openbsd
9 years agolocal user can cause smtpd to fail by sending invalid imsg to control sock
gilles [Thu, 11 Jun 2015 19:27:16 +0000 (19:27 +0000)]
local user can cause smtpd to fail by sending invalid imsg to control sock

9 years agoThe correct semantic is to check msgbuf_write() for <= 0, not just < 0.
reyk [Thu, 11 Jun 2015 19:25:53 +0000 (19:25 +0000)]
The correct semantic is to check msgbuf_write() for <= 0, not just < 0.
Fix one occurence in imsg_flush() and clarify it the man page.

Discussed with at least blambert@ jsg@ yasuoka@.

OK gilles@

9 years agoUse "compliant" header guards by avoiding the reserved '_' namespace.
reyk [Thu, 11 Jun 2015 18:49:09 +0000 (18:49 +0000)]
Use "compliant" header guards by avoiding the reserved '_' namespace.

Pointed out by Markus Elfring

OK mikeb@ millert@

9 years agosync
deraadt [Thu, 11 Jun 2015 18:48:10 +0000 (18:48 +0000)]
sync

9 years agoFix CVE-2012-3509, an integer overflow in libiberty, leading to
bluhm [Thu, 11 Jun 2015 17:33:35 +0000 (17:33 +0000)]
Fix CVE-2012-3509, an integer overflow in libiberty, leading to
heap-buffer overflow.
From Sebastian Trahm;  OK deraadt@

9 years agoIn the copyout family of functions, if the address is out of range
deraadt [Thu, 11 Jun 2015 17:26:17 +0000 (17:26 +0000)]
In the copyout family of functions, if the address is out of range
ensure the register containing the proc pointer is initialized.
ok miod

9 years agoRemove hzto(9) manual pages and references; OK dlg
mikeb [Thu, 11 Jun 2015 16:04:55 +0000 (16:04 +0000)]
Remove hzto(9) manual pages and references;  OK dlg

9 years agoMove hzto(9) to the attic; OK dlg
mikeb [Thu, 11 Jun 2015 16:03:04 +0000 (16:03 +0000)]
Move hzto(9) to the attic;  OK dlg

9 years agoAvoid an infinite loop that can occur when verifying a message with an
jsing [Thu, 11 Jun 2015 16:02:05 +0000 (16:02 +0000)]
Avoid an infinite loop that can occur when verifying a message with an
unknown hash function OID.

Diff based on OpenSSL.

Fixes CVE-2015-1792 (however, this code is not enabled/built in LibreSSL).

ok doug@ miod@

9 years agoConvert from hzto(9) to tvtohz(9); OK dlg
mikeb [Thu, 11 Jun 2015 16:00:36 +0000 (16:00 +0000)]
Convert from hzto(9) to tvtohz(9);  OK dlg

9 years agoMove away from using hzto(9); OK dlg
mikeb [Thu, 11 Jun 2015 15:59:17 +0000 (15:59 +0000)]
Move away from using hzto(9);  OK dlg

9 years agoAvoid a potential out-of-bounds read in X509_cmp_time(), due to missing
jsing [Thu, 11 Jun 2015 15:58:53 +0000 (15:58 +0000)]
Avoid a potential out-of-bounds read in X509_cmp_time(), due to missing
length checks.

Diff based on changes in OpenSSL.

Fixes CVE-2015-1789.

ok doug@

9 years agoAvoid an infinite loop that can be triggered by parsing an ASN.1
jsing [Thu, 11 Jun 2015 15:55:28 +0000 (15:55 +0000)]
Avoid an infinite loop that can be triggered by parsing an ASN.1
ECParameters structure that has a specially malformed binary polynomial
field.

Issue reported by Joseph Barr-Pixton and fix based on OpenSSL.

