Re: All my Rust programs stop working on OpenBSD 7.3

[Siegfried Levin]

Thanks. I believe that is the reason.

> On Apr 11, 2023, at 02:54, Theo Buehler  wrote:
> 
> 
>> 
>> Thanks. Actually that’s what I did. Rust package was updated by
>> “pkg_add -u rust” and then “cargo build —release” rebuilds the
>> projects. However, when I ran it, it crashed because of segment fault.
>> It no longer passes the tests as well,  “invalid memory reference” was
>> returned.
> 
> Without seeing a backtrace it is difficult to tell.
> 
> Another issue could be that you use things depending on the ring crate
> whose assembly isn't compatible with the new x-only protection on modern
> amd64 machines.
> 
> If so, you will need to 
> 
> # pkg_add rust-ring
> 
> and replace lines like this
> 
> ring = "^0.16"
> 
> with something like this in Cargo.toml:
> 
> [dependencies.ring]
> version = "^0.16"
> path = "/usr/local/share/ring-0.16.20"

OpenBSD 7.3 on Parallels 18 (M1)

[Tor Houghton]

To whom it may concern; after writing the arm64 install73.img to a USB stick
and booting from this, 7.3 boots and can run (at least in a tty-environment,
which I am interested in) on Parallels 18 on a macOS M1 machine.

One thing to note, however:

boot> set tty fb0

Or it will boot to a black screen (so write this to /etc/boot.conf after
install).

Kind regards + thanks,

Tor Houghton

Re: All my Rust programs stop working on OpenBSD 7.3

[Theo Buehler]

> Thanks. Actually that’s what I did. Rust package was updated by
> “pkg_add -u rust” and then “cargo build —release” rebuilds the
> projects. However, when I ran it, it crashed because of segment fault.
> It no longer passes the tests as well,  “invalid memory reference” was
> returned.

Without seeing a backtrace it is difficult to tell.

Another issue could be that you use things depending on the ring crate
whose assembly isn't compatible with the new x-only protection on modern
amd64 machines.

If so, you will need to 

# pkg_add rust-ring

and replace lines like this

ring = "^0.16"

with something like this in Cargo.toml:

[dependencies.ring]
version = "^0.16"
path = "/usr/local/share/ring-0.16.20"

Re: dns priority from different network connections - or disabling?

[Kaya Saman]

On 4/10/23 16:24, Daniele B. wrote:

Apr 10, 2023 12:52:22 Kaya Saman :


how do I override OpenBSD's
behavior to explicitly not use the dns servers obtained through ipcp but
instead use the ones form the resolv.conf file?

My solution both for security reasons (I'm using unbound)
for for practical reasons (as per your concerns) is to set immutable
resolv.conf by chflags.

Not the Solution but a very good workaround. Please investigate also
when you can take off the immutable flag too.

I take this time to wish you all an Happy Easter and obviously
lots of compliments for the 54th release of the ball fish system!



Do you mean setting resolv.conf as ReadOnly?


My resolv.conf file is fine and has the correct dns servers inside.


The issue is that pppoe negotiates the dns servers through ipcp. The dns 
servers therefor do *not* get loaded into the resolv.conf file but 
instead show up under: ifconfig pppoe0



This somehow is overriding my resolv.conf file; another words the 
information is *not* being used from resolv.conf and is instead being 
used from the ipcp negotiation as part of the pppoe kernel module.



The question is how to disable this behavior?

Re: All my Rust programs stop working on OpenBSD 7.3

[Siegfried Levin]

Thanks. Actually that’s what I did. Rust package was updated by “pkg_add -u 
rust” and then “cargo build —release” rebuilds the projects. However, when I 
ran it, it crashed because of segment fault. It no longer passes the tests as 
well,  “invalid memory reference” was returned.

> On Apr 11, 2023, at 00:09, Sebastien Marie  wrote:
> 
> On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote:
>> After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hours ago, all 
>> my programs written in Rust broke, including cargo installed with pkg_add on 
>> 7.2. I fixed Cargo by “pkg_add -u rust” and then recompiled some of my 
>> projects. Now they are having segment faults. Does anyone having the same 
>> error?
> 
> you need to rebuild your locally built programs with rustc from 7.3.
> 
> first, upgrade rustc/cargo with pkg_add -u, and next rebuild your programs as 
> usually, that's all.
> 
> for the long story: 7.3 comes with immutable stack, but old rust programs are 
> modifying it (so the kernel kills your programs).
> 
> the updated package has the required changes in rust std library. but you 
> will 
> need to rebuild your programs to make them to use the updated code (the 
> faulty 
> code is in rust std which is statically linked in all programs).
> 
> Thanks.
> -- 
> Sebastien Marie

