Kristof Provost [Fri, 20 Oct 2023 05:37:46 +0000 (07:37 +0200)]
pf: allow states to be killed by their pre-NAT address
If a connection is NAT-ed we could previously only terminate it by its
ID or the post-NAT IP address. Allow users to specify they want look for
the state by its pre-NAT address. Usage: `pfctl -k nat -k <address>`.
Kristof Provost [Mon, 16 Oct 2023 14:47:22 +0000 (16:47 +0200)]
pf: support basic filters for state listing
Allow users(pace) to specify a protocol, interface, address family and/
or address and mask, allowing the state listing to be pre-filtered in
the kernel.
netlink: fix potential llentry lock leak in newneigh handler
The netlink newneigh handler has the potential to leak the lock on
llentry objects in the kernel. This patch reconciles several paths
through the newneigh handler that could result in a lock leak.
This can be considered an increment not a replacement: `$DIALOG=dialog'
restores dialog(1), no change for Xdialog(1). An exception is if an
error occurs, bsddialog(1) replaces dialog.
This commit reverts "bsdconfig(8): add bsddialog(1) support" 30e9abf2fc462084b752064fa814d90ad3161352 because it is not intended for
the current bsddialog 1.0 version.
Andrew Turner [Thu, 12 Oct 2023 16:01:01 +0000 (17:01 +0100)]
arm64: Teach bus_dma on arm64 about NUMA
When allocating memory we should try to allocate from the NUMA node
closest to the device to reduce cross domain memory traffic. Teach the
arm64 bus_dma code to do this.
While here use mallocarray to guard against an unlikely integer
overflow.
Reviewed by: markj
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42187
Devin Teske [Sun, 22 Oct 2023 18:45:36 +0000 (11:45 -0700)]
bsdconfig: Add `network' keyword
Configuring a FreeBSD laptop, my fingers kept wanting to type
`bsdconfig network' and I could not figure out why this was not working.
Took me a second to realize that the shortcut was `bsdconfig networking'
for where I wanted to go.
Mateusz Guzik [Sun, 22 Oct 2023 15:46:39 +0000 (15:46 +0000)]
thread: add td_wantedlock
This enables obtaining lock information threads are actively waiting for
while sampling. Without the change one would only see a bunch of calls
to lock_delay(), where the stacktrace often does not reveal what the
lock might be.
Note this is not the same as lock profiling, which only produces data
for cases which wait for locks.
struct thread already has a td_lockname field, but I did not use it
because it has different semantics -- denotes when the thread is off
cpu. At the same time it could not be converted to hold a lock_object
pointer because non-curthread access would no longer be guaranteed to be
safe -- by the time it reads the pointer the lock might have been taken,
released and the object containing it freed.
Notable upstream pull request merges:
#14378 c0e58995e Large sync writes perform worse with slog
#14721 797f55ef1 Do not persist user/group/project quota zap objects
when unneeded
#15356 380c25f64 FreeBSD: Improve taskq wrapper
#15390 4fbc52495 Remove lock from dsl_pool_need_dirty_delay()
#15397 57b409856 Trust ARC_BUF_SHARED() more
#15402 b29e98fa8 Properly pad struct tx_cpu to cache line
#15405 ea30b5a9e Set spa_ccw_fail_time=0 when expanding a vdev
#15416 b9384b949 FreeBSD: taskq: Remove unused declaration
Rick Macklem [Sun, 22 Oct 2023 01:33:33 +0000 (18:33 -0700)]
nfscl: Handle a Getattr failure with NFSERR_DELAY following Open
During testing at a recent IETF NFSv4 Bakeathon, a non-FreeBSD
server was rebooted. After the reboot, the FreeBSD client sent
an Open/Claim_previous with a Getattr after the Open in the same
compound. The Open/Claim_previous was done to recover the Open
and a Delegation for for a file. The Open succeeded, but the
Getattr after the Open failed with NFSERR_DELAY. This resulted
in the FreeBSD client retrying the entire RPC over and over again,
until the server's recovery grace period ended. Since the Open
succeeded, there was no need to retry the entire RPC.
