usb(4): Fix for use after free in combination with EVDEV_SUPPORT.

When EVDEV_SUPPORT was introduced, the USB transfers may be running
after the main FIFO is closed. In connection to this a race may

usb(4): Fix for use after free in combination with EVDEV_SUPPORT.

When EVDEV_SUPPORT was introduced, the USB transfers may be running
after the main FIFO is closed. In connection to this a race may appear
which can lead to use-after-free scenarios. Fix this for all FIFO
consumers by initializing and resetting the FIFO queues under the
lock used by the client. Then the client driver will see an empty
queue in all cases a race may appear.

Found by: pho@
Sponsored by: NVIDIA Networking

(cherry picked from commit aad0c65d6b37364d8ba92ecb8c85e004398a5194)

show more ...

usb: clean up empty lines in .c and .h files

usb(4): Stop checking for failures from malloc(M_WAITOK).

Handle the fact that parts of usb(4) can be compiled into the boot
loader, where M_WAITOK does not guarantee a successful allocation.

PR:

usb(4): Stop checking for failures from malloc(M_WAITOK).

Handle the fact that parts of usb(4) can be compiled into the boot
loader, where M_WAITOK does not guarantee a successful allocation.

PR: 240545
Submitted by: Andrew Reiter <[email protected]> (original version)
Reviewed by: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D25706

show more ...

Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (2 of many)

r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marke

Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (2 of many)

r357614 added CTLFLAG_NEEDGIANT to make it easier to find nodes that are
still not MPSAFE (or already are but aren’t properly marked). Use it in
preparation for a general review of all nodes.
This is non-functional change that adds annotations to SYSCTL_NODE and
SYSCTL_PROC nodes using one of the soon-to-be-required flags.

Reviewed by: hselasky, kib
Approved by: kib (mentor)
Differential Revision: https://reviews.freebsd.org/D23632

show more ...

Do pass removing some write-only variables from the kernel.

This reduces noise when kernel is compiled by newer GCC versions,
such as one used by external toolchain ports.

Reviewed by: kib, andrew(

Do pass removing some write-only variables from the kernel.

This reduces noise when kernel is compiled by newer GCC versions,
such as one used by external toolchain ports.

Reviewed by: kib, andrew(sys/arm and sys/arm64), emaste(partial), erj(partial)
Reviewed by: jhb (sys/dev/pci/* sys/kern/vfs_aio.c and sys/kern/kern_synch.c)
Differential Revision: https://reviews.freebsd.org/D10385

show more ...

sys/dev: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error

sys/dev: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

show more ...

Improve USB polling mode by not locking any mutexes, asserting any
mutexes or using any callouts when active.

Trying to lock a mutex when KDB is active or the scheduler is stopped
can result in infi

Improve USB polling mode by not locking any mutexes, asserting any
mutexes or using any callouts when active.

Trying to lock a mutex when KDB is active or the scheduler is stopped
can result in infinite wait loops. The same goes for calling callout
related functions which in turn lock mutexes.

If the USB controller at which a USB keyboard is connected is idle
when KDB is entered, polling the USB keyboard via USB will always
succeed. Else polling may fail depending on which state the USB
subsystem and USB interrupt handler is in. This is unavoidable unless
KDB can wait for USB interrupt threads to complete before stalling the
CPU(s).

Tested by: Bruce Evans <[email protected]>
MFC after: 4 weeks

show more ...

Check for signals when locking the USB enumeration thread from
userspace, so that USB applications can be killed if an enumeration
thread should be stuck for various reasons.

MFC after: 1 week

dev/usb: minor spelling fixes in comments.

No functional change.

Reviewed by: hselasky

Don't wait forever for USB data to be flushed.

MFC after: 1 week

Resolve a special case deadlock: When two or more threads are
simultaneously detaching kernel drivers on the same USB device we can
get stuck in the "usb_wait_pending_ref_locked()" function because t

Resolve a special case deadlock: When two or more threads are
simultaneously detaching kernel drivers on the same USB device we can
get stuck in the "usb_wait_pending_ref_locked()" function because the
conditions needed for allowing detach are not met. The "destroy_dev()"
function waits for all system calls involving the given character
device to return. Character device system calls may lock the USB
enumeration lock, which is also held when "destroy_dev()" is
called. This can sometimes lead to a deadlock not noticed by
WITNESS. The current solution is to ensure the calling thread is the
only one holding the USB enumeration lock and prevent other threads
from getting refs while a USB device detach is ongoing. This turned
out not to be sufficient. To solve this deadlock we could use
"destroy_dev_sched()" to schedule the device destruction in the
background, but then we don't know when it is safe to free() the
private data of the character device. Instead a callback function is
executed by the USB explore process to kill off any leftover USB
character devices synchronously after the USB device explore code is
finished and the USB enumeration lock is no longer locked. This makes
porting easier and also ensures us that character devices must
eventually go away after a USB device detach.

While at it ensure that "flag_iserror" is only written when "priv_mtx"
is locked, which is protecting it.

MFC after: 5 days

show more ...

When we fail to get a USB reference we should just return, because
there are no more references held.

MFC after: 3 days

Pull in r267961 and r267973 again. Fix for issues reported will follow.

