Commit Graph

222952 Commits

Author SHA1 Message Date
bz
82f8e32710 Check the V_tcbinfo.ipi_count to hit 0 before doing the full TCP cleanup.
That way timers can finish cleanly and we do not gamble with a DELAY().

Reviewed by:		gnn, jtl
Approved by:		re (gjb)
Obtained from:		projects/vnet
MFC after:		2 weeks
Sponsored by:		The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6923
2016-06-23 00:34:03 +00:00
bz
cd2b4aba5e No longer mark TCP TW zone NO_FREE.
Timewait code does a proper cleanup after itself.

Reviewed by:		gnn
Approved by:		re (gjb)
Obtained from:		projects/vnet
MFC after:		2 weeks
Sponsored by:		The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D6922
2016-06-23 00:32:58 +00:00
brooks
445f3c92c4 Regen post r302096 and implement svr4_pipe().
Approved by:	re (implict, fixing build)
Sponsored by:	DARPA, AFRL
2016-06-23 00:30:09 +00:00
brooks
581260595b Declare a svr4 version of pipe() now that sys_pipe() is no more.
Approved by:	re (implicit, fixing build)
Sponsored by:	DARPA, AFRL
2016-06-23 00:29:03 +00:00
brooks
251cde9f5a Generate syscall tables and update pipe() implementation after r302094.
Mark the pipe() system call as COMPAT10.

As of r302092 libc uses pipe2() with a zero flags value instead of pipe().

Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6816
2016-06-22 21:18:19 +00:00
brooks
e4ef2142c8 Mark the pipe() system call as COMPAT10.
As of r302092 libc uses pipe2() with a zero flags value instead of pipe().

Commit with regenerated files and implementation to follow.

Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6816
2016-06-22 21:15:59 +00:00
brooks
a11d117db1 Add support for COMPAT10 keywords in syscalls.master.
Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
2016-06-22 21:12:53 +00:00
brooks
ecead64b41 Replace use of the pipe(2) system call with pipe2(2) with a zero flags
value.

This eliminates the need for machine dependant assembly wrappers for
pipe(2).

It also make passing an invalid address to pipe(2) return EFAULT rather
than triggering a segfault.  Document this behavior (which was already
true for pipe2(2), but undocumented).

Reviewed by:	andrew
Approved by:	re (gjb)
Sponsored by:	DARPA, AFRL
Differential Revision:	https://reviews.freebsd.org/D6815
2016-06-22 21:11:27 +00:00
markj
a8b2bf9492 Do not complete pending gmirror BIOs when tearing down the provider.
This will result in lock recursion and is more generally incorrect since
the completion handlers will just reinsert the BIOs into the queue we're
trying to drain.

Reviewed by:	imp, ngie
Approved by:	re (gjb)
MFC after:	3 weeks
Sponsored by:	EMC / Isilon Storage Division
Differential Revision:	https://reviews.freebsd.org/D6908
2016-06-22 21:00:28 +00:00
bdrewery
e6811f9793 Add AFLAGS.IMPSRC and document A[C]FLAGS
Approved by:	re (gjb)
Sponsored by:	EMC / Isilon Storage Division
2016-06-22 20:31:49 +00:00
kib
c7d26e1c75 Fix a LOR between vnode locks and allproc_lock.
There is an order between covered vnode lock and allproc_lock, which
is established by calling mountcheckdirs() while owning the covered
vnode lock. mountcheckdirs() iterates over the processes, protected by
allproc_lock.  This order is needed and seems to be not avoidable.

On the other hand, various VM daemons also need to iterate over all
processes, and they lock and unlock user maps.  Since unlock of the
user map may trigger processing of the deferred map entries, it causes
vnode locking to occur.  Or, when vmspace is freed, dropping references
on the vnode-backed object also lock vnodes.  We get reverted order
comparing with the mount/unmount order.

For VM daemons, there is no need to own allproc_lock while we operate
on vmspaces. If the process is held, it serves as the marker for
allproc list, which allows to continue the iteration.

Add _PHOLD_LITE() macro, similar to _PHOLD(), but not causing swap-in
of the kernel stacks.  It is used instead of _PHOLD() in vm code,
since e.g. calling faultin() in OOM conditions only exaggerates the
problem.

Modernize comment describing PHOLD.

