The pfsync:pbr tests leaves lot of interfaces when they finish, making
other tests slower due to long time of loading scapy from pft_ping.py
when more interfaces are present. When both sides of epair are assigned
to jails, they are both removed from created_interfaces.lst and thus
won't be removed during cleanup from this file. An interface assigned to
jail is stored in created_jails.lst but if it is renamed, it won't be
cleaned up either. Furthermore this test uses identical names for
multiple interfaces across multiple jails which after destroying those
jails adds to overall confusion.
To address this issue a new function is provided for renaming interfaces
in jails and storing their new names in created_jails.lst for deletion
during cleanup.
Rick Macklem [Sun, 15 Jan 2023 22:07:40 +0000 (14:07 -0800)]
nfsserver: Fix handling of SP4_NONE
For NFSv4.1/4.2, when the client specifies SP4_NONE for
state protection in the ExchangeID operation arguments,
the server MUST allow the state management operations for
any user credentials. (I misread the RFC and thought that
SP4_NONE meant "at the server's discression" and not MUST
be allowed.)
This means that the "sec=XXX" field of the "V4:" exports(5)
line only applies to NFSv4.0.
This patch fixes the server to always allow state management
operations for SP4_NONE, which is the only state management
option currently supported. (I have patches that add support
for SP4_MACH_CRED to the server. These will be in a future commit.)
In practice, this bug does not seem to have caused
interoperability problems.
Kirk McKusick [Sun, 15 Jan 2023 18:20:48 +0000 (10:20 -0800)]
Document the mntopts(3) functions.
The mntopts(3) functions support operations associated with a mount
point. The main purpose of this commit is to document the mntopts(3)
functions that now appear in 18 utilities in the base system. See
mntopts(3) for the documentation details.
The getmntopts() function appeared in 4.4BSD. The build_iovec(),
build_iovec_argf(), free_iovec(), checkpath(), and rmslashes()
functions were added with nmount(8) in FreeBSD 5.0. The getmntpoint()
and chkdoreload() functions are being added in this commit.
These functions should be in a library but for historic reasons are
in a file in the sources for the mount(8) program. Thus, to access
them the following lines need to be added to the Makefile of the
program wanting to use them:
nd6_resolve_slow() can be called without mbuf. If the LLE entry
is not reachable, nd6_resolve_slow() will add this NULL mbuf to
the holdchain via lltable_append_entry_queue, which will "append"
NULL to the end of the queue (effectively no-op) and bump la_numhold
value. When this entry gets freed, the kernel will panic due to the
inconsistency between the amount of mbufs in the queue and the value
of la_numhold.
Fix the panic by checking of mbuf is not NULL prior to inserting it
into the holdchain.
Cy Schubert [Sun, 15 Jan 2023 06:55:05 +0000 (22:55 -0800)]
unbound: Fix config.h
FreeBSD src does not support HAVE_DECL_EVSIGNAL_ASSIGN. While reviewing
the new config.h after regenerating it, this definition was not removed.
Updating config.h is a manual process of configuring the port and
copying/merging the generated config.h into src. This definition was
missed and not removed (#undef'd).
There is another case where SU code does ffs_syncvnode(dvp) for the
parent directory dvp while the child vnode vp is locked. Avoid the
issue by relocking and returning ERELOOKUP to indicate the need of
resync.
Alan Somers [Fri, 13 Jan 2023 20:19:03 +0000 (13:19 -0700)]
cal: don't print terminal control characters unless stdout is a TTY
A similar change was made in svn r223931, but it was incomplete, working
only when the utility was invoked as "ncal". Fix the same issue when
invoking as "cal".
Warner Losh [Fri, 13 Jan 2023 21:21:16 +0000 (14:21 -0700)]
kboot: Use standard set_currdev
Use the standard set_currdev instead of the (now very old) copy of
setting currdev and loaddev directly. We do this only when we don't go
find the ZFS pool to boot from.