Re: All my Rust programs stop working on OpenBSD 7.3

[Sebastien Marie]

On Mon, Apr 10, 2023 at 06:21:03PM +0200, Martin Schröder wrote:
> Am Mo., 10. Apr. 2023 um 18:10 Uhr schrieb Sebastien Marie 
> :
> > On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote:
> > > After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hours ago, 
> > > all my programs written in Rust broke, including cargo installed with 
> > > pkg_add on 7.2. I fixed Cargo by “pkg_add -u rust” and then recompiled 
> > > some of my projects. Now they are having segment faults. Does anyone 
> > > having the same error?
> >
> > you need to rebuild your locally built programs with rustc from 7.3.
> 
> Sounds like something the upgrade guide should mention...

maybe. but as OpenBSD doesn't promise ABI compatibility between releases, it is 
also expected to rebuild any local programs to match the new ABI. it isn't 
specific to Rust programs.

-- 
Sebastien Marie

Re: All my Rust programs stop working on OpenBSD 7.3

[Martin Schröder]

Am Mo., 10. Apr. 2023 um 18:10 Uhr schrieb Sebastien Marie :
> On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote:
> > After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hours ago, 
> > all my programs written in Rust broke, including cargo installed with 
> > pkg_add on 7.2. I fixed Cargo by “pkg_add -u rust” and then recompiled some 
> > of my projects. Now they are having segment faults. Does anyone having the 
> > same error?
>
> you need to rebuild your locally built programs with rustc from 7.3.

Sounds like something the upgrade guide should mention...

Best
Martin

Re: All my Rust programs stop working on OpenBSD 7.3

[Sebastien Marie]

On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote:
> After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hours ago, all 
> my programs written in Rust broke, including cargo installed with pkg_add on 
> 7.2. I fixed Cargo by “pkg_add -u rust” and then recompiled some of my 
> projects. Now they are having segment faults. Does anyone having the same 
> error?

you need to rebuild your locally built programs with rustc from 7.3.

first, upgrade rustc/cargo with pkg_add -u, and next rebuild your programs as 
usually, that's all.

for the long story: 7.3 comes with immutable stack, but old rust programs are 
modifying it (so the kernel kills your programs).

the updated package has the required changes in rust std library. but you will 
need to rebuild your programs to make them to use the updated code (the faulty 
code is in rust std which is statically linked in all programs).

Thanks.
-- 
Sebastien Marie

All my Rust programs stop working on OpenBSD 7.3

[Siegfried Levin]

After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hours ago, all my 
programs written in Rust broke, including cargo installed with pkg_add on 7.2. 
I fixed Cargo by “pkg_add -u rust” and then recompiled some of my projects. Now 
they are having segment faults. Does anyone having the same error?

PS: just realized I upgraded to 7.3 before it was officially announced 3 hours 
ago. Could that cause any issues?

Re: dns priority from different network connections - or disabling?

[Daniele B.]

Apr 10, 2023 12:52:22 Kaya Saman :

>>> how do I override OpenBSD's
>>> behavior to explicitly not use the dns servers obtained through ipcp but
>>> instead use the ones form the resolv.conf file?

My solution both for security reasons (I'm using unbound)
for for practical reasons (as per your concerns) is to set immutable
resolv.conf by chflags.

Not the Solution but a very good workaround. Please investigate also
when you can take off the immutable flag too.

I take this time to wish you all an Happy Easter and obviously
lots of compliments for the 54th release of the ball fish system!

PF: Redirect SOCKS connections to another server on a different net

[Charlie]

On an OpenBSD 7.2 system, I have access to a SOCKS proxy server
through VPN. After the VPN connection is established, any program that
supports SOCKS proxy can reach it by setting the relevant local VPN
address, 10.64.0.1, and the usual port number 1080.

I want to share the access to this proxy server on my OpenBSD machine
with other systems in my home network. So basically what I want is to
open a 1080 port on the OpenBSD server and redirect it to the local
VPN address 10.64.0.1. I have been successful in doing so with the
help of the "socat" program:

$ socat tcp-listen:1080,bind=192.168.1.10,reuseaddr,fork \
tcp:10.64.0.1:1080

I would very much like to replace the above command with pf rule(s).
All the combinations I tried with "rdr-to", "nat-to", "divert-to",
"synproxy state", etc. did not work. Could someone kindly point me in
the right direction (pun intended)?

