Fwd: vmm(4) direct device resources access from guests
Is it possible to have full I/O access to PCI-express devices from guest OSes like Penguin?
File sealing
Hi all, File sealing is a Linux-specific safety mechanism that can be used when sharing memory between two processes. In this scenario, one process typically calls shm_open(SHM_ANON), mmaps the result in its address space, writes interesting things in this slice of memory, sends the file descriptor over a Unix socket to another process. The other process then mmaps the file descriptor to its own address space and reads the shared memory. Sometimes the two processes don't trust each other, for instance in the case of Wayland. Bad clients may try to crash the compositor. One way to crash the compositor is to send a shared memory file descriptor and then shrink the file. When the compositor tries to read the now-unmapped part of the file it'll receive SIGBUS. What the compositor currently does is that it handles SIGBUS and ignores it if it's about a memory slice mmapped from IPC. Apart from being a hack, this makes things complicated because: * There are multiple Wayland interfaces that need to mmap a file descriptor sent over IPC. Collecting the list of IPC-mmapped regions is currently not possible with libwayland. * Since SIGBUS is global state, handling it is difficult. Some other IPC mechanisms might need to add more regions to the list. Threads make this even more annoying. See [1] I'd like to know if there are plans to add a feature similar to file sealing [2] in OpenBSD. Thanks, -- Simon Ser https://emersion.fr [1]: https://gitlab.freedesktop.org/wayland/wayland/issues/53#note_24663 [2]: https://lwn.net/Articles/591108/
vmm(4) direct device resources access from guests
Is it possible to have full I/O access to PCI-express devices from guest OSes like Linux?
Re: vmm(4) direct device resources access from guests
Den tors 1 nov. 2018 kl 08:53 skrev Denis : > > Is it possible to have full I/O access to PCI-express devices from guest > OSes like Penguin? > https://www.openbsd.org/faq/faq16.html -- May the most significant bit of your life be positive.
FOSDEM 2019 - Distributions Devroom Call for Participation
The Distributions devroom will take place Sunday 3 February 2019 at FOSDEM, in Brussels, Belgium at the Université Libre de Bruxelles. As more and more workloads are being considered for containerization in the future and are finally landing in virtualized environments today, distributions remain a critical success factor and are more important than ever. Containers, like virtual machines, are not magical and rely on piles of software being assembled in a way that is repeatable, reliable, and functional. This is at the very heart of the problem that distributions have always solved. Each distribution is responsible for building, testing, and releasing software as well as managing the lifecycle of each application in the collection. Additionally, distributions do very important work in ensuring that various versions of upstream software work well together and can co-exist. Distributions are also, often responsible, for "de-vendoring" upstream software so that security fixes can be applied more quickly. We welcome submissions targeted at contributors interested in issues unique to distributions, especially in the following topics: # Topics and Areas of Focus ## Focus Areas - The ways that distribution technologies can be leveraged to allow for easier creation of a multi-verse of artifacts from single source trees. This includes the increasing move toward self-contained applications and providing multiple non-parallel installed versions of software. - Efforts being made in shared environments around Build/Test/Release cycles. - Topics related to the delivery problem as it impacts updates in terms of both size and rollback/reliability are expected to be featured. ## Additional Topic Ideas - Distribution and Community collaborations, eg: how does code flow from developers to end users across communities, ensuring trust and code audibility - Automating building software for redistribution to minimize human involvement, eg: bots that branch and build software, bots that participate as team members extending human involvement - Cross-distribution collaboration on common issues, eg: content distribution, infrastructure, and documentation - Growing distribution communities, eg: onboarding new users, helping new contributors learn community values and technology, increasing contributor technical skills, recognizing and rewarding contribution - Principals of Rolling Releases, Long Term Supported Releases (LTS), Feature gated releases, and calendar releases - Distribution construction, installation, deployment, packaging and content management - Balancing new code and active upstreams verus security updates, back porting and minimization of user breaking changes - Delivering architecture independent software universally across architectures within the confines of distribution systems - Effectively communicating the difference in experience across architectures for developers, packagers, and users - Working with vendors and including them in the community - The future of distributions, emerging trends and evolving user demands from the idea of a platform Ideal submissions are actionable and opinionated. Submissions may be in the form of 25 or 50 minute talks, panel sessions, round-table discussions, or Birds of a Feather (BoF) sessions. Dates -- Submission Deadline: 02-Dec-2018 @ 2359 GMT Acceptance Notification: 7-Dec-2018 Final Schedule Posted: 14-Dec-2018 How to submit -- Visit https://penta.fosdem.org/submission/FOSDEM19 1.) If you do not have an account, create one here 2.) Click 'Create Event' 3.) Enter your presentation details 4.) Be sure to select the Distributions Devroom track! 5.) Submit What to include --- - The title of your submission - A 1-paragraph Abstract - A longer description including the benefit of your talk to your target audience, including a definition of your target audience. - Approximate length / type of submission (talk, BoF, ...) - Links to related websites/blogs/talk material (if any) Administrative Notes We will be live-streaming and recording the Distributions Devroom. Presenting at FOSDEM implies permission to record your session and distribute the recording afterwards. All videos will be made available under the standard FOSDEM content license (CC-BY). If you have any questions, feel free to contact the devroom organizers: distributions-devr...@lists.fosdem.org (https://lists.fosdem.org/listinfo/distributions-devroom) Cheers! Brian Exelbierd (twitter: @bexelbie) and Brian Stinson (twitter: @bstinsonmhk) for and on behalf of The Distributions Devroom Program Committee
