dim [Tue, 5 Feb 2013 19:10:50 +0000 (19:10 +0000)]
MFC r246028 (by theraven):
Fix some symbol version mismatches between libstdc++ and libsupc++/libcxxrt
that were causing the runtime and STL libraries to see different versions of
various classes and functions when libstdc++ is used as a filter.
Note: This changes the ABI for libcxxrt, but libcxxrt is currently only in
-STABLE for testing and is not used by anything unless explicitly enabled by
the end user. No default compiler configurations use it.
libc++ will need to be recompiled after this change. make buildworld will do
this automatically, but make in lib/libc++ will not necessarily work unless the
new libcxxrt is installed first.
PR: kern/171610, stand/175453
Reviewed by: kib
MFC r246297:
Add several missing symbols to libcxxrt's symbol version map, and remove
a few duplicates. This should fix building world with -stdlib=libc++
after r246028.
delphij [Tue, 5 Feb 2013 09:53:32 +0000 (09:53 +0000)]
MFC r243779 (marcel):
Protect against DoS attacks, such as being described in CVE-2010-2632.
The changes were derived from what has been committed to NetBSD, with
modifications. These are:
1. Preserve the existsing GLOB_LIMIT behaviour by including the number
of matches to the set of parameters to limit.
2. Change some of the limits to avoid impacting normal use cases:
GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3)
can still provide a full command line of expanded names.
GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than
that 128 feels too low (it's not a limit that impacts the
behaviour of the test program listed in CVE-2010-2632).
GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can
still provide a fill command line of expanded names.
3. Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or
GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in
those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we
would otherwise overrun the buffer.
This change also modifies the existing behaviour of glob(3) in case
GLOB_LIMIT is specifies by limiting the *new* matches and not all
matches. This is an important distinction when GLOB_APPEND is set or
when the caller uses a non-zero gl_offs. Previously pre-existing
matches or the value of gl_offs would be counted in the number of
matches even though the man page states that glob(3) would return
GLOB_NOSPACE when gl_matchc or more matches were found.
The limits that cannot be circumvented are GLOB_LIMIT_STRING and
GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3)
again and with GLOB_APPEND set.
The entire description above applies only when GLOB_LIMIT has been
specified of course. No limits apply when this flag isn't set!
delphij [Tue, 5 Feb 2013 09:50:33 +0000 (09:50 +0000)]
MFC r243758 (marcel):
In globextend() when the pathv vector cannot be (re-)allocated, don't
free and clear the gl_pathv pointer in the glob_t structure. Such
breaks the invariant of the glob_t structure, as stated in the comment
right in front of the globextend() function. If gl_pathv was non-NULL,
then gl_pathc was > 0. Making gl_pathv a NULL pointer without also
setting gl_pathc to 0 is wrong.
Since we otherwise don't free the memory associated with a glob_t in
error cases, it's unlikely that this change will cause a memory leak
that wasn't already there to begin with. Callers of glob(3) must
call globfree(3) irrespective of whether glob(3) returned an error
or not.
MFC r243759 (marcel):
In globextend(), take advantage of the fact that realloc(NULL, size) is
equivalent to malloc(size). This eliminates the conditional expression
used for calling either realloc() or malloc() when realloc() will do
all the time.
dchagin [Sun, 3 Feb 2013 18:14:37 +0000 (18:14 +0000)]
MFC r235063 (by netchild@):
- >500 static DTrace probes for the linuxulator
- DTrace scripts to check for errors, performance, ...
they serve mostly as examples of what you can do with the static probes
with moderate load the scripts may be overwhelmed, excessive lock-tracing
may influence program behavior (see the last design decission)
Design decissions:
- use "linuxulator" as the provider for the native bitsize; add the
bitsize for the non-native emulation (e.g. "linuxuator32" on amd64)
- Add probes only for locks which are acquired in one function and released
in another function. Locks which are aquired and released in the same
function should be easy to pair in the code, inter-function
locking is more easy to verify in DTrace.
