CVS commit: [netbsd-8] src/sys/dev/hpc

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:57:32 UTC 2017

Modified Files:
src/sys/dev/hpc [netbsd-8]: hpckbd.c

Log Message:
Pull up following revision(s) (requested by uwe in ticket #202):
sys/dev/hpc/hpckbd.c: revision 1.32
XXX: On hpcsh only - bring back old incorrect hpckbd_keymap_setup()
fixed in 1.31.  The old one with UNCONST does work on hpcsh b/c the
kernel is directly mapped.  The new one does not work on hpcsh b/c it
calls consinit() very early when malloc() is not yet available.
The real fix for this is to fix the constness of wscons keymap
structures that is self-contradictory.


To generate a diff of this commit:
cvs rdiff -u -r1.30.30.1 -r1.30.30.2 src/sys/dev/hpc/hpckbd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/hpc/hpckbd.c
diff -u src/sys/dev/hpc/hpckbd.c:1.30.30.1 src/sys/dev/hpc/hpckbd.c:1.30.30.2
--- src/sys/dev/hpc/hpckbd.c:1.30.30.1	Fri Jun 30 06:25:43 2017
+++ src/sys/dev/hpc/hpckbd.c	Wed Aug  9 05:57:32 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: hpckbd.c,v 1.30.30.1 2017/06/30 06:25:43 snj Exp $ */
+/*	$NetBSD: hpckbd.c,v 1.30.30.2 2017/08/09 05:57:32 snj Exp $ */
 
 /*-
  * Copyright (c) 1999-2001 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: hpckbd.c,v 1.30.30.1 2017/06/30 06:25:43 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: hpckbd.c,v 1.30.30.2 2017/08/09 05:57:32 snj Exp $");
 
 #include 
 #include 
@@ -260,6 +260,40 @@ hpckbd_getevent(struct hpckbd_core* hc, 
 	return (1);
 }
 
+
+#ifdef hpcsh
+/*
+ * XXX: Use the old wrong code for now as hpcsh attaches console very
+ * early and it's convenient to be able to do early DDB on wscons.
+ */
+void
+hpckbd_keymap_setup(struct hpckbd_core *hc,
+		const keysym_t *map, int mapsize)
+{
+	int i;
+	struct wscons_keydesc *desc;
+
+	/* fix keydesc table */
+	/* 
+	 * XXX The way this is done is really wrong.  The __UNCONST()
+	 * is a hint as to what is wrong.  This actually ends up modifying
+	 * initialized data which is marked "const".
+	 * The reason we get away with it here is that on sh3 kernel
+	 * is directly mapped.
+	 */
+	desc = (struct wscons_keydesc *)__UNCONST(hpckbd_keymapdata.keydesc);
+	for (i = 0; desc[i].name != 0; i++) {
+		if ((desc[i].name & KB_MACHDEP) && desc[i].map == NULL) {
+			desc[i].map = map;
+			desc[i].map_size = mapsize;
+		}
+	}
+
+	return;
+}
+
+#else
+
 void
 hpckbd_keymap_setup(struct hpckbd_core *hc,
 		const keysym_t *map, int mapsize)
@@ -294,6 +328,7 @@ hpckbd_keymap_setup(struct hpckbd_core *
 
 	return;
 }
+#endif
 
 void
 hpckbd_keymap_lookup(struct hpckbd_core *hc)

CVS commit: [netbsd-8] src/sys/net

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:51:50 UTC 2017

Modified Files:
src/sys/net [netbsd-8]: if_gif.c

Log Message:
Pull up following revision(s) (requested by knakahara in ticket #201):
sys/net/if_gif.c: revision 1.128
fix leak when encap_attach() fails twice.


To generate a diff of this commit:
cvs rdiff -u -r1.126.2.1 -r1.126.2.2 src/sys/net/if_gif.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/if_gif.c
diff -u src/sys/net/if_gif.c:1.126.2.1 src/sys/net/if_gif.c:1.126.2.2
--- src/sys/net/if_gif.c:1.126.2.1	Fri Jun 30 06:17:51 2017
+++ src/sys/net/if_gif.c	Wed Aug  9 05:51:50 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_gif.c,v 1.126.2.1 2017/06/30 06:17:51 snj Exp $	*/
+/*	$NetBSD: if_gif.c,v 1.126.2.2 2017/08/09 05:51:50 snj Exp $	*/
 /*	$KAME: if_gif.c,v 1.76 2001/08/20 02:01:02 kjc Exp $	*/
 
 /*
@@ -31,7 +31,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.1 2017/06/30 06:17:51 snj Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_gif.c,v 1.126.2.2 2017/08/09 05:51:50 snj Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -997,31 +997,34 @@ gif_set_tunnel(struct ifnet *ifp, struct
 
 	/*
 	 * Secondly, try to set new configurations.
-	 * If the setup failed, rollback to old configurations.
 	 */
-	do {
-		osrc = sc->gif_psrc;
-		odst = sc->gif_pdst;
-		sc->gif_psrc = nsrc;
-		sc->gif_pdst = ndst;
-
+	osrc = sc->gif_psrc;
+	odst = sc->gif_pdst;
+	sc->gif_psrc = nsrc;
+	sc->gif_pdst = ndst;
+	error = gif_encap_attach(sc);
+	if (error && osrc != NULL && odst != NULL) {
+		/*
+		 * Thirdly, when error occured, rollback to old configurations,
+		 * if last setting is valid.
+		 */
+		sc->gif_psrc = osrc;
+		sc->gif_pdst = odst;
+		osrc = nsrc; /* to free */
+		odst = ndst; /* to free */
 		error = gif_encap_attach(sc);
-		if (error) {
-			/* rollback to the last configuration. */
-			nsrc = osrc;
-			ndst = odst;
-			osrc = sc->gif_psrc;
-			odst = sc->gif_pdst;
-
-			continue;
-		}
-	} while (error != 0 && (nsrc != NULL && ndst != NULL));
-	/* Thirdly, even rollback failed, clear configurations. */
+	}
 	if (error) {
-		osrc = sc->gif_psrc;
-		odst = sc->gif_pdst;
+		/*
+		 * Fourthly, even rollback failed or last setting is not valid,
+		 * clear configurations.
+		 */
+		osrc = sc->gif_psrc; /* to free */
+		odst = sc->gif_pdst; /* to free */
 		sc->gif_psrc = NULL;
 		sc->gif_pdst = NULL;
+		sockaddr_free(nsrc);
+		sockaddr_free(ndst);
 	}
 
 	if (osrc)

CVS commit: [netbsd-8] src/sys/arch

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:49:50 UTC 2017

Modified Files:
src/sys/arch/arm/sunxi [netbsd-8]: files.sunxi sun8i_h3_ccu.c
sunxi_ccu.h sunxi_ccu_nkmp.c
src/sys/arch/evbarm/conf [netbsd-8]: SUNXI
Added Files:
src/sys/arch/arm/sunxi [netbsd-8]: sun6i_dma.c sun8i_h3_codec.c
sunxi_codec.c sunxi_codec.h

Log Message:
Pull up following revision(s) (requested by jmcneill in ticket #200):
sys/arch/arm/sunxi/files.sunxi: 1.15-1.16
sys/arch/arm/sunxi/sun6i_dma.c: 1.1-1.2
sys/arch/arm/sunxi/sun8i_h3_ccu.c: 1.9-1.10
sys/arch/arm/sunxi/sun8i_h3_codec.c: 1.1-1.2
sys/arch/arm/sunxi/sunxi_ccu.h: 1.8
sys/arch/arm/sunxi/sunxi_ccu_nkmp.c: 1.5
sys/arch/arm/sunxi/sunxi_codec.c: 1.1
sys/arch/arm/sunxi/sunxi_codec.h: 1.1
sys/arch/evbarm/conf/SUNXI: 1.20-1.21
Add DMA controller driver for sun6i and later family SoCs.
--
Enable sun6idma
--
add DMA gate
--
Fix burst field encoding, and add a helper function to dump registers
from ddb.
--
Add support for H3 audio PLL and digital audio part.
--
Add support for Allwinner H3 audio codec.
--
Enable H3 audio support
--
h3_codec_pr_write: clear write mode bit after setting it; fixes an issue with 
output being mutex when skipping tracks in mpg123


To generate a diff of this commit:
cvs rdiff -u -r1.12.4.4 -r1.12.4.5 src/sys/arch/arm/sunxi/files.sunxi
cvs rdiff -u -r0 -r1.2.2.2 src/sys/arch/arm/sunxi/sun6i_dma.c \
src/sys/arch/arm/sunxi/sun8i_h3_codec.c
cvs rdiff -u -r1.8.4.3 -r1.8.4.4 src/sys/arch/arm/sunxi/sun8i_h3_ccu.c
cvs rdiff -u -r1.7.4.3 -r1.7.4.4 src/sys/arch/arm/sunxi/sunxi_ccu.h
cvs rdiff -u -r1.4.4.2 -r1.4.4.3 src/sys/arch/arm/sunxi/sunxi_ccu_nkmp.c
cvs rdiff -u -r0 -r1.1.2.2 src/sys/arch/arm/sunxi/sunxi_codec.c \
src/sys/arch/arm/sunxi/sunxi_codec.h
cvs rdiff -u -r1.17.4.4 -r1.17.4.5 src/sys/arch/evbarm/conf/SUNXI

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/arm/sunxi/files.sunxi
diff -u src/sys/arch/arm/sunxi/files.sunxi:1.12.4.4 src/sys/arch/arm/sunxi/files.sunxi:1.12.4.5
--- src/sys/arch/arm/sunxi/files.sunxi:1.12.4.4	Wed Jul 26 07:32:06 2017
+++ src/sys/arch/arm/sunxi/files.sunxi	Wed Aug  9 05:49:50 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: files.sunxi,v 1.12.4.4 2017/07/26 07:32:06 martin Exp $
+#	$NetBSD: files.sunxi,v 1.12.4.5 2017/08/09 05:49:50 snj Exp $
 #
 # Configuration info for Allwinner sunxi family SoCs
 #
@@ -107,6 +107,21 @@ device	sunxiwdt: sysmon_wdog
 attach	sunxiwdt at fdt with sunxi_wdt
 file	arch/arm/sunxi/sunxi_wdt.c		sunxi_wdt
 
+# DMA controller
+device	sun6idma
+attach	sun6idma at fdt with sun6i_dma
+file	arch/arm/sunxi/sun6i_dma.c		sun6i_dma
+
+# Audio codec
+device	sunxicodec: audiobus, auconv, mulaw, aurateconv
+attach	sunxicodec at fdt with sunxi_codec
+file	arch/arm/sunxi/sunxi_codec.c		sunxi_codec
+
+# Audio codec (analog part)
+device	h3codec
+attach	h3codec at fdt with h3_codec
+file	arch/arm/sunxi/sun8i_h3_codec.c		h3_codec needs-flag
+
 # SOC parameters
 defflag	opt_soc.h			SOC_SUNXI
 defflag	opt_soc.h			SOC_SUN8I: SOC_SUNXI

Index: src/sys/arch/arm/sunxi/sun8i_h3_ccu.c
diff -u src/sys/arch/arm/sunxi/sun8i_h3_ccu.c:1.8.4.3 src/sys/arch/arm/sunxi/sun8i_h3_ccu.c:1.8.4.4
--- src/sys/arch/arm/sunxi/sun8i_h3_ccu.c:1.8.4.3	Tue Jul 25 02:03:16 2017
+++ src/sys/arch/arm/sunxi/sun8i_h3_ccu.c	Wed Aug  9 05:49:50 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: sun8i_h3_ccu.c,v 1.8.4.3 2017/07/25 02:03:16 snj Exp $ */
+/* $NetBSD: sun8i_h3_ccu.c,v 1.8.4.4 2017/08/09 05:49:50 snj Exp $ */
 
 /*-
  * Copyright (c) 2017 Jared McNeill 
@@ -29,7 +29,7 @@
 
 #include 
 
-__KERNEL_RCSID(1, "$NetBSD: sun8i_h3_ccu.c,v 1.8.4.3 2017/07/25 02:03:16 snj Exp $");
+__KERNEL_RCSID(1, "$NetBSD: sun8i_h3_ccu.c,v 1.8.4.4 2017/08/09 05:49:50 snj Exp $");
 
 #include 
 #include 
@@ -41,6 +41,7 @@ __KERNEL_RCSID(1, "$NetBSD: sun8i_h3_ccu
 #include 
 #include 
 
+#define	PLL_AUDIO_CTRL_REG	0x008
 #define	PLL_PERIPH0_CTRL_REG	0x028
 #define	AHB1_APB1_CFG_REG	0x054
 #define	APB2_CFG_REG		0x058
@@ -55,6 +56,7 @@ __KERNEL_RCSID(1, "$NetBSD: sun8i_h3_ccu
 #define	SDMMC2_CLK_REG		0x090
 #define	USBPHY_CFG_REG		0x0cc
 #define	MBUS_RST_REG		0x0fc
+#define	AC_DIG_CLK_REG		0x140
 #define	BUS_SOFT_RST_REG0	0x2c0
 #define	BUS_SOFT_RST_REG1	0x2c4
 #define	BUS_SOFT_RST_REG2	0x2c8
@@ -141,6 +143,11 @@ static const char *apb1_parents[] = { "a
 static const char *apb2_parents[] = { "losc", "hosc", "pll_periph0" };
 static const char *mod_parents[] = { "hosc", "pll_periph0", "pll_periph1" };
 
+static const struct sunxi_ccu_nkmp_tbl sunx8_h3_ac_dig_table[] = {
+	{ 24576000, 13, 0, 0, 13 },
+	{ 0 }
+};
+
 static struct sunxi_ccu_clk sun8i_h3_ccu_clks[] = {
 	SUNXI_CCU_NKMP(H3_CLK_PLL_PERIPH0, "pll_periph0", "hosc",
 	PLL_PERIPH0_CTRL_REG,	/* reg */
@@ -151,6 +158,17 @@ static struct sunxi_ccu_clk sun8i_h3_ccu
 	

CVS commit: [netbsd-8] src/bin/sh

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:35:19 UTC 2017

Modified Files:
src/bin/sh [netbsd-8]: input.c parser.c

Log Message:
Pull up following revision(s) (requested by kre in ticket #199):
bin/sh/input.c: revision 1.61
bin/sh/parser.c: revision 1.143
PR bin/52458
Avoid mangling history when editing is enabled, and the prompt contains a \n
Also, allow empty input lines into history when they are being appended to
a previous (partial) command (but not when they would just make an empty entry)
.
For all the gory details, see the PR.
Note nothing here actually makes prompts containing \n work correctly
when editing is enabled, that's a libedit issue, which will be addressed
some other time.


To generate a diff of this commit:
cvs rdiff -u -r1.56.2.1 -r1.56.2.2 src/bin/sh/input.c
cvs rdiff -u -r1.132.2.1 -r1.132.2.2 src/bin/sh/parser.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/bin/sh/input.c
diff -u src/bin/sh/input.c:1.56.2.1 src/bin/sh/input.c:1.56.2.2
--- src/bin/sh/input.c:1.56.2.1	Sun Jul 23 14:58:14 2017
+++ src/bin/sh/input.c	Wed Aug  9 05:35:18 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: input.c,v 1.56.2.1 2017/07/23 14:58:14 snj Exp $	*/
+/*	$NetBSD: input.c,v 1.56.2.2 2017/08/09 05:35:18 snj Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)input.c	8.3 (Berkeley) 6/9/95";
 #else
-__RCSID("$NetBSD: input.c,v 1.56.2.1 2017/07/23 14:58:14 snj Exp $");
+__RCSID("$NetBSD: input.c,v 1.56.2.2 2017/08/09 05:35:18 snj Exp $");
 #endif
 #endif /* not lint */
 
@@ -310,10 +310,11 @@ preadbuffer(void)
 	*q = '\0';
 
 #ifndef SMALL
-	if (parsefile->fd == 0 && hist && something) {
+	if (parsefile->fd == 0 && hist && (something || whichprompt == 2)) {
 		HistEvent he;
+
 		INTOFF;
-		history(hist, , whichprompt == 1? H_ENTER : H_APPEND,
+		history(hist, , whichprompt != 2 ? H_ENTER : H_APPEND,
 		parsenextc);
 		INTON;
 	}

Index: src/bin/sh/parser.c
diff -u src/bin/sh/parser.c:1.132.2.1 src/bin/sh/parser.c:1.132.2.2
--- src/bin/sh/parser.c:1.132.2.1	Sun Jul 23 14:58:14 2017
+++ src/bin/sh/parser.c	Wed Aug  9 05:35:18 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: parser.c,v 1.132.2.1 2017/07/23 14:58:14 snj Exp $	*/
+/*	$NetBSD: parser.c,v 1.132.2.2 2017/08/09 05:35:18 snj Exp $	*/
 
 /*-
  * Copyright (c) 1991, 1993
@@ -37,7 +37,7 @@
 #if 0
 static char sccsid[] = "@(#)parser.c	8.7 (Berkeley) 5/16/95";
 #else
-__RCSID("$NetBSD: parser.c,v 1.132.2.1 2017/07/23 14:58:14 snj Exp $");
+__RCSID("$NetBSD: parser.c,v 1.132.2.2 2017/08/09 05:35:18 snj Exp $");
 #endif
 #endif /* not lint */
 
@@ -2191,13 +2191,14 @@ getprompt(void *unused)
 {
 	char *p;
 	const char *cp;
+	int wp;
 
 	if (!doprompt)
 		return "";
 
 	VTRACE(DBG_PARSE|DBG_EXPAND, ("getprompt %d\n", whichprompt));
 
-	switch (whichprompt) {
+	switch (wp = whichprompt) {
 	case 0:
 		return "";
 	case 1:
@@ -2215,6 +2216,7 @@ getprompt(void *unused)
 	VTRACE(DBG_PARSE|DBG_EXPAND, ("prompt <<%s>>\n", p));
 
 	cp = expandstr(p, plinno);
+	whichprompt = wp;	/* history depends on it not changing */
 
 	VTRACE(DBG_PARSE|DBG_EXPAND, ("prompt -> <<%s>>\n", cp));
 

