Re: Make sysctl_file more smp friendly
Vitaliy, As I told you directly last week, proposing changes in anticipation of future work requires some sort of plan about that future work. Without some sort of model for locking the access paths, it's impossible to judge whether the proposed change is useful or pointless. On Fri, 8 May 2015, Vitaliy Makkoveev wrote: sysctl_file() has 2 cases: KERN_FILE_BY_PID and KERN_FILE_BYUID. In these cases sysctl_file() can access file descriptor table from other processes. File descriptor table of caller process can be accessed by other threads too. The file instances from file descriptor table will be accessed too. So file descriptor table and the file instances within should be protected in these cases. The patch below adds protection to file instances only. Really, each foreign process should be locked here, not only file descriptor table, but not in this patch. Races between sysctl_file() and process destruction denied by kernel lock. You need to be a lot more specific about the sequence of events that you're concerned with. Protections against what? So while it's not clear what problem this diff is supposed to solve, it does make the *real* problem with this sysctl, lock of locking of the process, much more likely to be hit, thus making things worse instead of better. You need a lot more than handwaving to justify that. Philip Guenther
Re: [patch] Relayd crash
Apparently Google remove tabulations when I copy/paste the patch. Please download attachment to gets patch with tabulations. -- Bertrand PROVOST Index: http.h === RCS file: /cvs/src/usr.sbin/relayd/http.h,v retrieving revision 1.5 diff -u -p -r1.5 http.h --- http.h 14 Aug 2014 10:30:52 - 1.5 +++ http.h 12 May 2015 13:14:21 - @@ -180,6 +180,14 @@ struct http_mediatype { { NULL }\ } +/* Define state of current http relay */ +enum httpstate { + HTTP_STATE_READ_HEADER = 0, + HTTP_STATE_READ_CONTENT, + HTTP_STATE_READ_CHUNKS, + HTTP_STATE_READ_DATA, +}; + /* Used during runtime */ struct http_descriptor { struct kvhttp_pathquery; @@ -202,6 +210,8 @@ struct http_descriptor { /* A tree of headers and attached lists for repeated headers. */ struct kv *http_lastheader; struct kvtreehttp_headers; + + enum httpstate http_state; }; #endif /* _HTTP_H */ Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.193 diff -u -p -r1.193 relay.c --- relay.c 29 Apr 2015 08:41:24 - 1.193 +++ relay.c 12 May 2015 13:14:21 - @@ -683,7 +683,7 @@ relay_connected(int fd, short sig, void return; } con-se_out.toread = TOREAD_HTTP_HEADER; - outrd = relay_read_http; + outrd = relay_read_http_cb; break; case RELAY_PROTO_TCP: /* Use defaults */ @@ -734,7 +734,7 @@ relay_input(struct rsession *con) return; } con-se_in.toread = TOREAD_HTTP_HEADER; - inrd = relay_read_http; + inrd = relay_read_http_cb; break; case RELAY_PROTO_TCP: /* Use defaults */ Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.44 diff -u -p -r1.44 relay_http.c --- relay_http.c29 Apr 2015 08:41:24 - 1.44 +++ relay_http.c12 May 2015 13:14:21 - @@ -49,8 +49,9 @@ intrelay_lookup_url(struct ctl_relay_ int relay_lookup_query(struct ctl_relay_event *, struct kv *); int relay_lookup_cookie(struct ctl_relay_event *, const char *, struct kv *); -voidrelay_read_httpcontent(struct bufferevent *, void *); -voidrelay_read_httpchunks(struct bufferevent *, void *); +int relay_read_http(struct bufferevent *, void *); +int relay_read_httpcontent(struct bufferevent *, void *); +int relay_read_httpchunks(struct bufferevent *, void *); char *relay_expand_http(struct ctl_relay_event *, char *, char *, size_t); int relay_writeheader_kv(struct ctl_relay_event *, struct kv *); @@ -151,7 +152,53 @@ relay_httpdesc_free(struct http_descript kv_purge(desc-http_headers); } -void +void relay_read_http_cb(struct bufferevent *bev, void *arg) { + struct ctl_relay_event *cre = arg; + struct http_descriptor *desc = cre-desc; + struct rsession *con = cre-con; + struct evbuffer *src = EVBUFFER_INPUT(bev); + int rc = 0; + int stop = 0; + int try_splice = 0; + + do { + switch (desc-http_state) { + case HTTP_STATE_READ_HEADER: + rc = relay_read_http(bev, arg); + if (rc != -1 desc-http_state == HTTP_STATE_READ_HEADER) { + // The state does not change, so it can stop here + // this mean the http headers has not been fully parsed + // because there is not enough data available + stop = 1; + try_splice = 1; + } + break; + case HTTP_STATE_READ_CONTENT: + rc = relay_read_httpcontent(bev, arg); + if (rc != -1 desc-http_state == HTTP_STATE_READ_CONTENT) { + // The state does not change, so it can stop here + stop = 1; + try_splice = 0; + } + break; + case HTTP_STATE_READ_CHUNKS: + rc = relay_read_httpchunks(bev, arg); + try_splice = 0; + break; + case HTTP_STATE_READ_DATA: + relay_read(bev, arg); +
use device.h in midi(4)
This is to use device_lookup() instead of digging into midi_cd.cd_devs[] and maintaining a dying flag which is already present in the device structure. As a side-effect, this adds the missing refcounting that mididetach() was missing. The diff is a mostly mechanical change, except for the mididetach() part: Now, midiclose() will be called by vdevgone(), but it will be a no-op because the device is not DVF_ACTIVE anymore. Thus we have to wakeup userland and close the hardware there (likely no-op as well, as parent is already gone). tested with umidi(4) devices. OK? Index: midi.c === RCS file: /cvs/src/sys/dev/midi.c,v retrieving revision 1.38 diff -u -p -u -p -r1.38 midi.c --- midi.c 12 May 2015 18:39:30 - 1.38 +++ midi.c 12 May 2015 20:21:52 - @@ -84,7 +84,8 @@ midi_iintr(void *addr, int data) struct midi_softc *sc = (struct midi_softc *)addr; struct midi_buffer *mb = sc-inbuf; - if (sc-isdying || !(sc-flags FREAD)) + MUTEX_ASSERT_LOCKED(audio_lock); + if (!(sc-dev.dv_flags DVF_ACTIVE) || !(sc-flags FREAD)) return; if (MIDIBUF_ISFULL(mb)) @@ -105,31 +106,35 @@ midi_iintr(void *addr, int data) int midiread(dev_t dev, struct uio *uio, int ioflag) { - struct midi_softc *sc = MIDI_DEV2SC(dev); + struct midi_softc *sc; struct midi_buffer *mb = sc-inbuf; size_t count; int error; - if (!(sc-flags FREAD)) + sc = (struct midi_softc *)device_lookup(midi_cd, minor(dev)); + if (sc == NULL) return ENXIO; + if (!(sc-flags FREAD)) { + error = ENXIO; + goto done; + } /* if there is no data then sleep (unless IO_NDELAY flag is set) */ - + error = 0; mtx_enter(audio_lock); while (MIDIBUF_ISEMPTY(mb)) { - if (sc-isdying) { - mtx_leave(audio_lock); - return EIO; - } if (ioflag IO_NDELAY) { mtx_leave(audio_lock); - return EWOULDBLOCK; + error = EWOULDBLOCK; + goto done; } sc-rchan = 1; error = msleep(sc-rchan, audio_lock, PWAIT | PCATCH, mid_rd, 0); + if (!(sc-dev.dv_flags DVF_ACTIVE)) + error = EIO; if (error) { mtx_leave(audio_lock); - return error; + goto done; } } @@ -144,33 +149,36 @@ midiread(dev_t dev, struct uio *uio, int mtx_leave(audio_lock); error = uiomove(mb-data + mb-start, count, uio); if (error) - return error; + goto done; mtx_enter(audio_lock); MIDIBUF_REMOVE(mb, count); } mtx_leave(audio_lock); - return 0; +done: + device_unref(sc-dev); + return error; } void midi_ointr(void *addr) { - struct midi_softc *sc = (struct midi_softc *)addr; + struct midi_softc *sc = (struct midi_softc *)addr; struct midi_buffer *mb; MUTEX_ASSERT_LOCKED(audio_lock); - if (!