Now
MAIN commitmail json YAML
mips/cavium: Simplify membars around interrupt establishment.
Previously I used xc_barrier to ensure the initialization of the
struct octeon_intrhand was witnessed on all CPUs before publishing
it, in order to avoid needing any barrier on the usage side to be
issued by the interrupt handler.
But there's no need to avoid atomic_load_consume at time of
interrupt: on MIPS it's the same as atomic_load_relaxed anyway, so
there's no additional memory barrier cost here.
Previously I used xc_barrier to ensure the initialization of the
struct octeon_intrhand was witnessed on all CPUs before publishing
it, in order to avoid needing any barrier on the usage side to be
issued by the interrupt handler.
But there's no need to avoid atomic_load_consume at time of
interrupt: on MIPS it's the same as atomic_load_relaxed anyway, so
there's no additional memory barrier cost here.
MAIN commitmail json YAML
igpio(4): Use device_xname, not struct device members.
MAIN commitmail json YAML
igpio(4): Nix trailing whitespace.
(setq show-trailing-whitespace t), M-x delete-trailing-whitespace
(setq show-trailing-whitespace t), M-x delete-trailing-whitespace
MAIN commitmail json YAML
vfs(9): Add missing vnode lock around VOP_CLOSE in vfs_mountroot.
Maybe vnode_if.c should be taught to KASSERT the vnode lock now that
locks always work.
Maybe vnode_if.c should be taught to KASSERT the vnode lock now that
locks always work.
MAIN commitmail json YAML
entropy(9): Call entropy_softintr while bound to CPU.
It looks like We tripped on the new assertion in entropy_account_cpu
when there was pending entropy on cpu0 running lwp0 when xc_broadcast
ran -- since xc_broadcast calls the function directly rather than
calling it through softint_schedule, it's not called via the softint
lwp which would satisfy the assertion.
It looks like We tripped on the new assertion in entropy_account_cpu
when there was pending entropy on cpu0 running lwp0 when xc_broadcast
ran -- since xc_broadcast calls the function directly rather than
calling it through softint_schedule, it's not called via the softint
lwp which would satisfy the assertion.
MAIN commitmail json YAML
mips/cavium: Fix membars around establishing interrupt handlers.
MAIN commitmail json YAML
viornd(4): Process host entropy in softint context.
Samples added to the entropy pool in hard interrupt context are only
buffered, never processed directly, and if they fill the buffer, the
sample is dropped -- this serves to encourage taking timing samples
in hard interrupt context because it's cheap, and we have no idea how
many samples we really need for full entropy so it's safer to err on
the side of `as many as we can get'.
But for viornd(4), we assume the host has full entropy so we only
need a single 32-byte sample, and we want to avoid dropping it so we
get full entropy ASAP. Entering the sample in a soft interrupt
rather than hard interrupt achieves this.
Samples added to the entropy pool in hard interrupt context are only
buffered, never processed directly, and if they fill the buffer, the
sample is dropped -- this serves to encourage taking timing samples
in hard interrupt context because it's cheap, and we have no idea how
many samples we really need for full entropy so it's safer to err on
the side of `as many as we can get'.
But for viornd(4), we assume the host has full entropy so we only
need a single 32-byte sample, and we want to avoid dropping it so we
get full entropy ASAP. Entering the sample in a soft interrupt
rather than hard interrupt achieves this.
MAIN commitmail json YAML
entropy(9): Include <sys/lwp.h> and <sys/proc.h> explicitly.
Now that we use curlwp, struct lwp::l_pflag, and LP_BOUND, let's not
rely on side-loads from other .h files.
Now that we use curlwp, struct lwp::l_pflag, and LP_BOUND, let's not
rely on side-loads from other .h files.
MAIN commitmail json YAML
entropy(9): Bind to CPU temporarily to avoid race with lwp migration.
More fallout from the IPL_VM->IPL_SOFTSERIAL change.
In entropy_enter, there is a window when the lwp can be migrated to
another CPU:
ec = entropy_cpu_get();
...
pending = ec->ec_pending + ...;
...
entropy_cpu_put();
/* lwp migration possible here */
if (pending)
entropy_account_cpu(ec);
If this happens, we may trip over any of several problems in
entropy_account_cpu because it assumes ec is the current CPU's state
in order to decide whether we have anything to contribute from the
local pool to the global pool.
No need to do this in entropy_softintr because softints are bound to
the CPU anyway.
More fallout from the IPL_VM->IPL_SOFTSERIAL change.
In entropy_enter, there is a window when the lwp can be migrated to
another CPU:
ec = entropy_cpu_get();
...
pending = ec->ec_pending + ...;
...
entropy_cpu_put();
/* lwp migration possible here */
if (pending)
entropy_account_cpu(ec);
If this happens, we may trip over any of several problems in
entropy_account_cpu because it assumes ec is the current CPU's state
in order to decide whether we have anything to contribute from the
local pool to the global pool.
No need to do this in entropy_softintr because softints are bound to
the CPU anyway.
MAIN commitmail json YAML
autoconf(9): Enter more timing samples into entropy pool.
Previously, we sampled the time of each _failed_ config_search. I'm
not sure why -- there was no explanation in the comment or the commit
message introducing this in rev. 1.230.2.1 on tls-earlyentropy.
With this change, we sample the time of _every_ search including the
successful ones -- and also measure the time to attach which often
includes things like probing device registers, triggering device
reset and waiting for it to post, &c.
Previously, we sampled the time of each _failed_ config_search. I'm
not sure why -- there was no explanation in the comment or the commit
message introducing this in rev. 1.230.2.1 on tls-earlyentropy.
With this change, we sample the time of _every_ search including the
successful ones -- and also measure the time to attach which often
includes things like probing device registers, triggering device
reset and waiting for it to post, &c.
MAIN commitmail json YAML
entropy(9): Make rnd_lock_sources work while cold.
x86 uses entropy_extract verrrrrry early. Fixes mistake in previous
that did not manifest in my testing on aarch64, which does not use it
so early.
x86 uses entropy_extract verrrrrry early. Fixes mistake in previous
that did not manifest in my testing on aarch64, which does not use it
so early.
MAIN commitmail json YAML
src/share/man/man4/rnd.4@1.40
/
diff
/
nxr@1.40
src/share/man/man7/entropy.7@1.4 / diff / nxr@1.4
src/sys/kern/kern_entropy.c@1.50 / diff / nxr@1.50
src/share/man/man7/entropy.7@1.4 / diff / nxr@1.4
src/sys/kern/kern_entropy.c@1.50 / diff / nxr@1.50
entropy(9): Improve entropy warning messages and documentation.
- For the main warning message, use less jargon, say `security', and
cite the entropy(7) man page for further reading. Document this in
rnd(4) and entropy(7).
- For the debug-only warning message, say `entropy' only once and omit
it from the rnd(4) man page -- it's not very important unless you're
debugging the kernel in which case you probably know what you're
doing enough to not need the text explained in the man page.
- For the main warning message, use less jargon, say `security', and
cite the entropy(7) man page for further reading. Document this in
rnd(4) and entropy(7).
- For the debug-only warning message, say `entropy' only once and omit
it from the rnd(4) man page -- it's not very important unless you're
debugging the kernel in which case you probably know what you're
doing enough to not need the text explained in the man page.
MAIN commitmail json YAML
entropy(9): Fix premature optimization deadlock in entropy_request.
- For synchronous queries from /dev/random, which are waiting for
entropy to be ready, wait for concurrent access -- e.g., concurrent
rnd_detach_source -- to finish, and make sure to request entropy
from all sources (unless we're interrupted by a signal).
- When invoked through softint context (e.g., cprng_fast_intr ->
cprng_strong -> entropy_extract), don't wait, because we're
forbidden from waiting anyway.
- For entropy_bootrequest, wait but don't bother failing on signal
because this only happens in kthread context, not in userland
process context, so there can't be signals.
Nix rnd_trylock_sources; use the same entropy_extract flags
(ENTROPY_WAIT, ENTROPY_SIG) for rnd_lock_sources.
- For synchronous queries from /dev/random, which are waiting for
entropy to be ready, wait for concurrent access -- e.g., concurrent
rnd_detach_source -- to finish, and make sure to request entropy
from all sources (unless we're interrupted by a signal).
- When invoked through softint context (e.g., cprng_fast_intr ->
cprng_strong -> entropy_extract), don't wait, because we're
forbidden from waiting anyway.
- For entropy_bootrequest, wait but don't bother failing on signal
because this only happens in kthread context, not in userland
process context, so there can't be signals.
Nix rnd_trylock_sources; use the same entropy_extract flags
(ENTROPY_WAIT, ENTROPY_SIG) for rnd_lock_sources.
MAIN commitmail json YAML
Revert "entropy(9): Nix rnd_trylock_sources."
Not a premature optimization after all -- this is necessary because
entropy_request can run in softint context, where the cv_wait_sig in
rnd_lock_sources is forbidden. Need to do this another way.
Not a premature optimization after all -- this is necessary because
entropy_request can run in softint context, where the cv_wait_sig in
rnd_lock_sources is forbidden. Need to do this another way.
MAIN commitmail json YAML
entropy(9): Nix rnd_trylock_sources.
This was a premature optimization that turned out to be bogus. It's
not harmful to request more than we need from drivers, so let's not
go out of our way to avoid that.
This was a premature optimization that turned out to be bogus. It's
not harmful to request more than we need from drivers, so let's not
go out of our way to avoid that.
MAIN commitmail json YAML
ualea(4): Enter the data under the softc lock.
This avoids a race with a concurrent ualea_get updating sc_needed,
which could lead to hang when requesting more entropy.
ualea(4) now survives
sysctl -w kern.entropy.depletion=1
cat </dev/random >/dev/null &
cat </dev/random >/dev/null &
without hanging for longer (even if yanked and reinserted in the
middle, although the detach path is not relevant to the bug this
change fixes).
This avoids a race with a concurrent ualea_get updating sc_needed,
which could lead to hang when requesting more entropy.
ualea(4) now survives
sysctl -w kern.entropy.depletion=1
cat </dev/random >/dev/null &
cat </dev/random >/dev/null &
without hanging for longer (even if yanked and reinserted in the
middle, although the detach path is not relevant to the bug this
change fixes).
MAIN commitmail json YAML
entropy(9): Fix another new race in entropy_account_cpu.
The consolidation xcall can preempt entropy_enter, between when it
unlocks the per-CPU state and when it calls entropy_account_cpu, with
the effect of setting ec->ec_pending=0.
Previously this was impossible because we called entropy_account_cpu
with the per-CPU state still locked, but that doesn't work now that
the global entropy lock is an adaptive lock which might sleep which
is forbidden while the per-CPU state is locked.
The consolidation xcall can preempt entropy_enter, between when it
unlocks the per-CPU state and when it calls entropy_account_cpu, with
the effect of setting ec->ec_pending=0.
Previously this was impossible because we called entropy_account_cpu
with the per-CPU state still locked, but that doesn't work now that
the global entropy lock is an adaptive lock which might sleep which
is forbidden while the per-CPU state is locked.
MAIN commitmail json YAML
entropy(9): Shuffle some assertions around.
Tripped over (diff || E->pending == ENTROPY_CAPACITY*NBBY), not sure
why yet, printing values will help.
No functional change intended.
Tripped over (diff || E->pending == ENTROPY_CAPACITY*NBBY), not sure
why yet, printing values will help.
No functional change intended.
MAIN commitmail json YAML
entropy(9): Lock the per-CPU state in entropy_account_cpu.
This was previously called with the per-CPU state locked, which
worked fine as long as the global entropy lock was a spin lock so
acquiring it would never sleep. Now it's an adaptive lock, so it's
not safe to take with the per-CPU state lock -- but we still need to
prevent reentrant access to the per-CPU entropy pool by interrupt
handlers while we're extracting from it. So now the logic for
entering a sample is:
- lock per-CPU state
- entpool_enter
- unlock per-CPU state
- if anything pending on this CPU and it's time to consolidate:
- lock global entropy state
- lock per-CPU state
- transfer
- unlock per-CPU state
- unlock global entropy state
This was previously called with the per-CPU state locked, which
worked fine as long as the global entropy lock was a spin lock so
acquiring it would never sleep. Now it's an adaptive lock, so it's
not safe to take with the per-CPU state lock -- but we still need to
prevent reentrant access to the per-CPU entropy pool by interrupt
handlers while we're extracting from it. So now the logic for
entering a sample is:
- lock per-CPU state
- entpool_enter
- unlock per-CPU state
- if anything pending on this CPU and it's time to consolidate:
- lock global entropy state
- lock per-CPU state
- transfer
- unlock per-CPU state
- unlock global entropy state
MAIN commitmail json YAML
entropy(9): Factor out logic to lock and unlock per-CPU state.
No functional change intended.
No functional change intended.
MAIN commitmail json YAML
ualea(4): Simplify xfer error branches.
- Avoid going into a loop in case the transfer fails repeatedly --
just give up immediately if it fails.
- Assert result size is reasonable; no need to assume usbdi(9) is
malicious. If it can return ux_actlen > ux_length, that's a bug in
usbdi(9) that we should fix.
- Avoid going into a loop in case the transfer fails repeatedly --
just give up immediately if it fails.
- Assert result size is reasonable; no need to assume usbdi(9) is
malicious. If it can return ux_actlen > ux_length, that's a bug in
usbdi(9) that we should fix.
MAIN commitmail json YAML
ualea(4): Fix detach and error paths.
- Set sc_needed before aborting the pipe to prevent the xfer callback
from rescheduling itself.
- Make sure all paths out of the xfer callback clear sc_inflight.
While here, use device_printf instead of aprint_* after attach.
Now my system survives repeated insertion and yanking of ualea(4)
during:
sysctl -w kern.entropy.depletion=1
cat </dev/random >/dev/null
- Set sc_needed before aborting the pipe to prevent the xfer callback
from rescheduling itself.
- Make sure all paths out of the xfer callback clear sc_inflight.
While here, use device_printf instead of aprint_* after attach.
Now my system survives repeated insertion and yanking of ualea(4)
during:
sysctl -w kern.entropy.depletion=1
cat </dev/random >/dev/null
MAIN commitmail json YAML
usbdi(9): Make sure aborting a pipe waits for all callbacks.
There may be a callback in flight from an xfer that has already been
taken off the queue by the time usbd_ar_pipe gets to it. We must
guarantee that even that callback has completed before returning
control to the caller.
There may be a callback in flight from an xfer that has already been
taken off the queue by the time usbd_ar_pipe gets to it. We must
guarantee that even that callback has completed before returning
control to the caller.
MAIN commitmail json YAML
entropy(9): Avoid reentrance to per-CPU state from sleeping on lock.
Changing the global entropy lock from IPL_VM to IPL_SOFTSERIAL meant
it went from being a spin lock, which blocks preemption, to being an
adaptive lock, which might sleep -- and allow other threads to run
concurrently with the softint, even if those threads have softints
blocked with splsoftserial.
This manifested as KASSERT(!ec->ec_locked) triggering in
entropy_consolidate_xc -- presumably entropy_softintr slept on the
global entropy lock while holding the per-CPU state locked with
ec->ec_locked, and then entropy_consolidate_xc ran.
Instead, to protect access to the per-CPU state without taking a
global lock, defer entropy_account_cpu until after ec->ec_locked is
cleared. This way, we never sleep while holding ec->ec_locked, nor
do we incur any contention on shared memory when entering entropy
unless we're about to distribute it. To verify this, sprinkle in
assertions that curlwp->l_ncsw hasn't changed by the time we release
ec->ec_locked.
Changing the global entropy lock from IPL_VM to IPL_SOFTSERIAL meant
it went from being a spin lock, which blocks preemption, to being an
adaptive lock, which might sleep -- and allow other threads to run
concurrently with the softint, even if those threads have softints
blocked with splsoftserial.
This manifested as KASSERT(!ec->ec_locked) triggering in
entropy_consolidate_xc -- presumably entropy_softintr slept on the
global entropy lock while holding the per-CPU state locked with
ec->ec_locked, and then entropy_consolidate_xc ran.
Instead, to protect access to the per-CPU state without taking a
global lock, defer entropy_account_cpu until after ec->ec_locked is
cleared. This way, we never sleep while holding ec->ec_locked, nor
do we incur any contention on shared memory when entering entropy
unless we're about to distribute it. To verify this, sprinkle in
assertions that curlwp->l_ncsw hasn't changed by the time we release
ec->ec_locked.
MAIN commitmail json YAML
usb: Insert assertion to diagnose ud_cdesc/ud_ifaces inconsistency.
Syzbot found a way to see ud_cdesc=NULL but ud_ifaces!=NULL:
https://syzkaller.appspot.com/bug?id=e6d4449a128e73a9a88100a5cc833e5cae9fecae
Maybe it's a race with two threads somehow doing usbd_free_device at
the same time when only one should, but let's rule this case out
early on to make it easier to prove it has to be a race.
Syzbot found a way to see ud_cdesc=NULL but ud_ifaces!=NULL:
https://syzkaller.appspot.com/bug?id=e6d4449a128e73a9a88100a5cc833e5cae9fecae
Maybe it's a race with two threads somehow doing usbd_free_device at
the same time when only one should, but let's rule this case out
early on to make it easier to prove it has to be a race.
MAIN commitmail json YAML
umidi(4): Parse descriptors a little more robustly.
Reported-by: syzbot+fd58d1d4dd12f8931486@syzkaller.appspotmail.com
Reported-by: syzbot+fd58d1d4dd12f8931486@syzkaller.appspotmail.com
MAIN commitmail json YAML
viornd(4): Revert IPL change for lock.
This lock is taken in hard interrupt context, so it needs to remain
at IPL_VM.
This lock is taken in hard interrupt context, so it needs to remain
at IPL_VM.
MAIN commitmail json YAML
rnd(9): Delete legacy rnd_initial_entropy symbol.
Use entropy_epoch() instead.