Warner Losh [Fri, 13 Jan 2023 21:21:07 +0000 (14:21 -0700)]
kboot: Add hostdisk override
When hostdisk_override is set, all the /dev devices are hidden, and only
the files in that directory are used. This will allow filesystem testing
on FreeBSD without root, for example. Adjust the parse routine to not
require devices start with /dev (plus fix a leak for an error
condition). Add a match routine to allow the device name to be something
like "/home/user/testing/zfsfoo:" instead of strictly in /dev. Note:
since we need to look at all the devices in the system to probe for ZFS
zpools, you can't generally use a full path to get a 'virtual disk' at
this time.
Warner Losh [Fri, 13 Jan 2023 21:20:56 +0000 (14:20 -0700)]
kboot: Fetch hostfs_root and bootdev from the environment
Fetch bootdev from the environment variable (so it should be set on the
command line). Default to 'zfs:' which will in the future look for the
first zpool that we can boot from. Prior versions of kboot would set
this from the second argument on the command line.
Fetch hostfs_root from the environment (defaulting to '/'). Prior
versions of kboot would set this from the first arg on the command line.
Warner Losh [Fri, 13 Jan 2023 21:20:40 +0000 (14:20 -0700)]
kboot: Add support for ZFS volumes
Add the zfs device and filesystem to config and write the hook we need
to probe zfs since there's not a generic mechanism in place to do that
when ZFS is configured.
Warner Losh [Fri, 13 Jan 2023 21:20:30 +0000 (14:20 -0700)]
kboot: Add ZFS support to hostdisk
Add helper function to walk through the disk drives we've found to look
for zpools. main.c will still need to call this because the loader
hasn't implemented a good way to 'taste' drives for zpools and/or GELI
partitions (mostly because there's no generic list of candidate
devices).
Warner Losh [Fri, 13 Jan 2023 21:20:09 +0000 (14:20 -0700)]
kboot: Rework hostdisk.c to allow easier ZFS support.
Keep a list of disks and partitions that we have. Keep track of the
sizes of the media and sector and use that to implement DIOCGMEDIASIZE
and DIOCGSECTORSIZE. Proivde a way to lookup disks by name.
Warner Losh [Fri, 13 Jan 2023 21:20:00 +0000 (14:20 -0700)]
stand/zfs: Fix memory leaking on error cases
Now that we return an allocated zfs_devdesc, we have to free it. These
frees were missing from the error cases. In addition, simplify the code
a bit for the out of memory case.
Warner Losh [Fri, 13 Jan 2023 21:19:47 +0000 (14:19 -0700)]
stand/uboot: Explain why we test for NULL here
Most parsedev routines assume that idev is non-null and can always be
set. Since we break from this pattern in uboot, explain why in a
comment. devparse was invented to put a lot of common code in one place
and to simplify the archsw.arch_getdev code and any dv_parsedev code
called. However, uboot couldn't use devparse at the time because its
device naming scheme slightly different parsing. So, we still use
uboot_parsedev directly from uboot_getdev where dev could be NULL. Add a
comment to this effect.
The match functionality added for ofw likely could be used to clean up
the multiple kludges that are here for uboot's device naming differences
with the normal boot loader. This work will wait for the future.
Warner Losh [Fri, 13 Jan 2023 21:19:39 +0000 (14:19 -0700)]
stand/ofw: dev can't be NULL here
dev can't be NULL here. ofw_common_parsedev is always called via
devparse (indirectly through dv_parsedev() calls there which call it
with the args unchanged). In the past, ofw_getdev could call us with
NULL pointer for the parse-only case, but that's now all handled inside
of devparse for simplicity.
