The sim_vid, hba_vid, and dev_name fields of struct ccb_pathinq are
fixed-length strings. AFAICT the only place they're read is in
sbin/camcontrol/camcontrol.c, which assumes they'll be null-terminated.
However, the kernel doesn't null-terminate them. A bunch of copy-pasted code
uses strncpy to write them, and doesn't guarantee null-termination. For at
least 4 drivers (mpr, mps, ciss, and hyperv), the hba_vid field actually
overflows. You can see the result by doing "camcontrol negotiate da0 -v".
This change null-terminates those fields everywhere they're set in the
kernel. It also shortens a few strings to ensure they'll fit within the
16-character field.
PR: 215474
Reported by: Coverity
CID: 1009997 1010000 1010001 1010002 1010003 1010004 1010005
CID: 1331519 1010006 1215097 1010007 1288967 1010008 1306000
CID: 1211924 1010009 1010010 1010011 1010012 1010013 1010014
CID: 1147190 1010017 1010016 1010018 1216435 1010020 1010021
CID: 1010022 1009666 1018185 1010023 1010025 1010026 1010027
CID: 1010028 1010029 1010030 1010031 1010033 1018186 1018187
CID: 1010035 1010036 1010042 1010041 1010040 1010039
Reviewed by: imp, sephe, slm
MFC after: 4 weeks
Sponsored by: Spectra Logic Corp
Differential Revision: https://reviews.freebsd.org/D9037
Differential Revision: https://reviews.freebsd.org/D9038
sys/dev/ppbus/ppb_1284.c:296:46: error: implicit conversion from 'int'
to 'char' changes value from 144 to -112 [-Werror,-Wconstant-conversion]
if ((error = do_peripheral_wait(bus, SELECT | nBUSY, 0))) {
~~~~~~~~~~~~~~~~~~ ~~~~~~~^~~~~~~
sys/dev/ppbus/ppb_1284.c:785:48: error: implicit conversion from 'int'
to 'char' changes value from 240 to -16 [-Werror,-Wconstant-conversion]
if (do_1284_wait(bus, nACK | SELECT | PERROR | nBUSY,
~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
sys/dev/ppbus/ppb_1284.c:786:29: error: implicit conversion from 'int'
to 'char' changes value from 240 to -16 [-Werror,-Wconstant-conversion]
nACK | SELECT | PERROR | nBUSY)) {
~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~
This is because nBUSY is 0x80, so the plain char argument is wrapped to
a negative value. Fix this in a minimal fashion, by using uint8_t in a
few places.
Reviewed by: emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D7771
to this event, adding if_var.h to files that do need it. Also, include
all includes that now are included due to implicit pollution via if_var.h
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
extremely outdated, and I doubt that it was ever used for ifnet drivers.
It was used for AF_INET sockets in pre-FreeBSD time.
Approved by: re (hrs)
Sponsored by: Nginx, Inc.
one. Interestingly, these are actually the default for quite some time
(bus_generic_driver_added(9) since r52045 and bus_generic_print_child(9)
since r52045) but even recently added device drivers do this unnecessarily.
Discussed with: jhb, marcel
- While at it, use DEVMETHOD_END.
Discussed with: jhb
- Also while at it, use __FBSDID.
defined and will allow consumers, willing to provide options, file and
line to locking requests, to not worry about options redefining the
interfaces.
This is typically useful when there is the need to build another
locking interface on top of the mutex one.
The introduced functions that consumers can use are:
- mtx_lock_flags_
- mtx_unlock_flags_
- mtx_lock_spin_flags_
- mtx_unlock_spin_flags_
- mtx_assert_
- thread_lock_flags_
Spare notes:
- Likely we can get rid of all the 'INVARIANTS' specification in the
ppbus code by using the same macro as done in this patch (but this is
left to the ppbus maintainer)
- all the other locking interfaces may require a similar cleanup, where
the most notable case is sx which will allow a further cleanup of
vm_map locking facilities
- The patch should be fully compatible with older branches, thus a MFC
is previewed (infact it uses all the underlying mechanisms already
present).
Comments review by: eadler, Ben Kaduk
Discussed with: kib, jhb
MFC after: 1 month
to kern/subr_bus.c. Simplify this function so that it no longer
depends on malloc() to execute. Identify a few other places where
it makes sense to use device_delete_all_children().
