| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Put IPSec's anouncement of its successful intialisation under bootverbose:
now that it's a default kernel option, we don't really need to tell the
world about it on every boot, especially as it won't be used by most users.
TAG: IPSEC-HEAD
|
| |
|
|
|
|
|
|
|
|
| |
Set tres to NULL to avoid a double free if the m_pullup() below fails.
Reviewed by: glebius
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D5497
TAG: IPSEC-HEAD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Break up opencrypto/xform.c so it can be reused piecemeal
Keep xform.c as a meta-file including the broken out bits
existing code that includes xform.c continues to work as normal
Individual algorithms can now be reused elsewhere, including outside
of the kernel
Reviewed by: bapt (previous version), gnn, delphij
Approved by: secteam
MFC after: 1 week
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D4674
TAG: IPSEC-HEAD
|
| |
|
|
|
|
|
|
|
|
|
| |
Implement the sadb_x_policy_priority field as it is done in Linux:
lower priority policies are inserted first.
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae
Sponsored by: Stormshield
TAG: IPSEC-HEAD
|
| |
|
|
|
|
|
|
|
|
|
| |
Use explicitly specified ivsize instead of blocksize when we mean IV size.
Set zero ivsize for enc_xform_null and remove special handling from
xform_esp.c.
Reviewed by: gnn
Differential Revision: https://reviews.freebsd.org/D1503
TAG: IPSEC-HEAD
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Take extra reference to security policy before calling crypto_dispatch().
Currently we perform crypto requests for IPSEC synchronous for most of
crypto providers (software, aesni) and only VIA padlock calls crypto
callback asynchronous. In synchronous mode it is possible, that security
policy will be removed during the processing crypto request. And crypto
callback will release the last reference to SP. Then upon return into
ipsec[46]_process_packet() IPSECREQUEST_UNLOCK() will be called to already
freed request. To prevent this we will take extra reference to SP.
PR: 201876
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
|
| |
|
|
|
|
|
|
|
| |
Remove now unneded KEY_FREESP() for case when ipsec[46]_process_packet()
returns EJUSTRETURN.
Sponsored by: Yandex LLC
TAG: IPSEC-HEAD
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Author: Alexander Motin <mav@FreeBSD.org>
Improve speculative prefetch of indirect blocks.
Scalability of many operations on wide ZFS pool can be limited by
requirement to prefetch indirect blocks first. Recently added
asynchronous indirect block read partially helped, but did not
solve the problem completely. This patch extends existing prefetcher
functionality to explicitly work with indirect blocks.
Before this change prefetcher issued reads for up to 8MB of data in
advance. With this change it also issues indirect block reads
for up to 64MB of data in advance, so that when it will be time to
actually read those data, it can be done immediately. Alike effect
can be achieved by just increasing maximal data prefetch distance,
but at higher memory cost.
Also this change introduces indirect block prefetch for rewrite
operations, that was never done before. Previously ARC miss for
Indirect blocks regularly blocked rewrites, converting perfectly
aligned asynchronous operations into synchronous read-write pairs,
significantly reducing maximal rewrite speed.
While being there this issue was also fixed:
- prefetch was done always, even if caching for the dataset was
completely disabled.
Testing on FreeBSD with zvol on top of 6x striped 2x mirrored pool
of 12 assorted HDDs shown me such performance numbers:
------- BEFORE --------
Write 491363677 bytes/sec
Read 312430631 bytes/sec
Rewrite 97680464 bytes/sec
-------- AFTER --------
Write 493524146 bytes/sec
Read 438598079 bytes/sec
Rewrite 277506044 bytes/sec
Closes #65
Closes #80
openzfs/openzfs@792fd28ac04f78cc5e43ead2d72a96f244ea84e8
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: Eli Rosenthal <eli.rosenthal@delphix.com>
illumos/illumos-gate@c20404ff77119516354b0d112d28b7ea0dadd303
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
6681 zfs list burning lots of time in dodefault() via dsl_prop_*
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Approved by: Matthew Ahrens <mahrens@delphix.com>
Author: Alex Wilson <alex.wilson@joyent.com>
illumos/illumos-gate@d09e4475f635b6f66ee68d8c17a32bba7be17c96
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Author: Will Andrews <will@firepipe.net>
Closes #83
Closes #32
openzfs/openzfs@9663688425131744221ea99f9e66b9ed964492ae
FreeBSD already had `zpool labelclear` functionality, so this is mostly
just a diff reduction.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
6739 userland version of cv_timedwait_hires() always assumes absolute time
Reviewed by: Paul Dagnelie <pcd@delphix.com>
Reviewed by: Matthew Ahrens <mahrens@delphix.com>
Reviewed by: Dan McDonald <danmcd@omniti.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Approved by: Robert Mustacchi <rm@joyent.com>
Author: George Wilson <george.wilson@delphix.com>
illumos/illumos-gate@41c6413cb54bf338d7a59ed789ec2e0e44c35e6f
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cam: unsign some types to match their definitions and avoid overflows.
numpatterns is u_int.
ctl:
CTL_NUM_MODE_PAGES comes from sizeof().
