Previously, 450.status-security would always set rc=3 in inline mode,
because it doesn't know whether "periodic security" is going to find
anything interesting. But this annoyingly results in daily reports that
simply say "Security check: \n\n-- End of daily output --".
This change fixes that by testing whether "periodic security" printed
anything, and setting 450.status-security's exit status to 3 if it did. An
alternative would be to change the exit status of periodic(8) to be the
worst of its scripts' exit statuses, but that would be a more intrusive
change.
Reviewed by: brian
Differential Revision: https://reviews.freebsd.org/D10267
In order to preserve KBI in stable branches, replace the existing
td_sigqueue slot with padding and move the expanded (as of r315949)
td_sigqueue to the end of the struct.
MFC: r316792
Add an NFSv4.1 mount option for "use one openowner".
Some NFSv4.1 servers such as AmazonEFS can only support a small fixed number
of open_owner4s. This patch adds a mount option called "oneopenown" that
can be used for NFSv4.1 mounts to make the client do all Opens with the
same open_owner4 string. This option can only be used with NFSv4.1 and
may not work correctly when Delegations are is use.
MFC: r316782
Add call to svcpool_close() for the NFSv4 callback pool (svcpool_nfscbd).
A function called svcpool_close() was added to the server side krpc by
r313735, so that a pool could be closed without destroying the data structures.
This little patch adds a call to it for the callback pool (svcpool_nfscbd),
so that the nfscbd daemon can be killed/restarted and continue to work
correctly.
MFC r316759:
Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request
the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.
Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT,
SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR,
SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST
extension headers to the key_debug that is used by `setkey -x`.
Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting.
And modify kdebug_sadb_x_policy() to show policy scope and priority.
Some dummynet modules used strcpy() to copy from a larger buffer
(dn_aqm->name) to a smaller buffer (dn_extra_parms->name). It happens that
the lengths of the strings in the dn_aqm buffers were always hardcoded to be
smaller than the dn_extra_parms buffer ("CODEL", "PIE").
Use strlcpy() instead, to appease static checkers. No functional change.
hyperv/hn: Use channel0, i.e. TX ring0, for TCP SYN/SYN|ACK.
Hyper-V hot channel effect:
Operation latency on hot channel is only _half_ of the operation
latency on cold channels.
This commit takes the advantage of the above Hyper-V host channel
effect, and can reduce more than 75% latency and more than 50%
latency stdev, i.e. lower and more stable/predictable latency,
for various types of web server workloads.
MFC: r316745
Fix the NFS client for "text file modified, process killed" mmap'd case.
When an mmap'd text file is written and then executed immediately
afterwards, it was possible that the modify time would change after the
text file was executing, resulting in the process executing the file
being killed. This was usually only observed when the file system's
times were set to higher resolution, but could have occurred for any
time resolution.
This patch adds a VOP_SET_TEXT() to the NFS client which flushed all
dirty pages to the NFS server and then makes sure that n_mtime is up
to date to avoid this from occurring.
Thanks go to kib@ and pho@ for their help with developing this patch.
MFC: r316719
Don't throw away Open state when a NFSv4.1 client recovery fails.
If the ExchangeID/CreateSession operations done by an NFSv4.1 client
after the server crashes/reboots fails, it is possible that some process/thread
is waiting for an open_owner lock. If the client state is free'd, this
can cause a crash.
This would not normally happen, but has been observed on a mount of the
AmazonEFS service.
MFC: r316717
During a server crash recovery, fix the NFSv4.1 client for a NFSERR_BADSESSION
during recovery.
If the NFSv4.1 client gets a NFSv4.1 NFSERR_BADSESSION reply to an Open/Lock
operation while recovering from the server crash/reboot, allow the opens
to be retained for a subsequent recovery attempt. Since NFSv4.1 servers
should only reply NFSERR_BADSESSION after a crash/reboot that has lost
state, this case should almost never happen.
However, for the AmazonEFS file service, this has been observed when
the client does a fresh TCP connection for RPCs.
MFC: r316694
Fix a crash during unmount of an NFSv4.1 mount.
Larry Rosenman reported a crash on freebsd-current@ which was caused by
a premature release of the krpc backchannel socket structure.
I believe this was caused by a race between the SVC_RELEASE() in clnt_vc.c
and the xprt_unregister() in the higher layer (clnt_rc.c), which tried
to lock the mutex in the xprt structure and crashed.
This patch fixes this by removing the xprt_unregister() in the clnt_vc
layer and allowing this to always be done by the clnt_rc (higher reconnect
layer).
