Re: Fix ipsp_spd_lookup() for transport mode
Hi, Let me update the diff. Previous has a problem in ipsp_spd_lookup() which uses "rn" without initialization. On Sat, 20 Nov 2021 21:44:20 +0900 (JST) YASUOKA Masahiko wrote: > On Wed, 12 May 2021 19:11:09 +0900 (JST) > YASUOKA Masahiko wrote: >> Radek reported a problem to misc@ that multiple Windows clients behind >> a NAT cannot use a L2TP/IPsec server simultaneously. >> >> https://marc.info/?t=16099681611=1=2 >> >> There is two problems. First is pipex(4) doesn't pass the proper >> ipsecflowinfo to ip_output(). Second is the IPsec policy check which >> is done by ipsp_spd_lookup() returns -1 (EINVAL) if the given tdb is >> not cached. This happens when its flow is shared by another tdb (for >> another client of the same NAT). > > This problem is not fixed yet. The diff for the second problem was > not committed in. It was to fix the check in ipsp_spd_lookup() by > making a IPsec policy have a list of IDs. > > Also my colleague Kawai pointed out there is another problem if there > is a Linux client among with Windows clients behind a NAT. Windows > uses 1701/udp for its local ID, but the Linux uses ANY/udp for its > local ID. > > In the situation, policies will be overlapped. > > (a) Windows: REMOTE_IP:1701/udp <=> LOCAL_IP:1701/udp > (b) Linux:REMOTE_IP:ANY/udp <=> LOCAL_IP:1701/udp > > Since we use a radix tree for the policies, when rn_match() is used to > find a policy, as it's best match, (b) is never selected. > > Let me update the diff. > > As for the incomming, we know the tdb when is used. The diff uses the > tdb to find the proper policy. > > As for the outgoing, other than using "ipsecflowinfo" there is no way > to select a proper policy. So only when "ipsecflowinfo" is used, get > a tdb from the packet flow and the IDs (retributed by the > ipsecflowinfo), then we can find the proper policy by the tdb. > > Also the diff skips the IDs check against the policy only if it is > transport mode and using NAT-T. Since when NAT-T is used for a policy > for transport mode is shared by multiple clients which has a different > IDs, checking the IDs is difficult and I think the checks other than > is enough. > > ok? comments? > > Fix some problems when accepting IPsec transport mode connections from > multiple clients behind a NAT. In the situation, policies can be > overlapped, but previous could not choice a proper policy both for > incoming and outgoing. To solve this problem, use > tdb->tdb_filter{,mask} to find a proper policy for incoming and find the > tdb by the given ipsecflowinfo and use it for outgoing. Also skip > checking IDs of the policy since a policy is shared by multiple clients > in the situation. Index: sys/netinet/ip_ipsp.c === RCS file: /disk/cvs/openbsd/src/sys/netinet/ip_ipsp.c,v retrieving revision 1.258 diff -u -p -r1.258 ip_ipsp.c --- sys/netinet/ip_ipsp.c 29 Nov 2021 19:19:00 - 1.258 +++ sys/netinet/ip_ipsp.c 30 Nov 2021 04:44:48 - @@ -90,6 +90,8 @@ void tdb_firstuse(void *); void tdb_soft_timeout(void *); void tdb_soft_firstuse(void *); inttdb_hash(u_int32_t, union sockaddr_union *, u_int8_t); +intsockaddr_encap_match(struct sockaddr_encap *, + struct sockaddr_encap *, struct sockaddr_encap *); int ipsec_in_use = 0; u_int64_t ipsec_last_added = 0; @@ -507,6 +509,76 @@ gettdbbysrc(u_int rdomain, union sockadd tdb_ref(tdbp); mtx_leave(_sadb_mtx); return tdbp; +} + +/* + * Get an SA given the flow, the direction, the security protocol type, and + * the desired IDs. + */ +struct tdb * +gettdbbyflow(u_int rdomain, int direction, struct sockaddr_encap *senflow, +u_int8_t sproto, struct ipsec_ids *ids) +{ + u_int32_t hashval; + struct tdb *tdbp; + union sockaddr_union srcdst; + + if (ids == NULL)/* ids is mandatory */ + return NULL; + + memset(, 0, sizeof(srcdst)); + switch (senflow->sen_type) { + case SENT_IP4: + srcdst.sin.sin_len = sizeof(srcdst.sin); + srcdst.sin.sin_family = AF_INET; + if (direction == IPSP_DIRECTION_OUT) + srcdst.sin.sin_addr = senflow->Sen.Sip4.Dst; + else + srcdst.sin.sin_addr = senflow->Sen.Sip4.Src; + break; + case SENT_IP6: + srcdst.sin6.sin6_len = sizeof(srcdst.sin6); + srcdst.sin6.sin6_family = AF_INET6; + if (direction == IPSP_DIRECTION_OUT) + srcdst.sin6.sin6_addr = senflow->Sen.Sip6.Dst; + else + srcdst.sin6.sin6_addr = senflow->Sen.Sip6.Src; + break; + } + + mtx_enter(_sadb_mtx); + hashval = tdb_hash(0, , sproto); + + for (tdbp = tdbdst[hashval]; tdbp != NULL; tdbp = tdbp->tdb_dnext) +
