rrs [Fri, 11 Jun 2010 03:13:19 +0000 (03:13 +0000)]
MFC:
Fix a number of bugs and race conditions.
r208160: Bring back of the iterator thread. It now properly handles VNETS
having only one thread. The old timer based code was full of
LOR's and other issues.
r208852: Cleanup bug. Basically when an un-accepted socket was hanging on a
closed listener, we would leak the inp never cleaning it up
r208853: Enhance the use under invarients of the audit for locks function
and fix a bug where a close collision with a cookie being processed
would cause a crash.
r208854: Use the proper increment macros when working with the
sent_queue_retran_cnt
r208855: Align comments properly, Fix a bug where we were NOT looking at the
resend markings for control chunks and also not decrementing the
retran count which caused extra calls to retransmission. Alos add
a valid no locks call to the output routine.
r208856: Spacing issues in auth/bsd addr.
r208857: Get rid of a windows ifdef that somehow leaked in
r208863: Missing error leg returns in some failure cases
r208864: LOR fix between the iterator and sctp_inpcb_close
r208874: Don't call the sctp_inpcb_free from abort an association since you
don't know what locks you hold and a timer will take care of the
situation when the gone flag is set
r208875: sctp_inpcb_free bug - a socket under the right situation could get
stuck (from the accept queue) and never start the proper cleanup
timer)
r208876: Further enhance invariant lock validation, Fix a bug where a closed
socket and a INIT-ACK could collide and cause a crash
r208878: Clear up another bug in sctp_inpcb_free where we would end up due
to a race in freeing hit a destroy of a contended lock.
r208879: Optimize the cleanup and make some additional fixes in the sysctl
code so that it won't reference a GONE INP and crash us
r208883 & r208891: Fix so we don't open a hole between a sock lock and a call
to socantrcvmore.. we could before hit a race that would kill the
socket underneath us leading to a crash
r208897: CUM-ACK calculation was messed up. So basically large message got
broken from the original NR_sack integration.
r208902: Make sure that we don't move a bit to the NR array that is behind
the cum-ack
r208952: Use both bit maps to calculte the cum-ack.
r208953: Fix bug having to do with freeing an sctp_inpcb_free().
1) make sure not to remove the flag until you get the lock again.
2) make sure all log_closing calls hold the lock.
3) Release all the locks when everthing is done and call callout_drain
not callout_stop..
r208970: Fix some places on user allocation of a new sctp_inpcb where we run
out of resource that we make sure to NULL the so_pcb pointer.
Approved by: re - (bz@freebsd.org)
rpaulo [Thu, 10 Jun 2010 20:34:22 +0000 (20:34 +0000)]
MFC r208644:
Due to the way HALDEBUG() is defined, we need to add curly brackets
when using it as a sole if clause instruction.
While there, fix 'const static' typo.
Submitted by: Arnaud Lacombe <alc@FreeBSD.org>
Approved by: re (kensmith)
rpaulo [Thu, 10 Jun 2010 20:26:34 +0000 (20:26 +0000)]
MFC r208711:
Bring in a couple of fixes from the Linux ath9k related to chip hangs.
While there, try to make the register write pattern look like what's
done by ath9k.
jhb [Thu, 10 Jun 2010 20:13:03 +0000 (20:13 +0000)]
MFC 208603,208605:
More gracefully handle stale file handles and attributes when opening a
file via NFS. Specifically, to satisfy close-to-open-consistency, the NFS
client always performs at least one RPC on a file during an open(2) to see
if the file has changed. Normally this RPC is an ACCESS or GETATTR RPC
that is forced by flushing a file's attribute cache during nfs_open() and
then requesting new attributes. However, if the file is noticed to be
stale during nfs_open(), the only recourse is to fail the open(2) call
with ESTALE. On the other hand, if the ACCESS or GETATTR RPC is sent
during nfs_lookup(), then the NFS client can fall back to a LOOKUP RPC to
obtain the new file handle in the case that a file has been replaced.
