uhidev(9): Refactor error branch to use one label.

No functional change intended.

(riastradh)

uhidev(9): Make some private functions static and fix comment.

No functional change.

(riastradh)

uhidev(9): Make uhidev_stop work reliably.

(riastradh)

ucycom(4): Defer uhidev_write_async to taskq.

Can't submit USB transfers while holding tty_lock, a spin lock.

(riastradh)

uhidev(9): Move struct uhidev_softc into uhidev.c.

No longer part of any ABI for uhidev modules.

(riastradh)

uhidev(9): Get the device and interface through attach args.

This way uhidev drivers don't need access to uhidev_softc itself for
it.

(riastradh)

uhidev(9): New uhidev_write_async.

Like uhidev_write but issues the transfer asynchronously with a
callback.

Use it in ucycom(4).

Also, clear endpoint stalls asynchronously -- can't do them
synchronously in xfer callbacks which run at softint and therefore
can't wait in cv_wait as usbd_do_request does.

(riastradh)

uhidev(9): Partially fix uhidev_write aborting.

In my previous change, I intended to make uhidev_stop abort any
pending write -- but I forgot to initialize sc->sc_writereportid, so
it never did anything.

This changes the API and ABI of uhidev_write so it takes the struct
uhidev pointer, rather than the struct uhidev_softc pointer; this way
uhidev_write knows what the report id of the client is, so it can
arrange to have uhidev_stop abort only this one.

XXX Except it still doesn't actually work because we do this
unlocked, ugh, so the write might complete before we abort anything.
To be fixed some more in a later change.

XXX kernel ABI change to uhidev_write signature, used by uhidev
driver modules, requires bump

(riastradh)

uhid(4): Use d_cfdriver/devtounit/cancel to avoid open/detach races.

- Split uhidclose into separate uhidcancel and uhidclose parts.
  uhidcancel interrupts pending I/O operations (open, read, write,
  ioctl, &c.); uhidclose doesn't run until all I/O operations are
  done.

- Handle case where, owing to revoke(2), uhidcancel/uhidclose run
  concurrently with a uhidopen that hasn't yet noticed that there
  isn't actually a device.

- Handle case where, owing to revoke(2), uhidread might be cancelled
  by mere revoke, not by detach, so it has to wake up when the device
  is closing, not (just) when dying (but dying will lead to closing
  so no need to check for dying).

- Omit needless reference-counting goo.  vdevgone takes care of this
  for us by cancelling all I/O operations with uhidcancel, waiting
  for I/O operations to drain, closing the device, and waiting until
  it is closed if that is already happening concurrently.

- Name the closed/changing/open states rather than using 0/1/2.

- Omit needless sc_dying.

(riastradh)

ucom(4): Rework open/close/attach/detach logic.

- Defer sleep after hangup until open.

  No need to make close hang; we just need to make sure some time has
  passed before we next try to open.

  This changes the wchan for the sleep.  Oh well.

- Use .d_cfdriver/devtounit/cancel to resolve races between attach,
  detach, open, close, and revoke.

- Use a separate .sc_closing flag instead of a UCOM_CLOSING state.
  ucomcancel/ucomclose owns this flag, and it may be set in any state
  (except UCOM_DEAD).  UCOM_OPENING remains owned by ucomopen, which
  might be interrupted by cancel/close.

- Rework error branches in ucomopen.  Much simpler this way.

- Nix unnecessary reference counting.

(riastradh)

subr_devsw.c: KNF and style nits.

No functional change intended.

(riastradh)

audio(4): Use d_cfdriver/devtounit to avoid open/detach races.

(riastradh)

sd(4): Use d_cfdriver/devtounit to avoid open/detach races.

(riastradh)

wd(4): Use d_cfdriver/devtounit to avoid open/detach races.

(riastradh)

tty(9): New ttycancel function.

This causes any current and future ttyopens to fail until ttyclose.

This is necessary for revoke to work reliably for device detach like
ucom(4) removable USB devices.  A tty driver for a removable device
needs some way to interrupt a pending .d_open so it returns promptly.
But ttyclose only interrupts ttyopen if it's already sleeping; it
won't cause a concurrent .d_open call which _will call_ but _hasn't
yet called_ ttyopen to avoid sleeping.  Using ttycancel in the tty
driver's .d_cancel makes this work.

