ken [Fri, 29 Jun 2012 22:00:30 +0000 (22:00 +0000)]
MFC r236138, with the exception of scsi_enc.c:
r236138 | ken | 2012-05-27 00:11:09 -0600 (Sun, 27 May 2012) | 64 lines
Work around a race condition in devfs by changing the way closes
are handled in most CAM peripheral drivers that are not handled by
GEOM's disk class.
The usual character driver open and close semantics are that the
driver gets N open calls, but only one close, when the last caller
closes the device.
CAM peripheral drivers expect that behavior to be honored to the
letter, and the CAM peripheral driver code (specifically
cam_periph_release_locked_busses()) panics if it is done incorrectly.
Since devfs has to drop its locks while it calls a driver's close
routine, and it does not have a way to delay or prevent open calls
while it is calling the close routine, there is a race.
The sequence of events, simplified a bit, is:
- devfs acquires a lock
- devfs checks the reference count, and if it is 1, continues to close.
- devfs releases the lock
- 2nd process open call on the device happens here
- devfs calls the driver's close routine
- devfs acquires a lock
- devfs decrements the reference count
- devfs releases the lock
- 2nd process close call on the device happens here
At the second close, we get a panic in
cam_periph_release_locked_busses(), complaining that peripheral
has been released when the reference count is already 0. This is
because we have gotten two closes in a row, which should not
happen.
The fix is to add the D_TRACKCLOSE flag to the driver's cdevsw, so
that we get a close() call for each open(). That does happen
reliably, so we can make sure that our reference counts are
correct.
Note that the sa(4) and pt(4) drivers only allow one context
through the open routine. So these drivers aren't exposed to the
same race condition.
scsi_ch.c,
scsi_enc.c,
scsi_enc_internal.h,
scsi_pass.c,
scsi_sg.c:
For these drivers, change the open() routine to
increment the reference count for every open, and
just decrement the reference count in the close.
Call cam_periph_release_locked() in some scenarios
to avoid additional lock and unlock calls.
scsi_pt.c: Call cam_periph_release_locked() in some scenarios
to avoid additional lock and unlock calls.
ken [Fri, 29 Jun 2012 21:33:36 +0000 (21:33 +0000)]
MFC r237601:
r237601 | ken | 2012-06-26 08:51:35 -0600 (Tue, 26 Jun 2012) | 38 lines
Fix an issue that caused the kernel to panic inside CTL when trying
to attach to target capable HBAs that implement the old immediate
notify (XPT_IMMED_NOTIFY) and notify acknowledge (XPT_NOTIFY_ACK)
CCBs. The new API has been in place since SVN change 196008 in
2009.
The solution is two-fold: fix CTL to handle the responses from the
HBAs, and convert the HBA drivers in question to use the new API.
These drivers have not been tested with CTL, so how well they will
interoperate with CTL is unknown.
scsi_target.c:Update the userland target example code to use the
new immediate notify API.
scsi_ctl.c: Detect when an immediate notify CCB is returned
with CAM_REQ_INVALID or CAM_PROVIDE_FAIL status,
and just free it.
Fix a duplicate assignment.
aic79xx.c,
aic79xx_osm.c:Update the aic79xx driver to use the new API.
Target mode is not enabled on for this driver, so
the changes will have no practical effect.
aic7xxx.c,
aic7xxx_osm.c:Update the aic7xxx driver to use the new API.
sbp_targ.c: Update the firewire target code to work with the
new API.
mpt_cam.c: Update the mpt(4) driver to work with the new API.
Target mode is only enabled for Fibre Channel
mpt(4) devices.
Change the SCSI INQUIRY peripheral qualifier that CTL reports for LUNs
that don't exist.
Anecdotal evidence indicates that it is better to return 011b (bad LUN)
than 001b (LUN offline). However, this change also gives the user a
sysctl/tunable, kern.cam.ctl.inquiry_pq_no_lun, to override the change
and return to the previous behavior. (The previous behavior was to
return 001b, or LUN offline.)
ctl.c: Change the default inquiry peripheral qualifier to 011b,
and add a sysctl and tunable to allow the user to change
it back to 001b if needed.
