Re: vmd send nameserver only once
On Wed, Aug 15, 2018 at 03:43:06PM +0200, Martijn van Duren wrote: > When running vmd with a local interface it sends the nameservers twice, > which seems a bit redundant to me and always annoys me when editing > resolv.conf manually inside the vm. > Diff below removes one of the two instances. > > OK? Ok ccardenas@ > > martijn@ > > Index: dhcp.c > === > RCS file: /cvs/src/usr.sbin/vmd/dhcp.c,v > retrieving revision 1.4 > diff -u -p -r1.4 dhcp.c > --- dhcp.c5 Nov 2017 20:01:09 - 1.4 > +++ dhcp.c15 Aug 2018 13:41:24 - > @@ -189,11 +189,6 @@ dhcp_request(struct vionet_dev *dev, cha > o += sizeof(server_addr); > } > > - resp.options[o++] = DHO_DOMAIN_NAME_SERVERS; > - resp.options[o++] = sizeof(server_addr); > - memcpy([o], _addr, sizeof(server_addr)); > - o += sizeof(server_addr); > - > resp.options[o++] = DHO_SUBNET_MASK; > resp.options[o++] = sizeof(mask); > mask.s_addr = htonl(0xfffe); >
Re: php 5.6 and php 7 using php-fpm ?
That hit the spot. Thanks! 2018-08-16 18:57 GMT-03:00 Stuart Henderson : > To run the two versions concurrently, use the rc.conf.local flags variables > (php56_fpm_flags/php70_fpm_flags) to give them different config files (-y > /path/to/fpm.conf). > > -- > Sent from a phone, apologies for poor formatting. > > > On 16 August 2018 22:09:57 "Elias M. Mariani" > wrote: > >> Hi, >> Somebody knows how to set up 2 different socks, one with php56 and >> another with php70 ? >> Yo can just run >> rcctl start php56_fpm php70_fpm >> Because they would use the same fpm.sock. >> And this is configured in /etc/php-fpm.conf, I did not found another >> place to configure this. >> >> Cheers. >> Elias. > > > >
Re: ubcmtp: fix multi-finger on type4 devices, pass in proper pressure
Hi Joshua,
this patch breaks ubcmtp on the MacBook Pro 8.2. There is no problem
with the padding, but the pressure value is always 0, and wsmouse
doesn't register any touches. I believe only type4 models fill the
'pressure' field. At least for now, it's better to use the width
value (touch_major) as substitute for pressure (hidmt already does
this). In case we add to wsmouse or wstpad some mechanism for palm/
thumb detection based on thresholds, this would work as well.
So I would prefer:
+ sc->frame[contacts].pressure =
+ (int16_t)letoh16(finger->touch_major);
Moreover, it shouldn't be necessary to set the PRESSURE_LO/PRESSURE_HI
parameters in ubcmtp. Only touchpads that are too sensitive need
them (if they are set, wsmouse ignores touches with lower pressure).
ok bru@ for the padding part
On 08/16/2018 04:51 AM, joshua stein wrote:
> Type 4 devices like the MacBookPro12,1 have extra padding in between
> each chunk of finger data that needs to be skipped, otherwise the
> offset will be wrong and each additional finger will read as static
> coordinates. This must have been overlooked when it was added to
> the driver in 2015 since the first finger of data always read
> properly.
>
> Also, we can now pass in the actual pressure data instead of having
> to use a constant value just to make the synaptics driver happy
> since we now have wstpad. The per-type min/max pressure values can
> also be passed in when calling wsmouse_configure.
>
> Tested on the 2015 MacBook Pro. Tests on other Apple devices would
> be appreciated.
>
>
> Index: sys/dev/usb/ubcmtp.c
> ===
> RCS file: /cvs/src/sys/dev/usb/ubcmtp.c,v
> retrieving revision 1.18
> diff -u -p -u -p -r1.18 ubcmtp.c
> --- sys/dev/usb/ubcmtp.c 30 Jul 2018 15:56:30 - 1.18
> +++ sys/dev/usb/ubcmtp.c 16 Aug 2018 02:42:11 -
> @@ -118,6 +118,7 @@ struct ubcmtp_finger {
> #define UBCMTP_TYPE4_TPLEN UBCMTP_TYPE4_TPOFF + UBCMTP_ALL_FINGER_SIZE
> #define UBCMTP_TYPE4_TPIFACE 2
> #define UBCMTP_TYPE4_BTOFF 31
> +#define UBCMTP_TYPE4_FINGERPAD (1 * sizeof(uint16_t))
>
> #define UBCMTP_FINGER_ORIENT 16384
> #define UBCMTP_SN_PRESSURE 45
> @@ -128,9 +129,6 @@ struct ubcmtp_finger {
> /* Identify clickpads in ubcmtp_configure. */
> #define IS_CLICKPAD(ubcmtp_type) (ubcmtp_type != UBCMTP_TYPE1)
>
> -/* Use a constant, synaptics-compatible pressure value for now. */
> -#define DEFAULT_PRESSURE 40
> -
> struct ubcmtp_limit {
> int limit;
> int min;
> @@ -337,6 +335,7 @@ struct ubcmtp_softc {
> int sc_tp_epaddr; /* endpoint addr */
> int tp_maxlen; /* max size of tp data */
> int tp_offset; /* finger offset into data */
> + int tp_fingerpad; /* padding between finger data
> */
> uint8_t *tp_pkt;
>
> int bt_ifacenum;/* button interface number */
> @@ -425,6 +424,7 @@ ubcmtp_attach(struct device *parent, str
>
> sc->sc_udev = uaa->device;
> sc->sc_status = 0;
> + sc->tp_fingerpad = 0;
>
> if ((udd = usbd_get_device_descriptor(dev)) == NULL) {
> printf("ubcmtp: failed getting device descriptor\n");
> @@ -478,6 +478,7 @@ ubcmtp_attach(struct device *parent, str
> sc->tp_maxlen = UBCMTP_TYPE4_TPLEN;
> sc->tp_offset = UBCMTP_TYPE4_TPOFF;
> sc->tp_ifacenum = UBCMTP_TYPE4_TPIFACE;
> + sc->tp_fingerpad = UBCMTP_TYPE4_FINGERPAD;
> break;
> }
>
> @@ -520,6 +521,10 @@ int
> ubcmtp_configure(struct ubcmtp_softc *sc)
> {
> struct wsmousehw *hw = wsmouse_get_hw(sc->sc_wsmousedev);
> + struct wsmouse_param params[] = {
> + { WSMOUSECFG_PRESSURE_LO, sc->dev_type->l_pressure.min },
> + { WSMOUSECFG_PRESSURE_HI, sc->dev_type->l_pressure.max },
> + };
>
> hw->type = WSMOUSE_TYPE_TOUCHPAD;
> hw->hw_type = (IS_CLICKPAD(sc->dev_type->type)
> @@ -531,7 +536,7 @@ ubcmtp_configure(struct ubcmtp_softc *sc
> hw->mt_slots = UBCMTP_MAX_FINGERS;
> hw->flags = WSMOUSEHW_MT_TRACKING;
>
> - return wsmouse_configure(sc->sc_wsmousedev, NULL, 0);
> + return wsmouse_configure(sc->sc_wsmousedev, params, 0);
> }
>
> int
> @@ -793,9 +798,9 @@ void
> ubcmtp_tp_intr(struct usbd_xfer *xfer, void *priv, usbd_status status)
> {
> struct ubcmtp_softc *sc = priv;
> - struct ubcmtp_finger *pkt;
> + struct ubcmtp_finger *finger;
> u_int32_t pktlen;
> - int i, s, btn, contacts, fingers;
> + int off, s, btn, contacts = 0;
>
> if (usbd_is_dying(sc->sc_udev) || !(sc->sc_status & UBCMTP_ENABLED))
> return;
> @@ -816,16 +821,19 @@ ubcmtp_tp_intr(struct usbd_xfer *xfer, v
> if (sc->tp_pkt == NULL || pktlen < sc->tp_offset)
>
Re: php 5.6 and php 7 using php-fpm ?
