Re: acpi(4): GenericSerialBus OperationRegion support

[Mike Larkin]

On Sun, May 13, 2018 at 03:57:50PM +0200, Mark Kettenis wrote:
> The diff below implements functionality that allows AML access to
> devices that sit on an I2C bus.  Only a subset of the various access
> methods is implemented; some of the missing ones are not a very good
> fit for our AML implementation.  But this is enough to make reading
> the battery status on the little Lenovo that mlarkin@ handed me at Elk
> Lakes work.
> 

Can you elaborate on what isn't a good fit? Just curious.

-ml

> Probably needs some wider testing.
> 
> After that's done, ok?
> 
> 
> Index: dev/acpi/acpi.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/acpi.c,v
> retrieving revision 1.341
> diff -u -p -r1.341 acpi.c
> --- dev/acpi/acpi.c   27 Mar 2018 21:11:16 -  1.341
> +++ dev/acpi/acpi.c   13 May 2018 13:49:46 -
> @@ -920,6 +920,23 @@ acpi_register_gpio(struct acpi_softc *sc
>  }
>  
>  void
> +acpi_register_gsb(struct acpi_softc *sc, struct aml_node *devnode)
> +{
> + struct aml_value arg[2];
> + struct aml_node *node;
> +
> + /* Register GenericSerialBus address space. */
> + memset(, 0, sizeof(arg));
> + arg[0].type = AML_OBJTYPE_INTEGER;
> + arg[0].v_integer = ACPI_OPREG_GSB;
> + arg[1].type = AML_OBJTYPE_INTEGER;
> + arg[1].v_integer = 1;
> + node = aml_searchname(devnode, "_REG");
> + if (node && aml_evalnode(sc, node, 2, arg, NULL))
> + printf("%s: _REG failed\n", node->name);
> +}
> +
> +void
>  acpi_attach(struct device *parent, struct device *self, void *aux)
>  {
>   struct bios_attach_args *ba = aux;
> Index: dev/acpi/acpivar.h
> ===
> RCS file: /cvs/src/sys/dev/acpi/acpivar.h,v
> retrieving revision 1.89
> diff -u -p -r1.89 acpivar.h
> --- dev/acpi/acpivar.h29 Nov 2017 22:51:01 -  1.89
> +++ dev/acpi/acpivar.h13 May 2018 13:49:46 -
> @@ -333,6 +333,7 @@ void acpi_wakeup(void *);
>  int acpi_gasio(struct acpi_softc *, int, int, uint64_t, int, int, void *);
>  
>  void acpi_register_gpio(struct acpi_softc *, struct aml_node *);
> +void acpi_register_gsb(struct acpi_softc *, struct aml_node *);
>  
>  int  acpi_set_gpehandler(struct acpi_softc *, int,
>   int (*)(struct acpi_softc *, int, void *), void *, int);
> Index: dev/acpi/amltypes.h
> ===
> RCS file: /cvs/src/sys/dev/acpi/amltypes.h,v
> retrieving revision 1.45
> diff -u -p -r1.45 amltypes.h
> --- dev/acpi/amltypes.h   8 May 2016 11:08:01 -   1.45
> +++ dev/acpi/amltypes.h   13 May 2018 13:49:46 -
> @@ -371,6 +371,8 @@ struct acpi_gpio {
>   void(*intr_establish)(void *, int, int, int (*)(void *), void *);
>  };
>  
> +struct i2c_controller;
> +
>  struct aml_node {
>   struct aml_node *parent;
>  
> @@ -385,8 +387,9 @@ struct aml_node {
>   u_int8_t*end;
>  
>   struct aml_value *value;
> - struct acpi_pci  *pci;
> + struct acpi_pci *pci;
>   struct acpi_gpio *gpio;
> + struct i2c_controller *i2c;
>  };
>  
>  #define aml_bitmask(n)   (1L << ((n) & 0x7))
> Index: dev/acpi/dsdt.c
> ===
> RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v
> retrieving revision 1.236
> diff -u -p -r1.236 dsdt.c
> --- dev/acpi/dsdt.c   29 Nov 2017 15:22:22 -  1.236
> +++ dev/acpi/dsdt.c   13 May 2018 13:49:47 -
> @@ -33,6 +33,8 @@
>  #include 
>  #include 
>  
> +#include 
> +
>  #ifdef SMALL_KERNEL
>  #undef ACPI_DEBUG
>  #endif
> @@ -2288,6 +2290,7 @@ aml_register_regionspace(struct aml_node
>  
>  void aml_rwgen(struct aml_value *, int, int, struct aml_value *, int, int);
>  void aml_rwgpio(struct aml_value *, int, int, struct aml_value *, int, int);
> +void aml_rwgsb(struct aml_value *, int, int, struct aml_value *, int, int);
>  void aml_rwindexfield(struct aml_value *, struct aml_value *val, int);
>  void aml_rwfield(struct aml_value *, int, int, struct aml_value *, int);
>  
> @@ -2512,6 +2515,96 @@ aml_rwgpio(struct aml_value *conn, int b
>  }
>  
>  void
> +aml_rwgsb(struct aml_value *conn, int bpos, int blen, struct aml_value *val,
> +int mode, int flag)
> +{
> + union acpi_resource *crs = (union acpi_resource *)conn->v_buffer;
> + struct aml_node *node;
> + i2c_tag_t tag;
> + i2c_op_t op;
> + i2c_addr_t addr;
> + int cmdlen, buflen;
> + uint8_t cmd;
> + uint8_t *buf;
> + int err;
> +
> + if (conn->type != AML_OBJTYPE_BUFFER || conn->length < 5 ||
> + AML_CRSTYPE(crs) != LR_SERBUS || AML_CRSLEN(crs) > conn->length ||
> + crs->lr_i2cbus.revid != 1 || crs->lr_i2cbus.type != LR_SERBUS_I2C)
> + aml_die("Invalid GenericSerialBus");
> + if (AML_FIELD_ACCESS(flag) != AML_FIELD_BUFFERACC ||
> + bpos & 0x3 || blen != 8)
> + aml_die("Invalid GenericSerialBus 

Re: Missing hardlink for /usr/bin/cc

[Philip Guenther]

On Sat, May 12, 2018 at 8:59 AM, Anthony Coulter 
wrote:

> $ ls -li /usr/bin/{cc,c++,clang,clang++,clang-cpp} /usr/libexec/cpp
> 156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/c++
> 155926 -r-xr-xr-x  1 root  bin  46885664 May  4 11:12 /usr/bin/cc
> 156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/clang
> 156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/clang++
> 156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/clang-cpp
> 156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/libexec/cpp
> $ diff /usr/bin/{cc,clang}
> $
>
> I interpret this as /usr/bin/cc accidentally being a copy instead of a
> hard link. Is this correct?
>

The underlying issue is that /usr/bin/cc is packaged in baseXY.tgz where
it's needed for (sane) kernel and library relinking, while the others are
packaged in compXY.tgz.

