Re: NOINET6 by default
>> * Mark Kettenis [2014-05-15 00:15]: >>> I don't think this is a good idea; didn't we establish the other day >>> that "ifconfig eui64" already did what your +inet6 does? >> >> almost, it's ifconfig inet6 eui64 - but that isn't all THAT >> intuitive. I like +inet6 as the opposite of -inet6. >> I am rather late to the conversation. >We don't have "+" something. It is foo or -foo but not +foo. I know >that inet6 is already used for the regular addresses, but +inet6 >sounds like an inconsistent workaround for a workaround. I don't like >it. I agree. >To "enable IPv6" link-local I would rather prefer two options to put >either "inet6 eui64" (or an alias like "inet6 link-local") or an >actual inet6 address in your hostname.if. The latter should >automatically remove the flag and enable the link-local address - does >it work this way? I also agree. I do not like the word 'link-local', because it implies L2. What we are removing here is wire-local access via L3. I'd prefer to avoid the word "local" if we can... There is also a third path. That is to change the behaviour of 'ifconfig if proto', or more specifically of 'ifconfig if inet6'. But this will assuredly break someone's scripts...
Re: [PATCH 2] followup Speedstep bug
On Thu, May 22, 2014 at 7:24 AM, Benjamin Baier wrote: > Works for me. > Since this disables speedstep late in the init, wouldn't it be nice to > free est_fqlist before disabling (not enabling) speedstep? > Im running this diff for one week now, on amd64. > Committed (with additional warning comment). Thanks. Philip Guenther
Re: nginx + ssl breakage........
On Fri, May 23, 2014 at 11:16, ianmc...@tpg.com.au wrote: > Anybody else seeing this? > > > cc -c -O2 -pipe -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g - > DNGX_ENABLE_SYSLOG -DHAVE_CONFIG_H -DPCRE_STATIC > -DPOSIX_MALLOC_THRESHOLD=10 -I > src/core -I src/event -I src/event/modules -I src/os/unix -I src/pcre > -I objs -o > objs/src/event/ngx_event_openssl.o src/event/ngx_event_openssl.c > cc1: warnings being treated as errors > src/event/ngx_event_openssl.c: In function 'ngx_ssl_get_subject_dn': > src/event/ngx_event_openssl.c:2376: warning: 'CRYPTO_free' is deprecated Thanks. I've reverted the deprecation commit for now.
acpi rsdp patch
The ACPI RSDP table has a checksum and an extended checksum. At the moment
if the ACPI rvision is zero, the checksum is checked and if the revision
is more recent only the extended checksum field is checked.
However the spec says that the checksum field "...must sum to zero." At
the moment this isn't being checked if the revision is >= 2. I checked
intel's acpica implementation and it looks this is what they're doing
too.
Patch below is for i386 and amd64. I tested on i386.
ok?
Index: i386//i386/acpi_machdep.c
===
RCS file: /home/cvs/src/sys/arch/i386/i386/acpi_machdep.c,v
retrieving revision 1.53
diff -u -p -u -r1.53 acpi_machdep.c
--- i386//i386/acpi_machdep.c 25 Apr 2014 14:37:06 - 1.53
+++ i386//i386/acpi_machdep.c 23 May 2014 01:37:15 -
@@ -112,22 +112,23 @@ acpi_scan(struct acpi_mem_map *handle, p
if (acpi_map(pa, len, handle))
return (NULL);
- for (ptr = handle->va, i = 0;
-i < len;
-ptr += 16, i += 16)
- if (memcmp(ptr, RSDP_SIG, sizeof(RSDP_SIG) - 1) == 0) {
- rsdp = (struct acpi_rsdp1 *)ptr;
- /*
-* Only checksum whichever portion of the
-* RSDP that is actually present
-*/
- if (rsdp->revision == 0 &&
- acpi_checksum(ptr, sizeof(struct acpi_rsdp1)) == 0)
+ for (ptr = handle->va, i = 0; i < len; ptr += 16, i += 16) {
+ /* is there a valid signature? */
