04:11:43 hi, I'm repeatedly having trouble compiling mysql80-server, it's getting stuck on storage/innobase/pars/pars0pars.cc for 3+ hours 04:52:09 here's the info I have so far - https://bsd.to/s8uE . it used to build on 13.0, unforunately I had an issue updating the ports tree for a long time, so there's a 2 year gap 04:52:11 Title: dpaste/s8uE (Plain Text) 05:38:01 ultramage: all the cool kids use mariadb now 05:38:49 are you saying you're trying to build a port that's two years old? 05:50:36 rtprio: no I mean my last successful build was 2 years ago, because after that I was stuck not being to update for a long time. And when I finally did, I found out that the thing wouldn't build 05:52:22 I was suggested to attach a sampling profiler to the stuck process to see what it's doing, but I don't know how (and not sure if buildworld saves debug symbols) 05:53:27 going to check if it really hangs 05:54:46 one thing I could try is building the older mysql to see if it might be related to a src change on their end. Another would be to install latest llvm from ports, since freebsd's is 2.5 years out of date. 05:55:20 I took the full commandline and tried building just that one file with -O0 into /tmp, but it got stuck the same way. 05:58:27 finally, this is a ~2010 intel atom cpu running a single-core process. It's been running for 4 hours now whereas all other files compile within 30 seconds. I could try letting it run for 24 hours to see if maybe it'll eventually grind through whatever loop it's stuck on. Although maybe it'll never finish 06:00:25 I just had a deja-vu moment. I know I investigated it 3 months ago when it first started happening. I believe I did thoroughly debug it with gdb and found that it's stuck in a register allocation loop, flipflopping between two states 07:09:25 ultramage: so far it is building fine for me but 07:10:23 yea I assume it's not a general issue, otehrwise a lot of people would complain 07:10:33 [ 62%] Building CXX object storage/innobase/CMakeFiles/innobase.dir/pars/pars0pars.cc.o / [ 62%] Building CXX object storage/innobase/CMakeFiles/innobase.dir/pars/pars0sym.cc.o was a long while ago 07:10:38 it is at 94% now 07:10:56 https://workshop.palace.tearmoon.com/data/13amd64-lincle-default/2023-02-25_08h52m36s/logs/mysql80-server-8.0.32.log build progress log 07:10:56 if it processed that file and produced its .o then it's fine 07:11:21 do note I have innobase linked statically 07:11:53 I have taken that stuck job's commandline, added -emit-llvm, and then tried a simple clang -c -O0 file.bc and it worked. However when I use -O1 it gets stuck. 07:12:40 maybe it is something about the instruction set 07:13:11 2 months ago when I first investigated with gdb, I found that it's looping in runOnMachineFunction -> allocatePhysRegs -> selectOrSplit -> selectOrSplitImpl -> tryLastChanceRecoloring -> ..., there is an enqueue() - dequeue() loop and in my case it's just repeating the same two steps 07:13:51 why do you use mysql by the way? proprietary software that demands mysql/percona specifically? 07:13:58 so the way their code is constructed there, there is an input on which this loop never terminates 07:15:15 it's just the only thing I'm familiar with, and this php thing is built with mysql in mind (it does use pdo, but idk how independent it is) 07:15:18 [01:22:34] [01] [01:10:36] Finished databases/mysql80-server | mysql80-server-8.0.32: Success 07:15:21 thx 07:15:36 this was a single threaded run inside Hyper-V on an AMD 3700X 07:15:41 do you happen to know how to force cc into targeting a specific architecture? 07:15:47 I would like to try a i386 build 07:16:09 cross-compiling ports is possible but I really suggest you do not use the ports tree itself for that 07:16:18 you are using ports, right? 07:16:25 not anything more complex 07:16:30 oh right the thing in base is only built for my arch 07:16:46 use poudriere 07:17:01 it might even be that it will build fine in poudriere for your arch 07:17:02 -march gives me a wide selection of 64bit cpus. I tried 'sapphirerapids' which is the latest intel cpu, but it got stuck there too 07:18:00 well freebsd 13.1's base llvm is 13.0, from 2021 ... it's 2 major versions behind. I imagine that if I installed devel/llvm latest then it would build. that's my next go-to 07:18:09 my alternative is to build the sql parser with -O0 lmao 07:18:18 poudriere uses base llvm 07:18:29 my build above is 13.1, with llvm 13 07:18:53 > if I installed devel/llvm latest 07:18:59 I do not think ports will use that 07:19:12 you would have to override 07:19:31 in any case, consider poudriere, it is extremely convenient and gives you a binary package repo 07:19:32 well yea 07:19:59 I build from source because I have stupid obsessive requirements, like minimizing dependencies 07:20:06 poudriere builds from source 07:20:26 ultramage: https://workshop.palace.tearmoon.com/build.html?mastername=13amd64-lincle-default&build=2023-02-25_08h52m36s 07:20:28 Title: Poudriere bulk results 07:20:42 hmhm but then what would be the point? you mean I should set up a standalone build server, and get packages from there? 