Currently for distributeworld we pass DESTDIR to certctl.sh as an
environment variable, which sets the default value in the script.
However, for -DNO_ROOT builds, CERTCTLFLAGS has METALOG_INSTALLFLAGS
which includes -D ${DESTDIR}, overriding the custom DESTDIR pointing at
the base dist directory.
Moreover, in order to ensure that the METALOG includes the base/ prefix
for all the files, we need to have certctl call install with -D set to
DESTDIR/DISTDIR without the /base suffix but also ensure the files get
installed to DESTDIR/DISTDIR/base.
Fix these by passing the custom DESTDIR to certctl via -D rather than in
the environment and to pass the /base suffix in the distributeworld case
via the newly-added -d option.
We also need to run certctl rehash before we generate the .meta files
from the METALOG, not after, otherwise they won't include the METALOG
additions, so move the certctl rehash call.
Finally, add a missing semicolon that results in no message being
printed in the missing openssl case. By not including the semicolon,
else echo "..." is treated as extra arguments to certctl, which is lax
in its argument parsing and ignores additional arguments, and the
semicolon and fi after the intended echo terminate the if statement as
normal so there's no syntax error at the shell level. This is harmless
as we weren't trying to do anything other than echo anyway, all that
happens is the echo doesn't actually get run.
This will be used by Makefile.inc1 to fix -DNO_ROOT distributeworld,
which needs to split out DESTDIR from DISTBASE so the METALOG file
includes the base/ prefix.
Rick Macklem [Wed, 13 Jul 2022 23:28:56 +0000 (16:28 -0700)]
nfsd: Fix CreateSession for an established ClientID
I mis-read the RFC w.r.t. handling of the sequenceid
when a CreateSession is done after the initial one
that confirms the ClientID. Fortunately this does
not affect most extant NFSv4.1/4.2 clients, since
they only acquire a single session for TCP for a
ClientID (Solaris might be an exception?).
This patch fixes the server to handle this case,
where the RFC requires the sequenceid be incremented
for each CreateSession and is required to reply to
a retried CreateSession with a cached reply.
It adds a field to nfsclient called lc_prevsess,
which caches the sessionid, which is the only field
in a CreateSession reply that will change for a
retry, to implement this reply cache.
The recent commits up to d4a11b3e3bdd that mark
session slots bad when "intr" and/or "soft" mounts
are used by the client needs this server patch.
Without this patch, the client will do a full
recovery, including a new ClientID, losing all
byte range locks. However, prior to the recent
client commits, the client would hang when all
session slots were bad, so even without this
patch it is not a regression.
Makefile.inc1: Add a missing ${dist} to distributeworld for usr/include/i386
Not including ${dist} results in the following non-fatal error printed
once per extra distribution:
mkdir //usr/obj/usr/src/amd64.amd64/release/dist/usr/include/i386
mkdir: //usr/obj/usr/src/amd64.amd64/release/dist/usr/include: No such file or directory
*** Error code 1 (ignored)
Also fix a whitespace nit on this line whilst here.
Reviewed by: brooks
Fixes: a09ea2bbc305 ("amd64: add an i386 include directory")
Mike Karels [Tue, 24 May 2022 19:26:25 +0000 (14:26 -0500)]
IPv4: experimental changes to allow net 0/8, 240/4, part of 127/8
Combined changes to allow experimentation with net 0/8 (network 0),
240/4 (Experimental/"Class E"), and part of the loopback net 127/8
(all but 127.0/16). All changes are disabled by default, and can be
enabled by the following sysctls:
Mark Johnston [Wed, 13 Jul 2022 13:42:31 +0000 (09:42 -0400)]
callout: Simplify cpuid validation in callout_reset_sbt_on()
- Remove a flag variable.
- Convert a runtime check of the passed cpuid to a KASSERT.
- Remove the cc_inited flag. An attempt to schedule a callout before
SI_SUB_CPU will crash anyway since the per-CPU mutexes won't have been
initialized, and that flag was only checked in the case where a cpuid
was explicitly specified by the caller.
No functional change intended.
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Mark Johnston [Wed, 13 Jul 2022 13:39:26 +0000 (09:39 -0400)]
vm_mmap: Remove obsolete code and comments from vm_mmap()
In preparation for removing OBJT_DEFAULT, eliminate some stale/unhelpful
comments from vm_mmap(), and remove an unused case. In particular, the
remaining callers of vm_mmap() in the tree do not specify OBJT_DEFAULT.
