OpenBSD 5.9 errata 004

[Stuart Henderson]

A problem in m_dup_pkt() can result in kernel crashes with carp(4).
Only 5.9 is affected.

A patch is available:

http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/004_mbuf.patch.sig

armv7: ampintc fdt attachment draft

[Patrick Wildt]

Hi,

based on the other changes this diff is a draft to make ampintc, the
generic interrupt controller code, FDT aware.

It basically only needs to see if the compatible string matches and
then read out two rows of regs/addresses.

Still, it needs to take care of the address- and size-cell sizes, as
the address and size values can be either of size 32-bit or 64-bit.

To make extraction of memory addresses easier I had implemented
fdt_get_memory_address().  As we want to use the OF_* API, would it make
sense to expose and implement that function as OF_* function, or should
I just do it manually like in this diff?

The code will probably be duplicated in every driver.  Most only need
one "reg" row though, which shortens the code a bit.

Patrick

diff --git sys/arch/arm/cortex/ampintc.c sys/arch/arm/cortex/ampintc.c
index 774b909..84294c4 100644
--- sys/arch/arm/cortex/ampintc.c
+++ sys/arch/arm/cortex/ampintc.c
@@ -29,6 +29,9 @@
 #include 
 #include 
 #include 
+#include 
+
+#include 
 
 /* offset from periphbase */
 #define ICP_ADDR   0x100
@@ -166,7 +169,10 @@ struct intrq {
 
 
 int ampintc_match(struct device *, void *, void *);
+int ampintc_match_fdt(struct device *, void *, void *);
 voidampintc_attach(struct device *, struct device *, void *);
+voidampintc_attach_cortex(struct device *, struct device *, void 
*);
+voidampintc_attach_fdt(struct device *, struct device *, void *);
 int ampintc_spllower(int);
 voidampintc_splx(int);
 int ampintc_splraise(int);
@@ -187,36 +193,63 @@ void   ampintc_intr_disable(int);
 voidampintc_route(int, int , int);
 
 struct cfattachampintc_ca = {
-   sizeof (struct ampintc_softc), ampintc_match, ampintc_attach
+   sizeof (struct ampintc_softc), ampintc_match, ampintc_attach_cortex
+};
+
+struct cfattachampintc_fdt_ca = {
+   sizeof (struct ampintc_softc), ampintc_match_fdt, ampintc_attach_fdt
 };
 
 struct cfdriver ampintc_cd = {
NULL, "ampintc", DV_DULL
 };
 
+static char *ampintc_compatibles[] = {
+   "arm,gic",
+   "arm,cortex-a7-gic",
+   "arm,cortex-a9-gic",
+   "arm,cortex-a15-gic",
+   NULL
+};
+
 int
 ampintc_match(struct device *parent, void *cfdata, void *aux)
 {
return (1);
 }
 
+int
+ampintc_match_fdt(struct device *parent, void *cfdata, void *aux)
+{
+   struct fdt_attach_args *fa = (struct fdt_attach_args *)aux;
+   char buffer[128];
+   int i;
+
+   if (fa->fa_node == 0)
+   return (0);
+
+   if (!OF_getprop(fa->fa_node, "compatible", buffer,
+   sizeof(buffer)))
+   return (0);
+
+   for (i = 0; ampintc_compatibles[i]; i++)
+   if (!strcmp(buffer, ampintc_compatibles[i]))
+   return (1);
+
+   return (0);
+}
+
 paddr_t gic_dist_base, gic_cpu_base, gic_dist_size, gic_cpu_size;
 
 void
-ampintc_attach(struct device *parent, struct device *self, void *args)
+ampintc_attach_cortex(struct device *parent, struct device *self,
+void *args)
 {
struct ampintc_softc *sc = (struct ampintc_softc *)self;
struct cortex_attach_args *ia = args;
-   int i, nintr;
-   bus_space_tag_t iot;
-   bus_space_handle_t  d_ioh, p_ioh;
-   uint32_ticp, icpsize, icd, icdsize;
+   uint32_t icp, icpsize, icd, icdsize;
 
-   ampintc = sc;
-
-   arm_init_smask();
-
-   iot = ia->ca_iot;
+   sc->sc_iot = ia->ca_iot;
icp = ia->ca_periphbase + ICP_ADDR;
icpsize = ICP_SIZE;
icd = ia->ca_periphbase + ICD_ADDR;
@@ -241,15 +274,104 @@ ampintc_attach(struct device *parent, struct device 
*self, void *args)
if (gic_dist_size)
icdsize = gic_dist_size;
 
-   if (bus_space_map(iot, icp, icpsize, 0, _ioh))
+   if (bus_space_map(sc->sc_iot, icp, icpsize, 0, >sc_p_ioh))
panic("ampintc_attach: ICP bus_space_map failed!");
 
-   if (bus_space_map(iot, icd, icdsize, 0, _ioh))
+   if (bus_space_map(sc->sc_iot, icd, icdsize, 0, >sc_d_ioh))
panic("ampintc_attach: ICD bus_space_map failed!");
 
-   sc->sc_iot = iot;
-   sc->sc_d_ioh = d_ioh;
-   sc->sc_p_ioh = p_ioh;
+   ampintc_attach(parent, self, args);
+}
+
+void
+ampintc_attach_fdt(struct device *parent, struct device *self,
+void *args)
+{
+   struct ampintc_softc *sc = (struct ampintc_softc *)self;
+   struct fdt_attach_args *fa = args;
+   uint32_t icp, icpsize, icd, icdsize;
+   int nac, nsc, inlen, pnode, off;
+   uint32_t buffer[8];
+
+   sc->sc_iot = fa->fa_iot;
+
+   if ((pnode = OF_parent(fa->fa_node)) == 0)
+   panic("ampintc_attach: cannot get device tree parent");
+
+   inlen = OF_getprop(pnode, "#address-cells", buffer,
+   sizeof(buffer));
+   if (inlen != sizeof(uint32_t))
+   

tcpdump: use /dev/bpf

[Martin Natano]

This is the first diff in a series to move base to /dev/bpf. I think
tcpdump is a good starting point, because it is easy to test.

Ok?

natano


Index: privsep_pcap.c
===
RCS file: /cvs/src/usr.sbin/tcpdump/privsep_pcap.c,v
retrieving revision 1.19
diff -u -p -r1.19 privsep_pcap.c
--- privsep_pcap.c  1 Oct 2015 13:18:40 -   1.19
+++ privsep_pcap.c  1 May 2016 20:25:19 -
@@ -175,20 +175,14 @@ int
 pcap_live(const char *device, int snaplen, int promisc, u_int dlt,
 u_int dirfilt)
 {
-   charbpf[sizeof "/dev/bpf00"];
-   int fd, n = 0;
+   int fd;
struct ifreqifr;
unsignedv;
 
if (device == NULL || snaplen <= 0)
return (-1);
 
-   do {
-   snprintf(bpf, sizeof(bpf), "/dev/bpf%d", n++);
-   fd = open(bpf, O_RDONLY);
-   } while (fd < 0 && errno == EBUSY);
-
-   if (fd < 0)
+   if ((fd = open("/dev/bpf", O_RDONLY)) == -1)
return (-1);
 
v = 32768;  /* XXX this should be a user-accessible hook */
Index: tcpdump.8
===
RCS file: /cvs/src/usr.sbin/tcpdump/tcpdump.8,v
retrieving revision 1.89
diff -u -p -r1.89 tcpdump.8
--- tcpdump.8   31 Mar 2016 15:53:25 -  1.89
+++ tcpdump.8   1 May 2016 20:25:19 -
@@ -44,7 +44,7 @@
 prints out the headers of packets on a network interface that match the boolean
 .Ar expression .
 You must have read access to
-.Pa /dev/bpf* .
+.Pa /dev/bpf .
 .Pp
 The options are as follows:
 .Bl -tag -width "-c count"

Re: sdmmc scsi inquiry emulation

[Mark Kettenis]

> Date: Sun, 1 May 2016 23:21:18 +0200 (CEST)
> From: Mark Kettenis 
> 
> Diff below provides a bit more meaningful information in the SCSI
> INQUIRY emulation.  It decodes the JDEC manufacturer ID code and
> provides the product string and revision number as read from the card.
> 
> For example:
> 
> scsibus1 at sdmmc2: 2 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct fixed
> sd0: 3768MB, 512 bytes/sector, 7716864 sectors
> scsibus2 at sdmmc0: 2 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
> sd1: 29184MB, 512 bytes/sector, 59768832 sectors
> 
> where sd0 is an SD card and sd1 is the eMMC soldered onto the board of
> the machine.
> 
> Note that the strncpy here is safe.  The strings in the scsi inquiry
> page don't have to be nul-terminated.

Theo isn't to thrilled about the use of strncpy(9), which might be
removed in the future.

The diff below uses strlcpy(9) and memcpy(9) in a way that should be
fairly easy to audit.

As a bonus it converts some bzero/bcopy calls into memset/memcpy.

Thoughts?