This patch modifies the NFSv4 client side recovery Open/Claim_previous
RPC reply handling to deal with this case. With this patch, the
Getattr reply of NFSERR_DELAY is ignored and the successful Open
reply is processed.
This bug will not normally affect users, since this non-FreeBSD
server is not widely used (it may not even have shipped to any
customers).
Zhenlei Huang [Sat, 21 Oct 2023 04:52:27 +0000 (12:52 +0800)]
bpf: Make dead_bpf_if const
The dead_bpf_if is not subjected to be written. Make it const so that
on destructive writing to it the kernel will panic instead of silent
memory corruption.
Zhenlei Huang [Tue, 17 Oct 2023 07:05:25 +0000 (15:05 +0800)]
x86: Prefer consistent naming for loader tunables
The following loader tunables do have corresponding sysctl MIBs but
with inconsistent naming. That may be historical reason. Let's prefer
consistent naming for them so that it will be easier to maintain.
Zhenlei Huang [Fri, 20 Oct 2023 07:31:44 +0000 (15:31 +0800)]
amd64 pmap: Prefer consistent naming for loader tunable
The sysctl knob 'vm.pmap.allow_2m_x_ept' is loader tunable and have
public document entry in security(7) but is fetched from kernel
environment 'hw.allow_2m_x_ept'. That is inconsistent and obscure.
As there is public security advisory FreeBSD-SA-19:25.mcepsc [1],
people may refer to it and use 'hw.allow_2m_x_ept', let's keep old
name for compatibility.
Rick Macklem [Fri, 20 Oct 2023 23:10:25 +0000 (16:10 -0700)]
nfscl: Use Claim_Null_FH and Claim_Deleg_Cur_FH
For NFSv4.1/4.2, there are two new options for the Open operation.
These two options use the file handle for the file instead of the
file handle for the directory plus a file name. By doing so, the
client code is simplified (it no longer needs the "nfsv4node" structure
attached to the NFS vnode). It also avoids problems caused by another
NFS client (or process running locally in the NFS server) doing a
rename or remove of the file name between the Lookup and Open.
Unfortunately, there was a bug (fixed recently by commit X)
in the NFS server which mis-parsed the Claim_Deleg_Cur_FH
arguments. To allow this patch to work with the broken FreeBSD
NFSv4.1/4.2 server, NFSMNTP_BUGGYFBSDSRV is defined and is set
when a correctly formatted Claim_Deleg_Cur_FH fails with NFSERR_EXPIRED.
(This is what the old, broken NFS server does, since it erroneously
uses the Getattr arguments as a stateID.) Once this flag is set,
the client fills in a stateID, to make the broken NFS server happy.
Warner Losh [Fri, 20 Oct 2023 22:07:03 +0000 (16:07 -0600)]
uart: Support EARLY_PRINTF on x86 for port-mapped COM ports
Support early printf for the ns8250 uart driver. Adding
options UART_NS8250_EARLY_PORT=0xYYY
options EARLY_PRINTF
to your kernel config will enable it. The code is rather simple minded,
so caveat emptor. This will enable printf before cninit. cninit
automatically disables this and switches to the real routine. It only
works for port-mapped COM ports, and only if you know the port's address
at compile time. It's intended for be a debugging aide, not a general
purpose thing.
John Baldwin [Fri, 20 Oct 2023 21:52:38 +0000 (14:52 -0700)]
x86 msi: Enable/disable IDT vectors for MSI groups all at once
Unlike MSI-X, when a device uses multiple MSI interrupts, the entire
group of interrupts are enabled/disabled at once in the relevant PCI
config register. Currently, the interrupt code enables the IDT vector
for each MSI interrupt when a handler is first registered. If the PCI
device triggers an MSI interrupt which doesn't yet have a handler,
this can trigger a panic when the Xrsvd ISR executes rather than
treating it as a stray device interrupt.