CVS commit: [netbsd-8] src/sys/altq

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:31:03 UTC 2017

Modified Files:
src/sys/altq [netbsd-8]: altq_cbq.c altq_hfsc.c altq_jobs.c altq_priq.c
altq_wfq.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #198):
sys/altq/altq_cbq.c: revision 1.31
sys/altq/altq_hfsc.c: revision 1.27
sys/altq/altq_jobs.c: revision 1.11
sys/altq/altq_priq.c: revision 1.24
sys/altq/altq_wfq.c: revision 1.22
Zero buffers copied to userland to avoid stack disclosure.
>From Ilja Van Sprundel.
--
Reject negative indices.
(Would be nice to change the types too, and it's *probably* safe to
replace int by u_int, but I'm reluctant to touch the ioctl
definitions without at least a modicum more thought.  Also one of
them is a u_long, because why not?)
>From Ilja Van Sprundel.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.30.10.1 src/sys/altq/altq_cbq.c
cvs rdiff -u -r1.26 -r1.26.10.1 src/sys/altq/altq_hfsc.c
cvs rdiff -u -r1.10 -r1.10.8.1 src/sys/altq/altq_jobs.c
cvs rdiff -u -r1.23 -r1.23.10.1 src/sys/altq/altq_priq.c
cvs rdiff -u -r1.21 -r1.21.10.1 src/sys/altq/altq_wfq.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/altq/altq_cbq.c
diff -u src/sys/altq/altq_cbq.c:1.30 src/sys/altq/altq_cbq.c:1.30.10.1
--- src/sys/altq/altq_cbq.c:1.30	Mon Jun 20 08:30:58 2016
+++ src/sys/altq/altq_cbq.c	Wed Aug  9 05:31:02 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: altq_cbq.c,v 1.30 2016/06/20 08:30:58 knakahara Exp $	*/
+/*	$NetBSD: altq_cbq.c,v 1.30.10.1 2017/08/09 05:31:02 snj Exp $	*/
 /*	$KAME: altq_cbq.c,v 1.21 2005/04/13 03:44:24 suz Exp $	*/
 
 /*
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.30 2016/06/20 08:30:58 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_cbq.c,v 1.30.10.1 2017/08/09 05:31:02 snj Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -471,6 +471,7 @@ cbq_getqstats(struct pf_altq *a, void *u
 	if (*nbytes < sizeof(stats))
 		return (EINVAL);
 
+	memset(, 0, sizeof(stats));
 	get_class_stats(, cl);
 
 	if ((error = copyout((void *), ubuf, sizeof(stats))) != 0)
@@ -880,6 +881,7 @@ cbq_getstats(struct cbq_getstats *gsp)
 			if (++i >= CBQ_MAX_CLASSES)
 goto out;
 
+		memset(, 0, sizeof(stats));
 		get_class_stats(, cl);
 		stats.handle = cl->stats_.handle;
 

Index: src/sys/altq/altq_hfsc.c
diff -u src/sys/altq/altq_hfsc.c:1.26 src/sys/altq/altq_hfsc.c:1.26.10.1
--- src/sys/altq/altq_hfsc.c:1.26	Wed Apr 20 08:58:48 2016
+++ src/sys/altq/altq_hfsc.c	Wed Aug  9 05:31:02 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: altq_hfsc.c,v 1.26 2016/04/20 08:58:48 knakahara Exp $	*/
+/*	$NetBSD: altq_hfsc.c,v 1.26.10.1 2017/08/09 05:31:02 snj Exp $	*/
 /*	$KAME: altq_hfsc.c,v 1.26 2005/04/13 03:44:24 suz Exp $	*/
 
 /*
@@ -43,7 +43,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.26 2016/04/20 08:58:48 knakahara Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_hfsc.c,v 1.26.10.1 2017/08/09 05:31:02 snj Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -312,6 +312,7 @@ hfsc_getqstats(struct pf_altq *a, void *
 	if (*nbytes < sizeof(stats))
 		return (EINVAL);
 
+	memset(, 0, sizeof(stats));
 	get_class_stats(, cl);
 
 	if ((error = copyout((void *), ubuf, sizeof(stats))) != 0)

Index: src/sys/altq/altq_jobs.c
diff -u src/sys/altq/altq_jobs.c:1.10 src/sys/altq/altq_jobs.c:1.10.8.1
--- src/sys/altq/altq_jobs.c:1.10	Mon Nov 21 07:15:36 2016
+++ src/sys/altq/altq_jobs.c	Wed Aug  9 05:31:02 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: altq_jobs.c,v 1.10 2016/11/21 07:15:36 dholland Exp $	*/
+/*	$NetBSD: altq_jobs.c,v 1.10.8.1 2017/08/09 05:31:02 snj Exp $	*/
 /*	$KAME: altq_jobs.c,v 1.11 2005/04/13 03:44:25 suz Exp $	*/
 /*
  * Copyright (c) 2001, the Rector and Board of Visitors of the
@@ -59,7 +59,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.10 2016/11/21 07:15:36 dholland Exp $");
+__KERNEL_RCSID(0, "$NetBSD: altq_jobs.c,v 1.10.8.1 2017/08/09 05:31:02 snj Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_altq.h"
@@ -2110,10 +2110,9 @@ jobscmd_class_stats(struct jobs_class_st
 	usp = ap->stats;
 	for (pri = 0; pri <= jif->jif_maxpri; pri++) {
 		cl = jif->jif_classes[pri];
+		(void)memset(, 0, sizeof(stats));
 		if (cl != NULL)
 			get_class_stats(, cl);
-		else
-			(void)memset(, 0, sizeof(stats));
 		if ((error = copyout((void *), (void *)usp++,
  sizeof(stats))) != 0)
 			return (error);

Index: src/sys/altq/altq_priq.c
diff -u src/sys/altq/altq_priq.c:1.23 src/sys/altq/altq_priq.c:1.23.10.1
--- src/sys/altq/altq_priq.c:1.23	Wed Apr 20 08:58:48 2016
+++ src/sys/altq/altq_priq.c	Wed Aug  9 05:31:02 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: altq_priq.c,v 1.23 2016/04/20 08:58:48 knakahara Exp $	*/
+/*	$NetBSD: altq_priq.c,v 1.23.10.1 2017/08/09 05:31:02 snj Exp $	*/
 /*	$KAME: altq_priq.c,v 1.13 2005/04/13 03:44:25 suz Exp $	*/
 /*
  * Copyright (C) 2000-2003
@@ 

CVS commit: [netbsd-8] src/sys/netsmb

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:27:14 UTC 2017

Modified Files:
src/sys/netsmb [netbsd-8]: smb_dev.c smb_subr.c smb_subr.h smb_usr.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #197):
sys/netsmb/smb_dev.c: revision 1.50
sys/netsmb/smb_subr.c: revision 1.38
sys/netsmb/smb_subr.h: revision 1.22
sys/netsmb/smb_usr.c: revision 1.17-1.19
Reject allocations for too-small buffers from userland.
>From Ilja Van Sprundel.
--
Plug another overflow: refuse bogus sa_len from user.
--
Reject negative ioc_setupcnt.
--
Reject negative offset/count for smb read/write.
Not clear that this is actually a problem for the kernel -- might
overwrite user's buffers or return garbage to user, but that's their
own damn fault.  But it's hard to imagine that negative offset/count
ever makes sense, and I haven't ruled out a problem for the kernel.


To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.49.8.1 src/sys/netsmb/smb_dev.c
cvs rdiff -u -r1.37 -r1.37.12.1 src/sys/netsmb/smb_subr.c
cvs rdiff -u -r1.21 -r1.21.32.1 src/sys/netsmb/smb_subr.h
cvs rdiff -u -r1.16 -r1.16.56.1 src/sys/netsmb/smb_usr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netsmb/smb_dev.c
diff -u src/sys/netsmb/smb_dev.c:1.49 src/sys/netsmb/smb_dev.c:1.49.8.1
--- src/sys/netsmb/smb_dev.c:1.49	Mon Jul 18 21:03:01 2016
+++ src/sys/netsmb/smb_dev.c	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_dev.c,v 1.49 2016/07/18 21:03:01 pgoyette Exp $	*/
+/*	$NetBSD: smb_dev.c,v 1.49.8.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.49 2016/07/18 21:03:01 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_dev.c,v 1.49.8.1 2017/08/09 05:27:14 snj Exp $");
 
 #include 
 #include 
@@ -345,6 +345,8 @@ nsmb_dev_ioctl(dev_t dev, u_long cmd, vo
 		struct uio auio;
 		struct iovec iov;
 
+		if (rwrq->ioc_cnt < 0 || rwrq->ioc_offset < 0)
+			return EINVAL;
 		if ((ssp = sdp->sd_share) == NULL)
 			return ENOTCONN;
 		iov.iov_base = rwrq->ioc_base;

Index: src/sys/netsmb/smb_subr.c
diff -u src/sys/netsmb/smb_subr.c:1.37 src/sys/netsmb/smb_subr.c:1.37.12.1
--- src/sys/netsmb/smb_subr.c:1.37	Sat Nov 15 18:52:45 2014
+++ src/sys/netsmb/smb_subr.c	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_subr.c,v 1.37 2014/11/15 18:52:45 nakayama Exp $	*/
+/*	$NetBSD: smb_subr.c,v 1.37.12.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.37 2014/11/15 18:52:45 nakayama Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_subr.c,v 1.37.12.1 2017/08/09 05:27:14 snj Exp $");
 
 #include 
 #include 
@@ -380,3 +380,32 @@ dup_sockaddr(struct sockaddr *sa, int ca
 		memcpy(sa2, sa, sa->sa_len);
 	return sa2;
 }
+
+int
+dup_sockaddr_copyin(struct sockaddr **ksap, struct sockaddr *usa,
+size_t usalen)
+{
+	struct sockaddr *ksa;
+
+	/* Make sure user provided enough data for a generic sockaddr.  */
+	if (usalen < sizeof(*ksa))
+		return EINVAL;
+
+	/* Don't let the user overfeed us.  */
+	usalen = MIN(usalen, sizeof(struct sockaddr_storage));
+
+	/* Copy the buffer in from userland.  */
+	ksa = smb_memdupin(usa, usalen);
+	if (ksa == NULL)
+		return ENOMEM;
+
+	/* Make sure the user's idea of sa_len is reasonable.  */
+	if (ksa->sa_len > usalen) {
+		smb_memfree(ksa);
+		return EINVAL;
+	}
+
+	/* Success!  */
+	*ksap = ksa;
+	return 0;
+}

Index: src/sys/netsmb/smb_subr.h
diff -u src/sys/netsmb/smb_subr.h:1.21 src/sys/netsmb/smb_subr.h:1.21.32.1
--- src/sys/netsmb/smb_subr.h:1.21	Tue Mar 13 18:41:01 2012
+++ src/sys/netsmb/smb_subr.h	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_subr.h,v 1.21 2012/03/13 18:41:01 elad Exp $	*/
+/*	$NetBSD: smb_subr.h,v 1.21.32.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001, Boris Popov
@@ -128,5 +128,6 @@ int  smb_put_asunistring(struct smb_rq *
 #endif
 
 struct sockaddr *dup_sockaddr(struct sockaddr *, int);
+int dup_sockaddr_copyin(struct sockaddr **, struct sockaddr *, size_t);
 
 #endif /* !_NETSMB_SMB_SUBR_H_ */

Index: src/sys/netsmb/smb_usr.c
diff -u src/sys/netsmb/smb_usr.c:1.16 src/sys/netsmb/smb_usr.c:1.16.56.1
--- src/sys/netsmb/smb_usr.c:1.16	Wed Mar 18 16:00:24 2009
+++ src/sys/netsmb/smb_usr.c	Wed Aug  9 05:27:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $	*/
+/*	$NetBSD: smb_usr.c,v 1.16.56.1 2017/08/09 05:27:14 snj Exp $	*/
 
 /*
  * Copyright (c) 2000-2001 Boris Popov
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16 2009/03/18 16:00:24 cegger Exp $");
+__KERNEL_RCSID(0, "$NetBSD: smb_usr.c,v 1.16.56.1 2017/08/09 05:27:14 snj Exp $");
 
 #include 
 #include 
@@ -65,6 +65,7 @@ static int
 smb_usr_vc2spec(struct 

CVS commit: [netbsd-8] src/sys/dev/ic

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:18:26 UTC 2017

Modified Files:
src/sys/dev/ic [netbsd-8]: ciss.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #196):
sys/dev/ic/ciss.c: revision 1.37
Reject negative indices from userland.


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.36.10.1 src/sys/dev/ic/ciss.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/ciss.c
diff -u src/sys/dev/ic/ciss.c:1.36 src/sys/dev/ic/ciss.c:1.36.10.1
--- src/sys/dev/ic/ciss.c:1.36	Thu Jul 14 04:00:45 2016
+++ src/sys/dev/ic/ciss.c	Wed Aug  9 05:18:26 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ciss.c,v 1.36 2016/07/14 04:00:45 msaitoh Exp $	*/
+/*	$NetBSD: ciss.c,v 1.36.10.1 2017/08/09 05:18:26 snj Exp $	*/
 /*	$OpenBSD: ciss.c,v 1.68 2013/05/30 16:15:02 deraadt Exp $	*/
 
 /*
@@ -19,7 +19,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.36 2016/07/14 04:00:45 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ciss.c,v 1.36.10.1 2017/08/09 05:18:26 snj Exp $");
 
 #include "bio.h"
 
@@ -1299,12 +1299,12 @@ ciss_ioctl(device_t dev, u_long cmd, voi
 		/* FALLTHROUGH */
 	case BIOCDISK:
 		bd = (struct bioc_disk *)addr;
-		if (bd->bd_volid > sc->maxunits) {
+		if (bd->bd_volid < 0 || bd->bd_volid > sc->maxunits) {
 			error = EINVAL;
 			break;
 		}
 		ldp = sc->sc_lds[0];
-		if (!ldp || (pd = bd->bd_diskid) > ldp->ndrives) {
+		if (!ldp || (pd = bd->bd_diskid) < 0 || pd > ldp->ndrives) {
 			error = EINVAL;
 			break;
 		}
@@ -1405,7 +1405,7 @@ ciss_ioctl_vol(struct ciss_softc *sc, st
 	int error = 0;
 	u_int blks;
 
-	if (bv->bv_volid > sc->maxunits) {
+	if (bv->bv_volid < 0 || bv->bv_volid > sc->maxunits) {
 		return EINVAL;
 	}
 	ldp = sc->sc_lds[bv->bv_volid];

CVS commit: [netbsd-8] src/sys/dev/ic

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:17:03 UTC 2017

Modified Files:
src/sys/dev/ic [netbsd-8]: isp_netbsd.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #195):
sys/dev/ic/isp_netbsd.c: revision 1.89
Reject out-of-bounds channel index.
>From Ilja Van Sprundel.


To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.88.10.1 src/sys/dev/ic/isp_netbsd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/isp_netbsd.c
diff -u src/sys/dev/ic/isp_netbsd.c:1.88 src/sys/dev/ic/isp_netbsd.c:1.88.10.1
--- src/sys/dev/ic/isp_netbsd.c:1.88	Wed Dec 31 17:10:45 2014
+++ src/sys/dev/ic/isp_netbsd.c	Wed Aug  9 05:17:03 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: isp_netbsd.c,v 1.88 2014/12/31 17:10:45 christos Exp $ */
+/* $NetBSD: isp_netbsd.c,v 1.88.10.1 2017/08/09 05:17:03 snj Exp $ */
 /*
  * Platform (NetBSD) dependent common attachment code for Qlogic adapters.
  */
@@ -33,7 +33,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.88 2014/12/31 17:10:45 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: isp_netbsd.c,v 1.88.10.1 2017/08/09 05:17:03 snj Exp $");
 
 #include 
 #include 
@@ -475,6 +475,10 @@ ispioctl(struct scsipi_channel *chan, u_
 		}
 		lim = local.count;
 		channel = local.channel;
+		if (channel >= isp->isp_nchan) {
+			retval = EINVAL;
+			break;
+		}
 
 		ua = *(isp_dlist_t **)addr;
 		uptr = >wwns[0];

CVS commit: [netbsd-8] src/sys/kern

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:14:20 UTC 2017

Modified Files:
src/sys/kern [netbsd-8]: kern_ktrace.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #194):
sys/kern/kern_ktrace.c: revision 1.171
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
>From Ilja Van Sprundel.


To generate a diff of this commit:
cvs rdiff -u -r1.170 -r1.170.2.1 src/sys/kern/kern_ktrace.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_ktrace.c
diff -u src/sys/kern/kern_ktrace.c:1.170 src/sys/kern/kern_ktrace.c:1.170.2.1
--- src/sys/kern/kern_ktrace.c:1.170	Thu Jun  1 02:45:13 2017
+++ src/sys/kern/kern_ktrace.c	Wed Aug  9 05:14:20 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_ktrace.c,v 1.170 2017/06/01 02:45:13 chs Exp $	*/
+/*	$NetBSD: kern_ktrace.c,v 1.170.2.1 2017/08/09 05:14:20 snj Exp $	*/
 
 /*-
  * Copyright (c) 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.170 2017/06/01 02:45:13 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_ktrace.c,v 1.170.2.1 2017/08/09 05:14:20 snj Exp $");
 
 #include 
 #include 
@@ -926,7 +926,7 @@ ktruser(const char *id, void *addr, size
 
 	user_dta = (void *)(ktp + 1);
 	if ((error = copyin(addr, user_dta, len)) != 0)
-		len = 0;
+		kte->kte_kth.ktr_len = 0;
 
 	ktraddentry(l, kte, KTA_WAITOK);
 	return error;

CVS commit: [netbsd-8] src/sys

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:12:19 UTC 2017

Modified Files:
src/sys/compat/common [netbsd-8]: vfs_syscalls_12.c vfs_syscalls_43.c
src/sys/compat/ibcs2 [netbsd-8]: ibcs2_misc.c
src/sys/compat/linux/common [netbsd-8]: linux_file64.c linux_misc.c
src/sys/compat/linux32/common [netbsd-8]: linux32_dirent.c
src/sys/compat/osf1 [netbsd-8]: osf1_file.c
src/sys/compat/sunos [netbsd-8]: sunos_misc.c
src/sys/compat/sunos32 [netbsd-8]: sunos32_misc.c
src/sys/compat/svr4 [netbsd-8]: svr4_misc.c
src/sys/compat/svr4_32 [netbsd-8]: svr4_32_misc.c
src/sys/rump/kern/lib/libsys_sunos [netbsd-8]: rump_sunos_compat.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #193):
sys/compat/common/vfs_syscalls_12.c: revision 1.34
sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c: revision 1.2
sys/compat/svr4_32/svr4_32_misc.c: revision 1.78
sys/compat/sunos32/sunos32_misc.c: revision 1.78
sys/compat/linux/common/linux_misc.c: revision 1.239
sys/compat/osf1/osf1_file.c: revision 1.44
sys/compat/common/vfs_syscalls_43.c: revision 1.60
sys/compat/svr4/svr4_misc.c: revision 1.158
sys/compat/ibcs2/ibcs2_misc.c: revision 1.114
sys/compat/linux/common/linux_file64.c: revision 1.59
sys/compat/linux32/common/linux32_dirent.c: revision 1.18
sys/compat/sunos/sunos_misc.c: revision 1.171
Fail, don't panic, on bad dirents from file system.
Controllable via puffs from userland.
>From Ilja Van Sprundel.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.33.8.1 src/sys/compat/common/vfs_syscalls_12.c
cvs rdiff -u -r1.59 -r1.59.8.1 src/sys/compat/common/vfs_syscalls_43.c
cvs rdiff -u -r1.113 -r1.113.12.1 src/sys/compat/ibcs2/ibcs2_misc.c
cvs rdiff -u -r1.58 -r1.58.6.1 src/sys/compat/linux/common/linux_file64.c
cvs rdiff -u -r1.238 -r1.238.2.1 src/sys/compat/linux/common/linux_misc.c
cvs rdiff -u -r1.17 -r1.17.6.1 src/sys/compat/linux32/common/linux32_dirent.c
cvs rdiff -u -r1.43 -r1.43.12.1 src/sys/compat/osf1/osf1_file.c
cvs rdiff -u -r1.170 -r1.170.10.1 src/sys/compat/sunos/sunos_misc.c
cvs rdiff -u -r1.77 -r1.77.10.1 src/sys/compat/sunos32/sunos32_misc.c
cvs rdiff -u -r1.157 -r1.157.8.1 src/sys/compat/svr4/svr4_misc.c
cvs rdiff -u -r1.77 -r1.77.8.1 src/sys/compat/svr4_32/svr4_32_misc.c
cvs rdiff -u -r1.1 -r1.1.32.1 \
src/sys/rump/kern/lib/libsys_sunos/rump_sunos_compat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/compat/common/vfs_syscalls_12.c
diff -u src/sys/compat/common/vfs_syscalls_12.c:1.33 src/sys/compat/common/vfs_syscalls_12.c:1.33.8.1
--- src/sys/compat/common/vfs_syscalls_12.c:1.33	Fri Jan 13 22:29:59 2017
+++ src/sys/compat/common/vfs_syscalls_12.c	Wed Aug  9 05:12:18 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_syscalls_12.c,v 1.33 2017/01/13 22:29:59 christos Exp $	*/
+/*	$NetBSD: vfs_syscalls_12.c,v 1.33.8.1 2017/08/09 05:12:18 snj Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.33 2017/01/13 22:29:59 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_12.c,v 1.33.8.1 2017/08/09 05:12:18 snj Exp $");
 
 #include 
 #include 
@@ -171,8 +171,10 @@ again:
 	for (cookie = cookiebuf; len > 0; len -= reclen) {
 		bdp = (struct dirent *)inp;
 		reclen = bdp->d_reclen;
-		if (reclen & 3)
-			panic(__func__);
+		if (reclen & 3) {
+			error = EIO;
+			goto out;
+		}
 		if (bdp->d_fileno == 0) {
 			inp += reclen;	/* it is a hole; squish it out */
 			if (cookie)

Index: src/sys/compat/common/vfs_syscalls_43.c
diff -u src/sys/compat/common/vfs_syscalls_43.c:1.59 src/sys/compat/common/vfs_syscalls_43.c:1.59.8.1
--- src/sys/compat/common/vfs_syscalls_43.c:1.59	Fri Jan 13 20:25:35 2017
+++ src/sys/compat/common/vfs_syscalls_43.c	Wed Aug  9 05:12:18 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: vfs_syscalls_43.c,v 1.59 2017/01/13 20:25:35 christos Exp $	*/
+/*	$NetBSD: vfs_syscalls_43.c,v 1.59.8.1 2017/08/09 05:12:18 snj Exp $	*/
 
 /*
  * Copyright (c) 1989, 1993
@@ -37,7 +37,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.59 2017/01/13 20:25:35 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_syscalls_43.c,v 1.59.8.1 2017/08/09 05:12:18 snj Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_compat_netbsd.h"
@@ -451,8 +451,10 @@ again:
 	for (cookie = cookiebuf; len > 0; len -= reclen) {
 		bdp = (struct dirent *)inp;
 		reclen = bdp->d_reclen;
-		if (reclen & 3)
-			panic(__func__);
+		if (reclen & 3) {
+			error = EIO;
+			goto out;
+		}
 		if (bdp->d_fileno == 0) {
 			inp += reclen;	/* it is a hole; squish it out */
 			if (cookie)

Index: src/sys/compat/ibcs2/ibcs2_misc.c
diff -u src/sys/compat/ibcs2/ibcs2_misc.c:1.113 src/sys/compat/ibcs2/ibcs2_misc.c:1.113.12.1
--- 

CVS commit: [netbsd-8] src/sys/kern

[Soren Jacobsen]

Module Name:src
Committed By:   snj
Date:   Wed Aug  9 05:09:47 UTC 2017

Modified Files:
src/sys/kern [netbsd-8]: vfs_getcwd.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #192):
sys/kern/vfs_getcwd.c: revision 1.52
Don't walk off the end of the dirent buffer.
>From Ilja Van Sprundel.


To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.51.2.1 src/sys/kern/vfs_getcwd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/vfs_getcwd.c
diff -u src/sys/kern/vfs_getcwd.c:1.51 src/sys/kern/vfs_getcwd.c:1.51.2.1
--- src/sys/kern/vfs_getcwd.c:1.51	Thu Jun  1 02:45:13 2017
+++ src/sys/kern/vfs_getcwd.c	Wed Aug  9 05:09:47 2017
@@ -1,4 +1,4 @@
-/* $NetBSD: vfs_getcwd.c,v 1.51 2017/06/01 02:45:13 chs Exp $ */
+/* $NetBSD: vfs_getcwd.c,v 1.51.2.1 2017/08/09 05:09:47 snj Exp $ */
 
 /*-
  * Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.51 2017/06/01 02:45:13 chs Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vfs_getcwd.c,v 1.51.2.1 2017/08/09 05:09:47 snj Exp $");
 
 #include 
 #include 
@@ -211,7 +211,8 @@ unionread:
 reclen = dp->d_reclen;
 
 /* check for malformed directory.. */
-if (reclen < _DIRENT_MINSIZE(dp)) {
+if (reclen < _DIRENT_MINSIZE(dp) ||
+reclen > len) {
 	error = EINVAL;
 	goto out;
 }

CVS commit: src/sys/dev

[SAITOH Masanobu]

Module Name:src
Committed By:   msaitoh
Date:   Wed Aug  9 04:45:39 UTC 2017

Modified Files:
src/sys/dev/ic: nslm7x.c nslm7xvar.h
src/sys/dev/isa: wbsio.c

Log Message:
- Sprinkle static and const. No functional change.
- Print chip ID in hexadecimal instead of octal in def_match().


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 src/sys/dev/ic/nslm7x.c
cvs rdiff -u -r1.30 -r1.31 src/sys/dev/ic/nslm7xvar.h
cvs rdiff -u -r1.12 -r1.13 src/sys/dev/isa/wbsio.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/ic/nslm7x.c
diff -u src/sys/dev/ic/nslm7x.c:1.67 src/sys/dev/ic/nslm7x.c:1.68
--- src/sys/dev/ic/nslm7x.c:1.67	Thu Jul 20 02:27:36 2017
+++ src/sys/dev/ic/nslm7x.c	Wed Aug  9 04:45:38 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: nslm7x.c,v 1.67 2017/07/20 02:27:36 msaitoh Exp $ */
+/*	$NetBSD: nslm7x.c,v 1.68 2017/08/09 04:45:38 msaitoh Exp $ */
 
 /*-
  * Copyright (c) 2000 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: nslm7x.c,v 1.67 2017/07/20 02:27:36 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: nslm7x.c,v 1.68 2017/08/09 04:45:38 msaitoh Exp $");
 
 #include 
 #include 
@@ -80,7 +80,7 @@ static void wb_temp_diode_type(struct lm
 static void lm_refresh(void *);
 
 static void lm_generic_banksel(struct lm_softc *, int);
-static void lm_setup_sensors(struct lm_softc *, struct lm_sensor *);
+static void lm_setup_sensors(struct lm_softc *, const struct lm_sensor *);
 static void lm_refresh_sensor_data(struct lm_softc *);
 static void lm_refresh_volt(struct lm_softc *, int);
 static void lm_refresh_temp(struct lm_softc *, int);
@@ -123,7 +123,7 @@ static struct {
 };
 
 /* LM78/78J/79/81 */
-static struct lm_sensor lm78_sensors[] = {
+static const struct lm_sensor lm78_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore A",
@@ -222,7 +222,7 @@ static struct lm_sensor lm78_sensors[] =
 };
 
 /* W83627HF */
-static struct lm_sensor w83627hf_sensors[] = {
+static const struct lm_sensor w83627hf_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore A",
@@ -361,7 +361,7 @@ static struct lm_sensor w83627hf_sensors
  * need special treatment, also because the reference voltage is 2.048 V
  * instead of the traditional 3.6 V.
  */
-static struct lm_sensor w83627ehf_sensors[] = {
+static const struct lm_sensor w83627ehf_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -500,7 +500,7 @@ static struct lm_sensor w83627ehf_sensor
 };
 
 /*  W83627DHG */
-static struct lm_sensor w83627dhg_sensors[] = {
+static const struct lm_sensor w83627dhg_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -631,7 +631,7 @@ static struct lm_sensor w83627dhg_sensor
 };
 
 /* W83637HF */
-static struct lm_sensor w83637hf_sensors[] = {
+static const struct lm_sensor w83637hf_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -746,7 +746,7 @@ static struct lm_sensor w83637hf_sensors
 };
 
 /* W83697HF */
-static struct lm_sensor w83697hf_sensors[] = {
+static const struct lm_sensor w83697hf_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -859,7 +859,7 @@ static struct lm_sensor w83697hf_sensors
  * +5V, but using the values from the W83782D datasheets seems to
  * provide sensible results.
  */
-static struct lm_sensor w83781d_sensors[] = {
+static const struct lm_sensor w83781d_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore A",
@@ -974,7 +974,7 @@ static struct lm_sensor w83781d_sensors[
 };
 
 /* W83782D */
-static struct lm_sensor w83782d_sensors[] = {
+static const struct lm_sensor w83782d_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -1105,7 +1105,7 @@ static struct lm_sensor w83782d_sensors[
 };
 
 /* W83783S */
-static struct lm_sensor w83783s_sensors[] = {
+static const struct lm_sensor w83783s_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -1204,7 +1204,7 @@ static struct lm_sensor w83783s_sensors[
 };
 
 /* W83791D */
-static struct lm_sensor w83791d_sensors[] = {
+static const struct lm_sensor w83791d_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -1359,7 +1359,7 @@ static struct lm_sensor w83791d_sensors[
 };
 
 /* W83792D */
-static struct lm_sensor w83792d_sensors[] = {
+static const struct lm_sensor w83792d_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore A",
@@ -1522,7 +1522,7 @@ static struct lm_sensor w83792d_sensors[
 };
 
 /* AS99127F */
-static struct lm_sensor as99127f_sensors[] = {
+static const struct lm_sensor as99127f_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore A",
@@ -1637,7 +1637,7 @@ static struct lm_sensor as99127f_sensors
 };
 
 /* NCT6776F */
-static struct lm_sensor nct6776f_sensors[] = {
+static const struct lm_sensor nct6776f_sensors[] = {
 	/* Voltage */
 	{
 		.desc = "VCore",
@@ -1785,7 +1785,7 @@ static struct lm_sensor nct6776f_sensors
 };
 
 /* NCT6779D */
-static struct lm_sensor nct6779d_sensors[] = {
+static const struct lm_sensor 

CVS commit: src/sys/netipsec

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Wed Aug  9 04:29:36 UTC 2017

Modified Files:
src/sys/netipsec: key.c

Log Message:
Fix deadlock between key_sendup_mbuf called from key_acquire and 
localcount_drain

If we call key_sendup_mbuf from key_acquire that is called on packet
processing, a deadlock can happen like this:
- At key_acquire, a reference to an SP (and an SA) is held
- key_sendup_mbuf will try to take key_so_mtx
- Some other thread may try to localcount_drain to the SP with
  holding key_so_mtx in say key_api_spdflush
- In this case localcount_drain never return because key_sendup_mbuf
  that has stuck on key_so_mtx never release a reference to the SP

Fix the deadlock by deferring key_sendup_mbuf to the timer
(key_timehandler).


To generate a diff of this commit:
cvs rdiff -u -r1.219 -r1.220 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.219 src/sys/netipsec/key.c:1.220
--- src/sys/netipsec/key.c:1.219	Wed Aug  9 03:41:11 2017
+++ src/sys/netipsec/key.c	Wed Aug  9 04:29:36 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.219 2017/08/09 03:41:11 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.220 2017/08/09 04:29:36 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.219 2017/08/09 03:41:11 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.220 2017/08/09 04:29:36 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -735,6 +735,8 @@ static struct mbuf *key_getcomb_ipcomp (
 static struct mbuf *key_getprop (const struct secasindex *);
 
 static int key_acquire (const struct secasindex *, struct secpolicy *);
+static void key_acquire_sendup_mbuf_later(struct mbuf *);
+static void key_acquire_sendup_pending_mbuf(void);
 #ifndef IPSEC_NONBLOCK_ACQUIRE
 static struct secacq *key_newacq (const struct secasindex *);
 static struct secacq *key_getacq (const struct secasindex *);
@@ -4867,6 +4869,8 @@ key_timehandler_spacq(time_t now)
 #endif
 }
 
+static unsigned int key_timehandler_work_enqueued = 0;
+
 /*
  * time handler.
  * scanning SPD and SAD to check status for each entries,
@@ -4878,6 +4882,9 @@ key_timehandler_work(struct work *wk, vo
 	time_t now = time_uptime;
 	IPSEC_DECLARE_LOCK_VARIABLE;
 
+	/* We can allow enqueuing another work at this point */
+	atomic_swap_uint(_timehandler_work_enqueued, 0);
+
 	IPSEC_ACQUIRE_GLOBAL_LOCKS();
 
 	key_timehandler_spd(now);
@@ -4885,6 +4892,8 @@ key_timehandler_work(struct work *wk, vo
 	key_timehandler_acq(now);
 	key_timehandler_spacq(now);
 
+	key_acquire_sendup_pending_mbuf();
+
 	/* do exchange to tick time !! */
 	callout_reset(_timehandler_ch, hz, key_timehandler, NULL);
 
@@ -4896,6 +4905,10 @@ static void
 key_timehandler(void *arg)
 {
 
+	/* Avoid enqueuing another work when one is already enqueued */
+	if (atomic_swap_uint(_timehandler_work_enqueued, 1) == 1)
+		return;
+
 	workqueue_enqueue(key_timehandler_wq, _timehandler_wk, NULL);
 }
 
@@ -6631,7 +6644,20 @@ key_acquire(const struct secasindex *sai
 	mtod(result, struct sadb_msg *)->sadb_msg_len =
 	PFKEY_UNIT64(result->m_pkthdr.len);
 
-	return key_sendup_mbuf(NULL, result, KEY_SENDUP_REGISTERED);
+	/*
+	 * XXX we cannot call key_sendup_mbuf directly here because
+	 * it can cause a deadlock:
+	 * - We have a reference to an SP (and an SA) here
+	 * - key_sendup_mbuf will try to take key_so_mtx
+	 * - Some other thread may try to localcount_drain to the SP with
+	 *   holding key_so_mtx in say key_api_spdflush
+	 * - In this case localcount_drain never return because key_sendup_mbuf
+	 *   that has stuck on key_so_mtx never release a reference to the SP
+	 *
+	 * So defer key_sendup_mbuf to the timer.
+	 */
+	key_acquire_sendup_mbuf_later(result);
+	return 0;
 
  fail:
 	if (result)
@@ -6639,6 +6665,57 @@ key_acquire(const struct secasindex *sai
 	return error;
 }
 
+static struct mbuf *key_acquire_mbuf_head = NULL;
+
+static void
+key_acquire_sendup_pending_mbuf(void)
+{
+	struct mbuf *m, *prev = NULL;
+	int error;
+
+again:
+	mutex_enter(_misc.lock);
+	m = key_acquire_mbuf_head;
+	/* Get an earliest mbuf (one at the tail of the list) */
+	while (m != NULL) {
+		if (m->m_nextpkt == NULL) {
+			if (prev != NULL)
+prev->m_nextpkt = NULL;
+			if (m == key_acquire_mbuf_head)
+key_acquire_mbuf_head = NULL;
+			break;
+		}
+		prev = m;
+		m = m->m_nextpkt;
+	}
+	mutex_exit(_misc.lock);
+
+	if (m == NULL)
+		return;
+
+	error = key_sendup_mbuf(NULL, m, KEY_SENDUP_REGISTERED);
+	if (error != 0)
+		IPSECLOG(LOG_WARNING, "key_sendup_mbuf failed (error=%d)\n",
+		error);
+
+	if (prev != NULL)
+		goto again;
+}
+
+static void
+key_acquire_sendup_mbuf_later(struct mbuf *m)
+{
+
+	mutex_enter(_misc.lock);
+	

CVS commit: src/sys/netipsec

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Wed Aug  9 03:41:11 UTC 2017

Modified Files:
src/sys/netipsec: key.c

Log Message:
Fix locking notes of SAD


To generate a diff of this commit:
cvs rdiff -u -r1.218 -r1.219 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.218 src/sys/netipsec/key.c:1.219
--- src/sys/netipsec/key.c:1.218	Tue Aug  8 08:24:34 2017
+++ src/sys/netipsec/key.c	Wed Aug  9 03:41:11 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.218 2017/08/08 08:24:34 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.219 2017/08/09 03:41:11 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.218 2017/08/08 08:24:34 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.219 2017/08/09 03:41:11 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -211,7 +211,7 @@ static u_int32_t acq_seq = 0;
  * - Read accesses to the key_sad.sahlist must be in pserialize(9) read sections
  * - sah's lifetime is managed by localcount(9)
  * - Getting an sah entry
- *   - We get an SP from the key_spd.splist
+ *   - We get an sah from the key_sad.sahlist
  * - Must iterate the list and increment the reference count of a found sah
  *   (by key_sah_ref) in a pserialize read section
  *   - A gotten sah must be released after use by key_sah_unref

CVS commit: src/usr.sbin/ypbind

[Brian Ginsbach]

Module Name:src
Committed By:   ginsbach
Date:   Wed Aug  9 01:56:42 UTC 2017

Modified Files:
src/usr.sbin/ypbind: ypbind.c

Log Message:
Make use of the defined YP errors when ypbind encounters one rather than
just returning an empty (successful) RPC result.

