Commit Graph

137325 Commits

Author SHA1 Message Date
Robert Watson
93b510870f Reorder and clean up make_coda_node(), annotate weaknesses in the
implementation.

MFC after:	1 month
2008-02-15 11:58:11 +00:00
Bruce Evans
63b4a1f80c Sigh, the weak reference for ceill(), floorl() and truncl() was in
unreachable code due to a missing include.  This kept arm and powerpc
broken.

Reported by:	sam, grehan
2008-02-15 07:01:40 +00:00
Scott Long
7bbd40c57e Teach the dump and minidump code to respect the maxioszie attribute of
the disk; the hard-coded assumption of 64K doesn't work in all cases.
2008-02-15 06:26:25 +00:00
Robert Watson
b0cfa3c432 Add open_to_operation, a security regression test that opens files with
various open flags and then tests various operations to make sure that
they are properly constrained by open flags.  Various I/O mechansms
are tried, including aio if compiled into the kernel or loaded as a
module.  There's more to be done here but it's a useful start, running
about 220 individual tests.

This is in support of FreeBSD-SA-08:03.sendfile.
2008-02-14 20:57:38 +00:00
Yaroslav Tykhiy
870db2da6d No network addresses in the system isn't a good excuse
for rpcbind(8) to crash.

The crash was due to a boolean variable initialized
improperly.  Besides fixing the initialization, pick
a better name for the variable so that its meaning is
clear and no more coding errors appear around it.
2008-02-14 20:12:23 +00:00
John Baldwin
2e4760b66b Make netstat -rn more resilient to having the routing table change out from
under it while running.  Note that this is still not perfect:
- Try to do something intelligent if kvm_read() fails to read a routing
  table structure such as an rtentry, radix_node, or ifnet.
- Don't follow left and right node pointers in radix_nodes unless
  RNF_ACTIVE is set in rn_flags.  This avoids walking through freed
  radix_nodes.

MFC after:	1 week
2008-02-14 20:01:52 +00:00
Christian Brueffer
af176d7306 Some language and mdoc style improvements. 2008-02-14 19:39:09 +00:00
Marcel Moolenaar
7a1f364c7d On Montecito processors, the instruction cache is in fact not
coherent with the data caches. Implement a quick fix to allow
us to boot on Montecito, while I'm working on a better fix in
the mean time.

Commit made on Montecito-based Itanium...
2008-02-14 18:46:50 +00:00
Yaroslav Tykhiy
38a7fd05f7 In the new order of things dictated by nmount(2), a read-only mount
is to be requested via a "ro" option.  At the same time, MNT_RDONLY
is gradually becoming an indicator of the current state of the FS
instead of a command flag.  Today passing MNT_RDONLY alone to the
kernel's mount machinery will lead to various glitches.  (See the
PRs for examples.)

Therefore mount the root FS with a "ro" option instead of the
MNT_RDONLY flag.  (Note that MNT_RDONLY still is added to the mount
flags internally, by vfs_donmount(), if "ro" was specified.)

To be able to pass "ro" cleanly to kernel_vmount(), teach the latter
function to accept options with NULL values.

Also correct the comment explaining how mount_arg() handles length
of -1.

PR:		bin/106636 kern/120319
Submitted by:	Jaakko Heinonen <see PR kern/120319 for email> (originally)
2008-02-14 17:04:31 +00:00
Andrew Gallatin
91ed89132c Now that mxge supports MSI-X interrupts, reverse the logic and flag
legacy interrupts rather than MSI as a special case.  Prior to this
commit, the interrupt handler was doing the slow handshaking with
the device to ensure the legacy interrupt was lowered in both
the legacy and MSI-X case.  This handshaking was not
required for MSI-X.
2008-02-14 16:24:14 +00:00
Bruce Evans
5014f8ded4 Oops, the weak reference for ceill(), floorl() and truncl() was in the
wrong file.  This broke arm and powerpc.

Reported by:	grehan
2008-02-14 15:10:34 +00:00
Rui Paulo
18d6902161 Don't attach to non Core CPUs. This is needed because on the PIII,
querying the number of sensors returns > 0.