To fix, enable all the IDT vectors for an MSI group when the first
interrupt handler is configured, and don't disable the IDT vectors
until the last interrupt handler for the group is torn down.
When migrating an MSI group between CPUs, enable/disable the entire
group of IDT vectors if at least one interrupt handler is configured
for the group.
Sam Atkinson [Fri, 20 Oct 2023 21:22:04 +0000 (17:22 -0400)]
Do not persist user/group/project quota zap objects when unneeded
In the zfs_id_over*quota functions, there is a short-circuit to skip
the zap_lookup when the quota zap does not exist. If quotas are never
used in a zpool, then the quota zap will never exist. But if
user/group/project quotas are ever used, the zap objects will be
created and will persist even if the quotas are deleted.
The quota zap_lookup in the write path can become a bottleneck for
write-heavy small I/O workloads. Before this commit, it was not
possible to remove this lookup without creating a new zpool.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Sam Atkinson <samatk@amazon.com>
Closes #14721
Brooks Davis [Mon, 16 Oct 2023 22:35:40 +0000 (23:35 +0100)]
certctl: invoke with LOCALBASE set
When invoking certctl as part of installworld, set LOCALBASE in the
environment to match the build environment. That ensures that LOCABASE
is non-empty on systems without the user.localbase sysctl and avoids
allowing a system configuration detail to leak into the build. Users
who wish to build targeting a non-standard LOCALBASE should ensure it is
set in src.conf or similar.
Reviewed by: Mina Galić <freebsd@igalic.co>
Differential Revision: https://reviews.freebsd.org/D40530
Alexander Motin [Fri, 20 Oct 2023 19:38:37 +0000 (15:38 -0400)]
Trust ARC_BUF_SHARED() more
In my understanding ARC_BUF_SHARED() and arc_buf_is_shared() should
return identical results, except the second also asserts it deeper.
The first is much cheaper though, saving few pointer dereferences.
Replace production arc_buf_is_shared() calls with ARC_BUF_SHARED(),
and call arc_buf_is_shared() in random assertions, while making it
even more strict.
On my tests this in half reduces arc_buf_destroy_impl() time, that
noticeably reduces hash_lock congestion under heavy dbuf eviction.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: George Wilson <george.wilson@delphix.com>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15397
Alexander Motin [Fri, 20 Oct 2023 19:37:16 +0000 (15:37 -0400)]
Remove lock from dsl_pool_need_dirty_delay()
Torn reads/writes of dp_dirty_total are unlikely: on 64-bit systems
due to register size, while on 32-bit due to memory constraints.
And even if we hit some race, the code implementing the delay takes
the lock any way.
Removal of the poll-wide lock acquisition saves ~1% of CPU time on
8-thread 8KB write workload.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Alexander Motin <mav@FreeBSD.org>
Sponsored by: iXsystems, Inc.
Closes #15390
VaibhavB [Fri, 20 Oct 2023 18:57:39 +0000 (00:27 +0530)]
run-zts test procfs/pool_state failed with uncorrectable I/O failure
Once we trigger the zpool scrub, all zpool/zfs command gets stuck for
180 seconds. Post 180 seconds zpool/zfs commands gets start executing
however few more seconds(10s) it take to update the status. hence
sleeping for 200 seconds so that we get the correct status.
