pf tests: check cleared time when zeroing stats for table addresses
Verify that we reset the cleared time when we zero an address' counters in
a table.
PR: 282877, 282984
Reviewed by: kp
MFC after: 2 weeks
Signed-off-by: Leonid Evdokimov <leon at darkk.net.ru>
Differential Revision: https://reviews.freebsd.org/D48242
(cherry picked from commit 0749d8134300b8e3c956e161890ab496247d2542)
p9fs: Use UNLINKAT instead of REMOVE to implement removals
REMOVE doesn't work properly in the face of hard links. Use UNLINKAT
instead, which is implemented by qemu and bhyve and lets the client
specify the name being removed.
PR: 282432
Reviewed by: dfr
Differential Revision: https://reviews.freebsd.org/D47438
virtio_p9fs: Simplify vt9p_req_wait() a bit
Remove an always-false check for whether the request has already
completed before sleeping. Even if the request is complete, the
response tag is updated while holding the channel lock, which is also
held here.
No functional change intended.
Sponsored by: Klara, Inc.
virtio_p9fs: Check for completions after enabling interrupts
Otherwise we can end up with a lost interrupt, causing lost request
completion wakeups and hangs in the filesystem layer.
Continue processing until we enable interrupts and then observe an empty
queue, like other virtio drivers do.
Sponsored by: Klara, Inc.
virtio_p9fs: Fix handling of a full request queue
If, when submitting a request, the virtqueue is full, we sleep until an
interrupt has fired, then restart the request. However, while sleeping
the channel lock is dropped, and in the meantime another thread may have
reset the per-channel SG list, so upon retrying we'd (re)submit whatever
happened to be left over in the previous request.
Fix the problem by rebuilding the SG list after sleeping.
Sponsored by: Klara, Inc.
p9fs: remove duplicated code
This code is using the vnode after it has been released and causing a
panic when a p9fs shared volume is unmounted. In fact, it seems like it's
just duplicated code left behind from a bad merge.
PR: 279887
Reported by: Michael Dexter
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1323
virtio_p9fs: Fix some style issues
- Remove superfluous newlines.
- Use bool literals.
- Replace an unneeded SYSINIT with static initialization.
No functional change intended.
Sponsored by: Klara, Inc.
virtio_p9fs: fix panic on qemu/kvm
When the module is loaded on a system running on qemu/kvm the "modern"
virtio infrastructure is used and virtio_read_device_config() will end
up calling vtpci_modern_read_dev_config(). This function cannot read
values of arbitrary sizes and will panic if the p9fs mount tag size is
not supported by it.
Use virtio_read_device_config_array() instead. It was tested on both
bhyve and qemu/kvm.
PR: 280098
Co-authored-by: Mark Peek <mp at FreeBSD.org>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1320
p9fs: use M_WAITOK where appropriate
device_attach routines are allowed to sleep, and this routine already
has other M_WAITOK allocations.
Reported by: markj
Reviewed by: markj
Fixes: 1efd69f933b6 ("p9fs: move NULL check immediately after alloc...")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45721
p9fs: fix lookup of "." for lib9p-based 9P servers
The lib9p implementation takes a strict interpretation of the Twalk RPC
call and returns an error for attempts to lookup ".". The workaround is
to fake the lookup locally.
Reviewed by: Val Packett <val at packett.cool>
MFC after: 3 months
Add an implementation of the 9P filesystem
This is derived from swills@ fork of the Juniper virtfs with many
changes by me including bug fixes, style improvements, clearer layering
and more consistent logging. The filesystem is renamed to p9fs to better
reflect its function and to prevent possible future confusion with
virtio-fs.
Several updates and fixes from Juniper have been integrated into this
version by Val Packett and these contributions along with the original
Juniper authors are credited below.
To use this with bhyve, add 'virtio_p9fs_load=YES' to loader.conf. The
bhyve virtio-9p device allows access from the guest to files on the host
by mapping a 'sharename' to a host path. It is possible to use p9fs as a
root filesystem by adding this to /boot/loader.conf:
vfs.root.mountfrom="p9fs:sharename"
[24 lines not shown]
p9fs: implement working putpages (fix mmap write)
Mostly copied from smbfs. This driver in its current state has the exact
same issue that prevents the generic putpages implementation from
working.
Sponsored by: https://www.patreon.com/valpackett
Reviewed by: dfr
Differential Revision: https://reviews.freebsd.org/D45639
MFC after: 3 months
bsdinstall zfsboot: Add an option to edit the ZFS pool creation options
This allows the default options (-O compress=lz4 -O atime=off) to be
overridden, before the ZFS boot pool is created. For example, to set the
compression algorithm to something different.
