dexuan [Wed, 14 Jun 2017 13:44:32 +0000 (13:44 +0000)]
MFC: 319690
Approved by: re (marius)
r319690
hyperv/pcib: use the device serial number as PCI domain
Currently the PCI domain is initialized with the instance GUID in
vmbus_pcib_attach(). It turns out the GUID can change across VM reboot,
while some users want a persistent value for PCI domain. The solution is
that we can change to use the device serial number, which starts with 1
and is unique within a VM.
Obtained from: Haiyang Zhang
Sponsored by: Microsoft
emaste [Tue, 13 Jun 2017 18:59:34 +0000 (18:59 +0000)]
MFC r317428 (cognet): fix arm64 MSI
In arm_gicv2m_alloc_msi(), if we found a suitable irq range, leave the loop
before we increase irq again, or we'd end up choosing an irq, and then
really using the next one, even if it's not available.
Also in the inner loop, correct the end check so that we check every irq,
even the last one.
This makes the msk(4) adapter able to use MSI on Softiron Overdrive 1000.
ngie [Mon, 12 Jun 2017 17:37:18 +0000 (17:37 +0000)]
MFC r313398:
Approved by: re (gjb)
Apply r274475's to expr.oxout.tab.c to fix the test on FreeBSD
YYINT on FreeBSD is int, not short
I'll work with the upstream maintainer or come up with a build
method of modifying their definitions on install instead of
having to modify tests to match our forked YYINT definition.
glebius [Thu, 8 Jun 2017 22:13:29 +0000 (22:13 +0000)]
MFC r317806:
The nandsim(4) simulator driver doesn't have any protection against
races at least in its ioctl handler, and at the same time it creates
device entry with 0666 permissions.
To plug possible issues in it:
- Mark it as needing Giant.
- Switch device mode to 0600.
Submitted by: C Turt
Reviewed by: imp
Security: Possible double free in ioctl handler
Approved by: re (marius)
glebius [Thu, 8 Jun 2017 22:12:10 +0000 (22:12 +0000)]
MFC r318677:
Fix regression in ndis(4) after r286410. This adds a bunch of checks for
whether this is a Ethernet or 802.11 device and does proper dereferencing.
PR: 213237
Submitted by: <ota j.email.ne.jp>
Approved by: re (marius)
gjb [Thu, 8 Jun 2017 17:54:27 +0000 (17:54 +0000)]
MFC r319621:
Ensure ${_CW} is uppercase when passing '-c' to mk-vmimage.sh,
otherwise with 'CLOUDWARE=vagrant-virtualbox', the path to the
configuration file may be incorrect.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
manu [Thu, 8 Jun 2017 15:50:50 +0000 (15:50 +0000)]
Currently stable/11 is using custom DTS for beaglebone(-black) while CURRENT
is using the upstream ones from Linux.
U-Boot ports have been changed to use the upstream names so 11.1-PRERELEASE
doesn't boot.
Since we cannot MFC the DTS easily (a lot of drivers would have to be modified)
add links on the dts with upstream names.
gjb [Thu, 8 Jun 2017 15:47:52 +0000 (15:47 +0000)]
MFC r319603, r319608, r319609:
Create a hard link for sun7i-a20-cubieboard2.dtb to allow the
cubieboard2 to find the correct dtb file.
Note: r319608 and r319609 are included, but are no-op changes to
the original change, and only included to prevent these commits
from showing up on the MFC tracking page.
Approved by: re (marius)
Sponsored by: The FreeBSD Foundation
mav [Thu, 8 Jun 2017 14:33:47 +0000 (14:33 +0000)]
MFC r318966: Improve applying unified capabilities to the lagg ports.
Some NICs have some capabilities dependent, so that disabling one
require disabling some other (TXCSUM/RXCSUM on em). This code tries to
reach the consensus more insistently.
tuexen [Wed, 7 Jun 2017 12:50:54 +0000 (12:50 +0000)]
MFC r319556:
Fix the ICMP6 handling for TCP.