Below is an illustration of my setup and the desired forwarding.

 ,--- OpenBSD system . VPN 
 |   |   / \
  ,--+-.,+. .---.
  | re0|| wg0:| | 10.64.0.1 |
  | 192.168.1.0/24 || 10.76.150.11/32 |-|   |
  :1080<===>:1080   |
  `--+-'`+' `---'
 |   |
 `---'

Cheers,
Charlie

OpenBSD 7.3 released

[Theo de Raadt]

- OpenBSD 7.3 RELEASED -

April 10, 2023.

We are pleased to announce the official release of OpenBSD 7.3.
This is our 54th release.  We remain proud of OpenBSD's record of more
than twenty years with only two remote holes in the default install.

As in our previous releases, 7.3 provides significant improvements,
including new features, in nearly all areas of the system:

 - Various kernel improvements:
o Added waitid(2), wait for process state change.
o Added pinsyscall(2), specify the call stub for a specific system
  call.
o Added getthrname(2) and setthrname(2), get or set thread name.
o Added WTRAPPED option for waitid(2) to control whether CLD_TRAPPED
  state changes, i.e., ptrace(2) on a process, are reported.
o Introduced clockintr(9), a machine-independent clock interrupt
  scheduler. Switched all architectures to use this new kernel
  subsystem.
o Added a priority queue to clockintr(9).
o Introduced a new kern.autoconf_serial sysctl(8) that can be used
  by userland to monitor state changes of the kernel device tree.
o Fixed pmap(9) bugs involving entering an executable mapping for a
  page before synchronizing the data and instruction cache on arm64
  and riscv64.
o Removed copystr(9) from public API.
o Add getnsecruntime(9) to the kernel timecounting API. Together
  with getbinruntime(), it provides a fast, monotonic clock that
  only advances while the system is not suspended.
o Add detection for Spectre-BHB Branch History Injection
  vulnerability related CLRBHB, ECBHB and CSV2_3/HCXT feature bits.
o Prevent detaching ("bioctl -d detach") of a boot volume on a RAID
  managed by bioctl(8).
o On arm64, avoid using 1GB mappings for the identity map in the
  early kernel bootstrap phase and when booting the secondary CPUs.
  This avoids accidentally mapping memory regions that should not be
  mapped (i.e. secure memory) as all mapped memory can be accessed
  speculatively.
o Added arm64 detection of EPAN feature bit. Enhanced Privileged
  Access Never (EPAN) allows Privileged Access Never to be used with
  Execute-only mappings.
o On arm64, add a machdep.lidaction sysctl(8) for aplsmc(4) Apple
  Silicon laptops.
  The arm64 default for the machdep.lidaction is 1, making the
  system suspend when the lid is closed. aplsmc(4) provides support
  for the lid position sensor.
o Changed arm64 suspend idle loop from WFE to WFI, avoiding spurious
  wakeups while other CPUs are still active.
o Added new dt(4) tracing ioctl DTIOCARGS to get the type of probe
  arguments.

 - SMP Improvements
o Unlocked mmap(2), munmap(2), and mprotect(2).
o Unlocked sched_yield(2).
o Added support for per-cpu event counters, to be used for clock and
  IPI counters where the event counted occurs across all CPUs in the
  system.
o Moved pf(4) purge tasks out from under the kernel lock.
o Unlocked ioctl(2) SIOCGIFCONF, SIOCGIFGMEMB, SIOCGIFGATTR, and
  SIOCGIFGLIST.
o Protected interface tables in pf(4) with PF_LOCK(), allowing
  removal of NET_LOCK() protection from the ioctl(2) code path in
  pf.
o Unlocked getsockopt(2) and setsockopt(2).
o Completed removing kernel lock from IPv6 read ioctls.
o Unlocked minherit(2).
o Made tun(4) and tap(4) event filters MP-safe.
o Unlocked utrace(2).
o Stopped holding the vm_map lock while flushing pages in msync(2)
  and madvise(2). Prevents a 3-thread deadlock between msync(2),
  page-fault and mmap(2).
o Unlocked select(2), pselect(2), poll(2), and ppoll(2).

