Commit Graph

612 Commits

Author SHA1 Message Date
pjd
bbe899b96e Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:

- Delegated Administration

	Allows regular users to perform ZFS operations, like file system
	creation, snapshot creation, etc.

- L2ARC

	Level 2 cache for ZFS - allows to use additional disks for cache.
	Huge performance improvements mostly for random read of mostly
	static content.

- slog

	Allow to use additional disks for ZFS Intent Log to speed up
	operations like fsync(2).

- vfs.zfs.super_owner

	Allows regular users to perform privileged operations on files stored
	on ZFS file systems owned by him. Very careful with this one.

- chflags(2)

	Not all the flags are supported. This still needs work.

- ZFSBoot

	Support to boot off of ZFS pool. Not finished, AFAIK.

	Submitted by:	dfr

- Snapshot properties

- New failure modes

	Before if write requested failed, system paniced. Now one
	can select from one of three failure modes:
	- panic - panic on write error
	- wait - wait for disk to reappear
	- continue - serve read requests if possible, block write requests

- Refquota, refreservation properties

	Just quota and reservation properties, but don't count space consumed
	by children file systems, clones and snapshots.

- Sparse volumes

	ZVOLs that don't reserve space in the pool.

- External attributes

	Compatible with extattr(2).

- NFSv4-ACLs

	Not sure about the status, might not be complete yet.

	Submitted by:	trasz

- Creation-time properties

- Regression tests for zpool(8) command.

Obtained from:	OpenSolaris
2008-11-17 20:49:29 +00:00
dds
84b8296ef7 Add a test for the "or more" part of the following POSIX specification.
"A function can be preceded by one or more '!' characters, in which
  case the function shall be applied if the addresses do not select
  the pattern space."
2008-11-11 17:10:24 +00:00
trasz
906b63fd78 Make test for write access to the directory being moved a little more
specific.

Approved by:	rwatson (mentor)
2008-11-07 14:46:46 +00:00
trasz
0b784b3317 Improve output when a test fails.
Approved by:	rwatson (mentor)
2008-11-07 14:45:42 +00:00
trasz
5ec338f603 Change ZFS behaviour to match UFS: when moving (rename(2)) a subdirectory
from one parent directory to another, in addition to the usual access checks
one also needs write access to the subdirectory being moved.

Approved by:    rwatson (mentor), pjd
2008-11-06 19:17:58 +00:00
dfr
2fb03513fc Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
des
87e3b3e46d #ifdef out the lock-against-self test. I'm not sure it makes sense, and
it relies on non-portable flock(2) semantics.  Not only is flock(2) not
portable, but on some OSes that do have it, it is implemented in terms
of fcntl(2) locks, which are per-process rather than per-descriptor.
2008-10-20 17:26:30 +00:00
rwatson
b2babfa539 Update udpzerobyte to understand that passing 0 as a length to recv(2)
will cause it to return 0, not EAGAIN.

Add UNIX domain socket support to udpzerobyte, which suggests this
regression test should be moved to the general sockets test area rather
than netinet.
2008-10-07 21:01:23 +00:00
rwatson
914c87276b Add IPv6 support to zero-size UDP transmit/receive test. 2008-10-07 14:13:59 +00:00
rwatson
a9a8df42d1 Regression test for the loopback handling of zero-length UDP packets, which
should be delivered but without payload.
2008-10-07 10:31:55 +00:00
rwatson
870d67a11e Add very simple regression test for fstat(2) on sockets: make sure it
returns success for various socket types.  It's easy to imagine this
being enhanced to validate the returned data, but...
2008-10-06 19:42:03 +00:00
maxim
2473c0ee1e o Correct a comment: a test file size is a four pages not three. 2008-09-10 09:32:25 +00:00
das
ca999bfaa6 Regression tests for bugs in gdtoa. 2008-09-03 07:35:14 +00:00
rwatson
59f71b4d71 Update README to reflect removal of netatm/harp test parts some time ago.
MFC after:	3 days
2008-08-31 11:41:31 +00:00
jkim
15b99cdb14 Connect a forgotten test case to Makefile. 2008-08-29 20:58:01 +00:00
jkim
7d24618f3d Do not pass validatation level since all issues are fixed now. 2008-08-29 20:20:30 +00:00
jkim
4b913d6bb8 Merge local copy of bpf_validate() with bpf_filter.c. 2008-08-29 20:07:02 +00:00
pjd
eb18064487 By default backup geli metadata to a file. It is quite critical 512 bytes,
once it is lost, all data is gone.

Option '-B none' can by used to prevent backup. Option '-B path' can be
used to backup metadata to a different file than the default, which is
/var/backups/<prov>.eli.

The 'geli init' command also prints backup file location and gives short
procedure how to restore metadata.

The 'geli setkey' command now warns that even after passphrase change or keys
update there could be version of the master key encrypted with old
keys/passphrase in the backup file.

Add regression tests to verify that new functionality works as expected.

