des [Mon, 27 Apr 2015 12:02:16 +0000 (12:02 +0000)]
Add a script that runs configure for both ldns and drill.
Run configure for drill (I forgot to do it when I imported 1.6.17, but the
omission was harmless). Note that running configure --with-drill at the
top level doesn't quite work for us since it is geared toward the slightly
weird upstream Makefiles, which we don't use.
Make setproctitle(3) work in Capsicum capability mode. This makes
ctld(8) child processes to indicate initiator address and name in
their titles, similar to what iscsid(8) child processes do.
PR: 181352
Differential Revision: https://reviews.freebsd.org/D2363
Reviewed by: rwatson@, mjg@
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Partially revert r255986: do not call VOP_FSYNC() when helping
bufdaemon in getnewbuf(), do use buf_flush(). The difference is that
bufdaemon uses TRYLOCK to get buffer locks, which allows calls to
getnewbuf() while another buffer is locked.
Reported and tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
- Fix style(9) a bit
-- Fix whitespace
-- Use err/errx
-- Remove superfluous braces
- Be a bit more defensive with input from the end-user
- Don't throw a floating point exception by dividing by 0 when processing a
zero-byte file
Make rule table kernel-index rewriting support any kind of objects.
Currently we have tables identified by their names in userland
with internal kernel-assigned indices. This works the following way:
When userland wishes to communicate with kernel to add or change rule(s),
it makes indexed sorted array of table names
(internally ipfw_obj_ntlv entries), and refer to indices in that
array in rule manipulation.
Prior to committing new rule to the ruleset kernel
a) finds all referenced tables, bump their refcounts and change
values inside the opcodes to be real kernel indices
b) auto-creates all referenced but not existing tables and then
do a) for them.
Kernel does almost the same when exporting rules to userland:
prepares array of used tables in all rules in range, and
prepends it before the actual ruleset retaining actual in-kernel
indexes for that.
There is also special translation layer for legacy clients which is
able to provide 'real' indices for table names (basically doing atoi()).
While it is arguable that every subsystem really needs names instead of
numbers, there are several things that should be noted:
1) every non-singleton subsystem needs to store its runtime state
somewhere inside ipfw chain (and be able to get it fast)
2) we can't assume object numbers provided by humans will be dense.
Existing nat implementation (O(n) access and LIST inside chain) is a
good example.
Hence the following:
* Convert table-centric rewrite code to be more generic, callback-based
* Move most of the code from ip_fw_table.c to ip_fw_sockopt.c
* Provide abstract API to permit subsystems convert their objects
between userland string identifier and in-kernel index.
(See struct opcode_obj_rewrite) for more details
* Create another per-chain index (in next commit) shared among all subsystems
* Convert current NAT44 implementation to use new API, O(1) lookups,
shared index and names instead of numbers (in next commit).
Fix possible use after free due to security policy deletion.
When we are passing mbuf to IPSec processing via ipsec[46]_process_packet(),
we hold one reference to security policy and release it just after return
from this function. But IPSec processing can be deffered and when we release
reference to security policy after ipsec[46]_process_packet(), user can
delete this security policy from SPDB. And when IPSec processing will be
done, xform's callback function will do access to already freed memory.
To fix this move KEY_FREESP() into callback function. Now IPSec code will
release reference to SP after processing will be finished.
Allow DSP basename cloning to be disabled or enabled at boot and
runtime. This is useful when implementing OSS sound stacks in
userspace via libcuse for example.
hiren [Sat, 25 Apr 2015 16:12:06 +0000 (16:12 +0000)]
Currently there is no easy way to specify net.isr.maxthreads = all cpus. We need
to specify exact number of cpus in loader.conf which get annoying when you have
mix of machines which don't have equal number of total cpus. I propose "-1" as
that value. When loader.conf has net.isr.maxthreads = -1, netisr will use all
available cpus.