Reported by:	lists@yamagi.org
Tested by:	pho (previous version)
Reviewed by:	jhb
Sponsored by:	The FreeBSD Foundation
MFC after:	3 week
Approved by:	re (gjb)
Differential revision:	https://reviews.freebsd.org/D6679
2016-06-22 20:15:37 +00:00
bdrewery
fffb16d7f6 WITH_META_MODE: Whitelist 'make kernel-toolchain'
Approved by:	re (blanket, META_MODE)
Sponsored by:	EMC / Isilon Storage Division
2016-06-22 19:07:41 +00:00
ken
dc39e6d1fa Fix a bug that caused da(4) peripheral drivers to not fully go away
after the underlying device went away.

The problem was that callers who queue the GEOM resize provider
event didn't check to make sure that the provider had not been
withered.  For the other equivalent case, g_new_provider_event(),
the code checks to see whether the provider has been withered
before queueing a g_new_provider_event() to the event thread.

In some cases, a resize provider event would come through after
the provider had been withered and all of the existing consumers
had been orphaned.  When the resize event triggered a taste of
the provider, that would attach a new consumer to the now
withered provider.  The wither washer (g_wither_washer() would
never be able to completely tear down the GEOM because of the
consumers that were hanging around.

The solution was to check the G_PF_WITHER provider flag before
queueing the g_resize_provider_event(), and add an assert to
g_resize_provider_event() to insure that it isn't called on a
withered provider.

sys/geom/geom_subr.c:
	In g_resize_provider(), don't try to continue if the
	G_PF_WITHER flag is set.

	In g_resize_provider_event(), add an assert that the
	G_PF_WITHER flag is not set.

	In g_access(), if a provider has an error, print out the
	name of the provider with the error.

Sponsored by:	Spectra Logic
Approved by:	re (marius)
MFC after:	3 days
2016-06-22 14:39:13 +00:00
bz
c6ed0e2c5f Add more fields to if_debug.c for ddb(4) 'show ifnet'; resort
some fields to match the order in the struct.  Especially needed
if_pf_kif to do pf(4) VNET debugging.

Approved by:	re (marius)
Obtained from:	projects/vnet
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2016-06-22 12:53:10 +00:00
andrew
4c327142ba Fix a race when the hardware has raised an exception with an unknown or
uncategorised reason. We need to read the fault address register before
enabling interrupts as the interrupt handler may cause this register to
change.

Approved by:	re (marius, kib)
Obtained from:	ABT Systems Ltd
Sponsored by:	The FreeBSD Foundation
2016-06-22 12:05:08 +00:00
bz
2b26f1f44b After r302054 unloading an network interface driver on a kernel
without VIMAGE support would dereference a NULL point unconditionally
leading to a panic.  Wrap the entire VIMAGE related code with #ifdefs
rather than just the decision making part to save an extra bit of
resources.

Reported by:	np
Sponsored by:	The FreeBSD Foundation
MFC After:	13 days
Approved by:	re (marius)
2016-06-22 11:45:30 +00:00
ae
7cdbaef028 Fix the NULL pointer dereference for unresolved link layer entries in
the netinet6 code. Copy link layer address only when corresponding entry
has LLE_VALID flag.

PR:		210379
Approved by:	re (kib)
2016-06-22 11:29:21 +00:00
hselasky
9cb5bd5f1c Implement libusb_hotplug_register_callback() and
libusb_hotplug_deregister_callback() for the LibUSB v1.0 API and
update the libusb(3) manual page.

Approved by:	re (kib)
Requested by:	swills
MFC after:	1 week
2016-06-22 10:38:41 +00:00
hselasky
15bbf75431 Update the definition for number of scratch pages to match the latest
version of the XHCI specification. Make sure the code can handle the
maximum number of allowed scratch pages.