To run the two versions concurrently, use the rc.conf.local flags variables (php56_fpm_flags/php70_fpm_flags) to give them different config files (-y /path/to/fpm.conf). -- Sent from a phone, apologies for poor formatting. On 16 August 2018 22:09:57 "Elias M. Mariani" wrote: Hi, Somebody knows how to set up 2 different socks, one with php56 and another with php70 ? Yo can just run rcctl start php56_fpm php70_fpm Because they would use the same fpm.sock. And this is configured in /etc/php-fpm.conf, I did not found another place to configure this. Cheers. Elias.
PCI segment support for ACPI
So the 24-core arm64 machine I have now contains two PCI host bridges.
And since this isn't a PeeCee those are exposed as two separate PCI
"segments". This means I need to add support for muliple segments to
the ACPI code. The diff does this by adding a segment argument to the
pci_mcfg_init() function and introducing a new pci_lookup_segment()
function. For amd64 and i386 I continue to assume that there is only
a segment zero. On those platforms ACPI should never use additional
segments unless we explicitly tell it that we support it (which we
don't do). A lookup of a non-zero segment will trigger a KASSERT.
For arm64 I still only support segment zero, but a lookup of other
segments will not trigger a panic. Instead I return a "dummy" PCI
chipset tag that returns 0xfff for all config space reads and
ignores all config space writes.
I will implement true multi-segment support for arm64 in a follow-up
diff.
ok?
Index: arch/amd64/amd64/acpi_machdep.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/acpi_machdep.c,v
retrieving revision 1.84
diff -u -p -r1.84 acpi_machdep.c
--- arch/amd64/amd64/acpi_machdep.c 4 Jul 2018 20:46:21 - 1.84
+++ arch/amd64/amd64/acpi_machdep.c 16 Aug 2018 21:02:48 -
@@ -97,7 +97,6 @@ acpi_attach(struct device *parent, struc
sc->sc_iot = ba->ba_iot;
sc->sc_memt = ba->ba_memt;
sc->sc_dmat = _bus_dma_tag;
- sc->sc_pc = NULL; /* Legacy 0xcf8/0xcfc access mechanism */
acpi_attach_common(sc, ba->ba_acpipbase);
}
Index: arch/amd64/include/pci_machdep.h
===
RCS file: /cvs/src/sys/arch/amd64/include/pci_machdep.h,v
retrieving revision 1.26
diff -u -p -r1.26 pci_machdep.h
--- arch/amd64/include/pci_machdep.h4 Jul 2018 20:46:22 - 1.26
+++ arch/amd64/include/pci_machdep.h16 Aug 2018 21:02:48 -
@@ -95,7 +95,8 @@ void pci_dev_postattach(struct device
pcireg_t pci_min_powerstate(pci_chipset_tag_t, pcitag_t);
void pci_set_powerstate_md(pci_chipset_tag_t, pcitag_t, int, int);
-pci_chipset_tag_t pci_mcfg_init(bus_space_tag_t, bus_addr_t, int, int);
+void pci_mcfg_init(bus_space_tag_t, bus_addr_t, int, int, int);
+pci_chipset_tag_t pci_lookup_segment(int);
/*
* ALL OF THE FOLLOWING ARE MACHINE-DEPENDENT, AND SHOULD NOT BE USED
Index: arch/amd64/pci/pci_machdep.c
===
RCS file: /cvs/src/sys/arch/amd64/pci/pci_machdep.c,v
retrieving revision 1.68
diff -u -p -r1.68 pci_machdep.c
--- arch/amd64/pci/pci_machdep.c4 Jul 2018 20:46:22 - 1.68
+++ arch/amd64/pci/pci_machdep.c16 Aug 2018 21:02:48 -
@@ -140,14 +140,22 @@ struct bus_dma_tag pci_bus_dma_tag = {
_bus_dmamem_mmap,
};
-pci_chipset_tag_t
-pci_mcfg_init(bus_space_tag_t iot, bus_addr_t addr, int min_bus, int max_bus)
+void
+pci_mcfg_init(bus_space_tag_t iot, bus_addr_t addr, int segment,
+int min_bus, int max_bus)
{
- pci_mcfgt = iot;
- pci_mcfg_addr = addr;
- pci_mcfg_min_bus = min_bus;
- pci_mcfg_max_bus = max_bus;
+ if (segment == 0) {
+ pci_mcfgt = iot;
+ pci_mcfg_addr = addr;
+ pci_mcfg_min_bus = min_bus;
+ pci_mcfg_max_bus = max_bus;
+ }
+}
+pci_chipset_tag_t
+pci_lookup_segment(int segment)
+{
+ KASSERT(segment == 0);
return NULL;
}
Index: arch/arm64/dev/acpipci.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/acpipci.c,v
retrieving revision 1.6
diff -u -p -r1.6 acpipci.c
--- arch/arm64/dev/acpipci.c11 Aug 2018 22:47:27 - 1.6
+++ arch/arm64/dev/acpipci.c16 Aug 2018 21:02:48 -
@@ -567,11 +567,15 @@ pci_mcfg_conf_write(void *v, pcitag_t ta
bus_space_write_4(pci_mcfgt, pci_mcfgh, tag | reg, data);
}
-pci_chipset_tag_t
-pci_mcfg_init(bus_space_tag_t iot, bus_addr_t addr, int min_bus, int max_bus)
+void
+pci_mcfg_init(bus_space_tag_t iot, bus_addr_t addr, int segment,
+int min_bus, int max_bus)
{
pci_chipset_tag_t pc = _mcfg_chipset;
+ if (segment != 0)
+ return;
+
