Commit graph

5883 commits

Author SHA1 Message Date
cinap_lenrek
c5c159b17a upas/fs: fix imap atom quoting (thanks Piotr Kubaj) 2018-02-05 19:16:29 +01:00
aiju
721b141438 add ptrap 2018-02-05 09:38:59 +00:00
cinap_lenrek
d06196ab87 auth/asn12rsa: also convert ASN.1 encoded public key to plan9 format 2018-02-05 03:21:51 +01:00
cinap_lenrek
58914b4b0b /sys/lib/dist/mkfile: fix cfg/plan9.ini dependency (only visible after binds) 2018-01-31 19:44:54 +01:00
cinap_lenrek
650a4434a6 webfs(4): document -d and -D flags 2018-01-31 19:09:11 +01:00
cinap_lenrek
83d8a24215 pc64: fix kmap() and invlpg()
flushing tlb once the index wraps arround is not enougth
as in use pte's can be speculatively loaded. so instead
use invlpg() and explicitely invalidate the tlb of the
page mapped.

this fixes wired mount cache corruption for reads approaching
2MB which is the size of the KMAP window.

invlpg() was broken, using wrong operand type.
2018-01-29 08:26:42 +01:00
cinap_lenrek
b5362dc722 ndb/dns: cleanup 2018-01-28 22:46:48 +01:00
cinap_lenrek
549a6745e3 ndb/dns: fix leak in myaddr(), normalize ip strings
remove myaddr() function and replace with myip() function
that receives binary ip address. and don't use string
comparsion for ip addresses... parse and then ipcmp().

for sanity reasons, normalize ip address strings and
reject unparsable ones. done by calling ipalookup()
with a binary ip address.
2018-01-28 22:36:01 +01:00
cinap_lenrek
b3b938d5ec ndb/cs: handle v4 only case for rudp 2018-01-28 17:58:16 +01:00
cinap_lenrek
1d10ecdaae venti/conf: fix padding so we write multiple of sector size 2018-01-28 17:22:00 +01:00
cinap_lenrek
d2ec488a93 ip/dhcpd: remove old testing code 2018-01-27 23:47:46 +01:00
cinap_lenrek
34f19570b9 libndb: retire deprecated csgetval(), ndbgetval() and ndblookval() functions 2018-01-27 23:46:48 +01:00
cinap_lenrek
6a23ef917b kernel: initialize cyclefreq for machno > 0 in guesscpuhz() 2018-01-27 19:58:48 +01:00
cinap_lenrek
26193c4bff upas/fs: try to deal with nil mail body (can happen when fetch fails) 2018-01-27 19:02:31 +01:00
cinap_lenrek
a863cf8e7e upas/fs: deal with imap returning more uid's than allocated from previus "messages" command 2018-01-25 02:14:51 +01:00
cinap_lenrek
5054c9795c ip/pptpd: don't mess with ipifc (handled by ppp), slay note gorup on exit 2018-01-22 21:34:39 +01:00
cinap_lenrek
950e22be67 ip: make pkt interfaces unbind on close (from inferno) 2018-01-22 21:33:22 +01:00
cinap_lenrek
b670fc0ac5 ppp: remove left over debug print 2018-01-21 23:56:37 +01:00
cinap_lenrek
218e61f80f ppp(8): remove BUGS section, client auth has been fixed. 2018-01-21 22:58:30 +01:00
cinap_lenrek
98b1f2a75b ppp: mschapv2 support 2018-01-21 22:55:14 +01:00
cinap_lenrek
3004f058f6 libauth: add auth_respondAI() function to get AuthInfo for mschap/mschapv2 2018-01-21 22:37:45 +01:00
cinap_lenrek
a7974d96b7 factotum: implement mschapv2 role=server authentication (for ppp)
this implements the server part of mschapv2 with the new
authserver changes.

we also provide AuthInfo for the client now with the
MPPE secret and the authenticator.
2018-01-21 22:35:01 +01:00
cinap_lenrek
fd1e50d653 authsrv: implement mschapv2 authentication, include MPPE secret in the ticket
this adds new rpc for mschapv2 authentication (21)

deliver the MPPE secret not after the ticket/authenticator
response as cheartext, but include it in the first 128 bit
of the ticket key. and the authenticator in the first 160 bit
of the authenticator random field.
2018-01-21 22:32:34 +01:00
cinap_lenrek
9840c50a3e gre: don't drop pptp packets when smaller than v4 header 2018-01-20 15:13:11 +01:00
cinap_lenrek
9d0ba6f162 ip/ipconfig: use 2000::/3 instead of ::/0 for v6 default route
the ::/0 route has the bad side effect of breaking v4 connections
when theres no default route due to v6 mapped v4 addresses. this
might be temporary measure.
2018-01-16 23:27:23 +01:00
cinap_lenrek
12f27944a5 p/ipconfig: don't put automatic link-local address configuration in /net/ndb 2018-01-16 21:37:36 +01:00
cinap_lenrek
ccf72da47d set router R-flag when sendra is active for neighbor advertisement
windows 7 just drops the default router when it tries to
probe for router reachability but gets a neighbor avertisement
from the router with the router bit clear.

so set the R-flag when sendra is active, which implies that
we are a router.
2018-01-16 20:42:01 +01:00
cinap_lenrek
2bd59d9cb3 authsrv: fix chap
use OCHAPREPLYLEN instead of sizeof(reply) (no padding).

