OpenBSD cvs log

created 2019-07-20T01:33:38Z
begin 2019-07-18T00:00:00Z
end 2019-07-19T00:00:00Z
path src/sys
commits 8

date 2019-07-18T02:03:46Z
author lteo
files src/sys/net/pf.c log diff annotate
message This commit fixes two bugs involving PF once rules:

1. If a packet happens to match an expired once rule before the rule is removed
by the purge thread, the rule will be added to the pf_rule_gcl list again,
eventually causing a kernel crash when the purge thread tries to remove the
expired rule multiple times; and

2. A packet that matches an expired once rule will still cause a state to be
created, so a once rule is not truly a one shot rule while it is in that
expired-but-not-purged time window.

To fix both bugs, add a check in pf_test_rule() to prevent expired once rules
from being added to pf_rule_gcl. The check is added "early" in pf_test_rule()
to prevent any new connections from creating state if they match the expired
once rule.

This commit also includes a tweak by sashan@ to ensure that only one PF task
will mark a once rule as expired. Here is sashan@'s commentary:

"As soon as there will be more PF tasks running in parallel, we would be
able to hit similar crash you are fixing now. The rules are covered by
read lock, so with more PF tasks there might be two packets racing
to expire at once rule at the same time. Using atomic_cas() is sufficient
measure to serialize competing packets."

tested by abieber@ who reported the kernel crash on bugs@
ok sashan@

date 2019-07-18T02:50:43Z
author dlg
files src/sys/net/if_aggr.c log diff annotate
message replace ether_{cmp,is_eq,is_zero} with the new ones in netinet/if_ether.h

ehter_cmp goes away, ether_is_eq becomes ETHER_IS_EQ, ether_is_zero

ether_is_slow is kept locally, but renamed to ETHER_IS_SLOWADDR to
better match what comes from if_ether.h.

date 2019-07-18T06:14:16Z
author dlg
files src/sys/net/if_aggr.c log diff annotate
message bulk up the debug output around selection logic

lacp didnt come up again after i replaced some optics with dacs, and it
has to be because of a problem around the selection logic. this will let
me narrow it down.

date 2019-07-18T07:51:47Z
author dlg
files src/sys/net/if_aggr.c log diff annotate
message run the selection logic from the rxm current state if the port is unselected

previously it would only run the selection logic if the peer
information changed, but it is possible to be in the current state
with stale partner info. that can happen if the port becomes
disabled/disconnected, which unwinds the mux machine, but doesnt
clear the partner info. when the link is enabled again we re-enter
the current state, but because the partner info is the same we
didn't run the selection logic, which in turn didn't let the mux
machine move forward again.

date 2019-07-18T08:09:25Z
author dlg
files src/sys/net/if_aggr.c log diff annotate
message make the UCT in the rxm generate debug output

without this it looks like debug output loses info because of how
the uct was shortcutted.

no functional change, just prettier printfs.

date 2019-07-18T18:06:17Z
author kn
files src/sys/kern/vfs_lookup.c log diff annotate
message Fix unveiling nonexistent files on read-only filesystems

Account for VOP_LOOKUP(9) returning EROFS, otherwise unveil(2) would
pass the error along and fail.

Initial report and diff from semarie
OK bluhm millert

date 2019-07-18T20:45:10Z
author sashan
files src/sys/net/pf.c log diff annotate
message follow up to 'once rule' expiration

ok lteo@

date 2019-07-18T23:47:33Z
author cheloha
files src/sys/uvm/uvm.h log diff annotate
src/sys/uvm/uvm_amap.c log diff annotate
src/sys/uvm/uvm_aobj.c log diff annotate
src/sys/uvm/uvm_device.c log diff annotate
src/sys/uvm/uvm_fault.c log diff annotate
src/sys/uvm/uvm_km.c log diff annotate
src/sys/uvm/uvm_vnode.c log diff annotate
message R.I.P. UVM_WAIT(). Use tsleep_nsec(9) directly.

UVM_WAIT() doesn't provide much of a useful abstraction. All callers
tsleep forever and no callers set PCATCH, so only 2 of 4 parameters are
actually used. Might as well just use tsleep_nsec(9) directly and make
the uvm code a bit less specialized.

Suggested by mpi@.

ok mpi@ visa@ millert@