Fixes CVE-2015-1788.

ok doug@ miod@

9 years agoDon't do manual whitespace adjustments inside semantic macros,
schwarze [Thu, 11 Jun 2015 12:48:32 +0000 (12:48 +0000)]
Don't do manual whitespace adjustments inside semantic macros,
rather do it before the macros, and get rid of cargo cult escaping.
Both to make the code more robust and less ugly, no output change.
Ugly code reported by TJ at mrsk dot me.
OK jmc@

9 years agoconvert sc_sendq into an mbuf_list, and use ph_cookie rather than rcvif to
jmatthew [Thu, 11 Jun 2015 12:30:42 +0000 (12:30 +0000)]
convert sc_sendq into an mbuf_list, and use ph_cookie rather than rcvif to
store the sgl address, allowing rcvif to be removed.

ok mpi@ dlg@ uebayasi@

9 years agoAvoid double-free in error path by cribbing the HASBUF flag
blambert [Thu, 11 Jun 2015 08:39:51 +0000 (08:39 +0000)]
Avoid double-free in error path by cribbing the HASBUF flag
logic from the rest of the kernel that deals with filename
lookups.

In snaps for some time.

Initially found by jsg@
Prodded by deraadt@

9 years agoremove uneeded pci includes
jsg [Thu, 11 Jun 2015 04:38:23 +0000 (04:38 +0000)]
remove uneeded pci includes

9 years agobreath->breadth
sthen [Wed, 10 Jun 2015 21:16:41 +0000 (21:16 +0000)]
breath->breadth

9 years agoTypos: equalivant, fucntion, libary.
miod [Wed, 10 Jun 2015 20:50:05 +0000 (20:50 +0000)]
Typos: equalivant, fucntion, libary.

9 years agoDon't claim the autri(4) driver supports big-ending, signed 8-bit,
ratchov [Wed, 10 Jun 2015 20:14:02 +0000 (20:14 +0000)]
Don't claim the autri(4) driver supports big-ending, signed 8-bit,
or unsigned 16-bit samples. Fixes sound on big endian machines.

9 years agoUse first 4 channels of the board. The previous channel setting
ratchov [Wed, 10 Jun 2015 20:02:42 +0000 (20:02 +0000)]
Use first 4 channels of the board. The previous channel setting
caused DMA on the wrong memory location during recording.

ok kettenis@

9 years agoDo not set "rcvif", if_input() does it for us.
mpi [Wed, 10 Jun 2015 15:34:17 +0000 (15:34 +0000)]
Do not set "rcvif", if_input() does it for us.

Found the hardway by krw@ trying a diff that kills "rcvif".

ok stsp@

9 years agowp->tty is a char [] not a char * so it can't be NULL. From Thomas Adam.
nicm [Wed, 10 Jun 2015 12:56:04 +0000 (12:56 +0000)]
wp->tty is a char [] not a char * so it can't be NULL. From Thomas Adam.

9 years agoExport new pf "no-route" error counter
mikeb [Wed, 10 Jun 2015 10:03:59 +0000 (10:03 +0000)]
Export new pf "no-route" error counter

OK sthen, blambert for the SNMP part

9 years agoAdd missing include.
mpi [Wed, 10 Jun 2015 09:20:21 +0000 (09:20 +0000)]
Add missing include.

9 years agoFTP as an install method kicked the bucket some time ago.
jasper [Wed, 10 Jun 2015 06:38:39 +0000 (06:38 +0000)]
FTP as an install method kicked the bucket some time ago.

ok miod@

9 years agoRemove unused parameter of load_locale_sub(). No assembly change on i386.
stsp [Tue, 9 Jun 2015 20:04:04 +0000 (20:04 +0000)]
Remove unused parameter of load_locale_sub(). No assembly change on i386.
Diff from Sebastien Marie. objdump foo help from uwe

9 years agoadd miniroot; note it's not further documented to prevent having to
jasper [Tue, 9 Jun 2015 19:36:43 +0000 (19:36 +0000)]
add miniroot; note it's not further documented to prevent having to
reword/rewrite most of it again when usb support has landed.