It's much more common to use vm_map_find() to map an object into user
memory, so rather than adjusting vm_mmap() to handle OBJT_SWAP objects,
let's further discourage its use and simply remove OBJT_DEFAULT
handling.
Reviewed by: dougm, alc, kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35778
Xin LI [Wed, 13 Jul 2022 04:14:25 +0000 (21:14 -0700)]
Improve usability of head(1) and tail(1):
- Consistently support -q (quiet) and -v (verbose)
- Allow specifying numbers with SI prefixes supported by expand_number(3)
- Remove 2^31 limit on lines for head(1)
Yan Ka Chiu [Wed, 13 Jul 2022 01:16:29 +0000 (18:16 -0700)]
ixl(4): Fix SR-IOV panics
The hw and ifp of a vsi will be NULL if such ixl_vsi is allocated
for a VF. When ixl_reconfigure_filters called, it is trying to
access vsi->ifp and hw->mac.addr and therefore is casuing panic.
This commit add checks to determine if vsi is a VF by checking
if vsi->hw is NULL, before adding IXL_VLAN_ANY filter (which
is already in a VF vsi's filter list) and VLAN filters.
(erj's Note: The SR-IOV flows need revisiting; this will help
prevent panics for now)
rtld-elf: Fix leaks and wild frees in origin_subst
55abf23dd36b inverted the value passed to origin_subst_one when rolling
up the existing code into a loop. If the first token is found ($ORIGIN),
this results in a wild free of part of strtab. Processing the second
token works fine and will act how the first should have regardless of
whether found, allocating memory for the string without freeing.
Processing subsequent tokens however will then leak, regardless of
whether found, as they will also believe they need to allocate memory
and can't free the string.
Found by: CHERI
Reviewed by: kib, markj
Fixes: 55abf23dd36b ("rtld: make token substitution table-driven")
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D35792
Mark Johnston [Tue, 12 Jul 2022 12:51:02 +0000 (08:51 -0400)]
vm_object: Modify various drivers to allocate OBJT_SWAP objects
This is in preparation for removal of OBJT_DEFAULT. In particular, it
is now cheap to check whether an OBJT_SWAP object has any swap blocks
allocated, so the benefit of having a separate OBJT_DEFAULT type is
quite marginal, and the OBJT_DEFAULT->SWAP transition is a source of
bugs.
Reviewed by: alc, hselasky, kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35779
Rick Macklem [Mon, 11 Jul 2022 23:50:34 +0000 (16:50 -0700)]
nfscl: Fix CreateSession for an established ClientID
Commit 981ef32230b2 added optional use of the session
slots marked bad to recover a new session when all
slots are marked bad. The recovery worked against
a FreeBSD NFSv4.1/4.2 server, but not a Linux one.
It turns out that it was a bug in the FreeBSD client
and not the Linux server.
This patch fixes the client so that DeleteSession
followed by CreateSession after receiving a
NFSERR_BADSESSION error reply works against the
Linux server (and conforms to the RFC).
This also implies that the FreeBSD NFSv4.1/4.2
server needs to be fixed in a future commit.
Without the fix, the FreeBSD server does a full
recovery, including creation of a new ClientID,
but since "intr" mounts were broken, this does
not result in a regression.
This patch only affects the case where a CreateSession
is done for an already confirmed ClientID, which was
not being done prior to commit 981ef32230b2.
Rick Macklem [Mon, 11 Jul 2022 22:51:27 +0000 (15:51 -0700)]
nfscl: Replace "cred" with NULL to cleanup code
Commit 326bcf9394c7 added a new "cred" argument to nfscl_reqstart().
Fsinfo is a NFSv3 RPC and since the "cred" argument is not
used for NFSv3, it does not matter what is passed in.
However, to be consistent with the rest of the patch, change the
argument to NULL.
This patch should not result in a semantics change.
protect.1: Document that protect(1) does not work in jails
The reason is that in order to protect a process procctl(2) needs
the PRIV_VM_MADV_PROTECT privilege, which is currently denied in jails
(see kern_jail.c).
dummynet: check for ifp on all PROTO_LAYER2 packets
When we extended the switch statement to allow for PROTO_LAYER2 |
PROTO_IPV6 in c21cbaca2b we didn't extend the check for a non-NULL
struct ifnet pointer.
Happily the only PROTO_IPV6 case is pf's layer 2 support, which always
provides one.