The ICMP6 packets might not be contained in a single mbuf. So don't
assume this. Keep the IPv4 and IPv6 code in sync and make explicit
that the syncache code only need the TCP sequence number, not the
complete TCP header.
gjb [Tue, 6 Jun 2017 14:46:23 +0000 (14:46 +0000)]
MFC r318943 (avg):
MFV r318942: 8166 zpool scrub thinks it repaired offline device
https://www.illumos.org/issues/8166
If we do a scrub while a leaf device is offline (via "zpool offline"),
we will inadvertently clear the DTL (dirty time log) of the offline
device, even though it is still damaged. When the device comes back
online, we will incompletely resilver it, thinking that the scrub
repaired blocks written before the scrub was started. The incomplete
resilver can lead to data loss if there is a subsequent failure of a
different leaf device.
The fix is to never clear the DTL of offline devices. Note that if a
device is onlined while a scrub is in progress, the scrub will be
restarted.
The problem can be worked around by running "zpool scrub" after
"zpool online".
See also https://github.com/zfsonlinux/zfs/issues/5806
PR: 219537
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
trasz [Tue, 6 Jun 2017 08:33:19 +0000 (08:33 +0000)]
MFC r318398:
Bump default MAXTSIZ (kern.maxtsiz) from 128MB to 32GB. The old limit
prevents one from running eg clang built with debug; the new one is
arbitrary (equal to MAXDSIZ) and... well, should be quite future-proof.
Same fix might be applicable to other 64 bit architectures; I'll ask
their respective maintainers to make sure it won't break anything.
MFC r319118:
Disable IPsec debugging code by default when IPSEC_DEBUG kernel option
is not specified.
Due to the long call chain IPsec code can produce the kernel stack
exhaustion on the i386 architecture. The debugging code usually is not
used, but it requires a lot of stack space to keep buffers for strings
formatting. This patch conditionally defines macros to disable building
of IPsec debugging code.
IPsec currently has two sysctl variables to configure debug output:
* net.key.debug variable is used to enable debug output for PF_KEY
protocol. Such debug messages are produced by KEYDBG() macro and
usually they can be interesting for developers.
* net.inet.ipsec.debug variable is used to enable debug output for
DPRINTF() macro and ipseclog() function. DPRINTF() macro usually
is used for development debugging. ipseclog() function is used for
debugging by administrator.
The patch disables KEYDBG() and DPRINTF() macros, and formatting buffers
declarations when IPSEC_DEBUG is not present in kernel config. This
reduces stack requirement for up to several hundreds of bytes.
The net.inet.ipsec.debug variable still can be used to enable ipseclog()
messages by administrator.
PR: 219476
MFC r319412:
Build kdebug_secreplay() function only when IPSEC_DEBUG is defined.
This should fix the build on sparc.
bdrewery [Sun, 4 Jun 2017 19:09:50 +0000 (19:09 +0000)]
MFC r318194,r319481:
r318194:
Tell bmake (meta mode) to ignore changes to /usr/local/etc/libmap.d/*
r319481:
META_MODE: Move ignoring of /usr/local/etc/libmap.d to proper place.
hselasky [Sun, 4 Jun 2017 08:45:13 +0000 (08:45 +0000)]
MFC r319413:
Free hardware queue resource after port is stopped in the mlx4en(4)
driver. Else if the port is up the resource might still be busy and
the MTT free will fail.
PR: 216493
Approved by: re (kib)
Sponsored by: Mellanox Technologies
hselasky [Sun, 4 Jun 2017 08:25:28 +0000 (08:25 +0000)]
MFC r319414:
Allow communication between functions on the same host when using the
mlx4en(4) driver in SRIOV mode.
Place a copy of the destination MAC address in the send WQE only under
SRIOV/eSwitch configuration or when the device is in selftest. This
allows communication between functions on the same host.
PR: 216493
Approved by: re (kib)
Sponsored by: Mellanox Technologies
MFC r318734:
Fix possible double releasing for SA reference.
There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto thread.
For inbound packets the direct call chain is the following:
IPSEC_INPUT() method -> ipsec_common_input() -> xform_input() ->
-> crypto_dispatch() -> crypto_invoke() -> crypto_done() ->
-> xform_input_cb() -> ipsec[46]_common_input_cb() -> netisr_queue().
The SA reference is held while crypto processing is not finished.
The error handling code wrongly expected that crypto callback always called
from the crypto thread context, and it did SA reference releasing in
xform_input_cb(). But when the crypto callback called directly, in case of
error (e.g. data authentification failed) the error handling in
ipsec_common_input() also did SA reference releasing.
To fix this, remove error handling from ipsec_common_input() and do it
in xform_input() before crypto_dispatch().
