fix locking within tcp_ipsec_pcbctl() to match ipsec4_pcbctl(), ipsec4_pcbctl()
IPSEC_PCBCTL() functions, which include tcp_ipsec_pcbctl(),
ipsec4_pcbctl(), and ipsec6_pcbctl(), should all have matching locking
semantics.
ipsec4_pcbctl() and ipsec6_pcbctl() expect the inp to be unlocked on
entry and exit and appear to be correctly implemented as such. But
tcp_ipsec_pcbctl() had other semantics. This patch fixes the semantics
for tcp_ipsec_pcbctl().
r333175 (multicast changes) exposed a bug where
mxge was not checking to see if the driver was being
unloaded while handing ioctls that touch hardware.
As a result, now that in6m_disconnect() is run from
an async gtaskq, it was busy-waiting in mxge_send_cmd()
while the mcast list was destroyed.
Some applications, notably PostgreSQL, want to call setproctitle()
very often. It's slow. Provide an alternative cheap way of updating
process titles without making any syscalls, instead requiring other
processes (top, ps etc) to do a bit more work to retrieve the data.
This uses a pre-existing code path inherited from ancient BSD, which
always did it that way.
Add a way for the process to request cleanup of the kernel cache of
the process arguments. New arguments length zero causes the drop of
the pargs instead of allocation of useless zero-length buffer.
remove unneeded inclusion of sys/interrupt.h from several files
It's likely that the header was needed in the past for swi(9).
But now that code does not use swi(9) or any other interfaces defined
in sys/interrupt.h.
manu [Wed, 4 Jul 2018 07:37:45 +0000 (07:37 +0000)]
loader: fdt: Try to load every possible DTB from u-boot
U-Boot setup a few variables :
- fdt_addr which is the board static dtb (most of the time loaded before
u-boot or coming from some hardware like a ROM)
- fdt_addr_r which is a location in RAM that holds the DTB loaded by
u-boot or before u-boot
In the case of u-boot + rpi firmware the DTB is loaded in RAM but the location
still end up in the fdt_addr variable and the fdt_addr_r variable exist.
Change the behavior so we test that a DTB exists for every possible variable :
- fdt_addr_r is checked first as if u-boot needed to modify it the
correct DTB will live there.
- fdt_addr is checked second as if we run on a hardware with DTB in ROM
it means that we what/need to run that
- fdtaddr looks like a FreeBSD-ism but since I'm not sure leave it.
- Fix a double unlock in inp_block_unblock_source() and
lock leakage in inp_leave_group() which caused a panic.
- Make order of CTR1() and IN_MULTI_LIST_LOCK() consistent
around inm_merge().
will [Wed, 4 Jul 2018 03:36:46 +0000 (03:36 +0000)]
Revert r335833.
Several third-parties use at least some of these ioctls. While it would be
better for regression testing if they were used in base (or at least in the
test suite), it's currently not worth the trouble to push through removal.
muge(4): add DTB blob as one more possible source of MAC address
On FDT-enabled platforms check if DTB blob has MAC address configured by
a boot loader. This information passed as a "local-mac-address" or
"mac-address" property of the device node. For USB NICs node
can be found by looking for compatibility string "usbVVV,PPP" where
VVV - vendor id (hex) and PPP - product id (hex)
- Add tracker argument to preemptible epochs
- Inline epoch read path in kernel and tied modules
- Change in_epoch to take an epoch as argument
- Simplify tfb_tcp_do_segment to not take a ti_locked argument,
there's no longer any benefit to dropping the pcbinfo lock
and trying to do so just adds an error prone branchfest to
these functions
- Remove cases of same function recursion on the epoch as
recursing is no longer free.
- Remove the the TAILQ_ENTRY and epoch_section from struct
thread as the tracker field is now stack or heap allocated
as appropriate.
Tested by: pho and Limelight Networks
Reviewed by: kbowling at llnw dot com
Sponsored by: Limelight Networks
Differential Revision: https://reviews.freebsd.org/D16066
Allow jail names (not just IDs) to be specified for: cpuset(1), ipfw(8),
sockstat(1), ugidfw(8)
These are the last of the jail-aware userland utilities that didn't work
with names.