Don't insert a Copan copyright statement in the inquiry
data. The copyright statements on the files are
sufficient.
ctl_private.h:Add sysctl variable context to the CTL softc.
ctl_cmd_table.c,
ctl_frontend_internal.c,
ctl_frontend.c,
ctl_backend.c,
ctl_error.c: Include sys/sysctl.h.
jhb [Fri, 29 Jun 2012 21:24:56 +0000 (21:24 +0000)]
MFC 235024,235029,235556,235834,235845:
Use MADT to match ACPI Processor objects to CPUs. MADT and DSDT/SSDTs may
list CPUs in different orders, especially for disabled logical cores. Now
we match ACPI IDs from the MADT with Processor objects, strictly order CPUs
accordingly, and ignore disabled cores. This prevents us from executing
methods for other CPUs, e. g., _PSS for disabled logical core, which may not
exist. Unfortunately, it is known that there are a few systems with buggy
BIOSes that do not have unique ACPI IDs for MADT and Processor objects. To
work around these problems, 'debug.acpi.cpu_unordered' tunable is added.
Set this to a non-zero value to restore the old behavior.
marius [Fri, 29 Jun 2012 18:39:22 +0000 (18:39 +0000)]
MFC: r236581
The loaddev environment variable is not modifiable once set, so it is not
update for ZFS. It seems that this does not really affect anything except
the help command. Nevertheless, rearrange things so loaddev is set only
once in all cases in order to get it right.
Pointed out by: avg
dim [Fri, 29 Jun 2012 18:09:39 +0000 (18:09 +0000)]
MFC r235281:
Fix sys/boot/i386/cdboot/cdboot.S compilation with clang after r235219.
This file uses .code16 directives, which are not yet supported by
clang's integrated assembler.
jhb [Fri, 29 Jun 2012 17:21:19 +0000 (17:21 +0000)]
MFC 233191:
Fix madvise(MADV_WILLNEED) to properly handle individual mappings larger
than 4GB. Specifically, the inlined version of 'ptoa' of the the 'int'
count of pages overflowed on 64-bit platforms. While here, change
vm_object_madvise() to accept two vm_pindex_t parameters (start and end)
rather than a (start, count) tuple to match other VM APIs as suggested
by alc@.
jhb [Fri, 29 Jun 2012 17:12:03 +0000 (17:12 +0000)]
MFC 237334:
Move the per-thread deferred user map entries list into a private list
in vm_map_process_deferred() which is then iterated to release map entries.
This avoids having a nested vm map unlock operation called from the loop
body attempt to recuse into vm_map_process_deferred(). This can happen if
the vm_map_remove() triggers the OOM killer.
jhb [Fri, 29 Jun 2012 16:29:38 +0000 (16:29 +0000)]
MFC 237008,237271,237272,237673:
- Fix a couple of bugs that prevented windows in PCI-PCI bridges from
growing "downward" (moving the start address down). First, an off by
one error caused the end address to be moved down an extra alignment
chunk unnecessarily. Second, when aligning the new candidate starting
address, the wrong bits were masked off.
- Add a 'wmask' variable to hold the expression '(1ul << w->step) - 1' in
pcib_grow_window().
- For subtractively decoding bridges, don't try to grow windows but pass
the request up the tree in order to be on the safe side. Growing windows
in this case would mean to switch resources to positive decoding and
it's unclear how to correctly handle this. At least with ALi/ULi M5249
PCI-PCI bridges, this also just doesn't work out of the box.
glebius [Fri, 29 Jun 2012 12:11:31 +0000 (12:11 +0000)]
Merge r236364 from head by eri@:
Correct table counter functionality to not panic.
This was caused by not proper initialization of necessary parameters.
glebius [Fri, 29 Jun 2012 12:05:19 +0000 (12:05 +0000)]
Merge r233773 from head:
Historically arp(8) did a route lookup for the entry it is
about to add, and failed if it exist and had invalid data
link type.
Later on, in r201282, this check morphed to other code, but
message "proxy entry exists for non 802 device" still left,
and now it is printed in a case if route prefix found is
equal to current address being added. In other words, when
we are trying to add ARP entry for a network address. The
message is absolutely unrelated and disappointing in this
case.
I don't see anything bad with setting ARP entries for
network addresses. While useless in usual network,
in a /31 RFC3021 it may be necessary. This, remove this code.
pfg [Fri, 29 Jun 2012 03:01:38 +0000 (03:01 +0000)]
MFC r237448:
Merge changes from upstream libedit.
Here we update most of the files to at least match the
version available in NetBSD's snapshot of 20091228. This
version was chosen because it still doesn't include wide
character support (UTF-8), which involves many changes and
new files.
jhb [Thu, 28 Jun 2012 21:24:09 +0000 (21:24 +0000)]
MFC 228161,230774,230822,236415:
Add a new -e flag to pciconf(8)'s list mode to display PCI error details.
