Kamil Rytarowski | 26 Sep 01:46 2015

New DTrace code - build issues

Thank you Christos for your work on DTrace!

I'm having problems building it, the log is attached to the mail.

From what I saw, there is a type mismatch:

typedef struct {
        uint8_t data[PTRACE_BREAKPOINT_SIZE];
} proc_breakpoint_t;


ulong_t dbp_instr;              /* saved instruction from breakpoint */

At the moment I'm unsure about the correct translation between these
install ===> lib/../external/bsd/libevent/lib/libevent_openssl
install ===> lib/../external/bsd/libevent/lib/libevent_pthreads
install ===> lib/../external/bsd/libproc/lib
install ===> lib/../external/bsd/fetch/lib
install ===> lib/../external/gpl3/gcc.old/lib/libasan
dependall-../external/bsd/bind/lib ===> lib     (with:
dependall-../external/cddl/osnet/lib/libdtrace dependall-librumpdev dependall-librumpnet
dependall-librumpvfs dependall-../crypto/external/bsd/libsaslc dependall-../external/bsd/mdocml/lib)
dependall ===> lib/../external/cddl/osnet/lib/libdtrace
/usr/src/external/cddl/osnet/lib/libdtrace/../../dist/lib/libdtrace/common/dt_proc.c: In
(Continue reading)

Kamil Rytarowski | 20 Sep 13:12 2015

rpcgen(1), issues with System XVI

I was playing with System XVI [1] and I have found two bugs in rpcgen(1)
NULL pointer dereference in rpc_hout.c:pargdef(),
generating invalid symbol names for header guards.

The patches are attached to this mail.

OK to commit?

[1] https://github.com/ServiceManager/ServiceManager
Index: rpc_hout.c
RCS file: /cvsroot/src/usr.bin/rpcgen/rpc_hout.c,v
retrieving revision 1.23
diff -u -r1.23 rpc_hout.c
--- rpc_hout.c	9 May 2015 23:12:57 -0000	1.23
+++ rpc_hout.c	20 Sep 2015 11:12:46 -0000
 <at>  <at>  -193,10 +193,11  <at>  <at> 
 	did = 0;
 	for (vers = def->def.pr.versions; vers != NULL; vers = vers->next) {
-		if (!newstyle || plist->arg_num < 2) {
-			continue;	/* old style or single args */
-		}
 		for (plist = vers->procs; plist != NULL; plist = plist->next) {
+			if (!newstyle || plist->arg_num < 2) {
+				continue;	/* old style or single args */
(Continue reading)

enh | 12 Sep 19:01 2015

Re: fuzzing found regcomp bug

this doesn't seem to have made it to the list?

On Fri, Sep 4, 2015 at 10:47 AM, enh <enh <at> google.com> wrote:
> ==14961==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x61400000fdee at pc 0x0000004f9cba bp 0x7ffefa993d70 sp
> 0x7ffefa993d68
> READ of size 1 at 0x61400000fdee thread T0
>     #0 0x4f9cb9 in ordinary
> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:1087:7
>     #1 0x4e47dc in p_simp_re
> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:696:3
>     #2 0x4e47dc in p_bre
> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:596
>     #3 0x4d2d9c in my_regcomp
> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:311:3
>     #4 0x4d230d in LLVMFuzzerTestOneInput (a.out+0x4d230d)
> 0x61400000fdee is located 42 bytes to the right of 388-byte region
> [0x61400000fc40,0x61400000fdc4)
> allocated by thread T0 here:
>     #0 0x4a873b in malloc
> /usr/local/google/home/kcc/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:40:3
>     #1 0x4d27d5 in my_regcomp
> bionic/libc/upstream-netbsd/lib/libc/regex/regcomp.c:270:13
>     #2 0x4d230d in LLVMFuzzerTestOneInput (a.out+0x4d230d)
> It happens if you build bionic with AddressSanitizer and then pass
> more or less any non-ascii byte to
> regcomp:
(Continue reading)

Iain Hibbert | 3 Sep 23:01 2015



while I was looking at the ssp/fortification code, I noticed something..
the following code example

#include <string.h>

int a, b;

void foo(void)
	memcpy(&a, &b, sizeof(a));

when preprocessed with fortification enabled

% gcc -fstack-protector -O2 -D_FORTIFY_SOURCE=2 -E -o test.i test.c

outputs basically the following code (I've added spaces and cut out the 
unrelated parts)

static __inline void * __memcpy_ichk(void * __restrict__, const void * __restrict__, size_t);

static __inline __attribute__((__always_inline__)) void * __memcpy_ichk(void * __restrict__ dst,
const void * __restrict__ src, size_t len)
	return __builtin___memcpy_chk(dst, src, len, __builtin_object_size(dst, 0));

int a, b;
(Continue reading)

Edgar Fuß | 3 Sep 12:15 2015

(b)make: selecting every other element from a list

Is there a sane way of, in a Makefile, selecting every other (i.e. either 
even or odd, I don't care) member from a list?
I'm aware of bmake's nice feature of iterating on tuples, but I need to 
select a unique subset of those list members. I.e., given
	l= foo 1 bar 2 foo 3
	l= 1 foo 2 bar 3 foo
if that's more convenient, I want foo bar (or bar foo), so I'd need 
something like ${l:[!odd!]:O:u}

Iain Hibbert | 2 Sep 22:31 2015

__ssp_overlap() bug?


I think the recently added __ssp_overlap() macro is incorrect, as adjacent 
areas will trigger it. example test code below shows the problem..

