c63a9648 tobik Feb. 14, 2017, 7:54 p.m.
Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D9590
cgit ViewVC
3a66cf03 dchagin Feb. 14, 2017, 7:13 p.m.
getdents64() with wrapper over kern_getdirentries().

The patch was originally written by emaste@ and then adapted by trasz@
and me.

1. I divided linux_getdents() and linux_readdir() as in case when the
getdents() called with count = 1 (readdir() case) it can overwrite
user stack (by writing to user buffer pointer more than 1 byte).

2. Linux returns EINVAL in case when user supplied buffer is not enough
to contain fetched dirent.

3. Linux returns ENOTDIR in case when fd points to not a directory.

Reviewed by:		trasz@
MFC after:		1 month
Differential Revision:	https://reviews.freebsd.org/D2210
cgit ViewVC
33d9db92 mav Feb. 14, 2017, 6:34 p.m.
All this code is based on assumption that data will be stored in one piece,
and since buffer size if known and fixed, it is easier to hardcode it.

MFC after:	2 weeks
cgit ViewVC
875ac6cf mav Feb. 14, 2017, 6:29 p.m.
MFC after:	2 weeks
cgit ViewVC
937f8ddf garga Feb. 14, 2017, 6:11 p.m.
Reviewed by:	allanjude, vangyzen
Approved by:	allanjude
MFC after:	1 week
Sponsored by:	Rubicon Communications (Netgate)
Differential Revision:	https://reviews.freebsd.org/D9510
cgit ViewVC
2fb36370 mav Feb. 14, 2017, 6:03 p.m.
MFC after:	1 week
cgit ViewVC
90f90687 avg Feb. 14, 2017, 5:49 p.m.
This patch adds a new function to the server krpc called
svcpool_close().  It is similar to svcpool_destroy(), but does not free
the data structures, so that the pool can be used again.

This function is then used instead of svcpool_destroy(),
svcpool_create() when the nfsd threads are killed.

PR:		204340
Reported by:	Panzura
Approved by:	rmacklem
Obtained from:	rmacklem
MFC after:	1 week
cgit ViewVC
a3f89e36 kib Feb. 14, 2017, 5:44 p.m.
Define them as RLIM_INFINITY.  This is allowed by POSIX in case all
resource limits are representable in an object of type rlim_t.  Since
we do not allow negative rlim_t, with some strength this definition is

We are not conforming fully still because POSIX requires rlim_t to be
unsigned type.  Fixing this without breaking ABI to redefine
RLIM_INFINITY is impossible.

PR:	209729
Submitted by:	bltsrc@mail.ru
Exp-run done by:	antoine
MFC after:	2 weeks
cgit ViewVC
28d2efa9 badger Feb. 14, 2017, 5:13 p.m.
Since locks are dropped when a thread suspends, it's possible for another
thread to deliver a signal to the suspended thread. If the thread awakens from
suspension without checking for signals, it may go to sleep despite having
a pending signal that should wake it up. Therefore the suspension check is
done first, so any signals sent while suspended will be caught in the
subsequent signal check.

Reviewed by:	kib
Approved by:	kib (mentor)
MFC after:	2 weeks
Sponsored by:	Dell EMC
Differential Revision:	https://reviews.freebsd.org/D9530
cgit ViewVC
111142bc emaste Feb. 14, 2017, 4:49 p.m.
Reported by:	jhb
cgit ViewVC
d0d587c7 mav Feb. 14, 2017, 4:33 p.m.
In general case m_pullup() does not really guarantee any data alignment.
Instead of depenting on side effects caused by data being always copied
out of mbuf cluster (which is probably a bug by itself), always allocate
aligned BHS buffer and read data there directly from socket.

While there, reuse new icl_conn_receive_buf() function to read digests.
The code could probably be even more optimized to aggregate those reads,
but until that done, this is still easier then the way it was before.

MFC after:	2 weeks
cgit ViewVC
937c1b07 avg Feb. 14, 2017, 1:54 p.m.
There could be a race between the vm daemon setting RACCT_RSS based on
the vm space and vmspace_exit (called from exit1) resetting RACCT_RSS to
zero.  In that case we can get a zombie process with non-zero RACCT_RSS.
If the process is jailed, that may break accounting for the jail.
There could be other consequences.

Fix this race in the vm daemon by updating RACCT_RSS only when a process
is in the normal state.  Also, make accounting a little bit more
accurate by refreshing the page resident count after calling
Finally, add an assert that the RSS is zero when a process is reaped.

PR:		210315
Reviewed by:	trasz
Differential Revision: https://reviews.freebsd.org/D9464
cgit ViewVC
00ef17be robak Feb. 14, 2017, 1:35 p.m.
Adds Capsicum sandboxing to bhyve.

Submitted by:	Pawel Biernacki <pawel.biernacki@gmail.com>
Reviewed by:	grehan, oshogbo
Approved by:	emaste, grehan
Sponsored by:	Mysterious Code Ltd.
Differential Revision:	https://reviews.freebsd.org/D8290
cgit ViewVC
3fdcf9ef kib Feb. 14, 2017, 3:32 a.m.
Noted by:	alc
MFC after:	3 days
cgit ViewVC
05d58177 bz Feb. 14, 2017, 1:20 a.m.
the wrong one for too often lately at first), and also use %#lx to
get the 0x prefix for the address.

MFC after:	1 week
cgit ViewVC