Index: sdmmc_scsi.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdmmc_scsi.c,v
retrieving revision 1.35
diff -u -p -r1.35 sdmmc_scsi.c
--- sdmmc_scsi.c14 Mar 2015 03:38:49 -  1.35
+++ sdmmc_scsi.c1 May 2016 22:31:27 -
@@ -376,8 +376,14 @@ void
 sdmmc_inquiry(struct scsi_xfer *xs)
 {
struct scsi_link *link = xs->sc_link;
+   struct sdmmc_softc *sc = link->adapter_softc;
+   struct sdmmc_scsi_softc *scbus = sc->sc_scsibus;
+   struct sdmmc_scsi_target *tgt = >sc_tgt[link->target];
struct scsi_inquiry_data inq;
struct scsi_inquiry *cdb = (struct scsi_inquiry *)xs->cmd;
+   char vendor[sizeof(inq.vendor) + 1];
+   char product[sizeof(inq.product) + 1];
+   char revision[sizeof(inq.revision) + 1];
 
 if (xs->cmdlen != sizeof(*cdb)) {
xs->error = XS_DRIVER_STUFFUP;
@@ -389,17 +395,43 @@ sdmmc_inquiry(struct scsi_xfer *xs)
goto done;
}
 
-   bzero(, sizeof inq);
+   memset(vendor, 0, sizeof(vendor));
+   memset(product, 0, sizeof(product));
+   memset(revision, 0, sizeof(revision));
+   switch (tgt->card->cid.mid) {
+   case 0x02:
+   case 0x45:
+   strlcpy(vendor, "Sandisk", sizeof(vendor));
+   break;
+   case 0x11:
+   strlcpy(vendor, "Toshiba", sizeof(vendor));
+   break;
+   case 0x13:
+   strlcpy(vendor, "Micron", sizeof(vendor));
+   break;
+   case 0x15:
+   strlcpy(vendor, "Samsung", sizeof(vendor));
+   break;
+   case 0x70:
+   strlcpy(vendor, "Kingston", sizeof(vendor));
+   break;
+   default:
+   strlcpy(vendor, "SD/MMC", sizeof(vendor));
+   break;
+   }
+   strlcpy(product, tgt->card->cid.pnm, sizeof(product));
+   snprintf(revision, sizeof(revision), "%04X", tgt->card->cid.rev);
+
+   memset(, 0, sizeof inq);
inq.device = T_DIRECT;
inq.version = 2;
inq.response_format = 2;
inq.additional_length = 32;
-   strlcpy(inq.vendor, "SD/MMC ", sizeof(inq.vendor));
-   snprintf(inq.product, sizeof(inq.product),
-   "Drive #%02d", link->target);
-   strlcpy(inq.revision, "   ", sizeof(inq.revision));
+   memcpy(inq.vendor, vendor, sizeof(inq.vendor));
+   memcpy(inq.product, product, sizeof(inq.product));
+   memcpy(inq.revision, revision, sizeof(inq.revision));
 
-   bcopy(, xs->data, MIN(xs->datalen, sizeof(inq)));
+   memcpy(xs->data, , MIN(xs->datalen, sizeof(inq)));
 
 done:
scsi_done(xs);

Re: sdmmc scsi inquiry emulation

[Todd C. Miller]

On Sun, 01 May 2016 23:21:18 +0200, Mark Kettenis wrote:

> Diff below provides a bit more meaningful information in the SCSI
> INQUIRY emulation.  It decodes the JDEC manufacturer ID code and
> provides the product string and revision number as read from the card.

Also looks good.  OK millert@

 - todd

Re: armv7: remove unused match function

[Mark Kettenis]

> Date: Sun, 1 May 2016 21:31:41 +0200
> From: Patrick Wildt 
> 
> Hi,
> 
> the armv7_match() function is unused as every platform implements its
> own (e.g. imx_match(), exynos_match()).
> 
> Ok to remove?

sure

Re: print sdmmc features

[Mark Kettenis]

> 
> To helpdebugging sdmmc problems, it would be useful if we printed a
> bit more information about the controller.  The diff below does this,
> and this is whatitlooks like on the APU2.
> 
> sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
> sdhc0: 63 MHz base clock
> sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
> 
> This tells me immediately why the transfer speeds on the APU2 are
> somewhat sub-optimal.  The base clock rate means that maximum bus
> clock that can be used to access the SD card is 31.5 MHz instead of 50
> MHz, reducing the throughput to about 60% of the theoretical maximum.
> 
> ok?

Ugh that diff also included bits to make your SD cards go at double
the speed.

Index: sdhc.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdhc.c,v
retrieving revision 1.48
diff -u -p -r1.48 sdhc.c
--- sdhc.c  1 May 2016 18:29:44 -   1.48
+++ sdhc.c  1 May 2016 19:23:49 -
@@ -209,6 +209,8 @@ sdhc_host_found(struct sdhc_softc *sc, b
goto err;
}
 
+   printf("%s: %d MHz base clock\n", DEVNAME(sc), hp->clkbase / 1000);
+
/*
 * XXX Set the data timeout counter value according to
 * capabilities. (2.2.15)
Index: sdmmc.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdmmc.c,v
retrieving revision 1.41
diff -u -p -r1.41 sdmmc.c
--- sdmmc.c 1 May 2016 16:04:39 -   1.41
+++ sdmmc.c 1 May 2016 19:23:49 -
@@ -98,6 +98,18 @@ sdmmc_attach(struct device *parent, stru
struct sdmmcbus_attach_args *saa = aux;
int error;
 
+   if (ISSET(saa->caps, SMC_CAPS_8BIT_MODE))
+   printf(": 8-bit");
+   else if (ISSET(saa->caps, SMC_CAPS_4BIT_MODE))
+   printf(": 4-bit");
+   else
+   printf(": 1-bit");
+   if (ISSET(saa->caps, SMC_CAPS_SD_HIGHSPEED))
+   printf(", sd high-speed");
+   if (ISSET(saa->caps, SMC_CAPS_MMC_HIGHSPEED))
+   printf(", mmc high-speed");
+   if (ISSET(saa->caps, SMC_CAPS_DMA))
+   printf(", dma");
printf("\n");
 
sc->sct = saa->sct;

Re: Speedup sdhc(4)

[Mark Kettenis]

> Date: Sat, 30 Apr 2016 13:31:21 +0200 (CEST)
> From: Mark Kettenis 
> 
> > From: John Troy 
> > Date: Fri, 29 Apr 2016 11:56:24 -0400
> > 
> > On 4/28/16 2:30 PM, Mark Kettenis wrote:
> > > So here are just the bits that add DMA support.  Since Theo likes this
> > > so much, I'd like to move forward with this.
> > >
> > > ok?
> > >
> > Hi Mark,
> > This diff seems to break things on my Lenovo Ideapad 100s. The 100s has 
> > an internal eMMC and a microSD card slot. As far as I can tell, reading 
> > from a microSD card breaks both eMMC and microSD.
> > 
> > Reading from the eMMC, twice for good measure:
> > # dd if=/dev/rsd0c of=/dev/null bs=1M count=1
> > 1+0 records in
> > 1+0 records out
> > 1048576 bytes transferred in 0.191 secs (5486853 bytes/sec)
> > # dd if=/dev/rsd0c of=/dev/null bs=1M count=1
> > 1+0 records in
> > 1+0 records out
> > 1048576 bytes transferred in 0.190 secs (5506851 bytes/sec)
> > 
> > Reading from the microSD:
> > # dd if=/dev/rsd1c of=/dev/null bs=1M count=1
> > dd: /dev/rsd1c: Input/output error
> > 0+0 records in
> > 0+0 records out
> > 0 bytes transferred in 3.019 secs (0 bytes/sec)
> > 
> > Reading from the eMMC again:
> > # dd if=/dev/rsd0c of=/dev/null bs=1M count=1
> > dd: /dev/rsd0c: Input/output error
> > 0+0 records in
> > 0+0 records out
> > 0 bytes transferred in 0.004 secs (0 bytes/sec)
> > 
> > At this point the system is unusable, and there's nothing else 
> > interesting in dmesg.
> 
> Can reproduce this on the Lenovo stick, which is in many ways very
> similar to the 100s.  So far I've not found a solution.
> 
> Since the diff gives significant improvements and seems to be
> completely stable if I leave the SD card slot empty, I've committed it
> anyway.  You may want to revert the changes to dev/acpi/sdhc_acpi.c
> for now if you intend to use the SD card slot on the 100s.
> 
> Hopefully I'll figure out what the problem is soon.  Otherwise I might
> selectively disable DMA support on this hardware.

Found the problem.  Should be fixed with:

CVSROOT:/cvs
Module name:src
Changes by: kette...@cvs.openbsd.org2016/05/01 11:13:55

Modified files:
sys/dev/sdmmc  : sdhc.c 

Log message:
Always write block count.  This fixes the DMA issues on Bay Trail.

Re: midiplay: Fix out-of-bounds memory access

[Michael McConville]

Vadim Zhukov wrote:
> 2016-04-30 7:38 GMT+03:00 Jonathan Gray :
> > On Wed, Apr 27, 2016 at 07:49:50PM -0700, Geoff Hill wrote:
> >> Fix possible reads past the end of the buffer.
> >>
> >> Found by random fuzz testing (zzuf). Without the fix the fuzzer crashes
> >> in several seconds; with the patch, the fuzzer runs clean for hours.
> >
> > Any reason to not replace the somewhat arbitary earlier test
> > for this?
> >
> > Index: midiplay.c
> > ===
> > RCS file: /cvs/src/usr.bin/midiplay/midiplay.c,v
> > retrieving revision 1.17
> > diff -u -p -U9 -r1.17 midiplay.c
> > --- midiplay.c  8 Feb 2015 23:40:34 -   1.17
> > +++ midiplay.c  30 Apr 2016 04:35:31 -
> > @@ -306,19 +306,19 @@ playdata(u_char *buf, u_int tot, char *n
> > tracks = calloc(ntrks, sizeof(struct track));
> > if (tracks == NULL)
> > err(1, "malloc() tracks failed");
> > for (t = 0; t < ntrks; ) {
> > if (p >= end - MARK_LEN - SIZE_LEN) {
> > warnx("Cannot find track %d", t);
> > goto ret;
> > }
> > len = GET32(p + MARK_LEN);
> > -   if (len > 100) { /* a safe guard */
> > +   if (p + MARK_LEN + SIZE_LEN + len > end) {
> 
> It's better to avoid "+" in checks to avoid overflow, no?

Yeah, I'm pretty sure the above overflow check is undefined.

print sdmmc features

[Mark Kettenis]

To helpdebugging sdmmc problems, it would be useful if we printed a
bit more information about the controller.  The diff below does this,
and this is whatitlooks like on the APU2.

sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
sdhc0: 63 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma

This tells me immediately why the transfer speeds on the APU2 are
somewhat sub-optimal.  The base clock rate means that maximum bus
clock that can be used to access the SD card is 31.5 MHz instead of 50
MHz, reducing the throughput to about 60% of the theoretical maximum.

ok?