07:20:57 you can set it up on the same system 07:21:05 it runs build jobs in clean jails 07:21:17 and you get .pkg files you can instantly upgrade to 07:21:43 I don't think there would be any benefit over just portmaster local src build 07:21:47 there is also synth as an alternative 07:22:05 it's not a build framework issue, it's an internal defect in llvm 07:22:18 that apparently only manifests on my potato atom router box 07:22:28 there is a huge benefit: the jails are *clean* images of a given FreeBSD version with no extra libs etc. 07:22:44 I'm pretty sure it has something to do with the architecture, since the problematic place is physical register allocation using a graph coloring heuristic 07:23:16 my router box is a Jaguar and I would never build ports there :D 07:23:30 which is why I have poudriere on my desktop PC building packages for the router and the server 07:23:39 ah yea but I don't want clean default freebsd-pkg builds. I flip all sorts of toggles in the ports tree 07:23:39 anyway 07:23:44 uhh 07:23:50 who prevents you from doing that? 07:24:01 isn't there `poudriere options`_ 07:24:03 ? 07:24:34 ah okay so I would customize the package repo to my needs. but then I ask again, what is the point, over just building them locally in / 07:24:36 I use poudriere precisely because it lets me build multiple package repos with different options etc. 07:24:53 the point is pkg upgrade is near instantaneous 07:25:29 the host still has to spend 8 hours building the packages, that's just an extra step. unless I set up a separate build host that is faster. 07:25:32 imagine running a portmaster-based upgrade for something that depends on mysql 07:25:42 that something might be a daemon 07:25:51 that forks at times, like php-fpm 07:26:22 during the local build you can happen upon long periods of missing libraries 07:26:44 it is why I switched to poudriere in 2009 07:27:03 it gets worse if the build fails 07:27:04 ah I see. well, in my case that's not a requirement, temporary malfunction is fine. That was a good example though. 07:27:20 plus you can build on a fast system? 07:27:45 in my case it's mt worker mode so nothing ever forks, and I just restart the whole thing after the build is done 07:27:59 my router is "CPU: AMD GX-412TC SOC (998.16-MHz K8-class CPU)" 07:28:07 with 4 GB RAM and a 32 GB mSATA SSD 07:28:18 can you imagine building llvm for postgres on that 07:28:31 or Rust, for py-cryptography 07:28:32 building on a separate host would be nice, but I don't have any, plus the extra complexity of a second freebsd instance would not be worth it for just one router box 07:29:00 i have a vm for that 07:29:04 ^ 07:29:16 my desktop PC is Windows and poudriere is a Hyper-V VM 07:29:34 this thing has 2 atom HT cores at 1.8ghz max I think, with 4 gb ram. it isn't that bad. buildworld takes around 16 hours I think. 07:29:40 it gets 8 virtual cores and 8-16 GB RAM on this 3700X 07:30:01 I buildworld for the router in the poudriere VM too haha 07:30:08 well, I no longer do 07:30:23 but back when I still did buildworld and not just buildkernel, it took like 30-40 minutes 07:30:38 a dedicated build system would defo make sense if you're dealing with more than 1 freebsd host 07:31:27 it makes sense when your router is slow or when your server is a production system where extra build load would affect users 07:32:01 if I tried building ports on this router I think I would be unable to use youtube 07:33:03 ah that is interesting. never ran into issues with this thing, even when all ht cores are busy building something, it still moves packets around just as fine 07:34:11 anyway, one of the biggest advantages of poudriere is that you build in a clean system without any noise 07:34:17 (kernel networking proably runs at a higher priority than userland processes) 07:34:25 which you cannot guarantee in your built-world case 07:35:36 I would be worried if the VM got the target architecture right. even in this OS the compiler sometimes has trouble deciding. So I leave it at 'native', and let it figure it out. 07:35:46 huh. 07:35:51 that is really weird 07:36:01 I never ever had problems like that 07:36:40 the only case where I had issues was when I was over-eager with port options and built something like ffmpeg? I think? with 'optimise for this platform' 07:36:57 and AMD Ryzen is very different from AMD Jaguar 07:37:37 if your Atom system is x86 rather than x86_64, you just make an x86 poudriere jail 09:58:04 hello guys, can I remove /usr/src ? I don't use ports, only packages and I need of space.. 