Mark Johnston [Tue, 5 Jul 2022 15:53:32 +0000 (11:53 -0400)]
eventtimer: Simplify KTR traces
Stop including the current CPU in all event messages, since it's already
saved in KTR log entries and thus is redundant. All eventtimer traces
occur in a context where CPU migration is not possible.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Mark Johnston [Mon, 11 Jul 2022 19:45:36 +0000 (15:45 -0400)]
uma: Use a taskqueue to execute uma_timeout()
uma_timeout() has several responsibilities; it visits every UMA zone and
as of recently will drain underutilized caches, so is rather expensive
(>1ms in some cases). Currently it is executed by softclock threads
and so will preempt most other CPU activity. None of this work requires
a high scheduling priority, though, so defer it to a taskqueue so as to
avoid stalling higher-priority work.
Reviewed by: rlibby, alc, mav, kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35738
Mark Johnston [Thu, 30 Jun 2022 18:27:07 +0000 (14:27 -0400)]
eventtimer: Fix several races in the timer reload code
In handleevents(), lock the timer state before fetching the time for the
next event. A concurrent callout_cc_add() call might be changing the
next event time, and the race can cause handleevents() to program an
out-of-date time, causing the callout to run later (by an unbounded
period, up to the idle hardclock period of 1s) than requested.
In cpu_idleclock(), call getnextcpuevent() with the timer state mutex
held, for similar reasons. In particular, cpu_idleclock() runs with
interrupts enabled, so an untimely timer interrupt can result in a stale
next event time being programmed. Further, an interrupt can cause
cpu_idleclock() to use a stale value for "now".
In cpu_activeclock(), disable interrupts before loading "now", so as to
avoid going backwards in time when calling handleevents(). It's ok to
leave interrupts enabled when checking "state->idle", since the race at
worst will cause handleevents() to be called unnecessarily. But use an
atomic load to indicate that the test is racy.
PR: 264867
Reviewed by: mav, jhb, kib
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35735
Mark Johnston [Mon, 11 Jul 2022 19:27:54 +0000 (15:27 -0400)]
vm_fault: Fix some nits in vm_fault_copy_entry()
- Correct the description (vm_fault_copy_entry() does not create a
shadow object).
- Move some initialization and assertions out of the scope of the object
locks, when doing so makes sense.
- Merge a pair of conditional blocks.
- Use __unused when appropriate.
No functional change intended.
Reviewed by: alc
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
pf tests: support packet size range in pft_ether.py
Teach pft_ether.py to send a range of packet sizes. Use this to move the
size sweep into Python, removing the repeated Python startup overhead
and greatly speeding up the pf.ether.short_pkt test.
This should fix test timeouts seen on ci.freebsd.org.
While here also extend the range of packet sizes tested, because it adds
very little runtime now.
ifconfig.8: cleanup reminiscence about long gone ppp(4)
Replace ppp(4) removed since FreeBSD 8.0-RELEASE with vlan(4).
While here, remove commented out reference to non-existing "egress"
interface group hiding since initial import of interface groups
from OpenBSD in 2006.
Rick Macklem [Sun, 10 Jul 2022 20:56:38 +0000 (13:56 -0700)]
nfscl: Do not call nfscl_hasexpired() for NFSv4.1/4.2
Commit 981ef32230b2 enabled marking of potentially bad
session slots when an RPC is interrupted if the "intr"
mount option is used. As such, it no longer makes
sense to call nfscl_hasexpired() for I/O operations that
reply NFSERR_BADSTATEID for NFSv4.1/4.2, which does a full
recovery of NFSv4 open state, destroying all byte range locks.
Recovery of open state should not be usually needed, since
the session slot has been marked potentially bad and,
although opens for the process that has been terminated via
a signal may be broken, locks for other processes will still
be valid.
This patch disables calls to nfscl_hasexpired for NFSv4.1/4.2
mounts, when I/O RPCs receive NFSERR_BADSTATEID replies.
It does not affect the behaviour of NFSv4.0 mounts nor
hard (non "intr") mounts.
Rick Macklem [Sun, 10 Jul 2022 20:33:19 +0000 (13:33 -0700)]
nfscl: Enable detection of bad session slots
To deal with broken session slots caused by the use of the
"soft" and/or "intr" mount options, nfsv4_sequencelookup()
has been modified to track the potentially broken session
slots (commit 40ada74ee1da). Then, when all session slots
are potentially broken, nfsv4_sequencelookup() does a
DeleteSession operation, so that the NFSv4.1/4.2 server will
reply NFSERR_BADSESSION to uses of the session.
The client will then recover by doing a CreateSession to
acquire a new session.