- Probes for locks should be fired after locking and before releasing to
prevent races (to provide data/function stability in DTrace, see the
man-page of "dtrace -v ..." and the corresponding DTrace docs).
Manual merge futex part of r227293 (by ed@):
Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
trasz [Sun, 3 Feb 2013 12:17:49 +0000 (12:17 +0000)]
MFC r242379:
Fix problem with geom_label(4) not recognizing UFS labels on filesystems
extended using growfs(8). The problem here is that geom_label checks if
the filesystem size recorded in UFS superblock is equal to the provider
(i.e. device) size. This check cannot be removed due to backward
compatibility. On the other hand, in most cases growfs(8) cannot set
fs_size in the superblock to match the provider size, because, differently
from newfs(8), it cannot recompute cylinder group sizes.
To fix this problem, add another superblock field, fs_providersize, used
only for this purpose. The geom_label(4) will attach if either fs_size
(filesystem created with newfs(8)) or fs_providersize (filesystem expanded
using growfs(8)) matches the device size.
PR: kern/165962
Reviewed by: mckusick
Sponsored by: FreeBSD Foundation
eadler [Sat, 2 Feb 2013 23:22:27 +0000 (23:22 +0000)]
MFC r244122:
Remove 'dangerous' instructions from the example make.conf.
Clarify when and why these might be used and that this isn't a supported
configuration.
dim [Sat, 2 Feb 2013 12:08:28 +0000 (12:08 +0000)]
MFC r246131:
Fix a problem introduced in r231057: in bsd.own.mk, move the test for
whether clang is enabled to just after the last place where it could
have been forced to "no".
delphij [Fri, 1 Feb 2013 07:36:22 +0000 (07:36 +0000)]
MFC r244568:
- Reduce buffer size from LINE_MAX to PATH_MAX, there is no point to store
path longer than this.
- Fix an unreached case of check against sizeof buf, which in turn leads
to an off-by-one nul byte write on the stack. The original condition
can never be satisfied because the passed boundary is the maximum value
that can be returned, so code was harmless.
delphij [Fri, 1 Feb 2013 00:32:01 +0000 (00:32 +0000)]
MFC r245613:
Make it possible to force async at server side on new NFS server, similar
to the old one's nfs.nfsrv.async.
Please note that by enabling this option (default is disabled), the system
could potentionally have silent data corruption if the server crashes
before write is committed to non-volatile storage, as the client side have
no way to tell if the data is already written.
mav [Thu, 31 Jan 2013 22:30:23 +0000 (22:30 +0000)]
MFC r245423, r245425, r245433:
- Print some more metadata fields.
- Small cosmetic tuning of the IRRT status constants.
- Keep value of orig_config_id metadata field. Windows driver writes there
previous value of config_id when it is changed in some cases. I guess it
may be used do avoid some split-brain conditions.
mav [Thu, 31 Jan 2013 22:26:48 +0000 (22:26 +0000)]
MFC r245400:
Windows driver writes relative volume IDs to metadata field. Use that value
as a hint for raid/rX device number to make it persistent across reboots.
mav [Thu, 31 Jan 2013 22:24:05 +0000 (22:24 +0000)]
MFC r245398:
- Add checks for Intel metadata version and attributes. Ignore disks with
unsupported metadata types like Intel Smart Response to not corrupt them.
- Improve setting of these things during metadata writing to protect from
incapable BIOS'es and other implementations.
mav [Thu, 31 Jan 2013 22:21:39 +0000 (22:21 +0000)]
MFC r245363:
Improve support for disabled disks. If disabled disk disconnected and then
reconnected back, leave it as disabled. If new disk inserted instead of
disabled, rebuild it and leave as enabled.
mav [Thu, 31 Jan 2013 22:18:40 +0000 (22:18 +0000)]
MFC r245341:
Windows handles INIT and VERIFY as array-wide and it doesn't specify which
disks should be rebuilt. Our rebuild code is same time disk-centric. To
handle this situation properly check all disks for RBLD flags, and if no
disk specified try rebuild/resync all of them except newly inserted.
mav [Thu, 31 Jan 2013 22:15:47 +0000 (22:15 +0000)]
MFC r245338:
Implement migration from single disk to RAID1/IRRT for Intel metadata.