Submitted by:	Shichun_Ma@Dell.com
Approved by:	re (hrs)
MFC after:	1 week
2016-06-22 09:03:55 +00:00
mm
fbcd396bf9 MFV r302003,r302037,r302038,r302056:
Update libarchive to 3.2.1 (bugfix and security fix release)

List of vendor fixes:
- fix exploitable heap overflow vulnerability in Rar decompression
  (vendor issue 719, CVE-2016-4302, TALOS-2016-0154)
- fix exploitable stack based buffer overflow vulnebarility in mtree
  parse_device functionality (vendor PR 715, CVE-2016-4301, TALOS-2016-0153)
- fix exploitable heap overflow vulnerability in 7-zip read_SubStreamsInfo
  (vendor issue 718, CVE-2016-4300, TALOS-2016-152)
- fix integer overflow when computing location of volume descriptor
  (vendor issue 717)
- fix buffer overflow when reading a crafred rar archive (vendor issue 521)
- fix possible buffer overflow when reading ISO9660 archives on machines
  where sizeof(int) < sizeof(size_t) (vendor issue 711)
- tar and cpio should fail if an input file named on the command line is
  missing (vendor issue 708)
- fix incorrect writing of gnutar filenames that are exactly 512 bytes
  long (vendor issue 682)
- allow tests to be run from paths that are equal or longer than 128
  characters (vendor issue 657)
- add memory allocation errors in archive_entry_xattr.c (vendor PR 603)
- remove dead code in archive_entry_xattr_add_entry() (vendor PR 716)
- fix broken decryption of ZIP files (vendor issue 553)
- manpage style, typo and description fixes

Post-3.2.1 vendor fixes:
- fix typo in cpio version reporting (Vendor PR 725, 726)
- fix argument range of ctype functions in libarchive_fe/passphrase.c
- fix ctype use and avoid empty loop bodies in WARC reader

MFC after:	1 week
Security:	CVE-2016-4300, CVE-2016-4301, CVE-2016-4302
Approved by:	re (kib)
2016-06-22 07:49:59 +00:00
jhb
a6270457f8 Account for AIO socket operations in thread/process resource usage.
File and disk-backed I/O requests store counts of read/written disk
blocks in each AIO job so that they can be charged to the thread that
completes an AIO request via aio_return() or aio_waitcomplete().  This
change extends AIO jobs to store counts of received/sent messages and
updates socket backends to set these counts accordingly.  Note that
the socket backends are careful to only charge a single messages for
each AIO request even though a single request on a blocking socket might
invoke sosend or soreceive multiple times.  This is to mimic the
resource accounting of synchronous read/write.

Adjust the UNIX socketpair AIO test to verify that the message resource
usage counts update accordingly for aio_read and aio_write.

Approved by:	re (hrs)
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D6911
2016-06-21 22:19:06 +00:00
bdrewery
8f9b4b00a2 META_MODE: Don't generate or read _EXTRADEPEND dependencies when using filemon.
The DPADD data in .depend will be redundant with what is in the .meta file.

Also extend NO_EXTRADEPEND support to bsd.prog.mk.

Approved by:	re (blanket, META_MODE)
Sponsored by:	EMC / Isilon Storage Division
2016-06-21 21:55:03 +00:00
ken
c25477e01e Bump __FreeBSD_version to 1100118 for r302069, which breaks binary
compatibility for loadable modules that depend on struct disk.

Approved by:	re (delphij)
Sponsored by:	Spectra Logic
2016-06-21 20:28:30 +00:00
ken
68b33bd397 Fix a bug that caused da(4) instances to hang around after the underlying
device is gone.

The problem was that when disk_gone() is called, if the GEOM disk
creation process has not yet happened, the withering process
couldn't start.

We didn't record any state in the GEOM disk code, and so the d_gone()
callback to the da(4) driver never happened.

The solution is to track the state of the creation process, and
initiate the withering process from g_disk_create() if the disk is
being created.

This change does add fields to struct disk, and so I have bumped
DISK_VERSION.

geom_disk.c:	Track where we are in the disk creation process,
		and check to see whether our underlying disk has
		gone away or not.

		In disk_gone(), set a new d_goneflag variable that
		g_disk_create() can check to see if it needs to
		clean up the disk instance.

geom_disk.h:    Add a mutex to struct disk (for internal use) disk
		init level, and a gone flag.

		Bump DISK_VERSION because the size of struct disk has
		changed and fields have been added at the beginning.

Sponsored by:	Spectra Logic
Approved by:	re (marius)
2016-06-21 20:18:19 +00:00
bdrewery
2cb7769e5b Fix top-level builds with fmake / 9.x.
Reported by:	allanjude
Approved by:	re (marius)
Sponsored by:	EMC / Isilon Storage Division
2016-06-21 20:14:32 +00:00
ian
6a5a941a5e Revert the recent armv6 changes to ALIGNED_POINTER(), restoring the
fully-pessimized implementation that requires a type to be aligned to
its natural size.