Perhaps we should move the others into baseXY.tgz so the link is preserved,
but that would have to be only on the clang-as-cc archs and there are
probably other catches I haven't noticed.  This is perhaps a puzzle best
for Theo...


Philip Guenther

Missing hardlink for /usr/bin/cc

[Anthony Coulter]

$ ls -li /usr/bin/{cc,c++,clang,clang++,clang-cpp} /usr/libexec/cpp
156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/c++
155926 -r-xr-xr-x  1 root  bin  46885664 May  4 11:12 /usr/bin/cc
156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/clang
156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/clang++
156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/bin/clang-cpp
156140 -r-xr-xr-x  5 root  bin  46885664 May  4 11:12 /usr/libexec/cpp
$ diff /usr/bin/{cc,clang}
$

I interpret this as /usr/bin/cc accidentally being a copy instead of a
hard link. Is this correct?

Regards,
Anthony Coulter

com(4) console register width/shift support

[Mark Kettenis]

The diff below extends the register width/shift support in com(4) such
that the serial console on armv7 and arm64 doesn't have to use the
nasty bus space hacks anymore.  I removed the com_common_getc() and
com_common_putc() functions as they didn't really serve any purpose
anymore.  The equivalent code is now simply part of comcngetc() and
comcnputc().

ok?


Index: arch/arm64/dev/com_fdt.c
===
RCS file: /cvs/src/sys/arch/arm64/dev/com_fdt.c,v
retrieving revision 1.5
diff -u -p -r1.5 com_fdt.c
--- arch/arm64/dev/com_fdt.c6 May 2018 17:16:48 -   1.5
+++ arch/arm64/dev/com_fdt.c13 May 2018 21:04:41 -
@@ -28,8 +28,6 @@
 #include 
 #include 
 
-#include 
-
 #include 
 #include 
 #include 
@@ -45,12 +43,8 @@ struct cfattach com_fdt_ca = {
sizeof (struct com_softc), com_fdt_match, com_fdt_attach
 };
 
-int com_fdt_cngetc(dev_t);
-void com_fdt_cnputc(dev_t, int);
-void com_fdt_cnpollc(dev_t, int);
-
 struct consdev com_fdt_cons = {
-   NULL, NULL, com_fdt_cngetc, com_fdt_cnputc, com_fdt_cnpollc, NULL,
+   NULL, NULL, comcngetc, comcnputc, comcnpollc, NULL,
NODEV, CN_LOWPRI
 };
 
@@ -76,7 +70,10 @@ com_fdt_init_cons(void)
 * comcnattach() does by doing the minimal setup here.
 */
 
-   comconsiot = _a4x_bs_tag;
+   comcons_reg_width = OF_getpropint(stdout_node, "reg-io-width", 4);
+   comcons_reg_shift = OF_getpropint(stdout_node, "reg-shift", 2);
+
+   comconsiot = fdt_cons_bs_tag;
if (bus_space_map(comconsiot, reg.addr, reg.size, 0, ))
return;
 
@@ -160,21 +157,4 @@ com_fdt_intr_designware(void *cookie)
com_read_reg(sc, com_usr);
 
return comintr(sc);
-}
-
-int
-com_fdt_cngetc(dev_t dev)
-{
-   return com_common_getc(comconsiot, comconsioh);
-}
-
-void
-com_fdt_cnputc(dev_t dev, int c)
-{
-   com_common_putc(comconsiot, comconsioh, c);
-}
-
-void
-com_fdt_cnpollc(dev_t dev, int on)
-{
 }
Index: arch/armv7/dev/com_fdt.c
===
RCS file: /cvs/src/sys/arch/armv7/dev/com_fdt.c,v
retrieving revision 1.12
diff -u -p -r1.12 com_fdt.c
--- arch/armv7/dev/com_fdt.c7 May 2018 14:13:54 -   1.12
+++ arch/armv7/dev/com_fdt.c13 May 2018 21:04:41 -
@@ -28,9 +28,6 @@
 #include 
 #include 
 
-/* pick up armv7_a4x_bs_tag */
-#include 
-
 #include 
 #include 
 #include 
@@ -49,12 +46,8 @@ struct cfattach com_fdt_ca = {
sizeof (struct com_softc), com_fdt_match, com_fdt_attach
 };
 
-int com_fdt_cngetc(dev_t);
-void com_fdt_cnputc(dev_t, int);
-void com_fdt_cnpollc(dev_t, int);
-
 struct consdev com_fdt_cons = {
-   NULL, NULL, com_fdt_cngetc, com_fdt_cnputc, com_fdt_cnpollc, NULL,
+   NULL, NULL, comcngetc, comcnputc, comcnpollc, NULL,
NODEV, CN_LOWPRI
 };
 
@@ -80,7 +73,10 @@ com_fdt_init_cons(void)
 * comcnattach() does by doing the minimal setup here.
 */
 
-   comconsiot = _a4x_bs_tag;
+   comcons_reg_width = OF_getpropint(stdout_node, "reg-io-width", 4);
+   comcons_reg_shift = OF_getpropint(stdout_node, "reg-shift", 2);
+
+   comconsiot = fdt_cons_bs_tag;
if (bus_space_map(comconsiot, reg.addr, reg.size, 0, ))
return;
 
@@ -165,21 +161,4 @@ com_fdt_intr_designware(void *cookie)
com_read_reg(sc, com_usr);
 
return comintr(sc);
-}
-
-int
-com_fdt_cngetc(dev_t dev)
-{
-   return com_common_getc(comconsiot, comconsioh);
-}
-
-void
-com_fdt_cnputc(dev_t dev, int c)
-{
-   com_common_putc(comconsiot, comconsioh, c);
-}
-
-void
-com_fdt_cnpollc(dev_t dev, int on)
-{
 }
Index: dev/ic/com.c
===
RCS file: /cvs/src/sys/dev/ic/com.c,v
retrieving revision 1.168
diff -u -p -r1.168 com.c
--- dev/ic/com.c2 May 2018 13:20:12 -   1.168
+++ dev/ic/com.c13 May 2018 21:04:42 -
@@ -1133,52 +1133,6 @@ comintr(void *arg)
}
 }
 
-/*
- * The following functions are polled getc and putc routines, used
- * by the console glue.
- */
-
-int
-com_common_getc(bus_space_tag_t iot, bus_space_handle_t ioh)
-{
-   int s = splhigh();
-   u_char stat, c;
-
-   /* Block until a character becomes available. */
-   while (!ISSET(stat = bus_space_read_1(iot, ioh, com_lsr), LSR_RXRDY))
-   continue;
-
-   c = bus_space_read_1(iot, ioh, com_data);
-
-   /* Clear any interrupts generated by this transmission. */
-   stat = bus_space_read_1(iot, ioh, com_iir);
-   splx(s);
-   return (c);
-}
-
-void
-com_common_putc(bus_space_tag_t iot, bus_space_handle_t ioh, int c)
-{
-   int s = spltty();
-   int timo;
-
-   /* Wait for any pending transmission to finish. */
-   timo = 2000;
-   while (!ISSET(bus_space_read_1(iot, ioh, com_lsr), LSR_TXRDY) && --timo)
-   delay(1);
-
-   bus_space_write_1(iot, ioh, com_data, (u_int8_t)(c & 

Re: pfctl check if rdomain exists

[Alexander Bluhm]

On Sun, May 13, 2018 at 03:22:39PM +0200, Sebastian Benoit wrote:
> Here is a better version that moves the RT_TABLEID_MAX check into the
> rdomain_check() function.