Don't exit when allocating memory for a new bound domain received via a RPC.


To generate a diff of this commit:
cvs rdiff -u -r1.98 -r1.99 src/usr.sbin/ypbind/ypbind.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.sbin/ypbind/ypbind.c
diff -u src/usr.sbin/ypbind/ypbind.c:1.98 src/usr.sbin/ypbind/ypbind.c:1.99
--- src/usr.sbin/ypbind/ypbind.c:1.98	Tue Jun 10 17:19:48 2014
+++ src/usr.sbin/ypbind/ypbind.c	Wed Aug  9 01:56:42 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ypbind.c,v 1.98 2014/06/10 17:19:48 dholland Exp $	*/
+/*	$NetBSD: ypbind.c,v 1.99 2017/08/09 01:56:42 ginsbach Exp $	*/
 
 /*
  * Copyright (c) 1992, 1993 Theo de Raadt 
@@ -28,7 +28,7 @@
 
 #include 
 #ifndef LINT
-__RCSID("$NetBSD: ypbind.c,v 1.98 2014/06/10 17:19:48 dholland Exp $");
+__RCSID("$NetBSD: ypbind.c,v 1.99 2017/08/09 01:56:42 ginsbach Exp $");
 #endif
 
 #include 
@@ -314,7 +314,7 @@ domain_create(const char *name)
 	dom = malloc(sizeof *dom);
 	if (dom == NULL) {
 		yp_log(LOG_ERR, "domain_create: Out of memory");
-		exit(1);
+		return NULL;
 	}
 
 	dom->dom_next = NULL;
@@ -483,7 +483,7 @@ rpc_is_valid_response(char *name, struct
  *
  * whose meaning isn't entirely clear.
  */
-static void
+static int
 rpc_received(char *dom_name, struct sockaddr_in *raddrp, int force,
 	 int is_ypset)
 {
@@ -498,7 +498,7 @@ rpc_received(char *dom_name, struct sock
 
 	/* validate some stuff */
 	if (!rpc_is_valid_response(dom_name, raddrp)) {
-		return;
+		return 0;
 	}
 
 	/* look for the domain */
@@ -509,8 +509,10 @@ rpc_received(char *dom_name, struct sock
 	/* if not found, create it, but only if FORCE; otherwise ignore */
 	if (dom == NULL) {
 		if (force == 0)
-			return;
+			return 0;
 		dom = domain_create(dom_name);
+		if (dom == NULL)
+			return 0;
 	}
 
 	/* the domain needs to know if it's been explicitly ypset */
@@ -536,7 +538,7 @@ rpc_received(char *dom_name, struct sock
 			   inet_ntoa(dom->dom_server_addr.sin_addr),
 			   dom->dom_name);
 		}
-		return;
+		return 0;
 	}
 
 	/*
@@ -563,7 +565,7 @@ rpc_received(char *dom_name, struct sock
 			   inet_ntoa(dom->dom_server_addr.sin_addr),
 			   dom->dom_name);
 		}
-		return;
+		return 0;
 	}
 
 #ifdef HEURISTIC
@@ -647,7 +649,7 @@ rpc_received(char *dom_name, struct sock
 		(void)close(dom->dom_lockfd);
 
 	if ((fd = makelock(dom)) == -1)
-		return;
+		return 0;
 
 	dom->dom_lockfd = fd;
 
@@ -672,7 +674,10 @@ rpc_received(char *dom_name, struct sock
 		(void)close(dom->dom_lockfd);
 		removelock(dom);
 		dom->dom_lockfd = -1;
+		return 0;
 	}
+
+	return 1;
 }
 
 /*
@@ -706,8 +711,10 @@ ypbindproc_domain_2(SVCXPRT *transp, voi
 	DPRINTF("ypbindproc_domain_2 %s\n", arg);
 
 	/* Reject invalid domains. */
-	if (_yp_invalid_domain(arg))
-		return NULL;
+	if (_yp_invalid_domain(arg)) {
+		res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV;
+		return 
+	}
 
 	(void)memset(, 0, sizeof res);
 	res.ypbind_status = YPBIND_FAIL_VAL;
@@ -724,8 +731,10 @@ ypbindproc_domain_2(SVCXPRT *transp, voi
 	for (count = 0, dom = domains;
 	dom != NULL;
 	dom = dom->dom_next, count++) {
-		if (count > 100)
-			return NULL;		/* prevent denial of service */
+		if (count > 100) {
+			res.ypbind_respbody.ypbind_error = YPBIND_ERR_RESC;
+			return 		/* prevent denial of service */
+		}
 		if (!strcmp(dom->dom_name, arg))
 			break;
 	}
@@ -742,15 +751,21 @@ ypbindproc_domain_2(SVCXPRT *transp, voi
 	 */
 	if (dom == NULL) {
 		dom = domain_create(arg);
-		removelock(dom);
-		check++;
-		DPRINTF("unknown domain %s\n", arg);
-		return NULL;
+		if (dom != NULL) {
+			removelock(dom);
+			check++;
+			DPRINTF("unknown domain %s\n", arg);
+			res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV;
+		} else {
+			res.ypbind_respbody.ypbind_error = YPBIND_ERR_RESC;
+		}
+		return 
 	}
 
 	if (dom->dom_state == DOM_NEW) {
 		DPRINTF("new domain %s\n", arg);
-		return NULL;
+		res.ypbind_respbody.ypbind_error = YPBIND_ERR_NOSERV;
+		return 
 	}
 
 #ifdef HEURISTIC
@@ -864,11 +879,12 @@ ypbindproc_setdom_2(SVCXPRT *transp, voi
 	bindsin.sin_len = sizeof(bindsin);
 	bindsin.sin_addr = sd->ypsetdom_addr;
 	bindsin.sin_port = sd->ypsetdom_port;
-	rpc_received(sd->ypsetdom_domain, , 1, 1);
+	if (rpc_received(sd->ypsetdom_domain, , 1, 1)) {
+		DPRINTF("ypset to %s for domain %s succeeded\n",
+			inet_ntoa(bindsin.sin_addr), sd->ypsetdom_domain);
+		res = 1;
+	}
 
-	DPRINTF("ypset to %s for domain %s succeeded\n",
-		inet_ntoa(bindsin.sin_addr), sd->ypsetdom_domain);
-	res = 1;
 	return 
 }
 
@@ -1244,7 +1260,7 @@ try_again:
 			raddr.sin_port = htons((uint16_t)rmtcr_port);
 			dom = 

CVS commit: src/sys/dev

[Nathanial Sloss]

Module Name:src
Committed By:   nat
Date:   Tue Aug  8 22:21:35 UTC 2017

Modified Files:
src/sys/dev: audio.c

Log Message:
If the harware ring is starved of data...Insert silence into the mix ring
so mix_write can function properly.


To generate a diff of this commit:
cvs rdiff -u -r1.391 -r1.392 src/sys/dev/audio.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/audio.c
diff -u src/sys/dev/audio.c:1.391 src/sys/dev/audio.c:1.392
--- src/sys/dev/audio.c:1.391	Tue Aug  8 05:58:12 2017
+++ src/sys/dev/audio.c	Tue Aug  8 22:21:35 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: audio.c,v 1.391 2017/08/08 05:58:12 isaki Exp $	*/
+/*	$NetBSD: audio.c,v 1.392 2017/08/08 22:21:35 nat Exp $	*/
 
 /*-
  * Copyright (c) 2016 Nathanial Sloss 
@@ -148,7 +148,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.391 2017/08/08 05:58:12 isaki Exp $");
+__KERNEL_RCSID(0, "$NetBSD: audio.c,v 1.392 2017/08/08 22:21:35 nat Exp $");
 
 #ifdef _KERNEL_OPT
 #include "audio.h"
@@ -3662,12 +3662,12 @@ audio_pint(void *v)
 		DPRINTFN(3, ("HW RING - INSERT SILENCE\n"));
 		used = blksize;
 		while (used > 0) {
-			cc = vc->sc_mpr.s.end - vc->sc_mpr.s.inp;
+			cc = sc->sc_pr.s.end - sc->sc_pr.s.inp;
 			if (cc > used)
 cc = used;
-			audio_fill_silence(>sc_pparams, vc->sc_mpr.s.inp, cc);
-			vc->sc_mpr.s.inp = audio_stream_add_inp(>sc_mpr.s,
-			vc->sc_mpr.s.inp, cc);
+			audio_fill_silence(>sc_pustream->param, sc->sc_pr.s.inp, cc);
+			sc->sc_pr.s.inp = audio_stream_add_inp(>sc_pr.s,
+			sc->sc_pr.s.inp, cc);
 			used -= cc;
 		}
 	}

CVS commit: src/sys/arch/amd64/amd64

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Tue Aug  8 17:27:34 UTC 2017

Modified Files:
src/sys/arch/amd64/amd64: process_machdep.c

Log Message:
Mmh, don't overwrite tf_err and tf_trapno. Looks like it can be used to
exploit the intel sysret vulnerability once again.


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/sys/arch/amd64/amd64/process_machdep.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/amd64/process_machdep.c
diff -u src/sys/arch/amd64/amd64/process_machdep.c:1.32 src/sys/arch/amd64/amd64/process_machdep.c:1.33
--- src/sys/arch/amd64/amd64/process_machdep.c:1.32	Thu Feb 23 03:34:22 2017
+++ src/sys/arch/amd64/amd64/process_machdep.c	Tue Aug  8 17:27:34 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: process_machdep.c,v 1.32 2017/02/23 03:34:22 kamil Exp $	*/
+/*	$NetBSD: process_machdep.c,v 1.33 2017/08/08 17:27:34 maxv Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2000 The NetBSD Foundation, Inc.
@@ -76,7 +76,7 @@
 
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: process_machdep.c,v 1.32 2017/02/23 03:34:22 kamil Exp $");
+__KERNEL_RCSID(0, "$NetBSD: process_machdep.c,v 1.33 2017/08/08 17:27:34 maxv Exp $");
 
 #include 
 #include 
@@ -141,6 +141,7 @@ process_write_regs(struct lwp *l, const 
 	struct trapframe *tf = process_frame(l);
 	int error;
 	const long *regs = regp->regs;
+	int err, trapno;
 
 	/*
 	 * Check for security violations.
@@ -151,10 +152,16 @@ process_write_regs(struct lwp *l, const 
 	if (error != 0)
 		return error;
 
+	err = tf->tf_err;
+	trapno = tf->tf_trapno;
+
 #define copy_to_frame(reg, REG, idx) tf->tf_##reg = regs[_REG_##REG];
 	_FRAME_GREG(copy_to_frame)
 #undef copy_to_frame
 
+	tf->tf_err = err;
+	tf->tf_trapno = trapno;
+
 	return (0);
 }
 

CVS commit: src/sys/arch/amd64/amd64

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Tue Aug  8 17:00:42 UTC 2017

Modified Files:
src/sys/arch/amd64/amd64: locore.S

Log Message:
Remove dumb debug code and outdated comment.


To generate a diff of this commit:
cvs rdiff -u -r1.124 -r1.125 src/sys/arch/amd64/amd64/locore.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/amd64/locore.S
diff -u src/sys/arch/amd64/amd64/locore.S:1.124 src/sys/arch/amd64/amd64/locore.S:1.125
--- src/sys/arch/amd64/amd64/locore.S:1.124	Sat Jul  1 10:44:42 2017
+++ src/sys/arch/amd64/amd64/locore.S	Tue Aug  8 17:00:42 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.124 2017/07/01 10:44:42 maxv Exp $	*/
+/*	$NetBSD: locore.S,v 1.125 2017/08/08 17:00:42 maxv Exp $	*/
 
 /*
  * Copyright-o-rama!
@@ -1082,12 +1082,6 @@ skip_save:
 
 	/* Switch to newlwp's stack. */
 	movq	L_PCB(%r12),%r14
-#ifdef XEN /* XXX debug code */
-	cmpq	$0,PCB_RSP(%r14)
-	jne 999f
-	callq _C_LABEL(cpu_Debugger);
-999:
-#endif
 	movq	PCB_RSP(%r14),%rsp
 	movq	PCB_RBP(%r14),%rbp
 
@@ -1236,8 +1230,6 @@ IDTVEC_END(syscall32)
  * syscall()
  *
  * syscall insn entry.
- * This currently isn't much faster, but it can be made faster in the future.
- * (Actually we've already saved a few 100 clocks by not loading the trap gate)
  */
 IDTVEC(syscall)
 #ifndef XEN

CVS commit: src/sys/kern

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Tue Aug  8 16:57:32 UTC 2017

Modified Files:
src/sys/kern: kern_exec.c

Log Message:
Remove compat_svr4, compat_svr4_32 and compat_ibcs2 from the list of
autoloaded modules. These options are disabled everywhere (except ibcs2
on Vax, but Vax does not support kernel modules, so doesn't matter),
therefore there is no issue in removing them from the list. Interested
users will now have to do a 'modload' first, or uncomment the entries in
GENERIC.


To generate a diff of this commit:
cvs rdiff -u -r1.443 -r1.444 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.443 src/sys/kern/kern_exec.c:1.444
--- src/sys/kern/kern_exec.c:1.443	Tue Aug  8 08:12:14 2017
+++ src/sys/kern/kern_exec.c	Tue Aug  8 16:57:32 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_exec.c,v 1.443 2017/08/08 08:12:14 maxv Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.444 2017/08/08 16:57:32 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.443 2017/08/08 08:12:14 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.444 2017/08/08 16:57:32 maxv Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -578,14 +578,11 @@ exec_autoload(void)
 		"exec_coff",
 		"exec_ecoff",
 		"compat_aoutm68k",
-		"compat_ibcs2",
 		"compat_linux",
 		"compat_linux32",
 		"compat_netbsd32",
 		"compat_sunos",
 		"compat_sunos32",
-		"compat_svr4",
-		"compat_svr4_32",
 		"compat_ultrix",
 		NULL
 	};

CVS commit: [netbsd-8] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 16:24:03 UTC 2017

Modified Files:
src/doc [netbsd-8]: CHANGES-8.0

Log Message:
Tickets #188 - #191


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.35 -r1.1.2.36 src/doc/CHANGES-8.0

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-8.0
diff -u src/doc/CHANGES-8.0:1.1.2.35 src/doc/CHANGES-8.0:1.1.2.36
--- src/doc/CHANGES-8.0:1.1.2.35	Sat Aug  5 05:12:46 2017
+++ src/doc/CHANGES-8.0	Tue Aug  8 16:24:03 2017
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-8.0,v 1.1.2.35 2017/08/05 05:12:46 snj Exp $
+# $NetBSD: CHANGES-8.0,v 1.1.2.36 2017/08/08 16:24:03 martin Exp $
 
 A complete list of changes from the initial NetBSD 8.0 branch on 2017-06-04
 until the 8.0 release:
@@ -5090,3 +5090,36 @@ sys/dev/ic/bwi.c1.32
 	an mbuf length that is too big
 	[spz, ticket #187]
 
+sys/compat/linux/common/linux_time.c		1.38,1.39
+
+	Only let the superuser set the compat_linux timezone.
+	[spz, ticket #188]
+
+sys/compat/svr4/svr4_lwp.c			1.20
+sys/compat/svr4/svr4_signal.c			1.67
+sys/compat/svr4/svr4_stream.c			1.89-1.91
+sys/compat/svr4_32/svr4_32_signal.c		1.29
+
+	Fix some of the multitudinous holes in svr4 streams.
+	Zero stack data before copyout.
+	Fix indexing of svr4 signals.
+	Attempt to get reference counting less bad.
+	Check bounds in svr4_sys_putmsg. Check more svr4_strmcmd bounds.
+	[spz, ticket #189]
+
+sys/dev/vnd.c	1.260,1.262
+
+	Fix int overflows / truncation issues in vndioctl, which
+	could cause memory corruption.
+	[spz, ticket #190]
+
+sys/compat/ibcs2/ibcs2_exec_coff.c		1.27-1.29
+sys/compat/ibcs2/ibcs2_ioctl.c			1.46
+sys/compat/ibcs2/ibcs2_stat.c			1.49-1.50
+
+	Out of bound read and endless loop in exec_ibcs2_coff_prep_zmagic().
+	Infoleak in ibcs2_sys_ioctl.
+	Potenial use of expired pointers in ibcs2_sys_statfs()/
+	ibcs2_sys_statvfs()
+	[spz, ticket #191]
+