9 years agoadd the edgerouter poe to the edgeroute lite paragraph
jasper [Tue, 9 Jun 2015 19:29:57 +0000 (19:29 +0000)]
add the edgerouter poe to the edgeroute lite paragraph

9 years agominiroot for octeon; tested on edgerouter lite with local usb storage
jasper [Tue, 9 Jun 2015 19:20:36 +0000 (19:20 +0000)]
miniroot for octeon; tested on edgerouter lite with local usb storage

ok jmatthew@ miod@

9 years agoRemove the hack to check if the received pointer has changed in an ifih
mpi [Tue, 9 Jun 2015 14:57:30 +0000 (14:57 +0000)]
Remove the hack to check if the received pointer has changed in an ifih
now that all drivers and pseudo-drivers are using if_input().

if_input() is reentrant and is now the only place where we set `rcvif'.

9 years agoConvert trunk(4) to if_input().
mpi [Tue, 9 Jun 2015 14:50:14 +0000 (14:50 +0000)]
Convert trunk(4) to if_input().

ok dlg@

9 years agoplug fd leak found by Todd Mortimer
jung [Tue, 9 Jun 2015 08:50:52 +0000 (08:50 +0000)]
plug fd leak found by Todd Mortimer

ok claudio deraadt florian

9 years agoFix loop comparison broken in last commit, from Thomas Adam.
nicm [Tue, 9 Jun 2015 07:07:06 +0000 (07:07 +0000)]
Fix loop comparison broken in last commit, from Thomas Adam.

9 years agoMore damned eye searing whitespace. No change to .o files.
krw [Mon, 8 Jun 2015 22:19:27 +0000 (22:19 +0000)]
More damned eye searing whitespace. No change to .o files.

9 years agoexpr isn't on the ramdisk use ksh for addition
jsg [Mon, 8 Jun 2015 18:31:17 +0000 (18:31 +0000)]
expr isn't on the ramdisk use ksh for addition
problem spotted by jasper@

9 years agoMove the scan_dmesg calls back into the functions. It can't be called
jsg [Mon, 8 Jun 2015 17:35:43 +0000 (17:35 +0000)]
Move the scan_dmesg calls back into the functions.  It can't be called
when the file is sourced as /var/run/dmesg.boot won't exist then.

9 years agoIntroduce a state on the ctl_relay_event struct. This makes it possible
claudio [Mon, 8 Jun 2015 15:47:51 +0000 (15:47 +0000)]
Introduce a state on the ctl_relay_event struct. This makes it possible
to better track the connection state of a session and stops doing double
opens in certain situations using http relays. Using a state field to
simplify the logic since relay_connect() is called multiple times.
OK benno@, bluhm@ and running in production for more than a week

9 years agoenable agtimer on the ramdisk as well
jsg [Mon, 8 Jun 2015 14:59:34 +0000 (14:59 +0000)]
enable agtimer on the ramdisk as well

9 years agoAt some point arm moved to a unified syntax for arm and thumb instructions.
jsg [Mon, 8 Jun 2015 14:22:05 +0000 (14:22 +0000)]
At some point arm moved to a unified syntax for arm and thumb instructions.
While binutils supports both "unified" and "divided" syntax (defaulting
to divided) the integrated assembler in clang only supports unified names
so switch some files to unified syntax.  Similiar changes were made in
bitrig and freebsd.  No difference in objdump -d output.

tested on zaurus by deraadt@, ok miod@

9 years agoMerge multiple copies of the code doing VLAN tag insertion back into
mpi [Mon, 8 Jun 2015 13:44:08 +0000 (13:44 +0000)]
Merge multiple copies of the code doing VLAN tag insertion back into
vlan_start().

ok sthen@, phessler@

9 years agoMove carp-related logic from ether_output() into carp_start().
mpi [Mon, 8 Jun 2015 13:40:48 +0000 (13:40 +0000)]
Move carp-related logic from ether_output() into carp_start().