PR: 229266
MFC after: 3 days
Differential Revision: D16047
Use 'e' instead of 'i' constraints with 64-bit atomic operations on amd64.
The ADD, AND, OR, and SUB instructions take at most a 32-bit
sign-extended immediate operand. 64-bit constants that do not fit into
that constraint need to be loaded into a register. The 'i' constraint
tells the compiler it can pass any integer constant to the assembler,
whereas the 'e' constrain only permits constants that fit into a 32-bit
sign-extended value. This fixes using
atomic_add/clear/set/subtract_long/64 with constants that do not fit into
a 32-bit sign-extended immediate.
Reported by: several folks
Tested by: Pete Wright <pete@nomadlogic.org>
MFC after: 2 weeks
Fix .depend.foo.o tracking for sys/conf/files defined compilations.
Some example files:
ia32_genassym.o
acpi_wakecode.o
The old mkdep method also lacked tracking these files.
Objects defined in sys/conf/files with no-obj and no-implicit-rule get their
own targets defined in the kernel Makefile but lack having their objects added
to DEPENDOBJS so never get a .depend file generated. Normally if an object is
in OBJS it will get a .depend file.
Fix this by looking for .o files in CLEAN and ensuring they are part of
the -MD filtering and .depend loading. This is a hack. Other solutions
could exist involving sys/conf/files or config(8) to auto add these to
DEPENDFILES/DEPENDOBJS but this method seems reliable enough without being
intrusive or error-prone for new files.
Fix possible strict aliasing issue (if time_t is the same size as int but
not int but for example long) which also resulted in a false positive
warning on systems with 64-bit time_t. Pointer casts are bad; we can just
copy the time_t.
Elsewhere, avoid casting char * to int * by using memcpy().
auditd_wait_for_events() relies on read(2) being interrupted by signals,
but it registers signal handlers with signal(3), which sets SA_RESTART.
That breaks asynchronous signal handling. It means that signals don't
actually get handled until after an audit(8) trigger is received.
Symptoms include:
* Sending SIGTERM to auditd doesn't kill it right away; you must send
SIGTERM and then send a trigger with auditon(2).
* Same with SIGHUP
* Zombie child processes don't get reaped until auditd receives a trigger
sent by auditon. This includes children created by expiring audit trails
at auditd startup.
Clean up the vcs ID strings in libc's gen/ directory.
- Move CSRG IDs into __SCCSID().
- When a file has been copied, consistently use 'From: <tag>' for strings
referencing the version of the source file copied from in the license
block comment.
- Some of the 'From:' tags were using $FreeBSD$ that was being expanded on
each checkout. Fix those to hardcode the FreeBSD tag from the file that
was copied at the time of the copy.
- When multiple strings are present list them in "chronological" order,
so CSRG (__SCCSID) before FreeBSD (__FBSDID). If a file came from
OtherBSD and contains a CSRG ID from the OtherBSD file, use the order
CSRG -> OtherBSD -> FreeBSD.
Strip __RCSID() and __SCCSID() strings by default when building libc.
This is in preparation for changes to update the various ID strings in
libc's source. CSRG ID strings will use __SCCSID() and there are some
existing uses of __RCSID() for NetBSD ID strings already. These are
generally under either an explicit #if 0 or an #ifdef LIBC_SCCS so are
off by default and this change preserves that existing behavior.
Reset indentiation of ata_suspend() such that its clear we fall through
this function and that we aren't supposed to be controlled by the first
if() conditional. Found with gcc.
No functional change is intended with this commit.
Reset indentation of this flag. No functional change intended.
Found with gcc.
sys/dev/ata/chipsets/ata-siliconimage.c: In function 'ata_cmd_ch_attach':
sys/dev/ata/chipsets/ata-siliconimage.c:187:5:
warning: this 'if' clause does not guard... [-Wmisleading-indentation]
if (ctlr->chip->cfg2 & SII_INTR)
^~
sys/dev/ata/chipsets/ata-siliconimage.c:190:2:
note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'if'
ch->flags |= ATA_NO_ATAPI_DMA;
Don't specify the desired march/mabi for RISC-V in ACFLAGS.
