Re: Is randomizing UID/GUID would make sense?
> Responding to multiple messages: > > On Fri, 20 Jan 2017 08:43:46 +0100 > "minek van"wrote: > > I can see that the default users and when creating new ones have > > their UID/GUID incremented by 1. > > > > Could it bring more security if the UIDs/GUIDs would be random? > > On Mon, 23 Jan 2017 11:51:29 -0500 > andrew fabbro wrote: > > The OP was just talking about changing from "last +1" to arc4random. > > Synchronizing UID/GID across servers (if you're not using a directory > > of some sort) is the same headache regardless of how you pick them. > > > > If the OP meant every server has different, unique randomized > > UID/GIDs then that's a separate craziness. > > I can see this randomisation making systems management a bit more > difficult as a non-random GUID/UID setup can be used to do things like: > > GID 0 = wheel > GID 1-999 = privsep users, daemons, system > GID 1000-32765 = ordinary logins > GID 32766 = nogroup > GID 32767 = nobody > > Because the separation is clear and not so random, you can also set up > GIDs/UIDs (1000-32765) permanently across a site where they need to be > static, in the case of logged-in users. Very necessary for backups. > > However, the users 1-999 may change depending on what order you install > packages in. > > OpenBSD still randomizes PIDs, but I don't see the point these days: > https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961 Sorry you lost me. I can't tell if you are supporting a useless idea, or declaring that a useless idea is not worth supporting.
flaky network connection after 6.1 upgrade
After upgrading to 6.1, I have been unable to maintain an internet connection for more than a few seconds at a time. The machine in question uses an Atheros AR9281 for a wifi connection. All other machines on that wifi network have no problems. The Atheros card worked perfectly yesterday. Pinging the machine over a long period of time gives about 40% packet loss. Trying to access the internet in any way often seems to work for a few seconds, then hangs. It may work in short spurts over the next couple of minutes before hanging for good. I have monitored this with tcpdump and noticed no tcp packets sent when the connection is hung. What could be happening and how can I fix this? Sincerely, Colton Lewis
Re: ordering
Quoting Friedrich Locke: Hi folks, i would like to order obsd 6.1, butfrom the openbsd store i cannot see it available for ordering. May you help me ? thanks, gustavo. Hi, I had sent an email to ord...@openbsdstore.com regarding this yesterday and they replied that "there isn't a 6.1 cd, please check out the obsd.org site to persuade them to make one...". However I did not want to bother the list and the developers in case CDs are not the way to go. I did a search on mailing list messages but did not see anything about 6.1 CDs. So I am thinking that the CD's may be ready only by May 1 and the release date was pushed earlier for some reason (just a guess because in 2015 and before, CDs were released in May and November) If no OpenBSD CDs are going to be released, then probably it is better to just send a donation to the OpenBSD foundation and/or to Theo de Raadt. If CD's are going to be released, of course, I would be first in line since I have all CD's since 2.8 :) Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited vsan...@foretell.ca
Re: Is randomizing UID/GUID would make sense?
Responding to multiple messages: On Fri, 20 Jan 2017 08:43:46 +0100 "minek van"wrote: > I can see that the default users and when creating new ones have > their UID/GUID incremented by 1. > > Could it bring more security if the UIDs/GUIDs would be random? On Mon, 23 Jan 2017 11:51:29 -0500 andrew fabbro wrote: > The OP was just talking about changing from "last +1" to arc4random. > Synchronizing UID/GID across servers (if you're not using a directory > of some sort) is the same headache regardless of how you pick them. > > If the OP meant every server has different, unique randomized > UID/GIDs then that's a separate craziness. I can see this randomisation making systems management a bit more difficult as a non-random GUID/UID setup can be used to do things like: GID 0 = wheel GID 1-999 = privsep users, daemons, system GID 1000-32765 = ordinary logins GID 32766 = nogroup GID 32767 = nobody Because the separation is clear and not so random, you can also set up GIDs/UIDs (1000-32765) permanently across a site where they need to be static, in the case of logged-in users. Very necessary for backups. However, the users 1-999 may change depending on what order you install packages in. OpenBSD still randomizes PIDs, but I don't see the point these days: https://security.stackexchange.com/questions/88692/do-randomized-pids-bring-more-security/89961
Re: ordering
I guess this is the thread where I mention that most of the OpenBSD FTP mirrors' login motd banner say you can buy 6.1 on CD. Not really a big deal, but mirror maintainers might want to adjust it. On Sat, Apr 15, 2017 at 8:37 PM, Edgar Pettijohnwrote: > On 04/15/17 20:28, Friedrich Locke wrote: > >> Hi folks, >> >> i would like to order obsd 6.1, butfrom the openbsd store i cannot see it >> available for ordering. >> May you help me ? >> >> thanks, gustavo. >> > 6.0 was the last release that the project made CD's for.