Index: sdhc.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdhc.c,v
retrieving revision 1.48
diff -u -p -r1.48 sdhc.c
--- sdhc.c  1 May 2016 18:29:44 -   1.48
+++ sdhc.c  1 May 2016 19:23:49 -
@@ -209,6 +209,8 @@ sdhc_host_found(struct sdhc_softc *sc, b
goto err;
}
 
+   printf("%s: %d MHz base clock\n", DEVNAME(sc), hp->clkbase / 1000);
+
/*
 * XXX Set the data timeout counter value according to
 * capabilities. (2.2.15)
Index: sdmmc.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdmmc.c,v
retrieving revision 1.41
diff -u -p -r1.41 sdmmc.c
--- sdmmc.c 1 May 2016 16:04:39 -   1.41
+++ sdmmc.c 1 May 2016 19:23:49 -
@@ -98,6 +98,18 @@ sdmmc_attach(struct device *parent, stru
struct sdmmcbus_attach_args *saa = aux;
int error;
 
+   if (ISSET(saa->caps, SMC_CAPS_8BIT_MODE))
+   printf(": 8-bit");
+   else if (ISSET(saa->caps, SMC_CAPS_4BIT_MODE))
+   printf(": 4-bit");
+   else
+   printf(": 1-bit");
+   if (ISSET(saa->caps, SMC_CAPS_SD_HIGHSPEED))
+   printf(", sd high-speed");
+   if (ISSET(saa->caps, SMC_CAPS_MMC_HIGHSPEED))
+   printf(", mmc high-speed");
+   if (ISSET(saa->caps, SMC_CAPS_DMA))
+   printf(", dma");
printf("\n");
 
sc->sct = saa->sct;
@@ -425,11 +437,6 @@ sdmmc_enable(struct sdmmc_softc *sc)
if (ISSET(sc->sc_flags, SMF_MEM_MODE) &&
(error = sdmmc_mem_enable(sc)) != 0)
goto err;
-
-   /* XXX respect host and card capabilities */
-   if (ISSET(sc->sc_flags, SMF_SD_MODE))
-   (void)sdmmc_chip_bus_clock(sc->sct, sc->sch,
-   SDMMC_SDCLK_25MHZ);
 
  err:
if (error != 0)
Index: sdmmc_io.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdmmc_io.c,v
retrieving revision 1.23
diff -u -p -r1.23 sdmmc_io.c
--- sdmmc_io.c  23 Apr 2016 14:15:59 -  1.23
+++ sdmmc_io.c  1 May 2016 19:23:49 -
@@ -182,6 +182,12 @@ sdmmc_io_init(struct sdmmc_softc *sc, st
if (sdmmc_verbose)
sdmmc_print_cis(sf);
 
+   if (sf->number == 0) {
+   /* XXX respect host and card capabilities */
+   (void)sdmmc_chip_bus_clock(sc->sct, sc->sch,
+   SDMMC_SDCLK_25MHZ);
+   }
+
return 0;
 }
 
Index: sdmmc_mem.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdmmc_mem.c,v
retrieving revision 1.26
diff -u -p -r1.26 sdmmc_mem.c
--- sdmmc_mem.c 1 May 2016 18:29:44 -   1.26
+++ sdmmc_mem.c 1 May 2016 19:23:49 -
@@ -28,6 +28,10 @@
 #include 
 #include 
 
+typedef struct { uint32_t _bits[512/32]; } __packed __aligned(4) 
sdmmc_bitfield512_t;
+
+void   sdmmc_be512_to_bitfield512(sdmmc_bitfield512_t *);
+
 intsdmmc_decode_csd(struct sdmmc_softc *, sdmmc_response,
struct sdmmc_function *);
 intsdmmc_decode_cid(struct sdmmc_softc *, sdmmc_response,
@@ -269,7 +273,7 @@ sdmmc_decode_csd(struct sdmmc_softc *sc,
return 1;
break;
}
-
+   csd->ccc = SD_CSD_CCC(resp);
} else {
csd->csdver = MMC_CSD_CSDVER(resp);
if (csd->csdver == MMC_CSD_CSDVER_1_0 ||
@@ -364,9 +368,8 @@ sdmmc_mem_send_scr(struct sdmmc_softc *s
cmd.c_opcode = SD_APP_SEND_SCR;
 
error = sdmmc_app_command(sc, );
-   if (error == 0) {
+   if (error == 0)
memcpy(scr, ptr, datalen);
-   }
 
 out:
if (ptr != NULL)
@@ -475,6 +478,53 @@ sdmmc_set_bus_width(struct sdmmc_functio
 }
 
 int
+sdmmc_mem_sd_switch(struct sdmmc_function *sf, int mode, int group,
+int function, sdmmc_bitfield512_t *status)
+{
+   struct sdmmc_softc *sc = sf->sc;
+   struct sdmmc_command cmd;
+   void *ptr = NULL;
+   int gsft, error = 0;
+   const int statlen = 64;
+
+   if (sf->scr.sd_spec >= SCR_SD_SPEC_VER_1_10 &&
+   !ISSET(sf->csd.ccc, SD_CSD_CCC_SWITCH))
+   return EINVAL;
+
+   if (group <= 0 || group > 6 ||
+   function < 0 || function > 15)
+

armv7: remove unused match function

[Patrick Wildt]

Hi,

the armv7_match() function is unused as every platform implements its
own (e.g. imx_match(), exynos_match()).

Ok to remove?

Patrick

diff --git sys/arch/armv7/armv7/armv7.c sys/arch/armv7/armv7/armv7.c
index bf7735c..15cd592 100644
--- sys/arch/armv7/armv7/armv7.c
+++ sys/arch/armv7/armv7/armv7.c
@@ -90,12 +90,6 @@ armv7_find_dev(const char *name, int unit)
return (NULL);
 }
 
-int
-armv7_match(struct device *parent, void *cfdata, void *aux)
-{
-   return (1);
-}
-
 extern char *hw_prod;
 
 void
diff --git sys/arch/armv7/armv7/armv7var.h sys/arch/armv7/armv7/armv7var.h
index b75358f..faefe70 100644
--- sys/arch/armv7/armv7/armv7var.h
+++ sys/arch/armv7/armv7/armv7var.h
@@ -70,7 +70,6 @@ extern struct armv7_dev *armv7_devs;
 
 void   armv7_set_devs(struct armv7_dev *);
 struct armv7_dev *armv7_find_dev(const char *, int);
-intarmv7_match(struct device *, void *, void *);
 void   armv7_attach(struct device *, struct device *, void *);
 intarmv7_submatch(struct device *, void *, void *);
 

sdmmc scsi inquiry emulation

[Mark Kettenis]

Diff below provides a bit more meaningful information in the SCSI
INQUIRY emulation.  It decodes the JDEC manufacturer ID code and
provides the product string and revision number as read from the card.

For example:

scsibus1 at sdmmc2: 2 targets, initiator 0
sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct fixed
sd0: 3768MB, 512 bytes/sector, 7716864 sectors
scsibus2 at sdmmc0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
sd1: 29184MB, 512 bytes/sector, 59768832 sectors

where sd0 is an SD card and sd1 is the eMMC soldered onto the board of
the machine.

Note that the strncpy here is safe.  The strings in the scsi inquiry
page don't have to be nul-terminated.

ok?


Index: sdmmc_scsi.c
===
RCS file: /cvs/src/sys/dev/sdmmc/sdmmc_scsi.c,v
retrieving revision 1.35
diff -u -p -r1.35 sdmmc_scsi.c
--- sdmmc_scsi.c14 Mar 2015 03:38:49 -  1.35
+++ sdmmc_scsi.c1 May 2016 21:20:05 -
@@ -376,8 +376,12 @@ void
 sdmmc_inquiry(struct scsi_xfer *xs)
 {
struct scsi_link *link = xs->sc_link;
+   struct sdmmc_softc *sc = link->adapter_softc;
+   struct sdmmc_scsi_softc *scbus = sc->sc_scsibus;
+   struct sdmmc_scsi_target *tgt = >sc_tgt[link->target];
struct scsi_inquiry_data inq;
struct scsi_inquiry *cdb = (struct scsi_inquiry *)xs->cmd;
+   char revision[5];
 
 if (xs->cmdlen != sizeof(*cdb)) {
xs->error = XS_DRIVER_STUFFUP;
@@ -394,10 +398,29 @@ sdmmc_inquiry(struct scsi_xfer *xs)
inq.version = 2;
inq.response_format = 2;
inq.additional_length = 32;
-   strlcpy(inq.vendor, "SD/MMC ", sizeof(inq.vendor));
-   snprintf(inq.product, sizeof(inq.product),
-   "Drive #%02d", link->target);
-   strlcpy(inq.revision, "   ", sizeof(inq.revision));
+   switch (tgt->card->cid.mid) {
+   case 0x02:
+   strncpy(inq.vendor, "Sandisk", sizeof(inq.vendor));
+   break;
+   case 0x11:
+   strncpy(inq.vendor, "Toshiba", sizeof(inq.vendor));
+   break;
+   case 0x13:
+   strncpy(inq.vendor, "Micron", sizeof(inq.vendor));
+   break;
+   case 0x15:
+   strncpy(inq.vendor, "Samsung", sizeof(inq.vendor));
+   break;
+   case 0x70:
+   strncpy(inq.vendor, "Kingston", sizeof(inq.vendor));
+   break;
+   default:
+   strncpy(inq.vendor, "SD/MMC", sizeof(inq.vendor));
+   break;
+   }
+   strncpy(inq.product, tgt->card->cid.pnm, sizeof(inq.product));
+   snprintf(revision, sizeof(revision), "%04X", tgt->card->cid.rev);
+   strncpy(inq.revision, revision, sizeof(inq.revision));
 
bcopy(, xs->data, MIN(xs->datalen, sizeof(inq)));
 

Re: print sdmmc features

[Todd C. Miller]

Looks good.  OK millert@

 - todd

SRV lookups in ypldap

[Jonathan Matthew]

ypldap currently can't do SRV lookups to locate the directory servers for
a domain, which makes it slightly harder than it should be to connect it to
an AD domain.  The diff below lets you specify a directory service like this:

  directory "eait.uq.edu.au" srv {
...
  }

which will make ypldap do an SRV lookup every time it refreshes, then try
each of the resulting hostnames in order (according to priority and weighting)
until one works.