Adjust PROF_ARTIFICIAL_FRAMES in the DTrace profile provider on ARM to
skip 10, rather than 9, frames. This appears to work quite well in
practice on the BeagleBone Black, so remove a comment about the value
being bogus and replace it with a slightly less negative one. However,
the number of frames to skip is quite sensitive to details of the timer
and interrupt handling paths, so this is necessarily fragile -- but no
more so than on x86.
o Properly init prevtime, so that we don't print bogus value in the
first entry reported by the relative mode (-R).
o Properly print negative offsets, which I guess may happen if
records get re-ordered somehow, possibly due to the locking. Right
now we report huge bogus diff (i.e. 2 seconds or so).
MAXBSIZE defines both the largest UFS block size and the
largest size for a buffer in the buffer cache. This patch
defines a new constant MAXBCACHEBUF, which is the largest
size for a buffer in the buffer cache. Having a separate
constant allows MAXBCACHEBUF to be set larger than MAXBSIZE
on a per-architecture basis, so that NFS can do larger read/writes
for these architectures. It modifies sys/param.h so that BKVASIZE
can also be set on a per-architecture basis.
A couple of cases where NFS used MAXBSIZE instead of NFS_MAXBSIZE
is fixed as well.
Attempt to connect to alternate addresses if the connect doesn't
succeed in 180ms, and cut wait time between connection attempts
in half for each additional, if no connection was established.
Take the first connection to succeed and close the others.
This makes whois more responsive when e.g. IPv6 service took long
time or fail to respond.
PR: 158125
Submitted by: Mark Andrews <marka isc org> (with changes from me)
MFC after: 2 weeks
Limit the number of cylinder groups that will be searched when
trying to build a cluster. The limit is tunable using the sysctl
vfs.ffs.maxclustersearch. The current limit is 10 cylinder groups
per block allocation. It was previously limited to the number of
cylinder groups in the filesystem per block allocation. When there
were no clusters of the needed size left, it repeatedly searched
the whole filesystem for a non-existent cluster on every block
allocation. The result was very slow filesystem allocation with
100% CPU utilization. The old behavior can be had by setting
vfs.ffs.maxclustersearch to a huge number (1,000,000).
This change affects only the layout policy routines so is not able
to interfere with the integrity of the filesystem.
Use correct length for sparse uiomove(). It must be the clipped to
the page size, len is the total transfer length, which may be larger
than zero_region.
Reported and tested by: clusteradm (gjb)
Sponsored by: The FreeBSD Foundation
X-MFC-With: r281442
gcc 4.9 added support for new alignment attribute alloc_align:
The alloc_align attribute is used to tell the compiler that the function
return value points to memory, where the returned pointer minimum
alignment is given by one of the functions parameters. GCC uses this
information to improve pointer alignment analysis.
vt_is_cursor_in_area needs to return true if any part of the mouse
cursor is visible in the rectangle area. Replace the existing test with
a simpler version of a test for overlapping rectangles.
Differential Revision: https://reviews.freebsd.org/D2356
Reviewed by: ray
Sponsored by: The FreeBSD Foundation
Revert r281451. It causes a panic/hang early in boot for a number of
users, myself included. The original code is likely papering over a
larger bug that needs to be explored, but for now get things back to
a working state.
Obtained from: Netflix, Inc.
MFC after: immediately
Watchdog drivers need to support rearming the watchdog in contexts which
are not permitted to sleep. Only use the IPMI watchdog with backends
which poll driver-initiated requests to meet this requirement.
In practice this means that watchdogs will no longer be used on systems
that use the SSIF backend.
Rename the kld for oce(4) to if_oce.ko. ifconfig(8) has special knowledge
about kld filenames for network drivers that requires them to follow the
pattern of if_<foo>. This also fixes the existing documentation in the
manpage which says to use if_oce_load=YES in loader.conf.
Update this driver to not save copies of registers that are no longer used
after r281874. While here, also update it to always write the parent's
PCI bus number to the primary bus register.
Small changes to locale-related man pages.
Fix a missing .h and change the recommended include for the POSIX2008 functions from xlocale.h to locale.h. Including xlocale.h is for legacy / Darwin compatibility so should not be encouraged.