be dropped when it has an unusual traffic pattern. For full details
as well as a test case that demonstrates the failure, see the
referenced PR.
Under certain circumstances involving the persist state, it is
possible for the receive side's tp->rcv_nxt to advance beyond its
tp->rcv_adv. This causes (tp->rcv_adv - tp->rcv_nxt) to become
negative. However, in the code affected by this fix, that difference
was interpreted as an unsigned number by max(). Since it was
negative, it was taken as a huge unsigned number. The effect was
to cause the receiver to believe that its receive window had negative
size, thereby rejecting all received segments including ACKs. As
the test case shows, this led to fruitless retransmissions and
eventually to a dropped connection. Even connections using the
loopback interface could be dropped. The fix substitutes the signed
imax() for the unsigned max() function.
PR: closes kern/3998
Reviewed by: davidg, fenner, wollman
because there was no non-inline spl0() to call.
Don't frob intr_nesting_level in idle() or cpu_switch(). Interrupts
are mostly disabled then, so the frobbing had little effect.
is defined, or SMP is defined. It is silly to configure PERFMON when
it can't work (it will be disabled at runtime), but I like to leave
the PERFMON configuration alone when I temporarily disable support for
modern CPUs to run regression tests.
Removed an unused #include.
- Added the psm options PSM_HOOKAPM and PSM_RESETAFTERSUSPEND.
LINT:
- Added the psm options PSM_HOOKAPM and PSM_RESETAFTERSUSPEND.
- Added comments on the flag 0x20 for syscons.
- Clarified descriptions on the flags (0x02, 0x04) regarding the cursor
shape in syscons.
cursor (CHAR_CURSOR)
1. Reduced the number of calls to set_destructive_cursor(). The
destructive cursor produced noticeable overhead on the system. It was
caused by draw_cursor_image() calling set_destructive_cursor() every
so often.
set_destructive_cursor() absolutely needs to be called when
a) the character code under the cursor has changed either because
the cursor moved or because the screen was updated or the mouse
pointer overlapped the cursor.
b) Or a new font has been loaded,
c) or the video mode has been changed,
d) or the cursor shape has been changed,
e) or the user switched virtual consoles.
2. Turn off the configuration flag CHAR_CURSOR (destructive cursor) in
scattach() if we have a non-VGA card. The destructive cursor works
only for VGA.
3. Removed redundant calls to set_destructive_cursor() in some places.
4. Fixed the "disappearing mouse pointer" problem. The mouse pointer
looked hidden under the destructive cursor when it overlaped the cursor.
A slightly different version of the patch was reviewd and OKed by
sos and ache.
If the configuration option PSM_HOOKAPM is defined and the APM device
is available, the psm driver will issue the ENABLE command to the
pointing device at the resume APM event if the device was open when
the system went into suspended mode. If the option
PSM_RESETAFTERSUSPEND is specified in addition to PSM_HOOKAPM, the
driver will try to reset the pointing device before sending the
ENABLE command.
Built-in PS/2-type pointing devices in some laptops (all the reports I
heard were about Toshiba models) sometimes don't work immediately
after the system is resumed. The device MAY become available after a
while. The system may exhibit the same symptom in other OS's too
(no, FreeBSD is not the only OS that is suffering :-).
I don't know the correct way of solving this yet, but it's been
reported that issuing the ENABLE command after resumption wakes up the
pointing device.
Without PSM_HOOKAPM, the psm driver behaves in the same way as before.
Problem reported in the bsd-nomads mailing list in Japan.
fix stopped it being used in all cases, because substitution on unset
variables does not work.
When profiling, put -malign-functions=4 in CFLAGS instead of in PROF.
This fixes the histogram counts for profiling support functions. It
gives bogus but harmless extra alignment for genassym etc.
Add a new configuration flag, KBD_NORESET (0x20) to tell scprobe() not
to reset the keyboard.
IBM ThinkPad 535 has the `Fn' key with which the user can perform
certain functions in conjunction with other keys. For example, `Fn' +
PageUP/PageDOWN adjust speaker volume, `Fn' + Home/End change
brightness of LCD screen. It can also be used to suspend the system.
It appears that these functions are implemented at the keyboard level
or the keyboard controller level and totally independent from BIOS or
OS. But, if the keyboard is reset (as is done in scprobe()), they
become unavailable. (There are other laptops which have similar
functions associated with the `Fn' key. But, they aren't affected by
keyboard reset.)
ThinkPad 535 doesn't have switches or buttons to adjust brightness and
volume, or to put the system into the suspend mode. Therefore, it is
essential to preserve these `Fn' key functions in FreeBSD. The new
flag make scprobe() skip keyboard reset.
If this flag is not set, scprobe() behaves in the same say as before.
(If we only knew a way to detect ThinkPad 535, we could skip keyboard
reset automatically, but...)
- added Xcpustop IPI code to support stop_cpus()/restart_cpus().
it is off by default, enable via smptests.h:TEST_CPUSTOP
intr_machdep.h:
- moved +ICULEN to lower level.
- added entry for Xcpustop.
General cleanup.
New functions to stop/start CPUs via IPIs:
- int stop_cpus( u_int map );
- int restart_cpus( u_int map );
Turned off by default, enabled via smptests.h:TEST_CPUSTOP.
Current version has a BUG, perhaps a deadlock?
This variable is a bitmap showing all CPUs present EXCEPT the CPU
owning the variable. In other words, it is equal to the global bitmap
'all_cpus' minus its own bit.
Till now NMIs would be ignored. Now an NMI is caught by the BSP.
APs still ignore NMI, am working on code to allow a CPU to stop other CPUs
via an IPI.
code that says this:
nfsm_request(vp, NFSPROC_FSSTAT, p, cred);
if (v3)
nfsm_postop_attr(vp, retattr);
if (!error)
nfsm_dissect(sfp, struct nfs_statfs *, NFSX_STATFS(v3));
The problem here is that if error != 0, nfsm_dissect() will not be
called, which leaves sfp == NULL. But nfs_statfs() does not bail out
at this point: it continues processing until it tries to dereference
sfp, which causes a panic. I was able to generate this crash under
the following conditions:
1) Set up a machine as an NFS server and NFS client, with amd running
(using NIS maps). /usr/local is exported, though any exported fs
can can be used to trigger the bug.
2) Log in as normal user, with home directory mounted from a SunOS 4.1.3
NFS server via amd (along with a few other NFS filesystems from same
machine).
3) Su to root and type the following:
# mount localhost:/usr/local /mnt
# df
To fix the panic, I changed the code to read:
if (!error) {
nfsm_dissect(sfp, struct nfs_statfs *, NFSX_STATFS(v3));
} else
goto nfsmout;
This is a bit kludgy in that nfsmout is a label defined by the nfsm_subs.h
macros, but these macros are themselves more than a little kludgy. This
stops the machine from crashing, but does not fix the overall bug: 'error'
somehow becomes 5 (EIO) when a statfs() is performed on the locally mounted
NFS filesystem. This seems to only happen the first time the filesystem
is accesed: on subsequent accesses, it seems to work fine again.
Now, I know there's no practical use in mounting a local filesystem
via NFS, but doing it shouldn't cause the system to melt down.
Specifically, don't allow a value < 1 for any of them (it doesn't make
sense), and don't let the low water mark be greater than the corresponding
high water mark.
Pre-Approved by: wollman
Obtained from: NetBSD