riscv64: enable FIDO/U2F devices (Yubikeys)
Hello, The following diff enables FIDO/U2F keys on riscv64. I've tested this with a Yubikey 5 Nano and was able to successfully generate an ed25519-sk key pair with ssh-keygen (which is my usecase): icarus$ uname -a OpenBSD icarus.fagg.id.au 7.0 GENERIC.MP#1 riscv64 icarus$ ssh-keygen -t ed25519-sk Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. Enter file in which to save the key (/home/fagg/.ssh/id_ed25519_sk): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/fagg/.ssh/id_ed25519_sk Your public key has been saved in /home/fagg/.ssh/id_ed25519_sk.pub If there's anything else I should test please let me know. Thanks, Ash Index: sys/arch/riscv64/conf/GENERIC === RCS file: /cvs/src/sys/arch/riscv64/conf/GENERIC,v retrieving revision 1.29 diff -u -p -u -p -r1.29 GENERIC --- sys/arch/riscv64/conf/GENERIC 2 Sep 2021 10:11:21 - 1.29 +++ sys/arch/riscv64/conf/GENERIC 30 Nov 2021 01:58:44 - @@ -133,6 +133,8 @@ uwacom* at uhidev? # USB Wacom tablet wsmouse* at uwacom? mux 0 ukbd* at uhidev? wskbd* at ukbd? mux 1 +uhid* at uhidev? # USB generic HID support +fido* at uhidev? # FIDO/U2F security key support udl* at uhub?# DisplayLink USB displays wsdisplay* at udl? umass* at uhub? Index: sys/arch/riscv64/riscv64/conf.c === RCS file: /cvs/src/sys/arch/riscv64/riscv64/conf.c,v retrieving revision 1.12 diff -u -p -u -p -r1.12 conf.c --- sys/arch/riscv64/riscv64/conf.c 11 Nov 2021 10:03:09 - 1.12 +++ sys/arch/riscv64/riscv64/conf.c 30 Nov 2021 01:58:44 - @@ -91,6 +91,8 @@ cdev_decl(lpt); #include "radio.h" #include "drm.h" cdev_decl(drm); +#include "uhid.h" +#include "fido.h" #include "wsdisplay.h" #include "wskbd.h" @@ -178,7 +180,7 @@ struct cdevsw cdevsw[] = cdev_notdef(), /* 60: i4b phone device */ /* End of reserved slots for isdn4bsd. */ cdev_notdef(), /* 61: USB controller */ - cdev_notdef(), /* 62: USB generic HID */ + cdev_usbdev_init(NUHID,uhid), /* 62: USB generic HID */ cdev_notdef(), /* 63: USB generic driver */ cdev_notdef(), /* 64: USB printers */ cdev_notdef(), /* 65: urio */ @@ -219,7 +221,7 @@ struct cdevsw cdevsw[] = cdev_notdef(), /* 95 */ cdev_ipmi_init(NIPMI,ipmi), /* 96: ipmi */ cdev_notdef(), /* 97: was switch(4) */ - cdev_notdef(), /* 98: FIDO/U2F security key */ + cdev_fido_init(NFIDO,fido), /* 98: FIDO/U2F security key */ cdev_pppx_init(NPPPX,pppac),/* 99: PPP Access Concentrator */ cdev_notdef(), /* 100: USB joystick/gamecontroller */ };
ipsp_spd_inp parameter
Hi, Remove unused parameter from ipsp_spd_inp(). ok? bluhm Index: netinet/ip_ipsp.h === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_ipsp.h,v retrieving revision 1.223 diff -u -p -r1.223 ip_ipsp.h --- netinet/ip_ipsp.h 26 Nov 2021 16:16:35 - 1.223 +++ netinet/ip_ipsp.h 29 Nov 2021 21:41:44 - @@ -634,8 +634,6 @@ int ipsp_process_packet(struct mbuf *, s intipsp_process_done(struct mbuf *, struct tdb *); struct tdb *ipsp_spd_lookup(struct mbuf *, int, int, int *, int, struct tdb *, struct inpcb *, u_int32_t); -struct tdb *ipsp_spd_inp(struct mbuf *, int, int, int *, int, - struct tdb *, struct inpcb *, struct ipsec_policy *); intipsp_is_unspecified(union sockaddr_union); intipsp_aux_match(struct tdb *, struct ipsec_ids *, struct sockaddr_encap *, struct sockaddr_encap *); Index: netinet/ip_spd.c === RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_spd.c,v retrieving revision 1.105 diff -u -p -r1.105 ip_spd.c --- netinet/ip_spd.c25 Nov 2021 13:46:02 - 1.105 +++ netinet/ip_spd.c29 Nov 2021 21:41:44 - @@ -41,6 +41,8 @@ #include #include +struct tdb *ipsp_spd_inp(struct mbuf *, int *, struct inpcb *, + struct ipsec_policy *); intipsp_acquire_sa(struct ipsec_policy *, union sockaddr_union *, union sockaddr_union *, struct sockaddr_encap *, struct mbuf *); struct ipsec_acquire *ipsp_pending_acquire(struct ipsec_policy *, @@ -307,16 +309,14 @@ ipsp_spd_lookup(struct mbuf *m, int af, * system-wide policies. */ *error = 0; - return ipsp_spd_inp(m, af, hlen, error, direction, - tdbp, inp, NULL); + return ipsp_spd_inp(m, error, inp, NULL); } ipo = (struct ipsec_policy *)rn; switch (ipo->ipo_type) { case IPSP_PERMIT: *error = 0; - return ipsp_spd_inp(m, af, hlen, error, direction, tdbp, - inp, ipo); + return ipsp_spd_inp(m, error, inp, ipo); case