This patch is only an adaptation for 9front of the patch located in
http://www.9legacy.org/9legacy/patch/pc-ether82563-i210.diff. The
major difference is that this patch ignores errors in checksum of
eeprom, because in my system the checksum was wrong. After 3 months,
I didn't have problems, and I think the patch can be used. although
it has some things that need to be fixed. If the link is inactive
when the system boots then it will remain inactive forever.
/n/bugs/open/libdrawfont.c_buffer_overflow
http://bugs.9front.org/open/libdrawfont.c_buffer_overflow/readmeray@raylai.com
Hi all,
In plan9port this bug keeps crashing mc when I run lc in a directory with Chinese characters. This is a diff from OpenBSD but it should apply cleanly to the various plan9 sources.
The code is basically trying to do a realloc (I guess realloc wasn't available back then?) but it copies too much from the original buffer.
Since realloc is available, just use it. If realloc isn't available outside plan9port (I haven't checked) the memmove line should be changed from:
memmove(f->subf, of, (f->nsubf+DSUBF)*sizeof *subf);
to:
memmove(f->subf, of, f->nsubf*sizeof *subf);
I hope this is helpful.
Ray
- return distinct error message when attempting to create Globalseg with physseg name
- copy directory name to up->genbuf so it stays valid after we unlock(&glogalseglock)
- cleanup wstat() handling, allow changing uid
- make sure global segment size is below SEGMAXSIZE
- move isoverlap() check from globalsegattach() into segattach()
- remove Proc* argument from globalsegattach(), segattach() and isoverlap()
- make Physseg.attr and segattach attr parameter an int for consistency
to figure out what network connection a particular tls
conversation refers to, we add the path of the underlying
we send the encrypted tls traffic over in the status file,
example:
term% grep -n '^Chan:' '#a'/tls/*/status
#a/tls/0/status:7: Chan: /net/tcp/6/data
#a/tls/1/status:7: Chan: /net/tcp/0/data
/n/bugs/open/multicasts_and_udp_buffers
http://bugs.9front.org/open/multicasts_and_udp_buffers/readmemichal@Lnet.pl
I have ported my small MPEG-TS analisis tool to Plan9.
To allow this application working I had to fix a bug in the kernel IPv4 code and increase UDP input buffer.
Bug is related to listening for IPv4 multicast traffic. There is no problem if you listen for only one group or multiple groups with different UDP ports. This works:
Write to UDP ctl:
anounce PORT
addmulti INTERFACE_ADDR MULTICAST_ADDR
headers
and you can read packets from data file.
You need to set headers option because otherwise every UDP packet for MULTICAST_ADDR!PORT is treat as separate connection. This is a bug and should be fixed too, but I didn't tried it.
There is a problem when you need to receive packets for multiple multicast groups. Usually the same destination port is used by multiple streams and above sequence of commands fails for second group because the port is the same.
Simple and probably non-intrusive fix is adding "|| ipismulticast(addr)" to if statement at /sys/src/9/ip/devip.c:861 line:
if(ipforme(c->p->f, addr) || ipismulticast(addr))
This fixes the problem and now you can use the following sequence to listen for multiple multicast groups even if they all have the same destination port:
announce MULTICAST_ADDR!PORT
addmulti INTERFACE_ADDR MULTICAST_ADDR
headers
After that my application started working but signals packet drops at >2 Mb/s input rate. The same is reported by kernel netlog. Increase capacity of UDP connection input queue fixes this problem /sys/src/9/ip/udp.c:153
c->rq = qopen(512*1024, Qmsg, 0, 0);
--
Michał Derkacz
access to the axi segment hangs the machine when the fpga
is not programmed yet. to prevent access, we introduce a
new SG_FAULT flag, that when set on the Segment.type or
Physseg.attr, causes the fault handler to immidiately
return with an error (as if the segment would not be mapped).
during programming, we temporarily set the SG_FAULT flag
on the axi physseg, flush all processes tlb's that have
the segment mapped and when programming is done, we clear
the flag again.
tsleep() used to cancel the timer with:
if(up->tt != nil)
timerdel(up);
which still can result in twakeup() to fire after tsleep()
returns (because we set Timer.tt to nil *before* we call the tfn).