PR:		120541
Approved by:	njl (mentor)
2008-02-14 14:14:59 +00:00
Bruce Evans
3365b45e5e Use the expression fabs(x+0.0)+fabs(y+0.0) instad of a+b (where a is
|x| or |y| and b is |y| or |x|) when mixing NaN arg(s).

hypot*() had its own foot shooting for mixing NaNs -- it swaps the
args so that |x| in bits is largest, but does this before quieting
signaling NaNs, so on amd64 (where the result of adding NaNs depends
on the order) it gets inconsistent results if setting the quiet bit
makes a difference, just like a similar ia64 and i387 hardware comparison.
The usual fix (see e_powf.c 1.13 for more details) of mixing using
(a+0.0)+-(b+0.0) doesn't work on amd64 if the args are swapped (since
the rder makes a difference with SSE). Fortunately, the original args
are unchanged and don't need to be swapped when we let the hardware
decide the mixing after quieting them, but we need to take their
absolute value.

hypotf() doesn't seem to have any real bugs masked by this non-bug.
On amd64, its maximum error in 2^32 trials on amd64 is now 0.8422 ulps,
and on i386 the maximum error is unchanged and about the same, except
with certain CFLAGS it magically drops to 0.5 (perfect rounding).

Convert to __FBSDID().
2008-02-14 13:44:03 +00:00
Bruce Evans
8e97417475 Forced commit to note that the minus sign in the fancy expression
(x+0.0)-(y+0.0) for mixing NaNs documented in a previous log message
didn't actually get committed.  Apparently, adding 0.0 uniformizes
the order enough to give consistent results.
2008-02-14 12:56:35 +00:00
Dag-Erling Smørgrav
096ba44775 _pthread_mutex_isowned_np(): use a more reliable method; the current code
will work in simple cases, but may fail in more complicated ones.

Reviewed by:	davidxu
2008-02-14 12:37:58 +00:00
Simon L. B. Nielsen
1b7089994c Fix sendfile(2) write-only file permission bypass.
Security:	FreeBSD-SA-08:03.sendfile
Submitted by:	kib
2008-02-14 11:44:31 +00:00
Bruce Evans
b4437c3d32 Fix the hi+lo decomposition for 2/(3ln2). The decomposition needs to
be into 12+24 bits of precision for extra-precision multiplication,
but was into 13+24 bits.  On i386 with -O1 the bug was hidden by
accidental extra precision, but on amd64, in 2^32 trials the bug
caused about 200000 errors of more than 1 ulp, with a maximum error
of about 80 ulps.  Now the maximum error in 2^32 trials on amd64
is 0.8573 ulps.  It is still 0.8316 ulps on i386 with -O1.

The nearby decomposition of 1/ln2 and the decomposition of 2/(3ln2) in
the double precision version seem to be sub-optimal but not broken.
2008-02-14 10:23:51 +00:00
Christian Brueffer
c515fdbfa4 Document the hw.skc.jumbo_disable tunable. While here, correct some things
in the SYSCTLS section.

Submitted by:	yongari
2008-02-14 10:01:48 +00:00
Bruce Evans
011cbae1fe Use the expression (x+0.0)-(y+0.0) instead of x+y when mixing NaN arg(s).
This uses 2 tricks to improve consistency so that more serious problems
aren't hidden in simple regression tests by noise for the NaNs:

- for a signaling NaN, adding 0.0 generates the invalid exception and
  converts to a quiet NaN, and doesn't have too many effects for other
  types of args (it converts -0 to +0 in some rounding modes, but that
  hopefully doesn't change the result after adding the NaN arg).  This
  avoids some inconsistencies on i386 and ia64.  On these arches, the
  result of an operation on 2 NaNs is apparently the largest or the
  smallest of the NaNs as bits (consistently largest or smallest for
  each arch, but the opposite).  I forget which way the comparison
  goes and if the sign bit affects it.  The quiet bit is is handled
  poorly by not always setting it before the comparision or ignoring
  it.  Thus if one of the args was originally a signaling NaN and the
  other was originally a quiet NaN, then the result depends too much
  on whether the signaling NaN has been quieted at this point, which
  in turn depends on optimizations and promotions.  E.g., passing float
  signaling NaNs to double functions must quiet them on conversion;
  on i387, loading a signaling NaN of type float or double (but not
  long double) into a register involves a conversion, so it quiets
  signaling NaNs, so if the addition has 2 register operands than it
  only sees quiet NaNs, but if the addition has a memory operand then
  it sees a signaling NaN iff it is in the memory operand.