Re: ordering
On 04/15/17 20:28, Friedrich Locke wrote: Hi folks, i would like to order obsd 6.1, butfrom the openbsd store i cannot see it available for ordering. May you help me ? thanks, gustavo. 6.0 was the last release that the project made CD's for.
Re: ordering
On 15/04/2017, Friedrich Lockewrote: > Hi folks, > > i would like to order obsd 6.1, butfrom the openbsd store i cannot see it > available for ordering. > May you help me ? http://www.openbsd.org/lyrics.html#60f Notice that the 61.html page no longer has any ISBN numbers, BTW. C.
ordering
Hi folks, i would like to order obsd 6.1, butfrom the openbsd store i cannot see it available for ordering. May you help me ? thanks, gustavo.
Re: Thinkpad T460s on lastest -snapshot, no Xorg
Hi Daniel, I have a laptop with a similar chipset. The issue is that the inteldrm(4) driver does not support Skylake devices at the moment. If you boot the machine EFI mode, efifb(4) should attach to the EFI frame buffer. This in turn allows you to use Xorg's wsfb driver with an /etc/X11/xorg.conf which looks like this: Section "Device" Identifier "default device" Driver "wsfb" EndSection Apart from missing suspend/resume and 3D-acceleration, such a setup seems to work nicely for me. Chrome/Firefox need to be taught not to use graphics acceleration, and for mpv you need to use the commandline parameter `-vo x11` to tell it to use oldschool X11 rendering. Brightness control can be done with https://github.com/jcs/intel_backlight_fbsd if you set `machdep.allowaperture` to 3. Don't mind the `fbsd` in the name, it works on OpenBSD as well. -- Gregor [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Using X with VESA on Skylake
Hi Hrishikesh, On Sat, Apr 15, 2017 at 05:26:26PM +0530, Hrishikesh Muruk wrote: > [...] > I installed OpenBSD 6.1 on an Intel NUC6i7KYK. It has a Skylake i7 CPU > so I know 3D acceleration is not supported. I think vesa should still > work - please correct me if that is not the case. > [...] > Just in case it makes a difference - I am not booting using UEFI > (legacy mode only). It does, in a way. If you boot it in EFI mode (might require creating a system partition and installing the EFI boot loader), efifb(4) should attach to the EFI framebuffer. This in turn allows you to use Xorg's wsfb driver with the following /etc/X11/xorg.conf: Section "Device" Identifier "default device" Driver "wsfb" EndSection In my experience, wsfb seems to operate a lot smoother than vesafb, though I haven't done any benchmarks. Works for me though on my Skylake i5 system. I don't have a lot of experience with the VESA driver, but if you don't get that working, EFI might be the most sensible option. -- Gregor
pf.conf: best practice for IP address lookup?