I think hiding the yyerror() in rdomain_check() is not so nice.  So
I like your first version more.

Could it be fixed with an "else if"?

if ($2 < 0 || $2 > RT_TABLEID_MAX)
yyerror("rdomain %lld outside range", $2);
ELSE if (rdomain_exists($2) != 1)
yyerror("rdomain %lld does not exist", $2);

> still ok?

Your version is also correct and other functions also call yyerror().
So although I don't like it, OK bluhm@

> + if (errno == ENOENT)
> + /* table nonexistent */
> + goto notfound;

Could you put braces around this if block?  Although not necessary
as one line is a comment, an if with a two lines block looks odd.

bluhm

const for X509_EXT_*

[Theo Buehler]

Here's a slightly more interesting one. It adds const to 'section',
'name' and 'value' parameters of the X509_EXT_* famliy of
functions. We also need adjust the get_section() and get_string()
members of the X509V3_CONF_METHOD_st structure to match OpenSSL's as
well as a handful of internal functions. As usual, run through a bulk
by sthen.

Index: lib/libcrypto/x509v3/v3_conf.c
===
RCS file: /cvs/src/lib/libcrypto/x509v3/v3_conf.c,v
retrieving revision 1.21
diff -u -p -r1.21 v3_conf.c
--- lib/libcrypto/x509v3/v3_conf.c  29 Jan 2017 17:49:23 -  1.21
+++ lib/libcrypto/x509v3/v3_conf.c  13 May 2018 15:38:36 -
@@ -66,23 +66,27 @@
 #include 
 #include 
 
-static int v3_check_critical(char **value);
-static int v3_check_generic(char **value);
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
 int crit, int type, X509V3_CTX *ctx);
-static char *conf_lhash_get_string(void *db, char *section, char *value);
-static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static char *conf_lhash_get_string(void *db, const char *section,
+const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db,
+const char *section);
 static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, int ext_nid,
 int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long 
*ext_len);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+long *ext_len);
 
 /* CONF *conf:  Config file*/
 /* char *name:  Name*/
 /* char *value:  Value*/
 X509_EXTENSION *
-X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value)
+X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+const char *value)
 {
int crit;
int ext_type;
@@ -102,7 +106,8 @@ X509V3_EXT_nconf(CONF *conf, X509V3_CTX 
 /* CONF *conf:  Config file*/
 /* char *value:  Value*/
 X509_EXTENSION *
-X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value)
+X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+const char *value)
 {
int crit;
int ext_type;
@@ -117,7 +122,8 @@ X509V3_EXT_nconf_nid(CONF *conf, X509V3_
 /* CONF *conf:  Config file*/
 /* char *value:  Value*/
 static X509_EXTENSION *
-do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value)
+do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit,
+const char *value)
 {
const X509V3_EXT_METHOD *method;
X509_EXTENSION *ext;
@@ -233,9 +239,9 @@ X509V3_EXT_i2d(int ext_nid, int crit, vo
 
 /* Check the extension string for critical flag */
 static int
-v3_check_critical(char **value)
+v3_check_critical(const char **value)
 {
-   char *p = *value;
+   const char *p = *value;
 
if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
return 0;
@@ -247,10 +253,10 @@ v3_check_critical(char **value)
 
 /* Check extension string for generic extension and return the type */
 static int
-v3_check_generic(char **value)
+v3_check_generic(const char **value)
 {
int gen_type = 0;
-   char *p = *value;
+   const char *p = *value;
 
if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
p += 4;
@@ -269,7 +275,7 @@ v3_check_generic(char **value)
 
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *
-v3_generic_extension(const char *ext, char *value, int crit, int gen_type,
+v3_generic_extension(const char *ext, const char *value, int crit, int 
gen_type,
 X509V3_CTX *ctx)
 {
unsigned char *ext_der = NULL;
@@ -318,7 +324,7 @@ err:
 }
 
 static unsigned char *
-generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
+generic_asn1(const char *value, X509V3_CTX *ctx, long *ext_len)
 {
ASN1_TYPE *typ;
unsigned char *ext_der = NULL;
@@ -336,7 +342,7 @@ generic_asn1(char *value, X509V3_CTX *ct
  */
 
 int
-X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
 STACK_OF(X509_EXTENSION) **sk)
 {
X509_EXTENSION *ext;
@@ -360,7 +366,8 @@ X509V3_EXT_add_nconf_sk(CONF *conf, X509
 /* Convenience functions to add extensions to a certificate, CRL and request */
 
 int
-X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert)
+X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+X509 *cert)
 {
STACK_OF(X509_EXTENSION) **sk = NULL;
 
@@ -372,7 +379,7 @@ X509V3_EXT_add_nconf(CONF 

Re: [patch] add missing pledge to aucat(1).

[Alexandre Ratchov]

On Mon, May 07, 2018 at 08:34:32PM +0200, Jesper Wallin wrote:
> On Mon, May 07, 2018 at 03:30:19PM +0200, Jesper Wallin wrote:
> > I've still not been able to test this using MIDI devices, but everything
> > else seems to work as far as I can tell.
> 
> As Theo (tb@) kindly pointed out to me off-list, aucat(1) supports the
> use of multiple -i and/or -o flags, which my previous patch broke.
> 
> Instead, I've now split slot_new() into two functions, where slot_new()
> only sets the path to the file with all the parameters, and slot_parse()
> which loops through all files and parse the headers.
> 
> Same testing as before as well as specifying -i/-o multiple times.
> 
> 

That's what I meant. The "hdr", "rate" and "pars" variables must also
be saved similarly to "path", but this makes the slot structure a
duplicate of the afile structure does, which is ugly and error-prone.

So afile_open() may need also to be split into a "init" and "open"
parts.

Sorry, I thought all this would be much easier :(

const for TS_*

[Theo Buehler]

Another trivial diff that adds const qualifiers to the ASN1_OBJ argument
of a number of TS_* functions. As usual tested in sthen's bulk build.

