we cannot retry posts and we do not know for sure if a
post had any side effect when we got no status, so always
make a new connection for a post request.
when dragging a window edge, allow one to slide to a corner
or slide from corner to corner (usefull when inverting).
also make sure the right or bottom of the rectangle returned
by whichrect() is not outside of the screen (which makes
drawing slow).
we can encrypt the 256 bit chacha key on each invocation
making it hard to reconstruct previous outputs of the
generator given the current state (backtracking resiatance).
the kernels custom rand() and nrand() functions where not working
as specified in rand(2). now we just use libc's rand() and nrand()
functions but provide a custom lrand() impelmenting the xoroshiro128+
algorithm as proposed by aiju.
we now access the user buffer in randomread() outside of the lock,
only copying and advancing the chacha state under the lock. this
means we can use randomread() within the fault handling path now
without fearing deadlock. this also allows multiple readers to
generate random numbers in parallel.
we might wake up on a different cpu after the sleep so
delta from machX->ticks - machY->ticks can become negative
giving spurious timeouts. to avoid this always use the
same mach 0 tick counter for the delta.
the manpage states that capabilities time out after a minute,
so we add ticks field into the Caphash struct and record the
time when the capability was inserted. freeing old capabilities
is handled in trimcaps(), which makes room for one extra cap
and frees timed out ones.
we also limit the capuse write size to less than 1024 bytes to
prevent denial of service as we have to copy the user buffer.
(memory exhaustion).
we have to check the from user *before* attempting to remove
the capability! the wrong user shouldnt be able to change any
state. this fixes the memory leak of the caphash.
do the hash comparsion with tsmemcmp(), avoiding timing
side channels.
allocate the capabilities in secret memory pool to prevent
debugger access.
previously, right shift >>0 resulted in >>32 being emited. this
is especially problematic when the shift count comes from a macro
expansion.
we now handle constant shift >>0 as <<0 (no shift) and allow
shift by 32 be specified.
this applies to logical right shift (>>) arithmetic right shift (->)
and right rotate (@>).
the prior implementation was unneccesarily complicated for
no good reason due to me misunderstanding how libc's nrand()
works. in contrast to libc, we already generate the *closest*
power-of-2 random number with mprand() in the sampling loop.
The kernel needs to keep cryptographic keys and cipher states
confidential. secalloc() allocates memory from the secret pool
which is protected from debuggers reading the memory thru devproc.
secfree() releases the memory, overriding the data with garbage.
drawterm, factotum, secstore and the auth commands
all had ther own implementation of readcons. we
want to have one common function for this to avoid
the duplication, so putting that in libauthsrv.
introduce PASSWDLEN which makes the use more explicit
than ANAMELEN.
when we get eof, stop the loop immidiately and do not
rely on the read to eventually return an error.
when convM2S() fails to decode the message, error out
and stop the loop. there is no point in continuing.
given that the memory leaks have been fixed, theres no need
for the obscure restart feature which is not reliable anyway.
remove the code updating procname on each 9p request.
handle convM2S error by exiting the service loop, dont read
9p channel after eof.
we used to not sign extend if the destination was unsigned
uvlong, which is wrong. we have to sign extend only based
on the signedness of the source (it gets propagated to vlong)
this bug hit in hjfs in the newentry() function, causing file
creation to fail with "create -- phase error":
newentry(...)
{
uvlong sj;
int si;
...
sj = si = -1;
...
}
usually, the plan9 partition table is contained in
the first 9fat partition after the pbs/fat header,
but when no 9fat partition is requested, we have
to make sure partitions wont overlap the partition
table (start at sector offset >= 2).
the pause function is different from just accessing the menu: it pauses both
single and multiplayer games, stops music and sound, and is recorded in demos
(does not cause a desync, unlike menu access).
this uses Kprint rather than Kbreak because Kbreak is e.g. Kctl+pause on some
keyboards.
the first time rtl8169link is called (from rtl8169pnp), the link isn't up, so
setting edev->mbps based on Phystatus register is skipped. edev->mbps is then
still set at the default 100, and that ends up being what devether uses.
this is why some rtl8169 cards are misprinted as 100Mbps in kmesg.
later, after rtl8169link is called again from rtl8169interrupt, the link is up
and edev->mbps is set to the correct value (as shown by e.g. /net/ether0/stats).
so instead, set speed regardless of link status.
blazing doors are a "fast" door type with its own sound effects, introduced in
doom2. doom2 map 2 has one right at the beginning.
this fixes two bugs:
- when a closing blazing door is completely shut, the closing sound effect is
erroneously played again (the first time being when it began closing). this
gives the impression of two doors closing.
