From owner-freebsd-audit@FreeBSD.ORG Mon Oct 6 03:02:18 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F08E16A4C0 for ; Mon, 6 Oct 2003 03:02:18 -0700 (PDT) Received: from mailout11.sul.t-online.com (mailout11.sul.t-online.com [194.25.134.85]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8B0243FBD for ; Mon, 6 Oct 2003 03:02:10 -0700 (PDT) (envelope-from root@reifenberger.com) Received: from fwd11.aul.t-online.de by mailout11.sul.t-online.com with smtp id 1A6SBt-00044F-04; Mon, 06 Oct 2003 12:02:09 +0200 Received: from nihil.reifenberger.com (TWdkmeZdQe6+BGmW8WC+s+qoAXhpt6ElPIznVwTVOo4GXRRztZTMEA@[217.232.220.210]) by fmrl11.sul.t-online.com with esmtp id 1A6SBV-1khGca0; Mon, 6 Oct 2003 12:01:45 +0200 Received: from nihil.reifenberger.com (localhost.reifenberger.com [127.0.0.1]) h96A1jkU024892 for ; Mon, 6 Oct 2003 12:01:45 +0200 (CEST) (envelope-from root@reifenberger.com) Received: from localhost (root@localhost)h96A1jvg024889 for ; Mon, 6 Oct 2003 12:01:45 +0200 (CEST) Date: Mon, 6 Oct 2003 12:01:45 +0200 (CEST) From: Michael Reifenberger To: freebsd-audit@freebsd.org Message-ID: <20031006120056.U22639@nihil.reifenberger.com> MIME-Version: 1.0 Content-Type: MULTIPART/Mixed; BOUNDARY="0-1004958317-1065431712=:22639" Content-ID: <20031006120056.A22639@nihil.reifenberger.com> X-Seen: false X-ID: TWdkmeZdQe6+BGmW8WC+s+qoAXhpt6ElPIznVwTVOo4GXRRztZTMEA@t-dialin.net X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: adding a disk stop daemon to -current (fwd) X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 10:02:18 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1004958317-1065431712=:22639 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <20031006120056.T22639@nihil.reifenberger.com> Hi, I would like to add the attached daemon gstatd to current to implement the stopping of disks (currently implemented for CAM devices) after an amount of inactivity. The inactivity is determined via GEOM statistics (obtained from gstat(8)). I've been in contact with warner about an more generic way of stopping devices but there's currently nothing available. Since it's my first daemon I would like to get some feedback about it first. Bye! ---- Michael Reifenberger ^.*Plaut.*$, IT, R/3 Basis, GPS FreeBSD is BSD, UNIX(tm) is a BSD-like OS --0-1004958317-1065431712=:22639-- From owner-freebsd-audit@FreeBSD.ORG Mon Oct 6 03:33:05 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66C2716A4B3 for ; Mon, 6 Oct 2003 03:33:05 -0700 (PDT) Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 443CA43FE3 for ; Mon, 6 Oct 2003 03:33:04 -0700 (PDT) (envelope-from root@reifenberger.com) Received: from fwd06.aul.t-online.de by mailout10.sul.t-online.com with smtp id 1A6Sfn-0006nF-01; Mon, 06 Oct 2003 12:33:03 +0200 Received: from nihil.reifenberger.com (E4oDMUZVgeuE0Sf2FJS2E3XG8DFkvuK5eKwN6cQe-AHi9jM--bITg2@[217.232.220.210]) by fmrl06.sul.t-online.com with esmtp id 1A6SfZ-1t3KlM0; Mon, 6 Oct 2003 12:32:49 +0200 Received: from nihil.reifenberger.com (localhost.reifenberger.com [127.0.0.1]) h96AWnkU025713 for ; Mon, 6 Oct 2003 12:32:49 +0200 (CEST) (envelope-from root@reifenberger.com) Received: from localhost (root@localhost)h96AWmEU025710 for ; Mon, 6 Oct 2003 12:32:49 +0200 (CEST) Date: Mon, 6 Oct 2003 12:32:48 +0200 (CEST) From: Michael Reifenberger To: freebsd-audit@freebsd.org In-Reply-To: <20031006120056.U22639@nihil.reifenberger.com> Message-ID: <20031006123135.J22639@nihil.reifenberger.com> References: <20031006120056.U22639@nihil.reifenberger.