ACFLAGS is only used in addition to CFLAGS, so setting the options in
both was redundant. However, ACFLAGS is added to the command line
after CFLAGS, so the settings from ACFLAGS were applied for assembly
files in kernel modules after the kernel-specific march/abi in CFLAGS.
As a result, the hard-float ACFLAGS in bsd.cpu.mk was overriding the
soft-float CFLAGS.gcc in sys/conf/kern.mk. In particular,
dtrace_asm.o was compiled as hard-float and the linker refused to link
dtrace.ko since its object files contained a mix of hard and soft
float.
pfctl: Don't retrieve interface list if '-n' is set
If '-n' is set we don't use the list of skip interfaces, so don't retrieve it.
This fixes issues if 'pfctl -n' is used before the pf module is loaded. This
was broken by r333181.
Reported by: Jakub Chromy <hicks AT cgi.cz>
MFC after: 1 week
harti [Tue, 3 Jul 2018 08:44:40 +0000 (08:44 +0000)]
Update bsnmp to version 1.13. This does not bring user-visible changes.
For developers gensnmptree can now generate functions for enums to convert
between enums and strings and to check the validity of a value.
The sources in FreeBSD are now in sync with the upstream which allows to
bring in IPv6 modifications.
When toggling the display using the "m" command to toggle from 'cpu'
mode to 'io' mode, an artifact remains because the buffer is not
"finished" with a NULL terminator using sbuf_finish().
An example of this is, when the "m" command is entered, the title line
will contain COMMANDND instead of COMMAND. This commit fixes this.
Avoid pulling in all of the <sys/proc.h> dependencies by
automatically generating a stripped down thread_lite exporting
only the fields of interest. The field declarations are type checked
against the original and the offsets of the generated result is
automatically checked.
kib has expressed disagreement and would have preferred to simply
use genassym style offsets (which loses type check enforcement).
jhb has expressed dislike of it due to header pollution and a
duplicate structure. He would have preferred to just have defined
thread in _thread.h. Nonetheless, he admits that this is the only
viable solution at the moment.
The impetus for this came from mjg's D15331:
"Inline critical_enter/exit for amd64"
Reviewed by: jeff
Differential Revision: https://reviews.freebsd.org/D16078
ian [Mon, 2 Jul 2018 22:58:04 +0000 (22:58 +0000)]
Move the passphrase and iteration count into variables.
This is purely to make it easier to tweak them locally; the machine I have
for testing takes forever to do 50,000 pw strengthening iterations, and
we're not testing the strength of geli's anti-pw-guessing logic here
(especially given that our test passphrase is "passphrase", except that
I tend to tweak that also, to 'x', because typing is hard).
Some day these should be settable as cmdline args. But then, some day this
whole script should probably get a rewrite. :)
Cut currdev dev and path fields for ZFS on the last colon.
Previously the code cut those fields on second colon, that prevented
boot from boot environments with colon in their names. This change
moves the limitation from dev field to path, which is empty by default.
inline atomics and allow tied modules to inline locks
- inline atomics in modules on i386 and amd64 (they were always
inline on other arches)
- allow modules to opt in to inlining locks by specifying
MODULE_TIED=1 in the makefile
Document the "#mds_path" suffix for the "-p" command line option.
r335871 added support for an optional suffix of "#mds_path" that can be
applied to each entry in the "-p" option argument. This specifies that
the DS should be used to store files for the file system on the MDS
at "mds_path".
This patch documents this optional suffix.
Without this patch, the pNFS server distributes the data storage files across
all of the specified DSs.
A tester noted that it would be nice if a system administrator could control
which DSs are used to store the file data for a given exported MDS file system.
This patch adds an optional suffix for each entry in the "-p" option argument
that specifies "store file data for this MDS file system" in this DS.
The patch should only affect sites using the pNFS server (specified via the
"-p" command line option for nfsd.
The interface between the nfsd and the kernel has changed with this patch,
so anyone using the "-p" option needs to rebuild their nfsd from sources
with this patch applied to them.
Without this patch, the pNFS server distributes the data storage files across
all of the specified DSs.