This change causes the NFS client to flush the attribute cache during
nfs_lookup() when validating a name cache hit if the attributes fetched
during nfs_lookup() can be reused in nfs_open(). This allows the client
to open a replaced file via the new file handle the first time that it
notices a replaced file rather than failing with ESTALE in some cases.
nwhitehorn [Thu, 10 Jun 2010 19:11:00 +0000 (19:11 +0000)]
MFC r208835:
Make sure that interrupt sense settings set after interrupts are enabled
are respected. This fixes loading the Apple onboard audio driver
(snd_ai2s) as a module after boot, which would previously cause a panic.
yongari [Thu, 10 Jun 2010 17:53:35 +0000 (17:53 +0000)]
MFC r208862:
Fix a bug introduced in r199011. When bge(4) reuses loaded RX
buffers it should also reinitialize RX descriptors otherwise some
stale data could be passed to controller. This could end up with
mbuf double free or unexpected NULL pointer dereference in upper
stack. To fix the issue, save loaded buffer's length and
reinitialize RX descriptors with the saved value whenever bge(4)
reuses the loaded RX buffers.
While I'm here, increase the number of RX buffers to 512 from 256.
This simplifies RX buffer handling as well as giving more RX
buffers. Controller supports just fixed number of RX buffers
(i.e. 512) and bge(4) used to rely on hope that our CPU is fast
enough to keep up with the controller. With this change, bge(4)
will use 1MB for RX buffers but I don't think it would cause
problems in these days.
Reported by: marcel
Tested by: marcel
Approved by: re (bz)
alc [Tue, 8 Jun 2010 04:41:31 +0000 (04:41 +0000)]
MFC r208765
In the unlikely event that pmap_ts_referenced() demoted five superpage
mappings to the same underlying physical page, the calling thread would
be left forever pinned to the same processor.
The first 96 bytes may not be zeroes. It can contain trivial boot
code that merely emits an error and waits for a key press before
rebooting. The error being that extended partitions are not
bootable. The origin is presumed to be Windows 2000; Windows XP
does not do this...
For now, ignore the first 96 bytes when checking that the EBR is
(for the most part) all zeroes.
Tested by: Mario Lobo <mlobo at digiart.art.br>
Dieter <dieterbsd at engineer.com>
PR: kern/141235
Reviewed by: marcel
Approved by: kib (mentor)
Approved by: re (bz)
mjacob [Mon, 7 Jun 2010 16:32:12 +0000 (16:32 +0000)]
MFC of 198262
Use callout_init_mtx on FreeBSD versions recent enough. This closes
the race where interrupt thread can complete the request for which
timeout has fired and while mpt_timeout has blocked on mpt_lock.
kib [Sat, 5 Jun 2010 14:53:34 +0000 (14:53 +0000)]
MFC r208731:
Add a facility to dynamically adjust or unconfigure p1003_1b mib.
Use it to allow to tune sem_nsem_max at runtime, only when sem.ko
module is present in kernel.
kib [Fri, 4 Jun 2010 14:06:59 +0000 (14:06 +0000)]
MFC r208374:
Remove POLLHUP from the flags used to test for to set exceptfsd
fd_set bits in select(2). It seems that historical behaviour is to not
reporting exception on EOF, and several applications are broken.
rwatson [Thu, 3 Jun 2010 09:02:53 +0000 (09:02 +0000)]
Merge r204826 from head to stable/8:
Make udp_set_kernel_tunneling() less forgiving when its invariants are
violated: so_pcb can never be NULL for a valid UDP socket, and it is
always SOCK_DGRAM. Use sotoinpcb() as the rest of the UDP code does.
rwatson [Thu, 3 Jun 2010 08:55:45 +0000 (08:55 +0000)]
Merge r204810 from head to stable/8:
Remove unnecessary locking of divcbinfo lock from div_output(): this has
not been required since FreeBSD 7.0 when the so_pcb pointer leading to inp
was guaranteed to be stable when a valid socket reference is held (as it
is in the output path).
glebius [Wed, 2 Jun 2010 18:46:12 +0000 (18:46 +0000)]
Merge 208554 from head:
Add uep(4), driver for USB onscreen touch panel from eGalax.
