Although it is not often needed, the nfscbd(8) should be running when
NFSv4 mounts are done if callback functionality is required.
Callback functionality is required for the NFSv4 server to issue
delegations or pNFS layouts.
This patch adds nfscbd to the mountcritremote's REQUIRED line
to ensure it is started before NFS mounts specified in /etc/fstab
are done.
Reviewed by: 0mp
Differential Revision: https://reviews.freebsd.org/D27506
Follow-up to r353959 and r368070: do the same for other architectures.
arm32 already seems to use its own .fnstart/.fnend directives, which
appear to be ARM-specific variants of the same thing. Likewise, MIPS
uses .frame directives.
Reviewed by: arichardson
Differential Revision: https://reviews.freebsd.org/D27387
r366857 created a number of problems, tearing down interfaces too
early in shutdown. This resulted in:
- hung ssh sessions when shutting down or rebooting remotely using
shutdown (I've used exec shutdown, for years, as apposed to simply
shutdown).
- NFS mounted filesystems "disappear" prior to unmount.
- dhclient attached to a VLAN on an interface who's parent interface
has already shut down prints errors.
The path forward is to teach lagg(4) and vlan(4) about WOL.
PR: 251531, 251540
PR: 158734, 109980 are broken again
Reported by: jhb, emaste, jtl, Helge Oldach<freebsd_oldach.net>
Martin Birgmeier <d8zNeCFG_aon.at>
MFC after: Immediately
Discussion at: https://reviews.freebsd.org/D27459
Enable ND6_IFF_IFDISABLED when the interface is created in the
kernel before return to user space.
This avoids a race when an interface is create by a program which
also calls ifconfig IF inet6 -ifdisabled and races with the
devd -> /etc/pccard_ether -> .. netif start IF -> ifdisabled
calls (the devd/rc framework disabling IPv6 again after the program
had enabled it already).
In case the global net.inet6.ip6.accept_rtadv was turned on,
we also default to enabling IPv6 on the interfaces, rather than
disabling them.
PR: 248172
Reported by: Gert Doering (gert greenie.muc.de)
Reviewed by: glebius (, phk)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D27324
The problem is that zfs is asked to stop too early in the shutdown
sequence. Other services, such as syslog may still be running and have some
files open (e.g., under /var/log). This of course causes the messages like:
cannot unmount '/var/run': umount failed
cannot unmount '/var/log': umount failed
cannot unmount '/var': umount failed
cannot unmount '/usr/home': umount failed
cannot unmount '/usr': umount failed
cannot unmount '/': umount failed
For now, let's remove the shutdown KEYWORD from the zfs service, as people are
reporting problems in their setups:
https://lists.freebsd.org/pipermail/freebsd-current/2020-November/077559.html
In the future, we may think of stopping zfs on shutdown after all the other
services and just before init(8) exits. Another interesting option might be to
a new rcorder(8) KEYWORD like "shutdownjail", but this idea would need to be
discussed a bit.
Reported by: Johan Hendriks <joh.hendriks gmail.com>
Reported by: Yasuhiro KIMURA <yasu utahime.org>
Reported by: Tomoaki AOKI <junchoon dec.sakura.ne.jp>
Approved by: kevans (src)
MFC: 3 days
Differential Revision: https://reviews.freebsd.org/D27263
meowthink@gmail.com reported that the gssd daemon was not
starting, because /etc/rc.d/gssd was executed before his local
/usr file system was mounted.
He fixed the problem by adding mountcritlocal to the REQUIRED
line.
This fix seems safe and works for a separately mounted /usr file
system on a local disk.
The case of a separately mounted remote /usr file system (such as
NFS) is still broken, but there is no obvious solution for that.
Adding mountcritremote would fix the problem, but it would
cause a POLA violation, because all kerberized NFS mounts
in /etc/fstab would need the "late" option specified to work.
Submitted by: meowthink@gmail.com
Reported by: meowthink@gmail.com
Reviewed by: 0mp
MFC after: 2 weeks
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27203
r376026 added a new "-R" option to mountd, which tells it to
not support the Mount protocol (not used by NFSv4) and not
register with rpcbind.
Rpcbind is considered a security issue by some sites now.
This patch adds a new yes/no variable called nfsv4_server_only.
When that is set, make vfs.nfsd.server_min_vers=4 and set "=R"
for mountd.
Setting vfs.nfsd.server_min_vers=4 tells nfsd to not register with rpcbind.
While here, add a check for "load_kld nfsd" failing to nfsd.
Reviewed by: 0mp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D26938
The variable defaults to "/usr/local", unless sysctl returns some other
value for "user.localbase".