Reviewed-by: Tony Hutter <hutter2@llnl.gov> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: vaibhav.bhanawat <vaibhav.bhanawat@delphix.com>
Closes #15364
Fix typo in tests/zfs-tests/tests/functional/cli_user/misc/misc.cfg
Reviewed-by: Rob N <robn@despairlabs.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Dennis R. Friedrichsen <dennis.r.friedrichsen@gmail.com>
Closes #15417
Olivier Certner [Fri, 20 Oct 2023 18:49:56 +0000 (20:49 +0200)]
FreeBSD: taskq: Remove unused declaration
Variable 'uma_align_cache' has not been used since commit "FreeBSD: Use
a hash table for taskqid lookups" (3933305ea). Moreover, it is soon
going to become private to FreeBSD's UMA in 15.0-CURRENT (main),
14.0-STABLE (stable/14) and 13.2-STABLE (stable/13). Should accessing
this information become necessary again, one will have to use the new
accessors for recent versions.
Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Olivier Certner <olce.freebsd@certner.fr>
Closes #15416
Gleb Smirnoff [Fri, 20 Oct 2023 17:47:08 +0000 (10:47 -0700)]
tests: fix ATF_TESTS_PYTEST no clean build
The hack with .xtmp file was effectively making the make to
ignore changes to the sources, breaking NO_CLEAN builds. The
hack can be actually omitted as setting SCRIPTSNAME_${_T} for
every test is sufficient to prevent renaming by bsd.prog.mk.
Colin Percival [Fri, 20 Oct 2023 17:30:32 +0000 (10:30 -0700)]
Set spa_ccw_fail_time=0 when expanding a vdev.
When a vdev is to be expanded -- either via `zpool online -e` or via
the autoexpand option -- a SPA_ASYNC_CONFIG_UPDATE request is queued
to be handled via an asynchronous worker thread (spa_async_thread).
This normally happens almost immediately; but will be delayed up to
zfs_ccw_retry_interval seconds (default 5 minutes) if an attempt to
write the zpool configuration cache failed.
When FreeBSD boots ZFS-root VM images generated using `makefs -t zfs`,
the zpoolupgrade rc.d script runs `zpool upgrade`, which modifies the
pool configuration and triggers an attempt to write to the cache file.
This attempted write fails because the filesystem is still mounted
read-only at this point in the boot process, triggering a 5-minute
cooldown before SPA_ASYNC_CONFIG_UPDATE requests will be handled by
the asynchronous worker thread.
When expanding a vdev, reset the "when did a configuration cache
write last fail" value so that the SPA_ASYNC_CONFIG_UPDATE request
will be handled promptly. A cleaner but more intrusive option would
be to use separate SPA_ASYNC_ flags for "configuration changed" and
"try writing the configuration cache again", but with FreeBSD 14.0
coming very soon I'd prefer to leave such refactoring for a later
date.
Reviewed-by: Alexander Motin <mav@FreeBSD.org> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Colin Percival <cperciva@FreeBSD.org>
Closes #15405
Don Brady [Fri, 20 Oct 2023 16:29:02 +0000 (10:29 -0600)]
Fix ZED auto-replace for VDEVs using by-id paths
The change is simple -- restore the original code so that the VDEV
path is updated when using by-id paths. The more challenging part
was to devise a second ZTS test, that would test auto-replace for
'by-id' and help prevent a future regression.
With that new test, we can now do an A|B test with , and without,
the fix to confirm that auto-replace for by-id paths works. The
existing auto-replace test, functional/fault/auto_replace_001_pos,
will confirm that we didn't break auto-replace for 'by-vdev' paths.
In the original functional/fault/auto_replace_001_pos test, the disk
wipe (using dd) was not effective in removing the partitioning since
the kernel was never informed of the wipe.
Added a call to wipefs(8) so that the kernel is informed and ZED will
re-partition the device.
Added a validation step that the re-partitioning occurred by
confirming that the GPT partition UUID changes.
Sponsored-By: OpenDrives Inc. Sponsored-By: Klara Inc. Reviewed-by: Rob Norris <rob.norris@klarasystems.com> Reviewed-by: Tony Hutter <hutter2@llnl.gov> Signed-off-by: Don Brady <don.brady@klarasystems.com>
Closes #15363
Andrew Turner [Thu, 12 Oct 2023 09:48:38 +0000 (10:48 +0100)]
arm64: Add PAC instruction macros
To support Pointer Authentication (PAC) in assembly files add a pair of
macros that sign the link register. When used before storing to the
stack it will allow hardware to detect if it has changed before using
it in the return instruction.