+ if (memcmp(ptr, RSDP_SIG, sizeof(RSDP_SIG) - 1))
+ continue;
+
+ /* is the checksum valid? */
+ if (acpi_checksum(ptr, sizeof(struct acpi_rsdp1)) != 0)
+ continue;
+
+ /* check the extended checksum as needed */
+ rsdp = (struct acpi_rsdp1 *)ptr;
+ if (rsdp->revision == 0)
+ return (ptr);
+ else if (rsdp->revision >= 2 && rsdp->revision <= 4)
+ if (acpi_checksum(ptr, sizeof(struct acpi_rsdp)) == 0)
return (ptr);
- else if (rsdp->revision >= 2 && rsdp->revision <= 4 &&
- acpi_checksum(ptr, sizeof(struct acpi_rsdp)) == 0)
- return (ptr);
- }
+ }
acpi_unmap(handle);
return (NULL);
Index: amd64//amd64/acpi_machdep.c
===
RCS file: /home/cvs/src/sys/arch/amd64/amd64/acpi_machdep.c,v
retrieving revision 1.60
diff -u -p -u -r1.60 acpi_machdep.c
--- amd64//amd64/acpi_machdep.c 25 Apr 2014 14:37:06 - 1.60
+++ amd64//amd64/acpi_machdep.c 23 May 2014 01:37:45 -
@@ -106,22 +106,23 @@ acpi_scan(struct acpi_mem_map *handle, p
if (acpi_map(pa, len, handle))
return (NULL);
- for (ptr = handle->va, i = 0;
-i < len;
-ptr += 16, i += 16)
- if (memcmp(ptr, RSDP_SIG, sizeof(RSDP_SIG) - 1) == 0) {
- rsdp = (struct acpi_rsdp1 *)ptr;
- /*
-* Only checksum whichever portion of the
-* RSDP that is actually present
-*/
- if (rsdp->revision == 0 &&
- acpi_checksum(ptr, sizeof(struct acpi_rsdp1)) == 0)
+ for (ptr = handle->va, i = 0; i < len; ptr += 16, i += 16) {
+ /* is there a valid signature? */
+ if (memcmp(ptr, RSDP_SIG, sizeof(RSDP_SIG) - 1))
+ continue;
+
+ /* is the checksum valid? */
+ if (acpi_checksum(ptr, sizeof(struct acpi_rsdp1)) != 0)
+ continue;
+
+ /* check the extended checksum as needed */
+ rsdp = (struct acpi_rsdp1 *)ptr;
+ if (rsdp->revision == 0)
+ return (ptr);
+ else if (rsdp->revision >= 2 && rsdp->revision <= 4)
+ if (acpi_checksum(ptr, sizeof(struct acpi_rsdp)) == 0)
return (ptr);
- else if (rsdp->revision >= 2 && rsdp->revision <= 4 &&
- acpi_checksum(ptr, sizeof(struct acpi_rsdp)) == 0)
- return (ptr);
- }
+ }
acpi_unmap(handle);
return (NULL);
nginx + ssl breakage........
Anybody else seeing this? cc -c -O2 -pipe -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g - DNGX_ENABLE_SYSLOG -DHAVE_CONFIG_H -DPCRE_STATIC -DPOSIX_MALLOC_THRESHOLD=10 -I src/core -I src/event -I src/event/modules -I src/os/unix -I src/pcre -I objs -o objs/src/event/ngx_event_openssl.o src/event/ngx_event_openssl.c cc1: warnings being treated as errors src/event/ngx_event_openssl.c: In function 'ngx_ssl_get_subject_dn': src/event/ngx_event_openssl.c:2376: warning: 'CRYPTO_free' is deprecated (declared at /usr/include/openssl/crypto.h:481) src/event/ngx_event_openssl.c:2383: warning: 'CRYPTO_free' is deprecated (declared at /usr/include/openssl/crypto.h:481) src/event/ngx_event_openssl.c: In function 'ngx_ssl_get_issuer_dn': src/event/ngx_event_openssl.c:2418: warning: 'CRYPTO_free' is deprecated (declared at /usr/include/openssl/crypto.h:481) src/event/ngx_event_openssl.c:2425: warning: 'CRYPTO_free' is deprecated (declared at /usr/include/openssl/crypto.h:481) *** Error 1 in obj (objs/Makefile:757 'objs/src/event/ngx_event_openssl.o') *** Error 1 in /usr/src/usr.sbin/nginx (Makefile:8 'build') Ian McWilliam
[PATCH] workaround buggy ACPI tables in some Intel boards
There was some discussion of this on misc@ recently. Some Baytrail
boards are setting local APIC flags to 0b11, which is a reserved value.
The acpidump and other info related to the problem is capture over
there, as well. Ref:
http://marc.info/?l=openbsd-misc&m=140043989412703&w=2
Instead of panicking, make like Linux and FreeBSD and assume level
trigger and low polarity.