Windows driver uses such migration when it creates new arrays. While GEOM
RAID has no mechanism to implement migration in general case, this specifc
case still can be handled easily via degraded RAID1 creation followed by
regular rebuild.
mav [Thu, 31 Jan 2013 22:12:25 +0000 (22:12 +0000)]
MFC r245326:
Add basic support for Intel Rapid Recover Technology (Intel RRT).
It is alike to RAID1, but with dedicating master and recovery disks and
providing manual control over synchronization. It allows to use recovery
disk as snapshot of the master disk from the time of the last sync.
This implementation is not functionaly complete comparing to Windows,
but it is better then silent conversion to RAID1 on first boot.
mav [Thu, 31 Jan 2013 21:24:38 +0000 (21:24 +0000)]
MFC r245519:
Recalculate volume size only for real CONCATs. For SINGLE trust volume
size given by metadata, as it should be correct and in some cases can be
smaller then subdisk size.
sbruno [Thu, 31 Jan 2013 19:24:33 +0000 (19:24 +0000)]
MFC r245459
Satisfy the intent of kern/151564: [ciss] ciss(4) should increase
CISS_MAX_LOGICAL to 107
Submitter wanted to increase the number of logical disks supported by ciss(4)
by simply raising the CISS_MAX_LOGICAL value even higher. Instead, consult
the documentation for the raid controller (OPENCISS) and poke the controller
bits to ask it for how many logical/physical disks it can handle.
Revert svn R242089 that raised CISS_MAX_LOGICAL to 64 for all controllers.
For older controllers that don't support this mechanism, fallback to the old
value of 16 logical disks. Tested on P420, P410, P400 and 6i model ciss(4)
controllers.
This should will be MFC'd back to stable/9 stable/8 and stable/7 after the MFC
period.
mav [Tue, 29 Jan 2013 17:45:05 +0000 (17:45 +0000)]
MFC r245444:
Alike to r242314 for GRAID make GRAID3 more aggressive in marking volumes
as clean on shutdown and move that action from shutdown_pre_sync stage to
shutdown_post_sync to avoid extra flapping.
ZFS tends to not close devices on shutdown, that doesn't allow GEOM RAID3
to shutdown gracefully. To handle that, mark volume as clean just when
shutdown time comes and there are no active writes.
mav [Tue, 29 Jan 2013 17:20:49 +0000 (17:20 +0000)]
MFC r245443:
Alike to r242314 for GRAID make GMIRROR more aggressive in marking volumes
as clean on shutdown and move that action from shutdown_pre_sync stage to
shutdown_post_sync to avoid extra flapping.
ZFS tends to not close devices on shutdown, that doesn't allow GEOM MIRROR
to shutdown gracefully. To handle that, mark volume as clean just when
shutdown time comes and there are no active writes.
pfg [Tue, 29 Jan 2013 01:44:13 +0000 (01:44 +0000)]
MFC r245820, r245844, r245950:
ext2fs: make some inode fields match the ext2 spec.
Ext2fs uses unsigned fields in its dinode struct.
FreeBSD can have negative values in some of those
fields and the inode is meant to interact with the
system so we have never respected the unsigned
nature of most of those fields.
Block numbers and the generation number do
not need to be signed so redefine them as
unsigned to better match the on-disk information.
Include some fixes proposed by bde@.
While here add a lot of svn mergeinfo that was missing
in /sys:
imp [Mon, 28 Jan 2013 23:16:47 +0000 (23:16 +0000)]
MFC: r245314 and r245315:
r245315 | imp | 2013-01-11 14:42:23 -0700 (Fri, 11 Jan 2013) | 4 lines
Pass the device_t into atkbd_{probe,attach}_unit and get the
controller unit and keyboard unit from there. It will be needed
for other things in the future as well...
imp [Mon, 28 Jan 2013 22:50:54 +0000 (22:50 +0000)]
Add notes for breakage points for traditional building of the kernel
as a guide to others. buildkernel, etc was not broken at these points,
so document that as well.
marius [Mon, 28 Jan 2013 00:31:32 +0000 (00:31 +0000)]
MFC: r245923
- Check the return value of taskqueue_start_threads().