exit after sending ticket response to force eof as factotum
unconditionally reads tailing secret hash (as of mschap).
2018-01-15 01:31:27 +01:00
23hiro
87c2d23c8f ipconfig(8): remove dhcp mention from -6 example 2018-01-14 23:58:25 +01:00
cinap_lenrek
b85245f5d2 ip/ipconfig: add v6 deault route from router advertisements 2018-01-14 19:33:30 +01:00
cinap_lenrek
84e67ffa88 listen(8): add -a option to restrict announce address, document tcp17019 and tcp17020 2018-01-14 19:32:13 +01:00
cinap_lenrek
7b5cf8de2d ether79c970: dont disable promisc mode when multicast table is not empty 2018-01-13 11:41:37 +01:00
cinap_lenrek
ad36593a99 ether82557: don't turn off promisc mode when mcast table is not empty
the driver doesnt implement multicast filter, but just turns
on promiscuous mode when a multicast address is added. but this
breaks when one actually enables and then disables promiscuous
mode with say, running snoopy.

we have to keep promisc mode active as long as multicast table
is not empty.
2018-01-13 07:16:17 +01:00
cinap_lenrek
ba87e58876 wifi: learn target ip address from neighbor advertisements in dmat proxy 2018-01-12 18:28:50 +01:00
cinap_lenrek
2088f8c991 wifi: filter out loopback traffic from myself
broadcast traffic was received back on the wire causing
duplicate address detection to break with dmat proy as
the rewritten broadcasts where observable.

the fix is to just ignore packets from ourselfs received
from the air. devether already handles loopback.
2018-01-12 08:01:15 +01:00
cinap_lenrek
d682a6cb38 ip/ipconfig: set on-link flag in router advertisement prefix info (fixes windows7) 2018-01-10 18:28:23 +01:00
cinap_lenrek
acb206859d ether8169: deal with kernel memory exhaution
when kernel memory is exhausted, rtl8169replenish() can fail
to plant more receive descriptors and rtl8169receive() would
run over the receive tail and crash on the nil ctlr->rb[x].

rtl8169receive() is called on "Receive Descriptor Unavailable"
and "Packet Underrun" so we will try to replenish descriptors
in the beginning first in case memory was exhausted and memory
is available again and make sure not to run over the tail.
2018-01-08 00:23:26 +01:00
cinap_lenrek
069230cd62 forgot to commit asn1dump.c... 2018-01-07 05:17:34 +01:00
cinap_lenrek
05f721e998 venti: fix wrong channel element size for amd64 (thanks mycroftiv) 2018-01-06 20:21:50 +01:00
cinap_lenrek
7776180407 tlssrv: remove usage reference to lost auth/secretpem 2018-01-06 08:44:12 +01:00
cinap_lenrek
1c3377a67f factotum: remove unused sshrsa.c 2018-01-06 08:37:32 +01:00
cinap_lenrek
8ff72ce20d libsec: remove asn1toDSApriv() 2018-01-06 08:34:25 +01:00
cinap_lenrek
a200ecd3a6 remove asn12dsa, dsa2pub, dsa2ssh and dsagen
was mostly usefull for old ssh.
2018-01-06 08:32:51 +01:00
cinap_lenrek
91a701747c auth/asn1dump: include in mkfile 2018-01-06 07:44:12 +01:00
cinap_lenrek
d4a830e2e1 tlsclient: allow dumping the server's certificate with new -d flag
usefull for debugging, like:

./8.tlsclient -d /fd/3 tcp!code.9front.org!https |[0=3] auth/asn1dump
2018-01-06 07:43:08 +01:00
cinap_lenrek
e548a86575 tlsclient: remove X509dump() call, writes to fd 1 2018-01-06 06:25:45 +01:00
cinap_lenrek
7e4b669393 /sys/lib/dist: split 9boot into 9bootproto, make *.386.iso and *.amd64.iso targets 2018-01-05 08:41:46 +01:00
cinap_lenrek
b437065950 stats: show amount of reclaimable pages (add -r flag)
reclaimable pages are user pages that are used for
caches like the image cache, mount cache and swap cache.
2018-01-05 00:52:14 +01:00
cinap_lenrek
d3e54ff2d9 pc kernel: fix wrong simd exception mask (fixes go bootstrap) 2018-01-04 04:38:31 +01:00
cinap_lenrek
743f65c878 ape/libauth: remove auth_wep.$O from mkfile 2018-01-02 06:05:47 +01:00
cinap_lenrek
e8b46f6972 ape: update auth.h header for APE 2018-01-02 04:59:44 +01:00
cinap_lenrek
f70ebd8e62 factotum(4): document dp9ik, update protocol list 2018-01-02 04:50:13 +01:00
cinap_lenrek
77ad456b31 libauth: simplify _attrfmt() using fmtprint() avoiding stack buffer 2018-01-02 04:47:42 +01:00
cinap_lenrek
e1ca49d625 libauth: remove auth_wep() function, and non-existing httpauth() declaration 2018-01-02 04:31:21 +01:00
cinap_lenrek
1d7bb80793 factotum: remove legacy wep protocol 2018-01-02 04:27:23 +01:00
cinap_lenrek
4edc761024 libauth: fix out of bounds memory access in _parseattr()
empty token would read ""[-1] accidentally in the AttrQuery case.
2018-01-01 23:23:55 +01:00
cinap_lenrek
f7b0cc7a64 factotum: replace custom hex parsing code with dec16() avoding timing side channels 2018-01-01 21:14:39 +01:00
cinap_lenrek
5cf5f6e9ac libmp: use constant time encode(2) routines instead of lookup tables
the encode(2) routines are constant time now, so
use them instead of using lookup table that can
leak information through cache timing side channel.
2017-12-31 10:59:01 +01:00
cinap_lenrek
ea212266a1 ape: make encXchr()/decXchr() functions available 2017-12-31 10:53:50 +01:00
cinap_lenrek
c039b52fc3 libc: constant time implementation for encode(2) routines, fix base32
the string encoding functions touch secret key material
in a bunch of places (devtls, devcap), so make sure we do
not leak information by cache timing side channels, making
the encoding and decoding routines constant time.

