Re: Is randomizing UID/GUID would make sense?

[Theo de Raadt]

> Responding to multiple messages:
> 
> On Fri, 20 Jan 2017 08:43:46 +0100
> "minek van"  wrote:
> > I can see that the default users and when creating new ones have
> > their UID/GUID incremented by 1. 
> > 
> > Could it bring more security if the UIDs/GUIDs would be random?
> 
> On Mon, 23 Jan 2017 11:51:29 -0500
> andrew fabbro  wrote:
> > The OP was just talking about changing from "last +1" to arc4random.
> > Synchronizing UID/GID across servers (if you're not using a directory
> > of some sort) is the same headache regardless of how you pick them.
> > 
> > If the OP meant every server has different, unique randomized
> > UID/GIDs then that's a separate craziness.
> 
> I can see this randomisation making systems management a bit more
> difficult as a non-random GUID/UID setup can be used to do things like:
> 
> GID 0 = wheel
> GID 1-999 = privsep users, daemons, system
> GID 1000-32765 = ordinary logins
> GID 32766 = nogroup
> GID 32767 = nobody
> 
> Because the separation is clear and not so random, you can also set up
> GIDs/UIDs (1000-32765) permanently across a site where they need to be
> static, in the case of logged-in users. Very necessary for backups.
> 
> However, the users 1-999 may change depending on what order you install
> packages in.
> 
> OpenBSD still randomizes PIDs, but I don't see the point these days:
> https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961


Sorry you lost me.

I can't tell if you are supporting a useless idea, or declaring that a
useless idea is not worth supporting.

flaky network connection after 6.1 upgrade

[Colton Lewis]

After upgrading to 6.1, I have been unable to maintain an internet
connection for more than a few seconds at a time.

The machine in question uses an Atheros AR9281 for a wifi connection.
All other machines on that wifi network have no problems. The Atheros
card worked perfectly yesterday.

Pinging the machine over a long period of time gives about 40% packet
loss. Trying to access the internet in any way often seems to work for
a few seconds, then hangs.

It may work in short spurts over the next couple of minutes before
hanging for good. I have monitored this with tcpdump and noticed no
tcp packets sent when the connection is hung.

What could be happening and how can I fix this?

Sincerely,
Colton Lewis

Re: ordering

[Vijay Sankar]

Quoting Friedrich Locke :


Hi folks,

i would like to order obsd 6.1, butfrom the openbsd store i cannot see it
available for ordering.
May you help me ?

thanks, gustavo.


Hi,

I had sent an email to ord...@openbsdstore.com regarding this  
yesterday and they replied that "there isn't a 6.1 cd, please check  
out the obsd.org site to persuade them to make one...". However I did  
not want to bother the list and the developers in case CDs are not the  
way to go. I did a search on mailing list messages but did not see  
anything about 6.1 CDs. So I am thinking that the CD's may be ready  
only by May 1 and the release date was pushed earlier for some reason  
(just a guess because in 2015 and before, CDs were released in May and  
November)


If no OpenBSD CDs are going to be released, then probably it is better  
to just send a donation to the OpenBSD foundation and/or to Theo de  
Raadt. If CD's are going to be released, of course, I would be first  
in line since I have all CD's since 2.8 :)


Vijay
--
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca

Re: Is randomizing UID/GUID would make sense?

[bytevolcano]

Responding to multiple messages:

On Fri, 20 Jan 2017 08:43:46 +0100
"minek van"  wrote:
> I can see that the default users and when creating new ones have
> their UID/GUID incremented by 1. 
> 
> Could it bring more security if the UIDs/GUIDs would be random?

On Mon, 23 Jan 2017 11:51:29 -0500
andrew fabbro  wrote:
> The OP was just talking about changing from "last +1" to arc4random.
> Synchronizing UID/GID across servers (if you're not using a directory
> of some sort) is the same headache regardless of how you pick them.
> 
> If the OP meant every server has different, unique randomized
> UID/GIDs then that's a separate craziness.

