56100 Commits

Author SHA1 Message Date
Maxim Konovalov
d46ff6bd1e o INP_ONESBCAST is inpcb.inp_vflag flag not inp_flags. The confusion
with IP_PORTRANGE_HIGH leads to the incorrect checksum calculation.

PR:		kern/87306
Submitted by:	Rickard Lind
Reviewed by:	bms
MFC after:	2 weeks
2005-10-12 18:13:25 +00:00
Doug Ambrisko
9ac16277e3 Use a better EVFILT_LIO description!
Submitted by:	alc
2005-10-12 18:07:13 +00:00
Doug Ambrisko
69cd28dacb Add in kqueue support to LIO event notification and fix how it handled
notifications when LIO operations completed.  These were the problems
with LIO event complete notification:
      -	Move all LIO/AIO event notification into one general function
	so we don't have bugs in different data paths.  This unification
	got rid of several notification bugs one of which if kqueue was
	used a SIGILL could get sent to the process.
      -	Change the LIO event accounting to count all AIO request that
	could have been split across the fast path and daemon mode.
	The prior accounting only kept track of AIO op's in that
	mode and not the entire list of operations.  This could cause
	a bogus LIO event complete notification to occur when all of
	the fast path AIO op's completed and not the AIO op's that
	ended up queued for the daemon.

Suggestions from:	alc
2005-10-12 17:51:31 +00:00
Robert Watson
606dcf085f When performing a VOP_LOOKUP() as part of UFS1 extended attribute
auto-start, set cnp.cn_lkflags to LK_EXCLUSIVE.  This flag must now
be set so that lockmgr knows what kind of lock to acquire, and it
will panic if not specified.  This resulted in a panic when using
extended attributes on UFS1 as of locking work present in the 6.x
branch.

This is a RELENG_6_0 merge candidate.

Reported by:	lofi
MFC after:	3 days
2005-10-12 14:18:58 +00:00
Gleb Smirnoff
32b33288f7 After rev. 1.103 the oitem and ierror are no longer needed, remove them. 2005-10-12 10:18:44 +00:00
Philip Paeps
7691747aac Unbreak the net.inet6.tcp6.getcred sysctl.
This makes inetd/auth work again in IPv6 setups.

Pointy hat to:	ume/KAME
2005-10-12 09:24:18 +00:00
Hajimu UMEMOTO
9129d539e2 AES counter mode uses 8byte IV, not 16 bytes.
Obtained from:	NetBSD
2005-10-12 09:13:48 +00:00
Diomidis Spinellis
9f5c1d1955 Move execve's access time update functionality into a new
vfs_mark_atime() function, and use the new function for
performing efficient atime updates in mmap().

Reviewed by:	bde
MFC after:	2 weeks
2005-10-12 06:56:00 +00:00
Bill Paul
85c13a8375 Convert ndis_set_info() and ndis_get_info() from using msleep()
to KeSetEvent()/KeWaitForSingleObject(). Also make object argument
of KeWaitForSingleObject() a void * like it's supposed to be.
2005-10-12 03:02:50 +00:00
Stephan Uphoff
4c0e268adf Ensure that a thread stays on same CPU when calculating per CPU
TLB shootdown requirements. Otherwise a CPU may not get the needed
TLB invalidation.

The PTE valid and access flags can not be used here to avoid TLB
shootdowns unless sf->cpumask == all_cpus.
( Otherwise some CPUs may still hold an even older entry in the TLB)
Since sf_buf_alloc mappings are normally always used this is
also not really useful and presetting accessed and modified
allows the CPU to speculatively load the entry into the TLB.

Both bugs can cause random data corruption.

MFC after:	3 days
2005-10-12 01:41:48 +00:00
Yaroslav Tykhiy
45c11f832a Mark sk(4) as capable of handling extended VLAN frames. NICs
based on XMAC II chip should be ready for this in their initial
mode of operation, and Yukon-based NICs are configured so by
the driver.

PR:		kern/79998
MFC after:	1 month
2005-10-11 22:55:16 +00:00
Bill Paul
93a08226da Fix build: remove stale KASSERT() for mutex that no longer exists. 2005-10-11 21:31:23 +00:00
Gleb Smirnoff
714fb86548 Fix a regression introduced in rev. 1.107. If an item once had a writer
semantics, and then was reused for next node, it still would be applied
as writer again.
  To fix the regression the decision is made never to alter item->el_flags
after the item has been allocated. This requires checking for overrides
both in ng_dequeue() and in ng_snd_item().