httpd rewiterules like apache
Hi all, I was wondering if it is possible to do like a proxy rewrite like with Apache rewrite mod? RewriteRule ^(.*) http://some.tld/$1 [L,P] So here the P Flag should preserver the original domain in the url and just proxy the request to the other location (not on the same machine!) Since there is redirection I can do this but then the url gets of course replaced in a block directive block return 301 "http://dome.tld$REQUEST_URI"; I read that there is rewrite support but as far as I figured it's just for location on the filesystem ? regards -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: httpd rewiterules like apache
You should definitely try the relayd(8) route here. > On 1. Nov 2018, at 11:32, Markus Rosjat wrote: > > Hi all, > > I was wondering if it is possible to do like a proxy rewrite like with Apache > rewrite mod? > > RewriteRule ^(.*) http://some.tld/$1 [L,P] > > So here the P Flag should preserver the original domain in the url and just > proxy the request to the other location (not on the same machine!) > > Since there is redirection I can do this but then the url gets of course > replaced in a block directive > > block return 301 "http://dome.tld$REQUEST_URI"; > > I read that there is rewrite support but as far as I figured it's just for > location on the filesystem ? > > regards > > -- > Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > Königsbrücker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you > print it, think about your responsibility and commitment to the ENVIRONMENT > -- Tony GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F Threema: DN8PJX4Z signature.asc Description: Message signed with OpenPGP
Re: httpd rewiterules like apache
Hi, Am 01.11.2018 um 11:40 schrieb Tony Boston: You should definitely try the relayd(8) route here. that would be forwarding it to the ip like match request quick header "Host" value "*some.tld" forward to but that wouldnt solve something like RewriteRule ^(.*)http://some.tld/someotherdir/$1 [L,P] so a http://www.my.tld would go to http:/some.tld/something.http but woudnt http://some.tld/someotherdir/something.http or do I get it wrong? -- Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: vmm(4) direct device resources access from guests
It seems hardware passthrough does not available. On 11/1/2018 11:33 AM, Janne Johansson wrote: > Den tors 1 nov. 2018 kl 08:53 skrev Denis : >> >> Is it possible to have full I/O access to PCI-express devices from guest >> OSes like Penguin? >> > > https://www.openbsd.org/faq/faq16.html >
Re: Which key shortcuts are safe to bind and some Q:s about history and OS diffs Re: Ctrl+4 means SIGQUIT+coredump, where is this documented, what more shortcuts are there?
On 2018-11-01, Tinker wrote: >> > No idea how ^4 is mapped to ^\, but for some reason it is, >> >> See "Table 3-5 Keys Used to Generate 7-Bit Control Characters" in >> the VT220 Programmer Reference Manual: >> https://vt100.net/docs/vt220-rm/table3-5.html > > Historial reasons, a ha. And I'll venture a guess why DEC added those combinations: In order to type ^[ ^\ ^] to produce the ESC, FS, GS characters, you need keys for [ \ ]. If you look at non-English keyboard layouts, you'll see that the corresponding keys have been re-purposed for other characters. In the old days of national ASCII variants, even the characters [ \ ] didn't exist in many national encodings. Later, when extended 8-bit character sets were introduced, [ \ ] were only made available in a secondary mapping reachable with an extra modifier key (AltGr or such). And that's the situation right into the present. By contrast, combinations like ^3, ^4, ^5 were readily available on keyboards. https://en.wikipedia.org/wiki/ISO/IEC_646#ISO_646_national_variants -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: File sealing
Simon Ser wrote: > Hi all> I'd like to know if there are plans to add a feature similar to file > sealing [2] in OpenBSD. I don't think so. You explained a possible use, but didn't actually explain if code using file sealing already exists.
Re: vmm(4) direct device resources access from guests
On Thu, Nov 01, 2018 at 10:18:04AM +0300, Denis wrote: > Is it possible to have full I/O access to PCI-express devices from guest > OSes like Linux? no
Re: File sealing
Hi, On Thursday, November 1, 2018 6:25 PM, Ted Unangst wrote: > Simon Ser wrote: > > > Hi all> I'd like to know if there are plans to add a feature similar to file > > sealing [2] in OpenBSD. > > I don't think so. You explained a possible use, but didn't actually explain if > code using file sealing already exists. Thanks for your reply. Indeed, code using file sealing exists, for instance GTK+ [1] and GLFW [2]. I've been told that for this same use-case, another mechanism has already been implemented on OpenBSD. It's an additional parameter that can be passed to mmap and makes truncated regions appear as zeros instead of triggering SIGBUS. However I couldn't find any more info about this. Can you tell me more about this? Thanks, Simon Ser [1]: https://gitlab.gnome.org/GNOME/gtk/blob/master/gdk/wayland/gdkdisplay-wayland.c#L1223 [2]: https://github.com/glfw/glfw/blob/master/src/wl_window.c#L156
Re: File sealing
Simon Ser wrote: > Sometimes the two processes don't trust each other, for instance in the > case of Wayland. Bad clients may try to crash the compositor. > > One way to crash the compositor is to send a shared memory file descriptor > and then shrink the file. When the compositor tries to read the > now-unmapped part of the file it'll receive SIGBUS. > > What the compositor currently does is that it handles SIGBUS and ignores it > if it's about a memory slice mmapped from IPC. Apart from being a hack, > this makes things complicated because: I'be been reminded that there's a different way to solve this problem in OpenBSD. The secret __MAP_NOFAULT flag to mmap. See for instance use in libxshmfence.