Ref: http://www.freebsd.org/cgi/query-pr.cgi?pr=187966
This same system panics later when the Local APIC LINT Pin is set to
strange values for all four CPUs. I'm still thinking about that one, but
it will probably involve mpbios fixups.
This workaround separates the notion of a reserved value and a totally
unexpected value.
Anyway, just sharing this idea while I work away at this one.
Index: arch/amd64/include/mpbiosreg.h
===
RCS file: /cvs/src/sys/arch/amd64/include/mpbiosreg.h,v
retrieving revision 1.4
diff -u -p -r1.4 mpbiosreg.h
--- arch/amd64/include/mpbiosreg.h 23 Mar 2011 16:54:34 - 1.4
+++ arch/amd64/include/mpbiosreg.h 22 May 2014 04:39:59 -
@@ -63,12 +63,14 @@
#define MPS_INTPO_DEF 0
#define MPS_INTPO_ACTHI1
#define MPS_INTPO_ACTLO3
+#define MPS_INTPO_RESERVED 2
#define MPS_INTPO_SHIFT0
#define MPS_INTPO_MASK 3
#define MPS_INTTR_DEF 0
#define MPS_INTTR_EDGE 1
#define MPS_INTTR_LEVEL3
+#define MPS_INTTR_RESERVED 2
#define MPS_INTTR_SHIFT2
#define MPS_INTTR_MASK 3
Index: arch/i386/include/mpbiosreg.h
===
RCS file: /cvs/src/sys/arch/i386/include/mpbiosreg.h,v
retrieving revision 1.5
diff -u -p -r1.5 mpbiosreg.h
--- arch/i386/include/mpbiosreg.h 23 Mar 2011 16:54:35 - 1.5
+++ arch/i386/include/mpbiosreg.h 22 May 2014 04:52:29 -
@@ -63,12 +63,14 @@
#define MPS_INTPO_DEF 0
#define MPS_INTPO_ACTHI1
#define MPS_INTPO_ACTLO3
+#define MPS_INTPO_RESERVED 2
#define MPS_INTPO_SHIFT0
#define MPS_INTPO_MASK 3
#define MPS_INTTR_DEF 0
#define MPS_INTTR_EDGE 1
#define MPS_INTTR_LEVEL3
+#define MPS_INTTR_RESERVED 2
#define MPS_INTTR_SHIFT2
#define MPS_INTTR_MASK 3
Index: dev/acpi/acpimadt.c
===
RCS file: /cvs/src/sys/dev/acpi/acpimadt.c,v
retrieving revision 1.27
diff -u -p -r1.27 acpimadt.c
--- dev/acpi/acpimadt.c 18 May 2014 20:16:29 - 1.27
+++ dev/acpi/acpimadt.c 22 May 2014 23:02:55 -
@@ -165,6 +165,10 @@ acpimadt_cfg_intr(int flags, u_int32_t *
case MPS_INTPO_ACTLO:
*redir |= IOAPIC_REDLO_ACTLO;
break;
+ case MPS_INTPO_RESERVED:
+ printf("reserved MPS interrupt polarity %d, using low
polarity\n", mpspo);
+ *redir |= IOAPIC_REDLO_ACTLO;
+ break;
default:
panic("unknown MPS interrupt polarity %d", mpspo);
}
@@ -178,6 +182,10 @@ acpimadt_cfg_intr(int flags, u_int32_t *
case MPS_INTTR_DEF:
case MPS_INTTR_EDGE:
*redir &= ~IOAPIC_REDLO_LEVEL;
+ break;
+ case MPS_INTTR_RESERVED:
+ printf("reserved MPS interrupt trigger %d, using level
trigger\n", mpspo);
+ *redir |= IOAPIC_REDLO_LEVEL;
break;
default:
panic("unknown MPS interrupt trigger %d", mpstrig);
Re: [PATCH] libssl:Remove NULL checks before calling free()
> Hello,
>
> After reading
> http://www.openbsd.org/papers/bsdcan14-libressl/mgp00015.html , I
> thought I'd help a bit with cleaning libssl by running this
> Coccinelle[1] script on src/lib/libssl:
>
>
> @@
> identifier x;
> @@
> -if (x) { free(x); }
> +free(x);
>
>
> It removes unnecessary NULL checks that happen before a call to free(),
> and could probably also be run on some other parts of the OpenBSD code.
Applied, thanks!