  Details:
  - Caller of the ng_apply_item() knows what is the current access to
    node and specifies it to ng_apply_item(). The latter drops the
    given access after item has beem applied.
  - ng_dequeue() needs to be supplied with int pointer, where it stores
    the obtained access on node.
  - Check for node/hook access overrides in ng_dequeue().
2005-10-11 13:48:38 +00:00
Gleb Smirnoff
547faba51c Style and other fixes for the last commit.
Submitted by:	ru
2005-10-11 09:11:57 +00:00
Gleb Smirnoff
b7d59baad1 Fix typo.
Submitted by:	maxim
MFC after:	3 days
2005-10-11 07:30:06 +00:00
Andrew Thompson
8eb8e358a0 Do not unconditionally set a spanning tree port to forwarding as the link may be
down when we attach. We wont get updated until a linkstate change happens.

Go via bstp_ifupdstatus() which checks the media status first.
2005-10-11 02:58:32 +00:00
Warner Losh
6d89d89383 IDs for generic card, airvast wm_100, i-o data wn-b11/cfz
Some of these may have been obtained from OpenBSD...
2005-10-11 01:05:39 +00:00
Warner Losh
3703310002 Buffalo LPC4/CLX ID 2005-10-11 01:04:16 +00:00
Warner Losh
d0948af5ae New OEM generic card. "10/100 Fast Ethernet PC Card". It has a
generic sounding CIS "PCMCIA", "FAST ETHERENT CARD" and a bogus MANFID
code (0xffff and 0x1090).  However, since I'm not aware of 'generic'
cards that aren't NE-2000oids, go with that and hope for the best.
2005-10-11 01:02:16 +00:00
Scott Long
81b3da088a Fix a missing set of lock operations.
Submitted by: green
PR: 87191
2005-10-10 20:13:31 +00:00
Søren Schmidt
e0c41a23d7 Correct the former patch to the way it would have looked after review. 2005-10-10 19:13:27 +00:00
Søren Schmidt
8e4e979e1e Properly react to allocation failures.
Found by:	imp@
2005-10-10 19:12:43 +00:00
Tor Egge
48c2ac4539 Avoid unintended VMIO on directories and symlinks due to leftover object
not having been destroyed.
2005-10-10 19:02:04 +00:00
Bill Paul
31333e7fcb Grrr. Add one more missing NDIS_UNLOCK(). 2005-10-10 18:41:36 +00:00
Bill Paul
c4095c0551 Add missing NDIS_UNLOCK() in one of the failure cases in SIOCGPRIVATE_0. 2005-10-10 18:17:46 +00:00
Bill Paul
21628ddbd6 This commit makes a big round of updates and fixes many, many things.
First and most importantly, I threw out the thread priority-twiddling
implementation of KeRaiseIrql()/KeLowerIrq()/KeGetCurrentIrql() in
favor of a new scheme that uses sleep mutexes. The old scheme was
really very naughty and sought to provide the same behavior as
Windows spinlocks (i.e. blocking pre-emption) but in a way that
wouldn't raise the ire of WITNESS. The new scheme represents
'DISPATCH_LEVEL' as the acquisition of a per-cpu sleep mutex. If
a thread on cpu0 acquires the 'dispatcher mutex,' it will block
any other thread on the same processor that tries to acquire it,
in effect only allowing one thread on the processor to be at
'DISPATCH_LEVEL' at any given time. It can then do the 'atomic sit
and spin' routine on the spinlock variable itself. If a thread on
cpu1 wants to acquire the same spinlock, it acquires the 'dispatcher
mutex' for cpu1 and then it too does an atomic sit and spin to try
acquiring the spinlock.

Unlike real spinlocks, this does not disable pre-emption of all
threads on the CPU, but it does put any threads involved with
the NDISulator to sleep, which is just as good for our purposes.

This means I can now play nice with WITNESS, and I can safely do
things like call malloc() when I'm at 'DISPATCH_LEVEL,' which
you're allowed to do in Windows.