Andrew Turner [Tue, 10 Oct 2023 13:00:59 +0000 (14:00 +0100)]
arm64: Support creating a BTI & PAC note
To detect when an object file is build with the Branch Target
Identification (BTI) and Pointer Authentication Code (PAC) extensions
there is an elf note the compiler will insert. It will only do so from
a high level language, e.g. C or C++.
To get the not in assembly add the GNU_PROPERTY_AARCH64_FEATURE_1_NOTE
macro that can be used to create it, and the
GNU_PROPERTY_AARCH64_FEATURE_1_VAL macro to insert the correct value
based on which combination of BTI and PAC are enabled.
Andrew Turner [Thu, 12 Oct 2023 09:45:43 +0000 (10:45 +0100)]
sys/sys: Check for __ASSEMBLER__ in elf_common.h
When preprocessing assembly files with clang or gcc the __ASSEMBLER__
macro is defined. Check for this as an alternative to LOCORE in
elf_common.h so it can be included by .S files.
Reviewed by: imp
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D42224
Mitchell Horne [Fri, 20 Oct 2023 15:11:21 +0000 (12:11 -0300)]
Tweaks to libarchive's upgrade instructions
I would like to use this file as an example of the FREEBSD-upgrade
convention, see D42302. libarchive is picked somewhat arbitrarily as a
longstanding piece of contrib software in FreeBSD.
- Remove SVN references (HEAD/trunk)
- Mention the vendor/libarchive git branch
- Update link to import instructions
- Remove $FreeBSD$
Reviewed by: mm, imp, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42308
Doug Rabson [Sat, 12 Aug 2023 13:19:47 +0000 (14:19 +0100)]
netfront: fix the support for disabling LRO at boot time
The driver has a tunable hw.xn.enable_lro which is intended to control
whether LRO is enabled. This is currently non-functional - even if its
set to zero, the driver still requests LRO support from the backend.
This change fixes the feature so that if enable_lro is set to zero, LRO
no longer appears in the interface capabilities and LRO is not requested
from the backend.
- If an untrusted certificate is also found in the list of trusted
certificate, issue a warning and skip it, but don't fail.
- Split on -+BEGIN CERTIFICATE-+ instead of "Certificate:" since
that's what we're really looking for.
Also fix a long-standing bug: .crl files are not certificates, so we
should not include them when searching for certificates.
Wei Hu [Fri, 20 Oct 2023 08:58:20 +0000 (08:58 +0000)]
Hyper-V: vmbus: check if signaling host is needed in vmbus_rxbr_read
It is observed that netvsc's send rings could stall on the latest
Azure Boost platforms. This is due to vmbus_rxbr_read() routine
doesn't check if host is waiting for more room to put data, which
leads to host side sleeping forever on this vmbus channel. The
problem was only observed on the latest platform because the host
requests larger buffer ring room to be available, which causes
the issue to happen much more easily.
Fix this by adding check in the vmbus_rxbr_read call and signaling
the host in the callers if check returns positively.
Reported by: NetApp
Tested by: whu
MFC after: 3 days
Sponsored by: Microsoft
Kristof Provost [Fri, 20 Oct 2023 07:13:56 +0000 (09:13 +0200)]
pf: use an enum for packet direction in divert tag
The benefit is that in the debugger you will see PF_DIVERT_MTAG_DIR_IN
instead of 1 when looking at a structure. And compilation time failure
if anybody sets it to a wrong value. Using "port" instead of "ndir" when
assigning a port improves readability of code.