in most cases, this is not an issue as the Rendez*
usually is just &up->sleep, but when it is dynamically allocated
or on the stack like in tsemacquire(), twakeup() will call
wakeup() on a potentially garbage Rendez structure!
to fix the race, we execute the wakup() with the Timer lock
held, and set p->trend to nil only after we called wakeup().
that way, the timerdel(); which unconditionally locks the Timer;
can act as a proper barrier and use up->trend == nil as the
condition if the timer has already fired.
for queue like non-seekable files, it is impossible to implement an
exportfs because one has to run the kernels devtab read() and write()
in separate processes, and that makes it impossible to maintain 9p message
order as the scheduler can come in and randomly schedule one process before
another.
so as soon as we have a transition from 9p -> syscalls, we'r screwed.
i currently see just two possibilities:
- introduce special file type like QTSEQ with strictly ordered i/o semantics
- fix all fileservers and exportfs to only do one outstanding i/o to QTSEQ files
which means maintaining a queue per fid
this doesnt propagate. so exporting slow 9p mount again will be limited
again by latency of the inner mount.
other option:
- return offset in Rread, so client can bring responses back into order. this
requires changing all fileservers and drivers to maintain such an per fid offset
and change the protocol to include it in the response, and also pass it to userspace
(new syscalls or pass it in TOS)
this only works for read pipelining, write is still screwed.
both options suck.
--
cinap
(ppp->secret comes from factotum and it can have any size)
This patch also sets the correct state after success and
failure cases in chap negotiation (without them the code was
working because it expected the other point to pass to net
phase or due to the timer).
p2.patch: Do not request encriptation with -c or -C in ppp
(it was a bit annoying request compression, and when the ACK
from the server was received then send a NAK).
p3.patch: Add support for md5 and mschap in in chap
(without this patch ppp was passing to the net stage
without worring about chap).
- remove redundant flushimage() calls before readmouse()
- remove flushimage() calls for allocimage(),freeimage() and originwindow()
this is experimental. it will break allocimage() error handling unless the
caller does explicit flushimage() calls, tho the gains
in usability over high latency connections is huge. in most cases, programs
will just terminate when encountering these errors.
both server and client need to be convinced that the connection
is broken for a connection reestablishment to happen as the server
will only start looking for incoming clients when the connection
already broke. so use the 8 second interval sync messages
to check for connection lifeness. if we miss two syncs in time,
we declare the connecton to be broken and will try to reconnect.
k0ga reports:
Hello,
While I was setting my pppoe conexion with my ISP
I discovered several problems in ip/pppoe. I used
the command line ip/pppoe -A '' ether0 and I got
this:
...
dropping unwanted pkt: wrong ac name
panic: D2B called on non-block dc10 (double-free?)
note rcved: sys: trap: fault read addr=0x0 pc=0x000066e1
pppoe 1013: suicide: sys: trap: fault read addr=0x0 pc=0x000066e1
cpu% acid 1013
/proc/1013/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: stk()
abort()+0x0 /sys/src/libc/9sys/abort.c:6
ppanic(p=0xd1b8,fmt=0xc7f9)+0x146 /sys/src/libc/port/malloc.c:166
D2B(p=0xd1b8,v=0xdc10)+0x57 /sys/src/libc/port/pool.c:926
poolfreel(v=0xdc10,p=0xd1b8)+0x20 /sys/src/libc/port/pool.c:1152
poolfree(p=0xd1b8,v=0xdc10)+0x3b /sys/src/libc/port/pool.c:1287
free(v=0xdc18)+0x23 /sys/src/libc/port/malloc.c:250
clearstate()+0x1b /sys/src/cmd/ip/pppoe.c:328
pppoe(ether=0xdfffefc1)+0x123 /sys/src/cmd/ip/pppoe.c:426
main(argv=0xdfffefa0,argc=0x1)+0x89 /sys/src/cmd/ip/pppoe.c:100
_main+0x31 /sys/src/libc/386/main9.s:16
acid:
clearstate() is called in pppoe.c:424, and it frees acname and sets it
to nil. pktread() is called in pppoe.c:434 with parameter wantoffer,
which frees acname again in line pppoe.c:360 but doesn't set it to
nil, so clearstate() makes a double free in the next iteration.
