213539 Commits

Author SHA1 Message Date
Brooks Davis
722bc9c00b Regen post r302096 and implement svr4_pipe().
Approved by:	re (implict, fixing build)
Sponsored by:	DARPA, AFRL
2016-06-23 00:30:09 +00:00
Brooks Davis
2b4a6471f4 Declare a svr4 version of pipe() now that sys_pipe() is no more.
Approved by:	re (implicit, fixing build)
Sponsored by:	DARPA, AFRL
2016-06-23 00:29:03 +00:00
Brooks Davis
a72c64b0b6 Generate syscall tables and update pipe() implementation after r302094.
Mark the pipe() system call as COMPAT10.

As of r302092 libc uses pipe2() with a zero flags value instead of pipe().

Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6816
2016-06-22 21:18:19 +00:00
Brooks Davis
e16e64098c Mark the pipe() system call as COMPAT10.
As of r302092 libc uses pipe2() with a zero flags value instead of pipe().

Commit with regenerated files and implementation to follow.

Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6816
2016-06-22 21:15:59 +00:00
Brooks Davis
e52e02ba24 Add support for COMPAT10 keywords in syscalls.master.
Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
2016-06-22 21:12:53 +00:00
Brooks Davis
b60998c633 Replace use of the pipe(2) system call with pipe2(2) with a zero flags
value.

This eliminates the need for machine dependant assembly wrappers for
pipe(2).

It also make passing an invalid address to pipe(2) return EFAULT rather
than triggering a segfault.  Document this behavior (which was already
true for pipe2(2), but undocumented).

Reviewed by:	andrew
Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6815
2016-06-22 21:11:27 +00:00
Mark Johnston
be20fc2e90 Do not complete pending gmirror BIOs when tearing down the provider.
This will result in lock recursion and is more generally incorrect since
the completion handlers will just reinsert the BIOs into the queue we're
trying to drain.

Reviewed by:	imp, ngie
Approved by:	re (gjb)
MFC after:	3 weeks
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D6908
2016-06-22 21:00:28 +00:00
Bryan Drewery
b38eb9eac8 Add AFLAGS.IMPSRC and document A[C]FLAGS
Approved by:	re (gjb)
Sponsored by:	EMC / Isilon Storage Division
2016-06-22 20:31:49 +00:00
Konstantin Belousov
95e2409a33 Fix a LOR between vnode locks and allproc_lock.
There is an order between covered vnode lock and allproc_lock, which
is established by calling mountcheckdirs() while owning the covered
vnode lock. mountcheckdirs() iterates over the processes, protected by
allproc_lock.  This order is needed and seems to be not avoidable.

On the other hand, various VM daemons also need to iterate over all
processes, and they lock and unlock user maps.  Since unlock of the
user map may trigger processing of the deferred map entries, it causes
vnode locking to occur.  Or, when vmspace is freed, dropping references
on the vnode-backed object also lock vnodes.  We get reverted order
comparing with the mount/unmount order.

For VM daemons, there is no need to own allproc_lock while we operate
on vmspaces. If the process is held, it serves as the marker for
allproc list, which allows to continue the iteration.

Add _PHOLD_LITE() macro, similar to _PHOLD(), but not causing swap-in
of the kernel stacks.  It is used instead of _PHOLD() in vm code,
since e.g. calling faultin() in OOM conditions only exaggerates the
problem.

Modernize comment describing PHOLD.

Reported by:	lists@yamagi.org
Tested by:	pho (previous version)
Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 week
Approved by:	re (gjb)
Differential revision:	https://reviews.freebsd.org/D6679
2016-06-22 20:15:37 +00:00
Bryan Drewery
e5bf62aac7 WITH_META_MODE: Whitelist 'make kernel-toolchain'
Approved by:	re (blanket, META_MODE)
Sponsored by:	EMC / Isilon Storage Division
2016-06-22 19:07:41 +00:00
Kenneth D. Merry
e5616d65d0 Fix a bug that caused da(4) peripheral drivers to not fully go away
after the underlying device went away.

The problem was that callers who queue the GEOM resize provider
event didn't check to make sure that the provider had not been
withered.  For the other equivalent case, g_new_provider_event(),
the code checks to see whether the provider has been withered
before queueing a g_new_provider_event() to the event thread.

In some cases, a resize provider event would come through after
the provider had been withered and all of the existing consumers
had been orphaned.  When the resize event triggered a taste of
the provider, that would attach a new consumer to the now
withered provider.  The wither washer (g_wither_washer() would
never be able to completely tear down the GEOM because of the
consumers that were hanging around.

