Import ts(1) - a timestamp utility
Dear all,
The below changeset is a from scratch & pledged C implementation of the
'ts' perl utility found in the moreutils collection by Joey Hess.
OK to add to /usr/bin?
Kind regards,
Job
Index: ts/Makefile
===
RCS file: ts/Makefile
diff -N ts/Makefile
--- /dev/null 1 Jan 1970 00:00:00 -
+++ ts/Makefile 28 Jun 2022 22:32:32 -
@@ -0,0 +1,5 @@
+# $OpenBSD: Makefile,v 1.4 2017/02/19 00:46:57 jca Exp $
+
+PROG= ts
+
+.include
Index: ts/ts.1
===
RCS file: ts/ts.1
diff -N ts/ts.1
--- /dev/null 1 Jan 1970 00:00:00 -
+++ ts/ts.1 28 Jun 2022 22:32:32 -
@@ -0,0 +1,93 @@
+.\"$OpenBSD$
+.\"
+.\" Copyright (c) 2022 Job Snijders
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: June 28 2022 $
+.Dt TS 1
+.Os
+.Sh NAME
+.Nm ts
+.Nd timestamp input
+.Sh SYNOPSIS
+.Nm ts
+.Op Fl i | s
+.Op Ar format
+.Sh DESCRIPTION
+When invoked, the
+.Nm
+utility adds a timestamp to the beginning of each line of input.
+The optional
+.Ar format
+argument controls how the timestamp is displayed, according to the conversion
+specifications described in the
+.Xr strftime 3
+manual page.
+The default format is
+.Qq %b %d %H:%M:%S .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl i
+Display time elapsed since the last timestamp.
+.It Fl s
+Display time elapsed since the start of the program.
+.El
+.Pp
+When an option is used, the default format changes to
+.Qq %H:%M:%S .
+.Sh EXAMPLES
+.Bd -literal -offset indent
+$ (echo foo; sleep 2; echo bar) | ts
+Jun 28 12:13:38 foo
+Jun 28 12:13:40 bar
+
+$ ls | ts %.s
+1656455386.515542 Makefile
+1656455386.516082 ts.1
+1656455386.516089 ts.c
+.Ed
+.Sh STANDARDS
+The following non-standard conversion specifications append millisecond
+resolution:
+.Cm \&%.S ,
+.Cm \&%.s ,
+and
+.Cm \&%.T ;
+which are similar to
+.Cm \&%S ,
+.Cm \&%s ,
+and
+.Cm \&%T .
+Examples:
+.Qq 10.1 ,
+.Qq 1656427781.1 ,
+and
+.Qq 4:20:00.1 .
+.Sh HISTORY
+A
+.Nm
+utility first appeared in the moreutils collection by Joey Hess, and was
+rewritten from scratch for
+.Ox 7.2
+for licensing reasons.
+.Sh AUTHORS
+This
+.Nm
+utility was written by
+.An Job Snijders Aq Mt j...@openbsd.org
+and
+.An Claudio Jeker Aq Mt clau...@openbsd.org
+while burning midnight fuel at
+.Em r2k22 .
Index: ts/ts.c
===
RCS file: ts/ts.c
diff -N ts/ts.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ ts/ts.c 28 Jun 2022 22:32:32 -
@@ -0,0 +1,164 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2022 Job Snijders
+ * Copyright (c) 2022 Claudio Jeker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+static char*format = "%b %d %H:%M:%S";
+static char*buf;
+static char*outbuf;
+static size_t bufsize;
+
+static void fmtfmt(struct tm *, long);
+static void __dead usage(void);
+
+int
+main(int argc, char *argv[])
+{
+ int iflag, sflag;
+ int ch, prev;
+ struct timespec start, now, elapsed;
+ struct tm *lt, tm;
+
+ if (pledge("stdio", NULL) == -1)
+ err(1, "pledge");
+
+ iflag = sflag = 0;
+
+ while ((ch = getopt(argc, argv, "is")) != -1) {
+ switch (ch) {
+ case 'i':
+ iflag = 1;
+ format = "%H:%M:%S";
+
Re: ip6 hbhchcheck mbuf pointer
Hello,
I like the idea. I would just consider to make ip6_hbhchcheck()
to always free mp on error and set NULL as return value.
for example here in current ip6_input_if() we may leak memory
on error:
308 int
309 ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet
*ifp)
310 {
423 #ifdef MROUTING
424 if (ip6_mforwarding && ip6_mrouter[ifp->if_rdomain]) {
425 int error;
426
427 nxt = ip6_hbhchcheck(&m, offp, &ours);
428 if (nxt == IPPROTO_DONE)
429 goto out;
430
575 return IPPROTO_DONE;
576 bad:
577 nxt = IPPROTO_DONE;
578 m_freemp(mp);
579 out:
580 rtfree(rt);
581 return nxt;
582 }
another option would be to revisit all places where we call ip6_hbhchcheck()
and adjust caller accordingly. In my opinion all places where we
making ip6_hbhchcheck() to also free packet on error should be the
right thing to do.
other than that diff reads OK to me.
thanks and
regards
sashan
On Tue, Jun 28, 2022 at 11:50:03PM +0200, Alexander Bluhm wrote:
> Hi,
>
> Deep in ip6_hbhchcheck() may modify the mbuf pointer. Instead of
> having dangling pointer that we must not use, pass pointer to mbuf
> pointer and keep it consistent in the caller.
>
> ok?
>
> bluhm
>
> Index: netinet6/ip6_input.c
> ===
> RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_input.c,v
> retrieving revision 1.246
> diff -u -p -r1.246 ip6_input.c
> --- netinet6/ip6_input.c 28 Jun 2022 08:24:29 - 1.246
> +++ netinet6/ip6_input.c 28 Jun 2022 10:51:43 -
> @@ -122,7 +122,7 @@ uint8_t ip6_soiikey[IP6_SOIIKEY_LEN];
> int ip6_ours(struct mbuf **, int *, int, int);
> int ip6_local(struct mbuf **, int *, int, int);
> int ip6_check_rh0hdr(struct mbuf *, int *);
> -int ip6_hbhchcheck(struct mbuf *, int *, int *);
> +int ip6_hbhchcheck(struct mbuf **, int *, int *);
> int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
> struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
> int ip6_sysctl_soiikey(void *, size_t *, void *, size_t);
> @@ -424,7 +424,7 @@ ip6_input_if(struct mbuf **mp, int *offp
> if (ip6_mforwarding && ip6_mrouter[ifp->if_rdomain]) {
> int error;
>
> - nxt = ip6_hbhchcheck(m, offp, &ours);
> + nxt = ip6_hbhchcheck(&m, offp, &ours);
> if (nxt == IPPROTO_DONE)
> goto out;
>
> @@ -544,7 +544,7 @@ ip6_input_if(struct mbuf **mp, int *offp
> goto bad;
> }
>
> - nxt = ip6_hbhchcheck(m, offp, &ours);
> + nxt = ip6_hbhchcheck(&m, offp, &ours);
> if (nxt == IPPROTO_DONE)
> goto out;
>
> @@ -586,7 +586,7 @@ ip6_local(struct mbuf **mp, int *offp, i
> {
> NET_ASSERT_WLOCKED();
>
> - nxt = ip6_hbhchcheck(*mp, offp, NULL);
> + nxt = ip6_hbhchcheck(mp, offp, NULL);
> if (nxt == IPPROTO_DONE)
> return IPPROTO_DONE;
>
> @@ -597,13 +597,13 @@ ip6_local(struct mbuf **mp, int *offp, i
> }
>
> int
> -ip6_hbhchcheck(struct mbuf *m, int *offp, int *oursp)
> +ip6_hbhchcheck(struct mbuf **mp, int *offp, int *oursp)
> {
> struct ip6_hdr *ip6;
> u_int32_t plen, rtalert = ~0;
> int nxt;
>
> - ip6 = mtod(m, struct ip6_hdr *);
> + ip6 = mtod(*mp, struct ip6_hdr *);
>
> /*
>* Process Hop-by-Hop options header if it's contained.
> @@ -615,12 +615,11 @@ ip6_hbhchcheck(struct mbuf *m, int *offp
> if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
> struct ip6_hbh *hbh;
>
> - if (ip6_hopopts_input(&plen, &rtalert, &m, offp)) {
> + if (ip6_hopopts_input(&plen, &rtalert, mp, offp))
> goto bad; /* m have already been freed */
> - }
>
> /* adjust pointer */
> - ip6 = mtod(m, struct ip6_hdr *);
> + ip6 = mtod(*mp, struct ip6_hdr *);
>
> /*
>* if the payload length field is 0 and the next header field
> @@ -634,13 +633,13 @@ ip6_hbhchcheck(struct mbuf *m, int *offp
>* (non-zero) payload length to the variable plen.
>*/
> ip6stat_inc(ip6s_badoptions);
> - icmp6_error(m, ICMP6_PARAM_PROB,
> + icmp6_error(*mp, ICMP6_PARAM_PROB,
> ICMP6_PARAMPROB_HEADER,
> (caddr_t)&ip6->ip6_plen - (caddr_t)ip6);
> goto bad;
> }
> - IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
> - sizeof(struct ip6_hbh));
> + IP6_EXTHDR_GET(hbh, struct ip6_hbh *, *mp,
> + sizeof(struct ip6_hdr
ip6 hbhchcheck mbuf pointer
Hi,
Deep in ip6_hbhchcheck() may modify the mbuf pointer. Instead of
having dangling pointer that we must not use, pass pointer to mbuf
pointer and keep it consistent in the caller.
ok?
bluhm
Index: netinet6/ip6_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet6/ip6_input.c,v
retrieving revision 1.246
diff -u -p -r1.246 ip6_input.c
--- netinet6/ip6_input.c28 Jun 2022 08:24:29 - 1.246
+++ netinet6/ip6_input.c28 Jun 2022 10:51:43 -
@@ -122,7 +122,7 @@ uint8_t ip6_soiikey[IP6_SOIIKEY_LEN];
int ip6_ours(struct mbuf **, int *, int, int);
int ip6_local(struct mbuf **, int *, int, int);
int ip6_check_rh0hdr(struct mbuf *, int *);
-int ip6_hbhchcheck(struct mbuf *, int *, int *);
+int ip6_hbhchcheck(struct mbuf **, int *, int *);
int ip6_hopopts_input(u_int32_t *, u_int32_t *, struct mbuf **, int *);
struct mbuf *ip6_pullexthdr(struct mbuf *, size_t, int);
int ip6_sysctl_soiikey(void *, size_t *, void *, size_t);
@@ -424,7 +424,7 @@ ip6_input_if(struct mbuf **mp, int *offp
if (ip6_mforwarding && ip6_mrouter[ifp->if_rdomain]) {
int error;
- nxt = ip6_hbhchcheck(m, offp, &ours);
+ nxt = ip6_hbhchcheck(&m, offp, &ours);
if (nxt == IPPROTO_DONE)
goto out;
@@ -544,7 +544,7 @@ ip6_input_if(struct mbuf **mp, int *offp
goto bad;
}
- nxt = ip6_hbhchcheck(m, offp, &ours);
+ nxt = ip6_hbhchcheck(&m, offp, &ours);
if (nxt == IPPROTO_DONE)
goto out;
@@ -586,7 +586,7 @@ ip6_local(struct mbuf **mp, int *offp, i
{
NET_ASSERT_WLOCKED();
- nxt = ip6_hbhchcheck(*mp, offp, NULL);
+ nxt = ip6_hbhchcheck(mp, offp, NULL);
if (nxt == IPPROTO_DONE)
return IPPROTO_DONE;
@@ -597,13 +597,13 @@ ip6_local(struct mbuf **mp, int *offp, i
}
int
-ip6_hbhchcheck(struct mbuf *m, int *offp, int *oursp)
+ip6_hbhchcheck(struct mbuf **mp, int *offp, int *oursp)
{
struct ip6_hdr *ip6;
u_int32_t plen, rtalert = ~0;
int nxt;
- ip6 = mtod(m, struct ip6_hdr *);
+ ip6 = mtod(*mp, struct ip6_hdr *);
/*
* Process Hop-by-Hop options header if it's contained.
@@ -615,12 +615,11 @@ ip6_hbhchcheck(struct mbuf *m, int *offp
if (ip6->ip6_nxt == IPPROTO_HOPOPTS) {
struct ip6_hbh *hbh;
- if (ip6_hopopts_input(&plen, &rtalert, &m, offp)) {
+ if (ip6_hopopts_input(&plen, &rtalert, mp, offp))
goto bad; /* m have already been freed */
- }
/* adjust pointer */
- ip6 = mtod(m, struct ip6_hdr *);
+ ip6 = mtod(*mp, struct ip6_hdr *);
/*
* if the payload length field is 0 and the next header field
@@ -634,13 +633,13 @@ ip6_hbhchcheck(struct mbuf *m, int *offp
* (non-zero) payload length to the variable plen.