CVS commit: [netbsd-8] src/sys/compat/ibcs2

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 16:21:35 UTC 2017

Modified Files:
src/sys/compat/ibcs2 [netbsd-8]: ibcs2_exec_coff.c ibcs2_ioctl.c
ibcs2_stat.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #191):
sys/compat/ibcs2/ibcs2_ioctl.c: revision 1.46
sys/compat/ibcs2/ibcs2_stat.c: revision 1.50
sys/compat/ibcs2/ibcs2_exec_coff.c: revision 1.27
sys/compat/ibcs2/ibcs2_exec_coff.c: revision 1.28
sys/compat/ibcs2/ibcs2_exec_coff.c: revision 1.29
sys/compat/ibcs2/ibcs2_stat.c: revision 1.49
Check for NUL termination within the buffer we have.
>From Ilja Van Sprundel.
Make sure we have enough space in the buffer before reading it.
>From Ilja Van Sprundel.
Make sure we move forward over the buffer.
>From Ilja Van Sprundel.
Zero buffers in ibcs2 ioctl to avoid disclosing stack to userland.
>From Ilja Van Sprundel.
Don't drop vnode ref until we're done with mount in ibcs2_stat(v)fs.
Nothing else guarantees the mount will stick around.
>From Ilja Van Sprundel.
Little happy on the commit trigger.  Actually use the out label.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.26.22.1 src/sys/compat/ibcs2/ibcs2_exec_coff.c
cvs rdiff -u -r1.45 -r1.45.76.1 src/sys/compat/ibcs2/ibcs2_ioctl.c
cvs rdiff -u -r1.48 -r1.48.12.1 src/sys/compat/ibcs2/ibcs2_stat.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/compat/ibcs2/ibcs2_exec_coff.c
diff -u src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.26 src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.26.22.1
--- src/sys/compat/ibcs2/ibcs2_exec_coff.c:1.26	Fri Oct 25 14:46:35 2013
+++ src/sys/compat/ibcs2/ibcs2_exec_coff.c	Tue Aug  8 16:21:35 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ibcs2_exec_coff.c,v 1.26 2013/10/25 14:46:35 martin Exp $	*/
+/*	$NetBSD: ibcs2_exec_coff.c,v 1.26.22.1 2017/08/08 16:21:35 martin Exp $	*/
 
 /*
  * Copyright (c) 1994, 1995, 1998 Scott Bartram
@@ -35,7 +35,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.26 2013/10/25 14:46:35 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_exec_coff.c,v 1.26.22.1 2017/08/08 16:21:35 martin Exp $");
 
 #include 
 #include 
@@ -454,6 +454,10 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
 		}
 		bufp = tbuf;
 		while (len) {
+			if (len < sizeof(struct coff_slhdr)) {
+free(tbuf, M_TEMP);
+return ENOEXEC;
+			}
 			slhdr = (struct coff_slhdr *)bufp;
 
 			if (slhdr->path_index > LONG_MAX / sizeof(long) ||
@@ -465,7 +469,9 @@ exec_ibcs2_coff_prep_zmagic(struct lwp *
 			/* path_index = slhdr->path_index * sizeof(long); */
 			entry_len = slhdr->entry_len * sizeof(long);
 
-			if (entry_len > len) {
+			if (entry_len < sizeof(struct coff_slhdr) ||
+			entry_len > len ||
+			strnlen(slhdr->sl_name, entry_len) == entry_len) {
 free(tbuf, M_TEMP);
 return ENOEXEC;
 			}

Index: src/sys/compat/ibcs2/ibcs2_ioctl.c
diff -u src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45 src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45.76.1
--- src/sys/compat/ibcs2/ibcs2_ioctl.c:1.45	Tue Jun 24 10:03:17 2008
+++ src/sys/compat/ibcs2/ibcs2_ioctl.c	Tue Aug  8 16:21:35 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $	*/
+/*	$NetBSD: ibcs2_ioctl.c,v 1.45.76.1 2017/08/08 16:21:35 martin Exp $	*/
 
 /*
  * Copyright (c) 1994, 1995 Scott Bartram
@@ -27,7 +27,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45 2008/06/24 10:03:17 gmcgarry Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_ioctl.c,v 1.45.76.1 2017/08/08 16:21:35 martin Exp $");
 
 #include 
 #include 
@@ -402,8 +402,10 @@ ibcs2_sys_ioctl(struct lwp *l, const str
 		if ((error = (*ctl)(fp, TIOCGETA, )) != 0)
 			goto out;
 
+		memset(, 0, sizeof(sts));
 		btios2stios(, );
 		if (SCARG(uap, cmd) == IBCS2_TCGETA) {
+			memset(, 0, sizeof(st));
 			stios2stio(, );
 			error = copyout(, SCARG(uap, data), sizeof(st));
 			if (error)
@@ -559,6 +561,7 @@ ibcs2_sys_gtty(struct lwp *l, const stru
 
 	fd_putfile(SCARG(uap, fd));
 
+	memset(, 0, sizeof(itb));
 	itb.sg_ispeed = tb.sg_ispeed;
 	itb.sg_ospeed = tb.sg_ospeed;
 	itb.sg_erase = tb.sg_erase;

Index: src/sys/compat/ibcs2/ibcs2_stat.c
diff -u src/sys/compat/ibcs2/ibcs2_stat.c:1.48 src/sys/compat/ibcs2/ibcs2_stat.c:1.48.12.1
--- src/sys/compat/ibcs2/ibcs2_stat.c:1.48	Fri Sep  5 09:21:54 2014
+++ src/sys/compat/ibcs2/ibcs2_stat.c	Tue Aug  8 16:21:35 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: ibcs2_stat.c,v 1.48 2014/09/05 09:21:54 matt Exp $	*/
+/*	$NetBSD: ibcs2_stat.c,v 1.48.12.1 2017/08/08 16:21:35 martin Exp $	*/
 /*
  * Copyright (c) 1995, 1998 Scott Bartram
  * All rights reserved.
@@ -27,7 +27,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.48 2014/09/05 09:21:54 matt Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ibcs2_stat.c,v 1.48.12.1 2017/08/08 16:21:35 martin Exp $");
 
 #include 
 #include 
@@ -147,11 +147,13 @@ ibcs2_sys_statfs(struct 

CVS commit: [netbsd-8] src/sys/dev

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 16:12:57 UTC 2017

Modified Files:
src/sys/dev [netbsd-8]: vnd.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #190):
sys/dev/vnd.c: revision 1.260
sys/dev/vnd.c: revision 1.262
Put in a litany of judicious bounds checks around vnd headers.
Thought I was done with this crap after I rewrote vndcompress(1)!
>From Ilja Van Sprundel.
Appease toxic bullshit warning from gcc.
If you have a better way to write a useful bounds check that happens
to always pass on LP64 but doesn't always on LP32, without making it
fail to compile on LP64 or making it an #ifdef conditional on LP32,
please put it in here instead.


To generate a diff of this commit:
cvs rdiff -u -r1.259 -r1.259.6.1 src/sys/dev/vnd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/dev/vnd.c
diff -u src/sys/dev/vnd.c:1.259 src/sys/dev/vnd.c:1.259.6.1
--- src/sys/dev/vnd.c:1.259	Sat Mar 25 07:00:33 2017
+++ src/sys/dev/vnd.c	Tue Aug  8 16:12:56 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: vnd.c,v 1.259 2017/03/25 07:00:33 pgoyette Exp $	*/
+/*	$NetBSD: vnd.c,v 1.259.6.1 2017/08/08 16:12:56 martin Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997, 1998, 2008 The NetBSD Foundation, Inc.
@@ -91,7 +91,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.259 2017/03/25 07:00:33 pgoyette Exp $");
+__KERNEL_RCSID(0, "$NetBSD: vnd.c,v 1.259.6.1 2017/08/08 16:12:56 martin Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_vnd.h"
@@ -1284,6 +1284,13 @@ vndioctl(dev_t dev, u_long cmd, void *da
 goto close_and_exit;
 			}
 
+			if (ntohl(ch->block_size) == 0 ||
+			ntohl(ch->num_blocks) > UINT32_MAX - 1) {
+free(ch, M_TEMP);
+VOP_UNLOCK(nd.ni_vp);
+goto close_and_exit;
+			}
+
 			/* save some header info */
 			vnd->sc_comp_blksz = ntohl(ch->block_size);
 			/* note last offset is the file byte size */
@@ -1294,20 +1301,40 @@ vndioctl(dev_t dev, u_long cmd, void *da
 error = EINVAL;
 goto close_and_exit;
 			}
-			if (sizeof(struct vnd_comp_header) +
-			  sizeof(u_int64_t) * vnd->sc_comp_numoffs >
-			  vattr.va_size) {
+			KASSERT(0 < vnd->sc_comp_blksz);
+			KASSERT(0 < vnd->sc_comp_numoffs);
+			/*
+			 * @#^@!$& gcc -Wtype-limits refuses to let me
+			 * write SIZE_MAX/sizeof(uint64_t) < numoffs,
+			 * because the range of the type on amd64 makes
+			 * the comparisons always false.
+			 */
+#if SIZE_MAX <= UINT32_MAX*(64/CHAR_BIT)
+			if (SIZE_MAX/sizeof(uint64_t) < vnd->sc_comp_numoffs) {
+VOP_UNLOCK(nd.ni_vp);
+error = EINVAL;
+goto close_and_exit;
+			}
+#endif
+			if ((vattr.va_size < sizeof(struct vnd_comp_header)) ||
+			(vattr.va_size - sizeof(struct vnd_comp_header) <
+sizeof(uint64_t)*vnd->sc_comp_numoffs) ||
+			(UQUAD_MAX/vnd->sc_comp_blksz <
+vnd->sc_comp_numoffs - 1)) {
 VOP_UNLOCK(nd.ni_vp);
 error = EINVAL;
 goto close_and_exit;
 			}
 
 			/* set decompressed file size */
+			KASSERT(vnd->sc_comp_numoffs - 1 <=
+			UQUAD_MAX/vnd->sc_comp_blksz);
 			vattr.va_size =
 			((u_quad_t)vnd->sc_comp_numoffs - 1) *
 			 (u_quad_t)vnd->sc_comp_blksz;
 
 			/* allocate space for all the compressed offsets */
+			__CTASSERT(UINT32_MAX <= UQUAD_MAX/sizeof(uint64_t));
 			vnd->sc_comp_offsets =
 			malloc(sizeof(u_int64_t) * vnd->sc_comp_numoffs,
 			M_DEVBUF, M_WAITOK);

CVS commit: [netbsd-8] src/sys/compat

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 16:05:37 UTC 2017

Modified Files:
src/sys/compat/svr4 [netbsd-8]: svr4_lwp.c svr4_signal.c svr4_stream.c
src/sys/compat/svr4_32 [netbsd-8]: svr4_32_signal.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #189):
sys/compat/svr4/svr4_stream.c: revision 1.89
sys/compat/svr4/svr4_signal.c: revision 1.67
sys/compat/svr4/svr4_stream.c: revision 1.90
sys/compat/svr4/svr4_stream.c: revision 1.91
sys/compat/svr4_32/svr4_32_signal.c: revision 1.29
sys/compat/svr4/svr4_lwp.c: revision 1.20
Fix some of the multitudinous holes in svr4 streams.
We should never have enabled this by default; it is a minefield.
>From Ilja Van Sprundel.
Zero stack data before copyout.
>From Ilja Van Sprundel.
Fix indexing of svr4 signals.
>From Ilja Van Sprundel.
Feebly attempt to get this reference counting less bad.
This svr4 streams code is bad and it should feel bad.
>From Ilja Van Sprundel.
Check bounds in svr4_sys_putmsg.  Check more svr4_strmcmd bounds.
svr4 streams code is still a disaster.
>From Ilja Van Sprundel.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.19.56.1 src/sys/compat/svr4/svr4_lwp.c
cvs rdiff -u -r1.66 -r1.66.12.1 src/sys/compat/svr4/svr4_signal.c
cvs rdiff -u -r1.88 -r1.88.4.1 src/sys/compat/svr4/svr4_stream.c
cvs rdiff -u -r1.28 -r1.28.10.1 src/sys/compat/svr4_32/svr4_32_signal.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/compat/svr4/svr4_lwp.c
diff -u src/sys/compat/svr4/svr4_lwp.c:1.19 src/sys/compat/svr4/svr4_lwp.c:1.19.56.1
--- src/sys/compat/svr4/svr4_lwp.c:1.19	Mon Nov 23 00:46:07 2009
+++ src/sys/compat/svr4/svr4_lwp.c	Tue Aug  8 16:05:37 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $	*/
+/*	$NetBSD: svr4_lwp.c,v 1.19.56.1 2017/08/08 16:05:37 martin Exp $	*/
 
 /*-
  * Copyright (c) 1999 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19 2009/11/23 00:46:07 rmind Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_lwp.c,v 1.19.56.1 2017/08/08 16:05:37 martin Exp $");
 
 #include 
 #include 
@@ -108,6 +108,8 @@ svr4_sys__lwp_info(struct lwp *l, const 
 	struct svr4_lwpinfo lwpinfo;
 	int error;
 
+	memset(, 0, sizeof(lwpinfo));
+
 	/* XXX NJWLWP */
 	TIMEVAL_TO_TIMESPEC(>l_proc->p_stats->p_ru.ru_stime, _stime);
 	TIMEVAL_TO_TIMESPEC(>l_proc->p_stats->p_ru.ru_utime, _utime);

Index: src/sys/compat/svr4/svr4_signal.c
diff -u src/sys/compat/svr4/svr4_signal.c:1.66 src/sys/compat/svr4/svr4_signal.c:1.66.12.1
--- src/sys/compat/svr4/svr4_signal.c:1.66	Sun Nov  9 18:16:55 2014
+++ src/sys/compat/svr4/svr4_signal.c	Tue Aug  8 16:05:37 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: svr4_signal.c,v 1.66 2014/11/09 18:16:55 maxv Exp $	 */
+/*	$NetBSD: svr4_signal.c,v 1.66.12.1 2017/08/08 16:05:37 martin Exp $	 */
 
 /*-
  * Copyright (c) 1994, 1998 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.66 2014/11/09 18:16:55 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: svr4_signal.c,v 1.66.12.1 2017/08/08 16:05:37 martin Exp $");
 
 #include 
 #include 
@@ -72,6 +72,21 @@ void native_to_svr4_sigaction(const stru
 extern const int native_to_svr4_signo[];
 extern const int svr4_to_native_signo[];
 
+static int
+svr4_decode_signum(int signum, int *native_signo, int *sigcall)
+{
+
+	if (SVR4_SIGNO(signum) >= SVR4_NSIG)
+		return EINVAL;
+
+	if (native_signo)
+		*native_signo = svr4_to_native_signo[SVR4_SIGNO(signum)];
+	if (sigcall)
+		*sigcall = SVR4_SIGCALL(signum);
+
+	return 0;
+}
+
 static inline void
 svr4_sigfillset(svr4_sigset_t *s)
 {
@@ -173,6 +188,7 @@ svr4_sys_sigaction(struct lwp *l, const 
 	} */
 	struct svr4_sigaction nssa, ossa;
 	struct sigaction nbsa, obsa;
+	int native_signo;
 	int error;
 
 	if (SCARG(uap, nsa)) {
@@ -181,7 +197,12 @@ svr4_sys_sigaction(struct lwp *l, const 
 			return (error);
 		svr4_to_native_sigaction(, );
 	}
-	error = sigaction1(l, svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))],
+
+	error = svr4_decode_signum(SCARG(uap, signum), _signo, NULL);
+	if (error)
+		return error;
+
+	error = sigaction1(l, native_signo,
 	SCARG(uap, nsa) ?  : 0, SCARG(uap, osa) ?  : 0,
 	NULL, 0);
 	if (error)
@@ -216,16 +237,18 @@ svr4_sys_signal(struct lwp *l, const str
 		syscallarg(int) signum;
 		syscallarg(svr4_sig_t) handler;
 	} */
-	int signum = svr4_to_native_signo[SVR4_SIGNO(SCARG(uap, signum))];
+	int native_signo, sigcall;
 	struct proc *p = l->l_proc;
 	struct sigaction nbsa, obsa;
 	sigset_t ss;
 	int error;
 
-	if (signum <= 0 || signum >= SVR4_NSIG)
-		return (EINVAL);
+	error = svr4_decode_signum(SCARG(uap, signum), _signo,
+	);
+	if (error)
+		return error;
 
-	switch (SVR4_SIGCALL(SCARG(uap, signum))) {
+	switch (sigcall) {
 	case SVR4_SIGDEFER_MASK:
 		if (SCARG(uap, 

CVS commit: [netbsd-8] src/sys/compat/linux/common

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 15:59:04 UTC 2017

Modified Files:
src/sys/compat/linux/common [netbsd-8]: linux_time.c

Log Message:
Pull up following revision(s) (requested by spz in ticket #188):
sys/compat/linux/common/linux_time.c: revision 1.38
sys/compat/linux/common/linux_time.c: revision 1.39
Only let the superuser set the compat_linux timezone.
Not really keen to invent a new kauth cookie for this useless purpose.
>From Ilja Van Sprundel.
Put suser check in the right function: settimeofday, not gettimeofday.
While here, remove wrong comment.
Noted by kre@.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.37.22.1 src/sys/compat/linux/common/linux_time.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/compat/linux/common/linux_time.c
diff -u src/sys/compat/linux/common/linux_time.c:1.37 src/sys/compat/linux/common/linux_time.c:1.37.22.1
--- src/sys/compat/linux/common/linux_time.c:1.37	Mon Jan 13 10:33:03 2014
+++ src/sys/compat/linux/common/linux_time.c	Tue Aug  8 15:59:04 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: linux_time.c,v 1.37 2014/01/13 10:33:03 njoly Exp $ */
+/*	$NetBSD: linux_time.c,v 1.37.22.1 2017/08/08 15:59:04 martin Exp $ */
 
 /*-
  * Copyright (c) 2001 The NetBSD Foundation, Inc.
@@ -30,7 +30,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.37 2014/01/13 10:33:03 njoly Exp $");
+__KERNEL_RCSID(0, "$NetBSD: linux_time.c,v 1.37.22.1 2017/08/08 15:59:04 martin Exp $");
 
 #include 
 #include 
@@ -102,11 +102,10 @@ linux_sys_settimeofday(struct lwp *l, co
 			return (error);
 	}
 
-	/*
-	 * If user is not the superuser, we returned
-	 * after the sys_settimeofday() call.
-	 */
 	if (SCARG(uap, tzp)) {
+		if (kauth_authorize_generic(kauth_cred_get(),
+			KAUTH_GENERIC_ISSUSER, NULL) != 0)
+			return (EPERM);
 		error = copyin(SCARG(uap, tzp), _sys_tz, sizeof(linux_sys_tz));
 		if (error)
 			return (error);

CVS commit: src/sys/arch/evbmips/conf

[Maya Rashish]

Module Name:src
Committed By:   maya
Date:   Tue Aug  8 12:22:21 UTC 2017

Modified Files:
src/sys/arch/evbmips/conf: std.loongson

Log Message:
Build the loongson kernels with all the binutils loongson2f errata workarounds

>From Zhang Fuxin via https://sourceware.org/ml/binutils/2009-11/msg00387.html

  - The NOP issue

"The nature of the erratum is deeply related to the microarchitecture of
Loongson-2. It uses roughly a 4-way superscalar dynamically scheduled core,
instructions are excuted as much as possible in parallel with technics like
branch prediction etc. We use a 8-entry internal branch prediction queue to
keep track of each predicted branches, if some branches are proved to be
wrongly predicted, all the instructions following it will be cancelled,together
with the resources used by them, including the registers used for renaming, and
the queue entry will be freeed. There is a bug that might cause a hang when the
queue is full(some resources might been leaked due to conflict branch entries),
the workaround is to reduce the possiblity of branch queue full by using
renaming registers(they are also limited, can prevent too many simutaneos
branches). In theory this is still not enough to fully eliminate possible
hangs, but the possiblity is extremely low now and hard to be hit in real
code."

