Re: tetris(6) "Random Generator" and advanced controls
ping?
rpki-client 8.0 released
rpki-client 8.0 has just been released and will be available in the rpki-client directory of any OpenBSD mirror soon. rpki-client is a FREE, easy-to-use implementation of the Resource Public Key Infrastructure (RPKI) for Relying Parties (RP) to facilitate validation of BGP announcements. The program queries the global RPKI repository system and validates untrusted network inputs. The program outputs validated ROA payloads, BGPsec Router keys, and ASPA payloads in configuration formats suitable for OpenBGPD and BIRD, and supports emitting CSV and JSON for consumption by other routing stacks. See RFC 6480 and RFC 6811 for a description of how RPKI and BGP Prefix Origin Validation help secure the global Internet routing system. rpki-client was primarily developed by Kristaps Dzonsons, Claudio Jeker, Job Snijders, Theo Buehler, Theo de Raadt and Sebastian Benoit as part of the OpenBSD Project. This release includes the following changes to the previous release: * Add suport for validating Autonomous System Provider Authorization (ASPA) objects conforming to draft-ietf-sidrops-aspa-profile-10. Validated ASPA payloads are visible in JSON and filemode (-f) output. * Set rsync connection I/O idle timeout to 15 seconds. * Unify the maximum idle I/O and connect timeouts for RSYNC & HTTPS. * Rpki-client now performs stricter EE certificate validation: - Disallow AS Resources extensions in ROA EE certificates. - Disallow Subject Information Access (SIA) extensions in RPKI Signed Checklist (RSC) EE certs. - Check the resources in ROAs and RSCs against EE certs. * Improve readability and add various information being printed in verbose mode. * Extend filemode (-f) output and print X.509 certificates in PEM format when increased verbosity (-vv) is specified. * Shorten the RRDP I/O idle timeout. * Introduce a deadline timer that aborts all repository synchronization after seven eights of timeout (-s). With this rpki-client has improved chances to complete and produce an output even when a CA is excessivly slow. * Abort a currently running RRDP request process when the per-repository timeout is reached. * Permit multiple AccessDescription entries in SIA X.509 extensions. While fetching from secondary locations is not yet supported, rpki-client will not treat occurence as a fatal error. * Resolve a potential for a race condition in non-atomic RRDP deltas. * Fix some memory leaks. * Improve compliance with the HTTP protocol specification. rpki-client works on all operating systems with a libcrypto library based on OpenSSL 1.1 or LibreSSL 3.5, and a libtls library compatible with LibreSSL 3.5 or later. rpki-client is known to compile and run on at least the following operating systems: Alpine, CentOS, Debian, Fedora, FreeBSD, Red Hat, Rocky, Ubuntu, macOS, and of course OpenBSD! It is our hope that packagers take interest and help adapt rpki-client-portable to more distributions. The mirrors where rpki-client can be found are on https://www.rpki-client.org/portable.html Reporting Bugs: === General bugs may be reported to tech@openbsd.org Portable bugs may be filed at https://github.com/rpki-client/rpki-client-portable We welcome feedback and improvements from the broader community. Thanks to all of the contributors who helped make this release possible. Assistance to coordinate security issues is available via secur...@openbsd.org.