Index: lib/libcrypto/ts/ts.h
===
RCS file: /var/cvs/src/lib/libcrypto/ts/ts.h,v
retrieving revision 1.8
diff -u -p -r1.8 ts.h
--- lib/libcrypto/ts/ts.h   27 Dec 2016 16:05:57 -  1.8
+++ lib/libcrypto/ts/ts.h   13 May 2018 14:47:28 -
@@ -365,7 +365,7 @@ X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_M
 int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
 ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
 
-int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy);
 ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
 
 int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
@@ -378,7 +378,7 @@ STACK_OF(X509_EXTENSION) *TS_REQ_get_ext
 void TS_REQ_ext_free(TS_REQ *a);
 int TS_REQ_get_ext_count(TS_REQ *a);
 int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
-int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
 int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
 X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
 X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
@@ -524,14 +524,14 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_
 int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
 
 /* This parameter must be set. */
-int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT 
*def_policy);
 
 /* No additional certs are included in the response by default. */
 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
 
 /* Adds a new acceptable policy, only the default policy
is accepted by default. */
-int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy);
 
 /* Adds a new acceptable message digest. Note that no message digests
are accepted by default. The md argument is shared with the caller. */
Index: lib/libcrypto/ts/ts_req_utils.c
===
RCS file: /var/cvs/src/lib/libcrypto/ts/ts_req_utils.c,v
retrieving revision 1.5
diff -u -p -r1.5 ts_req_utils.c
--- lib/libcrypto/ts/ts_req_utils.c 29 Jan 2017 17:49:23 -  1.5
+++ lib/libcrypto/ts/ts_req_utils.c 13 May 2018 14:47:28 -
@@ -134,7 +134,7 @@ TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a
 }
 
 int
-TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy)
+TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy)
 {
ASN1_OBJECT *new_policy;
 
@@ -219,7 +219,7 @@ TS_REQ_get_ext_by_NID(TS_REQ *a, int nid
 }
 
 int
-TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos)
+TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos)
 {
return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
 }
Index: lib/libcrypto/ts/ts_rsp_sign.c
===
RCS file: /var/cvs/src/lib/libcrypto/ts/ts_rsp_sign.c,v
retrieving revision 1.21
diff -u -p -r1.21 ts_rsp_sign.c
--- lib/libcrypto/ts/ts_rsp_sign.c  29 Jan 2017 17:49:23 -  1.21
+++ lib/libcrypto/ts/ts_rsp_sign.c  13 May 2018 14:47:28 -
@@ -201,7 +201,7 @@ TS_RESP_CTX_set_signer_key(TS_RESP_CTX *
 }
 
 int
-TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy)
+TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
 {
if (ctx->default_policy)
ASN1_OBJECT_free(ctx->default_policy);
@@ -238,7 +238,7 @@ TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, 
 }
 
 int
-TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy)
+TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy)
 {
ASN1_OBJECT *copy = NULL;
 

const for SXNET_add_id_{INTEGER,asc,ulong}(3)

[Theo Buehler]

Small and simple diff that makes the char * arguments of these three
functions const.

Index: lib/libcrypto/x509v3/v3_sxnet.c
===
RCS file: /var/cvs/src/lib/libcrypto/x509v3/v3_sxnet.c,v
retrieving revision 1.20
diff -u -p -r1.20 v3_sxnet.c
--- lib/libcrypto/x509v3/v3_sxnet.c 25 Apr 2018 11:48:21 -  1.20
+++ lib/libcrypto/x509v3/v3_sxnet.c 13 May 2018 14:42:11 -
@@ -253,7 +253,7 @@ sxnet_v2i(X509V3_EXT_METHOD *method, X50
 /* Add an id given the zone as an ASCII number */
 
 int
-SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
+SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
 {
ASN1_INTEGER *izone = NULL;
 
@@ -267,7 +267,8 @@ SXNET_add_id_asc(SXNET **psx, char *zone
 /* Add an id given the zone as an unsigned long */
 
 int
-SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen)
+SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+int userlen)
 {
ASN1_INTEGER *izone = NULL;
 
@@ -286,7 +287,8 @@ SXNET_add_id_ulong(SXNET **psx, unsigned
  */
 
 int
-SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, int userlen)
+SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
+int userlen)
 {
SXNET *sx = NULL;
SXNETID *id = NULL;
Index: lib/libcrypto/x509v3/x509v3.h
===
RCS file: /var/cvs/src/lib/libcrypto/x509v3/x509v3.h,v
retrieving revision 1.23
diff -u -p -r1.23 x509v3.h
--- lib/libcrypto/x509v3/x509v3.h   25 Apr 2018 11:48:21 -  1.23
+++ lib/libcrypto/x509v3/x509v3.h   13 May 2018 14:42:11 -
@@ -524,9 +524,12 @@ SXNETID *d2i_SXNETID(SXNETID **a, const 
 int i2d_SXNETID(SXNETID *a, unsigned char **out);
 extern const ASN1_ITEM SXNETID_it;
 
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
-int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int 
userlen); 
-int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int 
userlen); 
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user,
+int userlen); 
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+int userlen); 
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
+int userlen); 
 
 ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);

acpi(4): GenericSerialBus OperationRegion support

[Mark Kettenis]

The diff below implements functionality that allows AML access to
devices that sit on an I2C bus.  Only a subset of the various access
methods is implemented; some of the missing ones are not a very good
fit for our AML implementation.  But this is enough to make reading
the battery status on the little Lenovo that mlarkin@ handed me at Elk
Lakes work.

Probably needs some wider testing.

After that's done, ok?


Index: dev/acpi/acpi.c
===
RCS file: /cvs/src/sys/dev/acpi/acpi.c,v
retrieving revision 1.341
diff -u -p -r1.341 acpi.c
--- dev/acpi/acpi.c 27 Mar 2018 21:11:16 -  1.341
+++ dev/acpi/acpi.c 13 May 2018 13:49:46 -
@@ -920,6 +920,23 @@ acpi_register_gpio(struct acpi_softc *sc
 }
 
 void
+acpi_register_gsb(struct acpi_softc *sc, struct aml_node *devnode)
+{
+   struct aml_value arg[2];
+   struct aml_node *node;
+
+   /* Register GenericSerialBus address space. */
+   memset(, 0, sizeof(arg));
+   arg[0].type = AML_OBJTYPE_INTEGER;
+   arg[0].v_integer = ACPI_OPREG_GSB;
+   arg[1].type = AML_OBJTYPE_INTEGER;
+   arg[1].v_integer = 1;
+   node = aml_searchname(devnode, "_REG");
+   if (node && aml_evalnode(sc, node, 2, arg, NULL))
+   printf("%s: _REG failed\n", node->name);
+}
+
+void
 acpi_attach(struct device *parent, struct device *self, void *aux)
 {
struct bios_attach_args *ba = aux;
Index: dev/acpi/acpivar.h
===
RCS file: /cvs/src/sys/dev/acpi/acpivar.h,v
retrieving revision 1.89
diff -u -p -r1.89 acpivar.h
--- dev/acpi/acpivar.h  29 Nov 2017 22:51:01 -  1.89
+++ dev/acpi/acpivar.h  13 May 2018 13:49:46 -
@@ -333,6 +333,7 @@ void acpi_wakeup(void *);
 int acpi_gasio(struct acpi_softc *, int, int, uint64_t, int, int, void *);
 