 - Direct Rendering Manager and graphics drivers
o Updated drm(4) to Linux 6.1.15
o amdgpu(4): Added support for Ryzen 7000 "Raphael", Ryzen 7020
  series "Mendocino", Ryzen 7045 series "Dragon Range", Radeon RX
  7900 XT/XTX "Navi 31", Radeon RX 7600M (XT), 7700S, and 7600S
  "Navi 33."
o Fixed frame buffer corruption and additional bugs after wakeup on
  Apple Silicon laptops and the Lenovo x13s.
o Added support for the backlight connector property to amdgpu(4) as
  in inteldrm(4), making xbacklight(1) work when using the Xorg
  modesetting driver.

 - VMM/VMD improvements
o Updated vmm(4) to allow guests to read MSR_HWCR and MSR_PSTATEDEF,
  which is necessary to determine the TSC frequency on AMD families
  17h and 19h.
o Allocated reference for vm and vcpu SLISTs in vmm(4), keeping vmm
  from triggering excessive wakeup calls while iterating through the
  list of vms while servicing an ioctl(2).
o Set vmm(4) RAX guest register state based on VMCB.
o Removed locking in vmm(4) vmm_intr_pending, reducing slowdowns due
  to requests for a lock held while the VM is running.
o Increased speed 

Re: dns priority from different network connections - or disabling?

[Kaya Saman]

On 4/10/23 11:40, Jonathan Gray wrote:

On Mon, Apr 10, 2023 at 11:26:22AM +0100, Kaya Saman wrote:

Hi,


I'll ask the second question first as it might be easier to implement...


Currently I have found that the dns servers specified in the resolv.conf
file are not being used. Instead my machine is prioritizing the ISP obtained
servers from the ipcp protocol through the kernel ppp service. Within the
hostname.pppoe(x) file is there a way to disable the dns portion of the
negotiation?


If not, then this leads to my second question of how do I override OpenBSD's
behavior to explicitly not use the dns servers obtained through ipcp but
instead use the ones form the resolv.conf file?


in /etc/rc.conf.local
resolvd_flags=NO


Ok strange! This is already set and before emailing I checked that the 
resolvd, unbound, unwind, and even nsd services were not running using 'ps'.



Just attempted to stop resolvd using: /etc/rc.d/resolvd stop (incase it 
was running and I missed something) , it said "OK".


nslookup still shows the dns servers from ipcp and not the locally 
defined ones in resolv.conf






I'm not sure when the behavior changed but it is a recent thing either done
by an update or by adding my secondary ISP. Right now my system can't send
emails because it's using the wrong dns.

changed in sys/net/if_spppsubr.c rev 1.188
first release with that was OpenBSD 7.1



No no this odd behavior started recently?? I'm on: 7.3 
GENERIC.MP#1125 amd64



Maybe I ran: sh /etc/netstart pppoe0 which decided to override the 
resolv.conf file, I really am not sure but still...

Re: dns priority from different network connections - or disabling?

[Jonathan Gray]

On Mon, Apr 10, 2023 at 11:26:22AM +0100, Kaya Saman wrote:
> Hi,
> 
> 
> I'll ask the second question first as it might be easier to implement...
> 
> 
> Currently I have found that the dns servers specified in the resolv.conf
> file are not being used. Instead my machine is prioritizing the ISP obtained
> servers from the ipcp protocol through the kernel ppp service. Within the
> hostname.pppoe(x) file is there a way to disable the dns portion of the
> negotiation?
> 
> 
> If not, then this leads to my second question of how do I override OpenBSD's
> behavior to explicitly not use the dns servers obtained through ipcp but
> instead use the ones form the resolv.conf file?
> 

in /etc/rc.conf.local
resolvd_flags=NO

> 
> I'm not sure when the behavior changed but it is a recent thing either done
> by an update or by adding my secondary ISP. Right now my system can't send
> emails because it's using the wrong dns.

changed in sys/net/if_spppsubr.c rev 1.188
first release with that was OpenBSD 7.1

dns priority from different network connections - or disabling?

[Kaya Saman]

Hi,


I'll ask the second question first as it might be easier to implement...


Currently I have found that the dns servers specified in the resolv.conf 
file are not being used. Instead my machine is prioritizing the ISP 
obtained servers from the ipcp protocol through the kernel ppp service. 
Within the hostname.pppoe(x) file is there a way to disable the dns 
portion of the negotiation?



If not, then this leads to my second question of how do I override 
OpenBSD's behavior to explicitly not use the dns servers obtained 
through ipcp but instead use the ones form the resolv.conf file?



I'm not sure when the behavior changed but it is a recent thing either 
done by an update or by adding my secondary ISP. Right now my system 
can't send emails because it's using the wrong dns.




Thanks for any ideas.


Kaya