Warner Losh [Fri, 13 Jan 2023 21:19:30 +0000 (14:19 -0700)]
stand: Separate base and cli parts of nvstore
zfs lives in libsa. However, it depends on nvstore (and other things)
that are in common. Fix part of this layering violation by splitting
nvstore into a libsa piece (which is the base implementation) and
keeping a much smaller common piece (to implement the nvstore
command). This just leaves zfs' knowledge of device names that's
specific to common and its calling platform specific init code to
resolve. Add a nvstore.h file for these two parts to communicate private
things and move the public nvstore api from bootstrap.h to stand.h.
Kristof Provost [Fri, 13 Jan 2023 03:34:20 +0000 (04:34 +0100)]
pf: fix panic on deferred packets
The pfsync_defer_tmo() callout needs to set the correct vnet before it
can transmit packets. It used the rcvif in the mbuf to get this vnet,
but that doesn't work for locally originated traffic. In that case the
rcvif pointer is NULL, and the dereference leads to a panic.
Instead use the sc_sync_if, which is always set (if pfsync is enabled,
at least).
ena: Switch driver owners from semihalf to amazon in man file
1. Update ena.4 manual file to include amazon owner emails.
2. State that the driver is developed by amazon but leave
that it was originally written by Semihalf, similarly to other
drivers in the /share/man/ directory of the FreeBSD source code.
3. Advance year in copyright notice to 2022.
David Arinzon [Sun, 4 Dec 2022 10:37:32 +0000 (12:37 +0200)]
ena: Remove timer service re-arm on ena_restore_device failure
In case the reset sequence fails (ena_destroy_device() followed by
ena_restore_device() calls) during ena_restore_device(), the driver
resources are being freed. After the clean-up, the timer service is
re-armed in order to try and re-initialize the driver state.
But, such an attempt would fail given that the resources are freed.
Moreover, this would actually cause either the system to fail or a
panic.
When the driver fails in ena_restore_device() procedure, the only
recovery is either unloading and loading the driver or instance
reboot.
This change removes the timer service re-arm in case of failure
in ena_restore_device().
MFC after: 2 weeks
Sponsored by: Amazon, Inc. Fixes: 78554d0c707c ("ena: start timer service on attach")
Commit [1] first added the ena_tx_buffer.print_once member,
so that a message about a missing tx completion is printed only
once per packet (and not every second when the watchdog runs).
In this commit print_once is initialized to true, and is set back
to false after detecting a missing tx completion and printing
a warning about it to dmesg.
Commit [2] incorrectly reverses the values assigned to print_once.
The variable is initialized to be true but is checked to be false
when a missing tx completion is detected. This is never true, and
therefore the warning print for each missing tx completion is never
printed since this commit.
Commit [3] added time passed since last TX cleanup to the missing
tx completions per-packet print. However, due to the issue in commit
[2], this time is never printed.
This commit reverses back the values assigned to ena_tx_buffer.print_once
erroneously by commit [2], bringing back to life the missing tx
completion per-packet print.
Also add a space after "." in the missing tx completion print.
[1] - 9b8d05b8ac78 ("Add support for Amazon Elastic Network Adapter (ENA) NIC")
[2] - 74dba3ad7851 ("Split function checking for missing TX completion in ENA driver")
[3] - d8aba82b5ca7 ("ena: Store ticks of last Tx cleanup")
Fixes: 74dba3ad7851 ("Split function checking for missing TX completion in ENA driver") Fixes: d8aba82b5ca7 ("ena: Store ticks of last Tx cleanup")
MFC after: 2 weeks
Sponsored by: Amazon, Inc.
Mark Johnston [Fri, 13 Jan 2023 15:01:00 +0000 (10:01 -0500)]
kvmclock: Fix initialization when EARLY_AP_STARTUP is not defined
To attach to the hypervisor, kvmclock needs to write a per-CPU MSR.
When EARLY_AP_STARTUP is not defined, device attach happens too early:
APs are not yet spun up, so smp_rendezvous only runs the callback on the
local CPU. As a result, the timecounter only gets initialized on the
BSP, and then timekeeping is broken on SMP systems.