A tester noted that it would be nice if a system administrator could control
which DSs are used to store the file data for a given exported MDS file system.
This patch adds the kernel support to do this. It also makes a slight semantic
change to nfsv4_findmirror(), since some uses of it no longer require that
the DS being searched for have a current mirror.
A patch that will be committed in a few minutes will modify the nfsd daemon
to support this feature.
The patch should only affect sites using the pNFS server (specified via the
"-p" command line option for nfsd.
stand/common/disk.c: Read partition table relative to the start of the disk
If a disk is of an oddball size, like the 200mb + 512b used in rootgen.sh,
when disk_open() is called on a GELI encrypted partition, attempts to read
the partition table fail, as they pass through the decryption process which
turns the already plaintext data into jibberish.
When reading the partition table, always pass a slice and partition setting
of -1, and an offset of 0. Setting the slice to -1 prevents a false
positive when checking the slice against the cache of GELI encrypted
slices.
Reviewed by: imp, ian
Sponsored by: Klara Systems
Differential Revision: https://reviews.freebsd.org/D15847
Fix the server side krpc so that the kernel nfsd threads terminate.
Occationally the kernel nfsd threads would not terminate when a SIGKILL
was posted for the kernel process (called nfsd (slave)). When this occurred,
the thread associated with the process (called "ismaster") had returned from
svc_run_internal() and was sleeping waiting for the other threads to terminate.
The other threads (created by kthread_start()) were still in svc_run_internal()
handling NFS RPCs.
The only way this could occur is for the "ismaster" thread to return from
svc_run_internal() without having called svc_exit().
There was only one place in the code where this could happen and this patch
stops that from happening.
Since the problem is intermittent, I cannot be sure if this has fixed the
problem, but I have not seen an occurrence of the problem with this patch
applied.
Introduce vm_phys_enq_range(), and call it in vm_phys_alloc_npages()
and vm_phys_alloc_seg_contig() instead of vm_phys_free_contig(). In
short, vm_phys_enq_range() is simpler and faster than the more general
vm_phys_free_contig(), and in the case of vm_phys_alloc_seg_contig(),
vm_phys_free_contig() was placing the excess physical pages at the
wrong end of the queues.
In collaboration with: Doug Moore <dougm@rice.edu>
Change the group and the permissions on /dev/acpi, to make "acpiconf"
work when called by members of the 'operator' group. They are already
allowed to eg power off the system (via suid shutdown(8)), so they
might as well be permitted to suspend it.
Restore the order in which RFC 3164 messages with fac/pri are formatted.
The refactoring of the syslogd code to format messages using iovecs
slightly altered the output of syslogd by placing the facility/priority
after the hostname, as opposed to printing it right before. This change
reverts the behaviour to be consistent with how it was before.
PR: 229457
Reported by: Andre Albsmeier
MFC after: 1 week
Add support for the second channel to bcm2835_pwm driver. Configurable
parameters like mode, period, ratio are exposed as sysctls with postfix '2',
e.g.: dev.pwm.N.mode2, dev.pwm.N.period2, dev.pwm.N.ratio2
Second channel can be enabled in DTB by configuring pwn-2chan overlay
instead of pwm in config.txt. See [1]
[man] Get uhid(4) man page in sync with current API
API documented in previous version of uhid(4) man page has been obsolete
since May 2009 when old USB stack was replaced with USB2 implentation.
Current API has the same set of ioctl calls but uses usb_gen_descriptor
structure to pass data to/from kernel.
There isn't any need to limit the size of the screen. Utilities like
'less -S' don't have a (meaningful) limit anyways. This also makes the
way to dynamically changing the column widths based on the screen width.
This code isn't designed to be particularly portable outside of FreeBSD.
To be more specific it doesn't make much sense to support compiling
find(1) on VMS.
Add a new "-m" option to pnfsdsfile(8) to prepare a file for mirroring.
When pnfsdscopymr(8) is used to create a mirror of a file on a mirrored
pNFS service, it expects to find an entry in the extended attribute for
IP address 0.0.0.0.
This patch adds a "-m" option which can be used to create these entrie(s).
It also tightens up the checks for use of incompatible command line options.