OpenBSD cvs log

created	2022-03-17T09:54:08Z
begin	2021-12-15T00:00:00Z
end	2021-12-22T00:00:00Z
path	src/sys
commits	50

date	2021-12-15T00:37:21Z
author	deraadt
files	src/sys/arch/arm64/stand/efiboot/efiboot.c	log	diff	annotate
message	typo in previous

date	2021-12-15T12:53:53Z
author	mpi
files	src/sys/dev/pci/drm/i915/gem/i915_gem_shmem.c	log	diff	annotate
	src/sys/dev/pci/drm/radeon/radeon_ttm.c	log	diff	annotate
	src/sys/uvm/uvm_aobj.c	log	diff	annotate
	src/sys/uvm/uvm_device.c	log	diff	annotate
	src/sys/uvm/uvm_fault.c	log	diff	annotate
	src/sys/uvm/uvm_km.c	log	diff	annotate
	src/sys/uvm/uvm_map.c	log	diff	annotate
	src/sys/uvm/uvm_map.h	log	diff	annotate
	src/sys/uvm/uvm_object.c	log	diff	annotate
	src/sys/uvm/uvm_object.h	log	diff	annotate
	src/sys/uvm/uvm_page.c	log	diff	annotate
	src/sys/uvm/uvm_pager.c	log	diff	annotate
	src/sys/uvm/uvm_pdaemon.c	log	diff	annotate
	src/sys/uvm/uvm_vnode.c	log	diff	annotate
message	Use a per-UVM object lock to serialize the lower part of the fault handler. Like the per-amap lock the `vmobjlock' is principally used to serialized access to objects in the fault handler to allow faults occurring on different CPUs and different objects to be processed in parallel. The fault handler now acquires the `vmobjlock' of a given UVM object as soon as it finds one. For now a write-lock is always acquired even if some operations could use a read-lock. Every pager, corresponding to a different kind of UVM object, now expect the UVM object to be locked and some operations, like _get() return it unlocked. This is enforced by assertions checking for rw_write_held(). The KERNEL_LOCK() is now pushed to the VFS boundary in the vnode pager. To ensure the correct amap or object lock is held when modifying a page many uvm_page operations are now asserting for the "owner" lock. However, fields of the "struct vm_page" are still being protected by the global `pageqlock'. To prevent lock ordering issues with the new `vmobjlock' and to reduce differences with NetBSD this lock is now taken and released for each page instead of around the whole loop. This commit does not remove the KERNEL_LOCK/UNLOCK() dance. Unlocking will follow if there is no fallout. Ported from NetBSD, tested by many, thanks! ok kettenis@, kn@

date	2021-12-15T15:30:47Z
author	visa
files	src/sys/kern/tty.c	log	diff	annotate
files	src/sys/kern/tty_pty.c	log	diff	annotate
message	Adjust pty and tty event filters * Implement EVFILT_EXCEPT for ttys for HUP condition detection. This filter is used when pollfd.events has no read/write events. * Add HUP condition detection to filt_ptcwrite() and filt_ttywrite() to reflect ptcpoll() and ttpoll(). Only poll(2) and select(2) can utilize the code; kevent(2) should behave as before with EVFILT_WRITE. * Clear EV_EOF and __EV_HUP if the EOF/HUP condition ends. OK mpi@

date	2021-12-15T15:58:01Z
author	bluhm
files	src/sys/netinet/igmp.c	log	diff	annotate
message	Syzkaller found a dereference in igmp_leavegroup() where inm->inm_rti is NULL. It should be set in rti_fill(), but is not if malloc(9) fails. There is no rollback after malloc failure so the field stays uninitialized. The code is only called from ioctl, setsockopt or a task. Malloc should wait instead of failing, otherwise syscalls would be unreliable. While there also put an M_WAIT in the init code. During init malloc must not fail. OK mvs@ Reported-by: [email protected]

date	2021-12-15T17:21:08Z
author	deraadt
files	src/sys/netinet/ip_mroute.c	log	diff	annotate
files	src/sys/netinet6/ip6_mroute.c	log	diff	annotate
message	structure pads can leak uninitialized memory to userland via copyout, therefore the mandatory idiom is completely clearing structs before building them for copyout -- that means ALMOST ALL STRUCTS, because we never know when some architecture will pad a struct.. In two more cases, the clearing wasn't performed. from Reno Robert ZDI ok millert bluhm

date	2021-12-16T00:54:42Z
author	deraadt
files	src/sys/net/if_wg.c	log	diff	annotate
message	pool_get w/ PR_ZERO is better than following with a bzero, because pools hold dirty and clean memory, and can hand out the right time cheaper ok dlg