Re: File sealing
On Thursday, November 1, 2018 6:49 PM, Ted Unangst wrote: > I'be been reminded that there's a different way to solve this problem in > OpenBSD. > > The secret __MAP_NOFAULT flag to mmap. See for instance use in libxshmfence. Oh, thanks! That's what I've been searching for.
Re: spamd and google smtp ips
W dniu 30/10/2018 o 23:39, Stuart Henderson pisze: I haven't run spamd myself for years, I got fed up with delayed and lost mails. Thanks. That was probably the tipping comment for me - I decided to search for alternative spam protection. It's the lost e-mails bing the the thing I cannot afford and in absence of *reliable* whitelist, I decided not to go this route. Best regards, Chris
Unexpected connection with `ifconfig join`
I've run into a strange problem using ifconfig's new join statements. I have two join lines in /etc/hostname.iwn0, with no nwid statement. When both of these APs are out of range, it connects to a third, unmentioned (open) AP. This is a network I've manually joined before, but do not want to join automatically. /etc/hostname.iwn0: join linksies wpakey 0123456789abcdef join sisco wpakey beef dhcp Output of `ifconfig iwn0 joinlist`: iwn0: flags=8843 mtu 1500 lladdr ab:cd:ef:12:34:56 index 2 priority 4 llprio 3 groups: wlan egress media: IEEE802.11 autoselect (HT-MCS6 mode 11n) status: active ieee80211: nwid BADWAP chan 64 bssid ff:ff:ff:ff:ff:ff -63dBm join: linksies sisco inet 192.168.50.85 netmask 0x8000 broadcast 192.168.50.255 I've tried adding '-join BADWAP' to hostname.iwn0, but it still joins automatically at boot. This started mid-September on -current, and I've been updating to newer shapshots at least weekly since then. Running a snapshot from earlier this week at the moment. Have I perhaps overlooked something? Thanks, Adam
Re: OpenBSD site
Even more amazing - if you see an error on the website, you can fix it and send a patch. If they like it, they'll include the change. I put in a patch a quite a few years ago to replace some broken links with archived counterparts[1] which Theo himself accepted [2]. Not tooting my own horn here, just saying that it can be done, and it's one of the things that's kept me coming back all these years. [1] https://marc.info/?l=openbsd-www&m=129340910201453&w=2 [2] https://marc.info/?l=openbsd-cvs&m=129355971818793&w=2 On Sun, Oct 28, 2018 at 10:01 AM Henry Bonath wrote: > > This is amazing to know, thank you! > > On Sat, Oct 27, 2018 at 3:11 PM wrote: > > > Knowing OpenBSD philosophy, you should probably NOT expect a CMS :). > > > > But you don't need to guess when you can check for yourself - all the > > sources are available for an anonymous CVS as described in [1]. > > > > You can easily have an up-to-date local copy on your machine by first > > reading manual pages on cvs(1), httpd(8) and httpd.conf(5) and then doing > > something like (as root): > > > > # mkdir -p /var/www/htdocs/openbsd > > # cd /var/www/htdocs/openbsd > > # cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs checkout -P www > > > > and adding the following section to /etc/httpd.conf: > > > > server "openbsd-doc" { > > listen on * port 81 > > root "/htdocs/openbsd/www" > > } > > > > and enabling httpd: > > > > # rcctl enable httpd > > > > After that, navigate to http://localhost:81 and enjoy browsing an offline > > copy of OpenBSD website. > > > > [1] https://www.openbsd.org/anoncvs.html > > > > > > On Sat, Oct 27, 2018, at 4:24 AM, Janne Johansson wrote: > > > Manual edits, no hurry to jump on this weeks fashionable web > > > framework, testing with lynx goes a long way to keep it simple and > > > readable. > > > > > > Den lör 27 okt. 2018 kl 11:14 skrev misc nick : > > > > > > > > I was wondering how you maintain and update such high quality content > > in OpenBSD's site. > > > > Do you manually edit html files, use a cms, or something else? I am > > asking to shamelessly > > > > copy your best practices. ;-) > > > > > > > > Thanks, > > > > Nick > > > > > > > > > > > > > -- > > > May the most significant bit of your life be positive. > > > > > > > -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse