Re: acpi(4): GenericSerialBus OperationRegion support
On Sun, May 13, 2018 at 03:57:50PM +0200, Mark Kettenis wrote: > The diff below implements functionality that allows AML access to > devices that sit on an I2C bus. Only a subset of the various access > methods is implemented; some of the missing ones are not a very good > fit for our AML implementation. But this is enough to make reading > the battery status on the little Lenovo that mlarkin@ handed me at Elk > Lakes work. > Can you elaborate on what isn't a good fit? Just curious. -ml > Probably needs some wider testing. > > After that's done, ok? > > > Index: dev/acpi/acpi.c > === > RCS file: /cvs/src/sys/dev/acpi/acpi.c,v > retrieving revision 1.341 > diff -u -p -r1.341 acpi.c > --- dev/acpi/acpi.c 27 Mar 2018 21:11:16 - 1.341 > +++ dev/acpi/acpi.c 13 May 2018 13:49:46 - > @@ -920,6 +920,23 @@ acpi_register_gpio(struct acpi_softc *sc > } > > void > +acpi_register_gsb(struct acpi_softc *sc, struct aml_node *devnode) > +{ > + struct aml_value arg[2]; > + struct aml_node *node; > + > + /* Register GenericSerialBus address space. */ > + memset(, 0, sizeof(arg)); > + arg[0].type = AML_OBJTYPE_INTEGER; > + arg[0].v_integer = ACPI_OPREG_GSB; > + arg[1].type = AML_OBJTYPE_INTEGER; > + arg[1].v_integer = 1; > + node = aml_searchname(devnode, "_REG"); > + if (node && aml_evalnode(sc, node, 2, arg, NULL)) > + printf("%s: _REG failed\n", node->name); > +} > + > +void > acpi_attach(struct device *parent, struct device *self, void *aux) > { > struct bios_attach_args *ba = aux; > Index: dev/acpi/acpivar.h > === > RCS file: /cvs/src/sys/dev/acpi/acpivar.h,v > retrieving revision 1.89 > diff -u -p -r1.89 acpivar.h > --- dev/acpi/acpivar.h29 Nov 2017 22:51:01 - 1.89 > +++ dev/acpi/acpivar.h13 May 2018 13:49:46 - > @@ -333,6 +333,7 @@ void acpi_wakeup(void *); > int acpi_gasio(struct acpi_softc *, int, int, uint64_t, int, int, void *); > > void acpi_register_gpio(struct acpi_softc *, struct aml_node *); > +void acpi_register_gsb(struct acpi_softc *, struct aml_node *); > > int acpi_set_gpehandler(struct acpi_softc *, int, > int (*)(struct acpi_softc *, int, void *), void *, int); > Index: dev/acpi/amltypes.h > === > RCS file: /cvs/src/sys/dev/acpi/amltypes.h,v > retrieving revision 1.45 > diff -u -p -r1.45 amltypes.h > --- dev/acpi/amltypes.h 8 May 2016 11:08:01 - 1.45 > +++ dev/acpi/amltypes.h 13 May 2018 13:49:46 - > @@ -371,6 +371,8 @@ struct acpi_gpio { > void(*intr_establish)(void *, int, int, int (*)(void *), void *); > }; > > +struct i2c_controller; > + > struct aml_node { > struct aml_node *parent; > > @@ -385,8 +387,9 @@ struct aml_node { > u_int8_t*end; > > struct aml_value *value; > - struct acpi_pci *pci; > + struct acpi_pci *pci; > struct acpi_gpio *gpio; > + struct i2c_controller *i2c; > }; > > #define aml_bitmask(n) (1L << ((n) & 0x7)) > Index: dev/acpi/dsdt.c > === > RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v > retrieving revision 1.236 > diff -u -p -r1.236 dsdt.c > --- dev/acpi/dsdt.c 29 Nov 2017 15:22:22 - 1.236 > +++ dev/acpi/dsdt.c 13 May 2018 13:49:47 - > @@ -33,6 +33,8 @@ > #include > #include > > +#include > + > #ifdef SMALL_KERNEL > #undef ACPI_DEBUG > #endif > @@ -2288,6 +2290,7 @@ aml_register_regionspace(struct aml_node > > void aml_rwgen(struct aml_value *, int, int, struct aml_value *, int, int); > void aml_rwgpio(struct aml_value *, int, int, struct aml_value *, int, int); > +void aml_rwgsb(struct aml_value *, int, int, struct aml_value *, int, int); > void aml_rwindexfield(struct aml_value *, struct aml_value *val, int); > void aml_rwfield(struct aml_value *, int, int, struct aml_value *, int); > > @@ -2512,6 +2515,96 @@ aml_rwgpio(struct aml_value *conn, int b > } > > void > +aml_rwgsb(struct aml_value *conn, int bpos, int blen, struct aml_value *val, > +int mode, int flag) > +{ > + union acpi_resource *crs = (union acpi_resource *)conn->v_buffer; > + struct aml_node *node; > + i2c_tag_t tag; > + i2c_op_t op; > + i2c_addr_t addr; > + int cmdlen, buflen; > + uint8_t cmd; > + uint8_t *buf; > + int err; > + > + if (conn->type != AML_OBJTYPE_BUFFER || conn->length < 5 || > + AML_CRSTYPE(crs) != LR_SERBUS || AML_CRSLEN(crs) > conn->length || > + crs->lr_i2cbus.revid != 1 || crs->lr_i2cbus.type != LR_SERBUS_I2C) > + aml_die("Invalid GenericSerialBus"); > + if (AML_FIELD_ACCESS(flag) != AML_FIELD_BUFFERACC || > + bpos & 0x3 || blen != 8) > + aml_die("Invalid GenericSerialBus
Re: Missing hardlink for /usr/bin/cc
On Sat, May 12, 2018 at 8:59 AM, Anthony Coulterwrote: > $ ls -li /usr/bin/{cc,c++,clang,clang++,clang-cpp} /usr/libexec/cpp > 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/c++ > 155926 -r-xr-xr-x 1 root bin 46885664 May 4 11:12 /usr/bin/cc > 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/clang > 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/clang++ > 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/clang-cpp > 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/libexec/cpp > $ diff /usr/bin/{cc,clang} > $ > > I interpret this as /usr/bin/cc accidentally being a copy instead of a > hard link. Is this correct? > The underlying issue is that /usr/bin/cc is packaged in baseXY.tgz where it's needed for (sane) kernel and library relinking, while the others are packaged in compXY.tgz. Perhaps we should move the others into baseXY.tgz so the link is preserved, but that would have to be only on the clang-as-cc archs and there are probably other catches I haven't noticed. This is perhaps a puzzle best for Theo... Philip Guenther
Missing hardlink for /usr/bin/cc
$ ls -li /usr/bin/{cc,c++,clang,clang++,clang-cpp} /usr/libexec/cpp 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/c++ 155926 -r-xr-xr-x 1 root bin 46885664 May 4 11:12 /usr/bin/cc 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/clang 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/clang++ 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/bin/clang-cpp 156140 -r-xr-xr-x 5 root bin 46885664 May 4 11:12 /usr/libexec/cpp $ diff /usr/bin/{cc,clang} $ I interpret this as /usr/bin/cc accidentally being a copy instead of a hard link. Is this correct? Regards, Anthony Coulter
com(4) console register width/shift support
The diff below extends the register width/shift support in com(4) such that the serial console on armv7 and arm64 doesn't have to use the nasty bus space hacks anymore. I removed the com_common_getc() and com_common_putc() functions as they didn't really serve any purpose anymore. The equivalent code is now simply part of comcngetc() and comcnputc(). ok? Index: arch/arm64/dev/com_fdt.c === RCS file: /cvs/src/sys/arch/arm64/dev/com_fdt.c,v retrieving revision 1.5 diff -u -p -r1.5 com_fdt.c --- arch/arm64/dev/com_fdt.c6 May 2018 17:16:48 - 1.5 +++ arch/arm64/dev/com_fdt.c13 May 2018 21:04:41 - @@ -28,8 +28,6 @@ #include #include -#include - #include #include #include @@ -45,12 +43,8 @@ struct cfattach com_fdt_ca = { sizeof (struct com_softc), com_fdt_match, com_fdt_attach }; -int com_fdt_cngetc(dev_t); -void com_fdt_cnputc(dev_t, int); -void com_fdt_cnpollc(dev_t, int); - struct consdev com_fdt_cons = { - NULL, NULL, com_fdt_cngetc, com_fdt_cnputc, com_fdt_cnpollc, NULL, + NULL, NULL, comcngetc, comcnputc, comcnpollc, NULL, NODEV, CN_LOWPRI }; @@ -76,7 +70,10 @@ com_fdt_init_cons(void) * comcnattach() does by doing the minimal setup here. */ - comconsiot = _a4x_bs_tag; + comcons_reg_width = OF_getpropint(stdout_node, "reg-io-width", 4); + comcons_reg_shift = OF_getpropint(stdout_node, "reg-shift", 2); + + comconsiot = fdt_cons_bs_tag; if (bus_space_map(comconsiot, reg.addr, reg.size, 0, )) return; @@ -160,21 +157,4 @@ com_fdt_intr_designware(void *cookie) com_read_reg(sc, com_usr); return comintr(sc); -} - -int -com_fdt_cngetc(dev_t dev) -{ - return com_common_getc(comconsiot, comconsioh); -} - -void -com_fdt_cnputc(dev_t dev, int c) -{ - com_common_putc(comconsiot, comconsioh, c); -} - -void -com_fdt_cnpollc(dev_t dev, int on) -{ } Index: arch/armv7/dev/com_fdt.c === RCS file: /cvs/src/sys/arch/armv7/dev/com_fdt.c,v retrieving revision 1.12 diff -u -p -r1.12 com_fdt.c --- arch/armv7/dev/com_fdt.c7 May 2018 14:13:54 - 1.12 +++ arch/armv7/dev/com_fdt.c13 May 2018 21:04:41 - @@ -28,9 +28,6 @@ #include #include -/* pick up armv7_a4x_bs_tag */ -#include - #include #include #include @@ -49,12 +46,8 @@ struct cfattach com_fdt_ca = { sizeof (struct com_softc), com_fdt_match, com_fdt_attach }; -int com_fdt_cngetc(dev_t); -void com_fdt_cnputc(dev_t, int); -void com_fdt_cnpollc(dev_t, int); - struct consdev com_fdt_cons = { - NULL, NULL, com_fdt_cngetc, com_fdt_cnputc, com_fdt_cnpollc, NULL, + NULL, NULL, comcngetc, comcnputc, comcnpollc, NULL, NODEV, CN_LOWPRI }; @@ -80,7 +73,10 @@ com_fdt_init_cons(void) * comcnattach() does by doing the minimal setup here. */ - comconsiot = _a4x_bs_tag; + comcons_reg_width = OF_getpropint(stdout_node, "reg-io-width", 4); + comcons_reg_shift = OF_getpropint(stdout_node, "reg-shift", 2); + + comconsiot = fdt_cons_bs_tag; if (bus_space_map(comconsiot, reg.addr, reg.size, 0, )) return; @@ -165,21 +161,4 @@ com_fdt_intr_designware(void *cookie) com_read_reg(sc, com_usr); return comintr(sc); -} - -int -com_fdt_cngetc(dev_t dev) -{ - return com_common_getc(comconsiot, comconsioh); -} - -void -com_fdt_cnputc(dev_t dev, int c) -{ - com_common_putc(comconsiot, comconsioh, c); -} - -void -com_fdt_cnpollc(dev_t dev, int on) -{ } Index: dev/ic/com.c === RCS file: /cvs/src/sys/dev/ic/com.c,v retrieving revision 1.168 diff -u -p -r1.168 com.c --- dev/ic/com.c2 May 2018 13:20:12 - 1.168 +++ dev/ic/com.c13 May 2018 21:04:42 - @@ -1133,52 +1133,6 @@ comintr(void *arg) } } -/* - * The following functions are polled getc and putc routines, used - * by the console glue. - */ - -int -com_common_getc(bus_space_tag_t iot, bus_space_handle_t ioh) -{ - int s = splhigh(); - u_char stat, c; - - /* Block until a character becomes available. */ - while (!ISSET(stat = bus_space_read_1(iot, ioh, com_lsr), LSR_RXRDY)) - continue; - - c = bus_space_read_1(iot, ioh, com_data); - - /* Clear any interrupts generated by this transmission. */ - stat = bus_space_read_1(iot, ioh, com_iir); - splx(s); - return (c); -} - -void -com_common_putc(bus_space_tag_t iot, bus_space_handle_t ioh, int c) -{ - int s = spltty(); - int timo; - - /* Wait for any pending transmission to finish. */ - timo = 2000; - while (!ISSET(bus_space_read_1(iot, ioh, com_lsr), LSR_TXRDY) && --timo) - delay(1); - - bus_space_write_1(iot, ioh, com_data, (u_int8_t)(c &
Re: pfctl check if rdomain exists
On Sun, May 13, 2018 at 03:22:39PM +0200, Sebastian Benoit wrote: > Here is a better version that moves the RT_TABLEID_MAX check into the > rdomain_check() function. I think hiding the yyerror() in rdomain_check() is not so nice. So I like your first version more. Could it be fixed with an "else if"? if ($2 < 0 || $2 > RT_TABLEID_MAX) yyerror("rdomain %lld outside range", $2); ELSE if (rdomain_exists($2) != 1) yyerror("rdomain %lld does not exist", $2); > still ok? Your version is also correct and other functions also call yyerror(). So although I don't like it, OK bluhm@ > + if (errno == ENOENT) > + /* table nonexistent */ > + goto notfound; Could you put braces around this if block? Although not necessary as one line is a comment, an if with a two lines block looks odd. bluhm
const for X509_EXT_*
Here's a slightly more interesting one. It adds const to 'section', 'name' and 'value' parameters of the X509_EXT_* famliy of functions. We also need adjust the get_section() and get_string() members of the X509V3_CONF_METHOD_st structure to match OpenSSL's as well as a handful of internal functions. As usual, run through a bulk by sthen. Index: lib/libcrypto/x509v3/v3_conf.c === RCS file: /cvs/src/lib/libcrypto/x509v3/v3_conf.c,v retrieving revision 1.21 diff -u -p -r1.21 v3_conf.c --- lib/libcrypto/x509v3/v3_conf.c 29 Jan 2017 17:49:23 - 1.21 +++ lib/libcrypto/x509v3/v3_conf.c 13 May 2018 15:38:36 - @@ -66,23 +66,27 @@ #include #include -static int v3_check_critical(char **value); -static int v3_check_generic(char **value); +static int v3_check_critical(const char **value); +static int v3_check_generic(const char **value); static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, -int crit, char *value); -static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, +int crit, const char *value); +static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value, int crit, int type, X509V3_CTX *ctx); -static char *conf_lhash_get_string(void *db, char *section, char *value); -static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); +static char *conf_lhash_get_string(void *db, const char *section, +const char *value); +static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, +const char *section); static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid, int crit, void *ext_struc); -static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len); +static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx, +long *ext_len); /* CONF *conf: Config file*/ /* char *name: Name*/ /* char *value: Value*/ X509_EXTENSION * -X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value) +X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name, +const char *value) { int crit; int ext_type; @@ -102,7 +106,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX /* CONF *conf: Config file*/ /* char *value: Value*/ X509_EXTENSION * -X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value) +X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, +const char *value) { int crit; int ext_type; @@ -117,7 +122,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_ /* CONF *conf: Config file*/ /* char *value: Value*/ static X509_EXTENSION * -do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value) +do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, +const char *value) { const X509V3_EXT_METHOD *method; X509_EXTENSION *ext; @@ -233,9 +239,9 @@ X509V3_EXT_i2d(int ext_nid, int crit, vo /* Check the extension string for critical flag */ static int -v3_check_critical(char **value) +v3_check_critical(const char **value) { - char *p = *value; + const char *p = *value; if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; @@ -247,10 +253,10 @@ v3_check_critical(char **value) /* Check extension string for generic extension and return the type */ static int -v3_check_generic(char **value) +v3_check_generic(const char **value) { int gen_type = 0; - char *p = *value; + const char *p = *value; if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { p += 4; @@ -269,7 +275,7 @@ v3_check_generic(char **value) /* Create a generic extension: for now just handle DER type */ static X509_EXTENSION * -v3_generic_extension(const char *ext, char *value, int crit, int gen_type, +v3_generic_extension(const char *ext, const char *value, int crit, int gen_type, X509V3_CTX *ctx) { unsigned char *ext_der = NULL; @@ -318,7 +324,7 @@ err: } static unsigned char * -generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len) +generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len) { ASN1_TYPE *typ; unsigned char *ext_der = NULL; @@ -336,7 +342,7 @@ generic_asn1(char *value, X509V3_CTX *ct */ int -X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, +X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section, STACK_OF(X509_EXTENSION) **sk) { X509_EXTENSION *ext; @@ -360,7 +366,8 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509 /* Convenience functions to add extensions to a certificate, CRL and request */ int -X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert) +X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section, +X509 *cert) { STACK_OF(X509_EXTENSION) **sk = NULL; @@ -372,7 +379,7 @@ X509V3_EXT_add_nconf(CONF
Re: [patch] add missing pledge to aucat(1).
On Mon, May 07, 2018 at 08:34:32PM +0200, Jesper Wallin wrote: > On Mon, May 07, 2018 at 03:30:19PM +0200, Jesper Wallin wrote: > > I've still not been able to test this using MIDI devices, but everything > > else seems to work as far as I can tell. > > As Theo (tb@) kindly pointed out to me off-list, aucat(1) supports the > use of multiple -i and/or -o flags, which my previous patch broke. > > Instead, I've now split slot_new() into two functions, where slot_new() > only sets the path to the file with all the parameters, and slot_parse() > which loops through all files and parse the headers. > > Same testing as before as well as specifying -i/-o multiple times. > > That's what I meant. The "hdr", "rate" and "pars" variables must also be saved similarly to "path", but this makes the slot structure a duplicate of the afile structure does, which is ugly and error-prone. So afile_open() may need also to be split into a "init" and "open" parts. Sorry, I thought all this would be much easier :(
const for TS_*
Another trivial diff that adds const qualifiers to the ASN1_OBJ argument of a number of TS_* functions. As usual tested in sthen's bulk build. Index: lib/libcrypto/ts/ts.h === RCS file: /var/cvs/src/lib/libcrypto/ts/ts.h,v retrieving revision 1.8 diff -u -p -r1.8 ts.h --- lib/libcrypto/ts/ts.h 27 Dec 2016 16:05:57 - 1.8 +++ lib/libcrypto/ts/ts.h 13 May 2018 14:47:28 - @@ -365,7 +365,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_M int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); -int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); +int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy); ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); @@ -378,7 +378,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_ext void TS_REQ_ext_free(TS_REQ *a); int TS_REQ_get_ext_count(TS_REQ *a); int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); -int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); +int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos); int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); @@ -524,14 +524,14 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); /* This parameter must be set. */ -int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); +int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy); /* No additional certs are included in the response by default. */ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); /* Adds a new acceptable policy, only the default policy is accepted by default. */ -int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); +int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy); /* Adds a new acceptable message digest. Note that no message digests are accepted by default. The md argument is shared with the caller. */ Index: lib/libcrypto/ts/ts_req_utils.c === RCS file: /var/cvs/src/lib/libcrypto/ts/ts_req_utils.c,v retrieving revision 1.5 diff -u -p -r1.5 ts_req_utils.c --- lib/libcrypto/ts/ts_req_utils.c 29 Jan 2017 17:49:23 - 1.5 +++ lib/libcrypto/ts/ts_req_utils.c 13 May 2018 14:47:28 - @@ -134,7 +134,7 @@ TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a } int -TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy) +TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy) { ASN1_OBJECT *new_policy; @@ -219,7 +219,7 @@ TS_REQ_get_ext_by_NID(TS_REQ *a, int nid } int -TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos) +TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos) { return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos); } Index: lib/libcrypto/ts/ts_rsp_sign.c === RCS file: /var/cvs/src/lib/libcrypto/ts/ts_rsp_sign.c,v retrieving revision 1.21 diff -u -p -r1.21 ts_rsp_sign.c --- lib/libcrypto/ts/ts_rsp_sign.c 29 Jan 2017 17:49:23 - 1.21 +++ lib/libcrypto/ts/ts_rsp_sign.c 13 May 2018 14:47:28 - @@ -201,7 +201,7 @@ TS_RESP_CTX_set_signer_key(TS_RESP_CTX * } int -TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) +TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy) { if (ctx->default_policy) ASN1_OBJECT_free(ctx->default_policy); @@ -238,7 +238,7 @@ TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, } int -TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) +TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy) { ASN1_OBJECT *copy = NULL;
const for SXNET_add_id_{INTEGER,asc,ulong}(3)
Small and simple diff that makes the char * arguments of these three functions const. Index: lib/libcrypto/x509v3/v3_sxnet.c === RCS file: /var/cvs/src/lib/libcrypto/x509v3/v3_sxnet.c,v retrieving revision 1.20 diff -u -p -r1.20 v3_sxnet.c --- lib/libcrypto/x509v3/v3_sxnet.c 25 Apr 2018 11:48:21 - 1.20 +++ lib/libcrypto/x509v3/v3_sxnet.c 13 May 2018 14:42:11 - @@ -253,7 +253,7 @@ sxnet_v2i(X509V3_EXT_METHOD *method, X50 /* Add an id given the zone as an ASCII number */ int -SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) +SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen) { ASN1_INTEGER *izone = NULL; @@ -267,7 +267,8 @@ SXNET_add_id_asc(SXNET **psx, char *zone /* Add an id given the zone as an unsigned long */ int -SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen) +SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, +int userlen) { ASN1_INTEGER *izone = NULL; @@ -286,7 +287,8 @@ SXNET_add_id_ulong(SXNET **psx, unsigned */ int -SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen) +SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user, +int userlen) { SXNET *sx = NULL; SXNETID *id = NULL; Index: lib/libcrypto/x509v3/x509v3.h === RCS file: /var/cvs/src/lib/libcrypto/x509v3/x509v3.h,v retrieving revision 1.23 diff -u -p -r1.23 x509v3.h --- lib/libcrypto/x509v3/x509v3.h 25 Apr 2018 11:48:21 - 1.23 +++ lib/libcrypto/x509v3/x509v3.h 13 May 2018 14:42:11 - @@ -524,9 +524,12 @@ SXNETID *d2i_SXNETID(SXNETID **a, const int i2d_SXNETID(SXNETID *a, unsigned char **out); extern const ASN1_ITEM SXNETID_it; -int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); -int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); -int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); +int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, +int userlen); +int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user, +int userlen); +int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user, +int userlen); ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone); ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
acpi(4): GenericSerialBus OperationRegion support
The diff below implements functionality that allows AML access to devices that sit on an I2C bus. Only a subset of the various access methods is implemented; some of the missing ones are not a very good fit for our AML implementation. But this is enough to make reading the battery status on the little Lenovo that mlarkin@ handed me at Elk Lakes work. Probably needs some wider testing. After that's done, ok? Index: dev/acpi/acpi.c === RCS file: /cvs/src/sys/dev/acpi/acpi.c,v retrieving revision 1.341 diff -u -p -r1.341 acpi.c --- dev/acpi/acpi.c 27 Mar 2018 21:11:16 - 1.341 +++ dev/acpi/acpi.c 13 May 2018 13:49:46 - @@ -920,6 +920,23 @@ acpi_register_gpio(struct acpi_softc *sc } void +acpi_register_gsb(struct acpi_softc *sc, struct aml_node *devnode) +{ + struct aml_value arg[2]; + struct aml_node *node; + + /* Register GenericSerialBus address space. */ + memset(, 0, sizeof(arg)); + arg[0].type = AML_OBJTYPE_INTEGER; + arg[0].v_integer = ACPI_OPREG_GSB; + arg[1].type = AML_OBJTYPE_INTEGER; + arg[1].v_integer = 1; + node = aml_searchname(devnode, "_REG"); + if (node && aml_evalnode(sc, node, 2, arg, NULL)) + printf("%s: _REG failed\n", node->name); +} + +void acpi_attach(struct device *parent, struct device *self, void *aux) { struct bios_attach_args *ba = aux; Index: dev/acpi/acpivar.h === RCS file: /cvs/src/sys/dev/acpi/acpivar.h,v retrieving revision 1.89 diff -u -p -r1.89 acpivar.h --- dev/acpi/acpivar.h 29 Nov 2017 22:51:01 - 1.89 +++ dev/acpi/acpivar.h 13 May 2018 13:49:46 - @@ -333,6 +333,7 @@ void acpi_wakeup(void *); int acpi_gasio(struct acpi_softc *, int, int, uint64_t, int, int, void *); void acpi_register_gpio(struct acpi_softc *, struct aml_node *); +void acpi_register_gsb(struct acpi_softc *, struct aml_node *); intacpi_set_gpehandler(struct acpi_softc *, int, int (*)(struct acpi_softc *, int, void *), void *, int); Index: dev/acpi/amltypes.h === RCS file: /cvs/src/sys/dev/acpi/amltypes.h,v retrieving revision 1.45 diff -u -p -r1.45 amltypes.h --- dev/acpi/amltypes.h 8 May 2016 11:08:01 - 1.45 +++ dev/acpi/amltypes.h 13 May 2018 13:49:46 - @@ -371,6 +371,8 @@ struct acpi_gpio { void(*intr_establish)(void *, int, int, int (*)(void *), void *); }; +struct i2c_controller; + struct aml_node { struct aml_node *parent; @@ -385,8 +387,9 @@ struct aml_node { u_int8_t*end; struct aml_value *value; - struct acpi_pci *pci; + struct acpi_pci *pci; struct acpi_gpio *gpio; + struct i2c_controller *i2c; }; #define aml_bitmask(n) (1L << ((n) & 0x7)) Index: dev/acpi/dsdt.c === RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v retrieving revision 1.236 diff -u -p -r1.236 dsdt.c --- dev/acpi/dsdt.c 29 Nov 2017 15:22:22 - 1.236 +++ dev/acpi/dsdt.c 13 May 2018 13:49:47 - @@ -33,6 +33,8 @@ #include #include +#include + #ifdef SMALL_KERNEL #undef ACPI_DEBUG #endif @@ -2288,6 +2290,7 @@ aml_register_regionspace(struct aml_node void aml_rwgen(struct aml_value *, int, int, struct aml_value *, int, int); void aml_rwgpio(struct aml_value *, int, int, struct aml_value *, int, int); +void aml_rwgsb(struct aml_value *, int, int, struct aml_value *, int, int); void aml_rwindexfield(struct aml_value *, struct aml_value *val, int); void aml_rwfield(struct aml_value *, int, int, struct aml_value *, int); @@ -2512,6 +2515,96 @@ aml_rwgpio(struct aml_value *conn, int b } void +aml_rwgsb(struct aml_value *conn, int bpos, int blen, struct aml_value *val, +int mode, int flag) +{ + union acpi_resource *crs = (union acpi_resource *)conn->v_buffer; + struct aml_node *node; + i2c_tag_t tag; + i2c_op_t op; + i2c_addr_t addr; + int cmdlen, buflen; + uint8_t cmd; + uint8_t *buf; + int err; + + if (conn->type != AML_OBJTYPE_BUFFER || conn->length < 5 || + AML_CRSTYPE(crs) != LR_SERBUS || AML_CRSLEN(crs) > conn->length || + crs->lr_i2cbus.revid != 1 || crs->lr_i2cbus.type != LR_SERBUS_I2C) + aml_die("Invalid GenericSerialBus"); + if (AML_FIELD_ACCESS(flag) != AML_FIELD_BUFFERACC || + bpos & 0x3 || blen != 8) + aml_die("Invalid GenericSerialBus access"); + + node = aml_searchname(conn->node, + (char *)>lr_i2cbus.vdata[crs->lr_i2cbus.tlength - 6]); + + if (node == NULL || node->i2c == NULL) + aml_die("Could not find GenericSerialBus controller"); + + switch (((flag >> 6) & 0x3)) { + case 0: /* Normal */ +
Re: pfctl check if rdomain exists
Alexander Bluhm(alexander.bl...@gmx.net) on 2018.05.13 10:03:43 +0200: > On Sun, May 13, 2018 at 01:34:48AM +0200, Sebastian Benoit wrote: > > when you add a pf rule with a "on rdomain n" with nonexisting rdomain n, > > the load will fail with the error > > > > pfctl: DIOCADDRULE: Device busy > > > > with no information which rule caused the problem and no indication that the > > problem is the rdomain . > > > > So lets check if the rdomain really exists when parsing the config. > > > > Also parsing doesnot have to stop when this occurs, we can go on and > > stop before actually loading the config and that way parse the complete > > pf.conf and find more errors. Same goes for the rdomain range check, remove > > YYERROR there too. > > > > ok? > > OK bluhm@ well, i noticed a stupid mistake with my caching of found rdomains. Here is a better version that moves the RT_TABLEID_MAX check into the rdomain_check() function. still ok? diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y index fba07e2ea43..31ed346b765 100644 --- sbin/pfctl/parse.y +++ sbin/pfctl/parse.y @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -389,6 +390,7 @@ int invalid_redirect(struct node_host *, sa_family_t); u_int16_t parseicmpspec(char *, sa_family_t); int kw_casecmp(const void *, const void *); int map_tos(char *string, int *); +voidrdomain_check(u_int); TAILQ_HEAD(loadanchorshead, loadanchors) loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead); @@ -2561,10 +2563,8 @@ if_item : STRING{ $$->tail = $$; } | RDOMAIN NUMBER{ - if ($2 < 0 || $2 > RT_TABLEID_MAX) { - yyerror("rdomain outside range"); - YYERROR; - } + rdomain_check($2); + $$ = calloc(1, sizeof(struct node_if)); if ($$ == NULL) err(1, "if_item: calloc"); @@ -5950,3 +5950,45 @@ map_tos(char *s, int *val) } return (0); } + +void +rdomain_check(u_int rdomain) +{ + size_t len; + struct rt_tableinfo info; + int mib[6]; + static u_int found[RT_TABLEID_MAX+1]; + + if (rdomain < 0 || rdomain > RT_TABLEID_MAX) { + yyerror("rdomain %lld outside range", rdomain); + goto out; + } + + if (found[rdomain] == 1) + goto out; + + mib[0] = CTL_NET; + mib[1] = PF_ROUTE; + mib[2] = 0; + mib[3] = 0; + mib[4] = NET_RT_TABLE; + mib[5] = rdomain; + + len = sizeof(info); + if (sysctl(mib, 6, , , NULL, 0) == -1) { + if (errno == ENOENT) + /* table nonexistent */ + goto notfound; + err(1, "sysctl"); + } + if (info.rti_domainid == rdomain) { + found[rdomain] = 1; + goto out; + } + /* rdomain is a table, but not an rdomain */ + +notfound: + yyerror("rdomain %lld does not exist", rdomain); +out: + return; +}
const for PKCS* functions
Another straightforward diff, this time to catch up with OpenSSL's const sprinkling over PCKS12_* and PKCS8_* functions. Part of sthen's bulk. Index: lib/libcrypto/pkcs12/p12_add.c === RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_add.c,v retrieving revision 1.15 diff -u -p -r1.15 p12_add.c --- lib/libcrypto/pkcs12/p12_add.c 29 Jan 2017 17:49:23 - 1.15 +++ lib/libcrypto/pkcs12/p12_add.c 13 May 2018 11:11:33 - @@ -232,7 +232,7 @@ PKCS12_unpack_p7encdata(PKCS7 *p7, const } PKCS8_PRIV_KEY_INFO * -PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, int passlen) +PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen) { return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); } @@ -247,7 +247,7 @@ PKCS12_pack_authsafes(PKCS12 *p12, STACK } STACK_OF(PKCS7) * -PKCS12_unpack_authsafes(PKCS12 *p12) +PKCS12_unpack_authsafes(const PKCS12 *p12) { if (!PKCS7_type_is_data(p12->authsafes)) { PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA); Index: lib/libcrypto/pkcs12/p12_attr.c === RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_attr.c,v retrieving revision 1.10 diff -u -p -r1.10 p12_attr.c --- lib/libcrypto/pkcs12/p12_attr.c 11 Jul 2014 08:44:49 - 1.10 +++ lib/libcrypto/pkcs12/p12_attr.c 13 May 2018 11:11:33 - @@ -122,7 +122,7 @@ PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *b } ASN1_TYPE * -PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) +PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) { X509_ATTRIBUTE *attrib; int i; Index: lib/libcrypto/pkcs12/p12_crt.c === RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_crt.c,v retrieving revision 1.17 diff -u -p -r1.17 p12_crt.c --- lib/libcrypto/pkcs12/p12_crt.c 29 Jan 2017 17:49:23 - 1.17 +++ lib/libcrypto/pkcs12/p12_crt.c 13 May 2018 11:11:33 - @@ -80,7 +80,7 @@ copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_P } PKCS12 * -PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, +PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype) { @@ -221,7 +221,7 @@ err: PKCS12_SAFEBAG * PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage, -int iter, int nid_key, char *pass) +int iter, int nid_key, const char *pass) { PKCS12_SAFEBAG *bag = NULL; PKCS8_PRIV_KEY_INFO *p8 = NULL; @@ -261,7 +261,7 @@ err: int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, -int nid_safe, int iter, char *pass) +int nid_safe, int iter, const char *pass) { PKCS7 *p7 = NULL; int free_safes = 0; Index: lib/libcrypto/pkcs12/p12_decr.c === RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_decr.c,v retrieving revision 1.18 diff -u -p -r1.18 p12_decr.c --- lib/libcrypto/pkcs12/p12_decr.c 29 Jan 2017 17:49:23 - 1.18 +++ lib/libcrypto/pkcs12/p12_decr.c 13 May 2018 11:11:33 - @@ -67,8 +67,9 @@ */ unsigned char * -PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, -unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de) +PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen, +const unsigned char *in, int inlen, unsigned char **data, int *datalen, +int en_de) { unsigned char *out; int outlen, i; @@ -119,8 +120,8 @@ err: */ void * -PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, -const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) +PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, +const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf) { unsigned char *out; const unsigned char *p; Index: lib/libcrypto/pkcs12/p12_npas.c === RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_npas.c,v retrieving revision 1.12 diff -u -p -r1.12 p12_npas.c --- lib/libcrypto/pkcs12/p12_npas.c 29 Jan 2017 17:49:23 - 1.12 +++ lib/libcrypto/pkcs12/p12_npas.c 13 May 2018 11:11:33 - @@ -65,10 +65,11 @@ /* PKCS#12 password change routine */ -static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); -static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, -char *newpass); -static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); +static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass); +static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass, +const char *newpass); +static int newpass_bag(PKCS12_SAFEBAG
pms: support for Elantech trackpoints