MFC after: 1 week
setting (either default or if supported as set by SIOCSIFFIB, e.g.
from ifconfig).
Submitted by: Alexander V. Chernikov (melifaro ipfw.ru)
Reviewed by: julian
MFC after: 2 weeks
This reflects actual type used to store and compare child device orders.
Change is mostly done via a Coccinelle (soon to be devel/coccinelle)
semantic patch.
Verified by LINT+modules kernel builds.
Followup to: r212213
MFC after: 10 days
queue length. The default value for this parameter is 50, which is
quite low for many of today's uses and the only way to modify this
parameter right now is to edit if_var.h file. Also add read-only
sysctl with the same name, so that it's possible to retrieve the
current value.
MFC after: 1 month
- Unify bus reset/probe sequence. Whenever bus attached at boot or later,
CAM will automatically reset and scan it. It allows to remove duplicate
code from many drivers.
- Any bus, attached before CAM completed it's boot-time initialization,
will equally join to the process, delaying boot if needed.
- New kern.cam.boot_delay loader tunable should help controllers that
are still unable to register their buses in time (such as slow USB/
PCCard/ CardBus devices), by adding one more event to wait on boot.
- To allow synchronization between different CAM levels, concept of
requests priorities was extended. Priorities now split between several
"run levels". Device can be freezed at specified level, allowing higher
priority requests to pass. For example, no payload requests allowed,
until PMP driver enable port. ATA XPT negotiate transfer parameters,
periph driver configure caching and so on.
- Frozen requests are no more counted by request allocation scheduler.
It fixes deadlocks, when frozen low priority payload requests occupying
slots, required by higher levels to manage theit execution.
- Two last changes were holding proper ATA reinitialization and error
recovery implementation. Now it is done: SATA controllers and Port
Multipliers now implement automatic hot-plug and should correctly
recover from timeouts and bus resets.
- Improve SCSI error recovery for devices on buses without automatic sense
reporting, such as ATAPI or USB. For example, it allows CAM to wait, while
CD drive loads disk, instead of immediately return error status.
- Decapitalize diagnostic messages and make them more readable and sensible.
- Teach PMP driver to limit maximum speed on fan-out ports.
- Make boot wait for PMP scan completes, and make rescan more reliable.
- Fix pass driver, to return CCB to user level in case of error.
- Increase number of retries in cd driver, as device may return several UAs.
in 'sc_state'. This allows the lpt_release_ppbus() calls in those two
routines to actually release the ppbus and thus fixes the hangs noticed
with the lpt(4) driver since the recent ppbus changes. The old lpt(4)
driver didn't actually check the HAVEBUS flag in lpt_release_ppbus() which
is why these bugs weren't noticed before.
- To avoid having a bunch of locks that end up always getting acquired as
a group, give each ppc(4) device a mutex which it shares with all the
child devices including ppbus(4), lpt(4), plip(4), etc. This mutex
is then used for all the locking.
- Rework the interrupt handling stuff yet again. Now ppbus drivers setup
their interrupt handler during attach and tear it down during detach
like most other drivers. ppbus(4) only invokes the interrupt handler
of the device that currently owns the bus (if any) when an interrupt
occurs, however. Also, interrupt handlers in general now accept their
softc pointers as their argument rather than the device_t. Another
feature of the ppbus interrupt handlers is that they are called with
the parent ppc device's lock already held. This minimizes the number
of lock operations during an interrupt.
- Mark plip(4), lpt(4), pcfclock(4), ppi(4), vpo(4) MPSAFE.
- lpbb(4) uses the ppc lock instead of Giant.
- Other plip(4) changes:
- Add a mutex to protect the global tables in plip(4) and free them on
module unload.
- Add a detach routine.
- Split out the init/stop code from the ioctl routine into separate
functions.
- Other lpt(4) changes:
- Use device_printf().
- Use a dedicated callout for the lptout timer.
- Allocate the I/O buffers at attach and detach rather than during
open and close as this simplifies the locking at the cost of
1024+32 bytes when the driver is attached.
- Other ppi(4) changes:
- Use an sx lock to serialize open and close.
- Remove unused HADBUS flag.
- Add a detach routine.
- Use a malloc'd buffer for each read and write to avoid races with
concurrent read/write.
- Other pps(4) changes:
- Use a callout rather than a callout handle with timeout().