 void   acpi_register_gpio(struct acpi_softc *, struct aml_node *);
+void   acpi_register_gsb(struct acpi_softc *, struct aml_node *);
 
 intacpi_set_gpehandler(struct acpi_softc *, int,
int (*)(struct acpi_softc *, int, void *), void *, int);
Index: dev/acpi/amltypes.h
===
RCS file: /cvs/src/sys/dev/acpi/amltypes.h,v
retrieving revision 1.45
diff -u -p -r1.45 amltypes.h
--- dev/acpi/amltypes.h 8 May 2016 11:08:01 -   1.45
+++ dev/acpi/amltypes.h 13 May 2018 13:49:46 -
@@ -371,6 +371,8 @@ struct acpi_gpio {
void(*intr_establish)(void *, int, int, int (*)(void *), void *);
 };
 
+struct i2c_controller;
+
 struct aml_node {
struct aml_node *parent;
 
@@ -385,8 +387,9 @@ struct aml_node {
u_int8_t*end;
 
struct aml_value *value;
-   struct acpi_pci  *pci;
+   struct acpi_pci *pci;
struct acpi_gpio *gpio;
+   struct i2c_controller *i2c;
 };
 
 #define aml_bitmask(n) (1L << ((n) & 0x7))
Index: dev/acpi/dsdt.c
===
RCS file: /cvs/src/sys/dev/acpi/dsdt.c,v
retrieving revision 1.236
diff -u -p -r1.236 dsdt.c
--- dev/acpi/dsdt.c 29 Nov 2017 15:22:22 -  1.236
+++ dev/acpi/dsdt.c 13 May 2018 13:49:47 -
@@ -33,6 +33,8 @@
 #include 
 #include 
 
+#include 
+
 #ifdef SMALL_KERNEL
 #undef ACPI_DEBUG
 #endif
@@ -2288,6 +2290,7 @@ aml_register_regionspace(struct aml_node
 
 void aml_rwgen(struct aml_value *, int, int, struct aml_value *, int, int);
 void aml_rwgpio(struct aml_value *, int, int, struct aml_value *, int, int);
+void aml_rwgsb(struct aml_value *, int, int, struct aml_value *, int, int);
 void aml_rwindexfield(struct aml_value *, struct aml_value *val, int);
 void aml_rwfield(struct aml_value *, int, int, struct aml_value *, int);
 
@@ -2512,6 +2515,96 @@ aml_rwgpio(struct aml_value *conn, int b
 }
 
 void
+aml_rwgsb(struct aml_value *conn, int bpos, int blen, struct aml_value *val,
+int mode, int flag)
+{
+   union acpi_resource *crs = (union acpi_resource *)conn->v_buffer;
+   struct aml_node *node;
+   i2c_tag_t tag;
+   i2c_op_t op;
+   i2c_addr_t addr;
+   int cmdlen, buflen;
+   uint8_t cmd;
+   uint8_t *buf;
+   int err;
+
+   if (conn->type != AML_OBJTYPE_BUFFER || conn->length < 5 ||
+   AML_CRSTYPE(crs) != LR_SERBUS || AML_CRSLEN(crs) > conn->length ||
+   crs->lr_i2cbus.revid != 1 || crs->lr_i2cbus.type != LR_SERBUS_I2C)
+   aml_die("Invalid GenericSerialBus");
+   if (AML_FIELD_ACCESS(flag) != AML_FIELD_BUFFERACC ||
+   bpos & 0x3 || blen != 8)
+   aml_die("Invalid GenericSerialBus access");
+
+   node = aml_searchname(conn->node,
+   (char *)>lr_i2cbus.vdata[crs->lr_i2cbus.tlength - 6]);
+
+   if (node == NULL || node->i2c == NULL)
+   aml_die("Could not find GenericSerialBus controller");
+
+   switch (((flag >> 6) & 0x3)) {
+   case 0: /* Normal */
+

Re: pfctl check if rdomain exists

[Sebastian Benoit]

Alexander Bluhm(alexander.bl...@gmx.net) on 2018.05.13 10:03:43 +0200:
> On Sun, May 13, 2018 at 01:34:48AM +0200, Sebastian Benoit wrote:
> > when you add a pf rule with a "on rdomain n" with nonexisting rdomain n,
> > the load will fail with the error
> > 
> >   pfctl: DIOCADDRULE: Device busy
> > 
> > with no information which rule caused the problem and no indication that the
> > problem is the rdomain .
> > 
> > So lets check if the rdomain really exists when parsing the config.
> > 
> > Also parsing doesnot have to stop when this occurs, we can go on and
> > stop before actually loading the config and that way parse the complete
> > pf.conf and find more errors. Same goes for the rdomain range check, remove
> > YYERROR there too.
> > 
> > ok?
> 
> OK bluhm@

well, i noticed a stupid mistake with my caching of found rdomains.

Here is a better version that moves the RT_TABLEID_MAX check into the
rdomain_check() function.

still ok?

diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y
index fba07e2ea43..31ed346b765 100644
--- sbin/pfctl/parse.y
+++ sbin/pfctl/parse.y
@@ -30,6 +30,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -389,6 +390,7 @@ int  invalid_redirect(struct node_host *, sa_family_t);
 u_int16_t parseicmpspec(char *, sa_family_t);
 int kw_casecmp(const void *, const void *);
 int map_tos(char *string, int *);
+voidrdomain_check(u_int);
 
