Re: iwm: support dynamic queue allocation (DQA)

2019-10-15 Thread Kevin Lo 
On Mon, Oct 14, 2019 at 01:51:02PM +0200, Stefan Sperling wrote:
> 
> Newer iwm firmware requires the driver to use a feature known as
> dynamic queue allocation (DQA). What matters is that the command queue
> index was changed. Newer firmware images have stopped responding to
> commands sent with the old command queue index, and this is preventing
> us from dropping newer firmware versions into /etc/firmware without
> breaking things.
> 
> Some of our existing firmware images already support DQA (*-22 image
> files), and some do not (*-16 image files), so we need to support both
> modes of operation for now. (Linux has already removed non-DQA code
> paths from their iwlwifi driver).
> 
> I have successfully tested this diff on 8265 with our current firmware
> image (22.361476.0) as well as a newer -22 firmware image (22.391740.0,
> which is *not* in fw_update yet). I have also tested 7265 successfully.
> 
> Tests on 7260 and 8260 devices are still required.
> Nothing should change. At this point I am just looking for potential
> regressions when using this diff against our current firmware images.
> 
> Reviews and OKs are also welcome.

Tested on 3165 with current firmware (16.242414.0), seems to be working fine.

iwm0 at pci3 dev 0 function 0 "Intel Dual Band Wireless AC 3165" rev 0x81, msi
iwm0: hw rev 0x210, fw ver 16.242414.0, address 08:d4:0c:xx:xx:xx

sysupgrade(8) download directory

2019-10-15 Thread Joe Davis 
Prompted by a discussion on irc. 

While /home/_sysupgrade is a sensible default, it's not always possible
to use (for instance if /home is encrypted and mounted via rc.local or
even manually over ssh). Previous attempts have had sysupgrade(8)
automagically figure out a sensible location based on available space, but
this has issues too (a sufficiently large tmp on mfs), and breaks in the
case I mentioned. All this diff does is add an '-l path' argument to
sysupgrade allowing the user to specify where the sets get downloaded
to, with /home/_sysupgrade remaining the default if nothing is passed.

For example, if the only partition with sufficient space is /usr/local a
user might pass:

sysupgrade -l /usr/local/sets

Cheers,
Joe

Index: sysupgrade.8
===
RCS file: /cvs/src/usr.sbin/sysupgrade/sysupgrade.8,v
retrieving revision 1.10
diff -u -p -r1.10 sysupgrade.8
--- sysupgrade.83 Oct 2019 12:43:58 -   1.10
+++ sysupgrade.815 Oct 2019 20:07:50 -
@@ -23,6 +23,7 @@
 .Sh SYNOPSIS
 .Nm
 .Op Fl fkn
+.Op Fl l Ar path
 .Op Fl r | s
 .Op Ar installurl
 .Sh DESCRIPTION
@@ -53,9 +54,13 @@ Force an already applied upgrade.
 The default is to upgrade to latest snapshot only if available.
 This option has no effect on releases.
 .It Fl k
-Keep the files in
-.Pa /home/_sysupgrade .
+Keep the sets.
 By default they will be deleted after the upgrade.
+.It Fl l Ar path
+Specify the 
+.Ar path
+the upgrade will be downloaded to.
+The default is /home/_sysupgrade.
 .It Fl n
 Fetch and verify the files and create
 .Pa /bsd.upgrade
@@ -77,7 +82,7 @@ The ramdisk kernel to trigger an unatten
 .Ox
 mirror top-level URL for fetching an upgrade.
 .It Pa /home/_sysupgrade
-Directory the upgrade is downloaded to.
+Default directory the upgrade is downloaded to.
 .El
 .Sh SEE ALSO
 .Xr signify 1 ,
Index: sysupgrade.sh
===
RCS file: /cvs/src/usr.sbin/sysupgrade/sysupgrade.sh,v
retrieving revision 1.26
diff -u -p -r1.26 sysupgrade.sh
--- sysupgrade.sh   14 Oct 2019 06:58:53 -  1.26
+++ sysupgrade.sh   15 Oct 2019 20:07:50 -
@@ -34,7 +34,7 @@ ug_err()
 