(riastradh)

driver(9): New types dev_*_t for device driver devsw operations.

These will serve to replace the archaic and kludgey dev_type_* macros
which should've been typedefs all along.

(riastradh)

driver(9): New devsw d_cancel op to interrupt I/O before close.

If specified, when revoking a device node or closing its last open
node, specfs will:

1. Call d_cancel, which should return promptly without blocking.
2. Wait for all concurrent d_read/write/ioctl/&c. to drain.
3. Call d_close.

Otherwise, specfs will:

1. Call d_close.
2. Wait for all concurrent d_read/write/ioctl/&c. to drain.

This fallback is problematic because often parts of d_close rely on
concurrent devsw operations to have completed already, so it is up to
each driver to have its own mechanism for waiting, and the extra step
in (2) is almost redundant.  But it is still important to ensure that
devsw operations are not active by the time a module tries to invoke
devsw_detach, because only d_open is protected against that.

The signature of d_cancel matches d_close, mostly so we don't raise
questions about `why is this different?'; the lwp argument is not
useful but we should remove it from open/cancel/close all at the same
time.

The only way d_cancel should fail, if it does at all, is with ENODEV,
meaning the driver doesn't support cancelling outstanding I/O, and
will take responsibility for that in d_close.  I would make it return
void and only have bdev_cancel and cdev_cancel possibly return ENODEV
so specfs can detect whether a driver supports it, but this would
break the pattern around devsw operation types.

Drivers are allowed to omit it from struct bdevsw, struct cdevsw --
if so, it is as if they used a function that just returns ENODEV.

XXX kernel ABI change to struct bdevsw/cdevsw requires bump

(riastradh)

sys: Split struct device into a private device_impl.h.

Include this only inside autoconf itself, and a few files that abuse
autoconf in ways I can't confidently make easy fixes for.

XXX kernel ABI change requires bump -- no more use of struct device
internals allowed, previously done by some drivers

(riastradh)

driver(9): Make vdevgone call config_detach_commit if appropriate.

Make sure to do this before spec_node_lookup_by_dev -- that might wait
for a concurrent revoke to complete, which in turn might wait for a
concurrent open to complete, which in turn might be waiting for the
device to commit to detaching.

(riastradh)

autoconf(9): Disentangle slightly circuitous config_detach logic.

No functional change intended.

(riastradh)

autoconf(9): New function config_detach_commit.

When a driver's .ca_detach function has committed to detaching -- it
definitely won't back out with EBUSY, for instance -- it can call
this to wake all pending calls to device_lookup_acquire and make them
fail immediately.

This is necessary to break a deadlock if the device_lookup_acquire
calls happen inside I/O operations which the driver's .ca_detach
function waits for the completion of -- without config_detach_commit,
I/O operations would be stuck in device_lookup_acquire waiting for
.ca_detach and .ca_detach would be stuck waiting for I/O operations
to return.

Most drivers won't need to call this: for autoconf drivers used the
traditional way by devsw for userland device nodes, the .ca_detach
routine uses vdevgone, and we will arrange to make vdevgone call
config_detach_commit automagically in such drivers anyway.

XXX kernel ABI change to struct device requires bump -- later change
will make struct device opaque to ABI, but we're not there yet

(riastradh)

specfs: Reorder struct specnode members to save padding.

Shrinks from 40 bytes to 32 bytes on LP64 systems this way.

(riastradh)

specfs: Remove specnode from hash table in spec_node_revoke.

Previously, it was possible for spec_node_lookup_by_dev to handle a
speconde that a concurrent spec_node_destroy is about to remove from
the hash table and then free, as soon as spec_node_lookup_by_dev
releases device_lock.

Now, the ordering is:

1. Remove specnode from hash table in spec_node_revoke.  At this
  point, no _new_ vnode references are possible (other than possibly
  one acquired by vcache_vget under v_interlock), but there may be
  existing ones.

2. Mark vnode reclaimed so vcache_vget will fail.

3. The last vrele (or equivalent logic in vcache_vget) will then free
  the specnode in spec_node_destroy.

This way, _if_ a thread in spec_node_lookup_by_dev finds a specnode
in the hash table under device_lock/v_interlock, _then_ it will not
be freed until the thread completes vcache_vget.