Hi folks, Since I don't get a static IPv6 prefix from Deutsche Telekom, but a different prefix on every new pppoe connection, I have to rely upon some lookup service for pf.conf. pf.conf(5) doesn't mention dynamic IP addresses at all (except for its own interfaces), so I wonder what is best practice here? DNS? A table for every internal host, updated by a watchdog? Every helpful comment is highly appreciated Harri
opening bugs for OpenBSD 6.0
Hi, I think I spotted a bug for OpenBSD 6.0: https://github.com/perl5-dbi/DBD-mysql/issues/120 But since 6.1 is already available (and I couldn't reproduce the error for it), I'm not sure if I should open a bug at all. Could someone please give some hints about that? Thanks! Alceu
Thinkpad T460s on lastest -snapshot, no Xorg
Hi there! Running a Thinkpad T460s on lastest -snapshot X environment won't start. Tried both, with no xorg.conf and a simple: Section "Device" Identifier"Vesa" Driver"vesa" EndSection to no avail. machdep.allowaperture=2 is set on sysctl.conf. Some advice to start hacking on this? Regards! ==> dmesg: OpenBSD 6.1-current (GENERIC.MP) #55: Fri Apr 14 13:54:33 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 7826608128 (7464MB) avail mem = 7584727040 (7233MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xcf054000 (65 entries) bios0: vendor LENOVO version "N1CET54W (1.22 )" date 02/10/2017 bios0: LENOVO 20F9005CMS acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP TCPA SSDT SSDT TPM2 UEFI SSDT SSDT ECDT HPET APIC MCFG SSDT DBGP DBG2 BOOT BATB SLIC SSDT SSDT MSDM DMAR ASF! FPDT UEFI acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP, PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C LFLUSHOPT,PT,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 24 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP, PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C LFLUSHOPT,PT,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP, PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C LFLUSHOPT,PT,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2400.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCN T,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP, PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,C LFLUSHOPT,PT,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 2 (EXP1) acpiprt5 at acpi0: bus -1 (EXP2) acpiprt6 at acpi0: bus 4 (EXP3) acpiprt7 at acpi0: bus -1 (EXP5) acpiprt8 at acpi0: bus -1 (RP09) acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI acpipwrres1 at acpi0: PG00, resource for PEG0 acpipwrres2 at acpi0: PG01, resource for PEG1 acpipwrres3 at acpi0: PG02, resource for PEG2 acpipwrres4 at acpi0: WRST acpipwrres5 at acpi0: WRST acpitz0 at acpi0: critical temperature is 128 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN004B" at acpi0 not configured "INT3F0D" at acpi0 not configured acpibat0 at acpi0: BAT0 model "00HW022" serial
Re: vmm(4) - Virtual Machine owner and (re)starting VMs?
On Sat, Apr 15, 2017 at 12:10:14PM -0500, Ax0n wrote: > I'm still trying to figure out how VM ownership works. For disabled VMs, the owner (who also owns the disk image files) can start and stop the VM's, and connect to the console.
Re: Unable to connect to ftp.openbsd.org
Il 15/04/2017 16:15, Alessandro Baggi ha scritto: Il 15/04/2017 11:20, Stuart Henderson ha scritto: On 2017-04-15, Alessandro Baggiwrote: this morning I'm upgrading my obsd firewall 5.8 to 5.9. 5.9 is out of support now. I'd strongly recommend moving to 6.1 which was released last week. When I try to connect to ftp.openbsd.org from shell using ftp I got connection refused. The same behaviour with different hosts. Trying to connect to other ftp all works fine. So I've changed pkg_path to another ftp mirror and pkg_add -u worked. That site only does http/https now. But unless you're in Alberta the other mirrors are likely to be a better choice anyway. I know that 5.9 is out of support with release of 6.1. Today I'm upgrading from 5.8 -> 5.9 -> 6.0 -> 6.1. thank you for suggestions. Thanks to OpenBSD team, update process works very well. Upgrading from 5.8 to 6.1 in very short time and without issues. Great job guys.
Re: 6.1: dnsmasq unresponsive?