we also expose the alphabets through encXchr()/decXchr()
functions so caller can find the end of a encoded string
before calling decode function (for libmp).

the base32 encoding was broken in several ways. inputs
lengths of len%5 == [2,3,4] had output truncated and
it was using non-standard alphabet. documenting the alphabet
change in the manpage.
2017-12-31 09:06:42 +01:00
cinap_lenrek
ee89c82dd3 wifi: get rid of custom hextob() routine, use dec16(), avoid copies in parsekey() 2017-12-31 01:49:58 +01:00
cinap_lenrek
8a64413eca aux/wpa: get rid of custom Hfmt() routine, just use encodefmt. use %E for mac addresses 2017-12-31 01:04:41 +01:00
cinap_lenrek
57f8b6ec75 libsec: implement SPKI fingerprinting for okCertificate()
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.

This allows certificates to be renewed independendtly of the
public key.

X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.

tlsclient will print the certificate when run with -D flag.

okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek
b42d441a23 libsec: fix mistake: strnchr -> strchr 2017-12-30 02:47:02 +01:00
cinap_lenrek
582d2e664f libsec: avoid unneccesary memory copies and redundant code in x509
getting rid of some functions that take Byte* and instead
pass uchar* and length.

keeping the signature and public key fields in CertX509
as Bits* allows ownership transfer by swapping pointers.

use common code to copy CN from subject field.
2017-12-30 02:36:47 +01:00
cinap_lenrek
e3cad82680 libsec: get rid of dummy data[1] in Bytes and Ints types (thanks pr) 2017-12-29 20:04:42 +01:00
cinap_lenrek
ce2211b08c usbxhci: add missing pexit() in xhcirecover proc (thanks sam-d) 2017-12-29 06:10:25 +01:00
cinap_lenrek
a021f054b0 wifi: revert rate adoption divider, breaks arpunks wifi 2017-12-29 03:41:32 +01:00
cinap_lenrek
8040a878de devtls, devssl: avoid ~0UL comparsion (from drawterm) 2017-12-28 19:13:53 +01:00
cinap_lenrek
80185daba9 devmnt: use u32int for tagmask, simplify alloctag() 2017-12-28 18:25:15 +01:00
cinap_lenrek
b9d2a9efd5 wifi: don't implicitely update lastseen timestamp on nodelookup()
in case we continue to send traffic (like ping) with the ap gone,
the sending would keep updating bss->lastseen which prevents the
timeout to happen to switch bss.
2017-12-28 04:34:03 +01:00
cinap_lenrek
d13142b3da etheriwl, etherwpi: limit transmit queue buffer bloat to 48k (at 22Mbit ≅ 20ms) 2017-12-28 01:24:38 +01:00
cinap_lenrek
ce9cc8a358 wifi: don't assume Wifi.rates[] is sorted, return net data rate for mbps (50% theoretical) 2017-12-28 01:19:14 +01:00
cinap_lenrek
9c6897e848 arch(3): document #P/realmodemem file 2017-12-23 04:45:22 +01:00
cinap_lenrek
96eb90fba1 devvga: removing #v/vgabios, use /dev/realmodemem instead 2017-12-23 04:26:50 +01:00
cinap_lenrek
50bea0348c kernel: convert textmode cga screen contents to kmesg only once
screeninit() might be called again by devvga when switching
to textmode, so only convert the text framebuffer to kmesg
the first time.
2017-12-23 03:56:12 +01:00
cinap_lenrek
19419329b2 auth(8): auth/debug tests both dp9ik and p9sk1 2017-12-23 03:21:01 +01:00
cinap_lenrek
02b6831fa5 kernel: remove Ipifc.mbps, unused. 2017-12-23 02:58:47 +01:00
cinap_lenrek
3b7f73ccff ip/tinc: handle and set ethertype for ipv6 2017-12-21 04:11:02 +01:00
cinap_lenrek
21b5656d89 upas/fs: more bugs 2017-12-19 20:57:24 +01:00
cinap_lenrek
a84a5c21ce upas/fs: fix precedence bugs, compare digest pointer to nil 2017-12-19 20:44:15 +01:00
cinap_lenrek
417bdbb869 ether8169: add Macv45 for RTL8111HN, rename Macv45 -> Macv42 (thanks qeed, sam-d) 2017-12-19 00:03:54 +01:00
cinap_lenrek
3e22f7ef1d nusb/ether: dont forward loopback packets on bridges, remove read nonblocking hack 2017-12-18 20:50:25 +01:00
cinap_lenrek
c1eb4b8d68 devether: dont forward loopback packets on bridges 2017-12-18 20:47:55 +01:00
cinap_lenrek
1f80d31f41 devbridge: disable write blocking on ethernets 2017-12-18 20:44:53 +01:00
cinap_lenrek
e31934f9f3 bridge(3): clarify manpage, this is a layer2 bridge
yes, it peeks into IP packets to handle fragmentation when sending
onto tunnel ports and does mss clamping. but it can carry arbitrary
ethernet packets just fine (between ethernets).
2017-12-17 20:51:41 +01:00
cinap_lenrek
3e48a66665 pc, pc64: add devbridge to kernel configuration 2017-12-17 20:33:39 +01:00
cinap_lenrek
520c938f0b devbridge: fix mss clamping
- use protocol constants from ip/ip.h and ip/ipv6.h
- support mss clamping for ipv6
- fix padding bug on 64 bit machines (can't use sizeof(Tcphdr))
2017-12-17 20:30:24 +01:00
cinap_lenrek
0affe02b61 ip/tinc: handle single byte noop and end-of-option-list tcp options in clampmss() 2017-12-17 20:20:17 +01:00
cinap_lenrek
15ff38e818 wifi: use protocol constants from ip/ip.h and ip/ipv6.h for dmatproxy() 2017-12-17 17:17:26 +01:00
cinap_lenrek
070a9ef753 wifi: matt damon wifi bridging support 2017-12-16 21:43:47 +01:00
cinap_lenrek
9fd8894fec ether: allow spoofing of source mac address for bridges; used by vmx
to implement layer 2 bridges in userspace, we disable to auto filling
of the source mac address when bridge mode is enabled on the
connection.
2017-12-15 22:22:29 +01:00
aiju
4ad70e6055 vmx(1): fix virtio network bloomfilter 2017-12-13 22:20:12 +00:00
stanley lieber
e35616cb66 /sys/man/*/*: fix perms (sorry) 2017-12-11 19:58:06 -05:00
stanley lieber
c7eff88293 fortunes: Subject: [oss-security] nvi denial of service 2017-12-11 19:36:54 -05:00
stanley lieber
d057d67bed /sys/lib/rootstub 2017-12-11 19:34:15 -05:00
cinap_lenrek
35bc3ac573 devether: remove duplicated parseether() implementation (pull from libip) 2017-12-09 22:07:32 +01:00
cinap_lenrek
a7ac020664 libflate: force non-empty huffman table in mkzprecode() for deflate
busybox gunzip fails on empty (offset) huffman tables,
so force one entry.