ok sthen@, phessler@

9 years agoUpdate documentation for lang/go module
czarkoff [Mon, 8 Jun 2015 09:23:01 +0000 (09:23 +0000)]
Update documentation for lang/go module

OK sthen@

9 years agorearrange delayed_work to avoid the use of container_of while leaving it in
jmatthew [Mon, 8 Jun 2015 08:47:38 +0000 (08:47 +0000)]
rearrange delayed_work to avoid the use of container_of while leaving it in
more or less the same shape.

ok uebayasi@

9 years agopms(4): Don't match Elantech v4 devices with firmware versions 0xX7XXXX.
stsp [Mon, 8 Jun 2015 06:39:22 +0000 (06:39 +0000)]
pms(4): Don't match Elantech v4 devices with firmware versions 0xX7XXXX.
Apparently we don't support these touchpads properly so leave them in
PS/2 compat mode. Regression reported by Remi Locherer on bugs@. And stop
matching devices with firmware versions higher than 0xX8XXXX since we cannot
be sure they work.
ok mpi@

9 years agoAdd initial support for the ARM Versatile Express boards as emulated by
jsg [Mon, 8 Jun 2015 06:33:16 +0000 (06:33 +0000)]
Add initial support for the ARM Versatile Express boards as emulated by
qemu with virtio memory ranges.

Unfortunately the vexpress-a9 and vexpress-a15 boards/targets have
different load addresses and memory maps.

Code for the PL011 UART and mmio virtio attachment from Patrick Wildt
in bitrig.

9 years agorefuse to do polled isochronous transfers, as other usb controller drivers do
jmatthew [Mon, 8 Jun 2015 00:58:23 +0000 (00:58 +0000)]
refuse to do polled isochronous transfers, as other usb controller drivers do

requested by mpi@

9 years agoEnsure polled bulk, control and interrupt transfers actually poll, fixing
jmatthew [Mon, 8 Jun 2015 00:46:33 +0000 (00:46 +0000)]
Ensure polled bulk, control and interrupt transfers actually poll, fixing
panics on shutdown with various usb sticks.

ok mpi@

9 years agoAdd -E flag when attaching or switching client to bypass
nicm [Sun, 7 Jun 2015 21:39:39 +0000 (21:39 +0000)]
Add -E flag when attaching or switching client to bypass
update-environment, from Steven Lu.

9 years agoHBG is no more so no need to mention it in the man pages.
claudio [Sun, 7 Jun 2015 20:13:13 +0000 (20:13 +0000)]
HBG is no more so no need to mention it in the man pages.
OK jmc@

9 years agoThe Swiss Federal Government decided to shut down HBG at the end of 2011.
claudio [Sun, 7 Jun 2015 20:11:52 +0000 (20:11 +0000)]
The Swiss Federal Government decided to shut down HBG at the end of 2011.
On 6 September 2012 at 12:02:00 UTC both antenna towers were demolished by
controlled explosives. So this is not coming back and we can tedu the
support for HBG form the DCF77 drivers.
Remided by mbalmer

9 years agoMore damned eye searing whitespace.
krw [Sun, 7 Jun 2015 19:13:27 +0000 (19:13 +0000)]
More damned eye searing whitespace.

9 years agosync
deraadt [Sun, 7 Jun 2015 18:48:20 +0000 (18:48 +0000)]
sync

9 years agoInitial exynos4 bits. Among other things the gic isn't mapped correctly
jsg [Sun, 7 Jun 2015 16:54:16 +0000 (16:54 +0000)]
Initial exynos4 bits.  Among other things the gic isn't mapped correctly
on exynos4/5 yet as it isn't at the usual offset from periphbase.
ok bmercer@

9 years agoAdd a default panic case to a switch statement where code after assumes
jsg [Sun, 7 Jun 2015 12:16:27 +0000 (12:16 +0000)]
Add a default panic case to a switch statement where code after assumes
one of the cases was reached.  Matches other parts of the mpbios code.