On 2017-04-13, Harald Dunkelwrote: > > Hi folks, > > is it just me, or is the new dnsmasq unresponsive? > > dig @127.0.0.1 heise.de A +short > > gets stuck. Moving back to the old dnsmasq provided for 6.0 > there is no such problem. > > dnsmasq.conf: > > server=8.8.4.4 > > > Every helpful comment is highly appreciated > Harri > > It's the same version of dnsmasq. The thing that changed is that we now have IP_SENDSRCADDR. Needs fixing, but you can use -z on the dnsmasq command line as a workaround for now.
Re: vmm(4) - Virtual Machine owner and (re)starting VMs?
To answer my own question about restarting VMs that have stopped or were disabled in vm.conf: If you do a vmctl reload as root, it will restart any VMs that are no longer running but are defined and enabled in /etc/vm.conf. It also looks as if removing the "disabled" flag from a record in vm.conf and then doing a reload will start a previously disabled VM. using "vmctl load ${configfile}" is also handy for creating one-off configuration clauses for VMs you want to start ad-hoc. I'm still trying to figure out how VM ownership works. On Fri, Apr 14, 2017 at 11:00 PM, Ax0nwrote: > First: Great work, everyone. Tons of ground got covered. > > vmm seems to not be respecting the "owner" directive until after I shut > the VMs down. It's completely plausible I'm doing something wrong. I > haven't messed with vmm in -CURRENT since mid-January. I'm using > 6.1-RELEASE right now. > > On the host end, I have dhcpd listening on vether0 and the most basic of > pf NAT configured. Honestly, I'm okay running these as root. This is just > my personal laptop with some VMs for testing Apache/MySQL apps and new > snapshots. Using doas(8) I can connect to any of the consoles. > > Also, is there a way to re-start a defined VM by its vm.conf definition > without restarting vmd, and/or start up a VM that's marked as disabled in > vm.conf? > > Log and dmesg follows. > > $ id > uid=1000(axon) gid=1000(axon) groups=1000(axon), 0(wheel) > $ vmctl status >ID PID VCPUS MAXMEM CURMEM TTYOWNER NAME > 2 4096 1128M122M ttyp1 root OBSDSnap64.vm > 1 12592 1128M128M ttyp0 root OBSD61.vm > $ vmctl console 1 > cu: open("/dev/ttyp0"): Permission denied > $ cat /etc/vm.conf > # bridge0 for VMs, NAT and dhcpd > switch "local" { > add vether0 > up > } > > # OpenBSD 6.1 > vm "OBSD61.vm" { > owner axon > memory 128M > disk "/home/axon/vmm/obsd61.img" > interface { > switch "local" > lladdr fe:e1:ba:d0:eb:ab > } > } > > # OpenBSD amd64 Snapshot > vm "OBSDSnap64.vm" { > owner axon > memory 128M > disk "/home/axon/vmm/obsd-snap64.img" > interface { > switch "local" > lladdr fe:e1:ba:d0:eb:ac > } > } > > $ ssh 10.13.37.200 > axon@10.13.37.200's password: > Last login: Fri Apr 14 22:11:40 2017 from 10.13.37.1 > OpenBSD 6.1 (GENERIC) #19: Sat Apr 1 13:42:46 MDT 2017 > > Welcome to OpenBSD: The proactively secure Unix-like operating system. > > Please use the sendbug(1) utility to report bugs in the system. > Before reporting a bug, please try to reproduce it with the latest > version of the code. With bug reports, please try to ensure that > enough information to reproduce the problem is enclosed, and if a > known fix for it exists, include that as well. > > $ doas halt -p > Connection to 10.13.37.200 closed by remote host. > Connection to 10.13.37.200 closed. > $ vmctl status # after waiting 30 seconds or so for the VM to clean up... >ID PID VCPUS MAXMEM CURMEM TTYOWNER NAME > 2 4096 1128M122M ttyp1 root OBSDSnap64.vm > - - 1128M - - axon OBSD61.vm > > ## Now I'm the proud owner of a halted vm. :D > > $ doas vmctl console 2 > Connected to /dev/ttyp1 (speed 9600) > > > OpenBSD/amd64 (deepthought.labs.h-i-r.net) (tty00) > > login: > > [EOT] > > $ dmesg > OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr 1 13:45:56 MDT 2017 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > RTC BIOS diagnostic error 80 > real mem = 8227655680 (7846MB) > avail mem = 7973625856 (7604MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9d90 (47 entries) > bios0: vendor Acer version "V1.07" date 11/07/2011 > bios0: Acer Aspire 5733Z > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT DMAR SSDT SSDT > SSDT > acpi0: wakeup devices AZAL(S3) P0P1(S4) EHC1(S3) USB1(S3) USB2(S3) > USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) RP01(S4) PEG5(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2527.84 MHz > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA, > CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM, > PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3, > CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP, > LONG,LAHF,PERF,ITSC,SENSOR,ARAT > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: TSC frequency 2527838640 <(252)%20783-8640> Hz > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 133MHz > cpu0: mwait min=64, max=64,
Any efforts to make sector size configurable file/disk IO subsystem locking?