This patch adds the code that marks potentially bad
slots, so that the above semantics become functional.
It has been successfully tested against a FreeBSD
NFSv4.1/4.2 server, but does not work against a Linux 5.15
NFSv4.1/4.2 server. (The Linux 5.15 server creates
a new session with the same sessionid as the destroyed
one and, as such, keeps returning NFSERR_BADSESSION.
I believe this is a bug in the Linux server.)
However, this should not cause a regression and will
make "intr" mounts fairly usable against the NFSv4.1/4.2
servers where it works.
Doug Moore [Sun, 10 Jul 2022 19:24:23 +0000 (14:24 -0500)]
iommu_gas: consolidate find_space helpers
Merge lowermatch and uppermatch into find_space. Eliminate uppermatch
recursion. Merge match_insert into match_one and eliminate some
redundant calculation. Move some initialization out of find_space and
into map (and out from under a lock).
netinet6: fix interface handling for loopback traffic
Currently, processing of IPv6 local traffic is partially broken:
link-local connection fails and global unicast connect() takes
3 seconds to complete.
This happens due to the combination of multiple factors.
IPv6 code passes original interface "origifp" when passing
traffic via loopack to retain the scope that is mandatory for the
correct hadling of link-local traffic. First problem is that the logic
of passing source interface is not working correcly for TCP connections,
resulting in passing "origifp" on the first 2 connection attempts and
lo0 on the subsequent ones. Second problem is that source address
validation logic skips its checks iff the source interface is loopback,
which doesn't cover "origifp" case.
More detailed description is available at https://reviews.freebsd.org/D35732
Fix the first problem by untangling&simplifying ifp/origifp logic.
Fix the second problem by switching source address validation check to
using M_LOOP mbuf flag instead of interface type.
Rick Macklem [Sat, 9 Jul 2022 21:43:16 +0000 (14:43 -0700)]
nfscl: Add optional support for slots marked bad
This patch adds support for session slots marked bad
to nfsv4_sequencelookup(). An additional boolean
argument indicates if the check for slots marked bad
should be done.
The "cred" argument added to nfscl_reqstart() by
commit 326bcf9394c7 is now passed into nfsv4_setquence()
so that it can optionally set the boolean argument
for nfsv4_sequencelookup(). When optionally enabled,
nfsv4_setsequence() will do a DestroySession when all
slots are marked bad.
Since the code that marks slots bad is not yet committed,
this patch should not result in a semantics change.
Rick Macklem [Sat, 9 Jul 2022 15:02:14 +0000 (08:02 -0700)]
nfscl: Move nfsrpc_destroysession into nfscommon
This patch moves nfsrpc_destroysession() into nfscommon.ko
and also modifies its arguments slightly. This will allow
the function to be called from nfsv4_sequencelookup() in
a future commit.
This patch should not result in a semantics change.
Apply tentative llvm fix for avoiding fma on PowerPC SPE
Merge llvm review D77558, by Justin Hibbits:
PowerPC: Don't hoist float multiply + add to fused operation on SPE
SPE doesn't have a fmadd instruction, so don't bother hoisting a
multiply and add sequence to this, as it'd become just a library call.
Hoisting happens too late for the CTR usability test to veto using the CTR
in a loop, and results in an assert "Invalid PPC CTR loop!".
Reported by: alfredo
Obtained from: https://reviews.llvm.org/D77558
MFC after: 3 days
Warner Losh [Fri, 8 Jul 2022 23:35:11 +0000 (17:35 -0600)]
stand: Add comments on ZFS build
Add comments describing the weird nesting things we have to do to live
inside the ZFS world. Also fix a stale comment by moving nvlist.c to an
early user.
Warner Losh [Fri, 8 Jul 2022 23:35:06 +0000 (17:35 -0600)]
stand: Add blake3 support to boot loader
Add the necessary glue to get blake3 building for the boot loaded as
well as connected to the ZFS system so it is useful.
On some platforms, we create references to blake3_sse2_impl and
blake3_sse41_impl ops structs to utilize SIMD. These aren't present on
x86 (since we dind't ask for them), but are on aarch64 with no
implementation. Since we don't want SIMD in the boot loader, have these
all return 'unsupported' always. This should be fixed upstream to allow
more flexibility in this selection, but for now we use this hack to not
modify the sys/contrib/openzfs with difficult to maintain hacks while
an upstreamable solution is found.
tsoome@ did the implementation bits in sys/cddl/boot, and I did the
Makefile work and the aweful blake3_impl_hack.c.