09:59:08 Question. When a port's configure script seffaults and coredumps, it is logged into /var/log/messages, creating log noise. 09:59:10 mystic: yes, you can remove /usr/src and /usr/ports 09:59:23 otis: thanks :) 10:01:56 I have found libtool, gdb, screen and bind generating these events. I have debugged libtool's configure script, it happens when testing "checking whether a statically linked program can dlopen itself". It fails during puts() inside jemalloc's tsd.h tsd_state_get(), with "Address not mapped to object.". Is this an okay thing to be happening? If configure scripts are expected to coredump, shouldn't the 10:02:03 messages be silenced? 11:03:37 huh, bifrost27:/# dd if=img of=/dev/nvme0n1 conv=sync bs=1M 11:04:09 I just dd'd FreeBSD over an alpine / boot device and rebooted ... into alpine again? wtf 11:10:37 Easy questions first: 1- did you write to the right device/partition? 2- are you sure you're booting that same partition? 3- is that partition still recognized as bootable after you wrote into it? (Thinking of secure booting or similar, which may require you to jump through additional hoops.) 11:31:37 you did not specify count. iirc in the absence of count, count = 1 11:32:44 (I don't remember if it's possible to say 'until `if` is consumed') 11:34:21 actually I might be wrong, since dd manual says nothing about count. I might be mixing it up with some third party dd tool 11:55:04 debdrup, makes sense (newsyslog.conf(5)). For some reasons I was thinking that particular bit of info was stored elsewhere, given its very short retention. 11:57:52 In absense of a count, count should be all the counts. 11:59:27 dch, I've nto worked with nvme drives on FreeBSD. . . what's the n1 portion of the device name? 11:59:44 Also: file -s /dev/nvme0 11:59:52 And: file -s /dev/nvme0n1 11:59:59 fixed, I just need to dd *all* the drives, turns out they install a non-mirrored alpine to both drives 12:00:05 "a bigger hammer required" 12:00:18 Ball-peen? 12:01:20 nvme has namespaces, allowing subdivision of devices, so nvme0n1 is the first "namespace" and nvme0n1p1 a partition within that 12:01:39 o_O 12:02:36 Hi you all.. having some problem starting xorg. everything worked just fine before I replaced my motherboard and cpu... I guess the problem might be caused by the built-in graphics card some interfering with my nvidia card. 12:03:04 pciconf -lv 12:03:06 but dont know where to start on how to resolve this. 12:03:18 (pastebin it) 12:04:51 You're on the console? Not ssh'd into it? 12:04:55 hold on, need to ssh to my machine then 12:05:18 No - do this: 12:05:23 alias tb='ncat termbin.com 9999' 12:05:38 Then: pciconf -lv | tb 12:05:43 Then share the URL it prints. 12:06:33 neat trick 12:08:58 Also. . . ncat is in ports, so you may not have it, you can substitute nc from base. 12:09:27 termbin.com/dzorj 12:09:43 went with netcat, seemed to work 12:11:43 So you have onboard ATI. . . and your'e trying to use the nVidia 1080 card? 12:12:05 Using the binary blob driver? 12:13:14 yea, thats right 12:13:24 IT's loaded? 12:13:29 yupp 12:13:31 kldstat | tb 12:13:53 all I have done since it worked, is swapping out the motherboard and cpu 12:14:17 Well, those are not small things to change. 12:14:42 termbin.com/sq59v 12:15:28 And I assume you're looking at this console through a monitor connected to the nVidia? 12:15:39 ultramage: you cannot really silence a segfault message 12:15:47 CrtxReavr: yea.. Almost got a disaster on my hands.... computer didnt boot, and I started making things worse and worse last night. 