This change requires calling spec_node_revoke unconditionally for
device special nodes, not just for active ones.  Might introduce
slightly more contention on device_lock but not much because we
already have to take it in this path anyway a little later in
spec_node_destroy.

(riastradh)

specfs: Let spec_node_lookup_by_dev wait for reclaim to finish.

vdevgone relies on this to ensure that if there is a concurrent
revoke in progress, it will wait for that revoke to finish -- that
way, it can guarantee all I/O operations have completed and the
device is closed.

(riastradh)

specfs: Assert opencnt is nonzero before decrementing.

(riastradh)

specfs: Take an I/O reference across bdev/cdev_open.

- Revoke is used to invalidate all prior access control checks when
  device permissions are changing, so it must wait for .d_open to exit
  so any new access must go through new access control checks.

- Revoke is used by vdevgone in xyz_detach to wait until all use of
  the driver's data structures have completed before xyz_detach frees
  them.

So we need to make sure spec_close waits for .d_open too.

(riastradh)

specfs: Wait for last close in spec_node_revoke.

Otherwise, revoke -- and vdevgone, in the detach path of removable
devices -- may complete while I/O operations are still running
concurrently.

(riastradh)

specfs: Prevent new opens while close is waiting to drain.

Otherwise, bdev/cdev_close could have cancelled all _existing_ opens,
and waited for them to complete (and freed resources used by them) --
but a new one could start, and hang (e.g., a tty), at the same time
spec_close tries to drain all pending I/O operations, one of which
(the new open) is now hanging indefinitely.

Preventing the new open from even starting until bdev/cdev_close is
finished and all I/O operations have drained avoids this deadlock.

(riastradh)

specfs: Take an I/O reference in spec_node_setmountedfs.

This is not quite correct.  We _should_ require the caller to hold a
vnode lock around spec_node_getmountedfs, and an exclusive vnode lock
around spec_node_setmountedfs, so that it is only necessary to check
whether revoke has already happened, not hold an I/O reference.

Unfortunately, various callers in various file systems don't follow
this sensible rule.  So let's at least make sure the vnode can't be
revoked in spec_node_setmountedfs, while we're in bdev_ioctl, and
leave a comment explaining what the sorry state of affairs is and how
to fix it later.

(riastradh)

specfs: Drain all I/O operations after last .d_close call.

New kind of I/O reference on specdevs, sd_iocnt.  This could be done
with psref instead; I chose a reference count instead for now because
we already have to take a per-object lock anyway, v_interlock, for
vdead_check, so another atomic is not likely to hurt much more.  We
can always change the mechanism inside spec_io_enter/exit/drain later
on.

Make sure every access to vp->v_rdev or vp->v_specnode and every call
to a devsw operation is protected either:

- by the vnode lock (with vdead_check if we unlocked/relocked),
- by positive sd_opencnt,
- by spec_io_enter/exit, or
- by sd_opencnt management in open/close.

(riastradh)

specfs: Resolve a race between close and a failing reopen.

(riastradh)

specfs: Document sn_opencnt, sd_opencnt, sd_refcnt.

(riastradh)

specfs: Paranoia: Assert opencnt is zero on reclaim.

(riastradh)

specfs: Omit needless vdead_check in spec_fdiscard.

The vnode lock is held, so the vnode cannot be revoked without also
changing v_op so subsequent uses under the vnode lock will go to
deadfs's VOP_FDISCARD instead (which is genfs_eopnotsupp).

(riastradh)

specfs: Add a comment and assertion to spec_close about refcnts.

(riastradh)

specfs: If sd_opencnt is zero, sn_opencnt had better be zero.

(riastradh)

specfs: Factor KASSERT out of switch in spec_open.

No functional change.

(riastradh)

specfs: sn_gone cannot be set while we hold the vnode lock.

Revoke runs with the vnode lock too, which is exclusive.  Add an
assertion to this effect in spec_node_revoke to make it clear.

(riastradh)

specfs: Reorganize D_DISK tail of spec_open and explain what's up.

No functional change intended.

(riastradh)

specfs: Factor VOP_UNLOCK/vn_lock out of switch for clarity.