  - The JUMP instructions issue

"The Loongson-2 series processors have quite complex micro-architecture, it will
try to execute instructions from the predicated branch of coming instruction
stream before they are confirmed to be run, if the predication of branch
direction is proved wrong later, the instructions will be cancelled, but if the
instructions is a read from memory, the read action might not be cancelled(but
the changes to register will) to enable some prefetch. This will lead to some
problems when compining with some chipsets. E.g. the AMD CS5536 used in
Yeeloong/Fuloong will hang if it gets an address in the physical address range
of 0x10-0x20(might be more other ranges). Speculative reads can perform
read at any address in theory(due to wrong prediction of branch directions and
the use of branch target buffer), thus in very few occasions they might cause a
hard lock of the machine.

To prevent this, we need to prevent some addresses from entering branch
target buffers. A way to do this is that to modify all jump targets, e.g.,
 calulations of t9
 ...
 jalr t9  =>
 calculations of t9
 or t9, t9, 0x8000;  // to make sure t9 is in kseg0
 jalr t9
Of course, we have to consider 64/32bit, and modules addresses etc.

This only need to be performed on kernel code, because only there we can have
accesses not translated/limited by TLB. For user code, it is impossible to
generate accesses to unwanted physical address. So it is safe.

Also, to prevent addresses generated by user mode code to be used by the
kernel, we add a few empty jumps to flush the BTB upon entrance to kernel."


To generate a diff of this commit:
cvs rdiff -u -r1.1 -r1.2 src/sys/arch/evbmips/conf/std.loongson

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/evbmips/conf/std.loongson
diff -u src/sys/arch/evbmips/conf/std.loongson:1.1 src/sys/arch/evbmips/conf/std.loongson:1.2
--- src/sys/arch/evbmips/conf/std.loongson:1.1	Sat Aug 27 13:42:44 2011
+++ src/sys/arch/evbmips/conf/std.loongson	Tue Aug  8 12:22:21 2017
@@ -1,4 +1,4 @@
-# $NetBSD: std.loongson,v 1.1 2011/08/27 13:42:44 bouyer Exp $
+# $NetBSD: std.loongson,v 1.2 2017/08/08 12:22:21 maya Exp $
 
 machine evbmips mips
 include		"conf/std"	# MI standard options
@@ -21,10 +21,7 @@ options		EXEC_ELF32	# exec ELF32 binarie
 options		EXEC_SCRIPT	# exec #! scripts
 options 	COMPAT_NETBSD32
 
-#makeoptions	AFLAGS+="-Wa,-mfix-loongson2f-jump -Wa,-mfix-loongson2f-nop"
-#makeoptions	CFLAGS+="-Wa,-mfix-loongson2f-jump -Wa,-mfix-loongson2f-nop"
-#makeoptions	CPUFLAGS="-mips3 -mdivide-breaks" # CPU codegen options
-makeoptions	CPUFLAGS="-mips3 -mdivide-breaks -Wa,-mfix-loongson2f-btb" # CPU codegen options
+makeoptions	CPUFLAGS="-mips3 -mdivide-breaks -Wa,-mfix-loongson2f-btb -Wa,-mfix-loongson2f-jump -Wa,-mfix-loongson2f-nop" # CPU codegen options
 makeoptions	DEFTEXTADDR="0x8020"
 makeoptions	BOARDTYPE="loongson"
 

CVS commit: [netbsd-6] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 12:01:20 UTC 2017

Modified Files:
src/doc [netbsd-6]: CHANGES-6.2

Log Message:
Ticket #1464


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.293 -r1.1.2.294 src/doc/CHANGES-6.2

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.2
diff -u src/doc/CHANGES-6.2:1.1.2.293 src/doc/CHANGES-6.2:1.1.2.294
--- src/doc/CHANGES-6.2:1.1.2.293	Sun Jul 23 14:30:15 2017
+++ src/doc/CHANGES-6.2	Tue Aug  8 12:01:20 2017
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.2,v 1.1.2.293 2017/07/23 14:30:15 snj Exp $
+# $NetBSD: CHANGES-6.2,v 1.1.2.294 2017/08/08 12:01:20 martin Exp $
 
 A complete list of changes from the 6.1 release until the 6.2 release:
 
@@ -18032,3 +18032,18 @@ sys/dev/pci/pciide_acer_reg.h			1.13
 	observed on Fire V100 and mSATA-SSD with mSATA to IDE adapter.
 	[nakayama, ticket #1463]
 
+sys/arch/i386/i386/trap.c: 		1.288		(patch)
+sys/arch/i386/i386/machdep.c:		1.783		(patch)
+sys/arch/i386/i386/locore.S:		1.146		(patch)
+sys/arch/amd64/amd64/locore.S:		1.122,1.124	(patch)
+sys/arch/amd64/amd64/machdep.c		1.254		(patch)
+sys/arch/amd64/amd64/trap.c:		1.95-1.96	(patch)
+
+	Remove the osyscall call gate and emulate it. There is a
+	one-instruction race in it that could panic the kernel.
+
+	Restore the ability to run netbsd 1.0 32-bit executables by
+	checking for the relevant lcall instruction in the trap handler
+	and treating it as a syscall.
+	[maxv, ticket #1464]
+

CVS commit: [netbsd-6] src/sys/arch

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 12:00:35 UTC 2017

Modified Files:
src/sys/arch/amd64/amd64 [netbsd-6]: locore.S machdep.c trap.c
src/sys/arch/i386/i386 [netbsd-6]: locore.S machdep.c trap.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1464):

sys/arch/i386/i386/trap.c: revision 1.288   (patch)
sys/arch/i386/i386/machdep.c:  revision 1.783   (patch)
sys/arch/i386/i386/locore.S:   revision 1.146   (patch)
sys/arch/amd64/amd64/locore.S: revision 1.122,1.124 (patch)
sys/arch/amd64/amd64/machdep.c revision 1.254   (patch)
sys/arch/amd64/amd64/trap.c:   revision 1.95-1.96   (patch)

Remove the osyscall call gate and emulate it. There is a
one-instruction race in it that could panic the kernel.

Restore the ability to run netbsd 1.0 32-bit executables by checking
for the relevant lcall instruction in the trap handler and treating it
as a syscall.


To generate a diff of this commit:
cvs rdiff -u -r1.66.2.1 -r1.66.2.2 src/sys/arch/amd64/amd64/locore.S
cvs rdiff -u -r1.175.2.8 -r1.175.2.9 src/sys/arch/amd64/amd64/machdep.c
cvs rdiff -u -r1.69.2.2 -r1.69.2.3 src/sys/arch/amd64/amd64/trap.c
cvs rdiff -u -r1.95.10.3 -r1.95.10.4 src/sys/arch/i386/i386/locore.S
cvs rdiff -u -r1.717.2.7 -r1.717.2.8 src/sys/arch/i386/i386/machdep.c
cvs rdiff -u -r1.262.8.1 -r1.262.8.2 src/sys/arch/i386/i386/trap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/amd64/locore.S
diff -u src/sys/arch/amd64/amd64/locore.S:1.66.2.1 src/sys/arch/amd64/amd64/locore.S:1.66.2.2
--- src/sys/arch/amd64/amd64/locore.S:1.66.2.1	Fri Apr 20 23:32:14 2012
+++ src/sys/arch/amd64/amd64/locore.S	Tue Aug  8 12:00:35 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.66.2.1 2012/04/20 23:32:14 riz Exp $	*/
+/*	$NetBSD: locore.S,v 1.66.2.2 2017/08/08 12:00:35 martin Exp $	*/
 
 /*
  * Copyright-o-rama!
@@ -1209,26 +1209,6 @@ NENTRY(child_trampoline)
 	.globl  _C_LABEL(osyscall_return)
 
 /*
- * oosyscall()
- *
- * Old call gate entry for syscall. only needed if we're
- * going to support running old i386 NetBSD 1.0 or ibcs2 binaries, etc,
- * on NetBSD/amd64.
- * The 64bit call gate can't request that arguments be copied from the
- * user stack (which the i386 code uses to get a gap for the flags).
- * push/pop are :: cycles.
- */
-IDTVEC(oosyscall)
-	/* Set rflags in trap frame. */
-	pushq	(%rsp)		# move user's %eip
-	pushq	16(%rsp)	# and %cs
-	popq	8(%rsp)
-	pushfq
-	popq	16(%rsp)
-	pushq	$7		# size of instruction for restart
-	jmp	osyscall1
-
-/*
  * osyscall()
  *
  * Trap gate entry for int $80 syscall, also used by sigreturn.
@@ -1240,7 +1220,6 @@ IDTVEC(osyscall)
 	addq $0x10,%rsp
 #endif
 	pushq	$2		# size of instruction for restart
-osyscall1:
 	pushq	$T_ASTFLT	# trap # for doing ASTs
 	INTRENTRY
 	STI(si)

Index: src/sys/arch/amd64/amd64/machdep.c
diff -u src/sys/arch/amd64/amd64/machdep.c:1.175.2.8 src/sys/arch/amd64/amd64/machdep.c:1.175.2.9
--- src/sys/arch/amd64/amd64/machdep.c:1.175.2.8	Sat Apr 20 09:59:39 2013
+++ src/sys/arch/amd64/amd64/machdep.c	Tue Aug  8 12:00:35 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.175.2.8 2013/04/20 09:59:39 bouyer Exp $	*/
+/*	$NetBSD: machdep.c,v 1.175.2.9 2017/08/08 12:00:35 martin Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -111,7 +111,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.175.2.8 2013/04/20 09:59:39 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.175.2.9 2017/08/08 12:00:35 martin Exp $");
 
 /* #define XENDEBUG_LOW  */
 
@@ -1575,7 +1575,6 @@ typedef void (vector)(void);
 extern vector IDTVEC(syscall);
 extern vector IDTVEC(syscall32);
 extern vector IDTVEC(osyscall);
-extern vector IDTVEC(oosyscall);
 extern vector *IDTVEC(exceptions)[];
 
 static void
@@ -1838,10 +1837,7 @@ init_x86_64(paddr_t first_avail)
 	set_mem_segment(GDT_ADDR_MEM(gdtstore, GUDATA_SEL), 0,
 	x86_btop(VM_MAXUSER_ADDRESS) - 1, SDT_MEMRWA, SEL_UPL, 1, 0, 1);
 
-	/* make ldt gates and memory segments */
-	setgate((struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
-	(oosyscall), 0, SDT_SYS386CGT, SEL_UPL,
-	GSEL(GCODE_SEL, SEL_KPL));
+	/* make ldt memory segments */
 	*(struct mem_segment_descriptor *)(ldtstore + LUCODE_SEL) =
 	*GDT_ADDR_MEM(gdtstore, GUCODE_SEL);
 	*(struct mem_segment_descriptor *)(ldtstore + LUDATA_SEL) =
@@ -1873,16 +1869,6 @@ init_x86_64(paddr_t first_avail)
 	set_mem_segment(ldt_segp, 0, x86_btop(VM_MAXUSER_ADDRESS32) - 1,
 	SDT_MEMRWA, SEL_UPL, 1, 1, 0);
 
-	/*
-	 * Other entries.
-	 */
-	memcpy((struct gate_descriptor *)(ldtstore + LSOL26CALLS_SEL),
-	(struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
-	sizeof (struct gate_descriptor));
-	memcpy((struct gate_descriptor *)(ldtstore + LBSDICALLS_SEL),
-	(struct 

CVS commit: [netbsd-6-1] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 11:59:59 UTC 2017

Modified Files:
src/doc [netbsd-6-1]: CHANGES-6.1.6

Log Message:
Ticket #1464


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.99 -r1.1.2.100 src/doc/CHANGES-6.1.6

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.1.6
diff -u src/doc/CHANGES-6.1.6:1.1.2.99 src/doc/CHANGES-6.1.6:1.1.2.100
--- src/doc/CHANGES-6.1.6:1.1.2.99	Fri Jul 21 04:56:46 2017
+++ src/doc/CHANGES-6.1.6	Tue Aug  8 11:59:59 2017
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.1.6,v 1.1.2.99 2017/07/21 04:56:46 snj Exp $
+# $NetBSD: CHANGES-6.1.6,v 1.1.2.100 2017/08/08 11:59:59 martin Exp $
 
 A complete list of changes from the NetBSD 6.1.5 release to the NetBSD 6.1.6
 release:
@@ -11994,3 +11994,18 @@ sys/dev/cgd.c	patch
 	device is not configured.
 	[chs, ticket #1455]
 
+sys/arch/i386/i386/trap.c: 		1.288		(patch)
+sys/arch/i386/i386/machdep.c:		1.783		(patch)
+sys/arch/i386/i386/locore.S:		1.146		(patch)
+sys/arch/amd64/amd64/locore.S:		1.122,1.124	(patch)
+sys/arch/amd64/amd64/machdep.c		1.254		(patch)
+sys/arch/amd64/amd64/trap.c:		1.95-1.96	(patch)
+
+	Remove the osyscall call gate and emulate it. There is a
+	one-instruction race in it that could panic the kernel.
+
+	Restore the ability to run netbsd 1.0 32-bit executables by
+	checking for the relevant lcall instruction in the trap handler
+	and treating it as a syscall.
+	[maxv, ticket #1464]
+

CVS commit: [netbsd-6-1] src/sys/arch

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 11:59:16 UTC 2017

Modified Files:
src/sys/arch/amd64/amd64 [netbsd-6-1]: locore.S machdep.c trap.c
src/sys/arch/i386/i386 [netbsd-6-1]: locore.S machdep.c trap.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1464):

sys/arch/i386/i386/trap.c: revision 1.288   (patch)
sys/arch/i386/i386/machdep.c:  revision 1.783   (patch)
sys/arch/i386/i386/locore.S:   revision 1.146   (patch)
sys/arch/amd64/amd64/locore.S: revision 1.122,1.124 (patch)
sys/arch/amd64/amd64/machdep.c revision 1.254   (patch)
sys/arch/amd64/amd64/trap.c:   revision 1.95-1.96   (patch)

Remove the osyscall call gate and emulate it. There is a
one-instruction race in it that could panic the kernel.

Restore the ability to run netbsd 1.0 32-bit executables by checking
for the relevant lcall instruction in the trap handler and treating it
as a syscall.


To generate a diff of this commit:
cvs rdiff -u -r1.66.2.1 -r1.66.2.1.6.1 src/sys/arch/amd64/amd64/locore.S
cvs rdiff -u -r1.175.2.8 -r1.175.2.8.2.1 src/sys/arch/amd64/amd64/machdep.c
cvs rdiff -u -r1.69.2.1.6.1 -r1.69.2.1.6.2 src/sys/arch/amd64/amd64/trap.c
cvs rdiff -u -r1.95.10.3 -r1.95.10.3.2.1 src/sys/arch/i386/i386/locore.S
cvs rdiff -u -r1.717.2.7 -r1.717.2.7.6.1 src/sys/arch/i386/i386/machdep.c
cvs rdiff -u -r1.262.14.1 -r1.262.14.2 src/sys/arch/i386/i386/trap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/amd64/locore.S
diff -u src/sys/arch/amd64/amd64/locore.S:1.66.2.1 src/sys/arch/amd64/amd64/locore.S:1.66.2.1.6.1
--- src/sys/arch/amd64/amd64/locore.S:1.66.2.1	Fri Apr 20 23:32:14 2012
+++ src/sys/arch/amd64/amd64/locore.S	Tue Aug  8 11:59:16 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.66.2.1 2012/04/20 23:32:14 riz Exp $	*/
+/*	$NetBSD: locore.S,v 1.66.2.1.6.1 2017/08/08 11:59:16 martin Exp $	*/
 
 /*
  * Copyright-o-rama!
@@ -1209,26 +1209,6 @@ NENTRY(child_trampoline)
 	.globl  _C_LABEL(osyscall_return)
 
 /*
- * oosyscall()
- *
- * Old call gate entry for syscall. only needed if we're
- * going to support running old i386 NetBSD 1.0 or ibcs2 binaries, etc,
- * on NetBSD/amd64.
- * The 64bit call gate can't request that arguments be copied from the
- * user stack (which the i386 code uses to get a gap for the flags).
- * push/pop are :: cycles.
- */
-IDTVEC(oosyscall)
-	/* Set rflags in trap frame. */
-	pushq	(%rsp)		# move user's %eip
-	pushq	16(%rsp)	# and %cs
-	popq	8(%rsp)
-	pushfq
-	popq	16(%rsp)
-	pushq	$7		# size of instruction for restart
-	jmp	osyscall1
-
-/*
  * osyscall()
  *
  * Trap gate entry for int $80 syscall, also used by sigreturn.
@@ -1240,7 +1220,6 @@ IDTVEC(osyscall)
 	addq $0x10,%rsp
 #endif
 	pushq	$2		# size of instruction for restart
-osyscall1:
 	pushq	$T_ASTFLT	# trap # for doing ASTs
 	INTRENTRY
 	STI(si)

Index: src/sys/arch/amd64/amd64/machdep.c
diff -u src/sys/arch/amd64/amd64/machdep.c:1.175.2.8 src/sys/arch/amd64/amd64/machdep.c:1.175.2.8.2.1
--- src/sys/arch/amd64/amd64/machdep.c:1.175.2.8	Sat Apr 20 09:59:39 2013
+++ src/sys/arch/amd64/amd64/machdep.c	Tue Aug  8 11:59:16 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.175.2.8 2013/04/20 09:59:39 bouyer Exp $	*/
+/*	$NetBSD: machdep.c,v 1.175.2.8.2.1 2017/08/08 11:59:16 martin Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -111,7 +111,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.175.2.8 2013/04/20 09:59:39 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.175.2.8.2.1 2017/08/08 11:59:16 martin Exp $");
 
