MFC r359655:
Don't drop packets having too many TCP option headers in mlx5en(4).
When using SACK it can happen there are multiple option headers.
Don't drop these packets, but instead limit the amount of inlining
to the maximum supported.
David Bright [Sun, 12 Apr 2020 22:11:29 +0000 (22:11 +0000)]
MFC r359717:
Add a basic test for nvmecontrol
I recently made some bug fixes in nvmecontrol. It occurred to me that
since nvmecontrol lacks any kyua tests, I should convert the informal
testing I did into a more formal automated test. The test in this
change should be considered just a starting point; it is neither
complete nor thorough. While converting the test to ATF/kyua, I
discovered a small bug in nvmecontrol; the nvmecontrol devlist command
would always exit with an unsuccessful status. So I included the fix
for that, too, so that the test won't fail.
r359585:
Fix calculation of the recurring weekdays
Both the result of the first_dayofweek_of_year and the target
weekday are zero-based (0 fo sunday) while the target month-day
or year-day is 1-based. Adjust logic accordingly.
Also add testcase for this PR to the kyua test suite
PR: 201062
Submitted by: Richard Narron <comet.berkeley@gmail.com>
r359587:
Remove hardcoded US Election Day from calendar.usholiday
calendar(1) syntax is not capable of representing the rules for the
US Election Day. The hardcoded date was set in r15066 in 1996 and
hasn't changed since then.
PR: 173389
Reported by: Steve Ames <steve@energistic.com>
Simon J. Gerraty [Fri, 10 Apr 2020 05:13:15 +0000 (05:13 +0000)]
veloader use vectx API for kernel and modules
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.
For doing an install via loader, avoiding the need to rewind
large files is critical.
This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform. On a fast VM we see 6% improvement.
For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().
For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.
Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.
MFC r359680: mail/gprof/tip: tap with the ugly stick
The ugly stick here is this bit in the respective headers:
#ifndef EXTERN
#define EXTERN extern
#endif
with a follow-up #define EXTERN in a single .c file to push all of their
definitions into one spot. A pass should be made over these three later to
push these definitions into the correct files instead, but this will suffice
for now and at a more leisurely pace.
MFC r359689: config(8): "fix" a couple of buffer overflows
Recently added/changed lines in various kernel configs have caused some
buffer overflows that went undetected. These were detected with a config
built using -fno-common as these line buffers smashed one of our arrays,
then further triaged with ASAN.
Double the sizes; this is really not a great fix, but addresses the
immediate need until someone rewrites config. While here, add some bounds
checking so that we don't need to detect this by random bus errors or other
weird failures.
MFC r359688: stand: -fno-common fixes for !x86 loaders
- beriloader: archsw is declared extern and defined elsewhere
- ofwloader: ofw_elf{,64} are defined in elf_freebsd.c and
ppc64_elf_freebsd.c respectively
- ubldr: syscall_ptr is defined in start.S for whichever ubldr platform is
building
-fno-common will become the default in GCC10/LLVM11.
Compiling with -fno-common complains as this header's included in multiple
compilation units. In fact, the proper definition of dwarf2_loc_mark_labels
already exists in dwarf2dbg.c, so simply mark this declaration with extern.
This removes an extra variable definition that causes the -fno-common build
to fail, which will be a new default in GCC10/LLVM11.
r359397:
zfs: fix -fno-common issues
A similar (or identical?) fix has already landed in OpenZFS.
-fno-common will become the default in GCC10/LLVM11.
r359398:
sh: remove duplicate el definition
el is declared extern in myhistedit.h and defined in histedit.c. Remove the
duplicate definition in input.c to appease the -fno-common build.
-fno-common will become the default in GCC10/LLVM11.
r359399:
telnet: remove some duplicate definitions, mark terminaltype extern
Most of these were already properly declared and defined elsewhere, this is
effectively just a minor cleanup that fixes the -fno-common build.
