When a DMA chain can't be loaded, set the state to STATE_INQUEUE so that
the mp[rs]_complete_command can properly fail the command.
Sponsored by: Netflix
When the mpr(4) and mps(4) drivers probe a SATA device, they issue an
ATA Identify command (via mp{s,r}sas_get_sata_identify()) before the
target is fully setup in the driver. The drivers wait for completion of
the identify command, and have a 5 second timeout. If the timeout
fires, the command is marked with the SATA_ID_TIMEOUT flag so it can be
freed later.
That is where the use-after-free problem comes in. Once the ATA
Identify times out, the driver sends a target reset, and then frees any
identify commands that have timed out. But, once the target reset
completes, commands that were queued to the drive are returned to the
driver by the controller.
At that point, the driver (in mp{s,r}_intr_locked()) looks up the
command descriptor for that particular SMID, marks it CM_STATE_BUSY and
sends it on for completion handling.
The problem at this stage is that the command has already been freed,
and put on the free queue, so its state is CM_STATE_FREE. If INVARIANTS
are turned on, we get a panic as soon as this command is allocated,
because its state is no longer CM_STATE_FREE, but rather CM_STATE_BUSY.
So, the solution is to not free ATA Identify commands that get stuck
until they actually return from the controller. Hopefully this works
correctly on older firmware versions. If not, it could result in
commands hanging around indefinitely. But, the alternative is a
use-after-free panic or assertion (in the INVARIANTS case).
This also tightens up the state transitions between CM_STATE_FREE,
CM_STATE_BUSY and CM_STATE_INQUEUE, so that the state transitions happen
once, and we have assertions to make sure that commands are in the
correct state before transitioning to the next state. Also, for each
state assertion, we print out the current state of the command if it is
incorrect.
mp{s,r}.c: Add a new sysctl variable, dump_reqs_alltypes,
that controls the behavior of the dump_reqs sysctl.
If dump_reqs_alltypes is non-zero, it will dump
all commands, not just the commands that are in the
CM_STATE_INQUEUE state. (You can see the commands
that are in the queue by using mp{s,r}util debug
dumpreqs.)
Make sure that the INQUEUE -> BUSY state transition
happens in one place, the mp{s,r}_complete_command
routine.
mp{s,r}_sas.c: Make sure we print the current command type in
command state assertions.
mp{s,r}_sas_lsi.c:
Add a new completion handler,
mp{s,r}sas_ata_id_complete. This completion
handler will free data allocated for an ATA
Identify command and free the command structure.
In mp{s,r}_ata_id_timeout, do not set the command
state to CM_STATE_BUSY. The command is still in
queue in the controller. Since we were blocking
waiting for this command to complete, there was
no completion handler previously. Set the
completion handler, so that whenever the command
does come back, it will get freed properly.
Do not free ATA Identify commands that have timed
out in mp{s,r}sas_add_device(). Wait for them
to actually come back from the controller.
mp{s,r}var.h: Add a dump_reqs_alltypes variable for the new
dump_reqs_alltypes sysctl.
Make sure we print the current state for state
transition asserts.
This was tested in the Spectra Logic test bed (as described in the
review), as well Netflix's Open Connect fleet (where panics dropped from
a dozen or two a month to zero).
Reviewed by: imp@ (who is handling the commit with ken's OK)
Sponsored by: Spectra Logic
Differential Revision: https://reviews.freebsd.org/D25476
Use the accessor function to get the softc for this sim. This also drops
an unneeded cast.
Sponsored by: Netflix
Reviewed by: mav@, hselasky@
Differential Revision: https://reviews.freebsd.org/D30360
I missed adding these to the libc++ Makefile, when importing
llvm-project 11.0.0-rc1, even though they were supplied by upstream.
While here, update OptionalObsoleteFiles.inc to add these new headers,
and cleanup old cruft.
Reported by: yuri
Submitted by: jkim (Makefile diff)
PR: 255374
MFC after: 3 days
if (sb == NULL) { ... sb->s_error } is going to be a bad time. Return
ENOMEM when we cannot allocate an sbuf for the sysctl rather than
dereferencing the NULL pointer just returned.
Reviewed by: manu@, allanjude@
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D30373
The need for !! over (bool) pre-dates gcc 4.2, so go with the patch
as-submitted because the kernel tends to prefer that.