- subtraction instead of addition is used to avoid a dubious optimization
  in old versions of gcc.  For SSE operations, mixing of NaNs apparently
  always gives the target operand.  This is not as good as the i387
  and ia64 behaviour.  It doesn't mix NaNs at all, and makes addition
  not quite commutative.  Old versions of gcc sometimes rewrite x+y
  to y+x and thus give different results (in bits) for NaNs.  gcc-3.3.3
  rewrites x+y to y+x for one of pow() and powf() but not the other,
  so starting from float NaN args x and y, powf(x, y) was almost always
  different from pow(x, y).

These tricks won't give consistency of 2-arg float and double functions
with long double ones on amd64, since long double ones use the i387
which has different semantics from SSE.

Convert to __FBSDID().
2008-02-14 09:42:24 +00:00
Pyun YongHyeon
9fb59f5567 Prefer NULL over integer 0 for pointer type. 2008-02-14 01:25:01 +00:00
Pyun YongHyeon
cdca0fe8be Nuke local jumbo allocator and switch to use of UMA backed page
allocator for jumbo frame.
 o Removed unneeded jlist lock which was used to manage jumbo
   buffers.
 o Don't reinitialize hardware if MTU was not changed.
 o Added additional check for minimal MTU size.
 o Added a new tunable hw.skc.jumbo_disable to disable jumbo frame
   support for the driver. The tunable could be set for systems that
   do not need to use jumbo frames and it would save
   (9K * number of Rx descriptors) bytes kernel memory.
 o Jumbo buffer allocation failure is no longer critical error for
   the operation of sk(4). If sk(4) encounter the allocation failure
   it just disables jumbo frame support and continues to work without
   user intervention.

With these changes jumbo frame performance of sk(4) was slightly
increased and users should not encounter jumbo buffer allocation
failure. Previously sk(4) tried to allocate physically contiguous
memory, 3388KB for 256 Rx descriptors. Sometimes that amount of
contiguous memory region could not be available for running systems
which in turn resulted in failure of loading the driver.

Tested by:	Cy Schubert < Cy.Schubert () komquats dot com >
2008-02-14 01:10:48 +00:00
Robert Watson
c0964f549b Remove debugging code under OLD_DIAGNOSTIC; this is all >10 years old and
hasn't been used in that time.

MFC after:	1 month
2008-02-14 00:55:03 +00:00
Robert Watson
57a77b811f In Coda, flush the attribute cache for a cnode when its fid is
changed, as its synthesized inode number may have changed and we
want stat(2) to pick up the new inode number.

MFC after:	1 month
2008-02-14 00:30:06 +00:00
Andrew Gallatin
37d89b0c5e Add minimally invasive shims to ease MFCs of mxge back as far
as RELENG_6

Sponsored by: Myricom, Inc.
2008-02-14 00:09:59 +00:00
John Baldwin
ad69e26b69 Add KASSERT()'s to catch attempts to recurse on spin mutexes that aren't
marked recursable either via mtx_lock_spin() or thread_lock().

MFC after:	1 week
2008-02-13 23:39:05 +00:00
John Baldwin
1d9c3ad3ef Mark the syscons video spin mutex as recursable since it is currently
recursed in a few places.

MFC after:	1 week
2008-02-13 23:38:08 +00:00
John Baldwin
bf49347744 Mark sleepqueue chain spin mutexes are recursable since the sleepq code
now recurses on them in sleepq_broadcast() and sleepq_signal() when
resuming threads that are fully asleep.

MFC after:	1 week
2008-02-13 23:36:56 +00:00
John Baldwin
13c85a48df Add a couple of assertions and KTR logging to thread_lock_flags() to
match mtx_lock_spin_flags().

MFC after:	1 week
2008-02-13 23:33:50 +00:00
Andrew Gallatin
615fc0983c Make the type of the firmware arrays match those
in the other eth*_z8e.h files.
2008-02-13 21:58:46 +00:00
Attilio Rao
f0c5fe2d1d Update manpage with lockmgr_assert() description. 2008-02-13 21:54:16 +00:00
John Baldwin
7471277054 Add an automatic kernel module version dependency to prevent loading
modules using invalid ABI versions (e.g. a 7.x module with an 8.x kernel)
for a given kernel:
- Add a 'kernel' module version whose value is __FreeBSD_version.
- Add a version dependency on 'kernel' in every module that has an
  acceptable version range of __FreeBSD_version up to the end of the
  branch __FreeBSD_version is part of.  E.g. a module compiled on 701000
  would work on kernels with versions between 701000 and 799999 inclusive.