Implement handling for !EARLY_AP_STARTUP kernels: keep track of the CPU
on which device attach ran, and then use a SI_SUB_SMP SYSINIT to
register the rest of the CPUs with the hypervisor.
Reported by: Shrikanth R Kamath <kshrikanth@juniper.net>
Reviewed by: kib, jhb (earlier versions)
Sponsored by: Klara, Inc.
Sponsored by: Juniper Networks, Inc.
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D37705
Zhenlei Huang [Sat, 31 Dec 2022 02:56:58 +0000 (10:56 +0800)]
jail: Avoid multipurpose return value of function prison_ip_restrict()
Currently function prison_ip_restrict() returns true if the replacement
buffer was used, or no buffer provided and allocation fails and should
redo. The logic is confusing and cause possibly infinite loop from eb8dcdeac22d .
And possibly infinite loop calling prison_ip_restrict() in
kern_jail_set() [2].
[1] It is possible that prisons do not have any IPv4 or IPv6 addresses.
[2] If prison_ip_restrict() is not provided with prison_ip, when it
allocates prison_ip successfully, then it should return false to
indicate not redo prison_ip_restrict() later.
Reviewed by: glebius
Approved by: kp (mentor)
Fixes: eb8dcdeac22d jail: network epoch protection for IP address lists
Differential Revision: https://reviews.freebsd.org/D37906
Netlink is a communication protocol defined in RFC 3549. It is async,
TLV-based protocol, providing 1-1 and 1-many communications between kernel
and userland. Netlink is currently used in Linux kernel to modify, read and
subscribe for nearly all networking states. Interface state, addresses, routes,
firewall, rules, fibs, etc, are controlled via Netlink.
Netlink support was added in D36002. It has got a number of improvements and
first customers since then:
* net/bird2 got netlink support, enabling route multipath in FreeBSD
* netlink-based devd notifications are being worked on ( D37574 ).
* linux(4) fully supports and depends on Netlink
Enabling Netlink in GENERIC targets two goals.
The first one is to provide stability for the third-party userland applications,
so they can rely on the fact that netlink always exists since 14.0 and potentially 13.2.
Loadable module makes life of the app delepers harder. For example, `net/bird2` can be
either build with netlink or rtsock support, but not both.
The second goal is to enable gradual conversion of the base userland tools
to use netlink(4) interfaces. Converting tools like netstat (D36529), route,
ifconfig one-by-one simplifies testing and addressing the feedback.
Othewise, switching all base to use netlink at once may be too big of a leap.
This change targets amd64, the other architectures will follow soon.
Make sure the size of the raw[] array in the lro_address union is
correctly set at compile time, so that static code analysis tools
do not report undefined behaviour.
Kristof Provost [Sat, 31 Dec 2022 18:26:24 +0000 (19:26 +0100)]
pf: default syncookies to adaptive mode
The cost of enabling syncookies in adaptive mode is very low (basically
a single atomic add when we create a new half-open state), and the
payoff when under SYN flood is huge.
Kristof Provost [Sat, 31 Dec 2022 18:23:15 +0000 (19:23 +0100)]
pf tests: test fast port re-use with syncookies
When a src/dst ip/port tuple is re-used before the pf state fully
expires we clean up the state and create a new one, unless syncookies
are enabled.
Test this, by running two back-to-back nc sessions, with a fixed source
port. Move the interface and IP to a different (vnet) jail, to trick the
network stack into letting us do this.
Kristof Provost [Sat, 31 Dec 2022 14:59:10 +0000 (15:59 +0100)]
pf: fix syncookies in conjunction with tcp fast port reuse
Basic scenario: we have a closed connection (In TCPS_FIN_WAIT_2), and
get a new connection (i.e. SYN) re-using the tuple.
Without syncookies we look at the SYN, and completely unlink the old,
closed state on the SYN.