PR: 219356
MFC r318738:
Fix possible double releasing for SA and SP references.
There are two possible ways how crypto callback are called: directly from
caller and deffered from crypto thread.
For outbound packets the direct call chain is the following:
IPSEC_OUTPUT() method -> ipsec[46]_common_output() ->
-> ipsec[46]_perform_request() -> xform_output() ->
-> crypto_dispatch() -> crypto_invoke() -> crypto_done() ->
-> xform_output_cb() -> ipsec_process_done() -> ip[6]_output().
The SA and SP references are held while crypto processing is not finished.
The error handling code wrongly expected that crypto callback always called
from the crypto thread context, and it did references releasing in
xform_output_cb(). But when the crypto callback called directly, in case of
error the error handling code in ipsec[46]_perform_request() also did
references releasing.
To fix this, remove error handling from ipsec[46]_perform_request() and do it
in xform_output() before crypto_dispatch().
ngie [Fri, 2 Jun 2017 01:00:40 +0000 (01:00 +0000)]
MFC r318210,r318211:
Approved by: re (gjb)
r318210:
ssp_test:read:: query the value of MAXPATHLEN via getconf(1)
In the event the value of PATH_MAX was changed, the assumption that
MAXPATHLEN is 1024 (and hence the buffer length required to trigger
SSP to fail for read(2)) would be invalidated. Query getconf(1) for
the actual value of MAXPATHLEN via _XOPEN_PATH_MAX instead, and
increment the value by 1 to ensure that the SSP support tests the
stack smashing support properly.
r318211:
Fix up previous commit
- Apply the logic to the FreeBSD block
- Fix a typo with the getconf(1) call that I would have caught, were
it not for the fact that I got the blocks wrong.
- Consolidate the hardcoded buffer sizes to the NetBSD block.
This would have been discovered had I run the test on a system where
PATH_MAX != 1024 (I don't have that at my disposal right at this moment).
slm [Thu, 1 Jun 2017 16:55:03 +0000 (16:55 +0000)]
MFC r318895: Fix several problems with mapping code in mps(4).
MFC r318896: Fix several problems with mapping code in mpr(4).
-Add several comments describing what the mapping code is doing.
-Added a callout timer to improve check for missing devices when discovery has
completed so that missing counts are incremented correctly.
-Fix problems with missing counts not being saved to the HBA.
-Update man pages mps(4) and mpr(4) to include a description of the use
use_phy_num sysctl variable.
-Remove channel field in the mapping structure because it's not used.
-Improve logging by using mps_dprint or mpr_dprint instead of printf and adding
more logging where appropriate.
-Add check for a bad index before writing mapping entries to controller.
-The high missing count check in the mapping table was using the incorrect
initial value, which could lead to a bad result.
-The usage of the IN_USE flag for volume mapping was changed to be more
intuitive, and was not being used correctly.
-The check for a free DPM entry was changed, as this was completely wrong.
-Updates to the missing count for volumes were not being done correctly, so this
function was completely rewritten.
-_mapping_add_to_removal_table() was overly complicated and incorrectly used, so
this function was rewritten.
-Missing counts for all devices were not being incremented properly, so this
functionality was added.
-The search for space in the mapping table for missing enclosures was not
calculating the found space correctly due to not breaking out of a loop when
required, and the num_found variable was not being reset when needed.
-Retries when a device fails to get added due to a full mapping table were
removed because this is unneccessary.
-mps_mapping_is_reinit_required() and mpr_mapping_is_reinit_required() were
removed because they were not being used.
-Some functions were renamed to avoid confusion between Target IDs and SAS IDs.
-_mapping_check_update_ir_mt_idx() was removed because it was overly
complicating volume mapping.
-The setting of the maxtargets variable was changed to include max volumes.
-The setting of the initiator_id variable was changed to be the invalid target
ID after all targets, including volumes. Previously, this was set to the last
valid target ID.
-Don't exclude target IDs of RAID components or check for a reuse of a target ID
for RAID components.
-Some endienness was added.
r308217:
Add a fallback to the device mapper logic. We've seen systems in the field
that are apparently misconfigured by the manufacturer and cause the mapping
logic to fail. The fallback allows drive numbers to be assigned based on the
PHY number that they're attached to. Add sysctls and tunables to overrid
this new behavior, but they should be considered only necessary for debugging.
r308301:
Record the LogInfo field when reporting the IOCStatus. Helps in
debugging errors.