(sc-flags FWRITE) !sc-isdying) { - mb = sc-outbuf; - if (mb-used 0) { + if (!(sc-dev.dv_flags DVF_ACTIVE) || !(sc-flags FWRITE)) + return; + + mb = sc-outbuf; + if (mb-used 0) { #ifdef MIDI_DEBUG - if (!sc-isbusy) { - printf(midi_ointr: output must be busy\n); - } + if (!sc-isbusy) { + printf(midi_ointr: output must be busy\n); + } #endif - midi_out_do(sc); - } else if (sc-isbusy) - midi_out_stop(sc); - } + midi_out_do(sc); + } else if (sc-isbusy) + midi_out_stop(sc); } void @@ -231,25 +239,30 @@ midi_out_do(struct midi_softc *sc) int midiwrite(dev_t dev, struct uio *uio, int ioflag) { - struct midi_softc *sc = MIDI_DEV2SC(dev); + struct midi_softc *sc; struct midi_buffer *mb = sc-outbuf; size_t count; int error; - if (!(sc-flags FWRITE)) + sc = (struct midi_softc *)device_lookup(midi_cd, minor(dev)); + if (sc == NULL) return ENXIO; - if (sc-isdying) - return EIO; + if (!(sc-flags FWRITE)) { + error = ENXIO; + goto done; + } /* * If IO_NDELAY flag is set then check if there is enough room * in the buffer to store at least one byte. If not then dont * start the write process. */ + error = 0;
[patch] Relayd crash
Hi, I found a crash in relayd when using http relay. `bev` pointer is used after a free in `relay_http.c` lines: 438, 492 and 609 In `relay_http.c` there is 3 functions, used as read callback for libevent buffer: * `relay_read_http`: parse http headers * `relay_read_httpcontent`: parse simple http content * `relay_read_httpchunks`: parse http content sent using 'chunked' method When one of the three functions is finishing its work and data are sill available in the buffer , the function calls `bev-readcb(bev, arg);` to handle the remaining data. This last action is mandatory, because these remaining data would have been read from the socket and are in the the current bufferevent Libevent will not call the callback anymore, as a result the request will timeout. This breaks the callback designs and leads to bugy software. A crash occurs when the connection is closed. In this case, the context had freed inside the callback. The callback return no information as requested by libevent's design. Nevertheless the context is used just afer. For example: The function `relay_read_httpchunks` finish to read all chunk of data for the current request, but there is still data remaining, so it directly call `relay_read_http` to parse the next HTTP request, with the following code: if (EVBUFFER_LENGTH(src)) bev-readcb(bev, arg); The problem is that inside these 3 functions, if an error occure the functions `relay_close` or `relay_abort_http` are called, and then it free all data related to the current connection. Then after this line: bev-readcb(bev, arg); `bev` has been free, and the following line which is: bufferevent_enable(bev, EV_READ); cause a crash (SIGBUS/SIGSEGV), when trying to accesss to one of the field of `bev` Please review the following patch that do not manually call the callback. Moreover this implementation explicitly shows the state machine that was hidden inside the libevent context data. The new callback has 3 states just like there was 3 callbacks before. The callback calls the previous processing and check if more processing must be done before calling `bufferevent_enable` So the functions: * `relay_read_http` * `relay_read_httpcontent` * `relay_read_httpchunks` now returns: * -1 if datas had been free * 0 if all is OK, and it should try to parse remaining data * 1 if data is OK, and it should not try to parse remaining data Index: http.h === RCS file: /cvs/src/usr.sbin/relayd/http.h,v retrieving revision 1.5 diff -u -p -r1.5 http.h --- http.h 14 Aug 2014 10:30:52 - 1.5 +++ http.h 12 May 2015 13:14:21 - @@ -180,6 +180,14 @@ struct http_mediatype { { NULL } \ } +/* Define state of current http relay */ +enum httpstate { + HTTP_STATE_READ_HEADER = 0, + HTTP_STATE_READ_CONTENT, + HTTP_STATE_READ_CHUNKS, + HTTP_STATE_READ_DATA, +}; + /* Used during runtime */ struct http_descriptor { struct kv http_pathquery; @@ -202,6 +210,8 @@ struct http_descriptor { /* A tree of headers and attached lists for repeated headers. */ struct kv *http_lastheader; struct kvtree http_headers; + + enum httpstate http_state; }; #endif /* _HTTP_H */ Index: relay.c === RCS file: /cvs/src/usr.sbin/relayd/relay.c,v retrieving revision 1.193 diff -u -p -r1.193 relay.c --- relay.c 29 Apr 2015 08:41:24 - 1.193 +++ relay.c 12 May 2015 13:14:21 - @@ -683,7 +683,7 @@ relay_connected(int fd, short sig, void return; } con-se_out.toread = TOREAD_HTTP_HEADER; - outrd = relay_read_http; + outrd = relay_read_http_cb; break; case RELAY_PROTO_TCP: /* Use defaults */ @@ -734,7 +734,7 @@ relay_input(struct rsession *con) return; } con-se_in.toread = TOREAD_HTTP_HEADER; - inrd = relay_read_http; + inrd = relay_read_http_cb; break; case RELAY_PROTO_TCP: /* Use defaults */ Index: relay_http.c === RCS file: /cvs/src/usr.sbin/relayd/relay_http.c,v retrieving revision 1.44 diff -u -p -r1.44 relay_http.c --- relay_http.c 29 Apr 2015 08:41:24 - 1.44 +++ relay_http.c 12 May 2015 13:14:21 - @@ -49,8 +49,9 @@ int relay_lookup_url(struct ctl_relay_ int relay_lookup_query(struct ctl_relay_event *, struct kv *); int relay_lookup_cookie(struct ctl_relay_event *, const char *, struct kv *); -void relay_read_httpcontent(struct bufferevent *, void *); -void relay_read_httpchunks(struct bufferevent *, void *); +int relay_read_http(struct bufferevent *, void *); +int relay_read_httpcontent(struct bufferevent *, void *); +int relay_read_httpchunks(struct bufferevent *, void *); char *relay_expand_http(struct ctl_relay_event *, char *, char *, size_t); int relay_writeheader_kv(struct ctl_relay_event *, struct kv *); @@ -151,7 +152,53 @@ relay_httpdesc_free(struct http_descript kv_purge(desc-http_headers); } -void +void
Re: GSoC project: KMS driver for Cirrus Logic graphics
2015-05-11 4:59 GMT+02:00 Damien Miller d...@mindrot.org: Possibly dumb question: why the Cirrus CLGD 5446? It doesn't seem like a very common chipset. Is the goal of the project to have a model KMS driver and documentation that can serve as a guide? Or a KMS driver that works well in a common virtualisation environment? or something else? Not dumb at all, in fact you're right twice. Having a model KMS driver seems important to make easier the future addition of new KMS driver for other graphics chipset. In the same time, being able to testing it from a common virtualisation environment will allow developer to test it and possibly hack it to understand better how KMS works, regardless the hardware they have. In addition, that may allow more KMS-specific testing through QEMU if needed, for other parts of OpenBSD (from framebuffer console to Xenocara).