With syncookies we send a generated SYN|ACK back, and drop the SYN,
never looking at the state table.
So when the ACK (i.e. the third step in the three way handshake for
connection setup) turns up, we’ve not actually removed the old state, so
we find it, and don’t do the syncookie dance, or allow the new
connection to get set up.
Explicitly check for this in pf_test_state_tcp(). If we find a state in
TCPS_FIN_WAIT_2 and the syncookie is valid we delete the existing state
so we can set up the new state.
Note that when we verify the syncookie in pf_test_state_tcp() we don't
decrement the number of half-open connections to avoid an incorrect
double decrement.
Bjoern A. Zeeb [Fri, 13 Jan 2023 01:05:01 +0000 (01:05 +0000)]
rtw88: use #define for NL80211_BAND_2GHZ instead of hardcoded number
Use NL80211_BAND_2GHZ instead of a hard coded 0 as array index for the
band. While LinuxKPI provides a KPI compatibility some of these values
may not necessarily be KBI compatible (in this case they shoule be so
this is a NOP) and after all it is better style.
Rick Macklem [Fri, 13 Jan 2023 00:45:26 +0000 (16:45 -0800)]
nfsserver: Fix vrele() panic in nfsvno_open()
Commit 65127e982b94 removed a check for ni_startdir != NULL.
This allowed the vrele(ndp->ni_dvp) to be called with
a NULL argument.
This patch adds a new boolean argument to nfsvno_open()
that can be checked instead of ni_startdir, since mjg@ requested
that ni_startdir not be used. (Discussed in PR#268828.)
Bjoern A. Zeeb [Mon, 28 Nov 2022 18:27:03 +0000 (18:27 +0000)]
LinuxKPI: implement irq_get_msi_desc()
Add irq_get_msi_desc() as a wrapper around a PCI function which will
allocate a single cached value (see comment on struct) for the
msi_desc requested if it doesn't exist yet and handle freeing it
when the PCI device goes away. We take the values from the ivars of
the native (FreeBSD) device.
While changing struct pci_dev also add the msi_cap field requested by
a wireless driver.
Bump __FreeBSD_version so these changes can be detected.
MFC after: 3 days
X-MFC: move fields to end of struct (alloc happens in linux_pci.c)
Reviewed by: hselasky (earlier version)
Differential Revision: https://reviews.freebsd.org/D37523
Bjoern A. Zeeb [Fri, 2 Dec 2022 22:14:09 +0000 (22:14 +0000)]
LinuxKPI: pci: add [linuxkpi_]pci_get_device()
Add a version of pci_get_device() as linuxkpi_pci_get_device()
not (yet) supporting the last argument.
Due to conflicts we cannot redefine it as we would normally do
in LinuxKPI so drivers have to be adjusted.
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D37593
Bjoern A. Zeeb [Mon, 28 Nov 2022 18:05:48 +0000 (18:05 +0000)]
LinuxKPI: fix pci_alloc_irq_vectors() for MSI
pci_alloc_irq_vectors() is given a min and max vector value.
pci_enable_msi() will always succeed independent of these arguments as
it does not know about them. Further it will only ever allocate
1 "vector" not supporting any other amount.
So upfront check that (a) the available pci_msi_count() can satisfy the
requested minv and (b) given the pci_enable_msi() hard coded limit check
that minv is not larger than 1.
If we cannot satisfy either requirement return an error.
This fixes problems with drivers which check that the returned value
of allocated "vectors" will match their requests and only otherwise try
to fall back to ask for 1 or deal otherwise.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Reviewed by: hselasky (earlier version)
Differential Revision: https://reviews.freebsd.org/D37522
Bjoern A. Zeeb [Sat, 3 Dec 2022 23:00:04 +0000 (23:00 +0000)]
LinuxKPI: add (skeleton) functions to make drivers compile
Add more functions to netdevice.h (netif_napi_add_tx() being the only
one implemented) and add platform_device.h and netlink.h in order to
make driver code compile.