for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange
message and the signature digest algorithm is fixed to md5+sha1 and we
only support RSA signatures (TLS1.1 doesnt know about ECDSA).
this allows running kbdfs under kbdfs :-)
going use this in new drawterm. drawterm provides the initial
/dev/kbd, but only sends rune up/down messages (keeps it simple).
the servers kbdfs reads that and exports itself the full
set of files, similar to what we do in vncs. this also
provides note processing.
the dns file service can be restarted, which causes it to forget
all fid state. given the simple file system structure of the dns
service (just a single dns file), we can assume that rpcs
on a unknown fid refers to the root, so the mountpoint will stay
valid and /net/dns can be reopend avoiding the need for a remount
of the dns service after restart.
The execexec() function should never return, as it irreversably changes
the filedescriptor table for the new program. This means rc's internal
filedesciptors for reading the script get implicitely closed and we cannot
continue the rc interpreter when Execute() fails. So Execute() now sets the
error status, and execexec() runs Xexit() in case Execute() returns.
when we look up role=speakfor key and askforkeys is set, the
findkey() can return RpcNeedkey, which causes us to skip the
query for a role=client key. Instead, we now check for the
return value != RpcOk (and != RpcConfirm which we want to
handle the same for both queries).
we have to free the attribute lists when returning RpcConfirm.
the ini buffer was not reset when we got eof in the message
body read causing a endless loop. instead of defining our
own read9pmsg() function, just handle the first read specially
when we consumed the first 4 bytes for the "impo" protocol
escape check.
this code was if(0) for a long time due to wrong parentesis,
fixed parentesis cause print spam on some machines making them
unusage (kenji okomoto). removing the check alltogether.
this is a reimplementation of cpu and import utilities in rc using a tlsclient
and tlssrv as the encryption and authentication layers. there is only one new
service, which after authentication and encryption setup accepts an arbitrary
rc script over the network and executes it with the standard filedescriptors
redirected to the conversaion (this is *after* authentication and in the
context of the authorized user).
the new rcpu program has a few improvements over cpu(1):
- doesnt mangle program arguments
- the remote process will get the clients standard file descriptors, so error
and output are separated and you can consume the clients input from the
remote side :-)
- forwards error status of remote process
theres no backwards mode for rimport, but a new program called rexport
for the same purpose.
all these services use exportfs without the bolted on initial handshake,
so the hope is to clean up exportfs in the future and remove all the ugly
crap in there.
theres a bootstrap problem:
when /bin/init is run, it processes /lib/namespace where we might want to
mount or bind resources to /n or /mnt. but mntgen was run later in
cpurc/termrc so these mounts would be ignored.
we already have mntgen in bootfs, so we can provide these mountpoints early.
i keep the termrc/cpurc mntgens where they are, but ignore the error
prints. this way old kernels will continue to work.
When a window is moved or reshaped, that implicitely tops
the window and makes it current. The conseqence of this
is that we always have to redraw the window as if it where
a current window in any case. This was handled for Reshaped
windows, but not when the window was just moved. We now
handle both cases the exact same way, getting rid of the
Moved wctl message.
make kbdproc() and mouseproc() share fd table with the main proc
and not explicitely close the file descriptors. so /dev/mouse gets
closed *after* /dev/draw/new to avoid the white window refresh issue.
apparently, this causes some quadcore ramnode vm to hang on boot,
even tho all cores successfully started up and are operational.
i suspect some side effect from timersinit()... this would also
mean *notsc= would break it (syncclock() would continue)...
its unclear.
i'm reverting this for now until the problem is better understood.
when testing in qemu, launching each ap became slower and slower
because all the ap's where spinning in syncclock() waiting for
cpu0 to update its mach0->tscticks, which happens only much later
after all cpu's have been started up.
now we wait for each cpu to do its timer callibration and
manually update our tscticks while we wait and each cpu will
not spin but halt while waiting for active.thunderbirdsarego.