Index: ldapclient.c
===
RCS file: /cvs/src/usr.sbin/ypldap/ldapclient.c,v
retrieving revision 1.36
diff -u -p -u -p -r1.36 ldapclient.c
--- ldapclient.c10 Apr 2016 09:59:21 -  1.36
+++ ldapclient.c1 May 2016 23:47:33 -
@@ -54,7 +54,9 @@ int   client_search_idm(struct env *, stru
char **, char *, int, int, enum imsg_type);
 intclient_try_idm(struct env *, struct idm *);
 intclient_addr_init(struct idm *);
+intclient_srv_next(struct idm *);
 intclient_addr_free(struct idm *);
+intclient_srv_free(struct idm *);
 
 struct aldap   *client_aldap_open(struct ypldap_addr_list *);
 
@@ -122,6 +124,37 @@ client_addr_init(struct idm *idm)
 }
 
 int
+client_srv_next(struct idm *idm)
+{
+   struct ypldap_srv   *s, *sel;
+   int  bestprio, weight;
+
+   bestprio = 0x;
+   weight = 0;
+   sel = NULL;
+   TAILQ_FOREACH(s, >idm_srv, next) {
+   if (s->priority < bestprio) {
+   bestprio = s->priority;
+   weight = s->weight;
+   sel = s;
+   } else if (s->priority == bestprio) {
+   weight += s->weight;
+   if (arc4random_uniform(weight) < s->weight)
+   sel = s;
+   }
+   }
+
+   if (sel == NULL)
+   fatalx("couldn't pick a srv record to try next?");
+
+   client_addr_free(idm);
+
+   TAILQ_REMOVE(>idm_srv, sel, next);
+   strlcpy(idm->idm_srv_name, sel->hostname, sizeof(idm->idm_srv_name));
+   return (0);
+}
+
+int
 client_addr_free(struct idm *idm)
 {
 struct ypldap_addr *h;
@@ -131,7 +164,19 @@ client_addr_free(struct idm *idm)
TAILQ_REMOVE(>idm_addr, h, next);
free(h);
}
+   return (0);
+}
+
+int
+client_srv_free(struct idm *idm)
+{
+   struct ypldap_srv   *s;
 
+   while (!TAILQ_EMPTY(>idm_srv)) {
+   s = TAILQ_FIRST(>idm_srv);
+   TAILQ_REMOVE(>idm_srv, s, next);
+   free(s);
+   }
return (0);
 }
 
@@ -155,6 +200,7 @@ client_dispatch_dns(int fd, short events
u_int16_tdlen;
u_char  *data;
struct ypldap_addr  *h;
+   struct ypldap_srv   *s;
int  n, wait_cnt = 0;
struct idm  *idm;
int  shut = 0;
@@ -186,26 +232,29 @@ client_dispatch_dns(int fd, short events
if (n == 0)
break;
 
-   switch (imsg.hdr.type) {
-   case IMSG_HOST_DNS:
-   TAILQ_FOREACH(idm, >sc_idms, idm_entry)
-   if (idm->idm_id == imsg.hdr.peerid)
-   break;
-   if (idm == NULL) {
-   log_warnx("IMSG_HOST_DNS with invalid peerID");
-   break;
-   }
-   if (!TAILQ_EMPTY(>idm_addr)) {
-   log_warnx("IMSG_HOST_DNS but addrs set!");
+   TAILQ_FOREACH(idm, >sc_idms, idm_entry)
+   if (idm->idm_id == imsg.hdr.peerid)
break;
-   }
+   if (idm == NULL) {
+   log_warnx("dns message with invalid peerID");
+   imsg_free();
+   continue;
+   }
 
-   dlen = imsg.hdr.len - IMSG_HEADER_SIZE;
-   if (dlen == 0) {/* no data -> temp error */
-   idm->idm_state = STATE_DNS_TEMPFAIL;
-   break;
-   }
+   if (!TAILQ_EMPTY(>idm_addr)) {
+   log_warnx("got dns message, but we already have addrs");
+   break;
+   }
+
+   dlen = imsg.hdr.len - IMSG_HEADER_SIZE;
+   if (dlen == 0) {/* no data -> temp error */
+   idm->idm_state = STATE_DNS_TEMPFAIL;
+   imsg_free();
+   continue;
+   }
 
+   switch (imsg.hdr.type) {
+   case IMSG_HOST_DNS:
data = (u_char *)imsg.data;
while (dlen >= sizeof(struct 

Re: arm: new FDT-enabled mainbus

[Patrick Wildt]

Hi,

I updated the diff with the feedback received.  This basically adds
a tree-like topology by making mainbus FDT aware and implementing
a simplebus that can span the tree's roots into more branches.

Next steps (and diffs) are implementing an FDT platform for armv7,
similar to imx/omap/... and having the generic interrupt controller
and timer attach to a simplebus/fdt bus.

Comments?

Patrick

diff --git sys/arch/arm/conf/files.arm sys/arch/arm/conf/files.arm
index cb11960..c70f9ab 100644
--- sys/arch/arm/conf/files.arm
+++ sys/arch/arm/conf/files.arm
@@ -16,15 +16,24 @@ filearch/arm/arm/disassem.c ddb
 file   arch/arm/arm/fiq.c  fiq
 file   arch/arm/arm/fiq_subr.S fiq
 
+define fdt {}
+
 # mainbus files
-device mainbus {}
+device mainbus: fdt
 attach mainbus at root
 file   arch/arm/mainbus/mainbus.c  mainbus
 
+device simplebus: fdt
+attach simplebus at fdt
+file   arch/arm/simplebus/simplebus.c  simplebus
+
+# FDT support
+file   dev/ofw/fdt.c
+
 include "arch/arm/cortex/files.cortex"
 
 device cpu {}
-attach cpu at mainbus with cpu_mainbus
+attach cpu at fdt with cpu_mainbus
 file   arch/arm/mainbus/cpu_mainbus.c  cpu_mainbus
 
 
diff --git sys/arch/arm/cortex/cortex.c sys/arch/arm/cortex/cortex.c
index 913feb7..06a7823 100644
--- sys/arch/arm/cortex/cortex.c
+++ sys/arch/arm/cortex/cortex.c
@@ -97,7 +97,7 @@ struct cfdriver cortex_cd = {
 int
 cortexmatch(struct device *parent, void *cfdata, void *aux)
 {
-   struct mainbus_attach_args *ma = aux;
+   union mainbus_attach_args *ma = aux;
struct cfdata *cf = (struct cfdata *)cfdata;
int cputype = cpufunc_id();
 
diff --git sys/arch/arm/cortex/files.cortex sys/arch/arm/cortex/files.cortex
index c0f4359..052acfd 100644
--- sys/arch/arm/cortex/files.cortex
+++ sys/arch/arm/cortex/files.cortex
@@ -2,7 +2,7 @@
 
 # ARM core
 device cortex {}
-attach cortex at mainbus
+attach cortex at fdt
 file   arch/arm/cortex/cortex.ccortex
 
 device ampintc
diff --git sys/arch/arm/include/fdt.h sys/arch/arm/include/fdt.h
new file mode 100644
index 000..0eec567
--- /dev/null
+++ sys/arch/arm/include/fdt.h
@@ -0,0 +1,31 @@
+/* $OpenBSD$ */
+/*
+ * Copyright (c) 2016 Patrick Wildt 
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef __ARM_FDT_H__
+#define __ARM_FDT_H__
+
+#define _ARM32_BUS_DMA_PRIVATE
+#include 
+
+struct fdt_attach_args {
+   const char  *fa_name;
+   int  fa_node;
+   bus_space_tag_t  fa_iot;
+   bus_dma_tag_tfa_dmat;
+};
+
+#endif /* __ARM_FDT_H__ */
diff --git sys/arch/arm/mainbus/cpu_mainbus.c sys/arch/arm/mainbus/cpu_mainbus.c
index 63de209..88410bf 100644
--- sys/arch/arm/mainbus/cpu_mainbus.c
+++ sys/arch/arm/mainbus/cpu_mainbus.c
@@ -72,7 +72,7 @@ static void cpu_mainbus_attach (struct device *, struct 
device *, void *);
 static int
 cpu_mainbus_match(struct device *parent, void *vcf, void *aux)
 {
-   struct mainbus_attach_args *ma = aux;
+   union mainbus_attach_args *ma = aux;
struct cfdata *cf = (struct cfdata *)vcf;
 
return (strcmp(cf->cf_driver->cd_name, ma->ma_name) == 0);
diff --git sys/arch/arm/mainbus/mainbus.c sys/arch/arm/mainbus/mainbus.c
index 6ad3e8f..7f72161 100644
--- sys/arch/arm/mainbus/mainbus.c
+++ sys/arch/arm/mainbus/mainbus.c
@@ -1,45 +1,18 @@
-/* $OpenBSD: mainbus.c,v 1.7 2013/05/30 16:15:01 deraadt Exp $ */
-/* $NetBSD: mainbus.c,v 1.3 2001/06/13 17:52:43 nathanw Exp $ */
-
+/* $OpenBSD$ */
 /*
- * Copyright (c) 1994,1995 Mark Brinicombe.
- * Copyright (c) 1994 Brini.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *notice, this list of conditions and the following disclaimer in the
- *documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this 

Re: arm: new FDT-enabled mainbus

[Mark Kettenis]

> Date: Sun, 1 May 2016 13:27:29 +0200
> From: Patrick Wildt 
> 
> Hi,
> 
> I updated the diff with the feedback received.  This basically adds
> a tree-like topology by making mainbus FDT aware and implementing
> a simplebus that can span the tree's roots into more branches.
> 
> Next steps (and diffs) are implementing an FDT platform for armv7,
> similar to imx/omap/... and having the generic interrupt controller
> and timer attach to a simplebus/fdt bus.
> 
> Comments?

Looks good to me.  If jsg@ agrees, let's get this in and work on it
further in the tree.