*/
ip6stat_inc(ip6s_badoptions);
- icmp6_error(m, ICMP6_PARAM_PROB,
+ icmp6_error(*mp, ICMP6_PARAM_PROB,
ICMP6_PARAMPROB_HEADER,
(caddr_t)&ip6->ip6_plen - (caddr_t)ip6);
goto bad;
}
- IP6_EXTHDR_GET(hbh, struct ip6_hbh *, m, sizeof(struct ip6_hdr),
- sizeof(struct ip6_hbh));
+ IP6_EXTHDR_GET(hbh, struct ip6_hbh *, *mp,
+ sizeof(struct ip6_hdr), sizeof(struct ip6_hbh));
if (hbh == NULL) {
ip6stat_inc(ip6s_tooshort);
goto bad;
@@ -662,18 +661,18 @@ ip6_hbhchcheck(struct mbuf *m, int *offp
* Trim mbufs if longer than we expect.
* Drop packet if shorter than we expect.
*/
- if (m->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
+ if ((*mp)->m_pkthdr.len - sizeof(struct ip6_hdr) < plen) {
ip6stat_inc(ip6s_tooshort);
- m_freem(m);
+ m_freemp(mp);
goto bad;
}
- if (m->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
- if (m->m_len == m->m_pkthdr.len) {
- m->m_len = sizeof(struct ip6_hdr) + plen;
- m->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
+ if ((*mp)->m_pkthdr.len > sizeof(struct ip6_hdr) + plen) {
+ if ((*mp)->m_len == (*mp)->m_pkthdr.len) {
+ (*mp)->m_len = sizeof(struct ip6_hdr) + plen;
+ (*mp)->m_pkthdr.len = sizeof(struct ip6_hdr) + plen;
} else {
- m_adj(m,
- sizeof(struct ip6_hdr) + plen - m->m_pkthdr.len);
+
Re: Unlocking pledge(2)
On Tue, Jun 28 2022, Martin Pieuchot wrote:
> On 28/06/22(Tue) 18:17, Jeremie Courreges-Anglas wrote:
>>
>> Initially I just wandered in syscall_mi.h and found the locking scheme
>> super weird, even if technically correct. pledge_syscall() better be
>> safe to call without the kernel lock so I don't understand why we're
>> sometimes calling it with the kernel lock and sometimes not.
>>
>> ps_pledge is 64 bits so it's not possible to unset bits in an atomic
>> manner on all architectures. Even if we're only removing bits and there
>> is probably no way to see a completely garbage value, it makes sense to
>> just protect ps_pledge (and ps_execpledge) in the usual manner so that
>> we can unlock the syscall. The diff below protects the fields using
>> ps_mtx even though I initially used a dedicated ps_pledge_mtx.
>> unveil_destroy() needs to be moved after the critical section.
>> regress/sys/kern/pledge looks happy with this. The sys/syscall_mi.h
>> change can be committed in a separate step.
>>
>> Input and oks welcome.
>
> This looks nice. I doubt there's any existing program where you can
> really test this. Even firefox and chromium should do things
> correctly.
>
> Maybe you should write a regress test that tries to break the kernel.
That would need some pondering, I'm not sure what kind of breakage
you're envisioning. The obvious check to perform would be to ensure
that we're not increasing the promises but the code already does it.
Hmm.
For now, here's the latest diff based on input from the hackroom, which
basically amounts to:
- don't take the mutex to read the value. Even on 32 bits machines that
can't write an 8 byte value in a single go we don't expect garbage to
on a read crossing a write, since we only remove bits and never add
some.
- use READ_ONCE when we're storing the value in a local variable, to
prevent possible reloading from memory. In the current code it would
not be a problem but ensuring that we do not reload from memory is
just good practice for stuff that can be modified concurrently.
(This part can be committed in a second step, just like the
syscall_mi.h change.)
ok?
Index: kern/init_sysent.c
===
RCS file: /home/cvs/src/sys/kern/init_sysent.c,v
retrieving revision 1.238
diff -u -p -r1.238 init_sysent.c
--- kern/init_sysent.c 27 Jun 2022 14:26:05 - 1.238
+++ kern/init_sysent.c 28 Jun 2022 15:18:25 -
@@ -1,10 +1,10 @@
-/* $OpenBSD: init_sysent.c,v 1.238 2022/06/27 14:26:05 cheloha Exp $
*/
+/* $OpenBSD$ */
/*
* System call switch table.
*
* DO NOT EDIT-- this file is automatically generated.
- * created from; OpenBSD: syscalls.master,v 1.224 2022/05/16 07:36:04
mvs Exp
+ * created from; OpenBSD: syscalls.master,v 1.225 2022/06/27 14:26:05
cheloha Exp
*/
#include
@@ -248,7 +248,7 @@ const struct sysent sysent[] = {
sys_listen }, /* 106 = listen */
{ 4, s(struct sys_chflagsat_args), 0,
sys_chflagsat },/* 107 = chflagsat */
- { 2, s(struct sys_pledge_args), 0,
+ { 2, s(struct sys_pledge_args), SY_NOLOCK | 0,
sys_pledge }, /* 108 = pledge */
{ 4, s(struct sys_ppoll_args), 0,
sys_ppoll },/* 109 = ppoll */
Index: kern/kern_pledge.c
===
RCS file: /home/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.282
diff -u -p -r1.282 kern_pledge.c
--- kern/kern_pledge.c 26 Jun 2022 06:11:49 - 1.282
+++ kern/kern_pledge.c 28 Jun 2022 17:00:51 -
@@ -21,6 +21,7 @@
#include
#include
+#include
#include
#include
#include
@@ -465,13 +466,26 @@ sys_pledge(struct proc *p, void *v, regi
struct process *pr = p->p_p;
uint64_t promises, execpromises;
int error;
+ int unveil_cleanup = 0;
+ /* Check for any error in user input */
if (SCARG(uap, promises)) {
error = parsepledges(p, "pledgereq",
SCARG(uap, promises), &promises);
if (error)
return (error);
+ }
+ if (SCARG(uap, execpromises)) {
+ error = parsepledges(p, "pledgeexecreq",
+ SCARG(uap, execpromises), &execpromises);
+ if (error)
+ return (error);
+ }
+
+ mtx_enter(&pr->ps_mtx);
+ /* Check for any error wrt current promises */
+ if (SCARG(uap, promises)) {
/* In "error" mode, ignore promise increase requests,
* but accept promise decrease requests */
if (ISSET(pr->ps_flags, PS_PLEDGE) &&
@@ -480,37 +494,47 @@ sys_pledge(struct proc *p, void *v, regi
/* Only permit reductions */
if (ISSET(pr->ps_flags, PS_PLEDGE) &&
-
Re: pipex(4): use per-session `pxs_mtx' mutex(9) for protection
On Tue, Jun 28, 2022 at 09:05:09PM +0300, Vitaliy Makkoveev wrote:
> The updated diff. It was triggered by Hrvoje Popovski, we could do
> direct (*if_qstart)() call in pipex(4) PPPOE input path, and this
> provides deadlock. The updated diff uses ip{,6}_send() instead of
> ipv{4,6}_input().
>
I think, I found better solution. The diff below still uses
ipv{4,6}_input(), but introduces custom pipex_if_enqueue()
(*if_enqueue)() handler. Now we can be sure, our (*if_qstart)() handlers
will never be called directly. Also we can be sure about netlock state
within our (*if_qstart)() handlers and remove pipexintr().
We do direct (*if_qstart)() call only if we overflow `if_snd' queue, and
of course we loose packets in this case, so the behavior mostly the
same.
Index: sys/net/if_pppx.c
===
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.117
diff -u -p -r1.117 if_pppx.c
--- sys/net/if_pppx.c 26 Jun 2022 22:51:58 - 1.117
+++ sys/net/if_pppx.c 28 Jun 2022 19:56:47 -
@@ -651,6 +651,7 @@ pppx_add_session(struct pppx_dev *pxd, s
ifp->if_mtu = req->pr_peer_mru; /* XXX */
ifp->if_flags = IFF_POINTOPOINT | IFF_MULTICAST | IFF_UP;
ifp->if_xflags = IFXF_CLONED | IFXF_MPSAFE;
+ ifp->if_enqueue = pipex_if_enqueue;
ifp->if_qstart = pppx_if_qstart;
ifp->if_output = pppx_if_output;
ifp->if_ioctl = pppx_if_ioctl;
@@ -659,8 +660,6 @@ pppx_add_session(struct pppx_dev *pxd, s
ifp->if_softc = pxi;
/* ifp->if_rdomain = req->pr_rdomain; */
if_counters_alloc(ifp);
- /* XXXSMP: be sure pppx_if_qstart() called with NET_LOCK held */
- ifq_set_maxlen(&ifp->if_snd, 1);
/* XXXSMP breaks atomicity */
NET_UNLOCK();
@@ -801,13 +800,16 @@ pppx_if_qstart(struct ifqueue *ifq)
struct mbuf *m;
int proto;
- NET_ASSERT_LOCKED();
+ mtx_enter(&pxi->pxi_session->pxs_mtx);
+
while ((m = ifq_dequeue(ifq)) != NULL) {
proto = *mtod(m, int *);
m_adj(m, sizeof(proto));
pipex_ppp_output(m, pxi->pxi_session, proto);
}
+
+ mtx_leave(&pxi->pxi_session->pxs_mtx);
}
int
@@ -1041,11 +1043,10 @@ pppacopen(dev_t dev, int flags, int mode
ifp->if_flags = IFF_SIMPLEX | IFF_BROADCAST;
ifp->if_xflags = IFXF_CLONED | IFXF_MPSAFE;
ifp->if_rtrequest = p2p_rtrequest; /* XXX */
+ ifp->if_enqueue = pipex_if_enqueue;
ifp->if_output = pppac_output;
ifp->if_qstart = pppac_qstart;
ifp->if_ioctl = pppac_ioctl;
- /* XXXSMP: be sure pppac_qstart() called with NET_LOCK held */
- ifq_set_maxlen(&ifp->if_snd, 1);
if_counters_alloc(ifp);
if_attach(ifp);
@@ -1441,7 +1442,6 @@ pppac_qstart(struct ifqueue *ifq)
struct ip ip;
int rv;
- NET_ASSERT_LOCKED();
while ((m = ifq_dequeue(ifq)) != NULL) {
#if NBPFILTER > 0
if (ifp->if_bpf) {
Index: sys/net/pipex.c
===
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.142
diff -u -p -r1.142 pipex.c
--- sys/net/pipex.c 28 Jun 2022 08:01:40 - 1.142
+++ sys/net/pipex.c 28 Jun 2022 19:56:47 -
@@ -91,7 +91,6 @@ struct pool mppe_key_pool;
* Locks used to protect global data
* A atomic operation
* I immutable after creation
- * N net lock
* L pipex_list_mtx
*/
@@ -172,7 +171,6 @@ pipex_ioctl(void *ownersc, u_long cmd, c
{
int ret = 0;
- NET_ASSERT_LOCKED();
switch (cmd) {
case PIPEXCSESSION:
ret = pipex_config_session(
@@ -197,6 +195,19 @@ pipex_ioctl(void *ownersc, u_long cmd, c
return (ret);
}
+int
+pipex_if_enqueue(struct ifnet *ifp, struct mbuf *m)
+{
+ struct ifqueue *ifq = &ifp->if_snd;
+ int error;
+
+ if ((error = ifq_enqueue(ifq, m)) != 0)
+ return (error);
+ task_add(ifq->ifq_softnet, &ifq->ifq_bundle);
+
+ return (0);
+}
+
/
* Software Interrupt Handler
/
@@ -575,18 +586,20 @@ pipex_config_session(struct pipex_sessio
struct pipex_session *session;
int error = 0;
- NET_ASSERT_LOCKED();
-
session = pipex_lookup_by_session_id(req->pcr_protocol,
req->pcr_session_id);
if (session == NULL)
return (EINVAL);
if (session->ownersc == ownersc) {
+ mtx_enter(&session->pxs_mtx);
+
if (req->pcr_ip_forward != 0)
session->flags |= PIPEX_SFLAGS_IP_FORWARD;
else
session->flags &= ~PIPEX_SFLAGS_IP_FORWARD;
+
+ mtx_leave(&session->pxs_mtx);
} else
Re: Unlocking pledge(2)
On 28/06/22(Tue) 18:17, Jeremie Courreges-Anglas wrote:
>
> Initially I just wandered in syscall_mi.h and found the locking scheme
> super weird, even if technically correct. pledge_syscall() better be
> safe to call without the kernel lock so I don't understand why we're
> sometimes calling it with the kernel lock and sometimes not.