No functional change.

(riastradh)

specfs: Factor common device_lock out of switch for clarity.

No functional change.

(riastradh)

specfs: Delete bogus comment about .d_open/.d_close at same time.

Annoying as it is that .d_open and .d_close can run at the same time,
it is also necessary for tty semantics, where open can block
indefinitely, and it is the responsibility of close (called via
revoke) necessary to interrupt it.

(riastradh)

specfs: Split spec_open switch into three sections.

The sections are now:

1. Acquire open reference.

1a (intermezzo). Set VV_ISTTY.

2. Drop the vnode lock to call .d_open and autoload modules if
  necessary.

3. Handle concurrent revoke if it happenend, or release open reference
  if .d_open failed.

No functional change.  Sprinkle comments about problems.

(riastradh)

specfs: Factor common kauth check out of switch in spec_open.

No functional change.

(riastradh)

specfs: Assert v_type is VBLK or VCHR in spec_open.

Nothing else makes sense.  Prune dead branches (and replace default
case by panic).

(riastradh)

specfs: Call bdev_open without the vnode lock.

There is no need for it to serialize opens, because they are already
serialized by sd_opencnt which for block devices is always either 0
or 1.

There's not obviously any other reason why the vnode lock should be
held across bdev_open, other than that it might be nice to avoid
dropping it if not necessary.  For character devices we always have
to drop the vnode lock because open might hang indefinitely, when
opening a tty, which is not allowed while holding the vnode lock.

(riastradh)

specfs: Note lock order for vnode lock, device_lock, v_interlock.

(riastradh)

driver(9): Eliminate D_MCLOSE.

D_MCLOSE was introduced a few years ago by mistake for audio(4),
which should have used -- and now does use -- fd_clone to create
per-open state.  The semantics was originally to call close once
every time the device node is closed, not only for the last close.
Nothing uses it any more, and it complicates reasoning about the
system, so let's simplify it away.

(riastradh)

driver(9): New function dev_minor_unit.

(riastradh)

disk(9): New function disklabel_dev_unit.

Maps a dev_t like wd3e to an autoconf instance number like 3, with no
partition.  Same as DISKUNIT macro, but is a symbol whose pointer can
be taken.  Meant for use with struct bdevsw, cdevsw::d_devtounit.

(riastradh)

driver(9): New devsw members d_cfdriver, d_devtounit.

If set, then bdev_open/cdev_open will use d_devtounit to map the
dev_t to an autoconf instance (e.g., /dev/wd0a -> wd0) and hold a
reference with device_lookup_acquire across the call to d_open.

This guarantees that the autoconf instance cannot be detached while
the devsw's d_open function is trying to open it (and also that the
autoconf instance has finished *_attach before anyone can open it).

Of course, if the underlying hardware has gone away, there will be
I/O errors, but this avoids software synchronization bugs between
open and detach for drivers that opt into it.  It's up to the driver
and bus to figure out how to deal with I/O errors from operations on
hardware that has gone away while the software hasn't finished
notifying everything that it's gone yet.

XXX kernel ABI change to struct bdevsw/cdevsw requires bump

(riastradh)

autoconf(9): New localcount-based device instance references.

device_lookup_acquire looks up an autoconf device instance, if found,
and acquires a reference the caller must release with device_release.
If attach or detach is still in progress, device_lookup_acquire waits
until it completes.  While references are held, the device's softc
will not be freed or reused until the last reference is released.

The reference is meant to be held while opening a device in the short
term, and then to be passed off to a longer-term reference that can
be broken explicitly by detach -- usually a device special vnode,
which is broken by vdevgone in the driver's *_detach function.

Sleeping while holding a reference is allowed, e.g. waiting to open a
tty.  A driver must arrange that its *_detach function will interrupt
any threads sleeping while holding references and cause them to back
out so that detach can complete promptly.

Subsequent changes to subr_devsw.c will make bdev_open and cdev_open
automatically take a reference to an autoconf instance for drivers
that opt into this, so there will be no logic changes needed in most
drivers other than to connect the autoconf cfdriver to the
bdevsw/cdevsw I/O operation tables.  The effect will be that *_detach
may run while d_open is in progress, but no new d_open can begin
until *_detach has backed out from or committed to detaching.

