- Pin the IPI cache and TLB demap functions in order to prevent migration
between determining the other CPUs and calling cpu_ipi_selected(), which
apart from generally doing the wrong thing can lead to a panic when a
CPU is told to IPI itself (which sun4u doesn't support).
Reported and tested by: Nathaniel W Filardo
- Add __unused where appropriate.
Approved by: re (kib)
* Do not dereference a NULL pointer when calling an SCTP send syscall
not providing a destination address and using ktrace.
* Do not copy out kernel memory when providing sinfo for sctp_recvmsg().
Both bugs where reported by Valentin Nechayev.
The first bug results in a kernel panic.
Approved by: re@
r209186:
BIO_DELETE contains range we want to delete and doesn't provide any
useful data, so there is no need to copy it to userland.
r209187:
'unit' can be negative, so use signed type for it.
Found by: Coverity Prevent
CID: 3731
Approved by: re (kensmith)
When updating individual CPU's lowest Cx state to use, never set it to a
state lower than the lowest one supported by the current CPU. This closes
some races with changes to the hw.acpi.cpu_cx_lowest sysctl while Cx
states for individual CPUs were changing (e.g. unplugging the AC adapter
of a laptop) that could result in panics.
Approved by: re (kib)
Temporarily disable instruction relocation while setting up the kernel's
IBAT entry in early boot in order to prevent possible faults from races
between the instruction cache and the MMU.
PR: powerpc/148003
Approved by: re (kib)
* Fix a bug where the length of the ASCONF-ACK was calculated wrong due
to using an uninitialized variable.
* Fix a bug where a NULL pointer was dereferenced when interfaces
come and go at a high rate.
* Fix a bug where inps where not deregistered from iterators.
* Fix a race condition in freeing an association.
* Fix a refcount problem related to the iterator.
Each of the above bug results in a panic. It shows up when
interfaces come and go at a high rate.
Approved by: re
o Bump MAX_BPAGES from 256 to 1024.
o Synchronize the kernel entry on all CPUs with the use of the ptc.g
instruction on a single CPU by implementing a bare-bones readers-
writer lock.
Approved by: re (kensmith)
r209260:
Backout r207970 for now, it can lead to deadlocks.
Reported by: kan
r209261:
Turn off UMA allocations on all archs by default. It isn't stable even
on amd64.
Reported by: many
Approved by: re (kib)
- In gpart_bootfile_read() fix an off-by-one error preventing the bootstrap
file to be of maximum size.
- Add special handling required for SMI/VTOC8 disklabel partcode, i.e. avoid
overwriting the label when writing the bootstrap code to the partition
starting at 0 and install it to all partitions when the -i option is omitted
just like geom_sunlabel(4) and sunlabel(8) do by default.
- Add missing prototypes.
- Add const where applicable.
Reviewed by: marcel
Approved by: re (kib)
3 Fixes -
a) There was a case where a ICMP message could cause
us to return leaving a stuck lock on an stcb.
b) The iterator needed some tweaks to fix its lock
ordering.
c) The ITERATOR_LOCK is no longer needed in the freeing
of a stcb. Now that the timer based one is gone we don't
have a multiple resume situation. Add to that that there
was somewhere a path out of the freeing of an assoc that
did NOT release the iterator_lock.. it was time to clean
this old code up and in the process fix the lock bug.
Approved by: re (bz)
Bring in a number of netfront changes:
r199549 | jhb
Remove commented out reference to if_watchdog and an assignment of zero to
if_timer.
Reviewed by: scottl
r199997 | gibbs
Add media ioctl support and link notifications so that devd will attempt
to run dhclient on a netfront (xn) device that is setup for DHCP in
/etc/rc.conf.
PR: kern/136251 (fixed differently than the submitted patch)
r204158 | kmacy
- make printf conditional
- fix witness warnings by making configuration lock a mutex
r207673 | joel
Switch to our preferred 2-clause BSD license.
Approved by: kmacy
r208901 | ken
A number of netfront fixes and stability improvements:
- Re-enable TSO. This was broken previously due to CSUM_TSO clearing the
CSUM_TCP flag, so our checksum flags were incorrectly set going to the
netback driver. That was fixed in r206844 in tcp_output.c, so we can
turn TSO back on here.
- Fix the way transmit slots are calculated, so that we can't overfill
the ring.