Warner Losh [Fri, 8 Jul 2022 23:34:53 +0000 (17:34 -0600)]
stand: Fix inclusion of sys/blake3.h
sys/blake3.h is not safe to include in a standalone environment. It
assumes, unwisely, that there's only kernel or userland. The userland
choice is bad due to imperfections in how we handle stdlib.h in this
environment (we wind up including the host's stdlib.h, it expects a
standard FreeBSD setup which the gymnastics we've done to create a
OpenSolaris/Illumos-like environment interfere with). Thankfully, in
this case we can just pretend to be the kernel for a little bit by
defining _KERNEL and the undefing it after we exit.
Warner Losh [Fri, 8 Jul 2022 23:34:46 +0000 (17:34 -0600)]
stand: Work around upstream issues in the standalone environment
There's a number of issues with including zfs_context.h from a
standalone environment. First, sys/uio_imp.h isn't at all safe for this
environment, so define its guard #defines so that its contents are
skipped. Next, there's a problem including string.h to get the mem*
routines, so just define them here. ZFS_MODULE_PARAM_ARGS isn't defined
properly. I had wanted to define it when I was upstreaming changes to
include/os/freebsd/spl/sys/zfs_context.h, but they ran into resistance
so I'm defining that here now (it is also defined in zstd_shim.c, but
that will disappear once the issues it works around are
cleared). Finally, sys/sysmacros.h has to be included now before
sys/atomic.h, but upstream includes it after so include it here so that
the guards make the out-of-order includes in upstream irrelevant.
Warner Losh [Fri, 8 Jul 2022 23:34:23 +0000 (17:34 -0600)]
stand: For ZFS build, add new directory
OpenZFS is based on having a number of layers of include files that
define things and include the next layer. Insert a later at the start
for files in libsa/zfs/spl so we can override issues with upstream
OpenZFS while we work to get the issues corrected upstream.
Rick Macklem [Sat, 9 Jul 2022 00:27:23 +0000 (17:27 -0700)]
nfscl: Change the cred argument to non-NULL for pNFS proxies
Commit 326bcf9394c7 added a "cred" argument to nfscl_reqstart().
For the pNFS proxy calls on the server, the argument
should be "cred" instead of NULL.
This patch fixes this.
Since the argument is not yet used, this patch
should not result in a semantics change.
Rick Macklem [Fri, 8 Jul 2022 23:58:06 +0000 (16:58 -0700)]
nfscl: Add a cred argument to nfscl_reqstart()
To deal with broken session slots caused by the use of the
"soft" and/or "intr" mount options, nfsv4_sequencelookup()
will be modified to track the potentially broken session
slots. Then, when all session slots are potentially
broken, do a DeleteSession operation, so that the NFSv4
server will reply NFSERR_BADSESSION to uses of the session.
These changes will be done in future commits. However,
to do the DeleteSession RPC, a "cred" argument is needed
for nfscl_reqstart(). This patch adds this argument,
which is unused at this time. If the argument is NULL,
it indicates that DeleteSession should not be done
(usually because the RPC does not use sessions).
Warner Losh [Fri, 8 Jul 2022 17:07:39 +0000 (11:07 -0600)]
test: Update boot universe build architectures
We build lua by default, so we don't need another build to build it
enabled w/o FORTH. That gives little value over the without forth
builds. Remove all mips, they are no longer relevant. Build aarch64
everywhere we build amd64 (except firewire which is x86 only). Build a
few more architectures once so we have at least one of every arch we
support in at least the default build. This should increase coverage
and still take less time than before.
Warner Losh [Fri, 8 Jul 2022 15:42:34 +0000 (09:42 -0600)]
stans: Narrow the scope of includes and other flags
CFLAGS+= here affects *ALL* libsa files being built. However, this is
only needed for zfs.c, so define it only for this. Also, use the defines
from defs.mk. Move all the zfs.c include hacks together. Also, move the
-Wformat -Wall warnings that were added to CFLAGS+= to the individual
files instead for the same reason.
The original interface created by wtap is named "wlan%d", which is the
same as the name of the vap created by wlan(4) and cause ifconfig(8)
may output like this:
wlan0:
parent interface: wlan0
Rename the interface created by wtap(4) to "wtap%d" to avoid confusing.