Re: UPD regression with
On May 11, 2015, at 9:02 PM, David Higgs hig...@gmail.com wrote: On May 11, 2015, at 8:21 PM, David Higgs hig...@gmail.com mailto:hig...@gmail.com wrote: On Mon, May 11, 2015 at 8:07 PM, Alexander Hall alexan...@beard.se mailto:alexan...@beard.sewrote: Upgrading to the latest snapshot, I noticed my upd sensors had been disturbingly crippled. uhidev0 at uhub4 port 1 configuration 1 interface 0 EATON Eaton 3S rev 2.00/1.00 addr 2 uhidev0: iclass 3/0, 32 report ids upd0 at uhidev0 Diff below is what happens from upd.c r1.13 to r1.14. -hw.sensors.upd0.indicator0=On (ACPresent), OK -hw.sensors.upd0.indicator1=On (Charging), OK -hw.sensors.upd0.indicator2=Off (Discharging), OK -hw.sensors.upd0.indicator3=Off (ShutdownImminent), OK -hw.sensors.upd0.percent0=100.00% (FullChargeCapacity), OK -hw.sensors.upd0.percent1=100.00% (RemainingCapacity), OK +hw.sensors.upd0.indicator0=Off (ShutdownImminent), OK +hw.sensors.upd0.indicator1=On (ACPresent), OK Is this an expected fallout? Can I provide more info to assist? Full dmesg (latest snap + vanilla current kernel w/ upd.c r1.13) follows. It seems your device doesn't have a BatteryPresent report, or it is somehow getting mangled. Can you run lsusb -v on your device and check if Battery Present is shown? If it is not, we'll have to make sensor dependencies less strict. I'll start thinking about how to do this. Alternatively, you could try the following diff, which flattens the sensor dependency tree when a parent sensor isn’t available. Below is a diff which has the correct number of parentheses and actually compiles. Sorry for the noise. --david --- a/upd.c +++ b/upd.c @@ -225,8 +225,12 @@ upd_attach_sensor_tree(struct upd_softc for (i = 0; i nentries; i++) { entry = entries + i; - if (!upd_lookup_usage_entry(desc, size, entry, item)) + if (!upd_lookup_usage_entry(desc, size, entry, item)) { + /* dependency missing, add children to parent */ + upd_attach_sensor_tree(sc, desc, size, + entry-nchildren, entry-children, queue); continue; + } DPRINTF((%s: found %s on repid=%d\n, DEVNAME(sc), entry-usage_name, item.report_ID));
Take vlan(4) out of ether_input()
Diff below convert vlan(4) to the new if_input() framework which means that vlan_input() will now be executed before ether_input(). Compared to trunk(4) multiple vlan(4)s can be attached to the same parent interface. When such thing happens only one input handler is added to keep the if_inputs handler list as small as possible. With this diff pseudo-drivers using the if_input() framework can now be stacked. That's why if_input_process() has been modified to deal with multiple ifp/lists of handlers. Reviewers might notice that this diff introduces a behavior change when a trunk is configured on top of a vlan. vlan_input() now runs before trunk_input() which means that the trunk interface now see packets with encapsulation removed. I know that various configurations involving vlans are currently broken. This diff won't fix them but it should not introduce newer problem, so please test and report back. Comments and oks are also welcome. Index: net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.330 diff -u -p -r1.330 if.c --- net/if.c23 Apr 2015 09:45:24 - 1.330 +++ net/if.c11 May 2015 13:15:01 - @@ -497,10 +497,19 @@ if_input_process(void *xmq) if ((++mit 0x1f) == 0) yield(); +again: + /* +* Pass this mbuf to all input handlers of its +* interface until it is consumed. +*/ ifp = m-m_pkthdr.rcvif; SLIST_FOREACH(ifih, ifp-if_inputs, ifih_next) { if ((*ifih-ifih_input)(m, NULL)) break; + + /* Pseudo-drivers might be stacked. */ + if (ifp != m-m_pkthdr.rcvif) + goto again; } } splx(s); Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.196 diff -u -p -r1.196 if_ethersubr.c --- net/if_ethersubr.c 11 May 2015 08:41:43 - 1.196 +++ net/if_ethersubr.c 11 May 2015 08:58:48 - @@ -456,7 +456,7 @@ bad: int ether_input(struct mbuf *m, void *hdr) { - struct ifnet *ifp0, *ifp; + struct ifnet *ifp; struct ether_header *eh = hdr; struct niqueue *inq; u_int16_t etype; @@ -469,7 +469,7 @@ ether_input(struct mbuf *m, void *hdr) /* mark incoming routing table */ - ifp = ifp0 = m-m_pkthdr.rcvif; + ifp = m-m_pkthdr.rcvif; m-m_pkthdr.ph_rtableid = ifp-if_rdomain; if (eh == NULL) { @@ -511,12 +511,6 @@ ether_input(struct mbuf *m, void *hdr) atomic_setbits_int(netisr, (1 NETISR_RND_DONE)); } -#if NVLAN 0 - if (((m-m_flags M_VLANTAG) || etype == ETHERTYPE_VLAN || - etype == ETHERTYPE_QINQ) (vlan_input(eh, m) == 0)) - return (1); -#endif - #if NBRIDGE 0 /* * Tap the packet off here for a bridge, if configured and @@ -565,7 +559,7 @@ ether_input(struct mbuf *m, void *hdr) * is for us. Drop otherwise. */ if ((m-m_flags (M_BCAST|M_MCAST)) == 0 - ((ifp-if_flags IFF_PROMISC) || (ifp0-if_flags IFF_PROMISC))) { + (ifp-if_flags IFF_PROMISC)) { if (memcmp(ac-ac_enaddr, eh-ether_dhost, ETHER_ADDR_LEN)) { m_freem(m); return (1); Index: net/if_var.h === RCS file: /cvs/src/sys/net/if_var.h,v retrieving revision 1.25 diff -u -p -r1.25 if_var.h --- net/if_var.h23 Apr 2015 09:45:24 - 1.25 +++ net/if_var.h11 May 2015 09:10:48 - @@ -115,6 +115,7 @@ struct ifqueue { struct ifih { SLIST_ENTRY(ifih) ifih_next; int (*ifih_input)(struct mbuf *, void *); + int ifih_refcnt; }; /* Index: net/if_vlan.c === RCS file: /cvs/src/sys/net/if_vlan.c,v retrieving revision 1.118 diff -u -p -r1.118 if_vlan.c --- net/if_vlan.c 22 Apr 2015 06:42:11 - 1.118 +++ net/if_vlan.c 11 May 2015 13:57:02 - @@ -79,6 +79,8 @@ u_long vlan_tagmask, svlan_tagmask; #define TAG_HASH(tag) (tag vlan_tagmask) LIST_HEAD(vlan_taghash, ifvlan)*vlan_tagh, *svlan_tagh; + +intvlan_input(struct mbuf *, void *); intvlan_output(struct ifnet *, struct mbuf *, struct sockaddr *, struct rtentry *); void vlan_start(struct ifnet *ifp); @@ -268,32 +270,44 @@ vlan_start(struct ifnet *ifp) } /* - * vlan_input() returns 0 if it has consumed the packet, 1 otherwise. + * vlan_input() returns 1 if it has consumed the packet, 0 otherwise. */ int -vlan_input(struct ether_header *eh, struct mbuf *m) +vlan_input(struct mbuf *m, void
[patch] urtwn(4) 8188eu additions
