inotify: Avoid calling vrele() with a namecache mutex held
In cache_vop_inotify(), we call inotify_log() with a namecache hash lock
held. inotify_log() looks at all watches registered with the vnode to
see if any of them are interested in the event. In some cases, we have
to detach and free the watch after logging the event. This means we
must vrele() the watched vnode, and this must not be done while a
non-sleepable lock held.
Previously, I deferred the vrele() to until the inotify softc and vnode
pollinfo locks were dropped. However, this is not enough since we may
still be holding the aforementioned namecache lock. Go further and use
a taskqueue thread to release vnode references. Introduce a set of
detached watches, and queue a threaded task which releases the vnode
reference.
Reported by: syzbot+c128f121cb22df95559b at syzkaller.appspotmail.com
Reviewed by: kib
Fixes: f1f230439fa4 ("vfs: Initial revision of inotify")
Differential Revision: https://reviews.freebsd.org/D51685
www/node20: fix build on powerpc64
../deps/simdutf/simdutf.cpp:8339:37: error: use of 'long long' with '__vector' requires VSX support (available on POWER7 or later) to be enabled
8339 | using vec_u64_t = __vector unsigned long long;
| ^
../deps/simdutf/simdutf.cpp:8340:35: error: use of 'long long' with '__vector' requires VSX support (available on POWER7 or later) to be enabled
8340 | using vec_i64_t = __vector signed long long;
| ^
tcp: Fix wrap around comparison bug
The variables p_curtick and p_lasttick are not in usecs.
Reviewed by: tuexen
MFC after: 1 week
Sponsored by: Netflix, Inc.
chroot: Improve error message for unprivileged use
When the security.bsd.unprivileged_chroot sysctl is set, chroot(2) can
be used by unprivileged users as long as the PROC_NO_NEW_PRIVS_CTL
process control is set.
chroot(8) has a -n command line flag to set this process control.
Add an explicit error for EPERM from chroot(2) if the -n flag is
necessary, but not present.
Before:
$ chroot / /bin/sh
chroot: /: Operation not permitted
After:
$ chroot / /bin/sh
chroot: unprivileged use requires -n
Reviewed by: kevans
[2 lines not shown]
vm_pageout: Scan inactive dirty pages less aggressively
Consider a database workload where the bulk of RAM is used for a
fixed-size file-backed cache. Any leftover pages are used for
filesystem caching or anonymous memory. In particular, there is little
memory pressure and the inactive queue is scanned rarely.
Once in a while, the free page count dips a bit below the setpoint,
triggering an inactive queue scan. Since almost all of the memory there
is used by the database cache, the scan encounters only referenced
and/or dirty pages, moving them to the active and laundry queues. In
particular, it ends up completely depleting the inactive queue, even for
a small, non-urgent free page shortage.
This scan might process many gigabytes worth of pages in one go,
triggering VM object lock contention (on the DB cache file's VM object)
and consuming CPU, which can cause application latency spikes.
Observing this behaviour, my observation is that we should abort
[21 lines not shown]
net/nmsg: Upgrade to 1.3.2
nmsg (1.3.2-1)
* Add configure --with-coverage feature and make targets
"clean-coverage" and "report-coverage" for code coverage analysis.
* Add more documentation to nmsgtool manual.
* Remove unused dead code.
* Lots of tests added and improved.
* Add sample statsmod plugin (nmsg_stats1_sample) with parameters
"out" to define output filename and "secs" to set the update
frequency in seconds.
* Various packet capture parsing fixes for DNSQR message type.
[6 lines not shown]