I can see this randomisation making systems management a bit more
difficult as a non-random GUID/UID setup can be used to do things like:

GID 0 = wheel
GID 1-999 = privsep users, daemons, system
GID 1000-32765 = ordinary logins
GID 32766 = nogroup
GID 32767 = nobody

Because the separation is clear and not so random, you can also set up
GIDs/UIDs (1000-32765) permanently across a site where they need to be
static, in the case of logged-in users. Very necessary for backups.

However, the users 1-999 may change depending on what order you install
packages in.

OpenBSD still randomizes PIDs, but I don't see the point these days:
https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961

Re: ordering

[Ax0n]

I guess this is the thread where I mention that most of the OpenBSD FTP
mirrors' login motd banner say you can buy 6.1 on CD. Not really a big
deal, but mirror maintainers might want to adjust it.

On Sat, Apr 15, 2017 at 8:37 PM, Edgar Pettijohn 
wrote:

> On 04/15/17 20:28, Friedrich Locke wrote:
>
>> Hi folks,
>>
>> i would like to order obsd 6.1, butfrom the openbsd store i cannot see it
>> available for ordering.
>> May you help me ?
>>
>> thanks, gustavo.
>>
> 6.0 was the last release that the project made CD's for.

Re: ordering

[Edgar Pettijohn]

On 04/15/17 20:28, Friedrich Locke wrote:

Hi folks,

i would like to order obsd 6.1, butfrom the openbsd store i cannot see it
available for ordering.
May you help me ?

thanks, gustavo.

6.0 was the last release that the project made CD's for.

Re: ordering

[Constantine A. Murenin]

On 15/04/2017, Friedrich Locke  wrote:
> Hi folks,
>
> i would like to order obsd 6.1, butfrom the openbsd store i cannot see it
> available for ordering.
> May you help me ?

http://www.openbsd.org/lyrics.html#60f

Notice that the 61.html page no longer has any ISBN numbers, BTW.

C.

ordering

[Friedrich Locke]

Hi folks,

i would like to order obsd 6.1, butfrom the openbsd store i cannot see it
available for ordering.
May you help me ?

thanks, gustavo.

Re: Thinkpad T460s on lastest -snapshot, no Xorg

[Gregor Best]

Hi Daniel,

I have a laptop with a similar chipset. The issue is that the
inteldrm(4) driver does not support Skylake devices at the moment.

If you boot the machine EFI mode, efifb(4) should attach to the EFI
frame buffer. This in turn allows you to use Xorg's wsfb driver with an
/etc/X11/xorg.conf which looks like this:

Section "Device"
Identifier "default device"
Driver "wsfb"
EndSection

Apart from missing suspend/resume and 3D-acceleration, such a setup
seems to work nicely for me. Chrome/Firefox need to be taught not to use
graphics acceleration, and for mpv you need to use the commandline
parameter `-vo x11` to tell it to use oldschool X11 rendering.
Brightness control can be done with

https://github.com/jcs/intel_backlight_fbsd

if you set `machdep.allowaperture` to 3. Don't mind the `fbsd` in the
name, it works on OpenBSD as well.

--
Gregor

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Using X with VESA on Skylake

[Gregor Best]

Hi Hrishikesh,

On Sat, Apr 15, 2017 at 05:26:26PM +0530, Hrishikesh Muruk wrote:
> [...]
> I installed OpenBSD 6.1 on an Intel NUC6i7KYK. It has a Skylake i7 CPU
> so I know 3D acceleration is not supported. I think vesa should still
> work - please correct me if that is not the case.
> [...]
> Just in case it makes a difference - I am not booting using UEFI
> (legacy mode only).

It does, in a way. If you boot it in EFI mode (might require creating a
system partition and installing the EFI boot loader), efifb(4) should
attach to the EFI framebuffer. This in turn allows you to use Xorg's
wsfb driver with the following /etc/X11/xorg.conf:

Section "Device"
Identifier "default device"
Driver "wsfb"
EndSection

In my experience, wsfb seems to operate a lot smoother than vesafb,
though I haven't done any benchmarks. Works for me though on my Skylake
i5 system.

I don't have a lot of experience with the VESA driver, but if you don't
get that working, EFI might be the most sensible option.

-- 
Gregor

pf.conf: best practice for IP address lookup?

