OpenBSD cvs log

created 2022-03-17T09:27:58Z
begin 2021-12-01T00:00:00Z
end 2021-12-08T00:00:00Z
path src/sys
commits 52

date 2021-12-01T10:47:39Z
author jsg
files src/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm.c log diff annotate
message drm/amd/display: Set plane update flags for all planes in reset

From Nicholas Kazlauskas
3187623096091d8c60231de5ca0e020bfa5e6ee9 in linux 5.10.y/5.10.83
21431f70f6014f81b0d118ff4fcee12b00b9dd70 in mainline linux

date 2021-12-01T10:50:23Z
author jsg
files src/sys/dev/pci/drm/amd/amdgpu/gfx_v9_0.c log diff annotate
message drm/amdgpu/gfx9: switch to golden tsc registers for renoir+

From Alex Deucher
45b42cd05391197d5426a9097043d5e77bdbefc9 in linux 5.10.y/5.10.83
53af98c091bc42fd9ec64cfabc40da4e5f3aae93 in mainline linux

date 2021-12-01T12:51:09Z
author bluhm
files src/sys/net/if_bridge.c log diff annotate
src/sys/netinet/ip_ipsp.h log diff annotate
src/sys/netinet/ip_output.c log diff annotate
src/sys/netinet/ip_spd.c log diff annotate
src/sys/netinet/ipsec_input.c log diff annotate
src/sys/netinet/tcp_input.c log diff annotate
src/sys/netinet/udp_usrreq.c log diff annotate
src/sys/netinet6/ip6_forward.c log diff annotate
src/sys/netinet6/ip6_output.c log diff annotate
src/sys/netinet6/ip6_var.h log diff annotate
message Let ipsp_spd_lookup() return an error instead of a TDB. The TDB
is not always needed, but the error value is necessary for the
caller. As TDB should be refcounted, it makes not sense to always
return it. Pass an output pointer for the TDB which can be NULL.
OK mvs@ tobhe@

date 2021-12-01T17:04:26Z
author deraadt
files src/sys/kern/tty_subr.c log diff annotate
message late allocation of clist in putc() and b_to_q() hasn't been required in
a decade, because all tty drivers preallocate.
ok kettenis

date 2021-12-01T17:25:35Z
author kettenis
files src/sys/arch/sparc64/stand/ofwboot/ofdev.c log diff annotate
src/sys/arch/sparc64/stand/ofwboot/vers.c log diff annotate
src/sys/lib/libsa/fchmod.c log diff annotate
src/sys/lib/libsa/stand.h log diff annotate
message Fix booting from an IDE block device on the Sun Blade 100. Apparently
writing to disk using the Open Firmware interfaces is buggy and causes
corruption of the disk. While it isn't entirely clear what versions
of Open Firmware are affected, but it seems to only affect IDE drives.
So if we detect an IDE drive, disable writing to it. This results in
a small lose of bootloader functionality (bsd.upgrade loop prevention
and flagging /etc/random.seed re-use) but that is better than losing
the ability to run OpenBSD at all.

Based on a diff by Ted Bullock (who did all the hard work of debugging
this and coming up with a viable fix).

ok deraadt@

date 2021-12-01T21:48:00Z
author deraadt
files src/sys/net/if_enc.h log diff annotate
message mention that the "flags" field in the enchdr is uses m_flags values
(see mbuf.h)

date 2021-12-01T22:34:31Z
author bluhm
files src/sys/net/pfkeyv2.c log diff annotate
src/sys/netinet/ip_ipsp.c log diff annotate
src/sys/netinet/ip_ipsp.h log diff annotate
message Reintroduce the TDBF_DELETED flag. Checking next pointer to figure
out whether the TDB is linked to the hash bucket does not work.
This fixes removal of SAs that could not be flushed with ipsecctl -F.
OK tobhe@

date 2021-12-02T12:39:15Z
author bluhm
files src/sys/netinet/ip_ah.c log diff annotate
src/sys/netinet/ip_ipsp.c log diff annotate
src/sys/netinet/ipsec_input.c log diff annotate
src/sys/netinet/ipsec_output.c log diff annotate
src/sys/netinet/udp_usrreq.c log diff annotate
message Allow to build kernel without IPSEC or INET6 defines.
OK mpi@ mvs@

date 2021-12-02T13:46:42Z
author bluhm
files src/sys/netinet/ipsec_input.c log diff annotate
message ipsec_common_input_cb() extracted the inner IP header of IPsec
tunnels. It is never used, so this is useless code. Remove ipn
and ip6n IP header variables and the m_copydata() to fill them.
OK mvs@ kn@ sthen@

date 2021-12-02T15:13:49Z
author deraadt
files src/sys/kern/tty.c log diff annotate
src/sys/kern/tty_subr.c log diff annotate
src/sys/sys/tty.h log diff annotate
message firstc() and nextc() use an int of global static storage. Make this
a pointer to a local variable to allow concurrent use if that ever
needs to happen in the future.
ok mpi kettenis

date 2021-12-03T06:34:38Z
author anton
files src/sys/dev/usb/uhidev.c log diff annotate
message Bring back the recently reverted change, this time without the inverted
conditional. Repeating the previous commit messsage:

