| created | 2019-07-20T01:33:38Z |
|---|---|
| begin | 2019-07-18T00:00:00Z |
| end | 2019-07-19T00:00:00Z |
| path | src/sys |
| commits | 8 |
| date | 2019-07-18T02:03:46Z | |||
|---|---|---|---|---|
| author | lteo | |||
| files | src/sys/net/pf.c | log | diff | annotate |
| message |
This commit fixes two bugs involving PF once rules: 1. If a packet happens to match an expired once rule before the rule is removed by the purge thread, the rule will be added to the pf_rule_gcl list again, eventually causing a kernel crash when the purge thread tries to remove the expired rule multiple times; and 2. A packet that matches an expired once rule will still cause a state to be created, so a once rule is not truly a one shot rule while it is in that expired-but-not-purged time window. To fix both bugs, add a check in pf_test_rule() to prevent expired once rules from being added to pf_rule_gcl. The check is added "early" in pf_test_rule() to prevent any new connections from creating state if they match the expired once rule. This commit also includes a tweak by sashan@ to ensure that only one PF task will mark a once rule as expired. Here is sashan@'s commentary: "As soon as there will be more PF tasks running in parallel, we would be able to hit similar crash you are fixing now. The rules are covered by read lock, so with more PF tasks there might be two packets racing to expire at once rule at the same time. Using atomic_cas() is sufficient measure to serialize competing packets." tested by abieber@ who reported the kernel crash on bugs@ ok sashan@ |
|||
| date | 2019-07-18T02:50:43Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_aggr.c | log | diff | annotate |
| message |
replace ether_{cmp,is_eq,is_zero} with the new ones in netinet/if_ether.h ehter_cmp goes away, ether_is_eq becomes ETHER_IS_EQ, ether_is_zero becomes ETHER_IS_ANYADDR. ether_is_slow is kept locally, but renamed to ETHER_IS_SLOWADDR to better match what comes from if_ether.h. |
|||
| date | 2019-07-18T06:14:16Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_aggr.c | log | diff | annotate |
| message |
bulk up the debug output around selection logic lacp didnt come up again after i replaced some optics with dacs, and it has to be because of a problem around the selection logic. this will let me narrow it down. |
|||
| date | 2019-07-18T07:51:47Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_aggr.c | log | diff | annotate |
| message |
run the selection logic from the rxm current state if the port is unselected previously it would only run the selection logic if the peer information changed, but it is possible to be in the current state with stale partner info. that can happen if the port becomes disabled/disconnected, which unwinds the mux machine, but doesnt clear the partner info. when the link is enabled again we re-enter the current state, but because the partner info is the same we didn't run the selection logic, which in turn didn't let the mux machine move forward again. |
|||
| date | 2019-07-18T08:09:25Z | |||
|---|---|---|---|---|
| author | dlg | |||
| files | src/sys/net/if_aggr.c | log | diff | annotate |
| message |
make the UCT in the rxm generate debug output without this it looks like debug output loses info because of how the uct was shortcutted. no functional change, just prettier printfs. |
|||
| date | 2019-07-18T18:06:17Z | |||
|---|---|---|---|---|
| author | kn | |||
| files | src/sys/kern/vfs_lookup.c | log | diff | annotate |
| message |
Fix unveiling nonexistent files on read-only filesystems Account for VOP_LOOKUP(9) returning EROFS, otherwise unveil(2) would pass the error along and fail. Initial report and diff from semarie OK bluhm millert |
|||
| date | 2019-07-18T20:45:10Z | |||
|---|---|---|---|---|
| author | sashan | |||
| files | src/sys/net/pf.c | log | diff | annotate |
| message |
follow up to 'once rule' expiration ok lteo@ |
|||
| date | 2019-07-18T23:47:33Z | |||
|---|---|---|---|---|
| author | cheloha | |||
| files | src/sys/uvm/uvm.h | log | diff | annotate |
| src/sys/uvm/uvm_amap.c | log | diff | annotate | |
| src/sys/uvm/uvm_aobj.c | log | diff | annotate | |
| src/sys/uvm/uvm_device.c | log | diff | annotate | |
| src/sys/uvm/uvm_fault.c | log | diff | annotate | |
| src/sys/uvm/uvm_km.c | log | diff | annotate | |
| src/sys/uvm/uvm_vnode.c | log | diff | annotate | |
| message |
R.I.P. UVM_WAIT(). Use tsleep_nsec(9) directly. UVM_WAIT() doesn't provide much of a useful abstraction. All callers tsleep forever and no callers set PCATCH, so only 2 of 4 parameters are actually used. Might as well just use tsleep_nsec(9) directly and make the uvm code a bit less specialized. Suggested by mpi@. ok mpi@ visa@ millert@ |
|||