[Harald Dunkel]

Hi folks,

Since I don't get a static IPv6 prefix from Deutsche Telekom, but
a different prefix on every new pppoe connection, I have to rely
upon some lookup service for pf.conf.

pf.conf(5) doesn't mention dynamic IP addresses at all (except
for its own interfaces), so I wonder what is best practice here?
DNS? A table for every internal host, updated by a watchdog?


Every helpful comment is highly appreciated
Harri

opening bugs for OpenBSD 6.0

[Alceu Rodrigues de Freitas Junior]

Hi,

I think I spotted a bug for OpenBSD 6.0:

https://github.com/perl5-dbi/DBD-mysql/issues/120

But since 6.1 is already available (and I couldn't reproduce the error 
for it), I'm not sure if I should open a bug at all.


Could someone please give some hints about that?

Thanks!

Alceu

Thinkpad T460s on lastest -snapshot, no Xorg

[Daniel Gracia]

Hi there!

Running a Thinkpad T460s on lastest -snapshot X environment won't start.
Tried both, with no xorg.conf and a simple:

Section "Device"
Identifier"Vesa"
Driver"vesa"
EndSection

to no avail.

machdep.allowaperture=2 is set on sysctl.conf. Some advice to start hacking
on this?

Regards!

==> dmesg:
OpenBSD 6.1-current (GENERIC.MP) #55: Fri Apr 14 13:54:33 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 7826608128 (7464MB)
avail mem = 7584727040 (7233MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xcf054000 (65 entries)
bios0: vendor LENOVO version "N1CET54W (1.22 )" date 02/10/2017
bios0: LENOVO 20F9005CMS
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA SSDT SSDT TPM2 UEFI SSDT SSDT ECDT HPET APIC
MCFG SSDT DBGP DBG2 BOOT BATB SLIC SSDT SSDT MSDM DMAR ASF! FPDT UEFI
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN
T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,
PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C
LFLUSHOPT,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 24 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN
T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,
PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C
LFLUSHOPT,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN
T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,
PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C
LFLUSHOPT,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN
T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,
PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C
LFLUSHOPT,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 2 (EXP1)
acpiprt5 at acpi0: bus -1 (EXP2)
acpiprt6 at acpi0: bus 4 (EXP3)
acpiprt7 at acpi0: bus -1 (EXP5)
acpiprt8 at acpi0: bus -1 (RP09)
acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI
acpipwrres1 at acpi0: PG00, resource for PEG0
acpipwrres2 at acpi0: PG01, resource for PEG1
acpipwrres3 at acpi0: PG02, resource for PEG2
acpipwrres4 at acpi0: WRST
acpipwrres5 at acpi0: WRST
acpitz0 at acpi0: critical temperature is 128 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"LEN0071" at acpi0 not configured
"LEN004B" at acpi0 not configured
"INT3F0D" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "00HW022" serial  

Re: vmm(4) - Virtual Machine owner and (re)starting VMs?

[Josh Grosse]

On Sat, Apr 15, 2017 at 12:10:14PM -0500, Ax0n wrote:

> I'm still trying to figure out how VM ownership works.

For disabled VMs, the owner (who also owns the disk image files) can
start and stop the VM's, and connect to the console.

Re: Unable to connect to ftp.openbsd.org

[Alessandro Baggi]

Il 15/04/2017 16:15, Alessandro Baggi ha scritto:

Il 15/04/2017 11:20, Stuart Henderson ha scritto:

On 2017-04-15, Alessandro Baggi  wrote:

this morning I'm upgrading my obsd firewall 5.8 to 5.9.


5.9 is out of support now. I'd strongly recommend moving to 6.1 which
was released last week.


When I try to connect to ftp.openbsd.org from shell using ftp I got
connection refused. The same behaviour with different hosts. Trying to
connect to other ftp all works fine. So I've changed pkg_path to another
ftp mirror and pkg_add -u worked.


That site only does http/https now. But unless you're in Alberta the
other mirrors are likely to be a better choice anyway.




I know that 5.9 is out of support with release of 6.1. Today I'm
upgrading from 5.8 -> 5.9 -> 6.0 -> 6.1.

thank you for suggestions.


Thanks to OpenBSD team, update process works very well. Upgrading from 
5.8 to 6.1 in very short time and without issues.


Great job guys.

Re: 6.1: dnsmasq unresponsive?