Currently this dumps the status of any error bits in the PCI status register
and PCI-express device status register. It also lists any errors indicated
by version 1 of PCI-express Advanced Error Reporting (AER).
jhb [Thu, 28 Jun 2012 19:34:23 +0000 (19:34 +0000)]
MFC 236404:
Extend VERBOSE_SYSINIT to also print out the name of variables passed
to SYSINIT routines if they can be resolved via symbol look up in DDB.
To avoid false positives, only honor a name if the symbol resolves
exactly to the pointer value (no offset).
kib [Thu, 28 Jun 2012 14:26:55 +0000 (14:26 +0000)]
Fix unbounded-length malloc, controlled from usermode. The added check
is performed before exact size of the buffer is calculated, but the
buffer cannot have size greater then the total space allocated for
extended attributes. The existing check is executing with precise
size, but it is too late, since buffer needs to be allocated in
advance.
Also, adapt to uio_resid being of ssize_t type. Use lblktosize instead of
multiplying by fs block size by hand as well.
kib [Thu, 28 Jun 2012 14:13:45 +0000 (14:13 +0000)]
MFC r237058:
Eliminate the static buffer used to read the first page of the mapped
object, and eliminate the pread(2) call as well. Mmap the first
page of the object temporaly, and unmap it on error or last use.
Potentially, this leaves one-page gap between succeeding dlopen(3),
but there are other mmap(2) consumers as well.
Fix several cases were the whole mapping of the object leaked on error.
Use MAP_PREFAULT_READ for mmap(2) calls which map real object pages
pfg [Thu, 28 Jun 2012 01:02:50 +0000 (01:02 +0000)]
MFC r237406:
Bring a couple of fixes for gcc optimizations.
The GCC4.3 branch contains some optimization fixes
that were not considered regressions and therefore
were never backported. We are bringing a couple of
them that are under GPLv2 since they were made
before the license switch upstream.
jhb [Wed, 27 Jun 2012 21:12:15 +0000 (21:12 +0000)]
MFC 233925,236357:
Add new ktrace records for the start and end of VM faults. This gives
a pair of records similar to syscall entry and return that a user can
use to determine how long page faults take. The new ktrace records are
enabled via the 'p' trace type, but are not enabled in the default set of
trace points.
mm [Wed, 27 Jun 2012 11:59:57 +0000 (11:59 +0000)]
MFC r236823 (pjd):
ds_guid of 0 is special, as it is used by snapshot receive code to
differentiate between an incremental and full stream.
Be sure not to generate guid equal to 0.
Reported by: someone who saw 0 being generated as 64bit random guid
mav [Wed, 27 Jun 2012 11:02:35 +0000 (11:02 +0000)]
MFC r237398:
In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM
done queue. Clearing it before caused extra SIM queueing in some cases.
It was invisible during normal operation, but during USB device unplug and
respective SIM destruction it could keep pointer on SIM without having
counted reference and as result crash the system by use afer free.
delphij [Wed, 27 Jun 2012 00:31:30 +0000 (00:31 +0000)]
MFC r237339:
Polish previous revision: if the fts_* routines have lstat()'ed the
directory entry then use the struct stat from that instead of doing
it again, and skip the rm_overwrite() call if fts_read() indicated
that the entry couldn't be a regular file.
Obtained from: OpenBSD
MFC r237284 (kevlo):
Fix potential symlink race condition in "rm -P" by adding a check
that the file we have opened is the one we expected. Also open in
non-blocking mode to avoid a potential hang with FIFOs.
eadler [Tue, 26 Jun 2012 03:05:17 +0000 (03:05 +0000)]
MFC r237259 r237260 r237329:
Allow users with RO privilege to the device to read the RO attributes. [0]
Add __unused macros to appropriate places in order to allow building
with WARNS=6 on base gcc, gcc46, and clang
mav [Mon, 25 Jun 2012 07:09:36 +0000 (07:09 +0000)]
MFC r237460:
Return CAM_SEL_TIMEOUT and CAM_DEV_NOT_THERE instead of CAM_TID_INVALID
and CAM_LUN_INVALID for case of missing devices. In removes tons of error
messages from CAM during bus scans.
Reported and tested by: Mike Tancsa <mike@sentex.net>
mav [Mon, 25 Jun 2012 07:06:58 +0000 (07:06 +0000)]
MFC r237446:
Don't print SCSI Queue Full and CAM_REQUEUE_REQ statuses as errors if they
were handled and retried. They are part of normal operation for SCSI TCQ.
rmacklem [Mon, 25 Jun 2012 01:48:18 +0000 (01:48 +0000)]
MFC: r237244
Fix the NFSv4 client for the case where mmap'd files are
written, but not msync'd by a process. A VOP_PUTPAGES()
called when VOP_RECLAIM() happens will usually fail, since
the NFSv4 Open has already been closed by VOP_INACTIVE().