On armv6+ the compiler might generate load-/store-multiple instructions
which require 4-byte alignment even though the source code is only
accessing individual uint32_t values in a way that doesn't require any
particular alignment at all.  The compiler apparently feels free to
combine multiple accesses into a single instruction that requires a
more-strict alignment, and no set of compiler flags seems to disable
this behavior (at least in clang 3.8).

This fixes alignment faults on arm systems using wifi adapters.  The
wifi code uses ALIGNED_POINTER(p, uint32_t) to decide whether it needs
to copy-align tcp headers.  Because clang is combining several uint32_t
accesses into a single ldm instruction, we need to say that accessing a
uint32_t requires 4-byte alignment.

Approved by:	re(gjb)
2016-06-21 17:53:42 +00:00
kib
907f8ff806 The vmtotal sysctl handler marks active vm objects to calculate
statistics.  Marking is done by setting the OBJ_ACTIVE flag.  The
flags change is locked, but the problem is that many parts of system
assume that vm object initialization ensures that no other code could
change the object, and thus performed lockless.  The end result is
corrupted flags in vm objects, most visible is spurious OBJ_DEAD flag,
causing random hangs.

Avoid the active object marking, instead provide equally inexact but
immutable is_object_alive() definition for the object mapped state.

Avoid iterating over the processes mappings altogether by using
arguably improved definition of the paging thread as one which sleeps
on the v_free_count.

PR:	204764
Diagnosed by:	pho
Tested by:	pho (previous version)
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (gjb)
2016-06-21 17:49:33 +00:00
adrian
1f3d721c13 [ath] fix TX throughput for EDMA chips by pushing more into the TX FIFO.
It turns out that getting decent performance requires stacking the TX
FIFO a little more aggressively.

* Ensure that when we complete a frame, we attempt to push a new frame
  into the FIFO so TX is kept as active as it needs to be
* Be more aggressive about batching non-aggregate frames into a single
  TX FIFO slot.  This "fixes" TDMA performance (since we only get one
  TX FIFO slot ungated per DMA beacon alert) but it does this by pushing
  a whole lot of work into the TX FIFO slot.

I'm not /entirely/ pleased by this solution, but it does fix a whole bunch
of corner case issues in the transmit side and fix TDMA whilst I'm at it.
I'll go revisit transmit packet scheduling in ath(4) post 11.

Tested:

* AR9380, STA mode
* AR9580, hostap mode
* AR9380, TDMA client mode

Approved by:	re (hrs)
2016-06-21 15:38:20 +00:00
asomers
8abfab9cb0 Fix uninitialized variable from r300881
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
	Initialize needs_update in vdev_geom_set_physpath

PR:		210409
Reported by:	kp
Reviewed by:	kp
Approved by:	re (hrs)
MFC after:	4 weeks
X-MFC-With:	300881
Sponsored by:	Spectra Logic Corp
2016-06-21 15:27:16 +00:00
emaste
b25a6b9e57 syscons.4,vt.4: update kern.vty description reflecting vt as default
rS274085 made vt(4) the default system console. Catch up to this in
the man page description for the kern.vty tunable.

Reviewed by:	bz
Approved by:	re (hrs)
Differential Revision:	https://reviews.freebsd.org/D6901
2016-06-21 14:16:32 +00:00
bz
7a1c0b1ad1 Get closer to a VIMAGE network stack teardown from top to bottom rather
than removing the network interfaces first. This change is rather larger
and convoluted as the ordering requirements cannot be separated.

Move the pfil(9) framework to SI_SUB_PROTO_PFIL, move Firewalls and
related modules to their own SI_SUB_PROTO_FIREWALL.
Move initialization of "physical" interfaces to SI_SUB_DRIVERS,
move virtual (cloned) interfaces to SI_SUB_PSEUDO.
Move Multicast to SI_SUB_PROTO_MC.

Re-work parts of multicast initialisation and teardown, not taking the
huge amount of memory into account if used as a module yet.

For interface teardown we try to do as many of them as we can on
SI_SUB_INIT_IF, but for some this makes no sense, e.g., when tunnelling
over a higher layer protocol such as IP. In that case the interface
has to go along (or before) the higher layer protocol is shutdown.