>
> ps_pledge is 64 bits so it's not possible to unset bits in an atomic
> manner on all architectures. Even if we're only removing bits and there
> is probably no way to see a completely garbage value, it makes sense to
> just protect ps_pledge (and ps_execpledge) in the usual manner so that
> we can unlock the syscall. The diff below protects the fields using
> ps_mtx even though I initially used a dedicated ps_pledge_mtx.
> unveil_destroy() needs to be moved after the critical section.
> regress/sys/kern/pledge looks happy with this. The sys/syscall_mi.h
> change can be committed in a separate step.
>
> Input and oks welcome.
This looks nice. I doubt there's any existing program where you can
really test this. Even firefox and chromium should do things
correctly.
Maybe you should write a regress test that tries to break the kernel.
> Index: arch/amd64/amd64/vmm.c
> ===
> RCS file: /home/cvs/src/sys/arch/amd64/amd64/vmm.c,v
> retrieving revision 1.315
> diff -u -p -r1.315 vmm.c
> --- arch/amd64/amd64/vmm.c27 Jun 2022 15:12:14 - 1.315
> +++ arch/amd64/amd64/vmm.c28 Jun 2022 13:54:25 -
> @@ -713,7 +713,7 @@ pledge_ioctl_vmm(struct proc *p, long co
> case VMM_IOC_CREATE:
> case VMM_IOC_INFO:
> /* The "parent" process in vmd forks and manages VMs */
> - if (p->p_p->ps_pledge & PLEDGE_PROC)
> + if (pledge_get(p->p_p) & PLEDGE_PROC)
> return (0);
> break;
> case VMM_IOC_TERM:
> @@ -1312,7 +1312,7 @@ vm_find(uint32_t id, struct vm **res)
>* The managing vmm parent process can lookup all
>* all VMs and is indicated by PLEDGE_PROC.
>*/
> - if (((p->p_p->ps_pledge &
> + if (((pledge_get(p->p_p) &
> (PLEDGE_VMM | PLEDGE_PROC)) == PLEDGE_VMM) &&
> (vm->vm_creator_pid != p->p_p->ps_pid))
> return (pledge_fail(p, EPERM, PLEDGE_VMM));
> Index: kern/init_sysent.c
> ===
> RCS file: /home/cvs/src/sys/kern/init_sysent.c,v
> retrieving revision 1.238
> diff -u -p -r1.238 init_sysent.c
> --- kern/init_sysent.c27 Jun 2022 14:26:05 - 1.238
> +++ kern/init_sysent.c28 Jun 2022 15:18:25 -
> @@ -1,10 +1,10 @@
> -/* $OpenBSD: init_sysent.c,v 1.238 2022/06/27 14:26:05 cheloha Exp $
> */
> +/* $OpenBSD$ */
>
> /*
> * System call switch table.
> *
> * DO NOT EDIT-- this file is automatically generated.
> - * created from; OpenBSD: syscalls.master,v 1.224 2022/05/16 07:36:04
> mvs Exp
> + * created from; OpenBSD: syscalls.master,v 1.225 2022/06/27 14:26:05
> cheloha Exp
> */
>
> #include
> @@ -248,7 +248,7 @@ const struct sysent sysent[] = {
> sys_listen }, /* 106 = listen */
> { 4, s(struct sys_chflagsat_args), 0,
> sys_chflagsat },/* 107 = chflagsat */
> - { 2, s(struct sys_pledge_args), 0,
> + { 2, s(struct sys_pledge_args), SY_NOLOCK | 0,
> sys_pledge }, /* 108 = pledge */
> { 4, s(struct sys_ppoll_args), 0,
> sys_ppoll },/* 109 = ppoll */
> Index: kern/kern_event.c
> ===
> RCS file: /home/cvs/src/sys/kern/kern_event.c,v
> retrieving revision 1.191
> diff -u -p -r1.191 kern_event.c
> --- kern/kern_event.c 27 Jun 2022 13:35:21 - 1.191
> +++ kern/kern_event.c 28 Jun 2022 13:55:18 -
> @@ -331,7 +331,7 @@ filt_procattach(struct knote *kn)
> int s;
>
> if ((curproc->p_p->ps_flags & PS_PLEDGE) &&
> - (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0)
> + (pledge_get(curproc->p_p) & PLEDGE_PROC) == 0)
> return pledge_fail(curproc, EPERM, PLEDGE_PROC);
>
> if (kn->kn_id > PID_MAX)
> Index: kern/kern_pledge.c
> ===
> RCS file: /home/cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.282
> diff -u -p -r1.282 kern_pledge.c
> --- kern/kern_pledge.c26 Jun 2022 06:11:49 - 1.282
> +++ kern/kern_pledge.c28 Jun 2022 15:21:46 -
> @@ -21,6 +21,7 @@
>
> #include
> #include
> +#include
> #include
> #include
> #include
> @@ -465,13 +466,26 @@ sys_pledge(struct proc *p, void *v, regi
> struct process *pr = p->p_p;
> uint64_t p
Re: pipex(4): use per-session `pxs_mtx' mutex(9) for protection
The updated diff. It was triggered by Hrvoje Popovski, we could do
direct (*if_qstart)() call in pipex(4) PPPOE input path, and this
provides deadlock. The updated diff uses ip{,6}_send() instead of
ipv{4,6}_input().
r420-1# witness: acquiring duplicate lock of same type: "&session->pxs_mtx"
1st &session->pxs_mtx
2nd &session->pxs_mtx
Starting stack trace...
witness_checkorder(80002275f478,9,0) at witness_checkorder+0x8ac
mtx_enter(80002275f468) at mtx_enter+0x34
pipex_ip_output(fd80cccfb900,80002275f3a0) at pipex_ip_output+0x3a
pppac_qstart(80ff2ab0) at pppac_qstart+0x67
ifq_serialize(80ff2ab0,80ff2bd0) at ifq_serialize+0xfd
if_enqueue_ifq(80ff2800,fd80c6b9f000) at if_enqueue_ifq+0x6b
ip_output(fd80c6b9f000,0,8000226a5788,1,0,0,c9790ec822d038fa) at
ip_output+0x8ee
ip_forward(fd80c6b9f000,80ff2800,fd85711c1238,0) at
ip_forward+0x2da
ip_input_if(8000226a58c8,8000226a58d4,4,0,80ff2800) at
ip_input_if+0x353
ipv4_input(80ff2800,fd80c6b9f000) at ipv4_input+0x39
pipex_ip_input(fd80c6b9f000,80002275e000) at pipex_ip_input+0x207
pipex_ppp_input(fd80c6b9f000,80002275e000,0) at
pipex_ppp_input+0x1f2
pipex_common_input(80002275e000,fd80c6b9f000,14,36) at
pipex_common_input+0x1ed
pipex_pppoe_input(fd80c6b9f000,80002275e000) at
pipex_pppoe_input+0x6a
ether_input(800a5048,fd80c6b9f000) at ether_input+0x2f8
if_input_process(800a5048,8000226a5b38) at if_input_process+0x6f
ifiq_process(800a5498) at ifiq_process+0x69
taskq_thread(80031000) at taskq_thread+0x11a
end trace frame: 0x0, count: 239
End of stack trace.
panic: mtx 0x80002275e0c8: locking against myself
Stopped at db_enter+0x10: popq%rbp
TIDPIDUID PRFLAGS PFLAGS CPU COMMAND
145021 16649 73 0x1100010 03K syslogd
* 98910 86015 0 0x14000 0x2002 softnet
Index: sys/net/if_pppx.c
===
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.117
diff -u -p -r1.117 if_pppx.c
--- sys/net/if_pppx.c 26 Jun 2022 22:51:58 - 1.117
+++ sys/net/if_pppx.c 28 Jun 2022 17:53:23 -
@@ -659,8 +659,6 @@ pppx_add_session(struct pppx_dev *pxd, s
ifp->if_softc = pxi;
/* ifp->if_rdomain = req->pr_rdomain; */
if_counters_alloc(ifp);
- /* XXXSMP: be sure pppx_if_qstart() called with NET_LOCK held */
- ifq_set_maxlen(&ifp->if_snd, 1);
/* XXXSMP breaks atomicity */
NET_UNLOCK();
@@ -801,13 +799,16 @@ pppx_if_qstart(struct ifqueue *ifq)
struct mbuf *m;
int proto;
- NET_ASSERT_LOCKED();
+ mtx_enter(&pxi->pxi_session->pxs_mtx);
+
while ((m = ifq_dequeue(ifq)) != NULL) {
proto = *mtod(m, int *);
m_adj(m, sizeof(proto));
pipex_ppp_output(m, pxi->pxi_session, proto);
}
+
+ mtx_leave(&pxi->pxi_session->pxs_mtx);
}
int
@@ -1044,8 +1045,6 @@ pppacopen(dev_t dev, int flags, int mode
ifp->if_output = pppac_output;
ifp->if_qstart = pppac_qstart;
ifp->if_ioctl = pppac_ioctl;
- /* XXXSMP: be sure pppac_qstart() called with NET_LOCK held */
- ifq_set_maxlen(&ifp->if_snd, 1);
if_counters_alloc(ifp);
if_attach(ifp);
@@ -1441,7 +1440,6 @@ pppac_qstart(struct ifqueue *ifq)
struct ip ip;
int rv;
- NET_ASSERT_LOCKED();
while ((m = ifq_dequeue(ifq)) != NULL) {
#if NBPFILTER > 0
if (ifp->if_bpf) {
Index: sys/net/pipex.c
===
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.142
diff -u -p -r1.142 pipex.c
--- sys/net/pipex.c 28 Jun 2022 08:01:40 - 1.142
+++ sys/net/pipex.c 28 Jun 2022 17:53:23 -
@@ -91,7 +91,6 @@ struct pool mppe_key_pool;
* Locks used to protect global data
* A atomic operation
* I immutable after creation
- * N net lock
* L pipex_list_mtx
*/
@@ -172,7 +171,6 @@ pipex_ioctl(void *ownersc, u_long cmd, c
{
int ret = 0;
- NET_ASSERT_LOCKED();
switch (cmd) {
case PIPEXCSESSION:
ret = pipex_config_session(
@@ -575,18 +573,20 @@ pipex_config_session(struct pipex_sessio
struct pipex_session *session;
int error = 0;
- NET_ASSERT_LOCKED();
-
session = pipex_lookup_by_session_id(req->pcr_protocol,
req->pcr_session_id);
if (session == NULL)
return (EINVAL);
if (session->ownersc == ownersc) {
+ mtx_enter(&session->pxs_mtx);
+
if (req->pcr_ip_forward != 0)
session->flags |= PIPEX_SFLAGS_IP_FORWARD;
else
session->flags &= ~PIPEX_SFLAGS_IP_FORWARD;
+
+
Unlocking pledge(2)
Initially I just wandered in syscall_mi.h and found the locking scheme
super weird, even if technically correct. pledge_syscall() better be
safe to call without the kernel lock so I don't understand why we're
sometimes calling it with the kernel lock and sometimes not.
ps_pledge is 64 bits so it's not possible to unset bits in an atomic
manner on all architectures. Even if we're only removing bits and there
is probably no way to see a completely garbage value, it makes sense to
just protect ps_pledge (and ps_execpledge) in the usual manner so that
we can unlock the syscall. The diff below protects the fields using
ps_mtx even though I initially used a dedicated ps_pledge_mtx.
unveil_destroy() needs to be moved after the critical section.
regress/sys/kern/pledge looks happy with this. The sys/syscall_mi.h
change can be committed in a separate step.
Input and oks welcome.
Index: arch/amd64/amd64/vmm.c
===
RCS file: /home/cvs/src/sys/arch/amd64/amd64/vmm.c,v
retrieving revision 1.315
diff -u -p -r1.315 vmm.c
--- arch/amd64/amd64/vmm.c 27 Jun 2022 15:12:14 - 1.315
+++ arch/amd64/amd64/vmm.c 28 Jun 2022 13:54:25 -
@@ -713,7 +713,7 @@ pledge_ioctl_vmm(struct proc *p, long co
case VMM_IOC_CREATE:
case VMM_IOC_INFO:
/* The "parent" process in vmd forks and manages VMs */
- if (p->p_p->ps_pledge & PLEDGE_PROC)
+ if (pledge_get(p->p_p) & PLEDGE_PROC)
return (0);
break;
case VMM_IOC_TERM:
@@ -1312,7 +1312,7 @@ vm_find(uint32_t id, struct vm **res)
* The managing vmm parent process can lookup all
* all VMs and is indicated by PLEDGE_PROC.
