neel [Sat, 27 Jun 2015 22:48:22 +0000 (22:48 +0000)]
MFC r276428:
Replace bhyve's minimal RTC emulation with a fully featured one in vmm.ko.
MFC r276432:
Initialize all fields of 'struct vm_exception exception' before passing it
to vm_inject_exception().
MFC r276763:
Clear blocking due to STI or MOV SS in the hypervisor when an instruction is
emulated or when the vcpu incurs an exception.
MFC r277149:
Clean up usage of 'struct vm_exception' to only to communicate information
from userspace to vmm.ko when injecting an exception.
MFC r277168:
Fix typo (missing comma).
MFC r277309:
Make the error message explicit instead of just printing the usage if the
virtual machine name is not specified.
MFC r277310:
Simplify instruction restart logic in bhyve.
MFC r277359:
Fix a bug in libvmmapi 'vm_copy_setup()' where it would return success even
if the 'gpa' was in the guest MMIO region.
MFC r277360:
MOVS instruction emulation.
MFC r277626:
Add macro to identify AVIC capability (advanced virtual interrupt controller)
in AMD processors.
MFC r279220:
Don't close a block context if it couldn't be opened avoiding a null deref.
MFC r279225:
Add "-u" option to bhyve(8) to indicate that the RTC should maintain UTC time.
MFC r279227:
Emulate MSR 0xC0011024 when running on AMD processors.
MFC r279228:
Always emulate MSR_PAT on Intel processors and don't rely on PAT save/restore
capability of VT-x. This lets bhyve run nested in older VMware versions that
don't support the PAT save/restore capability.
MFC r279540:
Fix warnings/errors when building vmm.ko with gcc.
erj [Fri, 26 Jun 2015 17:13:23 +0000 (17:13 +0000)]
Limit the number of autoconfigured queues to 8.
This limit was in a previous version of the driver, but it is being re-
added to match the behavior of previous versions of 10. It prevents the
driver from using too many MSI-X vectors on systems with a large number of
logical CPU cores.
Thanks to <jwd@slowblink.com> for bringing up this issue.
mav [Thu, 25 Jun 2015 07:23:35 +0000 (07:23 +0000)]
MFC r284540:
In case of target mode disable at least ISP2532 return invalid zero
ct_rxid value on CTIO completion. Try to workaround that using tag_id
from the CCB, pointed by still valid ct_syshandle.
I don't know whether this is valid fix or dirty hack, but considering that
alternative is indefinitely stuck command -- it worth trying.
mav [Thu, 25 Jun 2015 07:11:48 +0000 (07:11 +0000)]
MFC r284640: Bring per-port LUN enable/disable code up to date:
- remove last remnants of never implemented multiple targets support;
- implement missing support for LUN mapping in this area.
Due to existing locking constraints LUN mapping code is practically
unlocked at this point. Hopefully it is not racy enough to live until
somebody get idea how to call sleeping fronend methods under lock also
taken by the same frontend in non-sleepable context. :(
mav [Thu, 25 Jun 2015 07:08:46 +0000 (07:08 +0000)]
MFC r284641:
Fix REPORT LUNS command output for the case when same LUN mapped to same
port several times. While it is unusual configuration, it is not illegal.
mav [Thu, 25 Jun 2015 07:07:32 +0000 (07:07 +0000)]
MFC r284622: Remove device queue freeze handling and replace it with dummy.
At this point CTL has no known use case for device queue freezes.
Same time existing (considered to be broken) code was found to cause
modify-after-free issues.
gshapiro [Thu, 25 Jun 2015 01:49:44 +0000 (01:49 +0000)]
MFC: An additional fix for the openssl Weak DH remediation:
The import of openssl to address the FreeBSD-SA-15:10.openssl security
advisory includes a change which rejects handshakes with DH parameters
below 768 bits. sendmail releases prior to 8.15.2 (not yet released),
defaulted to a 512 bit DH parameter setting for client connections.
The first fix committed last week changed the default to 1024 bits.
This commit fixes the case where the DHParameters option is set to a
file which doesn't exist, which is the case on newer versions of
FreeBSD which enable STARTTLS by default by auto-creating TLS
certificates.
gjb [Wed, 24 Jun 2015 18:58:42 +0000 (18:58 +0000)]
MFC r284683:
Enable ttyu1, ttyu2, ttyu3 for arm installations.
This should make all consoles available, whether it
is VGA, HDMI, serial, or JTAG, but more importantly
enables all consoles when ttyu0 is not predictable.
For example, the Pandaboard ES apparently has three
consoles available, but the DB9/RS232 serial port is
ttyu2, so not available by default after the system
boots.
gjb [Wed, 24 Jun 2015 18:56:28 +0000 (18:56 +0000)]
MFC r284660, r284676:
r284660:
Remove the Azure-local vm_extra_create_disk(), since we no longer
need qemu-img to convert the final VHD image to an Azure-compatible
format.