Kernel hhooks need to go last on teardown as they may be used at various
higher layers and we cannot remove them before we cleaned up the higher
layers.

For interface teardown there are multiple paths:
(a) a cloned interface is destroyed (inside a VIMAGE or in the base system),
(b) any interface is moved from a virtual network stack to a different
network stack ("vmove"), or (c) a virtual network stack is being shut down.
All code paths go through if_detach_internal() where we, depending on the
vmove flag or the vnet state, make a decision on how much to shut down;
in case we are destroying a VNET the individual protocol layers will
cleanup their own parts thus we cannot do so again for each interface as
we end up with, e.g., double-frees, destroying locks twice or acquiring
already destroyed locks.
When calling into protocol cleanups we equally have to tell them
whether they need to detach upper layer protocols ("ulp") or not
(e.g., in6_ifdetach()).

Provide or enahnce helper functions to do proper cleanup at a protocol
rather than at an interface level.

Approved by:		re (hrs)
Obtained from:		projects/vnet
Reviewed by:		gnn, jhb
Sponsored by:		The FreeBSD Foundation
MFC after:		2 weeks
Differential Revision:	https://reviews.freebsd.org/D6747
2016-06-21 13:48:49 +00:00
mm
476ebe3707 Add two missing test files in r302037 2016-06-21 00:00:05 +00:00
mm
7c7cc47635 Update vendor/libarchive to git 139d0576b51a253732a5ab1f66805dffbf8b00af
tag v3.2.1

Fixed vendor issues:
Issue 521: Properly check reading from lzss decompression buffer
Issue 717: Fix integer overflow when computing location of volume
           descriptor
Issue 718: Security fix TALOS-CAN-152
Issue 719: Security fix TALOS-CAN-154

Security:	TALOS-CAN-152, TALOS-CAN-154
2016-06-20 23:55:33 +00:00
asomers
63f808402a Skip sys/acl tests on systems lacking perl
tests/sys/acl/Makefile
	add perl to the required_programs for all tests in this directory

Reviewed by:	ngie
Approved by:	re (gjb)
MFC after:	4 weeks
Sponsored by:	Spectra Logic Corp
Differential Revision:	https://reviews.freebsd.org/D6870
2016-06-20 23:17:00 +00:00
avos
48e577c3c1 rtwn: fix Tx processing, add some busdma synchronization.
1) Unload mbuf instead of descriptor in rtwn_tx_done().
2) Add more synchronization for device visible mappings before
touching the memory.
3) Improve watchdog timer logic.

Reported and tested by:		mva

Approved by:	re (gjb)
2016-06-20 22:45:19 +00:00
avos
39bab70fa6 urtwn: fix panic on device detach.
Remove frames from active/pending Tx queues and free related node
references when vap is destroyed to prevent various use-after-free
scenarios.

Reported and tested by: Aleksander Alekseev <afiskon@devzen.ru>
PR:		208632
Approved by:	re (gjb)
2016-06-20 22:39:32 +00:00
slm
2fdd277a83 - No log bit in IOCStatus and endian-safe changes.
Use MPI2_IOCSTATUS_MASK when checking IOCStatus to mask off the log bit, and
make a few more things endian-safe.

- Fix possible use of invalid pointer.

It was possible to use an invalid pointer to get the target ID value. To fix
this, initialize a local Target ID variable to an invalid value and change that
variable to a valid value only if the pointer to the Target ID is not NULL.

- No need to set the MPSSAS_SHUTDOWN flag because it's never used.

- done_ccb pointer can be used if it is NULL.

To prevent this, move check for done_ccb == NULL to before done_ccb is used in
mpssas_stop_unit_done().

- Disks can go missing until a reboot is done in some cases.

This is due to the DevHandle not being released, which causes the Firmware to
not allow that disk to be re-added.

Reviewed by:	ken
Approved by:	re (gjb), ken, scottl, ambrisko (mentors)
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D6872
2016-06-20 18:14:51 +00:00
adrian
d086e29183 [ath] implement TX queue configuration extensions for the AR9380 HAL.
Among other things, this introduces the idea of DBA-gated queues that
aren't the CABQ.  The TDMA support requires this.