*/
- if (((p->p_p->ps_pledge &
+ if (((pledge_get(p->p_p) &
(PLEDGE_VMM | PLEDGE_PROC)) == PLEDGE_VMM) &&
(vm->vm_creator_pid != p->p_p->ps_pid))
return (pledge_fail(p, EPERM, PLEDGE_VMM));
Index: kern/init_sysent.c
===
RCS file: /home/cvs/src/sys/kern/init_sysent.c,v
retrieving revision 1.238
diff -u -p -r1.238 init_sysent.c
--- kern/init_sysent.c 27 Jun 2022 14:26:05 - 1.238
+++ kern/init_sysent.c 28 Jun 2022 15:18:25 -
@@ -1,10 +1,10 @@
-/* $OpenBSD: init_sysent.c,v 1.238 2022/06/27 14:26:05 cheloha Exp $
*/
+/* $OpenBSD$ */
/*
* System call switch table.
*
* DO NOT EDIT-- this file is automatically generated.
- * created from; OpenBSD: syscalls.master,v 1.224 2022/05/16 07:36:04
mvs Exp
+ * created from; OpenBSD: syscalls.master,v 1.225 2022/06/27 14:26:05
cheloha Exp
*/
#include
@@ -248,7 +248,7 @@ const struct sysent sysent[] = {
sys_listen }, /* 106 = listen */
{ 4, s(struct sys_chflagsat_args), 0,
sys_chflagsat },/* 107 = chflagsat */
- { 2, s(struct sys_pledge_args), 0,
+ { 2, s(struct sys_pledge_args), SY_NOLOCK | 0,
sys_pledge }, /* 108 = pledge */
{ 4, s(struct sys_ppoll_args), 0,
sys_ppoll },/* 109 = ppoll */
Index: kern/kern_event.c
===
RCS file: /home/cvs/src/sys/kern/kern_event.c,v
retrieving revision 1.191
diff -u -p -r1.191 kern_event.c
--- kern/kern_event.c 27 Jun 2022 13:35:21 - 1.191
+++ kern/kern_event.c 28 Jun 2022 13:55:18 -
@@ -331,7 +331,7 @@ filt_procattach(struct knote *kn)
int s;
if ((curproc->p_p->ps_flags & PS_PLEDGE) &&
- (curproc->p_p->ps_pledge & PLEDGE_PROC) == 0)
+ (pledge_get(curproc->p_p) & PLEDGE_PROC) == 0)
return pledge_fail(curproc, EPERM, PLEDGE_PROC);
if (kn->kn_id > PID_MAX)
Index: kern/kern_pledge.c
===
RCS file: /home/cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.282
diff -u -p -r1.282 kern_pledge.c
--- kern/kern_pledge.c 26 Jun 2022 06:11:49 - 1.282
+++ kern/kern_pledge.c 28 Jun 2022 15:21:46 -
@@ -21,6 +21,7 @@
#include
#include
+#include
#include
#include
#include
@@ -465,13 +466,26 @@ sys_pledge(struct proc *p, void *v, regi
struct process *pr = p->p_p;
uint64_t promises, execpromises;
int error;
+ int unveil_cleanup = 0;
+ /* Check for any error in user input */
if (SCARG(uap, promises)) {
error = parsepledges(p, "pledgereq",
SCARG(uap, promises), &promises);
if (error)
return (error);
+ }
+ if (SCARG(uap, execpromises)) {
+ error = parsepledges(p, "pl
Re: Fix the swapper
On 27/06/22(Mon) 15:44, Martin Pieuchot wrote:
> Diff below contain 3 parts that can be committed independently. The 3
> of them are necessary to allow the pagedaemon to make progress in OOM
> situation and to satisfy all the allocations waiting for pages in
> specific ranges.
>
> * uvm/uvm_pager.c part reserves a second segment for the page daemon.
> This is necessary to ensure the two uvm_pagermapin() calls needed by
> uvm_swap_io() succeed in emergency OOM situation. (the 2nd segment is
> necessary when encryption or bouncing is required)
>
> * uvm/uvm_swap.c part pre-allocates 16 pages in the DMA-reachable region
> for the same reason. Note that a sleeping point is introduced because
> the pagedaemon is faster than the asynchronous I/O and in OOM
> situation it tends to stay busy building cluster that it then discard
> because no memory is available.
>
> * uvm/uvm_pdaemon.c part changes the inner-loop scanning the inactive
> list of pages to account for a given memory range. Without this the
> daemon could spin infinitely doing nothing because the global limits
> are reached.
Here's an updated diff with a fix on top:
* in uvm/uvm_swap.c make sure uvm_swap_allocpages() is allowed to sleep
when coming from uvm_fault(). This makes the faulting process wait
instead of dying when there isn't any free pages to do the bouncing.
I'd appreciate more reviews and tests !
Index: uvm/uvm_pager.c
===
RCS file: /cvs/src/sys/uvm/uvm_pager.c,v
retrieving revision 1.80
diff -u -p -r1.80 uvm_pager.c
--- uvm/uvm_pager.c 28 Jun 2022 12:10:37 - 1.80
+++ uvm/uvm_pager.c 28 Jun 2022 15:25:30 -
@@ -58,8 +58,8 @@ const struct uvm_pagerops *uvmpagerops[]
* The number of uvm_pseg instances is dynamic using an array segs.
* At most UVM_PSEG_COUNT instances can exist.
*
- * psegs[0] always exists (so that the pager can always map in pages).
- * psegs[0] element 0 is always reserved for the pagedaemon.
+ * psegs[0/1] always exist (so that the pager can always map in pages).
+ * psegs[0/1] element 0 are always reserved for the pagedaemon.
*
* Any other pseg is automatically created when no space is available
* and automatically destroyed when it is no longer in use.
@@ -93,6 +93,7 @@ uvm_pager_init(void)
/* init pager map */
uvm_pseg_init(&psegs[0]);
+ uvm_pseg_init(&psegs[1]);
mtx_init(&uvm_pseg_lck, IPL_VM);
/* init ASYNC I/O queue */
@@ -168,9 +169,10 @@ pager_seg_restart:
goto pager_seg_fail;
}
- /* Keep index 0 reserved for pagedaemon. */
- if (pseg == &psegs[0] && curproc != uvm.pagedaemon_proc)
- i = 1;
+ /* Keep indexes 0,1 reserved for pagedaemon. */
+ if ((pseg == &psegs[0] || pseg == &psegs[1]) &&
+ (curproc != uvm.pagedaemon_proc))
+ i = 2;
else
i = 0;
@@ -229,7 +231,7 @@ uvm_pseg_release(vaddr_t segaddr)
pseg->use &= ~(1 << id);
wakeup(&psegs);
- if (pseg != &psegs[0] && UVM_PSEG_EMPTY(pseg)) {
+ if ((pseg != &psegs[0] && pseg != &psegs[1]) && UVM_PSEG_EMPTY(pseg)) {
va = pseg->start;
pseg->start = 0;
}
Index: uvm/uvm_pdaemon.c
===
RCS file: /cvs/src/sys/uvm/uvm_pdaemon.c,v
retrieving revision 1.99
diff -u -p -r1.99 uvm_pdaemon.c
--- uvm/uvm_pdaemon.c 12 May 2022 12:49:31 - 1.99
+++ uvm/uvm_pdaemon.c 28 Jun 2022 13:59:49 -
@@ -101,8 +101,8 @@ extern void drmbackoff(long);
* local prototypes
*/
-void uvmpd_scan(void);
-boolean_t uvmpd_scan_inactive(struct pglist *);
+void uvmpd_scan(struct uvm_pmalloc *);
+boolean_t uvmpd_scan_inactive(struct uvm_pmalloc *, struct pglist *);
void uvmpd_tune(void);
void uvmpd_drop(struct pglist *);
@@ -281,7 +281,7 @@ uvm_pageout(void *arg)
if (pma != NULL ||
((uvmexp.free - BUFPAGES_DEFICIT) < uvmexp.freetarg) ||
((uvmexp.inactive + BUFPAGES_INACT) < uvmexp.inactarg)) {
- uvmpd_scan();
+ uvmpd_scan(pma);
}
/*
@@ -379,15 +379,15 @@ uvm_aiodone_daemon(void *arg)
*/
boolean_t
-uvmpd_scan_inactive(struct pglist *pglst)
+uvmpd_scan_inactive(struct uvm_pmalloc *pma, struct pglist *pglst)
{
boolean_t retval = FALSE; /* assume we haven't hit target */
int free, result;
struct vm_page *p, *nextpg;
struct uvm_object *uobj;
- struct vm_page *pps[MAXBSIZE >> PAGE_SHIFT], **ppsp;
+ struct vm_page *pps[SWCLUSTPAGES], **ppsp;
int npages;
- struct vm_page *swpps[MAXBSIZE >> PAGE_SHIFT]; /* XXX: see below */
+
bgplgd - a JSON frontend to bgpd
This is bgplgd that can be used to provide a JSON REST API for bgpd.
It can be used to integrate bgpd into external looking glasses.
The bgplgd uses a modified version of slowcgi. It forks bgpctl per request
and returns the output via the slowcgi socket.
Securing the API needs to be done in the http server that is handling the
fcgi requests.
--
:wq Claudio
Index: Makefile
===
RCS file: Makefile
diff -N Makefile
--- /dev/null 1 Jan 1970 00:00:00 -
+++ Makefile1 Mar 2022 17:00:06 -
@@ -0,0 +1,14 @@
+# $OpenBSD: Makefile,v 1.2 2014/12/23 19:32:16 pascal Exp $
+
+PROG= bgplgd
+SRCS= bgplgd.c slowcgi.c qs.c
+CFLAGS+= -Wall
+CFLAGS+= -Wstrict-prototypes -Wmissing-prototypes
+CLFAGS+= -Wmissing-declarations -Wredundant-decls
+CFLAGS+= -Wshadow -Wpointer-arith -Wcast-qual
+CFLAGS+= -Wsign-compare
+LDADD= -levent
+DPADD= ${LIBEVENT}
+MAN= bgplgd.8
+
+.include
Index: bgplgd.8
===
RCS file: bgplgd.8
diff -N bgplgd.8
--- /dev/null 1 Jan 1970 00:00:00 -
+++ bgplgd.828 Jun 2022 14:43:39 -
@@ -0,0 +1,179 @@
+.\" $OpenBSD$
+.\"
+.\" Copyright (c) 2021 Claudio Jeker
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate$
+.Dt BGPLGD 8
+.Os
+.Sh NAME
+.Nm bgplgd
+.Nd a bgpctl FastCGI server
+.Sh SYNOPSIS
+.Nm
+.Op Fl d
+.Op Fl p Ar path
+.Op Fl S Ar socket
+.Op Fl s Ar socket
+.Op Fl U Ar user
+.Op Fl u Ar user
+.Sh DESCRIPTION
+.Nm
+is a server which implements the FastCGI Protocol to execute
+.Xr bgpctl 8
+commands.
+.Nm
+is a simple server that implements a simple web API to query
+.Xr bgpd 8 .
+.Pp
+.Nm
+opens a socket at
+.Pa /var/www/run/bgplgd.sock ,
+owned by www:www,
+with permissions 0660.
+It will then
+and drop privileges to user
+.Qq www ,
+.Xr unveil 2
+the
+.Xr bgpctl 8
+binary
+and restrict itself with
+.Xr pledge 2 .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl d
+Do not daemonize.
+If this option is specified,
+.Nm
+will run in the foreground and log to stderr.
+.It Fl p Ar path
+Use
+.Ar path
+instead of
+.Xr bgpctl 8
+to query
+.Xr bgpd 8 .
+.It Fl S Ar socket
+Use
+.Ar socket
+instead of the default
+.Pa /var/run/bgpd.rsock
+to communicate with
+.Xr bgpd 8 .
+.It Fl s Ar socket
+Create and bind to alternative local socket at
+.Ar socket .
+.It Fl U Ar user
+Change the owner of
+.Pa /var/www/run/bgplgd.sock
+to
+.Ar user
+and its primary group instead of the default www:www.
+.El
+.Pp
+.Nm
+provides the following API endpoints.
+Unless further specified the endpoints do not take any parameters:
+.Bl -tag -width Ds
+.It Pa /interfaces
+Show the interface states.
+.It Pa /memory
+Show RIB memory statistics.
+.It Pa /neighbors
+Show detailed neighbors information.
+The output can be limited with the following parameters:
+.Pp
+.Bl -tag -width "neighbor=peer" -compact
+.It Cm neighbor Ns = Ns Ar peer
+Show infromation for a specific neighbor.
+.Ar peer
+may be the neighbor's address or description.
+.It Cm group Ns = Ns Ar name
+Show only entries from the specified peer group.
+.El
+.It Pa /nexthops
+Show the list of BGP nexthops and the result of their validity check.
+.It Pa /rib
+Show routes from the bgpd(8) Routing Information Base.
+The following parameters can be used to filter the output:
+.Pp
+.Bl -tag -width "neighbor=peer" -compact
+.It Cm neighbor Ns = Ns Ar peer
+Show infromation for a specific neighbor.
+.Ar peer
+may be the neighbor's address or description.
+.It Cm group Ns = Ns Ar name
+Show only entries from the specified peer group.
