libc: make internal _malloc_init() calls go direct

[Philip Guenther]

Diff below makes the calls to _malloc_init() from inside libc go direct, 
while leaving malloc_init() callable from outside for libpthread, 
eliminating the overridable PLT entry for _malloc_init.

ok?


With the harsh light of California beating down on me, I now wonder if we 
should have instead had libc provide a "_malloc_make_me_mt()" routine that 
knows how to frob the normally-made-readonly mopts bits, but
 a) can only set the malloc_mt flag, and
 b) blocks all signals while doing so.
Would that be less of a target for exploits?


Anyway.

I only caught this when I saw it while ltrace'ing something unrelated, 
which is a bad way to realize you missed something.  My apologies to otto@ 
and everyone following OpenBSD for not catching this earlier.  I don't 
have a firm idea on how to prevent this sort of thing in the future yet; 
suggestions?  Maybe the libc.so.* build should have a check that matches a 
regexp against the overridable symbols and fails if an unexpected symbol 
is present?  Mind you, that check is difficult to write on mips64 and and 
a couple other archs due to arch weirdness, but maybe it's Good Enough if 
it works on x86, sparc64, and arm?


Philip Guenther


Index: include/thread_private.h
===
RCS file: /data/src/openbsd/src/lib/libc/include/thread_private.h,v
retrieving revision 1.28
diff -u -p -r1.28 thread_private.h
--- include/thread_private.h1 Sep 2016 10:41:02 -   1.28
+++ include/thread_private.h11 Sep 2016 05:06:29 -
@@ -9,6 +9,9 @@
 
 #define _MALLOC_MUTEXES 4
 void _malloc_init(int);
+#ifdef __LIBC__
+PROTO_NORMAL(_malloc_init);
+#endif /* __LIBC__ */
 
 /*
  * The callbacks needed by libc to handle the threaded case.
Index: stdlib/malloc.c
===
RCS file: /data/src/openbsd/src/lib/libc/stdlib/malloc.c,v
retrieving revision 1.195
diff -u -p -r1.195 malloc.c
--- stdlib/malloc.c 1 Sep 2016 10:41:02 -   1.195
+++ stdlib/malloc.c 11 Sep 2016 05:06:47 -
@@ -1226,6 +1226,7 @@ _malloc_init(int from_rthreads)
mprotect(_readonly, sizeof(malloc_readonly), PROT_READ);
_MALLOC_UNLOCK(0);
 }
+DEF_STRONG(_malloc_init);
 
 void *
 malloc(size_t size)

libm: make sqrtl() use fe*() instead of fp*()

[Philip Guenther]

On systems that don't have a native version, we use an implementation of 
sqrtl() (square-root of long double) that -- to do its job -- pokes at the 
floating-point exception state and rounding mode.  In particular, at a key 
point it clears any previous "inexact" exception and sets the rounding 
mode to "toward zero" and then does a division.  It then tests whether 
that raised an "inexact" exception and fixes the result up based on that, 
and finally restores the rounding mode before returning.

The current version does that using the old, non-standard fp* routines: 
fp{set,get}sticky() and fpsetround().  This diff switches it to the new, 
standardized fe* routines: fe{clear,test}except() and fe{get,set}round().

(Why bother?  The fp* routines are defined in libc, while the fe* routines 
are defined inside libm itself...which means that with some symbol 
redirection they can be made to call directly, without going through the 
PLT.  This diff is thus a prelude to the larger diff I have sitting in my 
tree to do exactly that, reducing 136 PLT entries to just 22 on amd64, for 
example.  Even on a HW-FP-poor arch like mips64 it gets reduced from 204 
to only 56 PLT entries.)

ok?


Philip Guenther


Index: src/e_sqrtl.c
===
RCS file: /data/src/openbsd/src/lib/libm/src/e_sqrtl.c,v
retrieving revision 1.1
diff -u -p -r1.1 e_sqrtl.c
--- src/e_sqrtl.c   9 Dec 2008 20:00:35 -   1.1
+++ src/e_sqrtl.c   11 Sep 2016 03:47:45 -
@@ -26,9 +26,9 @@
  */
 
 #include 
-#include 
+#include   /* for struct ieee_ext */
+#include 
 #include 
-#include 
 #include 
 
 #ifdef EXT_IMPLICIT_NBIT
@@ -204,27 +204,28 @@ sqrtl(long double x)
u.e = xn + lo;  /* Combine everything. */
u.bits.ext_exp += (k >> 1) - 1;
 
-   fpsetsticky(fpgetsticky() & ~FP_X_IMP);
-   r = fpsetround(FP_RZ);  /* Set to round-toward-zero. */
+   feclearexcept(FE_INEXACT);
+   r = fegetround();
+   fesetround(FE_TOWARDZERO);  /* Set to round-toward-zero. */
xn = x / u.e;   /* Chopped quotient (inexact?). */
 
-   if (!(fpgetsticky() & FP_X_IMP)) { /* Quotient is exact. */
+   if (!fetestexcept(FE_INEXACT)) { /* Quotient is exact. */
if (xn == u.e) {
-   fpsetround(r);
+   fesetround(r);
return (u.e);
}
/* Round correctly for inputs like x = y**2 - ulp. */
xn = dec(xn);   /* xn = xn - ulp. */
}
 
-   if (r == FP_RN) {
+   if (r == FE_TONEAREST) {
xn = inc(xn);   /* xn = xn + ulp. */
-   } else if (r == FP_RP) {
+   } else if (r == FE_UPWARD) {
u.e = inc(u.e); /* u.e = u.e + ulp. */
xn = inc(xn);   /* xn  = xn + ulp. */
}
u.e = u.e + xn; /* Chopped sum. */
-   fpsetround(r);  /* Restore env and raise inexact */
+   fesetround(r);  /* Restore env and raise inexact */
u.bits.ext_exp--;
return (u.e);
 }

Re: binutils-2.17 ownership fixes

[Philip Guenther]

On Sat, 10 Sep 2016, Philip Guenther wrote:
> Same diff as binutils, with same open question:
> 
> > Maybe we should add ${INSTALL_STRIP} to the INSTALL_PROGRAM assignment 
> > here?

Here's the combined diff that does that.

(Note to self: if you set DEBUG in /etc/mk.conf, INSTALL_STRIP isn't set)

ok?

Philip


Index: gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper
===
RCS file: /data/src/openbsd/src/gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile.bsd-wrapper
--- gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper  5 Jul 2013 21:29:51 
-   1.8
+++ gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper  11 Sep 2016 01:54:10 
-
@@ -102,7 +102,8 @@ install: maninstall
tooldir=${PREFIX} \
BSDSRCDIR=${BSDSRCDIR} \
INSTALL_MODULES='${INSTALL_MODULES}' \
-   INSTALL_PROGRAM='install -c -S' \
+   INSTALL_PROGRAM='install -c -S ${INSTALL_STRIP} -o ${BINOWN} -g 
${BINGRP} -m ${BINMODE}' \
+   INSTALL_DATA='install -c -o ${BINOWN} -g ${DOCGRP} -m 
${NONBINMODE}' \
INSTALL_INFO_HOST_MODULES='${INSTALL_INFO_HOST_MODULES}' \
  install install-info
 
Index: gnu/usr.bin/binutils/Makefile.bsd-wrapper
===
RCS file: /data/src/openbsd/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper,v
retrieving revision 1.83
diff -u -p -r1.83 Makefile.bsd-wrapper
--- gnu/usr.bin/binutils/Makefile.bsd-wrapper   1 Jun 2015 17:36:19 -   
1.83
+++ gnu/usr.bin/binutils/Makefile.bsd-wrapper   11 Sep 2016 01:54:15 -
@@ -81,7 +81,8 @@ install: maninstall
tooldir=${PREFIX} \
BSDSRCDIR=${BSDSRCDIR} \
INSTALL_MODULES='${INSTALL_MODULES}' \
-   INSTALL_PROGRAM='install -c -S' \
+   INSTALL_PROGRAM='install -c -S ${INSTALL_STRIP} -o ${BINOWN} -g 
${BINGRP} -m ${BINMODE}' \
+   INSTALL_DATA='install -c -o ${BINOWN} -g ${DOCGRP} -m 
${NONBINMODE}' \
INSTALL_INFO_HOST_MODULES='${INSTALL_INFO_HOST_MODULES}' \
  install install-info
 

Re: /usr/sbin/sysctl owner

[Philip Guenther]

On Sat, Sep 10, 2016 at 1:42 PM, Philip Guenther  wrote:
> On Sat, 10 Sep 2016, Philip Guenther wrote:
>
>> On Sat, 10 Sep 2016, Martin Natano wrote:
>> > Yet another symlink that belongs to root. Ok?
>> ...
>> > --- sbin/sysctl/Makefile4 May 2016 19:48:08 -   1.11
>> > +++ sbin/sysctl/Makefile10 Sep 2016 18:05:09 -
>> > @@ -7,5 +7,6 @@ CPPFLAGS+=  -D_LIBKVM
>> >
>> >  afterinstall:
>> > ln -sf ../../sbin/sysctl ${DESTDIR}/usr/sbin
>> > +   chown -h root:wheel ${DESTDIR}/usr/sbin/sysctl
>>
>> ok guenther@
>
> Actually, maybe that should be root:bin to match the other files in
> /usr/sbin

Or rather: they should be ${BINOWN}:${BINGRP}

I'll stop talking to myself (about this) now...

binutils-2.17 ownership fixes

[Philip Guenther]

Same diff as binutils, with same open question:

> Maybe we should add ${INSTALL_STRIP} to the INSTALL_PROGRAM assignment 
> here?

ok?


