1. 20 Dec, 2020 1 commit
  2. 19 Dec, 2020 37 commits
    • Andrew Gallatin's avatar
      Filter TCP connections to SO_REUSEPORT_LB listen sockets by NUMA domain · a034518a
      Andrew Gallatin authored
      In order to efficiently serve web traffic on a NUMA
      machine, one must avoid as many NUMA domain crossings as
      possible. With SO_REUSEPORT_LB, a number of workers can share a
      listen socket. However, even if a worker sets affinity to a core
      or set of cores on a NUMA domain, it will receive connections
      associated with all NUMA domains in the system. This will lead to
      cross-domain traffic when the server writes to the socket or
      calls sendfile(), and memory is allocated on the server's local
      NUMA node, but transmitted on the NUMA node associated with the
      TCP connection. Similarly, when the server reads from the socket,
      he will likely be reading memory allocated on the NUMA domain
      associated with the TCP connection.
      
      This change provides a new socket ioctl, TCP_REUSPORT_LB_NUMA. A
      server can now tell the kernel to filter traffic so that only
      incoming connections associated with the desired NUMA domain are
      given to the server. (Of course, in the case where there are no
      servers sharing the listen socket on some domain, then as a
      fallback, traffic will be hashed as normal to all servers sharing
      the listen socket regardless of domain). This allows a server to
      deal only with traffic that is local to its NUMA domain, and
      avoids cross-domain traffic in most cases.
      
      This patch, and a corresponding small patch to nginx to use
      TCP_REUSPORT_LB_NUMA allows us to serve 190Gb/s of kTLS encrypted
      https media content from dual-socket Xeons with only 13% (as
      measured by pcm.x) cross domain traffic on the memory controller.
      
      Reviewed by:	jhb, bz (earlier version), bcr (man page)
      Tested by: gonzo
      Sponsored by:	Netfix
      Differential Revision:	https://reviews.freebsd.org/D21636
      a034518a
    • Andrew Gallatin's avatar
      Optionally bind ktls threads to NUMA domains · 02bc3865
      Andrew Gallatin authored
      When ktls_bind_thread is 2, we pick a ktls worker thread that is
      bound to the same domain as the TCP connection associated with
      the socket. We use roughly the same code as netinet/tcp_hpts.c to
      do this. This allows crypto to run on the same domain as the TCP
      connection is associated with. Assuming TCP_REUSPORT_LB_NUMA
      (D21636) is in place & in use, this ensures that the crypto source
      and destination buffers are local to the same NUMA domain as we're
      running crypto on.
      
      This change (when TCP_REUSPORT_LB_NUMA, D21636, is used) reduces
      cross-domain traffic from over 37% down to about 13% as measured
      by pcm.x on a dual-socket Xeon using nginx and a Netflix workload.
      
      Reviewed by:	jhb
      Sponsored by:	Netflix
      Differential Revision:	https://reviews.freebsd.org/D21648
      02bc3865
    • Gordon Bergling's avatar
      libc: Fix most issues reported by mandoc · f6d234d8
      Gordon Bergling authored
      - varios "new sentence, new line" warnings
      - varios "sections out of conventional order" warnings
      - varios "unusual Xr order" warnings
      - varios "missing section argument" warnings
      - varios "no blank before trailing delimiter" warnings
      - varios "normalizing date format" warnings
      
      MFC after:	1 month
      f6d234d8
    • Gordon Bergling's avatar
      trim(8): Fix a few issues reported by mandoc · a6520796
      Gordon Bergling authored
      - new sentence, new line
      - unusual Xr order: ioctl(2) after da(4)
      - unusual Xr order: sysexits(3) after nda(4)
      
      MFC after:	1 week
      a6520796
    • Gordon Bergling's avatar
      zonectl(8): Fix a few issues reported by mandoc · 8ef23578
      Gordon Bergling authored
      - Add missing quotation mark for a comment above the .Dd
      - inserting missing end of block: Sh breaks Bd
      - skipping paragraph macro: Pp before Bl
      - skipping paragraph macro: Pp before Bd
      - empty block: Bd
      