+.It Cm as Ns = Ns Ar number
+Show only entries with the specified source AS number.
+.It Cm community Ns = Ns Ar string
+.It Cm ext-community Ns = Ns Ar string
+.It Cm large-community Ns = Ns Ar string
+Show only entries that match the specified community.
+.It Xo
+.Ic af Ns = Ns
+.Pq Ic ipv4 | ipv6 | vpnv4 | vpnv6
+.Xc
+Show only entries that match the specified address family.
+.It Cm rib Ns = Ns Ar name
+Show only entries from the RIB with name
+.Ar name .
+.It Xo
+.Ic ovs Ns = Ns
+.Pq Ic valid | not-found | invalid
+.Xc
+Show only prefixes that match the specified Origin Validation State.
+.It Cm best Ns = Ns 1
+S
pipex(4): use per-session `pxs_mtx' mutex(9) for protection
We can't predict netlock state when we executing pipex(4) related
(*if_qstart)() handlers, so we can't use netlock for pipex(4)
protection.
We already use `pipex_list_mtx' for global pipex(4) data, so
Use per-session `pxs_mtx' mutex(9) for pipex session context protection.
We already use `pipex_list_mtx' for global pipex(4) data, so now netlock
protects nothing in the pipex(4) layer.
Please note, the MPPE related `pxm_mtx' mutex(9) looks unnecessary,
because we always lock it when `pxs_mtx' is locked. I want to keep it as
is until we decide, what to do with PIPEX_SFLAGS_IP_FORWARD flag in the
pipex(4) output paths. If we decide to not check it, the current
per-session locking could be more fine grained.
Also pppx(4) layer still uses netlock for protection. This made sense
when netlock was used to protect pipex(4) layer, but now it should be
removed from here. This will be done with the next diffs.
Hrvoje, could you test this diff please?
Index: sys/net/if_pppx.c
===
RCS file: /cvs/src/sys/net/if_pppx.c,v
retrieving revision 1.117
diff -u -p -r1.117 if_pppx.c
--- sys/net/if_pppx.c 26 Jun 2022 22:51:58 - 1.117
+++ sys/net/if_pppx.c 28 Jun 2022 13:47:09 -
@@ -659,8 +659,6 @@ pppx_add_session(struct pppx_dev *pxd, s
ifp->if_softc = pxi;
/* ifp->if_rdomain = req->pr_rdomain; */
if_counters_alloc(ifp);
- /* XXXSMP: be sure pppx_if_qstart() called with NET_LOCK held */
- ifq_set_maxlen(&ifp->if_snd, 1);
/* XXXSMP breaks atomicity */
NET_UNLOCK();
@@ -801,13 +799,16 @@ pppx_if_qstart(struct ifqueue *ifq)
struct mbuf *m;
int proto;
- NET_ASSERT_LOCKED();
+ mtx_enter(&pxi->pxi_session->pxs_mtx);
+
while ((m = ifq_dequeue(ifq)) != NULL) {
proto = *mtod(m, int *);
m_adj(m, sizeof(proto));
pipex_ppp_output(m, pxi->pxi_session, proto);
}
+
+ mtx_leave(&pxi->pxi_session->pxs_mtx);
}
int
@@ -1044,8 +1045,6 @@ pppacopen(dev_t dev, int flags, int mode
ifp->if_output = pppac_output;
ifp->if_qstart = pppac_qstart;
ifp->if_ioctl = pppac_ioctl;
- /* XXXSMP: be sure pppac_qstart() called with NET_LOCK held */
- ifq_set_maxlen(&ifp->if_snd, 1);
if_counters_alloc(ifp);
if_attach(ifp);
@@ -1441,7 +1440,6 @@ pppac_qstart(struct ifqueue *ifq)
struct ip ip;
int rv;
- NET_ASSERT_LOCKED();
while ((m = ifq_dequeue(ifq)) != NULL) {
#if NBPFILTER > 0
if (ifp->if_bpf) {
Index: sys/net/pipex.c
===
RCS file: /cvs/src/sys/net/pipex.c,v
retrieving revision 1.142
diff -u -p -r1.142 pipex.c
--- sys/net/pipex.c 28 Jun 2022 08:01:40 - 1.142
+++ sys/net/pipex.c 28 Jun 2022 13:47:09 -
@@ -91,7 +91,6 @@ struct pool mppe_key_pool;
* Locks used to protect global data
* A atomic operation
* I immutable after creation
- * N net lock
* L pipex_list_mtx
*/
@@ -172,7 +171,6 @@ pipex_ioctl(void *ownersc, u_long cmd, c
{
int ret = 0;
- NET_ASSERT_LOCKED();
switch (cmd) {
case PIPEXCSESSION:
ret = pipex_config_session(
@@ -575,18 +573,20 @@ pipex_config_session(struct pipex_sessio
struct pipex_session *session;
int error = 0;
- NET_ASSERT_LOCKED();
-
session = pipex_lookup_by_session_id(req->pcr_protocol,
req->pcr_session_id);
if (session == NULL)
return (EINVAL);
if (session->ownersc == ownersc) {
+ mtx_enter(&session->pxs_mtx);
+
if (req->pcr_ip_forward != 0)
session->flags |= PIPEX_SFLAGS_IP_FORWARD;
else
session->flags &= ~PIPEX_SFLAGS_IP_FORWARD;
+
+ mtx_leave(&session->pxs_mtx);
} else
error = EINVAL;
@@ -601,8 +601,6 @@ pipex_get_stat(struct pipex_session_stat
struct pipex_session *session;
int error = 0;
- NET_ASSERT_LOCKED();
-
session = pipex_lookup_by_session_id(req->psr_protocol,
req->psr_session_id);
if (session == NULL)
@@ -811,6 +809,9 @@ pipex_ip_output(struct mbuf *m0, struct
/*
* Multicast packet is a idle packet and it's not TCP.
*/
+
+ mtx_enter(&session->pxs_mtx);
+
if ((session->flags & (PIPEX_SFLAGS_IP_FORWARD |
PIPEX_SFLAGS_IP6_FORWARD)) == 0)
goto drop;
@@ -837,6 +838,8 @@ pipex_ip_output(struct mbuf *m0, struct
}
pipex_ppp_output(m0, session, PPP_IP);
+
+ mtx_leave(&session->pxs_mtx);
} else {
struct pipex_session *session_tmp;
struc
Re: rewrite amd64 cache printing
On Sat, Jun 25, 2022 at 04:21:54AM -0700, Mike Larkin wrote:
> On Fri, Jun 24, 2022 at 07:19:47PM +1000, Jonathan Gray wrote:
> > +void
> > +amd_cpu_cacheinfo(struct cpu_info *ci)
> > +{
> > + u_int eax, ebx, ecx, edx;
> > +
> > + /* used by vmm */
> > +
>
> If this is the only user of these fields, we can just have vmm(4) issue CPUID
> on
> each guest CPUID for these features. I think I was just trying to save some
> cycles.
>
> I'll send out a diff to remove these fields unless you want to tackle it.
sounds good to me
>
> The diff here is ok mlarkin in any case.
thanks, committed
>
>
> > + if (ci->ci_pnfeatset >= 0x8005) {
> > + CPUID(0x8005, eax, ebx, ecx, edx);
> > + ci->ci_amdcacheinfo[0] = eax;
> > + ci->ci_amdcacheinfo[1] = ebx;
> > + ci->ci_amdcacheinfo[2] = ecx;
> > + ci->ci_amdcacheinfo[3] = edx;
> > + }
> > +
> > + if (ci->ci_pnfeatset >= 0x8006) {
> > + CPUID(0x8006, eax, ebx, ecx, edx);
> > + ci->ci_extcacheinfo[0] = eax;
> > + ci->ci_extcacheinfo[1] = ebx;
> > + ci->ci_extcacheinfo[2] = ecx;
> > + ci->ci_extcacheinfo[3] = edx;
> > + }
> > +}
Introduce uvm_pagewait()
I'd like to abstract the use of PG_WANTED to start unifying & cleaning
the various cases where a code path is waiting for a busy page. Here's
the first step.
ok?
Index: uvm/uvm_amap.c
===
RCS file: /cvs/src/sys/uvm/uvm_amap.c,v
retrieving revision 1.90
diff -u -p -r1.90 uvm_amap.c
--- uvm/uvm_amap.c 30 Aug 2021 16:59:17 - 1.90
+++ uvm/uvm_amap.c 28 Jun 2022 11:53:08 -
@@ -781,9 +781,7 @@ ReStart:
* it and then restart.
*/
if (pg->pg_flags & PG_BUSY) {
- atomic_setbits_int(&pg->pg_flags, PG_WANTED);
- rwsleep_nsec(pg, amap->am_lock, PVM | PNORELOCK,
- "cownow", INFSLP);
+ uvm_pagewait(pg, amap->am_lock, "cownow");
goto ReStart;
}
Index: uvm/uvm_aobj.c
===
RCS file: /cvs/src/sys/uvm/uvm_aobj.c,v
retrieving revision 1.103
diff -u -p -r1.103 uvm_aobj.c
--- uvm/uvm_aobj.c 29 Dec 2021 20:22:06 - 1.103
+++ uvm/uvm_aobj.c 28 Jun 2022 11:53:08 -
@@ -835,9 +835,8 @@ uao_detach(struct uvm_object *uobj)
while ((pg = RBT_ROOT(uvm_objtree, &uobj->memt)) != NULL) {
pmap_page_protect(pg, PROT_NONE);
if (pg->pg_flags & PG_BUSY) {
- atomic_setbits_int(&pg->pg_flags, PG_WANTED);
- rwsleep_nsec(pg, uobj->vmobjlock, PVM, "uao_det",
- INFSLP);
+ uvm_pagewait(pg, uobj->vmobjlock, "uao_det");
+ rw_enter(uobj->vmobjlock, RW_WRITE);
continue;
}
uao_dropswap(&aobj->u_obj, pg->offset >> PAGE_SHIFT);
@@ -909,9 +908,8 @@ uao_flush(struct uvm_object *uobj, voff_
/* Make sure page is unbusy, else wait for it. */
if (pg->pg_flags & PG_BUSY) {
- atomic_setbits_int(&pg->pg_flags, PG_WANTED);
- rwsleep_nsec(pg, uobj->vmobjlock, PVM, "uaoflsh",
- INFSLP);
+ uvm_pagewait(pg, uobj->vmobjlock, "uaoflsh");
+ rw_enter(uobj->vmobjlock, RW_WRITE);
curoff -= PAGE_SIZE;
continue;
}
@@ -1147,9 +1145,8 @@ uao_get(struct uvm_object *uobj, voff_t
/* page is there, see if we need to wait on it */
if ((ptmp->pg_flags & PG_BUSY) != 0) {
- atomic_setbits_int(&ptmp->pg_flags, PG_WANTED);
- rwsleep_nsec(ptmp, uobj->vmobjlock, PVM,
- "uao_get", INFSLP);
+ uvm_pagewait(ptmp, uobj->vmobjlock, "uao_get");
+ rw_enter(uobj->vmobjlock, RW_WRITE);
continue; /* goto top of pps while loop */
}
Index: uvm/uvm_km.c
===
RCS file: /cvs/src/sys/uvm/uvm_km.c,v
retrieving revision 1.150
diff -u -p -r1.150 uvm_km.c
--- uvm/uvm_km.c7 Jun 2022 12:07:45 - 1.150
+++ uvm/uvm_km.c28 Jun 2022 11:53:08 -
@@ -255,9 +255,8 @@ uvm_km_pgremove(struct uvm_object *uobj,
for (curoff = start ; curoff < end ; curoff += PAGE_SIZE) {
pp = uvm_pagelookup(uobj, curoff);
if (pp && pp->pg_flags & PG_BUSY) {
- atomic_setbits_int(&pp->pg_flags, PG_WANTED);
- rwsleep_nsec(pp, uobj->vmobjlock, PVM, "km_pgrm",
- INFSLP);
+ uvm_pagewait(pp, uobj->vmobjlock, "km_pgrm");
+ rw_enter(uobj->vmobjlock, RW_WRITE);
curoff -= PAGE_SIZE; /* loop back to us */
continue;
}
Index: uvm/uvm_page.c
===
RCS file: /cvs/src/sys/uvm/uvm_page.c,v
retrieving revision 1.166
diff -u -p -r1.166 uvm_page.c
--- uvm/uvm_page.c 12 May 2022 12:48:36 - 1.166
+++ uvm/uvm_page.c 28 Jun 2022 11:57:42 -
@@ -1087,6 +1087,23 @@ uvm_page_unbusy(struct vm_page **pgs, in
}
}
+/*
+ * uvm_pagewait: wait for a busy page
+ *
+ * => page must be known PG_BUSY
+ * => object must be locked
+ * => object will be unlocked on return
+ */
+void
+uvm_pagewait(struct vm_page *pg, struct rwlock *lock, const char *wmesg)
+{
+ KASSERT(rw_lock_held(lock));
+ KASSERT((pg->pg_flags & PG_BUSY) != 0);
+
+ atomic_setbits_int(&pg->pg_flags, PG_WANTED);
+ rwsleep_nsec(pg, lock, PVM | PNORELOCK, wmesg, INFSLP);
+}
+
#if defined(UVM_PAGE_TRKOW
install.sub: don't ask about vlan0 unless some other interface exists
The current handling of network interfaces in the installer is rather
confusing when somebody has an unsupported network device - it offers
to configure vlan0, but there is no interface on which a vlan can run
anyway.