-fno-common will become the default in GCC10/LLVM11.
r359403:
Revert 359399: telnet -fno-common bits
There was a large misfire from my local diff that I need to investigate, and
this version committed did not build.
r359404:
Re-apply r359399: telnet -fno-common fix
line and auth_level's redefinitions are just extraneous
telnetd will #define extern and then include ext.h to allocate storage for
all of these extern'd vars; however, two of them are actually defined in
libtelnet instead. Instead of doing an #ifdef extern dance around those
function pointers, just add an EXTERN macro to make it easier to
differentiate by sight which ones will get allocated in globals.c and which
ones are defined elsewhere.
r359406:
telnet: kill off remaining duplicate definition
r359413:
ipfilter: remove duplicate definition of 'thishost'
thishost is already defined in lib/initparse.c; no need for this one. This
fixes the ipfilter build with -fno-common.
-fno-common will become the default in GCC10/LLVM11.
r359414:
iscontrol: move definition of vflag/iscsidev to iscontrol.c
Mark the declaration extern as these are used elsewhere; this fixes the
build with -fno-common.
r359415:
userboot: mark host_fsops as extern
This is already defined elsewhere; mark this declaration extern to the fix
the -fno-common build.
r359416:
systat: remove redundant definition of kd
kd is already properly declared in extern.h and defined in main.c, rendering
this definition useless. This fixes the -fno-common build.
r359424:
openssh: -fno-common fix from upstream f47d72ddad
This is currently staged in vendor/ as part of the 8.0p1 import, which isn't
quite ready to land. Given that this is a simple one-line fix, apply it now
as the fallout will be pretty minimal.
-fno-common will become the default in GCC10/LLVM11.
r359425:
locate: fix -fno-common build
Just a single variable declaration to extern and define elsewhere here,
myctype.
-fno-common will become a default in GCC10/LLVM11.
r359427:
fsck_ffs/fsdb: fix -fno-common build
This one is also a small list:
- 3x duplicate definition (ufs2_zino, returntosingle, nflag)
- 5x 'needs extern', 3/5 of which are referenced in fsdb
-fno-common will become the default in GCC10/LLVM11.
r359432:
gdb: compile with -fcommon explicitly
As described in the comment, gdb relies on some of the linker magic that
happens with -fcommon. I suspect the life expectancy of gdb-in-base is low
enough that this isn't worth spending much time addressing, especially given
the vintage. Hit it with the -fcommon hammer so that it continues to just
work.
r359433:
bmake: fix -fno-common build
debug was declared extern, but debug_file was not; correct this and define
debug_file in main.c (as debug is) to fix the -fno-common build.
-fno-common will become the default with GCC10/LLVM11.
r359443:
MFV r359442: bmake: import -fno-common fix build back from upstream
sjg@ committed the local patch previously committed upstream; pull it in to
vendor/ to ease any potential stress of future imports.
r359675:
kqueue tests: fix -fno-common build
vnode_fd and kqfd are both shared among multiple CU; define them exactly
once.
In the case of vnode_fd, it was simply the declaration that needed
correction.
-fno-common will become the default in GCC10/LLVM11.
r359676:
ntpd: fix build with -fno-common
Only a small nit here: psl should be declared extern and defined exactly
once.
-fno-common will become the default in GCC10/LLVM11.
r359677:
yp*: fix -fno-common build
This is mostly two problems spread out far and wide:
- ypldap_process should be declared properly
- debug is defined differently in many programs
For the latter, just extern it and define it everywhere that actually needs
it. This mostly works out nicely for ^/libexec/ypxfr, which can remove the
assignment at the beginning of main in favor of defining it properly.
-fno-common will become the default in GCC10/LLVM11.
r359678:
indent: fix the -fno-common build
Spread the globals far and wide, hopefully to the files that make the most
sense.
-fno-common will become the default in GCC10/LLVM11.
David Bright [Thu, 9 Apr 2020 18:17:07 +0000 (18:17 +0000)]
MFC r359562:
Fix various Coverity-detected errors in nvmecontrol
This fixes several Coverity-detected errors in nvmecontrol. While in
here, a couple additional errors with shift/mask confusion that were
not diagnosed by Coverity are also fixed.