 usage()
 {
-   ug_err "usage: ${0##*/} [-fkn] [-r | -s] [installurl]"
+   ug_err "usage: ${0##*/} [-fkn] [-l path] [-r | -s] [installurl]"
 }
 
 unpriv()
@@ -79,10 +79,11 @@ FORCE=false
 KEEP=false
 REBOOT=true
 
-while getopts fknrs arg; do
+while getopts fkl:nrs arg; do
case ${arg} in
f)  FORCE=true;;
k)  KEEP=true;;
+   l)  SETSDIR=${OPTARG};;
n)  REBOOT=false;;
r)  RELEASE=true;;
s)  SNAP=true;;
@@ -188,7 +189,7 @@ ${KEEP} && > keep
 
 cat <<__EOT >/auto_upgrade.conf
 Location of sets = disk
-Pathname to the sets = /home/_sysupgrade/
+Pathname to the sets = ${SETSDIR}
 Set name(s) = done
 Directory does not contain SHA256.sig. Continue without verification = yes
 __EOT
@@ -196,7 +197,7 @@ __EOT
 if ! ${KEEP}; then
CLEAN=$(echo SHA256 ${SETS} | sed -e 's/ /,/g')
cat <<__EOT > /etc/rc.firsttime
-rm -f /home/_sysupgrade/{${CLEAN}}
+rm -f ${SETSDIR}/{${CLEAN}}
 __EOT
 fi

Re: random safety for pbkdf

2019-10-15 Thread Theo de Raadt 
Makes sense -- but perhaps justify the arc4random with a comment,
explaining what is being done, so that people don't need to look
in the commitlog?

Ted Unangst  wrote:

> In the event that a program uses invalid parameters, I think we should
> overwrite the key with random data. Otherwise, there's a chance the program
> will continue with a zero key. It may even appear to work, encrypting and
> decrypting data, but with a weak key. Random data means it fails closed, and
> should also make it easier to detect such errors since it no longer
> interoperates.
> 
> 
> Index: bcrypt_pbkdf.c
> ===
> RCS file: /home/cvs/src/lib/libutil/bcrypt_pbkdf.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 bcrypt_pbkdf.c
> --- bcrypt_pbkdf.c12 Jan 2015 03:20:04 -  1.13
> +++ bcrypt_pbkdf.c15 Oct 2019 19:14:12 -
> @@ -110,10 +110,10 @@ bcrypt_pbkdf(const char *pass, size_t pa
>  
>   /* nothing crazy */
>   if (rounds < 1)
> - return -1;
> + goto bad;
>   if (passlen == 0 || saltlen == 0 || keylen == 0 ||
>   keylen > sizeof(out) * sizeof(out))
> - return -1;
> + goto bad;
>   stride = (keylen + sizeof(out) - 1) / sizeof(out);
>   amt = (keylen + stride - 1) / stride;
>  
> @@ -166,4 +166,8 @@ bcrypt_pbkdf(const char *pass, size_t pa
>   explicit_bzero(out, sizeof(out));
>  
>   return 0;
> +
> +bad:
> + arc4random_buf(key, keylen);
> + return -1;
>  }
> Index: pkcs5_pbkdf2.c
> ===
> RCS file: /home/cvs/src/lib/libutil/pkcs5_pbkdf2.c,v
> retrieving revision 1.10
> diff -u -p -r1.10 pkcs5_pbkdf2.c
> --- pkcs5_pbkdf2.c18 Apr 2017 04:06:21 -  1.10
> +++ pkcs5_pbkdf2.c15 Oct 2019 19:17:08 -
> @@ -84,11 +84,11 @@ pkcs5_pbkdf2(const char *pass, size_t pa
>   size_t r;
>  
>   if (rounds < 1 || key_len == 0)
> - return -1;
> + goto bad;
>   if (salt_len == 0 || salt_len > SIZE_MAX - 4)
> - return -1;
> + goto bad;
>   if ((asalt = malloc(salt_len + 4)) == NULL)
> - return -1;
> + goto bad;
>  
>   memcpy(asalt, salt, salt_len);
>  
> @@ -118,4 +118,8 @@ pkcs5_pbkdf2(const char *pass, size_t pa
>   explicit_bzero(obuf, sizeof(obuf));
>  
>   return 0;
> +
> +bad:
> + arc4random_buf(key, key_len);
> + return -1;
>  }
>