Available network interfaces are: vlan0.
Which network interface do you wish to configure? (or 'done') [vlan0]
This changes to only ask the question if some other network interfaces
is found.
amd64 installer iso with this at https://junkpile.org/cd71-netconf-novlan0.iso
comments? ok?
Index: install.sub
===
RCS file: /cvs/src/distrib/miniroot/install.sub,v
retrieving revision 1.1201
diff -u -p -r1.1201 install.sub
--- install.sub 27 Jun 2022 13:48:38 - 1.1201
+++ install.sub 28 Jun 2022 11:37:06 -
@@ -1296,7 +1296,7 @@ ieee80211_config() {
# Set up IPv4 and IPv6 interface configuration.
configure_ifs() {
- local _first _hn _if _name _p _vi
+ local _first _hn _if _name _p _vi _vn
# Always need lo0 configured.
ifconfig lo0 inet 127.0.0.1/8
@@ -1309,9 +1309,10 @@ configure_ifs() {
# minor for the next offered vlan interface.
_vi=$(get_ifs vlan | sed '$!d;s/^vlan//')
[[ -n $_vi ]] && ((_vi++))
+ [[ -n $(get_ifs) ]] && _vn="vlan${_vi:-0}"
ask_which "network interface" "do you wish to configure" \
- "\$(get_ifs) vlan${_vi:-0}" \
+ "\$(get_ifs) $_vn" \
${_p:-'$( (get_ifs netboot; get_ifs) | sed q )'}
[[ $resp == done ]] && break
Re: do pppoe(4) input through netisr
On Tue, Jun 28, 2022 at 12:44:30PM +0300, Vitaliy Makkoveev wrote:
> ether_input() called with shared netlock, but pppoe(4) wants it to be
> exclusive. Do the pppoe(4) input within netisr handler with exclusive
> netlok held, and remove kernel lock hack from ether_input().
>
> This is the step back, but it makes ether_input() path better then it
> is now.
>
> ok?
OK bluhm@
> +#if NPPPOE > 0
> + if (n & (1 << NETISR_PPPOE)) {
> + pppoeintr();
> + }
> #endif
You don't need the { }
Re: snmpd(8): Add blocklist feature
On Tue, 2022-06-28 at 12:21 +0200, Martijn van Duren wrote:
> On Tue, 2022-06-28 at 10:21 +0200, Martijn van Duren wrote:
> > Back in 2020 florian@ added the filter-pf-addresses keyword.
> > Although useful, I always felt it was a bit too case-specific. The diff
> > below adds a new blocklist feature/backend, which takes hold of an
> > entire subtree, effectively removing it from the tree.
> >
> > With this I've deprecated the filter-pf-address case and should
> > probably be removed somewhere after 7.4. The filter-routes case can't
> > be removed unfortunately, since its behaviour is not identical, and
> > instead adds filters to the routing socket, preventing updates being
> > pushed to snmpd(8).
> >
> > Feedback/OK?
> >
> > martijn@
> >
> Also clean up after ourselves if appl_exception fails.
>
*sigh* Missed a return.
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/snmpd/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile19 Jan 2022 11:00:56 - 1.18
+++ Makefile28 Jun 2022 10:32:40 -
@@ -3,6 +3,7 @@
PROG= snmpd
MAN= snmpd.8 snmpd.conf.5
SRCS= parse.y log.c snmpe.c application.c application_legacy.c \
+ application_blocklist.c \
mps.c trap.c mib.c smi.c kroute.c snmpd.c timer.c \
pf.c proc.c usm.c traphandler.c util.c
Index: application.c
===
RCS file: /cvs/src/usr.sbin/snmpd/application.c,v
retrieving revision 1.5
diff -u -p -r1.5 application.c
--- application.c 27 Jun 2022 10:31:17 - 1.5
+++ application.c 28 Jun 2022 10:32:40 -
@@ -148,6 +148,7 @@ RB_PROTOTYPE_STATIC(appl_requests, appl_
void
appl_init(void)
{
+ appl_blocklist_init();
appl_legacy_init();
}
Index: application.h
===
RCS file: /cvs/src/usr.sbin/snmpd/application.h,v
retrieving revision 1.1
diff -u -p -r1.1 application.h
--- application.h 19 Jan 2022 10:59:35 - 1.1
+++ application.h 28 Jun 2022 10:32:40 -
@@ -133,3 +133,6 @@ struct ber_element *appl_exception(enum
/* application_legacy.c */
voidappl_legacy_init(void);
voidappl_legacy_shutdown(void);
+
+/* application_blocklist.c */
+voidappl_blocklist_init(void);
Index: application_blocklist.c
===
RCS file: application_blocklist.c
diff -N application_blocklist.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ application_blocklist.c 28 Jun 2022 10:32:40 -
@@ -0,0 +1,134 @@
+/* $OpenBSD: application.c,v 1.5 2022/06/27 10:31:17 martijn Exp $ */
+
+/*
+ * Copyright (c) 2022 Martijn van Duren
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+#include "application.h"
+#include "snmpd.h"
+
+struct appl_varbind *appl_blocklist_response(size_t);
+void appl_blocklist_get(struct appl_backend *, int32_t, int32_t, const char *,
+struct appl_varbind *);
+void appl_blocklist_getnext(struct appl_backend *, int32_t, int32_t,
+const char *, struct appl_varbind *);
+
+struct appl_backend_functions appl_blocklist_functions = {
+ .ab_get = appl_blocklist_get,
+ .ab_getnext = appl_blocklist_getnext,
+ .ab_getbulk = NULL,
+};
+
+struct appl_backend appl_blocklist = {
+ .ab_name = "blocklist",
+ .ab_cookie = NULL,
+ .ab_retries = 0,
+ .ab_fn = &appl_blocklist_functions
+};
+
+static struct appl_varbind *response = NULL;
+static size_t responsesz = 0;
+
+struct appl_varbind *
+appl_blocklist_response(size_t nvarbind)
+{
+ struct appl_varbind *tmp;
+ size_t i;
+
+ if (responsesz < nvarbind) {
+ if ((tmp = recallocarray(response, responsesz, nvarbind,
+ sizeof(*response))) == NULL) {
+ log_warn(NULL);
+ return NULL;
+ }
+ responsesz = nvarbind;
+ response = tmp;
+ }
+ for (i = 0; i < nvarbind; i++)
+ response[i].av_next = i + 1 == nvarbind ?
+ NULL : &(response[i + 1]);
+ return response;
+
Re: snmpd(8): Add blocklist feature
On Tue, 2022-06-28 at 10:21 +0200, Martijn van Duren wrote:
> Back in 2020 florian@ added the filter-pf-addresses keyword.
> Although useful, I always felt it was a bit too case-specific. The diff
> below adds a new blocklist feature/backend, which takes hold of an
> entire subtree, effectively removing it from the tree.
>
> With this I've deprecated the filter-pf-address case and should
> probably be removed somewhere after 7.4. The filter-routes case can't
> be removed unfortunately, since its behaviour is not identical, and
> instead adds filters to the routing socket, preventing updates being
> pushed to snmpd(8).
>
> Feedback/OK?
>
> martijn@
>
Also clean up after ourselves if appl_exception fails.
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/snmpd/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile19 Jan 2022 11:00:56 - 1.18
+++ Makefile28 Jun 2022 10:20:23 -
@@ -3,6 +3,7 @@
PROG= snmpd
MAN= snmpd.8 snmpd.conf.5
SRCS= parse.y log.c snmpe.c application.c application_legacy.c \
+ application_blocklist.c \
mps.c trap.c mib.c smi.c kroute.c snmpd.c timer.c \
pf.c proc.c usm.c traphandler.c util.c
Index: application.c
===
RCS file: /cvs/src/usr.sbin/snmpd/application.c,v
retrieving revision 1.5
diff -u -p -r1.5 application.c
--- application.c 27 Jun 2022 10:31:17 - 1.5
+++ application.c 28 Jun 2022 10:20:23 -
@@ -148,6 +148,7 @@ RB_PROTOTYPE_STATIC(appl_requests, appl_
void
appl_init(void)
{
+ appl_blocklist_init();
appl_legacy_init();
}
Index: application.h
===
RCS file: /cvs/src/usr.sbin/snmpd/application.h,v
retrieving revision 1.1
diff -u -p -r1.1 application.h
--- application.h 19 Jan 2022 10:59:35 - 1.1
+++ application.h 28 Jun 2022 10:20:23 -
@@ -133,3 +133,6 @@ struct ber_element *appl_exception(enum
/* application_legacy.c */
voidappl_legacy_init(void);
voidappl_legacy_shutdown(void);
+
+/* application_blocklist.c */
+voidappl_blocklist_init(void);
Index: application_blocklist.c
===
RCS file: application_blocklist.c
diff -N application_blocklist.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ application_blocklist.c 28 Jun 2022 10:20:23 -
@@ -0,0 +1,132 @@
+/* $OpenBSD: application.c,v 1.5 2022/06/27 10:31:17 martijn Exp $ */
+
+/*
+ * Copyright (c) 2022 Martijn van Duren
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+#include "application.h"
+#include "snmpd.h"
+
+struct appl_varbind *appl_blocklist_response(size_t);
+void appl_blocklist_get(struct appl_backend *, int32_t, int32_t, const char *,
+struct appl_varbind *);
+void appl_blocklist_getnext(struct appl_backend *, int32_t, int32_t,
+const char *, struct appl_varbind *);
+
+struct appl_backend_functions appl_blocklist_functions = {
+ .ab_get = appl_blocklist_get,
+ .ab_getnext = appl_blocklist_getnext,
+ .ab_getbulk = NULL,
+};
+
+struct appl_backend appl_blocklist = {
+ .ab_name = "blocklist",
+ .ab_cookie = NULL,
+ .ab_retries = 0,
+ .ab_fn = &appl_blocklist_functions
+};
+
+static struct appl_varbind *response = NULL;
+static size_t responsesz = 0;
+
+struct appl_varbind *
+appl_blocklist_response(size_t nvarbind)
+{
+ struct appl_varbind *tmp;
+ size_t i;
+
+ if (responsesz < nvarbind) {
+ if ((tmp = recallocarray(response, responsesz, nvarbind,
+ sizeof(*response))) == NULL) {
+ log_warn(NULL);
+ return NULL;
+ }
+ responsesz = nvarbind;
+ response = tmp;
+ }
+ for (i = 0; i < nvarbind; i++)
+ response[i].av_next = i + 1 == nvarbind ?
+ NULL : &(response[i + 1]);
+ return response;
+}
+
+void
+appl_blocklist_init(void)
+{
+ extern struct snmpd *snmpd_env;
+ size_t i;
+
+ for (i = 0; i
Re: arpintr without kernel lock
On Tue, Jun 28, 2022 at 10:51:29AM +0200, Alexander Bluhm wrote:
> arpintr() looks MP safe and I cannot trigger a crash with this diff.
