OpenBSD cvs log

created 2019-04-30T03:32:21Z
begin 2019-03-28T00:00:00Z
end 2019-04-04T00:00:00Z
path src/sys
commits 61

date 2019-03-28T09:41:35Z
author kettenis
files src/sys/arch/amd64/conf/GENERIC log diff annotate
message Enable uxrcom(4).

date 2019-03-28T10:15:23Z
author kettenis
files src/sys/arch/arm64/conf/GENERIC log diff annotate
message Enable uxrcom(4).

date 2019-03-28T14:35:29Z
author fcambus
files src/sys/arch/amd64/amd64/efifb.c log diff annotate
message Revert revision 1.20, switch back to using efifb_std_descr.n{rows,cols}
instead of EFIFB_HEIGHT and EFIFB_WIDTH when calling rasops_init() in
efifb_cnremap() and efifb_attach().

This appeared to cause issues on some systems, as reported by Dmitry on
bugs@.

date 2019-03-29T02:56:46Z
author dlg
files src/sys/dev/pci/if_ixl.c log diff annotate
message remove ifiq_barrier in ixl_down cos ifiq tasks don't use nic resources.

ixl_down frees all the dma memory used by the rings, but that memory
isn't used by ifiqs, so there's no need to wait for them to finish

date 2019-03-29T04:12:55Z
author dlg
files src/sys/net/ifq.c log diff annotate
src/sys/net/ifq.h log diff annotate
message deprecate ifiq_barrier.

drivers don't need to call it because the stack runs work in ifiqs.
again, only the stack has to care about waiting for pending work
when shutting down, not drivers. ifiq_destroy already does a task_del
and task_barrier dance, so we don't need ifiq_barrier.

date 2019-03-29T04:21:55Z
author dlg
files src/sys/net/ifq.c log diff annotate
src/sys/net/ifq.h log diff annotate
message while here, drop ifq_is_serialized and IFQ_ASSERT_SERIALIZED

nothing uses them, and they can generate false positives if the
serialiser is running at a lower IPL on the same cpu as a call to
ifq_is_serialiazed.

date 2019-03-29T11:04:40Z
author stsp
files src/sys/dev/ic/ar9287.c log diff annotate
src/sys/dev/ic/ar9287reg.h log diff annotate
message Read the EEPROM of AR9287 USB devices from the correct offset.
Fixes kevlo's TL-WN821nv3.
test & ok kevlo@

date 2019-03-29T11:05:46Z
author stsp
files src/sys/net80211/ieee80211_input.c log diff annotate
message Use stricter validation checks for A-MPDUs in the net80211 input path.
Don't accept A-MPDUs if not in RUN state, and don't accept them from
unassociated clients in hostap mode.
ok jmatthew@ kevlo@

date 2019-03-29T17:25:44Z
author sthen
files src/sys/dev/pci/if_jme.c log diff annotate
message typo in printf; leo_tck at volny cz

date 2019-03-30T08:04:35Z
author anton
files src/sys/dev/wscons/wsmux.c log diff annotate
message Restrict the number of allowed wsmux devices, just like wskbd and wsmouse
already does. Otherwise, malloc could panic if the device minor is sufficiently
large.

ok kettenis@ mpi@ visa@

Reported-by: syzbot+5a77a0fd8810d0785f61@syzkaller.appspotmail.com

date 2019-03-31T02:37:05Z
author jsg
files src/sys/arch/arm64/arm64/cpu.c log diff annotate
message follow atf and change neoverse e1 part number
matches trm which is now public

date 2019-03-31T06:16:38Z
author mglocker
files src/sys/dev/usb/ehci.c log diff annotate
message Fix comment typo: 'trasnfer' -> 'transfer'.

date 2019-03-31T11:00:11Z
author kevlo
files src/sys/dev/ic/ar9287.c log diff annotate
message AR9287-based usb devices use GPIO pin 10 for LED, not 8.
Tested with TP-LINK TL-WN821N V3.

ok stsp@

date 2019-03-31T11:33:11Z
author visa
files src/sys/kern/vfs_lockf.c log diff annotate
src/sys/sys/lockf.h log diff annotate
message Move the prototypes of internal lockf functions from
to vfs_lockf.c. This makes the public interface clearer.