Update other regression tests so they don't create backup files.

Reviewed by:	keramida, rink
Dedicated to:	a friend who lost 400GB of his live by accidentally overwritting geli metadata
MFC after:	2 weeks
2008-08-29 18:10:18 +00:00
jkim
a85de0848e Merge bpf_filter.c r182425 and add test cases for jump range checks.
While I am here, fix stupid typos in test0080.h and make it JIT compiler only.
2008-08-29 02:12:45 +00:00
jkim
1d9644cd19 Move comments to the right places. 2008-08-28 22:41:31 +00:00
jkim
4eb765aaef Merge bpf_filter.c r182412 and remove additional local checks.
While I am here, use more realistic value for illegal code test case.
2008-08-28 22:19:57 +00:00
jkim
b8209dfb17 Fix style consistencies and a comment. 2008-08-28 18:38:55 +00:00
jkim
4e5f663031 Merge bpf_filter.c r182380 and remove additional local checks
for BPF_STX and BPF_LDX|BPF_MEM instructions.
2008-08-28 17:59:16 +00:00
jkim
c22e2b30b2 Add a test case for uninitialized scratch memory (for JIT compiler). 2008-08-28 16:58:30 +00:00
stefanf
f8e575b9ca Add a test for r182300. 2008-08-27 20:26:34 +00:00
jkim
2efee2eeaa Add a test case for null filter. 2008-08-26 21:54:47 +00:00
jkim
72e5b4d251 Add more test cases for invalid instructions and add comments
about bpf_validate(9) issues.
2008-08-26 19:24:58 +00:00
jkim
12fb66e68a Remove some hacks from regression test since bpf_filter.c builds fine now. 2008-08-26 00:35:04 +00:00
jkim
a70ab99712 Add a trivial bpf filter benchmark. 2008-08-25 23:36:24 +00:00
jkim
7226acfb72 Use sys/net/bpf_jitter.c instead of rolling our own version
since it is compilable on user land now.
2008-08-25 22:45:18 +00:00
jkim
dddb7ff151 Reflect sys/net/bpf_jitter.h changes to regression test. 2008-08-25 21:33:12 +00:00
jkim
95cf51a304 Add test case for 'divide by 0' with BPF_ALU|BPF_DIV|BPF_X instruction. 2008-08-18 23:05:19 +00:00
jkim
62966b1d9f Fix two test cases on 32-bit architectures. 2008-08-18 21:40:03 +00:00
jkim
2e51cd9be9 Add simple bpf(9) regression tests and test cases. 2008-08-18 19:01:58 +00:00
des
c2c1c946ae Add sbuf_new_auto as a shortcut for the very common case of creating a
completely dynamic sbuf.

Obtained from:	Varnish
MFC after:	2 weeks
2008-08-09 11:14:05 +00:00
das
f97e361aa3 Test that the result is correctly rounded when |y/x| is huge. 2008-08-02 19:21:33 +00:00
das
0abf439af5 Regression tests for fmtcheck(3).
Obtained from:	NetBSD
2008-08-02 06:03:04 +00:00
scf
e0b5c971c2 Detect if the application has cleared the environ variable by setting
the first value (environ[0]) to NULL.  This is in addition to the
current detection of environ being replaced, which includes being set to
NULL.  Without this fix, the environment is not truly wiped, but appears
to be by getenv() until an *env() call is made to alter the enviroment.

This change is necessary to support those applications that use this
method for clearing environ such as Dovecot and Postfix.  Applications
such as Sendmail and the base system's env replace environ (already
detected).  While neither of these methods are defined by SUSv3, it is
best to support them due to historic reasons and in lieu of a clean,
defined method.

Add extra units tests for clearing environ using four different methods:
1. Set environ to NULL pointer.
2. Set environ[0] to NULL pointer.
3. Set environ to calloc()'d NULL-terminated array.
4. Set environ to static NULL-terminated array.

Noticed by:	Timo Sirainen

MFC after:	3 days
2008-08-02 02:34:35 +00:00
scf
8b381816e4 Fix whitespace. 2008-08-02 01:38:03 +00:00
das
ed77206d40 Add some tests for acos*(), asin*(), atan*(), and atan2*(). 2008-07-31 22:43:38 +00:00
stefanf
96e2d91df4 Add a regression test for r181017.
Submitted by:	simon
2008-07-30 21:18:52 +00:00
rwatson
2f0c3f6d28 Remove extra comment that snuck in in last commit. 2008-07-29 18:38:37 +00:00
rwatson
4293351cba Add a simple ICMPv6 filter test for IPv6 raw sockets: determine that
the default ICMPv6 filter is pass all, test that we can set it to block
all and restore to pass all.  No attempt is made to test that the
filtering works, just that we can get and set it.
2008-07-29 18:33:56 +00:00
das
a47dd1888d Add regression tests for fmin{,f,l} and fmax{,f,l}.
I wrote these to test amd64 asm functions that used
maxss, maxsd, minss, and minsd, but it turns out that
those instructions don't handle NaNs and signed zero
in the same way as fmin() and fmax() are required to,
so we're stuck with the C versions for now.
2008-07-03 23:06:06 +00:00
das
d36ce0f109 Add some regression tests for printf() with positional arguments.
The first test comes from OpenBSD, and the others are additions or
adaptations.