gzip states in a comment:

The pkzip format requires that at least one distance code exists,
and that at least one bit should be sent even if there is only one
possible code.
2017-12-09 18:20:29 +01:00
cinap_lenrek
303fb49686 disk/edisk: allow printing and readonly inspection of hybrid MBR/GPT disks (thanks aiju)
dumping hybrid MBR/GPT disks is fine, which can sometimes be found
on USB sticks. but prohibit editing.

however, always barf on disks with dos partitions and missing
protecive MBR partition entry.
2017-12-05 23:44:43 +01:00
cinap_lenrek
a3c2819c50 realemu: fix precedence bug in argconv() format routine (thanks dan cross) 2017-12-04 05:14:31 +01:00
cinap_lenrek
e138750028 realemu: fix pit bcd mode 2017-12-04 05:09:13 +01:00
cinap_lenrek
d850c60121 plan9.ini(8): 9boot(8) is not a DOS program, remove outdated BUGS section 2017-12-03 19:23:55 +01:00
cinap_lenrek
65566dda8e devvga: properly handle physical screen size and panning
- remove arbitrary limits on screen size, just check with badrect()
- post resize when physgscreenr is changed (actualsize ctl command)
- preserve physgscreenr across softscreen flag toggle
- honor panning flag on resize
- fix nil dereference in panning ctl command when scr->gscreen == nil
- use clipr when drawing vga plan 9 console (vgascreenwin())
2017-12-03 18:54:25 +01:00
cinap_lenrek
a08727d9da screenlock: put position check back in grabmouse (thanks deuteron)
the check was there because changing te position causes another
mouse event to get posted resulting in grabmouse spinning.
2017-12-03 16:34:35 +01:00
cinap_lenrek
308407dc6e screenlock: have keyboard activity reset blank timeout 2017-12-03 06:41:41 +01:00
cinap_lenrek
61d4816102 screenlock: avoid continuous blanking, draw fullscreen over border 2017-12-03 06:27:18 +01:00
cinap_lenrek
e1c447bc11 screenlock: some improvements
check for "needkey " error string from auth_userpasswd() in case no
key is pesent in factotum. this used to be a common trap with stand
alone machines that do not have an authentication server setup.

indicate authentication in progress by drawing a white border.

delete unneccesary cruft and simplify the code.
2017-12-03 05:47:35 +01:00
cinap_lenrek
554fb43df5 libauth: replace proto=p9cr with new proto=dp9ik/p9sk1 role=login for auth_userpasswd() 2017-12-03 05:14:33 +01:00
cinap_lenrek
3ef51c16d4 auth/factotum: add role=login protocol variant to dp9ik/p9sk1
the role=login protocol is ment to replace proto=p9cr in
auth_userpasswd() from libauth to authenticate a user
given a username and a password. in contrast to p9cr, it
does not require an authentication server when user is the
hostowner and its key is present in factotum.
2017-12-03 05:10:04 +01:00
cinap_lenrek
e614cdf02f auth/login: add missing quotefmtinstall(), quote dom attribute 2017-12-03 04:54:34 +01:00
cinap_lenrek
f948c402d8 errstr(2): add /sys/src/libc/9sys/rerrstr.c to SOURCE section 2017-12-03 02:22:48 +01:00
cinap_lenrek
2bf642de9d screenlock: blank screen using /dev/mousectl (thanks sl) 2017-12-01 23:13:01 +01:00
cinap_lenrek
f03260bf25 libsec: make includes consistent for sha2block*.c 2017-11-30 21:50:52 +01:00
cinap_lenrek
4cdd7049a6 libsec: unroll portable sha1block function
just 6-10% slower than most assembly versions.
20% faster on zynq.
2017-11-30 21:30:03 +01:00
cinap_lenrek
c09cd2882c libsec: unroll portable sha2block functions
- unroll the loops
- rotate the taps on each step, avoiding copies
- simplify boolean formulas for Ch() and Maj()

this yields arround 40% throughput increase on 32/64bit
archs for sha2_256 and sha2_512 on amd64.
2017-11-30 02:16:27 +01:00
aiju
d51d54442e games/blit: update screen when display address changes (thanks aap) 2017-11-27 20:34:48 +00:00
aiju
bea6dcd122 vmx(1): fix openbsd 6.2 amd64 !entrystate bug 2017-11-27 09:30:15 +00:00
cinap_lenrek
aa3c0e55f3 libsec: optimize aesCBCencrypt()/aesCBCdecrypt()
- get rid of the temporary copies and memmoves()
- when the data pointer is aligned, do xor and copying inline

speedup for auth/aescbc encryption depends on arch:

- zynq	7%	(arm)
- t23	13%	(386)
- x230	20%	(amd64, aes-ni)
- apu2	25% (amd64, aes-ni)
2017-11-27 01:31:19 +01:00
cinap_lenrek
4898050282 cga: capture cga console contents on boot, make sure cgapos is in range
to capture bios and bootloader messages, convert the contents
on the screen to kmesg.

on machines without legacy cga, the cga registers read out as
0xFF, resuting in out of bounds cgapos. so set cgapos to 0 in
that case.
2017-11-26 17:11:01 +01:00
cinap_lenrek
af20ba6746 devvga: re-render text from kmesg after resize 2017-11-26 04:49:30 +01:00
cinap_lenrek
28e9566dc5 spin: Update to most recent version. (thanks Ori_B)
from Ori_B:

There were a small number of changes needed from the tarball
on spinroot.org:

  - The mkfile needed to be updated
  - Memory.h needed to not be included
  - It needed to invoke /bin/cpp instead of gcc -E
  - It depended on `yychar`, which our yacc doesn't
    provide.

I'm still figuring out how to use spin, but it seems to do
the right thing when testing a few of the examples:

	% cd $home/src/Spin/Examples/
	% spin -a peterson.pml
	% pcc pan.c -D_POSIX_SOURCE
	% ./6.out

	(Spin Version 6.4.7 -- 19 August 2017)
		+ Partial Order Reduction

	Full statespace search for:
		never claim         	- (none specified)
		assertion violations	+
		acceptance   cycles 	- (not selected)
		invalid end states	+

	State-vector 32 byte, depth reached 24, errors: 0
	40 states, stored
	27 states, matched
	67 transitions (= stored+matched)
		0 atomic steps
	hash conflicts:         0 (resolved)

	Stats on memory usage (in Megabytes):
	0.002	equivalent memory usage for states (stored*(State-vector + overhead))
	0.292	actual memory usage for states
	128.000	memory used for hash table (-w24)
	0.534	memory used for DFS stack (-m10000)
	128.730	total actual memory usage


	unreached in proctype user
		/tmp/Spin/Examples/peterson.pml:20, state 10, "-end-"
		(1 of 10 states)

	pan: elapsed time 1.25 seconds
	pan: rate        32 states/second
2017-11-22 21:09:31 +01:00
cinap_lenrek
077e719dfb libsec: write optimized _chachablock() function for amd64 / sse2
doing 4 quarterround's in parallel using 128-bit
vector registers. for second round shuffle the columns and
then shuffle back.

code is rather obvious. only trick here is for the first
quaterround PSHUFLW/PSHUFHW is used to swap the halfwords
for the <<<16 rotation.
2017-11-20 00:10:35 +01:00
cinap_lenrek
1eb3739454 libmach: fix format for 8db sse shift ops 2017-11-19 21:11:41 +01:00
cinap_lenrek
15bd341cc3 6l: fix typo in optab table for APSLLQ (0x7e -> 0x73) 2017-11-19 21:10:36 +01:00
cinap_lenrek
e3736b8887 kernel: make isaconfig() consistent, not inplace tokenizing the conf string 2017-11-19 17:17:04 +01:00
cinap_lenrek
4a684fc627 6in4: add -m mtu option to specify outer MTU
instead of hardcoding the tunnel interface MTU to 1280,
we calculate the tunnel MTU from the outside MTU, which
can now be specified with the -m mtu option. The deault
outside MTU is 1500 - 8 (PPPoE).
2017-11-18 16:03:44 +01:00
cinap_lenrek
435a9a150e 9pc64: handle special case in fpurestore() for procexec()/procsetup()
when a process does an exec, it calls procsetup() which
unconditionally sets the sets the TS flag and fpstate=FPinit
and fpurestore() should not revert the fpstate.
2017-11-16 23:15:08 +01:00
cinap_lenrek
859d5c9146 audio/flacdec: add eof handler avoiding endless spinning on broken files (thanks deuteron) 2017-11-16 14:15:00 +01:00
cinap_lenrek
753f64a877 pc64: fix mistake fpurestore() mistake
cannot just reenable the fpu in FPactive case as we might have
been procsaved() an rescheduled on another cpu. what was i thinking...
thanks qu7uux for reproducing the problem.
2017-11-14 00:16:21 +01:00
cinap_lenrek
f4880742fd igfx: allocate backing memory for framebuffer and hw cursor when not done by bios (from qu7uux)
new approach to graphics memory management:

the kernel driver never really cared about the size of stolen memory
directly. that was only to figure out the maximum allocation
to place the hardware cursor image somewhere at the end of the
allocation done by bios.

qu7uux's gm965 bios however wont steal enougth memory for his
native resolution so we have todo it manually.

the userspace igfx driver will figure out how much the bios
allocated by looking at the gtt only. then extend the memory by
creating a "fixed" physical segment.

the kernel driver allocates the memory for the cursor image
from normal kernel memory, and just maps it into the gtt at the
end of the virtual kernel framebuffer aperture.

thanks to qu7uux for the patch.
2017-11-13 00:48:46 +01:00
cinap_lenrek
3356e0e731 libsec: AES-NI support for amd64
Add assembler versions for aes_encrypt/aes_decrypt and the key
setup using AES-NI instruction set. This makes aes_encrypt and
aes_decrypt into function pointers which get initialized by
the first call to setupAESstate().