 TAILQ_HEAD(loadanchorshead, loadanchors)
 loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead);
@@ -2561,10 +2563,8 @@ if_item  : STRING{
$$->tail = $$;
}
| RDOMAIN NUMBER{
-   if ($2 < 0 || $2 > RT_TABLEID_MAX) {
-   yyerror("rdomain outside range");
-   YYERROR;
-   }
+   rdomain_check($2);
+
$$ = calloc(1, sizeof(struct node_if));
if ($$ == NULL)
err(1, "if_item: calloc");
@@ -5950,3 +5950,45 @@ map_tos(char *s, int *val)
}
return (0);
 }
+
+void
+rdomain_check(u_int rdomain)
+{
+   size_t   len;
+   struct rt_tableinfo  info;
+   int  mib[6];
+   static u_int found[RT_TABLEID_MAX+1];
+
+   if (rdomain < 0 || rdomain > RT_TABLEID_MAX) {
+   yyerror("rdomain %lld outside range", rdomain);
+   goto out;
+   }
+
+   if (found[rdomain] == 1)
+   goto out;
+
+   mib[0] = CTL_NET;
+   mib[1] = PF_ROUTE;
+   mib[2] = 0;
+   mib[3] = 0;
+   mib[4] = NET_RT_TABLE;
+   mib[5] = rdomain;
+
+   len = sizeof(info);
+   if (sysctl(mib, 6, , , NULL, 0) == -1) {
+   if (errno == ENOENT)
+   /* table nonexistent */
+   goto notfound;
+   err(1, "sysctl");
+   }
+   if (info.rti_domainid == rdomain) {
+   found[rdomain] = 1;
+   goto out;
+   }
+   /* rdomain is a table, but not an rdomain */
+
+notfound:
+   yyerror("rdomain %lld does not exist", rdomain);
+out:
+   return;
+}

const for PKCS* functions

[Theo Buehler]

Another straightforward diff, this time to catch up with OpenSSL's const
sprinkling over PCKS12_* and PKCS8_* functions.

Part of sthen's bulk.

Index: lib/libcrypto/pkcs12/p12_add.c
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_add.c,v
retrieving revision 1.15
diff -u -p -r1.15 p12_add.c
--- lib/libcrypto/pkcs12/p12_add.c  29 Jan 2017 17:49:23 -  1.15
+++ lib/libcrypto/pkcs12/p12_add.c  13 May 2018 11:11:33 -
@@ -232,7 +232,7 @@ PKCS12_unpack_p7encdata(PKCS7 *p7, const
 }
 
 PKCS8_PRIV_KEY_INFO *
-PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, int passlen)
+PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, const char *pass, int passlen)
 {
return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
 }
@@ -247,7 +247,7 @@ PKCS12_pack_authsafes(PKCS12 *p12, STACK
 }
 
 STACK_OF(PKCS7) *
-PKCS12_unpack_authsafes(PKCS12 *p12)
+PKCS12_unpack_authsafes(const PKCS12 *p12)
 {
if (!PKCS7_type_is_data(p12->authsafes)) {
PKCS12error(PKCS12_R_CONTENT_TYPE_NOT_DATA);
Index: lib/libcrypto/pkcs12/p12_attr.c
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_attr.c,v
retrieving revision 1.10
diff -u -p -r1.10 p12_attr.c
--- lib/libcrypto/pkcs12/p12_attr.c 11 Jul 2014 08:44:49 -  1.10
+++ lib/libcrypto/pkcs12/p12_attr.c 13 May 2018 11:11:33 -
@@ -122,7 +122,7 @@ PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *b
 }
 
 ASN1_TYPE *
-PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
 {
X509_ATTRIBUTE *attrib;
int i;
Index: lib/libcrypto/pkcs12/p12_crt.c
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_crt.c,v
retrieving revision 1.17
diff -u -p -r1.17 p12_crt.c
--- lib/libcrypto/pkcs12/p12_crt.c  29 Jan 2017 17:49:23 -  1.17
+++ lib/libcrypto/pkcs12/p12_crt.c  13 May 2018 11:11:33 -
@@ -80,7 +80,7 @@ copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_P
 }
 
 PKCS12 *
-PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
 int keytype)
 {
@@ -221,7 +221,7 @@ err:
 
 PKCS12_SAFEBAG *
 PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key, int key_usage,
-int iter, int nid_key, char *pass)
+int iter, int nid_key, const char *pass)
 {
PKCS12_SAFEBAG *bag = NULL;
PKCS8_PRIV_KEY_INFO *p8 = NULL;
@@ -261,7 +261,7 @@ err:
 
 int
 PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-int nid_safe, int iter, char *pass)
+int nid_safe, int iter, const char *pass)
 {
PKCS7 *p7 = NULL;
int free_safes = 0;
Index: lib/libcrypto/pkcs12/p12_decr.c
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_decr.c,v
retrieving revision 1.18
diff -u -p -r1.18 p12_decr.c
--- lib/libcrypto/pkcs12/p12_decr.c 29 Jan 2017 17:49:23 -  1.18
+++ lib/libcrypto/pkcs12/p12_decr.c 13 May 2018 11:11:33 -
@@ -67,8 +67,9 @@
  */
 
 unsigned char *
-PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen,
-unsigned char *in, int inlen, unsigned char **data, int *datalen, int 
en_de)
+PKCS12_pbe_crypt(const X509_ALGOR *algor, const char *pass, int passlen,
+const unsigned char *in, int inlen, unsigned char **data, int *datalen,
+int en_de)
 {
unsigned char *out;
int outlen, i;
@@ -119,8 +120,8 @@ err:
  */
 
 void *
-PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
+PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+const char *pass, int passlen, const ASN1_OCTET_STRING *oct, int zbuf)
 {
unsigned char *out;
const unsigned char *p;
Index: lib/libcrypto/pkcs12/p12_npas.c
===
RCS file: /var/cvs/src/lib/libcrypto/pkcs12/p12_npas.c,v
retrieving revision 1.12
diff -u -p -r1.12 p12_npas.c
--- lib/libcrypto/pkcs12/p12_npas.c 29 Jan 2017 17:49:23 -  1.12
+++ lib/libcrypto/pkcs12/p12_npas.c 13 May 2018 11:11:33 -
@@ -65,10 +65,11 @@
 
 /* PKCS#12 password change routine */
 
-static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
-static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-char *newpass);
-static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG 

pms: support for Elantech trackpoints

[Ulf Brosziewski]

This patch adds support for Elantech trackpoints to pms.  They can be
treated like other secondary devices and require only minor extensions
in the initialization and input functions.

For now, the patch also extends the set of "IC types" that are accepted
for V4-touchpads from (6,8) to (6,8,15).  It might well be that other
types in the range 6-15 work properly with the driver.

Thanks to Ryan Lennox for help and testing.

OK?