Keep state incorrectly assumes keep frags. This is counter to the
ipfilter man pages. This also currently restricts keep frags to only when
keep state is used, which is redundant because keep state currently
assumes keep frags. This commit fixes this.
To the user this change means that to maintain the current behaviour
one must add keep frags to any ipfilter keep state rule (as documented
in the man pages).
This patch also allows the flexability to specify and use keep frags
separate from keep state, as documented in an example in ipf.conf.5,
instead of the currently broken behaviour.
MFC: r316692
Set initial values for nfsstatfs in the NFSv4 client.
The AmazonEFS NFSv4.1 server does not support the FILES_FREE and FILES_TOTAL
attributes. As such, an NFSv4.1 mount to the server would return garbage
for these values. This patch initializes the fields of the nfsstatfs structure,
so that "df" and friends will at least return consistent bogus values.
MFC: r316669
Avoid starvation of the server crash recovery thread for the NFSv4 client.
This patch gives a requestor of the exclusive lock on the client state
in the NFSv4 client priority over shared lock requestors. This avoids
the server crash recovery thread being starved out by other threads doing
RPCs.
MFC: r316667
Fix the NFSv4 client hndling of a stale write verifier in the Commit operation.
When the NFSv4 client Commit operation encountered a stale write verifier,
it erroneously mapped that to EIO. This could have caused recently written
data to be lost when a server crashes/reboots between an UNSTABLE write
and the subsequent commit. This patch fixes this.
The bug was only for the NFSv4 client and did not affect NFSv3.
MFC: r316666
Fix the NFSv4.1 client for NFSERR_BADSESSION recovery via ReclaimComplete.
For the ReclaimComplete operation, the RPC layer should not loop on
NFSERR_BADSESSION. If it does, the recovery thread (nfscl) can get stuck
looping and will not do a recovery.
This patch fixes it so it does not loop. This bug only affects NFSv4.1 and
only when a server reboots.
MFC: r316655
Fix parsing failure for NFSv4 Setattr operation for failed case.
If an operation that preceeds a Setattr in an NFSv4 compound fails,
there is no bitmap of attributes to parse. Without this patch, the
parsing would fail and return EBADRPC instead of the correct failure
error. This could break recovery from a server crash/reboot.
MFC r316699:
Do not adjust interface MTU automatically. Leave this task to the system
administrator.
Before r274246 interface MTU was adjusted only when GRE key is configured.
The r274246 has changed this behavior to automatically adjust MTU when any
option, that changes the size of GRE header is configured.
This patch removes automatic MTU adjustment from if_gre(4) and if_me(4),
and restores the behavior that was prior to r274246.
MFC: r310491
Fix NFSv4.1 client recovery from NFS4ERR_BAD_SESSION errors.
For most NFSv4.1 servers, a NFS4ERR_BAD_SESSION error is a rare failure
that indicates that the server has lost session/open/lock state.
However, recent testing by cperciva@ against the AmazonEFS server found
several problems with client recovery from this due to it generating this
failure frequently.
Briefly, the problems fixed are:
- If all session slots were in use at the time of the failure, some processes
would continue to loop waiting for a slot on the old session forever.
- If an RPC that doesn't use open/lock state failed with NFS4ERR_BAD_SESSION,
it would fail the RPC/syscall instead of initiating recovery and then
looping to retry the RPC.
- If a successful reply to an RPC for an old session wasn't processed
until after a new session was created for a NFS4ERR_BAD_SESSION error,
it would erroneously update the new session and corrupt it.
- The use of the first element of the session list in the nfs mount
structure (which is always the current metadata session) was slightly
racey. With changes for the above problems it became more racey, so all
uses of this head pointer was wrapped with a NFSLOCKMNT()/NFSUNLOCKMNT().
- Although the kernel malloc() usually allocates more bytes than requested
and, as such, this wouldn't have caused problems, the allocation of a
session structure was 1 byte smaller than it should have been.
(Null termination byte for the string not included in byte count.)
There are probably still problems with a pNFS data server that fails
with NFS4ERR_BAD_SESSION, but I have no server that does this to test
against (the AmazonEFS server doesn't do pNFS), so I can't fix these yet.
Although this patch is fairly large, it should only affect the handling
of NFS4ERR_BAD_SESSION error replies from an NFSv4.1 server.