Next, I completely re-wrote most of the event/timer/mutex handling
and wait code. KeWaitForSingleObject() and KeWaitForMultipleObjects()
have been re-written to use condition variables instead of msleep().
This allows us to use the Windows convention whereby thread A can
tell thread B "wake up with a boosted priority." (With msleep(), you
instead have thread B saying "when I get woken up, I'll use this
priority here," and thread A can't tell it to do otherwise.) The
new KeWaitForMultipleObjects() has been better tested and better
duplicates the semantics of its Windows counterpart.

I also overhauled the IoQueueWorkItem() API and underlying code.
Like KeInsertQueueDpc(), IoQueueWorkItem() must insure that the
same work item isn't put on the queue twice. ExQueueWorkItem(),
which in my implementation is built on top of IoQueueWorkItem(),
was also modified to perform a similar test.

I renamed the doubly-linked list macros to give them the same names
as their Windows counterparts and fixed RemoveListTail() and
RemoveListHead() so they properly return the removed item.

I also corrected the list handling code in ntoskrnl_dpc_thread()
and ntoskrnl_workitem_thread(). I realized that the original logic
did not correctly handle the case where a DPC callout tries to
queue up another DPC. It works correctly now.

I implemented IoConnectInterrupt() and IoDisconnectInterrupt() and
modified NdisMRegisterInterrupt() and NdisMDisconnectInterrupt() to
use them. I also tried to duplicate the interrupt handling scheme
used in Windows. The interrupt handling is now internal to ndis.ko,
and the ndis_intr() function has been removed from if_ndis.c. (In
the USB case, interrupt handling isn't needed in if_ndis.c anyway.)

NdisMSleep() has been rewritten to use a KeWaitForSingleObject()
and a KeTimer, which is how it works in Windows. (This is mainly
to insure that the NDISulator uses the KeTimer API so I can spot
any problems with it that may arise.)

KeCancelTimer() has been changed so that it only cancels timers, and
does not attempt to cancel a DPC if the timer managed to fire and
queue one up before KeCancelTimer() was called. The Windows DDK
documentation seems to imply that KeCantelTimer() will also call
KeRemoveQueueDpc() if necessary, but it really doesn't.

The KeTimer implementation has been rewritten to use the callout API
directly instead of timeout()/untimeout(). I still cheat a little in
that I have to manage my own small callout timer wheel, but the timer
code works more smoothly now. I discovered a race condition using
timeout()/untimeout() with periodic timers where untimeout() fails
to actually cancel a timer. I don't quite understand where the race
is, using callout_init()/callout_reset()/callout_stop() directly
seems to fix it.

I also discovered and fixed a bug in winx32_wrap.S related to
translating _stdcall calls. There are a couple of routines
(i.e. the 64-bit arithmetic intrinsics in subr_ntoskrnl) that
return 64-bit quantities. On the x86 arch, 64-bit values are
returned in the %eax and %edx registers. However, it happens
that the ctxsw_utow() routine uses %edx as a scratch register,
and x86_stdcall_wrap() and x86_stdcall_call() were only preserving
%eax before branching to ctxsw_utow(). This means %edx was getting
clobbered in some cases. Curiously, the most noticeable effect of this
bug is that the driver for the TI AXC110 chipset would constantly drop
and reacquire its link for no apparent reason. Both %eax and %edx
are preserved on the stack now. The _fastcall and _regparm
wrappers already handled everything correctly.

I changed if_ndis to use IoAllocateWorkItem() and IoQueueWorkItem()
instead of the NdisScheduleWorkItem() API. This is to avoid possible
deadlocks with any drivers that use NdisScheduleWorkItem() themselves.

The unicode/ansi conversion handling code has been cleaned up. The
internal routines have been moved to subr_ntoskrnl and the
RtlXXX routines have been exported so that subr_ndis can call them.
This removes the incestuous relationship between the two modules
regarding this code and fixes the implementation so that it honors
the 'maxlen' fields correctly. (Previously it was possible for
NdisUnicodeStringToAnsiString() to possibly clobber memory it didn't
own, which was causing many mysterious crashes in the Marvell 8335
driver.)

The registry handling code (NdisOpen/Close/ReadConfiguration()) has
been fixed to allocate memory for all the parameters it hands out to
callers and delete whem when NdisCloseConfiguration() is called.
(Previously, it would secretly use a single static buffer.)

I also substantially updated if_ndis so that the source can now be
built on FreeBSD 7, 6 and 5 without any changes. On FreeBSD 5, only
WEP support is enabled. On FreeBSD 6 and 7, WPA-PSK support is enabled.