- when reopening a closing blazing door (standing underneath a blazing door
while it's closing), the sound effect for regular doors opening is played,
instead of the one for blazing doors, because of a missing case in the switch
statement.
data[mn] and link[mn] are 24-bit values.
in the expression 'm = (n * ((freq * bpp)/8)) / (lsclk * lanes)',
uvlongs are used to prevent integer overflow, but since freq, bpp, lsclk and
lanes are all ints, the cast to uvlong does not happen until it's too late,
getting a wrong value.
instead, use u32int for m and n, and use casts where necessary.
example of bad calculation:
freq = 141400000
lsclk = 270000000
lanes = 2
bpp = 18
→ 0x7f3ee1ca6 (correct value: 0x4b69d0)
when ndb/dns runs as a resolver only (cfg.cachedb == 0),
we still want to purge the "local#" db records to reread
dns server configuration or react to changed ip addresses.
removing old poolcheck and dncheck code, these bugs have
been fixed a long time ago.
the onscreen cursor shows the cursor of the current
focused window or the window it points at. if there
is no window, then we set the default cursor (nil).
the arm compiler can lift long->vlong casts on multiplcation
and convert 64x64->64 multiplication into a 32x32->64 one
with optional 64 bit accumulate.
introduce rolor() function to subsitute (a << c) | (a >> (bits(a) - c))
with (a <<< c) where <<< is cyclic rotation and c is constant.
this almost doubles the speed of chacha encryption of 386 and amd64.
the peephole optimizer used to stop when it hit a shift or rol
instruction when attempting to eleminate moves by register
substitution. but we do not have to as long as the shift count
operand is not CX (which cannot be substituted) and CX is not
a subject for substitution.
neither symdel nor symstat were used anywhere. syminit was used but
had no effect. both syminit and symdel dereference pointers after
freeing them. symstat can be tricked into writing beyond the bounds of
its array
syminit() attemts to reset the symbol table by freeing
all the hash table entries, tho the code is buggy having
a obviously use after free bug.
as syminit() is only called once in main when it does not
contain any symbols, the bug never occured.
removing the unneccesary code alltogether.
add glob information to the word structure so we wont accidently
deglob quoted strings containing the GLOB. we store Globsize(word)
in in word->glob which avoids recalculating that values and the
check if a word should be globbed quick.
globlist() now substitutes the word inplace avoiding the copying
when all words are literals and avoids recursion.
minor cleanups: use list2str() in execeval(), move octal() to
unix.c, remove the (char*) casts to efree().
when using rio auto-complete to resolve file names for the "attach:" and
"include:" headers, the auto-completer might leave whitespaces at
the end of the line which leads upas/marshal to not find the file.
it is now possible to configure additional interfaces (like wifi)
and store the network information while preserving old entries
in /net/ndb. this allows to easily switch from ethernet to wifi
and have dhcp configure dns without having to clear /net/ndb.
Probably the temporary solution to obtain the Estonian uppercase Š and Ž [S and Z with caron (ˇ)] without Shift + AltGr, I note in https://code.9front.org/hg/plan9front/rev/5b6853beadb4 you've written a Shift + AltGr (table 7) for Polish, would be using the caron (ˇ) mapped to key 41 followed by Shift s or Shift z; it was a mistake to earlier map a mode 4 in my fix of /sys/lib/kbmap/ee. It is a bit of an inconvenience to have an AltGr mapping to š and ž, but not a Shift + AltGr mapping to Š and Ž, but that's the best I can do for now. I send a new ee file without the mode 4.
https://code.9front.org/hg/plan9front/rev/851d5d9022af
these should not be in here
1.97+4 31 'Š
1.98+4 44 'Ž
https://code.9front.org/hg/plan9front/rev/378ba39fc90a
Sincerely,
Eric Lindblad
netmkaddr() can return a the pointer to the host string if
it is already a full dial string. but we assumed to get
a copy and freed it before returning.
when _syserrno() fails to map a plan9 error string to
a unix error number, we copy the plan9 error string
to the per process error buffer "plan9err" and set
errno = EPLAN9.
when strerror() is called with EPLAN9, it returns
a pointer to the plan9err buffer.
I introduced a regression in sed that currently has screwed up
/sys/lib/man/secindex.
The issue is that sed 's/$/ foo/g' will actually replace the newline
character with foo instead of just appending at the end of the line.
