On 16/03/17(Thu) 10:22, Theo Buehler wrote:
> On Thu, Mar 16, 2017 at 09:09:49AM +0100, Martin Pieuchot wrote:
> > On 15/03/17(Wed) 11:55, Theo Buehler wrote:
> > > >Synopsis: two finger gesture leads to mouse pointer freeze
> > > >Category: kernel, amd64, usb
> > > >Environment:
> > > System : OpenBSD 6.1
> > > Details : OpenBSD 6.1-beta (GENERIC.MP) #20: Wed Mar 15 01:49:05
> > > MDT 2017
> > >
> > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > >
> > > Architecture: OpenBSD.amd64
> > > Machine : amd64
> > > >Description:
> > > Wenever I touch the touchpad of my MacBook pro with two fingers
> > > simultaneously, the mouse pointer freezes and remains unusable
> > > until I restart X. The output of xinput --test /dev/wsmouse1
> > > stops as soon as two fingers touch the pad.
> > >
> > > >How-To-Repeat:
> > > Start an X session, touch touchpad with two fingers simultaneously.
> > > >Fix:
> > > Reverting usbdi.c to r1.85 fixes the problem.
> >
> > Does that mean r1.86 introduced the regression? Do you know which
> > commit exactly it is ?
>
> Yes, r1.85 is good r1.86 is bad.
Does enabling UBCMTP_DEBUG gives you more info? Which error do you get?
I'm guessing the driver is working *because* of a use after free.
Index: ubcmtp.c
===================================================================
RCS file: /cvs/src/sys/dev/usb/ubcmtp.c,v
retrieving revision 1.12
diff -u -p -r1.12 ubcmtp.c
--- ubcmtp.c 30 Mar 2016 23:34:12 -0000 1.12
+++ ubcmtp.c 16 Mar 2017 09:59:06 -0000
@@ -889,6 +889,8 @@ ubcmtp_bt_intr(struct usbd_xfer *xfer, v
return;
if (status != USBD_NORMAL_COMPLETION) {
+ DPRINTF("%s: %s with status 0x%x\n", sc->sc_dev.dv_xname,
+ __func__, status);
if (status == USBD_NOT_STARTED || status == USBD_CANCELLED)
return;
if (status == USBD_STALLED)