date	2021-12-16T02:01:59Z
author	sashan
files	src/sys/net/pf_lb.c	log	diff	annotate
message	fix zero division found by syzkaller. The sanity checks in pf(4) ioctls are not powerful enough to detect invalid port ranges (or even invalid rules). syzkaller does not use pfctl(8), it uses ioctl(2) to pass some random chunk of memory as a rule to pf(4). Fix adds explicit check for 0 divider to pf_get_transaddr(). It should make syzkaller happy without disturbing anyone else. OK gnezdo@ Reported-by: [email protected]

date	2021-12-16T08:03:17Z
author	anton
files	src/sys/arch/amd64/conf/GENERIC	log	diff	annotate
	src/sys/arch/amd64/conf/RAMDISK	log	diff	annotate
	src/sys/arch/amd64/conf/RAMDISK_CD	log	diff	annotate
	src/sys/dev/acpi/acpi.c	log	diff	annotate
	src/sys/dev/acpi/com_acpi.c	log	diff	annotate
message	Attach com over acpi on amd64. Some hardware uses a different interrupt assignment compared to the the legacy one supported by com over isa. This causes the console to halt once userland takes over as no interrupts are received. The actual address and irq can be read from ACPI, kettenis@ already added support for arm64 which paved the way for amd64. Some consoles that previously attached over isa are now expected to attach over acpi. Thanks to patrick@ for testing on arm64. ok kettenis@

date	2021-12-16T09:33:56Z
author	claudio
files	src/sys/net/rtsock.c	log	diff	annotate
message	When adding the extra 10% of space to a needed sysctl buffer use math that is less likely to overflow the int type used. A BGP fullfeed is now so big that this calculation overflowed and then got sign extended. The result was for example 'route -n show' failures. Problem identified with deraadt@ OK deraadt@ (more cleanup needed but this fix is a good start)

date	2021-12-16T15:38:03Z
author	bluhm
files	src/sys/netinet/ip_spd.c	log	diff	annotate
message	Fix a tiny race in tdb_delete() between TDBF_DELETED, tdb_unlink() and tdb_cleanspd(). gettdb...() can return a TDB before tdb_unlink(). Then ipsp_spd_lookup() could add it to tdb_policy_head after tdb_cleanspd(). There it would stay until it hits the kassert in tdb_free(). OK tobhe@

date	2021-12-17T14:18:15Z
author	mpi
files	src/sys/uvm/uvm_fault.c	log	diff	annotate
message	Do not try to unlock a NULL object. Fix a NULL dereference introduced in previous, reported by anton@ and Benjamin Baier. Reported-by: [email protected]

date	2021-12-17T14:59:22Z
author	patrick
files	src/sys/arch/amd64/conf/Makefile.amd64	log	diff	annotate
	src/sys/arch/arm64/conf/Makefile.arm64	log	diff	annotate
	src/sys/arch/armv7/conf/Makefile.armv7	log	diff	annotate
	src/sys/arch/i386/conf/Makefile.i386	log	diff	annotate
	src/sys/arch/loongson/conf/Makefile.loongson	log	diff	annotate
	src/sys/arch/macppc/conf/Makefile.macppc	log	diff	annotate
	src/sys/arch/octeon/conf/Makefile.octeon	log	diff	annotate
	src/sys/arch/powerpc64/conf/Makefile.powerpc64	log	diff	annotate
	src/sys/arch/riscv64/conf/Makefile.riscv64	log	diff	annotate
	src/sys/arch/sparc64/conf/Makefile.sparc64	log	diff	annotate
message	Disable a few warning flags that were introduced and enabled by default with LLVM 13.

date	2021-12-18T08:24:31Z
author	anton
files	src/sys/dev/kcov.c	log	diff	annotate
message	Reduce the overhead of the trace compare routines by checking if kcov is enabled for the current thread before doing anything else.

date	2021-12-18T09:19:25Z
author	kettenis
files	src/sys/dev/ofw/ofw_misc.c	log	diff	annotate
files	src/sys/dev/ofw/ofw_misc.h	log	diff	annotate
message	Add a mailbox "framework" to handle mailboxes referenced in device trees in a generic way. ok visa@

date	2021-12-18T13:33:52Z
author	kettenis
files	src/sys/arch/arm64/dev/aplmbox.c	log	diff	annotate
files	src/sys/arch/arm64/dev/aplmbox.h	log	diff	annotate
message	Add aplmbox(4), a driver for the mailbox that provides a communication channel with additional cores integrated on Apple SoCs. ok patrick@