The declaration of variable lockf_debug is removed from the header
because it is not needed outside of vfs_lockf.c.

OK anton@ tedu@

date 2019-03-31T13:56:25Z
author mpi
files src/sys/net/bridgestp.c log diff annotate
message The KERNEL_LOCK() is still what serializes access to bridge(4) data structures.

Fix a warning reported by Hrvoje Popovski, ok visa@

date 2019-03-31T13:58:18Z
author mpi
files src/sys/net/if_var.h log diff annotate
message Document that it is safe to dereference `if_softc' when the caller has
a valid reference to the corresponding `ifp'.

ok visa@

date 2019-03-31T13:59:38Z
author mpi
files src/sys/net/if_bridge.c log diff annotate
message Fix output accounting when bridge(4) is down.

ok visa@

date 2019-03-31T14:03:40Z
author mpi
files src/sys/net/art.h log diff annotate
src/sys/sys/srp.h log diff annotate
message Make ART data structure definitions visible to userland, in order to fix
netstat(1) inspection of routing tables.

From Naoki Fukaumi, ok yasuoka@

date 2019-03-31T15:34:02Z
author claudio
files src/sys/net/rtsock.c log diff annotate
message Add a more strict rtm_hdrlen size check. Make sure that at least
struct rt_msghdr bytes are passed in. Also return a failure from
rtm_xaddrs() if rti_addrs has bad flags or run out of space.
Ok bluhm@

Reported-by: syzbot+18fd599cf8e14c507115@syzkaller.appspotmail.com

date 2019-03-31T17:55:09Z
author ratchov
files src/sys/dev/audio.c log diff annotate
message Don't try to recover when DMA pointers wrap if the driver is
using bounce buffers. In this case, hardware underruns are managed
by the driver on the bounce buffers, not the audio ring buffer.

date 2019-03-31T19:29:27Z
author tb
files src/sys/net/art.c log diff annotate
message Unbreak tree by removing the bits that were copied to art.h in r1.18
from here.

reported by anton and otto

date 2019-04-01T02:58:56Z
author jmatthew
files src/sys/dev/pci/if_ixl.c log diff annotate
message Don't use a prefetchable mapping for the registers - the controller only
accepts specific read and write widths, so prefetching and write combining
can cause it to generate pcie errors.

ok dlg@

date 2019-04-01T03:01:14Z
author jmatthew
files src/sys/dev/pci/if_ixl.c log diff annotate
message Enable the full pre-reset code path again, now that we've fixed the cause
of the pcie errors.

ok dlg@

date 2019-04-01T03:23:45Z
author dlg
files src/sys/kern/kern_task.c log diff annotate
src/sys/sys/task.h log diff annotate
message deprecate TASKQ_CANTSLEEP since nothing uses it anymore

if we ever want it back, it's in the attic.

ok mpi@ visa@ kettenis@

date 2019-04-01T06:01:07Z
author naddy
files src/sys/dev/pci/if_wb.c log diff annotate
message repair "} if" from an ancient merge error; ok deraadt@ kn@

date 2019-04-01T06:03:57Z
author naddy
files src/sys/dev/x86emu/x86emu.c log diff annotate
message Repair "} if" and make it the intended "} else if", compare the corresponding
ror_*() functions. Also, the result doesn't actually change. ok deraadt@

date 2019-04-01T07:00:51Z
author tedu
files src/sys/arch/alpha/alpha/machdep.c log diff annotate
src/sys/arch/amd64/amd64/machdep.c log diff annotate
src/sys/arch/arm64/arm64/machdep.c log diff annotate
src/sys/arch/armv7/armv7/armv7_machdep.c log diff annotate
src/sys/arch/hppa/hppa/machdep.c log diff annotate
src/sys/arch/i386/i386/machdep.c log diff annotate
message fast track ddb> reboot command to skip anything which might panic again.
ok deraadt