The original WPA code has been updated to fit in more cleanly with
the net80211 API, and to eleminate the use of magic numbers. The
ndis_80211_setstate() routine now sets a default authmode of OPEN
and initializes the RTS threshold and fragmentation threshold.
The WPA routines were changed so that the authentication mode is
always set first, followed by the cipher. Some drivers depend on
the operations being performed in this order.

I also added passthrough ioctls that allow application code to
directly call the MiniportSetInformation()/MiniportQueryInformation()
methods via ndis_set_info() and ndis_get_info(). The ndis_linksts()
routine also caches the last 4 events signalled by the driver via
NdisMIndicateStatus(), and they can be queried by an application via
a separate ioctl. This is done to allow wpa_supplicant to directly
program the various crypto and key management options in the driver,
allowing things like WPA2 support to work.

Whew.
2005-10-10 16:46:39 +00:00
Joseph Koshy
126a039375 Bug fix initialization on multi-core HTT CPUs.
Reported by:	ps
Tested by:	ps
2005-10-10 15:21:08 +00:00
Gleb Smirnoff
376e05d113 ALTQ support for ng_iface(4). Before turning on please consult manual page. 2005-10-10 15:12:59 +00:00
Tor Egge
8272da3106 Release clean buffer with wrong size and no dependencies also for non-VMIO
case.
2005-10-09 22:41:25 +00:00
Tor Egge
4e0cd00988 Adjust totread argument passed to cluster_read() to account for offset not
being block aligned.
2005-10-09 21:11:25 +00:00
Peter Edwards
96ca84d197 When breaking up a large request into smaller ones for the strategy
routine, create all the child bio objects before starting the
requests, rather than starting them as created. This closes a race
whereby some number of child operations could complete before the
rest were ever created, and prematurely freeing the parent bio.
This fixes the panics installing in VMWare and qemu
2005-10-09 21:11:05 +00:00
Tor Egge
9248a8271c Don't pretend that a failed sync write was succesful. 2005-10-09 20:49:01 +00:00
Tor Egge
021869b542 Reduce probability for a deadlock that can occur when a snapshot inode is
updated by a process holding the snapshot lock.  Another process updating a
different inode in the same inodeblock will do copy on write checks and lock in
the opposite direction.

The snapshot code force a copy on write of these blocks manually (cf. start of
expunge_ufs[12]) and these inode blocks are later put on snapblklist.

This partial fix is to 'drain' the relevant ffs_copyonwrite() operation after
installing new snapblklist.  This is not a 100% solution since a failed block
allocation can cause implicit fsync() which might deadlock before the new
snapblklist has been installed.
2005-10-09 20:15:15 +00:00
Tor Egge
d4d530da96 Eliminate a deadlock that can occur when a dirty block belonging to a snapshot
file is flushed by a process not holding snaplk (e.g. bufdaemon).  Another
process might hold snaplk and try to access the block due to ffs_copyonwrite
processing.
2005-10-09 20:07:51 +00:00
Tor Egge
45f91051da Eliminate a deadlock that can occur during the cgaccount() processing due to
the cg map buffer being held when writing indirect blocks.  The process ends up
in ffs_copyonwrite(), attempting to get snaplk while holding the cg map buffer
lock.

Another process might be in ffs_copyonwrite(), trying to allocate a new block
for a copy.  It would hold snaplk while trying to get the cg map buffer lock.

Release the cg map buffer early and use the copy for most of the cgaccount
processing to avoid this deadlock.
2005-10-09 20:00:16 +00:00
Tor Egge
17026ff61a Reduce the probability of low block numbers passed to ffs_snapblkfree() by
skipping the call from ffs_snapremove() if the block number is zero.

Simplify snapshot locking in ffs_copyonwrite() and ffs_snapblkfree() by using
the same locking protocol for low block numbers as for larger block numbers.
This removes a lock leak that could happen if vn_lock() succeeded after
lockmgr() failed in ffs_snapblkfree().