random safety for pbkdf

2019-10-15 Thread Ted Unangst 
In the event that a program uses invalid parameters, I think we should
overwrite the key with random data. Otherwise, there's a chance the program
will continue with a zero key. It may even appear to work, encrypting and
decrypting data, but with a weak key. Random data means it fails closed, and
should also make it easier to detect such errors since it no longer
interoperates.


Index: bcrypt_pbkdf.c
===
RCS file: /home/cvs/src/lib/libutil/bcrypt_pbkdf.c,v
retrieving revision 1.13
diff -u -p -r1.13 bcrypt_pbkdf.c
--- bcrypt_pbkdf.c  12 Jan 2015 03:20:04 -  1.13
+++ bcrypt_pbkdf.c  15 Oct 2019 19:14:12 -
@@ -110,10 +110,10 @@ bcrypt_pbkdf(const char *pass, size_t pa
 
/* nothing crazy */
if (rounds < 1)
-   return -1;
+   goto bad;
if (passlen == 0 || saltlen == 0 || keylen == 0 ||
keylen > sizeof(out) * sizeof(out))
-   return -1;
+   goto bad;
stride = (keylen + sizeof(out) - 1) / sizeof(out);
amt = (keylen + stride - 1) / stride;
 
@@ -166,4 +166,8 @@ bcrypt_pbkdf(const char *pass, size_t pa
explicit_bzero(out, sizeof(out));
 
return 0;
+
+bad:
+   arc4random_buf(key, keylen);
+   return -1;
 }
Index: pkcs5_pbkdf2.c
===
RCS file: /home/cvs/src/lib/libutil/pkcs5_pbkdf2.c,v
retrieving revision 1.10
diff -u -p -r1.10 pkcs5_pbkdf2.c
--- pkcs5_pbkdf2.c  18 Apr 2017 04:06:21 -  1.10
+++ pkcs5_pbkdf2.c  15 Oct 2019 19:17:08 -
@@ -84,11 +84,11 @@ pkcs5_pbkdf2(const char *pass, size_t pa
size_t r;
 
if (rounds < 1 || key_len == 0)
-   return -1;
+   goto bad;
if (salt_len == 0 || salt_len > SIZE_MAX - 4)
-   return -1;
+   goto bad;
if ((asalt = malloc(salt_len + 4)) == NULL)
-   return -1;
+   goto bad;
 
memcpy(asalt, salt, salt_len);
 
@@ -118,4 +118,8 @@ pkcs5_pbkdf2(const char *pass, size_t pa
explicit_bzero(obuf, sizeof(obuf));
 
return 0;
+
+bad:
+   arc4random_buf(key, key_len);
+   return -1;
 }

Re: iwm: support dynamic queue allocation (DQA)

2019-10-15 Thread Florian Obser 
seems to be working on Intel Dual Band Wireless AC 7260

-- 
I'm not entirely sure you are real.

kill scheduler_fork_hook()

2019-10-15 Thread Martin Pieuchot 
The only raison d'etre of scheduler_fork_hook() is because `p_estcpu' is
not at the right place in "struct proc".  Diff below fixes that.  I
reordered the fields to not have implicit padding increase the size of
the structure.

ok?

Index: sys/proc.h
===
RCS file: /cvs/src/sys/sys/proc.h,v
retrieving revision 1.273
diff -u -p -r1.273 proc.h
--- sys/proc.h  2 Aug 2019 02:17:35 -   1.273
+++ sys/proc.h  15 Oct 2019 14:50:40 -
@@ -349,10 +349,7 @@ struct proc {
 #definep_startzero p_dupfd
int p_dupfd; /* Sideways return value from filedescopen. 
XXX */
 