      MFC after:	1 week
      8ef23578
    • Gordon Bergling's avatar
      nfsv4(4): Fix a few issues reported by mandoc · 749ddf49
      Gordon Bergling authored
      - new sentence, new line
      - function name without markup: rtalloc()
      - function name without markup: VOP_RECLAIM()
      
      MFC after:	1 week
      749ddf49
    • Gordon Bergling's avatar
      bluetooth: Fix a mandoc related issues · 60ee05db
      Gordon Bergling authored
      - new sentence, new line
      - sections out of conventional order: Sh FILES
      - unusual Xr order: bthost(1) after bthidd(8)
      - no blank before trailing delimiter
      - whitespace at end of input line
      - sections out of conventional order: Sh EXIT STATUS
      
      MFC after:	1 week
      60ee05db
    • Gordon Bergling's avatar
      mpsutil(8): Remove trailing whitespace · 84572415
      Gordon Bergling authored
      MFC after:	1 week
      84572415
    • Gordon Bergling's avatar
      bhyvectl(8): Normalize the man page date · 1c77a783
      Gordon Bergling authored
      MFC after:	1 week
      1c77a783
    • Gordon Bergling's avatar
      camdd(8): Fix the man page date · cc984b0a
      Gordon Bergling authored
      The comment before the .Dd macro was missing a quotation mark, so that
      the date of the man page was always today.
      
      MFC after:	3 days
      cc984b0a
    • Gordon Bergling's avatar
      config: Fix a few mandoc related errors · aeb0c721
      Gordon Bergling authored
      - new sentence, new line
      - no blank before trailing delimiter
      
      MFC after:	1 week
      aeb0c721
    • Gordon Bergling's avatar
      devctl(8): Correct "sections out of conventional order" error · 267d86e1
      Gordon Bergling authored
      MFC after:	1 week
      267d86e1
    • Gordon Bergling's avatar
      patch(1): Fix a few mandoc related issues · a2f1c81b
      Gordon Bergling authored
      - no blank before trailing delimiter
      
      MFC after:	1 week
      a2f1c81b
    • Gordon Bergling's avatar
      uname(1): Fix a typo in the man page date · 3f6cdd59
      Gordon Bergling authored
      MFC after:	3 days
      3f6cdd59
    • Gordon Bergling's avatar
      ident(1): Normalizing date format · a5b4dfcf
      Gordon Bergling authored
      MFC after:	3 days
      a5b4dfcf
    • Gordon Bergling's avatar
      ipfw(8): Fix a few mandoc related issues · bae74ca9
      Gordon Bergling authored
      - no blank before trailing delimiter
      - missing section argument: Xr inet_pton
      - skipping paragraph macro: Pp before Ss
      - unusual Xr order: syslogd after sysrc
      - tab in filled text
      
      There were a few multiline NAT examples which used the .Dl macro with
      tabs. I converted them to .Bd, which is a more suitable macro for that case.
      
      MFC after:	1 week
      bae74ca9
    • Gordon Bergling's avatar
      ping(8): Fix a mandoc related issue · ea0dd3ca
      Gordon Bergling authored
      - unusual Xr punctuation: none before traceroute6(8)
      ea0dd3ca
    • Gordon Bergling's avatar
      nvmecontrol(8): Fix a few mandoc related issues and add a SEE ALSO section · 9bca273d
      Gordon Bergling authored
      - inserting missing end of block: Ss breaks Bl
      - skipping paragraph macro: Pp before Ss
      - referenced manual not found: Xr nvme 4 (2 times)
      - unknown standard specifier: St The
      
      The macro .St can only be used for standards known by mdoc(7). So add a
      SEE ALSO section and add a reference to the NVM Express Base Specification.
      