pci_mcfgt = iot;
pci_mcfg_addr = addr;
pci_mcfg_min_bus = min_bus;
@@ -588,8 +592,35 @@ pci_mcfg_init(bus_space_tag_t iot, bus_a
pc->pc_conf_size = acpipci_conf_size;
pc->pc_conf_read = pci_mcfg_conf_read;
pc->pc_conf_write = pci_mcfg_conf_write;
+}
+
+pcireg_t
+pci_dummy_conf_read(void *v, pcitag_t tag, int reg)
+{
+ return 0x;
+}
+
+void
+pci_dummy_conf_write(void *v, pcitag_t tag, int reg, pcireg_t data)
+{
+}
+
+struct arm64_pci_chipset pci_dummy_chipset = {
+ .pc_bus_maxdevs = acpipci_bus_maxdevs,
+ .pc_make_tag = acpipci_make_tag,
+ .pc_decompose_tag = acpipci_decompose_tag,
+ .pc_conf_size =
php 5.6 and php 7 using php-fpm ?
Hi, Somebody knows how to set up 2 different socks, one with php56 and another with php70 ? Yo can just run rcctl start php56_fpm php70_fpm Because they would use the same fpm.sock. And this is configured in /etc/php-fpm.conf, I did not found another place to configure this. Cheers. Elias.
Re: pflogd unveil
On Thu, Aug 16, 2018 at 04:28:03PM -0400, Bryan Steele wrote:
> On Thu, Aug 16, 2018 at 04:20:54PM -0400, Bryan Steele wrote:
> > This adds unveil to pflogd(8)
> >
> > pflogd(8) is a special case, residing in /sbin, it's a static PIE. As
> > such, I thought it might be worth experimenting with execpromises here.
> > This allows re-exec after privdrop, and removes chroot(2) in favour of
> > only unveil(2) and pledge(2). I've left the code there for now just in
> > case portability is a concern.
>
> Please ignore this diff for now.
>
> > The privileged part of pflogd(8) is now disallowed from accessing most
> > of the filesystem, veiled except for read-only opening of /dev/bpf, and
> > rwc for the log file, typically /var/log/pflog. This process cannot yet
> > pledge(2), so special care is needed to make sure no library functions
> > called use files permitted by certain pledges.
> >
> > The unprivileged part already runs pledged "stdio recvfd"
> >
> > This includes the diff I sent previously, I'd like to commit that part
> > separately, any oks on that one?
> >
> > https://marc.info/?l=openbsd-tech=153347271628532=2
> >
> > Also, ok for this? ;-)
> >
> > -Bryan.
Sorry about that. New diff.
Index: pflogd.8
===
RCS file: /cvs/src/sbin/pflogd/pflogd.8,v
retrieving revision 1.49
diff -u -p -u -r1.49 pflogd.8
--- sbin/pflogd/pflogd.830 May 2017 17:15:06 - 1.49
+++ sbin/pflogd/pflogd.816 Aug 2018 20:36:11 -
@@ -86,9 +86,8 @@ temporarily uses the old snaplen to keep
tries to preserve the integrity of the log file against I/O errors.
Furthermore, integrity of an existing log file is verified before
appending.
-If there is an invalid log file or an I/O error, the log file is moved
-out of the way and a new one is created.
-If a new file cannot be created, logging is suspended until a
+If there is an invalid log file or an I/O error, logging is suspended
+until a
.Dv SIGHUP
or a
.Dv SIGALRM
Index: pflogd.c
===
RCS file: /cvs/src/sbin/pflogd/pflogd.c,v
retrieving revision 1.58
diff -u -p -u -r1.58 pflogd.c
--- sbin/pflogd/pflogd.c9 Sep 2017 13:02:52 - 1.58
+++ sbin/pflogd/pflogd.c16 Aug 2018 20:36:11 -
@@ -75,7 +75,7 @@ int flush_buffer(FILE *);
int if_exists(char *);
void logmsg(int, const char *, ...);
void purge_buffer(void);
-int reset_dump(int);
+int reset_dump(void);
int scan_dump(FILE *, off_t);
int set_snaplen(int);
void set_suspended(int);
@@ -84,8 +84,6 @@ void sig_close(int);
void sig_hup(int);
void usage(void);
-static int try_reset_dump(int);
-
/* buffer must always be greater than snaplen */
static intbufpkt = 0; /* number of packets in buffer */
static intbuflen = 0; /* allocated size of buffer */
@@ -199,6 +197,11 @@ if_exists(char *ifname)
int
init_pcap(void)
{
+ if (unveil("/dev/bpf", "r") == -1) {
+ logmsg(LOG_ERR, "unveil: %s", strerror(errno));
+ return (-1);
+ }
+
hpcap = pcap_open_live(interface, snaplen, 1, PCAP_TO_MS, errbuf);
if (hpcap == NULL) {
logmsg(LOG_ERR, "Failed to initialize: %s", errbuf);
@@ -220,6 +223,11 @@ init_pcap(void)
return (-1);
}
+ if (unveil(NULL, NULL) == -1) {
+ logmsg(LOG_ERR, "unveil: %s", strerror(errno));
+ return (-1);
+ }
+
return (0);
}
@@ -238,25 +246,7 @@ set_snaplen(int snap)
}
int
-reset_dump(int nomove)
-{
- int ret;
-
- for (;;) {
- ret = try_reset_dump(nomove);
- if (ret <= 0)
- break;
- }
-
- return (ret);
-}
-
-/*