sparc64: 32-bit compatibility cleanup
kettenis@ suggested in a different thread that we ought to clean up the 32-bit compatibility cruft in the sparc64 machine headers before it would be safe to move the clockframe definition into frame.h: https://marc.info/?l=openbsd-tech=166179164008301=2 > We really should be getting rid of the xxx32 stuff and rename the > xxx64 ones to xxx. And move trapframe (and possibly rwindow) to > frame.h. miod@ came forward in private and offered the attached patch to do so. I don't have a sparc64 machine so I can't test it. But if this cleanup is indeed a necessary step to consolidating the clockframe definitions I guess I can just ask: Does this patch work for everyone? Can we go ahead with this? Index: dev/creator.c === RCS file: /OpenBSD/src/sys/arch/sparc64/dev/creator.c,v retrieving revision 1.55 diff -u -p -r1.55 creator.c --- dev/creator.c 15 Jul 2022 17:57:26 - 1.55 +++ dev/creator.c 30 Aug 2022 18:33:27 - @@ -33,8 +33,9 @@ #include #include -#include #include +#include +#include #include #include Index: fpu/fpu.c === RCS file: /OpenBSD/src/sys/arch/sparc64/fpu/fpu.c,v retrieving revision 1.21 diff -u -p -r1.21 fpu.c --- fpu/fpu.c 19 Aug 2020 10:10:58 - 1.21 +++ fpu/fpu.c 30 Aug 2022 18:33:27 - @@ -81,22 +81,22 @@ #include int fpu_regoffset(int, int); -int fpu_insn_fmov(struct fpstate64 *, struct fpemu *, union instr); -int fpu_insn_fabs(struct fpstate64 *, struct fpemu *, union instr); -int fpu_insn_fneg(struct fpstate64 *, struct fpemu *, union instr); +int fpu_insn_fmov(struct fpstate *, struct fpemu *, union instr); +int fpu_insn_fabs(struct fpstate *, struct fpemu *, union instr); +int fpu_insn_fneg(struct fpstate *, struct fpemu *, union instr); int fpu_insn_itof(struct fpemu *, union instr, int, int *, int *, u_int *); int fpu_insn_ftoi(struct fpemu *, union instr, int *, int, u_int *); int fpu_insn_ftof(struct fpemu *, union instr, int *, int *, u_int *); int fpu_insn_fsqrt(struct fpemu *, union instr, int *, int *, u_int *); -int fpu_insn_fcmp(struct fpstate64 *, struct fpemu *, union instr, int); +int fpu_insn_fcmp(struct fpstate *, struct fpemu *, union instr, int); int fpu_insn_fmul(struct fpemu *, union instr, int *, int *, u_int *); int fpu_insn_fmulx(struct fpemu *, union instr, int *, int *, u_int *); int fpu_insn_fdiv(struct fpemu *, union instr, int *, int *, u_int *); int fpu_insn_fadd(struct fpemu *, union instr, int *, int *, u_int *); int fpu_insn_fsub(struct fpemu *, union instr, int *, int *, u_int *); -int fpu_insn_fmovcc(struct proc *, struct fpstate64 *, union instr); -int fpu_insn_fmovr(struct proc *, struct fpstate64 *, union instr); +int fpu_insn_fmovcc(struct proc *, struct fpstate *, union instr); +int fpu_insn_fmovr(struct proc *, struct fpstate *, union instr); void fpu_fcopy(u_int *, u_int *, int); #ifdef DEBUG @@ -115,7 +115,7 @@ fpu_dumpfpn(struct fpn *fp) fp->fp_mant[2], fp->fp_mant[3], fp->fp_exp); } void -fpu_dumpstate(struct fpstate64 *fs) +fpu_dumpstate(struct fpstate *fs) { int i; @@ -189,7 +189,7 @@ fpu_fcopy(src, dst, type) void fpu_cleanup(p, fs) register struct proc *p; - register struct fpstate64 *fs; + register struct fpstate *fs; { register int i, fsr = fs->fs_fsr, error; union instr instr; @@ -455,7 +455,7 @@ fpu_execute(p, fe, instr) */ int fpu_insn_fmov(fs, fe, instr) - struct fpstate64 *fs; + struct fpstate *fs; struct fpemu *fe; union instr instr; { @@ -478,7 +478,7 @@ fpu_insn_fmov(fs, fe, instr) */ int fpu_insn_fabs(fs, fe, instr) - struct fpstate64 *fs; + struct fpstate *fs; struct fpemu *fe; union instr instr; { @@ -502,7 +502,7 @@ fpu_insn_fabs(fs, fe, instr) */ int fpu_insn_fneg(fs, fe, instr) - struct fpstate64 *fs; + struct fpstate *fs; struct fpemu *fe; union instr instr; { @@ -644,7 +644,7 @@ fpu_insn_fsqrt(fe, instr, rdp, rdtypep, */ int fpu_insn_fcmp(fs, fe, instr, cmpe) - struct fpstate64 *fs; + struct fpstate *fs; struct fpemu *fe; union instr instr; int cmpe; @@ -848,7 +848,7 @@ fpu_insn_fsub(fe, instr, rdp, rdtypep, s int fpu_insn_fmovcc(p, fs, instr) struct proc *p; - struct fpstate64 *fs; + struct fpstate *fs; union instr instr; { int rtype, rd, rs, cond; @@ -900,7 +900,7 @@ fpu_insn_fmovcc(p, fs, instr) int fpu_insn_fmovr(p, fs, instr) struct proc *p; - struct fpstate64 *fs; + struct fpstate *fs; union instr instr; { int rtype, rd, rs2, rs1; Index: fpu/fpu_emu.h === RCS file: /OpenBSD/src/sys/arch/sparc64/fpu/fpu_emu.h,v retrieving revision 1.5 diff -u -p -r1.5 fpu_emu.h ---
Towards unlocking mmap(2) & munmap(2)
Diff below adds a minimalist set of assertions to ensure proper locks are held in uvm_mapanon() and uvm_unmap_remove() which are the guts of mmap(2) for anons and munmap(2). Please test it with WITNESS enabled and report back. Index: uvm/uvm_addr.c === RCS file: /cvs/src/sys/uvm/uvm_addr.c,v retrieving revision 1.31 diff -u -p -r1.31 uvm_addr.c --- uvm/uvm_addr.c 21 Feb 2022 10:26:20 - 1.31 +++ uvm/uvm_addr.c 11 Sep 2022 09:08:10 - @@ -416,6 +416,8 @@ uvm_addr_invoke(struct vm_map *map, stru !(hint >= uaddr->uaddr_minaddr && hint < uaddr->uaddr_maxaddr)) return ENOMEM; + vm_map_assert_anylock(map); + error = (*uaddr->uaddr_functions->uaddr_select)(map, uaddr, entry_out, addr_out, sz, align, offset, prot, hint); Index: uvm/uvm_fault.c === RCS file: /cvs/src/sys/uvm/uvm_fault.c,v retrieving revision 1.132 diff -u -p -r1.132 uvm_fault.c --- uvm/uvm_fault.c 31 Aug 2022 01:27:04 - 1.132 +++ uvm/uvm_fault.c 11 Sep 2022 08:57:35 - @@ -1626,6 +1626,7 @@ uvm_fault_unwire_locked(vm_map_t map, va struct vm_page *pg; KASSERT((map->flags & VM_MAP_INTRSAFE) == 0); + vm_map_assert_anylock(map); /* * we assume that the area we are unwiring has actually been wired Index: uvm/uvm_map.c === RCS file: /cvs/src/sys/uvm/uvm_map.c,v retrieving revision 1.294 diff -u -p -r1.294 uvm_map.c --- uvm/uvm_map.c 15 Aug 2022 15:53:45 - 1.294 +++ uvm/uvm_map.c 11 Sep 2022 09:37:44 - @@ -162,6 +162,8 @@ int uvm_map_inentry_recheck(u_long, v struct p_inentry *); boolean_t uvm_map_inentry_fix(struct proc *, struct p_inentry *, vaddr_t, int (*)(vm_map_entry_t), u_long); +boolean_t uvm_map_is_stack_remappable(struct vm_map *, +vaddr_t, vsize_t); /* * Tree management functions. */ @@ -491,6 +493,8 @@ uvmspace_dused(struct vm_map *map, vaddr vaddr_t stack_begin, stack_end; /* Position of stack. */ KASSERT(map->flags & VM_MAP_ISVMSPACE); + vm_map_assert_anylock(map); + vm = (struct vmspace *)map; stack_begin = MIN((vaddr_t)vm->vm_maxsaddr, (vaddr_t)vm->vm_minsaddr); stack_end = MAX((vaddr_t)vm->vm_maxsaddr, (vaddr_t)vm->vm_minsaddr); @@ -570,6 +574,8 @@ uvm_map_isavail(struct vm_map *map, stru if (addr + sz < addr) return 0; + vm_map_assert_anylock(map); + /* * Kernel