Index: usr.bin/binutils-2.17/Makefile.bsd-wrapper
===
RCS file: /data/src/openbsd/src/gnu/usr.bin/binutils-2.17/Makefile.bsd-wrapper,v
retrieving revision 1.8
diff -u -p -r1.8 Makefile.bsd-wrapper
--- usr.bin/binutils-2.17/Makefile.bsd-wrapper  5 Jul 2013 21:29:51 -   
1.8
+++ usr.bin/binutils-2.17/Makefile.bsd-wrapper  10 Sep 2016 21:42:14 -
@@ -102,7 +102,8 @@ install: maninstall
tooldir=${PREFIX} \
BSDSRCDIR=${BSDSRCDIR} \
INSTALL_MODULES='${INSTALL_MODULES}' \
-   INSTALL_PROGRAM='install -c -S' \
+   INSTALL_PROGRAM='install -c -S -o ${BINOWN} -g ${BINGRP} -m 
${BINMODE}' \
+   INSTALL_DATA='install -c -o ${BINOWN} -g ${DOCGRP} -m 
${NONBINMODE}' \
INSTALL_INFO_HOST_MODULES='${INSTALL_INFO_HOST_MODULES}' \
  install install-info
 

binutils ownership fixes

[Philip Guenther]

This should fix the ownership (and mode) of /usr/bin/gdb and its 
associated info pages.

ok?

One open question: we never strip gdb, unlike other binaries.  Maybe we 
should add ${INSTALL_STRIP} to the INSTALL_PROGRAM assignment here?

Philip Guenther


Index: usr.bin/binutils/Makefile.bsd-wrapper
===
RCS file: /data/src/openbsd/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper,v
retrieving revision 1.83
diff -u -p -r1.83 Makefile.bsd-wrapper
--- usr.bin/binutils/Makefile.bsd-wrapper   1 Jun 2015 17:36:19 -   
1.83
+++ usr.bin/binutils/Makefile.bsd-wrapper   10 Sep 2016 21:33:56 -
@@ -81,7 +81,8 @@ install: maninstall
tooldir=${PREFIX} \
BSDSRCDIR=${BSDSRCDIR} \
INSTALL_MODULES='${INSTALL_MODULES}' \
-   INSTALL_PROGRAM='install -c -S' \
+   INSTALL_PROGRAM='install -c -S -o ${BINOWN} -g ${BINGRP} -m 
${BINMODE}' \
+   INSTALL_DATA='install -c -o ${BINOWN} -g ${DOCGRP} -m 
${NONBINMODE}' \
INSTALL_INFO_HOST_MODULES='${INSTALL_INFO_HOST_MODULES}' \
  install install-info
 

Re: more clang libc fun

[Philip Guenther]

On Sat, 10 Sep 2016, Mark Kettenis wrote:
> From: Philip Guenther 
...
> > Also interesting that it generates memmove() calls.  Wonder where it 
> > ended up doing that.
> 
> Well, clang actually calls the functions with their standard name even 
> for the cases where we explicitly call those functions in the source 
> code.  And since we do call memmove() in various places in the source 
> code, that's where they come from.

Ah.  Still: it's totally ignoring our renaming for those?  Thanks, clang!  
Guess I'll need to roll up my sleeves on this...

Re: more clang libc fun

[Mark Kettenis]

> Date: Sat, 10 Sep 2016 13:55:15 -0700
> From: Philip Guenther 
> 
> On Sat, 10 Sep 2016, Mark Kettenis wrote:
> > Thanks.  Now the only issue seems to be:
> > 
> > barber$ check_sym  
> > /usr/lib/libc.so.89.1 --> obj/libc.so.89.1
> > Dynamic export changes:
> > PLT added:
> > __stack_smash_handler
> > memcpy
> > memmove
> > memset
> > 
> > Not sure how to tackle those yet.
> 
> Harumph.  That's what that chunk at the bottom of include/namespace.h is 
> there for.  This will take some research to figure out how to get clang to 
> apply asm names to calls that it generates.  :-(  Not the end of the 
> world, just annoying.
> 
> (gcc's support for renames like this is incomplete, btw, at least in our 
> old version: I couldn't find a way to do this sort of renaming on calls 
> generated to math helper functions like __umodsi3.  gcc also ignores the 
> renaming on certain functions when it tries to optimize out calls to them 
> but ends up calling them anway, including ffs() on archs like sparc64 and 
> mips64 which don't have it as a compiler builtin, so that even though we 
> do an internal renaming, gcc still generates a call to ffs() instead of 
> _libc_ffs().  Fail)
> 
> 
> Also interesting that it generates memmove() calls.  Wonder where it ended 
> up doing that.

Well, clang actually calls the functions with their standard name even
for the cases where we explicitly call those functions in the source
code.  And since we do call memmove() in various places in the source
code, that's where they come from.

Re: mailwrapper symlinks owner

[Philip Guenther]

On Sat, 10 Sep 2016, Martin Natano wrote:
> Another set of symlinks, same drill: the owner should be root. Ok?
...
> --- usr.sbin/mailwrapper/Makefile 16 Mar 2009 22:34:13 -  1.5
> +++ usr.sbin/mailwrapper/Makefile 10 Sep 2016 17:53:45 -
> @@ -13,5 +13,9 @@ afterinstall:
>   ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/sbin/makemap
>   ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/hoststat
>   ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/purgestat
> + chown -h root:wheel ${DESTDIR}/usr/sbin/sendmail \
> + ${DESTDIR}/usr/bin/newaliases ${DESTDIR}/usr/bin/mailq \
> + ${DESTDIR}/usr/sbin/makemap ${DESTDIR}/usr/bin/hoststat \
> + ${DESTDIR}/usr/bin/purgestat

root:bin on these too, IMO.

modulo that, ok guenther@

Re: create /usr/share/calendar/$lang with root owner

[Philip Guenther]

On Sat, 10 Sep 2016, Martin Natano wrote:
> Currently the /usr/share/calendar/$lang directories are created with the 
> build user as owner, but should be owned by root. Ok?

ok guenther@

Re: more clang libc fun

[Philip Guenther]

On Sat, 10 Sep 2016, Mark Kettenis wrote:
> Thanks.  Now the only issue seems to be:
> 
> barber$ check_sym  
> /usr/lib/libc.so.89.1 --> obj/libc.so.89.1
> Dynamic export changes:
> PLT added:
> __stack_smash_handler
> memcpy
> memmove
> memset
> 
> Not sure how to tackle those yet.

Harumph.  That's what that chunk at the bottom of include/namespace.h is 
there for.  This will take some research to figure out how to get clang to 
apply asm names to calls that it generates.  :-(  Not the end of the 
world, just annoying.

(gcc's support for renames like this is incomplete, btw, at least in our 
old version: I couldn't find a way to do this sort of renaming on calls 
generated to math helper functions like __umodsi3.  gcc also ignores the 
renaming on certain functions when it tries to optimize out calls to them 
but ends up calling them anway, including ffs() on archs like sparc64 and 
mips64 which don't have it as a compiler builtin, so that even though we 
do an internal renaming, gcc still generates a call to ffs() instead of 
_libc_ffs().  Fail)


Also interesting that it generates memmove() calls.  Wonder where it ended 
up doing that.


Philip

Re: more clang libc fun

[Mark Kettenis]

> Date: Sat, 10 Sep 2016 13:33:58 -0700
> From: Philip Guenther 
> 
> On Sat, 10 Sep 2016, Mark Kettenis wrote:
> > Seems the clang assembler ignores a .weak directive before the symbol is 
> > defined.
> > 
> > ok?
> 
> certainly.

Thanks.  Now the only issue seems to be:

barber$ check_sym  
/usr/lib/libc.so.89.1 --> obj/libc.so.89.1
Dynamic export changes:
PLT added:
__stack_smash_handler
memcpy
memmove
memset

Not sure how to tackle those yet.

Re: /usr/sbin/sysctl owner

[Philip Guenther]

On Sat, 10 Sep 2016, Philip Guenther wrote:

> On Sat, 10 Sep 2016, Martin Natano wrote:
> > Yet another symlink that belongs to root. Ok?
> ...
> > --- sbin/sysctl/Makefile4 May 2016 19:48:08 -   1.11
> > +++ sbin/sysctl/Makefile10 Sep 2016 18:05:09 -
> > @@ -7,5 +7,6 @@ CPPFLAGS+=  -D_LIBKVM
> >  
> >  afterinstall:
> > ln -sf ../../sbin/sysctl ${DESTDIR}/usr/sbin
> > +   chown -h root:wheel ${DESTDIR}/usr/sbin/sysctl
> 
> ok guenther@

Actually, maybe that should be root:bin to match the other files in 
/usr/sbin

Re: /usr/sbin/sysctl owner

[Philip Guenther]

On Sat, 10 Sep 2016, Martin Natano wrote:
> Yet another symlink that belongs to root. Ok?
...
> --- sbin/sysctl/Makefile  4 May 2016 19:48:08 -   1.11
> +++ sbin/sysctl/Makefile  10 Sep 2016 18:05:09 -
> @@ -7,5 +7,6 @@ CPPFLAGS+=-D_LIBKVM
>  
>  afterinstall:
>   ln -sf ../../sbin/sysctl ${DESTDIR}/usr/sbin
> + chown -h root:wheel ${DESTDIR}/usr/sbin/sysctl

ok guenther@

libm: don't use deprecated classification macros

[Philip Guenther]

fpclassify(3) says:

 The symbols isinff(), and isnanf() are provided as compatibility aliases
 to isinf(), and isnan(), respectively, and their uses are deprecated.
 Similarly, finite() and finitef() are deprecated versions of isfinite().

So let's use the preferred names in libm.

ok?