- * tries to (re)open log file, nomove flag is used with -x switch
- * returns 0: success, 1: retry (log moved), -1: error
- */
-int
-try_reset_dump(int nomove)
+reset_dump(void)
{
struct pcap_file_header hdr;
struct stat st;
@@ -323,12 +313,9 @@ try_reset_dump(int nomove)
}
} else if (scan_dump(fp, st.st_size)) {
fclose(fp);
- if (nomove || priv_move_log()) {
- logmsg(LOG_ERR,
- "Invalid/incompatible log file, move it away");
- return (-1);
- }
- return (1);
+ logmsg(LOG_ERR,
+ "Invalid/incompatible log file, move it away");
+ return (-1);
}
dpcap = fp;
@@ -641,7 +628,7 @@ main(int argc, char **argv)
bufpkt = 0;
}
- if (reset_dump(Xflag) < 0) {
+ if (reset_dump() < 0) {
if (Xflag)
return (1);
@@ -666,10 +653,14 @@ main(int argc, char **argv)
if (gotsig_close)
break;
if (gotsig_hup) {
-
Re: pflogd unveil
Bryan Steele wrote: > The privileged part of pflogd(8) is now disallowed from accessing most > of the filesystem, veiled except for read-only opening of /dev/bpf, and > rwc for the log file, typically /var/log/pflog. This process cannot yet > pledge(2), so special care is needed to make sure no library functions > called use files permitted by certain pledges. I'd like to bring attention to this last sentence, and explain it better. unveil and pledge have much in common behaviourwise, but there is a a subtle difference to keep in mind. pledge is a fail-closed technology. If you do a system call (or subset of a system call) which is not permitted, you get killed. unveil isn't the same, it provides fail-closed behaviour for the filesystem objects, but that means it returns an error which is really fail-open behaviour for the program. Meaning, if you access a file which is not permitted, it will not exist. An error is returned for the application code to handle. Now take a moment to consider code in programs (or more specifically -- in libraries). If a file doesn't exist, many cases simply carry on. A detail they were trying to learn from that file isn't known to the program, but it carries on best-effort. The program continues on working, except for that subset of functionality is now broken.. This happened with the unveil of un-pledged ifconfig. The /etc/hosts file wasn't in view. Normally pledge "dns" would whitelist that file, but we cannot use pledge in ifconfig due to the vast range of ioctl requests. Therefore, /etc/hosts was "disappeared". Functionality of ifconfig was broken somewhat silently, and it took a few days to notice it and repair it, by explicitly whitelisting the required files. So please be more careful with unveil -- you don't get a nice crash. You have to understand the program's needs.
Re: pflogd unveil
On Thu, Aug 16, 2018 at 04:20:54PM -0400, Bryan Steele wrote:
> This adds unveil to pflogd(8)
>
> pflogd(8) is a special case, residing in /sbin, it's a static PIE. As
> such, I thought it might be worth experimenting with execpromises here.
> This allows re-exec after privdrop, and removes chroot(2) in favour of
> only unveil(2) and pledge(2). I've left the code there for now just in
> case portability is a concern.
Please ignore this diff for now.
> The privileged part of pflogd(8) is now disallowed from accessing most
> of the filesystem, veiled except for read-only opening of /dev/bpf, and
> rwc for the log file, typically /var/log/pflog. This process cannot yet
> pledge(2), so special care is needed to make sure no library functions
> called use files permitted by certain pledges.
>
> The unprivileged part already runs pledged "stdio recvfd"
>
> This includes the diff I sent previously, I'd like to commit that part
> separately, any oks on that one?
>
> https://marc.info/?l=openbsd-tech=153347271628532=2
>
> Also, ok for this? ;-)
>
> -Bryan.
>
> Index: pflogd.8
> ===
> RCS file: /cvs/src/sbin/pflogd/pflogd.8,v
> retrieving revision 1.49
> diff -u -p -u -r1.49 pflogd.8
> --- sbin/pflogd/pflogd.8 30 May 2017 17:15:06 - 1.49
> +++ sbin/pflogd/pflogd.8 16 Aug 2018 20:05:12 -
> @@ -86,9 +86,8 @@ temporarily uses the old snaplen to keep
> tries to preserve the integrity of the log file against I/O errors.
> Furthermore, integrity of an existing log file is verified before
> appending.
> -If there is an invalid log file or an I/O error, the log file is moved
> -out of the way and a new one is created.