This patch adds support for Elantech trackpoints to pms. They can be treated like other secondary devices and require only minor extensions in the initialization and input functions. For now, the patch also extends the set of "IC types" that are accepted for V4-touchpads from (6,8) to (6,8,15). It might well be that other types in the range 6-15 work properly with the driver. Thanks to Ryan Lennox for help and testing. OK? Index: dev/pckbc/pms.c === RCS file: /cvs/src/sys/dev/pckbc/pms.c,v retrieving revision 1.86 diff -u -p -r1.86 pms.c --- dev/pckbc/pms.c 29 Apr 2018 08:50:04 - 1.86 +++ dev/pckbc/pms.c 12 May 2018 13:08:46 - @@ -130,6 +130,7 @@ struct elantech_softc { #define ELANTECH_F_2FINGER_PACKET 0x04 #define ELANTECH_F_HW_V1_OLD 0x08 #define ELANTECH_F_CRC_ENABLED 0x10 +#define ELANTECH_F_TRACKPOINT 0x20 int fw_version; u_int mt_slots; @@ -1938,8 +1939,9 @@ elantech_get_hwinfo_v4(struct pms_softc if (synaptics_query(sc, ELANTECH_QUE_FW_VER, _version)) return (-1); - if (((fw_version & 0x0f) >> 16) != 6 && - (fw_version & 0x0f) >> 16 != 8) + if ((fw_version & 0x0f) >> 16 != 6 + && (fw_version & 0x0f) >> 16 != 8 + && (fw_version & 0x0f) >> 16 != 15) return (-1); elantech->fw_version = fw_version; @@ -1963,6 +1965,9 @@ elantech_get_hwinfo_v4(struct pms_softc if ((capabilities[1] < 2) || (capabilities[1] > hw->x_max)) return (-1); + if (capabilities[0] & ELANTECH_CAP_TRACKPOINT) + elantech->flags |= ELANTECH_F_TRACKPOINT; + hw->type = WSMOUSE_TYPE_ELANTECH; hw->hw_type = WSMOUSEHW_CLICKPAD; hw->mt_slots = ELANTECH_MAX_FINGERS; @@ -2140,6 +2145,7 @@ int pms_enable_elantech_v4(struct pms_softc *sc) { struct elantech_softc *elantech = sc->elantech; + struct wsmousedev_attach_args a; if (elantech_knock(sc)) goto err; @@ -2169,6 +2175,14 @@ pms_enable_elantech_v4(struct pms_softc printf("%s: Elantech Clickpad, version %d, firmware 0x%x\n", DEVNAME(sc), 4, sc->elantech->fw_version); + + if (sc->elantech->flags & ELANTECH_F_TRACKPOINT) { + a.accessops = _sec_accessops; + a.accesscookie = sc; + sc->sc_sec_wsmousedev = config_found((void *) sc, , + wsmousedevprint); + } + } else if (elantech_set_absolute_mode_v4(sc)) goto err; @@ -2328,13 +2342,40 @@ pms_sync_elantech_v3(struct pms_softc *s return (0); } +/* Extract the type bits from packet[3]. */ +static inline int +elantech_packet_type(u_char b) +{ + return ((b & 4) ? (b & 0xcf) : (b & 0x1f)); +} + int pms_sync_elantech_v4(struct pms_softc *sc, int data) { - if (sc->inputstate == 0 && (data & 0x0c) != 0x04) + if (sc->inputstate == 0) { + if ((data & 0x0c) == 0x04) + return (0); + if ((sc->elantech->flags & ELANTECH_F_TRACKPOINT) + && (data & 0xc8) == 0) + return (0); return (-1); - else - return (0); + } + if (sc->inputstate == 3) { + switch (elantech_packet_type(data)) { + case ELANTECH_V4_PKT_STATUS: + case ELANTECH_V4_PKT_HEAD: + case ELANTECH_V4_PKT_MOTION: + return ((sc->packet[0] & 4) ? 0 : -1); + case ELANTECH_PKT_TRACKPOINT: + return ((sc->packet[0] & 0xc8) == 0 + && sc->packet[1] == ((data & 0x10) << 3) + && sc->packet[2] == ((data & 0x20) << 2) + && (data ^ (sc->packet[0] & 0x30)) == 0x36 + ? 0 : -1); + } + return (-1); + } + return (0); } void @@ -2474,7 +2515,7 @@ pms_proc_elantech_v4(struct pms_softc *s int id, weight, n, x, y, z; u_int buttons, slots; - switch (sc->packet[3] & 0x1f) { + switch (elantech_packet_type(sc->packet[3])) { case ELANTECH_V4_PKT_STATUS: slots = elantech->mt_slots; elantech->mt_slots = sc->packet[1] & 0x1f; @@ -2509,8 +2550,17 @@ pms_proc_elantech_v4(struct pms_softc *s wsmouse_set(sc_wsmousedev, WSMOUSE_MT_REL_Y, y, id); wsmouse_set(sc_wsmousedev, WSMOUSE_MT_PRESSURE, z, id); } - break; + + case ELANTECH_PKT_TRACKPOINT: + if (sc->sc_dev_enable & PMS_DEV_SECONDARY) { + x = sc->packet[4] - 0x100 + (sc->packet[1] << 1); + y = sc->packet[5] - 0x100 +
Re: pfctl check if rdomain exists
On Sun, May 13, 2018 at 01:34:48AM +0200, Sebastian Benoit wrote: > when you add a pf rule with a "on rdomain n" with nonexisting rdomain n, > the load will fail with the error > > pfctl: DIOCADDRULE: Device busy > > with no information which rule caused the problem and no indication that the > problem is the rdomain . > > So lets check if the rdomain really exists when parsing the config. > > Also parsing doesnot have to stop when this occurs, we can go on and > stop before actually loading the config and that way parse the complete > pf.conf and find more errors. Same goes for the rdomain range check, remove > YYERROR there too. > > ok? OK bluhm@ > > /Benno > > (benno_pfctl_rdomain_check.diff) > > diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y > index fba07e2ea43..08797ebaabc 100644 > --- sbin/pfctl/parse.y > +++ sbin/pfctl/parse.y > @@ -30,6 +30,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -389,6 +390,7 @@ intinvalid_redirect(struct node_host *, > sa_family_t); > u_int16_t parseicmpspec(char *, sa_family_t); > int kw_casecmp(const void *, const void *); > int map_tos(char *string, int *); > +int rdomain_exists(u_int); > > TAILQ_HEAD(loadanchorshead, loadanchors) > loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead); > @@ -2561,10 +2563,11 @@ if_item : STRING > { > $$->tail = $$; > } > | RDOMAIN NUMBER{ > - if ($2 < 0 || $2 > RT_TABLEID_MAX) { > - yyerror("rdomain outside range"); > - YYERROR; > - } > + if ($2 < 0 || $2 > RT_TABLEID_MAX) > + yyerror("rdomain %lld outside range", $2); > + if (rdomain_exists($2) != 1) > + yyerror("rdomain %lld does not exist", $2); > + > $$ = calloc(1, sizeof(struct node_if)); > if ($$ == NULL) > err(1, "if_item: calloc"); > @@ -5950,3 +5953,35 @@ map_tos(char *s, int *val) > } > return (0); > } > + > +int > +rdomain_exists(u_int rdomain) > +{ > + size_t len; > + struct rt_tableinfo info; > + int mib[6]; > + static u_int found[RT_TABLEID_MAX]; > + > + if (found[rdomain] == 1) > + return (1); > + > + mib[0] = CTL_NET; > + mib[1] = PF_ROUTE; > + mib[2] = 0; > + mib[3] = 0; > + mib[4] = NET_RT_TABLE; > + mib[5] = rdomain; > + > + len = sizeof(info); > + if (sysctl(mib, 6, , , NULL, 0) == -1) { > + if (errno == ENOENT) > + /* table nonexistent */ > + return (0); > + err(1, "sysctl"); > + } > + if (info.rti_domainid == rdomain) { > + found[rdomain] = 1; > + return (1); > + } > + return (0); > +}
const for PEM_write{,_bio}()