Although the waagent utility is installed from ports, create the
symlink to /usr/sbin, pending investigation on where this is
hard-coded, so it can be reported upstream.
r284676:
Append the hour and minute to the snapshot suffix for EC2
AMIs and Azure VM images. This is particularly helpful for
testing to avoid name collisions, but also useful for cases
where a necessary rebuild is done before the date changes.
marcel [Wed, 24 Jun 2015 18:40:34 +0000 (18:40 +0000)]
MFC r284269, r284270, r284655, r284656, r284658:
VHD fixes for Microsoft Azure:
1. Round the image size to the VHD geometry and then round to a
multiple of 1MB.
2. Change the creator OS from "FBSD" to "Wi2k". It matters...
3. Bump the VHD tool version and the mkimg version.
gallatin [Tue, 23 Jun 2015 22:31:04 +0000 (22:31 +0000)]
Fix r284612: As pointed out by jhb, in stable branches, if_baudrate
is 32b on 32b platforms. So rather than a simple MFC of r284612,
we need to use if_initbaudrate() to properly express a 40Gb speed.
kib [Tue, 23 Jun 2015 06:30:36 +0000 (06:30 +0000)]
Revert part of the r283303 (by jhb):
Revert MFC of r270223, which bumped MAXCPU on amd64 from 64 to 256.
The cpuset_getaffinity(2) and cpuset_setaffinity(2) check minimum set
size, which now fails for binaries compiled on 10.0 with MAXCPU == 64.
dteske [Tue, 23 Jun 2015 04:03:54 +0000 (04:03 +0000)]
MFC r283863:
Fix a debug statement. Only the callback function (performing the
incrementing of dpv_overall_oread) knows what its purpose is (and
often times it was bytes, not lines).
MFC r283975 (araujo):
Clean up unused variable and silence clang warnings.
dteske [Tue, 23 Jun 2015 03:56:05 +0000 (03:56 +0000)]
MFC r284672 (antoine):
Install version.4th.8 again
It was disconnected from installation in r281081, but was never removed
from the tree or added to ObsoleteFiles.inc
tuexen [Mon, 22 Jun 2015 06:06:38 +0000 (06:06 +0000)]
When using KTRACE, set a variable to the appropriate value and don't
leave it initialized at NULL.
Since the affected functions where moved from sys/kern/uipc_syscalls.c
to sys/netinet/sctp_syscalls.c it was not possible to MFC r284613.
Therefore, this is a direct commit with the corresponding changes of r284613.
trasz [Sun, 21 Jun 2015 06:28:26 +0000 (06:28 +0000)]
MFC r282213:
Add kern.racct.enable tunable and RACCT_DISABLED config option.
The point of this is to be able to add RACCT (with RACCT_DISABLED)
to GENERIC, to avoid having to rebuild the kernel to use rctl(8).
MFC r282901:
Build GENERIC with RACCT/RCTL support by default. Note that it still
needs to be enabled by adding "kern.racct.enable=1" to /boot/loader.conf.
Note those two are MFC-ed together, because the latter one changes the
name of RACCT_DISABLED option to RACCT_DEFAULT_TO_DISABLED. Should have
committed the renaming separately...
Relnotes: yes
Sponsored by: The FreeBSD Foundation
markj [Sun, 21 Jun 2015 00:36:02 +0000 (00:36 +0000)]
MFC r284127:
witness: don't warn about matrix inconsistencies without holding the mutex
Lock order checking is done without the witness mutex held, so multiple
threads that are racing to establish a new lock order may read matrix
entries that are in an inconsistent state. Don't print a warning in this
case, but instead just redo the check after taking the witness lock.
rmacklem [Sat, 20 Jun 2015 23:15:57 +0000 (23:15 +0000)]
MFC: r284531
Document that a forced dismount of an NFSv3 mount when the
NLM (rpc.lockd) is running can crash the system.
Unfortunately this is not easy to fix, but I have left
PR#200585 open.
dim [Sat, 20 Jun 2015 13:25:28 +0000 (13:25 +0000)]
MFC r284167:
Merge r283870 from amd64:
Remove unneeded NULL checks in trap_fatal().
Since td_name is an array member of struct thread, it can never be NULL,
so the check can be removed. In addition, curproc can never be NULL,
so remove the if statement, and splice the two printfs() together.
While here, remove the u_long cast, and use the correct printf format
specifier for curproc->p_pid.
kp [Thu, 18 Jun 2015 21:23:41 +0000 (21:23 +0000)]
Merge r284222, r284260
pf: address family must be set when creating a pf_fragment
Fix a panic when handling fragmented ip4 packets with 'drop-ovl' set.
In that scenario we take a different branch in pf_normalize_ip(), taking us to
pf_fragcache() (rather than pf_reassemble()). In pf_fragcache() we create a
pf_fragment, but do not set the address family. This leads to a panic when we
try to insert that into pf_frag_tree because pf_addr_cmp(), which is used to
compare the pf_fragments doesn't know what to do if the address family is not
set.
Simply ensure that the address family is set correctly (always AF_INET in this
path).