      MFC after:	2 weeks
      9bca273d
    • Hans Petter Selasky's avatar
      Ensure a minimum packet length before creating a mbuf in if_ure. · 7d0368ee
      Hans Petter Selasky authored
      Sponsored by:	Mellanox Technologies // NVIDIA Networking
      7d0368ee
    • Gordon Bergling's avatar
      devd.conf(5): Fix a mandoc related issue · 226f43e7
      Gordon Bergling authored
      - sections out of conventional order: Sh SEE ALSO
      
      MFC after:	1 week
      226f43e7
    • Hans Petter Selasky's avatar
      Move SYSCTL_ADD_PROC() to unlocked context in if_ure to avoid lock order reversal. · 412bbd08
      Hans Petter Selasky authored
      MFC after:	1 week
      Reported by:	Mark Millard <marklmi@yahoo.com>
      Sponsored by:	Mellanox Technologies // NVIDIA Networking
      412bbd08
    • Gordon Bergling's avatar
      sysctl(9): Fix a few mandoc related issues · bb0358d4
      Gordon Bergling authored
      - missing comma before name: Nm SYSCTL_UQUAD
      - bad NAME section content: text
      
      MFC after:	1 week
      bb0358d4
    • Gordon Bergling's avatar
      ofw_bus_status_okay(9): Fix a few mandoc related issues · 0492f403
      Gordon Bergling authored
      - missing comma before name: Nm ofw_bus_status_okay
      - missing comma before name: Nm ofw_bus_node_status_okay
      - skipping paragraph macro: Pp after Sh
      
      MFC after:	1 week
      0492f403
    • Gordon Bergling's avatar
      ofw_bus_is_compatible(9): Fix a few mandoc related issues · 8bf0ef84
      Gordon Bergling authored
      - missing comma before name: Nm ofw_bus_is_compatible_strict
      - missing comma before name: Nm ofw_bus_node_is_compatible
      - missing comma before name: Nm ofw_bus_search_compatible
      - skipping paragraph macro: Pp after Sh
      
      MFC after:	1 week
      8bf0ef84
    • Gordon Bergling's avatar
      fail(9): Fix a few mandoc related issues · 501de9c0
      Gordon Bergling authored
      - function name without markup: return()
      - function name without markup: print()
      
      MFC after:	1 week
      501de9c0
    • Gordon Bergling's avatar
      driver(9): Fix a mandoc related issue · f37f378d
      Gordon Bergling authored
      - sections out of conventional order: Sh SEE ALSO
      
      MFC after:	1 week
      f37f378d
    • Gordon Bergling's avatar
      bhnd_erom(9): Fix a few mandoc related issues · a549eb67
      Gordon Bergling authored
      - skipping paragraph macro: Pp before Bl
      - skipping paragraph macro: Pp after Ss
      - skipping paragraph macro: Pp at the end of Ss
      - unusual Xr punctuation: none before bhnd_driver_get_erom_class(9)
      - unusual Xr punctuation: none before bus_space(9)
      
      MFC after:	1 week
      a549eb67
    • Gordon Bergling's avatar
      bhnd(9): Fix a few mandoc related issues · 05419da5
      Gordon Bergling authored
      - skipping paragraph macro: Pp before Bl
      - skipping paragraph macro: Pp at the end of Ss
      - missing section argument: Xr device_set_desc
      - unusual Xr punctuation: none before bhnd_erom(9)
      
      MFC after:	1 week
      05419da5
    • Gordon Bergling's avatar
      disk(9): Fix a few mandoc related errors · 9512f75f
      Gordon Bergling authored
      - function name without markup: g_io_deliver()
      - function name without markup: disk_gone()
      - sections out of conventional order: Sh SEE ALSO
      - referenced manual not found: Xr MAKE_DEV 9
      
      Actually the man page of MAKE_DEV has never existed.
      
      MFC after:	3 days
      9512f75f
    • Gordon Bergling's avatar
      accept_filter(9): Fix a mandoc related error · b8cfd0c1
      Gordon Bergling authored
      - no blank before trailing delimiter
      b8cfd0c1
    • Ryan Libby's avatar
      rtld-elf: link udivmoddi4 from compiler_rt · bce2cff0
      Ryan Libby authored
      This fixes the gcc9 build of rtld-elf32 on amd64, which needed an
      implementation of udivmoddi4.
      
      rtld-elf uses certain functions normally found in libc, and so it
      includes certain files from libc in its own build.  It has two
      mechanisms to include files from libc: one that rebuilds source files in
      the rtld-elf environment, and one that extracts object files from a
      purpose-built no-SSP PIC archive.
      
