Rich Neswold | 7 Oct 18:46 2015

mount_nfs(8) correction

Index: sbin/mount_nfs/mount_nfs.8
--- sbin/mount_nfs/mount_nfs.8
+++ sbin/mount_nfs/mount_nfs.8
 <at>  <at>  -366,11 +366,11  <at>  <at> 
 when mounting servers that do not support
 .Tn TCP
 .It Fl X
 Perform 32 \*[Lt]-\*[Gt] 64 bit directory cookie translation for
version 3 mounts.
-This may be need in the case of a server using the upper 32 bits of
+This may be needed in the case of a server using the upper 32 bits of
 version 3 directory cookies, and when you are running emulated binaries
 that access such a filesystem.
 binaries will never need this option.

Paul Goyette | 5 Oct 04:32 2015

Anomalies while handling p_nstopchild count

While investigating my problem with the zombie-that-wouldn't-die (see 
thread on current-users), a couple of anomalies have appeared.

The first of these is reported by Robert Elz in his PR kern/50298 where 
it appears that the wrong process's p_nstopchild count is being updated.

The second is just reported by me in PR kern/50300:

Shortly after setting the current (exitting) process's p_stat to SDEAD, 
sys_exit() may reparent the process because of its (current) parent is 
unwilling to wait() for its children to exit.  Unfortunately, 
proc_reparent() only adjusts the old and new parents' p_nstopchild 
counts for SZOMB (or, in some cases, SSTOP) processes;  since our 
process is still SDEAD, the parents don't get updated.

I'm just now studying and learning this part of the kernel, so I don't 
want to commit the changes suggested in these two PRs without having 
someone else review and approve.  Any volunteers?   :)

| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:       |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at    |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at  |

Michael McConville | 4 Oct 22:50 2015

module(9) man page tweaks

Index: share/man/man9/module.9
RCS file: /cvsroot/src/share/man/man9/module.9,v
retrieving revision 1.37
diff -u -p -r1.37 module.9
--- share/man/man9/module.9	4 Jun 2015 01:58:30 -0000	1.37
+++ share/man/man9/module.9	1 Oct 2015 19:09:15 -0000
 <at>  <at>  -74,7 +74,7  <at>  <at>  the kernel and reboot.
 Modules can be loaded from within the kernel image, provided by the boot
 loader, or loaded from the file system.
-Two data types are relevant for
+Two data types comprise a
 .Nm :
 .Bl -enum -offset indent
 <at>  <at>  -84,10 +84,13  <at>  <at>  type provides storage to describe a modu
 .Vt modinfo_t
-type resides within the module itself, and contains module header info.
+type resides within
+.Vt module_t
+and contains module header info.
-The module subsystem is protected by the global kernconfig_mutex.
+The module subsystem is protected by the global
+.Va kernconfig_mutex .
(Continue reading)

Takahiro Hayashi | 3 Oct 16:37 2015

[patch] xhci patch 20151003


Here is an xhci patch for nick-nhusb branch.

	+ Import port speed detection code from OpenBSD.
	  Check port power bit instead of speed bits. It's a cool idea.
	+ Fix bus revision of xhci.

--- sys/dev/usb/uhub.c.orig	2015-09-23 23:15:16.000000000 +0900
+++ sys/dev/usb/uhub.c	2015-09-28 06:38:39.000000000 +0900
 <at>  <at>  -1,5 +1,6  <at>  <at> 
 /*	$NetBSD: uhub.c,v 2015/09/23 13:49:59 skrll Exp $	*/
 /*	$FreeBSD: src/sys/dev/usb/uhub.c,v 1.18 1999/11/17 22:33:43 n_hibma Exp $	*/
+/*	$OpenBSD: uhub.c,v 1.86 2015/06/29 18:27:40 mpi Exp $ */

  * Copyright (c) 1998, 2004 The NetBSD Foundation, Inc.
 <at>  <at>  -546,10 +547,6  <at>  <at>  uhub_explore(struct usbd_device *dev)
 			status = UGETW(up->up_status.wPortStatus);
 			change = UGETW(up->up_status.wPortChange);
-			if (USB_IS_SS(dev->ud_speed)) {
-				status |= UPS_OTHER_SPEED;
-				USETW(up->up_status.wPortStatus, status);
(Continue reading)

Maxime Villard | 3 Oct 14:46 2015

Brainy: bug in x86/cpu_ucode_intel.c


-------------------- sys/arch/x86/x86/cpu_ucode_intel.c --------------------

129		uh = kmem_alloc(newbufsize, KM_SLEEP);
		if (uh == NULL) {
			printf("%s: memory allocation failed\n", __func__);
			return EINVAL;
		uh = (struct intel1_ucode_header *)roundup2((uintptr_t)uh, 16);
		/* Copy to the new area */
		memcpy(uh, sc->sc_blob, sc->sc_blobsize);


	intel_getcurrentucode(&oucodeversion, &platformid);
	if (oucodeversion >= ucodetarget) {
		rv = EEXIST; /* ??? */
		goto out;


	if (newbufsize != 0)
		kmem_free(uh, newbufsize);
	return rv;

(Continue reading)

SAITOH Masanobu | 3 Oct 05:01 2015

EuroBSDCon 2015 DevSummit presentation material (IIJ)

Hi, all.