The skeleton functions are used only in very limited scope and not at
all in our usage so far but add (invasive) #ifdef if removed.
Add pr_debug() calls to each of them in order to log a TODO (if DEBUG
compiled in) and someone should hit them in the future.
MFC after: 3 days
Commented on by: hselasky (earlier version)
Differential Revision: https://reviews.freebsd.org/D37599
Bjoern A. Zeeb [Sat, 22 Oct 2022 18:02:58 +0000 (18:02 +0000)]
LinuxKPI: add kstrtou32_from_user() and mac_pton()
While here:
- fix an argument of kstrtouint_from_user() to correct signedness.
- make kstrtou32() call kstrtouint() to avoid duplication (keep inline
function)
Add kstrtou32_from_user() based on other examples in the file
making it a copy of the now fixed kstrtouint_from_user().
Also add a rudimentarily hacked up version of mac_pton() which is
leanient accepting non-well-formed input but so far only with ':'
separators. It does not seem to obviously belong to any networking
header file so add it here.
Both new functions are needed for debugfs support for iwlwifi hence
coming together in one commit.
Sponsored by: The FreeBSD Foundation
MFC after: 3 days
Commented on by: emaste
Differential Revision: https://reviews.freebsd.org/D37088
Brooks Davis [Thu, 12 Jan 2023 18:19:14 +0000 (18:19 +0000)]
makefs: don't needlessly require directories to exist
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
Brooks Davis [Thu, 12 Jan 2023 18:19:14 +0000 (18:19 +0000)]
makefs: don't needlessly require directories to exist
If a type=dir entry exists and all contents are directories, files
added with contents=, or symlinks with link= attributes then it doesn't
need to exist. Just let openat fail in that case. It's conceivable
this will make debugging some cases weird, but it's sufficent to handle
the way we add /root/.ssh in CheriBSD VM images.
Brooks Davis [Thu, 12 Jan 2023 18:16:17 +0000 (18:16 +0000)]
xdr: store chars consistently
Cast char's through unsigned char before storing as an integer in
xdr_char(), this ensures that the encoded form is consistently not
sign-extended following Open Solaris's example.
Prior to this change, platforms with signed chars would sign extend
values with the high bit set but ones with unsigned chars would not
so 0xff would be stored as 0x000000ff on unsigned char platforms and
0xffffffff on signed char platforms. Decoding has the same
result for either form so this is a largely cosmetic change, but it
seems best to produce consistent output.
For more discussion, see https://github.com/openzfs/zfs/issues/14173
Justin Hibbits [Wed, 11 Jan 2023 16:56:39 +0000 (11:56 -0500)]
ifnet/API: Move the IfAPI from if_var.h to if.h
Summary:
The "public" KPI for ifnet belongs in net/if.h, with net/if_var.h being
implementation details for the netstack. This is the next step in
enforcing that separation.
Mitchell Horne [Wed, 11 Jan 2023 18:06:24 +0000 (14:06 -0400)]
dtrace: correct the aframes value for fbt provider
Set the number of artificial frames to 5:
1. cpu_exception_handler_supervisor()
2. do_trap_supervisor()
3. dtrace_invop_start()
4. dtrace_invop()
5. fbt_invop()
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37663
Mitchell Horne [Wed, 11 Jan 2023 18:06:17 +0000 (14:06 -0400)]
dtrace: correct profile aframes value for riscv
Experimentation shows this is the correct value; the dtrace/interrupt
handler frames are omitted, while the backtrace of the active thread is
recorded in its entirety.
Reviewed by: markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37662
Mitchell Horne [Wed, 11 Jan 2023 18:06:02 +0000 (14:06 -0400)]
dtrace: dtrace_getpcstack() tweaks for riscv
Backtraces for fbt probes are missing the caller's frame. Despite what
the inherited comment claims, we do need to insert this manually on
riscv. In fbt_invop(), set cpu_dtrace_caller to be the return address,
not addr.