Hello, inlined patch is a compilation of fixes which were pushed into FreeBSD tree after 8188eu driver came in. It adds four new usbdevs (r270191, r273589, r282120), fixes efuse length and replaces magic numbers with proper defines (r281918), fixes efuse access (r281592, r282623), and fixes man typo. All revisions can be viewed by this url pattern: https://svnweb.freebsd.org/base?view=revisionrevision=revision Efuse changes from those revisions are overlapping, patch incorporates final version. Index: share/man/man4/urtwn.4 === RCS file: /cvs/src/share/man/man4/urtwn.4,v retrieving revision 1.33 diff -u -p -r1.33 urtwn.4 --- share/man/man4/urtwn.4 4 May 2015 14:30:06 - 1.33 +++ share/man/man4/urtwn.4 11 May 2015 12:20:23 - @@ -28,7 +28,7 @@ The driver supports USB 2.0 wireless network devices based on Realtek RTL8188CUS, RTL8188CE-VAU, RTL8188EUS, RTL8188RU and RTL8192CU chipsets. .Pp -The RTL8188CUS and RTL8188EUS are a highly integrated 802.11n adapter +The RTL8188CUS and RTL8188EUS are a highly integrated 802.11n adapters that combines a MAC, a 1T1R capable baseband and an RF in a single chip. It operates in the 2GHz spectrum only. The RTL8188RU is a high-power variant of the RTL8188CUS. @@ -98,11 +98,14 @@ The following adapters should work: .It B-Link BL-LW05-5R .It Belkin F7D1102 Surf Wireless Micro .It D-Link DWA-121 +.It D-Link DWA-123 rev D1 +.It D-Link DWA-125 rev D1 .It D-Link DWA-131 rev B .It D-Link DWA-133 .It D-Link DWA-135 .It Digitus DN-7042 .It Edimax EW-7811Un +.It Elecom WDC-150SU2M .It EDUP EP-N8508 .It Full River FR-W100NUL .It Hercules Wireless N USB Pico HWNUp-150 Index: sys/dev/usb/if_urtwn.c === RCS file: /cvs/src/sys/dev/usb/if_urtwn.c,v retrieving revision 1.46 diff -u -p -r1.46 if_urtwn.c --- sys/dev/usb/if_urtwn.c 10 May 2015 19:40:56 - 1.46 +++ sys/dev/usb/if_urtwn.c 11 May 2015 12:20:23 - @@ -126,6 +126,7 @@ static const struct usb_devno urtwn_devs { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188CU_0 }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188CU_1 }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188CU_2 }, + { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188CU_3 }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188CU_COMBO }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188CUS }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188RU }, @@ -143,6 +144,9 @@ static const struct usb_devno urtwn_devs { USB_VENDOR_TRENDNET, USB_PRODUCT_TRENDNET_RTL8192CU }, { USB_VENDOR_ZYXEL, USB_PRODUCT_ZYXEL_RTL8192CU }, /* URTWN_RTL8188E */ + { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWA123D1 }, + { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DWA125D1 }, + { USB_VENDOR_ELECOM,USB_PRODUCT_ELECOM_WDC150SU2M }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188ETV }, { USB_VENDOR_REALTEK, USB_PRODUCT_REALTEK_RTL8188EU } }; @@ -305,7 +309,10 @@ urtwn_attach(struct device *parent, stru return; } - if (uaa-product == USB_PRODUCT_REALTEK_RTL8188EU || + if (uaa-product == USB_PRODUCT_DLINK_DWA123D1 || + uaa-product == USB_PRODUCT_DLINK_DWA125D1 || + uaa-product == USB_PRODUCT_ELECOM_WDC150SU2M || + uaa-product == USB_PRODUCT_REALTEK_RTL8188EU || uaa-product == USB_PRODUCT_REALTEK_RTL8188ETV) sc-chip |= URTWN_CHIP_88E; @@ -922,6 +929,8 @@ urtwn_efuse_read(struct urtwn_softc *sc) printf(\n); } #endif + + urtwn_write_1(sc, R92C_EFUSE_ACCESS, R92C_EFUSE_ACCESS_OFF); } void @@ -929,6 +938,8 @@ urtwn_efuse_switch_power(struct urtwn_so { uint32_t reg; + urtwn_write_1(sc, R92C_EFUSE_ACCESS, R92C_EFUSE_ACCESS_ON); + reg = urtwn_read_2(sc, R92C_SYS_ISO_CTRL); if (!(reg R92C_SYS_ISO_CTRL_PWC_EV12V)) { urtwn_write_2(sc, R92C_SYS_ISO_CTRL, @@ -1014,7 +1025,7 @@ urtwn_r88e_read_rom(struct urtwn_softc * /* Read full ROM image. */ memset(sc-r88e_rom, 0xff, sizeof(sc-r88e_rom)); - while (addr 1024) { + while (addr 512) { reg = urtwn_efuse_read_1(sc, addr); if (reg == 0xff) break; @@ -1040,6 +1051,8 @@ urtwn_r88e_read_rom(struct urtwn_softc * } } + urtwn_write_1(sc, R92C_EFUSE_ACCESS, R92C_EFUSE_ACCESS_OFF); + addr = 0x10; for (i = 0; i 6; i++) sc-cck_tx_pwr[i] = sc-r88e_rom[addr++]; @@ -1178,7 +1191,7 @@ urtwn_r88e_ra_init(struct urtwn_softc *s reg = RW(reg, R92C_RRSR_RATE_BITMAP, rates); urtwn_write_4(sc, R92C_RRSR, reg); - /* + /* * Workaround for performance problems with firmware rate adaptation: * If
Re: Introducing if_output()
On 07/05/15(Thu) 11:50, Martin Pieuchot wrote: This diff is a first step towards removing all pseudo-driver #ifdef in ether_output(). As for ether_input() the goal of this work is to provide an elegant design to make it easier to turn pseudo-drivers MP-safe. So instead of including some bridge(4), vlan(4) and carp(4) specific code in ether_output(), I'd like to split this function and call the interesting chunks in bridge_output(), vlan_output() and carp_output(). The first step is to take the generic code enqueuing packets in its own function: if_output(). Sadly if_start() is still required for hfsc_deferred(). Comments, ok? I got one positive test report involving carp, gif, vether bridge but nothing else. Anybody wants to comment or ok? Index: net/bridgestp.c === RCS file: /cvs/src/sys/net/bridgestp.c,v retrieving revision 1.52 diff -u -p -r1.52 bridgestp.c --- net/bridgestp.c 14 Mar 2015 03:38:51 - 1.52 +++ net/bridgestp.c 28 Apr 2015 12:22:59 - @@ -357,7 +357,6 @@ bstp_transmit_tcn(struct bstp_state *bs, struct ifnet *ifp = bp-bp_ifp; struct ether_header *eh; struct mbuf *m; - int s, len, error; if (ifp == NULL || (ifp-if_flags IFF_RUNNING) == 0) return; @@ -382,16 +381,8 @@ bstp_transmit_tcn(struct bstp_state *bs, bpdu.tbu_bpdutype = BSTP_MSGTYPE_TCN; bcopy(bpdu, mtod(m, caddr_t) + sizeof(*eh), sizeof(bpdu)); - s = splnet(); bp-bp_txcount++; - len = m-m_pkthdr.len; - IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); - if (error == 0) { - ifp-if_obytes += len; - ifp-if_omcasts++; - if_start(ifp); - } - splx(s); + if_output(ifp, m); } void @@ -473,7 +464,7 @@ bstp_send_bpdu(struct bstp_state *bs, st struct ifnet *ifp = bp-bp_ifp; struct mbuf *m; struct ether_header *eh; - int s, len, error; + int s; s = splnet(); if (ifp == NULL || (ifp-if_flags IFF_RUNNING) == 0) @@ -521,13 +512,7 @@ bstp_send_bpdu(struct bstp_state *bs, st m-m_pkthdr.pf.prio = BSTP_IFQ_PRIO; bp-bp_txcount++; - len = m-m_pkthdr.len; - IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); - if (error == 0) { - ifp-if_obytes += len; - ifp-if_omcasts++; - if_start(ifp); - } + if_output(ifp, m); done: splx(s); } Index: net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.330 diff -u -p -r1.330 if.c --- net/if.c 23 Apr 2015 09:45:24 - 1.330 +++ net/if.c 28 Apr 2015 12:22:59 - @@ -421,7 +421,6 @@ if_attach_common(struct ifnet *ifp) void if_start(struct ifnet *ifp) { - splassert(IPL_NET); if (ifp-if_snd.ifq_len = min(8, ifp-if_snd.ifq_maxlen) @@ -439,6 +438,35 @@ if_start(struct ifnet *ifp) TAILQ_INSERT_TAIL(iftxlist, ifp, if_txlist); schednetisr(NETISR_TX); } +} + +int +if_output(struct ifnet *ifp, struct mbuf *m) +{ + int s, error = 0; + + s = splnet(); + + /* + * Queue message on interface, and start output if interface + * not yet active. + */ + IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); + if (error) { + splx(s); + return (error); + } + + ifp-if_obytes += m-m_pkthdr.len; + if (m-m_flags M_MCAST) + ifp-if_omcasts++; + + ifp-if_opackets++; + if_start(ifp); + + splx(s); + + return (0); } struct mbuf_queue if_input_queue = MBUF_QUEUE_INITIALIZER(8192, IPL_NET); Index: net/if_bridge.c === RCS file: /cvs/src/sys/net/if_bridge.c,v retrieving revision 1.235 diff -u -p -r1.235 if_bridge.c --- net/if_bridge.c 17 Apr 2015 11:04:01 - 1.235 +++ net/if_bridge.c 28 Apr 2015 12:22:59 - @@ -2683,7 +2683,6 @@ int bridge_ifenqueue(struct bridge_softc *sc, struct ifnet *ifp, struct mbuf *m) { int error, len; - short mflags; #if NGIF 0 /* Packet needs etherip encapsulation. */ @@ -2735,18 +2734,15 @@ bridge_ifenqueue(struct bridge_softc *sc } #endif len = m-m_pkthdr.len; - mflags = m-m_flags; - IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); + + error = if_output(ifp, m); if (error) { sc-sc_if.if_oerrors++; return (error); } + sc-sc_if.if_opackets++; sc-sc_if.if_obytes += len; - ifp-if_obytes += len; - if (mflags M_MCAST) - ifp-if_omcasts++; - if_start(ifp); return (0); } Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.194
Re: [patch] urtwn(4) 8188eu additions
On 2015/05/12 16:35, Mikhail wrote: Hello, inlined patch is a compilation of fixes which were pushed into FreeBSD tree after 8188eu driver came in. It adds four new usbdevs (r270191, r273589, r282120), fixes efuse length and replaces magic numbers with proper defines (r281918), fixes efuse access (r281592, r282623), and fixes man typo. All revisions can be viewed by this url pattern: https://svnweb.freebsd.org/base?view=revisionrevision=revision Efuse changes from those revisions are overlapping, patch incorporates final version. Seems reasonable to me. Minor manpage issue: Index: share/man/man4/urtwn.4 === RCS file: /cvs/src/share/man/man4/urtwn.4,v retrieving revision 1.33 diff -u -p -r1.33 urtwn.4 --- share/man/man4/urtwn.44 May 2015 14:30:06 - 1.33 +++ share/man/man4/urtwn.411 May 2015 12:20:23 - @@ -28,7 +28,7 @@ The driver supports USB 2.0 wireless network devices based on Realtek RTL8188CUS, RTL8188CE-VAU, RTL8188EUS, RTL8188RU and RTL8192CU chipsets. .Pp -The RTL8188CUS and RTL8188EUS are a highly integrated 802.11n adapter +The RTL8188CUS and RTL8188EUS are a highly integrated 802.11n adapters that combines a MAC, a 1T1R capable baseband and an RF in a single chip. It operates in the 2GHz spectrum only. Should be: The RTL8188CUS and RTL8188EUS are highly integrated 802.11n adapters that combine a MAC, a 1T1R capable baseband and an RF in a single chip. They operate in the 2GHz spectrum only. Rest is OK with me (though untested as I don't have a urtwn).
Kill NTRUNK
There's only one #if NTRUNK left in the tree, this diff gets rid of it by overwriting trunk ports' if_output(). ok? Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.196 diff -u -p -r1.196 if_ethersubr.c --- net/if_ethersubr.c 11 May 2015 08:41:43 - 1.196 +++ net/if_ethersubr.c 12 May 2015 11:29:20 - @@ -87,8 +87,6 @@ didn't get a copy, you may request one f #include sys/syslog.h #include sys/timeout.h -#include crypto/siphash.h/* required by if_trunk.h */ - #include net/if.h #include net/netisr.h #include net/route.h @@ -127,11 +125,6 @@ didn't get a copy, you may request one f #include net/if_pppoe.h #endif -#include trunk.h -#if NTRUNK 0 -#include net/if_trunk.h -#endif - #ifdef INET6 #include netinet6/in6_var.h #include netinet6/nd6.h @@ -273,13 +266,6 @@ ether_output(struct ifnet *ifp0, struct ifp-if_rdomain, rtable_l2(m-m_pkthdr.ph_rtableid), dst-sa_family); } -#endif - -#if NTRUNK 0 - /* restrict transmission on trunk members to bpf only */ - if (ifp-if_type == IFT_IEEE8023ADLAG - (m_tag_find(m, PACKET_TAG_DLT, NULL) == NULL)) - senderr(EBUSY); #endif esrc = ac-ac_enaddr; Index: net/if_trunk.c === RCS file: /cvs/src/sys/net/if_trunk.c,v retrieving revision 1.96 diff -u -p -r1.96 if_trunk.c --- net/if_trunk.c 11 May 2015 08:41:43 - 1.96 +++ net/if_trunk.c 12 May 2015 11:28:39 - @@ -66,6 +66,8 @@ void trunk_port_watchdog(struct ifnet * voidtrunk_port_state(void *); voidtrunk_port_ifdetach(void *); int trunk_port_ioctl(struct ifnet *, u_long, caddr_t); +int trunk_port_output(struct ifnet *, struct mbuf *, struct sockaddr *, + struct rtentry *); struct trunk_port *trunk_port_get(struct trunk_softc *, struct ifnet *); int trunk_port_checkstacking(struct trunk_softc *); voidtrunk_port2req(struct trunk_port *, struct trunk_reqport *); @@ -75,6 +77,7 @@ inttrunk_ether_delmulti(struct trunk_s voidtrunk_ether_purgemulti(struct trunk_softc *); int trunk_ether_cmdmulti(struct trunk_port *, u_long); int trunk_ioctl_allports(struct trunk_softc *, u_long, caddr_t); +int trunk_input(struct mbuf *, void *); voidtrunk_start(struct ifnet *); voidtrunk_init(struct ifnet *); voidtrunk_stop(struct ifnet *); @@ -354,6 +357,9 @@ trunk_port_create(struct trunk_softc *tr trunk_ifih-ifih_input = trunk_input; SLIST_INSERT_HEAD(ifp-if_inputs, trunk_ifih, ifih_next); + tp-tp_output = ifp-if_output; + ifp-if_output = trunk_port_output; + ifp-if_tp = (caddr_t)tp; tp-tp_ioctl = ifp-if_ioctl; ifp-if_ioctl = trunk_port_ioctl; @@ -450,6 +456,7 @@ trunk_port_destroy(struct trunk_port *tp ifp-if_watchdog = tp-tp_watchdog; ifp-if_ioctl = tp-tp_ioctl; + ifp-if_output = tp-tp_output; ifp-if_tp = NULL; hook_disestablish(ifp-if_linkstatehooks, tp-lh_cookie); @@ -563,6 +570,20 @@ trunk_port_ioctl(struct ifnet *ifp, u_lo error = (*tp-tp_ioctl)(ifp, cmd, data); return (error); +} + +int +trunk_port_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, +struct rtentry *rt) +{ + /* restrict transmission on trunk members to bpf only */ + if (ifp-if_type == IFT_IEEE8023ADLAG + (m_tag_find(m, PACKET_TAG_DLT, NULL) == NULL)) { + m_freem(m); + return (EBUSY); + } + + return (ether_output(ifp, m, dst, rt)); } void Index: net/if_trunk.h === RCS file: /cvs/src/sys/net/if_trunk.h,v retrieving revision 1.20 diff -u -p -r1.20 if_trunk.h --- net/if_trunk.h 11 May 2015 08:41:43 - 1.20 +++ net/if_trunk.h 12 May 2015 11:28:39 - @@ -141,6 +141,8 @@ struct trunk_port { /* Redirected callbacks */ void(*tp_watchdog)(struct ifnet *); int (*tp_ioctl)(struct ifnet *, u_long, caddr_t); + int (*tp_output)(struct ifnet *, struct mbuf *, struct sockaddr *, + struct rtentry *); SLIST_ENTRY(trunk_port) tp_entries; };
Re: Introducing if_output()
On 12/05/15(Tue) 12:15, Martin Pieuchot wrote: On 07/05/15(Thu) 11:50, Martin Pieuchot wrote: This diff is a first step towards removing all pseudo-driver #ifdef in ether_output(). As for ether_input() the goal of this work is to provide an elegant design to make it easier to turn pseudo-drivers MP-safe. So instead of including some bridge(4), vlan(4) and carp(4) specific code in ether_output(), I'd like to split this function and call the interesting chunks in bridge_output(), vlan_output() and carp_output(). The first step is to take the generic code enqueuing packets in its own function: if_output(). Sadly if_start() is still required for hfsc_deferred(). Comments, ok? I got one positive test report involving carp, gif, vether bridge but nothing else. Rafael Zalamena pointed a double if_opackets increment in vlan, diff below fixes that. This version also left the net80211 bits out because wireless interfaces does no play well with IFXF_TXREADY hack... Anybody wants to comment or ok? Index: sys/net/bridgestp.c === RCS file: /cvs/src/sys/net/bridgestp.c,v retrieving revision 1.54 diff -u -p -r1.54 bridgestp.c --- sys/net/bridgestp.c 12 May 2015 12:35:10 - 1.54 +++ sys/net/bridgestp.c 12 May 2015 12:40:47 - @@ -353,7 +353,6 @@ bstp_transmit_tcn(struct bstp_state *bs, struct ifnet *ifp = bp-bp_ifp; struct ether_header *eh; struct mbuf *m; - int s, len, error; if (ifp == NULL || (ifp-if_flags IFF_RUNNING) == 0) return; @@ -378,16 +377,8 @@ bstp_transmit_tcn(struct bstp_state *bs, bpdu.tbu_bpdutype = BSTP_MSGTYPE_TCN; bcopy(bpdu, mtod(m, caddr_t) + sizeof(*eh), sizeof(bpdu)); - s = splnet(); bp-bp_txcount++; - len = m-m_pkthdr.len; - IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); - if (error == 0) { - ifp-if_obytes += len; - ifp-if_omcasts++; - if_start(ifp); - } - splx(s); + if_output(ifp, m); } void @@ -469,7 +460,7 @@ bstp_send_bpdu(struct bstp_state *bs, st struct ifnet *ifp = bp-bp_ifp; struct mbuf *m; struct ether_header *eh; - int s, len, error; + int s; s = splnet(); if (ifp == NULL || (ifp-if_flags IFF_RUNNING) == 0) @@ -517,13 +508,7 @@ bstp_send_bpdu(struct bstp_state *bs, st m-m_pkthdr.pf.prio = BSTP_IFQ_PRIO; bp-bp_txcount++; - len = m-m_pkthdr.len; - IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); - if (error == 0) { - ifp-if_obytes += len; - ifp-if_omcasts++; - if_start(ifp); - } + if_output(ifp, m); done: splx(s); } Index: sys/net/if.c === RCS file: /cvs/src/sys/net/if.c,v retrieving revision 1.330 diff -u -p -r1.330 if.c --- sys/net/if.c23 Apr 2015 09:45:24 - 1.330 +++ sys/net/if.c12 May 2015 12:40:47 - @@ -441,6 +441,35 @@ if_start(struct ifnet *ifp) } } +int +if_output(struct ifnet *ifp, struct mbuf *m) +{ + int s, error = 0; + + s = splnet(); + + /* +* Queue message on interface, and start output if interface +* not yet active. +*/ + IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); + if (error) { + splx(s); + return (error); + } + + ifp-if_obytes += m-m_pkthdr.len; + if (m-m_flags M_MCAST) + ifp-if_omcasts++; + + ifp-if_opackets++; + if_start(ifp); + + splx(s); + + return (0); +} + struct mbuf_queue if_input_queue = MBUF_QUEUE_INITIALIZER(8192, IPL_NET); struct task if_input_task = TASK_INITIALIZER(if_input_process, if_input_queue); Index: sys/net/if_bridge.c === RCS file: /cvs/src/sys/net/if_bridge.c,v retrieving revision 1.237 diff -u -p -r1.237 if_bridge.c --- sys/net/if_bridge.c 7 May 2015 01:55:43 - 1.237 +++ sys/net/if_bridge.c 12 May 2015 12:40:48 - @@ -2693,7 +2693,6 @@ int bridge_ifenqueue(struct bridge_softc *sc, struct ifnet *ifp, struct mbuf *m) { int error, len; - short mflags; #if NGIF 0 /* Packet needs etherip encapsulation. */ @@ -2745,18 +2744,15 @@ bridge_ifenqueue(struct bridge_softc *sc } #endif len = m-m_pkthdr.len; - mflags = m-m_flags; - IFQ_ENQUEUE(ifp-if_snd, m, NULL, error); + + error = if_output(ifp, m); if (error) { sc-sc_if.if_oerrors++; return (error); } + sc-sc_if.if_opackets++; sc-sc_if.if_obytes += len; - ifp-if_obytes += len; - if (mflags M_MCAST) - ifp-if_omcasts++; - if_start(ifp); return (0); } Index: sys/net/if_ethersubr.c
Re: Brainy: Kernel Use-after-free Memory Leak in hifn
On Mon, May 11, 2015 at 22:11 +0200, Maxime Villard wrote: Hi, I put here two bugs among others: sys/dev/pci/hifn7751.c 2757 if (!(m0-m_flags M_EXT)) m_freem(m0); len = MCLBYTES; totlen -= len; m0-m_pkthdr.len = m0-m_len = len; mlast = m0; Use-after-free with 'm0'. sys/dev/pci/hifn7751.c 2766 MGET(m, M_DONTWAIT, MT_DATA); if (m == NULL) { m_freem(m0); return (NULL); } MCLGET(m, M_DONTWAIT); if (!(m-m_flags M_EXT)) { m_freem(m0); return (NULL); } len = MCLBYTES; 'm' is leaked. Found by The Brainy Code Scanner. Maxime Fixed in -current. Thanks for reporting!