12:16:06 involving thermal paste and bent pins on the motherboard socket 12:16:17 CrtxReavr: you assume correctly 12:17:22 also not remembering in what order my zfs-pool was connect is clearly a thing as well =D 12:22:43 brb 12:24:47 startx 2>&1 | tb 12:30:16 Remilia: I'm just wondering why messy configure-releated noise is showing up in the main log like that 12:31:01 is there a guideline that configure scripts must not segfault / use some sort of trap to silence them? 12:33:39 I build everything from source and this is the first time I saw stuff like that (that is a lie, logs say that it first appeared in my libtool-2.4.6_1 build on 2021-02-27) 12:34:23 how can i specify primary device in xorg? 12:38:05 aaah, =) now it works. 12:39:23 CrtxReavr: thank you for the help 12:42:35 ultramage: no, there are no such guidelines and you cannot 'silence' kernel messages arbitrarily 12:43:03 segfaults during configure stage are normal and expected 12:51:06 Remilia: I know, it's just that nobody except libtool is having them. so either they were smart enough not to do that, or port maintainers patched around them, or there's a way to write those test cases in a silent way 12:51:52 on windows I can install an exception handler that just returns, and all segfaults will go off the record 12:52:16 ... setjmp is the equivalent, iirc? 12:53:47 'nobody' is quite a strong statement 12:54:10 a segmentation fault is not an exception 12:55:02 anyways, libtool is testing if it can compile a -static -fPIC shared library as an executable, and then dlopen() on itself. it fails, but on top of that, puts() causes segfault, either due to the process information block getting destabilized, or because the so executable was never ready to invoke libc anyway 12:55:51 I can say that I get numerous segfaults in /var/log/messages when I build packages in poudriere 12:56:08 it never really bothered me because it is expecteds 12:56:11 -s 12:56:32 oh. in my case, it's just libtool, gdb (probs uses libtool), screen (same?) and bind (same?) 12:56:33 you could patch the kernel to not emit that message? 12:56:42 locally 12:56:47 since you are building world anyway 12:57:05 no that was just portmaster updating some ports 12:58:07 I dunno how to explain that what you see in the logs/console is the standard kernel message emitted when a process is killed 12:58:28 Feb 21 15:06:16 poudriere kernel: pid 25379 (conftest), jid 137, uid 0: exited on signal 11 (core dumped) 12:58:47 I know, I'm just saying that nutty test cases during compilation of userland software should shut up about these 12:59:00 userland software is not kernel 12:59:11 it cannot block kernel messages 12:59:42 you may want to switch to Windows Server 13:00:05 I mean, should not be causing those. If apache and php and sshd other good stuff were casually producing 10 of these during build, then I guess I would consider it a common thing 13:00:58 the fact that nobody but libtool produces untrapped segfaults during every build is really suspicious, and makes me assume that that is not the norm, or, is even actively discouraged 13:01:03 you are probably the only person bothered by segfaults in dmesg so I doubt this will be 'solved' 13:02:18 I'm not a port dev, but my observation from the current state is that having your test case segfault (instead of failing to compile, or returning a negative test result) is an anomaly 13:02:21 2022-03-21_10h18m50s/logs/libmemcached-1.0.18_7.log:checking whether the compiler supports GCC C++ ABI name demangling... Segmentation fault (core dumped) 13:02:35 =D 13:02:41 I guess this is libtool? 13:03:20 we are talking about software written in C 13:03:24 and autoconf 13:03:33 that seems like their own configure script log message. was that segfault also logged in /var/log/messages? 13:03:39 of course. 13:03:42 hmhm 13:03:50 do you know what C/C++ have? 13:03:58 UB. like, loads of UB. 13:04:08 do you know what autotools are for? 13:04:33 they let you find out what kinds of UB and other stuff you can expect on the platform you are building for. 13:05:03 certain kinds of UB and certain approaches result in hard errors like segmentation faults 13:05:37 that means the test binary crashes with a non-zero return value and the script knows it did not work 13:05:47 I wonder why perl doesn't generate any. I know its configure script is long as hell 13:06:00 because it is an interpreter 13:06:06 it does not need to do black magic 13:06:54 well, you say that, but php is casually engaging in UB by building all of its dynamic modules with static thread local storage mode (meant for .a files) 13:08:00 it does not crash so it must be doing it in an acceptable way 13:08:42 you could likely open an issue with the upstream libtool developers/maintainers? 