[Stuart Henderson]

On 2017-04-13, Harald Dunkel  wrote:
>
> Hi folks,
>
> is it just me, or is the new dnsmasq unresponsive?
>
>   dig @127.0.0.1 heise.de A +short
>
> gets stuck. Moving back to the old dnsmasq provided for 6.0
> there is no such problem.
>
> dnsmasq.conf:
>
>   server=8.8.4.4
>
>
> Every helpful comment is highly appreciated
> Harri
>
>

It's the same version of dnsmasq. The thing that changed is that
we now have IP_SENDSRCADDR.

Needs fixing, but you can use -z on the dnsmasq command line as
a workaround for now.

Re: vmm(4) - Virtual Machine owner and (re)starting VMs?

[Ax0n]

To answer my own question about restarting VMs that have stopped or were
disabled in vm.conf:

If you do a vmctl reload as root, it will restart any VMs that are no
longer running but are defined and enabled in /etc/vm.conf. It also looks
as if removing the "disabled" flag from a record in vm.conf and then doing
a reload will start a previously disabled VM.
using "vmctl load ${configfile}" is also handy for creating one-off
configuration clauses for VMs you want to start ad-hoc.

I'm still trying to figure out how VM ownership works.

On Fri, Apr 14, 2017 at 11:00 PM, Ax0n  wrote:

> First: Great work, everyone. Tons of ground got covered.
>
> vmm seems to not be respecting the "owner" directive until after I shut
> the VMs down. It's completely plausible I'm doing something wrong. I
> haven't messed with vmm in -CURRENT since mid-January. I'm using
> 6.1-RELEASE right now.
>
> On the host end, I have dhcpd listening on vether0  and the most basic of
> pf NAT configured. Honestly, I'm okay running these as root. This is just
> my personal laptop with some VMs for testing Apache/MySQL apps and new
> snapshots. Using doas(8) I can connect to any of the consoles.
>
> Also, is there a way to re-start a defined VM by its vm.conf definition
> without restarting vmd, and/or start up a VM that's marked as disabled in
> vm.conf?
>
> Log and dmesg follows.
>
> $ id
> uid=1000(axon) gid=1000(axon) groups=1000(axon), 0(wheel)
> $ vmctl status
>ID   PID VCPUS  MAXMEM  CURMEM TTYOWNER NAME
> 2  4096 1128M122M   ttyp1 root OBSDSnap64.vm
> 1 12592 1128M128M   ttyp0 root OBSD61.vm
> $ vmctl console 1
> cu: open("/dev/ttyp0"): Permission denied
> $ cat /etc/vm.conf
> # bridge0 for VMs, NAT and dhcpd
> switch "local" {
> add vether0
> up
> }
>
> # OpenBSD 6.1
> vm "OBSD61.vm" {
> owner axon
> memory 128M
> disk "/home/axon/vmm/obsd61.img"
> interface {
> switch "local"
> lladdr fe:e1:ba:d0:eb:ab
> }
> }
>
> # OpenBSD amd64 Snapshot
> vm "OBSDSnap64.vm" {
> owner axon
> memory 128M
> disk "/home/axon/vmm/obsd-snap64.img"
> interface {
> switch "local"
> lladdr fe:e1:ba:d0:eb:ac
> }
> }
>
> $ ssh 10.13.37.200
> axon@10.13.37.200's password:
> Last login: Fri Apr 14 22:11:40 2017 from 10.13.37.1
> OpenBSD 6.1 (GENERIC) #19: Sat Apr  1 13:42:46 MDT 2017
>
> Welcome to OpenBSD: The proactively secure Unix-like operating system.
>
> Please use the sendbug(1) utility to report bugs in the system.
> Before reporting a bug, please try to reproduce it with the latest
> version of the code.  With bug reports, please try to ensure that
> enough information to reproduce the problem is enclosed, and if a
> known fix for it exists, include that as well.
>
> $ doas halt -p
> Connection to 10.13.37.200 closed by remote host.
> Connection to 10.13.37.200 closed.
> $ vmctl status # after waiting 30 seconds or so for the VM to clean up...
>ID   PID VCPUS  MAXMEM  CURMEM TTYOWNER NAME
> 2  4096 1128M122M   ttyp1 root OBSDSnap64.vm
> - - 1128M   -   - axon OBSD61.vm
>
> ## Now I'm the proud owner of a halted vm. :D
>
> $ doas vmctl console 2
> Connected to /dev/ttyp1 (speed 9600)
>
>
> OpenBSD/amd64 (deepthought.labs.h-i-r.net) (tty00)
>
> login:
>
> [EOT]
>
> $ dmesg
> OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr  1 13:45:56 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> RTC BIOS diagnostic error 80
> real mem = 8227655680 (7846MB)
> avail mem = 7973625856 (7604MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9d90 (47 entries)
> bios0: vendor Acer version "V1.07" date 11/07/2011
> bios0: Acer Aspire 5733Z
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT DMAR SSDT SSDT
> SSDT
> acpi0: wakeup devices AZAL(S3) P0P1(S4) EHC1(S3) USB1(S3) USB2(S3)
> USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) RP01(S4) PEG5(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2527.84 MHz
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
> PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,
> CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,
> LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: TSC frequency 2527838640 <(252)%20783-8640> Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 133MHz
> cpu0: mwait min=64, max=64, 