 /* #define XENDEBUG_LOW  */
 
@@ -1575,7 +1575,6 @@ typedef void (vector)(void);
 extern vector IDTVEC(syscall);
 extern vector IDTVEC(syscall32);
 extern vector IDTVEC(osyscall);
-extern vector IDTVEC(oosyscall);
 extern vector *IDTVEC(exceptions)[];
 
 static void
@@ -1838,10 +1837,7 @@ init_x86_64(paddr_t first_avail)
 	set_mem_segment(GDT_ADDR_MEM(gdtstore, GUDATA_SEL), 0,
 	x86_btop(VM_MAXUSER_ADDRESS) - 1, SDT_MEMRWA, SEL_UPL, 1, 0, 1);
 
-	/* make ldt gates and memory segments */
-	setgate((struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
-	(oosyscall), 0, SDT_SYS386CGT, SEL_UPL,
-	GSEL(GCODE_SEL, SEL_KPL));
+	/* make ldt memory segments */
 	*(struct mem_segment_descriptor *)(ldtstore + LUCODE_SEL) =
 	*GDT_ADDR_MEM(gdtstore, GUCODE_SEL);
 	*(struct mem_segment_descriptor *)(ldtstore + LUDATA_SEL) =
@@ -1873,16 +1869,6 @@ init_x86_64(paddr_t first_avail)
 	set_mem_segment(ldt_segp, 0, x86_btop(VM_MAXUSER_ADDRESS32) - 1,
 	SDT_MEMRWA, SEL_UPL, 1, 1, 0);
 
-	/*
-	 * Other entries.
-	 */
-	memcpy((struct gate_descriptor *)(ldtstore + LSOL26CALLS_SEL),
-	(struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
-	sizeof (struct gate_descriptor));
-	memcpy((struct gate_descriptor 

CVS commit: [netbsd-6-0] src/doc

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 11:58:43 UTC 2017

Modified Files:
src/doc [netbsd-6-0]: CHANGES-6.0.7

Log Message:
Ticket #1464


To generate a diff of this commit:
cvs rdiff -u -r1.1.2.101 -r1.1.2.102 src/doc/CHANGES-6.0.7

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/doc/CHANGES-6.0.7
diff -u src/doc/CHANGES-6.0.7:1.1.2.101 src/doc/CHANGES-6.0.7:1.1.2.102
--- src/doc/CHANGES-6.0.7:1.1.2.101	Fri Jul 21 05:04:08 2017
+++ src/doc/CHANGES-6.0.7	Tue Aug  8 11:58:43 2017
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-6.0.7,v 1.1.2.101 2017/07/21 05:04:08 snj Exp $
+# $NetBSD: CHANGES-6.0.7,v 1.1.2.102 2017/08/08 11:58:43 martin Exp $
 
 A complete list of changes from the NetBSD 6.0.6 release to the NetBSD 6.0.7
 release:
@@ -12302,3 +12302,18 @@ sys/dev/cgd.c	patch
 	device is not configured.
 	[chs, ticket #1455]
 
+sys/arch/i386/i386/trap.c: 		1.288		(patch)
+sys/arch/i386/i386/machdep.c:		1.783		(patch)
+sys/arch/i386/i386/locore.S:		1.146		(patch)
+sys/arch/amd64/amd64/locore.S:		1.122,1.124	(patch)
+sys/arch/amd64/amd64/machdep.c		1.254		(patch)
+sys/arch/amd64/amd64/trap.c:		1.95-1.96	(patch)
+
+	Remove the osyscall call gate and emulate it. There is a
+	one-instruction race in it that could panic the kernel.
+
+	Restore the ability to run netbsd 1.0 32-bit executables by
+	checking for the relevant lcall instruction in the trap handler
+	and treating it as a syscall.
+	[maxv, ticket #1464]
+

CVS commit: [netbsd-6-0] src/sys/arch

[Martin Husemann]

Module Name:src
Committed By:   martin
Date:   Tue Aug  8 11:55:20 UTC 2017

Modified Files:
src/sys/arch/amd64/amd64 [netbsd-6-0]: locore.S machdep.c trap.c
src/sys/arch/i386/i386 [netbsd-6-0]: locore.S machdep.c trap.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #1464):

sys/arch/i386/i386/trap.c: revision 1.288   (patch)
sys/arch/i386/i386/machdep.c:  revision 1.783   (patch)
sys/arch/i386/i386/locore.S:   revision 1.146   (patch)
sys/arch/amd64/amd64/locore.S: revision 1.122,1.124 (patch)
sys/arch/amd64/amd64/machdep.c revision 1.254   (patch)
sys/arch/amd64/amd64/trap.c:   revision 1.95-1.96   (patch)

Remove the osyscall call gate and emulate it. There is a
one-instruction race in it that could panic the kernel.

Restore the ability to run netbsd 1.0 32-bit executables by checking
for the relevant lcall instruction in the trap handler and treating it
as a syscall.


To generate a diff of this commit:
cvs rdiff -u -r1.66.2.1 -r1.66.2.1.4.1 src/sys/arch/amd64/amd64/locore.S
cvs rdiff -u -r1.175.2.7.2.1 -r1.175.2.7.2.2 \
src/sys/arch/amd64/amd64/machdep.c
cvs rdiff -u -r1.69.2.1.4.1 -r1.69.2.1.4.2 src/sys/arch/amd64/amd64/trap.c
cvs rdiff -u -r1.95.10.2 -r1.95.10.2.4.1 src/sys/arch/i386/i386/locore.S
cvs rdiff -u -r1.717.2.7 -r1.717.2.7.4.1 src/sys/arch/i386/i386/machdep.c
cvs rdiff -u -r1.262.12.1 -r1.262.12.2 src/sys/arch/i386/i386/trap.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/amd64/amd64/locore.S
diff -u src/sys/arch/amd64/amd64/locore.S:1.66.2.1 src/sys/arch/amd64/amd64/locore.S:1.66.2.1.4.1
--- src/sys/arch/amd64/amd64/locore.S:1.66.2.1	Fri Apr 20 23:32:14 2012
+++ src/sys/arch/amd64/amd64/locore.S	Tue Aug  8 11:55:20 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: locore.S,v 1.66.2.1 2012/04/20 23:32:14 riz Exp $	*/
+/*	$NetBSD: locore.S,v 1.66.2.1.4.1 2017/08/08 11:55:20 martin Exp $	*/
 
 /*
  * Copyright-o-rama!
@@ -1209,26 +1209,6 @@ NENTRY(child_trampoline)
 	.globl  _C_LABEL(osyscall_return)
 
 /*
- * oosyscall()
- *
- * Old call gate entry for syscall. only needed if we're
- * going to support running old i386 NetBSD 1.0 or ibcs2 binaries, etc,
- * on NetBSD/amd64.
- * The 64bit call gate can't request that arguments be copied from the
- * user stack (which the i386 code uses to get a gap for the flags).
- * push/pop are :: cycles.
- */
-IDTVEC(oosyscall)
-	/* Set rflags in trap frame. */
-	pushq	(%rsp)		# move user's %eip
-	pushq	16(%rsp)	# and %cs
-	popq	8(%rsp)
-	pushfq
-	popq	16(%rsp)
-	pushq	$7		# size of instruction for restart
-	jmp	osyscall1
-
-/*
  * osyscall()
  *
  * Trap gate entry for int $80 syscall, also used by sigreturn.
@@ -1240,7 +1220,6 @@ IDTVEC(osyscall)
 	addq $0x10,%rsp
 #endif
 	pushq	$2		# size of instruction for restart
-osyscall1:
 	pushq	$T_ASTFLT	# trap # for doing ASTs
 	INTRENTRY
 	STI(si)

Index: src/sys/arch/amd64/amd64/machdep.c
diff -u src/sys/arch/amd64/amd64/machdep.c:1.175.2.7.2.1 src/sys/arch/amd64/amd64/machdep.c:1.175.2.7.2.2
--- src/sys/arch/amd64/amd64/machdep.c:1.175.2.7.2.1	Sat Apr 20 10:00:58 2013
+++ src/sys/arch/amd64/amd64/machdep.c	Tue Aug  8 11:55:20 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: machdep.c,v 1.175.2.7.2.1 2013/04/20 10:00:58 bouyer Exp $	*/
+/*	$NetBSD: machdep.c,v 1.175.2.7.2.2 2017/08/08 11:55:20 martin Exp $	*/
 
 /*-
  * Copyright (c) 1996, 1997, 1998, 2000, 2006, 2007, 2008, 2011
@@ -111,7 +111,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.175.2.7.2.1 2013/04/20 10:00:58 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: machdep.c,v 1.175.2.7.2.2 2017/08/08 11:55:20 martin Exp $");
 
 /* #define XENDEBUG_LOW  */
 
@@ -1575,7 +1575,6 @@ typedef void (vector)(void);
 extern vector IDTVEC(syscall);
 extern vector IDTVEC(syscall32);
 extern vector IDTVEC(osyscall);
-extern vector IDTVEC(oosyscall);
 extern vector *IDTVEC(exceptions)[];
 
 static void
@@ -1838,10 +1837,7 @@ init_x86_64(paddr_t first_avail)
 	set_mem_segment(GDT_ADDR_MEM(gdtstore, GUDATA_SEL), 0,
 	x86_btop(VM_MAXUSER_ADDRESS) - 1, SDT_MEMRWA, SEL_UPL, 1, 0, 1);
 
-	/* make ldt gates and memory segments */
-	setgate((struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
-	(oosyscall), 0, SDT_SYS386CGT, SEL_UPL,
-	GSEL(GCODE_SEL, SEL_KPL));
+	/* make ldt memory segments */
 	*(struct mem_segment_descriptor *)(ldtstore + LUCODE_SEL) =
 	*GDT_ADDR_MEM(gdtstore, GUCODE_SEL);
 	*(struct mem_segment_descriptor *)(ldtstore + LUDATA_SEL) =
@@ -1873,16 +1869,6 @@ init_x86_64(paddr_t first_avail)
 	set_mem_segment(ldt_segp, 0, x86_btop(VM_MAXUSER_ADDRESS32) - 1,
 	SDT_MEMRWA, SEL_UPL, 1, 1, 0);
 
-	/*
-	 * Other entries.
-	 */
-	memcpy((struct gate_descriptor *)(ldtstore + LSOL26CALLS_SEL),
-	(struct gate_descriptor *)(ldtstore + LSYS5CALLS_SEL),
-	sizeof (struct gate_descriptor));
-	

CVS commit: src/sys/netipsec

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Tue Aug  8 10:41:33 UTC 2017

Modified Files:
src/sys/netipsec: keysock.c

Log Message:
Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called 
eventually from key_sendup_mbuf

If key_sendup_mbuf isn't passed a socket, the assertion fails.
Originally in this case sb->sb_so was softnet_lock and callers
held softnet_lock so the assertion was magically satisfied.
Now sb->sb_so is key_so_mtx and also softnet_lock isn't always
held by callers so the assertion can fail.

Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket.

Reported by knakahara@
Tested by knakahara@ and ozaki-r@


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 src/sys/netipsec/keysock.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/keysock.c
diff -u src/sys/netipsec/keysock.c:1.59 src/sys/netipsec/keysock.c:1.60
--- src/sys/netipsec/keysock.c:1.59	Thu Jul 27 09:53:57 2017
+++ src/sys/netipsec/keysock.c	Tue Aug  8 10:41:33 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: keysock.c,v 1.59 2017/07/27 09:53:57 ozaki-r Exp $	*/
+/*	$NetBSD: keysock.c,v 1.60 2017/08/08 10:41:33 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/keysock.c,v 1.3.2.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.59 2017/07/27 09:53:57 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: keysock.c,v 1.60 2017/08/08 10:41:33 ozaki-r Exp $");
 
 /* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
 
@@ -300,8 +300,8 @@ key_sendup(struct socket *so, struct sad
 }
 
 /* so can be NULL if target != KEY_SENDUP_ONE */
-int
-key_sendup_mbuf(struct socket *so, struct mbuf *m,
+static int
+_key_sendup_mbuf(struct socket *so, struct mbuf *m,
 		int target/*, sbprio */)
 {
 	struct mbuf *n;
@@ -433,6 +433,24 @@ key_sendup_mbuf(struct socket *so, struc
 	return error;
 }
 
+int
+key_sendup_mbuf(struct socket *so, struct mbuf *m,
+		int target/*, sbprio */)
+{
+	int error;
+
+	if (so == NULL)
+		mutex_enter(key_so_mtx);
+	else
+		KASSERT(solocked(so));
+
+	error = _key_sendup_mbuf(so, m, target);
+
+	if (so == NULL)
+		mutex_exit(key_so_mtx);
+	return error;
+}
+
 static int
 key_attach(struct socket *so, int proto)
 {

CVS commit: src/sys/arch/mips/mips

[Maya Rashish]

Module Name:src
Committed By:   maya
Date:   Tue Aug  8 09:34:59 UTC 2017

Modified Files:
src/sys/arch/mips/mips: mipsX_subr.S

Log Message:
Remove whitespace I just introduced


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 src/sys/arch/mips/mips/mipsX_subr.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/mips/mips/mipsX_subr.S
diff -u src/sys/arch/mips/mips/mipsX_subr.S:1.101 src/sys/arch/mips/mips/mipsX_subr.S:1.102
--- src/sys/arch/mips/mips/mipsX_subr.S:1.101	Tue Aug  8 09:33:41 2017
+++ src/sys/arch/mips/mips/mipsX_subr.S	Tue Aug  8 09:34:59 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: mipsX_subr.S,v 1.101 2017/08/08 09:33:41 maya Exp $	*/
+/*	$NetBSD: mipsX_subr.S,v 1.102 2017/08/08 09:34:59 maya Exp $	*/
 
 /*
  * Copyright 2002 Wasabi Systems, Inc.
@@ -1289,7 +1289,7 @@ NESTED_NOPROFILE(MIPSX(user_reserved_ins
 	 * Save a minimum of registers to see if this is rdhwr $3,$29
 	 */
 #ifdef MIPS3_LOONGSON2
-	li	k0,  MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE 
+	li	k0, MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE
 	mtc0	k0, MIPS_COP_0_DIAG
 #endif
 	/* K1 already has CURLWP */

CVS commit: src/sys/arch/mips/mips

[Maya Rashish]

Module Name:src
Committed By:   maya
Date:   Tue Aug  8 09:33:41 UTC 2017

Modified Files:
src/sys/arch/mips/mips: mipsX_subr.S

Log Message:
In working around loongson errata clear BTB and RAS, same as
other operating systems.

15 Errata: Issue of Out-of-order in loongson (translated)

In loongson 2F, because of the branch prediction, sometimes the CPU
may fetch the instructions from some unexpected area (for example I/O
space). It is an invalid operation. There are two ways for the CPU to
choose the branch target. The first one is predicting the branch
target according to the branch target history. The second one is
calculating the branch target by the ALU. There are most 8
instructions in the instruction window at the same time in loongson2f
(Remember the loongson 2f is superscalar, right?). Hence, the
branch target of an indirect branch(such as jr) could be got(may be
predicted by the branch target history) earlier and the instrctions of
the branch target could be prefetched even if there are branch
instructions before it. As a result, it is possible to fetch the
instructions from I/O region( say out-of the physical address range of
[0- 0x10]) in kernel model because of the instruction prefetch of
the branch target.

There are some suggestions to prevent prefetching instructions from
the I/O region in kernel mode.

(1) When switching from user model to kernel model, you should flush
the branch target history such as BTB and RAS.
(2) Doing some tricks to the indirect branch target to make sure that
the indirect branch target can not be in the I/O region.