XXX kernel ABI change deleting symbol requires bump
Use entropy_epoch() instead.
XXX kernel ABI change deleting symbol requires bump
MAIN commitmail json YAML
kern: Delete kernel_ticks from kernel ABI.
Use getticks() instead.
Use getticks() instead.
MAIN commitmail json YAML
src/sys/arch/arm/broadcom/bcm2835_rng.c@1.17
/
diff
/
nxr@1.17
src/sys/arch/arm/omap/am335x_trng.c@1.5 / diff / nxr@1.5
src/sys/arch/arm/ti/ti_rng.c@1.7 / diff / nxr@1.7
src/sys/arch/mips/cavium/dev/octeon_rnm.c@1.15 / diff / nxr@1.15
src/sys/arch/mips/ingenic/ingenic_rng.c@1.7 / diff / nxr@1.7
src/sys/dev/ic/amdccp.c@1.5 / diff / nxr@1.5
src/sys/dev/ic/amdccpvar.h@1.2 / diff / nxr@1.2
src/sys/dev/ic/rng200.c@1.4 / diff / nxr@1.4
src/sys/dev/ic/rng200var.h@1.2 / diff / nxr@1.2
src/sys/arch/arm/omap/am335x_trng.c@1.5 / diff / nxr@1.5
src/sys/arch/arm/ti/ti_rng.c@1.7 / diff / nxr@1.7
src/sys/arch/mips/cavium/dev/octeon_rnm.c@1.15 / diff / nxr@1.15
src/sys/arch/mips/ingenic/ingenic_rng.c@1.7 / diff / nxr@1.7
src/sys/dev/ic/amdccp.c@1.5 / diff / nxr@1.5
src/sys/dev/ic/amdccpvar.h@1.2 / diff / nxr@1.2
src/sys/dev/ic/rng200.c@1.4 / diff / nxr@1.4
src/sys/dev/ic/rng200var.h@1.2 / diff / nxr@1.2
rnd(9): Omit needless locks in various HWRNG drivers.
Now that the rnd(9) API guarantees serial callbacks, we can simplify
everything a bit more.
(Some drivers like hifn(4) and sun8icrypto(4) still use locks to
coordinate with other parts of the driver to submit requests to and
process responses from the device.)
Now that the rnd(9) API guarantees serial callbacks, we can simplify
everything a bit more.
(Some drivers like hifn(4) and sun8icrypto(4) still use locks to
coordinate with other parts of the driver to submit requests to and
process responses from the device.)
MAIN commitmail json YAML
rnd(9): Document the serial use of rndsource callbacks.
This simplifies the rndsource API -- no need to lock, unless you're
also coordinating with other driver logic like concurrent
opencrypto(4) requests that share device requests.
This simplifies the rndsource API -- no need to lock, unless you're
also coordinating with other driver logic like concurrent
opencrypto(4) requests that share device requests.
MAIN commitmail json YAML
tegra124_car(4): Attach rndsource synchronously.
It looks like the original motivation for deferring to
config_interrupts was to wait until softint_establish worked. But
this no longer needs to use softints to deliver the entropy, so
that's moot.
Doing this synchronously gives us a better chance for more entropy
earlier.
It looks like the original motivation for deferring to
config_interrupts was to wait until softint_establish worked. But
this no longer needs to use softints to deliver the entropy, so
that's moot.
Doing this synchronously gives us a better chance for more entropy
earlier.
MAIN commitmail json YAML
src/sys/arch/arm/broadcom/bcm2835_rng.c@1.16
/
diff
/
nxr@1.16
src/sys/arch/arm/omap/am335x_trng.c@1.4 / diff / nxr@1.4
src/sys/arch/arm/rockchip/rk_v1crypto.c@1.8 / diff / nxr@1.8
src/sys/arch/arm/sunxi/sun8i_crypto.c@1.30 / diff / nxr@1.30
src/sys/arch/arm/ti/ti_rng.c@1.6 / diff / nxr@1.6
src/sys/arch/mips/cavium/dev/octeon_rnm.c@1.14 / diff / nxr@1.14
src/sys/arch/mips/ingenic/ingenic_rng.c@1.6 / diff / nxr@1.6
src/sys/dev/ic/amdccp.c@1.4 / diff / nxr@1.4
src/sys/dev/ic/rng200.c@1.3 / diff / nxr@1.3
src/sys/dev/pci/amdpm.c@1.43 / diff / nxr@1.43
src/sys/dev/pci/viornd.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/ualea.c@1.16 / diff / nxr@1.16
src/sys/arch/arm/omap/am335x_trng.c@1.4 / diff / nxr@1.4
src/sys/arch/arm/rockchip/rk_v1crypto.c@1.8 / diff / nxr@1.8
src/sys/arch/arm/sunxi/sun8i_crypto.c@1.30 / diff / nxr@1.30
src/sys/arch/arm/ti/ti_rng.c@1.6 / diff / nxr@1.6
src/sys/arch/mips/cavium/dev/octeon_rnm.c@1.14 / diff / nxr@1.14
src/sys/arch/mips/ingenic/ingenic_rng.c@1.6 / diff / nxr@1.6
src/sys/dev/ic/amdccp.c@1.4 / diff / nxr@1.4
src/sys/dev/ic/rng200.c@1.3 / diff / nxr@1.3
src/sys/dev/pci/amdpm.c@1.43 / diff / nxr@1.43
src/sys/dev/pci/viornd.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/ualea.c@1.16 / diff / nxr@1.16
rnd(9): Adjust IPL of locks used by rndsource callbacks.
These no longer ever run from hard interrupt context or with a spin
lock held, so there is no longer any need to have them at IPL_VM to
block hard interrupts. Instead, lower them to IPL_SOFTSERIAL.
These no longer ever run from hard interrupt context or with a spin
lock held, so there is no longer any need to have them at IPL_VM to
block hard interrupts. Instead, lower them to IPL_SOFTSERIAL.
MAIN commitmail json YAML
tegra124_car(4): No need for rnd lock -- delete it.
This only ever reads from a single device register, so no need to
serialize access.
XXX This should really have a hardware-specific health test, but I
can't find any documentation on the underlying physical entropy
source.
This only ever reads from a single device register, so no need to
serialize access.
XXX This should really have a hardware-specific health test, but I
can't find any documentation on the underlying physical entropy
source.
MAIN commitmail json YAML
meson_rng(4): No need for lock -- delete it.
We only ever read a single register at a time; no exclusive access or
serialization needed.
XXX This driver should have some kind of hardware-specific health
test -- is there documentation anywhere for what this RNG actually
is?
We only ever read a single register at a time; no exclusive access or
serialization needed.
XXX This driver should have some kind of hardware-specific health
test -- is there documentation anywhere for what this RNG actually
is?
MAIN commitmail json YAML
usbdi(9): Fix usbd_get_no_alts.
This incorrectly rejected the configuration as invalid if any
descriptor is not large enough to be interface descriptors.
Instead, it should reject the configuration only if any descriptor is
not large enough to be a _descriptor_, or if any interface-type
descriptor is not large enough to be an interface descriptor, but
skip over descriptors of other types even if they're smaller than
interface descriptors.
Candidate fix for PR kern/56762.
This incorrectly rejected the configuration as invalid if any
descriptor is not large enough to be interface descriptors.
Instead, it should reject the configuration only if any descriptor is
not large enough to be a _descriptor_, or if any interface-type
descriptor is not large enough to be an interface descriptor, but
skip over descriptors of other types even if they're smaller than
interface descriptors.
Candidate fix for PR kern/56762.
MAIN commitmail json YAML
clockrnd(9): Use atomic_load_relaxed for struct clockrnd::needed.
This may be set concurrently by clockrnd_get, so let's match the
atomic_store_relaxed and avoid the appearance of data races.
This may be set concurrently by clockrnd_get, so let's match the
atomic_store_relaxed and avoid the appearance of data races.
MAIN commitmail json YAML
entropy(9): Establish the softint a little earlier.
Just need to wait until softint_establish and high-priority xcalls
will work, no later than that. Doing this earlier gives us slightly
more of a chance to ensure cprng_fast and ssp get entropy from
hardware RNG devices that rely on interrupts.
Just need to wait until softint_establish and high-priority xcalls
will work, no later than that. Doing this earlier gives us slightly
more of a chance to ensure cprng_fast and ssp get entropy from
hardware RNG devices that rely on interrupts.
MAIN commitmail json YAML
sun8icrypto(4): Do self-test and first RNG draw synchronously.
If the self-test fails, disable everything else at boot -- don't just
leave it to the operator to notice and do something.
This way we get entropy earlier at boot, before threads start and
before the first things in the kernel that draw from it (cprng fast
init, ssp init).
If the self-test fails, disable everything else at boot -- don't just
leave it to the operator to notice and do something.
This way we get entropy earlier at boot, before threads start and
before the first things in the kernel that draw from it (cprng fast
init, ssp init).
MAIN commitmail json YAML
sun8icrypto(4): Attach rndsource as RND_TYPE_RNG.
Previously this was attached as RND_TYPE_UNKNOWN, at a time when the
kernel assumed _any_ RNG-type rndsource produced independent uniform
random bits and subjected it to automatic tests that would fail with
high probability for many other distributions. But sun8icrypto(4) is
very nonuniform (probably yields consecutive samples of a ring
oscillator, which are very much not independent).
Now the kernel no longer makes this assumption, so it is valid to
label this as what it is -- a hardware RNG. We should ideally still
have better information from the vendor about what's going on under
the hood before enabling nonzero entropy for it. But at least we can
label its type accurately.
Previously this was attached as RND_TYPE_UNKNOWN, at a time when the
kernel assumed _any_ RNG-type rndsource produced independent uniform
random bits and subjected it to automatic tests that would fail with
high probability for many other distributions. But sun8icrypto(4) is
very nonuniform (probably yields consecutive samples of a ring
oscillator, which are very much not independent).
Now the kernel no longer makes this assumption, so it is valid to
label this as what it is -- a hardware RNG. We should ideally still
have better information from the vendor about what's going on under
the hood before enabling nonzero entropy for it. But at least we can
label its type accurately.
MAIN commitmail json YAML
sun8icrypto(4): Split out interrupt and thread locks.
No need to block interrupts while we're going through all the data
structures -- only need to block interrupts for the handoff from
interrupt handler to lower-priority logic.
No need to block interrupts while we're going through all the data
structures -- only need to block interrupts for the handoff from
interrupt handler to lower-priority logic.
MAIN commitmail json YAML
getrandom(2): Fix return value checks in automatic tests.
The syscall only guarantees up to 256 bytes in a single go -- if
interrupted, it might return short, but if the caller requested at
least 256 bytes it will definitely return 256 bytes.
The syscall only guarantees up to 256 bytes in a single go -- if
interrupted, it might return short, but if the caller requested at
least 256 bytes it will definitely return 256 bytes.
MAIN commitmail json YAML
entropy(9): Count dropped or truncated interrupt samples.
MAIN commitmail json YAML
entropy(9): Reduce global entropy lock from IPL_VM to IPL_SOFTSERIAL.
This is no longer ever taken in hard interrupt context, so there's no
longer any need to block interrupts while doing crypto operations on
the global entropy pool.
This is no longer ever taken in hard interrupt context, so there's no
longer any need to block interrupts while doing crypto operations on
the global entropy pool.
MAIN commitmail json YAML
entropy(9): Request entropy after the softint is enabled.
Otherwise, there is a window during which interrupts are running, but
the softint is not, so if many interrupts queue (low-entropy) samples
early at boot, they might get dropped on the floor. This could
happen, for instance, with a PCI RNG like ubsec(4) or hifn(4) which
requests entropy and processes it in its own hard interrupt handler.
Otherwise, there is a window during which interrupts are running, but
the softint is not, so if many interrupts queue (low-entropy) samples
early at boot, they might get dropped on the floor. This could
happen, for instance, with a PCI RNG like ubsec(4) or hifn(4) which
requests entropy and processes it in its own hard interrupt handler.
MAIN commitmail json YAML
entropy(9): Use the early-entropy path only while cold.
This way, we never take the global entropy lock from interrupt
handlers (no interrupts while cold), so the global entropy lock need
not block interrupts.
There's an annoying ordering issue here: softint_establish doesn't
work until after CPUs have been detected, which happens inside
configure(), which is also what enables interrupts. So we have no
opportunity to softint_establish the entropy softint _before_
interrupts are enabled.
To work around this, we have to put a conditional into the interrupt
path, and go out of our way to process any queued samples after
establishing the softint. If we just made softint_establish work
early, like percpu_create does now, this problem would go away and we
could delete a bit of logic here.
Candidate fix for PR kern/56730.
This way, we never take the global entropy lock from interrupt
handlers (no interrupts while cold), so the global entropy lock need
not block interrupts.
There's an annoying ordering issue here: softint_establish doesn't
work until after CPUs have been detected, which happens inside
configure(), which is also what enables interrupts. So we have no
opportunity to softint_establish the entropy softint _before_
interrupts are enabled.
To work around this, we have to put a conditional into the interrupt
path, and go out of our way to process any queued samples after
establishing the softint. If we just made softint_establish work
early, like percpu_create does now, this problem would go away and we
could delete a bit of logic here.
Candidate fix for PR kern/56730.
MAIN commitmail json YAML
entropy(9): Create per-CPU state earlier.
This will make it possible to use it from interrupts as soon as they
start, which means the global entropy pool lock won't have to block
interrupts.
This will make it possible to use it from interrupts as soon as they
start, which means the global entropy pool lock won't have to block
interrupts.
MAIN commitmail json YAML
drm: In ww_mutex_unlock, do lockdebug check first.
This way we get a full lockdebug dump when LOCKDEBUG is enabled,
instead of just the panic message (which includes the lock address
you could pass to `show lock' in ddb, but let's get the dump by
default even if you don't enter ddb).
Also in the KASSERT print the mutex.
This way we get a full lockdebug dump when LOCKDEBUG is enabled,
instead of just the panic message (which includes the lock address
you could pass to `show lock' in ddb, but let's get the dump by
default even if you don't enter ddb).
Also in the KASSERT print the mutex.
MAIN commitmail json YAML
dwc2: Use getticks(), not hardclock_ticks.
MAIN commitmail json YAML
drm: Use getticks(), not hardclock_ticks.
MAIN commitmail json YAML
old drm: Use getticks(), not hardclock_ticks.
Should delete this code, no idea if it even still compiles.
Should delete this code, no idea if it even still compiles.
MAIN commitmail json YAML
src/sys/dev/ic/arn5008.c@1.19
/
diff
/
nxr@1.19
src/sys/dev/ic/athn.c@1.26 / diff / nxr@1.26
src/sys/net80211/ieee80211_netbsd.h@1.24 / diff / nxr@1.24
src/sys/dev/ic/athn.c@1.26 / diff / nxr@1.26
src/sys/net80211/ieee80211_netbsd.h@1.24 / diff / nxr@1.24
net80211: Use getticks(), not hardclock_ticks.
Less extern in .c this way too.
Less extern in .c this way too.
MAIN commitmail json YAML
osnet: Delete dead #if 0 code using hardclock_ticks.
MAIN commitmail json YAML
x86: Revert previous syscall biglock slippage attribution.
The attribution in userret is good enough as is, because the stack
trace on panic shows the syscall number in the trap frame, so no need
to put extra cost in the syscall entry logic even under DIAGNOSTIC.
The attribution in userret is good enough as is, because the stack
trace on panic shows the syscall number in the trap frame, so no need
to put extra cost in the syscall entry logic even under DIAGNOSTIC.
MAIN commitmail json YAML
entropy(9): Forbid entropy_extract in hard interrupt context.
With a little additional work, this will let us reduce the global
entropy pool lock so it never blocks interrupts.
With a little additional work, this will let us reduce the global
entropy pool lock so it never blocks interrupts.
MAIN commitmail json YAML
cprng(9): Forbid use in hard interrupt context.
May need access to the global entropy pool (infrequently). This way
the global entropy pool lock can be lowered to IPL_SOFTSERIAL too,
with a little additional work.
May need access to the global entropy pool (infrequently). This way
the global entropy pool lock can be lowered to IPL_SOFTSERIAL too,
with a little additional work.
MAIN commitmail json YAML
i915: Avoid freeing anything under a spin lock.
MAIN commitmail json YAML
bpf(4): Handle null bf_insn on free.
This is not guaranteed by bpf_setf to be nonnull.
Reported-by: syzbot+de1ec9471dfc2f283dda@syzkaller.appspotmail.com
This is not guaranteed by bpf_setf to be nonnull.
Reported-by: syzbot+de1ec9471dfc2f283dda@syzkaller.appspotmail.com
MAIN commitmail json YAML
posix_fadvise(2): Detect arithmetic overflow without UB.
Reported-by: syzbot+18f01abff11bd527c464@syzkaller.appspotmail.com
Reported-by: syzbot+18f01abff11bd527c464@syzkaller.appspotmail.com
MAIN commitmail json YAML
tun(4): Fix bug introduced in previous locking change.
Now that tun_lock runs at IPL_NONE, taking it does not have the side
effect of disabling preemption, but pktq_enqueue assumes the caller
has disabled preemption so it can safely schedule a softint.
This isn't a problem in most physical network drivers because the
pktq_enqueue call happens from within the driver's softint context
anyway. But tun(4) is special -- here, the pktq_enqueue is triggered
by a userland write to the device, which is in thread context. So
let's just disable preemption in tunwrite.
Reported-by: syzbot+21c2cb300f1ec2162b35@syzkaller.appspotmail.com
Now that tun_lock runs at IPL_NONE, taking it does not have the side
effect of disabling preemption, but pktq_enqueue assumes the caller
has disabled preemption so it can safely schedule a softint.
This isn't a problem in most physical network drivers because the
pktq_enqueue call happens from within the driver's softint context
anyway. But tun(4) is special -- here, the pktq_enqueue is triggered
by a userland write to the device, which is in thread context. So
let's just disable preemption in tunwrite.