Tested:

* AR9580 (hostap mode)
* AR9380 (sta mode)

Approved by:	re (gjb)
2016-06-20 16:12:27 +00:00
kib
06125ebef5 Fix typo. Note that atomic is still required even for interlocked case.
Sponsored by:	The FreeBSD Foundation
Approved by:	re (marius)
2016-06-20 15:45:50 +00:00
bapt
6d8d86e462 Fix generation of locales with multiple variants
Serbian locales have triple components to represent the 2 variations of the
locale: Latin and Cyrillic. Previously the tools generatic the locale were
appending both definitions instead of differentiating them.

Reported by:	ache
Approved by:	re (gjb)
2016-06-20 06:45:42 +00:00
wma
c6f6894768 ARM64: bsdinstall support for creating EFI partitions
This patch enables bsdinstall to create EFI partition during installation and uploading it's contents,
    making the ARM64 FreeBSD installation bootable.

    Obtained from:         Semihalf
    Sponsored by:          Cavium
    Approved by:           re
    Reviewed by:           allanjude, emaste, nwhitehorn, wma
    Differential Revision: https://reviews.freebsd.org/D6853
2016-06-20 06:40:58 +00:00
adrian
deb9240527 [ath] fix EDMA TX buffer flags for use when retransmitting frames.
This started showing up when doing lots of aggregate traffic. For TDMA it's
always no-ACK traffic and I didn't notice this, and I didn't notice it
when doing 11abg traffic as it didn't fail enough in a bad way to trigger
this.

This showed up as the fifo depth being < 0.

Eg:

Jun 19 09:23:07 gertrude kernel: ath0: ath_tx_edma_push_staging_list: queued 2 packets; depth=2, fifo depth=1
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1, bf=0xfffffe000385f068, start=1, end=1
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1: FIFO depth is now 0 (1)
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1, bf=0xfffffe0003866fe8, start=0, end=1
Jun 19 09:23:07 gertrude kernel: ath0: ath_edma_tx_processq: Q1: FIFO depth is now -1 (0)

So, clear the flags before adding them to a TX queue, so if they're
re-added for the retransmit path it'll clear whatever they were and
not double-account the FIFOEND flag.  Oops.

Tested:

* AR9380, STA mode, 11n iperf testing (~130mbit)

Approved by:	re (delphij)
2016-06-20 02:04:40 +00:00
karels
ddf91f32ae Add Mike Karels as committer, with gnn as mentor.
Approved by: gnn (mentor)
Approved by: re
2016-06-19 23:36:40 +00:00
kib
6828dedaeb Remote and local adv lock servers might de-synchronize (the added comment
explains the plausible scenario), resulting in EDEADLK returned on the
local registration attempt.  Handle this by re-trying the local op [1].

On unmount, local registration abort is indicated as EINTR, abort the nlm
call as well.

Reported and tested by:	pho
Suggested and reviewed by:	dfr (previous version, [1])
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (delphij)
2016-06-19 18:32:35 +00:00
kib
082d766398 Do not access NFS data for reclaimed vnode.
Reported and tested by:	pho
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (delphij)
2016-06-19 18:29:43 +00:00
adrian
09a0af3095 [net80211] remove node scan lock / generation number + fix few LORs
Drop scan generation number and node table scan lock - the only place
where ni_scangen is checked is in ieee80211_timeout_stations() (and it
is used to prevent duplicate checking of the same node); node scan lock
protects only this variable + node table scan generation number.

This will fix (at least) next LOR (hostap mode):

lock order reversal:
1st 0xc175f84c urtwm0_scan_loc (urtwm0_scan_loc) @ /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:2019
2nd 0xc175e018 urtwm0_com_lock (urtwm0_com_lock) @ /usr/src/sys/modules/wlan/../../net80211/ieee80211_node.c:2693
stack backtrace:
#0 0xa070d1c5 at witness_debugger+0x75
#1 0xa070d0f6 at witness_checkorder+0xd46
#2 0xa0694cce at __mtx_lock_flags+0x9e
#3 0xb03ad9ef at ieee80211_node_leave+0x12f
#4 0xb03afd13 at ieee80211_timeout_stations+0x483
#5 0xb03aa1c2 at ieee80211_node_timeout+0x42
#6 0xa06c6fa1 at softclock_call_cc+0x1e1
#7 0xa06c7518 at softclock+0xc8
#8 0xa06789ae at intr_event_execute_handlers+0x8e
#9 0xa0678fa0 at ithread_loop+0x90
#10 0xa0675fbe at fork_exit+0x7e
#11 0xa08af910 at fork_trampoline+0x8

In addition to the above:

* switch to ieee80211_iterate_nodes();
* do not assert that node table lock is held, while calling node_age();
  that's not really needed (there are no resources, which can be protected
  by this lock) + this fixes LOR/deadlock between ieee80211_timeout_stations()
  and ieee80211_set_tim() (easy to reproduce in HOSTAP mode while
  sending something to an STA with enabled power management).