 I put my presentation material at:

 Advice, opinion and discussion are welcome.

 Thanks in advance.


                SAITOH Masanobu (msaitoh <at>
                                 msaitoh <at>

Brian Buhrow | 24 Sep 09:07 2015

Potential problem with reading data from usb devices with ugen(4)

	hello folks.   Perhaps someone on this list can enlighten me as to
where I'm going wrong, but I think there may be an issue with ugen(4) when
using the bulk read ahead and write behind code in conjunction with file
descriptors which are in O_NONBLOCK mode.  This is with NetBSD/i386 5.2
with the UGEN_BULK_RA_WB code ifdef'd into the ugen(4) code.  I've looked
at -current and it looks like the problem is still there.  Let me explain:

	I'm trying to get the usbmuxd and libimobiledevice code working under
NetBSD using the libusb1-1.0.19 package.  The usbmuxd code scans the
available ugen devices, identifies which ones are Apple devices, and then
rescans the devices it identified as being of interest.  With the default
libusb1 code, this functionality doesn't work because the usbmuxd code
expects to be able to do this over and over again but the ugen(4) driver
locks the process in "ugenrb" when it checks to see if a given  device has
the proper bulk endpoints.  I modified the libusb1 NetBSD backend module to
enable the read ahead code  and write behind code, as well as to put the
file descriptor associated with each of the endpoints into non-blocking
mode with fcntl(2).    Now, the first pass usbmuxd makes works, but it doesn't
generate any requests of the Apple devices which cause them to respond with
data on the bulk endpoints.  That's fine, but when usbmuxd comes around to
begin conversing with the "interesting" devices again, it's told there's
nothing to read because the ugen(4) driver, which has read ahead enabled
already, doesn't check for new input from the USB device when read requests
are made and there's no data available.  Specifically, when this code is
enabled, I think data is read from the bulk end points of a device using
the function ugen_bulkra_intr().  In theory it's supposed to be a self
perpetuating function that keeps checking for input, but it seems to only
get called from itself or when the read ahead  code is enabled via the
ioctl(2) call.  The scenario looks like this to me:

(Continue reading)

Takahiro Hayashi | 23 Sep 15:32 2015

[patch] xhci patch 20150923


Here are xhci patches for nick-nhusb branch.

	+ Fix the name of multiple inclusion protection.
	+ Fix devices were not recognized at boot on some xhci
	  (AFAIK Intel PCHs).

--- sys/dev/usb/xhcireg.h.orig	2015-09-13 18:38:00.000000000 +0900
+++ sys/dev/usb/xhcireg.h	2015-09-13 18:53:03.000000000 +0900
 <at>  <at>  -26,8 +26,8  <at>  <at> 

-#ifndef _XHCIREG_H_
-#define	_XHCIREG_H_
+#ifndef _DEV_USB_XHCIREG_H_
+#define	_DEV_USB_XHCIREG_H_
 /* XHCI PCI config registers */
 #define	PCI_CBMEM		0x10	/* configuration base MEM */
 <at>  <at>  -470,4 +470,4  <at>  <at>  struct xhci_erste {
 } __packed __aligned(XHCI_ERSTE_ALIGN);
 #define XHCI_ERSTE_SIZE sizeof(struct xhci_erste)
(Continue reading)

Michael McConville | 22 Sep 01:05 2015

module(7) man page tweaks

Index: share/man/man7/module.7
RCS file: /cvsroot/src/share/man/man7/module.7,v
retrieving revision 1.3
diff -u -p -r1.3 module.7
--- share/man/man7/module.7	30 Jun 2011 20:09:15 -0000	1.3
+++ share/man/man7/module.7	21 Sep 2015 23:03:20 -0000
 <at>  <at>  -35,11 +35,11  <at>  <at> 
 Kernel modules allow the system administrator to
 dynamically add and remove functionality from a running system.
-This ability also helps software developers to develop
+This also helps software developers add
 new parts of the kernel without constantly rebooting to
 test their changes.
-Additionally, the kernel may automatically load software modules as
+The kernel may automatically load software modules as
 needed to perform requested operations.
 For example, an
 .Dq xyzfs
 <at>  <at>  -80,11 +80,11  <at>  <at>  One potential problem specific to block 
 is that the device nodes must exist for the devices to be accessed.
 These need to be created manually, after the driver module has been
 successfully loaded.
-The majority of the device driver modules however does not
+Most device driver modules do not
 need any manual intervention to function properly.
 .Ss Execution Interpreters
 Execution Interpreters can be loaded to provide support for executing
(Continue reading)

Maxime Villard | 19 Sep 16:18 2015

Brainy: UAF in iscsi_ioctl.c

in sys/dev/iscsi/iscsi_ioctl.c:

1542		free(sess, M_DEVBUF);
1544		DEB(1, ("Cleanup: session ended %d\n", sess->id));

I guess inverting the two instructions fixes the bug.

Found by Brainy.


Michael McConville | 15 Sep 05:15 2015

Preproc condition for GCC 2.x

I suspect that this preproc condition isn't necessary anymore? It's in

 * Description of an interface attribute, provided by potential
 * parent device drivers, referred to by child device configuration data.
struct cfiattrdata {
	const char *ci_name;
	int ci_loclen;
	const struct cflocdesc ci_locdesc[
#if defined(__GNUC__) && __GNUC__ <= 2