Assert that at least one report id is claimed during multiple report ids
attachment. Should prevent uhidev drivers from doing the wrong thing in their
corresponding match routine.

Tested by dv@

date 2021-12-03T12:40:15Z
author stsp
files src/sys/net80211/ieee80211_input.c log diff annotate
message Ignore ADDBA requests from our AP while we are roaming away from it.

Noticed while testing iwm/iwx roaming patches, where my AP would request
a new Rx BA session when we had already decided to roam away. There is no
need to set up a new Rx BA session with our old AP which we would have to
immediately tear down again anyway.

date 2021-12-03T12:41:36Z
author stsp
files src/sys/net80211/ieee80211_node.c log diff annotate
src/sys/net80211/ieee80211_node.h log diff annotate
src/sys/net80211/ieee80211_proto.c log diff annotate
src/sys/net80211/ieee80211_var.h log diff annotate
message Introduce an optional driver-specific bgscan_done() handler which
allows the driver to take control of the roaming teardown sequence.
This handler allows drivers to ensure that race conditions between
firmware state and net80211 state are avoided, and will be used by
the iwm(4) and iwx(4) drivers soon.

Split the existing roaming teardown sequence into two steps, one step
for tearing down Tx block ack sessions which sends a DELBA frame, and a
second step for flushing Tx rings followed by sending a DEAUTH frame.
We used to queue both frames, expecting to switch APs once both were sent.
Now we effectively expect everything to be sent before we queue a final
DEAUTH frame, and wait for just this frame to be sent before switching.
This already made issues on iwm/iwx less frequent but by itself this was
not enough to close all races for those drivers. It should however help
when adding background scan support to a non-firmware device driver.

Tested, with driver patches:
iwm 8265: Aaron Poffenberger, stsp
iwm 9260: florian
iwm 9560: sthen
iwx ax200: jmc, stsp

date 2021-12-03T12:42:39Z
author stsp
files src/sys/dev/pci/if_iwx.c log diff annotate
src/sys/dev/pci/if_iwxvar.h log diff annotate
message Implement a bgscan_done() handler for iwx(4).

Fixes roaming-related hangs observed by jmc@.

Tested:
ax200: jmc, stsp

date 2021-12-03T12:43:17Z
author stsp
files src/sys/dev/pci/if_iwm.c log diff annotate
src/sys/dev/pci/if_iwmvar.h log diff annotate
message Implement a bgscan_done() handler for iwm(4).

Required to prevent breakage of roaming with new Intel firmware on 9k devices.

Tested:
8265: Aaron Poffenberger, stsp
9260: florian
9560: sthen

date 2021-12-03T13:17:32Z
author stsp
files src/sys/dev/pci/if_iwx.c log diff annotate
message Disable probe requests during scans in iwx(4) again.

While this is working well for many, some people see device timeouts
when using the device unless we disable probe requests during scans.

The issue was a lot more visible on iwx(4) with earlier firmware.
In fact, iwx(4) did ship with probe requests disabled for most of its
existence. I re-enabled them along with a firmware upgrade since I no
longer saw the problem. However, the issue prevails for other people.

I still have no idea what is causing this. I have already spent enough
time trying to track down a proper fix. Unless we receive help from
someone who knows about firmware internals the best we can do is trial
and error. The problem also existed on iwm(4) 9k devices which we now
run with probe requests disabled, too.

The only upside of probe requests is that scans can complete faster, with
the downside of a potential privacy leak (the previously selected SSID is
exposed). So, overall, we do not lose much here.

Patch tested for a week by Laurence Tratt who is no longer seeing device
timeouts which were relatively frequent before.

date 2021-12-03T14:32:08Z
author stsp
files src/sys/dev/pci/if_iwx.c log diff annotate
message Switch iwx(4) to new -67 firmware images.

iwx-firmware-20211101 must be installed with fw_update(1) before
booting a new kernel. sysupgrade(8) will take care of this.

Intel has published a related security advisory:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html

iwx(4) devices which are using the iwx-Qu-c0-hr-b0-63 image did
not receive a firmware update. I have no idea why.

