Basic use of mallocarray to prevent overflows. Here allocation is done
with M_NOWAIT so the code is prepared for the possibility of returning
NULL values. Since mallocarray expects unsigned parameters, unsign some
related variables to minimize sign conversions.
Reviewed by: mckusick
We would previously just free the request BIO, which would either cause
the disk to stay stuck in the SYNCHRONIZING state, or result in
synchronization completing without having copied the block which
returned an error.
With this change, if the disk which returned an error is the only active
disk in the mirror, the synchronizing disk is kicked out. Otherwise, the
read is retried.
Reported and tested by: pho (previous version)
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
The driver now fully observes watchdog(9) protocol.
Previously a too large timeout was silently clamped while the correct
behavior is to disable the watchdog and leave the error as is
(i.e. to not report success).
Also, previously a too small value caused the timer to stop while the
correct behavior is to use the minimal supported value.
MFC after: 2 weeks
Iwasaki-san's copyright over. Remove FIXME code that couldn't possibly
work. Call tc_settime() with our estimate of the delta we've been
alseep (the one we print) to adjust the time. Not sure what to do
about callouts, so keep the small #ifdef in place there.
Differential Revision: https://reviews.freebsd.org/D13823
more in r317426. There's nothing in the tree that references digiio.h
(apart from digictl(8)), so no driver implements it. Since digictl(8)
was only used to control digi(4) devices, it too should go.
Add an implementation of the intrinsics invoked by __builtin_ctz{,ll} and
__builtin_clz{,ll}, and include this compilation unit on platforms that lack
assembly intrinsics for those builtins (MIPS and RISC-V).
Future cleanup work might involve bringing these into a mini libcompiler-rt
for the standalone kernel environment. Or cleaning up the approach upstream
takes for builtins in standalone environments (or just FreeBSD). For now,
at least this builds, and doesn't require modifying the vendor code.
Reported by: jeff, markj, mizhka
Reviewed by: jhb (earlier version), rpokala (comment text earlier version)
Sponsored by: Dell EMC Isilon
g_mirror_regular_request() may free the gmirror consumer for a disk
if that disk is being disconnected, after which we must not dereference
the consumer pointer.
CID: 1384280
X-MFC with: r327496
RTC chips that have a control register bit for am/pm mode, the DS13xx series
uses one of the high bits in the hour register. Thus, when setting the time
in am/pm mode, the am/pm mode flag has to be ORed into the hour.
- If aio_qphysio() returns a non-zero error code, fail the request rather
than queueing it to the AIO kproc pool to be retried via the slow path.
Currently this means that if vm_fault_quick_hold_pages() reports an
error, EFAULT is returned from the fast-path rather than retrying the
request in the slow path where it will still fail with EFAULT.
- If aio_qphysio() wishes to use the fast path for a device that doesn't
support unmapped I/O but there are already the maximum number of
such requests in flight, fail with EAGAIN as we do for other AIO
resource limits rather than queueing the request to the AIO kproc pool.
- Move the opcode check for aio_qphysio() out of the caller and into
aio_qphysio() to simplify some logic and remove two goto's while here.
It also uses a whitelist (only supported for LIO_READ / LIO_WRITE)
rather than a blacklist (skipped for LIO_SYNC).
PR: 217261
Submitted by: jkim (an earlier version)
MFC after: 2 weeks
Sponsored by: Chelsio Communications
If the MD_VERIFY flag is set, we should use O_VERIFY. If the MD_VERIFY flag
is not set, we should not.
Reviewed by: stevek
Sponsored by: Netflix
Differential Revision: https://reviews.freebsd.org/D13814
Specifically, in aio_queue_file() the code was doing this:
if (opcode == LIO_SYNC) {
...
}
switch (opcode) {
...
case LIO_SYNC:
...
}
This moves the body of the if statement into the LIO_SYNC case of the
switch statement.
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Disable Zstd experimental support for __BMI__ intrinsics, when built with
-march=foo supporting such intrinsics, to avoid attempting to include
immintrin.h. If a later Zstd marks the support non-experimental, we may want
to revisit this approach.
Submitted by: jkim
Reported by: jkim, "Oliver Hartmann" <ohartmann AT walstatt.org>
supported on newer POWER hardware and in graphical VMs run on the same,
which are typically XHCI-only. The 32-bit GENERIC kernel, which
does not run on hardware made in the last decade and is unlikely to
encounter XHCI devices, is left unchanged.
PR: kern/224940
Submitted by: Gustavo Romero
MFC after: 1 week
inline ccbque.h into scsi_low.h. The file isn't MD, so shouldn't live
in i386/isa. It's only used by scsi_low, so move it there so no new
clients accidentally grow. scsi_low may not even still work, and the
locking here is still SPL based. CAM should do the right thing, but
I've received no reports of these cards still working. At least it
compiles still and there's one fewer files in sys/i386/isa. While I'm
here, ansify and de-splize. CCB_MWANTED appears to be a clear-only
flag, but I've not changed that.