MFC r359644: llvm: add a build knob for enabling assertions
For head/, this will remain eternally default-on to maintain the status quo.
For stable/ branches, it should be flipped to default-off to maintain the
status quo.
There's value in being able to flip it one way or the other easily on head
or stable branches, whether you want to gain some performance back on head/
(for machines there's little chance you'll actually hit an assertion) or
potentially diagnose a problem with the version of llvm on an older branch.
Currently, stable branches get the CFLAGS+= -ndebug line uncommented; going
forward, they will instead have the default of LLVM_ASSERTIONS flipped.
[MFC note: that last comment just happened for these two branches]
MFC r359327,359328:
Add property-based filters for syslogd.
Property-based filters allow substring and regular expressions
(see re_format(7)) matching against various message attributes.
Filter specification starts with '#:' or ':' followed by three
comma-separated fields property, operator, "value". Value must be
double-quoted. A double quote and backslash must be escaped by a
backslash.
Following properties are supported as test value:
o msg - body of the message received;
o programname - program name sent the message;
o hostname - hostname of message's originator;
o source - an alias for hostname.
Supported operators:
o contains - true if filter value is found as a substring of property;
o isequal - true if filter value is equal to property;
o startswith - true if property starts with filter value;
o regex - true if property matches basic regular expression defined
in filter value;
o ereregex - true if property matches extended regular expression
defined in filter value;
Operator may be prefixed by '!' to invert compare logic or by
'icase_' to make comparison function case insensitive.
Submitted by: Boris N. Lytochkin <lytboris at gmail com>
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D23468
The vectx API, computes the hash for verifying a file as it is read.
This avoids the overhead of reading files twice - once to verify, then
again to load.
For doing an install via loader, avoiding the need to rewind
large files is critical.
This API is only used for modules, kernel and mdimage as these are the
biggest files read by the loader.
The reduction in boot time depends on how expensive the I/O is
on any given platform. On a fast VM we see 6% improvement.
For install via loader the first file to be verified is likely to be the
kernel, so some of the prep work (finding manifest etc) done by
verify_file() needs to be factored so it can be reused for
vectx_open().
For missing or unrecognized fingerprint entries, we fail
in vectx_open() unless verifying is disabled.
Otherwise fingerprint check happens in vectx_close() and
since this API is only used for files which must be verified
(VE_MUST) we panic if we get an incorrect hash.
Fix pkgfs stat so it satisfies libsecureboot
We need a valid st_dev, st_ino and st_mtime
to correctly track which files have been verified
and to update our notion of time.
ve_utc_set(): ignore utc if it would jump our current time
by more than VE_UTC_MAX_JUMP (20 years).
Allow testing of install command via userboot.
Need to fix its stat implementation too.
bhyveload also needs stat fixed - due to change to userboot.h
Call ve_error_get() from vectx_close() when hash is wrong.
Track the names of files we have hashed into pcr
For the purposes of measured boot, it is important
to be able to reproduce the hash reflected in
loader.ve.pcr
so loader.ve.hashed provides a list of names in the order they
were added.
Avoid unused vars when VE_ECDSA_HASH_AGAIN undefined
Ryan Moeller [Wed, 8 Apr 2020 06:06:13 +0000 (06:06 +0000)]
MFC r359303
MFOpenZFS: ZVOLs should not be allowed to have children
zfs create, receive and rename can bypass this hierarchy rule. Update
both userland and kernel module to prevent this issue and use pyzfs
unit tests to exercise the ioctls directly.
Note: this commit slightly changes zfs_ioc_create() ABI. This allow to
differentiate a generic error (EINVAL) from the specific case where we
tried to create a dataset below a ZVOL (ZFS_ERR_WRONG_PARENT).