XXX kernel ABI change to struct device requires bump -- later change
will make struct device opaque to ABI, but we're not there yet

(riastradh)

driver(9): Fix synchronization of devsw_attach/lookup/detach.

(`dev' means either `bdev' or `cdev' for brevity here, e.g. in
`devsw_lookup' (bdevsw_lookup, cdevsw_lookup), `dev_open' (bdev_open,
cdev_open), `maxdevsws', &c., except for `devsw_attach' and
`devsw_detach' which are taken literally.)

- Use atomic_store_release and atomic_load_consume for devsw and
  tables and their entries, which are read unlocked and thus require
  memory barriers to ensure ordering between initialization in
  devsw_attach and use in dev_lookup.

- Use pserialize(9) and localcount(9) to synchronize dev_open and
  devsw_detach.

  => Driver must ensure d_open fails and all open instances have been
    closed by the time it calls devsw_detach.

  => Bonus: dev_open is no longer globally serialized through
    device_lock.

- Use atomic_store_release and atomic_load_acquire for max_devsws,
  which is used in conditionals in the new devsw_lookup_acquire.

  => It is safe to use atomic_load_relaxed in devsw_lookup because
    the caller must guarantee the entry is stable, so any increase
    of max_devsws must have already happened.

  => devsw_lookup and devsw_lookup_acquire assume that max_devsws
    never goes down.  If you change this you must find some way to
    adapt the users, preferably without adding much overhead so that
    devsw operations are cheap.

This change introduces an auxiliary table devswref mapping device
majors to localcounts of opens in progress.  The auxiliary table only
occupies one pointer's worth of memory in a monolithic kernel, and is
allocated on the fly for dynamically loaded modules.  We could ask
the module itself to reserve storage for it, but I don't see much
value in that, and it would require some changes to the ABI and to
config(8).

- Omit needless boolean indirection.

(riastradh)

driver(9): devsw_detach never fails.  Make it return void.

Prune a whole lotta dead branches as a result of this.  (Some logic
calling this is also wrong for other reasons; devsw_detach is final
-- you should never have any reason to decide to roll it back.  To be
cleaned up in subsequent commits...)

XXX kernel ABI change to devsw_detach signature requires bump

(riastradh)

Add helper to detach genfb console.

(mlelstv)

Check INITED state by default for all ioctls but VNDIOCSET. Avoids crashes
with disk_ioctls on default unit, which is not INITED.
Fixes PR 56700.

(mlelstv)

Fix sanity check for zero sized buffer.

(mlelstv)

Media size is in bytes (off_t), not sectors.

(mlelstv)

Make mmap() with "len == 0" an error if not MAP_ANON.  We should return
an error for MAP_ANON too but unfortunately our /libexec/ld.elf_so
sometimes creates an empty anon mapping for the bss of a shared library.

At least FreeBSD and Solaris return this error too and according to POSIX
"If len is zero, mmap() shall fail and no mapping shall be established".

Fixes PR pkg/56338 Installing qt5-qtdeclarative leaves a dangling reference

The dangling reference here originates from vn_mmap() taking a vnode
reference for this empty mapping that will never be released.

(hannken)

make: fix spacing, and a typo in a test

(rillig)

dedup the eofs link/symlink methods

(christos)

Describe the hardlink restrictions.

(christos)

Implement restrictions for adding hard links to files

(christos)

add a kauth vnode check for adding links

(christos)

add a kauth vnode check for creating links

(christos)

Expose groupmember as kauth_cred_groupmember and use it.

(christos)

Widen kauth_action_t so we can add KAUTH_VNODE_ADD_LINK; welcome to 9.99.96.

(christos)

popen.3: revert s/null-/nul-/ change, this is subject to debate

(gutteridge)

mips/cavium: Simplify membars around interrupt establishment.

Previously I used xc_barrier to ensure the initialization of the
struct octeon_intrhand was witnessed on all CPUs before publishing
it, in order to avoid needing any barrier on the usage side to be
issued by the interrupt handler.

But there's no need to avoid atomic_load_consume at time of
interrupt: on MIPS it's the same as atomic_load_relaxed anyway, so
there's no additional memory barrier cost here.

(riastradh)

igpio(4): Use device_xname, not struct device members.