Discussed on:	arch@
MFC after:	1 week
2008-02-13 21:34:06 +00:00
Attilio Rao
d98b6d4496 Bump __FreeBSD_version after the introduction of:
- lockmgr_assert()
- BUF_ASSERT_*() family functions

which enriched the KPI.
2008-02-13 20:59:28 +00:00
Colin Percival
e81875ba53 Improve conformance to the HTTP specification by using case-insensitive
comparisons for header keywords.  Apparently some proxies use creative
capitalization.

Weird proxy found by:	brooks
MFC after:		3 days
2008-02-13 20:46:23 +00:00
Attilio Rao
84887fa362 - Add real assertions to lockmgr locking primitives.
A couple of notes for this:
  * WITNESS support, when enabled, is only used for shared locks in order
    to avoid problems with the "disowned" locks
  * KA_HELD and KA_UNHELD only exists in the lockmgr namespace in order
    to assert for a generic thread (not curthread) owning or not the
    lock.  Really, this kind of check is bogus but it seems very
    widespread in the consumers code.  So, for the moment, we cater this
    untrusted behaviour, until the consumers are not fixed and the
    options could be removed (hopefully during 8.0-CURRENT lifecycle)
  * Implementing KA_HELD and KA_UNHELD (not surported natively by
    WITNESS) made necessary the introduction of LA_MASKASSERT which
    specifies the range for default lock assertion flags
  * About other aspects, lockmgr_assert() follows exactly what other
    locking primitives offer about this operation.

- Build real assertions for buffer cache locks on the top of
  lockmgr_assert().  They can be used with the BUF_ASSERT_*(bp)
  paradigm.

- Add checks at lock destruction time and use a cookie for verifying
  lock integrity at any operation.

- Redefine BUF_LOCKFREE() in order to not use a direct assert but
  let it rely on the aforementioned destruction time check.

KPI results evidently broken, so __FreeBSD_version bumping and
manpage update result necessary and will be committed soon.

Side note: lockmgr_assert() will be used soon in order to implement
real assertions in the vnode namespace replacing the legacy and still
bogus "VOP_ISLOCKED()" way.

Tested by:      kris (earlier version)
Reviewed by:    jhb
2008-02-13 20:44:19 +00:00
Robert Watson
89d1d7886a Update cache flushing behavior in light of recent namecache and
access cache improvements:

- Flush just access control state on CODA_PURGEUSER, not the full
  namecache for /coda.

- When replacing a fid on a cnode as a result of, e.g.,
  reintegration after offline operation, we no longer need to
  purge the namecache entries associated with its vnode.

MFC after:	1 month
2008-02-13 19:50:17 +00:00
Christian Brueffer
df77ed7558 The hptrr driver first appeared in 6.3, not 5.3.
PR:		120616
Submitted by:	Josh Paetzel <josh@tcbug.org>
MFC after:	3 days
2008-02-13 18:32:44 +00:00
Bruce Evans
55f57a384c Forced commit to note that the lost log message for the previous commit
said that the previous commit was almost a null forced commit too.  It
just converted to __FBSDID().  I was going to change `huge' from its
double precision value of 1e300, but that seems to be unnecessary since
`huge' is only used to set FE_INEXACT, and any value with an exponent
larger than LDBL_MANT_DIG will do for that, while initializing a really
huge value in a portable way would require more code.
2008-02-13 18:16:43 +00:00
Bruce Evans
e7c95ee5fe s_ceill.c
s_floorl.c
s_truncl.c
2008-02-13 17:38:16 +00:00
John Baldwin
1951e633c4 Use RTFREE_LOCKED() instead of rtfree() when releasing a reference on the
'rt' route in rtredirect() as 'rt' is always locked.

MFC after:	1 week
PR:		kern/117913
Submitted by:	Stefan Lambrev  stefan.lambrev of moneybookers.com
2008-02-13 16:57:58 +00:00
Bruce Evans
74d68da630 On arches where long double is the same as double, alias ceil(), floor()
and trunc() to the corresponding long double functions.  This is not
just an optimization for these arches.  The full long double functions
have a wrong value for `huge', and the arches without full long doubles
depended on it being wrong.
2008-02-13 16:56:52 +00:00
Robert Watson
f7acb749fb Remove coda_namecache from coda5 as well. We should probably GC coda5
entirely at this point as coda6 is considered the supported branch.