This only makes a difference when sed is operating on a multiple line
record. The effect is a record like:
foo
bar
baz
becomes:
foo foobar foo baz foo
instead of
foo foo
bar foo
baz foo
problem is NaN() produces a SNaN, not a QNaN... and on the 387,
storing 80 bit SNaN in register to a 64-bit memory destination
traps.
SNaN/QNaN encoding is machine specific. mips has the qiet/signaling
bit inverted.
disabling fp exception in main() now, but that sucks.
i think the best solution would be to not even call strtod() in
is_number() but just write a regex or a little state machine that
will only accept numbers without nan and ±inf.
that might even make it faster and is more robust than relying on
the os's strtod() details.
if the input string contains invalid utf-8, runetochar() produces
unicode replacement characters that can overflow the literal buffer.
as the overflow check is done after runetochar(), add UTFmax bytes
of slack space avoiding the issue.
silly clients (web*) reconnect when the handshake failed with a lower
protocol version, which allows downgrade attacks (POODLE). but instead
of stopping this madness, they invented a new magic TLSID to indicate
to the server that this connection attempt is a retry, and rely on the
server to notice and stop them from sabotaging themselfs.
implement ECDHE key exchange with secp256r1 on the server side, providing
perfect forward secrecy (tho slowly).
it is easier to just keep the ECDH/DH state in the TlsSec structure,
which fits better with the grouping of the functions. we do the cleanup
in tlsConnectionFree() now, so a lot of error handling logic could go
away.
reinvestigated some error paths and removed the ones that cannot error.
move functions to fit the logical grouping.
combine the code for signing handshake hashes (for client certs) and
DH parameters. provide digestDHparams() function to be shared between
server and client code.
don't pass or generate sessionID's. this was never used nor
actually implemented and leaks the process pid.
get rid of version and random field duplications, move TlsSec
structure into TlsConnection.
make msgRecv() clear the message first, get rid of unneccesary
msgClear() calls.
instead of letting factotum_rsa_open() parse the certificate,
we pass in the rsa public key which is then matched against the
factotum keyring. this avoids parsing the x509 certificate
twice.
the sec->rsapub was not freed, so free it in tlsSecClose()
- dirpackage() was not checking if the stat entry lies within
the buffer. fixed.
- simplify dirpackage(), as we process all the bytes from
the buffer, we do not need to track "ss" here as its the same
as "ts".
- zero Dir* array pointer early in dirread() and dirreadall()
and avoid calling dirpackage on <= buffer length.
The /sys/lib/kbmap/ee file seemed to have CRs in it. If a first column in the table
(for modifier key) as 4 is for Alt Gr + Shift then the attached (UTF-8 without BOM)
should work as a replacement ee file.
Best Regards,
Eric Lindblad
assigning the expression value to a temporary variable in
BPSHORT() and BPLONG() saves arround 2K of text in rio on
arm and arround 1K on amd64.
loadchar(): use the passed in "h" as the char index instead
of recomputing it from c-f->cache. dont recompute wid.
cachechars(): do cache lookup and find oldest entry in a
single loop pass.
the openssl we currently use is outdated and will be removed
soon. webfs will handle the https for us with native tls code.
keys have to be stored in factotum for everyone who also wants
to commit directly.
This patch is only an adaptation for 9front of the patch located in
http://www.9legacy.org/9legacy/patch/pc-ether82563-i210.diff. The
major difference is that this patch ignores errors in checksum of
eeprom, because in my system the checksum was wrong. After 3 months,
I didn't have problems, and I think the patch can be used. although
it has some things that need to be fixed. If the link is inactive
when the system boots then it will remain inactive forever.
/n/bugs/open/libdrawfont.c_buffer_overflow
http://bugs.9front.org/open/libdrawfont.c_buffer_overflow/readmeray@raylai.com
Hi all,
In plan9port this bug keeps crashing mc when I run lc in a directory with Chinese characters. This is a diff from OpenBSD but it should apply cleanly to the various plan9 sources.
The code is basically trying to do a realloc (I guess realloc wasn't available back then?) but it copies too much from the original buffer.
Since realloc is available, just use it. If realloc isn't available outside plan9port (I haven't checked) the memmove line should be changed from:
memmove(f->subf, of, (f->nsubf+DSUBF)*sizeof *subf);
to:
memmove(f->subf, of, f->nsubf*sizeof *subf);
I hope this is helpful.