Philip


Index: noieee_src/n_atan2.c
===
RCS file: /cvs/src/lib/libm/noieee_src/n_atan2.c,v
retrieving revision 1.18
diff -u -p -r1.18 n_atan2.c
--- noieee_src/n_atan2.c15 Jul 2013 04:08:26 -  1.18
+++ noieee_src/n_atan2.c10 Sep 2016 20:30:34 -
@@ -151,7 +151,7 @@ atan2(double y, double x)
signx = copysign(one,x) ;
 
 /* if x is 1.0, goto begin */
-   if(x==1) { y=copysign(y,one); t=y; if(finite(t)) goto begin;}
+   if(x==1) { y=copysign(y,one); t=y; if(isfinite(t)) goto begin;}
 
 /* when y = 0 */
if(y==zero) return((signx==one)?y:copysign(PI,signy));
@@ -160,14 +160,14 @@ atan2(double y, double x)
if(x==zero) return(copysign(PIo2,signy));
 
 /* when x is INF */
-   if(!finite(x))
-   if(!finite(y))
+   if(!isfinite(x))
+   if(!isfinite(y))
return(copysign((signx==one)?PIo4:3*PIo4,signy));
else
return(copysign((signx==one)?zero:PI,signy));
 
 /* when y is INF */
-   if(!finite(y)) return(copysign(PIo2,signy));
+   if(!isfinite(y)) return(copysign(PIo2,signy));
 
 /* compute y/x */
x=copysign(x,one);
Index: noieee_src/n_erf.c
===
RCS file: /cvs/src/lib/libm/noieee_src/n_erf.c,v
retrieving revision 1.7
diff -u -p -r1.7 n_erf.c
--- noieee_src/n_erf.c  27 Oct 2009 23:59:29 -  1.7
+++ noieee_src/n_erf.c  10 Sep 2016 20:30:34 -
@@ -255,7 +255,7 @@ double
 erf(double x)
 {
double R, S, P, Q, ax, s, y, z, r;
-   if(!finite(x)) {/* erf(nan)=nan */
+   if(!isfinite(x)) {  /* erf(nan)=nan */
if (isnan(x))
return(x);
return (x > 0 ? one : -one); /* erf(+/-inf)= +/-1 */
@@ -313,7 +313,7 @@ double
 erfc(double x)
 {
double R, S, P, Q, s, ax, y, z, r;
-   if (!finite(x)) {
+   if (!isfinite(x)) {
if (isnan(x))   /* erfc(NaN) = NaN */
return(x);
else if (x > 0) /* erfc(+-inf)=0,2 */
Index: noieee_src/n_exp.c
===
RCS file: /cvs/src/lib/libm/noieee_src/n_exp.c,v
retrieving revision 1.10
diff -u -p -r1.10 n_exp.c
--- noieee_src/n_exp.c  27 Oct 2009 23:59:29 -  1.10
+++ noieee_src/n_exp.c  10 Sep 2016 20:30:35 -
@@ -37,7 +37,7 @@
  * Required system supported functions:
  * scalbn(x,n)
  * copysign(x,y)
- * finite(x)
+ * isfinite(x)
  *
  * Method:
  * 1. Argument Reduction: given the input x, find r and integer k such
@@ -115,7 +115,7 @@ exp(double x)
 
else
 /* exp(-big#) underflows to zero */
-if(finite(x))  return(scalbn(1.0,-5000));
+if(isfinite(x))  return(scalbn(1.0,-5000));
 
 /* exp(-INF) is zero */
 else return(0.0);
@@ -124,7 +124,7 @@ exp(double x)
 
else
/* exp(INF) is INF, exp(+big#) overflows to INF */
-   return( finite(x) ?  scalbn(1.0,5000)  : x);
+   return( isfinite(x) ?  scalbn(1.0,5000)  : x);
 }
 
 /* returns exp(r = x + c) for |c| < |x| with no overlap.  */
@@ -160,7 +160,7 @@ __exp__D(double x, double c)
 
else
 /* exp(-big#) underflows to zero */
-if(finite(x))  return(scalbn(1.0,-5000));
+if(isfinite(x))  return(scalbn(1.0,-5000));
 
 /* exp(-INF) is zero */
 else return(0.0);
@@ -169,5 +169,5 @@ __exp__D(double x, double c)
 
else
/* exp(INF) is INF, exp(+big#) overflows to INF */
-   return( finite(x) ?  scalbn(1.0,5000)  : x);
+   return( isfinite(x) ?  scalbn(1.0,5000)  : x);
 }
Index: noieee_src/n_expm1.c
===
RCS file: /cvs/src/lib/libm/noieee_src/n_expm1.c,v
retrieving revision 1.12
diff -u -p -r1.12 n_expm1.c
--- noieee_src/n_expm1.c27 Oct 2009 23:59:29 -  1.12
+++ noieee_src/n_expm1.c10 Sep 2016 20:30:35 -
@@ -38,7 +38,7 @@
  * Required system supported functions:
  * scalbn(x,n)
  * copysign(x,y)
- * finite(x)
+ * isfinite(x)
  *
  * Kernel function:
  * exp__E(x,c)
@@ -135,7 +135,7 @@ expm1(double x)
 
else
 /* expm1(-big#) rounded to -1 (inexact) */
-if(finite(x))
+if(isfinite(x))
return(tiny-one);
 
 /* 

more clang libc fun

[Mark Kettenis]

Seems the clang assembler ignores a .weak directive before the symbol
is defined.

ok?


Index: lib/libc/arch/amd64/sys/brk.S
===
RCS file: /cvs/src/lib/libc/arch/amd64/sys/brk.S,v
retrieving revision 1.8
diff -u -p -r1.8 brk.S
--- lib/libc/arch/amd64/sys/brk.S   7 May 2016 19:05:21 -   1.8
+++ lib/libc/arch/amd64/sys/brk.S   10 Sep 2016 20:20:25 -
@@ -49,7 +49,6 @@ __minbrk:
.type   __minbrk,@object
.text
 
-   .weak   brk
 ENTRY(brk)
cmpq%rdi,__minbrk(%rip)
jb  1f
@@ -64,3 +63,4 @@ ENTRY(brk)
SET_ERRNO
ret
 END(brk)
+   .weak   brk
Index: lib/libc/arch/amd64/sys/sbrk.S
===
RCS file: /cvs/src/lib/libc/arch/amd64/sys/sbrk.S,v
retrieving revision 1.8
diff -u -p -r1.8 sbrk.S
--- lib/libc/arch/amd64/sys/sbrk.S  7 May 2016 19:05:21 -   1.8
+++ lib/libc/arch/amd64/sys/sbrk.S  10 Sep 2016 20:20:25 -
@@ -53,7 +53,6 @@ __curbrk: .quad   _end
.type   __curbrk,@object
.text
 
-   .weak   sbrk
 ENTRY(sbrk)
movq__curbrk(%rip),%rax
movslq  %edi,%rsi
@@ -68,3 +67,4 @@ ENTRY(sbrk)
SET_ERRNO
ret
 END(sbrk)
+   .weak   sbrk

Re: share/: install ownership fixes

[Martin Natano]

Another diff I typoed, also found by rpe@. Ok?

Index: share/misc/pcvtfonts/Makefile
===
RCS file: /cvs/src/share/misc/pcvtfonts/Makefile,v
retrieving revision 1.6
diff -u -p -r1.6 Makefile
--- share/misc/pcvtfonts/Makefile   13 May 2002 15:27:58 -  1.6
+++ share/misc/pcvtfonts/Makefile   8 Sep 2016 20:54:08 -
@@ -16,12 +16,9 @@ FONTDIR =${BINDIR}/misc/pcvtfonts
 all: $(FONTS)
 
 install: ${FONTS}
-   @if [ ! -d ${DESTDIR}${FONTDIR} ]; then mkdir ${DESTDIR}${FONTDIR};fi
-   @for i in ${FONTS}; do \
-   echo "installing font $$i into ${DESTDIR}${FONTDIR}"; \
-   install -c -m ${LIBMODE} -o ${LIBOWN} -g ${LIBGRP} \
-   $$i ${DESTDIR}${FONTDIR}; \
-   done
+   ${INSTALL} -d -o root -g wheel ${DESTDIR}${FONTDIR}
+   ${INSTALL} ${INSTALL_COPY} -m ${LIBMODE} -o ${LIBOWN} -g ${LIBGRP} \
+   ${FONTS} ${DESTDIR}${FONTDIR}
 
 clean:
rm -f ${CLEANFILES}
Index: share/snmp/Makefile
===
RCS file: /cvs/src/share/snmp/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- share/snmp/Makefile 29 Jan 2016 03:06:00 -  1.4
+++ share/snmp/Makefile 8 Sep 2016 21:02:02 -
@@ -8,6 +8,7 @@ FILES+= OPENBSD-RELAYD-MIB.txt
 all clean cleandir depend lint obj tags: _SUBDIRUSE
 
 realinstall:
-   ${INSTALL} -c -m 0444 ${FILES} ${DESTDIR}${BINDIR}/snmp/mibs
+   ${INSTALL} ${INSTALL_COPY} -o root -g wheel -m 0444 \
+   ${FILES} ${DESTDIR}${BINDIR}/snmp/mibs
 