- At least the Saturn chips of 501-6738 cards need a delay after freezing
the external GMII pins before the internal PHY is accessible again. So
wait a bit after (un)freezing these. Also don't touch the other bits of
that configuration register. [1]
- Take advantage of nitems().
marius [Sun, 27 Jan 2013 23:21:47 +0000 (23:21 +0000)]
MFC: r245850
Revert the part of r239864 (MFC'ed to stable/9 in r241681) which removed
obtaining the SMP mutex around reading registers from other CPUs. As it
turns out, the hardware doesn't really like concurrent IPI'ing causing
adverse effects. Also the thought deadlock when using this spin lock here
and the targeted CPU(s) are also holding or in case of nested locks can't
actually happen. This is due to the fact that on sparc64, spinlock_enter()
only raises the PIL but doesn't disable interrupts completely. Thus direct
cross calls as used for the register reading (and all other MD IPI needs)
still will be executed by the targeted CPU(s) in that case.
marius [Sun, 27 Jan 2013 23:02:33 +0000 (23:02 +0000)]
MFC: r244991
- Replace partially incorrect function names in panic(9) strings with
__func__ and add some missing ones.
- Remove a stale comment.
- Remove unused NUM_ELEMENTS macro.
- Remove extra empty lines.
- Use DEVMETHOD_END.
- Use NULL rather than 0 for pointers.
marius [Sun, 27 Jan 2013 22:59:59 +0000 (22:59 +0000)]
MFC: r244990
- Fix !SMP build.
- Replace incorrect function names in printf(9) strings with __func__.
- Make xctrl_shutdown_reasons table const.
- Use nitems() rather than rolling an own version.
- Use DEVMETHOD_END.
- Use NULL rather than 0 for pointers.
marius [Sun, 27 Jan 2013 17:38:29 +0000 (17:38 +0000)]
Revert r237842 (MFC'ed to stable/9 in r238012) and switch back to
SCHED_ULE. All problems I encountered with the latter have been
fixed with r241780 (MFC'ed to stable/9 in r245981).
marius [Sun, 27 Jan 2013 16:49:11 +0000 (16:49 +0000)]
MFC: 241780
- Give PIL_PREEMPT the lowest priority just above low/stray interrupts.
The reason for this is that the SPARC v9 architecture allows nested
interrupts of higher priority/level than that of the current interrupt
to occur (and we can't just entirely bypass this model, also, at least
for tick interrupts, this also wouldn't be wise). However, when a
preemption interrupt interrupts another interrupt of lower priority,
f.e. PIL_ITHREAD, and that one in turn is nested by a third interrupt,
f.e. PIL_TICK, with SCHED_ULE the execution of interrupts higher than
PIL_PREEMPT may be migrated to another CPU. In particular, tl1_ret(),
which is responsible for restoring the state of the CPU prior to entry
to the interrupt based on the (also migrated) trap frame, then is run
on a CPU which actually didn't receive the interrupt in question,
causing an inappropriate processor interrupt level to be "restored".
In turn, this causes interrupts of the first level, i.e. PIL_ITHREAD
in the above scenario, to be blocked on the target of the migration
until the correct PIL happens to be restored again on that CPU again.
Making PIL_PREEMPT the lowest real priority, this effectively prevents
this scenario from happening, as preemption interrupts no longer can
interrupt any other interrupt besides stray ones (which is no issue).
Thanks to attilio@ and especially mav@ for helping me to understand
this problem at the 201208DevSummit.
- Give PIL_STOP (which is also used for IPI_STOP_HARD, given that there's
no real equivalent to NMIs on SPARC v9) the highest possible priority
just below the hardwired PIL_TICK, so it has a chance to interrupt
more things.
delphij [Sat, 26 Jan 2013 05:20:09 +0000 (05:20 +0000)]
MFC r245768:
- Don't include date and time the driver is built, this is useful for
generating binary diffs.
