CVS commit: src/sys/kern

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Thu Apr 19 05:16:02 UTC 2018

Modified Files:
src/sys/kern: uipc_mbuf.c

Log Message:
The mbuf length is allowed to be zero.


To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 src/sys/kern/uipc_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/kern

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Thu Apr 19 05:16:02 UTC 2018

Modified Files:
src/sys/kern: uipc_mbuf.c

Log Message:
The mbuf length is allowed to be zero.


To generate a diff of this commit:
cvs rdiff -u -r1.191 -r1.192 src/sys/kern/uipc_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/uipc_mbuf.c
diff -u src/sys/kern/uipc_mbuf.c:1.191 src/sys/kern/uipc_mbuf.c:1.192
--- src/sys/kern/uipc_mbuf.c:1.191	Tue Apr 17 07:58:31 2018
+++ src/sys/kern/uipc_mbuf.c	Thu Apr 19 05:16:02 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_mbuf.c,v 1.191 2018/04/17 07:58:31 maxv Exp $	*/
+/*	$NetBSD: uipc_mbuf.c,v 1.192 2018/04/19 05:16:02 maxv Exp $	*/
 
 /*
  * Copyright (c) 1999, 2001 The NetBSD Foundation, Inc.
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.191 2018/04/17 07:58:31 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_mbuf.c,v 1.192 2018/04/19 05:16:02 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_mbuftrace.h"
@@ -1940,7 +1940,7 @@ m_verify_packet(struct mbuf *m)
 			low = n->m_dat;
 			high = low + MLEN;
 		}
-		if (__predict_false(dat + len <= dat)) {
+		if (__predict_false(dat + len < dat)) {
 			panic("%s: incorrect length (len = %d)", __func__, len);
 		}
 		if (__predict_false((dat < low) || (dat + len > high))) {

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 17:58:07 UTC 2018

Modified Files:
src/sys/netipsec: xform_ah.c

Log Message:
Simplify the IPv4 parser. Get the option length in 'optlen', and sanitize
it earlier. A new check is added (off + optlen > skip).

In the IPv6 parser we reuse 'optlen', and remove 'ad' as a result.


To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 src/sys/netipsec/xform_ah.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/xform_ah.c
diff -u src/sys/netipsec/xform_ah.c:1.89 src/sys/netipsec/xform_ah.c:1.90
--- src/sys/netipsec/xform_ah.c:1.89	Mon Apr 16 17:32:34 2018
+++ src/sys/netipsec/xform_ah.c	Wed Apr 18 17:58:07 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ah.c,v 1.89 2018/04/16 17:32:34 maxv Exp $	*/
+/*	$NetBSD: xform_ah.c,v 1.90 2018/04/18 17:58:07 maxv Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
 /*
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.89 2018/04/16 17:32:34 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.90 2018/04/18 17:58:07 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -266,7 +266,7 @@ ah_massage_headers(struct mbuf **m0, int
 {
 	struct mbuf *m = *m0;
 	unsigned char *ptr;
-	int off, count;
+	int off, count, optlen;
 #ifdef INET
 	struct ip *ip;
 #endif
@@ -274,7 +274,7 @@ ah_massage_headers(struct mbuf **m0, int
 	struct ip6_ext *ip6e;
 	struct ip6_hdr ip6;
 	struct ip6_rthdr *rh;
-	int alloc, ad, nxt;
+	int alloc, nxt;
 #endif
 
 	switch (proto) {
@@ -308,56 +308,32 @@ ah_massage_headers(struct mbuf **m0, int
 
 		/* IPv4 option processing */
 		for (off = sizeof(struct ip); off < skip;) {
-			if (ptr[off] == IPOPT_EOL || ptr[off] == IPOPT_NOP ||
-			off + 1 < skip)
-;
-			else {
-DPRINTF(("%s: illegal IPv4 option length for "
-"option %d\n", __func__, ptr[off]));
-
+			if (ptr[off] == IPOPT_EOL) {
+break;
+			} else if (ptr[off] == IPOPT_NOP) {
+optlen = 1;
+			} else if (off + 1 < skip) {
+optlen = ptr[off + 1];
+if (optlen < 2 || off + optlen > skip) {
+	m_freem(m);
+	return EINVAL;
+}
+			} else {
 m_freem(m);
 return EINVAL;
 			}
 
 			switch (ptr[off]) {
-			case IPOPT_EOL:
-off = skip;  /* End the loop. */
-break;
-
 			case IPOPT_NOP:
-off++;
-break;
-
-			case IPOPT_SECURITY:	/* 0x82 */
+			case IPOPT_SECURITY:
 			case 0x85:	/* Extended security. */
 			case 0x86:	/* Commercial security. */
 			case 0x94:	/* Router alert */
 			case 0x95:	/* RFC1770 */
-/* Sanity check for option length. */
-if (ptr[off + 1] < 2) {
-	DPRINTF(("%s: illegal IPv4 option "
-	"length for option %d\n", __func__,
-	ptr[off]));
-
-	m_freem(m);
-	return EINVAL;
-}
-
-off += ptr[off + 1];
 break;
 
 			case IPOPT_LSRR:
 			case IPOPT_SSRR:
-/* Sanity check for option length. */
-if (ptr[off + 1] < 2) {
-	DPRINTF(("%s: illegal IPv4 option "
-	"length for option %d\n", __func__,
-	ptr[off]));
-
-	m_freem(m);
-	return EINVAL;
-}
-
 /*
  * On output, if we have either of the
  * source routing options, we should
@@ -369,32 +345,21 @@ ah_massage_headers(struct mbuf **m0, int
  */
 if (out)
 	memcpy(>ip_dst,
-	ptr + off + ptr[off + 1] -
+	ptr + off + optlen -
 	sizeof(struct in_addr),
 	sizeof(struct in_addr));
+/* FALLTHROUGH */
 
-/* Fall through */
 			default:
-/* Sanity check for option length. */
-if (ptr[off + 1] < 2) {
-	DPRINTF(("%s: illegal IPv4 option "
-	"length for option %d\n", __func__,
-	ptr[off]));
-	m_freem(m);
-	return EINVAL;
-}
-
 /* Zeroize all other options. */
-count = ptr[off + 1];
-memcpy(ptr + off, ipseczeroes, count);
-off += count;
+memcpy(ptr + off, ipseczeroes, optlen);
 break;
 			}
 
+			off += optlen;
+
 			/* Sanity check. */
 			if (off > skip)	{
-DPRINTF(("%s: malformed IPv4 options header\n",
-	__func__));
 m_freem(m);
 return EINVAL;
 			}
@@ -487,17 +452,17 @@ ah_massage_headers(struct mbuf **m0, int
 	if (count + 1 >= noff) {
 		goto error6;
 	}
-	ad = ptr[count + 1] + 2;
+	optlen = ptr[count + 1] + 2;
 
-	if (count + ad > noff) {
+	if (count + optlen > noff) {
 		goto error6;
 	}
 
 	if (ptr[count] & IP6OPT_MUTABLE) {
-		memset(ptr + count, 0, ad);
+		memset(ptr + count, 0, optlen);
 	}
 
-	count += ad;
+	count += optlen;
 }
 
 if (count != noff) {

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 17:58:07 UTC 2018

Modified Files:
src/sys/netipsec: xform_ah.c

Log Message:
Simplify the IPv4 parser. Get the option length in 'optlen', and sanitize
it earlier. A new check is added (off + optlen > skip).

In the IPv6 parser we reuse 'optlen', and remove 'ad' as a result.


To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 src/sys/netipsec/xform_ah.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 17:34:54 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_mbuf.c

Log Message:
Remove unused includes, remove misleading comments, and style.


To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.24 src/sys/netipsec/ipsec_mbuf.c:1.25
--- src/sys/netipsec/ipsec_mbuf.c:1.24	Tue Apr 17 09:06:33 2018
+++ src/sys/netipsec/ipsec_mbuf.c	Wed Apr 18 17:34:54 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_mbuf.c,v 1.24 2018/04/17 09:06:33 maxv Exp $	*/
+/*	$NetBSD: ipsec_mbuf.c,v 1.25 2018/04/18 17:34:54 maxv Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.24 2018/04/17 09:06:33 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.25 2018/04/18 17:34:54 maxv Exp $");
 
 /*
  * IPsec-specific mbuf routines.
@@ -38,10 +38,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c
 #include 
 #include 
 #include 
-#include 
-
-#include 
-#include 
 
 #include 
 #include 
@@ -94,11 +90,9 @@ m_clone(struct mbuf *m0)
 			}
 			continue;
 		}
+
 		/*
-		 * Writable mbufs are left alone (for now).  Note
-		 * that for 4.x systems it's not possible to identify
-		 * whether or not mbufs with external buffers are
-		 * writable unless they use clusters.
+		 * Writable mbufs are left alone (for now).
 		 */
 		if (M_EXT_WRITABLE(m)) {
 			mprev = m;
@@ -128,7 +122,6 @@ m_clone(struct mbuf *m0)
 		/*
 		 * Allocate new space to hold the copy...
 		 */
-		/* XXX why can M_PKTHDR be set past the first mbuf? */
 		if (mprev == NULL && (m->m_flags & M_PKTHDR)) {
 			/*
 			 * NB: if a packet header is present we must
@@ -139,22 +132,23 @@ m_clone(struct mbuf *m0)
 			MGETHDR(n, M_DONTWAIT, m->m_type);
 			if (n == NULL) {
 m_freem(m0);
-return (NULL);
+return NULL;
 			}
 			M_MOVE_PKTHDR(n, m);
 			MCLGET(n, M_DONTWAIT);
 			if ((n->m_flags & M_EXT) == 0) {
 m_free(n);
 m_freem(m0);
-return (NULL);
+return NULL;
 			}
 		} else {
 			n = m_getcl(M_DONTWAIT, m->m_type, m->m_flags);
 			if (n == NULL) {
 m_freem(m0);
-return (NULL);
+return NULL;
 			}
 		}
+
 		/*
 		 * ... and copy the data.  We deal with jumbo mbufs
 		 * (i.e. m_len > MCLBYTES) by splitting them into
@@ -185,7 +179,7 @@ m_clone(struct mbuf *m0)
 			if (n == NULL) {
 m_freem(mfirst);
 m_freem(m0);
-return (NULL);
+return NULL;
 			}
 		}
 		n->m_next = m->m_next;
@@ -196,7 +190,8 @@ m_clone(struct mbuf *m0)
 		m_free(m);			/* release old mbuf */
 		mprev = mfirst;
 	}
-	return (m0);
+
+	return m0;
 }
 
 /*
@@ -220,7 +215,8 @@ m_makespace(struct mbuf *m0, int skip, i
 	for (m = m0; m && skip > m->m_len; m = m->m_next)
 		skip -= m->m_len;
 	if (m == NULL)
-		return (NULL);
+		return NULL;
+
 	/*
 	 * At this point skip is the offset into the mbuf m
 	 * where the new header should be placed.  Figure out
@@ -302,6 +298,7 @@ m_makespace(struct mbuf *m0, int skip, i
 		m->m_len += hlen;
 		*off = skip;
 	}
+
 	m0->m_pkthdr.len += hlen;		/* adjust packet length */
 	return m;
 }
@@ -393,7 +390,7 @@ m_striphdr(struct mbuf *m, int skip, int
 	/* Find beginning of header */
 	m1 = m_getptr(m, skip, );
 	if (m1 == NULL)
-		return (EINVAL);
+		return EINVAL;
 
 	/* Remove the header and associated data from the mbuf. */
 	if (roff == 0) {
@@ -446,5 +443,6 @@ m_striphdr(struct mbuf *m, int skip, int
 		m1->m_len -= hlen;
 		m->m_pkthdr.len -= hlen;
 	}
-	return (0);
+
+	return 0;
 }

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 17:34:54 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_mbuf.c

Log Message:
Remove unused includes, remove misleading comments, and style.


To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev/usb

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 15:01:03 UTC 2018

Modified Files:
src/sys/dev/usb: ubt.c

Log Message:
m_free -> m_freem, m_copyback could have added mbufs in the chain


To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 src/sys/dev/usb/ubt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/usb/ubt.c
diff -u src/sys/dev/usb/ubt.c:1.60 src/sys/dev/usb/ubt.c:1.61
--- src/sys/dev/usb/ubt.c:1.60	Sun Jan 21 13:57:12 2018
+++ src/sys/dev/usb/ubt.c	Wed Apr 18 15:01:03 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ubt.c,v 1.60 2018/01/21 13:57:12 skrll Exp $	*/
+/*	$NetBSD: ubt.c,v 1.61 2018/04/18 15:01:03 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2006 Itronix Inc.
@@ -67,7 +67,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ubt.c,v 1.60 2018/01/21 13:57:12 skrll Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ubt.c,v 1.61 2018/04/18 15:01:03 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_usb.h"
@@ -1528,7 +1528,7 @@ ubt_mbufload(uint8_t *buf, int count, ui
 	m->m_pkthdr.len = m->m_len = MHLEN;
 	m_copyback(m, 1, count, buf);	// (extends if necessary)
 	if (m->m_pkthdr.len != MAX(MHLEN, count + 1)) {
-		m_free(m);
+		m_freem(m);
 		return NULL;
 	}
 

CVS commit: src/sys/dev/usb

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 15:01:03 UTC 2018

Modified Files:
src/sys/dev/usb: ubt.c

Log Message:
m_free -> m_freem, m_copyback could have added mbufs in the chain


To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 src/sys/dev/usb/ubt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev/sdmmc

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 14:56:35 UTC 2018

Modified Files:
src/sys/dev/sdmmc: sbt.c

Log Message:
m_free -> m_freem, m_copyback could have added mbufs in the chain


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/dev/sdmmc/sbt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev/sdmmc

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 14:56:35 UTC 2018

Modified Files:
src/sys/dev/sdmmc: sbt.c

Log Message:
m_free -> m_freem, m_copyback could have added mbufs in the chain


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/sys/dev/sdmmc/sbt.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/sdmmc/sbt.c
diff -u src/sys/dev/sdmmc/sbt.c:1.5 src/sys/dev/sdmmc/sbt.c:1.6
--- src/sys/dev/sdmmc/sbt.c:1.5	Thu Jul 14 04:00:46 2016
+++ src/sys/dev/sdmmc/sbt.c	Wed Apr 18 14:56:35 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: sbt.c,v 1.5 2016/07/14 04:00:46 msaitoh Exp $	*/
+/*	$NetBSD: sbt.c,v 1.6 2018/04/18 14:56:35 maxv Exp $	*/
 /*	$OpenBSD: sbt.c,v 1.9 2007/06/19 07:59:57 uwe Exp $	*/
 
 /*
@@ -20,7 +20,7 @@
 /* Driver for Type-A/B SDIO Bluetooth cards */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: sbt.c,v 1.5 2016/07/14 04:00:46 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: sbt.c,v 1.6 2018/04/18 14:56:35 maxv Exp $");
 
 #include 
 #include 
@@ -357,7 +357,7 @@ sbt_intr(void *arg)
 		m->m_len = MIN(MHLEN, m->m_pkthdr.len);
 	} else {
 		DPRINTF(("%s: sbt_intr: m_copyback failed\n", DEVNAME(sc)));
-		m_free(m);
+		m_freem(m);
 		m = NULL;
 	}
 
@@ -383,7 +383,7 @@ eoi:
 			DPRINTF(("%s: recv 0x%x packet (%d bytes)\n",
 			DEVNAME(sc), sc->sc_buf[0], m->m_pkthdr.len));
 			sc->sc_stats.err_rx++;
-			m_free(m);
+			m_freem(m);
 			break;
 		}
 	} else

CVS commit: [netbsd-8] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:50:39 UTC 2018

Modified Files:
src/doc [netbsd-8]: CHANGES-8.0

Log Message:
Tickets #774 - #780, and #60.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.186 -r1.1.2.187 src/doc/CHANGES-8.0

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:50:39 UTC 2018

Modified Files:
src/doc [netbsd-8]: CHANGES-8.0

Log Message:
Tickets #774 - #780, and #60.


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.186 -r1.1.2.187 src/doc/CHANGES-8.0

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-8.0
diff -u src/doc/CHANGES-8.0:1.1.2.186 src/doc/CHANGES-8.0:1.1.2.187
--- src/doc/CHANGES-8.0:1.1.2.186	Tue Apr 17 16:03:36 2018
+++ src/doc/CHANGES-8.0	Wed Apr 18 14:50:39 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-8.0,v 1.1.2.186 2018/04/17 16:03:36 martin Exp $
+# $NetBSD: CHANGES-8.0,v 1.1.2.187 2018/04/18 14:50:39 martin Exp $
 
 A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04
 until the 8.0 release:
@@ -13019,4 +13019,88 @@ sys/netipsec/ipsec_mbuf.c			1.23,1.24
 	Fix a pretty bad mistake (IPsec DoS).
 	[maxv, ticket #773]
 
+crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h		(patch)
+crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c		(patch)
+crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c		(patch)
+crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl	(patch)
+crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl	(patch)
+crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c		1.2 (patch)
+crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c	(patch)
+crypto/external/bsd/openssl/dist/ssl/ssl.h			(patch)
+crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S (regen)
+crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S  (regen)
+
+	Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737,
+	CVE-2017-3738, CVE-2018-0737, CVE-2018-0739.
+	[christos, ticket #774]
+
+external/gpl3/gcc/dist/gcc/genattrtab.c		1.2
+tools/Makefile.gnuhost1.46-1.48
+
+	Remove hack previously needed to build gcc/arm with clang.
+	Apply upstream fix to not generate too many superflous
+	paranthesis, gcc/arm exceeds the clang limit.
+	[maya, ticket #775]
+
+sys/netipsec/key.c1.251-1.253
+sys/netipsec/keydb.h1.22
+
+	Improve the lookup of IPsec SAs.
+	[yamaguchi, ticket #776]
+
+sys/net/if_bridge.c1.150-1.154
+sys/net/if_bridgevar.h1.32
+tests/net/if_bridge/t_rtable.sh			1.3
+
+	Remove obsolete NULL checks.
+	Simplify bridge_rtnode_insert.
+	Use pslist(9) for rtlist and rthash.
+	Add a test that checks if brconfig flush surely removes all entries.
+	Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY.
+	[ozaki-r, ticket #777]
+
+sys/arch/x86/include/specialreg.h		1.118,1.119
+
+	From the latest Intel SDM:
+	 - Add Intel Fn_0006 %eax new bit 14-20 (HWP stuff).
+	 - Intel Fn_0007 %ecx bit 22 is for both RDPID and IA32_TSC_AUX.
+	Add Some bit definitions of AMD Fn8001 %edx:
+	 - MMX
+	 - FXSR
+	[msaitoh, ticket #778]
+
+sys/net/if_pppoe.c1.135,1.136
+
+	Sysctl net.pppoe.term_unknown can be written safely now.
+	Fix sending PADT to unexpected hosts when net.pppoe.term_unknown
+	is enabled.
+	[knakahara, ticket #779]
+
+sys/dev/pci/pcidevs1.1328-1.1330
+sys/dev/pci/pcidevs.h(regen)
+sys/dev/pci/pcidevs_data.h			(regen)
+
+	Add some 8th Generation Intel Core Processor devices.
+	Add Intel SSD 760p.
+	Add some NVMe devices.
+	[nonaka, ticket #780]
+
+sys/arch/amd64/conf/GENERIC
+sys/arch/amd64/conf/XEN3_DOM0
+sys/arch/amd64/conf/XEN3_DOMU
+sys/arch/cobalt/conf/GENERIC
+sys/arch/evbarm/conf/BEAGLEBONE
+sys/arch/evbarm/conf/BEAGLEBOARD
+sys/arch/evbarm/conf/BEAGLEBOARDXM
+sys/arch/evbarm/conf/GENERIC.common
+sys/arch/i386/conf/GENERIC
+sys/arch/i386/conf/XEN3_DOM0
+sys/arch/i386/conf/XEN3_DOMU
+sys/arch/mvmeppc/conf/GENERIC
+sys/arch/shark/conf/GENERIC
+sys/arch/sparc64/conf/GENERIC
+sys/arch/zaurus/conf/GENERIC
+
+	Remove options DIAGNOSTIC again.
+	[snj, ticket #60]
 

CVS commit: src/doc

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 14:47:12 UTC 2018

Modified Files:
src/doc: CHANGES.prev

Log Message:
mention SVS, retpoline, SMAP


To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/doc/CHANGES.prev

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/doc

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 14:47:12 UTC 2018

Modified Files:
src/doc: CHANGES.prev

Log Message:
mention SVS, retpoline, SMAP


To generate a diff of this commit:
cvs rdiff -u -r1.138 -r1.139 src/doc/CHANGES.prev

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES.prev
diff -u src/doc/CHANGES.prev:1.138 src/doc/CHANGES.prev:1.139
--- src/doc/CHANGES.prev:1.138	Mon Mar  5 11:24:35 2018
+++ src/doc/CHANGES.prev	Wed Apr 18 14:47:11 2018
@@ -1,4 +1,4 @@
-LIST OF CHANGES FROM PREVIOUS RELEASES:			<$Revision: 1.138 $>
+LIST OF CHANGES FROM PREVIOUS RELEASES:			<$Revision: 1.139 $>
 
 
 Changes from 386bsd 0.1 + patchkit 0.2.2 to NetBSD 0.8:
@@ -12226,3 +12226,6 @@ Changes from NetBSD 7.0 to NetBSD 8.0:
 	opencrypto(9): Complete MP-ification [knakahara 20170731]
 	ipsec(4): Make it MP-safe [ozaki-r 20170809]
 	evbmips: Merge sbmips port into evbmips. [mrg 20170815]
+	amd64: Backport SVS (Meltdown mitigation). [maxv 20180404]
+	x86: Backport retpoline (SpectreV2 mitigation). [mrg 20180411]
+	amd64: Backport SMAP. [maxv 20180414]

CVS commit: [netbsd-8] src/sys/arch

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:45:09 UTC 2018

Modified Files:
src/sys/arch/amd64/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU
src/sys/arch/cobalt/conf [netbsd-8]: GENERIC
src/sys/arch/evbarm/conf [netbsd-8]: BEAGLEBOARD BEAGLEBOARDXM
BEAGLEBONE GENERIC.common
src/sys/arch/i386/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU
src/sys/arch/mvmeppc/conf [netbsd-8]: GENERIC
src/sys/arch/shark/conf [netbsd-8]: GENERIC
src/sys/arch/sparc64/conf [netbsd-8]: GENERIC
src/sys/arch/zaurus/conf [netbsd-8]: GENERIC

Log Message:
Requested by skrll in ticket #60:
sys/arch/amd64/conf/GENERIC
sys/arch/amd64/conf/XEN3_DOM0
sys/arch/amd64/conf/XEN3_DOMU
sys/arch/cobalt/conf/GENERIC
sys/arch/evbarm/conf/BEAGLEBONE
sys/arch/evbarm/conf/BEAGLEBOARD
sys/arch/evbarm/conf/BEAGLEBOARDXM
sys/arch/evbarm/conf/GENERIC.common
sys/arch/i386/conf/GENERIC
sys/arch/i386/conf/XEN3_DOM0
sys/arch/i386/conf/XEN3_DOMU
sys/arch/mvmeppc/conf/GENERIC
sys/arch/shark/conf/GENERIC
sys/arch/sparc64/conf/GENERIC
sys/arch/zaurus/conf/GENERIC

Remove option DIAGNOSTIC.


To generate a diff of this commit:
cvs rdiff -u -r1.459.2.8 -r1.459.2.9 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.135.4.6 -r1.135.4.7 src/sys/arch/amd64/conf/XEN3_DOM0
cvs rdiff -u -r1.75.2.3 -r1.75.2.4 src/sys/arch/amd64/conf/XEN3_DOMU
cvs rdiff -u -r1.151.8.3 -r1.151.8.4 src/sys/arch/cobalt/conf/GENERIC
cvs rdiff -u -r1.61.6.2 -r1.61.6.3 src/sys/arch/evbarm/conf/BEAGLEBOARD
cvs rdiff -u -r1.23.6.3 -r1.23.6.4 src/sys/arch/evbarm/conf/BEAGLEBOARDXM
cvs rdiff -u -r1.42.2.3 -r1.42.2.4 src/sys/arch/evbarm/conf/BEAGLEBONE
cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/arch/evbarm/conf/GENERIC.common
cvs rdiff -u -r1.1156.2.8 -r1.1156.2.9 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.112.4.7 -r1.112.4.8 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.77.2.5 -r1.77.2.6 src/sys/arch/i386/conf/XEN3_DOMU
cvs rdiff -u -r1.27.6.2 -r1.27.6.3 src/sys/arch/mvmeppc/conf/GENERIC
cvs rdiff -u -r1.127.6.2 -r1.127.6.3 src/sys/arch/shark/conf/GENERIC
cvs rdiff -u -r1.198.6.4 -r1.198.6.5 src/sys/arch/sparc64/conf/GENERIC
cvs rdiff -u -r1.73.6.2 -r1.73.6.3 src/sys/arch/zaurus/conf/GENERIC

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/conf/GENERIC
diff -u src/sys/arch/amd64/conf/GENERIC:1.459.2.8 src/sys/arch/amd64/conf/GENERIC:1.459.2.9
--- src/sys/arch/amd64/conf/GENERIC:1.459.2.8	Wed Apr 11 14:23:30 2018
+++ src/sys/arch/amd64/conf/GENERIC	Wed Apr 18 14:45:08 2018
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.459.2.8 2018/04/11 14:23:30 martin Exp $
+# $NetBSD: GENERIC,v 1.459.2.9 2018/04/18 14:45:08 martin Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@ include 	"arch/amd64/conf/std.amd64"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident		"GENERIC-$Revision: 1.459.2.8 $"
+#ident		"GENERIC-$Revision: 1.459.2.9 $"
 
 maxusers	64		# estimated number of users
 
@@ -94,7 +94,7 @@ options 	PMC		# performance-monitoring c
 options 	BUFQ_PRIOCSCAN
 
 # Diagnostic/debugging support options
-options 	DIAGNOSTIC	# inexpensive kernel consistency checks
+#options 	DIAGNOSTIC	# inexpensive kernel consistency checks
 # XXX to be commented out on release branch
 #options 	DEBUG		# expensive debugging checks/support
 #options 	LOCKDEBUG	# expensive locking checks/support

Index: src/sys/arch/amd64/conf/XEN3_DOM0
diff -u src/sys/arch/amd64/conf/XEN3_DOM0:1.135.4.6 src/sys/arch/amd64/conf/XEN3_DOM0:1.135.4.7
--- src/sys/arch/amd64/conf/XEN3_DOM0:1.135.4.6	Mon Feb  5 15:14:00 2018
+++ src/sys/arch/amd64/conf/XEN3_DOM0	Wed Apr 18 14:45:08 2018
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOM0,v 1.135.4.6 2018/02/05 15:14:00 martin Exp $
+# $NetBSD: XEN3_DOM0,v 1.135.4.7 2018/04/18 14:45:08 martin Exp $
 
 include 	"arch/amd64/conf/std.xen"
 
@@ -52,7 +52,7 @@ options 	SYSCTL_INCLUDE_DESCR	# Include 
 options 	BUFQ_PRIOCSCAN
 
 # Diagnostic/debugging support options
-options 	DIAGNOSTIC	# inexpensive kernel consistency checks
+#options 	DIAGNOSTIC	# inexpensive kernel consistency checks
 #options 	DEBUG		# expensive debugging checks/support
 options 	DDB		# in-kernel debugger
 options 	DDB_ONPANIC=1	# see also sysctl(7): `ddb.onpanic'

Index: src/sys/arch/amd64/conf/XEN3_DOMU
diff -u src/sys/arch/amd64/conf/XEN3_DOMU:1.75.2.3 src/sys/arch/amd64/conf/XEN3_DOMU:1.75.2.4
--- src/sys/arch/amd64/conf/XEN3_DOMU:1.75.2.3	Fri Jan 26 14:28:15 2018
+++ src/sys/arch/amd64/conf/XEN3_DOMU	Wed Apr 18 14:45:08 2018
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.75.2.3 2018/01/26 14:28:15 martin Exp $
+# $NetBSD: XEN3_DOMU,v 1.75.2.4 2018/04/18 14:45:08 martin Exp $
 
 include 	"arch/amd64/conf/std.xen"
 
@@ -44,7 +44,7 @@ options 	SYSCTL_INCLUDE_DESCR	# Include 
 

CVS commit: [netbsd-8] src/sys/arch

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:45:09 UTC 2018

Modified Files:
src/sys/arch/amd64/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU
src/sys/arch/cobalt/conf [netbsd-8]: GENERIC
src/sys/arch/evbarm/conf [netbsd-8]: BEAGLEBOARD BEAGLEBOARDXM
BEAGLEBONE GENERIC.common
src/sys/arch/i386/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU
src/sys/arch/mvmeppc/conf [netbsd-8]: GENERIC
src/sys/arch/shark/conf [netbsd-8]: GENERIC
src/sys/arch/sparc64/conf [netbsd-8]: GENERIC
src/sys/arch/zaurus/conf [netbsd-8]: GENERIC

Log Message:
Requested by skrll in ticket #60:
sys/arch/amd64/conf/GENERIC
sys/arch/amd64/conf/XEN3_DOM0
sys/arch/amd64/conf/XEN3_DOMU
sys/arch/cobalt/conf/GENERIC
sys/arch/evbarm/conf/BEAGLEBONE
sys/arch/evbarm/conf/BEAGLEBOARD
sys/arch/evbarm/conf/BEAGLEBOARDXM
sys/arch/evbarm/conf/GENERIC.common
sys/arch/i386/conf/GENERIC
sys/arch/i386/conf/XEN3_DOM0
sys/arch/i386/conf/XEN3_DOMU
sys/arch/mvmeppc/conf/GENERIC
sys/arch/shark/conf/GENERIC
sys/arch/sparc64/conf/GENERIC
sys/arch/zaurus/conf/GENERIC

Remove option DIAGNOSTIC.


To generate a diff of this commit:
cvs rdiff -u -r1.459.2.8 -r1.459.2.9 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.135.4.6 -r1.135.4.7 src/sys/arch/amd64/conf/XEN3_DOM0
cvs rdiff -u -r1.75.2.3 -r1.75.2.4 src/sys/arch/amd64/conf/XEN3_DOMU
cvs rdiff -u -r1.151.8.3 -r1.151.8.4 src/sys/arch/cobalt/conf/GENERIC
cvs rdiff -u -r1.61.6.2 -r1.61.6.3 src/sys/arch/evbarm/conf/BEAGLEBOARD
cvs rdiff -u -r1.23.6.3 -r1.23.6.4 src/sys/arch/evbarm/conf/BEAGLEBOARDXM
cvs rdiff -u -r1.42.2.3 -r1.42.2.4 src/sys/arch/evbarm/conf/BEAGLEBONE
cvs rdiff -u -r1.18.6.3 -r1.18.6.4 src/sys/arch/evbarm/conf/GENERIC.common
cvs rdiff -u -r1.1156.2.8 -r1.1156.2.9 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.112.4.7 -r1.112.4.8 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.77.2.5 -r1.77.2.6 src/sys/arch/i386/conf/XEN3_DOMU
cvs rdiff -u -r1.27.6.2 -r1.27.6.3 src/sys/arch/mvmeppc/conf/GENERIC
cvs rdiff -u -r1.127.6.2 -r1.127.6.3 src/sys/arch/shark/conf/GENERIC
cvs rdiff -u -r1.198.6.4 -r1.198.6.5 src/sys/arch/sparc64/conf/GENERIC
cvs rdiff -u -r1.73.6.2 -r1.73.6.3 src/sys/arch/zaurus/conf/GENERIC

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/doc

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 14:42:16 UTC 2018

Modified Files:
src/doc: CHANGES

Log Message:
mention meltdown/spectre fixes


To generate a diff of this commit:
cvs rdiff -u -r1.2381 -r1.2382 src/doc/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES
diff -u src/doc/CHANGES:1.2381 src/doc/CHANGES:1.2382
--- src/doc/CHANGES:1.2381	Sun Apr 15 19:48:44 2018
+++ src/doc/CHANGES	Wed Apr 18 14:42:16 2018
@@ -1,4 +1,4 @@
-# LIST OF CHANGES FROM LAST RELEASE:			<$Revision: 1.2381 $>
+# LIST OF CHANGES FROM LAST RELEASE:			<$Revision: 1.2382 $>
 #
 #
 # [Note: This file does not mention every change made to the NetBSD source tree.
@@ -122,6 +122,7 @@ Changes from NetBSD 8.0 to NetBSD 9.0:
 	mdnsd(8), dns-sd(1), libdns_sd: import mDNSResponder 878.30.4
 		[christos 20180225]
 	macppc: Remove macofcons(4). [sevan 20180226]
+	amd64: Add SVS (Meltdown mitigation). [maxv 20180226]
 	imcsmb(4): For amd64 and i386 on Intel {Ivy,Sandy}bridge and
 		{Broad,Has}well CPUs, enable access to Integrated Memory
 		Controller-based SMBus [pgoyette 20170228]
@@ -132,6 +133,8 @@ Changes from NetBSD 8.0 to NetBSD 9.0:
 	tzdata: updated to 2017d [kre 20180324]
 	dhcpcd: Import 7.0.2. [roy 20180327]
 	aarch64: Add initial support for aarch64. [ryo 20180401]
+	amd64: Add SpectreV2 mitigations, based on IBRS and the DIS_IND
+		bit. [maxv 20180404]
 	dhcpcd: Import 7.0.3. [roy 20180406]
 	OpenSSH: Imported 7.7. [christos 20180406]
 	OpenSSL: Imported 1.1.0h. [christos 20180406]
@@ -139,6 +142,7 @@ Changes from NetBSD 8.0 to NetBSD 9.0:
 	acpi(4): Updated ACPICA to 20180313. [christos 20180407]
 	dhcp: Import version 4.4.1 (move to MPL). [christos 20180407]
 	bind: Import version 9.10.7. [christos 20180407]
+	x86: Enable retpoline by default (SpectreV2 mitigation). [mrg 20180408]
 	ichsmb(4): Add Intel 300 series chipset support. [msaitoh 20180409]
 	wm(4): Enable I219 support. [msaitoh 20180413]
 	puc(4): Add Intel 300 series chipset support. [msaitoh 20180413]

CVS commit: src/doc

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 14:42:16 UTC 2018

Modified Files:
src/doc: CHANGES

Log Message:
mention meltdown/spectre fixes


To generate a diff of this commit:
cvs rdiff -u -r1.2381 -r1.2382 src/doc/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/dev/pci

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:21:50 UTC 2018

Modified Files:
src/sys/dev/pci [netbsd-8]: pcidevs.h pcidevs_data.h

Log Message:
regen for ticket #780


To generate a diff of this commit:
cvs rdiff -u -r1.1281.2.5 -r1.1281.2.6 src/sys/dev/pci/pcidevs.h
cvs rdiff -u -r1.1280.2.5 -r1.1280.2.6 src/sys/dev/pci/pcidevs_data.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffs are larger than 1MB and have been omitted

CVS commit: [netbsd-8] src/sys/dev/pci

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:21:50 UTC 2018

Modified Files:
src/sys/dev/pci [netbsd-8]: pcidevs.h pcidevs_data.h

Log Message:
regen for ticket #780


To generate a diff of this commit:
cvs rdiff -u -r1.1281.2.5 -r1.1281.2.6 src/sys/dev/pci/pcidevs.h
cvs rdiff -u -r1.1280.2.5 -r1.1280.2.6 src/sys/dev/pci/pcidevs_data.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/dev/pci

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:20:26 UTC 2018

Modified Files:
src/sys/dev/pci [netbsd-8]: pcidevs

Log Message:
Pull up following revision(s) (requested by nonaka in ticket #780):

sys/dev/pci/pcidevs: revision 1.1328-1.1330

Add some 8th Generation Intel Core Processor devices.
Add Intel SSD 760p.
Added some NVMe devices.


To generate a diff of this commit:
cvs rdiff -u -r1.1289.2.5 -r1.1289.2.6 src/sys/dev/pci/pcidevs

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/dev/pci

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:20:26 UTC 2018

Modified Files:
src/sys/dev/pci [netbsd-8]: pcidevs

Log Message:
Pull up following revision(s) (requested by nonaka in ticket #780):

sys/dev/pci/pcidevs: revision 1.1328-1.1330

Add some 8th Generation Intel Core Processor devices.
Add Intel SSD 760p.
Added some NVMe devices.


To generate a diff of this commit:
cvs rdiff -u -r1.1289.2.5 -r1.1289.2.6 src/sys/dev/pci/pcidevs

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/pci/pcidevs
diff -u src/sys/dev/pci/pcidevs:1.1289.2.5 src/sys/dev/pci/pcidevs:1.1289.2.6
--- src/sys/dev/pci/pcidevs:1.1289.2.5	Sat Apr 14 10:32:05 2018
+++ src/sys/dev/pci/pcidevs	Wed Apr 18 14:20:25 2018
@@ -1,4 +1,4 @@
-$NetBSD: pcidevs,v 1.1289.2.5 2018/04/14 10:32:05 martin Exp $
+$NetBSD: pcidevs,v 1.1289.2.6 2018/04/18 14:20:25 martin Exp $
 
 /*
  * Copyright (c) 1995, 1996 Christopher G. Demetriou
@@ -645,6 +645,8 @@ vendor MARVELL2		0x1b4b	Marvell
 vendor FRESCO		0x1b73	Fresco Logic
 vendor QINHENG2		0x1c00	Nanjing QinHeng Electronics (PCIe)
 vendor SYMPHONY2	0x1c1c	Symphony Labs (2nd PCI Vendor ID)
+vendor HGST		0x1c58	HGST, Inc.
+vendor BEIJING_MEMBLAZE	0x1c5f	Beijing Memblaze Technology Co. Ltd.
 vendor TEKRAM2		0x1de1	Tekram Technology (2nd PCI Vendor ID)
 vendor SUNIX2		0x1fd4	SUNIX Co
 vendor HINT		0x3388	HiNT
@@ -1742,6 +1744,9 @@ product BBELEC ISOLATED_2_PORT		0x4212	d
 product BBELEC ISOLATED_4_PORT		0x4214	quad-channel Isolated RS-485 PCI UART
 product BBELEC ISOLATED_8_PORT		0x4218	octal-channel Isolated RS-485 PCI UART
 
+/* Beijing Memblaze Technology Co. Ltd. products */
+product BEIJING_MEMBLAZE PBLAZE4	0x0540	PBlaze4 NVMe SSD
+
 /* Belkin products */
 product BELKIN F5D6001		0x6001	F5D6001
 product BELKIN F5D6020V3	0x6020	F5D6020v3 802.11b
@@ -2631,6 +2636,10 @@ product HP ILO3_SLAVE		0x3306	iLO3 Slave
 product HP ILO3_MGMT		0x3307	iLO3 Management
 product HP RS780_PPB_GFX	0x9602  (AMD) RS780 PCI-PCI Bridge (int gfx)
 
+/* HGST Inc. products */
+product HGST SN100	0x0003	Ultrastar SN100 Series NVMe SSD
+product HGST SN200	0x0023	Ultrastar SN200 Series NVMe SSD
+
 /* Hifn products */
 product HIFN 7751	0x0005	7751
 product HIFN 6500	0x0006	6500
@@ -4469,6 +4478,11 @@ product INTEL E5_UNICAST	0x3ce8	E5 Unica
 product INTEL E5_SAD_1		0x3cf4	E5 SAD
 product INTEL E5_BROADCAST	0x3cf5	E5 Broadcast
 product INTEL E5_SAD_2		0x3cf6	E5 SAD
+product INTEL CORE8G_S_HOST_DRAM_4C 0x3e1f Core 8G (S) Host Bridge, DRAM
+product INTEL CORE8G_S_HOST_DRAM_6C 0x3ec2 Core 8G (S) Host Bridge, DRAM
+product INTEL CORE8G_PCIE_X16	0x3e81 Core 8G (S) PCIe x16
+product INTEL CORE8G_PCIE_X8	0x3e85 Core 8G (S) PCIe x16
+product INTEL CORE8G_PCIE_X4	0x3e89 Core 8G (S) PCIe x16
 product INTEL COFLK_IGD_1	0x3e90	UHD Graphics 610
 product INTEL COFLK_IGD_2	0x3e91	UHD Graphics 630
 product INTEL COFLK_IGD_3	0x3e92	UHD Graphics 630
@@ -5286,6 +5300,7 @@ product INTEL CP_SS_REGS	0xd156	Core Pro
 product INTEL CP_SCS_REGS	0xd157	Core Processor System Control and Status Registers
 product INTEL CP_MISC_REGS	0xd158	Core Processor Miscellaneous Registers
 product INTEL HANKSVILLE	0xf0fe	HANKSVILLE LAN Controller
+product INTEL SSD_760P		0xf1a6	SSD 760p
 
 /* Intergraph products */
 product INTERGRAPH 4D60T	0x00e3	Powerstorm 4D60T
@@ -6610,6 +6625,8 @@ product SAFENET SAFEXCEL	0x1141 SafeXcel
 product SAMSUNGELEC3	XP941		0xa800	XP941 M.2 SSD
 product SAMSUNGELEC3	SM951		0xa801	SM951 M.2 SSD
 product SAMSUNGELEC3	SM951_NVME	0xa802	SM951 M.2 NVMe SSD
+product SAMSUNGELEC3	172X		0xa821	NVMe SSD Controller 172X
+product SAMSUNGELEC3	172XAB		0xa822	NVMe SSD Controller 172Xa/172Xb
 
 /* Samsung Semiconductor products */
 product SAMSUNGSEMI	KS8920	0x8920	KS8920 10/100 Ethernet

CVS commit: [netbsd-8] src/sys/net

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:16:57 UTC 2018

Modified Files:
src/sys/net [netbsd-8]: if_pppoe.c

Log Message:
Pull up following revision(s) (requested by knakahara in ticket #779):

sys/net/if_pppoe.c: revision 1.135,1.136

net.pppoe.term_unknown can be written safely now.

Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled.


To generate a diff of this commit:
cvs rdiff -u -r1.125.6.6 -r1.125.6.7 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/net

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:16:57 UTC 2018

Modified Files:
src/sys/net [netbsd-8]: if_pppoe.c

Log Message:
Pull up following revision(s) (requested by knakahara in ticket #779):

sys/net/if_pppoe.c: revision 1.135,1.136

net.pppoe.term_unknown can be written safely now.

Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled.


To generate a diff of this commit:
cvs rdiff -u -r1.125.6.6 -r1.125.6.7 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_pppoe.c
diff -u src/sys/net/if_pppoe.c:1.125.6.6 src/sys/net/if_pppoe.c:1.125.6.7
--- src/sys/net/if_pppoe.c:1.125.6.6	Thu Mar  8 13:22:25 2018
+++ src/sys/net/if_pppoe.c	Wed Apr 18 14:16:57 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.125.6.6 2018/03/08 13:22:25 martin Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.125.6.7 2018/04/18 14:16:57 martin Exp $ */
 
 /*-
  * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.6 2018/03/08 13:22:25 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.125.6.7 2018/04/18 14:16:57 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "pppoe.h"
@@ -63,6 +63,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -236,6 +237,7 @@ static int	pppoe_clone_create(struct if_
 static int	pppoe_clone_destroy(struct ifnet *);
 
 static bool	pppoe_term_unknown = false;
+static int	pppoe_term_unknown_pps = 1;
 
 static struct sysctllog	*pppoe_sysctl_clog;
 static void sysctl_net_pppoe_setup(struct sysctllog **);
@@ -951,6 +953,16 @@ pppoe_disc_input(struct mbuf *m)
 		m_freem(m);
 }
 
+static bool
+pppoe_is_my_frame(uint8_t *dhost, struct ifnet *rcvif)
+{
+
+	if (memcmp(CLLADDR(rcvif->if_sadl), dhost, ETHER_ADDR_LEN) == 0)
+		return true;
+
+	return false;
+}
+
 static void
 pppoe_data_input(struct mbuf *m)
 {
@@ -960,12 +972,17 @@ pppoe_data_input(struct mbuf *m)
 	struct ifnet *rcvif;
 	struct psref psref;
 	uint8_t shost[ETHER_ADDR_LEN];
+	uint8_t dhost[ETHER_ADDR_LEN];
+	bool term_unknown = pppoe_term_unknown;
 
 	KASSERT(m->m_flags & M_PKTHDR);
 
-	if (pppoe_term_unknown)
+	if (term_unknown) {
 		memcpy(shost, mtod(m, struct ether_header*)->ether_shost,
 		ETHER_ADDR_LEN);
+		memcpy(dhost, mtod(m, struct ether_header*)->ether_dhost,
+		ETHER_ADDR_LEN);
+	}
 	m_adj(m, sizeof(struct ether_header));
 	if (m->m_pkthdr.len <= PPPOE_HEADERLEN) {
 		printf("pppoe (data): dropping too short packet: %d bytes\n",
@@ -996,10 +1013,21 @@ pppoe_data_input(struct mbuf *m)
 		goto drop;
 	sc = pppoe_find_softc_by_session(session, rcvif, RW_READER);
 	if (sc == NULL) {
-		if (pppoe_term_unknown) {
-			printf("pppoe: input for unknown session %#x, "
-			"sending PADT\n", session);
-			pppoe_send_padt(rcvif, session, shost);
+		if (term_unknown) {
+			static struct timeval lasttime = {0, 0};
+			static int curpps = 0;
+			/*
+			 * avoid to send wrong PADT which is response from
+			 * session stage pakcets for other hosts when parent
+			 * ethernet is promiscuous mode.
+			 */
+			if (pppoe_is_my_frame(dhost, rcvif)
+			&& ppsratecheck(, ,
+pppoe_term_unknown_pps)) {
+printf("pppoe: input for unknown session %#x, "
+"sending PADT\n", session);
+pppoe_send_padt(rcvif, session, shost);
+			}
 		}
 		m_put_rcvif_psref(rcvif, );
 		goto drop;
@@ -1941,7 +1969,7 @@ sysctl_net_pppoe_setup(struct sysctllog 
 		return;
 
 	sysctl_createv(clog, 0, , NULL,
-	CTLFLAG_PERMANENT | CTLFLAG_READONLY,
+	CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 	CTLTYPE_BOOL, "term_unknown",
 	SYSCTL_DESCR("Terminate unknown sessions"),
 	NULL, 0, _term_unknown, sizeof(pppoe_term_unknown),

CVS commit: [netbsd-8] src/sys/arch/x86/include

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:14:17 UTC 2018

Modified Files:
src/sys/arch/x86/include [netbsd-8]: specialreg.h

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #778):

sys/arch/x86/include/specialreg.h: revision 1.118,1.119

 From the latest Intel SDM:
- Add Intel Fn_0006 %eax new bit 14-20 (HWP stuff).
- Intel Fn_0007 %ecx bit 22 is for both RDPID and IA32_TSC_AUX.

Add Some bit definitions of AMD Fn8001 %edx:
  - MMX
  - FXSR


To generate a diff of this commit:
cvs rdiff -u -r1.98.2.3 -r1.98.2.4 src/sys/arch/x86/include/specialreg.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/x86/include/specialreg.h
diff -u src/sys/arch/x86/include/specialreg.h:1.98.2.3 src/sys/arch/x86/include/specialreg.h:1.98.2.4
--- src/sys/arch/x86/include/specialreg.h:1.98.2.3	Sat Mar 31 10:51:05 2018
+++ src/sys/arch/x86/include/specialreg.h	Wed Apr 18 14:14:17 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: specialreg.h,v 1.98.2.3 2018/03/31 10:51:05 martin Exp $	*/
+/*	$NetBSD: specialreg.h,v 1.98.2.4 2018/04/18 14:14:17 martin Exp $	*/
 
 /*-
  * Copyright (c) 1991 The Regents of the University of California.
@@ -300,12 +300,19 @@
 #define CPUID_DSPM_HWP_PLR __BIT(11)	/* HWP Package Level Request */
 #define CPUID_DSPM_HDC	__BIT(13)	/* Hardware Duty Cycling */
 #define CPUID_DSPM_TBMT3 __BIT(14)	/* Turbo Boost Max Technology 3.0 */
+#define CPUID_DSPM_HWP_CAP__BIT(15)	/* HWP Capabilities */
+#define CPUID_DSPM_HWP_PECI   __BIT(16)	/* HWP PECI override */
+#define CPUID_DSPM_HWP_FLEX   __BIT(17)	/* Flexible HWP */
+#define CPUID_DSPM_HWP_FAST   __BIT(18)	/* Fast access for IA32_HWP_REQUEST */
+#define CPUID_DSPM_HWP_IGNIDL __BIT(20)	/* Ignore Idle Logical Processor HWP */
 
 #define CPUID_DSPM_FLAGS	"\20" \
 	"\1" "DTS"	"\2" "IDA"	"\3" "ARAT" 			\
 	"\5" "PLN"	"\6" "ECMD"	"\7" "PTM"	"\10" "HWP"	\
 	"\11" "HWP_NOTIFY" "\12" "HWP_ACTWIN" "\13" "HWP_EPP" "\14" "HWP_PLR" \
-			"\16" "HDC"	"\17" "TBM3"
+			"\16" "HDC"	"\17" "TBM3"	"\20" "HWP_CAP" \
+	"\21" "HWP_PECI" "\22" "HWP_FLEX" "\23" "HWP_FAST"		\
+	"25" "HWP_IGNIDL"
 
 /*
  * Intel Digital Thermal Sensor and
@@ -381,7 +388,7 @@
 #define CPUID_SEF_AVX512_VNNI	__BIT(11) /* Vector neural Network Instruction */
 #define CPUID_SEF_AVX512_BITALG	__BIT(12)
 #define CPUID_SEF_AVX512_VPOPCNTDQ __BIT(14)
-#define CPUID_SEF_RDPID		__BIT(22) /* ReaD Processor ID */
+#define CPUID_SEF_RDPID		__BIT(22) /* RDPID and IA32_TSC_AUX */
 #define CPUID_SEF_SGXLC		__BIT(30) /* SGX Launch Configuration */
 
 #define CPUID_SEF_FLAGS1	"\20" \
@@ -491,6 +498,8 @@
 #define CPUID_MPC	0x0008	/* Multiprocessing Capable */
 #define CPUID_NOX	0x0010	/* No Execute Page Protection */
 #define CPUID_MMXX	0x0040	/* AMD MMX Extensions */
+/*	CPUID_MMX			   MMX supported */
+/*	CPUID_FXSR			   fast FP/MMX save/restore */
 #define CPUID_FFXSR	0x0200	/* FXSAVE/FXSTOR Extensions */
 /*	CPUID_P1GB			   1GB Large Page Support */
 /*	CPUID_RDTSCP			   Read TSC Pair Instruction */
@@ -499,9 +508,11 @@
 #define CPUID_3DNOW	0x8000	/* 3DNow! Instructions */
 
 #define CPUID_EXT_FLAGS	"\20" \
-	"\14" "SYSCALL/SYSRET"		"\24" "MPC"	"\25" "NOX" \
-	"\27" "MMXX"	"\32" "FFXSR"	"\33" "P1GB"	"\34" "RDTSCP" \
-	"\36" "LONG"	"\37" "3DNOW2"	"\40" "3DNOW"
+		"\14" "SYSCALL/SYSRET"	\
+			"\24" "MPC"	\
+	"\25" "NOX"			"\27" "MMXX"	"\30" "MMX"	\
+	"\31" "FXSR"	"\32" "FFXSR"	"\33" "P1GB"	"\34" "RDTSCP"	\
+			"\36" "LONG"	"\37" "3DNOW2"	"\40" "3DNOW"
 
 /* AMD Fn8001 extended features - %ecx */
 /* 	CPUID_LAHF			   LAHF/SAHF instruction */

CVS commit: [netbsd-8] src/sys/arch/x86/include

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:14:17 UTC 2018

Modified Files:
src/sys/arch/x86/include [netbsd-8]: specialreg.h

Log Message:
Pull up following revision(s) (requested by msaitoh in ticket #778):

sys/arch/x86/include/specialreg.h: revision 1.118,1.119

 From the latest Intel SDM:
- Add Intel Fn_0006 %eax new bit 14-20 (HWP stuff).
- Intel Fn_0007 %ecx bit 22 is for both RDPID and IA32_TSC_AUX.

Add Some bit definitions of AMD Fn8001 %edx:
  - MMX
  - FXSR


To generate a diff of this commit:
cvs rdiff -u -r1.98.2.3 -r1.98.2.4 src/sys/arch/x86/include/specialreg.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:11:43 UTC 2018

Modified Files:
src/sys/net [netbsd-8]: if_bridge.c if_bridgevar.h
src/tests/net/if_bridge [netbsd-8]: t_rtable.sh

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #777):

tests/net/if_bridge/t_rtable.sh: revision 1.3
sys/net/if_bridge.c: revision 1.150-1.154
sys/net/if_bridgevar.h: revision 1.32

Remove obsolete NULL checks

Simplify bridge_rtnode_insert (NFC)

bridge: use pslist(9) for rtlist and rthash

The change fixes race conditions on list operations.  One example is that a
reader may see invalid pointers on a looking item in a list due to lack of
membar_producer.

Add a test that checks if brconfig flush surely removes all entries

Get rid of a unnecessary semicolon
Pointed out by kamil@

Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY


To generate a diff of this commit:
cvs rdiff -u -r1.134.6.8 -r1.134.6.9 src/sys/net/if_bridge.c
cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/net/if_bridgevar.h
cvs rdiff -u -r1.1.8.1 -r1.1.8.2 src/tests/net/if_bridge/t_rtable.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_bridge.c
diff -u src/sys/net/if_bridge.c:1.134.6.8 src/sys/net/if_bridge.c:1.134.6.9
--- src/sys/net/if_bridge.c:1.134.6.8	Tue Apr 10 11:48:29 2018
+++ src/sys/net/if_bridge.c	Wed Apr 18 14:11:42 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_bridge.c,v 1.134.6.8 2018/04/10 11:48:29 martin Exp $	*/
+/*	$NetBSD: if_bridge.c,v 1.134.6.9 2018/04/18 14:11:42 martin Exp $	*/
 
 /*
  * Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.134.6.8 2018/04/10 11:48:29 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.134.6.9 2018/04/18 14:11:42 martin Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_bridge_ipf.h"
@@ -181,20 +181,39 @@ __CTASSERT(offsetof(struct ifbifconf, if
 #define	BRIDGE_RTABLE_PRUNE_PERIOD	(5 * 60)
 #endif
 
-#define BRIDGE_RT_LOCK(_sc)	if ((_sc)->sc_rtlist_lock) \
-	mutex_enter((_sc)->sc_rtlist_lock)
-#define BRIDGE_RT_UNLOCK(_sc)	if ((_sc)->sc_rtlist_lock) \
-	mutex_exit((_sc)->sc_rtlist_lock)
-#define BRIDGE_RT_LOCKED(_sc)	(!(_sc)->sc_rtlist_lock || \
- mutex_owned((_sc)->sc_rtlist_lock))
+#define BRIDGE_RT_LOCK(_sc)	mutex_enter((_sc)->sc_rtlist_lock)
+#define BRIDGE_RT_UNLOCK(_sc)	mutex_exit((_sc)->sc_rtlist_lock)
+#define BRIDGE_RT_LOCKED(_sc)	mutex_owned((_sc)->sc_rtlist_lock)
 
 #define BRIDGE_RT_PSZ_PERFORM(_sc) \
-if ((_sc)->sc_rtlist_psz != NULL) \
-	pserialize_perform((_sc)->sc_rtlist_psz);
+pserialize_perform((_sc)->sc_rtlist_psz)
 
 #define BRIDGE_RT_RENTER(__s)	do { __s = pserialize_read_enter(); } while (0)
 #define BRIDGE_RT_REXIT(__s)	do { pserialize_read_exit(__s); } while (0)
 
+#define BRIDGE_RTLIST_READER_FOREACH(_brt, _sc)			\
+	PSLIST_READER_FOREACH((_brt), &((_sc)->sc_rtlist),		\
+	struct bridge_rtnode, brt_list)
+#define BRIDGE_RTLIST_WRITER_FOREACH(_brt, _sc)			\
+	PSLIST_WRITER_FOREACH((_brt), &((_sc)->sc_rtlist),		\
+	struct bridge_rtnode, brt_list)
+#define BRIDGE_RTLIST_WRITER_INSERT_HEAD(_sc, _brt)			\
+	PSLIST_WRITER_INSERT_HEAD(&(_sc)->sc_rtlist, brt, brt_list)
+#define BRIDGE_RTLIST_WRITER_REMOVE(_brt)\
+	PSLIST_WRITER_REMOVE((_brt), brt_list)
+
+#define BRIDGE_RTHASH_READER_FOREACH(_brt, _sc, _hash)			\
+	PSLIST_READER_FOREACH((_brt), &(_sc)->sc_rthash[(_hash)],	\
+	struct bridge_rtnode, brt_hash)
+#define BRIDGE_RTHASH_WRITER_FOREACH(_brt, _sc, _hash)			\
+	PSLIST_WRITER_FOREACH((_brt), &(_sc)->sc_rthash[(_hash)],	\
+	struct bridge_rtnode, brt_hash)
+#define BRIDGE_RTHASH_WRITER_INSERT_HEAD(_sc, _hash, _brt)		\
+	PSLIST_WRITER_INSERT_HEAD(&(_sc)->sc_rthash[(_hash)], brt, brt_hash)
+#define BRIDGE_RTHASH_WRITER_INSERT_AFTER(_brt, _new)			\
+	PSLIST_WRITER_INSERT_AFTER((_brt), (_new), brt_hash)
+#define BRIDGE_RTHASH_WRITER_REMOVE(_brt)\
+	PSLIST_WRITER_REMOVE((_brt), brt_hash)
 
 #ifdef NET_MPSAFE
 #define DECLARE_LOCK_VARIABLE
@@ -1043,7 +1062,7 @@ bridge_ioctl_rts(struct bridge_softc *sc
 	BRIDGE_RT_LOCK(sc);
 
 	len = bac->ifbac_len;
-	LIST_FOREACH(brt, >sc_rtlist, brt_list) {
+	BRIDGE_RTLIST_WRITER_FOREACH(brt, sc) {
 		if (len < sizeof(bareq))
 			goto out;
 		memset(, 0, sizeof(bareq));
@@ -2013,6 +2032,8 @@ bridge_rtalloc(struct bridge_softc *sc, 
 	brt->brt_expire = time_uptime + sc->sc_brttimeout;
 	brt->brt_flags = IFBAF_DYNAMIC;
 	memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
+	PSLIST_ENTRY_INIT(brt, brt_list);
+	PSLIST_ENTRY_INIT(brt, brt_hash);
 
 	BRIDGE_RT_LOCK(sc);
 	error = bridge_rtnode_insert(sc, brt);
@@ -2109,7 +2130,7 @@ typedef bool (*bridge_iterate_cb_t)
 static void
 bridge_rtlist_iterate_remove(struct bridge_softc *sc, bridge_iterate_cb_t func, void *arg)
 {
-	struct bridge_rtnode *brt, *nbrt;
+	struct bridge_rtnode *brt;
 	struct bridge_rtnode **brt_list;
 	

CVS commit: [netbsd-8] src

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:11:43 UTC 2018

Modified Files:
src/sys/net [netbsd-8]: if_bridge.c if_bridgevar.h
src/tests/net/if_bridge [netbsd-8]: t_rtable.sh

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #777):

tests/net/if_bridge/t_rtable.sh: revision 1.3
sys/net/if_bridge.c: revision 1.150-1.154
sys/net/if_bridgevar.h: revision 1.32

Remove obsolete NULL checks

Simplify bridge_rtnode_insert (NFC)

bridge: use pslist(9) for rtlist and rthash

The change fixes race conditions on list operations.  One example is that a
reader may see invalid pointers on a looking item in a list due to lack of
membar_producer.

Add a test that checks if brconfig flush surely removes all entries

Get rid of a unnecessary semicolon
Pointed out by kamil@

Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY


To generate a diff of this commit:
cvs rdiff -u -r1.134.6.8 -r1.134.6.9 src/sys/net/if_bridge.c
cvs rdiff -u -r1.31 -r1.31.10.1 src/sys/net/if_bridgevar.h
cvs rdiff -u -r1.1.8.1 -r1.1.8.2 src/tests/net/if_bridge/t_rtable.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/sys/netipsec

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:06:24 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-8]: key.c keydb.h

Log Message:
Pull up following revision(s) (requested by yamaguchi in ticket #776):

sys/netipsec/key.c: revision 1.251-1.253
sys/netipsec/keydb.h: revision 1.22

Introduced a hash table to sahlist

An saidx of sah included in the list is unique so that
the search can use a hash list whose hash is calculated by
the saidx to find an sah quickly.

The hash list of the sahlits is used in FreeBSD, too.
reviewed by ozaki-r@n.o, thanks.

Added a lookup table to find an sav quickly
key_sad.sahlists doesn't work well for inbound packets because
its key includes source address. For the reason, the
look-up-table for the inbound packets is newly added.
The table has all sav whose state is MATURE or DYING and uses a
key calculated by destination address, protocol, and spi instead
of saidx.

reviewd ozaki-r@n.o, thanks.

Fix panic of SADB when the state of sav is changed in timeout
pointed out by ozaki-r@n.o, thanks


To generate a diff of this commit:
cvs rdiff -u -r1.163.2.8 -r1.163.2.9 src/sys/netipsec/key.c
cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/netipsec/keydb.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.163.2.8 src/sys/netipsec/key.c:1.163.2.9
--- src/sys/netipsec/key.c:1.163.2.8	Mon Apr 16 14:31:44 2018
+++ src/sys/netipsec/key.c	Wed Apr 18 14:06:24 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.163.2.8 2018/04/16 14:31:44 martin Exp $	*/
+/*	$NetBSD: key.c,v 1.163.2.9 2018/04/18 14:06:24 martin Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.8 2018/04/16 14:31:44 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.163.2.9 2018/04/18 14:06:24 martin Exp $");
 
 /*
  * This code is referred to RFC 2367
@@ -72,6 +72,7 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.16
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -122,6 +123,14 @@ __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.16
 #define PORT_LOOSE	1
 #define PORT_STRICT	2
 
+#ifndef SAHHASH_NHASH
+#define SAHHASH_NHASH		128
+#endif
+
+#ifndef SAVLUT_NHASH
+#define SAVLUT_NHASH		128
+#endif
+
 percpu_t *pfkeystat_percpu;
 
 /*
@@ -204,20 +213,23 @@ static u_int32_t acq_seq = 0;
 /*
  * Locking notes on SAD:
  * - Data structures
- *   - SAs are managed by the list called key_sad.sahlist and sav lists of sah
- * entries
+ *   - SAs are managed by the list called key_sad.sahlists and sav lists of
+ * sah entries
  * - An sav is supposed to be an SA from a viewpoint of users
  *   - A sah has sav lists for each SA state
- *   - Multiple sahs with the same saidx can exist
+ *   - Multiple saves with the same saidx can exist
  * - Only one entry has MATURE state and others should be DEAD
  * - DEAD entries are just ignored from searching
- * - Modifications to the key_sad.sahlist and sah.savlist must be done with
- *   holding key_sad.lock which is a adaptive mutex
- * - Read accesses to the key_sad.sahlist and sah.savlist must be in
- *   pserialize(9) read sections
+ *   - All sav whose state is MATURE or DYING are registered to the lookup
+ * table called key_sad.savlut in addition to the savlists.
+ * - The table is used to search an sav without use of saidx.
+ * - Modifications to the key_sad.sahlists, sah.savlist and key_sad.savlut
+ *   must be done with holding key_sad.lock which is a adaptive mutex
+ * - Read accesses to the key_sad.sahlists, sah.savlist and key_sad.savlut
+ *   must be in pserialize(9) read sections
  * - sah's lifetime is managed by localcount(9)
  * - Getting an sah entry
- *   - We get an sah from the key_sad.sahlist
+ *   - We get an sah from the key_sad.sahlists
  * - Must iterate the list and increment the reference count of a found sah
  *   (by key_sah_ref) in a pserialize read section
  *   - A gotten sah must be released after use by key_sah_unref
@@ -261,7 +273,10 @@ static struct {
 static struct {
 	kmutex_t lock;
 	kcondvar_t cv_lc;
-	struct pslist_head sahlist;
+	struct pslist_head *sahlists;
+	u_long sahlistmask;
+	struct pslist_head *savlut;
+	u_long savlutmask;
 
 	pserialize_t psz;
 	kcondvar_t cv_psz;
@@ -341,13 +356,23 @@ static struct {
 #define SAHLIST_WRITER_REMOVE(sah)	\
 	PSLIST_WRITER_REMOVE((sah), pslist_entry)
 #define SAHLIST_READER_FOREACH(sah)	\
-	PSLIST_READER_FOREACH((sah), _sad.sahlist, struct secashead,\
-	  pslist_entry)
+	for(int _i_sah = 0; _i_sah <= key_sad.sahlistmask; _i_sah++)	\
+		PSLIST_READER_FOREACH((sah), _sad.sahlists[_i_sah],	\
+		  struct secashead, pslist_entry)
+#define 

CVS commit: [netbsd-8] src/sys/netipsec

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:06:24 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-8]: key.c keydb.h

Log Message:
Pull up following revision(s) (requested by yamaguchi in ticket #776):

sys/netipsec/key.c: revision 1.251-1.253
sys/netipsec/keydb.h: revision 1.22

Introduced a hash table to sahlist

An saidx of sah included in the list is unique so that
the search can use a hash list whose hash is calculated by
the saidx to find an sah quickly.

The hash list of the sahlits is used in FreeBSD, too.
reviewed by ozaki-r@n.o, thanks.

Added a lookup table to find an sav quickly
key_sad.sahlists doesn't work well for inbound packets because
its key includes source address. For the reason, the
look-up-table for the inbound packets is newly added.
The table has all sav whose state is MATURE or DYING and uses a
key calculated by destination address, protocol, and spi instead
of saidx.

reviewd ozaki-r@n.o, thanks.

Fix panic of SADB when the state of sav is changed in timeout
pointed out by ozaki-r@n.o, thanks


To generate a diff of this commit:
cvs rdiff -u -r1.163.2.8 -r1.163.2.9 src/sys/netipsec/key.c
cvs rdiff -u -r1.15.2.2 -r1.15.2.3 src/sys/netipsec/keydb.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:01:16 UTC 2018

Modified Files:
src/external/gpl3/gcc/dist/gcc [netbsd-8]: genattrtab.c
src/tools [netbsd-8]: Makefile.gnuhost

Log Message:
Pull up following revision(s) (requested by maya in ticket #775):

tools/Makefile.gnuhost: revision 1.46-1.48
external/gpl3/gcc/dist/gcc/genattrtab.c: revision 1.2

do the bracket nesting only for clang for now.

Use the __clang__ preprocessor symbol to check for clang, since --version
might barf. From joerg@

Apply upstream commit:
From: ppalka 
Date: Wed, 27 Apr 2016 21:18:05 +
Subject: [PATCH] Reduce nesting of parentheses in conditionals generated by
 genattrtab

gcc/ChangeLog:
* genattrtab.c (write_test_expr): New parameter EMIT_PARENS
which defaults to true.  Emit an outer pair of parentheses only if
EMIT_PARENS.  When continuing a chain of && or || (or & or |),
don't emit parentheses for the right-hand operand.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@235536

gcc/arm generates so many parens it hits a bracket depth limited which is
enforced by clang. This reduces the number of parens generated and avoids the
need to increase bracket depth.

Fixes PR toolchain/53178 properly.

Remove hack previously needed to build gcc/arm with clang.
genattrtab.c:1.2 makes this unnecessary.

Tested by thorpej.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \
src/external/gpl3/gcc/dist/gcc/genattrtab.c
cvs rdiff -u -r1.44.8.1 -r1.44.8.2 src/tools/Makefile.gnuhost

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/external/gpl3/gcc/dist/gcc/genattrtab.c
diff -u src/external/gpl3/gcc/dist/gcc/genattrtab.c:1.1.1.3 src/external/gpl3/gcc/dist/gcc/genattrtab.c:1.1.1.3.8.1
--- src/external/gpl3/gcc/dist/gcc/genattrtab.c:1.1.1.3	Sun Jan 24 06:06:07 2016
+++ src/external/gpl3/gcc/dist/gcc/genattrtab.c	Wed Apr 18 14:01:16 2018
@@ -3424,7 +3424,10 @@ find_attrs_to_cache (rtx exp, bool creat
 
 /* Given a piece of RTX, print a C expression to test its truth value to OUTF.
We use AND and IOR both for logical and bit-wise operations, so
-   interpret them as logical unless they are inside a comparison expression.  */
+   interpret them as logical unless they are inside a comparison expression.
+
+   An outermost pair of parentheses is emitted around this C expression unless
+   EMIT_PARENS is false.  */
 
 /* Interpret AND/IOR as bit-wise operations instead of logical.  */
 #define FLG_BITWISE		1
@@ -3440,16 +3443,16 @@ find_attrs_to_cache (rtx exp, bool creat
 #define FLG_OUTSIDE_AND		8
 
 static unsigned int
-write_test_expr (FILE *outf, rtx exp, unsigned int attrs_cached, int flags)
+write_test_expr (FILE *outf, rtx exp, unsigned int attrs_cached, int flags,
+		 bool emit_parens = true)
 {
   int comparison_operator = 0;
   RTX_CODE code;
   struct attr_desc *attr;
 
-  /* In order not to worry about operator precedence, surround our part of
- the expression with parentheses.  */
+  if (emit_parens)
+fprintf (outf, "(");
 
-  fprintf (outf, "(");
   code = GET_CODE (exp);
   switch (code)
 {
@@ -3583,8 +3586,18 @@ write_test_expr (FILE *outf, rtx exp, un
 	  || GET_CODE (XEXP (exp, 1)) == EQ_ATTR
 	  || (GET_CODE (XEXP (exp, 1)) == NOT
 		  && GET_CODE (XEXP (XEXP (exp, 1), 0)) == EQ_ATTR)))
-	attrs_cached
-	  = write_test_expr (outf, XEXP (exp, 1), attrs_cached, flags);
+	{
+	  bool need_parens = true;
+
+	  /* No need to emit parentheses around the right-hand operand if we are
+	 continuing a chain of && or || (or & or |).  */
+	  if (GET_CODE (XEXP (exp, 1)) == code)
+	need_parens = false;
+
+	  attrs_cached
+	= write_test_expr (outf, XEXP (exp, 1), attrs_cached, flags,
+			   need_parens);
+	}
   else
 	write_test_expr (outf, XEXP (exp, 1), attrs_cached,
 			 flags | comparison_operator);
@@ -3802,7 +3815,9 @@ write_test_expr (FILE *outf, rtx exp, un
 	 GET_RTX_NAME (code));
 }
 
-  fprintf (outf, ")");
+  if (emit_parens)
+fprintf (outf, ")");
+
   return attrs_cached;
 }
 

Index: src/tools/Makefile.gnuhost
diff -u src/tools/Makefile.gnuhost:1.44.8.1 src/tools/Makefile.gnuhost:1.44.8.2
--- src/tools/Makefile.gnuhost:1.44.8.1	Sat Apr 14 10:44:56 2018
+++ src/tools/Makefile.gnuhost	Wed Apr 18 14:01:16 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.gnuhost,v 1.44.8.1 2018/04/14 10:44:56 martin Exp $
+#	$NetBSD: Makefile.gnuhost,v 1.44.8.2 2018/04/18 14:01:16 martin Exp $
 #
 # Rules used when building a GNU host package.  Expects MODULE to be set.
 #
@@ -18,13 +18,11 @@
 .include 
 
 # Disable use of pre-compiled headers on Darwin.
-# GCC build exceeds the macOS clang default bracket nesting level of 256.
 BUILD_OSTYPE!= uname -s
 .if ${BUILD_OSTYPE} == "Darwin"
 HOST_CFLAGS+=-O2 -no-cpp-precomp
-HOST_CFLAGS+=-O2 

CVS commit: [netbsd-8] src

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 14:01:16 UTC 2018

Modified Files:
src/external/gpl3/gcc/dist/gcc [netbsd-8]: genattrtab.c
src/tools [netbsd-8]: Makefile.gnuhost

Log Message:
Pull up following revision(s) (requested by maya in ticket #775):

tools/Makefile.gnuhost: revision 1.46-1.48
external/gpl3/gcc/dist/gcc/genattrtab.c: revision 1.2

do the bracket nesting only for clang for now.

Use the __clang__ preprocessor symbol to check for clang, since --version
might barf. From joerg@

Apply upstream commit:
From: ppalka 
Date: Wed, 27 Apr 2016 21:18:05 +
Subject: [PATCH] Reduce nesting of parentheses in conditionals generated by
 genattrtab

gcc/ChangeLog:
* genattrtab.c (write_test_expr): New parameter EMIT_PARENS
which defaults to true.  Emit an outer pair of parentheses only if
EMIT_PARENS.  When continuing a chain of && or || (or & or |),
don't emit parentheses for the right-hand operand.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@235536

gcc/arm generates so many parens it hits a bracket depth limited which is
enforced by clang. This reduces the number of parens generated and avoids the
need to increase bracket depth.

Fixes PR toolchain/53178 properly.

Remove hack previously needed to build gcc/arm with clang.
genattrtab.c:1.2 makes this unnecessary.

Tested by thorpej.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.8.1 \
src/external/gpl3/gcc/dist/gcc/genattrtab.c
cvs rdiff -u -r1.44.8.1 -r1.44.8.2 src/tools/Makefile.gnuhost

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-8] src/crypto/external/bsd/openssl

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 13:51:36 UTC 2018

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h
asn1_err.c tasn_dec.c
src/crypto/external/bsd/openssl/dist/crypto/bn/asm [netbsd-8]:
rsaz-avx2.pl x86_64-mont5.pl
src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa_gen.c
src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]:
v3_addr.c
src/crypto/external/bsd/openssl/dist/ssl [netbsd-8]: ssl.h
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64 [netbsd-8]:
rsaz-avx2.S x86_64-mont5.S

Log Message:
Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737,
CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. Regen.

Requested by christos in ticket #774.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c
cvs rdiff -u -r1.6 -r1.6.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c
cvs rdiff -u -r1.5 -r1.5.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c
cvs rdiff -u -r1.16 -r1.16.6.1 src/crypto/external/bsd/openssl/dist/ssl/ssl.h
cvs rdiff -u -r1.2 -r1.2.6.1 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S
cvs rdiff -u -r1.5 -r1.5.4.1 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2.6.1
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h:1.2	Fri Oct 14 16:23:18 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h	Wed Apr 18 13:51:35 2018
@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
 # define ASN1_R_MSTRING_NOT_UNIVERSAL 139
 # define ASN1_R_MSTRING_WRONG_TAG 140
 # define ASN1_R_NESTED_ASN1_STRING197
+# define ASN1_R_NESTED_TOO_DEEP   219
 # define ASN1_R_NON_HEX_CHARACTERS141
 # define ASN1_R_NOT_ASCII_FORMAT  190
 # define ASN1_R_NOT_ENOUGH_DATA   142

Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7.8.1
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c:1.1.1.7	Mon Mar 23 08:28:38 2015
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c	Wed Apr 18 13:51:35 2018
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* 
- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
 {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
 {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
 {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+{ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},

Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6.6.1
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c:1.6	Fri Oct 14 16:23:18 2016
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c	Wed Apr 18 13:51:35 2018
@@ -65,6 +65,14 @@
 #include 
 #include 
 
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
 static 

CVS commit: [netbsd-8] src/crypto/external/bsd/openssl

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 13:51:36 UTC 2018

Modified Files:
src/crypto/external/bsd/openssl/dist/crypto/asn1 [netbsd-8]: asn1.h
asn1_err.c tasn_dec.c
src/crypto/external/bsd/openssl/dist/crypto/bn/asm [netbsd-8]:
rsaz-avx2.pl x86_64-mont5.pl
src/crypto/external/bsd/openssl/dist/crypto/rsa [netbsd-8]: rsa_gen.c
src/crypto/external/bsd/openssl/dist/crypto/x509v3 [netbsd-8]:
v3_addr.c
src/crypto/external/bsd/openssl/dist/ssl [netbsd-8]: ssl.h
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64 [netbsd-8]:
rsaz-avx2.S x86_64-mont5.S

Log Message:
Apply upstream fixes for CVE-2017-3735, CVE-2017-3736, CVE-2017-3737,
CVE-2017-3738, CVE-2018-0737, CVE-2018-0739. Regen.

Requested by christos in ticket #774.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.2.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1.h
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.8.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_err.c
cvs rdiff -u -r1.6 -r1.6.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.8.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/rsaz-avx2.pl
cvs rdiff -u -r1.1.1.7 -r1.1.1.7.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl
cvs rdiff -u -r1.1.1.6 -r1.1.1.6.4.1 \
src/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_gen.c
cvs rdiff -u -r1.5 -r1.5.6.1 \
src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c
cvs rdiff -u -r1.16 -r1.16.6.1 src/crypto/external/bsd/openssl/dist/ssl/ssl.h
cvs rdiff -u -r1.2 -r1.2.6.1 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/rsaz-avx2.S
cvs rdiff -u -r1.5 -r1.5.4.1 \
src/crypto/external/bsd/openssl/lib/libcrypto/arch/x86_64/x86_64-mont5.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/i386/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 10:40:22 UTC 2018

Modified Files:
src/sys/arch/i386/conf: Makefile.i386

Log Message:
Make SPECTRE_V2_GCC_MITIGATION overridable at the make command line.


To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 src/sys/arch/i386/conf/Makefile.i386

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/i386/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 10:40:22 UTC 2018

Modified Files:
src/sys/arch/i386/conf: Makefile.i386

Log Message:
Make SPECTRE_V2_GCC_MITIGATION overridable at the make command line.


To generate a diff of this commit:
cvs rdiff -u -r1.190 -r1.191 src/sys/arch/i386/conf/Makefile.i386

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/i386/conf/Makefile.i386
diff -u src/sys/arch/i386/conf/Makefile.i386:1.190 src/sys/arch/i386/conf/Makefile.i386:1.191
--- src/sys/arch/i386/conf/Makefile.i386:1.190	Sat Apr  7 19:38:06 2018
+++ src/sys/arch/i386/conf/Makefile.i386	Wed Apr 18 10:40:22 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.i386,v 1.190 2018/04/07 19:38:06 mrg Exp $
+#	$NetBSD: Makefile.i386,v 1.191 2018/04/18 10:40:22 martin Exp $
 
 # Makefile for NetBSD
 #
@@ -39,7 +39,7 @@ CFLAGS+=	-msoft-float
 ## no-sse implies no-sse2 but not no-avx
 CFLAGS+=	-mno-mmx -mno-sse -mno-avx
 
-.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+.if ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 && ${HAVE_GCC:U0} > 0
 CFLAGS+=	-mindirect-branch=thunk
 CFLAGS+=	-mindirect-branch-register
 .endif

CVS commit: src/sys/arch/amd64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 10:38:47 UTC 2018

Modified Files:
src/sys/arch/amd64/conf: Makefile.amd64

Log Message:
Simplify previous, pointed out by mrg.


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/sys/arch/amd64/conf/Makefile.amd64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/amd64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 10:38:47 UTC 2018

Modified Files:
src/sys/arch/amd64/conf: Makefile.amd64

Log Message:
Simplify previous, pointed out by mrg.


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/sys/arch/amd64/conf/Makefile.amd64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/conf/Makefile.amd64
diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.69 src/sys/arch/amd64/conf/Makefile.amd64:1.70
--- src/sys/arch/amd64/conf/Makefile.amd64:1.69	Wed Apr 18 09:29:35 2018
+++ src/sys/arch/amd64/conf/Makefile.amd64	Wed Apr 18 10:38:47 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.amd64,v 1.69 2018/04/18 09:29:35 martin Exp $
+#	$NetBSD: Makefile.amd64,v 1.70 2018/04/18 10:38:47 martin Exp $
 
 # Makefile for NetBSD
 #
@@ -43,8 +43,7 @@ CFLAGS+=	-msoft-float
 # For gcc we might need this, but other compilers barf
 # CFLAGS+=	-mno-fp-ret-in-387
 
-.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 \
-	&& ${HAVE_GCC:U0} > 0
+.if ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 && ${HAVE_GCC:U0} > 0
 CFLAGS+=  -mindirect-branch=thunk-inline
 CFLAGS+=  -mindirect-branch-register
 .endif

CVS commit: src/sbin/nvmectl

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:17:54 UTC 2018

Modified Files:
src/sbin/nvmectl: nvmectl.8

Log Message:
nvmectl(8): Remove some wdc subcommands from man page.

- wdc drive-log
- wdc get-crash-dump
- wdc purge
- wdc purge-monitor


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/nvmectl.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sbin/nvmectl/nvmectl.8
diff -u src/sbin/nvmectl/nvmectl.8:1.4 src/sbin/nvmectl/nvmectl.8:1.5
--- src/sbin/nvmectl/nvmectl.8:1.4	Sun Apr 30 15:59:18 2017
+++ src/sbin/nvmectl/nvmectl.8	Wed Apr 18 10:17:54 2018
@@ -1,4 +1,4 @@
-.\" $NetBSD: nvmectl.8,v 1.4 2017/04/30 15:59:18 wiz Exp $
+.\" $NetBSD: nvmectl.8,v 1.5 2018/04/18 10:17:54 nonaka Exp $
 .\"
 .\" Copyright (c) 2012 Intel Corporation
 .\" All rights reserved.
@@ -54,10 +54,10 @@
 .\".Aq Fl o Ar read|write
 .\".Aq Fl s Ar size_in_bytes
 .\".Aq Fl t Ar time_in_sec
-.\".Aq namespace id
+.\".Aq namespace_id
 .\".Nm
 .\".Ic reset
-.\".Aq controller id
+.\".Aq controller_id
 .Nm
 .Ic logpage
 .Op Fl x
@@ -80,21 +80,7 @@
 .Nm
 .Ic wdc cap-diag
 .Op Fl o path_template
-.Ar device id
-.Nm
-.Ic wdc drive-log
-.Op Fl o path_template
-.Ar device id
-.Nm
-.Ic wdc get-crash-dump
-.Op Fl o path_template
-.Ar device id
-.\" .Nm
-.\" .Ic wdc purge
-.\" .Aq device id
-.\" .Nm
-.\" .Ic wdc purge-monitor
-.\" .Aq device id
+.Ar device_id
 .Sh DESCRIPTION
 NVM Express (NVMe) is a storage protocol standard, for SSDs and other
 high-speed storage devices over PCI Express.

CVS commit: src/sbin/nvmectl

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:17:54 UTC 2018

Modified Files:
src/sbin/nvmectl: nvmectl.8

Log Message:
nvmectl(8): Remove some wdc subcommands from man page.

- wdc drive-log
- wdc get-crash-dump
- wdc purge
- wdc purge-monitor


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/nvmectl.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sbin/nvmectl

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:16:22 UTC 2018

Modified Files:
src/sbin/nvmectl: nvmectl.h

Log Message:
nvmectl(8): fix subcommand usage.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sbin/nvmectl/nvmectl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sbin/nvmectl

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:16:22 UTC 2018

Modified Files:
src/sbin/nvmectl: nvmectl.h

Log Message:
nvmectl(8): fix subcommand usage.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/sbin/nvmectl/nvmectl.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sbin/nvmectl/nvmectl.h
diff -u src/sbin/nvmectl/nvmectl.h:1.7 src/sbin/nvmectl/nvmectl.h:1.8
--- src/sbin/nvmectl/nvmectl.h:1.7	Tue Apr 17 15:31:00 2018
+++ src/sbin/nvmectl/nvmectl.h	Wed Apr 18 10:16:22 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: nvmectl.h,v 1.7 2018/04/17 15:31:00 nonaka Exp $	*/
+/*	$NetBSD: nvmectl.h,v 1.8 2018/04/18 10:16:22 nonaka Exp $	*/
 
 /*-
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
@@ -53,14 +53,14 @@ struct nvme_function {
 "devlist\n"
 
 #define IDENTIFY_USAGE			   \
-"identify [-x [-v]] \n"
+"identify [-x [-v]] \n"
 
 #ifdef ENABLE_PREFTEST
 #define PERFTEST_USAGE			   \
-"perftest <-n num_threads> <-o read|write>\n"		   \
+"perftest <-n num_threads> <-o read|write>\n"   \
 "<-s size_in_bytes> <-t time_in_seconds>\n"	   \
 "<-i intr|wait> [-f refthread] [-p]\n"		   \
-"\n"
+"\n"
 #endif
 
 #ifdef ENABLE_RESET
@@ -69,16 +69,16 @@ struct nvme_function {
 #endif
 
 #define LOGPAGE_USAGE			   \
-"logpage <-p page_id> [-b] [-v vendor] [-x] "		   \
-"\n"
+"logpage <-p page_id> [-b] [-v vendor] [-x] "   \
+"\n"
 
 #ifdef ENABLE_FIRMWARE
 #define FIRMWARE_USAGE			   \
-"firmware [-s slot] [-f path_to_firmware] [-a] \n"
+"firmware [-s slot] [-f path_to_firmware] [-a] \n"
 #endif
 
 #define POWER_USAGE			   \
-"power [-l] [-p new-state [-w workload-hint]] \n"
+"power [-l] [-p new-state [-w workload-hint]] \n"
 
 #define WDC_USAGE			   \
 "wdc cap-diag [-o path-templete]\n"

CVS commit: src

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:11:45 UTC 2018

Modified Files:
src/sbin/nvmectl: devlist.c firmware.c identify.c logpage.c nvme.h
nvmectl.c perftest.c power.c util.c wdc.c
src/sys/dev/ic: ld_nvme.c nvme.c nvmeio.h

Log Message:
nvmectl(8): Add big-endian support.

from FreeBSD nvmecontolr(8) r329824.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/devlist.c \
src/sbin/nvmectl/identify.c src/sbin/nvmectl/perftest.c
cvs rdiff -u -r1.3 -r1.4 src/sbin/nvmectl/firmware.c src/sbin/nvmectl/power.c \
src/sbin/nvmectl/wdc.c
cvs rdiff -u -r1.6 -r1.7 src/sbin/nvmectl/logpage.c \
src/sbin/nvmectl/nvmectl.c
cvs rdiff -u -r1.2 -r1.3 src/sbin/nvmectl/nvme.h
cvs rdiff -u -r1.1 -r1.2 src/sbin/nvmectl/util.c
cvs rdiff -u -r1.19 -r1.20 src/sys/dev/ic/ld_nvme.c
cvs rdiff -u -r1.38 -r1.39 src/sys/dev/ic/nvme.c
cvs rdiff -u -r1.1 -r1.2 src/sys/dev/ic/nvmeio.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sbin/nvmectl/devlist.c
diff -u src/sbin/nvmectl/devlist.c:1.4 src/sbin/nvmectl/devlist.c:1.5
--- src/sbin/nvmectl/devlist.c:1.4	Tue Apr 17 08:54:35 2018
+++ src/sbin/nvmectl/devlist.c	Wed Apr 18 10:11:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: devlist.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $	*/
+/*	$NetBSD: devlist.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $	*/
 
 /*-
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
@@ -30,9 +30,9 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: devlist.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $");
+__RCSID("$NetBSD: devlist.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $");
 #if 0
-__FBSDID("$FreeBSD: head/sbin/nvmecontrol/devlist.c 326276 2017-11-27 15:37:16Z pfg $");
+__FBSDID("$FreeBSD: head/sbin/nvmecontrol/devlist.c 329824 2018-02-22 13:32:31Z wma $");
 #endif
 #endif
 
Index: src/sbin/nvmectl/identify.c
diff -u src/sbin/nvmectl/identify.c:1.4 src/sbin/nvmectl/identify.c:1.5
--- src/sbin/nvmectl/identify.c:1.4	Tue Apr 17 08:54:35 2018
+++ src/sbin/nvmectl/identify.c	Wed Apr 18 10:11:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: identify.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $	*/
+/*	$NetBSD: identify.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $	*/
 
 /*-
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
@@ -30,9 +30,9 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: identify.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $");
+__RCSID("$NetBSD: identify.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $");
 #if 0
-__FBSDID("$FreeBSD: head/sbin/nvmecontrol/identify.c 326276 2017-11-27 15:37:16Z pfg $");
+__FBSDID("$FreeBSD: head/sbin/nvmecontrol/identify.c 329824 2018-02-22 13:32:31Z wma $");
 #endif
 #endif
 
Index: src/sbin/nvmectl/perftest.c
diff -u src/sbin/nvmectl/perftest.c:1.4 src/sbin/nvmectl/perftest.c:1.5
--- src/sbin/nvmectl/perftest.c:1.4	Tue Apr 17 08:54:35 2018
+++ src/sbin/nvmectl/perftest.c	Wed Apr 18 10:11:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: perftest.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $	*/
+/*	$NetBSD: perftest.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $	*/
 
 /*-
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
@@ -30,9 +30,9 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: perftest.c,v 1.4 2018/04/17 08:54:35 nonaka Exp $");
+__RCSID("$NetBSD: perftest.c,v 1.5 2018/04/18 10:11:44 nonaka Exp $");
 #if 0
-__FBSDID("$FreeBSD: head/sbin/nvmecontrol/perftest.c 326276 2017-11-27 15:37:16Z pfg $");
+__FBSDID("$FreeBSD: head/sbin/nvmecontrol/perftest.c 329824 2018-02-22 13:32:31Z wma $");
 #endif
 #endif
 

Index: src/sbin/nvmectl/firmware.c
diff -u src/sbin/nvmectl/firmware.c:1.3 src/sbin/nvmectl/firmware.c:1.4
--- src/sbin/nvmectl/firmware.c:1.3	Tue Apr 17 08:54:35 2018
+++ src/sbin/nvmectl/firmware.c	Wed Apr 18 10:11:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: firmware.c,v 1.3 2018/04/17 08:54:35 nonaka Exp $	*/
+/*	$NetBSD: firmware.c,v 1.4 2018/04/18 10:11:44 nonaka Exp $	*/
 
 /*-
  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
@@ -33,9 +33,9 @@
 
 #include 
 #ifndef lint
-__RCSID("$NetBSD: firmware.c,v 1.3 2018/04/17 08:54:35 nonaka Exp $");
+__RCSID("$NetBSD: firmware.c,v 1.4 2018/04/18 10:11:44 nonaka Exp $");
 #if 0
-__FBSDID("$FreeBSD: head/sbin/nvmecontrol/firmware.c 326276 2017-11-27 15:37:16Z pfg $");
+__FBSDID("$FreeBSD: head/sbin/nvmecontrol/firmware.c 329824 2018-02-22 13:32:31Z wma $");
 #endif
 #endif
 
@@ -188,7 +188,7 @@ firmware(int argc, char *argv[])
 	intfd = -1;
 	inta_flag, s_flag, f_flag;
 	intcommit_action, reboot_required;
-	intch,
+	intch;
 	char*p, *image = NULL;
 	char*controller = NULL, prompt[64];
 	void*buf = NULL;
Index: src/sbin/nvmectl/power.c
diff -u src/sbin/nvmectl/power.c:1.3 src/sbin/nvmectl/power.c:1.4
--- src/sbin/nvmectl/power.c:1.3	Sat Mar 17 11:07:26 2018
+++ src/sbin/nvmectl/power.c	Wed Apr 18 10:11:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: power.c,v 1.3 2018/03/17 11:07:26 jdolecek Exp $	*/
+/*	$NetBSD: power.c,v 1.4 2018/04/18 10:11:44 nonaka 

CVS commit: src

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:11:45 UTC 2018

Modified Files:
src/sbin/nvmectl: devlist.c firmware.c identify.c logpage.c nvme.h
nvmectl.c perftest.c power.c util.c wdc.c
src/sys/dev/ic: ld_nvme.c nvme.c nvmeio.h

Log Message:
nvmectl(8): Add big-endian support.

from FreeBSD nvmecontolr(8) r329824.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/sbin/nvmectl/devlist.c \
src/sbin/nvmectl/identify.c src/sbin/nvmectl/perftest.c
cvs rdiff -u -r1.3 -r1.4 src/sbin/nvmectl/firmware.c src/sbin/nvmectl/power.c \
src/sbin/nvmectl/wdc.c
cvs rdiff -u -r1.6 -r1.7 src/sbin/nvmectl/logpage.c \
src/sbin/nvmectl/nvmectl.c
cvs rdiff -u -r1.2 -r1.3 src/sbin/nvmectl/nvme.h
cvs rdiff -u -r1.1 -r1.2 src/sbin/nvmectl/util.c
cvs rdiff -u -r1.19 -r1.20 src/sys/dev/ic/ld_nvme.c
cvs rdiff -u -r1.38 -r1.39 src/sys/dev/ic/nvme.c
cvs rdiff -u -r1.1 -r1.2 src/sys/dev/ic/nvmeio.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev/ic

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:10:26 UTC 2018

Modified Files:
src/sys/dev/ic: nvmereg.h

Log Message:
Add some new structure fileds, opcodes and statuses from NVMe 1.3a.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/dev/ic/nvmereg.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/nvmereg.h
diff -u src/sys/dev/ic/nvmereg.h:1.10 src/sys/dev/ic/nvmereg.h:1.11
--- src/sys/dev/ic/nvmereg.h:1.10	Tue Apr 17 08:54:35 2018
+++ src/sys/dev/ic/nvmereg.h	Wed Apr 18 10:10:26 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: nvmereg.h,v 1.10 2018/04/17 08:54:35 nonaka Exp $	*/
+/*	$NetBSD: nvmereg.h,v 1.11 2018/04/18 10:10:26 nonaka Exp $	*/
 /*	$OpenBSD: nvmereg.h,v 1.10 2016/04/14 11:18:32 dlg Exp $ */
 
 /*
@@ -318,13 +318,27 @@ NVME_CTASSERT(sizeof(struct nvme_cqe) ==
 /* 0x0e-0x0f - reserved */
 #define NVM_ADMIN_FW_COMMIT	0x10 /* Firmware Commit */
 #define NVM_ADMIN_FW_DOWNLOAD	0x11 /* Firmware Image Download */
+#define NVM_ADMIN_DEV_SELFTEST	0x14 /* Device Self Test */
 #define NVM_ADMIN_NS_ATTACHMENT	0x15 /* Namespace Attachment */
+#define NVM_ADMIN_KEEP_ALIVE	0x18 /* Keep Alive */
+#define NVM_ADMIN_DIRECTIVE_SND	0x19 /* Derective Send */
+#define NVM_ADMIN_DIRECTIVE_RCV	0x1a /* Derective Receive */
+#define NVM_ADMIN_VIRT_MGMT	0x1c /* Virtualization Management */
+#define NVM_ADMIN_NVME_MI_SEND	0x1d /* NVMe-MI Send */
+#define NVM_ADMIN_NVME_MI_RECV	0x1e /* NVMe-MI Receive */
+#define NVM_ADMIN_DOORBELL_BC	0x7c /* Doorbell Buffer Config */
+#define NVM_ADMIN_FORMAT_NVM	0x80 /* Format NVM */
+#define NVM_ADMIN_SECURITY_SND	0x81 /* Security Send */
+#define NVM_ADMIN_SECURITY_RCV	0x82 /* Security Receive */
+#define NVM_ADMIN_SANITIZE	0x84 /* Sanitize */
 
 #define NVM_CMD_FLUSH		0x00 /* Flush */
 #define NVM_CMD_WRITE		0x01 /* Write */
 #define NVM_CMD_READ		0x02 /* Read */
 #define NVM_CMD_WR_UNCOR	0x04 /* Write Uncorrectable */
 #define NVM_CMD_COMPARE		0x05 /* Compare */
+/* 0x06-0x07 - reserved */
+#define NVM_CMD_WRITE_ZEROES	0x08 /* Write Zeroes */
 #define NVM_CMD_DSM		0x09 /* Dataset Management */
 
 /* Features for GET/SET FEATURES */
@@ -349,7 +363,10 @@ NVME_CTASSERT(sizeof(struct nvme_cqe) ==
 /* 0x12-0x77 - reserved */
 /* 0x78-0x7f - NVMe Management Interface */
 #define NVM_FEAT_SOFTWARE_PROGRESS_MARKER	0x80
-/* 0x81-0xBF - command set specific (reserved) */
+#define NVM_FEAT_HOST_IDENTIFIER		0x81
+#define NVM_FEAT_RESERVATION_NOTIFICATION_MASK	0x82
+#define NVM_FEAT_RESERVATION_PERSISTANCE	0x83
+/* 0x84-0xBF - command set specific (reserved) */
 /* 0xC0-0xFF - vendor specific */
 
 /* Power State Descriptor Data */
@@ -421,6 +438,11 @@ struct nvm_identify_controller {
 	/* Admin Command Set Attributes & Optional Controller Capabilities */
 
 	uint16_t	oacs;		/* Optional Admin Command Support */
+#define	NVME_ID_CTRLR_OACS_DOORBELL_BC	__BIT(8)
+#define	NVME_ID_CTRLR_OACS_VIRT_MGMT	__BIT(7)
+#define	NVME_ID_CTRLR_OACS_NVME_MI	__BIT(6)
+#define	NVME_ID_CTRLR_OACS_DIRECTIVES	__BIT(5)
+#define	NVME_ID_CTRLR_OACS_DEV_SELFTEST	__BIT(4)
 #define	NVME_ID_CTRLR_OACS_NS		__BIT(3)
 #define	NVME_ID_CTRLR_OACS_FW		__BIT(2)
 #define	NVME_ID_CTRLR_OACS_FORMAT	__BIT(1)
@@ -501,11 +523,14 @@ struct nvm_identify_controller {
 	uint16_t	fuses;		/* Fused Operation Support */
 
 	uint8_t		fna;		/* Format NVM Attributes */
+#define	NVME_ID_CTRLR_FNA_CRYPTO_ERASE	__BIT(2)
+#define	NVME_ID_CTRLR_FNA_ERASE_ALL	__BIT(1)
+#define	NVME_ID_CTRLR_FNA_FORMAT_ALL	__BIT(0)
 	uint8_t		vwc;		/* Volatile Write Cache */
 #define	NVME_ID_CTRLR_VWC_PRESENT	__BIT(0)
 	uint16_t	awun;		/* Atomic Write Unit Normal */
-
 	uint16_t	awupf;		/* Atomic Write Unit Power Fail */
+
 	uint8_t		nvscc;		/* NVM Vendor Specific Command */
 	uint8_t		_reserved4[1];
 
@@ -514,19 +539,17 @@ struct nvm_identify_controller {
 
 	uint32_t	sgls;		/* SGL Support */
 
-	uint8_t		_reserved6[164];
+	uint8_t		_reserved6[228];
 
-	/* I/O Command Set Attributes */
+	uint8_t		subnqn[256];	/* NVM Subsystem NVMe Qualified Name */
 
-	uint8_t		_reserved7[1344];
+	uint8_t		_reserved7[768];
 
-	/* Power State Descriptors */
+	uint8_t		_reserved8[256]; /* NVMe over Fabrics specification */
 
 	struct nvm_identify_psd psd[32]; /* Power State Descriptors */
 
-	/* Vendor Specific */
-
-	uint8_t		_reserved8[1024];
+	uint8_t		vs[1024];	/* Vendor Specific */
 } __packed __aligned(8);
 NVME_CTASSERT(sizeof(struct nvm_identify_controller) == 4096, "bad size for nvm_identify_controller");
 
@@ -555,9 +578,35 @@ struct nvm_identify_namespace {
 	uint8_t		mc;		/* Metadata Capabilities */
 	uint8_t		dpc;		/* End-to-end Data Protection
 	   Capabilities */
-	uint8_t		dps;		/* End-to-end Data Protection Type Settings */
+	uint8_t		dps;		/* End-to-end Data Protection Type
+	   Settings */
+#define	NVME_ID_NS_DPS_MD_START			__BIT(3)
+#define	NVME_ID_NS_DPS_PIT(_f)			((_f) & 0x7)
+
+	uint8_t		nmic;		/* Namespace 

CVS commit: src/sys/dev/ic

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:10:26 UTC 2018

Modified Files:
src/sys/dev/ic: nvmereg.h

Log Message:
Add some new structure fileds, opcodes and statuses from NVMe 1.3a.


To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/sys/dev/ic/nvmereg.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/dev

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:05:59 UTC 2018

Modified Files:
src/sys/dev/ic: nvme.c nvmevar.h
src/sys/dev/pci: nvme_pci.c

Log Message:
nvme(4): Added some delay before check RDY bit quirk when disabling device.

Pick from FreeBSD nvme(4) r326937.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/dev/ic/nvme.c
cvs rdiff -u -r1.15 -r1.16 src/sys/dev/ic/nvmevar.h
cvs rdiff -u -r1.19 -r1.20 src/sys/dev/pci/nvme_pci.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/nvme.c
diff -u src/sys/dev/ic/nvme.c:1.37 src/sys/dev/ic/nvme.c:1.38
--- src/sys/dev/ic/nvme.c:1.37	Sat Mar 17 09:45:44 2018
+++ src/sys/dev/ic/nvme.c	Wed Apr 18 10:05:59 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: nvme.c,v 1.37 2018/03/17 09:45:44 jdolecek Exp $	*/
+/*	$NetBSD: nvme.c,v 1.38 2018/04/18 10:05:59 nonaka Exp $	*/
 /*	$OpenBSD: nvme.c,v 1.49 2016/04/18 05:59:50 dlg Exp $ */
 
 /*
@@ -18,7 +18,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.37 2018/03/17 09:45:44 jdolecek Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.38 2018/04/18 10:05:59 nonaka Exp $");
 
 #include 
 #include 
@@ -42,6 +42,8 @@ __KERNEL_RCSID(0, "$NetBSD: nvme.c,v 1.3
 
 #include "ioconf.h"
 
+#define	B4_CHK_RDY_DELAY_MS	2300	/* workaround controller bug */
+
 int nvme_adminq_size = 32;
 int nvme_ioq_size = 1024;
 
@@ -220,15 +222,6 @@ static int
 nvme_ready(struct nvme_softc *sc, uint32_t rdy)
 {
 	u_int i = 0;
-	uint32_t cc;
-
-	cc = nvme_read4(sc, NVME_CC);
-	if (((cc & NVME_CC_EN) != 0) != (rdy != 0)) {
-		aprint_error_dev(sc->sc_dev,
-		"controller enabled status expected %d, found to be %d\n",
-		(rdy != 0), ((cc & NVME_CC_EN) != 0));
-		return ENXIO;
-	}
 
 	while ((nvme_read4(sc, NVME_CSTS) & NVME_CSTS_RDY) != rdy) {
 		if (i++ > sc->sc_rdy_to)
@@ -245,17 +238,24 @@ static int
 nvme_enable(struct nvme_softc *sc, u_int mps)
 {
 	uint32_t cc, csts;
+	int error;
 
 	cc = nvme_read4(sc, NVME_CC);
 	csts = nvme_read4(sc, NVME_CSTS);
-	
-	if (ISSET(cc, NVME_CC_EN)) {
-		aprint_error_dev(sc->sc_dev, "controller unexpectedly enabled, failed to stay disabled\n");
 
+	/*
+	 * See note in nvme_disable. Short circuit if we're already enabled.
+	 */
+	if (ISSET(cc, NVME_CC_EN)) {
 		if (ISSET(csts, NVME_CSTS_RDY))
-			return 1;
+			return 0;
 
 		goto waitready;
+	} else {
+		/* EN == 0 already wait for RDY == 0 or fail */
+		error = nvme_ready(sc, 0);
+		if (error)
+			return error;
 	}
 
 	nvme_write8(sc, NVME_ASQ, NVME_DMA_DVA(sc->sc_admin_q->q_sq_dmamem));
@@ -282,7 +282,6 @@ nvme_enable(struct nvme_softc *sc, u_int
 	nvme_write4(sc, NVME_CC, cc);
 	nvme_barrier(sc, 0, sc->sc_ios,
 	BUS_SPACE_BARRIER_READ | BUS_SPACE_BARRIER_WRITE);
-	delay(5000);
 
 waitready:
 	return nvme_ready(sc, NVME_CSTS_RDY);
@@ -292,20 +291,44 @@ static int
 nvme_disable(struct nvme_softc *sc)
 {
 	uint32_t cc, csts;
+	int error;
 
 	cc = nvme_read4(sc, NVME_CC);
 	csts = nvme_read4(sc, NVME_CSTS);
 
-	if (ISSET(cc, NVME_CC_EN) && !ISSET(csts, NVME_CSTS_RDY))
-		nvme_ready(sc, NVME_CSTS_RDY);
+	/*
+	 * Per 3.1.5 in NVME 1.3 spec, transitioning CC.EN from 0 to 1
+	 * when CSTS.RDY is 1 or transitioning CC.EN from 1 to 0 when
+	 * CSTS.RDY is 0 "has undefined results" So make sure that CSTS.RDY
+	 * isn't the desired value. Short circuit if we're already disabled.
+	 */
+	if (ISSET(cc, NVME_CC_EN)) {
+		if (!ISSET(csts, NVME_CSTS_RDY)) {
+			/* EN == 1, wait for RDY == 1 or fail */
+			error = nvme_ready(sc, NVME_CSTS_RDY);
+			if (error)
+return error;
+		}
+	} else {
+		/* EN == 0 already wait for RDY == 0 */
+		if (!ISSET(csts, NVME_CSTS_RDY))
+			return 0;
 
-	CLR(cc, NVME_CC_EN);
+		goto waitready;
+	}
 
+	CLR(cc, NVME_CC_EN);
 	nvme_write4(sc, NVME_CC, cc);
 	nvme_barrier(sc, 0, sc->sc_ios, BUS_SPACE_BARRIER_READ);
-	
-	delay(5000);
 
+	/*
+	 * Some drives have issues with accessing the mmio after we disable,
+	 * so delay for a bit after we write the bit to cope with these issues.
+	 */
+	if (ISSET(sc->sc_quirks, NVME_QUIRK_DELAY_B4_CHK_RDY))
+		delay(B4_CHK_RDY_DELAY_MS);
+
+waitready:
 	return nvme_ready(sc, 0);
 }
 

Index: src/sys/dev/ic/nvmevar.h
diff -u src/sys/dev/ic/nvmevar.h:1.15 src/sys/dev/ic/nvmevar.h:1.16
--- src/sys/dev/ic/nvmevar.h:1.15	Fri Mar 16 23:31:19 2018
+++ src/sys/dev/ic/nvmevar.h	Wed Apr 18 10:05:59 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: nvmevar.h,v 1.15 2018/03/16 23:31:19 jdolecek Exp $	*/
+/*	$NetBSD: nvmevar.h,v 1.16 2018/04/18 10:05:59 nonaka Exp $	*/
 /*	$OpenBSD: nvmevar.h,v 1.8 2016/04/14 11:18:32 dlg Exp $ */
 
 /*
@@ -136,6 +136,9 @@ struct nvme_softc {
 	uint32_t		sc_flags;
 #define	NVME_F_ATTACHED	__BIT(0)
 #define	NVME_F_OPEN	__BIT(1)
+
+	uint32_t		sc_quirks;
+#define	NVME_QUIRK_DELAY_B4_CHK_RDY	__BIT(0)
 };
 
 #define	lemtoh16(p)	le16toh(*((uint16_t *)(p)))

Index: src/sys/dev/pci/nvme_pci.c
diff -u src/sys/dev/pci/nvme_pci.c:1.19 

CVS commit: src/sys/dev

[NONAKA Kimihiro]

Module Name:src
Committed By:   nonaka
Date:   Wed Apr 18 10:05:59 UTC 2018

Modified Files:
src/sys/dev/ic: nvme.c nvmevar.h
src/sys/dev/pci: nvme_pci.c

Log Message:
nvme(4): Added some delay before check RDY bit quirk when disabling device.

Pick from FreeBSD nvme(4) r326937.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/dev/ic/nvme.c
cvs rdiff -u -r1.15 -r1.16 src/sys/dev/ic/nvmevar.h
cvs rdiff -u -r1.19 -r1.20 src/sys/dev/pci/nvme_pci.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/amd64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 09:29:36 UTC 2018

Modified Files:
src/sys/arch/amd64/conf: Makefile.amd64

Log Message:
Fix previous: HAVE_GCC needs to be checked in additon to
SPECTRE_V2_GCC_MITIGATION, but SPECTRE_V2_GCC_MITIGATION being empty is
not a good enough check as it can't be overwritte on the make
command line. Now I can do: "make SPECTRE_V2_GCC_MITIGATION=0" (e.g. when
my gcc is too old for having the indirect-branch options).


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/arch/amd64/conf/Makefile.amd64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/conf/Makefile.amd64
diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.68 src/sys/arch/amd64/conf/Makefile.amd64:1.69
--- src/sys/arch/amd64/conf/Makefile.amd64:1.68	Wed Apr 18 09:20:42 2018
+++ src/sys/arch/amd64/conf/Makefile.amd64	Wed Apr 18 09:29:35 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.amd64,v 1.68 2018/04/18 09:20:42 martin Exp $
+#	$NetBSD: Makefile.amd64,v 1.69 2018/04/18 09:29:35 martin Exp $
 
 # Makefile for NetBSD
 #
@@ -43,7 +43,8 @@ CFLAGS+=	-msoft-float
 # For gcc we might need this, but other compilers barf
 # CFLAGS+=	-mno-fp-ret-in-387
 
-.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0 \
+	&& ${HAVE_GCC:U0} > 0
 CFLAGS+=  -mindirect-branch=thunk-inline
 CFLAGS+=  -mindirect-branch-register
 .endif

CVS commit: src/sys/arch/amd64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 09:29:36 UTC 2018

Modified Files:
src/sys/arch/amd64/conf: Makefile.amd64

Log Message:
Fix previous: HAVE_GCC needs to be checked in additon to
SPECTRE_V2_GCC_MITIGATION, but SPECTRE_V2_GCC_MITIGATION being empty is
not a good enough check as it can't be overwritte on the make
command line. Now I can do: "make SPECTRE_V2_GCC_MITIGATION=0" (e.g. when
my gcc is too old for having the indirect-branch options).


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/sys/arch/amd64/conf/Makefile.amd64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/arch/amd64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 09:20:42 UTC 2018

Modified Files:
src/sys/arch/amd64/conf: Makefile.amd64

Log Message:
Fix copy & pasto


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 src/sys/arch/amd64/conf/Makefile.amd64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/conf/Makefile.amd64
diff -u src/sys/arch/amd64/conf/Makefile.amd64:1.67 src/sys/arch/amd64/conf/Makefile.amd64:1.68
--- src/sys/arch/amd64/conf/Makefile.amd64:1.67	Sat Apr  7 19:38:06 2018
+++ src/sys/arch/amd64/conf/Makefile.amd64	Wed Apr 18 09:20:42 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.amd64,v 1.67 2018/04/07 19:38:06 mrg Exp $
+#	$NetBSD: Makefile.amd64,v 1.68 2018/04/18 09:20:42 martin Exp $
 
 # Makefile for NetBSD
 #
@@ -43,7 +43,7 @@ CFLAGS+=	-msoft-float
 # For gcc we might need this, but other compilers barf
 # CFLAGS+=	-mno-fp-ret-in-387
 
-.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${HAVE_GCC:U0} > 0
+.if !empty(SPECTRE_V2_GCC_MITIGATION) && ${SPECTRE_V2_GCC_MITIGATION:U0} > 0
 CFLAGS+=  -mindirect-branch=thunk-inline
 CFLAGS+=  -mindirect-branch-register
 .endif

CVS commit: src/sys/arch/amd64/conf

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Wed Apr 18 09:20:42 UTC 2018

Modified Files:
src/sys/arch/amd64/conf: Makefile.amd64

Log Message:
Fix copy & pasto


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 src/sys/arch/amd64/conf/Makefile.amd64

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src

[Michael van Elst]

Module Name:src
Committed By:   mlelstv
Date:   Wed Apr 18 08:58:42 UTC 2018

Modified Files:
src/distrib/sets/lists/comp: mi
src/sys/sys: Makefile

Log Message:
Make sys/pmf.h available to userland (again).

The recently exposed device.h internals to _KMEMUSER also require
exposing details about pmf.

The current build works without this as the only user is crash(8)
which partially uses kernel sources and is compiled with the
additional kernel include path.


To generate a diff of this commit:
cvs rdiff -u -r1.2187 -r1.2188 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.164 -r1.165 src/sys/sys/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/distrib/sets/lists/comp/mi
diff -u src/distrib/sets/lists/comp/mi:1.2187 src/distrib/sets/lists/comp/mi:1.2188
--- src/distrib/sets/lists/comp/mi:1.2187	Tue Apr 10 16:12:29 2018
+++ src/distrib/sets/lists/comp/mi	Wed Apr 18 08:58:41 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: mi,v 1.2187 2018/04/10 16:12:29 maxv Exp $
+#	$NetBSD: mi,v 1.2188 2018/04/18 08:58:41 mlelstv Exp $
 #
 # Note: don't delete entries from here - mark them as "obsolete" instead.
 ./etc/mtree/set.compcomp-sys-root
@@ -3002,7 +3002,7 @@
 ./usr/include/sys/pcu.hcomp-c-include
 ./usr/include/sys/pipe.h			comp-c-include
 ./usr/include/sys/pmc.hcomp-c-include
-./usr/include/sys/pmf.hcomp-obsolete		obsolete
+./usr/include/sys/pmf.hcomp-c-include
 ./usr/include/sys/poll.h			comp-c-include
 ./usr/include/sys/pool.h			comp-c-include
 ./usr/include/sys/power.h			comp-c-include

Index: src/sys/sys/Makefile
diff -u src/sys/sys/Makefile:1.164 src/sys/sys/Makefile:1.165
--- src/sys/sys/Makefile:1.164	Tue Dec 19 19:10:13 2017
+++ src/sys/sys/Makefile	Wed Apr 18 08:58:41 2018
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.164 2017/12/19 19:10:13 kamil Exp $
+#	$NetBSD: Makefile,v 1.165 2018/04/18 08:58:41 mlelstv Exp $
 
 .include 
 
@@ -29,7 +29,7 @@ INCS=	acct.h agpio.h aio.h ansi.h aout_m
 	malloc.h mallocvar.h mbuf.h md4.h md5.h midiio.h \
 	mman.h module.h mount.h mqueue.h msg.h msgbuf.h mtio.h mutex.h \
 	namei.h null.h \
-	param.h pcu.h pipe.h pmc.h poll.h pool.h power.h proc.h \
+	param.h pcu.h pipe.h pmc.h pmf.h poll.h pool.h power.h proc.h \
 	protosw.h pset.h psref.h ptrace.h ptree.h \
 	queue.h quota.h quotactl.h \
 	ras.h rbtree.h reboot.h radioio.h resource.h resourcevar.h rmd160.h \

CVS commit: src

[Michael van Elst]

Module Name:src
Committed By:   mlelstv
Date:   Wed Apr 18 08:58:42 UTC 2018

Modified Files:
src/distrib/sets/lists/comp: mi
src/sys/sys: Makefile

Log Message:
Make sys/pmf.h available to userland (again).

The recently exposed device.h internals to _KMEMUSER also require
exposing details about pmf.

The current build works without this as the only user is crash(8)
which partially uses kernel sources and is compiled with the
additional kernel include path.


To generate a diff of this commit:
cvs rdiff -u -r1.2187 -r1.2188 src/distrib/sets/lists/comp/mi
cvs rdiff -u -r1.164 -r1.165 src/sys/sys/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/net

[Kengo NAKAHARA]

Module Name:src
Committed By:   knakahara
Date:   Wed Apr 18 07:40:40 UTC 2018

Modified Files:
src/sys/net: if_pppoe.c

Log Message:
Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_pppoe.c
diff -u src/sys/net/if_pppoe.c:1.135 src/sys/net/if_pppoe.c:1.136
--- src/sys/net/if_pppoe.c:1.135	Wed Apr 18 07:36:26 2018
+++ src/sys/net/if_pppoe.c	Wed Apr 18 07:40:40 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.136 2018/04/18 07:40:40 knakahara Exp $ */
 
 /*-
  * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.136 2018/04/18 07:40:40 knakahara Exp $");
 
 #ifdef _KERNEL_OPT
 #include "pppoe.h"
@@ -63,6 +63,7 @@ __KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -236,6 +237,7 @@ static int	pppoe_clone_create(struct if_
 static int	pppoe_clone_destroy(struct ifnet *);
 
 static bool	pppoe_term_unknown = false;
+static int	pppoe_term_unknown_pps = 1;
 
 static struct sysctllog	*pppoe_sysctl_clog;
 static void sysctl_net_pppoe_setup(struct sysctllog **);
@@ -951,6 +953,16 @@ pppoe_disc_input(struct mbuf *m)
 		m_freem(m);
 }
 
+static bool
+pppoe_is_my_frame(uint8_t *dhost, struct ifnet *rcvif)
+{
+
+	if (memcmp(CLLADDR(rcvif->if_sadl), dhost, ETHER_ADDR_LEN) == 0)
+		return true;
+
+	return false;
+}
+
 static void
 pppoe_data_input(struct mbuf *m)
 {
@@ -960,13 +972,17 @@ pppoe_data_input(struct mbuf *m)
 	struct ifnet *rcvif;
 	struct psref psref;
 	uint8_t shost[ETHER_ADDR_LEN];
+	uint8_t dhost[ETHER_ADDR_LEN];
 	bool term_unknown = pppoe_term_unknown;
 
 	KASSERT(m->m_flags & M_PKTHDR);
 
-	if (term_unknown)
+	if (term_unknown) {
 		memcpy(shost, mtod(m, struct ether_header*)->ether_shost,
 		ETHER_ADDR_LEN);
+		memcpy(dhost, mtod(m, struct ether_header*)->ether_dhost,
+		ETHER_ADDR_LEN);
+	}
 	m_adj(m, sizeof(struct ether_header));
 	if (m->m_pkthdr.len <= PPPOE_HEADERLEN) {
 		printf("pppoe (data): dropping too short packet: %d bytes\n",
@@ -998,9 +1014,20 @@ pppoe_data_input(struct mbuf *m)
 	sc = pppoe_find_softc_by_session(session, rcvif, RW_READER);
 	if (sc == NULL) {
 		if (term_unknown) {
-			printf("pppoe: input for unknown session %#x, "
-			"sending PADT\n", session);
-			pppoe_send_padt(rcvif, session, shost);
+			static struct timeval lasttime = {0, 0};
+			static int curpps = 0;
+			/*
+			 * avoid to send wrong PADT which is response from
+			 * session stage pakcets for other hosts when parent
+			 * ethernet is promiscuous mode.
+			 */
+			if (pppoe_is_my_frame(dhost, rcvif)
+			&& ppsratecheck(, ,
+pppoe_term_unknown_pps)) {
+printf("pppoe: input for unknown session %#x, "
+"sending PADT\n", session);
+pppoe_send_padt(rcvif, session, shost);
+			}
 		}
 		m_put_rcvif_psref(rcvif, );
 		goto drop;

CVS commit: src/sys/net

[Kengo NAKAHARA]

Module Name:src
Committed By:   knakahara
Date:   Wed Apr 18 07:40:40 UTC 2018

Modified Files:
src/sys/net: if_pppoe.c

Log Message:
Fix sending PADT to unexpected hosts when net.pppoe.term_unknown is enabled.


To generate a diff of this commit:
cvs rdiff -u -r1.135 -r1.136 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 07:38:02 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_input.c ipsec_netbsd.c

Log Message:
Remove unused malloc.h include.


To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 07:38:02 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_input.c ipsec_netbsd.c

Log Message:
Remove unused malloc.h include.


To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 src/sys/netipsec/ipsec_input.c
cvs rdiff -u -r1.51 -r1.52 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_input.c
diff -u src/sys/netipsec/ipsec_input.c:1.64 src/sys/netipsec/ipsec_input.c:1.65
--- src/sys/netipsec/ipsec_input.c:1.64	Tue Apr 17 17:56:08 2018
+++ src/sys/netipsec/ipsec_input.c	Wed Apr 18 07:38:02 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_input.c,v 1.64 2018/04/17 17:56:08 maxv Exp $	*/
+/*	$NetBSD: ipsec_input.c,v 1.65 2018/04/18 07:38:02 maxv Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/ipsec_input.c,v 1.2.4.2 2003/03/28 20:32:53 sam Exp $	*/
 /*	$OpenBSD: ipsec_input.c,v 1.63 2003/02/20 18:35:43 deraadt Exp $	*/
 
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.64 2018/04/17 17:56:08 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_input.c,v 1.65 2018/04/18 07:38:02 maxv Exp $");
 
 /*
  * IPsec input processing.
@@ -51,7 +51,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_input.
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 

Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.51 src/sys/netipsec/ipsec_netbsd.c:1.52
--- src/sys/netipsec/ipsec_netbsd.c:1.51	Wed Apr 18 06:22:47 2018
+++ src/sys/netipsec/ipsec_netbsd.c	Wed Apr 18 07:38:02 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $	*/
+/*	$NetBSD: ipsec_netbsd.c,v 1.52 2018/04/18 07:38:02 maxv Exp $	*/
 /*	$KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $	*/
 /*	$KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.52 2018/04/18 07:38:02 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -41,7 +41,6 @@ __KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd
 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 

CVS commit: src/sys/net

[Kengo NAKAHARA]

Module Name:src
Committed By:   knakahara
Date:   Wed Apr 18 07:36:26 UTC 2018

Modified Files:
src/sys/net: if_pppoe.c

Log Message:
net.pppoe.term_unknown can be written safely now.


To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/net

[Kengo NAKAHARA]

Module Name:src
Committed By:   knakahara
Date:   Wed Apr 18 07:36:26 UTC 2018

Modified Files:
src/sys/net: if_pppoe.c

Log Message:
net.pppoe.term_unknown can be written safely now.


To generate a diff of this commit:
cvs rdiff -u -r1.134 -r1.135 src/sys/net/if_pppoe.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_pppoe.c
diff -u src/sys/net/if_pppoe.c:1.134 src/sys/net/if_pppoe.c:1.135
--- src/sys/net/if_pppoe.c:1.134	Mon Feb 12 15:38:14 2018
+++ src/sys/net/if_pppoe.c	Wed Apr 18 07:36:26 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_pppoe.c,v 1.134 2018/02/12 15:38:14 maxv Exp $ */
+/* $NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $ */
 
 /*-
  * Copyright (c) 2002, 2008 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.134 2018/02/12 15:38:14 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_pppoe.c,v 1.135 2018/04/18 07:36:26 knakahara Exp $");
 
 #ifdef _KERNEL_OPT
 #include "pppoe.h"
@@ -960,10 +960,11 @@ pppoe_data_input(struct mbuf *m)
 	struct ifnet *rcvif;
 	struct psref psref;
 	uint8_t shost[ETHER_ADDR_LEN];
+	bool term_unknown = pppoe_term_unknown;
 
 	KASSERT(m->m_flags & M_PKTHDR);
 
-	if (pppoe_term_unknown)
+	if (term_unknown)
 		memcpy(shost, mtod(m, struct ether_header*)->ether_shost,
 		ETHER_ADDR_LEN);
 	m_adj(m, sizeof(struct ether_header));
@@ -996,7 +997,7 @@ pppoe_data_input(struct mbuf *m)
 		goto drop;
 	sc = pppoe_find_softc_by_session(session, rcvif, RW_READER);
 	if (sc == NULL) {
-		if (pppoe_term_unknown) {
+		if (term_unknown) {
 			printf("pppoe: input for unknown session %#x, "
 			"sending PADT\n", session);
 			pppoe_send_padt(rcvif, session, shost);
@@ -1941,7 +1942,7 @@ sysctl_net_pppoe_setup(struct sysctllog 
 		return;
 
 	sysctl_createv(clog, 0, , NULL,
-	CTLFLAG_PERMANENT | CTLFLAG_READONLY,
+	CTLFLAG_PERMANENT | CTLFLAG_READWRITE,
 	CTLTYPE_BOOL, "term_unknown",
 	SYSCTL_DESCR("Terminate unknown sessions"),
 	NULL, 0, _term_unknown, sizeof(pppoe_term_unknown),

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 07:32:44 UTC 2018

Modified Files:
src/sys/netipsec: key.h

Log Message:
Style, and remove unused MALLOC_DECLARE.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/netipsec/key.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 07:32:44 UTC 2018

Modified Files:
src/sys/netipsec: key.h

Log Message:
Style, and remove unused MALLOC_DECLARE.


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/netipsec/key.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.34 src/sys/netipsec/key.h:1.35
--- src/sys/netipsec/key.h:1.34	Wed Jan 10 10:56:31 2018
+++ src/sys/netipsec/key.h	Wed Apr 18 07:32:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.h,v 1.34 2018/01/10 10:56:31 knakahara Exp $	*/
+/*	$NetBSD: key.h,v 1.35 2018/04/18 07:32:44 maxv Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $	*/
 
@@ -56,19 +56,19 @@ struct sadb_msghdr {
 
 int key_havesp(u_int dir);
 struct secpolicy *key_lookup_sp_byspidx(const struct secpolicyindex *, u_int,
-	const char*, int);
+const char *, int);
 struct secpolicy *key_newsp(const char*, int);
 struct secpolicy *key_gettunnel(const struct sockaddr *,
-	const struct sockaddr *, const struct sockaddr *,
-	const struct sockaddr *, const char*, int);
+const struct sockaddr *, const struct sockaddr *,
+const struct sockaddr *, const char *, int);
 /* NB: prepend with _ for KAME IPv6 compatbility */
 void key_init_sp(struct secpolicy *);
 void key_free_sp(struct secpolicy *);
 u_int key_sp_refcnt(const struct secpolicy *);
-void key_sp_ref(struct secpolicy *, const char*, int);
-void key_sp_unref(struct secpolicy *, const char*, int);
-void key_sa_ref(struct secasvar *, const char*, int);
-void key_sa_unref(struct secasvar *, const char*, int);
+void key_sp_ref(struct secpolicy *, const char *, int);
+void key_sp_unref(struct secpolicy *, const char *, int);
+void key_sa_ref(struct secasvar *, const char *, int);
+void key_sa_unref(struct secasvar *, const char *, int);
 u_int key_sa_refcnt(const struct secasvar *);
 
 void key_socksplist_add(struct secpolicy *);
@@ -96,41 +96,37 @@ void key_socksplist_add(struct secpolicy
 	key_sa_unref(*(psav), __func__, __LINE__)
 
 struct secasvar *key_lookup_sa(const union sockaddr_union *,
-		u_int, u_int32_t, u_int16_t, u_int16_t, const char*, int);
-void key_freesav(struct secasvar **, const char*, int);
+u_int, u_int32_t, u_int16_t, u_int16_t, const char *, int);
+void key_freesav(struct secasvar **, const char *, int);
 struct secasvar *key_lookup_sa_bysaidx(const struct secasindex *);
 
 #define	KEY_LOOKUP_SA(dst, proto, spi, sport, dport)		\
 	key_lookup_sa(dst, proto, spi, sport, dport,  __func__, __LINE__)
 
-int key_checktunnelsanity (struct secasvar *, u_int, void *, void *);
+int key_checktunnelsanity(struct secasvar *, u_int, void *, void *);
 int key_checkrequest(const struct ipsecrequest *, const struct secasindex *,
 struct secasvar **);
 
-struct secpolicy *key_msg2sp (const struct sadb_x_policy *, size_t, int *);
+struct secpolicy *key_msg2sp(const struct sadb_x_policy *, size_t, int *);
 struct mbuf *key_sp2msg(const struct secpolicy *, int);
-int key_ismyaddr (const struct sockaddr *);
-int key_spdacquire (const struct secpolicy *);
-u_long key_random (void);
-void key_randomfill (void *, size_t);
-void key_freereg (struct socket *);
-int key_parse (struct mbuf *, struct socket *);
-void key_init (void);
-void key_sa_recordxfer (struct secasvar *, struct mbuf *);
-void key_sa_routechange (struct sockaddr *);
+int key_ismyaddr(const struct sockaddr *);
+int key_spdacquire(const struct secpolicy *);
+u_long key_random(void);
+void key_randomfill(void *, size_t);
+void key_freereg(struct socket *);
+int key_parse(struct mbuf *, struct socket *);
+void key_init(void);
+void key_sa_recordxfer(struct secasvar *, struct mbuf *);
+void key_sa_routechange(struct sockaddr *);
 void key_update_used(void);
 int key_get_used(void);
 
-u_int16_t key_portfromsaddr (const union sockaddr_union *);
+u_int16_t key_portfromsaddr(const union sockaddr_union *);
 
 /* for ipsec(4) */
 struct secpolicy *key_kpi_spdadd(struct mbuf *);
 int key_kpi_spddelete2(struct mbuf *);
 u_int16_t key_newreqid(void);
 
-#ifdef MALLOC_DECLARE
-MALLOC_DECLARE(M_SECA);
-#endif /* MALLOC_DECLARE */
-
 #endif /* defined(_KERNEL) */
 #endif /* !_NETIPSEC_KEY_H_ */

CVS commit: [netbsd-6-0] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:20:17 UTC 2018

Modified Files:
src/doc [netbsd-6-0]: CHANGES-6.0.7

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.141 -r1.1.2.142 src/doc/CHANGES-6.0.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.0.7
diff -u src/doc/CHANGES-6.0.7:1.1.2.141 src/doc/CHANGES-6.0.7:1.1.2.142
--- src/doc/CHANGES-6.0.7:1.1.2.141	Tue Apr 10 17:44:58 2018
+++ src/doc/CHANGES-6.0.7	Wed Apr 18 07:20:17 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.141 2018/04/10 17:44:58 snj Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.142 2018/04/18 07:20:17 msaitoh Exp $
 
 A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
 release:
@@ -15454,3 +15454,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c		1.
 	procs to avoid returning stale request data to the client.
 	[christos, ticket #1528]
 
+sys/netipsec/ipsec_mbuf.c			1.23-1.24
+
+	Don't assume M_PKTHDR is set only on the first mbuf of the chain.
+	Fix a pretty bad mistake (IPsec DoS).
+	[maxv, ticket #1545]

CVS commit: [netbsd-6-0] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:20:17 UTC 2018

Modified Files:
src/doc [netbsd-6-0]: CHANGES-6.0.7

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.141 -r1.1.2.142 src/doc/CHANGES-6.0.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:19:23 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6-1] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:19:52 UTC 2018

Modified Files:
src/doc [netbsd-6-1]: CHANGES-6.1.6

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.138 -r1.1.2.139 src/doc/CHANGES-6.1.6

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6-1] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:19:52 UTC 2018

Modified Files:
src/doc [netbsd-6-1]: CHANGES-6.1.6

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.138 -r1.1.2.139 src/doc/CHANGES-6.1.6

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.1.6
diff -u src/doc/CHANGES-6.1.6:1.1.2.138 src/doc/CHANGES-6.1.6:1.1.2.139
--- src/doc/CHANGES-6.1.6:1.1.2.138	Tue Apr 10 17:45:17 2018
+++ src/doc/CHANGES-6.1.6	Wed Apr 18 07:19:52 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.1.6,v 1.1.2.138 2018/04/10 17:45:17 snj Exp $
+# $NetBSD: CHANGES-6.1.6,v 1.1.2.139 2018/04/18 07:19:52 msaitoh Exp $
 
 A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6
 release:
@@ -15123,3 +15123,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c		1.
 	procs to avoid returning stale request data to the client.
 	[christos, ticket #1528]
 
+sys/netipsec/ipsec_mbuf.c			1.23-1.24
+
+	Don't assume M_PKTHDR is set only on the first mbuf of the chain.
+	Fix a pretty bad mistake (IPsec DoS).
+	[maxv, ticket #1545]

CVS commit: [netbsd-6] src/doc

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:19:23 UTC 2018

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1545


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.334 -r1.1.2.335 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.334 src/doc/CHANGES-6.2:1.1.2.335
--- src/doc/CHANGES-6.2:1.1.2.334	Tue Apr 10 17:45:27 2018
+++ src/doc/CHANGES-6.2	Wed Apr 18 07:19:23 2018
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.334 2018/04/10 17:45:27 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.335 2018/04/18 07:19:23 msaitoh Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -21228,3 +21228,8 @@ usr.sbin/ypserv/ypserv/ypserv_proc.c		1.
 	procs to avoid returning stale request data to the client.
 	[christos, ticket #1528]
 
+sys/netipsec/ipsec_mbuf.c			1.23-1.24
+
+	Don't assume M_PKTHDR is set only on the first mbuf of the chain.
+	Fix a pretty bad mistake (IPsec DoS).
+	[maxv, ticket #1545]

CVS commit: src/sys

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 07:17:49 UTC 2018

Modified Files:
src/sys/netinet: tcp_subr.c
src/sys/netinet6: ip6_forward.c ip6_output.c

Log Message:
Remove unused netipsec/xform.h includes.