To generate a diff of this commit:
cvs rdiff -u -r1.100 -r1.101 src/sys/arch/mips/mips/mipsX_subr.S

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/arch/mips/mips/mipsX_subr.S
diff -u src/sys/arch/mips/mips/mipsX_subr.S:1.100 src/sys/arch/mips/mips/mipsX_subr.S:1.101
--- src/sys/arch/mips/mips/mipsX_subr.S:1.100	Mon May 15 10:59:24 2017
+++ src/sys/arch/mips/mips/mipsX_subr.S	Tue Aug  8 09:33:41 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: mipsX_subr.S,v 1.100 2017/05/15 10:59:24 skrll Exp $	*/
+/*	$NetBSD: mipsX_subr.S,v 1.101 2017/08/08 09:33:41 maya Exp $	*/
 
 /*
  * Copyright 2002 Wasabi Systems, Inc.
@@ -1289,7 +1289,7 @@ NESTED_NOPROFILE(MIPSX(user_reserved_ins
 	 * Save a minimum of registers to see if this is rdhwr $3,$29
 	 */
 #ifdef MIPS3_LOONGSON2
-	li	k0, MIPS_DIAG_BTB_CLEAR
+	li	k0,  MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE 
 	mtc0	k0, MIPS_COP_0_DIAG
 #endif
 	/* K1 already has CURLWP */
@@ -1354,7 +1354,7 @@ NESTED_NOPROFILE(MIPSX(user_gen_exceptio
 	 * Save all the registers except the kernel temporaries onto the stack.
 	 */
 #ifdef MIPS3_LOONGSON2
-	li	k0, MIPS_DIAG_BTB_CLEAR
+	li	k0, MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE
 	mtc0	k0, MIPS_COP_0_DIAG
 #endif
 	/* K1 already has CURLWP */
@@ -1469,7 +1469,7 @@ NESTED_NOPROFILE(MIPSX(user_intr), CALLF
  * We don't need to save s0 - s8 because the compiler does it for us.
  */
 #ifdef MIPS3_LOONGSON2
-	li	k0, MIPS_DIAG_BTB_CLEAR
+	li	k0, MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE
 	mtc0	k0, MIPS_COP_0_DIAG
 #endif
 	/* k1 contains curlwp */
@@ -1661,7 +1661,7 @@ NESTED_NOPROFILE(MIPSX(systemcall), CALL
 	 * Save all the registers but kernel temporaries onto the stack.
 	 */
 #ifdef MIPS3_LOONGSON2
-	li	k0, MIPS_DIAG_BTB_CLEAR
+	li	k0, MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE
 	mtc0	k0, MIPS_COP_0_DIAG
 #endif
 	/* k1 already contains cpulwp */
@@ -2656,7 +2656,7 @@ MIPSX(user_return):
 	REG_L	s7, CALLFRAME_SIZ+TF_REG_S7(sp)		# $23
 	REG_L	s8, CALLFRAME_SIZ+TF_REG_S8(sp)		# $30
 #ifdef MIPS3_LOONGSON2
-	li	t0, (MIPS_DIAG_BTB_CLEAR|MIPS_DIAG_ITLB_CLEAR)
+	li	t0, (MIPS_DIAG_ITLB_CLEAR | MIPS_DIAG_BTB_CLEAR | MIPS_DIAG_RAS_DISABLE)
 	mtc0	t0, MIPS_COP_0_DIAG
 #endif
 MIPSX(user_intr_return):

CVS commit: src/sys/netipsec

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Tue Aug  8 08:24:34 UTC 2017

Modified Files:
src/sys/netipsec: key.c

Log Message:
Destroy sav only in the loop for DEAD sav


To generate a diff of this commit:
cvs rdiff -u -r1.217 -r1.218 src/sys/netipsec/key.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.217 src/sys/netipsec/key.c:1.218
--- src/sys/netipsec/key.c:1.217	Tue Aug  8 08:23:10 2017
+++ src/sys/netipsec/key.c	Tue Aug  8 08:24:34 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.217 2017/08/08 08:23:10 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.218 2017/08/08 08:24:34 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.217 2017/08/08 08:23:10 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.218 2017/08/08 08:24:34 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -4719,7 +4719,7 @@ restart:
 	restart_sav_LARVAL:
 		SAVLIST_READER_FOREACH(sav, sah, SADB_SASTATE_LARVAL) {
 			if (now - sav->created > key_larval_lifetime) {
-KEY_FREESAV();
+key_sa_chgstate(sav, SADB_SASTATE_DEAD);
 goto restart_sav_LARVAL;
 			}
 		}
@@ -4746,7 +4746,6 @@ restart:
  */
 if (sav->lft_c->sadb_lifetime_usetime == 0) {
 	key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-	KEY_FREESAV();
 } else {
 	key_sa_chgstate(sav, SADB_SASTATE_DYING);
 	/*
@@ -4792,7 +4791,6 @@ restart:
 			if (sav->lft_h->sadb_lifetime_addtime != 0 &&
 			now - sav->created > sav->lft_h->sadb_lifetime_addtime) {
 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-KEY_FREESAV();
 goto restart_sav_DYING;
 			}
 #if 0	/* XXX Should we keep to send expire message until HARD lifetime ? */
@@ -4816,27 +4814,15 @@ restart:
 			 sav->lft_h->sadb_lifetime_bytes <
 			 sav->lft_c->sadb_lifetime_bytes) {
 key_sa_chgstate(sav, SADB_SASTATE_DEAD);
-KEY_FREESAV();
 goto restart_sav_DYING;
 			}
 		}
 
 		/* delete entry in DEAD */
+	restart_sav_DEAD:
 		SAVLIST_READER_FOREACH(sav, sah, SADB_SASTATE_DEAD) {
-			/* sanity check */
-			if (sav->state != SADB_SASTATE_DEAD) {
-IPSECLOG(LOG_DEBUG,
-"invalid sav->state (queue: %d SA: %d): "
-"kill it anyway\n",
-SADB_SASTATE_DEAD, sav->state);
-			}
-
-			/*
-			 * do not call key_freesav() here.
-			 * sav should already be freed, and sav->refcnt
-			 * shows other references to sav
-			 * (such as from SPD).
-			 */
+			KEY_FREESAV();
+			goto restart_sav_DEAD;
 		}
 
 		s = pserialize_read_enter();

CVS commit: src/sys/netipsec

[Ryota Ozaki]

Module Name:src
Committed By:   ozaki-r
Date:   Tue Aug  8 08:23:10 UTC 2017

Modified Files:
src/sys/netipsec: key.c key.h key_debug.c

Log Message:
Introduce key_sa_refcnt and replace sav->refcnt with it (NFC)


To generate a diff of this commit:
cvs rdiff -u -r1.216 -r1.217 src/sys/netipsec/key.c
cvs rdiff -u -r1.27 -r1.28 src/sys/netipsec/key.h
cvs rdiff -u -r1.19 -r1.20 src/sys/netipsec/key_debug.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/netipsec/key.c
diff -u src/sys/netipsec/key.c:1.216 src/sys/netipsec/key.c:1.217
--- src/sys/netipsec/key.c:1.216	Tue Aug  8 04:17:34 2017
+++ src/sys/netipsec/key.c	Tue Aug  8 08:23:10 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.c,v 1.216 2017/08/08 04:17:34 ozaki-r Exp $	*/
+/*	$NetBSD: key.c,v 1.217 2017/08/08 08:23:10 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $	*/
 /*	$KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $	*/
 
@@ -32,7 +32,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.216 2017/08/08 04:17:34 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.217 2017/08/08 08:23:10 ozaki-r Exp $");
 
 /*
  * This code is referd to RFC 2367
@@ -1086,7 +1086,7 @@ key_lookup_sa_bysaidx(const struct secas
 			SA_ADDREF(sav);
 			KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
 			"DP cause refcnt++:%d SA:%p\n",
-			sav->refcnt, sav);
+			key_sa_refcnt(sav), sav);
 			break;
 		}
 	}
@@ -1107,7 +1107,7 @@ key_sendup_message_delete(struct secasva
 	if (satype == 0)
 		goto msgfail;
 
-	m = key_setsadbmsg(SADB_DELETE, 0, satype, 0, 0, sav->refcnt - 1);
+	m = key_setsadbmsg(SADB_DELETE, 0, satype, 0, 0, key_sa_refcnt(sav) - 1);
 	if (m == NULL)
 		goto msgfail;
 	result = m;
@@ -1292,7 +1292,7 @@ done:
 	pserialize_read_exit(s);
 
 	KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
-	"DP return SA:%p; refcnt %u\n", sav, sav ? sav->refcnt : 0);
+	"DP return SA:%p; refcnt %u\n", sav, key_sa_refcnt(sav));
 	return sav;
 }
 
@@ -1369,6 +1369,16 @@ key_sp_unref(struct secpolicy *sp, const
 	localcount_release(>localcount, _spd.cv, _spd.lock);
 }
 
+u_int
+key_sa_refcnt(const struct secasvar *sav)
+{
+
+	if (sav == NULL)
+		return 0;
+
+	return sav->refcnt;
+}
+
 void
 key_sa_ref(struct secasvar *sav, const char* where, int tag)
 {
@@ -3322,7 +3332,7 @@ static void
 key_freesaval(struct secasvar *sav)
 {
 
-	KASSERT(sav->refcnt == 0);
+	KASSERT(key_sa_refcnt(sav) == 0);
 
 	if (sav->replay != NULL)
 		kmem_intr_free(sav->replay, sav->replay_len);
@@ -3358,7 +3368,7 @@ key_setsaval(struct secasvar *sav, struc
 	KASSERT(mhp->msg != NULL);
 
 	/* We shouldn't initialize sav variables while someone uses it. */
-	KASSERT(sav->refcnt == 0);
+	KASSERT(key_sa_refcnt(sav) == 0);
 
 	/* SA */
 	if (mhp->ext[SADB_EXT_SA] != NULL) {
@@ -3542,7 +3552,7 @@ key_init_xform(struct secasvar *sav)
 	int error;
 
 	/* We shouldn't initialize sav variables while someone uses it. */
-	KASSERT(sav->refcnt == 0);
+	KASSERT(key_sa_refcnt(sav) == 0);
 
 	/* check SPI value */
 	switch (sav->sah->saidx.proto) {
@@ -3638,7 +3648,7 @@ key_setdumpsa(struct secasvar *sav, u_in
 
 	};
 
-	m = key_setsadbmsg(type, 0, satype, seq, pid, sav->refcnt);
+	m = key_setsadbmsg(type, 0, satype, seq, pid, key_sa_refcnt(sav));
 	if (m == NULL)
 		goto fail;
 	result = m;
@@ -5620,7 +5630,7 @@ key_getsavbyseq(struct secashead *sah, u
 			SA_ADDREF(sav);
 			KEYDEBUG_PRINTF(KEYDEBUG_IPSEC_STAMP,
 			"DP cause refcnt++:%d SA:%p\n",
-			sav->refcnt, sav);
+			key_sa_refcnt(sav), sav);
 			break;
 		}
 	}
@@ -7069,7 +7079,7 @@ key_expire(struct secasvar *sav)
 	KASSERTMSG(satype != 0, "invalid proto is passed");
 
 	/* set msg header */
-	m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, sav->refcnt);
+	m = key_setsadbmsg(SADB_EXPIRE, 0, satype, sav->seq, 0, key_sa_refcnt(sav));
 	if (!m) {
 		error = ENOBUFS;
 		goto fail;

Index: src/sys/netipsec/key.h
diff -u src/sys/netipsec/key.h:1.27 src/sys/netipsec/key.h:1.28
--- src/sys/netipsec/key.h:1.27	Thu Aug  3 06:32:51 2017
+++ src/sys/netipsec/key.h	Tue Aug  8 08:23:10 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: key.h,v 1.27 2017/08/03 06:32:51 ozaki-r Exp $	*/
+/*	$NetBSD: key.h,v 1.28 2017/08/08 08:23:10 ozaki-r Exp $	*/
 /*	$FreeBSD: src/sys/netipsec/key.h,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $	*/
 /*	$KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $	*/
 
@@ -61,6 +61,7 @@ u_int key_sp_refcnt(const struct secpoli
 void key_sp_ref(struct secpolicy *, const char*, int);
 void key_sp_unref(struct secpolicy *, const char*, int);
 void key_sa_ref(struct secasvar *, const char*, int);
+u_int key_sa_refcnt(const struct secasvar *);
 
 void key_socksplist_add(struct secpolicy *);
 

Index: src/sys/netipsec/key_debug.c
diff -u src/sys/netipsec/key_debug.c:1.19 src/sys/netipsec/key_debug.c:1.20
--- src/sys/netipsec/key_debug.c:1.19	Wed Jul 26 03:59:59 2017
+++ 

CVS commit: src/sys/kern

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Tue Aug  8 08:12:14 UTC 2017

Modified Files:
src/sys/kern: kern_exec.c

Log Message:
Remove compat_freebsd from the list of autoloaded modules. Interested users
will now have to type 'modload' to use it, or uncomment the entry in
GENERIC. I should have removed it when I disabled COMPAT_FREEBSD by
default, sorry about that.


To generate a diff of this commit:
cvs rdiff -u -r1.442 -r1.443 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.442 src/sys/kern/kern_exec.c:1.443
--- src/sys/kern/kern_exec.c:1.442	Fri Apr 21 15:10:34 2017
+++ src/sys/kern/kern_exec.c	Tue Aug  8 08:12:14 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_exec.c,v 1.442 2017/04/21 15:10:34 christos Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.443 2017/08/08 08:12:14 maxv Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include 
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442 2017/04/21 15:10:34 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.443 2017/08/08 08:12:14 maxv Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -578,7 +578,6 @@ exec_autoload(void)
 		"exec_coff",
 		"exec_ecoff",
 		"compat_aoutm68k",
-		"compat_freebsd",
 		"compat_ibcs2",
 		"compat_linux",
 		"compat_linux32",

CVS commit: src

[Maxime Villard]

Module Name:src
Committed By:   maxv
Date:   Tue Aug  8 08:04:06 UTC 2017

Modified Files:
src/distrib/sets/lists/comp: md.amd64 md.i386
src/sys/arch/i386/i386: genassym.cf
src/sys/arch/i386/include: Makefile
src/sys/compat/freebsd: freebsd_exec.c freebsd_exec_elf32.c
freebsd_fork.c freebsd_machdep.c freebsd_ptrace.c freebsd_syscall.c
freebsd_syscalls.c freebsd_sysent.c syscalls.master
Added Files:
src/sys/compat/freebsd: freebsd_machdep.h
Removed Files:
src/sys/arch/i386/include: freebsd_machdep.h

Log Message:
Move freebsd_machdep.h into sys/compat/freebsd, and don't install it. Now,
the compat_freebsd files are all contained in sys/compat/freebsd.


To generate a diff of this commit:
cvs rdiff -u -r1.247 -r1.248 src/distrib/sets/lists/comp/md.amd64
cvs rdiff -u -r1.171 -r1.172 src/distrib/sets/lists/comp/md.i386
cvs rdiff -u -r1.101 -r1.102 src/sys/arch/i386/i386/genassym.cf
cvs rdiff -u -r1.45 -r1.46 src/sys/arch/i386/include/Makefile
cvs rdiff -u -r1.14 -r0 src/sys/arch/i386/include/freebsd_machdep.h
cvs rdiff -u -r1.38 -r1.39 src/sys/compat/freebsd/freebsd_exec.c
cvs rdiff -u -r1.20 -r1.21 src/sys/compat/freebsd/freebsd_exec_elf32.c \
src/sys/compat/freebsd/freebsd_ptrace.c
cvs rdiff -u -r1.7 -r1.8 src/sys/compat/freebsd/freebsd_fork.c
cvs rdiff -u -r1.1 -r1.2 src/sys/compat/freebsd/freebsd_machdep.c \
src/sys/compat/freebsd/freebsd_syscall.c
cvs rdiff -u -r0 -r1.1 src/sys/compat/freebsd/freebsd_machdep.h
cvs rdiff -u -r1.84 -r1.85 src/sys/compat/freebsd/freebsd_syscalls.c
cvs rdiff -u -r1.86 -r1.87 src/sys/compat/freebsd/freebsd_sysent.c
cvs rdiff -u -r1.67 -r1.68 src/sys/compat/freebsd/syscalls.master

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/distrib/sets/lists/comp/md.amd64
diff -u src/distrib/sets/lists/comp/md.amd64:1.247 src/distrib/sets/lists/comp/md.amd64:1.248
--- src/distrib/sets/lists/comp/md.amd64:1.247	Tue Aug  1 20:07:43 2017
+++ src/distrib/sets/lists/comp/md.amd64	Tue Aug  8 08:04:05 2017
@@ -1,4 +1,4 @@
-# $NetBSD: md.amd64,v 1.247 2017/08/01 20:07:43 joerg Exp $
+# $NetBSD: md.amd64,v 1.248 2017/08/08 08:04:05 maxv Exp $
 
 ./usr/include/amd64comp-c-include
 ./usr/include/amd64/ansi.h			comp-c-include
@@ -485,7 +485,7 @@
 ./usr/include/i386/fenv.h			comp-c-include
 ./usr/include/i386/float.h			comp-c-include
 ./usr/include/i386/frame.h			comp-c-include
-./usr/include/i386/freebsd_machdep.h		comp-c-include
+./usr/include/i386/freebsd_machdep.h		comp-obsolete		obsolete
 ./usr/include/i386/gdt.h			comp-c-include
 ./usr/include/i386/ibcs2_machdep.h		comp-c-include
 ./usr/include/i386/ieee.h			comp-c-include

Index: src/distrib/sets/lists/comp/md.i386
diff -u src/distrib/sets/lists/comp/md.i386:1.171 src/distrib/sets/lists/comp/md.i386:1.172
--- src/distrib/sets/lists/comp/md.i386:1.171	Tue Aug  1 20:07:43 2017
+++ src/distrib/sets/lists/comp/md.i386	Tue Aug  8 08:04:05 2017
@@ -1,4 +1,4 @@
-# $NetBSD: md.i386,v 1.171 2017/08/01 20:07:43 joerg Exp $
+# $NetBSD: md.i386,v 1.172 2017/08/08 08:04:05 maxv Exp $
 ./usr/include/clang-3.4/__wmmintrin_aes.h	comp-obsolete		obsolete
 ./usr/include/clang-3.4/__wmmintrin_pclmul.h	comp-obsolete		obsolete
 ./usr/include/clang-3.4/ammintrin.h		comp-obsolete		obsolete
@@ -414,7 +414,7 @@
 ./usr/include/i386/fenv.h			comp-c-include
 ./usr/include/i386/float.h			comp-c-include
 ./usr/include/i386/frame.h			comp-c-include
-./usr/include/i386/freebsd_machdep.h		comp-c-include
+./usr/include/i386/freebsd_machdep.h		comp-obsolete		obsolete
 ./usr/include/i386/gdt.h			comp-c-include
 ./usr/include/i386/ibcs2_machdep.h		comp-c-include
 ./usr/include/i386/ieee.h			comp-c-include

Index: src/sys/arch/i386/i386/genassym.cf
diff -u src/sys/arch/i386/i386/genassym.cf:1.101 src/sys/arch/i386/i386/genassym.cf:1.102
--- src/sys/arch/i386/i386/genassym.cf:1.101	Sat Jul 29 12:07:45 2017
+++ src/sys/arch/i386/i386/genassym.cf	Tue Aug  8 08:04:05 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: genassym.cf,v 1.101 2017/07/29 12:07:45 maxv Exp $
+#	$NetBSD: genassym.cf,v 1.102 2017/08/08 08:04:05 maxv Exp $
 
 #
 # Copyright (c) 1998, 2006, 2007, 2008 The NetBSD Foundation, Inc.
@@ -113,7 +113,7 @@ include 
+include 
 endif
 
 if NIOAPIC > 0

Index: src/sys/arch/i386/include/Makefile
diff -u src/sys/arch/i386/include/Makefile:1.45 src/sys/arch/i386/include/Makefile:1.46
--- src/sys/arch/i386/include/Makefile:1.45	Sat Jul 29 12:07:45 2017
+++ src/sys/arch/i386/include/Makefile	Tue Aug  8 08:04:06 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.45 2017/07/29 12:07:45 maxv Exp $
+#	$NetBSD: Makefile,v 1.46 2017/08/08 08:04:06 maxv Exp $
 
 INCSDIR= /usr/include/i386
 
@@ -7,7 +7,7 @@ INCS=	ansi.h aout_machdep.h apmvar.h asm
 	cdefs.h cpu.h cpu_rng.h cputypes.h \
 	disklabel.h \
 	elf_machdep.h endian.h endian_machdep.h \
-	fenv.h float.h frame.h freebsd_machdep.h \
+	fenv.h float.h frame.h \
 	gdt.h \