Revert r267961, r267973:

These changes prevent sysctl(8) from returning proper output,
such as:

1) no output from sysctl(8)
2) erroneously returning ENOMEM with tools like truss(1)
or uname(1

Revert r267961, r267973:

These changes prevent sysctl(8) from returning proper output,
such as:

1) no output from sysctl(8)
2) erroneously returning ENOMEM with tools like truss(1)
or uname(1)
truss: can not get etype: Cannot allocate memory

show more ...

Extend the meaning of the CTLFLAG_TUN flag to automatically check if
there is an environment variable which shall initialize the SYSCTL
during early boot. This works for all SYSCTL types both statica

Extend the meaning of the CTLFLAG_TUN flag to automatically check if
there is an environment variable which shall initialize the SYSCTL
during early boot. This works for all SYSCTL types both statically and
dynamically created ones, except for the SYSCTL NODE type and SYSCTLs
which belong to VNETs. A new flag, CTLFLAG_NOFETCH, has been added to
be used in the case a tunable sysctl has a custom initialisation
function allowing the sysctl to still be marked as a tunable. The
kernel SYSCTL API is mostly the same, with a few exceptions for some
special operations like iterating childrens of a static/extern SYSCTL
node. This operation should probably be made into a factored out
common macro, hence some device drivers use this. The reason for
changing the SYSCTL API was the need for a SYSCTL parent OID pointer
and not only the SYSCTL parent OID list pointer in order to quickly
generate the sysctl path. The motivation behind this patch is to avoid
parameter loading cludges inside the OFED driver subsystem. Instead of
adding special code to the OFED driver subsystem to post-load tunables
into dynamically created sysctls, we generalize this in the kernel.

Other changes:
- Corrected a possibly incorrect sysctl name from "hw.cbb.intr_mask"
to "hw.pcic.intr_mask".
- Removed redundant TUNABLE statements throughout the kernel.
- Some minor code rewrites in connection to removing not needed
TUNABLE statements.
- Added a missing SYSCTL_DECL().
- Wrapped two very long lines.
- Avoid malloc()/free() inside sysctl string handling, in case it is
called to initialize a sysctl from a tunable, hence malloc()/free() is
not ready when sysctls from the sysctl dataset are registered.
- Bumped FreeBSD version to indicate SYSCTL API change.

MFC after: 2 weeks
Sponsored by: Mellanox Technologies

show more ...

Resolve a deadlock setting the USB configuration index from userspace
on USB HUBs by moving the code into the USB explore threads. The
deadlock happens because child devices of the USB HUB don't have

Resolve a deadlock setting the USB configuration index from userspace
on USB HUBs by moving the code into the USB explore threads. The
deadlock happens because child devices of the USB HUB don't have the
expected reference count when called from outside the explore
thread. Only the HUB device itself, which the IOCTL interface locks,
gets the correct reference count.

MFC after: 3 days

show more ...

Try to resolve a possible deadlock when detaching USB devices which
create character devices. The deadlock can happen if an application is
issuing IOCTLs which require USB refcounting, at the same ti

Try to resolve a possible deadlock when detaching USB devices which
create character devices. The deadlock can happen if an application is
issuing IOCTLs which require USB refcounting, at the same time the USB
device is detaching.

There is already a counter in place in the USB device structure to
detect this situation, but it was not always checked ahead of invoking
functions that might destroy character devices, like detach, set
configuration, set alternate interface or detach active kernel driver.

Reported by: Daniel O'Connor <[email protected]>
MFC after: 1 week

show more ...

Clear the knote list before destroying it.
Add seldrain() to wakeup any pollers.

Submitted by: Kohji Okuno <[email protected]>
MFC after: 2 weeks

Add missing call to "knlist_destroy()".

Found by: John-Mark Gurney <[email protected]>
MFC after: 2 weeks

Add support for kqfilter to USB character devices.

Submitted by: Kohji Okuno <[email protected]>
MFC after: 2 weeks

Hide now harmless warning from dmesg.

MFC after: 1 week

Fix a possible memory use after free and leak situation associated
with USB device detach when using character device handles. This also
includes LibUSB. It turns out that "usb_close()" cannot always

Fix a possible memory use after free and leak situation associated
with USB device detach when using character device handles. This also
includes LibUSB. It turns out that "usb_close()" cannot always get a
reference to clean up its USB transfers and such, if called during the
kernel USB device detach.

Analysis by: hselasky @
Reported by: Juergen Lock <[email protected]>
MFC after: 1 week

show more ...

Close a minor deadlock.

MFC after: 1 week

Fix a deadlock when trying to power off a USB device. The deadlock
happens because the code in question is trying to modify the parent
USB port registers outside the USB explore thread.

MFC after: 3

Fix a deadlock when trying to power off a USB device. The deadlock
happens because the code in question is trying to modify the parent
USB port registers outside the USB explore thread.

MFC after: 3 days

show more ...

Resolve a LOR after r246616. Protect control requests using the USB device
enumeration lock. Make sure all callers of usbd_enum_lock() check the return
value. Remove the control transfer specific loc

Resolve a LOR after r246616. Protect control requests using the USB device
enumeration lock. Make sure all callers of usbd_enum_lock() check the return
value. Remove the control transfer specific lock. Bump the FreeBSD version
number, hence external USB modules may need to be recompiled due to a USB
device structure change.

MFC after: 1 week

show more ...