Tested:
ax200: jmc, stsp, Matthias Schmidt
ax201: fkr, stsp

date 2021-12-03T17:18:34Z
author bluhm
files src/sys/net/if_bridge.c log diff annotate
src/sys/netinet/ip_output.c log diff annotate
src/sys/netinet/ip_spd.c log diff annotate
src/sys/netinet6/ip6_forward.c log diff annotate
src/sys/netinet6/ip6_output.c log diff annotate
message Add TDB reference counting to ipsp_spd_lookup(). If an output
pointer is passed to the function, it will return a refcounted TDB.
The ref happens when ipsp_spd_inp() copies the pointer from
ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after
using it.
tested by Hrvoje Popovski; OK mvs@ tobhe@

date 2021-12-03T18:23:41Z
author kettenis
files src/sys/dev/fdt/bcm2711_pcie.c log diff annotate
message Perform DMA address translation if required.

ok patrick@

date 2021-12-03T19:04:49Z
author tobhe
files src/sys/net/pfkeyv2.c log diff annotate
src/sys/netinet/ip_ipsp.c log diff annotate
src/sys/netinet/ip_ipsp.h log diff annotate
message Add tdb_delete_locked() to replace duplicate tdb deletion code in
pfkey_flush().

ok bluhm@ mvs@

date 2021-12-03T19:16:29Z
author uaa
files src/sys/arch/arm64/conf/GENERIC log diff annotate
message - support I2C connected PMIC, add "early 1" to sxitwi.
- support axppmic via iic

ok kettenis@

date 2021-12-03T19:17:27Z
author uaa
files src/sys/dev/fdt/axppmic.c log diff annotate
message support AXP805 PMIC
ok kettenis@

date 2021-12-03T19:22:42Z
author uaa
files src/sys/dev/fdt/ehci_fdt.c log diff annotate
src/sys/dev/fdt/sxiccmu.c log diff annotate
message add Allwinner H6 support
ok kettenis@

date 2021-12-03T19:22:43Z
author uaa
files src/sys/dev/fdt/sxiccmu_clocks.h log diff annotate
message add Allwinner H6 support
ok kettenis@

date 2021-12-04T07:01:59Z
author anton
files src/sys/dev/usb/usb_subr.c log diff annotate
message Consolidate error paths in usbd_new_device, shaving of 14 lines.

ok bluhm@

date 2021-12-04T16:08:02Z
author kettenis
files src/sys/dev/fdt/bcm2711_pcie.c log diff annotate
message Previous diff was incomplete, we also need to do DMA translation for
bus_dmamap_load_raw(9). This fixes xhci(4) on the rpi4 with the
U-Boot from ports that is installed on the arm64 installation media.

ok mglocker@, patrick@

date 2021-12-04T18:51:36Z
author dv
files src/sys/arch/amd64/amd64/vmm.c log diff annotate
message vmm(4): reload vmcs after possible sleep points

Guests running on Intel hosts that sleep on a lock might have their
process moved to another cpu core by the scheduler. If this happens,
the VMCS needs to be remotely cleared and locally loaded otherwise
vmx instructions will fail. vmd(8) will receive a failure code and
abort the guest.

This change stores the current (last) cpu the process was on before
attempting a function call that may sleep (e.g. uvm_fault(9)). Upon
function return, perform the VMCS dance if needed.

Tested with help from Mischa Pieters.

OK mlarkin@

date 2021-12-05T11:33:45Z
author stsp
files src/sys/net80211/ieee80211.c log diff annotate
src/sys/net80211/ieee80211_proto.c log diff annotate
src/sys/net80211/ieee80211_proto.h log diff annotate
src/sys/net80211/ieee80211_var.h log diff annotate
message Defer rtm_80211info() call from ieee80211_set_link_state() to a task context.

Sending routing messages requires a socket lock which may sleep.
ieee80211_set_link_state() is called from interrupts and timeouts where
sleeping is not allowed. mvs@ pointed out that if_link_state_change()
is already using a task for this reason.

Should fix a witness-related panic reported by cheloha@

ok mvs@ tobhe@ florian@

date 2021-12-05T15:35:32Z
author jsg
files src/sys/dev/usb/uhidpp.c log diff annotate
message add missing mtx_leave() calls in error paths
ok anton@

date 2021-12-05T22:00:42Z
author cheloha
files src/sys/kern/kern_fork.c log diff annotate
src/sys/sys/proc.h log diff annotate
src/sys/uvm/uvm_mmap.c log diff annotate
message kbind(2): disable system call if not initialized before first __tfork(2)

To unlock kbind(2) we need to protect ps_kbind_addr and
ps_kbind_cookie.