Submitted by: slm
Obtained from: Netflix
MFC after: 3 days
r311958:
Print out the number of queues/MSIx vectors.
Sponsored by: Netflix
r312437:
Rework the debug print API. Event printing no longer gets special handling.
All of the printing from the tables file now has wrappers so that the
handling is cleaner and it's possible to print something out (say, during
development) without having to fight the global debug flags. This re-org
will also make it easier to have the tables be compiled out at build time
if desired.
Other than fixing some minor bugs, there are no user-visible changes from
this change
Sponsored by: Netflix, Inc.
Differential Revision: D9238
r318188:
Improve error messages during command timeout for the mpr and mps
drivers.
Sponsored by: Netflix
r318427:
Add tri-mode support (SAS/SATA/PCIe).
This includes NVMe device support and adds support for the following adapters:
SAS 3408
SAS 3416
SAS 3508
SAS 3516
SAS 3616
SAS 3708
SAS 3716
tuexen [Thu, 1 Jun 2017 14:58:26 +0000 (14:58 +0000)]
When a SYN-ACK is received in SYN-SENT state, RFC 793 requires the
validation of SEG.ACK as the first step. If the ACK is not acceptable,
a RST segment should be sent and the segment should be dropped.
Up to now, the segment was partially processed.
This patch moves the check for the SEG.ACK validation up to the front
as required.
Fix warnings about the following when WARNS=6 (which I will commit soon):
- casting away const
- no previous 'extern' declaration for non-static variable
- others as explained by #pragmas and comments
- unused parameters
libthr: disable thread-safety warnings
These warnings don't make sense for code that implements
the locking primitives.
libthr: change CHECK_AND_INIT_RWLOCK to an inline function
This was prompted by a compiler warning about 'ret' shadowing
a local variable in the callers of the macro.
libthr: Use CLI flags instead of pragmas to disable warnings
People tweaking the build system or compilers tend to look into
the Makefile and not into the source. Having some warning controls
in the Makefile and some in the source code is surprising.
Pragmas have the advantage that they leave the warnings enabled
for more code, but that advantage isn't very relevant in these cases.
libthr: fix warnings from GCC when WARNS=6
Fix warnings about:
- redundant declarations
- a local variable shadowing a global function (dlinfo)
- an old-style function definition (with an empty parameter list)
- a variable that is possibly used uninitialized
libthr: prevent setcontext() from masking SIGTHR
__thr_setcontext() mistakenly tested for the presence of SIGCANCEL
in its local ucontext_t instead of the parameter. Therefore,
if a thread calls setcontext() with a context whose signal mask
contains SIGTHR (a.k.a. SIGCANCEL), that signal will be blocked,
preventing the thread from being cancelled or suspended.
gjb [Thu, 1 Jun 2017 14:39:11 +0000 (14:39 +0000)]
Document r305837, readelf(1) ARM program and section header reporting.
Document r305844, ELF Tool Chain updated to r3490.
Document r309125, strings(1) exit status fix.
Submitted by: emaste
Sponsored by: The FreeBSD Foundation
tuexen [Thu, 1 Jun 2017 10:03:41 +0000 (10:03 +0000)]
MFC r318649:
The connect() system call should return -1 and set errno to EAFNOSUPPORT
if it is called on a TCP socket
* with an IPv6 address and the socket is bound to an
IPv4-mapped IPv6 address.
* with an IPv4-mapped IPv6 address and the socket is bound to an
IPv6 address.
Thanks to Jonathan T. Leighton for reporting this issue.
tuexen [Thu, 1 Jun 2017 09:21:25 +0000 (09:21 +0000)]
MFC r317597:
Allow SCTP to use the hostcache.
This patch allows the MTU stored in the hostcache to be used as an
initial value for SCTP paths. When an ICMP PTB message is received,
store the MTU in the hostcache.
tuexen [Thu, 1 Jun 2017 09:00:38 +0000 (09:00 +0000)]
MFC r317512:
armv8 has support for optional CRC32C instructions. This patch checks if they are
available and if that is true make use of them.
Thank you very much to Andrew Turner for providing help and review the patch!