Miod
[PATCH]unnecessary return in arc4random
Hi tech, does this return makes any sense, because it's a void function and the return is at the end of the function. fritjof Index: arc4random.c === RCS file: /cvs/src/lib/libc/crypt/arc4random.c,v retrieving revision 1.30 diff -u -p -r1.30 arc4random.c --- arc4random.c6 May 2014 16:06:33 - 1.30 +++ arc4random.c22 May 2014 14:21:35 - @@ -165,7 +165,6 @@ _rs_random_u32(u_int32_t *val) memcpy(val, rs_buf + RSBUFSZ - rs_have, sizeof(*val)); memset(rs_buf + RSBUFSZ - rs_have, 0, sizeof(*val)); rs_have -= sizeof(*val); - return; } u_int32_t
Re: [PATCH 2] followup Speedstep bug
Works for me. Since this disables speedstep late in the init, wouldn't it be nice to free est_fqlist before disabling (not enabling) speedstep? Im running this diff for one week now, on amd64. Index: est.c === RCS file: /cvs/src/sys/arch/amd64/amd64/est.c,v retrieving revision 1.31 diff -u -p -r1.31 est.c --- est.c 10 May 2014 18:59:29 - 1.31 +++ est.c 22 May 2014 14:08:00 - @@ -418,12 +418,12 @@ est_init(struct cpu_info *ci) return; if (est_fqlist->n < 2) - return; + goto nospeedstep; low = est_fqlist->table[est_fqlist->n - 1].mhz; high = est_fqlist->table[0].mhz; if (low == high) - return; + goto nospeedstep; perflevel = (cpuspeed - low) * 100 / (high - low); @@ -439,6 +439,12 @@ est_init(struct cpu_info *ci) cpu_setperf = est_setperf; setperf_prio = 3; + + return; + +nospeedstep: + free(est_fqlist->table, M_DEVBUF); + free(est_fqlist, M_DEVBUF); } void Index: est.c === RCS file: /cvs/src/sys/arch/i386/i386/est.c,v retrieving revision 1.41 diff -u -p -r1.41 est.c --- est.c 10 May 2014 18:59:29 - 1.41 +++ est.c 22 May 2014 14:13:32 - @@ -1177,12 +1177,12 @@ est_init(struct cpu_info *ci, int vendor return; if (est_fqlist->n < 2) - return; + goto nospeedstep; low = est_fqlist->table[est_fqlist->n - 1].mhz; high = est_fqlist->table[0].mhz; if (low == high) - return; + goto nospeedstep; perflevel = (cpuspeed - low) * 100 / (high - low); @@ -1198,6 +1198,12 @@ est_init(struct cpu_info *ci, int vendor cpu_setperf = est_setperf; setperf_prio = 3; + + return; + +nospeedstep: + free(est_fqlist->table, M_DEVBUF); + free(est_fqlist, M_DEVBUF); } void On 05/10/14 21:02, Philip Guenther wrote: On Sat, May 10, 2014 at 4:06 AM, Benjamin Baier wrote: After setting cpu clock to the minimum value in my BIOS, SpeedStep paniced on me. dmesg before and after patching at http://netzbasis.de/openbsd/speedstep/ The patch below works for me, tested on amd64. low == high == 800 cpuspeed == 798 (!) Thanks for the report! kettenis@ noted that there's no point in enabling speedstep if there nothing to range over, so I've committed a slightly different diff to do that instead. Philip Guenther
Re: move all stats under MALLOC_STATS
On 22 May 2014 07:29, Otto Moerbeek wrote:
> Hi,
>
> some stats are always computed. Move them under #ifdef MALLOC_STATS
> And a small thing for error reporting.
>
> ok?