9 years agoIntroduce unhandled_af() for cases where code conditionally does
jsg [Sun, 7 Jun 2015 12:02:28 +0000 (12:02 +0000)]
Introduce unhandled_af() for cases where code conditionally does
something based on an address family and later assumes one of the paths
was taken.  This was initially just calls to panic until guenther
suggested a function to reduce the amount of strings needed.

This reduces the amount of noise with static analysers and acts
as a sanity check.

ok guenther@ bluhm@

9 years agomark the usb hci driver pci glue code as only needed by the pci attachment,
dlg [Sun, 7 Jun 2015 10:47:53 +0000 (10:47 +0000)]
mark the usb hci driver pci glue code as only needed by the pci attachment,
not all usb controllers.

this lets jsg build ehci on a platform that lacks a pci bus.
ok jsg@

9 years agoAdd CR4_FSGSBASE
guenther [Sun, 7 Jun 2015 08:11:50 +0000 (08:11 +0000)]
Add CR4_FSGSBASE

9 years agoEnable use of mwait in non-MP boxes and report # of C-substates up to C7,
guenther [Sun, 7 Jun 2015 06:24:59 +0000 (06:24 +0000)]
Enable use of mwait in non-MP boxes and report # of C-substates up to C7,
truncating trailing zeros.

Testing by many as part of a larger change to use ACPI _CST objects
ok krw@

9 years agoReplace a bunch of == 0 with == NULL in pointer tests. Nuke some
krw [Sun, 7 Jun 2015 01:25:27 +0000 (01:25 +0000)]
Replace a bunch of == 0 with == NULL in pointer tests. Nuke some
annoying trailing, leading and embedded whitespace. No change to
.o files.

ok deraadt@

9 years agoAdd some changes from Patrick Wildt in bitrig that are required to make
jsg [Sat, 6 Jun 2015 16:49:04 +0000 (16:49 +0000)]
Add some changes from Patrick Wildt in bitrig that are required to make
the qemu cortex a15 useable without trustzone.

Establish the interrupt for the non-secure physical timer (30), in
addition to the secure physical timer (29).

Stop masking the timer output signal in the interrupt handler.

9 years agoAllow rtsol keyword in hostname.if(5) with net.inet6.ip6.forwarding=1.
florian [Sat, 6 Jun 2015 13:13:07 +0000 (13:13 +0000)]
Allow rtsol keyword in hostname.if(5) with net.inet6.ip6.forwarding=1.
"inet6 autoconf" was working before and rtsol should behave the same.
OK phessler

9 years agoEnable rtwn(4) on RAMDISK_CD kernels for upgrades. ok deraadt
stsp [Sat, 6 Jun 2015 12:30:53 +0000 (12:30 +0000)]
Enable rtwn(4) on RAMDISK_CD kernels for upgrades. ok deraadt

9 years agoPut the link-layer address back into the gateway field of RTF_LOCAL
mpi [Sat, 6 Jun 2015 09:31:53 +0000 (09:31 +0000)]
Put the link-layer address back into the gateway field of RTF_LOCAL
routes.

Since such routes are also flagged with RTF_LLINFO various code path
assume correctly that they contain valid ARP or ND information.

This fixes the "arpresolve: unresolved and rt_expire == 0" issue
reported on tech@ by mxb <mxb AT alumni DOT chalmers DOT se>.

ok claudio@, phessler@

9 years agoAdd rtwn(4) to fw_update. ok espie@, czarkoff@ suggested a similar diff
stsp [Sat, 6 Jun 2015 07:19:56 +0000 (07:19 +0000)]
Add rtwn(4) to fw_update. ok espie@, czarkoff@ suggested a similar diff

9 years agoUse ints for the calculations rather than u_char, they could end up
nicm [Fri, 5 Jun 2015 22:50:27 +0000 (22:50 +0000)]
Use ints for the calculations rather than u_char, they could end up
signed.