> -If a new file cannot be created, logging is suspended until a
> +If there is an invalid log file or an I/O error, logging is suspended
> +until a
> .Dv SIGHUP
> or a
> .Dv SIGALRM
> Index: pflogd.c
> ===
> RCS file: /cvs/src/sbin/pflogd/pflogd.c,v
> retrieving revision 1.58
> diff -u -p -u -r1.58 pflogd.c
> --- sbin/pflogd/pflogd.c 9 Sep 2017 13:02:52 - 1.58
> +++ sbin/pflogd/pflogd.c 16 Aug 2018 20:05:12 -
> @@ -75,7 +75,7 @@ int flush_buffer(FILE *);
> int if_exists(char *);
> void logmsg(int, const char *, ...);
> void purge_buffer(void);
> -int reset_dump(int);
> +int reset_dump(void);
> int scan_dump(FILE *, off_t);
> int set_snaplen(int);
> void set_suspended(int);
> @@ -84,8 +84,6 @@ void sig_close(int);
> void sig_hup(int);
> void usage(void);
>
> -static int try_reset_dump(int);
> -
> /* buffer must always be greater than snaplen */
> static intbufpkt = 0;/* number of packets in buffer */
> static intbuflen = 0;/* allocated size of buffer */
> @@ -199,6 +197,11 @@ if_exists(char *ifname)
> int
> init_pcap(void)
> {
> + if (unveil("/dev/bpf", "r") == -1) {
> + logmsg(LOG_ERR, "unveil: %s", strerror(errno));
> + return (-1);
> + }
> +
> hpcap = pcap_open_live(interface, snaplen, 1, PCAP_TO_MS, errbuf);
> if (hpcap == NULL) {
> logmsg(LOG_ERR, "Failed to initialize: %s", errbuf);
> @@ -220,6 +223,11 @@ init_pcap(void)
> return (-1);
> }
>
> + if (unveil(NULL, NULL) == -1) {
> + logmsg(LOG_ERR, "unveil: %s", strerror(errno));
> + return (-1);
> + }
> +
> return (0);
> }
>
> @@ -238,25 +246,7 @@ set_snaplen(int snap)
> }
>
> int
> -reset_dump(int nomove)
> -{
> - int ret;
> -
> - for (;;) {
> - ret = try_reset_dump(nomove);
> - if (ret <= 0)
> - break;
> - }
> -
> - return (ret);
> -}
> -
> -/*
> - * tries to (re)open log file, nomove flag is used with -x switch
> - * returns 0: success, 1: retry (log moved), -1: error
> - */
> -int
> -try_reset_dump(int nomove)
> +reset_dump(void)
> {
> struct pcap_file_header hdr;
> struct stat st;
> @@ -323,12 +313,9 @@ try_reset_dump(int nomove)
> }
> } else if (scan_dump(fp, st.st_size)) {
> fclose(fp);
> - if (nomove || priv_move_log()) {
> - logmsg(LOG_ERR,
> - "Invalid/incompatible log file, move it away");
> - return (-1);
> - }
> - return (1);
> + logmsg(LOG_ERR,
> + "Invalid/incompatible log file, move it away");
> + return (-1);
> }
>
> dpcap = fp;
> @@ -641,7 +628,7 @@ main(int argc, char **argv)
> bufpkt = 0;
> }
>
> - if (reset_dump(Xflag) < 0) {
> + if (reset_dump() < 0) {
> if (Xflag)
> return (1);
>
> @@ -666,10 +653,14 @@ main(int argc, char **argv)
> if (gotsig_close)
> break;
> if (gotsig_hup) {
> -
pflogd unveil
This adds unveil to pflogd(8)
pflogd(8) is a special case, residing in /sbin, it's a static PIE. As
such, I thought it might be worth experimenting with execpromises here.
This allows re-exec after privdrop, and removes chroot(2) in favour of
only unveil(2) and pledge(2). I've left the code there for now just in
case portability is a concern.
The privileged part of pflogd(8) is now disallowed from accessing most
of the filesystem, veiled except for read-only opening of /dev/bpf, and
rwc for the log file, typically /var/log/pflog. This process cannot yet
pledge(2), so special care is needed to make sure no library functions
called use files permitted by certain pledges.
The unprivileged part already runs pledged "stdio recvfd"
This includes the diff I sent previously, I'd like to commit that part
separately, any oks on that one?
https://marc.info/?l=openbsd-tech=153347271628532=2
Also, ok for this? ;-)
-Bryan.
Index: pflogd.8
===
RCS file: /cvs/src/sbin/pflogd/pflogd.8,v
retrieving revision 1.49
diff -u -p -u -r1.49 pflogd.8
--- sbin/pflogd/pflogd.830 May 2017 17:15:06 - 1.49
+++ sbin/pflogd/pflogd.816 Aug 2018 20:05:12 -
@@ -86,9 +86,8 @@ temporarily uses the old snaplen to keep
tries to preserve the integrity of the log file against I/O errors.
Furthermore, integrity of an existing log file is verified before
appending.
-If there is an invalid log file or an I/O error, the log file is moved
-out of the way and a new one is created.
-If a new file cannot be created, logging is suspended until a
+If there is an invalid log file or an I/O error, logging is suspended
+until a
.Dv SIGHUP
or a
.Dv SIGALRM
Index: pflogd.c
===
RCS file: /cvs/src/sbin/pflogd/pflogd.c,v
retrieving revision 1.58
diff -u -p -u -r1.58 pflogd.c
--- sbin/pflogd/pflogd.c9 Sep 2017 13:02:52 - 1.58
+++ sbin/pflogd/pflogd.c16 Aug 2018 20:05:12 -
@@ -75,7 +75,7 @@ int flush_buffer(FILE *);
int if_exists(char *);
void logmsg(int, const char *, ...);
void purge_buffer(void);
-int reset_dump(int);
+int reset_dump(void);
int scan_dump(FILE *, off_t);
int set_snaplen(int);
void set_suspended(int);
@@ -84,8 +84,6 @@ void sig_close(int);
void sig_hup(int);
void usage(void);
-static int try_reset_dump(int);
-
/* buffer must always be greater than snaplen */
static intbufpkt = 0; /* number of packets in buffer */
static intbuflen = 0; /* allocated size of buffer */
@@ -199,6 +197,11 @@ if_exists(char *ifname)
int
init_pcap(void)
{
+ if (unveil("/dev/bpf", "r") == -1) {
+ logmsg(LOG_ERR, "unveil: %s", strerror(errno));
+ return (-1);
+ }
+
hpcap = pcap_open_live(interface, snaplen, 1, PCAP_TO_MS, errbuf);
if (hpcap == NULL) {
logmsg(LOG_ERR, "Failed to initialize: %s", errbuf);
@@ -220,6 +223,11 @@ init_pcap(void)
return (-1);
}
+ if (unveil(NULL, NULL) == -1) {
+ logmsg(LOG_ERR, "unveil: %s", strerror(errno));
+ return (-1);
+ }
+
return (0);
}
@@ -238,25 +246,7 @@ set_snaplen(int snap)
}
int
-reset_dump(int nomove)
-{
- int ret;
-
- for (;;) {
- ret = try_reset_dump(nomove);
- if (ret <= 0)
- break;
- }
-
- return (ret);
-}
-
-/*
- * tries to (re)open log file, nomove flag is used with -x switch
- * returns 0: success, 1: retry (log moved), -1: error
- */
-int
-try_reset_dump(int nomove)
+reset_dump(void)
{
struct pcap_file_header hdr;
struct stat st;
@@ -323,12 +313,9 @@ try_reset_dump(int nomove)
}
} else if (scan_dump(fp, st.st_size)) {
fclose(fp);
- if (nomove || priv_move_log()) {
- logmsg(LOG_ERR,
- "Invalid/incompatible log file, move it away");
- return (-1);
- }
- return (1);
+ logmsg(LOG_ERR,
+ "Invalid/incompatible log file, move it away");
+ return (-1);
}
dpcap = fp;
@@ -641,7 +628,7 @@ main(int argc, char **argv)
bufpkt = 0;
}
- if (reset_dump(Xflag) < 0) {
+ if (reset_dump() < 0) {
if (Xflag)
return (1);
@@ -666,10 +653,14 @@ main(int argc, char **argv)
if (gotsig_close)
break;
if (gotsig_hup) {
- if (reset_dump(0)) {
+ int was_suspended = suspended;
+ if (reset_dump()) {
logmsg(LOG_ERR,
"Logging suspended: open error");
set_suspended(1);
frag6_slowtimo: push netlock into frag6_freef
Hi,
short version: push the netlock from frag6_slowtimo into frag6_freef
around icmp6_error.
long version:
visa removed the netlock from frag6_slowtimo() entirely in frag6.c 1.79.
bluhm reintroduced it soon after, in 1.81, because of a lock assertion in
rt_match().
