On 16/03/17(Thu) 12:42, Theo Buehler wrote: > On Thu, Mar 16, 2017 at 11:00:38AM +0100, Martin Pieuchot wrote: > > On 16/03/17(Thu) 10:22, Theo Buehler wrote: > > > On Thu, Mar 16, 2017 at 09:09:49AM +0100, Martin Pieuchot wrote: > > > > On 15/03/17(Wed) 11:55, Theo Buehler wrote: > > > > > >Synopsis: two finger gesture leads to mouse pointer freeze > > > > > >Category: kernel, amd64, usb > > > > > >Environment: > > > > > System : OpenBSD 6.1 > > > > > Details : OpenBSD 6.1-beta (GENERIC.MP) #20: Wed Mar 15 > > > > > 01:49:05 MDT 2017 > > > > > > > > > > [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > > > > > > > Architecture: OpenBSD.amd64 > > > > > Machine : amd64 > > > > > >Description: > > > > > Wenever I touch the touchpad of my MacBook pro with two fingers > > > > > simultaneously, the mouse pointer freezes and remains unusable > > > > > until I restart X. The output of xinput --test /dev/wsmouse1 > > > > > stops as soon as two fingers touch the pad. > > > > > > > > > > >How-To-Repeat: > > > > > Start an X session, touch touchpad with two fingers > > > > > simultaneously. > > > > > >Fix: > > > > > Reverting usbdi.c to r1.85 fixes the problem. > > > > > > > > Does that mean r1.86 introduced the regression? Do you know which > > > > commit exactly it is ? > > > > > > Yes, r1.85 is good r1.86 is bad. > > > > Does enabling UBCMTP_DEBUG gives you more info? Which error do you get? > > > > I'm guessing the driver is working *because* of a use after free. > > A two-finger tap gives this message, both with r1.85 and with r1.89: > > /bsd: ubcmtp0: ubcmtp_tp_intr with status 0xd > > That is to say, USBD_IOERROR.
That confirms my hypotheses. So basically this driver works because of a use-after-free. I'll revert the change as we're too close from the release. We'll need to fix that in the next cycle.