This is based on OpenBSD's
src/regress/lib/libc/sprintf/sprintf_test.c, v1.3.
I deliberately did not use v1.4 because it's bogus.
2008-06-29 21:03:14 +00:00
jhb
411d068395 Rework the lifetime management of the kernel implementation of POSIX
semaphores.  Specifically, semaphores are now represented as new file
descriptor type that is set to close on exec.  This removes the need for
all of the manual process reference counting (and fork, exec, and exit
event handlers) as the normal file descriptor operations handle all of
that for us nicely.  It is also suggested as one possible implementation
in the spec and at least one other OS (OS X) uses this approach.

Some bugs that were fixed as a result include:
- References to a named semaphore whose name is removed still work after
  the sem_unlink() operation.  Prior to this patch, if a semaphore's name
  was removed, valid handles from sem_open() would get EINVAL errors from
  sem_getvalue(), sem_post(), etc.  This fixes that.
- Unnamed semaphores created with sem_init() were not cleaned up when a
  process exited or exec'd.  They were only cleaned up if the process
  did an explicit sem_destroy().  This could result in a leak of semaphore
  objects that could never be cleaned up.
- On the other hand, if another process guessed the id (kernel pointer to
  'struct ksem' of an unnamed semaphore (created via sem_init)) and had
  write access to the semaphore based on UID/GID checks, then that other
  process could manipulate the semaphore via sem_destroy(), sem_post(),
  sem_wait(), etc.
- As part of the permission check (UID/GID), the umask of the proces
  creating the semaphore was not honored.  Thus if your umask denied group
  read/write access but the explicit mode in the sem_init() call allowed
  it, the semaphore would be readable/writable by other users in the
  same group, for example.  This includes access via the previous bug.
- If the module refused to unload because there were active semaphores,
  then it might have deregistered one or more of the semaphore system
  calls before it noticed that there was a problem.  I'm not sure if
  this actually happened as the order that modules are discovered by the
  kernel linker depends on how the actual .ko file is linked.  One can
  make the order deterministic by using a single module with a mod_event
  handler that explicitly registers syscalls (and deregisters during
  unload after any checks).  This also fixes a race where even if the
  sem_module unloaded first it would have destroyed locks that the
  syscalls might be trying to access if they are still executing when
  they are unloaded.

  XXX: By the way, deregistering system calls doesn't do any blocking
  to drain any threads from the calls.
- Some minor fixes to errno values on error.  For example, sem_init()
  isn't documented to return ENFILE or EMFILE if we run out of semaphores
  the way that sem_open() can.  Instead, it should return ENOSPC in that
  case.

Other changes:
- Kernel semaphores now use a hash table to manage the namespace of
  named semaphores nearly in a similar fashion to the POSIX shared memory
  object file descriptors.  Kernel semaphores can now also have names
  longer than 14 chars (up to MAXPATHLEN) and can include subdirectories
  in their pathname.
- The UID/GID permission checks for access to a named semaphore are now
  done via vaccess() rather than a home-rolled set of checks.
- Now that kernel semaphores have an associated file object, the various
  MAC checks for POSIX semaphores accept both a file credential and an
  active credential.  There is also a new posixsem_check_stat() since it
  is possible to fstat() a semaphore file descriptor.
- A small set of regression tests (using the ksem API directly) is present
  in src/tools/regression/posixsem.

Reported by:	kris (1)
Tested by:	kris
Reviewed by:	rwatson (lightly)
MFC after:	1 month
2008-06-27 05:39:04 +00:00
jhb
ed08bd0d6d Fix compile on 64-bit platforms. 2008-06-26 21:26:34 +00:00
dfr
41cea6d5ca Re-implement the client side of rpc.lockd in the kernel. This implementation
provides the correct semantics for flock(2) style locks which are used by the
lockf(1) command line tool and the pidfile(3) library. It also implements
recovery from server restarts and ensures that dirty cache blocks are written
to the server before obtaining locks (allowing multiple clients to use file
locking to safely share data).

Sponsored by:	Isilon Systems
PR:		94256
MFC after:	2 weeks
2008-06-26 10:21:54 +00:00
rwatson
07ce1984c9 Teach fifo_create regression test to also try to use mknod(2) to create
fifos, as this is required by the Single UNIX Specification, although
not currently implemented on FreeBSD.

While here, fix a bug in the directory timestamp checking test by
sleeping after querying the starting timestamp, rather than before.
2008-06-22 21:03:26 +00:00
das
d8f7f9f2dd Regression test for a recently fixed strtod bug. 2008-06-21 19:28:26 +00:00