Reported-by: syzbot+21c2cb300f1ec2162b35@syzkaller.appspotmail.com
MAIN commitmail json YAML
system(3): Simplify initialization of argp.
MAIN commitmail json YAML
system(3): Switch from vfork/execve to posix_spawn.
Changes by me:
- Minor style nits.
- Set errno on posix_spawn failure.
- Handle edge cases of SIGINT/SIGQUIT set to SIG_IGN by caller.
Author: Nikita Ronja Gillmann <nikita@NetBSD.org>
Committer: Taylor R Campbell <riastradh@NetBSD.org>
Changes by me:
- Minor style nits.
- Set errno on posix_spawn failure.
- Handle edge cases of SIGINT/SIGQUIT set to SIG_IGN by caller.
Author: Nikita Ronja Gillmann <nikita@NetBSD.org>
Committer: Taylor R Campbell <riastradh@NetBSD.org>
MAIN commitmail json YAML
audio(4): Fix typo in previous -- atomic_store_release, not reease.
Built the wrong kernel to compile-test AUDIO_DEBUG, oops.
Built the wrong kernel to compile-test AUDIO_DEBUG, oops.
MAIN commitmail json YAML
umidi(4): Bail early if no endpoints.
kmem_alloc is unhappy with zero-size allocation.
Reported-by: syzbot+483b984480c295979391@syzkaller.appspotmail.com
kmem_alloc is unhappy with zero-size allocation.
Reported-by: syzbot+483b984480c295979391@syzkaller.appspotmail.com
MAIN commitmail json YAML
syscall(2): Provide better attribution for biglock slippage.
This adds a small overhead to the syscall path, but only when invoked
via the syscall(2) syscall, for which stack traces generally don't
print the actual syscall number in question so the better attribution
may make a difference.
This adds a small overhead to the syscall path, but only when invoked
via the syscall(2) syscall, for which stack traces generally don't
print the actual syscall number in question so the better attribution
may make a difference.
MAIN commitmail json YAML
audio(4): Membar audit.
Won't affect anything on x86 because atomic r/m/w operations are
always full sequential consistency barriers, but might potentially
fix problems on, e.g., arm.
Note 1: I'm not clear on why the track lock is a bespoke mutex made
out of an atomic -- why not just mutex(9)?
Note 2: I'm not convinced the audio_mlog_flush synchronization is
correct; what happens if the softint runs on two CPUs at the same
time and swaps mlog_wpage simultaneously?
Note 3: Should maybe use atomic_load/store_relaxed for mlog_full and
mlog_drop, and atomic_inc/dec for mlog_refs.
Won't affect anything on x86 because atomic r/m/w operations are
always full sequential consistency barriers, but might potentially
fix problems on, e.g., arm.
Note 1: I'm not clear on why the track lock is a bespoke mutex made
out of an atomic -- why not just mutex(9)?
Note 2: I'm not convinced the audio_mlog_flush synchronization is
correct; what happens if the softint runs on two CPUs at the same
time and swaps mlog_wpage simultaneously?
Note 3: Should maybe use atomic_load/store_relaxed for mlog_full and
mlog_drop, and atomic_inc/dec for mlog_refs.
MAIN commitmail json YAML
tun(4): Fix some error branches in tunwrite.
MAIN commitmail json YAML
tun(4): Omit TUN_RWAIT micro-optimization.
cv_broadcast aleady has a fast path for no-waiters.
cv_broadcast aleady has a fast path for no-waiters.
MAIN commitmail json YAML
tun(4): Deliver SIGIO for hangup under tun_lock.
Otherwise, tp->tun_pgid is not stable.
Otherwise, tp->tun_pgid is not stable.
MAIN commitmail json YAML
tun(4): Reduce lock from IPL_NET to IPL_SOFTNET.
This is never taken from hardware interrupt handlers any more, as far
as I can tell -- only SOFTINT_NET soft interrupt handlers.
This avoids trying to take an adaptive lock, proc_lock, in fownsignal
while holding a spin lock. Unfortunately, it doesn't entirely fix the
problem -- proc_lock is at IPL_NONE, and is held across some not
entirely trivial computations like allocating a new pid table. So it
would really be better if we had some way to deliver SIGIO without
taking proc_lock.
Reported-by: syzbot+3dd54993d3e92e697e72@syzkaller.appspotmail.com
Reported-by: syzbot+aca29415f2f0bf23f082@syzkaller.appspotmail.com
This is never taken from hardware interrupt handlers any more, as far
as I can tell -- only SOFTINT_NET soft interrupt handlers.
This avoids trying to take an adaptive lock, proc_lock, in fownsignal
while holding a spin lock. Unfortunately, it doesn't entirely fix the
problem -- proc_lock is at IPL_NONE, and is held across some not
entirely trivial computations like allocating a new pid table. So it
would really be better if we had some way to deliver SIGIO without
taking proc_lock.
Reported-by: syzbot+3dd54993d3e92e697e72@syzkaller.appspotmail.com
Reported-by: syzbot+aca29415f2f0bf23f082@syzkaller.appspotmail.com
MAIN commitmail json YAML
tun(4): Reduce tun_softc_lock from IPL_NET to IPL_NONE.
This is always taken in process/thread context, never in interrupt
context, hard or soft.
This is always taken in process/thread context, never in interrupt
context, hard or soft.
MAIN commitmail json YAML
tun(4): Factor out setup/teardown into separate routines.
- Reduce duplication.
- Plug softint leak on recycling tun.
(This recycling business seems kinda sketchy...)
- Reduce duplication.
- Plug softint leak on recycling tun.
(This recycling business seems kinda sketchy...)
MAIN commitmail json YAML
tun(4): Add missing includes in if_tun.h.
MAIN commitmail json YAML
tun(4): Add missing cv_destroy in tunclose.
MAIN commitmail json YAML
usb: Fix debug build.
MAIN commitmail json YAML
kern: Use harmless, not harmful, integer truncation in physio.
Reported-by: syzbot+13abd9bc700f7ceac337@syzkaller.appspotmail.com
Reported-by: syzbot+13abd9bc700f7ceac337@syzkaller.appspotmail.com
MAIN commitmail json YAML
kern: Fix fencepost error in ts2timo overflow checks.
Triggered by
clock_settime({.tv_sec=0, .tv_nsec=0})
clock_nanosleep({.tv_sec=LLONG_MIN, .tv_nsec=0})
so that, by the time we enter ts2timo (after a few nanoseconds have
passed), we end up with
tsd = {.tv_sec=0, .tv_nsec=nonzero}
ts = {.tv_sec=LLONG_MIN, .tv_nsec=0}
and the subtraction ts - tsd leads to a borrow from tv_sec.
Reported-by: syzbot+14818113e9d0b45bca64@syzkaller.appspotmail.com
Triggered by
clock_settime({.tv_sec=0, .tv_nsec=0})
clock_nanosleep({.tv_sec=LLONG_MIN, .tv_nsec=0})
so that, by the time we enter ts2timo (after a few nanoseconds have
passed), we end up with
tsd = {.tv_sec=0, .tv_nsec=nonzero}
ts = {.tv_sec=LLONG_MIN, .tv_nsec=0}
and the subtraction ts - tsd leads to a borrow from tv_sec.
Reported-by: syzbot+14818113e9d0b45bca64@syzkaller.appspotmail.com
MAIN commitmail json YAML
kern: Fix ordering of loads for pid_table and pid_tbl_mask.
This introduces a load-acquire where there was none before. This is
a simple correctness change. We could avoid the load-acquire, and
use only load-consume, if we used a pointer indirection for _both_
pid_table and pid_tbl_mask. Takes a little more work, and probably
costs an additional cache line of memory traffic, but might be worth
it to avoid the load-acquire for pid lookup.
Reported-by: syzbot+c49e405d0b977aeed663@syzkaller.appspotmail.com
Reported-by: syzbot+1c88ee7086f93607cea1@syzkaller.appspotmail.com
Reported-by: syzbot+da4e9ed1319b75fe2ef3@syzkaller.appspotmail.com
This introduces a load-acquire where there was none before. This is
a simple correctness change. We could avoid the load-acquire, and
use only load-consume, if we used a pointer indirection for _both_
pid_table and pid_tbl_mask. Takes a little more work, and probably
costs an additional cache line of memory traffic, but might be worth
it to avoid the load-acquire for pid lookup.
Reported-by: syzbot+c49e405d0b977aeed663@syzkaller.appspotmail.com
Reported-by: syzbot+1c88ee7086f93607cea1@syzkaller.appspotmail.com
Reported-by: syzbot+da4e9ed1319b75fe2ef3@syzkaller.appspotmail.com
MAIN commitmail json YAML
vfs(9): Avoid arithmetic overflow in vn_seek.
Reported-by: syzbot+b9f9a02148a40675c38a@syzkaller.appspotmail.com
Reported-by: syzbot+b9f9a02148a40675c38a@syzkaller.appspotmail.com
MAIN commitmail json YAML
usbdi(9): Fix mistake in previous change to usbd_fill_iface_data.
The previous change stopped and rejected any descriptors smaller than
an endpoint descriptor. Restore the previous behaviour: just skip
over them (but it will now reject descriptors that are smaller than
_any_ descriptor, which is legitimately a hardware error).
The previous change stopped and rejected any descriptors smaller than
an endpoint descriptor. Restore the previous behaviour: just skip
over them (but it will now reject descriptors that are smaller than
_any_ descriptor, which is legitimately a hardware error).
MAIN commitmail json YAML
usbdi(9): Fix paste-o in previous change to usbd_ar_pipe.
MAIN commitmail json YAML
ntp(9): Avoid left shift of negative.
Kinda silly that this is UB at all...
Reported-by: syzbot+baf29c7f0756293b8257@syzkaller.appspotmail.com
Kinda silly that this is UB at all...
Reported-by: syzbot+baf29c7f0756293b8257@syzkaller.appspotmail.com
MAIN commitmail json YAML
src/sys/dev/usb/auvitek.c@1.13
/
diff
/
nxr@1.13
src/sys/dev/usb/auvitek_audio.c@1.6 / diff / nxr@1.6
src/sys/dev/usb/auvitek_dtv.c@1.10 / diff / nxr@1.10
src/sys/dev/usb/auvitek_i2c.c@1.8 / diff / nxr@1.8
src/sys/dev/usb/auvitek_video.c@1.11 / diff / nxr@1.11
src/sys/dev/usb/auvitekvar.h@1.10 / diff / nxr@1.10
src/sys/dev/usb/auvitek_audio.c@1.6 / diff / nxr@1.6
src/sys/dev/usb/auvitek_dtv.c@1.10 / diff / nxr@1.10
src/sys/dev/usb/auvitek_i2c.c@1.8 / diff / nxr@1.8
src/sys/dev/usb/auvitek_video.c@1.11 / diff / nxr@1.11
src/sys/dev/usb/auvitekvar.h@1.10 / diff / nxr@1.10
auvitek(4): Fix i2c detach if attach failed.
While here, use config_detach_children.
Reported-by: syzbot+bf05898af6a53cb3b262@syzkaller.appspotmail.com
While here, use config_detach_children.
Reported-by: syzbot+bf05898af6a53cb3b262@syzkaller.appspotmail.com
MAIN commitmail json YAML
ntp(9): Clamp ntv->offset to avoid arithmetic overflow on adjtime.
Reported-by: syzbot+b8406db60db88650652e@syzkaller.appspotmail.com
Reported-by: syzbot+b8406db60db88650652e@syzkaller.appspotmail.com
MAIN commitmail json YAML
kern: Handle clock winding back in nanosleep1 without overflow.
Reported-by: syzbot+3bdd260582424a611946@syzkaller.appspotmail.com
Reported-by: syzbot+3bdd260582424a611946@syzkaller.appspotmail.com
MAIN commitmail json YAML
hid: Avoid arithmetic overflow by rearranging inequalities.
MAIN commitmail json YAML
src/sys/dev/usb/usb_subr.c@1.272
/
diff
/
nxr@1.272
src/sys/dev/usb/usbdi.c@1.237 / diff / nxr@1.237
src/sys/dev/usb/usbdi_util.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/usbdi.c@1.237 / diff / nxr@1.237
src/sys/dev/usb/usbdi_util.c@1.85 / diff / nxr@1.85
usb: Parse descriptors a little more robustly.
- Avoid reading past the end in the event of bogus bLength.
- Avoid arithmetic overflow by rearranging inequalities.
Reported-by: syzbot+511227c050a2f164e34c@syzkaller.appspotmail.com
- Avoid reading past the end in the event of bogus bLength.
- Avoid arithmetic overflow by rearranging inequalities.
Reported-by: syzbot+511227c050a2f164e34c@syzkaller.appspotmail.com
MAIN commitmail json YAML
xhci(4): Serialize access to portsc registers.
Both xhci_roothub_ctrl and xhci_suspend/resume do r/m/w on them, so
use a mutex to serialize access to avoid stomping on each other.
Both xhci_roothub_ctrl and xhci_suspend/resume do r/m/w on them, so
use a mutex to serialize access to avoid stomping on each other.
MAIN commitmail json YAML
xhci(4): Restore synchronous abort.
In revision 1.155, I made the logic to abort the hardware
asynchronous, under the misapprehension that it is necessary for
ubm_abortx not to release the bus lock.
Not only is this not necessary, but it is harmful to for the logic to
be asynchronous because the caller assumes the hardware won't use any
DMA buffers by the time ubm_abortx has returned so it is safe to
recycle them -- which is false if we don't synchronously wait for the
hardware to stop.
In revision 1.155, I made the logic to abort the hardware
asynchronous, under the misapprehension that it is necessary for
ubm_abortx not to release the bus lock.
Not only is this not necessary, but it is harmful to for the logic to
be asynchronous because the caller assumes the hardware won't use any
DMA buffers by the time ubm_abortx has returned so it is safe to
recycle them -- which is false if we don't synchronously wait for the
hardware to stop.
MAIN commitmail json YAML
uhci(4): Stop taking the intr lock in uhci_run.
Not needed for anything here.
Not needed for anything here.
MAIN commitmail json YAML
uhci(4): Simplify uhci_run.
`locked' is always 0 now.
No functional change intended.
`locked' is always 0 now.
No functional change intended.
MAIN commitmail json YAML
uhci(4): Fix synchronization between suspend/resume and poll hub.
- sc_intr_lock is not relevant to anything here -- stop using it.
- Never schedule the callout while suspended.
- Don't futz with usepolling; it makes sense only when all other CPUs
and threads are quiesced, which is not the case here.
- sc_intr_lock is not relevant to anything here -- stop using it.
- Never schedule the callout while suspended.
- Don't futz with usepolling; it makes sense only when all other CPUs
and threads are quiesced, which is not the case here.
MAIN commitmail json YAML
src/sys/dev/pci/ehci_pci.c@1.74
/
diff
/
nxr@1.74
src/sys/dev/usb/ehci.c@1.309 / diff / nxr@1.309
src/sys/dev/usb/ehcivar.h@1.51 / diff / nxr@1.51
src/sys/dev/usb/ehci.c@1.309 / diff / nxr@1.309
src/sys/dev/usb/ehcivar.h@1.51 / diff / nxr@1.51
ehci(4): Serialize access to portsc registers.
Both ehci_roothub_ctrl and ehci_suspend/resume do r/m/w on them, so
use a mutex to serialize access to avoid stomping on each other.
Both ehci_roothub_ctrl and ehci_suspend/resume do r/m/w on them, so
use a mutex to serialize access to avoid stomping on each other.
MAIN commitmail json YAML
ehci(4): Fix doorbell synchronization.
ehci_sync_hc was previously subject to spurious wakeup, in which case
the CPU might proceed from aborting and recycle a DMA buffer before
the hardware was done writing to it. Now the code is not subject to
spurious wakeup -- it waits (up to the 1sec timeout) for the relevant
interrupt to be delivered, not for anything else.
ehci_sync_hc was previously subject to spurious wakeup, in which case
the CPU might proceed from aborting and recycle a DMA buffer before
the hardware was done writing to it. Now the code is not subject to
spurious wakeup -- it waits (up to the 1sec timeout) for the relevant
interrupt to be delivered, not for anything else.
MAIN commitmail json YAML
usb: Clarify contract of usbd_xfer_trycomplete.
No functional change. This rule has always been in place since
usbd_xfer_trycomplete was created, just wasn't clearly articulated
anywhere.
No functional change. This rule has always been in place since
usbd_xfer_trycomplete was created, just wasn't clearly articulated
anywhere.
MAIN commitmail json YAML
src/sys/dev/usb/usb.c@1.200
/
diff
/
nxr@1.200
src/sys/dev/usb/usbdivar.h@1.137 / diff / nxr@1.137
src/sys/dev/usb/usbroothub.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/usbdivar.h@1.137 / diff / nxr@1.137
src/sys/dev/usb/usbroothub.c@1.15 / diff / nxr@1.15
usb: Fix roothub ctrl xfer aborts.
No mechanism for actually aborting, but at least this now waits for
the xfer to have completed instead of blithely barging ahead whether
it's done or not.
No mechanism for actually aborting, but at least this now waits for
the xfer to have completed instead of blithely barging ahead whether
it's done or not.
MAIN commitmail json YAML
src/sys/dev/usb/usb_subr.c@1.271
/
diff
/
nxr@1.271
src/sys/dev/usb/usbdi.c@1.235 / diff / nxr@1.235
src/sys/dev/usb/usbdivar.h@1.136 / diff / nxr@1.136
src/sys/dev/usb/usbdi.c@1.235 / diff / nxr@1.235
src/sys/dev/usb/usbdivar.h@1.136 / diff / nxr@1.136
usbdi(9): Assert no concurrent aborts on a single pipe.
It is a driver bug to try to abort a pipe at the same time in two
different threads.