Thanks go to cperciva@ for the extension testing he did to help isolate/fix
these problems.
andrew [Mon, 24 Apr 2017 16:49:30 +0000 (16:49 +0000)]
MFC r302788, r303026, r305471
r302788:
Fix the type used to hold the value returned from getopt. On arm64 char is
unsigned so will never be -1.
r303026:
Add missing flags from acpidump. These are defined in the header, but not
printed. The HW_REDUCED flag is useful as it should be set on arm64 to
comply with the ARM Server Base Boot Requirements.
r305471:
Teach acpidump how to parse ACPI 5.1 tables found on the development
ThunderX units in the netperf cluster.
CID 1229913 Fix output of "camcontrol persist -i report_capabilities".
The reported Persistent Reservation Types were wrong in all
cases.
CID 1356029 Annotate the code so Coverity will know that this is a false
positive.
CID 1366830 Fix a memory leak in "camcontrol timestamp -s"
CID 1366832 Fix a segfault that could be caused by bad drive firmware
Also, fix the man page entry for the "camcontrol epc state" command to match
what the code does.
r316342:
Consolidate random sleeps in periodic scripts
Multiple periodic scripts sleep for a random amount of time in order to
mitigate the thundering herd problem. This is bad, because the sum of
multiple uniformly distributed random variables approaches a normal
distribution, so the problem isn't mitigated as effectively as it would be
with a single sleep.
This change creates a single configurable anticongestion sleep. periodic
will only sleep if at least one script requires it, and it will never sleep
more than once per invocation. It also won't sleep if periodic was run
interactively, fixing an unrelated longstanding bug.
MFC r316677: Do not register in CTL portal groups without portals.
From config synthax point of view such portal groups are not incorrect,
but they are useless since can not receive any connection. And since
CTL port resource is very limited, it is good to save it.
MFC r314290: Implement use of multiple transfers per I/O.
This change removes limitation of single S/G list entry and limitation on
maximal I/O size, using multiple data transfers per I/O if needed. Also
it removes code duplication between send and receive paths, which are now
completely equal.
When forwarding pf tracks the size of the largest fragment in a fragmented
packet, and refragments based on this size.
It failed to ensure that this size was a multiple of 8 (as is required for all
but the last fragment), so it could end up generating incorrect fragments.
For example, if we received an 8 byte and 12 byte fragment pf would emit a first
fragment with 12 bytes of payload and the final fragment would claim to be at
offset 8 (not 12).
We now assert that the fragment size is a multiple of 8 in ip6_fragment(), so
other users won't make the same mistake.
Reported by: Antonios Atlasis <aatlasis at secfu net>
Remove excessive horizontal whitespace from hier(7) by correctly
using "-width". The http://mdocml.bsd.lv/mdoc/details/width.html
says: "Do not use macros in the argument specifying the width,
that's not portable. While GNU troff can handle it, mandoc cannot."
The same problem seems to exist in many other man pages.
MFC r316065: Enable route and LLE (ndp) caching in TCP/IPv6
tcp_output.c was using a route on the stack for IPv6, which does not
allow route caching or LLE/ndp caching. Switch to using the route
(v6 flavor) in the in_pcb, which was already present, which caches
both L3 and L2 lookups.
MFC r302664:
mkimg(1): minor cleanups with argument order in calloc(3).
Generally the first argument in calloc is supposed to stand for a count
and the second for a size. Try to make that consistent. While here,
attempt to make some use of the overflow detection capability in
calloc(3).
MFC r316824:
The rule field in the ipfw_dyn_rule structure is used as storage
to pass rule number and rule set to userland. In r272840 the kernel
internal rule representation was changed and the rulenum field of
struct ip_fw_rule got the type uint32_t, but userlevel representation
still have the type uint16_t. To not overflow the size of pointer
on the systems with 32-bit pointer size use separate variable to
copy rulenum and set.
dim [Fri, 21 Apr 2017 17:03:48 +0000 (17:03 +0000)]
MFC r316989:
Pull in r300404 from upstream llvm trunk (by me):
Use correct registers for "A" inline asm constraint
Summary:
In PR32594, inline assembly using the 'A' constraint on x86_64 causes
llvm to crash with a "Cannot select" stack trace. This is because
`X86TargetLowering::getRegForInlineAsmConstraint` hardcodes that 'A'
means the EAX and EDX registers.
However, on x86_64 it means the RAX and RDX registers, and on 16-bit
x86 (ia16?) it means the old AX and DX registers.
Add new register classes in `X86RegisterInfo.td` to support these
cases, and amend the logic in `getRegForInlineAsmConstraint` to cope
with different subtargets. Also add a test case, derived from
PR32594.