9 years agoHandle the RGB colour escape sequence (\033[38;2;<r>;<g>;<b>m and 48;2)
nicm [Fri, 5 Jun 2015 22:33:39 +0000 (22:33 +0000)]
Handle the RGB colour escape sequence (\033[38;2;<r>;<g>;<b>m and 48;2)
like xterm(1) does, by mapping to the nearest in the 256 colour palette.

9 years agoUse fixed colour tables rather than generated and do a quick search for
nicm [Fri, 5 Jun 2015 22:01:17 +0000 (22:01 +0000)]
Use fixed colour tables rather than generated and do a quick search for
exact match before doing the distance comparison.

9 years agoLink ssl and crypto via BSDOBJDIR, works with native and cross builds
tobiasu [Fri, 5 Jun 2015 21:52:01 +0000 (21:52 +0000)]
Link ssl and crypto via BSDOBJDIR, works with native and cross builds

ok mpi@

9 years agoUse target BSDOBJDIR when cross-compiling libraries
tobiasu [Fri, 5 Jun 2015 21:48:35 +0000 (21:48 +0000)]
Use target BSDOBJDIR when cross-compiling libraries

ok mpi@

9 years agoFix library search path so we link against the freshly built libcrypto.so
tobiasu [Fri, 5 Jun 2015 21:42:37 +0000 (21:42 +0000)]
Fix library search path so we link against the freshly built libcrypto.so
instead of a stale one.

ok miod@ mpi@

9 years agoTry harder to avoid (very unlikely) NULL pointer de-ref by tweaking
krw [Fri, 5 Jun 2015 21:41:43 +0000 (21:41 +0000)]
Try harder to avoid (very unlikely) NULL pointer de-ref by tweaking
code to use sotopf() like tcp_usrreq() does. Also following
tcp_usrreq(), put more stuff under splsoftnet. And as a result
in-line code in udp_detach() and nuke udp_detach().

Most ideas from and ok mikeb@

9 years agoAnd ... more discussion occurs between miod and kettenis about
deraadt [Fri, 5 Jun 2015 19:36:28 +0000 (19:36 +0000)]
And ... more discussion occurs between miod and kettenis about
what register dance copyerr should do.....

9 years agoAnd part 2 of the onfault repair. Do the actual clearing of pcb_onfault
deraadt [Fri, 5 Jun 2015 18:36:07 +0000 (18:36 +0000)]
And part 2 of the onfault repair.  Do the actual clearing of pcb_onfault
in copyerr itself, like other architectures of this type do.
as a result of chatter between miod and kettenis

9 years agoSimilarly, for sessions use a callback to free rather than checking
nicm [Fri, 5 Jun 2015 18:18:32 +0000 (18:18 +0000)]
Similarly, for sessions use a callback to free rather than checking
every loop.

9 years agoMissing no-pie logic for bootblocks.
miod [Fri, 5 Jun 2015 18:14:26 +0000 (18:14 +0000)]
Missing no-pie logic for bootblocks.

9 years agoChange deref to the more sensible unref, and add a couple I missed before.
nicm [Fri, 5 Jun 2015 18:06:30 +0000 (18:06 +0000)]
Change deref to the more sensible unref, and add a couple I missed before.

9 years agoInstead of putting dead clients on a list and checking it every loop,
nicm [Fri, 5 Jun 2015 18:01:12 +0000 (18:01 +0000)]
Instead of putting dead clients on a list and checking it every loop,
use event_once to queue a callback to deal with them. Also dead clients
with references would never actually be freed because the wrap-up
functions (the callback for stdin, or status_prompt_clear) would never
be called. So call them in server_client_lost.