this reduces the system load and noise for timer callibration
and makes the mp startup linear with regard to the number of
cores.
the shared command language assumed 512 byte sectors, which is
not the case for fdisk as it uses cylinders for the block unit.
so we introduce an extra argument in the Edit structure and
parseexpr() function so byte sizes are properly converted to
the block unit when the K,M,G and T postfixes are used.
the pcap files produced by snoopy had the wrong timestamps because it expected:
/* magic=0xa1b2c3d4 */
ulong ts_sec; /* seconds*/
ulong ts_usec; /* microseconds */
but we wrote:
uvlong ts; /* nanoseconds */
now, we write:
/* magic=0xa1b23c4d */
ulong ts_sec; /* seconds */
ulong ts_nsec; /* nanoseconds */
spew → I fixed the memory leak setjmp/longjmp problem with libjson
spew → http://www.spew.club/json.patch
spew → full file: http://www.spew.club/json.c
spew → going to bed, I'll annoy cinap_lenrek tomorrow to try to get this committed
instead of testing for special field primes each time in mpmod(),
make it explicit with a mpfiled() function that tests a modulus N
to be of some special form that can be reduced more efficiently with
some precalculation, and replaces N with a Mfield* when it can. the
Mfield*'s are recognized by mpmod() as they have the MPfield flag
set and provide a function pointer that executes the fast reduction.
as the generated parser intermixes lines from .y source
and the parser text, the line source/lineno for yyparse()
shows up wrong in the debugger. to make stack traces a
bit less crazy, put a #line 1 "/sys/lib/yaccpar" before
copying in the parser text.
introduce cpushutdown() function that does the common
operation of initiating shutdown, returning once all
cpu's got the message and are about to shutdown. this
avoids duplicated code which isnt really machine specific.
automatic reboot on panic only when *debug= is not set
and the machine is a cpu server or has no display,
otherwise just hang.
chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter
and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so
setupChachastate() now takes a ivlen argument which sets the mode.
add ccpoly_encrypt()/ccpoly_decrypt() routines.
to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so
adding tsmemcmp() to libsec.
when the "resize" wctl was used on a hidden window, the window
was put back on the screen, however, it was not removed from
the hidden[] array so trying to hide the window again failed
because whide() assumed it was already hidden.
the fix is to not unhide the window, but preserve the hidden
state, so windows can programmatically be reshaped and moved,
but will remain hidden unless explicitely unhidden.
to solve the usb device enumeration race on boot, usbd creates /env/usbbusy
on startup and once all devices have been enumerated and readers have consumed
all the events, we remove the file so nusbrc/bootrc can continue. this makes
sure all the usb devices that where plugged in on boot are made available.
when opening a /env file ORCLOSE, and the process exits, envgrp() would
return nil can crash in envremove() because procexit will have set up->egrp
to nil before calling closefgrp().
the solution is to capture the environment on open, keeping a reference in
Chan.aux, so it doesnt matter on what process the close happens and a
env chan will always refer to its original environment group.
instead of checking addr+len >= addr, check len >= -addr so
that addr == 0 is never valid for len > 0 even if we decide
to have memory at the zero page so theres never any chance
user can pass in "nil" pointers.
put up some signs where we fall thru the switch cases in
fixfault()
sha256 is only defined for TLS1.2, however, technically, theres
no reason not to use it in TLS1.0/TLS1.1. the choice is up to
tlshand and pushtls, not the kernel.
listensrv() used to override Srv.end() with its own handler
to free the malloc'd Srv structure and close the fd. this
makes it impossible to register your own cleanup handler.
instead, we introduce the private Srv.free() handler that
is used by listensrv to register its cleanup code. Srv.free()
is called once all the srv procs have been exited and all
requests on that srv have been responded to while Srv.end()
is called once all the procs exited the srv loop regardless
of the requests still being in flight.
code assumed the accessdir() call would always mark the block dirty, but
this is not the case when noatime flag is enabled. this was reported by
michael in bug:
"open/with_noatime_option_cwfs_doesnt_preserve_changes_in_file_permissionowner"
--
cinap
introduce wificfg() function to convert ether->opt[] strings
to wifictl messages, which needs quoting for the value. so
etherX=type=iwl essid='something with spaces' works.