MFC r310181 (matthew) (originally r309314):
Allow a user-overridable setting 'PKG_CMD' to control the command used
to create a repo during 'make packages'.
MFC r316770:
Clear h/w csum flags on mbuf handled by UDP.
When checksums of received IP and UDP header already checked, UDP uses
sbappendaddr_locked() to pass received data to the socket.
sbappendaddr_locked() uses given mbuf as is, and if NIC supports checksum
offloading, mbuf contains csum_data and csum_flags that were calculated
for already stripped headers. Some NICs support only limited checksums
offloading and do not use CSUM_PSEUDO_HDR flag, and csum_data contains
some value that UDP/TCP should use for pseudo header checksum calculation.
When L2TP is used for tunneling with mpd5, ng_ksocket receives mbuf with
filled csum_flags and csum_data, that were calculated for outer headers.
When L2TP header is stripped, a packet that was tunneled goes to the IP
layer and due to presence of csum_flags (without CSUM_PSEUDO_HDR) and
csum_data, the UDP/TCP checksum check fails for this packet.
Reported by: Irina Liakh <spell at itl ua>
Tested by: Irina Liakh <spell at itl ua>
MFC r316822,316823:
Rework r316770 to make it protocol independent and general, like we
do for streaming sockets.
And do more cleanup in the sbappendaddr_locked_internal() to prevent
leak information from existing mbuf to the one, that will be possible
created later by netgraph.
Fix a use after free panic in ipfilter's fragment processing.
Memory is malloc'd, then a search for a match in the fragment table
is made and if the fragment matches, the wrong fragment table is
freed, causing a use after free panic. This commit fixes this.
A symptom of the problem is a kernel page fault in bcopy() called by
ipf_frag_lookup() at line 715 in ip_frag.c. Another symptom is a
kernel page fault in ipf_frag_delete() when called by ipf_frag_expire()
via ipf_slowtimer().
r308569:
Always call PHYS_TO_VM_PAGE() in is_managed(). Fast road for addresses
under first_page cannot be taken as this variable is connected only to
vm_page_array segment. There could be more segments in system like the ones
for various fictitious page ranges. These can be situated under
vm_page_array segment and so, they could be skipped before this fix.
However, as far as I know, there is no report associated with it.
r308570:
The return type of is_managed() was changed from boolean_t to bool type in
r308569. Now, propagate this change further for consistency sake.
andrew [Wed, 19 Apr 2017 15:59:16 +0000 (15:59 +0000)]
MFC 313772:
Load the new sp_el0 with interrupts disabled in fork_trampoline. If an
interrupt arrives in fork_trampoline after sp_el0 was written we may then
switch to a new thread, enter userland so change this stack pointer, then
return to this code with the wrong value. This fixes this case by moving
the load of sp_el0 until after interrupts have been disabled.
andrew [Wed, 19 Apr 2017 15:46:34 +0000 (15:46 +0000)]
MFC 305355:
Explicitly include all .rodata.* sections in the kernel .rodata. This
helps link the kernel with lld as it will then put all these into a single
.rodata section.
MFC r303442, r305343: remove CONSTRUCTORS from linker scripts
r303442: remove CONSTRUCTORS from kernel linker scripts
r305343: remove CONSTRUCTORS from MIPS uboot linker script
The linker script CONSTRUCTORS keyword is only meaningful "when linking
object file formats which do not support arbitrary sections, such as
ECOFF and XCOFF"[1] and is ignored for other object file formats.
LLVM's lld does not yet accept (and ignore) CONSTRUCTORS, so just remove
CONSTRUCTORS from the linker script as it has no effect.
andrew [Wed, 19 Apr 2017 14:07:35 +0000 (14:07 +0000)]
Fix the arm64 userland building with lld:
MFC 308124:
On arm64 build the efi loader with -fPIC. Without this clang 3.9 will
generate relocation in the self relocation code.
MFC 316608:
Add -fPIC to the standalone build flags on arm64. This is needed as
loader.efi is position independend, however we were not building it as
such causing a build failure when building with lld.
MFC 315452:
Mark the EFI PE header as allocated. While ld.bfd doesn't seem to care
about not having this flag ld.lld fails to link without it.
MFC r316720
Fix defects reported by Coverity
1. Deadcode in ecore_init_cache_line_size(), qlnx_ioctl() and
qlnx_clean_filters()
2. ARRAY_VS_SINGLETON issue in qlnx_remove_all_mcast_mac() and
qlnx_update_rx_prod()
projects / FreeBSD / FreeBSD.git / log