memory above uvm_maxkaddr is considered unavailable. */ @@ -1446,6 +1452,8 @@ uvm_map_mkentry(struct vm_map *map, stru entry->guard = 0; entry->fspace = 0; + vm_map_assert_wrlock(map); + /* Reset free space in first. */ free = uvm_map_uaddr_e(map, first); uvm_mapent_free_remove(map, free, first); @@ -1573,6 +1581,8 @@ boolean_t uvm_map_lookup_entry(struct vm_map *map, vaddr_t address, struct vm_map_entry **entry) { + vm_map_assert_anylock(map); + *entry = uvm_map_entrybyaddr(>addr, address); return *entry != NULL && !UVM_ET_ISHOLE(*entry) && (*entry)->start <= address && (*entry)->end > address; @@ -1692,6 +1702,8 @@ uvm_map_is_stack_remappable(struct vm_ma vaddr_t end = addr + sz; struct vm_map_entry *first, *iter, *prev = NULL; + vm_map_assert_anylock(map); + if (!uvm_map_lookup_entry(map, addr, )) { printf("map stack 0x%lx-0x%lx of map %p failed: no mapping\n", addr, end, map); @@ -1843,6 +1855,8 @@ uvm_mapent_mkfree(struct vm_map *map, st vaddr_t addr; /* Start of freed range. */ vaddr_t end; /* End of freed range. */ + UVM_MAP_REQ_WRITE(map); + prev = *prev_ptr; if (prev == entry) *prev_ptr = prev = NULL; @@ -1971,10 +1985,7 @@ uvm_unmap_remove(struct vm_map *map, vad if (start >= end) return; - if ((map->flags & VM_MAP_INTRSAFE) == 0) - splassert(IPL_NONE); - else - splassert(IPL_VM); + vm_map_assert_wrlock(map); /* Find first affected entry. */ entry = uvm_map_entrybyaddr(>addr, start); @@ -4027,6 +4038,8 @@ uvm_map_checkprot(struct vm_map *map, va { struct vm_map_entry *entry; + vm_map_assert_anylock(map); + if (start < map->min_offset || end > map->max_offset || start > end) return FALSE; if (start == end) @@ -4886,6 +4899,7 @@ uvm_map_freelist_update(struct vm_map *m vaddr_t b_start, vaddr_t b_end, vaddr_t s_start, vaddr_t s_end, int flags) { KDASSERT(b_end >= b_start && s_end >=
Re: strtonum.3: Use the proper macro for "long long"
On Sat, Sep 10, 2022 at 11:46:21PM +0200, Ingo Schwarze wrote: > Hi, > > yes, this is completely correct, with one tiny exception that should > be fixed while committing, see in-line below. > > Jason, since you already started working on this, could you please > commit this patch with OK schwarze@? > > I'm surprised there was still so much .Li in our tree where .Vt > should have been. These are not even edge cases but completely > unambiguous .Vt. > > Note that the mdoc(7) manual deprecates .Li (it is a presentational > macro with an invisible effect - we usually want semantic rather > than presentational markup). Rare cases exist where it may not be > completely obvious what to use instead, but here it is. > > Thanks, > Ingo > thanks for checking ingo. committed now with the change you mentioned (and zero markup). thanks for the diff, josiah. jmc > > Josiah Frentsos wrote on Sat, Sep 10, 2022 at 12:29:28PM -0400: > > > Index: lib/libc/gen/frexp.3 > > Index: lib/libc/gen/getgrent.3 > > Index: lib/libc/gen/getpwent.3 > > Index: lib/libc/gen/getpwnam.3 > > Index: lib/libc/gen/glob.3 > > Index: lib/libc/gen/isalnum.3 > > Index: lib/libc/gen/isalpha.3 > > Index: lib/libc/gen/isblank.3 > > Index: lib/libc/gen/iscntrl.3 > > Index: lib/libc/gen/isdigit.3 > > Index: lib/libc/gen/isgraph.3 > > Index: lib/libc/gen/islower.3 > > Index: lib/libc/gen/isprint.3 > > Index: lib/libc/gen/ispunct.3 > > Index: lib/libc/gen/isspace.3 > > Index: lib/libc/gen/isupper.3 > > Index: lib/libc/gen/isxdigit.3 > > Index: lib/libc/gen/lockf.3 > > Index: lib/libc/gen/login_cap.3 > > Index: lib/libc/gen/modf.3 > > Index: lib/libc/gen/opendir.3 > > Index: lib/libc/gen/setjmp.3 > > Index: lib/libc/gen/times.3 > > Index: lib/libc/gen/tolower.3 > > Index: lib/libc/gen/toupper.3 > > Index: lib/libc/gen/uname.3 > > Index: lib/libc/gen/utime.3 > > Index: lib/libc/locale/localeconv.3 > > Index: lib/libc/net/ether_aton.3 > > Index: lib/libc/net/getaddrinfo.3 > > Index: lib/libc/net/getnameinfo.3 > > Index: lib/libc/net/getpeereid.3 > > Index: lib/libc/net/getrrsetbyname.3 > > Index: lib/libc/net/htonl.3 > > === > > RCS file: /cvs/src/lib/libc/net/htonl.3,v > > retrieving revision 1.5 > > diff -u -p -r1.5 htonl.3 > > --- lib/libc/net/htonl.313 Feb 2019 07:02:09 - 1.5 > > +++ lib/libc/net/htonl.310 Sep 2022 16:10:01 - > > @@ -66,14 +66,14 @@ or > > .Sq l ) > > is a mnemonic > > for the traditional names for such quantities, > > -.Li short > > +.Vt short > > and > > -.Li long , > > +.Vt long , > > respectively. > > This is misleading, as explained in the very next sentence. > I suggest just dropping the .Li markup in these two instances > without any replacement, or .Dq if you insist on some markup. > > > Today, the C concept of > > -.Li short > > +.Vt short > > and > > -.Li long > > +.Vt long > > integers need not coincide with this traditional misunderstanding. > > On machines which have a byte order which is the same as the network > > order, routines are defined as null macros. > > This part is correct. > > > Index: lib/libc/net/inet_addr.3 > > Index: lib/libc/net/inet_net_ntop.3 > > Index: lib/libc/net/inet_ntop.3 > > Index: lib/libc/regex/regex.3 > > Index: lib/libc/rpc/xdr.3 > > Index: lib/libc/stdio/fseek.3 > > Index: lib/libc/stdio/getc.3 > > Index: lib/libc/stdio/putc.3 > > Index: lib/libc/stdio/ungetc.3 > > Index: lib/libc/stdlib/atof.3 > > Index: lib/libc/stdlib/atoi.3 > > Index: lib/libc/stdlib/atol.3 > > Index: lib/libc/stdlib/atoll.3 > > Index: lib/libc/stdlib/div.3 > > Index: lib/libc/stdlib/getopt_long.3 > > Index: lib/libc/stdlib/imaxdiv.3 > > Index: lib/libc/stdlib/ldiv.3 > > Index: lib/libc/stdlib/lldiv.3 > > Index: lib/libc/stdlib/strtod.3 > > Index: lib/libc/stdlib/strtonum.3 > > Index: lib/libc/string/memccpy.3 > > Index: lib/libc/string/memchr.3 > > Index: lib/libc/string/memcmp.3 > > Index: lib/libc/string/memset.3 > > Index: lib/libc/sys/accept.2 > > Index: lib/libc/sys/fcntl.2 > > Index: lib/libc/sys/getpeername.2 > > Index: lib/libc/sys/getrlimit.2 > > Index: lib/libc/sys/getsockname.2 > > Index: lib/libc/sys/getsockopt.2 > > Index: lib/libc/sys/ioctl.2 > > Index: lib/libc/sys/ptrace.2 > > Index: lib/libc/sys/quotactl.2 > > Index: lib/libc/termios/tcsetattr.3 > > Index: lib/libc/time/ctime.3 > > Index: lib/libradius/radius_new_request_packet.3 > > Index: share/man/man3/bit_alloc.3 > > Index: share/man/man3/dl_iterate_phdr.3 > > Index: share/man/man4/bpf.4 > > Index: share/man/man4/ddb.4 > > Index: share/man/man4/openprom.4 > > Index: share/man/man4/options.4 > > Index: share/man/man4/speaker.4 > > Index: share/man/man5/ranlib.5 > > Index: share/man/man8/crash.8 > > Index: share/man/man9/printf.9 > > Index: share/man/man9/socreate.9 > > Index: share/man/man9/style.9 > > Index: usr.bin/ssh/sshd.8 > > Index: usr.sbin/zdump/zdump.8