date 2019-04-01T07:00:52Z
author tedu
files src/sys/arch/landisk/landisk/machdep.c log diff annotate
src/sys/arch/loongson/loongson/machdep.c log diff annotate
src/sys/arch/luna88k/luna88k/machdep.c log diff annotate
src/sys/arch/macppc/macppc/machdep.c log diff annotate
src/sys/arch/octeon/octeon/machdep.c log diff annotate
src/sys/arch/sgi/sgi/machdep.c log diff annotate
src/sys/arch/socppc/socppc/machdep.c log diff annotate
src/sys/arch/sparc64/sparc64/machdep.c log diff annotate
src/sys/ddb/db_command.c log diff annotate
src/sys/sys/reboot.h log diff annotate
message fast track ddb> reboot command to skip anything which might panic again.
ok deraadt

date 2019-04-01T07:02:04Z
author tedu
files src/sys/arch/loongson/loongson/machdep.c log diff annotate
message compile fix from visa

date 2019-04-01T08:21:04Z
author mlarkin
files src/sys/arch/amd64/include/vmmvar.h log diff annotate
message vmm(4): Don't advertise support for MCE/MCA since we don't implement
the MSRs to support them. Fixes an OOPS during Linux guest VM boot on
Ryzen.

ok deraadt

date 2019-04-01T08:40:37Z
author patrick
files src/sys/dev/fdt/imxgpc.c log diff annotate
message In the upstreamed and official device tree for i.MX8MQ the power domains are
not separate nodes, but instead part of imxgpc(4).

ok kettenis@

date 2019-04-01T08:43:04Z
author patrick
files src/sys/dev/fdt/xhci_fdt.c log diff annotate
message In the upstreamed and official device tree for i.MX8MQ the USB phys
use only one address and size cells. Also set the assigned clocks
and enable them.

ok kettenis@

date 2019-04-01T08:43:29Z
author mortimer
files src/sys/arch/amd64/amd64/locore.S log diff annotate
message Add retguard macros to kernel setjmp / longjmp.

ok deraadt@ kettenis@

date 2019-04-01T08:46:16Z
author patrick
files src/sys/arch/arm64/conf/GENERIC log diff annotate
src/sys/arch/arm64/conf/RAMDISK log diff annotate
src/sys/dev/fdt/files.fdt log diff annotate
src/sys/dev/fdt/Attic/imxdwusb.c log diff annotate
src/sys/dev/fdt/Attic/imxpd.c log diff annotate
message imxdwusb(4) and imxpd(4) are no longer needed.

ok kettenis@

date 2019-04-01T08:49:35Z
author patrick
files src/sys/dev/fdt/imxccm.c log diff annotate
src/sys/dev/fdt/imxccm_clocks.h log diff annotate
message In the upstreamed and official device tree for i.MX8MQ the clocks
have changed. The clocks are not split into SRC, PRE_DIV, DIV and
CG anymore. There is only a single index for each clock and we
need to handle them as composite clocks internally.

ok kettenis@

date 2019-04-01T09:28:24Z
author tedu
files src/sys/ddb/db_command.c log diff annotate
message remove prototype from earlier version of reboot code. spotted by anton

date 2019-04-01T10:31:46Z
author kn
files src/sys/dev/pci/if_iwm.c log diff annotate
message Fix interrupt handler to set RUNNING flag when RF switch is enabled

With an UP and RUNNING interface, turning off the hardware kill switch
removes the RUNNING flag and powers down the device.

Iff still UP, switching it back would not reset the flag accordingly.

Fix this in analogy to sys/dev/pci/if_iwn.c revision 1.204 by scheduling
iwm_init() unconditionally on both hardware kill switch edges; it'll take
care of everything else.

Tested with

iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0xbb,
msi iwm0: hw rev 0x140, fw ver 16.242414.0

OK deraadt stsp

date 2019-04-01T10:47:13Z
author kn
files src/sys/dev/pci/if_iwm.c log diff annotate
message Enable RF_KILL interrupts on resume

Like the interrupt handler, the resume path needs to check the register to
update flags in order to propagate the hardware kill switch state, otherwise
the driver would still consider the switch to be off after resume even
though it may have changed while in S3.

Fix the resume path by simply applying the same idiom already found in
iwm_start_hw(). This will ensure seemless operation no matter which
combination of switch toggling and suspend/resume users will follow.