date	2021-12-19T01:30:41Z
author	jsg
files	src/sys/dev/pci/drm/amd/display/dc/core/dc_resource.c	log	diff	annotate
message	drm/amd/display: Fix for the no Audio bug with Tiled Displays From Mustapha Ghaddar dd3cea3425226565c959a1a6b1a1cce2e3394713 in linux 5.10.y/5.10.87 5ceaebcda9061c04f439c93961f0819878365c0f in mainline linux

date	2021-12-19T01:33:26Z
author	jsg
files	src/sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_crc.c	log	diff	annotate
message	drm/amd/display: add connector type check for CRC source set From Perry Yuan f35f7f04aa80587bfe00c5e679df054918e79a63 in linux 5.10.y/5.10.87 2da34b7bb59e1caa9a336e0e20a76b8b6a4abea2 in mainline linux

date	2021-12-19T03:39:05Z
author	jsg
files	src/sys/dev/pci/drm/radeon/radeon_kms.c	log	diff	annotate
message	fix radeondrm console colours on sparc64 Directly do register writes in the sparc64 specific radeondrm_setcolor() instead of trying to pass colour values via crtc->gamma_store. With these changes the console changes from white text on a black background to black text on a white background. Only older radeon families are handled and crtc selection is skipped as with radeonfb. Both of the sun radeon parts fall into this family < CHIP_RS600 path. xvr-100 (0x1002:0x5159 pci rv100) xvr-300 (0x1002:0x5b64 pcie rv380) Tested on a Sun Blade 100 with XVR-100 by Ted Bullock who also helped with the patch.

date	2021-12-19T06:29:30Z
author	jsg
files	src/sys/dev/pci/drm/radeon/radeon_kms.c	log	diff	annotate
message	fix setting palette with 8bpp fb used on 8mb parts

date	2021-12-19T07:45:59Z
author	anton
files	src/sys/dev/kcov.c	log	diff	annotate
message	Reduce the overhead of all trace routines by returning as early as possible in kd_curproc().

date	2021-12-19T12:45:14Z
author	kettenis
files	src/sys/dev/fdt/rktemp.c	log	diff	annotate
message	whitespace

date	2021-12-19T13:07:36Z
author	kettenis
files	src/sys/arch/arm64/conf/GENERIC	log	diff	annotate
	src/sys/arch/arm64/conf/RAMDISK	log	diff	annotate
	src/sys/arch/arm64/conf/files.arm64	log	diff	annotate
message	Enable aplmbox(4).

date	2021-12-19T23:30:08Z
author	bluhm
files	src/sys/net/pfkeyv2.c	log	diff	annotate
	src/sys/netinet/ip_ipsp.c	log	diff	annotate
	src/sys/netinet/ip_ipsp.h	log	diff	annotate
message	There are occasions where the walker function in tdb_walk() might sleep. So holding the tdb_sadb_mtx() when calling walker() is not allowed. Move the TDB from the TDB-Hash to a temporary list that is protected by netlock. Then unlock tdb_sadb_mtx and traverse the list to call the walker. OK mvs@

date	2021-12-19T23:47:24Z
author	kettenis
files	src/sys/arch/arm64/conf/files.arm64	log	diff	annotate
	src/sys/arch/arm64/dev/aplns.c	log	diff	annotate
	src/sys/arch/arm64/dev/rtkit.c	log	diff	annotate
	src/sys/arch/arm64/dev/rtkit.h	log	diff	annotate
message	Add an implementation for the protocol to communicate with coprocessors running firmware based Apple's RTKit OS. Use this code to bring up the storage controller that implements Apple's flavour of NVMe. ok dlg@, patrick@

date	2021-12-20T04:21:32Z
author	jmatthew
files	src/sys/dev/fdt/if_dwge.c	log	diff	annotate
message	Rework the tx path to use the consumer and producer positions to work out the number of slots available, and to put packets on the ring until fewer than DWGE_NTXSEGS slots are left, making dwge_start() and dwge_txeof() work independently. While here, only write to GMAC_TX_POLL_DEMAND once per call to dwge_start() rather than once per packet. Adjust the rx interrupt path to check the number of slots in use and return slots once per interrupt. Add interrupt and ifq barriers before taking the interface down. With all of this done, we can mark dwge(4) mpsafe. ok dlg@ patrick@

date	2021-12-20T13:59:02Z
author	hastings
files	src/sys/dev/ic/mtwreg.h	log	diff	annotate
	src/sys/dev/usb/if_mtw.c	log	diff	annotate
	src/sys/dev/usb/if_mtwvar.h	log	diff	annotate
message	Add mtw(4), a driver for MediaTek MT7601U wifi devices. Ported from run(4) with legacy chipsets removed. Not yet enabled in the build. ok stsp@ jmatthew@