The solution was to check the G_PF_WITHER provider flag before
queueing the g_resize_provider_event(), and add an assert to
g_resize_provider_event() to insure that it isn't called on a
withered provider.

sys/geom/geom_subr.c:
	In g_resize_provider(), don't try to continue if the
	G_PF_WITHER flag is set.

	In g_resize_provider_event(), add an assert that the
	G_PF_WITHER flag is not set.

	In g_access(), if a provider has an error, print out the
	name of the provider with the error.

Sponsored by:	Spectra Logic
Approved by:	re (marius)
MFC after:	3 days
2016-06-22 14:39:13 +00:00
Bjoern A. Zeeb
a97c790844 Add more fields to if_debug.c for ddb(4) 'show ifnet'; resort
some fields to match the order in the struct.  Especially needed
if_pf_kif to do pf(4) VNET debugging.

Approved by:	re (marius)
Obtained from:	projects/vnet
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2016-06-22 12:53:10 +00:00
Andrew Turner
add8a9c2d2 Fix a race when the hardware has raised an exception with an unknown or
uncategorised reason. We need to read the fault address register before
enabling interrupts as the interrupt handler may cause this register to
change.

Approved by:	re (marius, kib)
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-06-22 12:05:08 +00:00
Bjoern A. Zeeb
d3f6f80f4b After r302054 unloading an network interface driver on a kernel
without VIMAGE support would dereference a NULL point unconditionally
leading to a panic.  Wrap the entire VIMAGE related code with #ifdefs
rather than just the decision making part to save an extra bit of
resources.

Reported by:	np
Sponsored by:	The FreeBSD Foundation
MFC After:	13 days
Approved by:	re (marius)
2016-06-22 11:45:30 +00:00
Andrey V. Elsukov
a844d49cc6 Fix the NULL pointer dereference for unresolved link layer entries in
the netinet6 code. Copy link layer address only when corresponding entry
has LLE_VALID flag.

PR:		210379
Approved by:	re (kib)
2016-06-22 11:29:21 +00:00
Hans Petter Selasky
7bdc064b0b Implement libusb_hotplug_register_callback() and
libusb_hotplug_deregister_callback() for the LibUSB v1.0 API and
update the libusb(3) manual page.

Approved by:	re (kib)
Requested by:	swills
MFC after:	1 week
2016-06-22 10:38:41 +00:00
Hans Petter Selasky
bbd41717f0 Update the definition for number of scratch pages to match the latest
version of the XHCI specification. Make sure the code can handle the
maximum number of allowed scratch pages.

Submitted by:	Shichun_Ma@Dell.com
Approved by:	re (hrs)
MFC after:	1 week
2016-06-22 09:03:55 +00:00
Martin Matuska
f061a2215f MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
  (vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
  parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
  (vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
  (vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
  where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
  missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
  long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
  characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after:	1 week
Security:	CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by:	re (kib)
2016-06-22 07:49:59 +00:00
John Baldwin
b1012d8036 Account for AIO socket operations in thread/process resource usage.
File and disk-backed I/O requests store counts of read/written disk
blocks in each AIO job so that they can be charged to the thread that
completes an AIO request via aio_return() or aio_waitcomplete().  This
change extends AIO jobs to store counts of received/sent messages and
updates socket backends to set these counts accordingly.  Note that
the socket backends are careful to only charge a single messages for
each AIO request even though a single request on a blocking socket might
invoke sosend or soreceive multiple times.  This is to mimic the
resource accounting of synchronous read/write.

Adjust the UNIX socketpair AIO test to verify that the message resource
usage counts update accordingly for aio_read and aio_write.

Approved by:	re (hrs)
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D6911
2016-06-21 22:19:06 +00:00
Bryan Drewery
799483e49e META_MODE: Don't generate or read _EXTRADEPEND dependencies when using filemon.
The DPADD data in .depend will be redundant with what is in the .meta file.

Also extend NO_EXTRADEPEND support to bsd.prog.mk.

Approved by:	re (blanket, META_MODE)
Sponsored by:	EMC / Isilon Storage Division
2016-06-21 21:55:03 +00:00
Kenneth D. Merry
51b68003d9 Bump __FreeBSD_version to 1100118 for r302069, which breaks binary
compatibility for loadable modules that depend on struct disk.