IPSP_DENY: *error = EHOSTUNREACH; @@ -415,8 +415,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, /* Cached entry is good. */ *error = 0; - return ipsp_spd_inp(m, af, hlen, error, direction, - tdbp, inp, ipo); + return ipsp_spd_inp(m, error, inp, ipo); nomatchout: /* Cached TDB was not good. */ @@ -452,8 +451,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, >ipo_tdb->tdb_policy_head, ipo, ipo_tdb_next); *error = 0; - return ipsp_spd_inp(m, af, hlen, error, - direction, tdbp, inp, ipo); + return ipsp_spd_inp(m, error, inp, ipo); } } @@ -481,8 +479,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, /* FALLTHROUGH */ case IPSP_IPSEC_USE: *error = 0; - return ipsp_spd_inp(m, af, hlen, error, direction, - tdbp, inp, ipo); + return ipsp_spd_inp(m, error, inp, ipo); } } else { /* IPSP_DIRECTION_IN */ if (tdbp != NULL) { @@ -507,8 +504,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, /* Direct match in the cache. */ if (ipo->ipo_tdb == tdbp) { *error = 0; - return ipsp_spd_inp(m, af, hlen, error, - direction, tdbp, inp, ipo); + return ipsp_spd_inp(m, error, inp, ipo); } if (memcmp(dignore ? : >ipo_dst, @@ -532,8 +528,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, TAILQ_INSERT_TAIL(>tdb_policy_head, ipo, ipo_tdb_next); *error = 0; - return ipsp_spd_inp(m, af, hlen, error, direction, - tdbp, inp, ipo); + return ipsp_spd_inp(m, error, inp, ipo); nomatchin: /* Nothing needed here, falling through */ ; @@ -603,8 +598,7 @@ ipsp_spd_lookup(struct mbuf *m, int af, /* If appropriate SA exists, don't acquire another. */ if (ipo->ipo_tdb) { *error = 0; - return ipsp_spd_inp(m, af, hlen, error, - direction, tdbp, inp, ipo); + return
Re: Please test: UVM fault unlocking (aka vmobjlock)
On 24/11/21(Wed) 11:16, Martin Pieuchot wrote: > Diff below unlock the bottom part of the UVM fault handler. I'm > interested in squashing the remaining bugs. Please test with your usual > setup & report back. Thanks to all the testers, here's a new version that includes a bug fix. Tests on !x86 architectures are much appreciated! Thanks a lot, Martin diff --git sys/arch/amd64/conf/GENERIC.MP sys/arch/amd64/conf/GENERIC.MP index bb842f6d96e..e5334c19eac 100644 --- sys/arch/amd64/conf/GENERIC.MP +++ sys/arch/amd64/conf/GENERIC.MP @@ -4,6 +4,6 @@ include "arch/amd64/conf/GENERIC" option MULTIPROCESSOR #optionMP_LOCKDEBUG -#optionWITNESS +option WITNESS cpu* at mainbus? diff --git sys/arch/i386/conf/GENERIC.MP sys/arch/i386/conf/GENERIC.MP index 980a572b8fd..ef7ded61501 100644 --- sys/arch/i386/conf/GENERIC.MP +++ sys/arch/i386/conf/GENERIC.MP @@ -7,6 +7,6 @@ include "arch/i386/conf/GENERIC" option MULTIPROCESSOR # Multiple processor support #optionMP_LOCKDEBUG -#optionWITNESS +option WITNESS cpu* at mainbus? diff --git sys/dev/pci/drm/i915/gem/i915_gem_shmem.c sys/dev/pci/drm/i915/gem/i915_gem_shmem.c index ce8e2eca141..47b567087e7 100644 --- sys/dev/pci/drm/i915/gem/i915_gem_shmem.c +++ sys/dev/pci/drm/i915/gem/i915_gem_shmem.c @@ -268,8 +268,10 @@ shmem_truncate(struct drm_i915_gem_object *obj) #ifdef __linux__ shmem_truncate_range(file_inode(obj->base.filp), 0, (loff_t)-1); #else + rw_enter(obj->base.uao->vmobjlock, RW_WRITE); obj->base.uao->pgops->pgo_flush(obj->base.uao, 0, obj->base.size, PGO_ALLPAGES | PGO_FREE); + rw_exit(obj->base.uao->vmobjlock); #endif obj->mm.madv = __I915_MADV_PURGED; obj->mm.pages = ERR_PTR(-EFAULT); diff --git sys/dev/pci/drm/radeon/radeon_ttm.c sys/dev/pci/drm/radeon/radeon_ttm.c index eb879b5c72c..837a9f94298 100644 --- sys/dev/pci/drm/radeon/radeon_ttm.c +++ sys/dev/pci/drm/radeon/radeon_ttm.c @@ -1006,6 +1006,8 @@ radeon_ttm_fault(struct uvm_faultinfo *ufi, vaddr_t vaddr, vm_page_t *pps, struct radeon_device *rdev; int r; + KASSERT(rw_write_held(ufi->entry->object.uvm_obj->vmobjlock)); + bo = (struct drm_gem_object *)ufi->entry->object.uvm_obj; rdev = bo->dev->dev_private; down_read(>pm.mclk_lock); diff --git sys/uvm/uvm_aobj.c sys/uvm/uvm_aobj.c index 20051d95dc1..a5c403ab67d 100644 --- sys/uvm/uvm_aobj.c +++ sys/uvm/uvm_aobj.c @@ -184,7 +184,7 @@ const struct uvm_pagerops aobj_pager = { * deadlock. */ static LIST_HEAD(aobjlist, uvm_aobj) uao_list = LIST_HEAD_INITIALIZER(uao_list); -static struct mutex uao_list_lock = MUTEX_INITIALIZER(IPL_NONE); +static struct mutex uao_list_lock = MUTEX_INITIALIZER(IPL_MPFLOOR); /* @@ -277,6 +277,7 @@ uao_find_swslot(struct uvm_object *uobj, int pageidx) * uao_set_swslot: set the swap slot for a page in an aobj. * * => setting a slot to zero frees the slot + * => object must be locked by caller * => we return the old slot number, or -1 if we failed to allocate *memory to record the new slot number */ @@ -286,7 +287,7 @@ uao_set_swslot(struct uvm_object *uobj, int pageidx, int slot) struct uvm_aobj *aobj = (struct uvm_aobj *)uobj; int oldslot; - KERNEL_ASSERT_LOCKED(); + KASSERT(rw_write_held(uobj->vmobjlock) || uobj->uo_refs == 0); KASSERT(UVM_OBJ_IS_AOBJ(uobj)); /* @@ -358,7 +359,9 @@ uao_free(struct uvm_aobj *aobj) struct uvm_object *uobj = >u_obj; KASSERT(UVM_OBJ_IS_AOBJ(uobj)); + KASSERT(rw_write_held(uobj->vmobjlock)); uao_dropswap_range(uobj, 0, 0); + rw_exit(uobj->vmobjlock); if (UAO_USES_SWHASH(aobj)) { /* @@ -671,6 +674,7 @@ struct uvm_object * uao_create(vsize_t size, int flags) { static struct uvm_aobj kernel_object_store; + static struct rwlock bootstrap_kernel_object_lock; static int kobj_alloced = 0; int pages = round_page(size) >> PAGE_SHIFT; struct uvm_aobj *aobj; @@ -742,6 +746,11 @@ uao_create(vsize_t size, int flags) * Initialise UVM object. */ uvm_obj_init(>u_obj, _pager, refs); + if (flags & UAO_FLAG_KERNOBJ) { + /* Use a temporary static lock for kernel_object. */ + rw_init(_kernel_object_lock, "kobjlk"); + uvm_obj_setlock(>u_obj, _kernel_object_lock); + } /* * now that aobj is ready, add it to the global list @@ -822,20 +831,20 @@ uao_detach(struct uvm_object *uobj) * involved in is complete), release any swap resources and free * the page itself. */ - uvm_lock_pageq(); - while((pg = RBT_ROOT(uvm_objtree, >memt)) != NULL) { + rw_enter(uobj->vmobjlock, RW_WRITE); + while ((pg = RBT_ROOT(uvm_objtree, >memt)) != NULL) { + pmap_page_protect(pg, PROT_NONE);
Re: iwm/iwx: try to make roaming more reliable
On 2021/11/27 12:44, Stefan Sperling wrote: > The current implementation suffers from race conditions which can > leave the interface in a state where it gets "stuck". I have seen > this happen on iwm(4) 9560 in particular, while testing the driver > with new firmware images recently published by Intel. This may well > be related to other hangs people have reported in multi-AP environments > on both iwm(4) and iwx(4). Working here with 9560 iwm, I've forced roaming via fixing to a distant AP and then removing the fixed chan, done it several times with no problems, the only thing visible in ping with default timers is that the RTTs go down; not a single drop. iwm0: firmware has detected regulatory domain 'GB' (0x4742) iwm0: sending deauth to 22:xx:xx:xx:xx:28 on channel 120 mode 11n iwm0: roaming from 22:xx:xx:xx:xx:28 chan 120 to 76:xx:xx:xx:xx:e7 chan 136 iwm0: RUN -> AUTH iwm0: sending auth to 76:xx:xx:xx:xx:e7 on channel 136 mode 11a iwm0: AUTH -> ASSOC iwm0: sending assoc_req to 76:xx:xx:xx:xx:e7 on channel 136 mode 11a iwm0: ASSOC -> RUN iwm0: associated with 76:xx:xx:xx:xx:e7 ssid "XX" channel 136 start MCS 0 short preamble long slot time HT enabled iwm0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU iwm0: received msg 1/4 of the 4-way handshake from 76:xx:xx:xx:xx:e7 iwm0: sending msg 2/4 of the 4-way handshake to 76:xx:xx:xx:xx:e7 iwm0: received msg 3/4 of the 4-way handshake from 76:xx:xx:xx:xx:e7 iwm0: sending msg 4/4 of the 4-way handshake to 76:xx:xx:xx:xx:e7 iwm0: sending addba_req to 76:xx:xx:xx:xx:e7 on channel 136 mode 11n iwm0: sending addba_resp to 76:xx:xx:xx:xx:e7 on channel 136 mode 11n OpenBSD 7.0-current (GENERIC.MP) #15: Mon Nov 29 20:22:21 GMT 2021 st...@bamboo.spacehopper.org:/sys/arch/amd64/compile/GENERIC.MP real mem = 16926281728 (16142MB) avail mem = 16267046912 (15513MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.1 @ 0x77d49000 (64 entries) bios0: vendor LENOVO version "N2HET63W (1.46 )" date 06/01/2021 bios0: LENOVO 20QF00B2UK acpi0 at bios0: ACPI 6.1 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 UEFI SSDT HPET APIC MCFG ECDT SSDT SSDT SSDT BOOT SLIC SSDT LPIT WSMT SSDT DBGP DBG2 MSDM BATB NHLT FPDT UEFI acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1795.82 MHz, 06-8e-0c cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1795.82 MHz, 06-8e-0c cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1795.82 MHz, 06-8e-0c cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-8565U CPU @ 1.80GHz, 1715.39 MHz, 06-8e-0c cpu3:
Prevent unintended blocking of select(2)
Prevent select(2) from blocking if a pending event is found during knote registering. OK? Index: kern/sys_generic.c === RCS file: src/sys/kern/sys_generic.c,v retrieving revision 1.143 diff -u -p -r1.143 sys_generic.c --- kern/sys_generic.c 22 Nov 2021 17:15:05 - 1.143 +++ kern/sys_generic.c 29 Nov 2021 16:12:17 - @@ -600,6 +600,7 @@ dopselect(struct proc *p, int nd, fd_set struct timespec *timeout, const sigset_t *sigmask, register_t *retval) { struct kqueue_scan_state scan; + struct timespec zerots = {}; fd_mask bits[6]; fd_set *pibits[3], *pobits[3]; int error, ncollected = 0, nevents = 0; @@ -679,6 +680,10 @@ dopselect(struct proc *p, int nd, fd_set goto done; } + /* Do not block if registering found pending events. */ + if (ncollected > 0) + timeout = + /* Collect at most `nevents' possibly waiting in kqueue_scan() */ kqueue_scan_setup(, p->p_kq); while (nevents > 0) {
Re: vmm(4): swap in log(9) for printf(9) [vmx 3/3]
Dave Voutila wrote: > Is mispeaking? This is what I experienced: > > panic: acquiring blockable sleep lock with spinlock or critical section > held (kernel_lock) _lock > > Full backtraces of two occurrences: https://imgur.com/a/vKIe3k7 It looks like this began with sys_generic.c 1.130 (hey mpi) previously selwakeup() was not grabbing the kernel lock and could be called for LOG_CONS on a pty below kernel printf, as it was mostly just doing wakeup related actions.
Re: vmm(4): swap in log(9) for printf(9) [vmx 3/3]
Mark Kettenis writes: >> From: Dave Voutila >> Date: Mon, 29 Nov 2021 07:18:23 -0500 >> >> Mark Kettenis writes: >> >> >> From: Dave Voutila >> >> Date: Sun, 28 Nov 2021 22:51:59 -0500 >> >> >> >> The last vmm diff I'll be sending tonight...promise! This swaps out >> >> usage of printf(9) outside the autoconf(4) functions. >> >> >> >> The reason for this change is printf(9) could acquire a sleepable >> >> lock. >> > >> > Huh? >> > >> > /* >> > * printf: print a message to the console and the log >> > */ >> > int >> > printf(const char *fmt, ...) >> > { >> >va_list ap; >> >int retval; >> > >> >va_start(ap, fmt); >> >mtx_enter(_mutex); >> >retval = kprintf(fmt, TOCONS | TOLOG, NULL, NULL, ap); >> >> The thread I'm pulling on here is longer than kprintf. > > Well, my point is that it doesn't matter how long the thread is. The > kernel is not supposed to sleep while holding a mutex. And > assertwaitok() enforces this. If that kprintf() ends up sleeping we > have a serious bug as we call printf(9) from things like interrupt > context. > >> Calling kprintf with TOCONS results in calls to kputchar, which can call >> tputchar as a result as it can add the TOTTY flag: >> >> >>305 void >>306 kputchar(int c, int flags, struct tty *tp) >>307 { >>308 extern int msgbufmapped; >> >>309 if (panicstr) >>310 constty = NULL; >> >>311 if ((flags & TOCONS) && tp == NULL && constty != NULL >> && !db_active) { >>312 tp = constty; >>313 flags |= TOTTY; >>314 } >>315 if ((flags & TOTTY) && tp && tputchar(c, tp) < 0 && >>316 (flags & TOCONS) && tp == constty) >>317 constty = NULL; >>318 if ((flags & TOLOG) && >>319 c != '\0' && c != '\r' && c != 0177 && msgbufmapped) >>320 msgbuf_putchar(msgbufp, c); >>321 if ((flags & TOCONS) && (constty == NULL || db_active) >> && c != '\0') >>322 (*v_putc)(c); >>323 #ifdef DDB >>324 if (flags & TODDB) >>325 db_putchar(c); >>326 #endif >>327 } >> >> >> tputchar() can end up calling ttstart(), which on my system results in >> calling ptsstart(). Which results in a call to ptsstart(). Then >> selwakeup() which attempts to grab KERNEL_LOCK. > > But that's fine; KERNEL_LOCK does not sleep, it spins. > That's what I thought, but I'm going off what witness was telling me. Maybe my faith is misplaced. >> >mtx_leave(_mutex); >> >va_end(ap); >> >if (!panicstr) >> >logwakeup(); >> > >> >return(retval); >> > } >> > >> > The guts of the the code runs while holding a mutex, which means it >> > can't sleep. And logwakeup() doesn't sleep either. >> >> witness(4) begs to differ here. /shrug > > In what way? Is mispeaking? This is what I experienced: panic: acquiring blockable sleep lock with spinlock or critical section held (kernel_lock) _lock Full backtraces of two occurrences: https://imgur.com/a/vKIe3k7 -dv
Re: Unlock accept(2) and accept4(2) syscalls