To generate a diff of this commit:
cvs rdiff -u -r1.277 -r1.278 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.92 -r1.93 src/sys/netinet6/ip6_forward.c
cvs rdiff -u -r1.203 -r1.204 src/sys/netinet6/ip6_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/tcp_subr.c
diff -u src/sys/netinet/tcp_subr.c:1.277 src/sys/netinet/tcp_subr.c:1.278
--- src/sys/netinet/tcp_subr.c:1.277	Wed Apr 18 06:17:43 2018
+++ src/sys/netinet/tcp_subr.c	Wed Apr 18 07:17:49 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $	*/
+/*	$NetBSD: tcp_subr.c,v 1.278 2018/04/18 07:17:49 maxv Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.278 2018/04/18 07:17:49 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -147,7 +147,6 @@ __KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v
 
 #ifdef IPSEC
 #include 
-#include 
 #ifdef INET6
 #include 
 #endif

Index: src/sys/netinet6/ip6_forward.c
diff -u src/sys/netinet6/ip6_forward.c:1.92 src/sys/netinet6/ip6_forward.c:1.93
--- src/sys/netinet6/ip6_forward.c:1.92	Mon Jan 29 08:17:18 2018
+++ src/sys/netinet6/ip6_forward.c	Wed Apr 18 07:17:49 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_forward.c,v 1.92 2018/01/29 08:17:18 maxv Exp $	*/
+/*	$NetBSD: ip6_forward.c,v 1.93 2018/04/18 07:17:49 maxv Exp $	*/
 /*	$KAME: ip6_forward.c,v 1.109 2002/09/11 08:10:17 sakane Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.92 2018/01/29 08:17:18 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_forward.c,v 1.93 2018/04/18 07:17:49 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_gateway.h"
@@ -65,8 +65,7 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_forward.
 #include 
 #include 
 #include 
-#include 
-#endif /* IPSEC */
+#endif
 
 #include 
 

Index: src/sys/netinet6/ip6_output.c
diff -u src/sys/netinet6/ip6_output.c:1.203 src/sys/netinet6/ip6_output.c:1.204
--- src/sys/netinet6/ip6_output.c:1.203	Tue Feb 27 15:01:30 2018
+++ src/sys/netinet6/ip6_output.c	Wed Apr 18 07:17:49 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ip6_output.c,v 1.203 2018/02/27 15:01:30 maxv Exp $	*/
+/*	$NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $	*/
 /*	$KAME: ip6_output.c,v 1.172 2001/03/25 09:55:56 itojun Exp $	*/
 
 /*
@@ -62,7 +62,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.203 2018/02/27 15:01:30 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip6_output.c,v 1.204 2018/04/18 07:17:49 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -104,7 +104,6 @@ __KERNEL_RCSID(0, "$NetBSD: ip6_output.c
 #include 
 #include 
 #include 
-#include 
 #endif
 
 

CVS commit: [netbsd-6-1] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:17:24 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6-1]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.24.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.24.1
--- src/sys/netipsec/ipsec_mbuf.c:1.12	Mon May 16 10:05:23 2011
+++ src/sys/netipsec/ipsec_mbuf.c	Wed Apr 18 07:17:24 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $	*/
+/*	$NetBSD: ipsec_mbuf.c,v 1.12.24.1 2018/04/18 07:17:24 msaitoh Exp $	*/
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
  * All rights reserved.
@@ -28,7 +28,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.24.1 2018/04/18 07:17:24 msaitoh Exp $");
 
 /*
  * IPsec-specific mbuf routines.
@@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int
 		/* The header was at the beginning of the mbuf */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT);
 		m_adj(m1, hlen);
-		if ((m1->m_flags & M_PKTHDR) == 0)
+		if (m1 != m)
 			m->m_pkthdr.len -= hlen;
 	} else if (roff + hlen >= m1->m_len) {
 		struct mbuf *mo;
+		int adjlen;
 
 		/*
 		 * Part or all of the header is at the end of this mbuf,
@@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int
 		 */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_END);
 		if (roff + hlen > m1->m_len) {
+			adjlen = roff + hlen - m1->m_len;
+
 			/* Adjust the next mbuf by the remainder */
-			m_adj(m1->m_next, roff + hlen - m1->m_len);
+			m_adj(m1->m_next, adjlen);
 
 			/* The second mbuf is guaranteed not to have a pkthdr... */
-			m->m_pkthdr.len -= (roff + hlen - m1->m_len);
+			m->m_pkthdr.len -= adjlen;
 		}
 
 		/* Now, let's unlink the mbuf chain for a second...*/
@@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int
 		m1->m_next = NULL;
 
 		/* ...and trim the end of the first part of the chain...sick */
-		m_adj(m1, -(m1->m_len - roff));
-		if ((m1->m_flags & M_PKTHDR) == 0)
-			m->m_pkthdr.len -= (m1->m_len - roff);
+		adjlen = m1->m_len - roff;
+		m_adj(m1, -adjlen);
+		if (m1 != m)
+			m->m_pkthdr.len -= adjlen;
 
 		/* Finally, let's relink */
 		m1->m_next = mo;

CVS commit: src/sys

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 07:17:49 UTC 2018

Modified Files:
src/sys/netinet: tcp_subr.c
src/sys/netinet6: ip6_forward.c ip6_output.c

Log Message:
Remove unused netipsec/xform.h includes.


To generate a diff of this commit:
cvs rdiff -u -r1.277 -r1.278 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.92 -r1.93 src/sys/netinet6/ip6_forward.c
cvs rdiff -u -r1.203 -r1.204 src/sys/netinet6/ip6_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6-1] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:17:24 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6-1]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.24.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6-0] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:17:48 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6-0]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.16.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.16.1
--- src/sys/netipsec/ipsec_mbuf.c:1.12	Mon May 16 10:05:23 2011
+++ src/sys/netipsec/ipsec_mbuf.c	Wed Apr 18 07:17:48 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $	*/
+/*	$NetBSD: ipsec_mbuf.c,v 1.12.16.1 2018/04/18 07:17:48 msaitoh Exp $	*/
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
  * All rights reserved.
@@ -28,7 +28,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.16.1 2018/04/18 07:17:48 msaitoh Exp $");
 
 /*
  * IPsec-specific mbuf routines.
@@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int
 		/* The header was at the beginning of the mbuf */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT);
 		m_adj(m1, hlen);
-		if ((m1->m_flags & M_PKTHDR) == 0)
+		if (m1 != m)
 			m->m_pkthdr.len -= hlen;
 	} else if (roff + hlen >= m1->m_len) {
 		struct mbuf *mo;
+		int adjlen;
 
 		/*
 		 * Part or all of the header is at the end of this mbuf,
@@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int
 		 */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_END);
 		if (roff + hlen > m1->m_len) {
+			adjlen = roff + hlen - m1->m_len;
+
 			/* Adjust the next mbuf by the remainder */
-			m_adj(m1->m_next, roff + hlen - m1->m_len);
+			m_adj(m1->m_next, adjlen);
 
 			/* The second mbuf is guaranteed not to have a pkthdr... */
-			m->m_pkthdr.len -= (roff + hlen - m1->m_len);
+			m->m_pkthdr.len -= adjlen;
 		}
 
 		/* Now, let's unlink the mbuf chain for a second...*/
@@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int
 		m1->m_next = NULL;
 
 		/* ...and trim the end of the first part of the chain...sick */
-		m_adj(m1, -(m1->m_len - roff));
-		if ((m1->m_flags & M_PKTHDR) == 0)
-			m->m_pkthdr.len -= (m1->m_len - roff);
+		adjlen = m1->m_len - roff;
+		m_adj(m1, -adjlen);
+		if (m1 != m)
+			m->m_pkthdr.len -= adjlen;
 
 		/* Finally, let's relink */
 		m1->m_next = mo;

CVS commit: [netbsd-6-0] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 07:17:48 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6-0]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.16.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 06:59:10 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: [netbsd-6] src/sys/netipsec

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Apr 18 06:59:10 UTC 2018

Modified Files:
src/sys/netipsec [netbsd-6]: ipsec_mbuf.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1545):
sys/netipsec/ipsec_mbuf.c: revision 1.23
sys/netipsec/ipsec_mbuf.c: revision 1.24
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
on secondary mbufs (PR/53189), so drop this assumption right now to
prevent further bugs.
The check is replaced by (m1 != m), which is equivalent to the previous
code: we want to modify m->m_pkthdr.len only when 'm' was not passed in
m_adj().
Fix a pretty bad mistake, that has always been there.
 m_adj(m1, -(m1->m_len - roff));
 if (m1 != m)
 m->m_pkthdr.len -= (m1->m_len - roff);
This is wrong: m_adj will modify m1->m_len, so we're using a wrong value
when manually adjusting m->m_pkthdr.len.
Because of that, it is possible to exploit the attack I described in
uipc_mbuf.c::rev1.182. The exploit is more complicated, but works 100%
reliably.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.12.10.1 src/sys/netipsec/ipsec_mbuf.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_mbuf.c
diff -u src/sys/netipsec/ipsec_mbuf.c:1.12 src/sys/netipsec/ipsec_mbuf.c:1.12.10.1
--- src/sys/netipsec/ipsec_mbuf.c:1.12	Mon May 16 10:05:23 2011
+++ src/sys/netipsec/ipsec_mbuf.c	Wed Apr 18 06:59:10 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $	*/
+/*	$NetBSD: ipsec_mbuf.c,v 1.12.10.1 2018/04/18 06:59:10 msaitoh Exp $	*/
 /*-
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
  * All rights reserved.
@@ -28,7 +28,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12 2011/05/16 10:05:23 drochner Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_mbuf.c,v 1.12.10.1 2018/04/18 06:59:10 msaitoh Exp $");
 
 /*
  * IPsec-specific mbuf routines.
@@ -407,10 +407,11 @@ m_striphdr(struct mbuf *m, int skip, int
 		/* The header was at the beginning of the mbuf */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_FRONT);
 		m_adj(m1, hlen);
-		if ((m1->m_flags & M_PKTHDR) == 0)
+		if (m1 != m)
 			m->m_pkthdr.len -= hlen;
 	} else if (roff + hlen >= m1->m_len) {
 		struct mbuf *mo;
+		int adjlen;
 
 		/*
 		 * Part or all of the header is at the end of this mbuf,
@@ -419,11 +420,13 @@ m_striphdr(struct mbuf *m, int skip, int
 		 */
 		IPSEC_STATINC(IPSEC_STAT_INPUT_END);
 		if (roff + hlen > m1->m_len) {
+			adjlen = roff + hlen - m1->m_len;
+
 			/* Adjust the next mbuf by the remainder */
-			m_adj(m1->m_next, roff + hlen - m1->m_len);
+			m_adj(m1->m_next, adjlen);
 
 			/* The second mbuf is guaranteed not to have a pkthdr... */
-			m->m_pkthdr.len -= (roff + hlen - m1->m_len);
+			m->m_pkthdr.len -= adjlen;
 		}
 
 		/* Now, let's unlink the mbuf chain for a second...*/
@@ -431,9 +434,10 @@ m_striphdr(struct mbuf *m, int skip, int
 		m1->m_next = NULL;
 
 		/* ...and trim the end of the first part of the chain...sick */
-		m_adj(m1, -(m1->m_len - roff));
-		if ((m1->m_flags & M_PKTHDR) == 0)
-			m->m_pkthdr.len -= (m1->m_len - roff);
+		adjlen = m1->m_len - roff;
+		m_adj(m1, -adjlen);
+		if (m1 != m)
+			m->m_pkthdr.len -= adjlen;
 
 		/* Finally, let's relink */
 		m1->m_next = mo;

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:57:39 UTC 2018

Modified Files:
src/sys/netipsec: ipsec.c

Log Message:
Remove dead code.

ok ozaki-r@


To generate a diff of this commit:
cvs rdiff -u -r1.155 -r1.156 src/sys/netipsec/ipsec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:57:39 UTC 2018

Modified Files:
src/sys/netipsec: ipsec.c

Log Message:
Remove dead code.

ok ozaki-r@


To generate a diff of this commit:
cvs rdiff -u -r1.155 -r1.156 src/sys/netipsec/ipsec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec.c
diff -u src/sys/netipsec/ipsec.c:1.155 src/sys/netipsec/ipsec.c:1.156
--- src/sys/netipsec/ipsec.c:1.155	Tue Apr 17 17:47:05 2018
+++ src/sys/netipsec/ipsec.c	Wed Apr 18 06:57:39 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.155 2018/04/17 17:47:05 maxv Exp $ */
+/* $NetBSD: ipsec.c,v 1.156 2018/04/18 06:57:39 maxv Exp $ */
 /* $FreeBSD: src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */
 /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.155 2018/04/17 17:47:05 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.156 2018/04/18 06:57:39 maxv Exp $");
 
 /*
  * IPsec controller part.
@@ -1269,9 +1269,6 @@ ipsec_get_policy(void *inp, const void *
 		return ENOBUFS;
 	}
 
-	/* XXX XXX XXX: What's the point? */
-	(*mp)->m_type = MT_DATA;
-
 	if (KEYDEBUG_ON(KEYDEBUG_IPSEC_DUMP)) {
 		kdebug_mbuf(__func__, *mp);
 	}

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:52:35 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_output.c

Log Message:
style


To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_output.c
diff -u src/sys/netipsec/ipsec_output.c:1.71 src/sys/netipsec/ipsec_output.c:1.72
--- src/sys/netipsec/ipsec_output.c:1.71	Mon Mar  5 11:50:25 2018
+++ src/sys/netipsec/ipsec_output.c	Wed Apr 18 06:52:35 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $	*/
+/*	$NetBSD: ipsec_output.c,v 1.72 2018/04/18 06:52:35 maxv Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting
@@ -29,7 +29,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.71 2018/03/05 11:50:25 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_output.c,v 1.72 2018/04/18 06:52:35 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -89,7 +89,7 @@ static percpu_t *ipsec_rtcache_percpu __
  * processed this packet.
  */
 static int
-ipsec_register_done(struct mbuf *m, int * error)
+ipsec_register_done(struct mbuf *m, int *error)
 {
 	struct m_tag *mtag;
 
@@ -144,14 +144,14 @@ ipsec_process_done(struct mbuf *m, const
 	struct secasindex *saidx;
 	int error;
 #ifdef INET
-	struct ip * ip;
+	struct ip *ip;
 #endif
 #ifdef INET6
-	struct ip6_hdr * ip6;
+	struct ip6_hdr *ip6;
 #endif
-	struct mbuf * mo;
+	struct mbuf *mo;
 	struct udphdr *udp = NULL;
-	uint64_t * data = NULL;
+	uint64_t *data = NULL;
 	int hlen, roff;
 
 	IPSEC_SPLASSERT_SOFTNET("ipsec_process_done");
@@ -175,7 +175,7 @@ ipsec_process_done(struct mbuf *m, const
 			IPSECLOG(LOG_DEBUG,
 			"failed to inject %u byte UDP for SA %s/%08lx\n",
 			hlen, ipsec_address(>dst, buf, sizeof(buf)),
-			(u_long) ntohl(sav->spi));
+			(u_long)ntohl(sav->spi));
 			error = ENOBUFS;
 			goto bad;
 		}
@@ -196,10 +196,12 @@ ipsec_process_done(struct mbuf *m, const
 		udp->uh_ulen = htons(m->m_pkthdr.len - (ip->ip_hl << 2));
 	}
 
+	/*
+	 * Fix the header length, for AH processing.
+	 */
 	switch (saidx->dst.sa.sa_family) {
 #ifdef INET
 	case AF_INET:
-		/* Fix the header length, for AH processing. */
 		ip = mtod(m, struct ip *);
 		ip->ip_len = htons(m->m_pkthdr.len);
 		if (sav->natt_type != 0)
@@ -208,7 +210,6 @@ ipsec_process_done(struct mbuf *m, const
 #endif
 #ifdef INET6
 	case AF_INET6:
-		/* Fix the header length, for AH processing. */
 		if (m->m_pkthdr.len < sizeof(struct ip6_hdr)) {
 			error = ENXIO;
 			goto bad;
@@ -260,9 +261,9 @@ ipsec_process_done(struct mbuf *m, const
 	}
 
 	/*
-	 * We're done with IPsec processing,
-	 * mark that we have already processed the packet
-	 * transmit it packet using the appropriate network protocol (IP or IPv6).
+	 * We're done with IPsec processing, mark the packet as processed,
+	 * and transmit it using the appropriate network protocol
+	 * (IPv4/IPv6).
 	 */
 
 	if (ipsec_register_done(m, ) < 0)
@@ -412,8 +413,8 @@ again:
 		ipsec_get_reqlevel(isr));
 		isr = isr->next;
 		/*
-		 * No more rules to apply, return NULL isr and no error
-		 * It can happen when the last rules are USE rules
+		 * No more rules to apply, return NULL isr and no error.
+		 * It can happen when the last rules are USE rules.
 		 */
 		if (isr == NULL) {
 			*ret = NULL;

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:52:35 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_output.c

Log Message:
style


To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec_output.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:43:10 UTC 2018

Modified Files:
src/sys/netipsec: xform_ipip.c

Log Message:
style


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/xform_ipip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/xform_ipip.c
diff -u src/sys/netipsec/xform_ipip.c:1.63 src/sys/netipsec/xform_ipip.c:1.64
--- src/sys/netipsec/xform_ipip.c:1.63	Thu Feb 15 10:41:51 2018
+++ src/sys/netipsec/xform_ipip.c	Wed Apr 18 06:43:10 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: xform_ipip.c,v 1.63 2018/02/15 10:41:51 maxv Exp $	*/
+/*	$NetBSD: xform_ipip.c,v 1.64 2018/04/18 06:43:10 maxv Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/xform_ipip.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$OpenBSD: ip_ipip.c,v 1.25 2002/06/10 18:04:55 itojun Exp $ */
 
@@ -39,7 +39,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.63 2018/02/15 10:41:51 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipip.c,v 1.64 2018/04/18 06:43:10 maxv Exp $");
 
 /*
  * IP-inside-IP processing
@@ -268,7 +268,7 @@ _ipip_input(struct mbuf *m, int iphlen, 
 	AF_INET)
 		continue;
 
-	sin = (struct sockaddr_in *) ifa->ifa_addr;
+	sin = (struct sockaddr_in *)ifa->ifa_addr;
 
 	if (sin->sin_addr.s_addr ==
 	ip4->ip_src.s_addr)	{
@@ -278,7 +278,7 @@ _ipip_input(struct mbuf *m, int iphlen, 
 		return;
 	}
 }
-#endif /* INET */
+#endif
 
 #ifdef INET6
 if (ip6) {
@@ -286,7 +286,7 @@ _ipip_input(struct mbuf *m, int iphlen, 
 	AF_INET6)
 		continue;
 
-	sin6 = (struct sockaddr_in6 *) ifa->ifa_addr;
+	sin6 = (struct sockaddr_in6 *)ifa->ifa_addr;
 
 	if (IN6_ARE_ADDR_EQUAL(>sin6_addr, >ip6_src)) {
 		pserialize_read_exit(s);
@@ -296,7 +296,7 @@ _ipip_input(struct mbuf *m, int iphlen, 
 	}
 