Hi! Are there any efforts to decrease the internal locking in the file/disk IO subsystem, and perhaps make the sector size configurable? My quest is to get anything in the ballpark of the speeds I get on /dev/rsd0c (~575MB/sec on aligned random 16KB) on ordinary noncached filesystem access (which I experience as capped around 120MB/sec independent of everything, in my tests on a single SATA or NVME SSD). I will need to make additional benchmarks where I try to max two disks concurrently to see if the peak read speed I get is still 120MB/sec then i.e. that is system-wide, however I think that is the case. (First someone suggested in chatroom that the ~120MB/sec cap on all threads on disk IO is because of the absence of multiqueueing support, but then if I understood David Gwyne right, he's saying it's not but instead somehow about the overhead of the IO subsystem itself and the solution to that is general multithread-ization of the code. I was asking myself if overhead also may be due to that the whole filesystem always leads to per-512-byte accesses to the underlying media too. My SSD benchmarks seem to suggest that aligned 16KB reads perform the best both in both random and sequential modes.) Thanks! Mikael
Using X with VESA on Skylake
Hello I installed OpenBSD 6.1 on an Intel NUC6i7KYK. It has a Skylake i7 CPU so I know 3D acceleration is not supported. I think vesa should still work - please correct me if that is not the case. I dont get a GUI when I try startx. The log file generated is below. From the log it looks like the Intel driver and vesa driver are both being loaded. The Intel driver, of course, does not support this GPU. I think this is the error: (EE) VESA(0): V_BIOS address 0x19a60 out of range How can I get X running with VESA? Just in case it makes a difference - I am not booting using UEFI (legacy mode only). Thanks Hrishi [ 137.074] (--) checkDevMem: using aperture driver /dev/xf86 [ 137.083] (--) Using wscons driver on /dev/ttyC4 [ 137.096] X.Org X Server 1.18.4 Release Date: 2016-07-19 [ 137.096] X Protocol Version 11, Revision 0 [ 137.096] Build Operating System: OpenBSD 6.1 amd64 [ 137.096] Current Operating System: OpenBSD nuc.my.domain 6.1 GENERIC.MP#20 amd64 [ 137.096] Build Date: 01 April 2017 02:00:27PM [ 137.096] [ 137.096] Current version of pixman: 0.34.0 [ 137.096]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [ 137.096] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [ 137.096] (==) Log file: "/var/log/Xorg.0.log", Time: Sat Apr 15 16:28:33 2017 [ 137.098] (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d" [ 137.098] (==) No Layout section. Using the first Screen section. [ 137.098] (==) No screen section available. Using defaults. [ 137.098] (**) |-->Screen "Default Screen Section" (0) [ 137.098] (**) | |-->Monitor "" [ 137.099] (==) No monitor specified for screen "Default Screen Section". Using a default monitor configuration. [ 137.099] (==) Disabling SIGIO handlers for input devices [ 137.099] (==) Automatically adding devices [ 137.099] (==) Automatically enabling devices [ 137.099] (==) Not automatically adding GPU devices [ 137.099] (==) Max clients allowed: 256, resource mask: 0x1f [ 137.104] (==) FontPath set to: /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF/, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/ [ 137.104] (==) ModulePath set to "/usr/X11R6/lib/modules" [ 137.104] (II) The server relies on wscons to provide the list of input devices. If no devices become available, reconfigure wscons or disable AutoAddDevices. [ 