Makes sense to me, looks good. ok krw@
Ken
>
> -Otto
>
>
> Index: malloc.c
> ===
> RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
> retrieving revision 1.165
> diff -u -p -r1.165 malloc.c
> --- malloc.c21 May 2014 15:47:51 - 1.165
> +++ malloc.c22 May 2014 11:25:09 -
> @@ -127,10 +127,16 @@ struct dir_info {
> size_t delete_moves;
> size_t cheap_realloc_tries;
> size_t cheap_reallocs;
> -#define STATS_INC(x) ((x)++)
> -#define STATS_ZERO(x) ((x) = 0)
> -#define STATS_SETF(x,y) ((x)->f = (y))
> + size_t malloc_used; /* bytes allocated */
> + size_t malloc_guarded; /* bytes used for guards */
> +#define STATS_ADD(x,y) ((x) += (y))
> +#define STATS_SUB(x,y) ((x) -= (y))
> +#define STATS_INC(x) ((x)++)
> +#define STATS_ZERO(x) ((x) = 0)
> +#define STATS_SETF(x,y)((x)->f = (y))
> #else
> +#define STATS_ADD(x,y) /* nothing */
> +#define STATS_SUB(x,y) /* nothing */
> #define STATS_INC(x) /* nothing */
> #define STATS_ZERO(x) /* nothing */
> #define STATS_SETF(x,y)/* nothing */
> @@ -189,8 +195,6 @@ char*malloc_options;/*
> compile-time o
> static char*malloc_func; /* current function */
> static int malloc_active; /* status of malloc */
>
> -static size_t malloc_guarded; /* bytes used for guards */
> -static size_t malloc_used;/* bytes allocated */
>
> static size_t rbytesused; /* random bytes used */
> static u_char rbytes[512]; /* random bytes */
> @@ -241,7 +245,7 @@ wrterror(char *msg, void *p)
> iov[0].iov_base = __progname;
> iov[0].iov_len = strlen(__progname);
> iov[1].iov_base = pidbuf;
> - snprintf(pidbuf, sizeof(pidbuf), "(%d)", getpid());
> + snprintf(pidbuf, sizeof(pidbuf), "(%d) in ", getpid());
> iov[1].iov_len = strlen(pidbuf);
> iov[2].iov_base = malloc_func;
> iov[2].iov_len = strlen(malloc_func);
> @@ -311,7 +315,7 @@ unmap(struct dir_info *d, void *p, size_
> if (psz > mopts.malloc_cache) {
> if (munmap(p, sz))
> wrterror("munmap", p);
> - malloc_used -= sz;
> + STATS_SUB(d->malloc_used, sz);
> return;
> }
> tounmap = 0;
> @@ -332,7 +336,7 @@ unmap(struct dir_info *d, void *p, size_
> tounmap = 0;
> d->free_regions_size -= r->size;
> r->size = 0;
> - malloc_used -= rsz;
> + STATS_SUB(d->malloc_used, rsz);
> }
> }
> if (tounmap > 0)
> @@ -372,7 +376,7 @@ zapcacheregion(struct dir_info *d, void
> r->p = NULL;
> d->free_regions_size -= r->size;
> r->size = 0;
> - malloc_used -= rsz;
> + STATS_SUB(d->malloc_used, rsz);
> }
> }
> }
> @@ -395,7 +399,7 @@ map(struct dir_info *d, size_t sz, int z
> if (psz > d->free_regions_size) {
> p = MMAP(sz);
> if (p != MAP_FAILED)
> - malloc_used += sz;
> + STATS_ADD(d->malloc_used, sz);
> /* zero fill not needed */
> return p;
> }
> @@ -439,7 +443,7 @@ map(struct dir_info *d, size_t sz, int z
> }
> p = MMAP(sz);
> if (p != MAP_FAILED)
> - malloc_used += sz;
> + STATS_ADD(d->malloc_used, sz);
> if (d->free_regions_size > mopts.malloc_cache)
> wrterror("malloc cache", NULL);
> /* zero fill not needed */
> @@ -625,7 +629,7 @@ omalloc_init(struct dir_info **dp)
> for (j = 0; j < MALLOC_CHUNK_LISTS; j++)
> LIST_INIT(&d->chunk_dir[i][j]);
> }
> - malloc_used += regioninfo_size;
> + STATS_ADD(d->malloc_used, regioninfo_size);
> d->canary1 = mopts.malloc_canary ^ (u_int32_t)(uintptr_t)d;
> d->canary2 = ~d->canary1;
>
> @@ -661,7 +665,7 @@ omalloc_grow(struct dir_info *d)
> if (p == MAP_FAILED)
> return 1;
>
> - malloc_used += newsize;
> + STATS_ADD(d->malloc_used, newsize);
> memset(p, 0, newsize);
> STATS_ZERO(d->inserts);
> STATS_ZERO(d->insert_collisions);
> @@ -681,7 +685,8 @@ omalloc_grow(struct dir_info *d)
> if (munmap(d->r, d->regions_total * sizeof(struct region_info)))
> wrterror("munmap", d->r);
> else
> - malloc_used -= d->regions_total * sizeof(struct region_info);
> +
Re: OpenBSD crash with pfsync
Hi Martin,
i'm using IPv6 but not on the syncdev interface, on all my other
interfaces (CARP & OSPF).
Here is the syncdev config:
inet 10.XX.XX.2 255.255.255.224 NONE
vlan 30 vlandev trunk1
and the pfsync config:
up
defer
syncdev vlan30
To precise how the bug happens, i have removed some other interfaces
before restarting it (a vlan57 and carp57 interfaces, childs of trunk1),
and also reloaded (without removing) the trunk1 interface.