Any efforts to make sector size configurable file/disk IO subsystem locking?

[Mikael]

Hi!

Are there any efforts to decrease the internal locking in the file/disk IO
subsystem, and perhaps make the sector size configurable?

My quest is to get anything in the ballpark of the speeds I get on
/dev/rsd0c (~575MB/sec on aligned random 16KB) on ordinary noncached
filesystem access (which I experience as capped around 120MB/sec
independent of everything, in my tests on a single SATA or NVME SSD).

I will need to make additional benchmarks where I try to max two disks
concurrently to see if the peak read speed I get is still 120MB/sec then
i.e. that is system-wide, however I think that is the case.

(First someone suggested in chatroom that the ~120MB/sec cap on all threads
on disk IO is because of the absence of multiqueueing support, but then if
I understood David Gwyne right, he's saying it's not but instead somehow
about the overhead of the IO subsystem itself and the solution to that is
general multithread-ization of the code.

I was asking myself if overhead also may be due to that the whole
filesystem always leads to per-512-byte accesses to the underlying media
too. My SSD benchmarks seem to suggest that aligned 16KB reads perform the
best both in both random and sequential modes.)

Thanks!
Mikael

Using X with VESA on Skylake

[Hrishikesh Muruk]

Hello

I installed OpenBSD 6.1 on an Intel NUC6i7KYK. It has a Skylake i7 CPU so I
know 3D acceleration is not supported. I think vesa should still work -
please correct me if that is not the case.

I dont get a GUI when I try startx. The log file generated is below. From
the log it looks like the Intel driver and vesa driver are both being
loaded. The Intel driver, of course, does not support this GPU.

I think this is the error:
(EE) VESA(0): V_BIOS address 0x19a60 out of range

How can I get X running with VESA?

Just in case it makes a difference - I am not booting using UEFI (legacy
mode only).

