sephe [Tue, 10 Oct 2017 03:29:36 +0000 (03:29 +0000)]
MFC 323728,323729
323728
hyperv/hn: Fix MTU setting
- Add size of an ethernet header to the value configured to NVS. This
does not seem to have any effects if MTU is 1500, but fix hypervisor
side's setting if MTU > 1500.
- Override the MTU setting according to the view from the hypervisor
side.
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12352
323729
hyperv/hn: Incease max supported MTU
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12365
sephe [Tue, 10 Oct 2017 03:21:17 +0000 (03:21 +0000)]
MFC 323727,324316
323727
hyperv/hn: Apply VF's RSS setting
Since in Azure SYN and SYN|ACK go through the synthetic parts while the
rest of the same TCP flow goes through the VF, apply VF's RSS settings
to synthetic parts to have a consistent hash value/type for the same TCP
flow.
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12333
sephe [Tue, 10 Oct 2017 02:35:04 +0000 (02:35 +0000)]
MFC 323170
if: Add ioctls to get RSS key and hash type/function.
It will be needed by hn(4) to configure its RSS key and hash
type/function in the transparent VF mode in order to match VF's
RSS settings. The description of the transparent VF mode and
the RSS hash value issue are here:
https://svnweb.freebsd.org/base?view=revision&revision=322299
https://svnweb.freebsd.org/base?view=revision&revision=322485
These are generic enough to promise two independent IOCs instead
of abusing SIOCGDRVSPEC.
Setting RSS key and hash type/function is a different story,
which probably requires more discussion.
Comment about UDP_{IPV4,IPV6,IPV6_EX} were only in the patch
in the review request; these hash types are standardized now.
Reviewed by: gallatin
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D12174
Relevant vendor changes:
PR #905: Support for Zstandard read and write filters
PR #922: Avoid overflow when reading corrupt cpio archive
Issue #935: heap-based buffer overflow in xml_data (CVE-2017-14166)
OSS-Fuzz 2936: Place a limit on the mtree line length
OSS-Fuzz 2394: Ensure that the ZIP AES extension header is large enough
OSS-Fuzz 573: Read off-by-one error in RAR archives (CVE-2017-14502)
avg [Thu, 5 Oct 2017 07:16:31 +0000 (07:16 +0000)]
MFC r323578,r323769: dounmount: do not release the mount point's reference
on the covered vnode
As long as mnt_ref is not zero there can be a consumer that might try
to access mnt_vnodecovered. For this reason the covered vnode must not
be freed until mnt_ref goes to zero.
So, move the release of the covered vnode to vfs_mount_destroy.
ngie [Wed, 4 Oct 2017 16:35:58 +0000 (16:35 +0000)]
MFC r322951:
Respect MK_TCSH with build-tools and native-xtools
This helps reduce the WORLDTMP footprint slightly.
Based on a patch I submitted 5 years ago to GNATS.
PR: 174051
Relnotes: yes (anyone who cross-builds with MK_TCSH=yes will run into
build failures if the host doesn't have tcsh(1))
Reminded by: Fabian Keil <fk@fabiankeil.de>
eugen [Sun, 1 Oct 2017 19:40:29 +0000 (19:40 +0000)]
MFC r323873, r324081: Unprotected modification of ng_iface(4)
private data leads to kernel panic. Fix a race with per-node
read-mostly lock and refcounting for a hook.
- Remove ad hoc inet_ntoa prototype declaration; it's already handled
by the included headers.
- De-K&Rify the function prototypes for eachres_whoami(..),
eachres_getfile(..), and main(..).
Respect MK_TCSH with build-tools and native-xtools
This helps reduce the WORLDTMP footprint slightly.
Based on a patch I submitted 5 years ago to GNATS.
PR: 174051
Relnotes: yes (anyone who cross-builds with MK_TCSH=yes will run into
build failures if the host doesn't have tcsh(1))
Reminded by: Fabian Keil <fk@fabiankeil.de>
Re-apply part of r311585 which was inadvertantly reverted in the upgrade
to 7.3p1. The other part (which adds -DLIBWRAP to sshd's CFLAGS) is
still in place.
MFC r323824
1. ql_hw.c:
In ql_hw_send() return EINVAL when TSO framelength exceeds max
supported length by HW.(davidcs)
2. ql_os.c:
In qla_send() call bus_dmamap_unload before freeing mbuf or
recreating dmmamap.(davidcs)
In qla_fp_taskqueue() Add additional checks for IFF_DRV_RUNNING
Fix qla_clear_tx_buf() call bus_dmamap_sync() before freeing
mbuf.
marius [Fri, 22 Sep 2017 04:57:42 +0000 (04:57 +0000)]
- Akin r302691 in head, synchronize the build stripping for the disc1
image with that of the bootonly image (but similarly modulo games
and groff(1)) as the amd64 disc1 image is overflowing. This also
removes the defunct WITHOUT_ATF.