Approved by:	re (delphij)
Sponsored by:	Spectra Logic
2016-06-21 20:28:30 +00:00
Kenneth D. Merry
1ff824e786 Fix a bug that caused da(4) instances to hang around after the underlying
device is gone.

The problem was that when disk_gone() is called, if the GEOM disk
creation process has not yet happened, the withering process
couldn't start.

We didn't record any state in the GEOM disk code, and so the d_gone()
callback to the da(4) driver never happened.

The solution is to track the state of the creation process, and
initiate the withering process from g_disk_create() if the disk is
being created.

This change does add fields to struct disk, and so I have bumped
DISK_VERSION.

geom_disk.c:	Track where we are in the disk creation process,
		and check to see whether our underlying disk has
		gone away or not.

		In disk_gone(), set a new d_goneflag variable that
		g_disk_create() can check to see if it needs to
		clean up the disk instance.

geom_disk.h:    Add a mutex to struct disk (for internal use) disk
		init level, and a gone flag.

		Bump DISK_VERSION because the size of struct disk has
		changed and fields have been added at the beginning.

Sponsored by:	Spectra Logic
Approved by:	re (marius)
2016-06-21 20:18:19 +00:00
Bryan Drewery
9c8809d77f Fix top-level builds with fmake / 9.x.
Reported by:	allanjude
Approved by:	re (marius)
Sponsored by:	EMC / Isilon Storage Division
2016-06-21 20:14:32 +00:00
Ian Lepore
45cd4c8cef Revert the recent armv6 changes to ALIGNED_POINTER(), restoring the
fully-pessimized implementation that requires a type to be aligned to
its natural size.

On armv6+ the compiler might generate load-/store-multiple instructions
which require 4-byte alignment even though the source code is only
accessing individual uint32_t values in a way that doesn't require any
particular alignment at all.  The compiler apparently feels free to
combine multiple accesses into a single instruction that requires a
more-strict alignment, and no set of compiler flags seems to disable
this behavior (at least in clang 3.8).

This fixes alignment faults on arm systems using wifi adapters.  The
wifi code uses ALIGNED_POINTER(p, uint32_t) to decide whether it needs
to copy-align tcp headers.  Because clang is combining several uint32_t
accesses into a single ldm instruction, we need to say that accessing a
uint32_t requires 4-byte alignment.

Approved by:	re(gjb)
2016-06-21 17:53:42 +00:00
Konstantin Belousov
d3b9828d0d The vmtotal sysctl handler marks active vm objects to calculate
statistics.  Marking is done by setting the OBJ_ACTIVE flag.  The
flags change is locked, but the problem is that many parts of system
assume that vm object initialization ensures that no other code could
change the object, and thus performed lockless.  The end result is
corrupted flags in vm objects, most visible is spurious OBJ_DEAD flag,
causing random hangs.

Avoid the active object marking, instead provide equally inexact but
immutable is_object_alive() definition for the object mapped state.

Avoid iterating over the processes mappings altogether by using
arguably improved definition of the paging thread as one which sleeps
on the v_free_count.

PR:	204764
Diagnosed by:	pho
Tested by:	pho (previous version)
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (gjb)
2016-06-21 17:49:33 +00:00
Adrian Chadd
4f5ec72aa4 [ath] fix TX throughput for EDMA chips by pushing more into the TX FIFO.
It turns out that getting decent performance requires stacking the TX
FIFO a little more aggressively.

* Ensure that when we complete a frame, we attempt to push a new frame
  into the FIFO so TX is kept as active as it needs to be
* Be more aggressive about batching non-aggregate frames into a single
  TX FIFO slot.  This "fixes" TDMA performance (since we only get one
  TX FIFO slot ungated per DMA beacon alert) but it does this by pushing
  a whole lot of work into the TX FIFO slot.

I'm not /entirely/ pleased by this solution, but it does fix a whole bunch
of corner case issues in the transmit side and fix TDMA whilst I'm at it.
I'll go revisit transmit packet scheduling in ath(4) post 11.

Tested:

* AR9380, STA mode
* AR9580, hostap mode
* AR9380, TDMA client mode

Approved by:	re (hrs)
2016-06-21 15:38:20 +00:00
Alan Somers
54edbcfb69 Fix uninitialized variable from r300881
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
	Initialize needs_update in vdev_geom_set_physpath

PR:		210409
Reported by:	kp
Reviewed by:	kp
Approved by:	re (hrs)
MFC after:	4 weeks
X-MFC-With:	300881
Sponsored by:	Spectra Logic Corp
2016-06-21 15:27:16 +00:00
Ed Maste
84e3706ca3 syscons.4,vt.4: update kern.vty description reflecting vt as default
rS274085 made vt(4) the default system console. Catch up to this in
the man page description for the kern.vty tunable.