13:08:58 'hey guys I do not like that you test something via inducing a segfault, can you stop' 13:09:10 the freebsd dynamic linker is providing it with a kludge 128-byte buffer to help it run (except 128 is not much room for global variables). linux gives around 2kb. 13:12:04 ultramage: php is a waver thin layer on top of C 13:13:25 no, php is a disaster 13:13:29 on top of C 13:13:46 (which is a disaster) 13:13:46 that, too 13:15:55 every year or so, i reread https://eev.ee/blog/2012/04/09/php-a-fractal-of-bad-design/ and it's fascinating how little has gotten fixed each time 13:15:57 Title: PHP: a fractal of bad design / fuzzy notepad 13:16:59 Perl is at least an exponential function of bad design 13:17:24 found logs from 2019 where libtool, libtdl, libmcrypt were doing it. They all have 'conftest', so I assume it's the same piece of code 13:19:00 ultramage: is this a production system where you're trying to make sense of logs, and this is generating noise you don't know how to filter, or what is the issue here? 13:22:16 kinda. I would prefer if these messages were limited to services that are failing at runtime. though this noise is just that, noise - it's easy to spot and skip over, since it only appears in the middle of package operations 13:23:03 https://www.gnu.org/software/autoconf/manual/autoconf-2.67/html_node/Runtime.html 13:23:04 Title: Runtime - Autoconf 13:23:12 re: conftest 13:23:45 yuripv: pr 666 on github is going to be a duplicate of https://github.com/openzfs/zfs/pull/14527 when that gets merged 13:23:47 666 – The ldconfig program in SNAP wasn't good https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=666 13:23:48 Title: Add vdevprops.7 to the Makefile by debdrup · Pull Request #14527 · openzfs/zfs · GitHub 13:24:29 ultramage: if you do not want port build-related messages on your production system, build your ports elsewhere and use built packages 13:24:30 sort of like microsoft's dcom permission warnings that litter the system log, where ms says they're expected (and they can't be arsed to silence them within the offending software even though iirc the flag is there) 13:25:12 it is weird to expect the kernel to filter out messages based on arbitrary rules 13:25:48 =) 13:34:20 nah I wanted the configure script itself to contain the segfaults. It is possible to do by adding a bunch of sigaction code, but that goes against the idea of minimalistic configure test cases. I can't think of anything good. Maybe if `sh` had an operator that trapped all signals coming from child processes? 13:36:15 that said, in the case of libtool, puts(dlerror()) is completely unnecessary, since the test case just wants the return value from main, and it's the puts() that's causing the fault. So if they ditched those text outputs that nobody reads anyway, that'd do the job 13:36:35 not sure if it's libtool writing the test case, or if it's some predefined autoconf macro 13:40:42 right now, configure's function is built on segfaults of code that doesn't work 13:41:07 do what Remilia said and build ports elsewhere 13:45:26 I'm sure I could obsessively file upstream issue reports, but I'm too burnt out from doing nothing but freebsd maintenance activities for the last 10 hours, in total silence. I'll let this one go for now. 13:48:17 what upstream issues? 13:48:31 autotools just works that way 13:48:47 there's a reason people think it's a blight 13:49:12 well, there's actually upwards of 36 reasons 13:53:39 as I said, I could ask libtool to make their dlopen testing macro not invoke libc string functions and try to print the reason why dlopen failed, instead just return 0 or 1 from main. I assume that would clean up the segfault without any loss in functionality. 13:55:44 I could ask freebsd kernel devs about why that PoS UB test executable is crashing inside jemalloc, and what it would take (different compiler flags?) to make it execute safely 13:58:19 I could ask libtool devs why the f they're testing if you can compile a small program as a static library with an elf header, then try to execute it, and then try to dynamic load a copy of itself into the same process space. 14:34:57 IIRC, this isn't the first time I see this config segfault question. I wonder if it should be a FAQ. 15:04:56 so, if i have a vm-bhyve vm and it is using a flat file for its disk image, can i move it to a zfs volume by dding it to the volume? 15:22:25 if I pt 3 usb 3 external drives into zfs 1 pool will the speed be combined speed of the disks? 15:32:03 Combined lack of speed would be my guess :D 15:48:07 concrete_houses: raid 1 will improve read speeds in theory, as long as you don't max out the usb bus 15:48:34 with mirrors, it uses round robin to read from the disks in the mirror 15:49:31 what about write? 