OK stsp

date 2019-04-01T12:02:43Z
author mlarkin
files src/sys/arch/amd64/amd64/vmm.c log diff annotate
src/sys/arch/amd64/include/vmmvar.h log diff annotate
message vmm(4): Don't advertise support for SSBD and related speculative exec
control features on AMD. Linux tries to use them and since these are not
fully implemented yet, it results in an OOPS during boot on recent
hardware.

When these are properly passed through, we can restore advertising
support for this feature.

ok deraadt@

date 2019-04-01T12:45:49Z
author mlarkin
files src/sys/arch/amd64/include/pmap.h log diff annotate
message vmm(4): flush EPT when uvm removes mappings from a nested page table

Ensure TLB is flushed to avoid stale entries when uvm removes
entries from a guest VM's EPT. This is done on VM teardown and when uvm
pages out pages in low memory situations. Prompted by a conversation with
Maxime from NetBSD a few months back.

ok deraadt

date 2019-04-01T12:45:50Z
author mlarkin
files src/sys/arch/amd64/amd64/pmap.c log diff annotate
src/sys/arch/amd64/amd64/vmm.c log diff annotate
message vmm(4): flush EPT when uvm removes mappings from a nested page table

Ensure TLB is flushed to avoid stale entries when uvm removes
entries from a guest VM's EPT. This is done on VM teardown and when uvm
pages out pages in low memory situations. Prompted by a conversation with
Maxime from NetBSD a few months back.

ok deraadt

date 2019-04-01T15:19:56Z
author patrick
files src/sys/dev/ic/bwfm.c log diff annotate
message Correctly extract the RSSI information from the structure. It's
a 16-bit value, so we have to use letoh16() instead of letoh32().
Also properly cast it to signed, so that it can be sign-extended
properly.

ok stsp@

date 2019-04-02T03:35:08Z
author mortimer
files src/sys/arch/amd64/amd64/copy.S log diff annotate
src/sys/arch/amd64/amd64/locore.S log diff annotate
src/sys/arch/amd64/include/asm.h log diff annotate
message Add variable length trap padding between the retguard epilogue and the
following return.

This change adds a constraint that the name passed to the RETGUARD_* macros
must correspond to the name in the corresponding ENTRY which starts the
function (or a function which appears beforehand in the same file). Since
we use the distance from the ENTRY definition to calculate how much padding
to insert, the ENTRY symbol must be in scope at assembly time. This is
almost always the case already, since it is the natural way to name the
retguard symbols so they remain unique.

ok deraadt@

date 2019-04-02T05:03:00Z
author mlarkin
files src/sys/arch/amd64/amd64/vmm.c log diff annotate
message vmm(4): Inject #UD on read of MSR_LS_CFG on AMD SVM

The LS_CFG MSR is used as a different way to determine if SSBD controls
are present. Since we don't implement this, inject a #UD on read of this
MSR, which Linux interprets as "not having SSBD controls".

ok deraadt

date 2019-04-02T05:06:39Z
author mlarkin
files src/sys/arch/amd64/amd64/vmm.c log diff annotate
message vmm(4): Fix some broken event injection code for SVM

Rework some event injection code which was using an incorrect v_eventinj
field format.

ok deraadt

date 2019-04-02T07:08:39Z
author stsp
files src/sys/dev/acpi/sdhc_acpi.c log diff annotate
message Don't detach non-removable devices during resume on "sdhc* at acpi?".
Makes hibernate work with rootfs on built-in emmc storage.
Tested on King Jim Portabook.
ok deraadt@ kettenis@

date 2019-04-02T07:08:40Z
author stsp
files src/sys/dev/sdmmc/sdhc.c log diff annotate
src/sys/dev/sdmmc/sdhcvar.h log diff annotate
src/sys/dev/sdmmc/sdmmc.c log diff annotate
src/sys/dev/sdmmc/sdmmcvar.h log diff annotate
message Don't detach non-removable devices during resume on "sdhc* at acpi?".
Makes hibernate work with rootfs on built-in emmc storage.
Tested on King Jim Portabook.
ok deraadt@ kettenis@

date 2019-04-02T08:30:38Z
author deraadt
files src/sys/conf/newvers.sh log diff annotate
message Move to 6.5 release rathe than -beta. That means "pkg_add -u -Dsnap"
becomes the norm until release is out.