- Constify a few strings used in the driver.
- Style changes to make the driver compile with default clang settings.
yongari [Thu, 24 Jan 2013 02:19:38 +0000 (02:19 +0000)]
MFC r244482:
Recognize 5720S PHY and treat it as 5708S PHY.
Unfortunately 5720S uses 5709S PHY id so add a hack to detect 5720S
PHY by checking parent device name. 5720S PHY does not support 2500SX.
gjb [Thu, 24 Jan 2013 01:40:47 +0000 (01:40 +0000)]
MFC r240252, r241541, r241543, r245756:
r240252: (eadler)
- Remove documentation and www cvsup files as they are no longer
useful with the switch to subversion.
r241541: (joel)
- Minor mdoc improvements. Also remove unnecessary csup reference.
r241543: (eadler)
- Bump .Dd
r245756:
- Mark SUP_UPDATE as deprecated in make.conf(5), providing
instructions to use SVN_UPDATE or freebsd-update(8).
- While here, remove bogus NO_WWWUPDATE.
mav [Tue, 22 Jan 2013 17:06:42 +0000 (17:06 +0000)]
MFC r244146:
Add IDs for SATA controllers on AMD Hudson-2 series chipsets.
I am not exactly sure about the naming due to lack of specs on AMD site,
but it is better to have some identification then none at all.
mav [Tue, 22 Jan 2013 17:05:26 +0000 (17:05 +0000)]
MFC r241402:
Add checks for ata_sata_scr_read() return statuses. It is mostly to silence
Clang Static Analyzer warnings as errors there are usually unlikely.
scottl [Tue, 22 Jan 2013 07:40:38 +0000 (07:40 +0000)]
MFC r243018:
- Fix a truncation bug with softdep journaling that could leak blocks on
crash. When truncating a file that never made it to disk we use the
canceled allocation dependencies to hold the journal records until
the truncation completes. Previously allocdirect dependencies on
the id_bufwait list were not considered and their journal space
could expire before the bitmaps were written. Cancel them and attach
them to the freeblks as we do for other allocdirects.
- Add KTR traces that were used to debug this problem.
- When adding jsegdeps, always use jwork_insert() so we don't have more
than one segdep on a given jwork list.
scottl [Tue, 22 Jan 2013 07:38:43 +0000 (07:38 +0000)]
MFC r243017:
- blk_equals() is too strict. If the journal entry defines more frags
than we're claiming it should still be considered an exact match. This
would previously leak frags that had been extended.
- If there is a sequence number problem in the journal print the sequence
numbers we've seen so far for debugging.
- Clean up the block mask related debuging printfs. Some are redundant.
scottl [Tue, 22 Jan 2013 07:22:58 +0000 (07:22 +0000)]
MFC r242924:
- Fix a bug that has existed since the original softdep implementation.
When a background copy of a cg is written we complete any work associated
with that bmsafemap. If new work has been added to the non-background
copy of the buffer it will be completed before the next write happens.
The solution is to do the rollbacks when we make the copy so only those
dependencies that were present at the time of writing will be completed
when the background write completes. This would've resulted in various
bitmap related corruptions and panics. It also would've expired journal
entries early causing journal replay to miss some records.
scottl [Tue, 22 Jan 2013 07:18:33 +0000 (07:18 +0000)]
MFC r242734, 242815:
- Implement BIO_FLUSH support around journal entries. This will not 100%
solve power loss problems with dishonest write caches. However, it
should improve the situation and force a full fsck when it is unable
to resolve with the journal.
- Resolve a case where the journal could wrap in an unsafe way causing
us to prematurely lose journal entries in very specific scenarios.
- Correct rev 242734, segments can sometimes get stuck. Be a bit more
defensive with segment state.
scottl [Tue, 22 Jan 2013 07:10:26 +0000 (07:10 +0000)]
MFC r242492:
- In cancel_mkdir_dotdot don't panic if the inodedep is not available. If
the previous diradd had already finished it could have been reclaimed
already. This would only happen under heavy dependency pressure.