Running parallel forwarding and arp -d in a loop triggers route
NULL pointer dereference after a while. I have to figure out if
it is related to this diff.
bluhm
root@ot31:.../~# while :; do arp -nd 10.6.16.36 >/dev/null; done
arp: delete: can't locate 10.6.16.36
arp: delete: can't locate 10.6.16.36
arp: delete: can't locate 10.6.16.36
arp: delete: can't locate 10.6.16.36
uvmp_afnaicu:lt (0 x f ff f ff f f 8 31 a 59 9 8 , 0 x6 0,0,2
) - > e
kkeerrnneell:pdagieag fnoasultict t ra p , c o de = 0 a
Stopped at rtref+0x11: lock incl 0x60(%rdi) s
TIDPIDUID PRFLAGS PFLAGS CPU COMMAND
202508 43068 00x13 03 arp
37126 11508 91 0x112 05 snmpd
340135 94731 0 0x14000 0x2001 softnet
230690 38637 0 0x14000 0x2002 softnet
33711215 0 0x14000 0x2004 softnet
*104852 83709 0 0x14000 0x2006 softnet
rtref(0) at rtref+0x11
rtable_match(0,8000246b6e98,fd800b58e658) at rtable_match+0xb9
rtalloc_mpath(8000246b6e98,fd800b58e658,0) at rtalloc_mpath+0x2e
in_ouraddr(fd80b278d300,8077d048,8000246b6f18) at in_ouraddr+0x
84
ip_input_if(8000246b6fb8,8000246b6fc4,4,0,8077d048) at ip_input
_if+0x1cd
ipv4_input(8077d048,fd80b278d300) at ipv4_input+0x39
ether_input(8077d048,fd80b278d300) at ether_input+0x3ad
if_input_process(8077d048,8000246b70a8) at if_input_process+0x6f
ifiq_process(80781100) at ifiq_process+0x69
taskq_thread(80036080) at taskq_thread+0x100
end trace frame: 0x0, count: 5
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb{6}> show register
rdi0
rsi 0xfd8834a02590
rbp 0x8000246b6dc0
rbx 0x8000246b6dd8
rdx0
rcx 0x8000224377e0
rax0
r8 0
r9 0x4
r10 0x24
r11 0xf4ba682f767b269e
r12 0xfd8834a02590
r13 0x8000246b6e98
r140
r15 0xfd800b58e658
rip 0x813b2691rtref+0x11
cs 0x8
rflags 0x10282__ALIGN_SIZE+0xf282
rsp 0x8000246b6db0
ss 0x10
rtref+0x11: lock incl 0x60(%rdi)
ddb{6}> show panic
*cpu6: uvm_fault(0x831a5998, 0x60, 0, 2) -> e
cpu2: kernel diagnostic assertion "(rt->rt_flags & RTF_MPATH) || mrt->rt_prior
ity != prio" failed: file "/usr/src/sys/net/rtable.c", line 613
ddb{6}> trace
rtref(0) at rtref+0x11
rtable_match(0,8000246b6e98,fd800b58e658) at rtable_match+0xb9
rtalloc_mpath(8000246b6e98,fd800b58e658,0) at rtalloc_mpath+0x2e
in_ouraddr(fd80b278d300,8077d048,8000246b6f18) at in_ouraddr+0x
84
ip_input_if(8000246b6fb8,8000246b6fc4,4,0,8077d048) at ip_input
_if+0x1cd
ipv4_input(8077d048,fd80b278d300) at ipv4_input+0x39
ether_input(8077d048,fd80b278d300) at ether_input+0x3ad
if_input_process(8077d048,8000246b70a8) at if_input_process+0x6f
ifiq_process(80781100) at ifiq_process+0x69
taskq_thread(80036080) at taskq_thread+0x100
end trace frame: 0x0, count: -10
ddb{6}> ps
PID TID PPIDUID S FLAGS WAIT COMMAND
43068 202508 86288 0 70x13arp
16981 183305 55181 0 30x100083 kqreadtop
55181 168823 55818 0 30x10008b sigsusp ksh
55818 177517 59472 0 30x9a kqreadsshd
61572 18246 0 0 3 0x14200 bored sosplice
86288 511512 1 0 30x10008b sigsusp ksh
88947 37559 1 0 30x100098 kqreadcron
33580 243044 1 99 3 0x1100090 kqreadsndiod
96861 268522 1110 30x100090 kqreadsndiod
78020 360065 25250 95 3 0x1100092 kqreadsmtpd
21363 422206 25250103 3 0x1100092 kqreadsmtpd
26374 175617 25250 95 3 0x1100092 kqreadsmtpd
50987 371703 25250 95 30x100092 kqreadsmtpd
93507 389621 25250 95 3 0x1100092 kqreadsmtpd
79576 150347 25250 95 3 0x1100092 kqreadsmtpd
25250 448177 1 0 30x100080 kqreadsmtpd
8305 136296 1 0 30x80 kqreadrelayd
33505 102618 1 89 3 0x1100092 kqreadrelayd
2184 36427
pkg_create tweak for PORTSDIR_PATH
As noticed by landry, going to the ports tree for dependencies can fail
hilariously in case of a PORTSDIR_PATH.
Most specifically, assuming you are building something like firefox-102
in one of your ports directory, when building the debug package,
dependency look-up in pkg_create is going to follow PORTSDIR_PATH, thus
ending up possibly in another firefox directory which contains firefox-100.
And since debug packages dependencies are tight, this will fail every time.
We're already checking for dependency pkgpath matching the pkgpath we're
building, so it's mostly a question of deducing the ports root from the
current directory.
and overriding PORTSDIR_PATH in ask_tree.
(another possibility would be to actively parse the dependency, not go back
to the ports tree, and just set FLAVOR and SUBPACKAGE correctly, but this
is somewhat more complicated and this appears to work).
Note the "Overriding..." print. This is intended as checking that things work
as expected and not intended for commit.
(I've also added an extra check on plist->pkgname and error message display
while debugging that thingy, along with moving the full action tweaks in
the father, so the messages reflect what has actually been run)
Okay ?
Index: OpenBSD/PkgCreate.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PkgCreate.pm,v
retrieving revision 1.182
diff -u -p -r1.182 PkgCreate.pm
--- OpenBSD/PkgCreate.pm28 Jun 2022 09:01:45 - 1.182
+++ OpenBSD/PkgCreate.pm28 Jun 2022 09:59:24 -
@@ -980,6 +980,7 @@ sub really_solve_dependency
$state->progress->message($dep->{pkgpath});
my $v;
+ my $path;
# look in installed packages, but only for different paths
my $p1 = $dep->{pkgpath};
@@ -987,7 +988,16 @@ sub really_solve_dependency
$p1 =~ s/\,.*//;
$p2 =~ s/\,.*//;
$p2 =~ s,^debug/,,;
- if ($p1 ne $p2) {
+ if ($p1 eq $p2) {
+ # try to figure out where we live
+ require Cwd;
+ my $dir = Cwd::getcwd();
+ if (defined $dir) {
+ if ($dir =~ s,/\Q$p1\E$,,) {
+ $path = $dir;
+ }
+ }
+ } else {
# look in installed packages
$v = $self->find_dep_in_installed($state, $dep);
}
@@ -997,7 +1007,7 @@ sub really_solve_dependency
# and in portstree otherwise
if (!defined $v) {
- $v = $self->solve_from_ports($state, $dep, $package);
+ $v = $self->solve_from_ports($state, $dep, $package, $path);
}
return $v;
}
@@ -1032,13 +1042,19 @@ sub to_cache
sub ask_tree
{
- my ($self, $state, $pkgpath, $portsdir, $data, @action) = @_;
+ my ($self, $state, $pkgpath, $portsdir, $path, $data, @action) = @_;
my $make = OpenBSD::Paths->make;
my $errors = OpenBSD::Temp->file;
if (!defined $errors) {
$state->fatal(OpenBSD::Temp->last_error);
}
+ push(@action, 'PORTS_PRIVSEP=No');
+ if (defined $path) {
+ push(@action, "PORTSDIR_PATH=$path");
+ $state->say("Overriding PORTSDIR_PATH=#1 for dependency #2",
+ $path, $pkgpath);
+ }
my $pid = open(my $fh, "-|");
if (!defined $pid) {
$state->fatal("cannot fork: #1", $!);
@@ -1059,7 +1075,6 @@ sub ask_tree
$( = $); $< = $>;
# XXX we're already running as ${BUILD_USER}
# so we can't do this again
- push(@action, 'PORTS_PRIVSEP=No');
$DB::inhibit_exit = 0;
exec $make ('make', @action);
}
@@ -1067,7 +1082,7 @@ sub ask_tree
while(<$fh>) { # XXX avoid spurious errors from child
}
close($fh);
- if ($? != 0) {
+ if ($? != 0 || !defined $plist || !defined $plist->pkgname) {
$state->errsay("child running '#2' failed: #1",
$state->child_error,
join(' ', 'make', @action));
@@ -1084,7 +1099,7 @@ sub ask_tree
sub really_solve_from_ports
{
- my ($self, $state, $dep, $portsdir) = @_;
+ my ($self, $state, $dep, $portsdir, $path) = @_;
my $diskcache = $self->diskcachename($dep);
my $plist;
@@ -1093,6 +1108,7 @@ sub really_solve_from_ports
$plist = OpenBSD::PackingList->fromfile($diskcache);
} else {
$plist = $self->ask_tree($state, $dep->{pkgpath}, $portsdir,
+ $path,
\&OpenBSD::PackingList::PrelinkStuffOnly,
'print-plist-libs-with-depends',
'wantlib_args=no-wantlib-args');
@@ -1113,7 +1129,7 @@ my $cache = {};
sub solve_from_ports
{
- my ($self, $state, $dep, $package) = @_;
+ my ($self, $state, $dep, $package, $pat
do pppoe(4) input through netisr
ether_input() called with shared netlock, but pppoe(4) wants it to be
exclusive. Do the pppoe(4) input within netisr handler with exclusive
netlok held, and remove kernel lock hack from ether_input().
This is the step back, but it makes ether_input() path better then it
is now.
ok?
Index: sys/net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.655
diff -u -p -r1.655 if.c
--- sys/net/if.c28 Jun 2022 08:01:40 - 1.655
+++ sys/net/if.c28 Jun 2022 09:27:29 -
@@ -68,6 +68,7 @@
#include "pf.h"
#include "pfsync.h"
#include "ppp.h"
+#include "pppoe.h"
#include "if_wg.h"
#include
@@ -917,6 +918,11 @@ if_netisr(void *unused)
#ifdef PIPEX
if (n & (1 << NETISR_PIPEX))
pipexintr();
+#endif
+#if NPPPOE > 0
+ if (n & (1 << NETISR_PPPOE)) {
+ pppoeintr();
+ }
#endif
t |= n;
}
Index: sys/net/if_ethersubr.c
===
RCS file: /cvs/src/sys/net/if_ethersubr.c,v
retrieving revision 1.282
diff -u -p -r1.282 if_ethersubr.c
--- sys/net/if_ethersubr.c 27 Jun 2022 20:47:10 - 1.282
+++ sys/net/if_ethersubr.c 28 Jun 2022 09:27:29 -
@@ -546,12 +546,13 @@ ether_input(struct ifnet *ifp, struct mb
pipex_rele_session(session);
}
#endif
- KERNEL_LOCK();
- if (etype == ETHERTYPE_PPPOEDISC)
- pppoe_disc_input(m);
- else
- pppoe_data_input(m);
- KERNEL_UNLOCK();
+ if (etype == ETHERTYPE_PPPOEDISC) {
+ if (mq_enqueue(&pppoediscinq, m) == 0)
+ schednetisr(NETISR_PPPOE);
+ } else {
+ if (mq_enqueue(&pppoeinq, m) == 0)
+ schednetisr(NETISR_PPPOE);
+ }
return;
#endif
#ifdef MPLS
Index: sys/net/if_pppoe.c
===
RCS file: /cvs/src/sys/net/if_pppoe.c,v
retrieving revision 1.80
diff -u -p -r1.80 if_pppoe.c
--- sys/net/if_pppoe.c 14 May 2022 09:46:15 - 1.80
+++ sys/net/if_pppoe.c 28 Jun 2022 09:27:29 -
@@ -144,6 +144,8 @@ struct pppoe_softc {
};
/* input routines */
+void pppoe_disc_input(struct mbuf *);
+void pppoe_data_input(struct mbuf *);
static void pppoe_dispatch_disc_pkt(struct mbuf *);
/* management routines */
@@ -181,6 +183,26 @@ int pppoe_clone_destroy(struct ifnet *);
struct if_clone pppoe_cloner =
IF_CLONE_INITIALIZER("pppoe", pppoe_clone_create, pppoe_clone_destroy);
+struct mbuf_queue pppoediscinq = MBUF_QUEUE_INITIALIZER(
+ IFQ_MAXLEN, IPL_SOFTNET);
+struct mbuf_queue pppoeinq = MBUF_QUEUE_INITIALIZER(
+ IFQ_MAXLEN, IPL_SOFTNET);
+
+void pppoeintr(void)
+{
+ struct mbuf_list ml;
+ struct mbuf *m;
+
+ NET_ASSERT_LOCKED();
+
+ mq_delist(&pppoediscinq, &ml);
+ while ((m = ml_dequeue(&ml)) != NULL)
+ pppoe_disc_input(m);
+
+ mq_delist(&pppoeinq, &ml);
+ while ((m = ml_dequeue(&ml)) != NULL)
+ pppoe_data_input(m);
+}
void
pppoeattach(int count)
Index: sys/net/if_pppoe.h
===
RCS file: /cvs/src/sys/net/if_pppoe.h,v
retrieving revision 1.7
diff -u -p -r1.7 if_pppoe.h
--- sys/net/if_pppoe.h 4 Jan 2021 21:21:41 - 1.7
+++ sys/net/if_pppoe.h 28 Jun 2022 09:27:29 -
@@ -66,8 +66,8 @@ struct pppoeconnectionstate {
#ifdef _KERNEL
-void pppoe_disc_input(struct mbuf *);
-void pppoe_data_input(struct mbuf *);
+extern struct mbuf_queue pppoediscinq;
+extern struct mbuf_queue pppoeinq;
#endif /* _KERNEL */
#endif /* _NET_IF_PPPOE_H_ */
Index: sys/net/netisr.h
===
RCS file: /cvs/src/sys/net/netisr.h,v
retrieving revision 1.57
diff -u -p -r1.57 netisr.h
--- sys/net/netisr.h28 Jun 2022 08:01:40 - 1.57
+++ sys/net/netisr.h28 Jun 2022 09:27:29 -
@@ -48,6 +48,7 @@
#defineNETISR_PIPEX27 /* for pipex processing */
#defineNETISR_PPP 28 /* for PPP processing */
#defineNETISR_BRIDGE 29 /* for bridge processing */
+#defineNETISR_PPPOE30 /* for pppoe processing */
#defineNETISR_SWITCH 31 /* for switch dataplane */
#ifndef _LOCORE
@@ -67,6 +68,7 @@ void bridgeintr(void);
void switchintr(void);
void pfsyncintr(void);
void pipexintr(void);
+void pppoeintr(void);
#defineschednetisr(anisr)
\
do { \
Re: bcmdmac: minor nit
ok kettenis@
> Op 28-06-2022 07:20 schreef Anton Lindqvist :
>
>
> Hi,
> No need to pass a copy of the bcmdmac_channel structure to predicate
> routines.