- Remove the misspelled WITHOUT_INSTALLIB (also in place with correct
spelling, i. e. WITHOUT_INSTALLLIB) from the bootonly image build
stripping.
This is a direct commit to stable/10 as the corresponding knobs have
different names in head and counterparts to e. g. MK_DEBUG_FILES and
MK_TESTS default to off in stable/10 in the first place.
marius [Thu, 21 Sep 2017 19:30:32 +0000 (19:30 +0000)]
MFC: r285215
remove _NORMAL flag which isn't suppose to be used w/ _alloc_ctx...
MFC: r285289
address an issue where consumers, like IPsec, can reuse the same
session in multiple threads w/o locking.. There was a single fpu
context shared per session, if multiple threads were using the session,
and both migrated away, they could corrupt each other's fpu context...
MFC: r285297
upon further examination, it turns out that _unregister_all already
provides the guarantee that no threads will be in the _newsession code..
marius [Wed, 20 Sep 2017 21:22:20 +0000 (21:22 +0000)]
Unbreak netmap(4) support in ixgbe(4) after r315333:
- Both ixgbe_netmap.c and ixv_netmap.c assumed a netmap(4) driver
newer than what's actually in stable/10.
- Additionally, at the bottom line ixv_netmap.c did exactly the same
as ixgbe_netmap.c, i. e. used IXGBE_TDH() as appropriate for PFs
only instead of IXGBE_VFTDH() and tried to configure CRC stripping
although the corresponding registers aren't available to VFs in the
first place.
With these changes, the netmap(4) support in ixgbe(4) is in line
again with the code in sys/dev/netmap/ixgbe_netmap.h as of r295008.
Breakage reported by: Slawa Olhovchenkov
Just like r315333 that never existed in head, this is a direct commit
to stable/10. However, ixgbe(4) in head has a related bug in that it
assumes a netmap(4) driver API older than what's in head and also
does the wrong things for VFs as it uses the PF-only ixgbe_netmap.c
for both PFs and VFs in the first place.
MFC 322270: Fix a NULL pointer dereference in mly_user_command().
If mly_user_command fails to allocate a command slot it jumps to an 'out'
label used for error handling. The error handling code checks for a data
buffer in 'mc->mc_data' to free before checking if 'mc' is NULL. Fix by
just returning directly if we fail to allocate a command and only using
the 'out' label for subsequent errors when there is actual cleanup to
perform.
MFC r323812:
Bootstrap etcupdate(8) and mergemaster(8) databases when creating
virtual machine images and embedded images, similar to what is
done when extracting base.txz to the target root filesystem in
a new installation.
Approved by: re (marius, insta-MFC)
Sponsored by: The FreeBSD Foundation
https://www.illumos.org/issues/8491
The zpool checkpoint feature in DxOS added a new field in the uberblock.
The Multi-Modifier Protection Pull Request from ZoL adds two new fields in the
uberblock (Reference: https://github.com/zfsonlinux/zfs/pull/6279).
As these two changes come from two different sources and once upstreamed and
deployed will introduce an incompatibility with each other we want
to upstream a change that will reserve the padding for both of them so
integration goes smoothly and everyone gets both features.
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed by: Olaf Faaland <faaland1@llnl.gov>
Approved by: Gordon Ross <gwr@nexenta.com>
Author: Serapheim Dimitropoulos <serapheim@delphix.com>
https://www.illumos.org/issues/8377
The problem is that when dsl_bookmark_destroy_check() is executed from open
context (the pre-check), it fills in dbda_success based on the existence of the
bookmark.
But the bookmark (or containing filesystem as in this case) can be destroyed
before we get to syncing context. When we re-run dsl_bookmark_destroy_check()
in syncing
context, it will not add the deleted bookmark to dbda_success, intending for
dsl_bookmark_destroy_sync() to not process it. But because the bookmark is
still in dbda_success
from the open-context call, we do try to destroy it.
The fix is that dsl_bookmark_destroy_check() should not modify dbda_success
when called from open context.
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Reviewed by: Pavel Zakharov <pavel.zakharov@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Matthew Ahrens <mahrens@delphix.com>
The upstream change was made before we started to import upstream commits
individually. It was imported into the illumos vendor area as r242733.
That commit was MFV-ed in r260138, but as the commit message says
vdev_file.c was left intact.
This commit actually implements the parallel I/O for vdev_file using a
taskqueue with multiple thread. This implementation does not depend on
the illumos or FreeBSD bio interface at all, but uses zio_t to pass
around all the relevent data. So, the code looks a bit different from
the upstream.