137.104] (II) Loader magic: 0x1c42a7433020 [ 137.104] (II) Module ABI versions: [ 137.104]X.Org ANSI C Emulation: 0.4 [ 137.104]X.Org Video Driver: 20.0 [ 137.104]X.Org XInput driver : 22.1 [ 137.104]X.Org Server Extension : 9.0 [ 137.104] (--) PCI:*(0:0:2:0) 8086:193b:8086:2064 rev 9, Mem @ 0xdb00/16777216, 0x9000/268435456, I/O @ 0xf000/64 [ 137.104] (II) LoadModule: "glx" [ 137.106] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so [ 137.114] (II) Module glx: vendor="X.Org Foundation" [ 137.114]compiled for 1.18.4, module version = 1.0.0 [ 137.114]ABI class: X.Org Server Extension, version 9.0 [ 137.114] (==) AIGLX enabled [ 137.114] (==) Matched intel as autoconfigured driver 0 [ 137.114] (==) Matched vesa as autoconfigured driver 1 [ 137.114] (==) Assigned the driver to the xf86ConfigLayout [ 137.114] (II) LoadModule: "intel" [ 137.114] (II) Loading /usr/X11R6/lib/modules/drivers/intel_drv.so [ 137.116] (II) Module intel: vendor="X.Org Foundation" [ 137.116]compiled for 1.18.4, module version = 2.99.916 [ 137.116]Module class: X.Org Video Driver [ 137.116]ABI class: X.Org Video Driver, version 20.0 [ 137.116] (II) LoadModule: "vesa" [ 137.117] (II) Loading /usr/X11R6/lib/modules/drivers/vesa_drv.so [ 137.117] (II) Module vesa: vendor="X.Org Foundation" [ 137.117]compiled for 1.18.4, module version = 2.3.4 [ 137.117]Module class: X.Org Video Driver [ 137.117]ABI class: X.Org Video Driver, version 20.0 [ 137.117] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets: i810, i810-dc100, i810e, i815, i830M, 845G, 854, 852GM/855GM, 865G, 915G, E7221 (i915), 915GM, 945G, 945GM, 945GME, Pineview GM, Pineview G, 965G, G35, 965Q, 946GZ, 965GM, 965GME/GLE, G33, Q35, Q33, GM45, 4 Series, G45/G43, Q45/Q43, G41, B43 [ 137.117] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000 [ 137.117] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100 [ 137.117] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: 5200, 6200, P6300 [ 137.117] (II) VESA: driver for VESA chipsets: vesa [ 137.118] (II) Loading sub module "vbe" [ 137.118] (II) LoadModule:
Re: OpenBSD 6.1 - bravo
Also from me, great work! With 6.1 I can now decommission some legacy VM's :) From: owner-m...@openbsd.orgon behalf of Mikael Sent: 13 April 2017 04:20 To: OpenBSD general usage list Subject: Re: OpenBSD 6.1 - bravo Also from me, big thanks! 2017-04-12 16:45 GMT+08:00 Clément.J : > Thank you OpenBSD team for this new release 6.1 > OpenBSD makes me happy every day for so many usages > so thank you so much everyone for your great work. 2017-04-12 16:45 GMT+08:00 Clément.J : > Thank you OpenBSD team for this new release 6.1 > OpenBSD makes me happy every day for so many usages > so thank you so much everyone for your great work. > > have a good day > vive OpenBSD > > > Le 12-04-2017 10:27, Stuart Henderson a écrit : > >> On 2017-04-12, Jordon wrote: >> >>> rcctl enable dhcrelay rcctl set dhcrelay flags -i athn0 192.168.1.1 "assuming that is your routers >>> address" >>> rcctl start dhcrelay and possibly add -d (log to stderr) to see what its doing. >>> Thank you! That got it working! So why is that necessary? Doesnt >>> the bridge >>> just forward everything? Or are DHCP requests broadcasts that dont >>> get >>> forwarded? >>> >> >> It shouldn't be necessary, dhcrelay is normally used when you have a >> subnet behind a router, and the DHCP server is a separate machine on >> a >> different subnet. >> >> Could it be a PF rule problem? >> >> Normally you would only have an IP address on one member of the >> bridge, >> just "up" on the others..