Index: dev/pckbc/pms.c
===
RCS file: /cvs/src/sys/dev/pckbc/pms.c,v
retrieving revision 1.86
diff -u -p -r1.86 pms.c
--- dev/pckbc/pms.c 29 Apr 2018 08:50:04 -  1.86
+++ dev/pckbc/pms.c 12 May 2018 13:08:46 -
@@ -130,6 +130,7 @@ struct elantech_softc {
 #define ELANTECH_F_2FINGER_PACKET  0x04
 #define ELANTECH_F_HW_V1_OLD   0x08
 #define ELANTECH_F_CRC_ENABLED 0x10
+#define ELANTECH_F_TRACKPOINT  0x20
int fw_version;

u_int mt_slots;
@@ -1938,8 +1939,9 @@ elantech_get_hwinfo_v4(struct pms_softc
if (synaptics_query(sc, ELANTECH_QUE_FW_VER, _version))
return (-1);

-   if (((fw_version & 0x0f) >> 16) != 6 &&
-   (fw_version & 0x0f) >> 16 != 8)
+   if ((fw_version & 0x0f) >> 16 != 6
+   && (fw_version & 0x0f) >> 16 != 8
+   && (fw_version & 0x0f) >> 16 != 15)
return (-1);

elantech->fw_version = fw_version;
@@ -1963,6 +1965,9 @@ elantech_get_hwinfo_v4(struct pms_softc
if ((capabilities[1] < 2) || (capabilities[1] > hw->x_max))
return (-1);

+   if (capabilities[0] & ELANTECH_CAP_TRACKPOINT)
+   elantech->flags |= ELANTECH_F_TRACKPOINT;
+
hw->type = WSMOUSE_TYPE_ELANTECH;
hw->hw_type = WSMOUSEHW_CLICKPAD;
hw->mt_slots = ELANTECH_MAX_FINGERS;
@@ -2140,6 +2145,7 @@ int
 pms_enable_elantech_v4(struct pms_softc *sc)
 {
struct elantech_softc *elantech = sc->elantech;
+   struct wsmousedev_attach_args a;

if (elantech_knock(sc))
goto err;
@@ -2169,6 +2175,14 @@ pms_enable_elantech_v4(struct pms_softc

printf("%s: Elantech Clickpad, version %d, firmware 0x%x\n",
DEVNAME(sc), 4, sc->elantech->fw_version);
+
+   if (sc->elantech->flags & ELANTECH_F_TRACKPOINT) {
+   a.accessops = _sec_accessops;
+   a.accesscookie = sc;
+   sc->sc_sec_wsmousedev = config_found((void *) sc, ,
+   wsmousedevprint);
+   }
+
} else if (elantech_set_absolute_mode_v4(sc))
goto err;

@@ -2328,13 +2342,40 @@ pms_sync_elantech_v3(struct pms_softc *s
return (0);
 }

+/* Extract the type bits from packet[3]. */
+static inline int
+elantech_packet_type(u_char b)
+{
+   return ((b & 4) ? (b & 0xcf) : (b & 0x1f));
+}
+
 int
 pms_sync_elantech_v4(struct pms_softc *sc, int data)
 {
-   if (sc->inputstate == 0 && (data & 0x0c) != 0x04)
+   if (sc->inputstate == 0) {
+   if ((data & 0x0c) == 0x04)
+   return (0);
+   if ((sc->elantech->flags & ELANTECH_F_TRACKPOINT)
+   && (data & 0xc8) == 0)
+   return (0);
return (-1);
-   else
-   return (0);
+   }
+   if (sc->inputstate == 3) {
+   switch (elantech_packet_type(data)) {
+   case ELANTECH_V4_PKT_STATUS:
+   case ELANTECH_V4_PKT_HEAD:
+   case ELANTECH_V4_PKT_MOTION:
+   return ((sc->packet[0] & 4) ? 0 : -1);
+   case ELANTECH_PKT_TRACKPOINT:
+   return ((sc->packet[0] & 0xc8) == 0
+   && sc->packet[1] == ((data & 0x10) << 3)
+   && sc->packet[2] == ((data & 0x20) << 2)
+   && (data ^ (sc->packet[0] & 0x30)) == 0x36
+   ? 0 : -1);
+   }
+   return (-1);
+   }
+   return (0);
 }

 void
@@ -2474,7 +2515,7 @@ pms_proc_elantech_v4(struct pms_softc *s
int id, weight, n, x, y, z;
u_int buttons, slots;

-   switch (sc->packet[3] & 0x1f) {
+   switch (elantech_packet_type(sc->packet[3])) {
case ELANTECH_V4_PKT_STATUS:
slots = elantech->mt_slots;
elantech->mt_slots = sc->packet[1] & 0x1f;
@@ -2509,8 +2550,17 @@ pms_proc_elantech_v4(struct pms_softc *s
wsmouse_set(sc_wsmousedev, WSMOUSE_MT_REL_Y, y, id);
wsmouse_set(sc_wsmousedev, WSMOUSE_MT_PRESSURE, z, id);
}
-
break;
+
+   case ELANTECH_PKT_TRACKPOINT:
+   if (sc->sc_dev_enable & PMS_DEV_SECONDARY) {
+   x = sc->packet[4] - 0x100 + (sc->packet[1] << 1);
+   y = sc->packet[5] - 0x100 + 

Re: pfctl check if rdomain exists

[Alexander Bluhm]

On Sun, May 13, 2018 at 01:34:48AM +0200, Sebastian Benoit wrote:
> when you add a pf rule with a "on rdomain n" with nonexisting rdomain n,
> the load will fail with the error
> 
>   pfctl: DIOCADDRULE: Device busy
> 
> with no information which rule caused the problem and no indication that the
> problem is the rdomain .
> 
> So lets check if the rdomain really exists when parsing the config.
> 
> Also parsing doesnot have to stop when this occurs, we can go on and
> stop before actually loading the config and that way parse the complete
> pf.conf and find more errors. Same goes for the rdomain range check, remove
> YYERROR there too.
> 
> ok?

OK bluhm@

> 
> /Benno
> 
> (benno_pfctl_rdomain_check.diff)
> 
> diff --git sbin/pfctl/parse.y sbin/pfctl/parse.y
> index fba07e2ea43..08797ebaabc 100644
> --- sbin/pfctl/parse.y
> +++ sbin/pfctl/parse.y
> @@ -30,6 +30,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  #include 
>  #include 
> @@ -389,6 +390,7 @@ intinvalid_redirect(struct node_host *, 
> sa_family_t);
>  u_int16_t parseicmpspec(char *, sa_family_t);
>  int   kw_casecmp(const void *, const void *);
>  int   map_tos(char *string, int *);
> +int   rdomain_exists(u_int);
>  
>  TAILQ_HEAD(loadanchorshead, loadanchors)
>  loadanchorshead = TAILQ_HEAD_INITIALIZER(loadanchorshead);
> @@ -2561,10 +2563,11 @@ if_item   : STRING
> {
>   $$->tail = $$;
>   }
>   | RDOMAIN NUMBER{
> - if ($2 < 0 || $2 > RT_TABLEID_MAX) {
> - yyerror("rdomain outside range");
> - YYERROR;
> - }
> + if ($2 < 0 || $2 > RT_TABLEID_MAX)
> + yyerror("rdomain %lld outside range", $2);
> + if (rdomain_exists($2) != 1)
> + yyerror("rdomain %lld does not exist", $2);
> +
>   $$ = calloc(1, sizeof(struct node_if));
>   if ($$ == NULL)
>   err(1, "if_item: calloc");
> @@ -5950,3 +5953,35 @@ map_tos(char *s, int *val)
>   }
>   return (0);
>  }
> +
> +int
> +rdomain_exists(u_int rdomain)
> +{
> + size_t   len;
> + struct rt_tableinfo  info;
> + int  mib[6];
> + static u_int found[RT_TABLEID_MAX];
> +
> + if (found[rdomain] == 1)
> + return (1);
> +
> + mib[0] = CTL_NET;
> + mib[1] = PF_ROUTE;
> + mib[2] = 0;
> + mib[3] = 0;
> + mib[4] = NET_RT_TABLE;
> + mib[5] = rdomain;
> +
> + len = sizeof(info);
> + if (sysctl(mib, 6, , , NULL, 0) == -1) {
> + if (errno == ENOENT)
> + /* table nonexistent */
> + return (0);
> + err(1, "sysctl");
> + }
> + if (info.rti_domainid == rdomain) {
> + found[rdomain] = 1;
> + return (1);
> + }
> + return (0);
> +}