Before do the "ifconfig pfsync0 up" i also saw that pfsync0 was down and
there is no syncdev (strange because the interface wasn't modified since
boot).
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le jeudi 22 mai 2014 à 12:49 +0200, Martin Pieuchot a écrit :
> Hello Loïc,
>
> On 22/05/14(Thu) 11:11, Loïc Blot wrote:
> > Hi,
> > today i upgraded my primary router from OpenBSD 5.4 to OpenBSD 5.5 (i
> > follow the process described here:
> > http://www.openbsd.org/faq/upgrade55.html and this is my 5th upgrade
> > from 5.4 to 5.5 since the release).
> >
> > After rebooting and doing the sysmerge without network copper cables, i
> > rebooted and set my carp & pfsync interfaces to down before plugging the
> > cables. At this time, the router was in a CARP INIT mode, no problem.
> >
> > Note: all the traffic was redirected to my second OpenBSD router (which
> > was upgraded at release time) 3 days ago, this routers hasn't any
> > problem and have exactly the same hardware and software configuration
> > (except some IPs).
> >
> > After finishing the upgrading process, i have incremented the carpdemote
> > counter to force CARP to be in BACKUP mode and then i have set all my
> > carp interface to up. Then ifaces were in BACKUP mode. No problem since
> > there all was right, all services works fine, etc.
> >
> > The last step i do is to do a "ifconfig pfsync0 up" and then a OpenBSD
> > crash.
>
> Thanks for the report. How is your pfsync0 interface configured? Same
> thing for its syncdev interface.
>
> > ddb{1}> trace
> > ip_output() at ip_output+0xdd9
>
> This is a use after free in IFP_TO_IA(), somehow one of the ifa pointer
> on the list of your syncdev is now pointing to memory that has been freed:
>
> > rcx 0xdeadbeefdeadbeef
>
> This should be pointing to `ifa_addr` which makes me believe that you
> are hitting a reference counting bug because it should not be possible
> to free an ifa which is still on the list of an ifp.
>
> Can you easily reproduce this bug? Do you use IPv6? If yes does
> setting "-inet6" on the syncdev interface helps?
>
> Martin
move all stats under MALLOC_STATS
Hi,
some stats are always computed. Move them under #ifdef MALLOC_STATS
And a small thing for error reporting.
ok?
-Otto
Index: malloc.c
===
RCS file: /cvs/src/lib/libc/stdlib/malloc.c,v
retrieving revision 1.165
diff -u -p -r1.165 malloc.c
--- malloc.c21 May 2014 15:47:51 - 1.165
+++ malloc.c22 May 2014 11:25:09 -
@@ -127,10 +127,16 @@ struct dir_info {
size_t delete_moves;
size_t cheap_realloc_tries;
size_t cheap_reallocs;
-#define STATS_INC(x) ((x)++)
-#define STATS_ZERO(x) ((x) = 0)
-#define STATS_SETF(x,y) ((x)->f = (y))
+ size_t malloc_used; /* bytes allocated */
+ size_t malloc_guarded; /* bytes used for guards */
+#define STATS_ADD(x,y) ((x) += (y))
+#define STATS_SUB(x,y) ((x) -= (y))
+#define STATS_INC(x) ((x)++)
+#define STATS_ZERO(x) ((x) = 0)
+#define STATS_SETF(x,y)((x)->f = (y))
#else
+#define STATS_ADD(x,y) /* nothing */
+#define STATS_SUB(x,y) /* nothing */
#define STATS_INC(x) /* nothing */
#define STATS_ZERO(x) /* nothing */
#define STATS_SETF(x,y)/* nothing */
@@ -189,8 +195,6 @@ char*malloc_options;/* compile-time
o
static char*malloc_func; /* current function */
static int malloc_active; /* status of malloc */
-static size_t malloc_guarded; /* bytes used for guards */
-static size_t malloc_used;/* bytes allocated */
static size_t rbytesused; /* random bytes used */
static u_char rbytes[512]; /* random bytes */
@@ -241,7 +245,7 @@ wrterror(char *msg, void *p)
iov[0].iov_base = __progname;