HCI drivers may release the bus lock to sleep in upm_abort while
waiting for the hardware to acknowledge an abort, so it won't try to,
e.g., scribble over a DMA buffer in the xfer that we've recycled
after usbd_abort_pipe returns.
If this happens, a concurrent usbd_abort_pipe might try to apply
upm_abort to the same xfer, which HCI drivers are not prepared for
and may wreak havoc.
To avoid this, allow only one usbd_abort_pipe in flight at any given
time.
It is a driver bug to try to abort a pipe at the same time in two
different threads.
HCI drivers may release the bus lock to sleep in upm_abort while
waiting for the hardware to acknowledge an abort, so it won't try to,
e.g., scribble over a DMA buffer in the xfer that we've recycled
after usbd_abort_pipe returns.
If this happens, a concurrent usbd_abort_pipe might try to apply
upm_abort to the same xfer, which HCI drivers are not prepared for
and may wreak havoc.
To avoid this, allow only one usbd_abort_pipe in flight at any given
time.
MAIN commitmail json YAML
usbdi(9): Assert sleepable in usbd_ar_pipe.
Caller of usbd_suspend_pipe or usbd_abort_pipe must be prepared to
sleep for hardware to acknowledge abort and for in-flight callback on
another CPU to complete. Let's catch the mistake early of calling
them in non-sleepable contexts where they might get lucky.
Caller of usbd_suspend_pipe or usbd_abort_pipe must be prepared to
sleep for hardware to acknowledge abort and for in-flight callback on
another CPU to complete. Let's catch the mistake early of calling
them in non-sleepable contexts where they might get lucky.
MAIN commitmail json YAML
kmem(9): Show the pointer in kmem_free(..., 0) assertion like before.
MAIN commitmail json YAML
ustir(4): Avoid undefined behaviour if register read fails.
MAIN commitmail json YAML
compat_30: Fix thinko in previous.
Let's not go into an infinite loop of stack smashing!
Let's not go into an infinite loop of stack smashing!
MAIN commitmail json YAML
autoconf(9): Refuse to consider negative unit numbers in cfdata.
Reported-by: syzbot+a63ae6c58df86f40b6f3@syzkaller.appspotmail.com
Reported-by: syzbot+a63ae6c58df86f40b6f3@syzkaller.appspotmail.com
MAIN commitmail json YAML
emdtv(4): If register read fails, read as all zero.
Avoids undefined behaviour if device is yanked or broken.
Reported-by: syzbot+18ce1e017b9f802ed287@syzkaller.appspotmail.com
Avoids undefined behaviour if device is yanked or broken.
Reported-by: syzbot+18ce1e017b9f802ed287@syzkaller.appspotmail.com
MAIN commitmail json YAML
ktrace(9): Avoid stomping over colliding KTROP_SET.
Reported-by: syzbot+1e2a24aaa5725cab16e1@syzkaller.appspotmail.com
Reported-by: syzbot+3f89dc33fa3020fab1c4@syzkaller.appspotmail.com
Reported-by: syzbot+44898c094ce209759d53@syzkaller.appspotmail.com
Reported-by: syzbot+99826cb4b0494bfbb828@syzkaller.appspotmail.com
Reported-by: syzbot+a7c4752dc308936c48b2@syzkaller.appspotmail.com
Reported-by: syzbot+c062464baf148ed5f192@syzkaller.appspotmail.com
Reported-by: syzbot+dfa19489edc185f94b0a@syzkaller.appspotmail.com
Reported-by: syzbot+e2c4a8195d3ad84342dc@syzkaller.appspotmail.com
Reported-by: syzbot+f31927b2905188fddc22@syzkaller.appspotmail.com
Reported-by: syzbot+1e2a24aaa5725cab16e1@syzkaller.appspotmail.com
Reported-by: syzbot+3f89dc33fa3020fab1c4@syzkaller.appspotmail.com
Reported-by: syzbot+44898c094ce209759d53@syzkaller.appspotmail.com
Reported-by: syzbot+99826cb4b0494bfbb828@syzkaller.appspotmail.com
Reported-by: syzbot+a7c4752dc308936c48b2@syzkaller.appspotmail.com
Reported-by: syzbot+c062464baf148ed5f192@syzkaller.appspotmail.com
Reported-by: syzbot+dfa19489edc185f94b0a@syzkaller.appspotmail.com
Reported-by: syzbot+e2c4a8195d3ad84342dc@syzkaller.appspotmail.com
Reported-by: syzbot+f31927b2905188fddc22@syzkaller.appspotmail.com
MAIN commitmail json YAML
kernfs: Just fail with EOPNOTSUPP, don't panic, on VOP_BMAP.
Reported-by: syzbot+870d2eb4b4c8904ac734@syzkaller.appspotmail.com
Reported-by: syzbot+870d2eb4b4c8904ac734@syzkaller.appspotmail.com
MAIN commitmail json YAML
ccd(4): Only pathbuf_destroy if pathbuf_copyin succeeded.
Reported-by: syzbot+a46aadc788a80afc8742@syzkaller.appspotmail.com
Reported-by: syzbot+a46aadc788a80afc8742@syzkaller.appspotmail.com
MAIN commitmail json YAML
bpf(4): Nix KM_NOSLEEP and prune dead branch.
https://syzkaller.appspot.com/bug?id=0fa7029d5565d9670a24c364d44bd116c76d7e7f
https://syzkaller.appspot.com/bug?id=0fa7029d5565d9670a24c364d44bd116c76d7e7f
MAIN commitmail json YAML
crypto(4): Refuse count>1 for old CIOCNCRYPTM.
This hasn't worked since it was written in 2009; if anyone cared
surely they would have fixed it by now!
(Fixing this properly -- and putting a more reasonable upper bound
than the maximum that size_t arithmetic allows -- left as an exercise
or the reader.)
Reported-by: syzbot+798d4a16bc15ae88526e@syzkaller.appspotmail.com
This hasn't worked since it was written in 2009; if anyone cared
surely they would have fixed it by now!
(Fixing this properly -- and putting a more reasonable upper bound
than the maximum that size_t arithmetic allows -- left as an exercise
or the reader.)
Reported-by: syzbot+798d4a16bc15ae88526e@syzkaller.appspotmail.com
MAIN commitmail json YAML
pad(4): Do harmless, not harmful, integer truncation.
Reported-by: syzbot+917ff3551897f1a99cf6@syzkaller.appspotmail.com
Reported-by: syzbot+917ff3551897f1a99cf6@syzkaller.appspotmail.com
MAIN commitmail json YAML
scsi(9): Handle bogus number of LUNs in SCSI_REPORT_LUNS.
Reported-by: syzbot+76ef9084533d4bccec66@syzkaller.appspotmail.com
Reported-by: syzbot+76ef9084533d4bccec66@syzkaller.appspotmail.com
MAIN commitmail json YAML
kmem(9): Make kmem_alloc and kmem_free agree about rejecting zero.
Let's do both as KASSERT, unless there's a good reason to make them
both do an unconditional if/panic even in release builds.
Let's do both as KASSERT, unless there's a good reason to make them
both do an unconditional if/panic even in release builds.
MAIN commitmail json YAML
uvideo(4): Use kmem_zalloc, not kmem_alloc and memset.
MAIN commitmail json YAML
kern: Clamp time_adjtime to avoid overflow.
Reported-by: syzbot+7edce1a31dfd2a5eaa18@syzkaller.appspotmail.com
Reported-by: syzbot+7edce1a31dfd2a5eaa18@syzkaller.appspotmail.com
MAIN commitmail json YAML
bpf(4): Clamp read timeout to INT_MAX ticks to avoid overflow.
Reported-by: syzbot+c543d35064d3492b9091@syzkaller.appspotmail.com
Reported-by: syzbot+c543d35064d3492b9091@syzkaller.appspotmail.com
MAIN commitmail json YAML
kern: m_copym(M_DONTWAIT) can fail; handle that case gracefully.
Not sure if this should truncate the result or just fail with nonzero
error code (ENOBUFS?). Feel free to change this the other way if you
know better!
Reported-by: syzbot+54c34f25d1e4124eb85d@syzkaller.appspotmail.com
Not sure if this should truncate the result or just fail with nonzero
error code (ENOBUFS?). Feel free to change this the other way if you
know better!
Reported-by: syzbot+54c34f25d1e4124eb85d@syzkaller.appspotmail.com
MAIN commitmail json YAML
compat_30: Avoid what might be technically undefined behaviour.
Not sure advancing a user pointer by one for the purpose of making an
equality test fail later on is actually likely to be a problem, but
let's just pacify the sanitizer.
Reported-by: syzbot+758b18164c5c444f4249@syzkaller.appspotmail.com
Not sure advancing a user pointer by one for the purpose of making an
equality test fail later on is actually likely to be a problem, but
let's just pacify the sanitizer.
Reported-by: syzbot+758b18164c5c444f4249@syzkaller.appspotmail.com
MAIN commitmail json YAML
x86: Provide better attribution for syscall biglock slippage.
MAIN commitmail json YAML
src/sys/arch/x86/include/intr.h@1.63
/
diff
/
nxr@1.63
src/sys/arch/x86/x86/intr.c@1.160 / diff / nxr@1.160
src/sys/arch/x86/x86/intr.c@1.160 / diff / nxr@1.160
x86: Check for biglock leakage in interrupt handlers.
MAIN commitmail json YAML
ffs: Fix 64-bit inode integer truncation.
Reported-by: syzbot+1ae93e092d532582b809@syzkaller.appspotmail.com
Reported-by: syzbot+1ae93e092d532582b809@syzkaller.appspotmail.com
MAIN commitmail json YAML
src/sys/arch/aarch64/aarch64/pmap.c@1.130
/
diff
/
nxr@1.130
src/sys/arch/alpha/alpha/pmap.c@1.305 / diff / nxr@1.305
src/sys/arch/arm/arm32/pmap.c@1.433 / diff / nxr@1.433
src/sys/arch/hppa/hppa/pmap.c@1.115 / diff / nxr@1.115
src/sys/arch/ia64/ia64/pmap.c@1.41 / diff / nxr@1.41
src/sys/arch/powerpc/oea/pmap.c@1.112 / diff / nxr@1.112
src/sys/arch/sparc/sparc/pmap.c@1.376 / diff / nxr@1.376
src/sys/arch/sparc64/sparc64/pmap.c@1.314 / diff / nxr@1.314
src/sys/dev/hyperv/vmbus.c@1.16 / diff / nxr@1.16
src/sys/dev/marvell/mvxpsec.c@1.11 / diff / nxr@1.11
src/sys/dev/scsipi/atapiconf.c@1.94 / diff / nxr@1.94
src/sys/dev/scsipi/scsiconf.c@1.299 / diff / nxr@1.299
src/sys/dev/scsipi/scsipi_base.c@1.188 / diff / nxr@1.188
src/sys/external/bsd/drm2/linux/linux_stop_machine.c@1.3 / diff / nxr@1.3
src/sys/kern/kern_auth.c@1.79 / diff / nxr@1.79
src/sys/kern/kern_exec.c@1.516 / diff / nxr@1.516
src/sys/kern/kern_mutex_obj.c@1.8 / diff / nxr@1.8
src/sys/kern/kern_resource.c@1.188 / diff / nxr@1.188
src/sys/kern/kern_rwlock_obj.c@1.6 / diff / nxr@1.6
src/sys/kern/kern_sig.c@1.403 / diff / nxr@1.403
:
(more 14 files)
src/sys/arch/alpha/alpha/pmap.c@1.305 / diff / nxr@1.305
src/sys/arch/arm/arm32/pmap.c@1.433 / diff / nxr@1.433
src/sys/arch/hppa/hppa/pmap.c@1.115 / diff / nxr@1.115
src/sys/arch/ia64/ia64/pmap.c@1.41 / diff / nxr@1.41
src/sys/arch/powerpc/oea/pmap.c@1.112 / diff / nxr@1.112
src/sys/arch/sparc/sparc/pmap.c@1.376 / diff / nxr@1.376
src/sys/arch/sparc64/sparc64/pmap.c@1.314 / diff / nxr@1.314
src/sys/dev/hyperv/vmbus.c@1.16 / diff / nxr@1.16
src/sys/dev/marvell/mvxpsec.c@1.11 / diff / nxr@1.11
src/sys/dev/scsipi/atapiconf.c@1.94 / diff / nxr@1.94
src/sys/dev/scsipi/scsiconf.c@1.299 / diff / nxr@1.299
src/sys/dev/scsipi/scsipi_base.c@1.188 / diff / nxr@1.188
src/sys/external/bsd/drm2/linux/linux_stop_machine.c@1.3 / diff / nxr@1.3
src/sys/kern/kern_auth.c@1.79 / diff / nxr@1.79
src/sys/kern/kern_exec.c@1.516 / diff / nxr@1.516
src/sys/kern/kern_mutex_obj.c@1.8 / diff / nxr@1.8
src/sys/kern/kern_resource.c@1.188 / diff / nxr@1.188
src/sys/kern/kern_rwlock_obj.c@1.6 / diff / nxr@1.6
src/sys/kern/kern_sig.c@1.403 / diff / nxr@1.403
:
(more 14 files)
sys: Membar audit around reference count releases.
If two threads are using an object that is freed when the reference
count goes to zero, we need to ensure that all memory operations
related to the object happen before freeing the object.
Using an atomic_dec_uint_nv(&refcnt) == 0 ensures that only one
thread takes responsibility for freeing, but it's not enough to
ensure that the other thread's memory operations happen before the
freeing.
Consider:
Thread A Thread B
obj->foo = 42; obj->baz = 73;
mumble(&obj->bar); grumble(&obj->quux);
/* membar_exit(); */ /* membar_exit(); */
atomic_dec -- not last atomic_dec -- last
/* membar_enter(); */
KASSERT(invariant(obj->foo,
obj->bar));
free_stuff(obj);
The memory barriers ensure that
obj->foo = 42;
mumble(&obj->bar);
in thread A happens before
KASSERT(invariant(obj->foo, obj->bar));
free_stuff(obj);
in thread B. Without them, this ordering is not guaranteed.
So in general it is necessary to do
membar_exit();
if (atomic_dec_uint_nv(&obj->refcnt) != 0)
return;
membar_enter();
to release a reference, for the `last one out hit the lights' style
of reference counting. (This is in contrast to the style where one
thread blocks new references and then waits under a lock for existing
ones to drain with a condvar -- no membar needed thanks to mutex(9).)
I searched for atomic_dec to find all these. Obviously we ought to
have a better abstraction for this because there's so much copypasta.
This is a stop-gap measure to fix actual bugs until we have that. It
would be nice if an abstraction could gracefully handle the different
styles of reference counting in use -- some years ago I drafted an
API for this, but making it cover everything got a little out of hand
(particularly with struct vnode::v_usecount) and I ended up setting
it aside to work on psref/localcount instead for better scalability.
I got bored of adding #ifdef __HAVE_ATOMIC_AS_MEMBAR everywhere, so I
only put it on things that look performance-critical on 5sec review.
We should really adopt membar_enter_preatomic/membar_exit_postatomic
or something (except they are applicable only to atomic r/m/w, not to
atomic_load/store_*, making the naming annoying) and get rid of all
the ifdefs.
If two threads are using an object that is freed when the reference
count goes to zero, we need to ensure that all memory operations
related to the object happen before freeing the object.
Using an atomic_dec_uint_nv(&refcnt) == 0 ensures that only one
thread takes responsibility for freeing, but it's not enough to
ensure that the other thread's memory operations happen before the
freeing.
Consider:
Thread A Thread B
obj->foo = 42; obj->baz = 73;
mumble(&obj->bar); grumble(&obj->quux);
/* membar_exit(); */ /* membar_exit(); */
atomic_dec -- not last atomic_dec -- last
/* membar_enter(); */
KASSERT(invariant(obj->foo,
obj->bar));
free_stuff(obj);
The memory barriers ensure that
obj->foo = 42;
mumble(&obj->bar);
in thread A happens before
KASSERT(invariant(obj->foo, obj->bar));
free_stuff(obj);
in thread B. Without them, this ordering is not guaranteed.
So in general it is necessary to do
membar_exit();
if (atomic_dec_uint_nv(&obj->refcnt) != 0)
return;
membar_enter();
to release a reference, for the `last one out hit the lights' style
of reference counting. (This is in contrast to the style where one
thread blocks new references and then waits under a lock for existing
ones to drain with a condvar -- no membar needed thanks to mutex(9).)
I searched for atomic_dec to find all these. Obviously we ought to
have a better abstraction for this because there's so much copypasta.
This is a stop-gap measure to fix actual bugs until we have that. It
would be nice if an abstraction could gracefully handle the different
styles of reference counting in use -- some years ago I drafted an
API for this, but making it cover everything got a little out of hand
(particularly with struct vnode::v_usecount) and I ended up setting
it aside to work on psref/localcount instead for better scalability.
I got bored of adding #ifdef __HAVE_ATOMIC_AS_MEMBAR everywhere, so I
only put it on things that look performance-critical on 5sec review.
We should really adopt membar_enter_preatomic/membar_exit_postatomic
or something (except they are applicable only to atomic r/m/w, not to
atomic_load/store_*, making the naming annoying) and get rid of all
the ifdefs.
MAIN commitmail json YAML
vhci(4): Make vhci_usb_attach/detach return void.
These never fail, so no need to return zero.
These never fail, so no need to return zero.
MAIN commitmail json YAML
vhci(4): Don't fail with ENOBUFS if no intrxfer is set up.
uhub(4) will set up the intrxfer and query the current state at its
leisure -- no need to treat racing with it as a failure.
(If there's some reason the caller needs to know about this state,
then (a) there should be a comment explaining why, and (b) the
assertion in vhci_fd_close needs to change.)
