In struct:gctl_req, nargs is unsigned.
In mirror:
g_mirror_syncreqs is unsigned.
In raid:
in struct:g_raid_volume, v_disks_count is unsigned.
In virstor:
in struct:g_virstor_softc, n_components is unsigned.
MFC after: 2 weeks
This greatly reduces the oqdrops under heavy workload.
For TCP send/recv test (10K concurrent connections):
oqdrops is reduced by 17% on sending side, and 57% on receiving side.
For nginx-1.8/wrk-4 1KB object test (10K concurrent connections,
4 requests/connection):
oqdrops is reduced by 44% on nginx side, and 10% on wrk side.
MFC after: 1 week
Sponsored by: Microsoft OSTC
put it off into the pr_task. This is similar to prison_free, and in fact
uses the same task even though they do something slightly different.
This resolves a LOR between the process lock and allprison_lock, which
came about in r298565.
PR: 48471
Any value of uint16_t will be internally promoted to int so
changing them to an unsigned value doesn't help.
Missing revert value in suj_read().
X-MFC with: r298551
Any value of uint16_t will be internally promoted to int so
changing them to an unsigned value doesn't help.
Make clear we want to use uint32_t for closedisk()
X-MFC with: r298551
The facility_initialized and facility arrays are the same size and were
intended to be indexed the same. I believe this mismatch was just a
typo/braino in r208731.
Reported by: Coverity
CID: 1017430
Sponsored by: EMC / Isilon Storage Division
An mbpool is allocated with a contiguous array of mbpages. Freeing an
individual mbpage has never been valid. Don't do it.
This bug has been present since this code was introduced in r117624 (2003).
Reported by: Coverity
CID: 1009687
Sponsored by: EMC / Isilon Storage Division
- Factor out common part to zynq-7000.dtsi
- Fix problem with Zynq interrupts by using interrupt "triples"
in .dtsi file to differentiate between edge-triggered and
level-triggered interrupts
- cgem driver now recognizes "status" property
Submitted by: Thomas Skibo <thomasskibo@yahoo.com>
Differential Revision: https://reviews.freebsd.org/D6095
The disgusting macro INP_WLOCK_RECHECK may early-return. In
tcp_default_ctloutput() the TCP_CCALGOOPT case allocates memory before invoking
this macro, which may leak memory.
Add a _CLEANUP variant that takes a code argument to perform variable cleanup
in the early return path. Use it to free the 'pbuf' allocated in
tcp_default_ctloutput().
I am not especially happy with this macro, but I reckon it's not any worse than
INP_WLOCK_RECHECK already was.
Reported by: Coverity
CID: 1350286
Sponsored by: EMC / Isilon Storage Division
This value is u32 on disk, but assigned to an int in memory. After we do the
implicit conversion via assignment, check that the result is at least one[1]
(non-negative[2]).
1. The subsequent for-loop iterates from gpt_entries minus one, down, until
reaching zero. A negative or zero initial index results in undefined signed
integer overflow.
2. It is also used to index into arrays later.
In practice, we expected non-malicious disks to contain small positive values.
Reported by: Coverity
CID: 1223202
Sponsored by: EMC / Isilon Storage Division
The softc member 'ciss_logical' is an array of 'ciss_max_logical_bus' members.
Most of the time it is iterated correctly. This patch fixes the two instances
where the driver iterated off the end of the array.
Reported by: Coverity
CID: 1305492
Sponsored by: EMC / Isilon Storage Division
ism_stop() already destroys and frees 'sp', including a call to ic_destroy().
Don't dereference 'sp' after ism_stop() and don't invoke ic_destroy() on the
freed memory either.
Reported by: Coverity
CIDs: 1006109, 1304861
Sponsored by: EMC / Isilon Storage Division
It seems that the only way to supply dtb to loader on Zynq-based
SoCs is to manually generate dtb and place it to pre-defined location
on SD card or TFTP server where loader can pick it up. More modern
approach is to add modules/dtb/%soc% module and let installworld
target generate dtb and copy them to /boot/dtb/ where they can be
loaded by ubldr
In win2unixfn() we expand Windows 95 style long names. In some cases that
requires moving the data in the nbp->nb_buf buffer backwards to make room. That
code failed to check for overflows, leading to a stack overflow in win2unixfn().
We now check for this event, and mark the entire conversion as failed in that
case. This means we present the 8 character, dos style, name instead.
PR: 204643
Differential Revision: https://reviews.freebsd.org/D6015
It seems rn_dupedkey may be NULL, because of the NULL check inside the loop.
(Also, the rt gets assigned from rn_dupedkey and NULL checked at top of loop.)
However, the for-loop update condition happens before the top-of-loop check and
dereferences 'rt' unconditionally.
Instead, NULL-check before dereferencing.
If rn_dupedkey cannot in fact be NULL, or something else protects this, feel
free to revert this and add an ASSERT of some kind instead.
This was introduced in r191080 (2009) and moved around slightly in r293657.
Reported by: Coverity
CID: 1348482
Sponsored by: EMC / Isilon Storage Division
This is a trivial follow-up to r296308. Annotate the intentional fallthrough
to make it clear for future readers and linters.
Reported by: Coverity
CID: 1352716
Discussed with: jhb
Sponsored by: EMC / Isilon Storage Division
This is a minor follow-up to r297422, prompted by a Coverity warning. (It's
not a real defect, just a code smell.) OSD slot array reservations are an
array of pointers (void **) but were cast to void* and back unnecessarily.
Keep the correct type from reservation to use.
osd.9 is updated to match, along with a few trivial igor fixes.
Reported by: Coverity
CID: 1353811
Sponsored by: EMC / Isilon Storage Division
Remove the semicolon accidentally added after the new conditional that tests
that /dev/zero is opened successfully.
MFC after: 1 week
X-MFC with: r298368
Pointhat to: ngie
Reported by: Coverity
CID: 1354980
Sponsored by: EMC / Isilon Storage Division
Introduced in r298594. There is no path before the 'vap == NULL' check where
vap is not already dereferenced.
Reported by: Coverity
CID: 1354979
Sponsored by: EMC / Isilon Storage Division
Without this the incremental build was broken since .depend.* are not
generated with .MAKE.MODE=meta and .meta files were not created to
track dependencies. Typically meta mode does not create .meta files
when building with curdir==objdir but the kernel build is special.
Reported by: Nikolai Lifanov <lifanov@mail.lifanov.com>
Sponsored by: EMC / Isilon Storage Division