deleted when the system is low on memory. This ought to allow an increase to
vfs.ufs.dirhash_maxmem on machines that have lots of memory, without
degrading performance by having too much memory reserved for dirhash when
other things need it. The default value for dirhash_maxmem is being kept at
2MB for now, though.
This work was mostly done during the 2008 Google Summer of Code.
Approved by: dwmalone (mentor), re
MFC after: 3 months
makes it easier for first-time users to configure and work with biba as
remote acess is still allowed. Effectively, this means that, by default,
only local security properties, not distributed ones, are enforced.
Obtained from: TrustedBSD Project
might arise from WITNESS not understanding its locking protocol, which
should be deadlock-free. Currently these warnings generally don't occur,
but as object locking is pushed into policies for some object types, they
would otherwise occur more often.
Obtained from: TrustedBSD Project
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
Reviewed by: dougb
Approved by: kib (mentor)
goal of shipping 8.0 with MAC support in the default kernel. No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.
While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.
Obtained from: TrustedBSD Project
bridge do a better job.
o move ether_ifdetach to the top of ieee80211_detach
o do not clear if_softc at the top of ieee80211_detach; we no longer need
this because we are safeguarded against calls coming back through if_ioctl
o simplify the bpf tracker now that we don't null if_softc
This also fixes an issue where having a bpf consumer active when a vap
is destroyed would cause a crash because bpf referenced free'd memory.
Reviewed by: imp
- always maintain byte/mcast/drop stats via drbr
- move #define of IFNET_BUF_RING so that its picked
up by all files in the driver
- conditionalize IFNET_BUF_RING on the FreeBSD_version
bump just after it appeared in the tree.
Sponsored by: Myricom Inc.
Some time ago Tom Rhodes sent me an email that he was willing to perform
various cleanups to the window(1) source code. After some discussion, we
both decided the best thing to do, was to move window(1) to the ports
tree. The application isn't used a lot nowadays, mainly because it has
been superseeded by screen, tmux, etc.
A couple of hours ago Tom committed window(1) to ports (misc/window), so
I'm removing it from the tree. I don't think people will really miss it,
but I'm describing the change in UPDATING anyway.
Discussed with: trhodes, pav, kib
Approved by: re
shm_dotruncate() and vnode_pager_setsize(). Specifically, if the length of
a shared memory object or a file is truncated such that the length modulo
the page size is between 1 and 511, then all of the page's dirty bits were
cleared. Now, a dirty bit is cleared only if the corresponding block is
truncated in its entirety.
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
PR: 122811
MFC after: 3 weeks
These controllers use newer descriptor format and the new descriptor
format uses status LE to indicate the status of checksum. Rx
checksummed value used in previous controllers were very cryptic
and I failed to understand how to use them. In addition most
controllers in previous generations had Rx checksum offloading bug.
While I'm here introduce a MSK_FLAG_NORX_CSUM flag to bypass
checking Rx checksum offloading as Yukon FE+ A0 has status LE bug.
this feature hardware automatically computes TCP/UDP payload
offset. Introduce MSK_FLAG_AUTOTX_CSUM to mark the capability.
Yukon Extreme B0 revision is known to have a silicon for the
feature so disable it. Yukon Extreme B0 still can do Tx checksum
offloading but CPU have to compute TCP/UDP payload offset. To
enable traditional checksum offloading, disable automatic Tx
checksum calculation capability.
Yukon Extreme A0 revision could not use store-and-forward mode for
jumbo frames(silicon bug) so disable Tx checksum offloading for
jumbo frames.
I believe controllers that have MSK_FLAG_AUTOTX_CSUM capability or
new descriptor format do not have Tx checksum offload bug so
disable checksum offloading workaround for for short frames.
Tested by: jhb, Warren Block ( wblock <> wonkity dot com )
Yukon Extreme uses new descriptor format for TSO and has Tx frame
parser which greatly reduces CPU cycles spent in computing TCP/UDP
payload offset calculation in Tx checksum offloading path. The new
descriptor format also removed TCP/UDP payload computation for TSO
which in turn results in better TSO performance. It seems Yukon
Extreme has a lot of new (unknown) features but only basic
offloading is supported at this time. So far there are two known
issues.
o Sometimes Rx overrun errors happen when pulling data over
gigabit link. Running over 100Mbps seem to ok.
o Ethernet hardware address shows all-zeroed value on 88E8070.
Assigning ethernet address with ifconfig is necessary to make it
work.
Support for Yukon Extreme is not perfect but it would be better
than having a non-working device. Special thanks to jbh who fixed
several bugs of initial patch.
Tested by: jhb, Warren Block ( wblock <> wonkity dot com )
o track # bpf taps on monitor mode vaps instead of # monitor mode vaps
o spam monitor mode taps on tx/rx
o fix ieee80211_radiotap_rx_all to dispatch frames only if the vap is up
o while here print radiotap (and superg) state in show com