Should fix a host of syzbot crashes that were all tripping over the
same assertion but with different gobbledegook on the console --
here's all the ones I found in a quick skim of the front page:
Reported-by: syzbot+58b183ac688d656e1bfd@syzkaller.appspotmail.com
Reported-by: syzbot+e7b0e904184aa2c18224@syzkaller.appspotmail.com
Reported-by: syzbot+476b25a0a3655f3565d6@syzkaller.appspotmail.com
Reported-by: syzbot+e5b69892daf87a7464f2@syzkaller.appspotmail.com
Reported-by: syzbot+db7f0bc71c33a488d0fc@syzkaller.appspotmail.com
Reported-by: syzbot+71d0e82df292c56739da@syzkaller.appspotmail.com
Reported-by: syzbot+dbfaad061b2c909d6332@syzkaller.appspotmail.com
Reported-by: syzbot+d8b90cead59b887fee64@syzkaller.appspotmail.com
Reported-by: syzbot+ea147adc4461acb9f491@syzkaller.appspotmail.com
Reported-by: syzbot+cb7239776d4f51c39ca3@syzkaller.appspotmail.com
Reported-by: syzbot+ffbae2dd4d4a0196b026@syzkaller.appspotmail.com
Reported-by: syzbot+95d4852ea931f775cf35@syzkaller.appspotmail.com
Reported-by: syzbot+3236a5e1bc356909b322@syzkaller.appspotmail.com
Reported-by: syzbot+f5ac32d58eab38bce263@syzkaller.appspotmail.com
Reported-by: syzbot+beb9643da72188117748@syzkaller.appspotmail.com
Reported-by: syzbot+896191203695ba350566@syzkaller.appspotmail.com
Reported-by: syzbot+7c175b48b2682cc329a5@syzkaller.appspotmail.com
Reported-by: syzbot+caa5bc391d36d75335ea@syzkaller.appspotmail.com
Reported-by: syzbot+9fe6d4c43fa10f9e4dfa@syzkaller.appspotmail.com
Reported-by: syzbot+ae9ae663386e72d171b3@syzkaller.appspotmail.com
Reported-by: syzbot+a0c3a5c2f7af91e44c17@syzkaller.appspotmail.com
Reported-by: syzbot+3c157b017d0cafa7aea9@syzkaller.appspotmail.com
Reported-by: syzbot+1e05efbbf2d7df821bfd@syzkaller.appspotmail.com
Reported-by: syzbot+999f20b408f61e22f4e0@syzkaller.appspotmail.com
Reported-by: syzbot+22d227370f78b3a34442@syzkaller.appspotmail.com
Reported-by: syzbot+33760fa9b95349460293@syzkaller.appspotmail.com
Reported-by: syzbot+75d865aafbc9ebadb0f6@syzkaller.appspotmail.com
Reported-by: syzbot+3ddff5cb80bc0c9ac635@syzkaller.appspotmail.com
Reported-by: syzbot+0f942570160d533d892d@syzkaller.appspotmail.com
uhub(4) will set up the intrxfer and query the current state at its
leisure -- no need to treat racing with it as a failure.
(If there's some reason the caller needs to know about this state,
then (a) there should be a comment explaining why, and (b) the
assertion in vhci_fd_close needs to change.)
Should fix a host of syzbot crashes that were all tripping over the
same assertion but with different gobbledegook on the console --
here's all the ones I found in a quick skim of the front page:
Reported-by: syzbot+58b183ac688d656e1bfd@syzkaller.appspotmail.com
Reported-by: syzbot+e7b0e904184aa2c18224@syzkaller.appspotmail.com
Reported-by: syzbot+476b25a0a3655f3565d6@syzkaller.appspotmail.com
Reported-by: syzbot+e5b69892daf87a7464f2@syzkaller.appspotmail.com
Reported-by: syzbot+db7f0bc71c33a488d0fc@syzkaller.appspotmail.com
Reported-by: syzbot+71d0e82df292c56739da@syzkaller.appspotmail.com
Reported-by: syzbot+dbfaad061b2c909d6332@syzkaller.appspotmail.com
Reported-by: syzbot+d8b90cead59b887fee64@syzkaller.appspotmail.com
Reported-by: syzbot+ea147adc4461acb9f491@syzkaller.appspotmail.com
Reported-by: syzbot+cb7239776d4f51c39ca3@syzkaller.appspotmail.com
Reported-by: syzbot+ffbae2dd4d4a0196b026@syzkaller.appspotmail.com
Reported-by: syzbot+95d4852ea931f775cf35@syzkaller.appspotmail.com
Reported-by: syzbot+3236a5e1bc356909b322@syzkaller.appspotmail.com
Reported-by: syzbot+f5ac32d58eab38bce263@syzkaller.appspotmail.com
Reported-by: syzbot+beb9643da72188117748@syzkaller.appspotmail.com
Reported-by: syzbot+896191203695ba350566@syzkaller.appspotmail.com
Reported-by: syzbot+7c175b48b2682cc329a5@syzkaller.appspotmail.com
Reported-by: syzbot+caa5bc391d36d75335ea@syzkaller.appspotmail.com
Reported-by: syzbot+9fe6d4c43fa10f9e4dfa@syzkaller.appspotmail.com
Reported-by: syzbot+ae9ae663386e72d171b3@syzkaller.appspotmail.com
Reported-by: syzbot+a0c3a5c2f7af91e44c17@syzkaller.appspotmail.com
Reported-by: syzbot+3c157b017d0cafa7aea9@syzkaller.appspotmail.com
Reported-by: syzbot+1e05efbbf2d7df821bfd@syzkaller.appspotmail.com
Reported-by: syzbot+999f20b408f61e22f4e0@syzkaller.appspotmail.com
Reported-by: syzbot+22d227370f78b3a34442@syzkaller.appspotmail.com
Reported-by: syzbot+33760fa9b95349460293@syzkaller.appspotmail.com
Reported-by: syzbot+75d865aafbc9ebadb0f6@syzkaller.appspotmail.com
Reported-by: syzbot+3ddff5cb80bc0c9ac635@syzkaller.appspotmail.com
Reported-by: syzbot+0f942570160d533d892d@syzkaller.appspotmail.com
MAIN commitmail json YAML
kern: Use atomic_store_release/atomic_load_consume for pid_table.
This is read without the lock, so ordering is required.
This is read without the lock, so ordering is required.
MAIN commitmail json YAML
kern: Fix synchronization of clearing LP_RUNNING and lwp_free.
1. membar_sync is not necessary here -- only a store-release is
required.
2. membar_consumer _before_ loading l->l_pflag is not enough; a
load-acquire is required.
Actually it's not really clear to me why any barriers are needed, since
the store-release and load-acquire should be implied by releasing and
acquiring the lwp lock (and maybe we could spin with the lock instead
of reading l->l_pflag unlocked). But maybe there's something subtle
about access to l->l_mutex that's not obvious here.
1. membar_sync is not necessary here -- only a store-release is
required.
2. membar_consumer _before_ loading l->l_pflag is not enough; a
load-acquire is required.
Actually it's not really clear to me why any barriers are needed, since
the store-release and load-acquire should be implied by releasing and
acquiring the lwp lock (and maybe we could spin with the lock instead
of reading l->l_pflag unlocked). But maybe there's something subtle
about access to l->l_mutex that's not obvious here.
MAIN commitmail json YAML
gffb(4): Nix membar_sync and explain what's going on here.
MAIN commitmail json YAML
gffb(4): Use bus_space_barrier, not membar_sync.
MAIN commitmail json YAML
src/sys/arch/evbppc/virtex/dcr.c@1.3
/
diff
/
nxr@1.3
src/sys/arch/evbppc/virtex/dcr.h@1.3 / diff / nxr@1.3
src/sys/arch/powerpc/include/bus_defs.h@1.5 / diff / nxr@1.5
src/sys/arch/powerpc/include/bus_funcs.h@1.2 / diff / nxr@1.2
src/sys/arch/powerpc/powerpc/bus_space.c@1.39 / diff / nxr@1.39
src/sys/arch/evbppc/virtex/dcr.h@1.3 / diff / nxr@1.3
src/sys/arch/powerpc/include/bus_defs.h@1.5 / diff / nxr@1.5
src/sys/arch/powerpc/include/bus_funcs.h@1.2 / diff / nxr@1.2
src/sys/arch/powerpc/powerpc/bus_space.c@1.39 / diff / nxr@1.39
powerpc: Implement bus_space_barrier as eieio.
MAIN commitmail json YAML
xhci(4): Avoid holding bus lock across usb_delay_ms.
We may still need a mechanism to serialize access to the portsc
registers between xhci_roothub_ctrl and xhci_suspend/resume, but the
bus lock is no longer that, and holding the bus lock across
usb_delay_ms may lead to deadlock by blocking the softints that wake
usb_delay_ms.
We may still need a mechanism to serialize access to the portsc
registers between xhci_roothub_ctrl and xhci_suspend/resume, but the
bus lock is no longer that, and holding the bus lock across
usb_delay_ms may lead to deadlock by blocking the softints that wake
usb_delay_ms.
MAIN commitmail json YAML
ohci(4): Don't flail around with enabling polling in suspend/resume.
This doesn't work -- polling mode only works when all other CPUs are
quiesced and the current one is running sequentially without
preemption.
Also not clear whether this does anything useful. Maybe we need a
mechanism to block new xfers until resumed, but this wasn't that.
This doesn't work -- polling mode only works when all other CPUs are
quiesced and the current one is running sequentially without
preemption.
Also not clear whether this does anything useful. Maybe we need a
mechanism to block new xfers until resumed, but this wasn't that.
MAIN commitmail json YAML
ehci(4): Omit bus lock around ehci_suspend/resume.
This no longer serializes access to the portsc registers, also used
by ehci_roothub_ctrl, but it does pose a potential deadlock with
softints to wake usb_delay_ms. So the bus lock doesn't help here,
and may cause deadlock.
This no longer serializes access to the portsc registers, also used
by ehci_roothub_ctrl, but it does pose a potential deadlock with
softints to wake usb_delay_ms. So the bus lock doesn't help here,
and may cause deadlock.
MAIN commitmail json YAML
src/sys/arch/mips/adm5120/dev/ahci.c@1.31
/
diff
/
nxr@1.31
src/sys/dev/ic/sl811hs.c@1.111 / diff / nxr@1.111
src/sys/dev/usb/ehci.c@1.306 / diff / nxr@1.306
src/sys/dev/usb/motg.c@1.41 / diff / nxr@1.41
src/sys/dev/usb/ohci.c@1.322 / diff / nxr@1.322
src/sys/dev/usb/uhci.c@1.312 / diff / nxr@1.312
src/sys/dev/usb/usbdivar.h@1.135 / diff / nxr@1.135
src/sys/dev/usb/usbroothub.c@1.14 / diff / nxr@1.14
src/sys/dev/usb/xhci.c@1.159 / diff / nxr@1.159
src/sys/dev/ic/sl811hs.c@1.111 / diff / nxr@1.111
src/sys/dev/usb/ehci.c@1.306 / diff / nxr@1.306
src/sys/dev/usb/motg.c@1.41 / diff / nxr@1.41
src/sys/dev/usb/ohci.c@1.322 / diff / nxr@1.322
src/sys/dev/usb/uhci.c@1.312 / diff / nxr@1.312
src/sys/dev/usb/usbdivar.h@1.135 / diff / nxr@1.135
src/sys/dev/usb/usbroothub.c@1.14 / diff / nxr@1.14
src/sys/dev/usb/xhci.c@1.159 / diff / nxr@1.159
usb: Provisionally release bus lock around ubm_rhctrl.
This isn't quite correct, but it avoids a deadlock:
- *_roothub_ctrl holds bus lock, waits in usb_delay_ms for kpause
- softint waits for bus lock, holds up kpause wakeup
The deadlock is new since recent changes to hold the bus lock over
upm_start/upm_transfer. Making this change regresses to other
problems:
- *_suspend/resume and *_roothub_ctrl often touch the same portsc
registers
- roothub_ctrl_abort needs to wait for ubm_rhctrl to complete.
When the bus lock was held across both, a noop served here, but we
can't hold the bus lock across both, so that doesn't work.
However, these problems -- which we've had for a long time -- seem to
be less bad than the deadlock. So let's avoid the deadlock for now
and then work out another way to serialize suspend/resume/rhctrl and
aborts.
Candidate fix for PR kern/56739.
This isn't quite correct, but it avoids a deadlock:
- *_roothub_ctrl holds bus lock, waits in usb_delay_ms for kpause
- softint waits for bus lock, holds up kpause wakeup
The deadlock is new since recent changes to hold the bus lock over
upm_start/upm_transfer. Making this change regresses to other
problems:
- *_suspend/resume and *_roothub_ctrl often touch the same portsc
registers
- roothub_ctrl_abort needs to wait for ubm_rhctrl to complete.
When the bus lock was held across both, a noop served here, but we
can't hold the bus lock across both, so that doesn't work.
However, these problems -- which we've had for a long time -- seem to
be less bad than the deadlock. So let's avoid the deadlock for now
and then work out another way to serialize suspend/resume/rhctrl and
aborts.
Candidate fix for PR kern/56739.
MAIN commitmail json YAML
usb(4): Use atomics for usb_async_proc.
This is written under proc_lock and read without it in usb_add_event,
so using atomics pacifies the sanitizer. No memory ordering needed
because the value isn't actually used until the softint runs, using
it under proc_lock. Kind of a micro-optimization, but let's avoid
contention on proc_lock in the common case of no usb_async_proc set
up (why is this a system global, anyway? and why is there a softint
if usb_add_event always runs at IPL_NONE?).
Reported-by: syzbot+1b2fa68535e5b0f3dcaa@syzkaller.appspotmail.com
This is written under proc_lock and read without it in usb_add_event,
so using atomics pacifies the sanitizer. No memory ordering needed
because the value isn't actually used until the softint runs, using
it under proc_lock. Kind of a micro-optimization, but let's avoid
contention on proc_lock in the common case of no usb_async_proc set
up (why is this a system global, anyway? and why is there a softint
if usb_add_event always runs at IPL_NONE?).
Reported-by: syzbot+1b2fa68535e5b0f3dcaa@syzkaller.appspotmail.com
MAIN commitmail json YAML
usbnet(9): Clarify uno_stop contract in man page.
MAIN commitmail json YAML
usbnet(9): uno_init is now optional.
Update assertion and man page accordingly.
Update assertion and man page accordingly.
MAIN commitmail json YAML
Welcome to NetBSD 9.99.94!
- usbnet(9) overhaul.
- USB host controller interface API and ABI simplifications.
- usbdi(9) additions -- usbd_suspend_pipe, usbd_resume_pipe.
- video(9) change -- video_attach_mi takes explicit cookie argument.
- driver(9) addition -- device_set_private, in preparation for opaque
struct device.
While here, fix typo noted by pgoyette@ -- `privilege', not
`priviledge'.
- usbnet(9) overhaul.
- USB host controller interface API and ABI simplifications.
- usbdi(9) additions -- usbd_suspend_pipe, usbd_resume_pipe.
- video(9) change -- video_attach_mi takes explicit cookie argument.
- driver(9) addition -- device_set_private, in preparation for opaque
struct device.
While here, fix typo noted by pgoyette@ -- `privilege', not
`priviledge'.
MAIN commitmail json YAML
src/sys/arch/vax/vax/autoconf.c@1.100
/
diff
/
nxr@1.100
src/sys/arch/vax/vax/ka6400.c@1.21 / diff / nxr@1.21
src/sys/arch/vax/vax/ka820.c@1.58 / diff / nxr@1.58
src/sys/arch/vax/vax/ka88.c@1.21 / diff / nxr@1.21
src/sys/arch/vax/vax/multicpu.c@1.37 / diff / nxr@1.37
src/sys/arch/vax/vax/ka6400.c@1.21 / diff / nxr@1.21
src/sys/arch/vax/vax/ka820.c@1.58 / diff / nxr@1.58
src/sys/arch/vax/vax/ka88.c@1.21 / diff / nxr@1.21
src/sys/arch/vax/vax/multicpu.c@1.37 / diff / nxr@1.37
vax: Use device_set_private.
MAIN commitmail json YAML
powerpc: Use device_set_private for e500 cpuN.
MAIN commitmail json YAML
src/sys/arch/evbmips/evbmips/cpu.c@1.6
/
diff
/
nxr@1.6
src/sys/arch/evbmips/ingenic/cpu.c@1.5 / diff / nxr@1.5
src/sys/arch/mips/cavium/octeon_cpunode.c@1.22 / diff / nxr@1.22
src/sys/arch/mips/mips/cpu_subr.c@1.60 / diff / nxr@1.60
src/sys/arch/evbmips/ingenic/cpu.c@1.5 / diff / nxr@1.5
src/sys/arch/mips/cavium/octeon_cpunode.c@1.22 / diff / nxr@1.22
src/sys/arch/mips/mips/cpu_subr.c@1.60 / diff / nxr@1.60
mips: Carefully use device_set_private for cpuN.
But don't do it in cpu_attach_common because the callers aren't set
up right -- instead leave a comment about what's wrong, to be dealt
with later.
But don't do it in cpu_attach_common because the callers aren't set
up right -- instead leave a comment about what's wrong, to be dealt
with later.
MAIN commitmail json YAML
src/sys/arch/evbmips/gdium/bonito_mainbus.c@1.6
/
diff
/
nxr@1.6
src/sys/arch/evbmips/loongson/bonito_mainbus.c@1.6 / diff / nxr@1.6
src/sys/arch/mips/sibyte/pci/sbbrz.c@1.9 / diff / nxr@1.9
src/sys/arch/evbmips/loongson/bonito_mainbus.c@1.6 / diff / nxr@1.6
src/sys/arch/mips/sibyte/pci/sbbrz.c@1.9 / diff / nxr@1.9
mips: Use device_set_private in a few drivers.