Check if snapshot is gone before retrying a lock in ffs_copyonwrite().
2005-10-09 19:45:01 +00:00
Tor Egge
c73e9e9c7b Reinitialize v_type and v_op fields in case vnode has been reused without
reclamation.  If the vnode previously was a fifo then v_op would point to
ffs_fifoops[12] instead of the expected ffs_vnodeops[12], causing a panic at
the end of ffsext_strategy.
2005-10-09 19:06:34 +00:00
Marcel Moolenaar
ada6a4d2b7 Rough implementation of the create and add verbs. The verbs cause
in-memory changes only and as such are only useful for prototyping
and regression testing purposes.
2005-10-09 17:10:35 +00:00
Craig Rodrigues
a3d7f575c0 - Do not hardcode the bsize to a sectorsize of 2048, even though
the UDF specification specifies a logical sectorsize of 2048.
  Instead, get it from GEOM.
- When reading the UDF Anchor Volume Descriptor, use the logical
  sectorsize of 2048 when calculating the offset to read from, but
  use the actual sectorsize to determine how much to read.

- works with reading a DVD disk and a DVD disk image file via mdconfig
- correctly returns EINVAL if we try to mount_udf an audio CD, instead
  of panicking inside GEOM when INVARIANTS is set
2005-10-09 04:45:33 +00:00
Christian S.J. Peron
a5b7fde722 Lock object while we iterate through it's backing objects.
Discussed with:	alc
2005-10-09 02:37:27 +00:00
Scott Long
8eeb2ca6bf Ue a better msleep identifier. Fix some whitespace. 2005-10-08 22:41:57 +00:00
Scott Long
7a48c6d4ea aac_intr0 rotted long ago, remove it. 2005-10-08 22:36:54 +00:00
Dag-Erling Smørgrav
3803b26bae As alc pointed out to me, vm_page.c 1.305 was incomplete: uma_startup()
still uses the constant UMA_BOOT_PAGES.  Change it to accept boot_pages
as an additional argument.

MFC after:	2 weeks
2005-10-08 21:03:54 +00:00
Scott Long
7cb209f5d0 Mega Update to the aac driver to support a whole new family of cards and
the modified interface that they use.  Changes include:

- Register a different interrupt handler for the new interface.  This one is
  INTR_MPSAFE, not INTR_FAST, and directly processes completions and AIFs.
- Add an event registration and callback mechanism for the ioctl and CAM
  modules can know when a resource shortage clears.  This condition was
  previously fatal in CAM due to programming oversights.
- Fix locking to play better with newbus.
- Provide access methods for talking to cards with the NEWCOMM interface.
- Fix up the CAM module to be better suited for dealing with newer firmware
  on the PERC Si/Di series that requires talking to plain SCSI via aac.
- Add a whole slew of new PCI Id's.

Thanks to Adaptec for providing an initial version of this work and for
answering countless questions about it.  There are still some rough edges in
this, but it works well enough to commit and test for now.

Obtained from: Adaptec, Inc.
2005-10-08 15:55:09 +00:00
Seigo Tanimura
314378233c In ngt_input(), do not derefer sc (= (sc_p) tp->t_lsc) before making
sure sc != NULL.
2005-10-08 11:03:29 +00:00
Warner Losh
7f33c2df93 MFP4: More removal of unused stuff. 2005-10-08 06:58:51 +00:00
Warner Losh
f481fa4d29 MFP4: Changes to hopefully make the new power code work better
o Rather than just try to turn off EXCA_INTR_RESET, set the entire register
  to 0.  This is slightly faster, and a better hammer.
o Move attempted clearing of the output enable (EXCA_PWRCTL_OE) back to
  after we turn off the power.  Modify it to write 0 so that we don't get
  Bad Vcc messages on TI bridges (untested, but ru@ sent me a similar patch)
  while at the same time avoiding interrupt storms on Ricoh bridges (tested
  by me on my Sony).

# Many of my observations of 'breakage' for this patch are due to some bug
# in the load/unload of cbb.ko unlreated to this change.  I'll be investigating
# and fixing that bug in the fullness of time.
2005-10-08 06:57:13 +00:00
Warner Losh
f1abc0ea53 MFP4: We no longer use intr_handlers, so remove it. 2005-10-08 06:53:17 +00:00
Warner Losh
ed448ee4de MFP4: Note why we do the dance we do for waiting for the thread to die. 2005-10-08 06:51:47 +00:00
Scott Long
a3699bcaa6 Remove a couple of explicit memset(0) ops that were zeroing past the end of
an allocation.  This fixes the malloc 'use after free' panic on boot that
many were seeing.  It doesn't solve the problem of the allocations being
cached and then written past their bounds later.  That will take more work.

Submitted by: kan
2005-10-08 05:16:45 +00:00