On Mon, Nov 22, 2021 at 03:13:44PM +0300, Vitaliy Makkoveev wrote: > Since the rev1.267 of kern/uipc_socket solock() is used as klist lock > for sockets to make socket event filters MP-safe. This means KNOTE(9) > within doaccept() doesn't require kernel lock to be held and the > accept(2) and accept4(2) syscalls could be unlocked. This makes sense > because all our sockets use rwlock(9)s for protection. This also makes > sense for the next step of unix(4) sockets unlocking. > > The sys_accept() and sys_accept4() are just wrappers around doaccept() > which does all the work and there is no differences within so they could > be unlocked together. > > I also tested this diff with all incarnation of "Rework UNIX sockets > locking to be fine grained" diff [1]. > > ok? regress passes on i386 and amd64. OK bluhm@ > > 1.https://marc.info/?l=openbsd-tech=163758154427455=2 > > Index: sys/kern/syscalls.master > === > RCS file: /cvs/src/sys/kern/syscalls.master,v > retrieving revision 1.219 > diff -u -p -r1.219 syscalls.master > --- sys/kern/syscalls.master 27 Oct 2021 03:24:44 - 1.219 > +++ sys/kern/syscalls.master 22 Nov 2021 11:51:33 - > @@ -95,7 +95,7 @@ > 29 STD NOLOCK { ssize_t sys_recvfrom(int s, void *buf, size_t len, \ > int flags, struct sockaddr *from, \ > socklen_t *fromlenaddr); } > -30 STD { int sys_accept(int s, struct sockaddr *name, \ > +30 STD NOLOCK { int sys_accept(int s, struct sockaddr *name, \ > socklen_t *anamelen); } > 31 STD { int sys_getpeername(int fdes, struct sockaddr *asa, \ > socklen_t *alen); } > @@ -204,7 +204,7 @@ > 91 STD NOLOCK { int sys_nanosleep(const struct timespec *rqtp, \ > struct timespec *rmtp); } > 92 STD NOLOCK { int sys_fcntl(int fd, int cmd, ... void *arg); } > -93 STD { int sys_accept4(int s, struct sockaddr *name, \ > +93 STD NOLOCK { int sys_accept4(int s, struct sockaddr *name, \ > socklen_t *anamelen, int flags); } > 94 STD NOLOCK { int sys___thrsleep(const volatile void *ident, \ > clockid_t clock_id, const struct timespec *tp, \
Re: vmm(4): swap in log(9) for printf(9) [vmx 3/3]
> From: Dave Voutila > Date: Mon, 29 Nov 2021 07:18:23 -0500 > > Mark Kettenis writes: > > >> From: Dave Voutila > >> Date: Sun, 28 Nov 2021 22:51:59 -0500 > >> > >> The last vmm diff I'll be sending tonight...promise! This swaps out > >> usage of printf(9) outside the autoconf(4) functions. > >> > >> The reason for this change is printf(9) could acquire a sleepable > >> lock. > > > > Huh? > > > > /* > > * printf: print a message to the console and the log > > */ > > int > > printf(const char *fmt, ...) > > { > > va_list ap; > > int retval; > > > > va_start(ap, fmt); > > mtx_enter(_mutex); > > retval = kprintf(fmt, TOCONS | TOLOG, NULL, NULL, ap); > > The thread I'm pulling on here is longer than kprintf. Well, my point is that it doesn't matter how long the thread is. The kernel is not supposed to sleep while holding a mutex. And assertwaitok() enforces this. If that kprintf() ends up sleeping we have a serious bug as we call printf(9) from things like interrupt context. > Calling kprintf with TOCONS results in calls to kputchar, which can call > tputchar as a result as it can add the TOTTY flag: > > >305void >306kputchar(int c, int flags, struct tty *tp) >307{ >308extern int msgbufmapped; > >309if (panicstr) >310constty = NULL; > >311if ((flags & TOCONS) && tp == NULL && constty != NULL > && !db_active) { >312tp = constty; >313flags |= TOTTY; >314} >315if ((flags & TOTTY) && tp && tputchar(c, tp) < 0 && >316(flags & TOCONS) && tp == constty) >317constty = NULL; >318if ((flags & TOLOG) && >319c != '\0' && c != '\r' && c != 0177 && msgbufmapped) >320msgbuf_putchar(msgbufp, c); >321if ((flags & TOCONS) && (constty == NULL || db_active) > && c != '\0') >322(*v_putc)(c); >323#ifdef DDB >324if (flags & TODDB) >325db_putchar(c); >326#endif >327} > > > tputchar() can end up calling ttstart(), which on my system results in > calling ptsstart(). Which results in a call to ptsstart(). Then > selwakeup() which attempts to grab KERNEL_LOCK. But that's fine; KERNEL_LOCK does not sleep, it spins. > > mtx_leave(_mutex); > > va_end(ap); > > if (!panicstr) > > logwakeup(); > > > > return(retval); > > } > > > > The guts of the the code runs while holding a mutex, which means it > > can't sleep. And logwakeup() doesn't sleep either. > > witness(4) begs to differ here. /shrug In what way?