MAIN commitmail json YAML
src/sys/arch/cobalt/cobalt/cpu.c@1.12
/
diff
/
nxr@1.12
src/sys/arch/ews4800mips/ews4800mips/cpu.c@1.6 / diff / nxr@1.6
src/sys/arch/hpcmips/hpcmips/cpu.c@1.19 / diff / nxr@1.19
src/sys/arch/mipsco/mipsco/cpu.c@1.12 / diff / nxr@1.12
src/sys/arch/newsmips/newsmips/cpu.c@1.13 / diff / nxr@1.13
src/sys/arch/pmax/pmax/cpu.c@1.32 / diff / nxr@1.32
src/sys/arch/sgimips/sgimips/cpu.c@1.28 / diff / nxr@1.28
src/sys/arch/ews4800mips/ews4800mips/cpu.c@1.6 / diff / nxr@1.6
src/sys/arch/hpcmips/hpcmips/cpu.c@1.19 / diff / nxr@1.19
src/sys/arch/mipsco/mipsco/cpu.c@1.12 / diff / nxr@1.12
src/sys/arch/newsmips/newsmips/cpu.c@1.13 / diff / nxr@1.13
src/sys/arch/pmax/pmax/cpu.c@1.32 / diff / nxr@1.32
src/sys/arch/sgimips/sgimips/cpu.c@1.28 / diff / nxr@1.28
mips: Use device_set_private for cpuN on older ports.
Specifically, for those that don't use cpu_attach_common of
mips_subr.c.
Specifically, for those that don't use cpu_attach_common of
mips_subr.c.
MAIN commitmail json YAML
src/sys/arch/arm/broadcom/bcm53xx_cca.c@1.5
/
diff
/
nxr@1.5
src/sys/arch/arm/broadcom/bcm53xx_ccb.c@1.9 / diff / nxr@1.9
src/sys/arch/arm/cortex/a9tmr.c@1.22 / diff / nxr@1.22
src/sys/arch/arm/cortex/gic.c@1.53 / diff / nxr@1.53
src/sys/arch/arm/cortex/gtmr.c@1.49 / diff / nxr@1.49
src/sys/arch/arm/gemini/gemini_icu.c@1.7 / diff / nxr@1.7
src/sys/arch/arm/omap/omap2_icu.c@1.12 / diff / nxr@1.12
src/sys/arch/arm/omap/omap2_prcm.c@1.6 / diff / nxr@1.6
src/sys/arch/arm/samsung/mct.c@1.21 / diff / nxr@1.21
src/sys/arch/arm/broadcom/bcm53xx_ccb.c@1.9 / diff / nxr@1.9
src/sys/arch/arm/cortex/a9tmr.c@1.22 / diff / nxr@1.22
src/sys/arch/arm/cortex/gic.c@1.53 / diff / nxr@1.53
src/sys/arch/arm/cortex/gtmr.c@1.49 / diff / nxr@1.49
src/sys/arch/arm/gemini/gemini_icu.c@1.7 / diff / nxr@1.7
src/sys/arch/arm/omap/omap2_icu.c@1.12 / diff / nxr@1.12
src/sys/arch/arm/omap/omap2_prcm.c@1.6 / diff / nxr@1.6
src/sys/arch/arm/samsung/mct.c@1.21 / diff / nxr@1.21
arm: Use device_set_private for various drivers.
MAIN commitmail json YAML
arc: Use device_set_private for cpuN.
MAIN commitmail json YAML
src/sys/arch/aarch64/aarch64/cpu.c@1.69
/
diff
/
nxr@1.69
src/sys/arch/arm/arm32/cpu.c@1.153 / diff / nxr@1.153
src/sys/arch/arm/fdt/cpu_fdt.c@1.42 / diff / nxr@1.42
src/sys/arch/arm/arm32/cpu.c@1.153 / diff / nxr@1.153
src/sys/arch/arm/fdt/cpu_fdt.c@1.42 / diff / nxr@1.42
arm: Use device_set_private for cpuN.
For cpu at fdt, nix the fdt softc -- this was leaked and never used
for anything. The device's private storage is the cpu_info.
For cpu at fdt, nix the fdt softc -- this was leaked and never used
for anything. The device's private storage is the cpu_info.
MAIN commitmail json YAML
driver(9): New device_set_private.
Used to initialize a device_t's private pointer at most once. Only
for drivers with zero cfattach size so autoconf doesn't preallocate;
KASSERT checks for this mistake.
Used to initialize a device_t's private pointer at most once. Only
for drivers with zero cfattach size so autoconf doesn't preallocate;
KASSERT checks for this mistake.
MAIN commitmail json YAML
src/sys/dev/usb/auvitek_video.c@1.10
/
diff
/
nxr@1.10
src/sys/dev/usb/pseye.c@1.29 / diff / nxr@1.29
src/sys/dev/usb/uvideo.c@1.69 / diff / nxr@1.69
src/sys/dev/video.c@1.45 / diff / nxr@1.45
src/sys/dev/video_if.h@1.11 / diff / nxr@1.11
src/sys/dev/usb/pseye.c@1.29 / diff / nxr@1.29
src/sys/dev/usb/uvideo.c@1.69 / diff / nxr@1.69
src/sys/dev/video.c@1.45 / diff / nxr@1.45
src/sys/dev/video_if.h@1.11 / diff / nxr@1.11
video(9): Make softc argument mandatory for video_attach_mi.
No separate video_attach_mi_softc function any more.
No separate video_attach_mi_softc function any more.
MAIN commitmail json YAML
uvideo(4): Attach one video(4) per independent stream.
MAIN commitmail json YAML
uvideo(4): Fix zero initialization of uvideo_stream.
Just use kmem_zalloc; don't memset it to zero, especially not after
we just inserted it into the list, with the side effect of deleting
the rest of the list!
Just use kmem_zalloc; don't memset it to zero, especially not after
we just inserted it into the list, with the side effect of deleting
the rest of the list!
MAIN commitmail json YAML
video(4): Allow drivers to pass the softc explicitly.
This way one device driver can have multiple video0, video1, &c.,
interfaces attached, using independent state and a common parent.
This way one device driver can have multiple video0, video1, &c.,
interfaces attached, using independent state and a common parent.
MAIN commitmail json YAML
uvideo(4): Sprinkle debug messages.
MAIN commitmail json YAML
uvideo(4): Use __nothing for empty DPRINTF, not actually empty.
MAIN commitmail json YAML
usbdi(9): Suspend control pipe on detach.
The device is gone so control transfers won't complete anyway. This
obviates the need to wait for usbd_do_request to time out.
Seems like maybe we should make _all_ xfers fail with USBD_CANCELLED
when the device is detached, but there's no list of pipes we can just
walk down to suspend them, so we'd have to find another way to do so.
For now, we'll just keep having drivers suspend/abort pipes other
than the control pipe.
The device is gone so control transfers won't complete anyway. This
obviates the need to wait for usbd_do_request to time out.
Seems like maybe we should make _all_ xfers fail with USBD_CANCELLED
when the device is detached, but there's no list of pipes we can just
walk down to suspend them, so we'd have to find another way to do so.
For now, we'll just keep having drivers suspend/abort pipes other
than the control pipe.
MAIN commitmail json YAML
usbdi(9): dtrace probes for USB control requests.
MAIN commitmail json YAML
usb: Assert hci doesn't synchronously complete async xfers.
The xfer callback must not be invoked synchronously, because it might
need to take a lock that the caller holds.
However, the hci might return failure to the caller, meaning the xfer
callback will not be invoked at all.
The xfer callback must not be invoked synchronously, because it might
need to take a lock that the caller holds.
However, the hci might return failure to the caller, meaning the xfer
callback will not be invoked at all.
MAIN commitmail json YAML
src/sys/arch/mips/adm5120/dev/ahci.c@1.30
/
diff
/
nxr@1.30
src/sys/dev/ic/sl811hs.c@1.110 / diff / nxr@1.110
src/sys/dev/usb/ehci.c@1.305 / diff / nxr@1.305
src/sys/dev/usb/motg.c@1.40 / diff / nxr@1.40
src/sys/dev/usb/ohci.c@1.321 / diff / nxr@1.321
src/sys/dev/usb/uhci.c@1.311 / diff / nxr@1.311
src/sys/dev/usb/usbdi.c@1.231 / diff / nxr@1.231
src/sys/dev/usb/usbdivar.h@1.134 / diff / nxr@1.134
src/sys/dev/usb/usbroothub.c@1.13 / diff / nxr@1.13
src/sys/dev/usb/vhci.c@1.25 / diff / nxr@1.25
src/sys/dev/usb/xhci.c@1.158 / diff / nxr@1.158
src/sys/external/bsd/dwc2/dwc2.c@1.80 / diff / nxr@1.80
src/sys/rump/dev/lib/libugenhc/ugenhc.c@1.31 / diff / nxr@1.31
src/sys/dev/ic/sl811hs.c@1.110 / diff / nxr@1.110
src/sys/dev/usb/ehci.c@1.305 / diff / nxr@1.305
src/sys/dev/usb/motg.c@1.40 / diff / nxr@1.40
src/sys/dev/usb/ohci.c@1.321 / diff / nxr@1.321
src/sys/dev/usb/uhci.c@1.311 / diff / nxr@1.311
src/sys/dev/usb/usbdi.c@1.231 / diff / nxr@1.231
src/sys/dev/usb/usbdivar.h@1.134 / diff / nxr@1.134
src/sys/dev/usb/usbroothub.c@1.13 / diff / nxr@1.13
src/sys/dev/usb/vhci.c@1.25 / diff / nxr@1.25
src/sys/dev/usb/xhci.c@1.158 / diff / nxr@1.158
src/sys/external/bsd/dwc2/dwc2.c@1.80 / diff / nxr@1.80
src/sys/rump/dev/lib/libugenhc/ugenhc.c@1.31 / diff / nxr@1.31
usb: Hold pipe lock across upm_transfer and upm_start.
This simplifies the code and fixes races with abort. Access to the
pipe's queue is now done exclusively while the pipe is locked.
This simplifies the code and fixes races with abort. Access to the
pipe's queue is now done exclusively while the pipe is locked.
MAIN commitmail json YAML
usb: In usbd_transfer, test whether aborting under the lock.
Otherwise this test is racy and can cause the bad state of a pipe
with a transfer that will never be completed in a pipe that's about
to close under the expectation that the pipe is empty.
Otherwise this test is racy and can cause the bad state of a pipe
with a transfer that will never be completed in a pipe that's about
to close under the expectation that the pipe is empty.
MAIN commitmail json YAML
usb: Inline usb_insert_transfer.
This makes it clearer which part happens irrespective of error
(putting it on the queue -- unconditional, not rolled back by
usb_insert_transfer) and what the possible `errors' mean (neither of
which is an error, per se).
This makes it clearer which part happens irrespective of error
(putting it on the queue -- unconditional, not rolled back by
usb_insert_transfer) and what the possible `errors' mean (neither of
which is an error, per se).
MAIN commitmail json YAML
usbdi(9): New usbd_suspend_pipe, usbd_resume_pipe.
- New usbd_suspend_pipe to persistently stop transfers on a pipe and
cancel pending ones or wait for their callbacks to finish.
Idempotent.
- New usbd_resume_pipe to allow transfers again. Idempotent, but no
new xfers may be submitted before repeating this.
This way it is safe to usbd_abort_pipe in two threads concurrently,
e.g. if one thread is closing a device while another is revoking it
-- but the threads have to agree on when it is done being aborted
before starting to use it again.
- Existing usbd_abort_pipe now does suspend then resume. No change
in semantics so drivers that relied on being able to submit
transfers again won't be broken any worse than the already are
broken.
This allows drivers to avoid races such as:
/* read */
if (sc->sc_dying)
return ENXIO;
/* (*) */
err = usbd_bulk_transfer(...);
/* detach or or close */
sc->sc_dying = true;
usbd_abort_pipe(...);
wait_for_io_to_drain(...);
The detach or close logic might happen at the same time as (*), with
no way to stop the bulk transfer before it starts, leading to
deadlock when detach/close waits for I/O operations like read to
drain. Instead, the close routine can use usbd_suspend_pipe, and the
usbd_bulk_transfer is guaranteed to fail.
But some drivers such as ucom(4) don't close and reopen pipes after
aborting them -- they open on attach and close on detach, and just
abort when the /dev node is closed, expecting that xfers will
continue to work when next opened. These drivers can instead use
usbd_suspend_pipe on close and usbd_resume_pipe on open. Perhaps it
would be better to make them open pipes on open and close pipes on
close, but these functions make for a less intrusive transition.
- New usbd_suspend_pipe to persistently stop transfers on a pipe and
cancel pending ones or wait for their callbacks to finish.
Idempotent.
- New usbd_resume_pipe to allow transfers again. Idempotent, but no
new xfers may be submitted before repeating this.
This way it is safe to usbd_abort_pipe in two threads concurrently,
e.g. if one thread is closing a device while another is revoking it
-- but the threads have to agree on when it is done being aborted
before starting to use it again.
- Existing usbd_abort_pipe now does suspend then resume. No change
in semantics so drivers that relied on being able to submit
transfers again won't be broken any worse than the already are
broken.
This allows drivers to avoid races such as:
/* read */
if (sc->sc_dying)
return ENXIO;
/* (*) */
err = usbd_bulk_transfer(...);
/* detach or or close */
sc->sc_dying = true;
usbd_abort_pipe(...);
wait_for_io_to_drain(...);
The detach or close logic might happen at the same time as (*), with
no way to stop the bulk transfer before it starts, leading to
deadlock when detach/close waits for I/O operations like read to
drain. Instead, the close routine can use usbd_suspend_pipe, and the
usbd_bulk_transfer is guaranteed to fail.
But some drivers such as ucom(4) don't close and reopen pipes after
aborting them -- they open on attach and close on detach, and just
abort when the /dev node is closed, expecting that xfers will
continue to work when next opened. These drivers can instead use
usbd_suspend_pipe on close and usbd_resume_pipe on open. Perhaps it
would be better to make them open pipes on open and close pipes on
close, but these functions make for a less intrusive transition.
MAIN commitmail json YAML
usb: Update tables of bus/pipe method locking rules.
No functional change.
No functional change.
MAIN commitmail json YAML
usb: Add missing includes in usb_mem.h.
MAIN commitmail json YAML
xhci(4): Add missing includes to xhcivar.h.
MAIN commitmail json YAML
src/sys/dev/usb/ehci.c@1.304
/
diff
/
nxr@1.304
src/sys/dev/usb/motg.c@1.39 / diff / nxr@1.39
src/sys/dev/usb/ohci.c@1.320 / diff / nxr@1.320
src/sys/dev/usb/uhci.c@1.310 / diff / nxr@1.310
src/sys/dev/usb/usbdi.c@1.227 / diff / nxr@1.227
src/sys/dev/usb/xhci.c@1.157 / diff / nxr@1.157
src/sys/external/bsd/dwc2/dwc2.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/motg.c@1.39 / diff / nxr@1.39
src/sys/dev/usb/ohci.c@1.320 / diff / nxr@1.320
src/sys/dev/usb/uhci.c@1.310 / diff / nxr@1.310
src/sys/dev/usb/usbdi.c@1.227 / diff / nxr@1.227
src/sys/dev/usb/xhci.c@1.157 / diff / nxr@1.157
src/sys/external/bsd/dwc2/dwc2.c@1.79 / diff / nxr@1.79
usb: Factor usb_transfer_complete out of ubm_abortx method.
MAIN commitmail json YAML
usb: usbd_free_xfer never fails. Make it return void.
MAIN commitmail json YAML
src/sys/dev/usb/if_atu.c@1.75
/
diff
/
nxr@1.75
src/sys/dev/usb/if_urtw.c@1.26 / diff / nxr@1.26
src/sys/dev/usb/ualea.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/usbdi.c@1.225 / diff / nxr@1.225
src/sys/dev/usb/usbdi.h@1.106 / diff / nxr@1.106
src/sys/dev/usb/usbnet.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/if_urtw.c@1.26 / diff / nxr@1.26
src/sys/dev/usb/ualea.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/usbdi.c@1.225 / diff / nxr@1.225
src/sys/dev/usb/usbdi.h@1.106 / diff / nxr@1.106
src/sys/dev/usb/usbnet.c@1.93 / diff / nxr@1.93
usb: usbd_close_pipe never fails. Make it return void.
Prune dead branches as a result of this change.
Prune dead branches as a result of this change.
MAIN commitmail json YAML
src/sys/dev/usb/if_atu.c@1.74
/
diff
/
nxr@1.74
src/sys/dev/usb/ualea.c@1.14 / diff / nxr@1.14
src/sys/dev/usb/usbdi.c@1.224 / diff / nxr@1.224
src/sys/dev/usb/usbdi.h@1.105 / diff / nxr@1.105
src/sys/dev/usb/usbnet.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/utoppy.c@1.36 / diff / nxr@1.36
src/sys/dev/usb/ualea.c@1.14 / diff / nxr@1.14
src/sys/dev/usb/usbdi.c@1.224 / diff / nxr@1.224
src/sys/dev/usb/usbdi.h@1.105 / diff / nxr@1.105
src/sys/dev/usb/usbnet.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/utoppy.c@1.36 / diff / nxr@1.36
usb: usbd_abort_pipe never fails. Make it return void.
Prune dead branches as a result of this change.
Prune dead branches as a result of this change.