(riastradh)

igpio(4): Nix trailing whitespace.

(setq show-trailing-whitespace t), M-x delete-trailing-whitespace

(riastradh)

s/logial/logical/

(andvar)

grow (for llvm)

(christos)

grow

(christos)

Add sparc* to the list of architectures that need an explicit address
with PT_CONTINUE in this test.

(martin)

__makenew: use calloc to get zeroed memory for window contents.

PR lib/56767.

(uwe)

Mention 'make -r' with .POSIX

(sjg)

make: avoid trailing whitespace in debug log for variables

Since trailing whitespace is invisible, describe the variable value in
words to make it visible.

(rillig)

make: add space after colon in debug logging for variables

These log messages are intended for human interpretation, so don't make
them unnecessarily hard to read.

(rillig)

make: prefer 'long long' over 'long' on 32-bit C99 platforms

When sorting the words of an expression numerically using the modifier
':On' (added on 2021-07-30), use 64-bit numbers even on 32-bit
platforms.  A typical use case is comparing file sizes.

When tracing the execution of jobs, fix an integer overflow after 2038.
32-bit platforms that use a pre-C99 compiler still have this problem.

No change to the test suite since most tests simply skip any potential
differences between 32-bit platforms and 64-bit platforms (see
varmod-order-numeric.mk) or already account for both variants (see
varmod-localtime.mk).

(rillig)

When reading CIS tuples from a BAR, do not blindly copy 2k of data (or
to the end of the BAR space), but instead follow the tuples and stop
reading once we reach the end of the list.
I have a card

bwi0 at cardbus0 function 0: Broadcom Wireless
bwi0: BBP id 0x4306, BBP rev 0x2, BBP pkg 0

where the BAR claims 8k space but seems to only implement 6k (but that
is impossible to report as the spec only allows 2^n sizes) and the CIS
starts at a bit over 4k (so the old code tried reading beyound the 6k
limit and caused pci bus errors).

An alternative would be to avoid reporting bus errors during this access,
but since we are only interested in the CIS chain anyway (and that ends
way earlier) this is a simpler solution.

(martin)

make: clean up comments

(rillig)

make: fix crash on .undef of an environment variable (since 2020-10-06)

(rillig)

Add terminology comments.

(isaki)

Improve comments.

(isaki)

Remove a dead code in audio_track_record().

(isaki)

Clarify the assertion in audio_rmixer_process().
By previous commit (r1.116), the assersion no longer fires even without
this modification.  But the condition was a bit inaccurate.
There is no need to check the data length must be aligned to blocks here
(though it also should be aligned now).  What we should check here is that
the tail must be aligned.

(isaki)

Fix conditions that audio_read() calls audio_track_record().
audio_track_record() must be called when usrbuf has at least one free block.

I hope that this will fix the panic reported in PR kern/56644.
When an user process specifies the hardware format as its recording format
(i.e., there is no track conversions), if the user process read(2) a small
amount of data and the rmixer_process then runs, depending on the conditions,
the panic may happen.  I have never reproduced it because it's difficult to
do intentionally.

Thanks Y.Sugahara and riastradh@ for help and comments.

(isaki)

dwhdmi: properly initialize connector atomic helper funcs (PR port-evbarm/56766)

(tnn)

tests/make: test .undef for exported global variables

(rillig)

tests/make: suppress -DCLEANUP output in test deptgt-phony

(rillig)

evbarm: Enable USERCONF option

(jmcneill)

fdt: add support for USERCONF option

(jmcneill)

efiboot: Add support for 'userconf' command.

Add support for the 'userconf' command at the boot prompt and in boot.cfg,
and for FDT based booting, pass the commands as a string list property
named "netbsd,userconf" on the /chosen node.

(jmcneill)

Include posix.mk when .POSIX: first encountered

Since .POSIX: is required to be the first non-comment line
in a Makefile, including ${MAKE_POSIX_MK} or whatever _PATH_POSIX_MK is
set to at this point is equivalent to an extension of sys.mk

This is a minimal change that can allow a better approximation of
POSIX compliance

Reviewed by: rillig

(sjg)

localtime.c: fix theoretical syntax error

If NetBSD were built with -DHAVE_MALLOC_ERRNO=0, the previous code would
have resulted in a compile error due to the extra '}'.  Fix this by
copying the upstream code.