15:49:53 as slow as normal, as it has to write the data to all disks in the mirror 15:50:14 say there are 3 disks in the zfs raid 1, will it break the file into small parts put put 1 on 1 2 on 2 3 on 33 and repreat so all sped is used? 15:50:31 no mirror just stripe 15:50:51 when you said zfs 1 i thought you meant raid 1, sorry 15:50:55 0 15:50:55 i've never used stripes 15:51:12 i'd reccommend reading michael lukas' book 15:51:24 whats that 15:51:57 a book on zfs on freebsd 15:52:09 https://www.amazon.com/Distributed-control-systems-evaluation-Engineering/dp/0442260202 15:52:12 Title: Distributed Control Systems: Their Evaluation and Design (Mechanical Engineering (Marcel Dekker Hardcover)): Lukas, Michael P.: 9780442260200: Amazon.com: Books 15:52:20 not that one 15:52:28 type "zfs" into amazon 15:52:35 in the past I had some problem with disks rearraging on reboot 15:52:41 does taht happen in zfs 15:52:49 as far as i know, not 15:52:56 zfs uses a duid to identify the disks 17:22:12 if unxz is not a POSIX utility and my goal is to only use POSIX utilities, what POSIX command can I use to uncompress a file with the .xz extension? 18:25:21 if I were you I'd worry about compatibility with real systems and not with standards. I'm sure someone has ported xz to whatever system you want your program to run on 18:26:04 POSIX has a "compress" command 18:26:28 it doesn't have anything to uncompress xz 18:31:50 hi all quick q... the iwm(4) driver.. does it support 5ghz in FreeBSD 13? And if so, how do I tell it to prefer 5 Ghz over 2.4 GHz? 18:32:15 or should I be usin iwlwifi? 18:34:27 iwm0: 18:41:59 im learning about jails and it says there's 1 main program the jail runs. but what if i want a jail to have a few daemons not just 1 running, like postgresql nginx and my web app binary? 18:48:54 polyex: first of, you get just start rc 18:49:39 but, secondly, and more importantly, what's the point of putting them into one jail if you're not separating them? 18:52:39 so i can deploy a self-contained web app that's made of 3 pieces of tech 18:53:48 if i break it into 3 jails then it's just OS level virtualization but not a nicer deployment vehicle like first class containers 18:53:51 am i wrong? 18:54:57 right now i just run these things on a vps, no jails, but i wanna try container style deployment with jails 18:55:44 having three different things with vastly different resource demands in one single container is nice for easy deployment, yes, but, uh 18:56:16 The trade off is in ease of sysadmining (1 jail or 3) versus security (less unwanted interactions between them). 18:57:25 the tradeoff is: easier deployment vs everything else 18:58:03 oh, and migration 18:58:40 but, upgrades, resource management, security issues, etc 18:59:24 means you have three components down instead of one 19:00:02 i can maybe see wisdom in putting db server in its own jail then web server and app in its own jail. then does web app talk to db server over network like db.mysite.com? (even tho it's on the same host) 19:01:10 yes, or you do crimes against security and mount the socket into the other jail 19:01:51 ya i dont wanna do that i think i rather have jails be ignorant of eachother and not assume they're local to eachother 19:03:03 so let's say the web app takes file uploads. i guess i wouldn't store them in the web app jail because then when i deploy a new version it would get overwritten. so how are stateful jails done best? 19:03:09 * meena 🤷🏻‍♀️ in VPN 19:03:44 polyex: by giving it storage for state 19:03:50 same with DB 19:04:12 that's the path the jail is given in the host FS to live in right? 19:20:17 meena: why is mounting a socket in another jail crimes against security? 19:24:10 satanist: https://reviews.freebsd.org/D27411#882100 19:24:11 Title: ⚙ D27411 add altlog_jaillist to syslogd's rc script 19:33:39 yes there are problems, but is the general idee to let two jails talk about a socket in a shared mountpoint a crime against security? 19:54:25 satanist: maybe? i don't know… yet 20:00:06 satanist, it may allow colluding jails to escape partially by passing directory file descriptors over the socket 20:01:48 ya i don't want to open any leaks from jail out unless it's through the network or something. so a db jail is given some state to save the db files in, and i guess a web app jail that takes file uploads but should be stateless needs to have another file upload service jail that the web app middles to? 20:04:34 jilles: but to achieve that one jail need a directory fd, if this fd is from outside the jail the problem is the access to the dirfd outside the jail not pasing it over a socket 20:44:34 Anyone run into issues with FreeBSD (this is 12.4) install media and older Tyan IP-KVM "virtual media" acting like this? 20:44:35 https://i.imgur.com/f0VZi6t.png 20:45:20 If I saw that I would be thinking the disk drive is failing. 