MAIN commitmail json YAML
src/sys/arch/mips/adm5120/dev/ahci.c@1.29
/
diff
/
nxr@1.29
src/sys/dev/ic/sl811hs.c@1.109 / diff / nxr@1.109
src/sys/dev/usb/ehci.c@1.303 / diff / nxr@1.303
src/sys/dev/usb/motg.c@1.38 / diff / nxr@1.38
src/sys/dev/usb/ohci.c@1.319 / diff / nxr@1.319
src/sys/dev/usb/uhci.c@1.309 / diff / nxr@1.309
src/sys/dev/usb/usbdi.c@1.223 / diff / nxr@1.223
src/sys/dev/usb/usbdivar.h@1.132 / diff / nxr@1.132
src/sys/dev/usb/usbroothub.c@1.12 / diff / nxr@1.12
src/sys/dev/usb/vhci.c@1.24 / diff / nxr@1.24
src/sys/dev/usb/xhci.c@1.156 / diff / nxr@1.156
src/sys/external/bsd/dwc2/dwc2.c@1.78 / diff / nxr@1.78
src/sys/rump/dev/lib/libugenhc/ugenhc.c@1.30 / diff / nxr@1.30
src/sys/dev/ic/sl811hs.c@1.109 / diff / nxr@1.109
src/sys/dev/usb/ehci.c@1.303 / diff / nxr@1.303
src/sys/dev/usb/motg.c@1.38 / diff / nxr@1.38
src/sys/dev/usb/ohci.c@1.319 / diff / nxr@1.319
src/sys/dev/usb/uhci.c@1.309 / diff / nxr@1.309
src/sys/dev/usb/usbdi.c@1.223 / diff / nxr@1.223
src/sys/dev/usb/usbdivar.h@1.132 / diff / nxr@1.132
src/sys/dev/usb/usbroothub.c@1.12 / diff / nxr@1.12
src/sys/dev/usb/vhci.c@1.24 / diff / nxr@1.24
src/sys/dev/usb/xhci.c@1.156 / diff / nxr@1.156
src/sys/external/bsd/dwc2/dwc2.c@1.78 / diff / nxr@1.78
src/sys/rump/dev/lib/libugenhc/ugenhc.c@1.30 / diff / nxr@1.30
usb: Factor usb_insert_transfer out of upm_transfer and make private.
Almost every upm_transfer function starts with:
mutex_enter(&sc->sc_lock);
err = usb_insert_transfer(xfer);
mutex_exit(&sc->sc_lock);
if (err)
return err;
Some of them have debug messages sprinkled in here too, or assert
that err == USBD_NORMAL_COMPLETION (alternative is USBD_IN_PROGRESS,
only for pipes with up_running or up_serialise, presumably not
applicable for these types of pipes). Some of them also assert
xfer->ux_status == USBD_NOT_STARTED, which is guaranteed on entry and
preserved by usb_insert_transer.
Exceptions:
- arch/mips/adm5120/dev/ahci.c ahci_device_isoc_transfer just returns
USBD_NORMAL_COMPLETION, but I'm pretty sure this is and always has
been broken anyway, so won't make anything worse (if anything, might
make it better...)
- external/bsd/dwc2/dwc2.c dwc2_device_bulk_transfer and
dwc2_device_isoc_transfer _also_ issue dwc2_device_start(xfer)
under the lock. This is probably a better way to do it, but let's
do it uniformly across all HCIs at once.
- rump/dev/lib/libugenhc/ugenhc.c rumpusb_device_bulk_transfer
sometimes returns USBD_IN_PROGRESS _without_ queueing the transfer,
in the !rump_threads case. Not really sure how this is supposed to
work... If it actually breaks anything, we can figure it out.
Almost every upm_transfer function starts with:
mutex_enter(&sc->sc_lock);
err = usb_insert_transfer(xfer);
mutex_exit(&sc->sc_lock);
if (err)
return err;
Some of them have debug messages sprinkled in here too, or assert
that err == USBD_NORMAL_COMPLETION (alternative is USBD_IN_PROGRESS,
only for pipes with up_running or up_serialise, presumably not
applicable for these types of pipes). Some of them also assert
xfer->ux_status == USBD_NOT_STARTED, which is guaranteed on entry and
preserved by usb_insert_transer.
Exceptions:
- arch/mips/adm5120/dev/ahci.c ahci_device_isoc_transfer just returns
USBD_NORMAL_COMPLETION, but I'm pretty sure this is and always has
been broken anyway, so won't make anything worse (if anything, might
make it better...)
- external/bsd/dwc2/dwc2.c dwc2_device_bulk_transfer and
dwc2_device_isoc_transfer _also_ issue dwc2_device_start(xfer)
under the lock. This is probably a better way to do it, but let's
do it uniformly across all HCIs at once.
- rump/dev/lib/libugenhc/ugenhc.c rumpusb_device_bulk_transfer
sometimes returns USBD_IN_PROGRESS _without_ queueing the transfer,
in the !rump_threads case. Not really sure how this is supposed to
work... If it actually breaks anything, we can figure it out.
MAIN commitmail json YAML
usbnet(9): Update man page.
MAIN commitmail json YAML
urndis(4): Simplify circuitous initialization logic.
MAIN commitmail json YAML
usbnet: Update some comments.
MAIN commitmail json YAML
usbnet: On if_stop, abort xfers before resetting hardware.
uno_stop is supposed to have exclusive access to the hardware; this
ensures that any concurrent uno_rx_loop has completed before we enter
uno_stop.
uno_stop is supposed to have exclusive access to the hardware; this
ensures that any concurrent uno_rx_loop has completed before we enter
uno_stop.
MAIN commitmail json YAML
usbnet: Fix type of struct usbnet::un_ed according to plan.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.190
/
diff
/
nxr@1.190
src/sys/dev/usb/if_axe.c@1.150 / diff / nxr@1.150
src/sys/dev/usb/if_axen.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/if_cdce.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_cue.c@1.106 / diff / nxr@1.106
src/sys/dev/usb/if_kue.c@1.118 / diff / nxr@1.118
src/sys/dev/usb/if_mos.c@1.22 / diff / nxr@1.22
src/sys/dev/usb/if_mue.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_smsc.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_udav.c@1.97 / diff / nxr@1.97
src/sys/dev/usb/if_upl.c@1.77 / diff / nxr@1.77
src/sys/dev/usb/if_ure.c@1.56 / diff / nxr@1.56
src/sys/dev/usb/if_url.c@1.96 / diff / nxr@1.96
src/sys/dev/usb/if_urndis.c@1.46 / diff / nxr@1.46
src/sys/dev/usb/usbnet.c@1.90 / diff / nxr@1.90
src/sys/dev/usb/usbnet.h@1.31 / diff / nxr@1.31
src/sys/dev/usb/if_axe.c@1.150 / diff / nxr@1.150
src/sys/dev/usb/if_axen.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/if_cdce.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_cue.c@1.106 / diff / nxr@1.106
src/sys/dev/usb/if_kue.c@1.118 / diff / nxr@1.118
src/sys/dev/usb/if_mos.c@1.22 / diff / nxr@1.22
src/sys/dev/usb/if_mue.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_smsc.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_udav.c@1.97 / diff / nxr@1.97
src/sys/dev/usb/if_upl.c@1.77 / diff / nxr@1.77
src/sys/dev/usb/if_ure.c@1.56 / diff / nxr@1.56
src/sys/dev/usb/if_url.c@1.96 / diff / nxr@1.96
src/sys/dev/usb/if_urndis.c@1.46 / diff / nxr@1.46
src/sys/dev/usb/usbnet.c@1.90 / diff / nxr@1.90
src/sys/dev/usb/usbnet.h@1.31 / diff / nxr@1.31
usbnet: Omit needless detachcv name parameter to usbnet_attach.
MAIN commitmail json YAML
src/sys/dev/usb/if_cdce.c@1.80
/
diff
/
nxr@1.80
src/sys/dev/usb/if_upl.c@1.76 / diff / nxr@1.76
src/sys/dev/usb/usbnet.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_upl.c@1.76 / diff / nxr@1.76
src/sys/dev/usb/usbnet.c@1.89 / diff / nxr@1.89
usbnet: Omit empty uno_init functions.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.189
/
diff
/
nxr@1.189
src/sys/dev/usb/if_axe.c@1.149 / diff / nxr@1.149
src/sys/dev/usb/if_axen.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_cdce.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/if_cue.c@1.105 / diff / nxr@1.105
src/sys/dev/usb/if_kue.c@1.117 / diff / nxr@1.117
src/sys/dev/usb/if_mos.c@1.21 / diff / nxr@1.21
src/sys/dev/usb/if_mue.c@1.80 / diff / nxr@1.80
src/sys/dev/usb/if_smsc.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_udav.c@1.96 / diff / nxr@1.96
src/sys/dev/usb/if_upl.c@1.75 / diff / nxr@1.75
src/sys/dev/usb/if_ure.c@1.55 / diff / nxr@1.55
src/sys/dev/usb/if_url.c@1.95 / diff / nxr@1.95
src/sys/dev/usb/if_urndis.c@1.45 / diff / nxr@1.45
src/sys/dev/usb/usbnet.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/usbnet.h@1.30 / diff / nxr@1.30
src/sys/dev/usb/if_axe.c@1.149 / diff / nxr@1.149
src/sys/dev/usb/if_axen.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_cdce.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/if_cue.c@1.105 / diff / nxr@1.105
src/sys/dev/usb/if_kue.c@1.117 / diff / nxr@1.117
src/sys/dev/usb/if_mos.c@1.21 / diff / nxr@1.21
src/sys/dev/usb/if_mue.c@1.80 / diff / nxr@1.80
src/sys/dev/usb/if_smsc.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_udav.c@1.96 / diff / nxr@1.96
src/sys/dev/usb/if_upl.c@1.75 / diff / nxr@1.75
src/sys/dev/usb/if_ure.c@1.55 / diff / nxr@1.55
src/sys/dev/usb/if_url.c@1.95 / diff / nxr@1.95
src/sys/dev/usb/if_urndis.c@1.45 / diff / nxr@1.45
src/sys/dev/usb/usbnet.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/usbnet.h@1.30 / diff / nxr@1.30
usbnet: Factor usbnet_init_rx_tx out into usbnet_if_init.
Make it private; no need for drivers to call it any more.
Make it private; no need for drivers to call it any more.
MAIN commitmail json YAML
src/sys/dev/usb/if_cdce.c@1.78
/
diff
/
nxr@1.78
src/sys/dev/usb/if_udav.c@1.95 / diff / nxr@1.95
src/sys/dev/usb/if_upl.c@1.74 / diff / nxr@1.74
src/sys/dev/usb/if_urndis.c@1.44 / diff / nxr@1.44
src/sys/dev/usb/if_udav.c@1.95 / diff / nxr@1.95
src/sys/dev/usb/if_upl.c@1.74 / diff / nxr@1.74
src/sys/dev/usb/if_urndis.c@1.44 / diff / nxr@1.44
usbnet drivers: Simplify return of usbnet_init_rx_tx.
MAIN commitmail json YAML
src/sys/dev/usb/if_cdce.c@1.77
/
diff
/
nxr@1.77
src/sys/dev/usb/if_urndis.c@1.43 / diff / nxr@1.43
src/sys/dev/usb/usbnet.c@1.87 / diff / nxr@1.87
src/sys/dev/usb/if_urndis.c@1.43 / diff / nxr@1.43
src/sys/dev/usb/usbnet.c@1.87 / diff / nxr@1.87
usbnet: Handle usbnet_set_link for drivers with no media detect.
MAIN commitmail json YAML
url(4): Inline call to url_uno_stop -- alias for url_reset.
MAIN commitmail json YAML
src/sys/dev/usb/if_axe.c@1.148
/
diff
/
nxr@1.148
src/sys/dev/usb/if_mos.c@1.20 / diff / nxr@1.20
src/sys/dev/usb/if_smsc.c@1.90 / diff / nxr@1.90
src/sys/dev/usb/if_mos.c@1.20 / diff / nxr@1.20
src/sys/dev/usb/if_smsc.c@1.90 / diff / nxr@1.90
usbnet drivers: Omit redundant device reset via *_uno_stop on init.
Only those drivers where *_uno_stop is just *_reset, and *_uno_init
immediately calls *_reset afterward, are affected.
Only those drivers where *_uno_stop is just *_reset, and *_uno_init
immediately calls *_reset afterward, are affected.
MAIN commitmail json YAML
src/sys/dev/usb/if_axe.c@1.147
/
diff
/
nxr@1.147
src/sys/dev/usb/if_axen.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_cdce.c@1.76 / diff / nxr@1.76
src/sys/dev/usb/if_cue.c@1.104 / diff / nxr@1.104
src/sys/dev/usb/if_kue.c@1.116 / diff / nxr@1.116
src/sys/dev/usb/if_mos.c@1.19 / diff / nxr@1.19
src/sys/dev/usb/if_smsc.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_url.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/usbnet.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/usbnet.h@1.29 / diff / nxr@1.29
src/sys/dev/usb/if_axen.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_cdce.c@1.76 / diff / nxr@1.76
src/sys/dev/usb/if_cue.c@1.104 / diff / nxr@1.104
src/sys/dev/usb/if_kue.c@1.116 / diff / nxr@1.116
src/sys/dev/usb/if_mos.c@1.19 / diff / nxr@1.19
src/sys/dev/usb/if_smsc.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_url.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/usbnet.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/usbnet.h@1.29 / diff / nxr@1.29
usbnet drivers: From *_uno_init, call *_uno_stop, not usbnet_stop.
Make usbnet_stop private now that no drivers use it.
None of the driver-independent logic in usbnet_stop has any effect at
this point because we are guaranteed not to be running, so only the
driver-dependent logic in *_uno_stop (at most) is needed.
For drivers with no *_uno_stop, just omit the call to usbnet_stop
altogether.
Some of this logic is obviously redundant with the subsequent call to
*_reset -- to be addressed in a subsequent commit.
Make usbnet_stop private now that no drivers use it.
None of the driver-independent logic in usbnet_stop has any effect at
this point because we are guaranteed not to be running, so only the
driver-dependent logic in *_uno_stop (at most) is needed.
For drivers with no *_uno_stop, just omit the call to usbnet_stop
altogether.
Some of this logic is obviously redundant with the subsequent call to
*_reset -- to be addressed in a subsequent commit.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.188
/
diff
/
nxr@1.188
src/sys/dev/usb/if_mue.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/if_udav.c@1.94 / diff / nxr@1.94
src/sys/dev/usb/if_ure.c@1.54 / diff / nxr@1.54
src/sys/dev/usb/if_urndis.c@1.42 / diff / nxr@1.42
src/sys/dev/usb/if_mue.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/if_udav.c@1.94 / diff / nxr@1.94
src/sys/dev/usb/if_ure.c@1.54 / diff / nxr@1.54
src/sys/dev/usb/if_urndis.c@1.42 / diff / nxr@1.42
usbnet drivers: Prune dead IFF_RUNNING branches in *_uno_init.
usbnet(9) guarantees !IFF_RUNNING now before calling it.
usbnet(9) guarantees !IFF_RUNNING now before calling it.
MAIN commitmail json YAML
usbnet: Do nothing on if_init/stop if already in the target state.
The network stack _shouldn't_ ever call us if so, but I'm not yet
sure it _won't_.
The network stack _shouldn't_ ever call us if so, but I'm not yet
sure it _won't_.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.187
/
diff
/
nxr@1.187
src/sys/dev/usb/if_axe.c@1.146 / diff / nxr@1.146
src/sys/dev/usb/if_axen.c@1.90 / diff / nxr@1.90
src/sys/dev/usb/if_cdce.c@1.75 / diff / nxr@1.75
src/sys/dev/usb/if_cue.c@1.103 / diff / nxr@1.103
src/sys/dev/usb/if_kue.c@1.115 / diff / nxr@1.115
src/sys/dev/usb/if_mos.c@1.18 / diff / nxr@1.18
src/sys/dev/usb/if_mue.c@1.78 / diff / nxr@1.78
src/sys/dev/usb/if_smsc.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/if_udav.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/if_upl.c@1.73 / diff / nxr@1.73
src/sys/dev/usb/if_ure.c@1.53 / diff / nxr@1.53
src/sys/dev/usb/if_url.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_axe.c@1.146 / diff / nxr@1.146
src/sys/dev/usb/if_axen.c@1.90 / diff / nxr@1.90
src/sys/dev/usb/if_cdce.c@1.75 / diff / nxr@1.75
src/sys/dev/usb/if_cue.c@1.103 / diff / nxr@1.103
src/sys/dev/usb/if_kue.c@1.115 / diff / nxr@1.115
src/sys/dev/usb/if_mos.c@1.18 / diff / nxr@1.18
src/sys/dev/usb/if_mue.c@1.78 / diff / nxr@1.78
src/sys/dev/usb/if_smsc.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/if_udav.c@1.93 / diff / nxr@1.93
src/sys/dev/usb/if_upl.c@1.73 / diff / nxr@1.73
src/sys/dev/usb/if_ure.c@1.53 / diff / nxr@1.53
src/sys/dev/usb/if_url.c@1.92 / diff / nxr@1.92
usbnet drivers: Omit needless isdying tests in *_uno_init.
usbnet(9) already checks this immediately before calling *_uno_init.
usbnet(9) already checks this immediately before calling *_uno_init.
MAIN commitmail json YAML
usbnet: Delete the core lock from the API.
Init/stop and ioctl happen under IFNET_LOCK. Multicast updates only
happen after init and before stop. Core lock is no longer a relevant
part of the API. Internally, it serves essentially just to lock out
asynchronous mii activity during init/stop.
Init/stop and ioctl happen under IFNET_LOCK. Multicast updates only
happen after init and before stop. Core lock is no longer a relevant
part of the API. Internally, it serves essentially just to lock out
asynchronous mii activity during init/stop.
MAIN commitmail json YAML
urndis(4): Delete some crazy logic that I think is unnecessary.
XXX definitely need to test this one
XXX definitely need to test this one
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.186
/
diff
/
nxr@1.186
src/sys/dev/usb/if_axe.c@1.145 / diff / nxr@1.145
src/sys/dev/usb/if_axen.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_cue.c@1.102 / diff / nxr@1.102
src/sys/dev/usb/if_mue.c@1.77 / diff / nxr@1.77
src/sys/dev/usb/if_smsc.c@1.87 / diff / nxr@1.87
src/sys/dev/usb/if_udav.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_ure.c@1.52 / diff / nxr@1.52
src/sys/dev/usb/if_url.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_axe.c@1.145 / diff / nxr@1.145
src/sys/dev/usb/if_axen.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_cue.c@1.102 / diff / nxr@1.102
src/sys/dev/usb/if_mue.c@1.77 / diff / nxr@1.77
src/sys/dev/usb/if_smsc.c@1.87 / diff / nxr@1.87
src/sys/dev/usb/if_udav.c@1.92 / diff / nxr@1.92
src/sys/dev/usb/if_ure.c@1.52 / diff / nxr@1.52
src/sys/dev/usb/if_url.c@1.91 / diff / nxr@1.91
usbnet drivers: Omit needless usbnet core lock and assertions.