date 2019-04-02T10:46:02Z
author dlg
files src/sys/net/if_mpe.c log diff annotate
src/sys/net/if_mpip.c log diff annotate
src/sys/net/if_mpw.c log diff annotate
message some mbuf ph_rtableid fixes

consistently set the rtabled for "outgoing" packets to the encap
rdomain. use this for rtallocs in mpip too instead of assuming 0.

date 2019-04-02T10:50:16Z
author dlg
files src/sys/net/if_mpe.c log diff annotate
src/sys/net/if_mpip.c log diff annotate
src/sys/net/if_mpw.c log diff annotate
message clear the BCAST and MCAST mbuf flags for "outgoing" packets.

if these remain set then output on the underlying interface may
mistakenly be done with the wrong protocol type (eg, MPLS_MCAST
instead of MPLS), and to the wrong link layer address.

reported by Lee Nelson
the specific problem was identified by Mitchell Krome

date 2019-04-02T10:50:20Z
author yasuoka
files src/sys/ddb/db_input.c log diff annotate
message Fix ddb not to write its history to out of the region. When the
inputted line just ends at sizeof(db_history), ddb started writing the
histories to out of the region. diff from IIJ.

ok deraadt anton

date 2019-04-02T10:52:33Z
author dlg
files src/sys/net/if_mpe.c log diff annotate
message call pf_pkt_addr_changed on input

makes this consistent with other tunnel drivers, but mostly to avoid
having state info leak between layers of encapsulation.

date 2019-04-02T11:00:22Z
author deraadt
files src/sys/kern/kern_xxx.c log diff annotate
message retguard has now replaced the stack protector on clang architectures,
the kernel does not need a __stack_smash_handler function.
WARNING: You need a fairly new clang, approximately > March 31.
with mortimer

date 2019-04-02T11:02:01Z
author deraadt
files src/sys/uvm/uvm_mmap.c log diff annotate
message BOGO_PC is an invalid userland address, which indicates kbind() is now
disabled in the process. Rather than tying it to KERNBASE, make it simply
-1, which means it even more invalid..
ok tedu

date 2019-04-02T13:07:28Z
author visa
files src/sys/kern/vfs_init.c log diff annotate
src/sys/kern/vfs_subr.c log diff annotate
src/sys/sys/mount.h log diff annotate
src/sys/uvm/uvm_swap.c log diff annotate
message Restrict which filesystems are available for swap. This rules out
obvious misconfigurations that cannot work.

OK mpi@ tedu@

date 2019-04-02T20:24:32Z
author thfr
files src/sys/dev/pci/azalia.c log diff annotate
message disable MSI for AMD Summit Ridge/Raven Ridge HD Audio as workaround for audio stopping after varying amounts of time. ok brynet@, deraadt@

date 2019-04-03T07:38:12Z
author ratchov
files src/sys/dev/usb/uaudio.c log diff annotate
message Make the uaudio_stream->ubuf_xfer relative to current xfer number.

No behavior change. The new representation is equivalent but eases
detection of overflows and underflows.

date 2019-04-03T07:44:52Z
author ratchov
files src/sys/dev/usb/uaudio.c log diff annotate
message Check for available space before copying data to the bounce buffers.

No behavior change as we don't call uaudio_pdata_copy() in situations
when bounce buffers may not be available.

date 2019-04-03T07:47:20Z
author ratchov
files src/sys/dev/usb/uaudio.c log diff annotate
message Always copy data (if any) whenever a new bounce buffer is available.

date 2019-04-03T10:31:10Z
author jsg
files src/sys/dev/pci/drm/radeon/cik.c log diff annotate
message Correct access to doorbell. In radeondrm this is only present and used
with gfx7/sea islands hardware. Fixes ring 2 test failure on
carrizo-l/mullins.

Problem found by kettenis@ in a different part of the drm 4.19 tree.

date 2019-04-03T16:20:23Z
author anton
files src/sys/net/bpf.c log diff annotate
message Reject negative and too large timeouts passed to BIOCSRTIMEOUT. Since
the timeout converted to ticks is later passed timeout_add(), it could
cause a panic if the timeout is negative.

ok deraadt@ millert@

Reported-by: syzbot+82cb4dfe6a1fc3d8b490@syzkaller.appspotmail.com