Sumit Saxena [Thu, 19 Oct 2023 21:06:29 +0000 (15:06 -0600)]
mpi3mr: Move creation of watchdog to interupt config hook
Move creation of watchdog process from just before we configure the
interrupt config hook to into the config hook itself. This prevents it
from racing the config intr hook and doing an extra reset of the
card. This extra reset is usually harmless, but sometimes it can prevent
discovery of devices if done at just the wrong time. This can lead to no
disks being registered in a box full of disks, for example. Starting it
later eliminates this race, making discovery reliable.
Rick Macklem [Thu, 19 Oct 2023 19:35:35 +0000 (12:35 -0700)]
nfsd: Fix NFSv4.1/4.2 Claim_Deleg_Cur_FH
When I implemented a test patch using Open Claim_Deleg_Cur_FH
I discovered that the NFSv4.1/4.2 server was broken for this
Open option. Fortunately it is never used by the FreeBSD
client and never used by other clients unless delegations
are enabled. (The FreeBSD NFSv4 server does not have delegations
enabled by default.)
Claim_Deleg_Cur_FH was broken because the code mistakenly
assumed a stateID argument, which is not the case.
This patch fixes the bug by changing the XDR parser to not
expect a stateID and to fill most of the stateID in from the
clientID. The clientID is the first two elements of the "other"
array for the stateID and is sufficient to identify which
client the delegation is issued to. Since there is only one
delegation issued to a client per file, this is sufficient to
locate the correct delegation.
If you are running non-FreeBSD NFSv4.1/4.2 mounts against the
FreeBSD server, you need this patch if you have delegations enabled.
Daiki Ueno [Sun, 10 Oct 2021 07:14:06 +0000 (09:14 +0200)]
KTLS: Enable KTLS for receiving as well in TLS 1.3
This removes a guard condition that prevents KTLS being enabled for
receiving in TLS 1.3. Use the correct sequence number and BIO for
receive vs transmit offload.
Daiki Ueno [Sun, 10 Oct 2021 06:54:07 +0000 (08:54 +0200)]
KTLS: Handle TLS 1.3 in ssl3_get_record.
- Don't unpad records, check the outer record type, or extract the
inner record type from TLS 1.3 records handled by the kernel. KTLS
performs all of these steps and returns the inner record type in the
TLS header.
- When checking the length of a received TLS 1.3 record don't allow
for the extra byte for the nested record type when KTLS is used.
- Pass a pointer to the record type in the TLS header to the
SSL3_RT_INNER_CONTENT_TYPE message callback. For KTLS, the old
pointer pointed to the last byte of payload rather than the record
type. For the non-KTLS case, the TLS header has been updated with
the inner type before this callback is invoked.
John Baldwin [Tue, 8 Mar 2022 00:55:18 +0000 (16:55 -0800)]
KTLS: Add using_ktls helper variable in ssl3_get_record().
When KTLS receive is enabled, pending data may still be present due to
read ahead. This data must still be processed the same as records
received without KTLS. To ease readability (especially in
consideration of additional checks which will be added for TLS 1.3),
add a helper variable 'using_ktls' that is true when the KTLS receive
path is being used to receive a record.
John Baldwin [Thu, 24 Feb 2022 18:12:07 +0000 (10:12 -0800)]
KTLS: Check for unprocessed receive records in ktls_configure_crypto.
KTLS implementations currently assume that the start of the in-kernel
socket buffer is aligned with the start of a TLS record for the
receive side. The socket option to enable KTLS specifies the TLS
sequence number of this initial record.
When read ahead is enabled, data can be pending in the SSL read buffer
after negotiating session keys. This pending data must be examined to
ensurs that the kernel's socket buffer does not contain a partial TLS
record as well as to determine the correct sequence number of the
first TLS record to be processed by the kernel.
In preparation for enabling receive kernel offload for TLS 1.3, move
the existing logic to handle read ahead from t1_enc.c into ktls.c and
invoke it from ktls_configure_crypto().