>
> Comments? OK?
>
> diff --git sys/dev/fdt/bcm2835_dmac.c sys/dev/fdt/bcm2835_dmac.c
> index 145810dd7af..e9b31af568c 100644
> --- sys/dev/fdt/bcm2835_dmac.c
> +++ sys/dev/fdt/bcm2835_dmac.c
> @@ -97,18 +97,18 @@ struct cfdriver bcmdmac_cd = { NULL, "bcmdmac", DV_DULL };
>
> /* utilities */
> enum bcmdmac_type
> -bcmdmac_channel_type(struct bcmdmac_channel ch)
> +bcmdmac_channel_type(struct bcmdmac_channel *ch)
> {
> - if (ISSET(ch.ch_debug, DMAC_DEBUG_LITE))
> + if (ISSET(ch->ch_debug, DMAC_DEBUG_LITE))
> return BCMDMAC_TYPE_LITE;
> else
> return BCMDMAC_TYPE_NORMAL;
> }
>
> int
> -bcmdmac_channel_used(struct bcmdmac_channel ch)
> +bcmdmac_channel_used(struct bcmdmac_channel *ch)
> {
> - return ch.ch_callback != NULL;
> + return ch->ch_callback != NULL;
> }
>
> void
> @@ -233,9 +233,9 @@ bcmdmac_alloc(enum bcmdmac_type type, int ipl,
> for (index = 0; index < sc->sc_nchannels; index++) {
> if (!ISSET(sc->sc_channelmask, (1 << index)))
> continue;
> - if (bcmdmac_channel_type(sc->sc_channels[index]) != type)
> + if (bcmdmac_channel_type(&sc->sc_channels[index]) != type)
> continue;
> - if (bcmdmac_channel_used(sc->sc_channels[index]))
> + if (bcmdmac_channel_used(&sc->sc_channels[index]))
> continue;
>
> ch = &sc->sc_channels[index];
Re: com at acpi: minor nit
meh
not really worth fixing, but since you already wrote the diff
ok kettenis@
> Op 28-06-2022 07:23 schreef Anton Lindqvist :
>
>
> Hi,
> A com_acpi_softc pointer is used as the interrupt callback cookie which
> is later on interpreted as a com_softc pointer. This is not a problem in
> practice as a com_softc structure is the first member of the
> com_acpi_softc structure.
>
> Using the actual types consistently yields a better symmetry in my
> opinion between registering the interrupt and the corresponding
> interrupt handler.
>
> Comments? OK?
>
> diff --git sys/dev/acpi/com_acpi.c sys/dev/acpi/com_acpi.c
> index 9c1e4af0426..b9f2a14edd3 100644
> --- sys/dev/acpi/com_acpi.c
> +++ sys/dev/acpi/com_acpi.c
> @@ -159,9 +159,9 @@ com_acpi_is_designware(const char *hid)
> int
> com_acpi_intr_designware(void *cookie)
> {
> - struct com_softc *sc = cookie;
> + struct com_acpi_softc *sc = cookie;
>
> - com_read_reg(sc, com_usr);
> + com_read_reg(&sc->sc, com_usr);
>
> - return comintr(sc);
> + return comintr(&sc->sc);
> }
snmpd(8): Allow for symbolic OID names in snmpd.conf
When playing with the blocklist I noticed that the oid directive only
supports numeric OIDs. So if florian wants to use filter-pf-table in the
future he'd have to set:
blocklist 1.3.6.1.4.1.30155.1.9.129
which is pure insanity, if:
blocklist pfTblAddrTable
could be an option.
Diff below changes the "oid" parse.y definition from ober_string2oid to
smi_string2oid, which allows for the locally known symbolic names.
This also helps out with existing statements ("system oid",
"trap handle oid", and "trap receiver", and "oid").
While here, rename sysoid to oid, since it's not used by the system
oid anymore and do a little KNF.
OK?
martijn@
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/snmpd/parse.y,v
retrieving revision 1.73
diff -u -p -r1.73 parse.y
--- parse.y 21 Nov 2021 13:33:53 - 1.73
+++ parse.y 28 Jun 2022 09:02:36 -
@@ -666,21 +666,20 @@ optwrite : READONLY { $$ =
0; }
;
oid: STRING{
- struct ber_oid *sysoid;
- if ((sysoid =
- calloc(1, sizeof(*sysoid))) == NULL) {
+ struct ber_oid *oid;
+ if ((oid = calloc(1, sizeof(*oid))) == NULL) {
yyerror("calloc");
free($1);
YYERROR;
}
- if (ober_string2oid($1, sysoid) == -1) {
+ if (smi_string2oid($1, oid) == -1) {
yyerror("invalid OID: %s", $1);
- free(sysoid);
+ free(oid);
free($1);
YYERROR;
}
free($1);
- $$ = sysoid;
+ $$ = oid;
}
;
arpintr without kernel lock
Hi,
arpintr() looks MP safe and I cannot trigger a crash with this diff.
Hrvoje, can you try it?
bluhm
Index: net/if.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/net/if.c,v
retrieving revision 1.654
diff -u -p -r1.654 if.c
--- net/if.c27 Jun 2022 15:11:23 - 1.654
+++ net/if.c27 Jun 2022 23:47:22 -
@@ -891,11 +891,8 @@ if_netisr(void *unused)
atomic_clearbits_int(&netisr, n);
#if NETHER > 0
- if (n & (1 << NETISR_ARP)) {
- KERNEL_LOCK();
+ if (n & (1 << NETISR_ARP))
arpintr();
- KERNEL_UNLOCK();
- }
#endif
if (n & (1 << NETISR_IP))
ipintr();
snmpd(8): Add blocklist feature
Back in 2020 florian@ added the filter-pf-addresses keyword.
Although useful, I always felt it was a bit too case-specific. The diff
below adds a new blocklist feature/backend, which takes hold of an
entire subtree, effectively removing it from the tree.
With this I've deprecated the filter-pf-address case and should
probably be removed somewhere after 7.4. The filter-routes case can't
be removed unfortunately, since its behaviour is not identical, and
instead adds filters to the routing socket, preventing updates being
pushed to snmpd(8).
Feedback/OK?
martijn@
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/snmpd/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile19 Jan 2022 11:00:56 - 1.18
+++ Makefile28 Jun 2022 08:18:17 -
@@ -3,6 +3,7 @@
PROG= snmpd
MAN= snmpd.8 snmpd.conf.5
SRCS= parse.y log.c snmpe.c application.c application_legacy.c \
+ application_blocklist.c \
mps.c trap.c mib.c smi.c kroute.c snmpd.c timer.c \
pf.c proc.c usm.c traphandler.c util.c
Index: application.c
===
RCS file: /cvs/src/usr.sbin/snmpd/application.c,v
retrieving revision 1.5
diff -u -p -r1.5 application.c
--- application.c 27 Jun 2022 10:31:17 - 1.5
+++ application.c 28 Jun 2022 08:18:17 -
@@ -148,6 +148,7 @@ RB_PROTOTYPE_STATIC(appl_requests, appl_
void
appl_init(void)
{
+ appl_blocklist_init();
appl_legacy_init();
}
Index: application.h
===
RCS file: /cvs/src/usr.sbin/snmpd/application.h,v
retrieving revision 1.1
diff -u -p -r1.1 application.h
--- application.h 19 Jan 2022 10:59:35 - 1.1
+++ application.h 28 Jun 2022 08:18:17 -
@@ -133,3 +133,6 @@ struct ber_element *appl_exception(enum
/* application_legacy.c */
voidappl_legacy_init(void);
voidappl_legacy_shutdown(void);
+
+/* application_blocklist.c */
+voidappl_blocklist_init(void);
Index: application_blocklist.c
===
RCS file: application_blocklist.c
diff -N application_blocklist.c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ application_blocklist.c 28 Jun 2022 08:18:17 -
@@ -0,0 +1,122 @@
+/* $OpenBSD: application.c,v 1.5 2022/06/27 10:31:17 martijn Exp $ */
+
+/*
+ * Copyright (c) 2022 Martijn van Duren
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include
+#include
+
+#include "application.h"
+#include "snmpd.h"
+
+struct appl_varbind *appl_blocklist_response(size_t);
+void appl_blocklist_get(struct appl_backend *, int32_t, int32_t, const char *,
+struct appl_varbind *);
+void appl_blocklist_getnext(struct appl_backend *, int32_t, int32_t,
+const char *, struct appl_varbind *);
+
+struct appl_backend_functions appl_blocklist_functions = {
+ .ab_get = appl_blocklist_get,
+ .ab_getnext = appl_blocklist_getnext,
+ .ab_getbulk = NULL,
+};
+
+struct appl_backend appl_blocklist = {
+ .ab_name = "blocklist",
+ .ab_cookie = NULL,
+ .ab_retries = 0,
+ .ab_fn = &appl_blocklist_functions
+};
+
+static struct appl_varbind *response = NULL;
+static size_t responsesz = 0;
+
+struct appl_varbind *
+appl_blocklist_response(size_t nvarbind)
+{
+ struct appl_varbind *tmp;
+ size_t i;
+
+ if (responsesz < nvarbind) {
+ if ((tmp = recallocarray(response, responsesz, nvarbind,
+ sizeof(*response))) == NULL) {
+ log_warn(NULL);
+ return NULL;
+ }
+ responsesz = nvarbind;
+ response = tmp;
+ }
+ for (i = 0; i < nvarbind; i++)
+ response[i].av_next = i + 1 == nvarbind ?
+ NULL : &(response[i + 1]);
+ return response;
+}
+
+void
+appl_blocklist_init(void)
+{
+ extern struct snmpd *snmpd_env;
+ size_t i;
+
+ for (i = 0; i < snmpd_env->sc_nblocklist; i++)
+ appl_register(NULL, 150, 1, &(snmpd_env->sc_blocklist[i]),
+ 0, 1, 0, 0, &appl
Re: acpitz(4): perform passive cooling only when perfpolicy is AUTO
Stefan Hagen wrote: > Stuart Henderson wrote (2022-06-28 08:13 CEST): > > On 2022/06/27 17:12, Bryan Steele wrote: > > > > > > Shouldn't this also take into consideration hw.power as well? If it > > > doesn't make sense for perfpolicy=high then it probably doesn't for > > > perfpolicy=auto when on AC power? > > > > Why so? perfpolicy=high says to me, "I want it fast, I don't care about > > fan noise etc", but perfpolicy=auto (whether on ac or not) suggests there > > are considerations other than speed. > > > > perfpolicy=auto+AC sets perflevel=100, which is the equivalent > to perfpolicy=high. > > I believe this is a discussion we have other threads for. > > But in my opinion as long as perfpolicy=auto+AC sets max speed, it > should be the same as perfpolicy=high and not something "almost > perfpolicy=high". The reason I changed it that way last year, is because auto was behaving on too many machines as dog-slow. I did not believe I could repair auto on my own, so I chose to create a reaction --- such that the whole team would work together on algorithm changes so that auto would once again be effective -- some sort of blend of desired behaviour between everyone. It should scale up performance as soon as it is required (not slowly, even now, I think it is too slow because it requires compute to occur slowly, which eventually bogs up the scheduler data structures, which eventually causes it to speedup, but in the meantime those first immediate chunks of compute happened in very slow mode). I think what changed in newer machines is that the gap between slowest and fastest is far greater than in previous machines, so choosing "slowest" and upgrading with such a pessimistic method is a bad idea.