20:45:35 I've verified checksums, reset the BIOS to "optimal defaults", tried the mini ISO (which gets closer to working). 20:45:45 Yeah, the puzzler is there's no actual disk involved. :) 20:45:57 It's a VM image? Oh. 20:46:14 It's an ISO. 20:47:06 The IPMI/BMC has full remote access, including the ability to "mount" an ISO as a drive. It appears as a USB CDROM drive (also an option to use a floppy). 20:48:06 I'm guessing this Tyan board is so old (2011 or so?), and so uncommon that there's probably some USB quirks FreeBSD needs that nobody ever ran into. 20:48:21 Hmm... I am running VMs in a Linux hosted KVM system, running a 12.4-RELEASE system, and I haven't hit this myself. That's all I know. 20:48:23 it might need some quirks added to function properly 20:48:25 I'm going to try some flavor of linux in a bit and see if the problem persists. 20:48:50 It's not a VM, it's real hardware. The only "virtual" thing is the CDROM. 20:55:28 cd1 is presumably a virtual CD-ROM drive supplied by the OOB BMC? Having it return read errors would, to me, indicate there's something wrong with the OOB BMC chip (which, being one of many completely separate computers in a modern system, is completely non-debuggable). 20:56:26 I doubt that anything that implements a block device is going to be able to tell you errors like CAM is doing there, because since it's a block device it can't per definition correlate errors with their operations. 20:56:47 That's... pretty much the biggest reason block devices were removed from FreeBSD. ;) 20:57:16 Considering that the snapshot also contains a vm_fault, I suspect there are bigger problems afoot. 21:00:12 snapshot/screenshot 21:07:13 I don't find it outside the realm of the possibility that the a +10 year old 400MHz ARM9 (or possibly the even older 200MHz FreeScale, which is based on a M68000), which forms the basis of that era of OOB BMCs, would start experiencing severe issues. 21:10:33 Even if Tyan splurged on Aspeed chip with ECC (which is an option according to the specs), that's not really a guarentee. 21:37:05 satanist, the issue I'm hinting at occurs when nullfs mounting some directory into another jail 21:41:21 jilles: can you be a bit more specific about the issue? 21:49:15 satanist, given jail A and jail B, if one is not an (indirect) child of the other and sends a directory fd to the other, the normal jail restriction doesn't work properly 21:50:50 because it doesn't apply the sender's root to the receiver's use of the fd 21:54:43 ok yes thats clear, but I would say this maybe (depending on the setup) acceptable 22:32:29 making a little progress with the Tyan BMC... Wouldn't boot linux either, then the virtual CD just stopped appearing. 22:32:51 just rebooted the BMC itself and it boots the same linux image that failed. 22:41:27 I wonder if my first attempt of using the normal install ISO was just too much for it - not clear if the image resides in RAM or what. 22:41:49 Or a memory leak, or bad RAM in the BMC that only gets tickled after it's been up for awhile... 22:45:24 spork_css_: generally the virtual CD-ROM drive does a streaming read of a file from the filesystem that it's hosted on 22:45:50 The OOB BMC is a completely separate system. 22:48:13 spork_css_: i suspect it's not the motherboard that's the problem 22:57:18 rtprio: it's not exactly simple to desolder the OOB BMC chip :3 23:07:38 out of band bmc.. board management controller? 23:15:57 Baseboard Management Controller(?) 23:16:57 Back to "linux boots, freebsd doesn't" - but the "linux boots" only works until you try the freebsd ISO, then the "linux boots" stops working as well. 23:17:50 Of note, the FreeBSD bootonly ISO is around 375MB, the Linux ISO is 170MB. I kind of feel like this is all a little half-assed. 23:18:29 This sucker's going into quasi-production, so I guess I'll just keep a little USB stick in it for any future reinstalls - the rest of the BMC features work fine. 23:19:07 All academic at this point to some extent, the colo is only about 15 minutes away and I have errands to run anyhow. 23:29:22 reflashing the BMC for giggles