 .include 
Index: share/termtypes/Makefile
===
RCS file: /cvs/src/share/termtypes/Makefile,v
retrieving revision 1.24
diff -u -p -r1.24 Makefile
--- share/termtypes/Makefile3 Dec 2015 11:30:46 -   1.24
+++ share/termtypes/Makefile10 Sep 2016 20:11:58 -
@@ -14,12 +14,14 @@ termcap: termtypes.master
@[ -s ${.TARGET} ] || exit 1
 
 realinstall:
+   ${INSTALL} -d -o root -g wheel ${DESTDIR}${BINDIR}/terminfo
find terminfo -type f -exec \
 ${INSTALL} -D ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
 {} ${DESTDIR}${BINDIR}/{} \;
${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 termcap \
 ${DESTDIR}${BINDIR}/misc/termcap
ln -fs ${BINDIR}/misc/termcap ${DESTDIR}/etc/termcap
+   chown -h root:wheel ${DESTDIR}/etc/termcap
 
 clean:
rm -f termcap

Re: sparc64: convert trap.c function defs from K to standard-style

[Mark Kettenis]

> Date: Sat, 10 Sep 2016 11:59:29 -0700
> From: Philip Guenther 
> 
> The functions here all have full prototypes in scope, so gcc is already 
> treating them as if they were standard-style definitions.  While here, 
> s/__inline/inline/ as it's been 17 years since C99.
> 
> ok?

ok kettenis@

> A warning for those doing these sorts of K -> standard conversions: 
> beware of argument order mismatches in the K bits!  The order in the 
> parenthesised list is what matters and must be preserved, not the order of 
> the K declarations.  Here in trap.c the main trap example was this:
> 
> void
> data_access_error(tf, type, afva, afsr, sfva, sfsr)
> struct trapframe64 *tf;
> unsigned type;
> vaddr_t sfva;
> u_long sfsr;
> vaddr_t afva;
> u_long afsr;
> 
> The last four declaration must be shuffled when converting:
> 
> void
> data_access_error(struct trapframe64 *tf, unsigned type, vaddr_t afva,
> u_long afsr, vaddr_t sfva, u_long sfsr)
> 
> 
> Philip Guenther
> 
> Index: trap.c
> ===
> RCS file: /cvs/src/sys/arch/sparc64/sparc64/trap.c,v
> retrieving revision 1.90
> diff -u -p -r1.90 trap.c
> --- trap.c10 Sep 2016 18:31:15 -  1.90
> +++ trap.c10 Sep 2016 18:54:08 -
> @@ -309,7 +309,7 @@ const char *trap_type[] = {
>  
>  #define  N_TRAP_TYPES(sizeof trap_type / sizeof *trap_type)
>  
> -static __inline void share_fpu(struct proc *, struct trapframe64 *);
> +static inline void share_fpu(struct proc *, struct trapframe64 *);
>  
>  void trap(struct trapframe64 *tf, unsigned type, vaddr_t pc, long tstate);
>  void data_access_fault(struct trapframe64 *tf, unsigned type, vaddr_t pc, 
> @@ -330,9 +330,8 @@ void syscall(struct trapframe64 *, regis
>   *
>   * Oh, and don't touch the FPU bit if we're returning to the kernel.
>   */
> -static __inline void share_fpu(p, tf)
> - struct proc *p;
> - struct trapframe64 *tf;
> +static inline void
> +share_fpu(struct proc *p, struct trapframe64 *tf)
>  {
>   if (!(tf->tf_tstate & TSTATE_PRIV) &&
>   (tf->tf_tstate & TSTATE_PEF) && fpproc != p)
> @@ -344,11 +343,7 @@ static __inline void share_fpu(p, tf)
>   * (MMU-related traps go through mem_access_fault, below.)
>   */
>  void
> -trap(tf, type, pc, tstate)
> - struct trapframe64 *tf;
> - unsigned type;
> - vaddr_t pc;
> - long tstate;
> +trap(struct trapframe64 *tf, unsigned type, vaddr_t pc, long tstate)
>  {
>   struct proc *p;
>   struct pcb *pcb;
> @@ -746,8 +741,7 @@ rwindow_save(struct proc *p)
>   * the registers into the new process after the exec.
>   */
>  void
> -pmap_unuse_final(p)
> - struct proc *p;
> +pmap_unuse_final(struct proc *p)
>  {
>  
>   write_user_windows();
> @@ -759,13 +753,8 @@ pmap_unuse_final(p)
>   * of them could be recoverable through uvm_fault.
>   */
>  void
> -data_access_fault(tf, type, pc, addr, sfva, sfsr)
> - struct trapframe64 *tf;
> - unsigned type;
> - vaddr_t pc;
> - vaddr_t addr;
> - vaddr_t sfva;
> - u_long sfsr;
> +data_access_fault(struct trapframe64 *tf, unsigned type, vaddr_t pc,
> +vaddr_t addr, vaddr_t sfva, u_long sfsr)
>  {
>   u_int64_t tstate;
>   struct proc *p;
> @@ -907,13 +896,8 @@ kfault:
>   * special PEEK/POKE code sequence.
>   */
>  void
> -data_access_error(tf, type, afva, afsr, sfva, sfsr)
> - struct trapframe64 *tf;
> - unsigned type;
> - vaddr_t sfva;
> - u_long sfsr;
> - vaddr_t afva;
> - u_long afsr;
> +data_access_error(struct trapframe64 *tf, unsigned type, vaddr_t afva,
> +u_long afsr, vaddr_t sfva, u_long sfsr)
>  {
>   u_long pc;
>   u_int64_t tstate;
> @@ -989,11 +973,8 @@ out:
>   * of them could be recoverable through uvm_fault.
>   */
>  void
> -text_access_fault(tf, type, pc, sfsr)
> - unsigned type;
> - vaddr_t pc;
> - struct trapframe64 *tf;
> - u_long sfsr;
> +text_access_fault(struct trapframe64 *tf, unsigned type, vaddr_t pc,
> +u_long sfsr)
>  {
>   u_int64_t tstate;
>   struct proc *p;
> @@ -1076,13 +1057,8 @@ text_access_fault(tf, type, pc, sfsr)
>   * special PEEK/POKE code sequence.
>   */
>  void
> -text_access_error(tf, type, pc, sfsr, afva, afsr)
> - struct trapframe64 *tf;
> - unsigned type;
> - vaddr_t pc;
> - u_long sfsr;
> - vaddr_t afva;
> - u_long afsr;
> +text_access_error(struct trapframe64 *tf, unsigned type, vaddr_t pc,
> +u_long sfsr, vaddr_t afva, u_long afsr)
>  {
>   int64_t tstate;
>   struct proc *p;
> @@ -1188,10 +1164,7 @@ out:
>   * thing that made the system call, and are named that way here.
>   */
>  void
> -syscall(tf, code, pc)
> - register_t code;
> - struct trapframe64 *tf;
> - register_t pc;
> +syscall(struct trapframe64 *tf, register_t code, register_t pc)
>  {
>   int i, nsys, nap;
>   int64_t *ap;
> 
> 

sparc64: convert trap.c function defs from K to standard-style

[Philip Guenther]

The functions here all have full prototypes in scope, so gcc is already 
treating them as if they were standard-style definitions.  While here, 
s/__inline/inline/ as it's been 17 years since C99.

ok?


A warning for those doing these sorts of K -> standard conversions: 
beware of argument order mismatches in the K bits!  The order in the 
parenthesised list is what matters and must be preserved, not the order of 
the K declarations.  Here in trap.c the main trap example was this:

void
data_access_error(tf, type, afva, afsr, sfva, sfsr)
struct trapframe64 *tf;
unsigned type;
vaddr_t sfva;
u_long sfsr;
vaddr_t afva;
u_long afsr;

The last four declaration must be shuffled when converting:

void
data_access_error(struct trapframe64 *tf, unsigned type, vaddr_t afva,
u_long afsr, vaddr_t sfva, u_long sfsr)


Philip Guenther

Index: trap.c
===
RCS file: /cvs/src/sys/arch/sparc64/sparc64/trap.c,v
retrieving revision 1.90
diff -u -p -r1.90 trap.c
--- trap.c  10 Sep 2016 18:31:15 -  1.90
+++ trap.c  10 Sep 2016 18:54:08 -
@@ -309,7 +309,7 @@ const char *trap_type[] = {
 
 #defineN_TRAP_TYPES(sizeof trap_type / sizeof *trap_type)
 
-static __inline void share_fpu(struct proc *, struct trapframe64 *);
+static inline void share_fpu(struct proc *, struct trapframe64 *);
 
 void trap(struct trapframe64 *tf, unsigned type, vaddr_t pc, long tstate);
 void data_access_fault(struct trapframe64 *tf, unsigned type, vaddr_t pc, 
@@ -330,9 +330,8 @@ void syscall(struct trapframe64 *, regis
  *
  * Oh, and don't touch the FPU bit if we're returning to the kernel.
  */
-static __inline void share_fpu(p, tf)
-   struct proc *p;
-   struct trapframe64 *tf;
+static inline void
+share_fpu(struct proc *p, struct trapframe64 *tf)
 {
if (!(tf->tf_tstate & TSTATE_PRIV) &&
(tf->tf_tstate & TSTATE_PEF) && fpproc != p)
@@ -344,11 +343,7 @@ static __inline void share_fpu(p, tf)
  * (MMU-related traps go through mem_access_fault, below.)
  */
 void
-trap(tf, type, pc, tstate)
-   struct trapframe64 *tf;
-   unsigned type;
-   vaddr_t pc;
-   long tstate;
+trap(struct trapframe64 *tf, unsigned type, vaddr_t pc, long tstate)
 {
struct proc *p;
struct pcb *pcb;
@@ -746,8 +741,7 @@ rwindow_save(struct proc *p)
  * the registers into the new process after the exec.
  */
 void
-pmap_unuse_final(p)
-   struct proc *p;
+pmap_unuse_final(struct proc *p)
 {
 