The driver is stub. It just creates device entry and feeds
reassembled packets from hardware into it.
If in future we would port wsmouse(4) from NetBSD, or make
sysmouse(4) to support absolute motion events, then the driver
can be extended to act as system mouse. Meanwhile, it just
presents a /dev/uep0, that can be utilized by X driver, that
I am going to commit to ports tree soon.
The name for the driver is chosen to be the same as in NetBSD,
however, due to different USB stacks this driver isn't a port.
The driver is supported by ports/x11-drivers/xf86-input-egalax.
attilio [Tue, 1 Jun 2010 21:19:58 +0000 (21:19 +0000)]
MFC r207329, r208716:
- Extract the IODEV_PIO interface from ia64 and make it MI.
- On i386 and amd64 the old behaviour is kept but multithreaded
processes must use the new interface in order to work well.
- Support for the other architectures is greatly improved.
rwatson [Tue, 1 Jun 2010 14:29:26 +0000 (14:29 +0000)]
Merge r206210 from head to stable/7:
Synchronize Coda kernel module definitions in our coda.h to Coda 6's
coda.h:
- CodaFid typdef -> struct CodaFid throughout.
- Use unsigned int instead of unsigned long for venus_dirent and other
cosmetic fixes.
- Introduce cuid_t and cgid_t and use instead of uid_t and gid_t in RPCs.
- Synchronize comments and macros.
- Use u_int32_t instead of unsigned long for coda_out_hdr.
With these changes, a 64-bit Coda kernel module now works with
coda6_client, whereas previous userspace and kernel versions of RPCs
differed sufficiently to prevent using the file system. This has been
verified only with casual testing, but /coda is now usable for at least
basic operations on amd64.
rwatson [Tue, 1 Jun 2010 14:21:24 +0000 (14:21 +0000)]
Merge r204809 from head to stable/8:
Add a comment to tcp_usr_accept() to indicate why it is we acquire the
tcbinfo lock there: r175612, which re-added it, masked a race between
sonewconn(2) and accept(2) that could allow an incompletely initialized
address on a newly-created socket on a listen queue to be exposed. Full
details can be found in that commit message.
rwatson [Tue, 1 Jun 2010 14:04:33 +0000 (14:04 +0000)]
Merge r204430 from head to stable/8:
Remove stale comment about socket buffer accounting from access(2) code.
It is the case, however, that the uidinfo of the temporary credential
set up for access(2) is not properly updated when its effective uid is
changed.
rwatson [Tue, 1 Jun 2010 13:59:48 +0000 (13:59 +0000)]
Merge r208601 from head to stable/8:
When close() is called on a connected socket pair, SO_ISCONNECTED might be
set but be cleared before the call to sodisconnect(). In this case,
ENOTCONN is returned: suppress this error rather than returning it to
userspace so that close() doesn't report an error improperly.
PR: kern/144061
Reported by: Matt Reimer <mreimer at vpop.net>,
Nikolay Denev <ndenev at gmail.com>,
Mikolaj Golub <to.my.trociny at gmail.com>
attilio [Tue, 1 Jun 2010 09:32:22 +0000 (09:32 +0000)]
MFC r208300:
Fix a race between ngs_rcvmsg() and soclose() which closes the control
socket while it is still in use as ngs_rcvmsg() runs without any lock
held.
Sponsored by: Sandvine Incorporated
Approved by: re (bz)
rwatson [Mon, 31 May 2010 22:18:42 +0000 (22:18 +0000)]
Merge r204173 from head to stable/8:
ifconfig(8) expects interface fooX to be supported by the module if_foo,
and will try to load it if it's not present. To better meet these
expectations, change the module name for the loopback interface from
'loop' to 'if_lo'. The loopback interface is always compiled into the
base kernel, so there are no resulting changes in kld files, etc.
yongari [Mon, 31 May 2010 22:03:56 +0000 (22:03 +0000)]
MFC r208512:
sge_encap() can sometimes return an error with m_head set to NULL.
