o Lock page queue accesses by vm_page_wire() that aren't
within a critical section.
o Assert that the page queues lock is held in vm_page_wire()
unless an Alpha.
luigi [Sun, 14 Jul 2002 23:47:18 +0000 (23:47 +0000)]
Implement keepalives for dynamic rules, so they will not expire
just because you leave your session idle.
Also, put in a fix for 64-bit architectures (to be revised).
In detail:
ip_fw.h
* Reorder fields in struct ip_fw to avoid alignment problems on
64-bit machines. This only masks the problem, I am still not
sure whether I am doing something wrong in the code or there
is a problem elsewhere (e.g. different aligmnent of structures
between userland and kernel because of pragmas etc.)
* added fields in dyn_rule to store ack numbers, so we can
generate keepalives when the dynamic rule is about to expire
ip_fw2.c
* use a local function, send_pkt(), to generate TCP RST for Reset rules;
* save about 250 bytes by cleaning up the various snprintf()
in ipfw_log() ...
* ... and use twice as many bytes to implement keepalives
(this seems to be working, but i have not tested it extensively).
Keepalives are generated once every 5 seconds for the last 20 seconds
of the lifetime of a dynamic rule for an established TCP flow. The
packets are sent to both sides, so if at least one of the endpoints
is responding, the timeout is refreshed and the rule will not expire.
You can disable this feature with
sysctl net.inet.ip.fw.dyn_keepalive=0
(the default is 1, to have them enabled).
MFC after: 1 day
(just kidding... I will supply an updated version of ipfw2 for
RELENG_4 tomorrow).
alfred [Sun, 14 Jul 2002 23:14:02 +0000 (23:14 +0000)]
Silence several warnings due to functions that needed to take a void *
having a char * as an argument instead. clnt_dg_control(), clnt_raw_control(),
clnt_vc_control().
alfred [Sun, 14 Jul 2002 17:54:00 +0000 (17:54 +0000)]
- TI-RPC is now the default again for code generation.
- As before, inetd support support is turned of per default.
Code for inetd can be made with -I.
- Support for ``transport monitors'' and the NLSPROVIDER env
variable is still there , even if their use is not clear in
non TLI stream based systems like Free-/NetBSD. It can be activated
with -P.
- There are a few corrections in rpcgen.1 and usage function to conform
to the code. Added and documented -P
- I removed the #ifdefs checks for Free-/NetBSD since we are the only
ones who use this code. MaxOS X may have the same limitations as
we have, so this code will correctly build for them.
Miscellaneous fixes:
- always reinitialize the rx descriptors, even if the mbuf is kept.
This should fix the hangs on ifconfig that were observed
- on an rx overflow, reinitialize the descriptor so that the interface
will not hang
- correct some bus_dmamap_sync() calls
- correct some debug messages
- some minor nits
luigi [Sun, 14 Jul 2002 09:07:13 +0000 (09:07 +0000)]
Enable building of picobsd using CURRENT sources again.
Following a suggestion by Ruslan, the initial creation of the
includes and libraries (and build tools) is now done by
invoking "make buildworld" (with -DPICOBSD which eventually will
limit the amount of stuff built with a 2-line change in Makefile.inc1).
The correct environment is then used for subsequent builds.
Also remove write_mfs_in_kernel.c in favour of using dd
All the above is conditional on __FreeBSD_version, as the previous
method still worked for versions earlier than 500035, and I am
unsure on how the "new" method works for earlier versions.
Finally, note that the crunch.conf files need some work because
some libraries (e.g. gmd) have gone away from the base installation.
part of a greater patch set..
1/ don't need to set td_state to TDS_RUNNING in fork_return.
it's already set in choosethread().
2/ Set a child process state to "normal" as opposed to "new"
when we allow it to be put on the run queue.
Allows child to receive signals from the parent if the parent
runs first and tries to immediatly signal he child.