write_user_windows();
@@ -759,13 +753,8 @@ pmap_unuse_final(p)
  * of them could be recoverable through uvm_fault.
  */
 void
-data_access_fault(tf, type, pc, addr, sfva, sfsr)
-   struct trapframe64 *tf;
-   unsigned type;
-   vaddr_t pc;
-   vaddr_t addr;
-   vaddr_t sfva;
-   u_long sfsr;
+data_access_fault(struct trapframe64 *tf, unsigned type, vaddr_t pc,
+vaddr_t addr, vaddr_t sfva, u_long sfsr)
 {
u_int64_t tstate;
struct proc *p;
@@ -907,13 +896,8 @@ kfault:
  * special PEEK/POKE code sequence.
  */
 void
-data_access_error(tf, type, afva, afsr, sfva, sfsr)
-   struct trapframe64 *tf;
-   unsigned type;
-   vaddr_t sfva;
-   u_long sfsr;
-   vaddr_t afva;
-   u_long afsr;
+data_access_error(struct trapframe64 *tf, unsigned type, vaddr_t afva,
+u_long afsr, vaddr_t sfva, u_long sfsr)
 {
u_long pc;
u_int64_t tstate;
@@ -989,11 +973,8 @@ out:
  * of them could be recoverable through uvm_fault.
  */
 void
-text_access_fault(tf, type, pc, sfsr)
-   unsigned type;
-   vaddr_t pc;
-   struct trapframe64 *tf;
-   u_long sfsr;
+text_access_fault(struct trapframe64 *tf, unsigned type, vaddr_t pc,
+u_long sfsr)
 {
u_int64_t tstate;
struct proc *p;
@@ -1076,13 +1057,8 @@ text_access_fault(tf, type, pc, sfsr)
  * special PEEK/POKE code sequence.
  */
 void
-text_access_error(tf, type, pc, sfsr, afva, afsr)
-   struct trapframe64 *tf;
-   unsigned type;
-   vaddr_t pc;
-   u_long sfsr;
-   vaddr_t afva;
-   u_long afsr;
+text_access_error(struct trapframe64 *tf, unsigned type, vaddr_t pc,
+u_long sfsr, vaddr_t afva, u_long afsr)
 {
int64_t tstate;
struct proc *p;
@@ -1188,10 +1164,7 @@ out:
  * thing that made the system call, and are named that way here.
  */
 void
-syscall(tf, code, pc)
-   register_t code;
-   struct trapframe64 *tf;
-   register_t pc;
+syscall(struct trapframe64 *tf, register_t code, register_t pc)
 {
int i, nsys, nap;
int64_t *ap;

etc ownership fixes

[Martin Natano]

Diff below sets the owner for the /etc/localtime, /etc/rmt, /var/tmp
and /sys symlinks and for the /var/sysmerge/etc.tgz tarball.

This is the last of the noperm related pending M's in my tree.

Ok?

natano


Index: etc/Makefile
===
RCS file: /cvs/src/etc/Makefile,v
retrieving revision 1.430
diff -u -p -r1.430 Makefile
--- etc/Makefile3 Sep 2016 13:37:40 -   1.430
+++ etc/Makefile10 Sep 2016 18:30:28 -
@@ -154,7 +154,9 @@ distribution-etc-root-var: distrib-dirs
${INSTALL} -c -o root -g wheel -m 644 *.pub \
${DESTDIR}/etc/signify
ln -fs ${TZDIR}/${LOCALTIME} ${DESTDIR}/etc/localtime
+   chown -h root:wheel ${DESTDIR}/etc/localtime
ln -fs /usr/sbin/rmt ${DESTDIR}/etc/rmt
+   chown -h root:wheel ${DESTDIR}/etc/rmt
${INSTALL} -c -o root -g wheel -m 644 minfree \
${DESTDIR}/var/crash
${INSTALL} -c -o ${BINOWN} -g operator -m 664 /dev/null \
@@ -206,6 +208,7 @@ distribution-etc-root-var: distrib-dirs
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 ${RCDAEMONS} \
${DESTDIR}/etc/rc.d
cd ${DESTDIR}/var; ln -fs ../tmp
+   chmod -h root:wheel ${DESTDIR}/var/tmp
touch ${DESTDIR}/var/sysmerge/etcsum
cd ${DESTDIR}/ && \
sort ${.CURDIR}/../distrib/sets/lists/etc/{mi,md.${MACHINE}} | \
@@ -213,6 +216,7 @@ distribution-etc-root-var: distrib-dirs
cd ${DESTDIR}/ && \
sort ${.CURDIR}/../distrib/sets/lists/etc/{mi,md.${MACHINE}} | \
pax -w -d | gzip -9 > ${DESTDIR}/var/sysmerge/etc.tgz
+   chown root:wheel ${DESTDIR}/var/sysmerge/etc.tgz
 
 distribution:
exec ${SUDO} ${MAKE} distribution-etc-root-var
@@ -227,6 +231,7 @@ distrib-dirs:
${INSTALL} -d -o root -g wsrc -m 775 ${DESTDIR}/usr/src; \
fi
cd ${DESTDIR}/; ln -fhs usr/src/sys sys
+   chmod -h root:wheel ${DESTDIR}/sys
 
 .ifndef RELEASEDIR
 release:

Re: sparc64: delete 32bit process support from syscall()

[Mark Kettenis]

> Date: Sat, 10 Sep 2016 11:14:53 -0700
> From: Philip Guenther 
> 
> On Sat, 10 Sep 2016, Mark Kettenis wrote:
> > ok kettenis@, but it is probably time to rewrite the comment above
> > thie function as well.
> 
> Like this?

Yeah, nothing worth keeping in the bits you removed.

> Index: trap.c
> ===
> RCS file: /cvs/src/sys/arch/sparc64/sparc64/trap.c,v
> retrieving revision 1.89
> diff -u -p -r1.89 trap.c
> --- trap.c10 Sep 2016 18:02:15 -  1.89
> +++ trap.c10 Sep 2016 18:06:52 -
> @@ -1186,27 +1186,6 @@ out:
>   * `in' registers within the syscall trap code (because of the automatic
>   * `save' effect of each trap).  They are, however, the %o registers of the
>   * thing that made the system call, and are named that way here.
> - *
> - * 32-bit system calls on a 64-bit system are a problem.  Each system call
> - * argument is stored in the smaller of the argument's true size or a
> - * `register_t'.  Now on a 64-bit machine all normal types can be stored in a
> - * `register_t'.  (The only exceptions would be 128-bit `quad's or 128-bit
> - * extended precision floating point values, which we don't support.)  For
> - * 32-bit syscalls, 64-bit integers like `off_t's, double precision floating
> - * point values, and several other types cannot fit in a 32-bit `register_t'.
> - * These will require reading in two `register_t' values for one argument.
> - *
> - * In order to calculate the true size of the arguments and therefore whether
> - * any argument needs to be split into two slots, the system call args
> - * structure needs to be built with the appropriately sized register_t.
> - * Otherwise the emul needs to do some magic to split oversized arguments.
> - *
> - * We can handle most this stuff for normal syscalls by using either a 32-bit
> - * or 64-bit array of `register_t' arguments.  Unfortunately ktrace always
> - * expects arguments to be `register_t's, so it loses badly.  What's worse,
> - * ktrace may need to do size translations to massage the argument array
> - * appropriately according to the emulation that is doing the ktrace.
> - *  
>   */
>  void
>  syscall(tf, code, pc)
> @@ -1248,10 +1227,10 @@ syscall(tf, code, pc)
>* of the user's stack frame (see ).
>*
>* Check for ``special'' codes that alter this, namely syscall and
> -  * __syscall.  The latter takes a quad syscall number, so that other
> -  * arguments are at their natural alignments.  Adjust the number
> -  * of ``easy'' arguments as appropriate; we will copy the hard
> -  * ones later as needed.
> +  * __syscall.  These both pass a syscall number in the first argument
> +  * register, so the other arguments are just shifted down, possibly
> +  * pushing one off the end into the extension area.  This happens
> +  * with mmap() and mquery() used via __syscall().
>*/
>   ap = >tf_out[0];
>   nap = 6;
> 

Re: sparc64: delete 32bit process support from syscall()

[Philip Guenther]

On Sat, 10 Sep 2016, Mark Kettenis wrote:
> ok kettenis@, but it is probably time to rewrite the comment above
> thie function as well.

Like this?

Index: trap.c
===
RCS file: /cvs/src/sys/arch/sparc64/sparc64/trap.c,v
retrieving revision 1.89
diff -u -p -r1.89 trap.c
--- trap.c  10 Sep 2016 18:02:15 -  1.89
+++ trap.c  10 Sep 2016 18:06:52 -
@@ -1186,27 +1186,6 @@ out:
  * `in' registers within the syscall trap code (because of the automatic
  * `save' effect of each trap).  They are, however, the %o registers of the
  * thing that made the system call, and are named that way here.
- *
- * 32-bit system calls on a 64-bit system are a problem.  Each system call
- * argument is stored in the smaller of the argument's true size or a
- * `register_t'.  Now on a 64-bit machine all normal types can be stored in a
- * `register_t'.  (The only exceptions would be 128-bit `quad's or 128-bit
- * extended precision floating point values, which we don't support.)  For
- * 32-bit syscalls, 64-bit integers like `off_t's, double precision floating
- * point values, and several other types cannot fit in a 32-bit `register_t'.
- * These will require reading in two `register_t' values for one argument.
- *
- * In order to calculate the true size of the arguments and therefore whether
- * any argument needs to be split into two slots, the system call args
- * structure needs to be built with the appropriately sized register_t.
- * Otherwise the emul needs to do some magic to split oversized arguments.
- *
- * We can handle most this stuff for normal syscalls by using either a 32-bit
- * or 64-bit array of `register_t' arguments.  Unfortunately ktrace always
- * expects arguments to be `register_t's, so it loses badly.  What's worse,
- * ktrace may need to do size translations to massage the argument array
- * appropriately according to the emulation that is doing the ktrace.
- *  
  */
 void
 syscall(tf, code, pc)
@@ -1248,10 +1227,10 @@ syscall(tf, code, pc)
 * of the user's stack frame (see ).
 *
 * Check for ``special'' codes that alter this, namely syscall and
-* __syscall.  The latter takes a quad syscall number, so that other
-* arguments are at their natural alignments.  Adjust the number
-* of ``easy'' arguments as appropriate; we will copy the hard
-* ones later as needed.
+* __syscall.  These both pass a syscall number in the first argument
+* register, so the other arguments are just shifted down, possibly
+* pushing one off the end into the extension area.  This happens
+* with mmap() and mquery() used via __syscall().
 */
ap = >tf_out[0];
nap = 6;