The value of user.localbase defaults to _PATH_LOCALBASE as defined in
paths.h and thus this commit has no immediate effect.
The purpose of this change is to make /etc/defaults/rc.conf automatically
use the value of _PATH_LOCALBASE when not set to the default value.
Reviewed by: imp, scottl
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D27014
The problem is that Without walling /etc/rc.d/zfs on shutdown, resources
associated with ZFS mounts are not freed and the jails will remain in dying
state. In addition, the dataset is now in a dangling state, as the jail it
is attached to is dying.
A known workaround for jails was to add the following lines
to /etc/jail.conf, to make sure that "service zfs stop" is run
when the jail is stopped:
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.stop += "/usr/sbin/service zfs stop || /usr/bin/true";
While the workaround seems to be okay-ish for the jail situation, it is
still unclean. However, for physical hosts this may wreak havoc with the
pool if shared spares are used, as "zfs unshare" is never invoked on
shutdown.
PR: 147444
Submitted by: Markus Stoff <markus__stoffdv_at>
Reported by: Mykah <mburkhardt__exavault_com>
Reviewed by: cy
Approved by: cy (src)
MFC after: 1 week
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D27039
This is especially important during shutdown because a child interface
of lagg with WOL enabled will not enable WOL at interface shutdown and
thus no WOL to wake up the device (and machine).
PR: 158734, 109980
Reported by: Antonio Huete Jimenez <tuxillo at quantumachine.net>
Marat N.Afanasyev <marat at zealot.ksu.ru>
reviewed by: kp
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D26797
- whitespace at end of input line
- skipping paragraph macro: Pp at the end of Sh
- new sentence, new line
- consider using OS macro: Fx
- AUTHORS section without An macro
- skipping paragraph macro: Pp before Ss
When a system with pf_enable="YES" in /etc/rc.conf uses hostnames in
/etc/pf.conf, these hostnames cannot be resolved via external nameservers
because the default route is not yet set. This results in an empty
(all open) ruleset.
Since r195026 already put netif back to REQUIRE, this change does not affect
the issue that the firewall should rather have been setup before any
network traffic can occur.
PR: 211928
Submitted by: Robert Schulze
Reported by: Robert Schulze
Tested by: Mateusz Kwiatkowski
No objections from: kp
MFC after: 3 days
Repeating the default WARNS here makes it slightly more difficult to
experiment with default WARNS changes, e.g. if we did something absolutely
bananas and introduced a WARNS=7 and wanted to try lifting the default to
that.
Drop most of them; there is one in the blake2 kernel module, but I suspect
it should be dropped -- the default WARNS in the rest of the build doesn't
currently apply to kernel modules, and I haven't put too much thought into
whether it makes sense to make it so.
Given that we have converted to ELFv2 for BE already, endianness is the only
difference between the two ARCHs.
As such, there is no need to differentiate LIBC_ARCH between the two.
Combining them like this lets us avoid needing to have two copies of several
bits for no good reason.
Sponsored by: Tag1 Consulting, Inc.
bootonce feature is temporary, one time boot, activated by
"bectl activate -t BE", "bectl activate -T BE" will reset the bootonce flag.
By default, the bootonce setting is reset on attempt to boot and the next
boot will use previously active BE.
By setting zfs_bootonce_activate="YES" in rc.conf, the bootonce BE will
be set permanently active.
bootonce dataset name is recorded in boot pool labels, bootenv area.
in case of nextboot, the nextboot_enable boolean variable is recorded in
freebsd:nvstore nvlist, also stored in boot pool label bootenv area.
On boot, the loader will process /boot/nextboot.conf if nextboot_enable
is "YES", and will set nextboot_enable to "NO", preventing /boot/nextboot.conf
processing on next boot.
bootonce and nextboot features are usable in both UEFI and BIOS boot.
To use bootonce/nextboot features, the boot loader needs to be updated on disk;
if loader.efi is stored on ESP, then ESP needs to be updated and
for BIOS boot, stage2 (zfsboot or gptzfsboot) needs to be updated
(gpart or other tools).
At this time, only lua loader is updated.
Sponsored by: Netflix, Klara Inc.
Differential Revision: https://reviews.freebsd.org/D25512
This would allow interested parties to do experimental runs with an
environment set appropriately to raise all the warnings throughout the
build; e.g. env WARNS=6 NO_WERROR=yes buildworld.
Not currently touching the numerous instances in ^/tools.
MFC after: 1 week
Currently, WITHOUT_PORTSNAP forces WITHOUT_FREEBSD_UPDATE because the
latter relies on phttpget, which lives inside the portsnap build bits.