      In addition to libc functions, rtld-elf may need to link functions
      normally found in libcompiler_rt (formerly libgcc).  Now, add an ability
      to rebuild libcompiler_rt source files in the rtld-elf environment.  We
      don't yet have a need for an object file extraction mechanism.
      
      libcompiler_rt could also supply udivdi3 and umoddi3, but leave them
      alone for now.
      
      Reviewed by:	arichardson, kib
      Sponsored by:	Dell EMC Isilon
      Differential Revision:	https://reviews.freebsd.org/D27665
      bce2cff0
    • Ryan Libby's avatar
      rtld-libc: fix incremental build · 198a0e58
      Ryan Libby authored
      ar cr is an update of an archive, not a creation of a new one.  During
      incremental builds (e.g. with meta mode) the archive was not getting
      cleaned, and so could retain now-deleted objects from previous builds.
      Now, delete the archive before creating/updating it.
      
      Reviewed by:	arichardson, bdrewery, kib
      Sponsored by:	Dell EMC Isilon
      Differential Revision:	https://reviews.freebsd.org/D27663
      198a0e58
    • Kyle Evans's avatar
      kern: cpuset: allow jails to modify child jails' roots · 54a837c8
      Kyle Evans authored
      This partially lifts a restriction imposed by r191639 ("Prevent a superuser
      inside a jail from modifying the dedicated root cpuset of that jail") that's
      perhaps beneficial after r192895 ("Add hierarchical jails."). Jails still
      cannot modify their own cpuset, but they can modify child jails' roots to
      further restrict them or widen them back to the modifying jails' own mask.
      
      As a side effect of this, the system root may once again widen the mask of
      jails as long as they're still using a subset of the parent jails' mask.
      This was previously prevented by the fact that cpuset_getroot of a root set
      will return that root, rather than the root's parent -- cpuset_modify uses
      cpuset_getroot since it was introduced in r327895, previously it was just
      validating against set->cs_parent which allowed the system root to widen
      jail masks.
      
      Reviewed by:	jamie
      MFC after:	1 week
      Differential Revision:	https://reviews.freebsd.org/D27352
      54a837c8
    • Pedro F. Giffuni's avatar
      login(1): when exporting variables check the result of setenv(3) · dcc6f625
      Pedro F. Giffuni authored
      When exporting a variable we correctly check all the preconditions that
      could make setenv(3) fail. Checking the setenv(3) return value seems
      redundant, but given that login(1) is critical, it doesn't hurt to have
      a post-check.
      
      This change is based on the "Principles of Secure Coding" course by
      Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
      
      (This change redoes r368776 due to a silly mistake)
      dcc6f625
    • Pedro F. Giffuni's avatar
      Revert r368776: · a0bed901
      Pedro F. Giffuni authored
      login(1): when exporting variables check the result of setenv(3)
      
      mismatch: the return value upon error is -1, so the code was not
      doing nothing.
      a0bed901
    • Pedro F. Giffuni's avatar
      login(1): when exporting variables check the result of setenv(3) · ebb4fcc7
      Pedro F. Giffuni authored
      When exporting a variable we correctly check all the preconditions that
      could make setenv(3) fail. Checking the setenv(3) return value seems
      redundant, but given that login(1) is critical, it doesn't hurt to have
      a post-check.
      
      This change is based on the "Principles of Secure Coding" course by
      Matthew Bishop, PhD., which specifically discusses this code in FreeBSD.
      
      Differential Revision:	https://reviews.freebsd.org/D26966
      ebb4fcc7
    • Konstantin Belousov's avatar
      Remove redundand redefinion, fixing build. · 15575436
      Konstantin Belousov authored
      Sponsored by:	The FreeBSD Foundation
      MFC after:	1 week
      15575436
  3. 18 Dec, 2020 2 commits