 }
-#endif /* INET6 */
+#endif
 			}
 		}
 		pserialize_read_exit(s);
@@ -355,7 +355,7 @@ ipip_output(struct mbuf *m, const struct
 			DPRINTF(("%s: unspecified tunnel endpoint "
 			"address in SA %s/%08lx\n", __func__,
 			ipsec_address(>dst, buf, sizeof(buf)),
-			(u_long) ntohl(sav->spi)));
+			(u_long)ntohl(sav->spi)));
 			IPIP_STATINC(IPIP_STAT_UNSPEC);
 			error = EINVAL;
 			goto bad;
@@ -411,7 +411,7 @@ ipip_output(struct mbuf *m, const struct
 			ipo->ip_p = IPPROTO_IPV6;
 			ipo->ip_off = 0;
 		}
-#endif /* INET6 */
+#endif
 		else {
 			goto nofamily;
 		}
@@ -430,7 +430,7 @@ ipip_output(struct mbuf *m, const struct
 			DPRINTF(("%s: unspecified tunnel endpoint "
 			"address in SA %s/%08lx\n", __func__,
 			ipsec_address(>dst, buf, sizeof(buf)),
-			(u_long) ntohl(sav->spi)));
+			(u_long)ntohl(sav->spi)));
 			IPIP_STATINC(IPIP_STAT_UNSPEC);
 			error = ENOBUFS;
 			goto bad;
@@ -479,7 +479,7 @@ ipip_output(struct mbuf *m, const struct
 			/* This is really IPVERSION. */
 			ip6o->ip6_nxt = IPPROTO_IPIP;
 		} else
-#endif /* INET */
+#endif
 		if (tp == (IPV6_VERSION >> 4)) {
 			uint32_t itos32;
 
@@ -496,7 +496,7 @@ ipip_output(struct mbuf *m, const struct
 
 		otos = 0;
 		ip_ecn_ingress(ECN_ALLOWED, , );
-		ip6o->ip6_flow |= htonl((uint32_t) otos << 20);
+		ip6o->ip6_flow |= htonl((uint32_t)otos << 20);
 		break;
 #endif /* INET6 */
 

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:43:10 UTC 2018

Modified Files:
src/sys/netipsec: xform_ipip.c

Log Message:
style


To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/xform_ipip.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/net

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Wed Apr 18 06:37:18 UTC 2018

Modified Files:
src/sys/net: if_bridge.c

Log Message:
Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY


To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/net/if_bridge.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_bridge.c
diff -u src/sys/net/if_bridge.c:1.153 src/sys/net/if_bridge.c:1.154
--- src/sys/net/if_bridge.c:1.153	Wed Apr 18 06:04:03 2018
+++ src/sys/net/if_bridge.c	Wed Apr 18 06:37:17 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $	*/
+/*	$NetBSD: if_bridge.c,v 1.154 2018/04/18 06:37:17 ozaki-r Exp $	*/
 
 /*
  * Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.154 2018/04/18 06:37:17 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_bridge_ipf.h"
@@ -2032,6 +2032,8 @@ bridge_rtalloc(struct bridge_softc *sc, 
 	brt->brt_expire = time_uptime + sc->sc_brttimeout;
 	brt->brt_flags = IFBAF_DYNAMIC;
 	memcpy(brt->brt_addr, dst, ETHER_ADDR_LEN);
+	PSLIST_ENTRY_INIT(brt, brt_list);
+	PSLIST_ENTRY_INIT(brt, brt_hash);
 
 	BRIDGE_RT_LOCK(sc);
 	error = bridge_rtnode_insert(sc, brt);
@@ -2500,6 +2502,8 @@ static void
 bridge_rtnode_destroy(struct bridge_rtnode *brt)
 {
 
+	PSLIST_ENTRY_DESTROY(brt, brt_list);
+	PSLIST_ENTRY_DESTROY(brt, brt_hash);
 	pool_put(_rtnode_pool, brt);
 }
 

CVS commit: src/sys/net

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Wed Apr 18 06:37:18 UTC 2018

Modified Files:
src/sys/net: if_bridge.c

Log Message:
Add missing PSLIST_ENTRY_INIT and PSLIST_ENTRY_DESTROY


To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys/net/if_bridge.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Re: CVS commit: src/sys/sys

[Michael van Elst]

On Wed, Apr 18, 2018 at 07:51:01AM +0200, Kamil Rytarowski wrote:
> 
> OK, so assuming that  shall not be exposed to userland - I
> propose this patch:
> 
> http://netbsd.org/~kamil/patch-00047-pmf_h.txt

It's all gross

Exposing sys/pmf.h to userland is probably necessary.


Greetings,
-- 
Michael van Elst
Internet: mlel...@serpens.de
"A potential Snark may lurk in every tree."

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:22:47 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Style, and remove another misleading comment.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.50 src/sys/netipsec/ipsec_netbsd.c:1.51
--- src/sys/netipsec/ipsec_netbsd.c:1.50	Wed Apr 18 06:17:44 2018
+++ src/sys/netipsec/ipsec_netbsd.c	Wed Apr 18 06:22:47 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $	*/
+/*	$NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $	*/
 /*	$KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $	*/
 /*	$KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.51 2018/04/18 06:22:47 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -223,7 +223,7 @@ ah6_ctlinput(int cmd, const struct socka
 			 * Check to see if we have a valid SA corresponding
 			 * to the address in the ICMP message payload.
 			 */
-			sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa,
+			sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa,
 			IPPROTO_AH, ahp->ah_spi, 0, 0);
 
 			if (sav) {
@@ -298,12 +298,6 @@ esp6_ctlinput(int cmd, const struct sock
 		ip6cp1.ip6c_src = ip6cp->ip6c_src;
 		pfctlinput2(cmd, sa, );
 
-		/*
-		 * Then go to special cases that need ESP header information.
-		 * XXX: We assume that when ip6 is non NULL,
-		 * M and OFF are valid.
-		 */
-
 		/* check if we can safely examine src and dst ports */
 		if (m->m_pkthdr.len < off + sizeof(esp))
 			return NULL;
@@ -316,7 +310,7 @@ esp6_ctlinput(int cmd, const struct sock
 			m_copydata(m, off, sizeof(esp), );
 			espp = 
 		} else
-			espp = (struct newesp*)(mtod(m, char *) + off);
+			espp = (struct newesp *)(mtod(m, char *) + off);
 
 		if (cmd == PRC_MSGSIZE) {
 			int valid = 0;
@@ -326,7 +320,7 @@ esp6_ctlinput(int cmd, const struct sock
 			 * the address in the ICMP message payload.
 			 */
 
-			sav = KEY_LOOKUP_SA((const union sockaddr_union*)sa,
+			sav = KEY_LOOKUP_SA((const union sockaddr_union *)sa,
 			IPPROTO_ESP, espp->esp_spi, 0, 0);
 
 			if (sav) {
@@ -360,11 +354,11 @@ sysctl_ipsec(SYSCTLFN_ARGS)
 	struct sysctlnode node;
 
 	node = *rnode;
-	t = *(int*)rnode->sysctl_data;
+	t = *(int *)rnode->sysctl_data;
 	node.sysctl_data = 
 	error = sysctl_lookup(SYSCTLFN_CALL());
 	if (error || newp == NULL)
-		return (error);
+		return error;
 
 	switch (rnode->sysctl_num) {
 	case IPSECCTL_DEF_ESP_TRANSLEV:
@@ -373,22 +367,22 @@ sysctl_ipsec(SYSCTLFN_ARGS)
 	case IPSECCTL_DEF_AH_NETLEV:
 		if (t != IPSEC_LEVEL_USE &&
 		t != IPSEC_LEVEL_REQUIRE)
-			return (EINVAL);
+			return EINVAL;
 		ipsec_invalpcbcacheall();
 		break;
 	case IPSECCTL_DEF_POLICY:
 		if (t != IPSEC_POLICY_DISCARD &&
 		t != IPSEC_POLICY_NONE)
-			return (EINVAL);
+			return EINVAL;
 		ipsec_invalpcbcacheall();
 		break;
 	default:
-		return (EINVAL);
+		return EINVAL;
 	}
 
-	*(int*)rnode->sysctl_data = t;
+	*(int *)rnode->sysctl_data = t;
 
-	return (0);
+	return 0;
 }
 
 #ifdef IPSEC_DEBUG
@@ -399,11 +393,11 @@ sysctl_ipsec_test(SYSCTLFN_ARGS)
 	struct sysctlnode node;
 
 	node = *rnode;
-	t = *(int*)rnode->sysctl_data;
+	t = *(int *)rnode->sysctl_data;
 	node.sysctl_data = 
 	error = sysctl_lookup(SYSCTLFN_CALL());
 	if (error || newp == NULL)
-		return (error);
+		return error;
 
 	if (t < 0 || t > 1)
 		return EINVAL;
@@ -415,7 +409,7 @@ sysctl_ipsec_test(SYSCTLFN_ARGS)
 		 printf("ipsec: HMAC corruption %s\n",
 		 (t == 0) ? "deactivated" : "activated");
 
-	*(int*)rnode->sysctl_data = t;
+	*(int *)rnode->sysctl_data = t;
 
 	return 0;
 }

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:22:47 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Style, and remove another misleading comment.


To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:17:44 UTC 2018

Modified Files:
src/sys/netinet: tcp_subr.c
src/sys/netinet6: udp6_usrreq.c
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Remove misleading comments.


To generate a diff of this commit:
cvs rdiff -u -r1.276 -r1.277 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.139 -r1.140 src/sys/netinet6/udp6_usrreq.c
cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:17:44 UTC 2018

Modified Files:
src/sys/netinet: tcp_subr.c
src/sys/netinet6: udp6_usrreq.c
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Remove misleading comments.


To generate a diff of this commit:
cvs rdiff -u -r1.276 -r1.277 src/sys/netinet/tcp_subr.c
cvs rdiff -u -r1.139 -r1.140 src/sys/netinet6/udp6_usrreq.c
cvs rdiff -u -r1.49 -r1.50 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netinet/tcp_subr.c
diff -u src/sys/netinet/tcp_subr.c:1.276 src/sys/netinet/tcp_subr.c:1.277
--- src/sys/netinet/tcp_subr.c:1.276	Thu Mar 29 18:54:48 2018
+++ src/sys/netinet/tcp_subr.c	Wed Apr 18 06:17:43 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: tcp_subr.c,v 1.276 2018/03/29 18:54:48 maxv Exp $	*/
+/*	$NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $	*/
 
 /*
  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -91,7 +91,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.276 2018/03/29 18:54:48 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: tcp_subr.c,v 1.277 2018/04/18 06:17:43 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -1423,11 +1423,6 @@ tcp6_ctlinput(int cmd, const struct sock
 	}
 
 	if (ip6) {
-		/*
-		 * XXX: We assume that when ip6 is non NULL,
-		 * M and OFF are valid.
-		 */
-
 		/* check if we can safely examine src and dst ports */
 		if (m->m_pkthdr.len < off + sizeof(th)) {
 			if (cmd == PRC_MSGSIZE)

Index: src/sys/netinet6/udp6_usrreq.c
diff -u src/sys/netinet6/udp6_usrreq.c:1.139 src/sys/netinet6/udp6_usrreq.c:1.140
--- src/sys/netinet6/udp6_usrreq.c:1.139	Thu Apr 12 06:49:39 2018
+++ src/sys/netinet6/udp6_usrreq.c	Wed Apr 18 06:17:44 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: udp6_usrreq.c,v 1.139 2018/04/12 06:49:39 maxv Exp $ */
+/* $NetBSD: udp6_usrreq.c,v 1.140 2018/04/18 06:17:44 maxv Exp $ */
 /* $KAME: udp6_usrreq.c,v 1.86 2001/05/27 17:33:00 itojun Exp $ */
 /* $KAME: udp6_output.c,v 1.43 2001/10/15 09:19:52 itojun Exp $ */
 
@@ -63,7 +63,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.139 2018/04/12 06:49:39 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: udp6_usrreq.c,v 1.140 2018/04/18 06:17:44 maxv Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -230,11 +230,6 @@ udp6_ctlinput(int cmd, const struct sock
 	}
 
 	if (ip6) {
-		/*
-		 * XXX: We assume that when IPV6 is non NULL,
-		 * M and OFF are valid.
-		 */
-
 		/* check if we can safely examine src and dst ports */
 		if (m->m_pkthdr.len < off + sizeof(*uhp)) {
 			if (cmd == PRC_MSGSIZE)

Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.49 src/sys/netipsec/ipsec_netbsd.c:1.50
--- src/sys/netipsec/ipsec_netbsd.c:1.49	Wed Apr 18 06:13:23 2018
+++ src/sys/netipsec/ipsec_netbsd.c	Wed Apr 18 06:17:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $	*/
+/*	$NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $	*/
 /*	$KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $	*/
 /*	$KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.50 2018/04/18 06:17:44 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -202,11 +202,6 @@ ah6_ctlinput(int cmd, const struct socka
 	}
 
 	if (ip6) {
-		/*
-		 * XXX: We assume that when ip6 is non NULL,
-		 * M and OFF are valid.
-		 */
-
 		/* check if we can safely examine src and dst ports */
 		if (m->m_pkthdr.len < off + sizeof(ah))
 			return NULL;

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:13:23 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Remove the

net.inet6.esp6
net.inet6.ipcomp6
net.inet6.ah6

subtrees. They are aliases to net.inet6.ipsec6, but they are not
consistent with the original intended naming. (eg there was
net.inet6.esp6.esp_trans_deflev instead of net.inet6.esp6.trans_deflev).


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:13:23 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Remove the

net.inet6.esp6
net.inet6.ipcomp6
net.inet6.ah6

subtrees. They are aliases to net.inet6.ipsec6, but they are not
consistent with the original intended naming. (eg there was
net.inet6.esp6.esp_trans_deflev instead of net.inet6.esp6.trans_deflev).


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.48 src/sys/netipsec/ipsec_netbsd.c:1.49
--- src/sys/netipsec/ipsec_netbsd.c:1.48	Wed Apr 18 06:03:36 2018
+++ src/sys/netipsec/ipsec_netbsd.c	Wed Apr 18 06:13:23 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $	*/
+/*	$NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $	*/
 /*	$KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $	*/
 /*	$KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.49 2018/04/18 06:13:23 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -789,23 +789,5 @@ sysctl_net_inet6_ipsec6_setup(struct sys
 		   NULL, 0, _used, 0,
 		   CTL_NET, PF_INET6, IPPROTO_AH,
 		   CTL_CREATE, CTL_EOL);
-	/*
-	 * "aliases" for the ipsec6 subtree
-	 */
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_ALIAS,
-		   CTLTYPE_NODE, "esp6", NULL,
-		   NULL, IPPROTO_AH, NULL, 0,
-		   CTL_NET, PF_INET6, IPPROTO_ESP, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_ALIAS,
-		   CTLTYPE_NODE, "ipcomp6", NULL,
-		   NULL, IPPROTO_AH, NULL, 0,
-		   CTL_NET, PF_INET6, IPPROTO_IPCOMP, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_ALIAS,
-		   CTLTYPE_NODE, "ah6", NULL,
-		   NULL, IPPROTO_AH, NULL, 0,
-		   CTL_NET, PF_INET6, CTL_CREATE, CTL_EOL);
 }
 #endif /* INET6 */

CVS commit: src/sys/net

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Wed Apr 18 06:04:03 UTC 2018

Modified Files:
src/sys/net: if_bridge.c

Log Message:
Get rid of a unnecessary semicolon

Pointed out by kamil@


To generate a diff of this commit:
cvs rdiff -u -r1.152 -r1.153 src/sys/net/if_bridge.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

CVS commit: src/sys/net

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Wed Apr 18 06:04:03 UTC 2018

Modified Files:
src/sys/net: if_bridge.c

Log Message:
Get rid of a unnecessary semicolon

Pointed out by kamil@


To generate a diff of this commit:
cvs rdiff -u -r1.152 -r1.153 src/sys/net/if_bridge.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_bridge.c
diff -u src/sys/net/if_bridge.c:1.152 src/sys/net/if_bridge.c:1.153
--- src/sys/net/if_bridge.c:1.152	Wed Apr 18 04:01:58 2018
+++ src/sys/net/if_bridge.c	Wed Apr 18 06:04:03 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_bridge.c,v 1.152 2018/04/18 04:01:58 ozaki-r Exp $	*/
+/*	$NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $	*/
 
 /*
  * Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.152 2018/04/18 04:01:58 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.153 2018/04/18 06:04:03 ozaki-r Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_bridge_ipf.h"
@@ -186,7 +186,7 @@ __CTASSERT(offsetof(struct ifbifconf, if
 #define BRIDGE_RT_LOCKED(_sc)	mutex_owned((_sc)->sc_rtlist_lock)
 
 #define BRIDGE_RT_PSZ_PERFORM(_sc) \
-pserialize_perform((_sc)->sc_rtlist_psz);
+pserialize_perform((_sc)->sc_rtlist_psz)
 
 #define BRIDGE_RT_RENTER(__s)	do { __s = pserialize_read_enter(); } while (0)
 #define BRIDGE_RT_REXIT(__s)	do { pserialize_read_exit(__s); } while (0)

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:03:37 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Remove duplicate sysctls:

net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev
net.inet.esp.net_deflev   = net.inet.ipsec.esp_net_deflev
net.inet.ah.cleartos  = net.inet.ipsec.ah_cleartos
net.inet.ah.offsetmask= net.inet.ipsec.ah_offsetmask
net.inet.ah.trans_deflev  = net.inet.ipsec.ah_trans_deflev
net.inet.ah.net_deflev= net.inet.ipsec.ah_net_deflev

Use the convention on the right. Discussed a month ago on tech-net@.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/ipsec_netbsd.c
diff -u src/sys/netipsec/ipsec_netbsd.c:1.47 src/sys/netipsec/ipsec_netbsd.c:1.48
--- src/sys/netipsec/ipsec_netbsd.c:1.47	Mon Feb 26 06:17:01 2018
+++ src/sys/netipsec/ipsec_netbsd.c	Wed Apr 18 06:03:36 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $	*/
+/*	$NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $	*/
 /*	$KAME: esp_input.c,v 1.60 2001/09/04 08:43:19 itojun Exp $	*/
 /*	$KAME: ah_input.c,v 1.64 2001/09/04 08:43:19 itojun Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.47 2018/02/26 06:17:01 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec_netbsd.c,v 1.48 2018/04/18 06:03:36 maxv Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_inet.h"
@@ -535,18 +535,6 @@ sysctl_net_inet_ipsec_setup(struct sysct
 		   NULL, 0, NULL, 0,
 		   CTL_NET, PF_INET, IPPROTO_ESP, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		   CTLTYPE_INT, "trans_deflev", NULL,
-		   sysctl_ipsec, 0, _esp_trans_deflev, 0,
-		   CTL_NET, PF_INET, IPPROTO_ESP,
-		   IPSECCTL_DEF_ESP_TRANSLEV, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		   CTLTYPE_INT, "net_deflev", NULL,
-		   sysctl_ipsec, 0, _esp_net_deflev, 0,
-		   CTL_NET, PF_INET, IPPROTO_ESP,
-		   IPSECCTL_DEF_ESP_NETLEV, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
 		   CTLFLAG_PERMANENT|CTLFLAG_READONLY,
 		   CTLTYPE_STRUCT, "esp_stats", NULL,
 		   sysctl_net_inet_esp_stats, 0, NULL, 0,
@@ -560,30 +548,6 @@ sysctl_net_inet_ipsec_setup(struct sysct
 		   NULL, 0, NULL, 0,
 		   CTL_NET, PF_INET, IPPROTO_AH, CTL_EOL);
 	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		   CTLTYPE_INT, "cleartos", NULL,
-		   NULL, 0, _ah_cleartos, 0,
-		   CTL_NET, PF_INET, IPPROTO_AH,
-		   IPSECCTL_AH_CLEARTOS, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		   CTLTYPE_INT, "offsetmask", NULL,
-		   NULL, 0, _ah_offsetmask, 0,
-		   CTL_NET, PF_INET, IPPROTO_AH,
-		   IPSECCTL_AH_OFFSETMASK, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		   CTLTYPE_INT, "trans_deflev", NULL,
-		   sysctl_ipsec, 0, _ah_trans_deflev, 0,
-		   CTL_NET, PF_INET, IPPROTO_AH,
-		   IPSECCTL_DEF_AH_TRANSLEV, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
-		   CTLFLAG_PERMANENT|CTLFLAG_READWRITE,
-		   CTLTYPE_INT, "net_deflev", NULL,
-		   sysctl_ipsec, 0, _ah_net_deflev, 0,
-		   CTL_NET, PF_INET, IPPROTO_AH,
-		   IPSECCTL_DEF_AH_NETLEV, CTL_EOL);
-	sysctl_createv(clog, 0, NULL, NULL,
 		   CTLFLAG_PERMANENT|CTLFLAG_READONLY,
 		   CTLTYPE_STRUCT, "ah_stats", NULL,
 		   sysctl_net_inet_ah_stats, 0, NULL, 0,

CVS commit: src/sys/netipsec

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Wed Apr 18 06:03:37 UTC 2018

Modified Files:
src/sys/netipsec: ipsec_netbsd.c

Log Message:
Remove duplicate sysctls:

net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev
net.inet.esp.net_deflev   = net.inet.ipsec.esp_net_deflev
net.inet.ah.cleartos  = net.inet.ipsec.ah_cleartos
net.inet.ah.offsetmask= net.inet.ipsec.ah_offsetmask
net.inet.ah.trans_deflev  = net.inet.ipsec.ah_trans_deflev
net.inet.ah.net_deflev= net.inet.ipsec.ah_net_deflev

Use the convention on the right. Discussed a month ago on tech-net@.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/sys/netipsec/ipsec_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.