> diff --git sys/arch/arm/conf/files.arm sys/arch/arm/conf/files.arm
> index cb11960..c70f9ab 100644
> --- sys/arch/arm/conf/files.arm
> +++ sys/arch/arm/conf/files.arm
> @@ -16,15 +16,24 @@ file  arch/arm/arm/disassem.c ddb
>  file arch/arm/arm/fiq.c  fiq
>  file arch/arm/arm/fiq_subr.S fiq
>  
> +define   fdt {}
> +
>  # mainbus files
> -device   mainbus {}
> +device   mainbus: fdt
>  attach   mainbus at root
>  file arch/arm/mainbus/mainbus.c  mainbus
>  
> +device   simplebus: fdt
> +attach   simplebus at fdt
> +file arch/arm/simplebus/simplebus.c  simplebus
> +
> +# FDT support
> +file dev/ofw/fdt.c
> +
>  include "arch/arm/cortex/files.cortex"
>  
>  device   cpu {}
> -attach   cpu at mainbus with cpu_mainbus
> +attach   cpu at fdt with cpu_mainbus
>  file arch/arm/mainbus/cpu_mainbus.c  cpu_mainbus
>  
>  
> diff --git sys/arch/arm/cortex/cortex.c sys/arch/arm/cortex/cortex.c
> index 913feb7..06a7823 100644
> --- sys/arch/arm/cortex/cortex.c
> +++ sys/arch/arm/cortex/cortex.c
> @@ -97,7 +97,7 @@ struct cfdriver cortex_cd = {
>  int
>  cortexmatch(struct device *parent, void *cfdata, void *aux)
>  {
> - struct mainbus_attach_args *ma = aux;
> + union mainbus_attach_args *ma = aux;
>   struct cfdata *cf = (struct cfdata *)cfdata;
>   int cputype = cpufunc_id();
>  
> diff --git sys/arch/arm/cortex/files.cortex sys/arch/arm/cortex/files.cortex
> index c0f4359..052acfd 100644
> --- sys/arch/arm/cortex/files.cortex
> +++ sys/arch/arm/cortex/files.cortex
> @@ -2,7 +2,7 @@
>  
>  # ARM core
>  device   cortex {}
> -attach   cortex at mainbus
> +attach   cortex at fdt
>  file arch/arm/cortex/cortex.ccortex
>  
>  device   ampintc
> diff --git sys/arch/arm/include/fdt.h sys/arch/arm/include/fdt.h
> new file mode 100644
> index 000..0eec567
> --- /dev/null
> +++ sys/arch/arm/include/fdt.h
> @@ -0,0 +1,31 @@
> +/* $OpenBSD$ */
> +/*
> + * Copyright (c) 2016 Patrick Wildt 
> + *
> + * Permission to use, copy, modify, and distribute this software for any
> + * purpose with or without fee is hereby granted, provided that the above
> + * copyright notice and this permission notice appear in all copies.
> + *
> + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
> + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
> + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
> + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
> + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
> + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> + */
> +
> +#ifndef __ARM_FDT_H__
> +#define __ARM_FDT_H__
> +
> +#define _ARM32_BUS_DMA_PRIVATE
> +#include 
> +
> +struct fdt_attach_args {
> + const char  *fa_name;
> + int  fa_node;
> + bus_space_tag_t  fa_iot;
> + bus_dma_tag_tfa_dmat;
> +};
> +
> +#endif /* __ARM_FDT_H__ */
> diff --git sys/arch/arm/mainbus/cpu_mainbus.c 
> sys/arch/arm/mainbus/cpu_mainbus.c
> index 63de209..88410bf 100644
> --- sys/arch/arm/mainbus/cpu_mainbus.c
> +++ sys/arch/arm/mainbus/cpu_mainbus.c
> @@ -72,7 +72,7 @@ static void cpu_mainbus_attach (struct device *, struct 
> device *, void *);
>  static int
>  cpu_mainbus_match(struct device *parent, void *vcf, void *aux)
>  {
> - struct mainbus_attach_args *ma = aux;
> + union mainbus_attach_args *ma = aux;
>   struct cfdata *cf = (struct cfdata *)vcf;
>  
>   return (strcmp(cf->cf_driver->cd_name, ma->ma_name) == 0);
> diff --git sys/arch/arm/mainbus/mainbus.c sys/arch/arm/mainbus/mainbus.c
> index 6ad3e8f..7f72161 100644
> --- sys/arch/arm/mainbus/mainbus.c
> +++ sys/arch/arm/mainbus/mainbus.c
> @@ -1,45 +1,18 @@
> -/*   $OpenBSD: mainbus.c,v 1.7 2013/05/30 16:15:01 deraadt Exp $ */
> -/* $NetBSD: mainbus.c,v 1.3 2001/06/13 17:52:43 nathanw Exp $ */
> -
> +/* $OpenBSD$ */
>  /*
> - * Copyright (c) 1994,1995 Mark Brinicombe.
> - * Copyright (c) 1994 Brini.
> - * All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that 

Document inet4/prefix in hostname.if(5)

[Gregor Best]

Hi,

/etc/hostname.if supports IPv4 addresses with a CIDR prefix length:

inet 10.0.0.1/16

which is not documented in hostname.if(5). The attached patch fixes
that. I'm not sure whether describing '/prefixlen' before 'netmask' is a
good idea, but it matches the order things have to be specified in and
'netmask' is the next paragraph after '/prefixlen'

-- 
Gregor

Index: hostname.if.5
===
RCS file: /mnt/media/cvs/src/share/man/man5/hostname.if.5,v
retrieving revision 1.64
diff -u -p -r1.64 hostname.if.5
--- hostname.if.5   6 Jun 2015 13:13:07 -   1.64
+++ hostname.if.5   1 May 2016 17:17:22 -
@@ -82,7 +82,9 @@ Regular IPv4 network setup:
 .Bd -ragged -offset indent
 .Li inet
 .Op Li alias
-.Va addr
+.Sm
+.Va addr Op / Va prefixlen
+.Sm
 .Va netmask
 .Va broadcast_addr
 .Va options
@@ -117,6 +119,7 @@ inet alias 10.0.1.13 255.255.255.255 10.
 inet alias 10.0.1.14 255.255.255.255 NONE
 inet alias 10.0.1.15 255.255.255.255
 inet alias 10.0.1.16 0x
+inet alias 10.0.1.17/29
 # This is an example comment line.
 inet6 alias fec0::1 64
 inet6 alias fec0::2 64 anycast
@@ -152,6 +155,12 @@ If no address is specified, the
 and
 .Va dest_addr
 options are invalid and will be ignored.
+.Sm
+.It / Va prefixlen
+.Sm
+The optional CIDR prefix length for the interface, e.g.,
+/29.
+If both a netmask and a prefix length are specified, the netmask is used.
 .It Va netmask
 The optional network mask for the interface, e.g.,
 255.255.255.0.

Re: arm: new FDT-enabled mainbus

[Patrick Wildt]

On Sun, May 01, 2016 at 05:32:53PM +0200, Vincent Gross wrote:
> On Sun, 1 May 2016 13:27:29 +0200
> Patrick Wildt  wrote:
> 
> > Hi,
> > 
> > I updated the diff with the feedback received.  This basically adds
> > a tree-like topology by making mainbus FDT aware and implementing
> > a simplebus that can span the tree's roots into more branches.
> > 
> > Next steps (and diffs) are implementing an FDT platform for armv7,
> > similar to imx/omap/... and having the generic interrupt controller
> > and timer attach to a simplebus/fdt bus.
> > 
> > Comments?
> 
> Legacy boot works fine on my novena laptop, fdt boot fails, I lack
> expertise but it seems that cortex0 and its children were skipped.

I was actually surprised to see that it booted as far as it did with
FDT.  The reason is that the platform's match function only checks for
the boardid (that is passed by u-boot) and attaches if the boardid
matches.  This means that the "legacy" busses still attach, even though
we're running with a device tree.

> 
> Thank you for pushing a better arm support :)

Thank you for testing. :)

> 
> Both output below :
> 
> ## Booting kernel from Legacy Image at 1030 ...
>Image Name:   boot
>Image Type:   ARM Linux Kernel Image (uncompressed)
>Data Size:4993156 Bytes = 4.8 MiB
>Load Address: 1030
>Entry Point:  1030
>Verifying Checksum ... OK
>Loading Kernel Image ... OK
> Using machid 0x10ad from environment
> 
> Starting kernel ...
> 
> 
> OpenBSD/imx booting ...
> arg0 0x0 arg1 0x10ad arg2 0x1100
> atag core flags 0 pagesize 0 rootdev 0
> atag cmdline [sd0i:/bsd.imx.umg]
> atag revision 00063012
> atag mem start 0x1000 size 0xf000
> bootfile: sd0i:/bsd.imx.umg
> bootargs: 
> memory size derived from u-boot
> bootconf.mem[0].address = 1000 pages 983040/0xf000
> Allocating page tables
> freestart = 0x107c4000, free_pages = 981051 (0x000ef83b)
> IRQ stack: p0x107f2000 v0xc07f2000
> ABT stack: p0x107f3000 v0xc07f3000
> UND stack: p0x107f4000 v0xc07f4000
> SVC stack: p0x107f5000 v0xc07f5000
> Creating L1 page table at 0x107c4000
> Mapping kernel
> Constructing L2 page tables
> undefined page pmap [ using 715008 bytes of bsd ELF symbol table ]
> board type: 4269
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights
> reserved. Copyright (c) 1995-2016 OpenBSD. All rights reserved.
> http://www.OpenBSD.org
> 
> OpenBSD 5.9-current (GENERIC) #31: Fri Apr 29 22:42:20 CET 2016
> 
> dermi...@russell.kilb.yt:/home/dermiste/OpenBSD/srcsys/arch/armv7/compile/GENERIC
> real mm  = 4026527744 (3839MB)
> avail mem = 3940864000 (3758MB)
> warning: no entropy supplied by boot lader
> mainbus0 at root: no device tree
> cortex0 at mainbus0
> ampintc0 at cortex0 nirq 160
> amptimer0 at cortex0: tick rate 396000 KHz
> armliicc0 at cortex0: rtl 7 waymask: 0x000f
> cpu0 at mainbus0: ARM Cortex A9 R2 rev 10 (ARMv7 core)
> cpu0: DC enabled IC enabled WB disabled EABT branch prediction enabled
> cpu0: 32KB(32b/l,4way) I-cache, 32KB(32b/l,4way) wr-back D-cache
> imx0 at mainbus0: Kosagi Novena
> imxccm0 at imx0: imx6 rev 1.2 CPU freq: 792 MHz
> imxiomuxc0 at imx0
> imxdog0 at imx0
> imxocotp0 at imx0
> imxuart0 at imx0 console
> imxgpio0 at imx0
> imxgpio1 at imx0
> imxgpio2 at imx0
> imxgpio3 at imx0
> imxgpio4 at imx0
> imxgpio5 at imx0
> imxgpio6 at imx0
> imxesdhc0 at imx0
> sdmmc0 at imxesdhc0
> imxesdhc1 at imx0
> sdmmc1 at imxesdhc1
> ehci0 at imx0
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "i.MX6 EHCI root hub" rev 2.00/1.00 addr 1
> imxenet0 at imx0
> imxenet0: address 00:1f:11:02:17:de
> ukphy0 at imxenet0 phy 7: Generic IEEE 802.3u media interface, rev. 1:
> OUI 0x000885, model 0x0021 ahci0 at imx0 AHCI 1.3
> ahci0: port 0: 3.0Gb/s
> scsibus0 at ahci0: 32 targets
> sd0 at scsibus0 targ 0 lun 0:  SCSI3
> 0/direct fixed naa.5002538da0003f36 sd0: 238475MB, 512 bytes/sector,
> 488397168 sectors, thin scsibus1 at sdmmc1: 2 targets, initiator 0
> sd1 at scsibus1 targ 1 lun 0:  SCSI2 0/direct fixed
> sd1: 7600MB, 512 bytes/sector, 15564800 sectors
> uhub1 at uhub0 port 1 "Genesys Logic USB2.0 Hub Charger" rev 2.00/1.97
> addr 2 axe0 at uhub1 port 2 configuration 1 interface 0 "ASIX
> Electronics AX88772B" rev 2.00/0.01 addr 3 axe0: AX88772B, address
> 00:0e:c6:87:72:01 ukphy1 at axe0 phy 16: Generic IEEE 802.3u media
> interface, rev. 1: OUI 0x000ec6, model 0x0008 ugen0 at uhub1 port 3
> "AsureWave product 0x3393" rev 1.10/0.01 addr 4 uhub2 at uhub1 port 4
> "Genesys Logic USB2.0 Hub Charger" rev 2.00/1.97 addr 5 vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> boot device: sd0
> root on sd0a (46b8d5734c644ff3.a) swap on sd0b dump on sd0b
> 
> 
> 
> 
> ## Booting kernel from Legacy Image at 1030 ...
>Image Name:   boot
>Image Type:   ARM Linux Kernel Image (uncompressed)
>Data Size:

Re: arm: new FDT-enabled mainbus

[Vincent Gross]

On Sun, 1 May 2016 13:27:29 +0200
Patrick Wildt  wrote:

> Hi,
> 
> I updated the diff with the feedback received.  This basically adds
> a tree-like topology by making mainbus FDT aware and implementing
> a simplebus that can span the tree's roots into more branches.
> 
> Next steps (and diffs) are implementing an FDT platform for armv7,
> similar to imx/omap/... and having the generic interrupt controller
> and timer attach to a simplebus/fdt bus.
> 
> Comments?

Legacy boot works fine on my novena laptop, fdt boot fails, I lack
expertise but it seems that cortex0 and its children were skipped.

Thank you for pushing a better arm support :)

Both output below :

## Booting kernel from Legacy Image at 1030 ...
   Image Name:   boot
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:4993156 Bytes = 4.8 MiB
   Load Address: 1030
   Entry Point:  1030
   Verifying Checksum ... OK
   Loading Kernel Image ... OK
Using machid 0x10ad from environment

Starting kernel ...


OpenBSD/imx booting ...
arg0 0x0 arg1 0x10ad arg2 0x1100
atag core flags 0 pagesize 0 rootdev 0
atag cmdline [sd0i:/bsd.imx.umg]
atag revision 00063012
atag mem start 0x1000 size 0xf000
bootfile: sd0i:/bsd.imx.umg
bootargs: 
memory size derived from u-boot
bootconf.mem[0].address = 1000 pages 983040/0xf000
Allocating page tables
freestart = 0x107c4000, free_pages = 981051 (0x000ef83b)
IRQ stack: p0x107f2000 v0xc07f2000
ABT stack: p0x107f3000 v0xc07f3000
UND stack: p0x107f4000 v0xc07f4000
SVC stack: p0x107f5000 v0xc07f5000
Creating L1 page table at 0x107c4000
Mapping kernel
Constructing L2 page tables
undefined page pmap [ using 715008 bytes of bsd ELF symbol table ]
board type: 4269
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights
reserved. Copyright (c) 1995-2016 OpenBSD. All rights reserved.
http://www.OpenBSD.org

OpenBSD 5.9-current (GENERIC) #31: Fri Apr 29 22:42:20 CET 2016

dermi...@russell.kilb.yt:/home/dermiste/OpenBSD/srcsys/arch/armv7/compile/GENERIC
real mm  = 4026527744 (3839MB)
avail mem = 3940864000 (3758MB)
warning: no entropy supplied by boot lader
mainbus0 at root: no device tree
cortex0 at mainbus0
ampintc0 at cortex0 nirq 160
amptimer0 at cortex0: tick rate 396000 KHz
armliicc0 at cortex0: rtl 7 waymask: 0x000f
cpu0 at mainbus0: ARM Cortex A9 R2 rev 10 (ARMv7 core)
cpu0: DC enabled IC enabled WB disabled EABT branch prediction enabled
cpu0: 32KB(32b/l,4way) I-cache, 32KB(32b/l,4way) wr-back D-cache
imx0 at mainbus0: Kosagi Novena
imxccm0 at imx0: imx6 rev 1.2 CPU freq: 792 MHz
imxiomuxc0 at imx0
imxdog0 at imx0
imxocotp0 at imx0
imxuart0 at imx0 console
imxgpio0 at imx0
imxgpio1 at imx0
imxgpio2 at imx0
imxgpio3 at imx0
imxgpio4 at imx0
imxgpio5 at imx0
imxgpio6 at imx0
imxesdhc0 at imx0
sdmmc0 at imxesdhc0
imxesdhc1 at imx0
sdmmc1 at imxesdhc1
ehci0 at imx0
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "i.MX6 EHCI root hub" rev 2.00/1.00 addr 1
imxenet0 at imx0
imxenet0: address 00:1f:11:02:17:de
ukphy0 at imxenet0 phy 7: Generic IEEE 802.3u media interface, rev. 1:
OUI 0x000885, model 0x0021 ahci0 at imx0 AHCI 1.3
ahci0: port 0: 3.0Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3
0/direct fixed naa.5002538da0003f36 sd0: 238475MB, 512 bytes/sector,
488397168 sectors, thin scsibus1 at sdmmc1: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0:  SCSI2 0/direct fixed
sd1: 7600MB, 512 bytes/sector, 15564800 sectors
uhub1 at uhub0 port 1 "Genesys Logic USB2.0 Hub Charger" rev 2.00/1.97
addr 2 axe0 at uhub1 port 2 configuration 1 interface 0 "ASIX
Electronics AX88772B" rev 2.00/0.01 addr 3 axe0: AX88772B, address
00:0e:c6:87:72:01 ukphy1 at axe0 phy 16: Generic IEEE 802.3u media
interface, rev. 1: OUI 0x000ec6, model 0x0008 ugen0 at uhub1 port 3
"AsureWave product 0x3393" rev 1.10/0.01 addr 4 uhub2 at uhub1 port 4
"Genesys Logic USB2.0 Hub Charger" rev 2.00/1.97 addr 5 vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
boot device: sd0
root on sd0a (46b8d5734c644ff3.a) swap on sd0b dump on sd0b




## Booting kernel from Legacy Image at 1030 ...
   Image Name:   boot
   Image Type:   ARM Linux Kernel Image (uncompressed)
   Data Size:4993156 Bytes = 4.8 MiB
   Load Address: 1030
   Entry Point:  1030
   Verifying Checksum ... OK
## Flattened Device Tree blob at 1010
   Booting using the fdt blob at 0x1010
   Loading Kernel Image ... OK
   reserving fdt memory region: addr=1010 size=b000
   Using Device Tree in place at 1010, end 1010dfff
Using machid 0x10ad from environment

Starting kernel ...


OpenBSD/imx booting ...
arg0 0x0 arg1 0x10ad arg2 0x1010
Allocating page tables
freestart = 0x107c4000, free_pages = 981051 (0x000ef83b)
IRQ stack: p0x107f2000 v0xc07f2000
ABT stack: p0x107f3000 v0xc07f3000
UND stack: p0x107f4000 v0xc07f4000
SVC stack: p0x107f5000 

Re: sdmmc bus width support

[Mark Kettenis]

> Date: Sun, 1 May 2016 22:45:44 +1000
> From: Jonathan Gray 
> 
> On Sun, May 01, 2016 at 01:50:59PM +0200, Mark Kettenis wrote:
> > > Date: Sun, 1 May 2016 13:40:31 +1000
> > > From: Jonathan Gray 
> > > 
> > > On Sat, Apr 30, 2016 at 09:50:15PM +0200, Mark Kettenis wrote:
> > > > The diff below adds support for changing the bus width to the sdmmc
> > > > subsystem and the sdhc(4) controller.  By default controllers and card
> > > > use a 1-bit bus.  But most SD cards actually have support fora 4-bit
> > > > bus.  This can be checked by looking atthe SCR register.  In theory
> > > > using the 4-bit bus quadruples the data rate to and from the card.
> > > > 
> > > > With this diff the raw disk transferrate of the sdhc(4) controller in
> > > > te PC-Engines APU2 goes up from 1.5 MB/s to 5.5 MB/s.
> > > > 
> > > > ok?
> > > 
> > > diff below for imx/omap.
> > > 
> > > imx sdhc fails with 
> > > 
> > > sdmmc0: SD_SEND_SCR send failed
> > > sdmmc0: mem init failed
> > > scsibus2 at sdmmc0: 2 targets, initiator 0
> > > sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
> > > sd1: 7655MB, 512 bytes/sector, 15677440 sectors
> > > 
> > > but it is known to have errors sending block io commands
> > > so perhaps that isn't so surprising.
> > 
> > What type of card are you using?
> > 
> > In any case, the SD_SEND_SCR command does rely on block io, so if that
> > doesn't work reliably, then it isn't too surprising that things fail.
> 
> imxesdhc is known to not work, I tried to figure out it at one
> point but never got anywhere.  I don't think it ever really worked
> for patrick either.
> 
> > 
> > The omap code looks wrong.  As far as I can see there is a DTW bit
> > there as well to switch between 1-bit and 4-bit mode.
> 
> Ah yes, updated diff:

I've committed my diff.  This looks ok as well, but it won't be used
until you also set the SMC_CAPS_4BIT_MODE capability when attaching
sdmmc.