const for PEM_write{,_bio}()

[Theo Buehler]

Add const to the 'name', 'header' and 'data' arguments of PEM_write(3)
and PEM_write_bio(3). Tested in sthen's bulk with no fallout.

Index: lib/libcrypto/pem/pem.h
===
RCS file: /var/cvs/src/lib/libcrypto/pem/pem.h,v
retrieving revision 1.17
diff -u -p -r1.17 pem.h
--- lib/libcrypto/pem/pem.h 4 Sep 2016 16:22:54 -   1.17
+++ lib/libcrypto/pem/pem.h 13 May 2018 07:13:43 -
@@ -385,8 +385,8 @@ int PEM_do_header (EVP_CIPHER_INFO *ciph
 #ifndef OPENSSL_NO_BIO
 intPEM_read_bio(BIO *bp, char **name, char **header,
unsigned char **data, long *len);
-intPEM_write_bio(BIO *bp, const char *name, char *hdr, unsigned char *data,
-   long len);
+intPEM_write_bio(BIO *bp, const char *name, const char *hdr,
+   const unsigned char *data, long len);
 intPEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
const char *name, BIO *bp, pem_password_cb *cb, void *u);
 void * PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp,
@@ -403,8 +403,8 @@ int PEM_X509_INFO_write_bio(BIO *bp, X50
 
 intPEM_read(FILE *fp, char **name, char **header,
unsigned char **data, long *len);
-intPEM_write(FILE *fp, char *name, char *hdr, unsigned char *data,
-   long len);
+intPEM_write(FILE *fp, const char *name, const char *hdr,
+   const unsigned char *data, long len);
 void *  PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
pem_password_cb *cb, void *u);
 intPEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
Index: lib/libcrypto/pem/pem_lib.c
===
RCS file: /var/cvs/src/lib/libcrypto/pem/pem_lib.c,v
retrieving revision 1.46
diff -u -p -r1.46 pem_lib.c
--- lib/libcrypto/pem/pem_lib.c 14 Apr 2018 07:09:21 -  1.46
+++ lib/libcrypto/pem/pem_lib.c 13 May 2018 07:13:43 -
@@ -564,7 +564,8 @@ load_iv(char **fromp, unsigned char *to,
 }
 
 int
-PEM_write(FILE *fp, char *name, char *header, unsigned char *data, long len)
+PEM_write(FILE *fp, const char *name, const char *header,
+const unsigned char *data, long len)
 {
BIO *b;
int ret;
@@ -580,8 +581,8 @@ PEM_write(FILE *fp, char *name, char *he
 }
 
 int
-PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
-long len)
+PEM_write_bio(BIO *bp, const char *name, const char *header,
+const unsigned char *data, long len)
 {
int nlen, n, i, j, outl;
unsigned char *buf = NULL;

const for OCSP_*

[Theo Buehler]

This adds const qualifiers to the OCSP_* functions and a handful of
X509{,v3}_* functions as needed to make this work. Completely
straightforward.

Tested in sthen's bulk with no fallout.

Index: lib/libcrypto/ocsp/ocsp.h
===
RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp.h,v
retrieving revision 1.12
diff -u -p -r1.12 ocsp.h
--- lib/libcrypto/ocsp/ocsp.h   17 Mar 2018 14:44:34 -  1.12
+++ lib/libcrypto/ocsp/ocsp.h   13 May 2018 06:53:20 -
@@ -383,8 +383,8 @@ typedef struct ocsp_service_locator_st {
 
 OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
 
-OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
-OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
int maxline);
 intOCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
 void   OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
@@ -394,8 +394,8 @@ int OCSP_REQ_CTX_add1_header(OCSP_REQ_CT
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
 
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
-   ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber);
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, const X509_NAME *issuerName,
+   const ASN1_BIT_STRING* issuerKey, const ASN1_INTEGER *serialNumber);
 
 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
 
@@ -428,8 +428,8 @@ int OCSP_check_validity(ASN1_GENERALIZED
 intOCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
X509_STORE *store, unsigned long flags);
 
-intOCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
-   int *pssl);
+intOCSP_parse_url(const char *url, char **phost, char **pport,
+   char **ppath, int *pssl);
 
 intOCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
 intOCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
@@ -449,17 +449,17 @@ int   OCSP_basic_add1_cert(OCSP_BASICRESP 
 intOCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags);
 
-X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
 
 X509_EXTENSION *OCSP_accept_responses_new(char **oids);
 
 X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
 
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, const char **urls);
 
 intOCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
 intOCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
-intOCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+intOCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
int lastpos);
 intOCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit,
int lastpos);
@@ -472,7 +472,7 @@ int OCSP_REQUEST_add_ext(OCSP_REQUEST *x
 
 intOCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
 intOCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
-intOCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj,
+intOCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
int lastpos);
 intOCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
 X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
@@ -484,7 +484,7 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, 
 
 intOCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
 intOCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
-intOCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+intOCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
int lastpos);
 intOCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
int lastpos);
@@ -499,8 +499,8 @@ int OCSP_BASICRESP_add_ext(OCSP_BASICRES
 intOCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
 intOCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid,
int lastpos);
-intOCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
-   int lastpos);
+intOCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x,
+   const ASN1_OBJECT *obj, int lastpos);
 intOCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
int lastpos);
 X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
Index: lib/libcrypto/ocsp/ocsp_ext.c
===
RCS file: /cvs/src/lib/libcrypto/ocsp/ocsp_ext.c,v
retrieving revision 1.15
diff -u -p -r1.15 ocsp_ext.c
--- lib/libcrypto/ocsp/ocsp_ext.c   27 Dec 2016 16:01:19 -  1.15
+++