We should not increment aframes within this function, since we begin the
main loop by unwinding past the current frame.
Plus some very small comment/style tweaks.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D37661
It turns out that the long 27 second delay I saw in the
gss_acquire_cred() call was caused by a (mis)configured
DNS. Although I did not specify "dns" in /etc/nsswitch.conf,
I did have a /etc/resolv.conf file on the system (left
there by wpa_supplicant). As such, with no route, it was
somehow trying to contact the DNS server, although there was none.
Once I got rid of the /etc/resolv.conf file, it worked
as expected.
Since there is now a large 5 minute timeout on the
kernel to gssd(8) upcalls, the gssd(8) daemon will not
get terminated when this delay occurs and the only affect
is a 30 second delay during the mount.
Bjoern A. Zeeb [Wed, 11 Jan 2023 23:40:05 +0000 (23:40 +0000)]
LinuxKPI: fix possible NULL dereference in linuxkpi_page_frag_alloc()
Fix a possible NULL pointer deref in case alloc_pages() fails.
This is theoretical so far as up to now no code in the tree uses
linuxkpi_page_frag_alloc().
Warner Losh [Wed, 11 Jan 2023 22:14:28 +0000 (15:14 -0700)]
stand: create common set_currdev
Pull together the nearly identical copies of set_currdev in i386,
userboot and efi. Other boot loaders have variances that might be fine
to use the common routine, or not. Since they are harder to test for me,
and ofw and uboot do handle these setting differently, leave them be for
now.
Warner Losh [Wed, 11 Jan 2023 22:14:17 +0000 (15:14 -0700)]
stand: Move dev_cleanup into libsa
Since dev_cleanup() walks through all the devsw devices with dv_cleanup
rotuines, move it into libsa rather than having it in
'common'. Logically, it operates only on things that are in libsa, and
would never be different for different loaders: either people would call
it as is, or they'd do the loop themselves with 'special' things inline
between calls to cleanup (not that I think that will ever be needed
though).
Warner Losh [Wed, 11 Jan 2023 22:14:02 +0000 (15:14 -0700)]
stand: Create common gen_setcurrdev and replace code
Replace 4 identical copies of *_setcurrdev with gen_setcurrdev to avoid
having to create a 5th copy. uboot_setcurrdev is actually different and
needs to remain separate (even though it's quite similar).
Rick Macklem [Wed, 11 Jan 2023 21:28:44 +0000 (13:28 -0800)]
nfscl: Improve NFSv4 error message for NFSERR_WRONGSEC
The usual reason for an NFSv4 server replying NFSERR_WRONGSEC
to an operation is that a Kerberos credential is required.
This patch replaces a cryptic "err=10016" with a message
suggesting that a Kerberos TGT is probably needed.
Rick Macklem [Wed, 11 Jan 2023 21:20:31 +0000 (13:20 -0800)]
kgssapi: Increase timeout for kernel to gssd(8) upcalls
It turns out that the underlying problem that caused
a Kerberized NFS mount with the "gssname" option to
fail was that the kernel upcall to the gssd(8) daemon
would time out prematurely after 25 seconds. The
gss_acquire_cred() GSSAPI library call
takes about 27 seconds for the case where a desired_name
argument is specified. A similarly long delay occurs
when the gss_init_sec_context() call is made and the
user principal's TGT has expired.
Once the upcall timed out, the kernel code assumed that
the gssd(8) daemon had died and closed the socket.
Ironically, closing the socket did cause the gssd(8)
daemon to terminate via a SIGPIPE signal.
This patch increases the timeout to 5 minutes. Since
a timeout should only occur when the gssd(8) daemon
has died, a long timeout should be ok and seems to fix this
problem.
I still think that commit c33509d49a should remain in the
system, since it allows the mount to complete quickly
and not take nearly 30 seconds.