> Index: ommmc.c
> ===
> RCS file: /cvs/src/sys/arch/armv7/omap/ommmc.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 ommmc.c
> --- ommmc.c   10 Jan 2016 14:11:43 -  1.15
> +++ ommmc.c   1 May 2016 12:40:52 -
> @@ -229,6 +229,7 @@ int   ommmc_host_maxblklen(sdmmc_chipset_h
>  int  ommmc_card_detect(sdmmc_chipset_handle_t);
>  int  ommmc_bus_power(sdmmc_chipset_handle_t, uint32_t);
>  int  ommmc_bus_clock(sdmmc_chipset_handle_t, int);
> +int  ommmc_bus_width(sdmmc_chipset_handle_t, int);
>  void ommmc_card_intr_mask(sdmmc_chipset_handle_t, int);
>  void ommmc_card_intr_ack(sdmmc_chipset_handle_t);
>  void ommmc_exec_command(sdmmc_chipset_handle_t, struct sdmmc_command *);
> @@ -260,6 +261,7 @@ struct sdmmc_chip_functions ommmc_functi
>   /* bus power and clock frequency */
>   ommmc_bus_power,
>   ommmc_bus_clock,
> + ommmc_bus_width,
>   /* command execution */
>   ommmc_exec_command,
>   /* card interrupt */
> @@ -693,6 +695,32 @@ ommmc_bus_clock(sdmmc_chipset_handle_t s
>  ret:
>   splx(s);
>   return (error);
> +}
> +
> +int
> +ommmc_bus_width(sdmmc_chipset_handle_t sch, int width)
> +{
> + struct ommmc_softc *sc = sch;
> + int s;
> +
> + if (width != 1 && width != 4 && width != 8)
> + return (1);
> +
> + s = splsdmmc();
> +
> + if (width == 8)
> + HSET4(sc, MMCHS_CON, MMCHS_CON_DW8);
> + else
> + HCLR4(sc, MMCHS_CON, MMCHS_CON_DW8);
> +
> + if (width == 4)
> + HSET4(sc, MMCHS_HCTL, MMCHS_HCTL_DTW);
> + else if (width == 1)
> + HCLR4(sc, MMCHS_HCTL, MMCHS_HCTL_DTW);
> +
> + splx(s);
> +
> + return (0);
>  }
>  
>  void
> 

Re: sdmmc bus width support

[Mark Kettenis]

> Date: Sun, 1 May 2016 13:40:31 +1000
> From: Jonathan Gray 
> 
> On Sat, Apr 30, 2016 at 09:50:15PM +0200, Mark Kettenis wrote:
> > The diff below adds support for changing the bus width to the sdmmc
> > subsystem and the sdhc(4) controller.  By default controllers and card
> > use a 1-bit bus.  But most SD cards actually have support fora 4-bit
> > bus.  This can be checked by looking atthe SCR register.  In theory
> > using the 4-bit bus quadruples the data rate to and from the card.
> > 
> > With this diff the raw disk transferrate of the sdhc(4) controller in
> > te PC-Engines APU2 goes up from 1.5 MB/s to 5.5 MB/s.
> > 
> > ok?
> 
> diff below for imx/omap.
> 
> imx sdhc fails with 
> 
> sdmmc0: SD_SEND_SCR send failed
> sdmmc0: mem init failed
> scsibus2 at sdmmc0: 2 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
> sd1: 7655MB, 512 bytes/sector, 15677440 sectors
> 
> but it is known to have errors sending block io commands
> so perhaps that isn't so surprising.

What type of card are you using?

In any case, the SD_SEND_SCR command does rely on block io, so if that
doesn't work reliably, then it isn't too surprising that things fail.

The omap code looks wrong.  As far as I can see there is a DTW bit
there as well to switch between 1-bit and 4-bit mode.

> Index: imx/imxesdhc.c
> ===
> RCS file: /cvs/src/sys/arch/armv7/imx/imxesdhc.c,v
> retrieving revision 1.13
> diff -u -p -r1.13 imxesdhc.c
> --- imx/imxesdhc.c10 Jan 2016 14:11:43 -  1.13
> +++ imx/imxesdhc.c1 May 2016 03:23:06 -
> @@ -124,6 +124,9 @@
>  #define SDHC_MIX_CTRL_AC12EN (1 << 2)
>  #define SDHC_MIX_CTRL_DTDSEL (1 << 4)
>  #define SDHC_MIX_CTRL_MSBSEL (1 << 5)
> +#define SDHC_PROT_CTRL_DTW_MASK  (0x3 << 1)
> +#define SDHC_PROT_CTRL_DTW_4BIT  (1 << 1)
> +#define SDHC_PROT_CTRL_DTW_8BIT  (1 << 2)
>  #define SDHC_PROT_CTRL_DMASEL_SDMA_MASK  (0x3 << 8)
>  #define SDHC_HOST_CTRL_CAP_MBL_SHIFT 16
>  #define SDHC_HOST_CTRL_CAP_MBL_MASK  0x7
> @@ -196,6 +199,7 @@ int   imxesdhc_host_maxblklen(sdmmc_chipse
>  int  imxesdhc_card_detect(sdmmc_chipset_handle_t);
>  int  imxesdhc_bus_power(sdmmc_chipset_handle_t, uint32_t);
>  int  imxesdhc_bus_clock(sdmmc_chipset_handle_t, int);
> +int  imxesdhc_bus_width(sdmmc_chipset_handle_t, int);
>  void imxesdhc_card_intr_mask(sdmmc_chipset_handle_t, int);
>  void imxesdhc_card_intr_ack(sdmmc_chipset_handle_t);
>  void imxesdhc_exec_command(sdmmc_chipset_handle_t, struct sdmmc_command *);
> @@ -226,6 +230,7 @@ struct sdmmc_chip_functions imxesdhc_fun
>   /* bus power and clock frequency */
>   imxesdhc_bus_power,
>   imxesdhc_bus_clock,
> + imxesdhc_bus_width,
>   /* command execution */
>   imxesdhc_exec_command,
>   /* card interrupt */
> @@ -598,6 +603,30 @@ imxesdhc_bus_clock(sdmmc_chipset_handle_
>  ret:
>   splx(s);
>   return error;
> +}
> +
> +int
> +imxesdhc_bus_width(sdmmc_chipset_handle_t sch, int width)
> +{
> + struct imxesdhc_softc *sc = sch;
> + uint32_t reg;
> + int s;
> +
> + if (width != 1 && width != 4 && width != 8)
> + return (1);
> +
> + s = splsdmmc();
> +
> + reg = HREAD4(sc, SDHC_PROT_CTRL) & ~SDHC_PROT_CTRL_DTW_MASK;
> + if (width == 4)
> + reg |= SDHC_PROT_CTRL_DTW_4BIT;
> + else if (width == 8)
> + reg |= SDHC_PROT_CTRL_DTW_8BIT;
> + HWRITE4(sc, SDHC_PROT_CTRL, reg);
> +
> + splx(s);
> +
> + return (0);
>  }
>  
>  void
> Index: omap/ommmc.c
> ===
> RCS file: /cvs/src/sys/arch/armv7/omap/ommmc.c,v
> retrieving revision 1.15
> diff -u -p -r1.15 ommmc.c
> --- omap/ommmc.c  10 Jan 2016 14:11:43 -  1.15
> +++ omap/ommmc.c  1 May 2016 03:23:07 -
> @@ -229,6 +229,7 @@ int   ommmc_host_maxblklen(sdmmc_chipset_h
>  int  ommmc_card_detect(sdmmc_chipset_handle_t);
>  int  ommmc_bus_power(sdmmc_chipset_handle_t, uint32_t);
>  int  ommmc_bus_clock(sdmmc_chipset_handle_t, int);
> +int  ommmc_bus_width(sdmmc_chipset_handle_t, int);
>  void ommmc_card_intr_mask(sdmmc_chipset_handle_t, int);
>  void ommmc_card_intr_ack(sdmmc_chipset_handle_t);
>  void ommmc_exec_command(sdmmc_chipset_handle_t, struct sdmmc_command *);
> @@ -260,6 +261,7 @@ struct sdmmc_chip_functions ommmc_functi
>   /* bus power and clock frequency */
>   ommmc_bus_power,
>   ommmc_bus_clock,
> + ommmc_bus_width,
>   /* command execution */
>   ommmc_exec_command,
>   /* card interrupt */
> @@ -693,6 +695,29 @@ ommmc_bus_clock(sdmmc_chipset_handle_t s
>  ret:
>   splx(s);
>   return (error);
> +}
> +
> +int
> +ommmc_bus_width(sdmmc_chipset_handle_t sch, int width)
> +{
> + struct ommmc_softc *sc = sch;
> + int s;
> +
> + 

Re: midiplay: Fix out-of-bounds memory access

[Vadim Zhukov]

2016-04-30 7:38 GMT+03:00 Jonathan Gray :
> On Wed, Apr 27, 2016 at 07:49:50PM -0700, Geoff Hill wrote:
>> Fix possible reads past the end of the buffer.
>>
>> Found by random fuzz testing (zzuf). Without the fix the fuzzer crashes
>> in several seconds; with the patch, the fuzzer runs clean for hours.
>
> Any reason to not replace the somewhat arbitary earlier test
> for this?
>
> Index: midiplay.c
> ===
> RCS file: /cvs/src/usr.bin/midiplay/midiplay.c,v
> retrieving revision 1.17
> diff -u -p -U9 -r1.17 midiplay.c
> --- midiplay.c  8 Feb 2015 23:40:34 -   1.17
> +++ midiplay.c  30 Apr 2016 04:35:31 -
> @@ -306,19 +306,19 @@ playdata(u_char *buf, u_int tot, char *n
> tracks = calloc(ntrks, sizeof(struct track));
> if (tracks == NULL)
> err(1, "malloc() tracks failed");
> for (t = 0; t < ntrks; ) {
> if (p >= end - MARK_LEN - SIZE_LEN) {
> warnx("Cannot find track %d", t);
> goto ret;
> }
> len = GET32(p + MARK_LEN);
> -   if (len > 100) { /* a safe guard */
> +   if (p + MARK_LEN + SIZE_LEN + len > end) {

It's better to avoid "+" in checks to avoid overflow, no? Something like:

if (len >=  end - (p + MARK_LEN + SIZE_LEN)) {

> warnx("Crazy track length");
> goto ret;
> }
> if (memcmp(p, MARK_TRACK, MARK_LEN) == 0) {
> tracks[t].start = p + MARK_LEN + SIZE_LEN;
> tracks[t].end = tracks[t].start + len;
> tracks[t].curtime = getvar([t]);
> t++;
> }
>

--
  WBR,
  Vadim Zhukov

Re: sdmmc bus width support

[Jonathan Gray]