/usr/sbin/sysctl owner

[Martin Natano]

Yet another symlink that belongs to root. Ok?

natano


Index: sbin/sysctl/Makefile
===
RCS file: /cvs/src/sbin/sysctl/Makefile,v
retrieving revision 1.11
diff -u -p -r1.11 Makefile
--- sbin/sysctl/Makefile4 May 2016 19:48:08 -   1.11
+++ sbin/sysctl/Makefile10 Sep 2016 18:05:09 -
@@ -7,5 +7,6 @@ CPPFLAGS+=  -D_LIBKVM
 
 afterinstall:
ln -sf ../../sbin/sysctl ${DESTDIR}/usr/sbin
+   chown -h root:wheel ${DESTDIR}/usr/sbin/sysctl
 
 .include 

mailwrapper symlinks owner

[Martin Natano]

Another set of symlinks, same drill: the owner should be root. Ok?

natano


Index: usr.sbin/mailwrapper/Makefile
===
RCS file: /cvs/src/usr.sbin/mailwrapper/Makefile,v
retrieving revision 1.5
diff -u -p -r1.5 Makefile
--- usr.sbin/mailwrapper/Makefile   16 Mar 2009 22:34:13 -  1.5
+++ usr.sbin/mailwrapper/Makefile   10 Sep 2016 17:53:45 -
@@ -13,5 +13,9 @@ afterinstall:
ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/sbin/makemap
ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/hoststat
ln -fs /usr/sbin/mailwrapper ${DESTDIR}/usr/bin/purgestat
+   chown -h root:wheel ${DESTDIR}/usr/sbin/sendmail \
+   ${DESTDIR}/usr/bin/newaliases ${DESTDIR}/usr/bin/mailq \
+   ${DESTDIR}/usr/sbin/makemap ${DESTDIR}/usr/bin/hoststat \
+   ${DESTDIR}/usr/bin/purgestat
 
 .include 

mg docs ownership

[Martin Natano]

We should be explicit about owner/group when using install, so this also
works correctly with noperm. Ok?

natano


Index: usr.bin/mg/Makefile
===
RCS file: /cvs/src/usr.bin/mg/Makefile,v
retrieving revision 1.31
diff -u -p -r1.31 Makefile
--- usr.bin/mg/Makefile 29 Sep 2015 03:50:58 -  1.31
+++ usr.bin/mg/Makefile 10 Sep 2016 17:45:11 -
@@ -24,8 +24,8 @@ SRCS= autoexec.c basic.c bell.c buffer.c
 SRCS+= cmode.c cscope.c dired.c grep.c tags.c theo.c
 
 afterinstall:
-   ${INSTALL} -d ${DESTDIR}${DOCDIR}/mg
-   ${INSTALL} -m ${DOCMODE} -c ${.CURDIR}/tutorial \
-   ${DESTDIR}${DOCDIR}/mg
+   ${INSTALL} -d -o root -g wheel ${DESTDIR}${DOCDIR}/mg
+   ${INSTALL} ${INSTALL_COPY} -o root -g wheel -m ${DOCMODE} \
+   ${.CURDIR}/tutorial ${DESTDIR}${DOCDIR}/mg
 
 .include 

create /usr/share/calendar/$lang with root owner

[Martin Natano]

Currently the /usr/share/calendar/$lang directories are created with the
build user as owner, but should be owned by root. Ok?

natano


Index: usr.bin/calendar/Makefile
===
RCS file: /cvs/src/usr.bin/calendar/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- usr.bin/calendar/Makefile   23 Oct 2015 10:33:52 -  1.10
+++ usr.bin/calendar/Makefile   10 Sep 2016 17:37:28 -
@@ -8,11 +8,10 @@ beforeinstall:
${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
${.CURDIR}/calendars/calendar.* ${DESTDIR}/usr/share/calendar
 .for lang in ${INTER}
-   @test -d ${DESTDIR}/usr/share/calendar/${lang} || \
-   mkdir ${DESTDIR}/usr/share/calendar/${lang}
+   ${INSTALL} -d -o root -g wheel ${DESTDIR}/usr/share/calendar/${lang}
${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 \
${.CURDIR}/calendars/${lang}/calendar.* \
-   ${DESTDIR}/usr/share/calendar/${lang}; 
+   ${DESTDIR}/usr/share/calendar/${lang}
 .endfor
 
 .include 

TXIC TX382B UART controller support

[John Kelly]

I'm not an OpenBSD user, I'm not asking for help. I'm posting here
because OpenBSD was the only mention of this device I found when
searching the net. My device also identifies as 0x4651 0x3273, though
marked as PCI 60806 instead of TX382B. I never found a data sheet for
it, but after some trial and error reverse engineering, I discovered
its quirks.


a) As reported in the subject thread, MCR loopback is non functional.
But the UART has a standard 16 byte FIFO, thus probing its depth is
not necessary.


b) In a normal UART, you see THRE interrupt after clearing higher
priority interrupts (LINE and RECV). As the PC16550D data sheet says,
THRE is reset by:

"Reading the IIR Register (if source of interrupt) or Writing into the
Transmitter Holding Register"

The point of note is that reading the IIR will not clear THRE from the
IIR unless it's the source of interrupt. Reading the IIR when LINE and
RECV interrupts are active will leave the THRE indication intact, and
you will see it as expected, after LINE and RECV interrupts are
cleared.

However, the 60806 / TX382B does not work that way. Any read of the
IIR clears the THRE indication. So if you get a LINE or RECV
indication when reading IIR, if THRE was there, it's now lost. You
only see a THRE indication if it was the highest priority interrupt
pending when reading the IIR. Losing THRE interrupts is a problem if
your code assumes a standard UART and relies on THRE interrupts to
keep transmission going.

Once I understood that quirk, I was able to work around it.


c) Unlike a normal UART, you cannot clear LSR error bits or LINE
status interrupt by reading the LSR. This will cause havoc when you
get a frame or break error, because you can't clear the interrupt, and
that means trouble. I was able to crash linux by inducing a break /
frame error when powering off my device attached to a null modem
cable.

This had me stumped at first, I thought it made the UART worthless.
But after more testing, I discovered the LSR error bits and LINE
status interrupt *auto* clear themselves, upon reception of the next
good data byte. Until that happens, the error bits and LINE status
interrupt are stuck on.

Understanding that quirk, you can work around it too.

Re: sparc64: clean up db_trace.c

[Mark Kettenis]

> Date: Fri, 9 Sep 2016 20:44:00 -0700
> From: Philip Guenther 
> 
> On Fri, 9 Sep 2016, Philip Guenther wrote:
> > Noticed while looking at Jasper's diff.
> >  - convert declarations from k to standard C
> >  - delete support for 32bit frame backtracing.  I doubt this code has ever 
> >been executed on OpenBSD.  If a 32bit frame is encountered ((sp&1)==0)
> >then print a warning and stop processing the frames
> >  - delete a pile of casts that are unnecessary
> >  - minor whitespace tweaks
> > 
> > build tested
> 
> Testing "tr", "mach stack", "mach window", and "mach tf" showed one 
> reversed test.  Updated diff below.
> 
> ok?