- Avoid sending packets with more fragments/segments than netback can
handle. The Linux netback code can only handle packets of
MAX_SKB_FRAGS, which turns out to be 18 on machines with 4K pages. We
can easily generate packets with 32 or so fragments with TSO turned on.
Right now the solution is just to drop the packets (since netback
doesn't seem to handle it gracefully), but we should come up with a way
to allow a driver to tell the TCP stack the maximum number of fragments
it can handle in a single packet.
- Fix the way the consumer is tracked in the receive path. It could get
out of sync fairly easily.
- Use standard Xen ring macros to make it clearer how netfront is using
the rings.
- Get rid of Linux-ish negative errno return values.
- Added more documentation to the driver.
- Refactored code to make it easier to read.
- Some other minor fixes.
Reviewed by: gibbs
Sponsored by: Spectra Logic
Approved by: re (bz)
Program the K2 SATA controller's interrupt to be level-triggered low, and
respect the edge/level settings in the device tree.
OpenPIC on powerpc sets interrupts to be level high by default. On Apple
interrupt controllers, all level interrupts are low regardless of
programming except interrupt 0, used by K2 SATA on some Apple systems, with
the result that the K2 SATA IRQ is misconfigured. Pending review of changes
to this default, work around this by changing the programming of the K2
SATA interrupt to level low.
Approved by: re (kib)
Some revisions of the Serverworks K2 SATA controller have a data
corruption bug where if an ATA command is issued before DMA is started,
data will become available to the controller before it knows what to do
with it. This results in either data corruption or a controller crash.
This patch remedies the problem by adopting the workaround employed
by Linux and Darwin: starting the DMA engine prior to sending the ATA
command.
Reviewed by: mav
Approved by: re (kib)
Fix a number of bugs and race conditions.
r208160: Bring back of the iterator thread. It now properly handles VNETS
having only one thread. The old timer based code was full of
LOR's and other issues.
r208852: Cleanup bug. Basically when an un-accepted socket was hanging on a
closed listener, we would leak the inp never cleaning it up
r208853: Enhance the use under invarients of the audit for locks function
and fix a bug where a close collision with a cookie being processed
would cause a crash.
r208854: Use the proper increment macros when working with the
sent_queue_retran_cnt
r208855: Align comments properly, Fix a bug where we were NOT looking at the
resend markings for control chunks and also not decrementing the
retran count which caused extra calls to retransmission. Alos add
a valid no locks call to the output routine.
r208856: Spacing issues in auth/bsd addr.
r208857: Get rid of a windows ifdef that somehow leaked in
r208863: Missing error leg returns in some failure cases
r208864: LOR fix between the iterator and sctp_inpcb_close
r208874: Don't call the sctp_inpcb_free from abort an association since you
don't know what locks you hold and a timer will take care of the
situation when the gone flag is set
r208875: sctp_inpcb_free bug - a socket under the right situation could get
stuck (from the accept queue) and never start the proper cleanup
timer)
r208876: Further enhance invariant lock validation, Fix a bug where a closed
socket and a INIT-ACK could collide and cause a crash
r208878: Clear up another bug in sctp_inpcb_free where we would end up due
to a race in freeing hit a destroy of a contended lock.
r208879: Optimize the cleanup and make some additional fixes in the sysctl
code so that it won't reference a GONE INP and crash us
r208883 & r208891: Fix so we don't open a hole between a sock lock and a call
to socantrcvmore.. we could before hit a race that would kill the
socket underneath us leading to a crash
r208897: CUM-ACK calculation was messed up. So basically large message got
broken from the original NR_sack integration.
r208902: Make sure that we don't move a bit to the NR array that is behind
the cum-ack
r208952: Use both bit maps to calculte the cum-ack.
r208953: Fix bug having to do with freeing an sctp_inpcb_free().
1) make sure not to remove the flag until you get the lock again.
2) make sure all log_closing calls hold the lock.
3) Release all the locks when everthing is done and call callout_drain
not callout_stop..
r208970: Fix some places on user allocation of a new sctp_inpcb where we run
out of resource that we make sure to NULL the so_pcb pointer.
Approved by: re - (bz@freebsd.org)
Due to the way HALDEBUG() is defined, we need to add curly brackets
when using it as a sole if clause instruction.