Make sure not to requeue freed mbuf in sge_start_locked(). This
should fix NULL pointer dereference panic.
Reported by: Nikolay Denev <ndenev <> gmail dot com>
Submitted by: jhb
Approved by: re (bz)
rwatson [Mon, 31 May 2010 21:57:31 +0000 (21:57 +0000)]
Merge r203410 from head to stable/8:
Only audit pathnames in namei(9) if copying the directory string completes
successfully. Continue to do this before the empty path check so that the
ENOENT returned in that case gets an empty string token in the BSM record.
rwatson [Mon, 31 May 2010 21:14:56 +0000 (21:14 +0000)]
Merge r200899 from head to stable/8:
When warning about possible netisr configuration problems during boot,
report using "netisr_init" rather than "netisr2", which was the development
name for the project.
kib [Wed, 26 May 2010 19:26:28 +0000 (19:26 +0000)]
MFC r208488:
Fix the double counting of the last process thread td_incruntime
on exit, that is done once in thread_exit() and the second time in
proc_reap(), by clearing td_incruntime.
mjacob [Wed, 26 May 2010 18:56:06 +0000 (18:56 +0000)]
This is an MFC of 208119, 208129
Hook up some wires that were forgotten a few months ago and restore
the zombie device timeout code and the loop down time code and the fabric
hysteresis code.
marius [Wed, 26 May 2010 17:05:54 +0000 (17:05 +0000)]
MFC: r208459, r208511
- Update the sparc64 hardware list regarding machines that will be supported
beginning with 8.1-RELEASE as well as correct some existing entries and
add previously missed ones. [1]
- According to simon@ when referring to a company along a product just to
identify the company one shouldn't use the company trademark. [2]
jkim [Tue, 25 May 2010 20:16:36 +0000 (20:16 +0000)]
MFC: r208320
Add a new build option, MAN_UTILS. This option lets you control building
utilities and related support files for manual pages, which were previously
controlled by MAN. For POLA, the default depends on MAN, i.e., WITHOUT_MAN
implies WITHOUT_MAN_UTILS and WITH_MAN implies WITH_MAN_UTILS.
Note this patch implicitly fixes a documentation bug of src.conf(5), which
says WITHOUT_MAN may be used to not build manual pages while it was also
disabling some utilities for manual pages.
thompsa [Tue, 25 May 2010 02:39:55 +0000 (02:39 +0000)]
MFC r202612
Use the iflladdr_event event to keep the mac address on the vap in sync with
the parent wirless interface. If the user passed in a mac address or it was
autogenerated then flag this to avoid trashing it on update.
thompsa [Tue, 25 May 2010 02:36:06 +0000 (02:36 +0000)]
MFC r202588
Declare a new EVENTHANDLER called iflladdr_event which signals that the L2
address on an interface has changed. This lets stacked interfaces such as
vlan(4) detect that their lower interface has changed and adjust things in
order to keep working. Previously this situation broke at least vlan(4) and
lagg(4) configurations.
The EVENTHANDLER_INVOKE call was not placed within if_setlladdr() due to the
risk of a loop.
PR: kern/142927
Submitted by: Nikolay Denev
MFC r202611
Do not hold the lock over if_setlladdr() as it calls into the interface driver
init routine.
weongyo [Mon, 24 May 2010 21:01:37 +0000 (21:01 +0000)]
MFC r208120:
- fixes a bug that it didn't initialize the ratectl after association;
so ni_txrate returned 0 which is a invalid result.
- The fourth argument of ieee80211_ratectl_tx_complete() could be not
NULL.
Reported by: Gustau P?rez <gperez at entel.upc.edu>
Tested by: Gustau P?rez <gperez at entel.upc.edu>,
Ian FREISLICH <ianf at clue.co.za>
mm [Mon, 24 May 2010 20:09:40 +0000 (20:09 +0000)]
MFC r208472, r208474:
MFC r208472:
Fix zfs receive temporarily changing unchanged stream properties.