This commit also incorporates ZoL commit
zfsonlinux/zfs/bc25c9325b0e5ced897b9820dad239539d561ec9 that fixed
https://github.com/zfsonlinux/zfs/issues/2270
We need to use a dedicated taskqueue for exactly the same reason as ZoL
as we do not implement TASKQ_DYNAMIC.
MFC r320151: remove bogus declaration of malloc from tcp_wrappers
The declaration was already inactive when INET6 was enabled
and it causes a build error in the other case because of
a conflict with the correct definition in stdlib.h.
MFV r320195: bhyveload: correctly query size of disks
On FreeBSD fstat(2) works fine for querying sizes of plain files,
but not so much for character devices.
So, use DIOCGMEDIASIZE to try to get the correct size for disks
and disk-like devices (e.g. zvols).
MFV r318962: Allow PROBE_SPINUP to fail in CAM ATA transport
The motivation for this is two-fold.
1. Some old WD SATA disks may appear as if they need to be spun up
when they are already spinning. Those disks would respond with
an error to the spin-up request.
2. Even if we really fail to spin up the disk, we still can try to
proceed to the subsequent phases. If we fail later on, then no
difference. Otherwise we get a chance to communicate with the
disk which is better than completely ignoring it, because a user
can try to recover the disk.
https://www.illumos.org/issues/8269
It seems that currently normalization of stddev aggregation is done
incorrectly.
We divide both the sum of values and the sum of their squares by the
normalization factor. But we should divide the sum of squares by the
normalization factor squared to scale the original values properly.
FreeBSD note: the actual change was committed in r316853, this commit
adds the test files and record merge information.
krb5_err.h is generated from a .et file in kerberos5/lib/libkrb5.
As kerberos5/lib/krb5 include files are already referenced it makes
no sense to generate it again here.
marius [Sun, 17 Sep 2017 01:32:45 +0000 (01:32 +0000)]
MFC: r322669
In fetch_resolve() if the port number or service name is included
in the host argument (e. g. "www.freebsd.org:443"), correctly set
the service pointer accordingly. Previously, the service pointer
was set to the separator instead, causing getaddrinfo(3) to fail.
marius [Fri, 15 Sep 2017 00:32:22 +0000 (00:32 +0000)]
- Reset stable/10 back to -PRERELEASE status now that releng/10.4
has been branched.
- Update __FreeBSD_version to reflect the new -STABLE branch.
- Switch the pkg(8) configuration for the default installation and the
DVD image creation back to the latest set, i. e. revert r322737.
MFC r323448: bsdinstall: Ignore error return from newaliases(1)
This was originally added as "exit $SUCCESS" but with nothing to set the
SUCCESS variable. Thus it became an exit with no argument, which just
exits with the status of the preceding command.
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
marius [Wed, 13 Sep 2017 21:56:49 +0000 (21:56 +0000)]
MFC: r323382, MFV: r323381
Permit a deflateParams() parameter change as soon as possible.
This change fixes compression errors seen when the embedded Tomcat
web server of a UniFi Controller zlib compresses responses. Given
that Tomcat just uses Java/OpenJDK which in turn employs zlib for
its compression/decompression support, this bug might very well
affect other applications, too.
"pw usermod someuser -G ''" is supposed make sure that someuser
doesn't have any secondary group memberships.
Previouly it was a nop because split_groups() only intitialised
"groups" if at least one group was specified. As a result the
existing secondary group memberships were kept.
MFC r323002: zfs: do not advertise unsupported hash algorithms
illumos 4185 ("add new cryptographic checksums to ZFS: SHA-512, Skein,
Edon-R") was intentionally merged only partially in r289422, without
adding support for skein, sha512 and edonr on FreeBSD.
Support for skein and sha512 was added later on (in head), but none of
these are supported in stable/10. Prior to this commit zfs(8) correctly
rejected these algorithms, but with an error message that claimed
support:
fk@r500 ~ $zfs set checksum=edonr tank
cannot set property for 'tank': 'checksum' must be one of 'on | off |
fletcher2 | fletcher4 | sha256 | sha512 | skein | edonr'
(This commit removes sha512 and skein in addition to edonr from the
merge of head's r323002.)
marius [Fri, 8 Sep 2017 00:11:35 +0000 (00:11 +0000)]
- Ever since the workaround for the silicon bug of TSO4 causing MAC hangs
was committed in r295133 (MFCed to stable/10 in r295287), CSUM_TSO gets
always disabled by em(4) on the first invocation of em_init_locked() as
at that point no link is established, yet. In turn, this causes CSUM_TSO
also to be off when em(4) is used as a parent device for vlan(4), i. e.
besides IFCAP_TSO4, IFCAP_VLAN_HWTSO effectively doesn't work either.