Reviewed by: adrian
Sponsored by: Google, Inc. (GSoC 2022)
Differential Revision: https://reviews.freebsd.org/D35751
Rick Macklem [Fri, 8 Jul 2022 14:37:36 +0000 (07:37 -0700)]
nfscl: Fix setting of nfsess_defunct for nfscl_hasexpired()
Commit a7bb120f8b87 added a printf for the case where recovery
has not marked the session defunct by setting nfsess_defunct
to 1. It turns out that nfscl_hasexpired() calls
nfsrpc_setclient() directly, without setting nfsess_defunct.
This patch replaces the printf with code that sets
nfsess_defunct to 1 to handle this case.
If SIGTERM is issued to a process when it is doing I/O on
an "intr" mount, the NFSv4 server may reply NFSERR_BADSTATEID,
due to the Open being prematurely closed.
This can result in a call to nfscl_hasexpired() to do a
recovery.
This would explain at least one hang described in the PR.
Effectively selectroute() addresses two different cases:
providing interface info for multicast destinations and providing
nexthop data for unicast ones. Current implementation intertwines
handling of both cases, especially in the error handling part.
Factor out all route lookup logic in a separate function,
lookup_route() to simplify the code.
Ensure consistent KPI: no error means *retifp is set and otherwise.
netinet6: factor out cached route lookups from selectroute().
Currently selectroute() contains two nearly-identical versions of
the route lookup logic - one for original destination and another
for the case when IPV6_NEXTHOP option was set on the socket.
Factor out handling these route lookups in a separation function to
improve readability.
This change also fixes handling of link-local IPV6_NEXTHOPs.
Mike Walker [Thu, 7 Jul 2022 20:28:37 +0000 (22:28 +0200)]
rc.subr: Make sure oomprotect protects existing children
The rc(8) framework support protecting services from OOM killer.
The current implementation applies the protection after the service has
already started. This works fine if only the main process is to be
protected (*_oomprotect=yes). However, the current implementation fails
to protect existing children when children are also to be protected
(*_oomprotect=all). This patch fixes that.
Note: it is not easy to apply the protectoin earlier because we want to
support both the services which use the "command" variable and those
that use the "start_cmd" variable.
PR: 256148
Approved by: adrian, osogbo
Tested by: Jamie Landeg-Jones <jamie@catflap.org>
Fixes: 3bead71e959d - Add a global option where we can protect
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D35747
Notable upstream pull request merges:
#12438 Avoid panic with recordsize > 128k, raw sending and no large_blocks
#13015 Fix dnode byteswapping
#13256 Add a "zstream decompress" subcommand
#13555 Scrub mirror children without BPs
#13576 Several sorted scrub optimizations
#13579 Fix and disable blocks statistics during scrub
#13582 Several B-tree optimizations
#13591 Avoid two 64-bit divisions per scanned block
#13606 Avoid memory copies during mirror scrub
#13613 Avoid memory copy when verifying raidz/draid parity
CSU tests build fails with '/usr/lib/libgcc_s.so: undefined reference to
fma' when built with LLVM 14 for powerpcspe, so '-lm' is being added
explicitly.
It may be linked to https://reviews.llvm.org/D77558
Reviewed by: imp (earlier version)
MFC after: 2 days
Sponsored by: Instituto de Pesquisas Eldorado (eldorado.org.br)
Differential Revision: https://reviews.freebsd.org/D35691
Fixes a small kernel memory leak which would occur if a pool failed
to import because the `DMU_POOL_VDEV_ZAP_MAP` key can't be read from
a presumably damaged MOS config. In the case of a missing key there
was no leak.
Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Finix1979 <yancw@info2soft.com>
Closes #13629
rc.conf.5: Improve documentation of <name>_oomprotect
Apart from improving readability, this commit mentions that
<name>_oomprotect is ignored in a jail environment. Also, replace
${name}_cmd with the correct ${argument}_cmd and point the reader to
rc.subr(8).
Albert Jakiela [Wed, 6 Jul 2022 14:40:20 +0000 (16:40 +0200)]
e6000sw: add readphy and writephy wrappers
New functions take lock and give lock after operation.
Removed locking and unlocking within other methods,
to prevent from recursive locking on non recursive lock.
Cy Schubert [Thu, 17 Mar 2022 18:05:05 +0000 (11:05 -0700)]
ipfilter: Support only jails in VNET
Jails without VNET have complete access to the ipfilter rules, NAT,
pools and logs. This is insecure. Only allow jails to manipulate
ipfilter rules, NAT tables and ippools if the jail has its own VNET.
Otherwise a jail can affect the global system.
This patch brings ipfilter in line with ipfw's support of VNET jails and
non-support of non-VNET jails.