Fix possible panic with zfs_enable_datasets.
OpenSolaris onnv revision: 8536:33bd5de3260e [1]
MFC r208474:
Remove kstat.zfs.arcstats.l2_write_bytes_written
The arcstats.l2_write_bytes_written kstat counter introduced
in r205231 was duplicite with vendor's arcstats.l2_write_bytes counter
imported in r208373 (OpenSolaris revision 8582:df9361868dbe)
rstone [Mon, 24 May 2010 19:42:27 +0000 (19:42 +0000)]
MFC r207482
When configuring hwpmc to use the EXT_SNOOP event, only send a default
cachestate qualifier on the Atom processor. Other Intel processors do not
accept a cachestate qualifier and currently hwpmc will return EINVAL if you
try to use the EXT_SNOOP event on those processors
rstone [Mon, 24 May 2010 18:21:42 +0000 (18:21 +0000)]
MFC r207484:
When configuring a system-wide couting PMC, hwpmc was incorrectly logging
process mappings for that PMC. Nothing ever reads pmc logs out of a
counting PMC, so the log buffers were leaked when the PMC was
deconfigured. The process mappings are only useful for sampling PMCs
anyway, so only log the mappings if the PMC is a sampling PMC.
This bug would cause allocating sample-mode PMCs to fail with ENOMEM
after allocating several counting-mode PMCs.
Eventhough r203504 eliminates taste traffic provoked by vdev_geom.c,
ZFS still like to open all vdevs, close them and open them again,
which in turn provokes taste traffic anyway.
I don't know of any clean way to fix it, so do it the hard way - if we can't
open provider for writing just retry 5 times with 0.5 pauses. This should
elimitate accidental races caused by other classes tasting providers created on
top of our vdevs.
Reported by: James R. Van Artsdalen <james-freebsd-fs2@jrv.org>
Reported by: Yuri Pankov <yuri.pankov@gmail.com>
r207937:
I added vfs_lowvnodes event, but it was only used for a short while and now
it is totally unused. Remove it.
r207970:
When there is no memory or KVA, try to help by reclaiming some vnodes.
This helps with 'kmem_map too small' panics.
No objections from: kib
Tested by: Alexander V. Ribchansky <shurik@zk.informjust.ua>
r208142:
The whole point of having dedicated worker thread for each leaf VDEV was to
avoid calling zio_interrupt() from geom_up thread context. It turns out that
when provider is forcibly removed from the system and we kill worker thread
there can still be some ZIOs pending. To complete pending ZIOs when there is
no worker thread anymore we still have to call zio_interrupt() from geom_up
context. To avoid this race just remove use of worker threads altogether.
This should be more or less fine, because I also thought that zio_interrupt()
does more work, but it only makes small UMA allocation with M_WAITOK.
It also saves one context switch per I/O request.
PR: kern/145339
Reported by: Alex Bakhtin <Alex.Bakhtin@gmail.com>
r208147:
Add task structure to zio and use it instead of allocating one.
This eliminates the only place where we can sleep when calling zio_interrupt().
As a side-effect this can actually improve performance a little as we
allocate one less thing for every I/O.
Prodded by: kib
r208148:
Allow to configure UMA usage for ZIO data via loader and turn it on by
default for amd64. On i386 I saw performance degradation when UMA was used,
but for amd64 it should help.
r208166:
Fix userland build by making io_task available only for the kernel and by
providing taskq_dispatch_safe() macro.
mm [Mon, 24 May 2010 06:11:33 +0000 (06:11 +0000)]
MFC r208373:
Update L2ARC code and fix several bugs.
- improve ARC memory consumption (Bug ID 6488341)
- ARC/L2ARC metadata accounting (Bug ID 6748019)
- L2ARC turbo warmup (Bud ID 6748023)
- kstats for ARC content (Bug ID 6748023)
- kstats for evicted bytes from ARC by L2ARC state (Bud ID 6871680)
- fix panic on i386 systems (Bug ID 6821260)