date	2021-12-20T14:54:37Z
author	hastings
files	src/sys/arch/amd64/conf/GENERIC	log	diff	annotate
	src/sys/arch/amd64/conf/RAMDISK_CD	log	diff	annotate
	src/sys/dev/usb/files.usb	log	diff	annotate
message	Make mtw(4) known to the config(8) framework. Not enabled yet. Pending firmware availability. ok stsp@ jmatthew@

date	2021-12-20T15:04:58Z
author	stsp
files	src/sys/dev/pci/pcidevs	log	diff	annotate
message	Change a PCI device string: The "Gemini Lake CNVi" is an iwm(4) "AC 9560". ok hastings@ (who submitted the original string, based on a datasheet)

date	2021-12-20T15:05:12Z
author	stsp
files	src/sys/dev/pci/pcidevs.h	log	diff	annotate
files	src/sys/dev/pci/pcidevs_data.h	log	diff	annotate
message	regen

date	2021-12-20T15:08:10Z
author	stsp
files	src/sys/dev/pci/if_iwm.c	log	diff	annotate
	src/sys/dev/pci/if_iwmreg.h	log	diff	annotate
	src/sys/dev/pci/if_iwmvar.h	log	diff	annotate
message	Make iwm(4) attach to PCI devices with product ID 0x31dc. This device is part of the 9560 chip family. With a small device-specific quirk we can make iwm(4) attach and provide a working wifi interface. Problem reported and fix tested by Joao Victor.

date	2021-12-20T15:23:32Z
author	bluhm
files	src/sys/netinet/ipsec_input.c	log	diff	annotate
message	Fix function name in panic string.

date	2021-12-20T15:59:09Z
author	mvs
files	src/sys/net/pfkeyv2_convert.c	log	diff	annotate
	src/sys/netinet/ip_ah.c	log	diff	annotate
	src/sys/netinet/ip_esp.c	log	diff	annotate
	src/sys/netinet/ip_ipcomp.c	log	diff	annotate
	src/sys/netinet/ip_ipsp.c	log	diff	annotate
message	Use per-CPU counters for tunnel descriptor block (TDB) statistics. 'tdb_data' struct became unused and was removed. Tested by Hrvoje Popovski. ok bluhm@

date	2021-12-20T15:59:10Z
author	mvs
files	src/sys/netinet/ip_ipsp.h	log	diff	annotate
	src/sys/netinet/ip_output.c	log	diff	annotate
	src/sys/netinet/ipsec_input.c	log	diff	annotate
	src/sys/netinet/ipsec_output.c	log	diff	annotate
	src/sys/netinet6/ip6_output.c	log	diff	annotate
message	Use per-CPU counters for tunnel descriptor block (TDB) statistics. 'tdb_data' struct became unused and was removed. Tested by Hrvoje Popovski. ok bluhm@

date	2021-12-20T16:21:07Z
author	visa
files	src/sys/kern/kern_event.c	log	diff	annotate
message	Run seltrue/dead event filter in modify and process callbacks Do not assume event status in the modify and process callbacks. Instead always run the event filter so that it has a chance to set knote flags. The filter can also indicate event inactivity.

date	2021-12-20T16:22:24Z
author	visa
files	src/sys/miscfs/deadfs/dead_vnops.c	log	diff	annotate
message	Let poll(2) register EVFILT_EXCEPT filter with dead vnodes This enables the system deliver POLLHUP when pollfd.events == 0.

date	2021-12-20T16:24:32Z
author	visa
files	src/sys/kern/kern_event.c	log	diff	annotate
message	Make filt_dead() selectively inactive with EVFILT_EXCEPT When a knote uses the dead event filter, the knote's file descriptor is not supposed to point to an object with pending out-of-band data. Make the knote inactive so that userspace will not receive a spurious event. However, kqueue-based poll(2) should still receive HUP notifications. This lets the system use dead_filtops with less strings attached relative to the filter type.

date	2021-12-20T17:09:18Z
author	tobhe
files	src/sys/netinet/ip_ah.c	log	diff	annotate
files	src/sys/netinet/ip_esp.c	log	diff	annotate
message	Remove unused variable 'clen'. ok bluhm@

date	2021-12-20T19:24:32Z
author	patrick
files	src/sys/dev/ic/bwfmvar.h	log	diff	annotate
files	src/sys/dev/pci/if_bwfm_pci.c	log	diff	annotate
message	bus_dmamem_unmap() should not be called from interrupt context, so free and close flowrings using bwfm_do_async(). Reported by and ok kettenis@

date	2021-12-20T22:28:48Z
author	bluhm
files	src/sys/dev/dt/dt_dev.c	log	diff	annotate
message	Remove useless suser assert from dt(4). The ioctl(2) path checks the user anyway and close(2) may crash after setuid(2). Reported-by: [email protected] OK deraadt@

date	2021-12-21T06:08:57Z
author	anton
files	src/sys/dev/kcov.c	log	diff	annotate
message	errno overhaul, getting rid of some ambiguity. In the hopes of tracking down a rare but annoying problem related to remote coverage exposed by syzkaller.