Thanks
Hrishi

[   137.074] (--) checkDevMem: using aperture driver /dev/xf86
[   137.083] (--) Using wscons driver on /dev/ttyC4
[   137.096]
X.Org X Server 1.18.4
Release Date: 2016-07-19
[   137.096] X Protocol Version 11, Revision 0
[   137.096] Build Operating System: OpenBSD 6.1 amd64
[   137.096] Current Operating System: OpenBSD nuc.my.domain 6.1
GENERIC.MP#20 amd64
[   137.096] Build Date: 01 April 2017  02:00:27PM
[   137.096]
[   137.096] Current version of pixman: 0.34.0
[   137.096]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[   137.096] Markers: (--) probed, (**) from config file, (==) default
setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[   137.096] (==) Log file: "/var/log/Xorg.0.log", Time: Sat Apr 15
16:28:33 2017
[   137.098] (==) Using system config directory
"/usr/X11R6/share/X11/xorg.conf.d"
[   137.098] (==) No Layout section.  Using the first Screen section.
[   137.098] (==) No screen section available. Using defaults.
[   137.098] (**) |-->Screen "Default Screen Section" (0)
[   137.098] (**) |   |-->Monitor ""
[   137.099] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[   137.099] (==) Disabling SIGIO handlers for input devices
[   137.099] (==) Automatically adding devices
[   137.099] (==) Automatically enabling devices
[   137.099] (==) Not automatically adding GPU devices
[   137.099] (==) Max clients allowed: 256, resource mask: 0x1f
[   137.104] (==) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
[   137.104] (==) ModulePath set to "/usr/X11R6/lib/modules"
[   137.104] (II) The server relies on wscons to provide the list of input
devices.
If no devices become available, reconfigure wscons or disable
AutoAddDevices.
[   137.104] (II) Loader magic: 0x1c42a7433020
[   137.104] (II) Module ABI versions:
[   137.104]X.Org ANSI C Emulation: 0.4
[   137.104]X.Org Video Driver: 20.0
[   137.104]X.Org XInput driver : 22.1
[   137.104]X.Org Server Extension : 9.0
[   137.104] (--) PCI:*(0:0:2:0) 8086:193b:8086:2064 rev 9, Mem @
0xdb00/16777216, 0x9000/268435456, I/O @ 0xf000/64
[   137.104] (II) LoadModule: "glx"
[   137.106] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[   137.114] (II) Module glx: vendor="X.Org Foundation"
[   137.114]compiled for 1.18.4, module version = 1.0.0
[   137.114]ABI class: X.Org Server Extension, version 9.0
[   137.114] (==) AIGLX enabled
[   137.114] (==) Matched intel as autoconfigured driver 0
[   137.114] (==) Matched vesa as autoconfigured driver 1
[   137.114] (==) Assigned the driver to the xf86ConfigLayout
[   137.114] (II) LoadModule: "intel"
[   137.114] (II) Loading /usr/X11R6/lib/modules/drivers/intel_drv.so
[   137.116] (II) Module intel: vendor="X.Org Foundation"
[   137.116]compiled for 1.18.4, module version = 2.99.916
[   137.116]Module class: X.Org Video Driver
[   137.116]ABI class: X.Org Video Driver, version 20.0
[   137.116] (II) LoadModule: "vesa"
[   137.117] (II) Loading /usr/X11R6/lib/modules/drivers/vesa_drv.so
[   137.117] (II) Module vesa: vendor="X.Org Foundation"
[   137.117]compiled for 1.18.4, module version = 2.3.4
[   137.117]Module class: X.Org Video Driver
[   137.117]ABI class: X.Org Video Driver, version 20.0
[   137.117] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets:
i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G,
915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM,
Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35,
Q33,
GM45, 4 Series, G45/G43, Q45/Q43, G41, B43
[   137.117] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000
[   137.117] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100
[   137.117] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: 5200,
6200, P6300
[   137.117] (II) VESA: driver for VESA chipsets: vesa
[   137.118] (II) Loading sub module "vbe"
[   137.118] (II) LoadModule: 

Re: OpenBSD 6.1 - bravo

[Leighton Sheppard]

Also from me, great work!


With 6.1 I can now decommission some legacy VM's :)



From: owner-m...@openbsd.org  on behalf of Mikael

Sent: 13 April 2017 04:20
To: OpenBSD general usage list
Subject: Re: OpenBSD 6.1 - bravo

Also from me, big thanks!

2017-04-12 16:45 GMT+08:00 Clément.J :

> Thank you OpenBSD team for this new release 6.1
> OpenBSD makes me happy every day for so many usages
> so thank you so much everyone for your great work.


2017-04-12 16:45 GMT+08:00 Clément.J :

> Thank you OpenBSD team for this new release 6.1
> OpenBSD makes me happy every day for so many usages
> so thank you so much everyone for your great work.
>
> have a good day
> vive OpenBSD
>
>
> Le 12-04-2017 10:27, Stuart Henderson a écrit :
>
>> On 2017-04-12, Jordon  wrote:
>>
>>> rcctl enable dhcrelay
 rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is
 your routers

>>> address"
>>>
 rcctl start dhcrelay

 and possibly add -d (log to stderr) to see what its doing.