In struct:ctl_scsiio, kern_sg_entries is uint32_t.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
geom: unsign some types to match their definitions and avoid overflows.
In struct:gctl_req, nargs is unsigned.
In mirror:
g_mirror_syncreqs is unsigned.
In raid:
in struct:g_raid_volume, v_disks_count is unsigned.
In virstor:
in struct:g_virstor_softc, n_components is unsigned.
|
| | |
| |
| |
| |
| | |
Spelling fixes supplied by pfg@, detected with codespell, plus
additional misspellings detected by igor.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix grep_test:recurse with ZFS and TMPFS tmpdirs
contrib/netbsd-tests/usr.bin/grep/t_grep.sh
Fix grep_test:recurse when /tmp is either zfs or tmpfs. The test was
relying on an implicit ordering of directory recursion which happens to
be true when using UFS. grep's specification requires no such ordering.
The solution is to ignore the order of grep's results.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix rare double free in vdev_geom_attrchanged
sys/cddl/contrib/opensolaris/uts/common/fs/zfs/vdev_geom.c
Don't drop the g_topology_lock before freeing old_physpath. That
opens up a race where one thread can call vdev_geom_attrchanged,
set old_physpath, drop the g_topology_lock, then block trying to
acquire the SCL_STATE lock. Then another thread can come into
vdev_geom_attrchanged, set old_physpath to the same value, and
proceed to free it. When the first thread resumes, it will free
the same location.
It turns out that the SCL_STATE lock isn't needed. It was
originally added by gibbs to protect vd->vdev_physpath while
updating the same. However, the update process subsequently was
switched to an atomic operation (a pointer swap). Now, there is
no need for the SCL_STATE lock, and hence no need to drop the
g_topology_lock.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When devctl was added, the location string for PCI devices was changed to
use the PCI "selector" that pciconf and devctl accept. However, devd
assumes that location strings are formatted as a list of name=value pairs.
As a result, devd is no longer parsing any of the values out of PCI
device events. Restore the previous format of the PCI location strings
to restore the location and slot keywords in case any devd scripts are
using this. Add the "selector" as a new 'dbsf' location variable.
|
| | |
| |
| |
| |
| | |
1. Removed -Wno-shift-negative-value from Makefile
2. Fixed warning its absence caused in bxe_elink.c
|
| | |
| |
| |
| | |
Remove Unused/Dead Code
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1. modify fwdump (a.k.a grcdump) so that grcdump memory is allocated
and freed on as needed basis.
2. grcdump can be taken at failure points by invoking bxe_grc_dump()
when trigger_grcdump sysctl flag is set. When grcdump is taken
grcdump_done sysctl flag is set.
3. grcdump_done can be monitored by the user to retrieve the grcdump
Submitted by: vaishali.kulkarni@qlogic.com
|
| | |
| |
| |
| |
| |
| |
| | |
ext2fs: make use of the howmany() macro when available.
We have a howmany() macro in the <sys/param.h> header that is
convenient to re-use as it makes things easier to read.
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| | |
Allow DOF sections with excessively long probe function components.
PR: 207735
|
| | |
| |
| |
| | |
Regenerate usb.conf .
|
| | |
| |
| |
| |
| |
| |
| | |
Correct some error codes to native FreeBSD ones.
Sponsored by: Mellanox Technologies
Tested by: Netflix
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add function to detect the presence of a port module and use this
function to error out early when no port module is present and doing
eeprom access. This also prevents error codes from filling up in
dmesg.
Sponsored by: Mellanox Technologies
Tested by: Netflix
|
| | |
| |
| |
| |
| |
| |
| |
| | |
settle. file is now downgraded to 5.25.
PR: bin/209211
Requested by: Tomoaki AOKI
Relnotes: yes
|
| | |
| |
| |
| | |
Explain NOTE_LINK reporting for the directories.
|
| | |
| |
| |
| |
| | |
Avoid duplicated calls to pmap_page_get_memattr().
Avoid logging inconsistency for the /dev/mem device.
|
| | |
| |
| |
| |
| |
| | |
Make it explicit that D_MEM cdevsw d_flag is to signify that the
driver is (or behaves identically to) /dev/mem. Remove the D_MEM flag
from random drivers.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow the NFSv4 server to reply NFSERR_WRONGSEC for the SetClientID operation.
It was reported via email that a Linux client couldn't do a Kerberized
NFS mount when only "sec=krb5" was specified for the exports. The Linux
client attempted a mount via krb5i and the server replied NFSERR_SERVERFAULT.
Although NFSERR_WRONGSEC isn't listed as an error for SetClientID, I
think it is the correct reply, so this patch enables that.
I do not know if this fixes the mount attempt, but adding "krb5i" to the
list of allowed security flavours does allow the mount to work.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a LOR in the NFSv4.1 server.