ok kettenis@

> Index: db_trace.c
> ===
> RCS file: /data/src/openbsd/src/sys/arch/sparc64/sparc64/db_trace.c,v
> retrieving revision 1.10
> diff -u -p -r1.10 db_trace.c
> --- db_trace.c9 Feb 2015 09:21:30 -   1.10
> +++ db_trace.c10 Sep 2016 03:36:20 -
> @@ -56,12 +56,8 @@ void db_print_window(u_int64_t);
>  #define ULOAD(x) probeget((paddr_t)(u_long)&(x), ASI_AIUS, sizeof(x))
>  
>  void
> -db_stack_trace_print(addr, have_addr, count, modif, pr)
> - db_expr_t   addr;
> - int have_addr;
> - db_expr_t   count;
> - char*modif;
> - int (*pr)(const char *, ...);
> +db_stack_trace_print(db_expr_t addr, int have_addr, db_expr_t count,
> +char *modif, int (*pr)(const char *, ...))
>  {
>   vaddr_t frame;
>   boolean_t   kernel_only = TRUE;
> @@ -95,28 +91,26 @@ db_stack_trace_print(addr, have_addr, co
>   }
>   }
>  
> + if ((frame & 1) == 0) {
> + db_printf("WARNING: corrupt frame at %lx\n", frame);
> + return;
> + }
> +
>   while (count--) {
>   int i;
>   db_expr_t   offset;
>   char*name;
>   db_addr_t   pc;
>   struct frame64  *f64;
> - struct frame32  *f32;
>  
>   /*
>* Switch to frame that contains arguments
>*/
> - if (frame & 1) {
> - f64 = (struct frame64 *)(frame + BIAS);
> - pc = (db_addr_t)KLOAD(f64->fr_pc);
> - 
> - frame = KLOAD(f64->fr_fp);
> - } else {
> - f32 = (struct frame32 *)(frame);
> - pc = (db_addr_t)KLOAD(f32->fr_pc);
> - 
> - frame = (long)KLOAD(f32->fr_fp);
> - }
> +
> + f64 = (struct frame64 *)(frame + BIAS);
> + pc = (db_addr_t)KLOAD(f64->fr_pc);
> + 
> + frame = KLOAD(f64->fr_fp);
>  
>   if (kernel_only) {
>   if (pc < KERNBASE || pc >= KERNEND)
> @@ -137,22 +131,20 @@ db_stack_trace_print(addr, have_addr, co
>   name = "?";
>   
>   (*pr)("%s(", name);
> +
> + if ((frame & 1) == 0) {
> + db_printf(")\nWARNING: corrupt frame at %lx\n", frame);
> + break;
> + }
>   
>   /*
>* Print %i0..%i5; hope these still reflect the
>* actual arguments somewhat...
>*/
> - if (frame & 1) {
> - f64 = (struct frame64 *)(frame + BIAS);
> - for (i = 0; i < 5; i++)
> - (*pr)("%lx, ", (long)KLOAD(f64->fr_arg[i]));
> - (*pr)("%lx) at ", (long)KLOAD(f64->fr_arg[i]));
> - } else {
> - f32 = (struct frame32 *)(frame);
> - for (i = 0; i < 5; i++)
> - (*pr)("%x, ", (u_int)KLOAD(f32->fr_arg[i]));
> - (*pr)("%x) at ", (u_int)KLOAD(f32->fr_arg[i]));
> - }
> + f64 = (struct frame64 *)(frame + BIAS);
> + for (i = 0; i < 5; i++)
> + (*pr)("%lx, ", (long)KLOAD(f64->fr_arg[i]));
> + (*pr)("%lx) at ", (long)KLOAD(f64->fr_arg[i]));
>   db_printsym(pc, DB_STGY_PROC, pr);
>   (*pr)("\n");
>   }
> @@ -160,11 +152,7 @@ db_stack_trace_print(addr, have_addr, co
>  
>  
>  void
> -db_dump_window(addr, have_addr, count, modif)
> - db_expr_t addr;
> - int have_addr;
> - db_expr_t count;
> - char *modif;
> +db_dump_window(db_expr_t addr, int have_addr, db_expr_t count, char *modif)
>  {
>   int i;
>   u_int64_t frame = DDB_TF->tf_out[6];
> @@ -174,10 +162,15 @@ db_dump_window(addr, have_addr, count, m
>   addr = 0;
>  
>   /* Traverse window stack */
> - for (i=0; i - if (frame & 1) 
> - frame = (u_int64_t)((struct frame64 *)(u_long)(frame + 
> BIAS))->fr_fp;
> - else frame = 

Re: reduce double caching in mfs

[Theo de Raadt]

> Isn't the solution to this problem a working dynamic buffer cache?  I'm
> not sure adding a hack for mfs, and the complexity that comes with it,
> is the way to go.  Did somebody analyzed what broke when the buffer
> cache was cranked to 90%?

My digging suggested that something on "write side" got slow.  Maybe
flipping a buffer from high back to low, has some super high cost,
or a missing splx.

Re: random malloc junk

[Theo de Raadt]

> On Thu, Sep 08, 2016 at 07:47:58PM -0400, Daniel Micay wrote:
> 
> > A nice security property of 0xdf filling is that a use-after-free of a
> > pointer is guaranteed to fault in a typical environment since it ends up
> > pointing outside userspace (I assume that's the case on OpenBSD). A heap
> > spray could potentially allow exploiting a random pointer. Perhaps it
> > would be better if only the byte range guaranteeing faults for pointers
> > was used? Less random, but strictly better than the current situation
> > rather than losing a nice guarantee.
> 
> AFAIK 0xdf...df it is not guaranteed, just often outside the address
> space.
> 
> I selected 0xdf a long time ago as an alternative to the 0xd0 (Duh)
> byte used for new chunks. Both as a mnemonic for "free" and because it
> is likely to cause segfaults. A pointer ending in 0xdf often will be
> unaligned. Of course that won't work on all archs or all pointers.
> 
> Random patterns are also likely to produce segfaults, using them as a
> pointer has a big chance of being unaligned or pointing to an unmapped
> page.

There is only one benefit from full-random.  That it creates a little
bit more register damage as the code goes fully astray.

On non-shared address spaces, no byte-repeat address we choose is
gauranteed to be outside the address space.  Some of our architectures
in that family do have full address spaces.  On any such systems if the
attacked can place something at that address before things go wrong,
then he probably has substantial control already.

A machine-dependent value could be chosen to land within the VA hole
that some 64-bit architectures have, but shrug, I don't see the point.

I think 0xdf is still the best of all worlds.

Re: Kernel panic pf.c during halting

[Lampshade]

My system don't started Tor daemon and dnscrypt-proxy
daemon and still I get this kernel panic.
I still use Unbound.
I still have pf rules for transparent
proxying. I only disabled Tor client.

I was thinking about simplify more before I answer, but
dhill () mindcry ! org posted similar bug to bug mailing list.
I will post further messages to his bug report.

I have complete list of processes (ps auxww) just before
I executed halt -p, because I have written script to do so
every time I turn off or reboot OpenBSD.

USER   PID %CPU %MEM   VSZ   RSS TT  STAT  STARTED   TIME COMMAND
root 1  0.0  0.0   444   560 ??  Is10:35AM0:01.00 /sbin/init
root 23793  0.0  1.1 409972 67552 ??  Ss10:35AM0:00.22 
/sbin/mount_mfs -o rw -s 819200 -o nosuid -o nodev swap /tmp
root 86233  0.0  0.0 20852   328 ??  Ss10:35AM0:00.01 
/sbin/mount_mfs -o rw -s 40960 -o nosuid -o nodev swap /var/log
root  5733  0.0  0.0   608   476 ??  Is10:35AM0:00.01 dhclient: 
bge0 [priv] (dhclient)
_dhcp91232  0.0  0.0   736   680 ??  Isp   10:35AM0:00.07 dhclient: 
bge0 (dhclient)
_syslogd 41780  0.0  0.0   956  1480 ??  Sp10:36AM0:00.03 
/usr/sbin/syslogd
root 18297  0.0  0.0   956  1292 ??  Isp   10:36AM0:00.00 syslogd: 
[priv] (syslogd)
root 38573  0.0  0.0   604   612 ??  Is10:36AM0:00.02 pflogd: 
[priv] (pflogd)
_pflogd  35694  0.0  0.0   668   436 ??  Sp10:36AM0:00.36 pflogd: 
[running] -s 160 -i pflog0 -f /var/log/pflog (pflogd)
_unbound 90885  0.0  0.2  9852 10852 ??  Is10:36AM0:00.25 unbound -c 
/var/unbound/etc/unbound.conf
_relayd  74560  0.0  0.0  1176  2836 ??  Ip10:36AM0:00.01 relayd: hce 
(relayd)
root 18863  0.0  0.1  1568  3408 ??  Is10:36AM0:00.02 
/usr/sbin/relayd
_relayd  50673  0.0  0.0  1204  2908 ??  Ip10:36AM0:00.02 relayd: pfe 
(relayd)
_relayd  70251  0.0  0.1  1308  3280 ??  Ip10:36AM0:00.03 relayd: relay 
(relayd)
_relayd  13920  0.0  0.0  1136  2876 ??  Ip10:36AM0:00.02 relayd: ca 
(relayd)
_relayd  97513  0.0  0.0  1148  2856 ??  Ip10:36AM0:00.02 relayd: ca 
(relayd)
_relayd  68353  0.0  0.0  1140  2860 ??  Ip10:36AM0:00.02 relayd: ca 
(relayd)
_relayd  98221  0.0  0.1  1312  3280 ??  Ip10:36AM0:00.03 relayd: relay 
(relayd)
_relayd  52134  0.0  0.1  1316  3288 ??  Ip10:36AM0:00.03 relayd: relay 
(relayd)
_sndio   12325  0.0  0.0   500  1188 ??  I

iwm aux sta

[Stefan Sperling]

This removes unnecessary fluff from the AUX STA code and simplifies error
handling around iwm_send_cmd_pdu_status() calls. While at it I spotted an
uninitalized 'status' variable in iwm_add_int_sta_common() (note how
iwm_send_cmd_pdu_status() won't always initialize *status).