date	2021-12-21T06:09:47Z
author	anton
files	src/sys/dev/acpi/com_acpi.c	log	diff	annotate
message	Do not attach com at acpi when there's no address or irq present. Fixes a regression caused by the recent change to start attaching com at acpi as it turns out that Libreboot exposes console devices lacking crucial data in their acpi tables. The same console attaches fine over isa, therefore restore this behavior. Problem reported by <cipher-hearts at riseup dot net> on bugs@ ok deraadt@ kettenis@

date	2021-12-21T06:10:29Z
author	anton
files	src/sys/dev/acpi/com_acpi.c	log	diff	annotate
message	Rename local variable intrfn to intr, matches what dev/fdt/com_fdt.c already does.

date	2021-12-21T06:11:16Z
author	anton
files	src/sys/dev/vnd.c	log	diff	annotate
message	Ensure that the disk has been initialized after acquiring the lock and not before as we might end up sleeping while acquiring the lock, introducing a potential race. Tested in snaps for a couple of days. ok mpi@ Reported-by: [email protected]

date	2021-12-21T06:12:03Z
author	anton
files	src/sys/dev/vnd.c	log	diff	annotate
message	Fix another vnd race pointed out by mpi@ and make sure to not unlock the vnode twice in the error path. Tested in snaps for a couple of days.

date	2021-12-21T06:12:49Z
author	anton
files	src/sys/kern/sysv_shm.c	log	diff	annotate
message	Let malloc return an error as opposed of panicking when sysctl kern.shminfo.shmseg is set to something ridiculously large. ok kettenis@ millert@ Reported-by: [email protected]

date	2021-12-21T07:44:22Z
author	jsg
files	src/sys/dev/usb/uhidpp.c	log	diff	annotate
message	avoid returning uninitialised var in hidpp_send_report() ok anton@

date	2021-12-21T09:35:08Z
author	bluhm
files	src/sys/dev/dt/dt_dev.c	log	diff	annotate
message	Do not print "dt: 451 probes" at boot in dmesg. Btrace device dt(4) is enabled by default, this line does not provide much information. requested by kettenis@ deraadt@; OK mpi@

date	2021-12-21T11:46:01Z
author	anton
files	src/sys/dev/usb/uhidpp.c	log	diff	annotate
message	knf nits

date	2021-12-21T20:53:46Z
author	kettenis
files	src/sys/dev/acpi/ahci_acpi.c	log	diff	annotate
	src/sys/dev/acpi/amdgpio.c	log	diff	annotate
	src/sys/dev/acpi/aplgpio.c	log	diff	annotate
	src/sys/dev/acpi/asmc.c	log	diff	annotate
	src/sys/dev/acpi/bytgpio.c	log	diff	annotate
	src/sys/dev/acpi/ccp_acpi.c	log	diff	annotate
	src/sys/dev/acpi/chvgpio.c	log	diff	annotate
	src/sys/dev/acpi/dwgpio.c	log	diff	annotate
	src/sys/dev/acpi/dwiic_acpi.c	log	diff	annotate
	src/sys/dev/acpi/glkgpio.c	log	diff	annotate
	src/sys/dev/acpi/if_bse_acpi.c	log	diff	annotate
	src/sys/dev/acpi/imxiic_acpi.c	log	diff	annotate
	src/sys/dev/acpi/pchgpio.c	log	diff	annotate
	src/sys/dev/acpi/pluart_acpi.c	log	diff	annotate
	src/sys/dev/acpi/sdhc_acpi.c	log	diff	annotate
	src/sys/dev/acpi/tpm.c	log	diff	annotate
	src/sys/dev/acpi/xhci_acpi.c	log	diff	annotate
message	Move checks on attach arguments from attach into match. ok anton@, deraadt@

date	2021-12-21T22:21:32Z
author	mpi
files	src/sys/uvm/uvm_map.c	log	diff	annotate
message	Fix a typo in mlock(2) error path triggering a double-free. Pass the correct entry to uvm_fault_unwire_locked(). Reported-by: [email protected] ok kettenis@, deraadt@