The ordering of acquisition of the state and session mutexes was
reversed in two cases executed when an NFSv4.1 client created/freed
a session. Since clients will typically do this only when mounting
and dismounting, the likelyhood of causing a deadlock was low but possible.
This can only occur for NFSv4.1 mounts, since the others do not
use sessions.
This was detected while testing the pNFS server/client where the
client crashed during dismounting.
The patch also reorders the unlocks, although that isn't necessary
for correct operation.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement /proc/$$/limits.
MFC r297781 (by dchagin@):
More complete implementation of /proc/self/limits.
Fix the way the code accesses process limits struct - pointed out by mjg@.
MFC r298318, 298319 (by cem@):
Don't print uninitialized values and initialize error return before use.
PR: 207386
|
| | |
| |
| |
| | |
vref the vnode passed to vn_fullpath.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix streams and svr4 module dependency. Both modules are complaining about
undefined symbol svr4_delete_socket which was moved from streams to the svr4 module
in r160558 that created a two-way dependency between them.
MFC r298520:
Allow to build svr4 module with SYSV support separatelly from the kernel build.
PR: 208464
Reported by: Kristoffer Eriksson
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the VOP_SETATTR() call that saves the exclusive create verifier failed,
the NFS server would leave the newly created vnode locked. This could
result in a file system that would not unmount and processes wedged,
waiting for the file to be unlocked.
Since this VOP_SETATTR() never fails for most file systems, this bug
doesn't normally manifest itself. I found it during testing of an
exported GlusterFS file system, which can fail.
This patch adds the vput() and changes the error to the correct NFS one.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bruce Evans reported that there was a performance regression between
the old and new NFS clients. He did a good job of isolating the problem
which was caused by the new NFS client not setting the post write mtime
correctly. The new NFS client code was cloned from the old client, but
was incorrect, because the mtime in the nfs vnode's cache wasn't yet
updated. This patch fixes this problem. The patch also adds missing mutex
locking.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
aacraid(4): Sanely copyin userland pointers and ensure that we don't get
anything janky from a user. (cturt)
aac(4) landergriffith+freebsdbugzilla@gmail.com pointed out that aac(4)
had the same issue and handling of pointers, so let's change that too.
PR: 206573
Submitted by: cturt@hardenedbsd.org
|
| | |
| |
| |
| |
| |
| |
| | |
Correct possible underflow conditions when checking for available space
in the tx h/w ring buffer.
Sponsored by: Limelight Networks
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Plug memory leak in ctl(4) when ctl_copyin_args() is called with a non-
null terminated ASCII string.
PR: 207626
Submitted by: cturt@hardenedbsd.org
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Provide an example to the kqueue man page, showing
a basic usage example. Although it is an
untypical example for the use of kqueue, it is
better than nothing and should get people started.
PR: 196844
Submitted by: fernando.apesteguia@gmail.com
Reviewed by: kib
Approved by: kib
Differential Revision: https://reviews.freebsd.org/D6082
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
dhclient: Log a warning instead of bailing upon "illegal" options
In Azure, the DHCP servers add private option (id 0xf5), which contains
binary form of an IPv4 address. Once this option is converted to string
form, it could contain '$', e.g.
IPv4 address: 100.72.36.54
binary form: 0x64 0x48 0x24 0x36
string form: "dH$6"
dhclient bails upon "illegal" options like the above example, thus the
VM bring-up will fail.
Also as a side note, this "illegal" option detection was added in
OpenBSD ~11years ago:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.50&content-type=text/x-cvsweb-markup
And it was removed along with the removal of script support in OpenBSD
~3years ago:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c?rev=1.159&content-type=text/x-cvsweb-markup
Reported by: Hongxiong Xian <v-hoxian microsoft com>
Reviewed by: jhb, Dexuan Cui <decui microsoft com>
Tested by: Hongxiong Xian <v-hoxian microsoft com>
Analyzed by: Dong Liu <doliu microsoft com>
Sponsored by: Microsoft OSTC
Differential Revision: https://reviews.freebsd.org/D5853
|
| | |
| |
| |
| |
| |
| |
| |
| | |
hyperv/stor: Temporary disable the wrongly done command timeout.
It will be reenabled once the request processing is corrected.
Sponsored by: Microsoft OSTC
|
| | |
| |
| |
| |
| |
| | |
restore: fix memory and resource handle leaks.
CID: 272297, 1007784
|
| | |
| |
| |
| |
| |
| | |
Prevent underflows in tp->snd_wnd if the remote side ACKs more than
tp->snd_wnd. This can happen, for example, when the remote side responds
to a window probe by ACKing the one byte it contains.
|
| | |
| |
| |
| |
| |
| |
| | |
NDP code cleanup changes.
MFC r295732:
Fix an IPv6 DAD reference count leak.
|
| | |
| |
| |
| | |
Clarify build(7) instructions for alternate object directory.
|
| | |
| |
| |
| | |
Clean up trailing whitespace in lib/libcam; no functional change
|