9 years agoDo not unconditionally clear pcb_onfault after a uvm_fault. That will
deraadt [Fri, 5 Jun 2015 16:59:10 +0000 (16:59 +0000)]
Do not unconditionally clear pcb_onfault after a uvm_fault.  That will
permit the active copyout/copyin to continue work on subsequent faulting
pages and not misinterpret & fault them as kernel bcopy against userland
addresses.  Old bug -- fall of 1996.  This should fix getentropy issues
on MP systems which have become more apparent recently, probably due to
some combo of increased ASLR with unlocked getentropy happening very soon
after vfork/fork...
ok miod

9 years agothese days, curproc is never NULL, so skip those checks.
deraadt [Fri, 5 Jun 2015 16:45:24 +0000 (16:45 +0000)]
these days, curproc is never NULL, so skip those checks.
Discussed with kettenis

9 years agotrunc_page() generally.... succeeds at clearing the page offset
deraadt [Fri, 5 Jun 2015 16:35:24 +0000 (16:35 +0000)]
trunc_page() generally.... succeeds at clearing the page offset
bits the first time it is called, so don't do it again.
ok miod

9 years agoThese days p->p_addr will never be NULL.
kettenis [Fri, 5 Jun 2015 16:07:24 +0000 (16:07 +0000)]
These days p->p_addr will never be NULL.

ok deraadt@

9 years agoFor "ssh -L 12345:/tmp/sock" don't fail with "No forward host name."
millert [Fri, 5 Jun 2015 15:13:13 +0000 (15:13 +0000)]
For "ssh -L 12345:/tmp/sock" don't fail with "No forward host name."
(we have a path, not a host name).  Based on a diff from Jared Yanovich.
OK djm@

9 years agoDo not use the key variable uninitialized (in a debug log statement),
nicm [Fri, 5 Jun 2015 15:10:13 +0000 (15:10 +0000)]
Do not use the key variable uninitialized (in a debug log statement),
reported by jungleboogie0 at gmail dot com.

9 years agoFix coupling and decoupling operations.
vgross [Fri, 5 Jun 2015 13:35:08 +0000 (13:35 +0000)]
Fix coupling and decoupling operations.

With help and ok from mikeb@

9 years agoImprove error handling and recovery during state insertion
mikeb [Fri, 5 Jun 2015 13:22:34 +0000 (13:22 +0000)]
Improve error handling and recovery during state insertion

Reshuffle the code around a bit and greatly improve error handling
fixing a few bugs along the way.

Problem reported by and fix was written with Alexandr Nedvedicky.
OK henning

9 years agoAdd bits missed in previous... I suck at cvs.
mpi [Fri, 5 Jun 2015 11:38:19 +0000 (11:38 +0000)]
Add bits missed in previous... I suck at cvs.

9 years agoPut spaces and commas where they belong.
mpi [Fri, 5 Jun 2015 10:24:23 +0000 (10:24 +0000)]
Put spaces and commas where they belong.

9 years agoFinally protect VP lookups to guarantee that a pted won't be freed or
mpi [Fri, 5 Jun 2015 10:15:54 +0000 (10:15 +0000)]
Finally protect VP lookups to guarantee that a pted won't be freed or
reused by a CPU while another CPU is manipulating it.

This races occurs because the virtual spill handlers are run without
taking the KERNEL_LOCK for obvious reasons.  So use a per-pmap mutex
that CPUs must hold when modifying a pted in order to guarantee the
atomicity of operations *and* the coherence between pmap VPs tree and
what's in the HASH.

Thanks to dlg@ for assisting me debugging this.  This change ends your
PowerPC pmap SMP show of the week.  GENERIC.MP on macppc should now be
stable enough to build ports without corrupting its own memory.

ok kettenis@, deraadt@, dlg@

9 years agoDon't try to be clever when unrolling the loop in pmap_remove().
mpi [Fri, 5 Jun 2015 10:06:35 +0000 (10:06 +0000)]
Don't try to be clever when unrolling the loop in pmap_remove().

Needed for upcoming locking.

9 years agoReplace the per-entry locks by a global HASH lock.
mpi [Fri, 5 Jun 2015 10:04:34 +0000 (10:04 +0000)]
Replace the per-entry locks by a global HASH lock.