On Sun, May 01, 2016 at 01:50:59PM +0200, Mark Kettenis wrote:
> > Date: Sun, 1 May 2016 13:40:31 +1000
> > From: Jonathan Gray 
> > 
> > On Sat, Apr 30, 2016 at 09:50:15PM +0200, Mark Kettenis wrote:
> > > The diff below adds support for changing the bus width to the sdmmc
> > > subsystem and the sdhc(4) controller.  By default controllers and card
> > > use a 1-bit bus.  But most SD cards actually have support fora 4-bit
> > > bus.  This can be checked by looking atthe SCR register.  In theory
> > > using the 4-bit bus quadruples the data rate to and from the card.
> > > 
> > > With this diff the raw disk transferrate of the sdhc(4) controller in
> > > te PC-Engines APU2 goes up from 1.5 MB/s to 5.5 MB/s.
> > > 
> > > ok?
> > 
> > diff below for imx/omap.
> > 
> > imx sdhc fails with 
> > 
> > sdmmc0: SD_SEND_SCR send failed
> > sdmmc0: mem init failed
> > scsibus2 at sdmmc0: 2 targets, initiator 0
> > sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
> > sd1: 7655MB, 512 bytes/sector, 15677440 sectors
> > 
> > but it is known to have errors sending block io commands
> > so perhaps that isn't so surprising.
> 
> What type of card are you using?
> 
> In any case, the SD_SEND_SCR command does rely on block io, so if that
> doesn't work reliably, then it isn't too surprising that things fail.

imxesdhc is known to not work, I tried to figure out it at one
point but never got anywhere.  I don't think it ever really worked
for patrick either.

> 
> The omap code looks wrong.  As far as I can see there is a DTW bit
> there as well to switch between 1-bit and 4-bit mode.

Ah yes, updated diff:

Index: ommmc.c
===
RCS file: /cvs/src/sys/arch/armv7/omap/ommmc.c,v
retrieving revision 1.15
diff -u -p -r1.15 ommmc.c
--- ommmc.c 10 Jan 2016 14:11:43 -  1.15
+++ ommmc.c 1 May 2016 12:40:52 -
@@ -229,6 +229,7 @@ int ommmc_host_maxblklen(sdmmc_chipset_h
 intommmc_card_detect(sdmmc_chipset_handle_t);
 intommmc_bus_power(sdmmc_chipset_handle_t, uint32_t);
 intommmc_bus_clock(sdmmc_chipset_handle_t, int);
+intommmc_bus_width(sdmmc_chipset_handle_t, int);
 void   ommmc_card_intr_mask(sdmmc_chipset_handle_t, int);
 void   ommmc_card_intr_ack(sdmmc_chipset_handle_t);
 void   ommmc_exec_command(sdmmc_chipset_handle_t, struct sdmmc_command *);
@@ -260,6 +261,7 @@ struct sdmmc_chip_functions ommmc_functi
/* bus power and clock frequency */
ommmc_bus_power,
ommmc_bus_clock,
+   ommmc_bus_width,
/* command execution */
ommmc_exec_command,
/* card interrupt */
@@ -693,6 +695,32 @@ ommmc_bus_clock(sdmmc_chipset_handle_t s
 ret:
splx(s);
return (error);
+}
+
+int
+ommmc_bus_width(sdmmc_chipset_handle_t sch, int width)
+{
+   struct ommmc_softc *sc = sch;
+   int s;
+
+   if (width != 1 && width != 4 && width != 8)
+   return (1);
+
+   s = splsdmmc();
+
+   if (width == 8)
+   HSET4(sc, MMCHS_CON, MMCHS_CON_DW8);
+   else
+   HCLR4(sc, MMCHS_CON, MMCHS_CON_DW8);
+
+   if (width == 4)
+   HSET4(sc, MMCHS_HCTL, MMCHS_HCTL_DTW);
+   else if (width == 1)
+   HCLR4(sc, MMCHS_HCTL, MMCHS_HCTL_DTW);
+
+   splx(s);
+
+   return (0);
 }
 
 void

Re: sdmmc scsi inquiry emulation

[Jonathan Gray]

On Sun, May 01, 2016 at 11:21:18PM +0200, Mark Kettenis wrote:
> Diff below provides a bit more meaningful information in the SCSI
> INQUIRY emulation.  It decodes the JDEC manufacturer ID code and
> provides the product string and revision number as read from the card.
> 
> For example:
> 
> scsibus1 at sdmmc2: 2 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct fixed
> sd0: 3768MB, 512 bytes/sector, 7716864 sectors
> scsibus2 at sdmmc0: 2 targets, initiator 0
> sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
> sd1: 29184MB, 512 bytes/sector, 59768832 sectors
> 
> where sd0 is an SD card and sd1 is the eMMC soldered onto the board of
> the machine.
> 
> Note that the strncpy here is safe.  The strings in the scsi inquiry
> page don't have to be nul-terminated.
> 
> ok?

Sounds good to me though you don't seem to have mids for
any of the cards I have, only one of the emmc devices.

I wonder if it is worth skipping the product if it is
all '0'/' '

0x03SanDisk
0x1bSamsung
0x28Lexar (Micron)
0x45SanDisk

element 14 bbb rev C:
=> mmc info
Device: OMAP SD/MMC
Manufacturer ID: 70
OEM: 100
Name: MMC04
Tran Speed: 5200
Rd Block Len: 512
MMC version 4.5
High Capacity: Yes
Capacity: 3.6 GiB
Bus Width: 4-bit
Erase Group Size: 512 KiB
HC WP Group Size: 4 MiB
User Capacity: 3.6 GiB
Boot Capacity: 2 MiB ENH
RPMB Capacity: 128 KiB ENH

samsung 8GB uSD
=> mmc info
Device: FSL_SDHC
Manufacturer ID: 1b
OEM: 534d
Name: 0
Tran Speed: 5000
Rd Block Len: 512
SD version 3.0
High Capacity: Yes
Capacity: 7.5 GiB
Bus Width: 4-bit
Erase Group Size: 512 Bytes

lexar 16GB uSD
=> mmc info
Device: FSL_SDHC
Manufacturer ID: 28
OEM: 4245
Name:   
Tran Speed: 5000
Rd Block Len: 512
SD version 3.0
High Capacity: Yes
Capacity: 14.9 GiB
Bus Width: 4-bit
Erase Group Size: 512 Bytes

sandisk 4GB uSD
=> mmc info
Device: FSL_SDHC
Manufacturer ID: 3
OEM: 5344
Name: SU04G 
Tran Speed: 5000
Rd Block Len: 512
SD version 2.0
High Capacity: Yes
Capacity: 3.7 GiB
Bus Width: 4-bit
Erase Group Size: 512 Bytes

sandisk 4GB SD
unknown MID 0x3
sd1 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed
sd1: 3781MB, 512 bytes/sector, 7744512 sectors

100s emmc
sdhc0 at acpi0: SDHA addr 0x9091d000/0x1000 irq 44
sdhc0: 200 MHz base clock
sdmmc0 at sdhc0: 8-bit, sd high-speed, mmc high-speed, dma
sdhc1 at acpi0: SDHB addr 0x90901000/0x1000 irq 46
sdhc1: 100 MHz base clock
sdmmc1 at sdhc1: 4-bit, sd high-speed, mmc high-speed, dma
sdhc2 at acpi0: SDHD addr 0x90903000/0x1000 irq 47, gpio
sdhc2: 100 MHz base clock
sdmmc2 at sdhc2: 4-bit, sd high-speed, mmc high-speed, dma

...

scsibus1 at sdmmc0: 2 targets, initiator 0
unknown MID 0x45
sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct fixed
sd0: 29820MB, 512 bytes/sector, 61071360 sectors

Windows identifies this as "SanDisk DB4032"

> 
> 
> Index: sdmmc_scsi.c
> ===
> RCS file: /cvs/src/sys/dev/sdmmc/sdmmc_scsi.c,v
> retrieving revision 1.35
> diff -u -p -r1.35 sdmmc_scsi.c
> --- sdmmc_scsi.c  14 Mar 2015 03:38:49 -  1.35
> +++ sdmmc_scsi.c  1 May 2016 21:20:05 -
> @@ -376,8 +376,12 @@ void
>  sdmmc_inquiry(struct scsi_xfer *xs)
>  {
>   struct scsi_link *link = xs->sc_link;
> + struct sdmmc_softc *sc = link->adapter_softc;
> + struct sdmmc_scsi_softc *scbus = sc->sc_scsibus;
> + struct sdmmc_scsi_target *tgt = >sc_tgt[link->target];
>   struct scsi_inquiry_data inq;
>   struct scsi_inquiry *cdb = (struct scsi_inquiry *)xs->cmd;
> + char revision[5];
>  
>  if (xs->cmdlen != sizeof(*cdb)) {
>   xs->error = XS_DRIVER_STUFFUP;
> @@ -394,10 +398,29 @@ sdmmc_inquiry(struct scsi_xfer *xs)
>   inq.version = 2;
>   inq.response_format = 2;
>   inq.additional_length = 32;
> - strlcpy(inq.vendor, "SD/MMC ", sizeof(inq.vendor));
> - snprintf(inq.product, sizeof(inq.product),
> - "Drive #%02d", link->target);
> - strlcpy(inq.revision, "   ", sizeof(inq.revision));
> + switch (tgt->card->cid.mid) {
> + case 0x02:
> + strncpy(inq.vendor, "Sandisk", sizeof(inq.vendor));
> + break;
> + case 0x11:
> + strncpy(inq.vendor, "Toshiba", sizeof(inq.vendor));
> + break;
> + case 0x13:
> + strncpy(inq.vendor, "Micron", sizeof(inq.vendor));
> + break;
> + case 0x15:
> + strncpy(inq.vendor, "Samsung", sizeof(inq.vendor));
> + break;
> + case 0x70:
> + strncpy(inq.vendor, "Kingston", sizeof(inq.vendor));
> + break;
> + default:
> + strncpy(inq.vendor, "SD/MMC", sizeof(inq.vendor));
> + break;
> + }
> + strncpy(inq.product, tgt->card->cid.pnm, sizeof(inq.product));
> + snprintf(revision, sizeof(revision), "%04X", tgt->card->cid.rev);
> + strncpy(inq.revision, revision, sizeof(inq.revision));
>  
>