Reviewed by: andrew
Differential Revision: https://reviews.freebsd.org/D10499
tuexen [Thu, 1 Jun 2017 08:42:53 +0000 (08:42 +0000)]
MFC r317244:
Represent "a syncache overflow hasn't happend yet" by using
-(SYNCOOKIE_LIFETIME + 1) instead of INT64_MIN, since it is
good enough and works when time_t is int32 or int64.
This fixes the issue reported by cy@ on i386.
tuexen [Thu, 1 Jun 2017 08:32:35 +0000 (08:32 +0000)]
MFC r317208:
Syncoockies can be used in combination with the syncache. If the cache
overflows, syncookies are used.
This patch restricts the usage of syncookies in this case: accept
syncookies only if there was an overflow of the syncache recently.
This mitigates a problem reported in PR217637, where is syncookie was
accepted without any recent drops.
Thanks to glebius@ for suggesting an improvement.
tuexen [Thu, 1 Jun 2017 08:29:08 +0000 (08:29 +0000)]
MFC r316743:
The sysctl variable net.inet.tcp.drop_synfin is not honored in all states,
for example not in SYN-SENT.
This patch adds code to check the sysctl variable in other states than
LISTEN.
Thanks to ae and gnn for providing comments.
tuexen [Thu, 1 Jun 2017 08:19:45 +0000 (08:19 +0000)]
MFC r314155:
TCP window updates are only sent if the window can be increased by at
least 2 * MSS. However, if the receive buffer size is small, this might
be impossible. Add back a criterion to send a TCP window update if
the window can be increased by at least half of the receive buffer size.
This condition was removed in r242252. This patch simply brings it back.
tuexen [Thu, 1 Jun 2017 08:12:44 +0000 (08:12 +0000)]
MFC r313031:
Take the SCTP common header into account when computing the
space available for chunks. This unbreaks the handling of
ICMPV6 packets indicating "packet too big". It just worked
for IPv4 since we are overbooking for IPv4.
tuexen [Thu, 1 Jun 2017 08:04:09 +0000 (08:04 +0000)]
MFC r312063:
Ensure that the buffer length and the length provided in the IPv4
header match when using a raw socket to send IPv4 packets and
providing the header. If they don't match, let send return -1
and set errno to EINVAL.
Before this patch is was only enforced that the length in the header
is not larger then the buffer length.
ngie [Thu, 1 Jun 2017 06:56:32 +0000 (06:56 +0000)]
MFC r314579,r314785:
r314579 (by np):
Add cxgbetool(8) to the base system.
Move cxgbetool from tools/tools to usr.sbin. Compile and install it on
platforms where cxgbe(4) is built by default. Knobs (WITH_CXGBETOOL and
WITHOUT_CXGBETOOL) have been added so that the user can override the
default setting.
ngie [Thu, 1 Jun 2017 06:41:24 +0000 (06:41 +0000)]
MFC r318436:
usr.bin/getconf: add some initial tests
Items tested via this commit are:
- Some basic POSIX constants.
- Some valid programming environments with -v.
- Some invalid programming environments via -v.
NOTE: this test makes assumptions about ILP32/LP32 vs LP64 that are
currently not true on all architectures to avoid hardcoding some
architectures in the tests. I'm working on improving getconf(1) to be
more sane about handling ILP32/LP32 vs LP64. Future commits are coming
soon to address this.
ngie [Thu, 1 Jun 2017 06:35:37 +0000 (06:35 +0000)]
MFC r319157:
fma_test: mute a warning about unreachable code on amd64 by restructuring
the #ifdef block to only handle the rest of the logic in the loop in the
#else case.
ngie [Thu, 1 Jun 2017 06:26:35 +0000 (06:26 +0000)]
MFC r318175,r318178,r318179:
r318175:
procstat(1): clarify the Signal Disposition section
- Fix a typo (SIGIGN -> SIG_IGN). Use .Dv when referencing SIG_IGN.
- Use semi-colons as soft breaks when separating sentences for
the FLAGS section.
- Tweak wording for C slightly to flow better and to be a bit
more technically correct (signals with handlers installed will
be caught by the target program).
- Reference signal(3) in the SEE ALSO section.
r318178:
procstat(1): document all possible `PRO` (network protocol) values
Reference the appropriate section 4 manpages for networking
protocols.
r318179:
procstat(1): also reference icmp(4) and sctp(4)
This was missed in the previous commit by accident.