iov[0].iov_len = strlen(__progname);
iov[1].iov_base = pidbuf;
- snprintf(pidbuf, sizeof(pidbuf), "(%d)", getpid());
+ snprintf(pidbuf, sizeof(pidbuf), "(%d) in ", getpid());
iov[1].iov_len = strlen(pidbuf);
iov[2].iov_base = malloc_func;
iov[2].iov_len = strlen(malloc_func);
@@ -311,7 +315,7 @@ unmap(struct dir_info *d, void *p, size_
if (psz > mopts.malloc_cache) {
if (munmap(p, sz))
wrterror("munmap", p);
- malloc_used -= sz;
+ STATS_SUB(d->malloc_used, sz);
return;
}
tounmap = 0;
@@ -332,7 +336,7 @@ unmap(struct dir_info *d, void *p, size_
tounmap = 0;
d->free_regions_size -= r->size;
r->size = 0;
- malloc_used -= rsz;
+ STATS_SUB(d->malloc_used, rsz);
}
}
if (tounmap > 0)
@@ -372,7 +376,7 @@ zapcacheregion(struct dir_info *d, void
r->p = NULL;
d->free_regions_size -= r->size;
r->size = 0;
- malloc_used -= rsz;
+ STATS_SUB(d->malloc_used, rsz);
}
}
}
@@ -395,7 +399,7 @@ map(struct dir_info *d, size_t sz, int z
if (psz > d->free_regions_size) {
p = MMAP(sz);
if (p != MAP_FAILED)
- malloc_used += sz;
+ STATS_ADD(d->malloc_used, sz);
/* zero fill not needed */
return p;
}
@@ -439,7 +443,7 @@ map(struct dir_info *d, size_t sz, int z
}
p = MMAP(sz);
if (p != MAP_FAILED)
- malloc_used += sz;
+ STATS_ADD(d->malloc_used, sz);
if (d->free_regions_size > mopts.malloc_cache)
wrterror("malloc cache", NULL);
/* zero fill not needed */
@@ -625,7 +629,7 @@ omalloc_init(struct dir_info **dp)
for (j = 0; j < MALLOC_CHUNK_LISTS; j++)
LIST_INIT(&d->chunk_dir[i][j]);
}
- malloc_used += regioninfo_size;
+ STATS_ADD(d->malloc_used, regioninfo_size);
d->canary1 = mopts.malloc_canary ^ (u_int32_t)(uintptr_t)d;
d->canary2 = ~d->canary1;
@@ -661,7 +665,7 @@ omalloc_grow(struct dir_info *d)
if (p == MAP_FAILED)
return 1;
- malloc_used += newsize;
+ STATS_ADD(d->malloc_used, newsize);
memset(p, 0, newsize);
STATS_ZERO(d->inserts);
STATS_ZERO(d->insert_collisions);
@@ -681,7 +685,8 @@ omalloc_grow(struct dir_info *d)
if (munmap(d->r, d->regions_total * sizeof(struct region_info)))
wrterror("munmap", d->r);
else
- malloc_used -= d->regions_total * sizeof(struct region_info);
+ STATS_SUB(d->malloc_used,
+ d->regions_total * sizeof(struct region_info));
d->regions_free = d->regions_free + d->regions_total;
d->regions_total = newtotal;
d->r = p;
@@ -710,7 +715,7 @@ alloc_chunk_info(struct dir_info *d, int
q = MMAP(MALLOC_PAG
Re: OpenBSD crash with pfsync
Hello Loïc,
On 22/05/14(Thu) 11:11, Loïc Blot wrote:
> Hi,
> today i upgraded my primary router from OpenBSD 5.4 to OpenBSD 5.5 (i
> follow the process described here:
> http://www.openbsd.org/faq/upgrade55.html and this is my 5th upgrade
> from 5.4 to 5.5 since the release).
>
> After rebooting and doing the sysmerge without network copper cables, i
> rebooted and set my carp & pfsync interfaces to down before plugging the
> cables. At this time, the router was in a CARP INIT mode, no problem.
>
> Note: all the traffic was redirected to my second OpenBSD router (which
> was upgraded at release time) 3 days ago, this routers hasn't any
> problem and have exactly the same hardware and software configuration
> (except some IPs).
>
> After finishing the upgrading process, i have incremented the carpdemote
> counter to force CARP to be in BACKUP mode and then i have set all my
> carp interface to up. Then ifaces were in BACKUP mode. No problem since
> there all was right, all services works fine, etc.
>
> The last step i do is to do a "ifconfig pfsync0 up" and then a OpenBSD
> crash.
Thanks for the report. How is your pfsync0 interface configured? Same
thing for its syncdev interface.