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Seen: false X-ID: E4oDMUZVgeuE0Sf2FJS2E3XG8DFkvuK5eKwN6cQe-AHi9jM--bITg2@t-dialin.net Subject: Re: adding a disk stop daemon to -current (fwd) X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Oct 2003 10:33:05 -0000 On Mon, 6 Oct 2003, Michael Reifenberger wrote: > Date: Mon, 6 Oct 2003 12:01:45 +0200 (CEST) > From: Michael Reifenberger > To: freebsd-audit@freebsd.org > Subject: adding a disk stop daemon to -current (fwd) > > Hi, > I would like to add the attached daemon gstatd to current to implement the > stopping of disks (currently implemented for CAM devices) after an amount of > inactivity. The inactivity is determined via GEOM statistics (obtained from > gstat(8)). > > I've been in contact with warner about an more generic way of stopping devices > but there's currently nothing available. > > Since it's my first daemon I would like to get some feedback about it first. > OK. The Attachment didn't make it through the list so you could find it under: http://people.freebsd.org/~mr/gstopd.tgz Bye! ---- Michael Reifenberger ^.*Plaut.*$, IT, R/3 Basis, GPS FreeBSD is BSD, UNIX(tm) is a BSD-like OS From owner-freebsd-audit@FreeBSD.ORG Mon Oct 6 17:24:35 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from green.bikeshed.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 1B0B716A4B3; Mon, 6 Oct 2003 17:24:35 -0700 (PDT) Received: from green.bikeshed.org (localhost [127.0.0.1]) by green.bikeshed.org (8.12.10/8.12.9) with ESMTP id h970OYcR011888; Mon, 6 Oct 2003 20:24:34 -0400 (EDT) (envelope-from green@green.bikeshed.org) Received: from localhost (green@localhost)h970OWPI011885; Mon, 6 Oct 2003 20:24:33 -0400 (EDT) Message-Id: <200310070024.h970OWPI011885@green.bikeshed.org> X-Mailer: exmh version 2.6.3 04/04/2003 with nmh-1.0.4 To: Hiroki Sato In-Reply-To: Message from Hiroki Sato <20030920.115238.96090140.hrs@eos.ocn.ne.jp> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 06 Oct 2003 20:24:32 -0400 Sender: green@green.bikeshed.org cc: audit@freebsd.org Subject: Re: bin/56502 X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Oct 2003 00:24:35 -0000 I don't see any errors; there is a part that seems unnecessary, and a couple places that have/don't have spaces where they would be preferred (so these are just style issues anyway, not very important): - state[-1] = MAX_TYPES * (rptr - state) + rand_type; + state[-1] = MAX_TYPES * (uint32_t)(rptr - state) + rand_type; I believe that you don't need to cast in that situation, that you will get a compatible size_t or something close to that. -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\ From owner-freebsd-audit@FreeBSD.ORG Thu Oct 9 00:51:07 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1FF816A4B3 for ; Thu, 9 Oct 2003 00:51:07 -0700 (PDT) Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.157.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8DCE443FE9 for ; Thu, 9 Oct 2003 00:51:06 -0700 (PDT) (envelope-from mark@grondar.org) Received: from storm.FreeBSD.org.uk (Ugrondar@localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.12.9/8.12.9) with ESMTP id h997p0B6025568; Thu, 9 Oct 2003 08:51:00 +0100 (BST) (envelope-from mark@grondar.org) Received: (from Ugrondar@localhost)h997p01n025567; Thu, 9 Oct 2003 08:51:00 +0100 (BST) (envelope-from mark@grondar.org) X-Authentication-Warning: storm.FreeBSD.org.uk: Ugrondar set sender to mark@grondar.org using -f Received: from grondar.org (localhost [127.0.0.1])h997m4YJ018758; Thu, 9 Oct 2003 08:48:04 +0100 (BST) (envelope-from mark@grondar.org) From: Mark Murray Message-Id: <200310090748.h997m4YJ018758@grimreaper.grondar.org> To: Hiroki Sato In-Reply-To: Your message of "Sat, 20 Sep 2003 11:52:38 +0900." <20030920.115238.96090140.hrs@eos.ocn.ne.jp> Date: Thu, 09 Oct 2003 08:48:04 +0100 Sender: mark@grondar.org X-Spam-Status: No, hits=0.2 required=5.0 tests=EMAIL_ATTRIBUTION,FROM_NO_LOWER,IN_REP_TO, QUOTED_EMAIL_TEXT,REPLY_WITH_QUOTES version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: audit@freebsd.org Subject: Re: bin/56502 X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 07:51:07 -0000 Hiroki Sato writes: > Could anyone please review a patch in bin/56502? That fixes a bug > in random.c that causes memory corruption. It looks fine to me. Has it been tested on all platforms? M -- Mark Murray iumop ap!sdn w,I idlaH From owner-freebsd-audit@FreeBSD.ORG Thu Oct 9 04:09:52 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 58F0416A4B3 for ; Thu, 9 Oct 2003 04:09:52 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72BCA43FBF for ; Thu, 9 Oct 2003 04:09:49 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246]) by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id VAA25190; Thu, 9 Oct 2003 21:09:30 +1000 Date: Thu, 9 Oct 2003 21:08:30 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Mark Murray In-Reply-To: <200310090748.h997m4YJ018758@grimreaper.grondar.org> Message-ID: <20031009200740.R9199@gamplex.bde.org> References: <200310090748.h997m4YJ018758@grimreaper.grondar.