The simplest way to do this is to disallow kbind(2) initialization
after the first __tfork(2) call. If the first thread does not
initialize the kbind(2) variables before __tfork(2) then we disable
kbind(2) during that first __tfork(2) call.

This is guenther@'s patch, I'm just committing it.

Discussed with guenther@, deraadt@, kettenis@, and mpi@.

ok kettenis@, positive response from mpi@, "I am busy" guenther@

date 2021-12-06T07:41:33Z
author sashan
files src/sys/net/pf_if.c log diff annotate
message fix odd check in pfi_kif_free()
pointed out by jsg@


OK jsg@

date 2021-12-06T09:49:46Z
author jsg
files src/sys/arch/arm64/arm64/machdep.c log diff annotate
message zero correct var in cpu_dump()
ok guenther@ deraadt@

date 2021-12-06T18:02:58Z
author kettenis
files src/sys/dev/fdt/bcm2711_pcie.c log diff annotate
message Add missing short-circuit in bcmpcie_dmamap_load_raw().

ok patrick@

date 2021-12-06T19:38:39Z
author kettenis
files src/sys/arch/arm64/dev/simplebus.c log diff annotate
message Implement DMA address translation for "raw" loads as well.

ok patrick@

date 2021-12-06T20:01:54Z
author kettenis
files src/sys/arch/arm/simplebus/simplebus.c log diff annotate
message Implement DMA address translation for "raw" loads as well.

ok patrick@

date 2021-12-06T21:21:10Z
author guenther
files src/sys/arch/powerpc64/powerpc64/machdep.c log diff annotate
src/sys/kern/exec_elf.c log diff annotate
src/sys/kern/init_main.c log diff annotate
src/sys/kern/kern_exec.c log diff annotate
src/sys/sys/exec.h log diff annotate
src/sys/sys/proc.h log diff annotate
message Start to delete emulation support: since we're Just ELF, make
copyargs() return 0/1 and merge elf_copyargs() into it. Rename
ep_emul_arg and ep_emul_argp to have clearer meaning and type and
eliminate ep_emul_argsize as no longer necessary. Make sure
ep_auxinfo (nee ep_emul_argp) is initialized as powerpc64 always
uses it in setregs().

ok semarie@ deraadt@ kettenis@

date 2021-12-07T01:19:47Z
author mvs
files src/sys/kern/uipc_usrreq.c log diff annotate
src/sys/sys/unpcb.h log diff annotate
message Make `unp_msgcount' and `unp_file' protection with `unp_gc_lock'
rwlock(9).

This save us from from races provided by unlocked access to the `f_count'
which cause false marking alive socket as dead. We always modify `f_count'
and `unp_msgcount' together so the `f_count' modification should also pass
the `unp_gc_rwlock' before `unp_msgcount' increment and after
`unp_msgcount' decrement. The locked `unp_file' assignment avoids us from
drain unp_gc() run.

This moves unp_gc() locking back when these wariables were protected with
the same lock which was taken for all garbage collector run but uses
another lock not `unp_lock'.

ok kettenis@ bluhm@

date 2021-12-07T02:58:46Z
author cheloha
files src/sys/uvm/uvm_vnode.c log diff annotate
message uvn_reference(): correct printf(9) argument order

Thread: https://marc.info/?l=openbsd-tech&m=163884527530326&w=2

ok deraadt@

date 2021-12-07T04:19:24Z
author guenther
files src/sys/kern/exec_elf.c log diff annotate
src/sys/kern/init_main.c log diff annotate
src/sys/kern/kern_exec.c log diff annotate
src/sys/kern/sys_process.c log diff annotate
src/sys/sys/exec_elf.h log diff annotate
src/sys/sys/proc.h log diff annotate
message Continue to delete emulation support: since we're Just ELF, the size
of the auxinfo is fixed: provide ELF_AUX_WORDS in <sys/exec_elf.h>
as a replacement for emul->e_arglen

ok millert@

date 2021-12-07T07:58:56Z
author anton
files src/sys/arch/amd64/amd64/vmm.c log diff annotate
message Add missing kernel unlock in error path.

ok dv@

Reported-by: [email protected]

date 2021-12-07T10:15:25Z
author kettenis
files src/sys/dev/acpi/acpi.c log diff annotate
message Fix parsing of SR_IRQ resource descriptors.

ok patrick@, anton@

date 2021-12-07T10:16:50Z
author kettenis
files src/sys/dev/acpi/dwiic_acpi.c log diff annotate
message Fix parsing of SR_IRQ resource descriptors here as well.

ok patrick@, anton@

date 2021-12-07T14:06:16Z
author visa
files src/sys/kern/sys_pipe.c log diff annotate
message Add EVFILT_EXCEPT filter for pipes

The kqueue-based select(2) needs the filter to replicate the old
exceptfds behaviour. The upcoming new poll(2) code will use the filter
for POLLHUP condition checking when the events bitmap is clear of
read/write events.