Zhenlei Huang [Thu, 19 Oct 2023 17:18:25 +0000 (01:18 +0800)]
vmx: Prefer consistent naming for loader tunables
The following loader tunables do have corresponding sysctl MIBs but
with different names. That may be historical reason. Let's prefer
consistent naming for them so that it will be easier to read and
maintain.
Zhenlei Huang [Thu, 19 Oct 2023 17:00:31 +0000 (01:00 +0800)]
pmap: Prefer consistent naming for loader tunable
The sysctl knob 'vm.pmap.pv_entry_max' becomes a loader tunable since 7ff48af7040f (Allow a specific setting for pv entries) but is fetched
from system environment 'vm.pmap.pv_entries'. That is inconsistent and
obscure.
This reverts 36e1b9702e21 (Correct the tunable name in the message).
Zhenlei Huang [Thu, 19 Oct 2023 15:23:33 +0000 (23:23 +0800)]
amd64: Fix two typos of loader tunables
To match the sysctl MIBs and document entries in security(7).
Fixes: 2dec2b4a34b4 amd64: flush L1 data cache on syscall return with an error
Fixes: 17edf152e556 Control for Special Register Buffer Data Sampling mitigation
Reviewed by: kib
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D42249
Kristof Provost [Thu, 19 Oct 2023 10:06:29 +0000 (12:06 +0200)]
pf: remove COMPAT_FREEBSD14 #ifdef from pfvar.h
When userspace includes pfvar.h it doesn't get the kernel's COMPAT_*
defines, so we end up not having required symbols in userspace. This
caused the libpfctl port to fail to build.
libpfctl will be updated to use the new netlink-based state export code
soon, which will also fix thix build issue.
Restore bsdconfig API to handle hostname dialog because bsddialog 1.0
matches all features required by bsdconfig(1). Implicitly this commit
restores also Xdialog(1) for this script.
pf: Update documentation regarding matching, scrubbing and reassembly
Update pf documentation:
- default behaviour of fragment reassembly
- introduction of scrub option for filter rules
- disadvantages of using the old scrub ruleset
- options supported for match rules
- fix missing list block end
- remove duplicate description of match filter rule
- update example to modern syntax
John Hall [Thu, 19 Oct 2023 03:10:58 +0000 (21:10 -0600)]
smartpqi: Change alignment for dma tags
Problem: Under certain I/O conditions, a program doing large block disk
reads can cause a controller to crash.
Root Cause: The SCSI read request and destination address in the BDMA
descriptor is incorrect, causing the BDMA engine in the controller to
assert.
Fix: Change the alignment for creating bus_dma_tags in the driver from
PAGE_SIZE (4k) to 1, which allows the controller to manage it's own
address range for BDMA transactions.
Risk: Medium
Exposure: This reverts a change first made to support NVMe drives on
Excalibur. At that time a 4k alignment was necessary. This no longer
seems to be the case.
PR: 259541
Reported by: Ka Ho Ng <khng@freebsd.org>
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41619
John F. Carr [Thu, 19 Oct 2023 03:02:42 +0000 (21:02 -0600)]
smartpqi: Drop spinlock before freeing memory
pqisrc_free_device frees the device softc with the os spinlock
held. This causes crashes when devices are removed because the memory
free might sleep (which is prohibited with spin locks held). Drop the
spinlock before releasing the memory.
Kyle Evans [Thu, 19 Oct 2023 02:43:06 +0000 (21:43 -0500)]
install: handle -m +X more accurately
As described by chmod(1), +X in the mode may be used to optionally set
the +x bit if the file is a directory if any of the execute/search bits
are set in the original mode. The latter is not applicable because we
assume -m is a fresh mask, but a functional +X could be useful in the
former case if we're passing along a common INSTALL_MODE that's designed
to install either 0644 or 0755 depending simply on whether it's a
directory or not.
