Remove manual assignment of m_pkthdr from one mbuf to another in
ipsec_copypkt(), as this is already handled by the call to
M_MOVE_PKTHDR(), which also knows how to correctly handle MAC m_tags.
This corrects a panic when running with MAC and KAME IPSEC.
PR: kern/94599
Submitted by: zhouyi zhou <zhouyi04 at ios dot cn>
Reviewed by: bz, gnn
Approved by: re (mux)
- We only lock the local per-CPU page in the local dTLB, so accessing the
foreign per-CPU pages in cpu_ipi_send() in order to get the module IDs
of the other CPUs can cause a page fault. If this happens when doing a
TLB shootdown while dealing with another page fault this causes a panic
due to the recursive page fault. As I don't spot other code that assumes
or requires that accessing foreign per-CPU pages must not page fault
solve this by adding a statically allocated (and therefore locked as
part of the kernel pages) array which establishes a FreeBSD CPU ID ->
module ID relation and use that in cpu_ipi_selected().
- Fix a potential race in cpu_ipi_send(); as we don't serialize the access
to cpu_ipi_selected() between MI and MD use (only MI-MI and MD-MD) we
might catch the NACK bit caused by sending another IPI. Solve this by
checking the NACK bit in the contents of the interrupt dispatch status
reg read while interrupts were still turned off instead of reading that
reg anew after interrupts were turned on again. This is also what the
CPU docs suggest to do.
- Add a workaround for the SpitFire erratum #54 bug (affecting interrupt
dispatch). While public info regarding what this CPU bug actually causes
is not available testing shows that with the workaround in place it's
less likely to get a "couldn't send ipi" panic, it doesn't solve these
panics entirely though.
Approved by: re (mux)
Add convenience macros for the bits in ASI_ESTATE_ERROR_EN_REG (used
for ECC handling) and the additional uses of the ASIs 0x77 and 0x7f
as well as their bits (used for a CPU bug workaround).
Approved by: re (mux)
- Move the check for too high HZ values from tick_init() to tick_start()
as we have to call tick_init() before cninit() in order to provide the
low-level console drivers with a working DELAY() which in turn means we
cannot use panic() in tick_init().
- s,to high, too high, in the panic string
Approved by: re (mux)
- LK_RETRY means nothing when passed to VOP_LOCK. Call vn_lock instead.
- Move the vn_lock of the dvp until after we've unbusied the filesystem
to avoid a LOR with the mount point lock.
- In the v_mountedhere while loop we acquire a new instance of giant each
time through without releasing the first. This would cause us to leak
Giant.
Sponsored by: Isilon Systems, Inc.
Approved by: re (scottl)
Fix a bug in the NFS/TCP retransmission path.
The bug was that earlier, if a request was retransmitted,
we would do subsequent retransmits every 10 msecs.
This can cause data corruption under moderate loads by reordering
operations as seen by the client NFS attribute cache, and on the
server side when the retransmission occurs after the original request
has left the duplicate cache, since the operation will be committed
for a second time.
Further work on retransmission handling is needed (e.g. they are still
being done sent too often since they are scaled by HZ, and the size of
the dup cache is too small and easily overwhelmed on busy servers).
Submitted by: mohans
Approved by: re (mux)
Allow root to open jail PTYs from the host environment. This un-breaks using
utilities like watch(8) (or other programs which use snp(4)) to monitor
behavior within prisons from the host environment. This regression was
introduced when we changed the ioctl(SNPSTTY) to use a file descriptor
instead of a dev_t
Approved by: re (hrs)
The client's READDIRPLUS logic skips the attributes and
filehandle of the ".." entry. If the server doesn't send
attributes but does send a filehandle for "..", the
client's logic doesn't account for the extra "value
Fix a bug in NFSv3 READDIRPLUS reply processing
The client's READDIRPLUS logic skips the attributes and
filehandle of the ".." entry. If the server doesn't send
attributes but does send a filehandle for "..", the
client's logic doesn't account for the extra "value
follows" field that indicates whether the filehandle is
present, causing the remaining entries in the reply
to be ignored.
This is an MFC of 1.264 in the CURRENT branch.
Sponsored by: Network Appliance, Inc.
Reviewed by: rick, mohans
Approved by: re, silby
When the kernel is compiled with options IPXIP, run the network stack
with Giant, as there is current unsafety in the IPX tunneled over IP
code. There have been no reports of trouble, but there probably would
be if anyone were running this code at high speed on SMP systems.
Include kernel.h to get NET_NEEDS_GIANT() definition, which for some
reason compiled fine here. I may be running with other include file
changes locally.
Approved by: re (kensmith)
- When res_send() fails, we should reserve an error code.
- When res_nquerydomain() returns SERVFAIL, we should try next domain.
src/lib/libc/net/getaddrinfo.c: 1.75, 1.76
src/lib/libc/resolv/res_query.c: 1.3
Approved by: re (hrs)
The rpc.pcnfsd server was in the base for a little over seven
minutes back in 1994. Change the example entry to point at the
port, as per the entries for uucpd et al.
Approved by: re (kensmith)
Loopback pf_norm.c rev. 1.106 from OpenBSD:
fixup IP checksum when modifying IP header fields
PR: kern/93849
Obtained from: OpenBSD
Approved by: re (kensmith)
> Free the newtag if we exit with a failure from alloc_bounce_zone().
>
> Found by: Coverity Prevent(tm)
>
> Revision Changes Path
> 1.73 +3 -1 src/sys/amd64/amd64/busdma_machdep.c
> 1.76 +6 -1 src/sys/i386/i386/busdma_machdep.c
Approved by: re (mux)
>
> Don peril sensitive sunglasses and jack up the MAX_BPAGES limit to 8192
> on amd64. If you're going to stuff >4GB into your box, reserving 32MB for
> bonce pages amounts to a rounding error in the overall scheme of things.
>
> Revision Changes Path
> 1.72 +1 -1 src/sys/amd64/amd64/busdma_machdep.c
Approved by: re (mux)
events and turn off NIC interrupts while in the interrupt handler.
This fixes the device timeouts seen with the VMware LANCE.
- Relax the watchdog timer somewhat; don't enable it until the last
packet is enqueued and if there is a TX interrupt but there are
still outstanding ones reload the timer.
Approved by: re (hrs)
at reports that have the specified kind, instead of assuming that
there is only one report of the right kind in the report descriptor.
Approved by: re (kensmith)
it on the very beginning of the second sector. This makes it compatible
with labels created by disklabel(8) on non-512-byte-per-sector
devices.
Approved by: re
Fix version number when the feature was added.
Submitted by: Yoshihiko Sarumaru (mistral at imasy dot or dot jp)
PR: docs/93801 and docs/93803
Approved by: re (kensmith)