Ray
- return distinct error message when attempting to create Globalseg with physseg name
- copy directory name to up->genbuf so it stays valid after we unlock(&glogalseglock)
- cleanup wstat() handling, allow changing uid
- make sure global segment size is below SEGMAXSIZE
- move isoverlap() check from globalsegattach() into segattach()
- remove Proc* argument from globalsegattach(), segattach() and isoverlap()
- make Physseg.attr and segattach attr parameter an int for consistency
to figure out what network connection a particular tls
conversation refers to, we add the path of the underlying
we send the encrypted tls traffic over in the status file,
example:
term% grep -n '^Chan:' '#a'/tls/*/status
#a/tls/0/status:7: Chan: /net/tcp/6/data
#a/tls/1/status:7: Chan: /net/tcp/0/data
/n/bugs/open/multicasts_and_udp_buffers
http://bugs.9front.org/open/multicasts_and_udp_buffers/readmemichal@Lnet.pl
I have ported my small MPEG-TS analisis tool to Plan9.
To allow this application working I had to fix a bug in the kernel IPv4 code and increase UDP input buffer.
Bug is related to listening for IPv4 multicast traffic. There is no problem if you listen for only one group or multiple groups with different UDP ports. This works:
Write to UDP ctl:
anounce PORT
addmulti INTERFACE_ADDR MULTICAST_ADDR
headers
and you can read packets from data file.
You need to set headers option because otherwise every UDP packet for MULTICAST_ADDR!PORT is treat as separate connection. This is a bug and should be fixed too, but I didn't tried it.
There is a problem when you need to receive packets for multiple multicast groups. Usually the same destination port is used by multiple streams and above sequence of commands fails for second group because the port is the same.
Simple and probably non-intrusive fix is adding "|| ipismulticast(addr)" to if statement at /sys/src/9/ip/devip.c:861 line:
if(ipforme(c->p->f, addr) || ipismulticast(addr))
This fixes the problem and now you can use the following sequence to listen for multiple multicast groups even if they all have the same destination port:
announce MULTICAST_ADDR!PORT
addmulti INTERFACE_ADDR MULTICAST_ADDR
headers
After that my application started working but signals packet drops at >2 Mb/s input rate. The same is reported by kernel netlog. Increase capacity of UDP connection input queue fixes this problem /sys/src/9/ip/udp.c:153
c->rq = qopen(512*1024, Qmsg, 0, 0);
--
Michał Derkacz
access to the axi segment hangs the machine when the fpga
is not programmed yet. to prevent access, we introduce a
new SG_FAULT flag, that when set on the Segment.type or
Physseg.attr, causes the fault handler to immidiately
return with an error (as if the segment would not be mapped).
during programming, we temporarily set the SG_FAULT flag
on the axi physseg, flush all processes tlb's that have
the segment mapped and when programming is done, we clear
the flag again.
tsleep() used to cancel the timer with:
if(up->tt != nil)
timerdel(up);
which still can result in twakeup() to fire after tsleep()
returns (because we set Timer.tt to nil *before* we call the tfn).
in most cases, this is not an issue as the Rendez*
usually is just &up->sleep, but when it is dynamically allocated
or on the stack like in tsemacquire(), twakeup() will call
wakeup() on a potentially garbage Rendez structure!
to fix the race, we execute the wakup() with the Timer lock
held, and set p->trend to nil only after we called wakeup().
that way, the timerdel(); which unconditionally locks the Timer;
can act as a proper barrier and use up->trend == nil as the
condition if the timer has already fired.
for queue like non-seekable files, it is impossible to implement an
exportfs because one has to run the kernels devtab read() and write()
in separate processes, and that makes it impossible to maintain 9p message
order as the scheduler can come in and randomly schedule one process before
another.
so as soon as we have a transition from 9p -> syscalls, we'r screwed.
i currently see just two possibilities:
- introduce special file type like QTSEQ with strictly ordered i/o semantics
- fix all fileservers and exportfs to only do one outstanding i/o to QTSEQ files
which means maintaining a queue per fid
this doesnt propagate. so exporting slow 9p mount again will be limited
again by latency of the inner mount.
other option:
- return offset in Rread, so client can bring responses back into order. this
requires changing all fileservers and drivers to maintain such an per fid offset
and change the protocol to include it in the response, and also pass it to userspace
(new syscalls or pass it in TOS)
this only works for read pipelining, write is still screwed.
both options suck.
--
cinap
(ppp->secret comes from factotum and it can have any size)
This patch also sets the correct state after success and
failure cases in chap negotiation (without them the code was
working because it expected the other point to pass to net
phase or due to the timer).
p2.patch: Do not request encriptation with -c or -C in ppp
(it was a bit annoying request compression, and when the ACK
from the server was received then send a NAK).
p3.patch: Add support for md5 and mschap in in chap
(without this patch ppp was passing to the net stage
without worring about chap).