Index: if_iwm.c
===
RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
retrieving revision 1.131
diff -u -p -r1.131 if_iwm.c
--- if_iwm.c10 Sep 2016 10:00:41 -  1.131
+++ if_iwm.c10 Sep 2016 10:55:01 -
@@ -387,8 +387,6 @@ int iwm_power_update_device(struct iwm_s
 intiwm_enable_beacon_filter(struct iwm_softc *, struct iwm_node *);
 intiwm_disable_beacon_filter(struct iwm_softc *);
 intiwm_add_sta_cmd(struct iwm_softc *, struct iwm_node *, int);
-intiwm_add_int_sta_common(struct iwm_softc *, struct iwm_int_sta *,
-   const uint8_t *, uint16_t, uint16_t);
 intiwm_add_aux_sta(struct iwm_softc *);
 uint16_t iwm_scan_rx_chain(struct iwm_softc *);
 uint32_t iwm_scan_max_out_time(struct iwm_softc *, uint32_t, int);
@@ -2406,26 +2404,18 @@ iwm_sta_rx_agg(struct iwm_softc *sc, str
IWM_STA_MODIFY_REMOVE_BA_TID;
 
status = IWM_ADD_STA_SUCCESS;
-   err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA,
-   sizeof(cmd), , );
+   err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd), ,
+   );
if (err)
return;
 
-   switch (status) {
-   case IWM_ADD_STA_SUCCESS:
+   if (status == IWM_ADD_STA_SUCCESS) {
s = splnet();
if (start)
sc->sc_rx_ba_sessions++;
else if (sc->sc_rx_ba_sessions > 0)
sc->sc_rx_ba_sessions--;
splx(s);
-   break;
-   case IWM_ADD_STA_IMMEDIATE_BA_FAILURE:
-   err = EIO;
-   break;
-   default:
-   err = EIO;
-   break;
}
 }
 
@@ -3471,10 +3461,7 @@ iwm_binding_cmd(struct iwm_softc *sc, st
status = 0;
err = iwm_send_cmd_pdu_status(sc, IWM_BINDING_CONTEXT_CMD,
sizeof(cmd), , );
-   if (err)
-   return err;
-
-   if (status)
+   if (err == 0 && status != 0)
err = EIO;
 
return err;
@@ -3998,7 +3985,7 @@ iwm_tx(struct iwm_softc *sc, struct mbuf
 
if (IEEE80211_IS_MULTICAST(wh->i_addr1) ||
type != IEEE80211_FC0_TYPE_DATA)
-   tx->sta_id = sc->sc_aux_sta.sta_id;
+   tx->sta_id = IWM_AUX_STA_ID;
else
tx->sta_id = IWM_STATION_ID;
 
@@ -4370,70 +4357,36 @@ iwm_add_sta_cmd(struct iwm_softc *sc, st
status = IWM_ADD_STA_SUCCESS;
err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(add_sta_cmd),
_sta_cmd, );
-   if (err)
-   return err;
-
-   switch (status) {
-   case IWM_ADD_STA_SUCCESS:
-   break;
-   default:
+   if (err == 0 && status != IWM_ADD_STA_SUCCESS)
err = EIO;
-   break;
-   }
 
return err;
 }
 
 int
-iwm_add_int_sta_common(struct iwm_softc *sc, struct iwm_int_sta *sta,
-const uint8_t *addr, uint16_t mac_id, uint16_t color)
+iwm_add_aux_sta(struct iwm_softc *sc)
 {
struct iwm_add_sta_cmd_v7 cmd;
int err;
uint32_t status;
 
-   memset(, 0, sizeof(cmd));
-   cmd.sta_id = sta->sta_id;
-   cmd.mac_id_n_color = htole32(IWM_FW_CMD_ID_AND_COLOR(mac_id, color));
-
-   cmd.tfd_queue_msk = htole32(sta->tfd_queue_msk);
-   cmd.tid_disable_tx = htole16(0x);
-
-   if (addr)
-   memcpy(cmd.addr, addr, ETHER_ADDR_LEN);
-
-   err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA,
-   sizeof(cmd), , );
-   if (err)
-   return err;
-
-   switch (status) {
-   case IWM_ADD_STA_SUCCESS:
-   return 0;
-   default:
-   err = EIO;
-   break;
-   }
-   return err;
-}
-
-int
-iwm_add_aux_sta(struct iwm_softc *sc)
-{
-   int err;
-
-   sc->sc_aux_sta.sta_id = IWM_AUX_STA_ID;
-   sc->sc_aux_sta.tfd_queue_msk = (1 << IWM_AUX_QUEUE);
-
err = iwm_enable_txq(sc, 0, IWM_AUX_QUEUE, IWM_TX_FIFO_MCAST);
if (err)
return err;
 
-   err = iwm_add_int_sta_common(sc,
-   >sc_aux_sta, NULL, IWM_MAC_INDEX_AUX, 0);
+   memset(, 0, sizeof(cmd));
+   cmd.sta_id = IWM_AUX_STA_ID;
+   cmd.mac_id_n_color =
+   htole32(IWM_FW_CMD_ID_AND_COLOR(IWM_MAC_INDEX_AUX, 0));
+   cmd.tfd_queue_msk = htole32(1 << IWM_AUX_QUEUE);
+   cmd.tid_disable_tx = htole16(0x);
+
+   status = IWM_ADD_STA_SUCCESS;
+   err = iwm_send_cmd_pdu_status(sc, IWM_ADD_STA, sizeof(cmd), ,
+   );
+   if (err == 0 && status != IWM_ADD_STA_SUCCESS)
+   err = EIO;
 
-   if (err)
-   memset(>sc_aux_sta, 0, 

Fix NFS hanging on shutdown/reboot

[Tobias Ulmer]

Pending NFS requests loop forever, blocking umount and not even allowing
for clean shutdown/reboot.

If you ever played with NFS for more than 30 seconds, you have run into
this and had to press the reset button, followed by suffering through
fsck...

Pending requests occur because the NFS server is gone (duh), network
problems (duh) or the server is sending replies faster than the client
can receive/reassemble packets (sneaky).

The least invasive fix is marking all pending requests "soft". Timeouts
apply and the blocking request gets discarded.

Index: nfs/nfs_vfsops.c
===
RCS file: /home/vcs/cvs/openbsd/src/sys/nfs/nfs_vfsops.c,v
retrieving revision 1.110
diff -u -p -r1.110 nfs_vfsops.c
--- nfs/nfs_vfsops.c13 Aug 2016 20:53:17 -  1.110
+++ nfs/nfs_vfsops.c10 Sep 2016 08:12:27 -
@@ -689,13 +689,18 @@ int
 nfs_unmount(struct mount *mp, int mntflags, struct proc *p)
 {
struct nfsmount *nmp;
+   struct nfsreq *rep;
int error, flags;
 
nmp = VFSTONFS(mp);
flags = 0;
 
-   if (mntflags & MNT_FORCE)
+   if (mntflags & MNT_FORCE) {
flags |= FORCECLOSE;
+   TAILQ_FOREACH(rep, >nm_reqsq, r_chain) {
+   rep->r_flags |= R_SOFTTERM;
+   }
+   }
 
error = vflush(mp, NULL, flags);
if (error)

Re: random malloc junk

[Otto Moerbeek]

On Thu, Sep 08, 2016 at 07:47:58PM -0400, Daniel Micay wrote:

> A nice security property of 0xdf filling is that a use-after-free of a
> pointer is guaranteed to fault in a typical environment since it ends up
> pointing outside userspace (I assume that's the case on OpenBSD). A heap
> spray could potentially allow exploiting a random pointer. Perhaps it
> would be better if only the byte range guaranteeing faults for pointers
> was used? Less random, but strictly better than the current situation
> rather than losing a nice guarantee.

AFAIK 0xdf...df it is not guaranteed, just often outside the address
space.

I selected 0xdf a long time ago as an alternative to the 0xd0 (Duh)
byte used for new chunks. Both as a mnemonic for "free" and because it
is likely to cause segfaults. A pointer ending in 0xdf often will be
unaligned. Of course that won't work on all archs or all pointers.

Random patterns are also likely to produce segfaults, using them as a
pointer has a big chance of being unaligned or pointing to an unmapped
page.

-Otto

gmtime return value

[Carlin Bingham]

If gmtime_r(3) fails it should return NULL, it currently returns a
pointer to the unitialised tm struct it was given.


-- 
Carlin



Index: lib/libc/time/localtime.c
===
RCS file: /cvs/src/lib/libc/time/localtime.c,v
retrieving revision 1.58
diff -u -p -u -r1.58 localtime.c
--- lib/libc/time/localtime.c   14 Mar 2016 15:26:52 -  1.58
+++ lib/libc/time/localtime.c   10 Sep 2016 06:06:24 -
@@ -1350,8 +1350,7 @@ gmtsub(const time_t *timep, long offset,
 struct tm *
 gmtime_r(const time_t *timep, struct tm *p_tm)
 {
-   gmtsub(timep, 0L, p_tm);
-   return p_tm;
+   return gmtsub(timep, 0L, p_tm);
 }
 DEF_WEAK(gmtime_r);
 

Fix an infinite loop in iked

[Nikolay Edigaryev]

This fixes a bug introduced in revision 1.8 of timer.c that causes
evtimer_set() to be called on an already active event, which is an error
according to event_add(3):

>The event in the ev argument must be already initialized by event_set()
>and may not be used in calls to event_set() until it has timed out or
>been removed with event_del(). If the event in the ev argument already
>has a scheduled timeout, the old timeout will be replaced by the new
>one.

The simplest way to trigger the loop is by toggling the active/passive
knob via ikectl:

$ doas ikectl active # Calls event_set() and starts 2 second timer
$ doas ikectl active # Calls event_set() on an active timer

It can also be triggered by connecting to a peer and receiving
INVALID_KE_PAYLOAD notification from it, in which case event_set() will
be called in ikev2_pld_notify().

Index: timer.c
===
RCS file: /cvs/src/sbin/iked/timer.c,v
retrieving revision 1.12
diff -u -p -r1.12 timer.c
--- timer.c 16 Jan 2015 06:39:58 -  1.12
+++ timer.c 8 Sep 2016 14:40:16 -
@@ -37,6 +37,10 @@ void
 timer_set(struct iked *env, struct iked_timer *tmr,
 void (*cb)(struct iked *, void *), void *arg)
 {
+   if (evtimer_initialized(>tmr_ev) &&
+   evtimer_pending(>tmr_ev, NULL))
+   evtimer_del(>tmr_ev);
+
tmr->tmr_env = env;
tmr->tmr_cb = cb;
tmr->tmr_cbarg = arg;
@@ -47,10 +51,6 @@ void
 timer_add(struct iked *env, struct iked_timer *tmr, int timeout)
 {
struct timeval   tv = { timeout };
-
-   if (evtimer_initialized(>tmr_ev) &&
-   evtimer_pending(>tmr_ev, NULL))
-   evtimer_del(>tmr_ev);
 
evtimer_add(>tmr_ev, );
 }