In head an attempt to fix this was made with r308345, but that revision
had several problems on its own. One of which was that r308345 caused
IFCAP_TSO4 to also be cleared from both the interface capability and
capability enable bits. Thus, once a link switched from gigabit to a
lower speed, TSO no longer could be enabled, even not via ifconfig(8).
So this change moves the aforementioned WAR to em_update_link_status()
like r308345 did, but only alters the hardware assist bits accordingly,
leaving IFCAP_TSO4 flags alone.
Still, this isn't the only problem r308345 had. Another one is that there
just is no way to atomically flush TSO-using descriptors already queued
at the point in time a link speed switch to below GbE occurs. Thus, such
in-flight descriptors still may hang the MAC. Moreover, at least currently
there also is no way of triggering a reconfiguration of vlan(4) when the
state of IFCAP_VLAN_HWTSO support changes at runtime, causing vlan(4) to
continue employing TSO. Last but not least, testing shows that - despite
all the WARs for TSO-related silicon bugs in em(4) - at least 82579 still
may hang at gigabit speed with IFCAP_TSO4 enabled. Therefore, this change
further removes IFCAP_TSO4 and IFCAP_VLAN_HWTSO from interface capability
enable bits as set by em(4). While at it, the use of CSUM_TCP is replaced
with CSUM_IP_TSO as em(4) only implements support for IFCAP_TSO4 but not
IFCAP_TSO6 (although in principle available with a subset of the supported
MACs).
At the bottom line, this change allows IFCAP_TSO4 and IFCAP_VLAN_HWTSO to
be used again with em(4), but these hardware offloading capabilities now
need to be explicitly enabled via ifconfig(8). Beware that it's only
considered safe to do so (and also only may work) in environments where
the link speed is not to be expected to change from GbE. Moreover, em(4)
appears to still be missing some more TSO workarounds for at least some
models, specifically the 82579 (I could not find an errata sheet and
"specification update" respectively for these latter, though, and the
generic ICH8 one doesn't list any TSO related bugs).
- Let igb_tso_setup() handle EtherType protocols that are unsupported or
for which support hasn't been compiled in gracefully instead of calling
panic(9).
- Make em_allocate_{legacy,msix}() and lem_allocate_irq() match their
prototypes WRT static.
This is a direct commit to stable/10 as corresponding code is no longer
present in head.
MFC r322810 and r322830:
Add new mlx5ib(4) driver to the kernel source tree which supports
Remote DMA over Converged Ethernet, RoCE, for the ConnectX-4 series of
PCI express network cards.
There is currently no user-space support and this driver only supports
kernel side non-routable RoCE V1. The krping kernel module can be used
to test this driver. Full user-space support including RoCE V2 will be
added as part of the ongoing upgrade to ibcore from Linux 4.9. Otherwise
this driver is feature equivalent to mlx4ib(4). The mlx5ib(4) kernel
module will only be built when WITH_OFED=YES is specified.
Approved by: re (marius)
Sponsored by: Mellanox Technologies
dim [Tue, 5 Sep 2017 17:32:14 +0000 (17:32 +0000)]
MFC r323001:
In compiler-rt, a few assembler implementations for i386 floating point
conversion functions use SSE2 instructions, but these are not guarded by
#ifdef __SSE2__, and there is no implementation using general purpose
registers. For these functions, use the generic C variants instead,
otherwise they will cause SIGILL on older processors.
Approved by: re (kib)
Reported by: bsdpr@phoe.frmug.org
PR: 221733
MFC r323014:
Follow-up to r323001: if the actually selected CPUTYPE is capable of
SSE2 instructions, we can use them.
des [Fri, 1 Sep 2017 22:52:18 +0000 (22:52 +0000)]
Upgrade OpenSSH to 7.3p1.
This is the last version of OpenSSH which does not break compatibility
more than we can live with in a stable branch. Further commits will
follow to backport some bug fixes from newer versions.
The sshd breakage in the previous attempt was due to an upstream bug
(a 0 was changed to a 1 while refactoring send_rexec_state() in sshd.c)
which only manifested itself when sshd was built with SSH 1 support.
des [Fri, 1 Sep 2017 21:24:32 +0000 (21:24 +0000)]
Upgrade OpenSSH to 7.3p1.
This is the last version of OpenSSH which does not break compatibility
more than we can live with in a stable branch. Further commits will
follow to backport some bug fixes from newer versions.
marius [Thu, 31 Aug 2017 23:59:46 +0000 (23:59 +0000)]
MFC: r308643, r312427, r312641, r322986
- Update WOL support for newer em(4) devices. [1]
- Add support for Kaby Lake generation i219 (4) and i219 (5) devices.
- Enable WOL features also for the igb(4) class of devices. [1]
- Don't set any WOL enabling hardware bits if WOL isn't requested
according to the enabled interface capability bits.