rework armv7 board name handling
Instead of hard coding board names twice use an array and put the value in hw_prod so it will show up in sysctl. This omits setting hw_vendor as fdt sets just one string and we'll likely move to that at some point. The printf from before copyright changes to the decimal machine id/board id. Index: armv7/armv7/armv7.c === RCS file: /cvs/src/sys/arch/armv7/armv7/armv7.c,v retrieving revision 1.8 diff -u -p -r1.8 armv7.c --- armv7/armv7/armv7.c 12 May 2015 04:40:31 - 1.8 +++ armv7/armv7/armv7.c 13 May 2015 03:30:43 - @@ -388,6 +388,8 @@ armv7_match(struct device *parent, void return (1); } +extern char *hw_prod; + void armv7_attach(struct device *parent, struct device *self, void *aux) { @@ -398,78 +400,60 @@ armv7_attach(struct device *parent, stru switch (board_id) { case BOARD_ID_IMX6_CUBOXI: - printf(: i.MX6 SolidRun CuBox-i\n); - imx6_init(); - sc-sc_board_devs = hummingboard_devs; - break; case BOARD_ID_IMX6_HUMMINGBOARD: - printf(: i.MX6 SolidRun HummingBoard\n); imx6_init(); sc-sc_board_devs = hummingboard_devs; break; case BOARD_ID_IMX6_PHYFLEX: - printf(: PhyFLEX-i.MX6\n); imx6_init(); sc-sc_board_devs = phyflex_imx6_devs; break; case BOARD_ID_IMX6_SABRELITE: - printf(: i.MX6 SABRE Lite\n); imx6_init(); sc-sc_board_devs = sabrelite_devs; break; case BOARD_ID_IMX6_SABRESD: - printf(: i.MX6 SABRE SD\n); imx6_init(); sc-sc_board_devs = sabresd_devs; break; case BOARD_ID_IMX6_UDOO: - printf(: i.MX6 UDOO\n); imx6_init(); sc-sc_board_devs = udoo_devs; break; case BOARD_ID_IMX6_UTILITE: - printf(: i.MX6 Utilite\n); imx6_init(); sc-sc_board_devs = utilite_devs; break; case BOARD_ID_IMX6_NOVENA: - printf(: i.MX6 Novena\n); imx6_init(); sc-sc_board_devs = novena_devs; break; case BOARD_ID_IMX6_WANDBOARD: - printf(: i.MX6 Wandboard\n); imx6_init(); sc-sc_board_devs = wandboard_devs; break; case BOARD_ID_OMAP3_BEAGLE: - printf(: BeagleBoard\n); omap3_init(); sc-sc_board_devs = beagleboard_devs; break; case BOARD_ID_AM335X_BEAGLEBONE: - printf(: BeagleBone\n); am335x_init(); sc-sc_board_devs = beaglebone_devs; break; case BOARD_ID_OMAP3_OVERO: - printf(: Gumstix Overo\n); omap3_init(); sc-sc_board_devs = overo_devs; break; case BOARD_ID_OMAP4_PANDA: - printf(: PandaBoard\n); omap4_init(); sc-sc_board_devs = pandaboard_devs; break; case BOARD_ID_SUN4I_A10: - printf(: A1X\n); sxia1x_init(); sc-sc_board_devs = sun4i_devs; issunxi = 1; break; case BOARD_ID_SUN7I_A20: - printf(: A20\n); sxia20_init(); sc-sc_board_devs = sun7i_devs; issunxi = 1; @@ -478,6 +462,10 @@ armv7_attach(struct device *parent, stru printf(\n); panic(%s: board type 0x%x unknown, __func__, board_id); } + + if (hw_prod) + printf(: %s, hw_prod); + printf(\n); if (issunxi) { /* Index: armv7/armv7/armv7_machdep.c === RCS file: /cvs/src/sys/arch/armv7/armv7/armv7_machdep.c,v retrieving revision 1.21 diff -u -p -r1.21 armv7_machdep.c --- armv7/armv7/armv7_machdep.c 12 May 2015 04:31:10 - 1.21 +++ armv7/armv7/armv7_machdep.c 13 May 2015 03:30:43 - @@ -755,7 +755,7 @@ initarm(void *arg0, void *arg1, void *ar if (boothowto RB_KDB) Debugger(); #endif - platform_print_board_type(); + printf(board type: %u\n, board_id); /* We return the new stack pointer address */ return(kernelstack.pv_va + USPACE_SVC_STACK_TOP); Index: armv7/armv7/autoconf.c === RCS file: /cvs/src/sys/arch/armv7/armv7/autoconf.c,v retrieving revision 1.1 diff -u -p -r1.1 autoconf.c --- armv7/armv7/autoconf.c 4 Sep 2013 14:38:25 - 1.1 +++ armv7/armv7/autoconf.c 13 May 2015 03:30:43 - @@ -53,6 +53,8 @@ #include machine/bootconfig.h
Re: [ping] dump -U by default
Philip Guenther guent...@gmail.com writes: Can we suppress the device form if there's a matching DUID entry? Okay. The DUID/device dance is not that easy (at least for me). So here is a new patch that should work. For your issue, I choose to convert dumpdates entries to DUID (when possible) at read time so dump now has the following features/drawbacks: - All dumpdates entries (of present devices) will be converted to DUID at the next dump (even those that are not being dumped). - Even a dump -w/W tries to opendev the device (in order to find its UID). Index: dump.h === RCS file: /cvs/src/sbin/dump/dump.h,v retrieving revision 1.23 diff -u -p -r1.23 dump.h --- dump.h 3 May 2015 01:44:34 - 1.23 +++ dump.h 12 May 2015 08:42:02 - @@ -125,6 +125,7 @@ __dead void dumpabort(int signo); void getfstab(void); char *rawname(char *cp); +char *getduid(char *path); union dinode *getino(ino_t inum, int *mode); /* rdump routines */ Index: itime.c === RCS file: /cvs/src/sbin/dump/itime.c,v retrieving revision 1.20 diff -u -p -r1.20 itime.c --- itime.c 3 May 2015 01:44:34 - 1.20 +++ itime.c 12 May 2015 08:42:02 - @@ -251,6 +251,11 @@ makedumpdate(struct dumpdates *ddp, char if (sscanf(tbuf, DUMPINFMT, ddp-dd_name, ddp-dd_level, un_buf) != 3) return(-1); + str = getduid(ddp-dd_name); + if (str != NULL) { + strncpy(ddp-dd_name, str, NAME_MAX+3); + free(str); + } str = strptime(un_buf, %a %b %e %H:%M:%S %Y, then); then.tm_isdst = -1; if (str == NULL || (*str != '\n' *str != '\0')) Index: main.c === RCS file: /cvs/src/sbin/dump/main.c,v retrieving revision 1.55 diff -u -p -r1.55 main.c --- main.c 3 May 2015 01:44:34 - 1.55 +++ main.c 12 May 2015 08:42:02 - @@ -363,7 +363,13 @@ main(int argc, char *argv[]) } } else if ((dt = fstabsearch(disk)) != NULL) { /* in fstab? */ - disk = rawname(dt-fs_spec); + if (strchr(dt-fs_spec, '/')) { + /* fs_spec is a /dev/something */ + disk = rawname(dt-fs_spec); + } else { + /* fs_spec is a DUID */ + disk = rawname(disk); + } mount_point = dt-fs_file; (void)strlcpy(spcl.c_dev, dt-fs_spec, sizeof(spcl.c_dev)); if (dirlist != 0) { @@ -649,13 +655,52 @@ rawname(char *cp) { static char rawbuf[PATH_MAX]; char *dp = strrchr(cp, '/'); + char *prefix; if (dp == NULL) return (NULL); + if (*(dp + 1) == 'r') { + prefix = ; + } else { + prefix = r; + } *dp = '\0'; - (void)snprintf(rawbuf, sizeof(rawbuf), %s/r%s, cp, dp + 1); + (void)snprintf(rawbuf, sizeof(rawbuf), %s/%s%s, cp, prefix, dp + 1); *dp = '/'; return (rawbuf); +} + +char * +getduid(char *path) +{ + int fd; + struct disklabel lab; + u_int64_t zero_uid = 0; + char *duid; + + if ((fd = opendev(path, O_RDONLY | O_NOFOLLOW, 0, NULL)) = 0) { + if (ioctl(fd, DIOCGDINFO, (char *)lab) 0) { + close(fd); + warn(ioctl(DIOCGDINFO)); + return (NULL); + } + + if (memcmp(lab.d_uid, zero_uid, sizeof(lab.d_uid)) != 0) { + if (asprintf(duid, + %02hhx%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx%02hhx.