Reviewed by:	bz
Approved by:	re (hrs)
Differential Revision:	https://reviews.freebsd.org/D6901
2016-06-21 14:16:32 +00:00
Bjoern A. Zeeb
89856f7e2d Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.

Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.

Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.

For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.

Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.

For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).

Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.

Approved by:		re (hrs)
Obtained from:		projects/vnet
Reviewed by:		gnn, jhb
Sponsored by:		The FreeBSD Foundation
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
Martin Matuska
3786dd4a5c Add two missing test files in r302037 2016-06-21 00:00:05 +00:00
Martin Matuska
a53ba8b978 Update vendor/libarchive to git 139d0576b51a253732a5ab1f66805dffbf8b00af
tag v3.2.1

Fixed vendor issues:
Issue 521: Properly check reading from lzss decompression buffer
Issue 717: Fix integer overflow when computing location of volume
           descriptor
Issue 718: Security fix TALOS-CAN-152
Issue 719: Security fix TALOS-CAN-154

Security:	TALOS-CAN-152, TALOS-CAN-154
2016-06-20 23:55:33 +00:00
Alan Somers
1fe8c3077f Skip sys/acl tests on systems lacking perl
tests/sys/acl/Makefile
	add perl to the required_programs for all tests in this directory

Reviewed by:	ngie
Approved by:	re (gjb)
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6870
2016-06-20 23:17:00 +00:00
Andriy Voskoboinyk
6ab1306e04 rtwn: fix Tx processing, add some busdma synchronization.
1) Unload mbuf instead of descriptor in rtwn_tx_done().
2) Add more synchronization for device visible mappings before
touching the memory.
3) Improve watchdog timer logic.

Reported and tested by:		mva

Approved by:	re (gjb)
2016-06-20 22:45:19 +00:00
Andriy Voskoboinyk
ae25eb977b urtwn: fix panic on device detach.
Remove frames from active/pending Tx queues and free related node
references when vap is destroyed to prevent various use-after-free
scenarios.

Reported and tested by: Aleksander Alekseev <afiskon@devzen.ru>
PR:		208632
Approved by:	re (gjb)
2016-06-20 22:39:32 +00:00
Stephen McConnell
f4e69c98fd - No log bit in IOCStatus and endian-safe changes.
Use MPI2_IOCSTATUS_MASK when checking IOCStatus to mask off the log bit, and
make a few more things endian-safe.

- Fix possible use of invalid pointer.

It was possible to use an invalid pointer to get the target ID value. To fix
this, initialize a local Target ID variable to an invalid value and change that
variable to a valid value only if the pointer to the Target ID is not NULL.

- No need to set the MPSSAS_SHUTDOWN flag because it's never used.

- done_ccb pointer can be used if it is NULL.

To prevent this, move check for done_ccb == NULL to before done_ccb is used in
mpssas_stop_unit_done().

- Disks can go missing until a reboot is done in some cases.

This is due to the DevHandle not being released, which causes the Firmware to
not allow that disk to be re-added.

Reviewed by:	ken
Approved by:	re (gjb), ken, scottl, ambrisko (mentors)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D6872
2016-06-20 18:14:51 +00:00
Adrian Chadd
d304f3093a [ath] implement TX queue configuration extensions for the AR9380 HAL.
Among other things, this introduces the idea of DBA-gated queues that
aren't the CABQ.  The TDMA support requires this.

Tested:

* AR9580 (hostap mode)
* AR9380 (sta mode)

Approved by:	re (gjb)
2016-06-20 16:12:27 +00:00
Konstantin Belousov
d9a503bec4 Fix typo. Note that atomic is still required even for interlocked case.
Sponsored by:	The FreeBSD Foundation
Approved by:	re (marius)
2016-06-20 15:45:50 +00:00
Baptiste Daroussin
bd51ae1287 Fix generation of locales with multiple variants
Serbian locales have triple components to represent the 2 variations of the
locale: Latin and Cyrillic. Previously the tools generatic the locale were
appending both definitions instead of differentiating them.