OK anton@

date 2021-12-07T16:07:56Z
author deraadt
files src/sys/dev/acpi/tpm.c log diff annotate
message print the failed method number

date 2021-12-07T17:28:46Z
author bluhm
files src/sys/netinet/ip_ipsp.c log diff annotate
src/sys/netinet/ip_ipsp.h log diff annotate
message In ipo_tdb the flow contains a reference counted TDB cache. This
may prevent that tdb_free() is called. It is not a real leak as
ipsecctl -F or termination of iked flush this cache when they remove
the IPsec policy. Move the code from tdb_free() to tdb_delete(),
then the kernel does the cleanup itself.
OK mvs@ tobhe@

date 2021-12-07T17:50:44Z
author guenther
files src/sys/arch/macppc/macppc/machdep.c log diff annotate
message Delete an #if block that dates from rev 1.1 and hasn't been enabled
in those 20 years. We're unlikely to take the macppc pmap in the
direction where it would apply.

ok kettenis@

date 2021-12-07T17:51:04Z
author guenther
files src/sys/kern/exec_elf.c log diff annotate
src/sys/kern/init_main.c log diff annotate
src/sys/kern/kern_exec.c log diff annotate
src/sys/sys/proc.h log diff annotate
message Continue to delete emulation support: we only have one sigcode and
sigobject. Just use the existing globals for the former and use a
global for the latter.

ok jsg@ kettenis@

date 2021-12-07T18:06:08Z
author kettenis
files src/sys/dev/acpi/pchgpio.c log diff annotate
message Fix typo in Tiger Lake H configuration.

From James Hastings

date 2021-12-07T18:30:26Z
author deraadt
files src/sys/uvm/uvm_map.c log diff annotate
message uvm_map_inentry() is provided a format string that says "inside", but then
prints the end which is in the next page. Subtract 1 to avoid confusion.

date 2021-12-07T20:06:38Z
author stsp
files src/sys/net80211/ieee80211_node.c log diff annotate
message Teach the net80211 stack to remove corresponding frames from ic_pwrsaveq
when a power-saving client decides to leave our hostap interface.

Prevents a "key unset for sw crypto" panic as we try to send a frame
to a node which is in COLLECT state with its WPA keys already cleared.

We were already clearing the queue which buffers power-saved frames for
the client node. This queue is stored within the node structure itself.
However, the interface has another global queue for frames which need to
be transmitted by the driver to a set of nodes during the next DTIM.
We missed removing frames for a departing node from this global queue.

While here, add missing node refcount adjustments as frames get purged.

Problem reported by Mikolaj Kucharski, who tested this fix for more
than a week with athn(4), with no further panics observed.

date 2021-12-07T22:17:02Z
author guenther
files src/sys/kern/exec_conf.c log diff annotate
src/sys/kern/exec_elf.c log diff annotate
src/sys/kern/init_main.c log diff annotate
src/sys/kern/kern_exec.c log diff annotate
src/sys/kern/kern_sig.c log diff annotate
src/sys/kern/kern_xxx.c log diff annotate
src/sys/kern/makesyscalls.sh log diff annotate
src/sys/kern/syscalls.c log diff annotate
message Delete the last emulation callbacks: we're Just ELF, so declare
exec_elf_fixup() and coredump_elf() in <sys/exec_elf.h> and call
them and the MD setregs() directly in kern_exec.c and kern_sig.c

Also delete e_name[] (only used by sysctl), e_errno (unused), and
e_syscallnames[] (only used by SYSCALL_DEBUG) and constipate
syscallnames to 'const char *const[]'

ok kettenis@

date 2021-12-07T22:17:03Z
author guenther
files src/sys/sys/exec_elf.h log diff annotate
src/sys/sys/proc.h log diff annotate
src/sys/sys/sysctl.h log diff annotate
message Delete the last emulation callbacks: we're Just ELF, so declare
exec_elf_fixup() and coredump_elf() in <sys/exec_elf.h> and call
them and the MD setregs() directly in kern_exec.c and kern_sig.c

Also delete e_name[] (only used by sysctl), e_errno (unused), and
e_syscallnames[] (only used by SYSCALL_DEBUG) and constipate
syscallnames to 'const char *const[]'

ok kettenis@