Re: Unable to connect to ftp.openbsd.org
Il 15/04/2017 11:20, Stuart Henderson ha scritto: On 2017-04-15, Alessandro Baggiwrote: this morning I'm upgrading my obsd firewall 5.8 to 5.9. 5.9 is out of support now. I'd strongly recommend moving to 6.1 which was released last week. When I try to connect to ftp.openbsd.org from shell using ftp I got connection refused. The same behaviour with different hosts. Trying to connect to other ftp all works fine. So I've changed pkg_path to another ftp mirror and pkg_add -u worked. That site only does http/https now. But unless you're in Alberta the other mirrors are likely to be a better choice anyway. I know that 5.9 is out of support with release of 6.1. Today I'm upgrading from 5.8 -> 5.9 -> 6.0 -> 6.1. thank you for suggestions.
Re: Unable to connect to ftp.openbsd.org
On 2017-04-15, Alessandro Baggiwrote: > this morning I'm upgrading my obsd firewall 5.8 to 5.9. 5.9 is out of support now. I'd strongly recommend moving to 6.1 which was released last week. > When I try to connect to ftp.openbsd.org from shell using ftp I got > connection refused. The same behaviour with different hosts. Trying to > connect to other ftp all works fine. So I've changed pkg_path to another > ftp mirror and pkg_add -u worked. That site only does http/https now. But unless you're in Alberta the other mirrors are likely to be a better choice anyway.
Re: Unable to connect to ftp.openbsd.org
Il 15/04/2017 10:12, Andreas Kusalananda Kähäri ha scritto: On Sat, Apr 15, 2017 at 09:58:00AM +0200, Alessandro Baggi wrote: Hi there, this morning I'm upgrading my obsd firewall 5.8 to 5.9. All processes gone fine but when running pkg_add -u I get that "unable to connect or login to ftp.openbsd.org". This is on $PKG_PATH. When I try to connect to ftp.openbsd.org from shell using ftp I got connection refused. The same behaviour with different hosts. Trying to connect to other ftp all works fine. So I've changed pkg_path to another ftp mirror and pkg_add -u worked. ftp.openbsd.org has problems? Thanks in advance. Related: https://marc.info/?l=openbsd-announce=149220549500948=2 thank you for the information. I must subscribe ml announce.
Re: Unable to connect to ftp.openbsd.org
On Sat, Apr 15, 2017 at 09:58:00AM +0200, Alessandro Baggi wrote: > Hi there, > this morning I'm upgrading my obsd firewall 5.8 to 5.9. > > All processes gone fine but when running pkg_add -u I get that "unable to > connect or login to ftp.openbsd.org". This is on $PKG_PATH. > > When I try to connect to ftp.openbsd.org from shell using ftp I got > connection refused. The same behaviour with different hosts. Trying to > connect to other ftp all works fine. So I've changed pkg_path to another ftp > mirror and pkg_add -u worked. > > ftp.openbsd.org has problems? > > > Thanks in advance. > > Related: https://marc.info/?l=openbsd-announce=149220549500948=2
Unable to connect to ftp.openbsd.org
Hi there, this morning I'm upgrading my obsd firewall 5.8 to 5.9. All processes gone fine but when running pkg_add -u I get that "unable to connect or login to ftp.openbsd.org". This is on $PKG_PATH. When I try to connect to ftp.openbsd.org from shell using ftp I got connection refused. The same behaviour with different hosts. Trying to connect to other ftp all works fine. So I've changed pkg_path to another ftp mirror and pkg_add -u worked. ftp.openbsd.org has problems? Thanks in advance.