Reviewed by: des
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D42273
Rick Macklem [Wed, 18 Oct 2023 20:07:39 +0000 (13:07 -0700)]
nfscl: Make NFSv4.2 Copy set atime on infd
RFC7862 does not specify infile atime behaviour when a NFSv4.2 Copy
operation is performed. Since the collective opinion of a mailing
list discussion (on freebsd-hackers@) seemed to indicate that
copy_file_range(2) should update atime on the infd,
even if there is no data copied, this
patch attempts to ensure that behaviour.
For Copy, it preceeds the Copy operation with a Setattr of
TimeAccess_Set(NFSv4. speak for atime) for the invp. For the case
where no data will be copied, it does a Setattr RPC to set
TimeAccess_Set for the invp.
A __FreeBSD_version bump will be done as a separate commit, since
this patch changes the internal interface between the nfscommon and
nfscl modules.
Rick Macklem [Wed, 18 Oct 2023 19:42:12 +0000 (12:42 -0700)]
nfscl: Handle the NFSERR_RETRYUNCACHEDREP error from a NFSv4 server
In a recent email list discussion related to NFSv4 mount problems
against a non-FreeBSD NFSv4 server, the reporter of the issue noted
that the server had replied 10068 (NFSERR_RETRYUNCACHEDREP). This
did not seem related to the mount problem, but I had never seen this
error before. It indicates that an RPC retry after a new TCP
connection has been established failed because the server did not
cache the reply. Since this should only happen for idempotent
operations, redoing the RPC should be safe.
This patch modifies the NFSv4.1/4.2 client to redo the RPC instead
of considering the server error fatal. It should only affect the
unusual case where TCP connections to NFSv4 servers are breaking
without the NFSv4 server rebooting.
Reported by: J David <j.devid.lists@gmail.com>
MFC after: 2 weeks
Mitchell Horne [Wed, 18 Oct 2023 17:57:06 +0000 (14:57 -0300)]
pmc.amd(3): rename from pmc.k8(3)
This is the first step in recognizing that the K8 microarchitecture
represents a small and aged subset of AMD CPUs supported by this class.
Future changes will update the code and documentation details to better
reflect this.
Keep the old filename as an alias.
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41279
Mitchell Horne [Wed, 18 Oct 2023 17:54:24 +0000 (14:54 -0300)]
hwpmc_amd: kill off k7 support bits
This is i386-only, and has been effectively disabled since 2018 when the
companion support was removed from libpmc (e92a1350b50e). Remove the
kernel support to simplify the AMD class.
Reviewed by: jkoshy
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41274
Mitchell Horne [Wed, 18 Oct 2023 17:50:49 +0000 (14:50 -0300)]
hwpmc: tidy pcd_finalize methods
Make them a little bit more consistent with one another in terms of what
is done:
- Add/reduce assertions to what is most useful: a loop to ensure
pcpu_fini freed everything
- Add PMCDBG trace entries
The exception is the dmc620/cmn600 classes, which behave a little
differently, so leave them untouched.
Reviewed by: jkoshy
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41270
Ed Maste [Fri, 29 Sep 2023 15:28:35 +0000 (11:28 -0400)]
freebsd-update: for rollback, first create directories
rollback_files() tried to install files before creating the directories
for those files. In some cases this is due to special handling to
install certain classes of files earlier than others.
Just create all directories up front when performing rollback.
PR: 273950
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42020
Ed Maste [Tue, 12 Sep 2023 02:59:30 +0000 (22:59 -0400)]
freebsd-update: handle directories changing to files
Further to f6d37c9ca13f ("freebsd-update: handle file -> directory on
upgrade"), handle the reverse case of a directory changing to a file.
We may not encounter this case on upgradess (before freebsd-update is
retired) but it is needed to support rollback.
PR: 273950
Reviewed by: dim
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41945
While here, drop the EXTRA_TCP_STACKS option, which serves no purpose and
should never have been added. Instead, build bbr and rack as long as
either or both of INET and INET6 is enabled. There is no risk to anyone
who doesn't load one or both and then twiddle the relevant sysctls.