Reported by:	ache
Approved by:	re (gjb)
2016-06-20 06:45:42 +00:00
Wojciech Macek
0fbcaf7657 ARM64: bsdinstall support for creating EFI partitions
This patch enables bsdinstall to create EFI partition during installation and uploading it's contents,
    making the ARM64 FreeBSD installation bootable.

    Obtained from:         Semihalf
    Sponsored by:          Cavium
    Approved by:           re
    Reviewed by:           allanjude, emaste, nwhitehorn, wma
    Differential Revision: https://reviews.freebsd.org/D6853
2016-06-20 06:40:58 +00:00
Adrian Chadd
1a9bf047c2 [ath] fix EDMA TX buffer flags for use when retransmitting frames.
This started showing up when doing lots of aggregate traffic. For TDMA it's
always no-ACK traffic and I didn't notice this, and I didn't notice it
when doing 11abg traffic as it didn't fail enough in a bad way to trigger
this.

This showed up as the fifo depth being < 0.

Eg:

Jun 19 09:23:07 gertrude kernel: ath0: ath_tx_edma_push_staging_list: queued 2 packets; depth=2, fifo depth=1
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1, bf=0xfffffe000385f068, start=1, end=1
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1: FIFO depth is now 0 (1)
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1, bf=0xfffffe0003866fe8, start=0, end=1
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1: FIFO depth is now -1 (0)

So, clear the flags before adding them to a TX queue, so if they're
re-added for the retransmit path it'll clear whatever they were and
not double-account the FIFOEND flag.  Oops.

Tested:

* AR9380, STA mode, 11n iperf testing (~130mbit)

Approved by:	re (delphij)
2016-06-20 02:04:40 +00:00
Mike Karels
ced91c3c20 Add Mike Karels as committer, with gnn as mentor.
Approved by: gnn (mentor)
Approved by: re
2016-06-19 23:36:40 +00:00
Konstantin Belousov
04b49c9154 Remote and local adv lock servers might de-synchronize (the added comment
explains the plausible scenario), resulting in EDEADLK returned on the
local registration attempt.  Handle this by re-trying the local op [1].

On unmount, local registration abort is indicated as EINTR, abort the nlm
call as well.

Reported and tested by:	pho
Suggested and reviewed by:	dfr (previous version, [1])
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (delphij)
2016-06-19 18:32:35 +00:00
Konstantin Belousov
e37dfd3d2b Do not access NFS data for reclaimed vnode.
Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (delphij)
2016-06-19 18:29:43 +00:00
Adrian Chadd
03475bd01a [net80211] remove node scan lock / generation number + fix few LORs
Drop scan generation number and node table scan lock - the only place
where ni_scangen is checked is in ieee80211_timeout_stations() (and it
is used to prevent duplicate checking of the same node); node scan lock
protects only this variable + node table scan generation number.

This will fix (at least) next LOR (hostap mode):

lock order reversal:
1st 0xc175f84c urtwm0_scan_loc (urtwm0_scan_loc) @ /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:2019
2nd 0xc175e018 urtwm0_com_lock (urtwm0_com_lock) @ /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:2693
stack backtrace:
#0 0xa070d1c5 at witness_debugger+0x75
#1 0xa070d0f6 at witness_checkorder+0xd46
#2 0xa0694cce at __mtx_lock_flags+0x9e
#3 0xb03ad9ef at ieee80211_node_leave+0x12f
#4 0xb03afd13 at ieee80211_timeout_stations+0x483
#5 0xb03aa1c2 at ieee80211_node_timeout+0x42
#6 0xa06c6fa1 at softclock_call_cc+0x1e1
#7 0xa06c7518 at softclock+0xc8
#8 0xa06789ae at intr_event_execute_handlers+0x8e
#9 0xa0678fa0 at ithread_loop+0x90
#10 0xa0675fbe at fork_exit+0x7e
#11 0xa08af910 at fork_trampoline+0x8

In addition to the above:

* switch to ieee80211_iterate_nodes();
* do not assert that node table lock is held, while calling node_age();
  that's not really needed (there are no resources, which can be protected
  by this lock) + this fixes LOR/deadlock between ieee80211_timeout_stations()
  and ieee80211_set_tim() (easy to reproduce in HOSTAP mode while
  sending something to an STA with enabled power management).

Tested:

* (avos) urtwn0, hostap mode
* (adrian) AR9380, STA mode
* (adrian) AR9380, AR9331, AR9580, hostap mode

Notes:

* This changes the net80211 internals, so you have to recompile all of it
  and the wifi drivers.