Submitted by: (part 2) Thomas Moestl <tmoestl@gmx.net>
Rearrange previous commit that passed the vendor id to the kernel in a way
that's binary compatible for -stable. While binary compatibility doesn't
matter much in -current, it is critical for -stable. This change requires
pccardd/pccardc to be recompiled.
Thinking about it I came to the conclusion that the KSE states were incorrectly
formulated. The correct states should be:
IDLE: On the idle KSE list for that KSEG
RUNQ: Linked onto the system run queue.
THREAD: Attached to a thread and slaved to whatever state the thread is in.
This means that most places where we were adjusting kse state can go away
as it is just moving around because the thread is..
The only places we need to adjust the KSE state is in transition to and from
the idle and run queues.
Quick fix for high resolution kernel profiling on i386's. Use
-finstrument-functions instead of -mprofiler-epilogue. The former
works essentially the same as the latter but has a higher overhead
(about 22 more bytes per function for passing unused args to the
profiling functions).
Removed all traces of the IDENT Makefile variable, which had been
reduced to just a place for holding profiling's contribution to CFLAGS
(the IDENT that gives the kernel identity was renamed to KERN_IDENT).
peter [Sat, 13 Jul 2002 20:56:18 +0000 (20:56 +0000)]
Bandaid for SMP. Changing APTDpde without a global shootdown is not
safe yet. We used to do a global shootdown here anyway so another day
or so shouldn't hurt.
o Complete the locking of page queue accesses by vm_page_unwire().
o Assert that the page queues lock is held in vm_page_unwire().
o Make vm_page_lock_queues() and vm_page_unlock_queues() visible
to kernel loadable modules.
Moved the setting of all profiling-related variables except the key one
(PROFLEVEL) to kern.pre.mk so that it is easier to manage. Bumped config
version to match.
Moved the check for cputype being configured to a less bogus place in
mkmakefile.c.
alfred [Sat, 13 Jul 2002 16:43:53 +0000 (16:43 +0000)]
Move COMPAT_FREEBSD4 to arch-neutral sys/conf/NOTES.
Add COMPAT_FREEBSD4 to GENERIC for arches that existed in FreeBSD 4's time,
not just i386. (alpha and pc98)
luigi [Sat, 13 Jul 2002 15:57:23 +0000 (15:57 +0000)]
A bunch of minor fixes:
* accept "icmptype" as an alias for "icmptypes";
* remove an extra whitespace after "log" rules;
* print correctly the "limit" masks;
* correct a typo in parsing dummynet arguments (this caused a coredump);
* do not allow specifying both "check-state" and "limit", they are
(and have always been) mutually exclusive;
* remove an extra print of the rule before installing it;
* make stdout buffered -- otherwise, if you log its output with syslog,
you will see one entry for each printf(). Rather unpleasant.
- Change chroot_refuse_vdir_fds() to require that the passed in struct
filedesc is already locked rather than having chroot() unlock the
filedesc so chroot_refuse_vdir_fds() can immediately relock it.
- Reorder chroot() a bitso that we do the namei lookup before checking
the process's struct filedesc. This closes at least one potential race
and allows us to only acquire the filedsec lock once in chroot().
- Push down Giant slightly into chroot().
Use a fixed address for KERNBASE, so it doesn't change if the size of KVA
is increased. Its confusing for all the kernel addresses to change, and
doesn't serve much purpose as far as conserving address space.
o Assert GIANT_REQUIRED on system maps in _vm_map_lock(),
_vm_map_lock_read(), and _vm_map_trylock(). Submitted by: tegge
o Remove GIANT_REQUIRED from kmem_alloc_wait() and kmem_free_wakeup().
(This clears the way for exec_map accesses to move outside of Giant.
The exec_map is not a system map.)
o Remove some premature MPSAFE comments.
luigi [Fri, 12 Jul 2002 22:08:47 +0000 (22:08 +0000)]
Avoid dereferencing a null pointer in ro_rt.
This was always broken in HEAD (the offending statement was introduced
in rev. 1.123 for HEAD, while RELENG_4 included this fix (in rev.
1.99.2.12 for RELENG_4) and I inadvertently deleted it in 1.99.2.30.