Submitted by: Arnaud Lacombe <alc@NetBSD.org>
Approved by: re (kensmith)
Due to the way HALDEBUG() is defined, we need to add curly brackets
when using it as a sole if clause instruction.
While there, fix 'const static' typo.
Submitted by: Arnaud Lacombe <alc@FreeBSD.org>
Approved by: re (kensmith)
Bring in a couple of fixes from the Linux ath9k related to chip hangs.
While there, try to make the register write pattern look like what's
done by ath9k.
Approved by: re (kensmith)
More gracefully handle stale file handles and attributes when opening a
file via NFS. Specifically, to satisfy close-to-open-consistency, the NFS
client always performs at least one RPC on a file during an open(2) to see
if the file has changed. Normally this RPC is an ACCESS or GETATTR RPC
that is forced by flushing a file's attribute cache during nfs_open() and
then requesting new attributes. However, if the file is noticed to be
stale during nfs_open(), the only recourse is to fail the open(2) call
with ESTALE. On the other hand, if the ACCESS or GETATTR RPC is sent
during nfs_lookup(), then the NFS client can fall back to a LOOKUP RPC to
obtain the new file handle in the case that a file has been replaced.
This change causes the NFS client to flush the attribute cache during
nfs_lookup() when validating a name cache hit if the attributes fetched
during nfs_lookup() can be reused in nfs_open(). This allows the client
to open a replaced file via the new file handle the first time that it
notices a replaced file rather than failing with ESTALE in some cases.
Approved by: re (kib)
Make sure that interrupt sense settings set after interrupts are enabled
are respected. This fixes loading the Apple onboard audio driver
(snd_ai2s) as a module after boot, which would previously cause a panic.
PR: powerpc/146888
Approved by: re (kensmith)
Fix a bug introduced in r199011. When bge(4) reuses loaded RX
buffers it should also reinitialize RX descriptors otherwise some
stale data could be passed to controller. This could end up with
mbuf double free or unexpected NULL pointer dereference in upper
stack. To fix the issue, save loaded buffer's length and
reinitialize RX descriptors with the saved value whenever bge(4)
reuses the loaded RX buffers.
While I'm here, increase the number of RX buffers to 512 from 256.
This simplifies RX buffer handling as well as giving more RX
buffers. Controller supports just fixed number of RX buffers
(i.e. 512) and bge(4) used to rely on hope that our CPU is fast
enough to keep up with the controller. With this change, bge(4)
will use 1MB for RX buffers but I don't think it would cause
problems in these days.
Reported by: marcel
Tested by: marcel
Approved by: re (bz)
Don't blindly set IFF_DRV_OACTIVE when sge_encap() fails. If there
is no queued frame, IFF_DRV_OACTIVE would never be cleared.
Submitted by: Nikolay Denev < ndenev <> gmail at com >
Approved by: re (bz)
It is not necessary (and in some cases harmful) to hardcode ata_kauai's
IRQ to 39 on K2 devices, as well as Shasta ones.
Reported by: Andreas Tobler
Approved by: re (kib)
In the unlikely event that pmap_ts_referenced() demoted five superpage
mappings to the same underlying physical page, the calling thread would
be left forever pinned to the same processor.
Approved by: re (kib)
The first 96 bytes may not be zeroes. It can contain trivial boot
code that merely emits an error and waits for a key press before
rebooting. The error being that extended partitions are not
bootable. The origin is presumed to be Windows 2000; Windows XP
does not do this...
For now, ignore the first 96 bytes when checking that the EBR is
(for the most part) all zeroes.
Tested by: Mario Lobo <mlobo at digiart.art.br>
Dieter <dieterbsd at engineer.com>
PR: kern/141235
Reviewed by: marcel
Approved by: kib (mentor)
Approved by: re (bz)
Use callout_init_mtx on FreeBSD versions recent enough. This closes
the race where interrupt thread can complete the request for which
timeout has fired and while mpt_timeout has blocked on mpt_lock.
Approved by: re (kib)
- use correct size (512) while reading a gang block
- skip holes while reading child blocks
- advance buffer pointer while reading child blocks
PR: 144214
Approved by: re(kib)
Fix freeing space after deleting large files with holes.
OpenSolaris onnv revision: 9950:78fc41aa9bc5
Reviewed by: pjd, delphij (mentor)
Obtained from: OpenSolaris (Bug ID 6792701)
Approved by: re (kib)