Suggested by: emaste@
Sponsored by: Netflix
Boot environment datasets that contain spaces are not bootable.
When a user attempts to create a boot environment with a space, abort
the creation and print an error message.
PR: 254441
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D30194
The killstate:match test starts nc as a background process. There was no
guarantee that the nc process would have connected by the time we check
for states, so this test occasionally failed without good reason.
Teach the test to wait for at least some states to turn up before
executing the critical checks.
MFC after: 3 days
Sponsored by: Rubicon Communications, LLC ("Netgate")
Test dummynet pipes (i.e. bandwidth limitation) with ipfw. This is put
in the common tests because we hope to add dummynet support to pf in the
near future.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30380
There's no need to check pointers for NULL before free()ing them.
No functional change.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30382
These are global (i.e. shared across vnets) structures, so we need
global lock to protect them. However, we look up entries in these lists
(find_aqm_type(), find_sched_type()) and return them. We must ensure
that the returned structures cannot go away while we are using them.
Resolve this by using NET_EPOCH(). The structures can be safely accessed
under it, and we postpone their cleanup until we're sure they're no
longer used.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D30381
This moves dn_cfg and other parameters into per VNET variables.
The taskqueue and control state remains global.
Reviewed by: kp
Differential Revision: https://reviews.freebsd.org/D29274
Currently, mmc_fdt_gpio_get_{present,readonly} return all time true.
true ^ 100b = true
false ^ 100b = true
since that's done after promotion to integers. Use !! to convert
the bit to a bool before xor.
Reviewed by: imp@ (converted to (bool) to !! for portability)
Pull Request: https://github.com/freebsd/freebsd-src/pull/461
The segfault was being hit in ckfini() (sbin/fsck_ffs/fsutil.c) while
attempting to traverse the buffer cache. The tail queue used for the
buffer cache was not initialized before dropping into gjournal_check().
Initialize the buffer cache before calling gjournal_check().
PR: 245907
Reviewed by: jhb, mckusick
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D30537
Update mmc_switch_status to ignore a few CRC errrors when asking for the
card status after setting the new rate with CMD6. Since the card may
take a little while to make the switch, it's possible we'll get a
communications error if we sent the command at the wrong time. Several
low end laptops needs this workaround as they have a window that seems
longer than other systems. This is known to fix at least the Acer Aspire
A114-32-P7E5.
Reviewed by: imp@, manu@
Differential Revision: https://reviews.freebsd.org/D24740
Incorrectly linked built-in wpa functions resulted in overwriting
sm->ctx->set_rekey_offload with garbage. It was initialized correctly
however it changed after wpa_supplicant became a daemon.
No SIGBUS violations reported by dhw@ were experienced during testing
of the original commit by msyelf or philip@.
Reported by: dhw
Tested by: dhw
MFC after: 2 months
X-MFC with: 25ecdc7d52
Previously it appeared only as "main" in places like GitHub's list
of checks run as part of a pull request.
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Without this patch, nfsd_checkrootexp() returns failure
and then the NFSv4 operation would reply NFSERR_WRONGSEC.
RFC5661 Sec. 2.6 only allows a few NFSv4 operations, none
of which call nfsv4_checktootexp(), to return NFSERR_WRONGSEC.
This patch modifies nfsd_checkrootexp() to return the
error instead of a boolean and sets the returned error to an RPC
layer AUTH_ERR, as discussed on nfsv4@ietf.org.
The patch also fixes nfsd_errmap() so that the pseudo
error NFSERR_AUTHERR is handled correctly such that an RPC layer
AUTH_ERR is replied to the NFSv4 client.
The two new "enum auth_stat" values have not yet been assigned
by IANA, but are the expected next two values.
The effect on extant NFSv4 clients of this change appears
limited to reporting a different failure error when a
mount that does not use adequate security is attempted.
MFC after: 2 weeks
Commit 49c894ddce introduced an issue that prevented pseries boot,
when hugepages were not available to the guest. Now large page
info must be available before moea64_install is called, so this change
moves the code that scans large page sizes before the call.
Reviewed by: jhibbits (IRC)
Sponsored by: Instituto de Pesquisas Eldorado (eldorado.org.br)
This allows to boot out of the box on the RPI COmpute Module 3 with 32G
of eMMC.