#include <ssp/ssp.h>
#include <stdio.h>

int a, b;

main(int argc, char *argv[])

	printf("a %p, b %p, l %zu\n", &a, &b, sizeof(a));

	if (__ssp_overlap((char *)&a, (char *)&b, sizeof(a)))
		printf("a and b overlap\n");
		printf("no overlap\n");

	return 0;

and patch to fix.. is this ok to commit?


Index: ssp.h
(Continue reading)

Tilman Kranz | 29 Aug 09:23 2015

Determining if a system is in shutdown


for a patch for "nodm" (a lightweight X session manager), I try
to find out how to determine if a system is currently in shutdown.

The intention is to prevent "nodm" from restarting an X session
that caught a SIGTERM while the system is in shutdown.

I found this to work on GNU using SVr4 "utmp.h":


  int in_shutdown(void) {
      struct utmp * ut;


      while ((ut = getutent()) != NULL)
          if (ut->ut_type == RUN_LVL)
            /* Current runlevel is pid_t modulo 256.
               Runlevel 0 means system is in shutdown. */
            return ut->ut_pid % 256 == 0;

      return -1;

(This does not work with POSIX "utmpx.h", because there is
no RUN_LVL there, for obvious reasons).

(Continue reading)

Masao Uebayashi | 25 Aug 06:00 2015

Modular postinstall(8)


The monolithic postinstall(8) is horribly painful to maintain.  It can
be a little better by splitting the single script into per-module
(a.k.a. syspkg).  This hopefully encourages subsystem maintainers to
update their own postinstall script fragment without touching a
global, poorly maintained script.  This is much closer to how pkgsrc's
install scripts work.

Ideally these ``update'' scripts are called not only post-install but
also pre-install, pre-reboot, post-reboot, etc.  For example, if one
pre-install script detects something seriously inconsistent, it warns
administrator and cancels the update.

Well-maintained update scripts could safely migrate users to better
configurations ("This sshd configuration is outdated and not
recommended any longer").

The above patch is outdated and should be updated but you can see the
idea.  You can split files one-by-one.

I don't have time to discuss/work on this right now.

Idea basically ack'ed by lukem <at>  at EuroBSDCon 2014. :)

Christos Zoulas | 21 Aug 18:43 2015

printf and -m


gcc assumes that %m is a valid printf(3) format. In BSD %m is only valid
in syslog(3) like functions and means strerror(errno). GLIBC and MUSLC
implement %m also for printf(3).


This patch does the following:

- Introduces a format attribute called "syslog" that accepts %m.
- Makes the printf attribute not accept %m.

- Introduces a __sysloglike() macro that uses the new format attribute
  if available, and fails back to the standard printf attribute.
- Changes log-like functions to use the new attribute.

We should decide what we want to do:

- Make %m work in printf() like linux does.
- Apply the following patch to prevent programs use %m in printf formats,
  keep fixing 3rd party code, and maintain the custom format attribute to
  find new offenders. It is unlikely that the gnu folks will take a patch
  that makes %m warn for printf. We could coordinate with other BSD's to
  do the same. Note that this patch can break pkgsrc code...

What do you think?
(Continue reading)

Emmanuel Dreyfus | 13 Aug 12:01 2015

Cannot mmap character device


the mmap(2) page explicitely notes that we may map character devices.
Anyone can tell me why this fails?

# cat test.c                                                                 
#include <err.h>
#include <fcntl.h>
#include <sys/mman.h>

        int fd;
        void *map;

        if ((fd = open("/dev/rxbd1a", O_RDONLY, 0)) == -1)
                err(1, "open /dev/rxbd1a failed");

        map = mmap(NULL, 4096, PROT_READ, MAP_FILE, fd, 8192);
        if (map == MAP_FAILED)
                err(1, "mmap /dev/rxbd1a failed");

        return 0;
# cc -Wall -ansi -o test test.c
# ./test
test: mmap /dev/rxbd1a failed: Invalid argument
# ls -l /dev/*xbd1a 
crw-r-----  1 root  backups        142, 8 Nov 17  2006 /dev/rxbd1a
(Continue reading)

David Young | 11 Aug 22:54 2015

Introducing ARFE

A few years ago, while I was debugging and tuning up NetBSD networking
code, I was interested in the rate of change of many statistics (netstat
-s, ifconfig -va).  I was producing lots of "before and after" stats

	ifconfig -va > before ; sleep 10 ; ifconfig -va > after

and comparing or subtracting them in my head.  A strong urge to
automate the subtraction without writing a one-off script (or scripts)
led me to write a universal statistics subtractor.  In this way,
DT---(d)ifferentiate (t)ext---was born.

DT reads two inputs and finds a longest common subsequence (LCS) of the
inputs where numbers are "wild": one number, consisting of an optional
sign followed by one or more decimal digits, can match any other.  Then
DT emits the LCS, printing the difference of all of the numbers in the
common sequence.  I will give an example.  DT input 1:

	address: 00:0a:0b:cd:01:ef
	media: Ethernet autoselect (1000baseT full-duplex)
	status: active
	input: 9348780 packets, 2659054914 bytes, 2853146 multicasts
	output: 5844547 packets, 1166873148 bytes, 2667 multicasts
	inet netmask 0xffffff00 broadcast
	inet6 fe80::20a:bff:fecd:1ef%wm0 prefixlen 64 scopeid 0x1

Input 2:

(Continue reading)