Tested:

* (avos) urtwn0, hostap mode
* (adrian) AR9380, STA mode
* (adrian) AR9380, AR9331, AR9580, hostap mode

Notes:

* This changes the net80211 internals, so you have to recompile all of it
  and the wifi drivers.

Submitted by:	avos
Approved by:	re (delphij)
Differential Revision:	https://reviews.freebsd.org/D6833
2016-06-19 07:31:02 +00:00
adrian
fa16c812f5 [ath] add support for batching frames to the general TX queues.
It turns out the frame scheduling policies (eg DBA_GATED) operate on
a single TX FIFO entry.  ASAP scheduling is fine; those frames always
go out.

DBA-gated sets the TX queue ready when the DBA timer fires, which triggers
a beacon transmit.  Normally this is used for content-after-beacon queue
(CABQ) work, which needs to burst out immediately after a beacon.
(eg broadcast, multicast, etc frames.)  This is a general policy that you
can use for any queue, and Sam's TDMA code uses it.

When DBA_GATED is used and something like say, an 11e TX burst window,
it only operates on a single TX FIFO entry.  If you have a single frame
per TX FIFO entry and say, a 2.5ms long burst window (eg TDMA!) then it'll
only burst a single frame every 2.5ms.  If there's no gating (eg ASAP) then
the burst window is fine, and multiple TX FIFO slots get used.

The CABQ code does pack in a list of frames (ie, the whole cabq) but
up until this commit, the normal TX queues didn't.  It showed up when
I started to debug TDMA on the AR9380 and later.

This commit doesn't fix the TDMA case - that's still broken here, because
all I'm doing here is allowing 'some' frames to be bursting, but I'm
certainly not filling the whole TX FIFO slot entry with frames.
Doing that 'properly' kind of requires me to take into account how long
packets should take to transmit and say, doing 1.5 or something times that
per TX FIFO slot, as if you partially transmit a slot, when it's next
gated it'll just finish that TX FIFO slot, then not advance to the next
one.

Now, I /also/ think queuing a new packet restarts DMA, but you have to
push new frames into the TX FIFO.  I need to experiment some more with
this because if it's really the case, I will be able to do TDMA support
without the egregious hacks I have in my local tree.  Sam's TDMA code
for previous chips would just kick the TXE bit to push along DMA
again, but we can't do that for EDMA chips - we /have/ to push a new
frame into the TX FIFO to restart DMA.  Ugh.

Tested:

* AR9380, STA mode
* AR9380, hostap mode
* AR9580, hostap mode

Approved by:	re (gjb)
2016-06-19 03:45:32 +00:00
ume
ba73a9e651 - Prefer to use %d over %e where the day of the month should be zero
filled.
- Since %e means the day of the month as well, regard %e as same as %d
  in md_order.

Reported by:	vangyzen
Approved by:	re (gjb)
2016-06-19 03:44:32 +00:00
vangyzen
edc65efd22 Fix if_ntb interface setup to include IFF_MULTICAST.
This allows IPv6 link local addresses (and other IPv6 functionality) to work.

PR:		210355
Submitted by:	Steve Wahl and David Bright (both at Dell Inc.)
Reviewed by:	cem, mav
Tested by:	mav (on Intel hardware)
Approved by:	re (kib)
MFC after:	5 days
Sponsored by:	Dell Inc.
Differential Revision:	https://reviews.freebsd.org/D6885
2016-06-18 23:18:04 +00:00
kib
084e078d6f After the vnode unlock, mount point might be destroyed immediately,
dropping the reference on mnt_cred. Prevent this by referencing the
temporal credentials before unlock.

Tested by:	pho
Reviewed by:	dfr
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
Approved by:	re (gjb)
2016-06-18 20:22:53 +00:00