Remove the dependency between these two options by moving phttpget out into
^/libexec and building/installing it if either WITH_PORTSNAP or
WITH_FREEBSD_UPDATE.
Future work could remove the conditional if it's decided that users will use
it independently of either the current in-base consumers.
Reported by: swills
Reviewed by: jilles, emaste
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D26255
This is consistent with how array inits are called, and also makes us
more compatible with glibc environment.
Requested by: Alex S <iwtcex@gmail.com>
PR: 249162
Reviewed by: dim, emaste
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D26351
Such objects can still have valid relocations not requiring symbolic
references.
PR: 249121
Reported by: wsh@riski.sh
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
If object has no dynamic phdr, do not try to dereference NULL. This
means that we cannot process any relocation, and that there cannot be
symbols defined, but it is up to static linker to produce meaningful
objects.
PR: 249121
Reported by: wsh@riski.sh
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
After OpenZFS import, zpool auto import behavior was moved to an
explicit "zpool import -a", and the zpool rc.d script was added
as a prerequisite of zvol.
However, in r299839, zvol was added as a prerequisite of dumpon,
making it to start very early and before all 'disks' providers.
At this time, dumping on a zvol is not supported, so remove this
requirement and make zpool depend on disks to allow zpool on
full disk encryption work.
Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D26333
This violated the RISC-V 64-bit ABI. On CheriBSD this manifested as
a trap when attempting to store 16-byte aligned types while zeroing
the stack.
Reported by: CHERI, jrtc27
Reviewed by: mhorne, br
Obtained from: CheriBSD
Sponsored by: DARPA
Differential Revision: https://reviews.freebsd.org/D26327
prior to zvol and mountcritlocal resulting in ZVOLs (swap and
virtual machine UFS filesystems) being unavailable, leading to
boot failures.
We move the zpool import from zfs to a new zpool script, with the
-N option to avoid mounting datasets while making the ZPOOL's
datasets available for "legacy" mount (mountpoint=legacy) and ZVOLs
available for subsequent use for swap (in the zvol rc sript) or
for UFS or other filesystems in fstab(5), mounted by mountcritlocal.
Reviewed by: freqlabs (previous version)
Differential Revision: https://reviews.freebsd.org/D26185
The primary benefit is maintaining a completely shared
code base with the community allowing FreeBSD to receive
new features sooner and with less effort.
I would advise against doing 'zpool upgrade'
or creating indispensable pools using new
features until this change has had a month+
to soak.
Work on merging FreeBSD support in to what was
at the time "ZFS on Linux" began in August 2018.
I first publicly proposed transitioning FreeBSD
to (new) OpenZFS on December 18th, 2018. FreeBSD
support in OpenZFS was finally completed in December
2019. A CFT for downstreaming OpenZFS support in
to FreeBSD was first issued on July 8th. All issues
that were reported have been addressed or, for
a couple of less critical matters there are
pull requests in progress with OpenZFS. iXsystems
has tested and dogfooded extensively internally.
The TrueNAS 12 release is based on OpenZFS with
some additional features that have not yet made
it upstream.
Improvements include:
project quotas, encrypted datasets,
allocation classes, vectorized raidz,
vectorized checksums, various command line
improvements, zstd compression.
Thanks to those who have helped along the way:
Ryan Moeller, Allan Jude, Zack Welch, and many
others.
Sponsored by: iXsystems, Inc.
Differential Revision: https://reviews.freebsd.org/D25872
flua does have some specific bits that will include luaconf.h, but the
definition of LUA_USE_DLOPEN for those won't matter. This belongs in liblua
instead.
To expand on my previous commit, which was a little sparse with details,
it's not really safe to allow LUA_USE_DLOPEN with host lib paths being used.
The host system could have an entirely different lua version and this could
cause us to crash and burn.
If we want to revive this later, we need to make sure to define c module
paths inside OBJDIR that are compiled against whatever version we've
bootstrapped.
Pointy hat: kevans
are encountered at boot time:
rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netif' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netwait' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/net_watchdog' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/securelevel' has no
providers.
Listing its own requrements in BEFORE rather than use REQUIRE of
non-optional scripts resolves this issue.
The issue was discovered and patched by glebius at Netflix.
Submitted by: glebius
Reported by: glebius
MFC after: 1 week
The space between words is already being echoed by the space between quoted strings:
% echo 'foo' 'bar'
foo bar
% echo 'foo' ' baz'
foo baz
Found in `ipfw` and `mountlate` messages.
PR: 247948
Submitted by: Jose Luis Duran <jlduran@gmail.com>
MFC after: 2 weeks
Sponsored by: Klara Inc.