-   longp_thrslpid; /* for thrsleep syscall */
-
/* scheduling */
-   u_int   p_estcpu;   /* [s] Time averaged val of p_cpticks */
int p_cpticks;   /* Ticks of cpu time. */
const volatile void *p_wchan;   /* [s] Sleep address. */
struct  timeout p_sleep_to;/* timeout for tsleep() */
@@ -364,6 +361,8 @@ struct proc {
u_int   p_iticks;   /* Statclock hits processing intr. */
struct  cpu_info * volatile p_cpu; /* [s] CPU we're running on. */
 
+   longp_thrslpid; /* for thrsleep syscall */
+
struct  rusage p_ru;/* Statistics */
struct  tusage p_tu;/* accumulated times. */
struct  timespec p_rtime;   /* Real time. */
@@ -379,6 +378,7 @@ struct proc {
 
u_char  p_priority; /* [s] Process priority. */
u_char  p_usrpri;   /* [s] User-prio based on p_estcpu & ps_nice. */
+   u_int   p_estcpu;   /* [s] Time averaged val of p_cpticks */
int p_pledge_syscall;   /* Cache of current syscall */
 
struct  ucred *p_ucred; /* cached credentials */
Index: sys/sched.h
===
RCS file: /cvs/src/sys/sys/sched.h,v
retrieving revision 1.55
diff -u -p -r1.55 sched.h
--- sys/sched.h 15 Oct 2019 10:05:43 -  1.55
+++ sys/sched.h 15 Oct 2019 14:48:45 -
@@ -182,11 +182,6 @@ void sched_init_runqueues(void);
 void setrunqueue(struct cpu_info *, struct proc *, uint8_t);
 void remrunqueue(struct proc *);
 
-/* Inherit the parent's scheduler history */
-#define scheduler_fork_hook(parent, child) do {
\
-   (child)->p_estcpu = (parent)->p_estcpu; \
-} while (0)
-
 /* Chargeback parents for the sins of their children.  */
 #define scheduler_wait_hook(parent, child) do {
\
(parent)->p_estcpu = ESTCPULIM((parent)->p_estcpu + (child)->p_estcpu);\
Index: kern/kern_fork.c
===
RCS file: /cvs/src/sys/kern/kern_fork.c,v
retrieving revision 1.214
diff -u -p -r1.214 kern_fork.c
--- kern/kern_fork.c15 Oct 2019 10:05:43 -  1.214
+++ kern/kern_fork.c15 Oct 2019 14:48:37 -
@@ -170,13 +170,6 @@ thread_new(struct proc *parent, vaddr_t 
 */
timeout_set(>p_sleep_to, endtsleep, p);
 
-   /*
-* set priority of child to be that of parent
-* XXX should move p_estcpu into the region of struct proc which gets
-* copied.
-*/
-   scheduler_fork_hook(parent, p);
-
 #ifdef WITNESS
p->p_sleeplocks = NULL;
 #endif

tun(4) & switch(4) -> tsleep_nsec(9)

2019-10-15 Thread Martin Pieuchot 
Convert the two pseudo-drivers to use tsleep_nsec(9) in their read(2)
routine, both drivers block indefinitely.

ok?

Index: net/if_tun.c
===
RCS file: /cvs/src/sys/net/if_tun.c,v
retrieving revision 1.190
diff -u -p -r1.190 if_tun.c
--- net/if_tun.c13 Sep 2019 01:31:24 -  1.190
+++ net/if_tun.c7 Oct 2019 12:49:04 -
@@ -751,8 +751,8 @@ tun_dev_read(struct tun_softc *tp, struc
int destroyed;
 