During attach, the caller has exclusive access to the usbnet until
usbnet_attach_ifp. At other times, register access is serialized
either by the usbnet multicast lock or by IFNET_LOCK.
During attach, the caller has exclusive access to the usbnet until
usbnet_attach_ifp. At other times, register access is serialized
either by the usbnet multicast lock or by IFNET_LOCK.
MAIN commitmail json YAML
usbnet: Make usbnet_mii_readreg/writereg/statchg private to usbnet.c.
No drivers need to use these.
No drivers need to use these.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.185
/
diff
/
nxr@1.185
src/sys/dev/usb/if_axe.c@1.144 / diff / nxr@1.144
src/sys/dev/usb/if_axen.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/if_mos.c@1.17 / diff / nxr@1.17
src/sys/dev/usb/if_mue.c@1.76 / diff / nxr@1.76
src/sys/dev/usb/if_smsc.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/if_udav.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_ure.c@1.51 / diff / nxr@1.51
src/sys/dev/usb/if_url.c@1.90 / diff / nxr@1.90
src/sys/dev/usb/if_axe.c@1.144 / diff / nxr@1.144
src/sys/dev/usb/if_axen.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/if_mos.c@1.17 / diff / nxr@1.17
src/sys/dev/usb/if_mue.c@1.76 / diff / nxr@1.76
src/sys/dev/usb/if_smsc.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/if_udav.c@1.91 / diff / nxr@1.91
src/sys/dev/usb/if_ure.c@1.51 / diff / nxr@1.51
src/sys/dev/usb/if_url.c@1.90 / diff / nxr@1.90
usbnet drivers: Avoid undefined behaviour if read reg fails.
Some callers don't check the error code, e.g. ~all the mii phy
drivers using PHY_READ. Just return zero if the device is gone or
the xfer fails for any other reason.
Some callers don't check the error code, e.g. ~all the mii phy
drivers using PHY_READ. Just return zero if the device is gone or
the xfer fails for any other reason.
MAIN commitmail json YAML
axen(4): Use axen mii read/write reg routines, not usbnet ones.
The usbnet wrappers don't add anything important. We already test
usbnet_isdying in axen_cmd, and that's already a best-effort thing
(which should probably be done better by having usbd_do_request fail
promptly if detaching anyway).
The usbnet wrappers don't add anything important. We already test
usbnet_isdying in axen_cmd, and that's already a best-effort thing
(which should probably be done better by having usbd_do_request fail
promptly if detaching anyway).
MAIN commitmail json YAML
src/sys/dev/usb/if_axen.c@1.86
/
diff
/
nxr@1.86
src/sys/dev/usb/if_mue.c@1.75 / diff / nxr@1.75
src/sys/dev/usb/if_smsc.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/if_mue.c@1.75 / diff / nxr@1.75
src/sys/dev/usb/if_smsc.c@1.85 / diff / nxr@1.85
usbnet drivers: Assert IFNET_LOCKED in if ioctl routines.
These only happen either during the transition up or down (init or
stop), or while that transition is excluded (ioctl).
This may be called from ioctl or from init, which both hold the ifnet
lock.
XXX smsc_setoe_locked should maybe trigger reinit because the rx loop
behaves differently depending on whether checksumming is enabled.
XXX mue_sethwcsum_locked needs to exclude mcast updates.
These only happen either during the transition up or down (init or
stop), or while that transition is excluded (ioctl).
This may be called from ioctl or from init, which both hold the ifnet
lock.
XXX smsc_setoe_locked should maybe trigger reinit because the rx loop
behaves differently depending on whether checksumming is enabled.
XXX mue_sethwcsum_locked needs to exclude mcast updates.
MAIN commitmail json YAML
udav(4): Stop asserting !usbnet_isdying.
This can change at any moment; no software lock can prevent the
device from being detached. Any test of it is necessarily
best-effort just to avoid wasting time later on waiting for requests
to fail or time out.
This can change at any moment; no software lock can prevent the
device from being detached. Any test of it is necessarily
best-effort just to avoid wasting time later on waiting for requests
to fail or time out.
MAIN commitmail json YAML
aue(4): Simplify. No functional change.
MAIN commitmail json YAML
aue(4): Enable rx/tx registers on init before usbnet_init_rx_tx.
This way, we still have exclusive access to the registers before
calls to aue_uno_mcast can start happening without the usbnet core
lock.
This way, we still have exclusive access to the registers before
calls to aue_uno_mcast can start happening without the usbnet core
lock.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.182
/
diff
/
nxr@1.182
src/sys/dev/usb/if_axe.c@1.143 / diff / nxr@1.143
src/sys/dev/usb/if_axen.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/if_cue.c@1.101 / diff / nxr@1.101
src/sys/dev/usb/if_kue.c@1.114 / diff / nxr@1.114
src/sys/dev/usb/if_mos.c@1.16 / diff / nxr@1.16
src/sys/dev/usb/if_mue.c@1.74 / diff / nxr@1.74
src/sys/dev/usb/if_smsc.c@1.84 / diff / nxr@1.84
src/sys/dev/usb/if_udav.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_ure.c@1.50 / diff / nxr@1.50
src/sys/dev/usb/if_url.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_axe.c@1.143 / diff / nxr@1.143
src/sys/dev/usb/if_axen.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/if_cue.c@1.101 / diff / nxr@1.101
src/sys/dev/usb/if_kue.c@1.114 / diff / nxr@1.114
src/sys/dev/usb/if_mos.c@1.16 / diff / nxr@1.16
src/sys/dev/usb/if_mue.c@1.74 / diff / nxr@1.74
src/sys/dev/usb/if_smsc.c@1.84 / diff / nxr@1.84
src/sys/dev/usb/if_udav.c@1.89 / diff / nxr@1.89
src/sys/dev/usb/if_ure.c@1.50 / diff / nxr@1.50
src/sys/dev/usb/if_url.c@1.89 / diff / nxr@1.89
usbnet drivers: Omit redundant multicast filter update on init.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.181
/
diff
/
nxr@1.181
src/sys/dev/usb/if_axe.c@1.142 / diff / nxr@1.142
src/sys/dev/usb/if_axen.c@1.84 / diff / nxr@1.84
src/sys/dev/usb/if_smsc.c@1.83 / diff / nxr@1.83
src/sys/dev/usb/if_udav.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/if_ure.c@1.49 / diff / nxr@1.49
src/sys/dev/usb/if_url.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/usbnet.c@1.82 / diff / nxr@1.82
src/sys/dev/usb/if_axe.c@1.142 / diff / nxr@1.142
src/sys/dev/usb/if_axen.c@1.84 / diff / nxr@1.84
src/sys/dev/usb/if_smsc.c@1.83 / diff / nxr@1.83
src/sys/dev/usb/if_udav.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/if_ure.c@1.49 / diff / nxr@1.49
src/sys/dev/usb/if_url.c@1.88 / diff / nxr@1.88
src/sys/dev/usb/usbnet.c@1.82 / diff / nxr@1.82
usbnet: Apply hardware multicast filter updates synchronously again.
To make this work:
1. Do it only under a new lock, unp_mcastlock. This lock lives at
IPL_SOFTCLOCK so it can be taken from network stack callouts. It
is forbidden to acquire the usbnet core lock under unp_mcastlock.
2. Do it only after usbnet_init_rx_tx and before usbnet_stop; if
issued at any other time, drop the update on the floor.
3. Make usbnet_init_rx_tx apply any pending multicast filter updates
under the lock before setting the flag that allows SIOCADDMULTI or
SIOCDELMULTI to apply the updates.
4. Remove core lock asserts from various drivers' register access
routines. This is necessary because the multicast filter updates
are done with register reads/writes, but _cannot_ take the core
lock when the caller holds softnet_lock.
This now programs the hardware multicast filter redundantly in many
drivers which already explicitly call *_uno_mcast from the *_uno_init
routines. This is probably harmless, but it will likely be better to
remove the explicit calls.
To make this work:
1. Do it only under a new lock, unp_mcastlock. This lock lives at
IPL_SOFTCLOCK so it can be taken from network stack callouts. It
is forbidden to acquire the usbnet core lock under unp_mcastlock.
2. Do it only after usbnet_init_rx_tx and before usbnet_stop; if
issued at any other time, drop the update on the floor.
3. Make usbnet_init_rx_tx apply any pending multicast filter updates
under the lock before setting the flag that allows SIOCADDMULTI or
SIOCDELMULTI to apply the updates.
4. Remove core lock asserts from various drivers' register access
routines. This is necessary because the multicast filter updates
are done with register reads/writes, but _cannot_ take the core
lock when the caller holds softnet_lock.
This now programs the hardware multicast filter redundantly in many
drivers which already explicitly call *_uno_mcast from the *_uno_init
routines. This is probably harmless, but it will likely be better to
remove the explicit calls.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.180
/
diff
/
nxr@1.180
src/sys/dev/usb/if_cue.c@1.100 / diff / nxr@1.100
src/sys/dev/usb/if_kue.c@1.113 / diff / nxr@1.113
src/sys/dev/usb/if_mue.c@1.73 / diff / nxr@1.73
src/sys/dev/usb/if_smsc.c@1.82 / diff / nxr@1.82
src/sys/dev/usb/if_udav.c@1.87 / diff / nxr@1.87
src/sys/dev/usb/if_cue.c@1.100 / diff / nxr@1.100
src/sys/dev/usb/if_kue.c@1.113 / diff / nxr@1.113
src/sys/dev/usb/if_mue.c@1.73 / diff / nxr@1.73
src/sys/dev/usb/if_smsc.c@1.82 / diff / nxr@1.82
src/sys/dev/usb/if_udav.c@1.87 / diff / nxr@1.87
usbnet drivers: Stop abusing ifp->if_flags & IFF_ALLMULTI.
This legacy flag is a figment of userland's imagination. The actual
kernel state is ec->ec_flags & ETHER_F_ALLMULTI, protected by the
ETHER_LOCK, so that multicast filter updates -- which run without
IFNET_LOCK -- need not attempt to write racily to ifp->if_flags.
This legacy flag is a figment of userland's imagination. The actual
kernel state is ec->ec_flags & ETHER_F_ALLMULTI, protected by the
ETHER_LOCK, so that multicast filter updates -- which run without
IFNET_LOCK -- need not attempt to write racily to ifp->if_flags.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.179
/
diff
/
nxr@1.179
src/sys/dev/usb/if_axe.c@1.141 / diff / nxr@1.141
src/sys/dev/usb/if_axen.c@1.83 / diff / nxr@1.83
src/sys/dev/usb/if_cue.c@1.99 / diff / nxr@1.99
src/sys/dev/usb/if_kue.c@1.112 / diff / nxr@1.112
src/sys/dev/usb/if_mos.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/if_mue.c@1.72 / diff / nxr@1.72
src/sys/dev/usb/if_smsc.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_udav.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/if_ure.c@1.48 / diff / nxr@1.48
src/sys/dev/usb/if_url.c@1.87 / diff / nxr@1.87
src/sys/dev/usb/if_axe.c@1.141 / diff / nxr@1.141
src/sys/dev/usb/if_axen.c@1.83 / diff / nxr@1.83
src/sys/dev/usb/if_cue.c@1.99 / diff / nxr@1.99
src/sys/dev/usb/if_kue.c@1.112 / diff / nxr@1.112
src/sys/dev/usb/if_mos.c@1.15 / diff / nxr@1.15
src/sys/dev/usb/if_mue.c@1.72 / diff / nxr@1.72
src/sys/dev/usb/if_smsc.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_udav.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/if_ure.c@1.48 / diff / nxr@1.48
src/sys/dev/usb/if_url.c@1.87 / diff / nxr@1.87
usbnet drivers: Omit needless uno_mcast locked subroutines.
uno_mcast is now called with the core lock already held so there is
no need for a separate locked subroutine.
uno_mcast is now called with the core lock already held so there is
no need for a separate locked subroutine.
MAIN commitmail json YAML
aue(4): Reduce aue_uno_mcast from aue_uno_init to aue_setiff_locked.
This operation only needs to update the hardware to reflect
SIOCADDMULTI/SIOCDELMULTI. Not clear that everything in aue(4) needs
to be reset -- in fact I'm pretty sure that's undesirable!
WARNING: I have not tested this with a real aue(4) device.
This operation only needs to update the hardware to reflect
SIOCADDMULTI/SIOCDELMULTI. Not clear that everything in aue(4) needs
to be reset -- in fact I'm pretty sure that's undesirable!
WARNING: I have not tested this with a real aue(4) device.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.177
/
diff
/
nxr@1.177
src/sys/dev/usb/if_axe.c@1.140 / diff / nxr@1.140
src/sys/dev/usb/if_axen.c@1.82 / diff / nxr@1.82
src/sys/dev/usb/if_cue.c@1.98 / diff / nxr@1.98
src/sys/dev/usb/if_kue.c@1.111 / diff / nxr@1.111
src/sys/dev/usb/if_mos.c@1.14 / diff / nxr@1.14
src/sys/dev/usb/if_mue.c@1.71 / diff / nxr@1.71
src/sys/dev/usb/if_smsc.c@1.80 / diff / nxr@1.80
src/sys/dev/usb/if_udav.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/if_ure.c@1.47 / diff / nxr@1.47
src/sys/dev/usb/if_url.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/usbnet.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_axe.c@1.140 / diff / nxr@1.140
src/sys/dev/usb/if_axen.c@1.82 / diff / nxr@1.82
src/sys/dev/usb/if_cue.c@1.98 / diff / nxr@1.98
src/sys/dev/usb/if_kue.c@1.111 / diff / nxr@1.111
src/sys/dev/usb/if_mos.c@1.14 / diff / nxr@1.14
src/sys/dev/usb/if_mue.c@1.71 / diff / nxr@1.71
src/sys/dev/usb/if_smsc.c@1.80 / diff / nxr@1.80
src/sys/dev/usb/if_udav.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/if_ure.c@1.47 / diff / nxr@1.47
src/sys/dev/usb/if_url.c@1.86 / diff / nxr@1.86
src/sys/dev/usb/usbnet.c@1.81 / diff / nxr@1.81
usbnet: Take the core lock around uno_mcast.
Every driver does this already. This will enable us to change the
lock that serializes access to the registers so we can go back to
doing this synchronously in SIOCADDMULTI/SIOCDELMULTI.
Every driver does this already. This will enable us to change the
lock that serializes access to the registers so we can go back to
doing this synchronously in SIOCADDMULTI/SIOCDELMULTI.
MAIN commitmail json YAML
src/sys/dev/usb/if_aue.c@1.176
/
diff
/
nxr@1.176
src/sys/dev/usb/if_axe.c@1.139 / diff / nxr@1.139
src/sys/dev/usb/if_axen.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_cue.c@1.97 / diff / nxr@1.97
src/sys/dev/usb/if_kue.c@1.110 / diff / nxr@1.110
src/sys/dev/usb/if_mos.c@1.13 / diff / nxr@1.13
src/sys/dev/usb/if_mue.c@1.70 / diff / nxr@1.70
src/sys/dev/usb/if_smsc.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/if_ure.c@1.46 / diff / nxr@1.46
src/sys/dev/usb/if_url.c@1.85 / diff / nxr@1.85
src/sys/dev/usb/if_axe.c@1.139 / diff / nxr@1.139
src/sys/dev/usb/if_axen.c@1.81 / diff / nxr@1.81
src/sys/dev/usb/if_cue.c@1.97 / diff / nxr@1.97
src/sys/dev/usb/if_kue.c@1.110 / diff / nxr@1.110
src/sys/dev/usb/if_mos.c@1.13 / diff / nxr@1.13
src/sys/dev/usb/if_mue.c@1.70 / diff / nxr@1.70
src/sys/dev/usb/if_smsc.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/if_ure.c@1.46 / diff / nxr@1.46
src/sys/dev/usb/if_url.c@1.85 / diff / nxr@1.85
usbnet drivers: Omit needless uno_init locked subroutines.
uno_init is now called with the core lock already held so there is no
need for a separate locked subroutine.
uno_init is now called with the core lock already held so there is no
need for a separate locked subroutine.
MAIN commitmail json YAML
usbnet: No need for the core lock in usbnet_ifflags_cb.
The only state this touches is unp_if_flags, and all paths touching
it also hold IFNET_LOCK -- not to mention this is the only path that
touches unp_if_flags in the first place!
The only state this touches is unp_if_flags, and all paths touching
it also hold IFNET_LOCK -- not to mention this is the only path that
touches unp_if_flags in the first place!
MAIN commitmail json YAML
src/sys/dev/usb/if_axe.c@1.138
/
diff
/
nxr@1.138
src/sys/dev/usb/if_cdce.c@1.74 / diff / nxr@1.74
src/sys/dev/usb/usbnet.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/usbnet.h@1.26 / diff / nxr@1.26
src/sys/dev/usb/if_cdce.c@1.74 / diff / nxr@1.74
src/sys/dev/usb/usbnet.c@1.79 / diff / nxr@1.79
src/sys/dev/usb/usbnet.h@1.26 / diff / nxr@1.26
usbnet: Make the tx/rx locks private to usbnet.c.
Suffice it for the drivers to know that uno_tx_prepare and
uno_rx_loop have exclusive access to the chain, and, for tx,
exclusive access to the mbuf.
Suffice it for the drivers to know that uno_tx_prepare and
uno_rx_loop have exclusive access to the chain, and, for tx,
exclusive access to the mbuf.