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: audit@freebsd.org cc: Hiroki Sato Subject: Re: bin/56502 X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 11:09:52 -0000 On Thu, 9 Oct 2003, Mark Murray wrote: > Hiroki Sato writes: > > Could anyone please review a patch in bin/56502? That fixes a bug > > in random.c that causes memory corruption. > > It looks fine to me. Has it been tested on all platforms? It changes far too much and increases type mismatch problems. The test program gives undefined behaviour. From random.c: %%% * Modified 28 December 1994 by Jacob S. Rosenberg. * The following changes have been made: * All references to the type u_int have been changed to unsigned long. * All references to type int have been changed to type long. Other [The proposed fix sort of reverts this, except it mostly uses uint32_t, which may be better but may cause sign extension problems. Places that use plain int are broken on machines where sizeof(int) < sizeof(int32_t).] * cleanups have been made as well. A warning for both initstate and * setstate has been inserted to the effect that on Sparc platforms * the 'arg_state' variable must be forced to begin on word boundaries. [I can't see the warning, except in this comment.] * This can be easily done by casting a long integer array to char *. [This is an (undocumented except here :-() requirement on the caller of initstate().] ... /* * initstate: ... * Note: The Sparc platform requires that arg_state begin on a long * word boundary; otherwise a bus error will occur. Even so, lint will * complain about mis-alignment, but you should disregard these messages. */ [The test program doesn't do this. It has 'static char b[256]' followed by 'static int *c' and passes &b[0]. Alignment of the pointer apparently increases it, so using all of the 256 bytes following the aligned pointer overruns `b'. The increase is apparently enough for the overrun to reach 'c'.] char * initstate(seed, arg_state, n) unsigned long seed; /* seed for R.N.G. */ char *arg_state; /* pointer to state array */ long n; /* # bytes of state info */ { char *ostate = (char *)(&state[-1]); long *long_arg_state = (long *) arg_state; [This bogus casts hides the bug.] if (rand_type == TYPE_0) state[-1] = rand_type; else state[-1] = MAX_TYPES * (rptr - state) + rand_type; if (n < BREAK_0) { (void)fprintf(stderr, "random: not enough state (%ld bytes); ignored.\n", n); return(0); } ... [Similarly for setstate().] %%% The "28 December 1994" changes were made in rev.1.5 (Lite2 merge). The patch in the PR uses a different bogus cast: uint32_t *int_arg_state = (uint32_t *)(void *)arg_state; This apparently works by reducing the alignment requirements a little. Howver, I'm surprised that aligning `b' actually clobbers `c' in the test program: static int *a; static char b[256]; static int *c; I would have thought that this gave 'a', b and c following each other in memory, with all of them very aligned because things are naturally aligned following 'a' and 256 is a large enough power of 2. The following would force misalignement on most machines: struct { long align; char misalign[sizeof(long) - 1]; char misaligned_state[256]; char always_clobbered; }; For a quick fix, I would print a message and return 0 if (void *)long_arg_state != (void *)arg_state. Bruce From owner-freebsd-audit@FreeBSD.ORG Thu Oct 9 05:14:06 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0793916A4BF for ; Thu, 9 Oct 2003 05:14:06 -0700 (PDT) Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C9A743FCB for ; Thu, 9 Oct 2003 05:14:04 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from gamplex.bde.org (katana.zip.com.au [61.8.7.246]) by mailman.zeta.org.au (8.9.3p2/8.8.7) with ESMTP id WAA32389; Thu, 9 Oct 2003 22:13:54 +1000 Date: Thu, 9 Oct 2003 22:12:30 +1000 (EST) From: Bruce Evans X-X-Sender: bde@gamplex.bde.org To: Mark Murray In-Reply-To: <20031009200740.R9199@gamplex.bde.org> Message-ID: <20031009213822.L9492@gamplex.bde.org> References: <200310090748.h997m4YJ018758@grimreaper.grondar.org> <20031009200740.R9199@gamplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: audit@freebsd.org cc: Hiroki Sato Subject: Re: bin/56502 X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Oct 2003 12:14:06 -0000 On Thu, 9 Oct 2003, Bruce Evans wrote: > > Hiroki Sato writes: > > > Could anyone please review a patch in bin/56502? That fixes a bug > > > in random.c that causes memory corruption. > The test program gives undefined behaviour. From random.c: > > %%% > * Modified 28 December 1994 by Jacob S. Rosenberg. > * The following changes have been made: > * All references to the type u_int have been changed to unsigned long. > * All references to type int have been changed to type long. Other > > [The proposed fix sort of reverts this, except it mostly uses uint32_t, > which may be better but may cause sign extension problems. Places that > use plain int are broken on machines where sizeof(int) < sizeof(int32_t).] > ... > /* > * initstate: > ... > * Note: The Sparc platform requires that arg_state begin on a long > * word boundary; otherwise a bus error will occur. Even so, lint will > * complain about mis-alignment, but you should disregard these messages. > */ > > [The test program doesn't do this. It has 'static char b[256]' followed > by 'static int *c' and passes &b[0]. Alignment of the pointer apparently > increases it, so using all of the 256 bytes following the aligned pointer > overruns `b'. The increase is apparently enough for the overrun to reach > 'c'.] > %%% > > The "28 December 1994" changes were made in rev.1.5 (Lite2 merge). Bah, the alignment problem is secondary. I naively assumed that the bug wasn't related to longs being larger than ints since it hasn't been reported for other machines, but in fact it causes buffer overrun by a factor of sizeof(long)/4 on all machines where this factor is > 1 (I tested on alphas). This is fixed in NetBSD. Our rev.1.5 is mostly wrong. NetBSD obtained the same bug by importing Lite2 in their rev.1.7, but fixed it in their rev.1.20. Some diffs between NetBSD 1.7 and 1.22: 112a119,123 > * > * Modified 07 January 2002 by Jason R. Thorpe. > * The following changes have been made: > * All the references to "long" have been changed back to "int". This > * fixes memory corruption problems on LP64 platforms. This basically moves the bug from the large set of machines where sizeof(long) != 4 to the small set of machines where sizeof(int) != 4. s/int/int32_t/ not quite as in the PR would be a more complete fix for the main problem, but I don't like it since it puts magic 32's all over the code. The bug is caused by magic 4's not even literally present: % if (n < BREAK_1) { % rand_type = TYPE_0; % rand_deg = DEG_0; % rand_sep = SEP_0; % } else if (n < BREAK_2) { % rand_type = TYPE_1; % rand_deg = DEG_1; % rand_sep = SEP_1; % } else if (n < BREAK_3) { % rand_type = TYPE_2; % rand_deg = DEG_2; % rand_sep = SEP_2; % } else if (n < BREAK_4) { % rand_type = TYPE_3; % rand_deg = DEG_3; % rand_sep = SEP_3; % } else { % rand_type = TYPE_4; % rand_deg = DEG_4; % rand_sep = SEP_4; % } % state = (long *) (long_arg_state + 1); /* first location */ % end_ptr = &state[rand_deg]; /* must set end_ptr before srandom */ Here BREAK_N are literal constsants, but they should be related to sizeof(state[0]). E.g., BREAK_4 is 256, which is enough for 64 32-bit longs, but it needs to be enough for 64 elements in the state array, so it isn't enough for 64-bit longs. Bruce