No binary change.

(rillig)

localtime.c: reduce unnecessary diff to upstream

No binary change.

(rillig)

localtime.c: take indentation style from upstream

This reduces the diff to upstream.

No binary change.

(rillig)

localtime.c: add back storage class 'register'

This reduces the differences to the upstream code.

No binary change.

(rillig)

pcdisplay_getwschar: on error return error code, not -1.

This value ends up being returned from vga_ioctl to sys_ioctl which
expects an errno and spams kernel log otherwise.

Ditto for pcdisplay_putwschar.

(uwe)

Prevent memory corruption from wg_send_handshake_msg_init() on
LP64 machines with "MSIZE == 256", sparc64 for example.

wg_send_handshake_msg_init() tries to put 148 bytes into a buffer
of 144 bytes and overwrites 4 bytes following the mbuf.  Check
for "sizeof() > MHLEN" and use a cluster in this case.

With help from Taylor R Campbell <riastradh@>

(hannken)

It is impossible for VOP_LOCK() to return ENOENT with LK_RETRY flag.
Remove the second call to VOP_LOCK().

Enable assertion "vrefcnt(vp) > 0" and assert all possible errors
for all LK_RETRY/LK_NOWAIT combinations.

(hannken)

As VV_LOCKSWORK is gone remove LOCKSWORK from VNODE_FLAGBITS string.
Also convert illegal octal number 18 to 20.

(hannken)

igpio(4): fix date

(wiz)

add more igpio man pages (cat4, html4)

(wiz)

put back the 2022a changes and fix the misplaced brace.

(christos)

Add man page for Intel GPIO igpio.4

(manu)

Add documentatiion for Intel GPIO driver igpio(4)

(manu)

vfs(9): Add missing vnode lock around VOP_CLOSE in vfs_mountroot.

Maybe vnode_if.c should be taught to KASSERT the vnode lock now that
locks always work.

(riastradh)

entropy(9): Call entropy_softintr while bound to CPU.

It looks like We tripped on the new assertion in entropy_account_cpu
when there was pending entropy on cpu0 running lwp0 when xc_broadcast
ran -- since xc_broadcast calls the function directly rather than
calling it through softint_schedule, it's not called via the softint
lwp which would satisfy the assertion.

(riastradh)

s/interger/integer/ and s/Compensatin/Compensation/ in comments.

(andvar)

zlib: Fix a bug that can crash deflate on some input when using Z_FIXED.

https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531

This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.

The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space.

(wiz)

ixl(4): Added Intel V710 for 5000BaseT support

(yamaguchi)

regen

(yamaguchi)

Added Intel V710 for 5000BaseT

(yamaguchi)

Change description about Intel X710 10GBaseT device

(yamaguchi)

s/interupt/interrupt/ in comments.
also add missing RCS ID in bcm53xx_reg.h and fix one more typo in there.

(andvar)

vioif(4): adopt ether_set_ifflags_cb

(yamaguchi)

vioif(4): register MAC address to a device

(yamaguchi)

vioif(4): fix missing error handling

(yamaguchi)

vioif(4): do not schedule packet processing while stopping the device

(yamaguchi)

Add initial support for Intel GPIO chips

(manu)

popen.3: minor spelling, grammar, style, and xref tweaks

(gutteridge)

fork.2: add _exit(2) xref and spell "ID" consistently

(gutteridge)

mips/cavium: Fix membars around establishing interrupt handlers.

(riastradh)

viornd(4): Process host entropy in softint context.

Samples added to the entropy pool in hard interrupt context are only
buffered, never processed directly, and if they fill the buffer, the
sample is dropped -- this serves to encourage taking timing samples
in hard interrupt context because it's cheap, and we have no idea how
many samples we really need for full entropy so it's safer to err on
the side of `as many as we can get'.

But for viornd(4), we assume the host has full entropy so we only
need a single 32-byte sample, and we want to avoid dropping it so we
get full entropy ASAP.  Entering the sample in a soft interrupt
rather than hard interrupt achieves this.

(riastradh)

entropy(9): Include <sys/lwp.h> and <sys/proc.h> explicitly.