Note that the expanded round key words are *NOT* stored in big
endian order as with the portable implementation. For that reason
the AESstate.ekey and AESstate.dkey fields have been changed to
void* forcing an error when someone is accessing the roundkey
words. One offender was aesXCBmac, which doesnt appear to be
used and the code looks horrible so it has been deleted.

The AES-NI implementation is for amd64 only as it requires the
kernel to save/restore the FPU state across syscalls and
pagefaults.
2017-11-12 23:15:15 +01:00
cinap_lenrek
4f27f6a04f pc64: allow using the FPU in syscall and pagefault handlers
The aim is to take advantage of SSE instructions such as AES-NI
in the kernel by lazily saving and restoring FPU state across
system calls and pagefaults. (everything can can do I/O)

This is accomplished by the functions fpusave() and fpurestore().

fpusave() remembers the current state and disables the FPU if it
was active by setting the TS flag. In case the FPU gets used,
the current state gets saved and a new PFPU.fpslot is allocated
by mathemu().

fpurestore() restores the previous FPU state, reenabling the FPU
if fpusave() disabled it.

In the most common case, when userspace is not using the FPU,
then fpusave()/fpurestore() just toggle the FPpush bit in
up->fpstate.

When the FPU was active, but we do not use the FPU, then nothing
needs to be saved or restored. We just switched the TS flag on
and off agaian.

Note, this is done for the amd64 kernel only.
2017-11-12 22:55:54 +01:00
cinap_lenrek
3ccd53549f pc64: set ts flag before schedinit() 2017-11-08 00:34:08 +01:00
cinap_lenrek
24057fd4f4 kernel: introduce per process FPU struct (PFPU) for more flexible machine specific fpu handling
introducing the PFPU structue which allows the machine specific
code some flexibility on how to handle the FPU process state.

for example, in the pc and pc64 kernel, the FPsave structure is
arround 512 bytes. with avx512, it could grow up to 2K. instead
of embedding that into the Proc strucutre, it is more effective
to allocate it on first use of the fpu, as most processes do not
use simd or floating point in the first place. also, the FPsave
structure has special 16 byte alignment constraint, which further
favours dynamic allocation.

this gets rid of the memmoves in pc/pc64 kernels for the aligment.

there is also devproc, which is now checking if the fpsave area
is actually valid before reading it, avoiding debuggers to see
garbage data.

the Notsave structure is gone now, as it was not used on any
machine.
2017-11-04 20:08:22 +01:00
cinap_lenrek
04ce485f1b tinc(8): mash -> mesh 2017-11-02 09:05:03 +01:00
cinap_lenrek
efdd6afcd6 tinc(8): more spelling spam 2017-11-01 18:40:17 +01:00
cinap_lenrek
ce89017481 tinc(8): spelling, thanks jpm 2017-11-01 18:34:58 +01:00
cinap_lenrek
736c31882f tinc(8): outout -> output 2017-10-31 22:58:55 +01:00
cinap_lenrek
daf292ac9d tinc: implement experimental mash peer to peer VPN from http://www.tinc-vpn.org/ 2017-10-31 22:44:25 +01:00
cinap_lenrek
5c1afc882c aes(2): document aes_xts_encrypt() and aes_xts_decrypt() functions 2017-10-30 03:04:05 +01:00
cinap_lenrek
0e68b7551a kernel: pc/pc, fix comment line 2017-10-30 02:08:05 +01:00
cinap_lenrek
e436a529cd swap(3): document permissions and encryption behaviour, reference to memory(8) 2017-10-30 01:55:58 +01:00
cinap_lenrek
7e619e59e4 devcons: remove obsolete comment 2017-10-30 01:24:18 +01:00
cinap_lenrek
5a93b4fe2d kernel: track more header dependencies in port/portmkfile 2017-10-30 01:23:48 +01:00
cinap_lenrek
b815eaca42 devswap: fix mistake 2017-10-29 23:24:42 +01:00
cinap_lenrek
f3f9392517 kernel: introduce devswap #¶ to serve /dev/swap and handle swapfile encryption 2017-10-29 23:09:54 +01:00
cinap_lenrek
93117262c2 devfs: rewrite cryptio()
adjust to new aes_xts routines.

allow optional offset in the 4th argument where the encrypted
sectors start instead of hardcoding the 64K header area for
cryptsetup.

avoid allocating temporary buffer for cryptio() reads, we can
just decrypt in place there.

use sdmalloc() to allocate the temporary buffer for cryptio()
writes so that devsd wont need to allocate and copy in case
it didnt like our alignment.

do not duplicate the error reporting code, just use io()
that is what it is for.

allow 2*256 bit keys in addition to 2*128 bit keys.
2017-10-29 22:01:58 +01:00
cinap_lenrek
c021390e21 libsec: rewrite aex_xts_encrypt()/aes_xts_decrypt()
the previous implementation was not portable at all, assuming
little endian in gf_mulx() and that one can cast unaligned
pointers to ulong in xor128(). also the error code is likely
to be ignored, so better abort() when the length is not a
multiple of the AES block size.

we also pass in full AESstate structures now instead of
the expanded key longs, so that we do not need to hardcode
the number of rounds. this allows each indiviaul keys to
be bigger than 128 bit.
2017-10-29 21:49:24 +01:00
cinap_lenrek
77757dbdb1 cwfs: use /dev/swap instead of #c/swap to determine memory size 2017-10-29 21:41:35 +01:00
cinap_lenrek
3794b1c14f libc: improve alignment of QLp structure on amd64, cosmetics
the QLp structure used to occupy 24 bytes on amd64.
with some rearranging the fields we can get it to 16 bytes,
saving 8K in the data section for the 1024 preallocated
structs in the ql arena.

the rest of the changes are of cosmetic nature:

- getqlp() zeros the next pointer, so there is no need to set
  it when queueing the entry.