Add a vm_object_page_clean() call to the NFSv4 client's
VOP_INACTIVE(), so that the write happens before the NFSv4
Open is closed. kib@ suggested using vgone() instead and
I will explore this, but this patch fixes things in the
meantime. For some reason, the VOP_PUTPAGES() is still
attaempted in VOP_RECLAIM(), but having this fail doesn't
cause any problems except a "stateid0 in write" being logged.
rmacklem [Sun, 24 Jun 2012 13:39:41 +0000 (13:39 +0000)]
MFC: r237200
Move the nfsrpc_close() call in ncl_reclaim() for the NFSv4 client
to below the vnode_destroy_vobject() call, since that is where
writes are flushed.
trasz [Sat, 23 Jun 2012 19:15:12 +0000 (19:15 +0000)]
MFC r234846:
Improve growfs(8) in a few ways; unfortunately, it's somewhat hard to untangle
them and commit separately.
1. Rewrite the way growfs(8) finds the device and mount point. This makes
it possible to use e.g. "growfs /mnt"; it's also used to display more
helpful messages.
2. Be more user-friendly, using descriptive messages, like this:
OK to grow filesystem on /dev/md0, mounted on /mnt, from 9.8GB to 20GB? [Yes/No]"
3. Allow to specify the size (-s option) just like with mdconfig(8), i.e. with
postfixes ("mdconfig -s 10g").4. Reload read-only filesystem after growing.
Reviewed by: kib, mckusick (earlier version)
Sponsored by: The FreeBSD Foundation
MFC r235079:
Fix offset calculation to actually rewrite the _last_ block.
trasz [Sat, 23 Jun 2012 19:03:42 +0000 (19:03 +0000)]
MFC r234178:
Remove block reallocation used to make room for the cylinder group
summary structure. From now on, when there is no room for it,
we simply allocate new one in a newly added cylinder group.
This patch removes a conditional in updcsloc(), reindents some code
there, and removes unused routines. I decided to do it this way instead
of disabling reallocation when the filesystem is live and leaving it
as it is otherwise, because this allows for removal of lots of complicated
and hard to test code. Also, conditionally disabling it would result
in a different layout in filesystems resized online and offline, which
would look somewhat weird.
Reviewed by: mckusick
No objections from: kib
Sponsored by: The FreeBSD Foundation
trasz [Sat, 23 Jun 2012 18:51:33 +0000 (18:51 +0000)]
MFC r227081 by ed@:
Add missing static keywords for global variables to tools in sbin/.
These tools declare global variables without using the static keyword,
even though their use is limited to a single C-file, or without placing
an extern declaration of them in the proper header file.
davide [Sat, 23 Jun 2012 17:46:42 +0000 (17:46 +0000)]
MFC r237196:
Disable hwpmc(4) support for Intel Xeon Sandy Bridge (Model 0x2D).
Due to some differences in MSRs between Xeon Sandy Bridge and Core Sandy
Bridge (Model 0x2A), wrmsr() may generate in a GP# fault exception and so a
panic of the machine.
davide [Sat, 23 Jun 2012 17:39:40 +0000 (17:39 +0000)]
MFC r237195:
The variable 'error' in sys_poll() is initialized in declaration to value
zero but in any case is overwritten by successive copyin(), making the
previous initialization useless. Remove this.
As an added bonus this fixes a style(9) bug.
mav [Sat, 23 Jun 2012 07:45:14 +0000 (07:45 +0000)]
MFC r237335:
Check status of cam_periph_hold() inside cdclose(). If cd device was
invalidated while open, cam_periph_hold() will return error and won't
get the reference. Following reference release will crash the system.
delphij [Sat, 23 Jun 2012 00:37:32 +0000 (00:37 +0000)]
MFC r237348:
Currently the code uses gzFile * for a zlib file descriptor, which
is not correct. The code works by accident because gzFile is
currently defined as void *, and internally it would be casted from
or to its real type.
A newer version of zlib will instead define it as a pointer to a
specific type pointer (namely, struct gzFile_s *). This therefore
would cause stricter checks and compiler would catch this type
mismatch.
This change does not cause any changes to the resulting binary,
as validated with md5(1).