Add const to the 'name', 'header' and 'data' arguments of PEM_write(3) and PEM_write_bio(3). Tested in sthen's bulk with no fallout. Index: lib/libcrypto/pem/pem.h === RCS file: /var/cvs/src/lib/libcrypto/pem/pem.h,v retrieving revision 1.17 diff -u -p -r1.17 pem.h --- lib/libcrypto/pem/pem.h 4 Sep 2016 16:22:54 - 1.17 +++ lib/libcrypto/pem/pem.h 13 May 2018 07:13:43 - @@ -385,8 +385,8 @@ int PEM_do_header (EVP_CIPHER_INFO *ciph #ifndef OPENSSL_NO_BIO intPEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, long *len); -intPEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data, - long len); +intPEM_write_bio(BIO *bp, const char *name, const char *hdr, + const unsigned char *data, long len); intPEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, pem_password_cb *cb, void *u); void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, @@ -403,8 +403,8 @@ int PEM_X509_INFO_write_bio(BIO *bp, X50 intPEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); -intPEM_write(FILE *fp, char *name, char *hdr, unsigned char *data, - long len); +intPEM_write(FILE *fp, const char *name, const char *hdr, + const unsigned char *data, long len); void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u); intPEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, Index: lib/libcrypto/pem/pem_lib.c === RCS file: /var/cvs/src/lib/libcrypto/pem/pem_lib.c,v retrieving revision 1.46 diff -u -p -r1.46 pem_lib.c --- lib/libcrypto/pem/pem_lib.c 14 Apr 2018 07:09:21 - 1.46 +++ lib/libcrypto/pem/pem_lib.c 13 May 2018 07:13:43 - @@ -564,7 +564,8 @@ load_iv(char **fromp, unsigned char *to, } int -PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len) +PEM_write(FILE *fp, const char *name, const char *header, +const unsigned char *data, long len) { BIO *b; int ret; @@ -580,8 +581,8 @@ PEM_write(FILE *fp, char *name, char *he } int -PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, -long len) +PEM_write_bio(BIO *bp, const char *name, const char *header, +const unsigned char *data, long len) { int nlen, n, i, j, outl; unsigned char *buf = NULL;
const for OCSP_*
This adds const qualifiers to the OCSP_* functions and a handful of X509{,v3}_* functions as needed to make this work. Completely straightforward. Tested in sthen's bulk with no fallout. Index: lib/libcrypto/ocsp/ocsp.h === RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp.h,v retrieving revision 1.12 diff -u -p -r1.12 ocsp.h --- lib/libcrypto/ocsp/ocsp.h 17 Mar 2018 14:44:34 - 1.12 +++ lib/libcrypto/ocsp/ocsp.h 13 May 2018 06:53:20 - @@ -383,8 +383,8 @@ typedef struct ocsp_service_locator_st { OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id); -OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); -OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, +OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req); +OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline); intOCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); @@ -394,8 +394,8 @@ int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); -OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, - ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber); +OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName, + const ASN1_BIT_STRING* issuerKey, const ASN1_INTEGER *serialNumber); OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); @@ -428,8 +428,8 @@ int OCSP_check_validity(ASN1_GENERALIZED intOCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags); -intOCSP_parse_url(char *url, char **phost, char **pport, char **ppath, - int *pssl); +intOCSP_parse_url(const char *url, char **phost, char **pport, + char **ppath, int *pssl); intOCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b); intOCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b); @@ -449,17 +449,17 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP intOCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags); -X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); +X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim); X509_EXTENSION *OCSP_accept_responses_new(char **oids); X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); -X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); +X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls); intOCSP_REQUEST_get_ext_count(OCSP_REQUEST *x); intOCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos); -intOCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, +intOCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj, int lastpos); intOCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos); @@ -472,7 +472,7 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x intOCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x); intOCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos); -intOCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, +intOCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos); intOCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos); X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc); @@ -484,7 +484,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, intOCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x); intOCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos); -intOCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, +intOCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj, int lastpos); intOCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos); @@ -499,8 +499,8 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRES intOCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x); intOCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos); -intOCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, - int lastpos); +intOCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, + const ASN1_OBJECT *obj, int lastpos); intOCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos); X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc); Index: lib/libcrypto/ocsp/ocsp_ext.c === RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp_ext.c,v retrieving revision 1.15 diff -u -p -r1.15 ocsp_ext.c --- lib/libcrypto/ocsp/ocsp_ext.c 27 Dec 2016 16:01:19 - 1.15 +++