while ((tp->tun_flags & TUN_READY) != TUN_READY) {
-   if ((error = tsleep((caddr_t)tp,
-   (PZERO + 1)|PCATCH, "tunread", 0)) != 0)
+   if ((error = tsleep_nsec(tp,
+   (PZERO + 1)|PCATCH, "tunread", INFSLP)) != 0)
return (error);
/* Make sure the interface still exists. */
ifp1 = if_get(ifidx);
@@ -766,8 +766,8 @@ tun_dev_read(struct tun_softc *tp, struc
if (tp->tun_flags & TUN_NBIO && ioflag & IO_NDELAY)
return (EWOULDBLOCK);
tp->tun_flags |= TUN_RWAIT;
-   if ((error = tsleep((caddr_t)tp,
-   (PZERO + 1)|PCATCH, "tunread", 0)) != 0)
+   if ((error = tsleep_nsec(tp,
+   (PZERO + 1)|PCATCH, "tunread", INFSLP)) != 0)
return (error);
/* Make sure the interface still exists. */
ifp1 = if_get(ifidx);
Index: net/switchctl.c
===
RCS file: /cvs/src/sys/net/switchctl.c,v
retrieving revision 1.15
diff -u -p -r1.15 switchctl.c
--- net/switchctl.c 12 May 2019 16:38:02 -  1.15
+++ net/switchctl.c 7 Oct 2019 12:49:17 -
@@ -148,7 +148,7 @@ switchread(dev_t dev, struct uio *uio, i
goto failed;
}
sc->sc_swdev->swdev_waiting = 1;
-   error = tsleep(sc, (PZERO + 1)|PCATCH, "switchread", 0);
+   error = tsleep_nsec(sc, (PZERO + 1)|PCATCH, "switchread", 
INFSLP);
if (error != 0)
goto failed;
/* sc might be deleted while sleeping */

tsleep_nsec(9) for revarp

2019-10-15 Thread Martin Pieuchot 
The hz/2 idiom means 500ms, so use that.  ok?

Index: netinet/if_ether.c
===
RCS file: /cvs/src/sys/netinet/if_ether.c,v
retrieving revision 1.240
diff -u -p -r1.240 if_ether.c
--- netinet/if_ether.c  17 Jul 2019 16:46:18 -  1.240
+++ netinet/if_ether.c  7 Oct 2019 12:49:44 -
@@ -914,7 +914,7 @@ revarpwhoarewe(struct ifnet *ifp, struct
revarp_ifidx = ifp->if_index;
while (count--) {
revarprequest(ifp);
-   result = tsleep((caddr_t)_myip, PSOCK, "revarp", hz/2);
+   result = tsleep_nsec(_myip, PSOCK, "revarp", 
MSEC_TO_NSEC(500));
if (result != EWOULDBLOCK)
break;
}

Re: acpithinkpad: don't take over ws_[gs]et_param on version 2 devices

2019-10-15 Thread Theo Buehler 
On Mon, Oct 14, 2019 at 11:00:57PM +0200, Mark Kettenis wrote:
> > Date: Sun, 13 Oct 2019 21:37:53 -0500
> > From: joshua stein 
> > 
> > Newer ThinkPads have ACPI goo to allow acpivout to control screen 
> > backlight, so don't take over ws_[gs]et_param from it.  This allows 
> > for 100 levels of backlight control rather than the 10 or 15 that 
> > are supported through acpithinkpad using its proprietary ACPI or 
> > CMOS interfaces.
> > 
> > You can see the difference with and without this patch by doing:
> > 
> > xbacklight -set 1 -steps 100
> > xbacklight -set 100 -steps 100
> > 
> > Apparently this will also be needed for newer AMD ThinkPads that use 
> > radeondrm.
> > 
> > "Newer" here is being defined as anything not reporting version 1 
> > (THINKPAD_HKEY_VERSION1) of the ThinkPad ACPI interface.
> 
> Note that -current reports the version number in dmesg.  For now
> you'll need to compile your own kernel though, since there won't be
> any new snapshots until 6.6 is released.
> 
> > For responding to hardware brightness keys, you'll want to test with 
> > the acpivout patch I posted since otherwise the keys will be 
> > adjusting the backlight by 1% each time, and it may seem like it's 
> > not doing anything.  That patch makes it properly adjust by 5% each 
> > time (but you still get fine-grained changes through wsconsctl or 
> > xbacklight).
> 
> Wo what we need to get tested is whether backlight control (stil)
> works on machines that report:
> 
> acpithinkpad0 at acpi0: version 2.0
> 
> My x1c3 reports version 1.0 so I suspect the x250/t450/t550 reports
> that as well (but it would be goo to get that confirmed).  So we're
> primarily interested in later generations.

My x280 reports version 2.0 and this feels like a great improvement.