Re: programming in Assembly
Your hints were sufficient to get me to a working 64-bit program: ``` .section ".note.openbsd.ident", "a" .p2align 2 .long 0x8 .long 0x4 .long 0x1 .ascii "OpenBSD\0" .long 0x .p2align 2 .section .text .globl _start _start: mov $1, %rax xor %rdi, %rdi syscall ``` I'd been playing with some other nasm-based examples, and assumed `syscall` was part of the syntactic differences between `as` and `nasm` until you set me straight. Thanks again!
Re: programming in Assembly
Many thanks for the pointers.
Re: programming in Assembly
On Fri, 14 Apr 2017, Kartik Agaram wrote: > Many thanks! Yes, a static binary is perfectly fine at this time :) A > couple of follow-up questions, if y'all would please indulge me: > > 1. Now that I am reminded of this handy new `readelf` tool, I go > running it on the new static executable I just generated. ... > Why is the file type showing up as a shared object file in spite of it > being a statically compiled binary? Because its a PIE binary. > 2. I tried running the above file in a 64-bit OpenBSD, and got a couple > of reasonable looking errors: ... > In response I tried some ham-handed modifications, basically replacing > the registers with 64-bit variants, and letting the assembler figure out > operand-size suffixes. ... > Could you please point me at why this fails? The differences between the i386 and amd64 ABI are too large to explain here. If you search the web for "amd64 ELF ABI" you'll find the doc that describes how arguments are passed and how syscalls are performed. The short version is "not on the stack, and using syscall instead of int$80" Or look at the libc source code or disassemble libc.a and see how it does it. Philip Guenther
Re: programming in Assembly
Many thanks! Yes, a static binary is perfectly fine at this time :) A couple of follow-up questions, if y'all would please indulge me: 1. Now that I am reminded of this handy new `readelf` tool, I go running it on the new static executable I just generated. ``` $ cat exit.s # repeating for your convenience # https://web.archive.org/web/20120509101207/http://lucifer.phiral.net/openbsdasm.htm .section ".note.openbsd.ident", "a" .p2align 2 .long 0x8 .long 0x4 .long 0x1 .ascii "OpenBSD\0" .long 0x .p2align 2 .section .text .globl _start _start: xorl %eax, %eax pushl %eax # exit status pushl %eax # extra long for C ABI movl $1, %eax # exit syscall int $0x80 $ as exit.s -o exit.o $ ld exit.o -static -o exit $ ./exit $ echo $? 0 # success! $ readelf -l ./exit Elf file type is DYN (Shared object file) ... ``` Why is the file type showing up as a shared object file in spite of it being a statically compiled binary? 2. I tried running the above file in a 64-bit OpenBSD, and got a couple of reasonable looking errors: ``` $ uname -a OpenBSD x.my.domain 5.9 GENERIC#1761 amd64 $ as exit.s -o exit.o exit.s: Assembler messages: exit.s:17: Error: suffix or operands invalid for `push' exit.s:18: Error: suffix or operands invalid for `push' ``` In response I tried some ham-handed modifications, basically replacing the registers with 64-bit variants, and letting the assembler figure out operand-size suffixes. ``` $ cat exit64.s .section ".note.openbsd.ident", "a" .p2align 2 .long 0x8 .long 0x4 .long 0x1 .ascii "OpenBSD\0" .long 0x .p2align 2 .section .text .globl _start _start: xor %rax, %rax push %rax # exit status push %rax # extra long for C ABI mov $1, %rax # exit syscall int $0x80 ``` Could you please point me at why this fails? ``` $ as exit64.s -o exit64.o $ ld exit64.o -static -o exit64 $ ./exit64 zsh: bus error (core dumped) ./exit64 ```