Since this lock is recursive we can now guarantee the atomicity of
pte_inser{32,64}() when a pted has to be removed first.  This fixes
one of the races.

Using a __mp_lock here also allowed dlg@ to provide me useful traces
to fix the next race.  Thanks for your help!

ok kettenis@, deraadt@, dlg@

9 years agoCall pte_spill_v() from the real mode fault handler instead of rerolling
mpi [Fri, 5 Jun 2015 09:53:40 +0000 (09:53 +0000)]
Call pte_spill_v() from the real mode fault handler instead of rerolling
it.  This will reduce the number of places to audit for locking.

Note that for profiling purposes pte_spill_v() is now marked a __noprof
since per-CPU profiling buffers are not guaranteed to be 1:1 mapped and
cannot be accessed from the real mode fault handler.

ok kettenis@, deraadt@, dlg@

9 years agoRewrite PTE manipulation routines to better match the PEM.
mpi [Fri, 5 Jun 2015 09:48:01 +0000 (09:48 +0000)]
Rewrite PTE manipulation routines to better match the PEM.

Document every operation, make sure to call "sync" when appropriate so
that other CPUs see the bit changes and finally grab a lock where it was
missing to grantee atomicity.

ok kettenis@, deraadt@, dlg@

9 years agoSplit pteclrbits() into pmap_{test,clear}_attrs().
mpi [Fri, 5 Jun 2015 09:42:10 +0000 (09:42 +0000)]
Split pteclrbits() into pmap_{test,clear}_attrs().

This should not introduce any behavior change but makes the code easier
to read and later easier to protect.  This also brings this pmap closer
to what others do.

Thanks to kettenis@ for spotting a bad typo!

ok kettenis@, deraadt@, dlg@

9 years agoMore usages of pmap_ptedinhash().
mpi [Fri, 5 Jun 2015 09:38:52 +0000 (09:38 +0000)]
More usages of pmap_ptedinhash().

If you wonder why pte_insert{32,64}() is not using pmap_hash_remove() if
it finds a conflicting PTE in the HASH, it's because in the current state
trying to grab the same lock a second time would lead to a deadlock.

This is much easier to reproduce on G5 (or G4 with BAT disabled).

ok kettenis@, deraadt@, dlg@

9 years agoRemove DEBUG stuff.
mpi [Fri, 5 Jun 2015 09:32:22 +0000 (09:32 +0000)]
Remove DEBUG stuff.

9 years agoMake use of ptesr() instead of rerolling it.
mpi [Fri, 5 Jun 2015 09:31:19 +0000 (09:31 +0000)]
Make use of ptesr() instead of rerolling it.

9 years agoMerge various copies of the same code into a new function to determine
mpi [Fri, 5 Jun 2015 09:30:03 +0000 (09:30 +0000)]
Merge various copies of the same code into a new function to determine
if a PTE is present in the HASH.

Note that atomicity is currently not guaranteed between this check and
the following operations.

ok kettenis@, deraadt@, dlg@

9 years agoIntroduce pmap_pted_ro() a simple wrapper for the 32/64 bits versions
mpi [Fri, 5 Jun 2015 09:25:21 +0000 (09:25 +0000)]
Introduce pmap_pted_ro() a simple wrapper for the 32/64 bits versions
that does not call pmap_vp_lookup().

Carreful readers would have notice the removal of the bits on the virtual
address with a page mask, this change allows me to find the 13 years old
bug fixed in r1.145.

ok kettenis@, deraadt@, dlg@

9 years agoDo only one VP lookup when removing a page.
mpi [Fri, 5 Jun 2015 09:18:50 +0000 (09:18 +0000)]
Do only one VP lookup when removing a page.

This simplify pmap_remove() & friends by re-using an already fetched PTE
descriptor.

There's currently a race on MP system where one CPU can reuse a pted
while another one is still trying to insert it in the HASH.  This commit
starts reducing the number of pmap_vp_lookup() calls to help fix this
race.

ok kettenis@, deraadt@, dlg@