- Conform to the new ppbus requirements (regular mutex, non-filter
interrupt handler). pps(4) is probably going to have to become a
standalone driver that doesn't use ppbus(4) to satisfy it's
requirements for low latency as a result.
- Use an sx lock to serialize open and close.
- Other vpo(4) changes:
- Use the parent ppc device's lock to create the CAM sim instead of
Giant.
- Other ppc(4) changes:
- Fix ppc_isa's detach method to detach instead of calling attach.
Tested by: no one :-(
other fixes:
- Add pointers back to device_t objects in softc structures instead
of storing the unit and using devclass_get_device().
- Add 'lpbb', 'pcf', 'pps', and 'vpo' child devices to every 'ppbus' device
instead of just the first one.
- Store softc pointers in si_drv1 of character devices instead of
pulling the unit number from the minor number and using
devclass_get_softc() and devclass_get_device().
- Store the LP_BYPASS flag in si_drv2 instead of encoding it in the minor
number.
- Destroy character devices for lpt(4) when detaching the device.
- Use bus_print_child_footer() instead of duplicating it in
ppbus_print_child() and fix ppbus_print_child()'s return value.
- Remove unused AVM ivar from ppbus.
- Don't store the 'mode' ivar in the ppbus ivars since we always fetch it
from the parent anyway.
- Try to detach all the child devices before deleting them in
ppbus_detach().
- Use pause() instead of a tsleep() on a dummy address when polling the
ppbus.
- Use if_printf() and device_printf() instead of explicit names with unit
numbers.
Silence on: current@
After I removed all the unit2minor()/minor2unit() calls from the kernel
yesterday, I realised calling minor() everywhere is quite confusing.
Character devices now only have the ability to store a unit number, not
a minor number. Remove the confusion by using dev2unit() everywhere.
This commit could also be considered as a bug fix. A lot of drivers call
minor(), while they should actually be calling dev2unit(). In -CURRENT
this isn't a problem, but it turns out we never had any problem reports
related to that issue in the past. I suspect not many people connect
more than 256 pieces of the same hardware.
Reviewed by: kib
- Retire IVARs for passing IRQs around. Instead, ppbus and ppc now allow
child devices to access the interrupt by via a rid 0 IRQ resource
using bus_alloc_resource_any().
- ppc creates its own interrupt event to manage the interrupt handlers of
child devices. ppc does not allow child devices to use filters. It
could allow this if needed, but none of the current drivers use them
and it adds a good bit of complication. It uses
intr_event_execute_handlers() to fire the child device interrupt handlers
from its threaded interrupt handler.
- Remove the ppbus_dummy_intr() hack. Now the ppc device always has an
interrupt handler registered and we no longer bounce all the way up to
nexus to manage adding/removing ppbus child interrupt handlers. Instead,
the child handlers are added and removed to the private interrupt event
in the ppc device.
- Just grab Giant in the ixp425_iic(4) driver since this driver uses
a shared address/data register window pair to access the actual
I2C registers. None of the other ixp425 drivers lock access to these
shared address/data registers yet and that would need to be done before
this could use any meaningful locking.
- Add locking to the interrupt handler and 'iicbus_reset' methods of the
at91_twi(4) driver.
- Add locking to the pcf(4) driver. Other pcf(4) fixes include:
- Don't needlessly zero the softc.
- Use bus_foo rather than bus_space_foo and remove bus space tag and
handle from softc.
- The lpbb(4) driver just grabs Giant for now. This will be refined later
when ppbus(4) is locked.
- As was done with smbus earlier, move the DRIVER_MODULE() lines to match
the bus driver (either iicbus or iicbb) to the bridge driver into the
bridge drivers.
Tested by: sam (arm/ixp425)
interrupt handlers for child devices by adding a dummy handler that is
always present so that the underlying interrupt thread is always around
avoiding panics from stray interrupts.
MFC after: 3 days
now takes a device_t to be the parent of the bus that is being created.
Most SIMs have been updated with a reasonable argument, but a few exceptions
just pass NULL for now. This argument isn't used yet and the newbus
integration likely won't be ready until after 7.0-RELEASE.
use to synchornize and protect all data objects that are used for that
SIM. Drivers that are not yet MPSAFE register Giant and operate as
usual. RIght now, no drivers are MPSAFE, though a few will be changed
in the coming week as this work settles down.
The driver API has changed, so all CAM drivers will need to be recompiled.
The userland API has not changed, so tools like camcontrol do not need to
be recompiled.