Submitted by:	avos
Approved by:	re (delphij)
Differential Revision:	https://reviews.freebsd.org/D6833
2016-06-19 07:31:02 +00:00
Adrian Chadd
49236b4e99 [ath] add support for batching frames to the general TX queues.
It turns out the frame scheduling policies (eg DBA_GATED) operate on
a single TX FIFO entry.  ASAP scheduling is fine; those frames always
go out.

DBA-gated sets the TX queue ready when the DBA timer fires, which triggers
a beacon transmit.  Normally this is used for content-after-beacon queue
(CABQ) work, which needs to burst out immediately after a beacon.
(eg broadcast, multicast, etc frames.)  This is a general policy that you
can use for any queue, and Sam's TDMA code uses it.

When DBA_GATED is used and something like say, an 11e TX burst window,
it only operates on a single TX FIFO entry.  If you have a single frame
per TX FIFO entry and say, a 2.5ms long burst window (eg TDMA!) then it'll
only burst a single frame every 2.5ms.  If there's no gating (eg ASAP) then
the burst window is fine, and multiple TX FIFO slots get used.

The CABQ code does pack in a list of frames (ie, the whole cabq) but
up until this commit, the normal TX queues didn't.  It showed up when
I started to debug TDMA on the AR9380 and later.

This commit doesn't fix the TDMA case - that's still broken here, because
all I'm doing here is allowing 'some' frames to be bursting, but I'm
certainly not filling the whole TX FIFO slot entry with frames.
Doing that 'properly' kind of requires me to take into account how long
packets should take to transmit and say, doing 1.5 or something times that
per TX FIFO slot, as if you partially transmit a slot, when it's next
gated it'll just finish that TX FIFO slot, then not advance to the next
one.

Now, I /also/ think queuing a new packet restarts DMA, but you have to
push new frames into the TX FIFO.  I need to experiment some more with
this because if it's really the case, I will be able to do TDMA support
without the egregious hacks I have in my local tree.  Sam's TDMA code
for previous chips would just kick the TXE bit to push along DMA
again, but we can't do that for EDMA chips - we /have/ to push a new
frame into the TX FIFO to restart DMA.  Ugh.

Tested:

* AR9380, STA mode
* AR9380, hostap mode
* AR9580, hostap mode

Approved by:	re (gjb)
2016-06-19 03:45:32 +00:00
Hajimu UMEMOTO
47a8356221 - Prefer to use %d over %e where the day of the month should be zero
filled.
- Since %e means the day of the month as well, regard %e as same as %d
  in md_order.

Reported by:	vangyzen
Approved by:	re (gjb)
2016-06-19 03:44:32 +00:00
Eric van Gyzen
ee61689fdf Fix if_ntb interface setup to include IFF_MULTICAST.
This allows IPv6 link local addresses (and other IPv6 functionality) to work.

PR:		210355
Submitted by:	Steve Wahl and David Bright (both at Dell Inc.)
Reviewed by:	cem, mav
Tested by:	mav (on Intel hardware)
Approved by:	re (kib)
MFC after:	5 days
Sponsored by:	Dell Inc.
Differential Revision:	https://reviews.freebsd.org/D6885
2016-06-18 23:18:04 +00:00
Konstantin Belousov
c7239ca41a After the vnode unlock, mount point might be destroyed immediately,
dropping the reference on mnt_cred. Prevent this by referencing the
temporal credentials before unlock.

Tested by:	pho
Reviewed by:	dfr
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (gjb)
2016-06-18 20:22:53 +00:00
Konstantin Belousov
cacbedfc46 Fix gcc build.
Reported andt tested by:	swills
Sponsored by:	The FreeBSD Foundation
Approved by:	re (gjb)
2016-06-18 20:20:00 +00:00
Martin Matuska
dc919cebaf Update vendor/libarchive to git d85976e7ff4a062e1de6e04dab7bb78e3344768f
Fixed vendor issues:
Issue 553: Fix broken decryption for ZIP files
Issue 657: Allow up to 8k for the test root directory name
Issue 682: Correctly write gnutar filenames of exactly 512 bytes
Issue 708: tar should fail if a named input file is missing
PR 715: Fix libarchive/archive_read_support_format_mtree.c:1388:11:
        error: array subscript is above array bounds
2016-06-18 08:25:31 +00:00