When we try to look up a pf_fragment with pf_find_fragment() we compare (see
pf_frag_compare()) addresses (and family), but also protocol. We failed to
save the protocol to the pf_fragment in pf_fragcache(), resulting in failing
reassembly.
kp [Thu, 18 Jun 2015 21:21:52 +0000 (21:21 +0000)]
Merge r278874, r278925, r278868
- Improve INET/INET6 scope.
- style(9) declarations.
- Make couple of local functions static.
- Even more fixes to !INET and !INET6 kernels.
In collaboration with pluknet
- Toss declarations to fix regular build and NO_INET6 build.
kp [Thu, 18 Jun 2015 20:59:48 +0000 (20:59 +0000)]
Merge r281536
pf: Fix forwarding detection
If the direction is not PF_OUT we can never be forwarding. Some input packets
have rcvif != ifp (looped back packets), which lead us to ip6_forward() inbound
packets, causing panics.
Equally, we need to ensure that packets were really received and not locally
generated before trying to ip6_forward() them.
kp [Thu, 18 Jun 2015 20:57:21 +0000 (20:57 +0000)]
Merge r281234
Evaluate packet size after the firewall had its chance
Defer the packet size check until after the firewall has had a look at it. This
means that the firewall now has the opportunity to (re-)fragment an oversized
packet.
kp [Thu, 18 Jun 2015 20:43:16 +0000 (20:43 +0000)]
Merge r281164
pf: Skip firewall for refragmented ip6 packets
In cases where we scrub (fragment reassemble) on both input and output
we risk ending up in infinite loops when forwarding packets.
Fragmented packets come in and get collected until we can defragment. At
that point the defragmented packet is handed back to the ip stack (at
the pfil point in ip6_input(). Normal processing continues.
Eventually we figure out that the packet has to be forwarded and we end
up at the pfil hook in ip6_forward(). After doing the inspection on the
defragmented packet we see that the packet has been defragmented and
because we're forwarding we have to refragment it.
In pf_refragment6() we split the packet up again and then ip6_forward()
the individual fragments. Those fragments hit the pfil hook on the way
out, so they're collected until we can reconstruct the full packet, at
which point we're right back where we left off and things continue until
we run out of stack.
Break that loop by marking the fragments generated by pf_refragment6()
as M_SKIP_FIREWALL. There's no point in processing those packets in the
firewall anyway. We've already filtered on the full packet.
kp [Thu, 18 Jun 2015 20:41:55 +0000 (20:41 +0000)]
Merge r280956
pf: Deal with runt packets
On Ethernet packets have a minimal length, so very short packets get padding
appended to them. This padding is not stripped off in ip6_input() (due to
support for IPv6 Jumbograms, RFC2675).
That means PF needs to be careful when reassembling fragmented packets to not
include the padding in the reassembled packet.
While here also remove the 'Magic from ip_input.' bits. Splitting up and
re-joining an mbuf chain here doesn't make any sense.
kp [Thu, 18 Jun 2015 20:40:36 +0000 (20:40 +0000)]
Merge r280955
Preserve IPv6 fragment IDs accross reassembly and refragmentation
When forwarding fragmented IPv6 packets and filtering with PF we
reassemble and refragment. That means we generate new fragment headers
and a new fragment ID.
We already save the fragment IDs so we can do the reassembly so it's
straightforward to apply the incoming fragment ID on the refragmented
packets.
kp [Thu, 18 Jun 2015 20:34:39 +0000 (20:34 +0000)]
Merge r278843, r278858
In the forwarding case refragment the reassembled packets with the same
size as they arrived in. This allows the sender to determine the optimal
fragment size by Path MTU Discovery.
Roughly based on the OpenBSD work by Alexander Bluhm.
arybchik [Thu, 18 Jun 2015 15:50:42 +0000 (15:50 +0000)]
MFC: r283679
sfxge: do not use DEBUG_FLAGS to enable extra debug checks
DEBUG_FLAGS are set to DEBUG option value when kernel is built.
For example, it is -g in GENERIC config to have debug symbols.
Also DEBUG_FLAGS are used to determine if ctfconvert should keep
debug symbols.
Since we redefined DEBUG_FLAGS, debug symbols were always missing.
ctfconvert complains about it during kernel build.
It is incorrect to append DEBUG_FLAGS, since if DEBUG has no -g (or
similar), we'll have no debug symbols and ctfconvert will complain.
If it incorrect to always have -g in our DEBUG_FLAGS, since debug
symbols presence should be controllable by kernel config.
So, just add disabled by default addition of -DDEBUG=1 to CFLAGS.
Reviewed by: imp
Sponsored by: Solarflare Communications, Inc.
arybchik [Thu, 18 Jun 2015 15:41:09 +0000 (15:41 +0000)]
sfxge: use if_initbaudrate() to set interface baudrate
It is required to cope with u_long limit for 10 Gbps in a right way.
It is a direct commit to stable/10 since head differs (head does not
have if_initbaudrate(), if_baudrate is simply uint64_t).
Sponsored by: Solarflare Communications, Inc.
Differential Revision: https://reviews.freebsd.org/D2849