Tested by: imp confirmed .dtb is in the rpi-firmware pkg
Reviewed by: gjb@, imp@
Pull Request: https://github.com/freebsd/freebsd-src/pull/452
Sponsored by: Netflix
The default is to create a zroot that consumes the whole disk because if
used with geli(8) this makes sense.
Without geli(8), I like to keep my data pool separate from my system
pool.
This is different than ZFSBOOT_BOOT_POOL_SIZE which is named bootpool.
Reviewed by: allenjude
Pull Request: https://github.com/freebsd/freebsd-src/pull/53
Differential Revision: https://reviews.freebsd.org/D30588
OBJS are automatically added to CLEANFILES. For pre-built objects, this
is not desirable since it will delete the object from the source
tree. Introduce EXTRA_OBJS which list these object files, but aren't
added to clean files.
Sponsored by: Netflix
Reviewed by: emaste@
Differential Revision: https://reviews.freebsd.org/D30615
Also improve temporary file usage in 200.accounting, add an xref to
zstd(1) to newsyslog.conf.5, and clarify in periodic.conf that
"daily accounting" means process accounting and "monthly accounting"
is login accounting.
PR: 253868
Reviewed by: allanjude
Approved by: blackend (mentor)
Differential Revision: https://reviews.freebsd.org/D29267
ca1ce50b2b ("vfs: add more safety against concurrent forced
unmount to vn_write") has a side effect of only checking MNT_SYNCHRONOUS
if O_FSYNC is set.
Reviewed By: mjg
Differential Revision: https://reviews.freebsd.org/D30610
The KCSAN_ENABLED variable is non-empty when the kernel is being built
with KCSAN. This allows us to disable modules that are known to be
broken.
There was a bug where we would check if it was defined. As this is
always the case the KCSAN_ENABLED variable would be set when building
modules so we would never build such a module. Fix this by checking
if the value is empty before passing it on to the module stage.
This doesn't affect how modules are built as the CFLAGS passed to
modules has the correct check.
Reported by: rstone
Sponsored by: Innovate UK
It exist on all ARMv8+ CPUs, and other boot loaders rely on it being
present.
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D30410
This patch adds the necessary methods resolution to the sdhci_xenon
driver which are required to configure UHS modes for SD/MMC devices.
Apart from the two generic routines, the custom sdhci_xenon_set_uhs_timing
function is responsible for setting the SDHCI_HOST_CONTROL2 register
with appropriate mode select values - in case of HS200 and HS400
they are non-standard.
Reviewed by: manu
Obtained from: Semihalf
Sponsored by: Marvell
Differential Revision: https://reviews.freebsd.org/D30565
MFC after: 2 weeks
Improve the VCCQ voltage switch, so that to properly
handle the SDHCI_HOST_CONTROL2 register signaling
flags and along with manipulating the regulator.
Reviewed by: manu
Obtained from: Semihalf
Sponsored by: Marvell
Differential Revision: https://reviews.freebsd.org/D30564
MFC after: 2 weeks
Until now the "no-1-8-v" DT flag wrongly disabled the SDHCI_CAN_VDD_180
- slot 1.8V power supply capability, whereas it refers to the signaling
voltage. Fix the sdhci_xenon_read_4 and allow to disable the UHS modes
depending on the DT property or PHY slow mode. While at it - make sure
the unsupported 1.2V signaling is always disabled and not reported
in the bootverbose log.
Reviewed by: manu
Obtained from: Semihalf
Sponsored by: Marvell
Differential Revision: https://reviews.freebsd.org/D30563
MFC after: 2 weeks
The mmc_fdt_parse allows to parse more MMC-related
FDT properties. Start using it. "wp-inverted" property,
VQMMC and newly added VMMC power supply parsing
is now done in a generic code.
Reviewed by: manu
Obtained from: Semihalf
Sponsored by: Marvell
Differential Revision: https://reviews.freebsd.org/D30562
MFC after: 2 weeks
With this change the host controller drivers can set the MMC capabilities
(e.g. using mmc_fdt_parse() helper) before calling sdhci_init_slot().
This way the configuration dump (eg. in bootverbose) can include the
possible additional information.
Reviewed by: manu
Obtained from: Semihalf
Sponsored by: Marvell
Differential Revision: https://reviews.freebsd.org/D30561
MFC after: 2 weeks