Reviewed by: jhb, dim
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D47478
(cherry picked from commit ca7e12f7df222458ec5cac8009c5b0931fb4a95b)
if_ovpn: improve reconnect handling
When a DCO client reconnects (e.g. on server restart) OpenVPN may create a new
socket rather than reusing the existing one. This used to be rejected because we
expect all peers to use the same socket. However, if there are no peers it's
safe to release the previous socket and install the tunnel function on the new
one.
See also: https://redmine.pfsense.org/issues/15928
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 3624de5394991c0cacd42d5a3b33e35c1a002e09)
Fix failure to add an interface prefix route when route with the same
prefix is already presented in the routing table.
PR: 277125
Reported by: Oleksandr Ignatyev <alex at i.org.ua>
Reviewed by: ae, jlduran
Tested by: jlduran
Differential Revision: https://reviews.freebsd.org/D47534
MFC after: 2 weeks
pfctl: add -T `reset` to touch pfras_tzero only for non-zero entries
This will make it easier for scripts to detect idle hosts in tables.
PR: 282984
Reviewed by: kp
MFC after: 2 weeks
(cherry picked from commit 5b59b0c61e29f684a019afdd2848ffe2d5604e0c)
if_ovpn: improve reconnect handling
When a DCO client reconnects (e.g. on server restart) OpenVPN may create a new
socket rather than reusing the existing one. This used to be rejected because we
expect all peers to use the same socket. However, if there are no peers it's
safe to release the previous socket and install the tunnel function on the new
one.
See also: https://redmine.pfsense.org/issues/15928
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 3624de5394991c0cacd42d5a3b33e35c1a002e09)
pf: fix double free in pf_state_key_attach()
In 371bd29d4b we fixed a state key leak, but unintentionally introduced a double free.
We pass through the relevant code twice, first for PF_SK_WIRE, then for
PF_SK_STACK. If we fail to attach on the second pass we have a more complex
cleanup job, handled by pf_detach_state(). We must only free the state keys
manually on the first pass, on the second one pf_detach_state() takes care of
everything.
Tested by: yds <yds at Necessitu.de>
Fixes: 371bd29d4b22257a7e92e1e711cca3d94cfbd00d
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 01eb1261443dddcb50a3a278f1278fffdfb0d36e)
pf: fix potential state key leak
If we fail to attach the new state keys in pf_state_key_attach() we are
expected to free both keys. Do so.
Note that in some scenarios both key are the same, so check for that
before freeing.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D47495
(cherry picked from commit 371bd29d4b22257a7e92e1e711cca3d94cfbd00d)
bsdinstall zfsboot: Add an option to edit the ZFS pool creation options
This allows the default options (-O compress=lz4 -O atime=off) to be
overridden, before the ZFS boot pool is created. For example, to set the
compression algorithm to something different.
Reviewed by: jhb, dim
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D47478
(cherry picked from commit ca7e12f7df222458ec5cac8009c5b0931fb4a95b)
ip: Defer checks for an unspecified dstaddr until after pfil hooks
To comply with LINCE certification, it's necessary to ensure that
packets to 0.0.0.0/::0 are dropped and logged by the firewall. Such
packets are dropped by ip_input() and ip6_input() before reaching pfil
hooks; reorder the checks to give firewalls a chance to drop the packets
themselves, as this gives better observability.
Note that ip_forward() and ip6_forward() ensure that such packets are
not forwarded; they are passed back unmodified.
x86/xen: fix accounted interrupt time
The current addition to the interrupt nesting level in
xen_arch_intr_handle_upcall() needs to be compensated in
xen_intr_handle_upcall(), otherwise interrupts dispatched by the upcall handler
end up seeing a td_intr_nesting_level of 2 or more, which makes them assume
there's been an interrupt nesting.
Such extra interrupt nesting count lead to statclock() reporting idle time as
interrupt, as the call from interrupt context will always be seen as a nested
one (td->td_intr_nesting_level >= 2) due to the nesting count increase done by
both xen_arch_intr_handle_upcall() and intr_execute_handlers().
Fix this by adjusting the nested interrupt count before dispatching interrupts
from xen_intr_handle_upcall().
PR: 277231
Reported by: Matthew Grooms <mgrooms at shrew.net>
Fixes: af610cabf1f4 ('xen/intr: adjust xen_intr_handle_upcall() to match driver filter')
[2 lines not shown]
pfkey: Fix some checks in kdebug_sadb()
Besides not doing any sufficient check that the length of a parsed
message is not bigger than the actual allocated buffer, kdebug_sadb()
incorrectly compares ext->sadb_ext_len, the extension payload size in 8
byte chunks, with tlen, which is the full message payload size in bytes.
This should compare PFKEY_UNUNIT64(ext->sadb_ext_len) with tlen instead.
PR: 277456
MFC after: 2 weeks
(cherry picked from commit 0dab21248bc9fab09e92b0c037303c921ebb1b8d)