%c, +lab.d_uid[0], lab.d_uid[1], lab.d_uid[2], +lab.d_uid[3], lab.d_uid[4], lab.d_uid[5], +lab.d_uid[6], lab.d_uid[7], +path[strlen(path)-1]) == -1) { + close(fd); + warn(Cannot malloc duid); + return (NULL); + } + return (duid); + } + } + + return (NULL); } /* Index: optr.c === RCS file: /cvs/src/sbin/dump/optr.c,v retrieving revision 1.36 diff -u -p -r1.36 optr.c --- optr.c 15 Mar 2015 00:41:27 - 1.36 +++ optr.c 12 May 2015 08:42:02 - @@ -337,7 +337,7 @@ fstabsearch(char *key) { struct pfstab *pf; struct fstab *fs; - char *rn; + char *rn, *uid; for (pf = table; pf != NULL; pf = pf-pf_next) { fs = pf-pf_fstab; @@ -347,6 +347,13 @@ fstabsearch(char *key)
Re: Brainy: Kernel Use-after-free Memory Leak in hifn
On Mon, 11 May 2015 22:11:10 +0200 Maxime Villard m...@m00nbsd.net wrote: Hi, I put here two bugs among others: sys/dev/pci/hifn7751.c 2757 if (!(m0-m_flags M_EXT)) m_freem(m0); len = MCLBYTES; totlen -= len; m0-m_pkthdr.len = m0-m_len = len; mlast = m0; Use-after-free with 'm0'. sys/dev/pci/hifn7751.c 2766 MGET(m, M_DONTWAIT, MT_DATA); if (m == NULL) { m_freem(m0); return (NULL); } MCLGET(m, M_DONTWAIT); if (!(m-m_flags M_EXT)) { m_freem(m0); return (NULL); } len = MCLBYTES; 'm' is leaked. Found by The Brainy Code Scanner. Maxime If there are any other unresolved bugs your code scanner has found, please do report them. It's better for everyone. Is there any chance you would one day open source it, or tell us what it is based on? :) Thanks anyway!
Re: Kill NTRUNK
On Tue, May 12, 2015 at 01:34:20PM +0200, Martin Pieuchot wrote: There's only one #if NTRUNK left in the tree, this diff gets rid of it by overwriting trunk ports' if_output(). ok? Looks good to me. Lets try to layer stuff properly. OK claudio@ Index: net/if_ethersubr.c === RCS file: /cvs/src/sys/net/if_ethersubr.c,v retrieving revision 1.196 diff -u -p -r1.196 if_ethersubr.c --- net/if_ethersubr.c11 May 2015 08:41:43 - 1.196 +++ net/if_ethersubr.c12 May 2015 11:29:20 - @@ -87,8 +87,6 @@ didn't get a copy, you may request one f #include sys/syslog.h #include sys/timeout.h -#include crypto/siphash.h /* required by if_trunk.h */ - #include net/if.h #include net/netisr.h #include net/route.h @@ -127,11 +125,6 @@ didn't get a copy, you may request one f #include net/if_pppoe.h #endif -#include trunk.h -#if NTRUNK 0 -#include net/if_trunk.h -#endif - #ifdef INET6 #include netinet6/in6_var.h #include netinet6/nd6.h @@ -273,13 +266,6 @@ ether_output(struct ifnet *ifp0, struct ifp-if_rdomain, rtable_l2(m-m_pkthdr.ph_rtableid), dst-sa_family); } -#endif - -#if NTRUNK 0 - /* restrict transmission on trunk members to bpf only */ - if (ifp-if_type == IFT_IEEE8023ADLAG - (m_tag_find(m, PACKET_TAG_DLT, NULL) == NULL)) - senderr(EBUSY); #endif esrc = ac-ac_enaddr; Index: net/if_trunk.c === RCS file: /cvs/src/sys/net/if_trunk.c,v retrieving revision 1.96 diff -u -p -r1.96 if_trunk.c --- net/if_trunk.c11 May 2015 08:41:43 - 1.96 +++ net/if_trunk.c12 May 2015 11:28:39 - @@ -66,6 +66,8 @@ void trunk_port_watchdog(struct ifnet * void trunk_port_state(void *); void trunk_port_ifdetach(void *); int trunk_port_ioctl(struct ifnet *, u_long, caddr_t); +int trunk_port_output(struct ifnet *, struct mbuf *, struct sockaddr *, + struct rtentry *); struct trunk_port *trunk_port_get(struct trunk_softc *, struct ifnet *); int trunk_port_checkstacking(struct trunk_softc *); void trunk_port2req(struct trunk_port *, struct trunk_reqport *); @@ -75,6 +77,7 @@ int trunk_ether_delmulti(struct trunk_s void trunk_ether_purgemulti(struct trunk_softc *); int trunk_ether_cmdmulti(struct trunk_port *, u_long); int trunk_ioctl_allports(struct trunk_softc *, u_long, caddr_t); +int trunk_input(struct mbuf *, void *); void trunk_start(struct ifnet *); void trunk_init(struct ifnet *); void trunk_stop(struct ifnet *); @@ -354,6 +357,9 @@ trunk_port_create(struct trunk_softc *tr trunk_ifih-ifih_input = trunk_input; SLIST_INSERT_HEAD(ifp-if_inputs, trunk_ifih, ifih_next); + tp-tp_output = ifp-if_output; + ifp-if_output = trunk_port_output; + ifp-if_tp = (caddr_t)tp; tp-tp_ioctl = ifp-if_ioctl; ifp-if_ioctl = trunk_port_ioctl; @@ -450,6 +456,7 @@ trunk_port_destroy(struct trunk_port *tp ifp-if_watchdog = tp-tp_watchdog; ifp-if_ioctl = tp-tp_ioctl; + ifp-if_output = tp-tp_output; ifp-if_tp = NULL; hook_disestablish(ifp-if_linkstatehooks, tp-lh_cookie); @@ -563,6 +570,20 @@ trunk_port_ioctl(struct ifnet *ifp, u_lo error = (*tp-tp_ioctl)(ifp, cmd, data); return (error); +} + +int +trunk_port_output(struct ifnet *ifp, struct mbuf *m, struct sockaddr *dst, +struct rtentry *rt) +{ + /* restrict transmission on trunk members to bpf only */ + if (ifp-if_type == IFT_IEEE8023ADLAG + (m_tag_find(m, PACKET_TAG_DLT, NULL) == NULL)) { + m_freem(m); + return (EBUSY); + } + + return (ether_output(ifp, m, dst, rt)); } void Index: net/if_trunk.h === RCS file: /cvs/src/sys/net/if_trunk.h,v retrieving revision 1.20 diff -u -p -r1.20 if_trunk.h --- net/if_trunk.h11 May 2015 08:41:43 - 1.20 +++ net/if_trunk.h12 May 2015 11:28:39 - @@ -141,6 +141,8 @@ struct trunk_port { /* Redirected callbacks */ void(*tp_watchdog)(struct ifnet *); int (*tp_ioctl)(struct ifnet *, u_long, caddr_t); + int (*tp_output)(struct ifnet *, struct mbuf *, struct sockaddr *, + struct rtentry *); SLIST_ENTRY(trunk_port) tp_entries; }; -- :wq Claudio