>>> Thank you!  That got it working!  So why is that necessary?  Doesnt
>>> the bridge
>>> just forward everything?  Or are DHCP requests broadcasts that dont
>>> get
>>> forwarded?
>>>
>>
>> It shouldn't be necessary, dhcrelay is normally used when you have a
>> subnet behind a router, and the DHCP server is a separate machine on
>> a
>> different subnet.
>>
>> Could it be a PF rule problem?
>>
>> Normally you would only have an IP address on one member of the
>> bridge,
>> just "up" on the others..

Re: Unable to connect to ftp.openbsd.org

[Alessandro Baggi]

Il 15/04/2017 11:20, Stuart Henderson ha scritto:

On 2017-04-15, Alessandro Baggi  wrote:

this morning I'm upgrading my obsd firewall 5.8 to 5.9.


5.9 is out of support now. I'd strongly recommend moving to 6.1 which
was released last week.


When I try to connect to ftp.openbsd.org from shell using ftp I got
connection refused. The same behaviour with different hosts. Trying to
connect to other ftp all works fine. So I've changed pkg_path to another
ftp mirror and pkg_add -u worked.


That site only does http/https now. But unless you're in Alberta the
other mirrors are likely to be a better choice anyway.




I know that 5.9 is out of support with release of 6.1. Today I'm 
upgrading from 5.8 -> 5.9 -> 6.0 -> 6.1.


thank you for suggestions.

Re: Unable to connect to ftp.openbsd.org

[Stuart Henderson]

On 2017-04-15, Alessandro Baggi  wrote:
> this morning I'm upgrading my obsd firewall 5.8 to 5.9.

5.9 is out of support now. I'd strongly recommend moving to 6.1 which
was released last week.

> When I try to connect to ftp.openbsd.org from shell using ftp I got 
> connection refused. The same behaviour with different hosts. Trying to 
> connect to other ftp all works fine. So I've changed pkg_path to another 
> ftp mirror and pkg_add -u worked.

That site only does http/https now. But unless you're in Alberta the
other mirrors are likely to be a better choice anyway.

Re: Unable to connect to ftp.openbsd.org

[Alessandro Baggi]

Il 15/04/2017 10:12, Andreas Kusalananda Kähäri ha scritto:

On Sat, Apr 15, 2017 at 09:58:00AM +0200, Alessandro Baggi wrote:

Hi there,
this morning I'm upgrading my obsd firewall 5.8 to 5.9.

All processes gone fine but when running pkg_add -u I get that "unable to
connect or login to ftp.openbsd.org". This is on $PKG_PATH.

When I try to connect to ftp.openbsd.org from shell using ftp I got
connection refused. The same behaviour with different hosts. Trying to
connect to other ftp all works fine. So I've changed pkg_path to another ftp
mirror and pkg_add -u worked.

ftp.openbsd.org has problems?


Thanks in advance.




Related: https://marc.info/?l=openbsd-announce=149220549500948=2


thank you for the information. I must subscribe ml announce.

Re: Unable to connect to ftp.openbsd.org

[Andreas Kusalananda Kähäri]

On Sat, Apr 15, 2017 at 09:58:00AM +0200, Alessandro Baggi wrote:
> Hi there,
> this morning I'm upgrading my obsd firewall 5.8 to 5.9.
> 
> All processes gone fine but when running pkg_add -u I get that "unable to
> connect or login to ftp.openbsd.org". This is on $PKG_PATH.
> 
> When I try to connect to ftp.openbsd.org from shell using ftp I got
> connection refused. The same behaviour with different hosts. Trying to
> connect to other ftp all works fine. So I've changed pkg_path to another ftp
> mirror and pkg_add -u worked.
> 
> ftp.openbsd.org has problems?
> 
> 
> Thanks in advance.
> 
> 

Related: https://marc.info/?l=openbsd-announce=149220549500948=2

Unable to connect to ftp.openbsd.org

[Alessandro Baggi]

Hi there,
this morning I'm upgrading my obsd firewall 5.8 to 5.9.

All processes gone fine but when running pkg_add -u I get that "unable 
to connect or login to ftp.openbsd.org". This is on $PKG_PATH.


When I try to connect to ftp.openbsd.org from shell using ftp I got 
connection refused. The same behaviour with different hosts. Trying to 
connect to other ftp all works fine. So I've changed pkg_path to another 
ftp mirror and pkg_add -u worked.


ftp.openbsd.org has problems?