Although mpi removed *that* assertion from rt_match() in route.c 1.369, a
separate lock assertion remains in rtrequest(), and because the call chain
icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest
is, I think, possible, we still need the netlock around icmp6_error. So
the best we can do here is push it into frag6_freef() where you only need
it once per mbuf chain.
--
Discussed with bluhm/kn and tested by kn. Everything in the frag6
regress tests pass.
Thoughts? ok?
--
Scott Cheloha
Index: sys/netinet6/frag6.c
===
RCS file: /cvs/src/sys/netinet6/frag6.c,v
retrieving revision 1.82
diff -u -p -r1.82 frag6.c
--- sys/netinet6/frag6.c1 Feb 2018 21:11:33 - 1.82
+++ sys/netinet6/frag6.c16 Aug 2018 20:12:44 -
@@ -540,8 +540,10 @@ frag6_freef(struct ip6q *q6)
ip6->ip6_src = q6->ip6q_src;
ip6->ip6_dst = q6->ip6q_dst;
+ NET_LOCK();
icmp6_error(m, ICMP6_TIME_EXCEEDED,
ICMP6_TIME_EXCEED_REASSEMBLY, 0);
+ NET_UNLOCK();
} else
m_freem(m);
pool_put(_pool, af6);
@@ -599,12 +601,8 @@ frag6_slowtimo(void)
mtx_leave(_mutex);
- if (!TAILQ_EMPTY()) {
- NET_LOCK();
- while ((q6 = TAILQ_FIRST()) != NULL) {
- TAILQ_REMOVE(, q6, ip6q_queue);
- frag6_freef(q6);
- }
- NET_UNLOCK();
+ while ((q6 = TAILQ_FIRST()) != NULL) {
+ TAILQ_REMOVE(, q6, ip6q_queue);
+ frag6_freef(q6);
}
}
Using shift on external keyboards in softraid passphrases from efiboot
Hello all,
I haven't been able to type the passphrase of my softraid device on boot when
using an external keyboard on my Thinkpad X260. Finally I had some time to
debug this problem and this is what I discovered.
On a different laptop with EFI, the ReadKeyStroke call will not return a packet
when shift is pressed on the external keyboard. On the Thinkpad however, a
packet is returned with UnicodeChar == 0, which results in a wrong passphrase
being used.
This seems like a bug in the firmware to me, because according to some EFI
specifications I found online, this should not return a packet. I've attached a
simple patch that fixes this, but I'm not sure whether this might break things
on different systems.
--
Frank
Index: efiboot.c
===
RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efiboot.c,v
retrieving revision 1.30
diff -u -p -r1.30 efiboot.c
--- efiboot.c 6 Jul 2018 07:55:50 - 1.30
+++ efiboot.c 16 Aug 2018 19:44:50 -
@@ -494,7 +494,7 @@ efi_cons_getc(dev_t dev)
}
status = EFI_CALL(conin->ReadKeyStroke, conin, );
- while (status == EFI_NOT_READY) {
+ while (status == EFI_NOT_READY || key.UnicodeChar == 0) {
if (dev & 0x80)
return (0);
EFI_CALL(BS->WaitForEvent, 1, >WaitForKey, );
Re: Remove unused variable in usr.bin/openssl/apps.c
On Thu, Aug 16, 2018 at 05:56:47PM +0200, Ingo Schwarze wrote: [..] > this commit seems wrong to me. I agree. Thanks for paying attention, Ingo. This commit should be reverted. I think this is a bug that was introduced in r1.45 when free guards were removed, a few of them a bit too aggressively. One of the suspicious ones was already reverted, but his hunk has remained and should be reverted, too: @@ -2075,8 +2063,8 @@ policies_print(BIO *out, X509_STORE_CTX *ctx) nodes_print(out, "Authority", X509_policy_tree_get0_policies(tree)); nodes_print(out, "User", X509_policy_tree_get0_user_policies(tree)); - if (free_out) - BIO_free(out); + + BIO_free(out); }
Re: Remove unused variable in usr.bin/openssl/apps.c
Hi,
this commit seems wrong to me.
The function verify_callback() in the file s_cb.c
contains this code:
switch (err) {
/* ... */
case X509_V_ERR_NO_EXPLICIT_POLICY:
policies_print(bio_err, ctx);
break;
}
if (err == X509_V_OK && ok == 2)
policies_print(bio_err, ctx);
BIO_printf(bio_err, "verify return:%d\n", ok);
So if the "case" or the "if" should ever trigger, that's a flat-out
use after free, unless i'm missing something.
I'm not sure the "case" or "if" *can* ever trigger, but if they
cannot, than these two calls should be removed instead, along with
the bio_err argument of policies_print().
When looking at a compiler warning, do not just blindly silence
the warning, but investigate the root cause instead.
Yours,
Ingo
--
Izproti problemu, pirms risini problemu.
-- Stanislavs Aloizs Borbals (1907-2000)
Rob Pierce wrote on Thu, Aug 16, 2018 at 06:28:35AM -0400:
> On Thu, Aug 16, 2018 at 06:14:06PM +0800, Nan Xiao wrote:
>> Hi tech@,
>>
>> The `free_out' variable seems redundant, so this patch removes it:
>>
>> Index: apps.c
>> ===
>> RCS file: /cvs/src/usr.bin/openssl/apps.c,v
>> retrieving revision 1.47
>> diff -u -p -r1.47 apps.c
>> --- apps.c 7 Feb 2018 08:57:25 - 1.47
>> +++ apps.c 16 Aug 2018 09:18:43 -
>> @@ -2050,11 +2050,9 @@ policies_print(BIO *out, X509_STORE_CTX
>> {
>> X509_POLICY_TREE *tree;
>> int explicit_policy;
>> -int free_out = 0;
>>
>> if (out == NULL) {
>> out = BIO_new_fp(stderr, BIO_NOCLOSE);
>> -free_out = 1;
>> }
>> tree = X509_STORE_CTX_get0_policy_tree(ctx);
>> explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
> Committed. Thanks!
