscsi0 at root scsibus2 at vscsi0: 256 targets > softraid0 at root > scsibus3 at softraid0: 256 targets > root on sd0a (0aa09e87b165e337.a) swap on sd0b dump on sd0b > > usbdevs: > Controller /dev/usb0: > addr 1: super speed, self powered, config 1, xHCI root hub(0x0000), > Intel(0x8086), rev 1.00 port 1 disabled > port 2 addr 2: low speed, power 100 mA, config 1, HP USB > Keyboard(0x0d4a), Hewlett Packard(0x03f0), rev 2.07 port 3 addr 3: > low speed, power 100 mA, config 1, HP USB Optical Mouse(0x094a), > PixArt(0x03f0), rev 1.00 port 4 addr 4: high speed, self powered, > config 1, product 0x6254(0x6254), Alcor Micro(0x058f), rev 1.00 port > 1 powered port 2 powered port 3 powered > port 4 powered > port 5 disabled > port 6 disabled > port 7 disabled > Controller /dev/usb1: > addr 1: high speed, self powered, config 1, EHCI root hub(0x0000), > Intel(0x8086), rev 1.00 port 1 addr 2: high speed, self powered, > config 1, product 0x07e6(0x07e6), Intel(0x8087), rev 0.10 port 1 > powered port 2 powered > port 3 powered > port 4 powered > port 2 powered > port 3 powered > port 4 powered > port 5 powered > port 6 powered > port 7 powered > port 8 powered