Reviewed-by: Paul Dagnelie <pcd@delphix.com> Reviewed-by: Matt Ahrens <mahrens@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Tom Caputi <tcaputi@datto.com> Signed-off-by: loli10K <ezomori.nozomu@gmail.com>
Approved by: mav (mentor)
openzfs/zfs@d8d418ff0cc90776182534bce10b01e9487b63e4
MFC r342168,357786: Allow ng_nat to be attached to a ethernet interface
Allow ng_nat to be attached to a ethernet interface directly via ng_ether(4)
or the likes. Add new control message types: setdlt and getdlt to switch
from default DLT_RAW (no encapsulation) to DLT_EN10MB (ethernet).
MFC r357092,357787: Add support for RFC 6598/Carrier Grade NAT subnets
to libalias and ipfw.
In libalias, a new flag PKT_ALIAS_UNREGISTERED_RFC6598 is added.
This is like PKT_ALIAS_UNREGISTERED_ONLY, but also is RFC 6598 aware.
Also, we add a new NAT option to ipfw called unreg_cgn, which is like
unreg_only, but also is RFC 6598-aware. The reason for the new
flags/options is to avoid breaking existing networks, especially those
which rely on RFC 6598 as an external address.
MFC r359271:
Use IP_FW_NAT44_DESTROY opcode for IP_FW3 socket option to destroy
NAT instance.
The NAT44 group of opcodes for IP_FW3 socket option is modern way
to control NAT instances and this method can be used in future to
switch from numeric to named NAT instances, like was done for ipfw
tables.
The IP_FW_NAT_DEL opcode is the last remnant of old ipfw_ctl control
plane that doesn't support versioned operations. This interface will
be retired soon.
r359241:
Remove the link to libl which only contains a stub function
on yywrap, if the flex is told yywrap is not in use, then this linkage becomes
unnecessary
When deleting a user, if its home directory does not belong to it, it should
not be removed. This is the promise that the manpage makes, the tool should
ensure that it respects that promise.
Add a regression test about it
PR: 244967
Submitted by: Eric Hanneken <eric@erichanneken.com>
pfctl: improve rule load times with thousands of interfaces
r343287 / D18759 introduced ifa_add_groups_to_map() which is now run by
ifa_load/ifa_lookup/host_if. When loading an anchor or ruleset via pfctl that
does NOT contain ifnames as hosts, host() still ends up iterating all
interfaces twice, grabbing SIOCGIFGROUP ioctl twice for each. This adds an
unnecessary amount of time on systems with thousands or tens of thousands of
interfaces.
Prioritize the IPv4/6 check over the interface name lookup, which skips loading
the iftab and iterating all interfaces when the configuration does not contain
interface names.
MFC r359439:
Evaluate modifier keys before the regular keys, so that if a modifier
key is pressed at the same time as a regular key, that means key with
modifier is output. Some automated USB keyboards like Yubikeys need this.
Alexander Motin [Thu, 2 Apr 2020 00:30:01 +0000 (00:30 +0000)]
MFC r359112: MFOpenZFS: make zil max block size tunable
We've observed that on some highly fragmented pools, most metaslab
allocations are small (~2-8KB), but there are some large, 128K
allocations. The large allocations are for ZIL blocks. If there is a
lot of fragmentation, the large allocations can be hard to satisfy.
The most common impact of this is that we need to check (and thus load)
lots of metaslabs from the ZIL allocation code path, causing sync writes
to wait for metaslabs to load, which can take a second or more. In the
worst case, we may not be able to satisfy the allocation, in which case
the ZIL will resort to txg_wait_synced() to ensure the change is on
disk.
To provide a workaround for this, this change adds a tunable that can
reduce the size of ZIL blocks.
External-issue: DLPX-61719 Reviewed-by: George Wilson <george.wilson@delphix.com> Reviewed-by: Paul Dagnelie <pcd@delphix.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Matthew Ahrens <mahrens@delphix.com>
Closes #8865
openzfs/zfs@b8738257c2607c73c731ce8e0fd73282b266d6ef
MFC r359095:
Add pci_iov_if.h header as a dependency for Linuxkpi consumers.
MFC note: this is not a true merge of r359095, but an adaptation of the
committed bit from r359378, which was MFC r359185. The functional part
of the change should be same.