So I am also restoring these two lines in RELENG_4 now.
We might need another few things from 1.99.2.30.
Re-enable the idle page-zeroing code. Remove all IPIs from the idle
page-zeroing code as well as from the general page-zeroing code and use a
lazy tlb page invalidation scheme based on a callback made at the end
of mi_switch.
A number of people came up with this idea at the same time so credit
belongs to Peter, John, and Jake as well.
Two-way SMP buildworld -j 5 tests (second run, after stabilization)
2282.76 real 2515.17 user 704.22 sys before peter's IPI commit
2266.69 real 2467.50 user 633.77 sys after peter's commit
2232.80 real 2468.99 user 615.89 sys after this commit
Set the thread state of the newly chosen to run thread to TDS_RUNNING in
choosethread() in MI C code instead of doing it in in assembly in all the
various cpu_switch() functions. This fixes problems on ia64 and sparc64.
Reviewed by: julian, peter, benno
Tested on: i386, alpha, sparc64
When I decided to use a stock dbxout.c rather than merge the rev 1.2 change
(put the function stabs in traditional order on a.out, or gdb doesn't see
function local variables), I failed to remove the related knobs here.
Effectively were overrode the ELF-wide definition in elfos.h w/o providing
new infrastructure. This is what caused GDB to fail to debug applications
compiled and linked with -stabs. This is because GCC was unconditionally
inserts .stabs instruction for functions after the function body. GDB was
getting confused because what it thinks is function beginning address is
actually function ending address.
When sending cache flushing IPIs, don't try to IPI the triggering CPU
itself; this causes undefined behaviour on UltraSPARCs. In particular,
the interrupt packet data words will not necessarily be delivered
correctly, which would result in a crash.
This bug also caused the cache-flushing work to be done twice on the
triggering CPU (when it did not cause crashes).
Moved the `distribute' target from bsd.obj.mk to bsd.subdir.mk,
to make it call `install' in the bsd.subdir.mk-driven makefiles
too. (share/examples/Makefile,v 1.29 changed the bsd.prog.mk
to bsd.subdir.mk and many stuff was lost during "make release".
I then merged this change in rev. 1.28.2.2 to work around the
namespace pollution (FILES) in this makefile.)
There was an added complexity here. Both the `distribute' and
`install' targets are recursive (they propagate to SUBDIRs).
So `distribute' first calls `install' in the ${.CURDIR}, then
calls `distribute' in each SUBDIR, etc. The problem is that
`install' (being also recursive) causes the stuff from SUBDIR
to be installed twice, first time thru `install' in ${.CURDIR}
triggered by `distribute', second time by `distribute' run in
the SUBDIR. This problem is not new, but it became apparent
only after I moved the `distribute' target from bsd.obj.mk to
bsd.subdir.mk. My first attempt testing the fix failed due to
this, because the whole world was distributed twice, causing
all the imaginable mess (kerberos5 stuff was installed into both
"base" and "krb5" dists, there was /sbin/init.bak, etc.)
I say the problem is not new because bsd.prog.mk and bsd.lib.mk
makefiles with SUBDIR (even without this fix) had this problem
for years. Try e.g. running ``make distribute DISTDIR=/foo''
from usr.bin/bzip2 or from lib/libcom_err (without the fix) and
watch the output.
So the solution was to make `install' behave non-recursive when
executed by `distribute'. My first attempt in passing SUBDIR=
to the `install' in the `distribute' body failed because of the
way how src/Makefile and src/Makefile.inc1 communicate with each
other. SUBDIR='s assignment precedence on the "make install
SUBDIR=" command line is lowered after src/Makefile wrapper calls
"make ... -f ${.CURDIR}/Makefile.inc1 install" because SUBDIR=
is moved into environment, and Makefile.inc1's assignments now
take higher precedence. This may be fixed someday when we merge
Makefile with Makefile.inc1. For now, this is implemented as a
NO_SUBDIR knob.
Spotted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Prodded by: des
MFC after: 3 days