from charles forsuth:
because the previous version thought OINDEX might have a side effect, it
stopped it building a tower of them.
probably the best thing is to limit that anyway, since each one consumes
2-3 registers, so towering them can
keep even more active, and the x86 hasn't got that many.
the quick hack is to return that case to the earlier state by treating
OINDEX as a side-effect in side().
it's not a bad thing to do in the OSTRUCT case, for similar reasons: it's
better to collapse the indexed pointer
into a direct register, instead of repeating the indexing operation through
the copying of the value.
OINDEX isn't a machine-independent operation, so it doesn't affect the uses
in ../cc
- cover more cases that have no side effects
- ensure function has complex FNX
- pull operators out of OFUNC level
- rewrite OSTRUCT lhs to avoid all side-effects, use regalloc() instead of regret()
maximum file size is 4GB-1 as the file length is stored in
a 32 bit long. make sure it doesnt overflow on write or
or truncate. interpret the file length as unsigned. pass
vlong to readfile()/writefile()/truncfile() so we can
handle overflows and not just ignore the upper bits.
- fix missing runlock(ifc) when ifcid != a->ifcid in rxmitsols() (thanks erik quanstro)
- don't leak packets when transfering blocks from arp entry hold list to droplist
- free rest of droplist when bwrite() errors in arpenter(), remove useless checks (ifc != nil)
- free arp entry hold list from cleanarpent()
- consistent use of nil for pointers
sprint() will replace invalid utf8 sequences with U+FFFD
which caused directory reads and stats to return the wrong
filename. just strcpy the name bytes.
the dynamic input buffer resize code (fillbuf()) is broken as
the calling code assumes that memory wont relocate. instead
of trying to work out all the cases where this happens, i'm
getting rid of fillbuf() and just read the whole file into
memory in setsource().
the bug could be reproduced with something as simple as:
@{for(i in `{seq 1 10000}){echo $i ', \'; }} | cpp
X509req() and X509gen() used to leak memory, and had no way for
the caller to free the allocated certificate/certificate request
buffer returned. this is not critical as these functions are only
used in short lived rsa(2) helper programs. but i prefer to have
library routines not leak memory as one does not know in advance
where the code is going to be used.
we used to negotiate tls1.1 for client cert authentication because the
signature generation was not implemented for tls1.2. this is now fixed
and tls1.2 can be negotiated with client certs.
actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.
stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.
fix some memory leaks in X509 code while we'r at it.
libdraw was attempting to bind '#i' and '#m' to /dev when it could not find
/dev/mouse or /dev/draw. a library shouldnt be that clever and do namespace
manipulations on behalf of the caller. so instead, we setup the graphics
environment in screenrc on boot time.
---------- Forwarded message ----------
From: Charles Forsyth <charles.forsyth@gmail.com>
Date: 13 September 2015 at 12:38
Subject: fis bug
To: erik quanstrom <quanstro@quanstro.net>
geoff spotted something similar in sdiahci.c, but it's in libfis as well:
c[Flba24] = lba >> 24;
c[Flba32] = lba >> 32;
c[Flba40] = lba >> 48;
>> 48?? should be >> 40, especially with drive sizes getting up there.
TLS1.2 requires the client to send the list of supported
signature and hash algorithm pairs. some servers will simply
reject the client hello otherwise. note that we do not implement
any dh/ecdh param signature verification.
order the cipher list to strogest first. aes128 is actually more
secure than aes256.
tar used to infer compression type from the filenames extension, but when
no file name is given (stdin/stdout), the -z flag was ignored and no
compression filter applied. this changes tar to assume the default
gzip compression method when z is given and no file name is specified.
these functions where undocumented and unused. especially
tprivfree() was buggy missing a unlock() call. theres not
much point in supporting these functions as theres
threaddata() and procdata().
this generates a disk image (to be written to usb or
sdmmc card) containing 9fat partition with kernel and
a hjfs filesystem partition with the 9front distribution.
this could be easily extended to generate raspberry pi
images as well, but i have no hardware to test.