bgpctl(8): Print MPLS label info in show rib detail output
Hi, I noticed bgpctl didn't seem to have a way to show the MPLS label attached to MPLS L3VPN routes. The label was already there in the prefix info it just wasn't printed, so this diff adds printing the label info if the prefix has one in the show rib detail command. Example output below. I was originally going to add it between Nexthop and Neighbor but when I did that I thought it could easily be mistaken to be the MPLS label of the next hop instead of the VPN label. So instead I put it on a new line. BGP routing table entry for rd 4372800702:702 172.19.195.2/31 4372800702 4372800702 4372800702 65521 Nexthop 172.17.0.7 (via 172.17.6.30) Neighbor 172.17.0.3 (172.17.0.3) Origin IGP, metric 0, localpref 100, weight 0, ovs not-found, internal, valid Label 524280 Last update: 01:45:32 ago Ext. Communities: rt 4372800702:702 Originator Id: 172.17.0.7 Cluster Id List: 0.0.0.255 diff --git a/usr.sbin/bgpctl/output.c b/usr.sbin/bgpctl/output.c index 22c7dcce2..a9b1e09cd 100644 --- a/usr.sbin/bgpctl/output.c +++ b/usr.sbin/bgpctl/output.c @@ -19,6 +19,8 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + #include #include #include @@ -936,6 +938,8 @@ show_rib_detail(struct ctl_show_rib *r, u_char *asdata, size_t aslen, { struct in_addr id; char*aspath, *s; + u_int32_tlabel; + int i; printf("\nBGP routing table entry for %s/%u%c", log_addr(>prefix), r->prefixlen, @@ -961,9 +965,22 @@ show_rib_detail(struct ctl_show_rib *r, u_char *asdata, size_t aslen, fmt_origin(r->origin, 0), r->med, r->local_pref, r->weight, fmt_ovs(r->validation_state, 0)); printf("%s", fmt_flags(r->flags, 0)); + printf("%c", EOL0(flag0)); - printf("%cLast update: %s ago%c", EOL0(flag0), - fmt_timeframe(r->age), EOL0(flag0)); + if (r->prefix.labellen) { + printf("Label"); + for (i = 0; i < r->prefix.labellen / 3; ++i) { + printf(" "); + label = (r->prefix.labelstack[i * 3] << 12) | + (r->prefix.labelstack[i * 3 + 1] << 4) | + (r->prefix.labelstack[i * 3 + 2] >> 4); + printf("%u", label); + } + printf("%c", EOL0(flag0)); + } + + printf("Last update: %s ago%c", fmt_timeframe(r->age), + EOL0(flag0)); } static void
Re: vmm(4): swap in log(9) for printf(9) [vmx 3/3]
Mark Kettenis writes: >> From: Dave Voutila >> Date: Sun, 28 Nov 2021 22:51:59 -0500 >> >> The last vmm diff I'll be sending tonight...promise! This swaps out >> usage of printf(9) outside the autoconf(4) functions. >> >> The reason for this change is printf(9) could acquire a sleepable >> lock. > > Huh? > > /* > * printf: print a message to the console and the log > */ > int > printf(const char *fmt, ...) > { > va_list ap; > int retval; > > va_start(ap, fmt); > mtx_enter(_mutex); > retval = kprintf(fmt, TOCONS | TOLOG, NULL, NULL, ap); The thread I'm pulling on here is longer than kprintf. Calling kprintf with TOCONS results in calls to kputchar, which can call tputchar as a result as it can add the TOTTY flag: 305 void 306 kputchar(int c, int flags, struct tty *tp) 307 { 308 extern int msgbufmapped; 309 if (panicstr) 310 constty = NULL; 311 if ((flags & TOCONS) && tp == NULL && constty != NULL && !db_active) { 312 tp = constty; 313 flags |= TOTTY; 314 } 315 if ((flags & TOTTY) && tp && tputchar(c, tp) < 0 && 316 (flags & TOCONS) && tp == constty) 317 constty = NULL; 318 if ((flags & TOLOG) && 319 c != '\0' && c != '\r' && c != 0177 && msgbufmapped) 320 msgbuf_putchar(msgbufp, c); 321 if ((flags & TOCONS) && (constty == NULL || db_active) && c != '\0') 322 (*v_putc)(c); 323 #ifdef DDB 324 if (flags & TODDB) 325 db_putchar(c); 326 #endif 327 } tputchar() can end up calling ttstart(), which on my system results in calling ptsstart(). Which results in a call to ptsstart(). Then selwakeup() which attempts to grab KERNEL_LOCK. > mtx_leave(_mutex); > va_end(ap); > if (!panicstr) > logwakeup(); > > return(retval); > } > > The guts of the the code runs while holding a mutex, which means it > can't sleep. And logwakeup() doesn't sleep either. witness(4) begs to differ here. /shrug -dv
Re: ifconfig description for wireguard peers