MFC after:	1 month
2008-02-13 16:31:04 +00:00
Robert Watson
ff44888cb6 Remove coda_namecache from "options vcoda", it is no longer required.
MFC after:	1 month
Spotted by:	Tinderbox
2008-02-13 16:15:47 +00:00
Robert Watson
38ab9a906a Implement a rudimentary access cache for the Coda kernel module,
modeled on the access cache found in NFS, smbfs, and the Linux coda
module.  This is a positive access cache of a single entry per file,
tracking recently granted rights, but unlike NFS and smbfs,
supporting explicit invalidation by the distributed file system.

For each cnode, maintain a C_ACCCACHE flag indicating the validity
of the cache, and a cached uid and mode tracking recently granted
positive access control decisions.

Prefer the cache to venus_access() in VOP_ACCESS() if it is valid,
and when we must fall back to venus_access(), update the cache.

Allow Venus to clear the access cache, either the whole cache on
CODA_FLUSH, or just entries for a specific uid on CODA_PURGEUSER.
Unlike the Coda module on Linux, we don't flush all entries on a
user purge using a generation number, we instead walk present
cnodes and clear only entries for the specific user, meaning it is
somewhat more expensive but won't hit all users.

Since the Coda module is agressive about not keeping around
unopened cnodes, the utility of the cache is somewhat limited for
files, but works will for directories.  We should make Coda less
agressive about GCing cnodes in VOP_INACTIVE() in order to improve
the effectiveness of in-kernel caching of attributes and access
rights.

MFC after:	1 month
2008-02-13 15:45:12 +00:00
Bruce Evans
6597187205 Fix the C version of ceill(x) for -1 < x <= -0 in all rounding modes.
The result should be -0, but was +0.
2008-02-13 15:22:53 +00:00
Rong-En Fan
7913e26359 - Remove duplicate tputs.3 from MLINK. As we use termcap in the bsae, remove
the one links to curs_terminfo.

Submitted by:	David Naylor <blackdragon at highveldmail.co.za>
MFC after:	3 days
2008-02-13 14:34:39 +00:00
Robert Watson
d25a3c4c44 Remove now-unused Coda namecache.
MFC after:	1 month
2008-02-13 13:26:01 +00:00
Robert Watson
44abffb44b Rather than having the Coda module use its own namecache, use the global
VFS namecache, as is done by the Coda module on Linux.  Unlike the Coda
namecache, the global VFS namecache isn't tagged by credential, so use
ore conservative flushing behavior (for now) when CODA_PURGEUSER is
issued by Venus.

This improves overall integration with the FreeBSD VFS, including
allowing __getcwd() to work better, procfs/procstat monitoring, and so
on.  This improves shell behavior in many cases, and improves ".."
handling.  It may lead to some slowdown until we've implemented a
specific access cache, which should net improve performance, but in the
mean time, lookup access control now always goes to Venus, whereas
previously it didn't.

MFC after:	1 month
2008-02-13 13:06:22 +00:00
Attilio Rao
d1215e10d2 Fix a lock leak in the ntfs locking scheme:
When ntfs_ntput() reaches 0 in the refcount the inode lockmgr is not
released and directly destroyed. Fix this by unlocking the lockmgr() even
in the case of zero-refcount.

Reported by: dougb, yar, Scot Hetzel <swhetzel at gmail dot com>
Submitted by: yar
2008-02-13 13:02:12 +00:00
Bruce Evans
f01bfe5c6d Fix exp2*(x) on signaling NaNs by returning x+x as usual.
This has the side effect of confusing gcc-4.2.1's optimizer into more
often doing the right thing.  When it does the wrong thing here, it
seems to be mainly making too many copies of x with dependency chains.
This effect is tiny on amd64, but in some cases on i386 it is enormous.
E.g., on i386 (A64) with -O1, the current version of exp2() should
take about 50 cycles, but took 83 cycles before this change and 66
cycles after this change.  exp2f() with -O1 only speeded up from 51
to 47 cycles.  (exp2f() should take about 40 cycles, on an Athlon in
either i386 or amd64 mode, and now takes 42 on amd64).  exp2l() with
-O1 slowed down from 155 cycles to 123 for some args; this is unimportant
since the i386 exp2l() is a fake; the wrong thing for it seems to
involve branch misprediction.
2008-02-13 10:44:44 +00:00
Christian Brueffer
a733fdfe95 Remove dublicate MLINK.
Submitted by:	David Naylor <blackdragon@highveldmail.co.za>
2008-02-13 09:50:37 +00:00