Now that we use curlwp, struct lwp::l_pflag, and LP_BOUND, let's not
rely on side-loads from other .h files.

(riastradh)

entropy(9): Bind to CPU temporarily to avoid race with lwp migration.

More fallout from the IPL_VM->IPL_SOFTSERIAL change.

In entropy_enter, there is a window when the lwp can be migrated to
another CPU:

ec = entropy_cpu_get();
...
pending = ec->ec_pending + ...;
...
entropy_cpu_put();

/* lwp migration possible here */

if (pending)
entropy_account_cpu(ec);

If this happens, we may trip over any of several problems in
entropy_account_cpu because it assumes ec is the current CPU's state
in order to decide whether we have anything to contribute from the
local pool to the global pool.

No need to do this in entropy_softintr because softints are bound to
the CPU anyway.

(riastradh)

allow com at dino to actually attach

(macallan)

revert changes from 2022a for now until I figure out what's wrong.

(christos)

fix few typos for word "previous(ly)" in comments.

(andvar)

fix few typos in comments, mainly s/paramenters/parameters/.

(andvar)

make: clean up comments and code for setting debug flags

No binary change.

(rillig)

fix typos in comments.

(andvar)

bump MSGBUFSIZE

(macallan)

new tzcode

(christos)

welcome to tzcode-2022a

  Changes to code

    Fix bug when mktime gets confused by truncated TZif files with
    unspecified local time.  (Problem reported by Almaz Mingaleev.)

    Fix bug when 32-bit time_t code reads malformed 64-bit TZif data.
    (Problem reported by Christos Zoulas.)

    When reading a version 2 or later TZif file, the TZif reader now
    validates the version 1 header and data block only enough to skip
    over them, as recommended by RFC 8536 section 4.  Also, the TZif
    reader no longer mistakenly attempts to parse a version 1 TZIf
    file header as a TZ string.

    zdump -v now outputs "(localtime failed)" and "(gmtime failed)"
    when local time and UT cannot be determined for a timestamp.

(christos)

autoconf(9): Enter more timing samples into entropy pool.

Previously, we sampled the time of each _failed_ config_search.  I'm
not sure why -- there was no explanation in the comment or the commit
message introducing this in rev. 1.230.2.1 on tls-earlyentropy.

With this change, we sample the time of _every_ search including the
successful ones -- and also measure the time to attach which often
includes things like probing device registers, triggering device
reset and waiting for it to post, &c.

(riastradh)

hdaudio: Obsolete HDAUDIO_ENABLE_DISPLAYPORT and HDAUDIO_ENABLE_HDMI

Enable display port and HDMI devices by default rather than making this
a compile time option.

(jmcneill)

hdaudio: pci: PCIe config space fixes and Intel PCH snoop support

The HD audio specification does not cover PCI config space, and this
driver was unconditionally writing to a vendor specific register. Reduce
scope of config space accesses based on PCI IDs.

With this cleaned up, add support for Intel PCH devices which require
some additional vendor specific configuration to bypass no snoop mode.

(jmcneill)

entropy(9): Make rnd_lock_sources work while cold.

x86 uses entropy_extract verrrrrry early.  Fixes mistake in previous
that did not manifest in my testing on aarch64, which does not use it
so early.

(riastradh)

s/Multilik/Multilink/

(andvar)

s/circut/circuit/ and s/circiut/circuit/ in comments and acronyms file.

(andvar)

s/initialiase/initialise/ in comments.

(andvar)

fix typos in debug/panic messages: isued->issued, initialiased->initialised.

(andvar)

Updated to tzdata2022agtz which is a 2022a fork with backzone zones
moved back into the main data repo (restoring old data)

(kre)

Merge tzdata2022agtz

(kre)

entropy(9): Improve entropy warning messages and documentation.

- For the main warning message, use less jargon, say `security', and
  cite the entropy(7) man page for further reading.  Document this in
  rnd(4) and entropy(7).

- For the debug-only warning message, say `entropy' only once and omit
  it from the rnd(4) man page -- it's not very important unless you're
  debugging the kernel in which case you probably know what you're
  doing enough to not need the text explained in the man page.

(riastradh)

Note tzdata 2022a (using tzdata2022agtz upstream fork)

(kre)