- always explicitely compare pointers to nil.

- delete unused code from ape's qlock.c
2017-10-28 18:53:27 +02:00
cinap_lenrek
4fc4b0dda7 libc: wunlock() part 2
the initial issue was that wunlock() would wakeup readers while
holding the spinlock causing deadlock in libthread programs where
rendezvous() would do a thread switch within the same process
which then can acquire the RWLock again.

the first fix tried to prevent holding the spinlock, waking up
one reader at a time with releasing an re-acquiering the spinlock.
this violates the invariant that readers can only wakup writers
in runlock() when multiple readers where queued at the time of
wunlock(). at the first wakeup, q->head != nil so runlock() would
find a reader queued on runlock() when it expected a writer.

this (hopefully last) fix unlinks *all* the reader QLp's atomically
and in order while holding the spinlock and then traverses the
dequeued chain of QLp structures again to call rendezvous() so
the invariant described above holds.
2017-10-26 02:42:26 +02:00
cinap_lenrek
83fe7aaa5c upas/smtpd: don't call syslog() from the note handler, this can deadlock
when the alarm hits while the process is currently in syslog(), holding
the sl lock, then calling syslog again will deadlock:

/proc/1729193/text:386 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/386
acid: lstk()
sleep()+0x7 /sys/src/libc/9syscall/sleep.s:5
lock(lk=0x394d8)+0xb7 /sys/src/libc/port/lock.c:25
	i=0x3e8
syslog(logname=0x41c64,cons=0x0,fmt=0x41c6a)+0x2d /sys/src/libc/9sys/syslog.c:60
	err=0x79732f27
	d=0x0
	ctim=0x0
	buf=0x0
	p=0x0
	arg=0x0
	n=0x0
catchalarm(msg=0xdfffc854)+0x7a /sys/src/cmd/upas/smtp/smtpd.c:71
notifier+0x30 /sys/src/libc/port/atnotify.c:15
2017-10-23 06:08:18 +02:00
cinap_lenrek
e3d8fe9d4a libc: cleanup atexit and put exits() in its own compilation unit
this avoids having to pull in atexit() and its dependencies
(lock(), unlock()) into every program. (as exits() is called
by _main() from main9.s).
2017-10-20 20:58:38 +02:00
cinap_lenrek
67d9c6b2f9 vt: block when sending input to host (fixes truncated paste) 2017-10-20 20:31:30 +02:00
cinap_lenrek
29411f58cf libsec: make sectorNumber argument for aes_xts routines uvlong 2017-10-17 21:36:45 +02:00
cinap_lenrek
45b7d60bf3 libsec: add AES CFB and AES OFB stream ciphers 2017-10-17 21:34:01 +02:00
cinap_lenrek
0db4f40629 aux/wpa: prevent PTK re-installation attack by replaying AP retransmits
this implements the mitigation suggested in section "6.5 Countermeasures" of
"Key Reinstallation Attacks: Forcing Nonce Resuse in WPA2" [1].

[1] https://papers.mathyvanhoef.com/ccs2017.pdf
2017-10-17 20:15:48 +02:00
cinap_lenrek
1d34a855fe ape/libsec: fix the build, bring ape libsec.h in sync with plan9 version 2017-10-16 04:06:17 +02:00
cinap_lenrek
8fdf22d5fb ssh: remove extern declarations for pkcs1padbuf() and asn1encodedigest() (now in libsec.h) 2017-10-06 21:00:08 +02:00
cinap_lenrek
0a3695ba84 rsa: add auth/rsa2asn1, check write error in auth/rsa2x509 and auth/rsa2pub, document in rsa(8) 2017-10-06 20:55:57 +02:00
cinap_lenrek
8a67560183 libsec: export asn1encodedigest(), asn1encodeRSApub(), asn1toRSApub(), pkcs1padbuf() and pkcs1unpadbuf() 2017-10-06 20:52:18 +02:00
cinap_lenrek
5f42da1535 libsec: allow \r\n terminated lines in decodePEM() 2017-10-05 20:33:46 +02:00
cinap_lenrek
d5576d8473 hgwebfs: simplify retry loop construction 2017-10-04 05:06:54 +02:00
cinap_lenrek
b12763136e ndb/cs: icmp only supports version 4 addresses, icmpv6 only version 6 addresses 2017-10-04 05:04:33 +02:00
cinap_lenrek
c11a3bb3b1 libauthsrv: preserve readcons() error message from read() error 2017-10-04 05:01:54 +02:00
cinap_lenrek
19b026bdbb hg: disable tag caching, allows accessing hg repo from dump 2017-10-04 03:59:17 +02:00
cinap_lenrek
a9b4126468 9boot: limit read size to 4K for efi simple file system protocol
copying files from the uefi shell works, reading plan9.ini works,
loading the kernel by calling Read to read in the DATA section of
the kernel *FAILS*. my guess is that uefi filesystem driver or
nvme driver tries to allocate a temporary buffer and hasnt got
the space. limiting the read size fixes it.
2017-09-29 21:19:12 +02:00
cinap_lenrek
87274893d8 pc64: add ether82598 driver to configuration 2017-09-27 14:13:58 +02:00
cinap_lenrek
d9b37eff37 ether82598: support for T540-T1, use physical addresses for isaconf port
reading mac doesnt work yet, requires ea= option in isaconf.
2017-09-27 14:13:18 +02:00
cinap_lenrek
797952d065 sdnvme: identify namespace list fails on intel ssd, just assume nsid=[1] 2017-09-27 14:02:13 +02:00
cinap_lenrek
330e7ef39b kernel: don't tokenize inplace in isaconfig() to make /dev/reboot work 2017-09-27 13:59:55 +02:00
cinap_lenrek
dad00a77da kernel: get rid of 36 bit Paerange mask in mtrr (supporting machines with more than 64GB of memory) 2017-09-27 13:58:00 +02:00
cinap_lenrek
b8d4c6ff17 upas/fs: fix putcache(), sub-part messages should never go into the lru
we accidentally added non-top messages (attatchments) to the lru,
resulting in attachments to be freed. this is wrong.
2017-09-23 17:33:05 +02:00
cinap_lenrek
546046b46b xhci: do bounds checking in capability walking, check if controller vanished on init (thunderbolt unplug) 2017-09-22 12:55:26 +02:00
cinap_lenrek
7722220ff5 sshfs: use mtime for qid.vers, fix wstat without name change, fix wstat memory leak 2017-09-22 11:48:41 +02:00
cinap_lenrek
e09c2b721b upas/fs: replace fixed cache table with lru linked list
the cachetab just keeps track of recent messages that have not
been called cachefree() on. under some conditions, the fixed
table could overflow (all messages having refs > 0). with a
linked list, overflow becomes non fatal and the algorithm is
simpler to implement.
2017-09-13 23:24:10 +02:00
cinap_lenrek
1c8b5de992 winwatch: show windows with empty labels (thanks jpm) 2017-09-11 19:17:12 +02:00
cinap_lenrek
be7f3fb5e4 rename pcf kernel to pc, remove pcf, pccpuf, pccpu64 kernels, update documentation
there isnt much of a point in keep maintaining separate
kernel configurations for terminal and cpu kernels as
the role can be switched with service=cpu boot parameter.