> Rob
Re: umsm(4) and umb(4) separate loading for the same composite USB modem device
On Thu, 16 Aug 2018 13:56:13 +0300 Denis wrote: > I can change AT!UDUSBCOMP modes for MC7304 and MC7455 I have in production. > > But how to make full dump of all the USB device descriptors for each > UDUSBCOMP mode? Can I make it by usbdevs - or how? Hi Denis, no that won't work. You could switch the module to each one of the supported modes and query the descriptors. Unfortunately, some of the modes are one way streets, i.e. for the offered APIs of the mode there is no known method to change it back again to some different mode (although I'm quite sure that Sierra Wireless knows how to do it). So to get that information, it's much easier to read the documentation: https://source.sierrawireless.com/resources/airprime/minicard/airprime_mc73xx_usb_driver_developers_guide/# (registration required). In chapter 3.1 "AirPrime MC73xx USB Interfaces" you'll find what you're looking for. Gerhard > > Denis > > On 8/15/2018 5:41 PM, Mark Kettenis wrote: > >> Date: Wed, 15 Aug 2018 09:56:50 +0100 > >> From: Stuart Henderson > >> > >> On 2018/08/14 18:43, Bryan Vyhmeister wrote: > >>> On Tue, Aug 14, 2018 at 05:53:43PM +0300, Denis wrote: > Most of modern modems have serial discipline ports and USB Mobile > Broadband Interface Model (MBIM) interface in some port compositions > simultaneously. It seems very useful to have different disciplines > supported by umsm(4) and umb(4) drivers on the same device. > > >>> > > Does it possible to have simultaneously operated AT + NMEA ports by > umsm(4)driver and MBIM interface by umb(4) driver on the same MC7304 > device in 6.3? > >>> > >>> What is the advantage in having a device attach to both umsm(4) and > >>> umb(4)? What are you trying to accomplish? The EM7455 worked perfectly > >>> with umb(4) until your previous umsm(4) diff and now it only attaches as > >>> umsm(4). Are you wanting to send SMS messages or something like that > >>> with your devices? > >>> > >>> Bryan > >>> > >> > >> Denis has a good point because umsm is needed for GPS and as you > >> suggest SMS. > >> > >> What determines which driver attaches when a device is supported by > >> multiple drivers? Perhaps the simplest option without more complex work > >> to support different interfaces on different drivers would be to have > >> the device attach to umb by default but attach to umsm instead if umb is > >> disabled in the kernel. Then at least a standard kernel could be used > >> with "disable umb" from boot config. > > > > The return value from the "match" function determines which driver > > attaches. The driver that returns the highest value wins. > > > > However, matching for USB devices is complicated. Drivers already use > > different return values (the UMATCH_* constants). On top of that > > drivers can claim a whole device or claim just a particular interface > > of a device. This requires some careful though to make sure the right > > driver attaches. > > > > What we really need is a full dump of the usb device descriptors, > > preferably in all the different UDUSBCOMP modes. > >
Re: umsm(4) and umb(4) separate loading for the same composite USB modem device
I can change AT!UDUSBCOMP modes for MC7304 and MC7455 I have in production. But how to make full dump of all the USB device descriptors for each UDUSBCOMP mode? Can I make it by usbdevs - or how? Denis On 8/15/2018 5:41 PM, Mark Kettenis wrote: >> Date: Wed, 15 Aug 2018 09:56:50 +0100 >> From: Stuart Henderson >> >> On 2018/08/14 18:43, Bryan Vyhmeister wrote: >>> On Tue, Aug 14, 2018 at 05:53:43PM +0300, Denis wrote: Most of modern modems have serial discipline ports and USB Mobile Broadband Interface Model (MBIM) interface in some port compositions simultaneously. It seems very useful to have different disciplines supported by umsm(4) and umb(4) drivers on the same device. >>> Does it possible to have simultaneously operated AT + NMEA ports by umsm(4)driver and MBIM interface by umb(4) driver on the same MC7304 device in 6.3? >>> >>> What is the advantage in having a device attach to both umsm(4) and >>> umb(4)? What are you trying to accomplish? The EM7455 worked perfectly >>> with umb(4) until your previous umsm(4) diff and now it only attaches as >>> umsm(4). Are you wanting to send SMS messages or something like that >>> with your devices? >>> >>> Bryan >>> >> >> Denis has a good point because umsm is needed for GPS and as you >> suggest SMS. >> >> What determines which driver attaches when a device is supported by >> multiple drivers? Perhaps the simplest option without more complex work >> to support different interfaces on different drivers would be to have >> the device attach to umb by default but attach to umsm instead if umb is >> disabled in the kernel. Then at least a standard kernel could be used >> with "disable umb" from boot config. > > The return value from the "match" function determines which driver > attaches. The driver that returns the highest value wins. > > However, matching for USB devices is complicated. Drivers already use > different return values (the UMATCH_* constants). On top of that > drivers can claim a whole device or claim just a particular interface > of a device. This requires some careful though to make sure the right > driver attaches. > > What we really need is a full dump of the usb device descriptors, > preferably in all the different UDUSBCOMP modes. >
Re: Remove unused variable in usr.bin/openssl/apps.c
On Thu, Aug 16, 2018 at 06:14:06PM +0800, Nan Xiao wrote:
> Hi tech@,
>
> The `free_out' variable seems redundant, so this patch removes it:
>
> Index: apps.c
> ===
> RCS file: /cvs/src/usr.bin/openssl/apps.c,v
> retrieving revision 1.47
> diff -u -p -r1.47 apps.c
> --- apps.c7 Feb 2018 08:57:25 - 1.47
> +++ apps.c16 Aug 2018 09:18:43 -
> @@ -2050,11 +2050,9 @@ policies_print(BIO *out, X509_STORE_CTX
> {
> X509_POLICY_TREE *tree;
> int explicit_policy;
> - int free_out = 0;
>
> if (out == NULL) {
> out = BIO_new_fp(stderr, BIO_NOCLOSE);
> - free_out = 1;
> }
> tree = X509_STORE_CTX_get0_policy_tree(ctx);
> explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
>
> --
> Best Regards
> Nan Xiao
Committed. Thanks!