Thanks in advance.

Re: programming in Assembly

[Kartik Agaram]

Your hints were sufficient to get me to a working 64-bit program:

```
.section ".note.openbsd.ident", "a"
  .p2align 2
  .long   0x8
  .long   0x4
  .long   0x1
  .ascii "OpenBSD\0"
  .long   0x
  .p2align 2

.section .text
.globl _start
_start:
  mov $1, %rax
  xor %rdi, %rdi
  syscall
```

I'd been playing with some other nasm-based examples, and assumed
`syscall` was part of the syntactic differences between `as` and
`nasm` until you set me straight. Thanks again!

Re: programming in Assembly

[Kartik Agaram]

Many thanks for the pointers.

Re: programming in Assembly

[Philip Guenther]

On Fri, 14 Apr 2017, Kartik Agaram wrote:
> Many thanks! Yes, a static binary is perfectly fine at this time :) A 
> couple of follow-up questions, if y'all would please indulge me:
>
> 1. Now that I am reminded of this handy new `readelf` tool, I go
> running it on the new static executable I just generated.
...
> Why is the file type showing up as a shared object file in spite of it 
> being a statically compiled binary?

Because its a PIE binary.


> 2. I tried running the above file in a 64-bit OpenBSD, and got a couple 
> of reasonable looking errors:
...
> In response I tried some ham-handed modifications, basically replacing 
> the registers with 64-bit variants, and letting the assembler figure out 
> operand-size suffixes.
...
> Could you please point me at why this fails?

The differences between the i386 and amd64 ABI are too large to explain 
here.  If you search the web for "amd64 ELF ABI" you'll find the doc that 
describes how arguments are passed and how syscalls are performed.  The 
short version is "not on the stack, and using syscall instead of int$80" 
Or look at the libc source code or disassemble libc.a and see how it does 
it.


Philip Guenther

Re: programming in Assembly

[Kartik Agaram]

Many thanks! Yes, a static binary is perfectly fine at this time :) A
couple of follow-up questions, if y'all would please indulge me:

1. Now that I am reminded of this handy new `readelf` tool, I go
running it on the new static executable I just generated.

```
$ cat exit.s  # repeating for your convenience
# 
https://web.archive.org/web/20120509101207/http://lucifer.phiral.net/openbsdasm.htm
.section ".note.openbsd.ident", "a"
  .p2align 2
  .long   0x8
  .long   0x4
  .long   0x1
  .ascii "OpenBSD\0"
  .long   0x
  .p2align 2

.section .text
.globl _start
_start:
  xorl %eax, %eax
  pushl %eax  # exit status
  pushl %eax  # extra long for C ABI
  movl $1, %eax  # exit syscall
  int $0x80
$ as exit.s -o exit.o
$ ld exit.o -static -o exit
$ ./exit
$ echo $?
0  # success!
$ readelf -l ./exit
Elf file type is DYN (Shared object file)
...
```

Why is the file type showing up as a shared object file in spite of it
being a statically compiled binary?

2. I tried running the above file in a 64-bit OpenBSD, and got a
couple of reasonable looking errors:

```
$ uname -a
OpenBSD x.my.domain 5.9 GENERIC#1761 amd64
$ as exit.s -o exit.o
exit.s: Assembler messages:
exit.s:17: Error: suffix or operands invalid for `push'
exit.s:18: Error: suffix or operands invalid for `push'
```

In response I tried some ham-handed modifications, basically replacing
the registers with 64-bit variants, and letting the assembler figure
out operand-size suffixes.

```
$ cat exit64.s
.section ".note.openbsd.ident", "a"
  .p2align 2
  .long   0x8
  .long   0x4
  .long   0x1
  .ascii "OpenBSD\0"
  .long   0x
  .p2align 2

.section .text
.globl _start
_start:
  xor %rax, %rax
  push %rax  # exit status
  push %rax  # extra long for C ABI
  mov $1, %rax  # exit syscall
  int $0x80
```

Could you please point me at why this fails?

```
$ as exit64.s -o exit64.o
$ ld exit64.o -static -o exit64
$ ./exit64
zsh: bus error (core dumped)  ./exit64
```