to make stuff cosistent, we will just have one "pc" kernel
and one "pc64" kernel configuration now.
2017-09-10 22:35:23 +02:00
BurnZeZ
9af1153451 audiohda: add pci id for nvidia GM204 2017-09-10 02:27:31 +00:00
BurnZeZ
1ab2fed7a4 audiohda: add pci id for Intel 9 Series 2017-09-10 02:21:31 +00:00
cinap_lenrek
b9b4797d56 vmx(3): document changes to devvmx interface 2017-09-10 03:12:00 +02:00
cinap_lenrek
e6e745e776 audiohda: add pci id for ICH10 (thanks echoline) 2017-09-10 01:37:30 +02:00
aiju
bd4513fe87 devvmx: call vmxshutdown from reboot() function manually 2017-09-02 10:43:37 +00:00
cinap_lenrek
6ed716eab6 sshfs: fork ssh in its own namespace so it wont keep the mountpoint open 2017-08-29 21:22:31 +02:00
cinap_lenrek
3e3d8880d1 sshfs: start sendproc and recvproc in the sane notegroup as the fs process so theadexitsall() works on sshfs: ending. 2017-08-29 19:49:38 +02:00
cinap_lenrek
e44bf536af ether82563: make the ethernet of thinkpad p50 work (thanks sam-d) 2017-08-29 19:38:29 +02:00
cinap_lenrek
b41bd1b007 audiohda: Intel Sunrise Point-H support (thanks sam-d) 2017-08-29 19:37:26 +02:00
cinap_lenrek
30ea7ad58a sdnvme: pass 0 instead of 0xffffffff as NSID for identify controller and create completion/submission queue commands (thanks Ori_B)
Samsung SSD 960 EVO fails with invalid namespace error otherwise...
2017-08-29 09:52:53 +02:00
cinap_lenrek
c4e51c5678 devdup: remove useless OCEXEC check, handled by namec() 2017-08-28 19:45:49 +02:00
cinap_lenrek
6fa983a5b9 merge 2017-08-28 19:42:19 +02:00
cinap_lenrek
c492a8009a devsegment: handle ORCLOSE on segment directory correctly, fix wrong qid, missing COPEN flag for segmentcreate() 2017-08-28 19:40:53 +02:00
aiju
e5d3aaf1aa devvmx, vmx: lilu dallas multivm 2017-08-28 17:27:41 +00:00
aiju
853049c3b9 vmx(1): don't realloc virtio queues -- breaks pointers 2017-08-28 17:19:13 +00:00
cinap_lenrek
543ccb37f4 sdiahci: Intel 200 Series Chipset Family PCH support (thanks aiju)
we used to tweak arround in the ICH registers for all intel controllers,
which is wrong, as the 200 series has different magic registes. see
the datasheet:

https://www.intel.com/content/www/us/en/chipsets/200-series-chipset-pch-datasheet-vol-2.html

this caused the clocks to be disabled for the 6th port causing a full
machine lockup touching the 6th port registers.

the next problem was that aiju's bios disabled the unused ports somehow
but didnt clear ther PI bits, so that they would stay in Sbist status even
after a port reset. so the port would get stuck in the Dportreset state
forever. the fix for this was to use a one second timeout for the
port reset procedure.
2017-08-27 21:20:20 +02:00
aiju
6104ebc9b6 libmach: support disassembling from memory 2017-08-24 13:02:27 +00:00
aiju
721160290f vmx(1): VGA framebuffer should be normal memory 2017-08-24 09:25:23 +00:00
aiju
b0997d16c6 vmx(1): fixed code that assumed uintptr==uvlong 2017-08-24 09:01:30 +00:00
aiju
8968426327 vmx(1): memory map improvements, x86 simulator for MMIO 2017-08-24 08:06:41 +00:00
aiju
9616f61872 devvmx: more efficient data structure for memory map; simplified (more reliable) step function 2017-08-24 07:53:10 +00:00
qwx
174d7e52a3 igfx: fix cdclk and dpll settings for dual channel lvds on sandybridge 2017-08-23 00:25:39 +03:00