Rob
Remove unused variable in usr.bin/openssl/apps.c
Hi tech@,
The `free_out' variable seems redundant, so this patch removes it:
Index: apps.c
===
RCS file: /cvs/src/usr.bin/openssl/apps.c,v
retrieving revision 1.47
diff -u -p -r1.47 apps.c
--- apps.c 7 Feb 2018 08:57:25 - 1.47
+++ apps.c 16 Aug 2018 09:18:43 -
@@ -2050,11 +2050,9 @@ policies_print(BIO *out, X509_STORE_CTX
{
X509_POLICY_TREE *tree;
int explicit_policy;
- int free_out = 0;
if (out == NULL) {
out = BIO_new_fp(stderr, BIO_NOCLOSE);
- free_out = 1;
}
tree = X509_STORE_CTX_get0_policy_tree(ctx);
explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
--
Best Regards
Nan Xiao
Re: [PATCH] qcow2 disk format
Updated style from feedback from off-list. Also added checks and
erroring for incompatible extensions.
---
usr.sbin/vmd/Makefile | 2 +-
usr.sbin/vmd/vioqcow2.c| 546 +
usr.sbin/vmd/vioqcow2.h| 6 +
usr.sbin/vmd/vioscribble.c | 143 ++
usr.sbin/vmd/virtio.c | 10 +-
5 files changed, 703 insertions(+), 4 deletions(-)
create mode 100644 usr.sbin/vmd/vioqcow2.c
create mode 100644 usr.sbin/vmd/vioqcow2.h
create mode 100644 usr.sbin/vmd/vioscribble.c
diff --git usr.sbin/vmd/Makefile usr.sbin/vmd/Makefile
index 24c1d1b1d4a..b6db6c782d6 100644
--- usr.sbin/vmd/Makefile
+++ usr.sbin/vmd/Makefile
@@ -6,7 +6,7 @@ PROG= vmd
SRCS= vmd.c control.c log.c priv.c proc.c config.c vmm.c
SRCS+= vm.c loadfile_elf.c pci.c virtio.c i8259.c mc146818.c
SRCS+= ns8250.c i8253.c vmboot.c ufs.c disklabel.c dhcp.c packet.c
-SRCS+= parse.y atomicio.c vioscsi.c vioraw.c
+SRCS+= parse.y atomicio.c vioscsi.c vioraw.c vioqcow2.c
CFLAGS+= -Wall -I${.CURDIR}
CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
diff --git usr.sbin/vmd/vioqcow2.c usr.sbin/vmd/vioqcow2.c
new file mode 100644
index 000..f951fcbd99a
--- /dev/null
+++ usr.sbin/vmd/vioqcow2.c
@@ -0,0 +1,546 @@
+/* $OpenBSD: $ */
+
+/*
+ * Copyright (c) 2018 Ori Bernstein
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+#include
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "vmd.h"
+#include "vmm.h"
+#include "virtio.h"
+
+#define QCOW2_COMPRESSED 0x4000ull
+#define QCOW2_INPLACE 0x8000ull
+
+#define QCOW2_DIRTY(1 << 0)
+#define QCOW2_CORRUPT (1 << 1)
+
+enum {
+ ICFEATURE_DIRTY = 1 << 0,
+ ICFEATURE_CORRUPT = 1 << 1,
+};
+
+enum {
+ ACFEATURE_BITEXT= 1 << 0,
+};
+
+struct qcheader {
+ char magic[4];
+ uint32_t version;
+ uint64_t backingoff;
+ uint32_t backingsz;
+ uint32_t clustershift;
+ uint64_t disksz;
+ uint32_t cryptmethod;
+ uint32_t l1sz;
+ uint64_t l1off;
+ uint64_t refoff;
+ uint32_t refsz;
+ uint32_t snapcount;
+ uint64_t snapsz;
+ /* v3 additions */
+ uint64_t incompatfeatures;
+ uint64_t autoclearfeatures;
+ uint32_t refbits;
+ uint32_t headersz;
+} __packed;
+
+struct qcdisk {
+ pthread_rwlock_t lock;
+ struct qcdisk *base;
+ struct qcheader header;
+
+ int fd;
+ uint64_t *l1;
+ char *scratch;
+ off_t end;
+ uint32_t clustersz;
+ off_t disksz; /* in bytes */
+ uint32_t cryptmethod;
+
+ uint32_t l1sz;
+ off_tl1off;
+
+ off_trefoff;
+ uint32_t refsz;
+
+ uint32_t nsnap;
+ off_tsnapoff;
+
+ /* v3 features */
+ uint64_t incompatfeatures;
+ uint64_t autoclearfeatures;
+ uint32_t refssz;
+ uint32_t headersz;
+};
+
+extern char *__progname;
+
+static int move_cluster(struct qcdisk *, off_t, off_t);
+static off_t xlate(struct qcdisk *, off_t, int *);
+static off_t mkcluster(struct qcdisk *, off_t, off_t);
+static int inc_refs(struct qcdisk *, off_t, int);
+static int qc2_openpath(struct qcdisk *, char *, int);
+static int qc2_open(struct qcdisk *, int);
+static ssize_t qc2_pread(void *, char *, size_t, off_t);
+static ssize_t qc2_pwrite(void *, char *, size_t, off_t);
+static void qc2_close(void *);
+
+int
+virtio_init_qcow2(struct virtio_backing *file, off_t *szp, int fd)
+{
+ struct qcdisk *diskp;
+
+ diskp = malloc(sizeof(int*));
+ if (diskp == NULL)
+ return -1;
+ if (qc2_open(diskp, fd) == -1) {
+ free(diskp);
+ return -1;
+ }
+ file->p = diskp;
+ file->pread = qc2_pread;
+ file->pwrite = qc2_pwrite;
+ file->close = qc2_close;
+ *szp = diskp->disksz / 512;
+ return 0;
+}
+
+static int
+qc2_openpath(struct qcdisk *disk, char *path, int flags)
+{
+ int fd;
+
+ fd = open(path, flags);
+ if (fd < 0)
+ return -1;
+ return qc2_open(disk, fd);
+}
+
+static int