> ddb{1}> trace
> ip_output() at ip_output+0xdd9
This is a use after free in IFP_TO_IA(), somehow one of the ifa pointer
on the list of your syncdev is now pointing to memory that has been freed:
> rcx 0xdeadbeefdeadbeef
This should be pointing to `ifa_addr` which makes me believe that you
are hitting a reference counting bug because it should not be possible
to free an ifa which is still on the list of an ifp.
Can you easily reproduce this bug? Do you use IPv6? If yes does
setting "-inet6" on the syncdev interface helps?
Martin
OpenBSD crash with pfsync
Hi,
today i upgraded my primary router from OpenBSD 5.4 to OpenBSD 5.5 (i
follow the process described here:
http://www.openbsd.org/faq/upgrade55.html and this is my 5th upgrade
from 5.4 to 5.5 since the release).
After rebooting and doing the sysmerge without network copper cables, i
rebooted and set my carp & pfsync interfaces to down before plugging the
cables. At this time, the router was in a CARP INIT mode, no problem.
Note: all the traffic was redirected to my second OpenBSD router (which
was upgraded at release time) 3 days ago, this routers hasn't any
problem and have exactly the same hardware and software configuration
(except some IPs).
After finishing the upgrading process, i have incremented the carpdemote
counter to force CARP to be in BACKUP mode and then i have set all my
carp interface to up. Then ifaces were in BACKUP mode. No problem since
there all was right, all services works fine, etc.
The last step i do is to do a "ifconfig pfsync0 up" and then a OpenBSD
crash.
Following you can found the trace, the ps and the registers.
I haven't seen any errata for pfsync, then i didn't patched the kernel,
it's the GENERIC BSD.MP.
Is there any workaround ? A kernel patch to apply ?
Thanks in advance
=
ddb{1}> trace
ip_output() at ip_output+0xdd9
pfsync_sendout() at pfsync_sendout+0x489
netintr() at netintr+0xed
softintr_dispatch() at softintr_dispatch+0x5d
Xsoftnet() at Xsoftnet+0x2d
--- interrupt ---
end of kernel
end trace frame: 0x80206910, count: -5
0x80943000:
PID PPID PGRPUID S FLAGS WAIT COMMAND
*18270 3703 18270 0 7 0x3ifconfig
3769 19350 19350 70 30x90 selectnamed
19350 1 19350 0 30x90 netio named
20234617 19369515 30x82 netio squidGuard
14044617 19369515 30x82 netio squidGuard
16252617 19369515 30x82 netio squidGuard
7350617 19369515 30x82 netio squidGuard
7207617 19369515 30x82 netio squidGuard
4662617 19369515 30x82 netio squidGuard
20849617 19369515 30x82 netio squidGuard
15847617 19369515 30x82 netio squidGuard
24271617 19369515 30x82 netio squidGuard
9469617 19369515 30x82 netio squidGuard
26465617 19369515 30x82 netio squidGuard
25889617 19369515 30x82 netio squidGuard
18394617 19369515 30x82 netio squidGuard
24590617 19369515 30x82 netio squidGuard
26389617 19369515 30x82 netio squidGuard
9456617 19369515 30x82 netio squidGuard
11447617 19369515 30x82 netio squidGuard
13398617 19369515 30x82 netio squidGuard
23571617 19369515 30x82 netio squidGuard
13704617 19369515 30x82 netio squidGuard
22507617 19369515 30x82 netio squidGuard
4039617 19369515 30x82 netio squidGuard
22683617 19369515 30x82 netio squidGuard
9501617 19369515 30x82 netio squidGuard
23298617 19369515 30x82 netio squidGuard
966617 19369515 30x82 netio squidGuard
31585617 19369515 30x82 netio squidGuard
3979617 19369515 30x82 netio squidGuard
23135617 19369515 30x82 netio squidGuard
2705617 19369515 30x82 netio squidGuard
414617 19369515 30x82 netio squidGuard
26606617 19369515 30x82 netio squidGuard
31755617 19369515 30x82 netio squidGuard
315617 19369515 30x82 netio squidGuard
649617 19369515 30x82 netio squidGuard
26506617 19369515 30x82 netio squidGuard
7278617 19369515 30x82 netio squidGuard
21806617 19369515 30x82 netio squidGuard
32275617 19369515 30x82 netio squidGuard
28676617 19369515 30x82 netio squidGuard
2160617 19369515 30x82 netio squidGuard
30698617 19369515 30x82 netio squidGuard
3057617 19369515 30x82 netio squidGuard
17056617 19369515 30x82 netio squidGuard
17734617 19369515 30x82 netio squidGuard
22101617 19369515 30x82