Differential Review: https://reviews.freebsd.org/D13672
a mask and value to compare with the Main ID Register. If these match then a
function is called to handle the installation of the erratum workaround.
No errata are currently handled, however this will change soon in a future
commit.
MFC after: 1 week
Sponsored by: DARPA, AFRL
This is a followup to r307903.
struct svm_softc takes more than 200 kilobytes while what we really need
is 3 contiguous pages for I/O permission map and 2 contiguous pages for
MSR permission map. Other physically mapped structures have a size of
a single page, so a proper alignment is sufficient for their correct
mapping.
Thus, only the permission maps are allocated with contigmalloc now,
the softc is allocated with a regular malloc.
Additionally, this commit adds a check that malloc returns memory with the
expected page alignment and that contigmalloc does not fail.
Unfortunately, at present svm_vminit() is expected to always succeed and
there is no way to report an error.
So, a contigmalloc failure leads to a panic.
We should probably fix this.
MFC after: 2 weeks
The code accesses bp->b_dep without owning the ufs mount softdep lock,
which makes it possible for the derefenced workitem to be freed in
parallel. In particular, the deallocate_dependencies(),
softdep_disk_io_initiation() and softdep_disk_write_complete() are
affected.
Move the code to safely calculate ump from the buffer with
dependencies into the helper softdep_bp_to_mp() and use it for all
found cases.
Tested by: pho (as part of the bigger patch)
Reviewed by: mckusick (as part of the bigger patch)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
handle_written_XXX() in case of processing the buffer with an error.
Tested by: pho (as part of the bigger patch)
Reviewed by: mckusick (as part of the bigger patch)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
so that buf_complete() sees fully constructed buffer.
This is a NOP right now, but will be needed by the forthcoming SU change.
Reported and tested by: pho
Reviewed by: mckusick
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
that was not allocated will be accessed.
This necessitated refactoring state seed allocation from
ipf_state_soft_init() into a new common ipf_state_seed_alloc() function
as it is now also used by ipf_state_rehash() when changing the size of
the state hash table in addition to by ipf_state_soft_init() during
initialization.
According to Christos Zoulas <christos@NetBSD.org>:
The bug was encountered by a NetBSD vendor who's customer machines had
large ipfilter states. The bug was reliably triggered by resizing the
state variables using "ipf -T".
Submitted by: Christos Zoulas <christos@NetBSD.org>
Reviewed by: delphij, rgrimes
Obtained from: NetBSD ip_state.c CVS revs r1.9 and r1.10
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D13755
By disabling the -Winline warning. Fixes the powerpc and sparc64 build
after r327706.
Note: MIPS and RISCV builds still broken due to absense of __ctzdi2 (aka
__builtin_ctzll) in their libgcc or libcompiler-rt libraries.
Reported by: markj
Sponsored by: Dell EMC Isilon
from the ada and da dump routines. This avoids difficult locking
problems from needing to be handled. While it might seem like this
would leave the periphs unprotected during dump, they were aleady
at risk of unexpected removal due to the dump functions not
keeping refcount state across the many calls that come in during
a dump. This is an exercise for future work.
Obtained from: Netflix
We currently use a set of subroutines in kern_gzio.c to perform
compression of user and kernel core dumps. In the interest of adding
support for other compression algorithms (zstd) in this role without
complicating the API consumers, add a simple compressor API which can be
used to select an algorithm.
Also change the (non-default) GZIO kernel option to not enable
compressed user cores by default. It's not clear that such a default
would be desirable with support for multiple algorithms implemented,
and it's inconsistent in that it isn't applied to kernel dumps.
Reviewed by: cem
Differential Revision: https://reviews.freebsd.org/D13632
Mock userspace headers and include mocked headers first in compilation
command to inject kernel headers and override e.g., malloc(3) with
malloc(9).
Submitted by: allanjude
Reviewed by: imp (earlier version), bapt (earlier version)
Differential Revision: https://reviews.freebsd.org/D10407
malloc(9): drop the __result_use_check attribute for the kernel allocator.
My bad: __result_use_check just checks the for the general and we always
want to make sure allocated memory is used, not only checked for nullness.
Add it to reallocf since that was missing.
The __result_use_check attribute was brought to the kernel malloc in
r281203 for consistency with the userland malloc.
For the case of the M_WAITOK flag, the kernel malloc(), realloc(), and
reallocf() cannot return NULL so in that case the __result_use_check
attribute makes no sense.
We don't have any way of conditionalizing such attributes so just drop it.
MFC after: 3 days