On Wed, Oct 20, 2021 at 10:20:09PM -0400, Noah Meier wrote: > Hi, > > While wireguard interfaces can have a description set by ifconfig, wireguard > peers currently cannot. I now have a lot of peers and descriptions of them in > ifconfig would be helpful. > > This diff adds a 'wgdesc' option to a 'wgpeer' in ifconfig (and a > corresponding '-wgdesc' option). Man page also updated. > > NM This looks useful to me. Did you get any feedback for this patch yet, Noah? > Index: ifconfig.8 > === > RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v > retrieving revision 1.375 > diff -u -p -u -p -r1.375 ifconfig.8 > --- ifconfig.818 Aug 2021 18:10:33 - 1.375 > +++ ifconfig.821 Oct 2021 00:09:20 - > @@ -2343,6 +2343,10 @@ It is optional but recommended and can b > .Dl $ openssl rand -base64 32 > .It Cm -wgpsk > Remove the pre-shared key for this peer. > +.It Cm wgdesc Ar value > +Specify a description of the peer. > +.It Cm -wgdesc > +Clear the peer description. > .El > .Sh EXAMPLES > Assign the > Index: ifconfig.c > === > RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v > retrieving revision 1.445 > diff -u -p -u -p -r1.445 ifconfig.c > --- ifconfig.c6 Oct 2021 06:14:08 - 1.445 > +++ ifconfig.c21 Oct 2021 00:09:20 - > @@ -355,12 +355,14 @@ voidsetwgpeerep(const char *, const cha > void setwgpeeraip(const char *, int); > void setwgpeerpsk(const char *, int); > void setwgpeerpka(const char *, int); > +void setwgpeerdesc(const char *, int); > void setwgport(const char *, int); > void setwgkey(const char *, int); > void setwgrtable(const char *, int); > > void unsetwgpeer(const char *, int); > void unsetwgpeerpsk(const char *, int); > +void unsetwgpeerdesc(const char *, int); > void unsetwgpeerall(const char *, int); > > void wg_status(); > @@ -625,11 +627,13 @@ const structcmd { > { "wgaip", NEXTARG,A_WIREGUARD,setwgpeeraip}, > { "wgpsk", NEXTARG,A_WIREGUARD,setwgpeerpsk}, > { "wgpka", NEXTARG,A_WIREGUARD,setwgpeerpka}, > + { "wgdesc", NEXTARG,A_WIREGUARD,setwgpeerdesc}, > { "wgport", NEXTARG,A_WIREGUARD,setwgport}, > { "wgkey", NEXTARG,A_WIREGUARD,setwgkey}, > { "wgrtable", NEXTARG,A_WIREGUARD,setwgrtable}, > { "-wgpeer",NEXTARG,A_WIREGUARD,unsetwgpeer}, > { "-wgpsk", 0, A_WIREGUARD,unsetwgpeerpsk}, > + { "-wgdesc",0, A_WIREGUARD,unsetwgpeerdesc}, > { "-wgpeerall", 0, A_WIREGUARD,unsetwgpeerall}, > > #else /* SMALL */ > @@ -5827,6 +5831,16 @@ setwgpeerpka(const char *pka, int param) > } > > void > +setwgpeerdesc(const char *wgdesc, int param) > +{ > + if (wg_peer == NULL) > + errx(1, "wgdesc: wgpeer not set"); > + if (strlen(wgdesc)) > + strlcpy(wg_peer->p_description, wgdesc, IFDESCRSIZE); > + wg_peer->p_flags |= WG_PEER_SET_DESCRIPTION; > +} > + > +void > setwgport(const char *port, int param) > { > const char *errmsg = NULL; > @@ -5873,6 +5887,15 @@ unsetwgpeerpsk(const char *value, int pa > } > > void > +unsetwgpeerdesc(const char *value, int param) > +{ > + if (wg_peer == NULL) > + errx(1, "wgpesc: wgpeer not set"); > + strlcpy(wg_peer->p_description, (const char *)"", IFDESCRSIZE); > + wg_peer->p_flags |= WG_PEER_SET_DESCRIPTION; > +} > + > +void > unsetwgpeerall(const char *value, int param) > { > ensurewginterface(); > @@ -5931,6 +5954,9 @@ wg_status(void) > b64_ntop(wg_peer->p_public, WG_KEY_LEN, > key, sizeof(key)); > printf("\twgpeer %s\n", key); > + > + if (strlen(wg_peer->p_description)) > + printf("\t\tdescription: %s\n", wg_peer->p_description); > > if (wg_peer->p_flags & WG_PEER_HAS_PSK) > printf("\t\twgpsk (present)\n"); > Index: if_wg.c > === > RCS file: /cvs/src/sys/net/if_wg.c,v > retrieving revision 1.18 > diff -u -p -u -p -r1.18 if_wg.c > --- if_wg.c 5 Aug 2021 13:37:04 - 1.18 > +++ if_wg.c 21 Oct 2021 00:10:29 - > @@ -222,6 +222,9 @@ struct wg_peer { > > SLIST_ENTRY(wg_peer) p_start_list; > int p_start_onlist; > + > + struct mutex p_description_mtx; > + char p_description[IFDESCRSIZE]; > }; > > struct wg_softc { > @@ -276,6 +279,7 @@ int wg_peer_get_sockaddr(struct wg_peer > void wg_peer_clear_src(struct wg_peer *); > void wg_peer_get_endpoint(struct wg_peer *, struct wg_endpoint *); > void wg_peer_counters_add(struct wg_peer *, uint64_t, uint64_t); > +void
w(1): always print "up" before uptime
Hi, The following patch will make w(1) always print the word "up" before the uptime. Currently "up" is not printed if uptime is less than a minute. I ran into this with a script that parses the output from w(1), and it got confused by "10:08AM 45 secs" as it was looking for the word "up" to anchor its parsing. Kind regards, + Kimmo --- w.c.orig2021-11-28 16:33:09.275819897 +0200 +++ w.c 2021-11-28 16:33:48.395149662 +0200 @@ -441,6 +441,7 @@ pr_header(time_t *nowp, int nusers) * Print how long system has been up. */ if (clock_gettime(CLOCK_BOOTTIME, ) != -1) { + (void)printf(" up"); uptime = boottime.tv_sec; if (uptime > 59) { uptime += 30; @@ -449,7 +450,6 @@ pr_header(time_t *nowp, int nusers) hrs = uptime / SECSPERHOUR; uptime %= SECSPERHOUR; mins = uptime / 60; - (void)printf(" up"); if (days > 0) (void)printf(" %d day%s,", days, days > 1 ? "s" : "");