date:20210227

Re: HEADS-UP: PIE enabled by default on main

2021-02-27 Thread Ihor Antonov

On 2021-02-27 22:29, Warner Losh wrote:
> On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov  wrote:
> 
> > >
> > > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > > any security, except imaginary?  The only purpose of it is to have a
> > > check-list item ticked green.
> >
> > I don't know if I should parse this as sarcasm (or any other form of
> > "humor") or is a serious statement? But this does leave me with a whole
> > bunch of questions..
> >
> > If this is really how Konstantin is describing it then is it OK to say
> > about this to the whole Internet? Why FreeBSD Foundation is paying for
> > meaningless work then? Why members of the Core team do this work?  Does
> > this mean that FreeBSD is working to satisfy the silly needs of some fat
> > customer? What about project independence and not being controlled by
> > big money?
> >
> > Where can I read about ASLR and security myths?
> 
> Why not spend time and explain why this does not work?
> >
> 
> Not to rise to the baitiness of all these leading questions (they really
> are quite contrary to how our community usually comports itself, but for
> the sake of civil discourse, I'll ignore)
> 
> I'll bet it has something to do with the many known ASLR attacks.  One is
> chronicled in https://www.vusec.net/projects/anc/ and elsewhere, which show
> how MMU side channels can defeat ASLR. Or maybe he's familiar with the
> offset2lib attack against Linux 64-bit ASLR documented in this paper
> https://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf.
> There's many others as well that show the shortcomings of ASLR and disclose
> ways to defeat it using various clever means.

Warner, thanks for the links. They are indeed interesting. 

> > You clearly should mean something useful and much more important than
> > that,
> 
> Maybe he'd like to understand how PIE accomplishes better security give the
> known ASLR weaknesses. And rather than take a sarcastic tone, he asked for
> more details that back up the earlier claims of improved security so we
> could all learn something.

The conclusion of the paper in the second link clearly says:

We present a new weakness on the current implementationof the ASLR
Linux systems which affects PIE compiled ex-ecutables.  Applications
compiled with PIE are consideredto be more robust since it makes
attacks more difficult.

Which I read as ASLR and PIE work better together. This is the same what 
Gordon was saying. 

The whole situation is wrong on 2 different levels.

First: saying that ASLR is not perfect and can be broken is not the same
thing as saying "The only purpose of it is to have a check-list item ticked 
green"

There are no perfect security measures, and you guys (kernel and OS
developers) should know that better than us (users). Hackers find new
exploits, developers find ways to mitigate them and cycle repeats. Just
the fact that ASLR can be broken is not the reason to not have it.

Second: look at this exchange from a distance

Ed: we are enabling security feature X, please rebuild your worlds..
Godron: great progress! go team!
Konstantin: why do you think this is great progress? (implying it is
not)
Gordon: well, I heard feature X works best with feature Y
Konstantin: feature Y is useless checkbox, next time you speak make sure
you say something useful!

Considering the fact that Konstantin himself worked on ASLR this is at
least confusing.. Also does this also mean that feature X (PIE) is also
useless checkbox?

Konstantin, Ed, Warner - I dunno what is going on in your house (Core) but 
it does not look good form the outside. You are sending mixed signals to
your auditory.

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: HEADS-UP: PIE enabled by default on main

2021-02-27 Thread Warner Losh

On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov  wrote:

> >
> > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > any security, except imaginary?  The only purpose of it is to have a
> > check-list item ticked green.
>
> I don't know if I should parse this as sarcasm (or any other form of
> "humor") or is a serious statement? But this does leave me with a whole
> bunch of questions..
>
> If this is really how Konstantin is describing it then is it OK to say
> about this to the whole Internet? Why FreeBSD Foundation is paying for
> meaningless work then? Why members of the Core team do this work?  Does
> this mean that FreeBSD is working to satisfy the silly needs of some fat
> customer? What about project independence and not being controlled by
> big money?
>
> Where can I read about ASLR and security myths?

Why not spend time and explain why this does not work?
>

Not to rise to the baitiness of all these leading questions (they really
are quite contrary to how our community usually comports itself, but for
the sake of civil discourse, I'll ignore)

I'll bet it has something to do with the many known ASLR attacks.  One is
chronicled in https://www.vusec.net/projects/anc/ and elsewhere, which show
how MMU side channels can defeat ASLR. Or maybe he's familiar with the
offset2lib attack against Linux 64-bit ASLR documented in this paper
https://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf.
There's many others as well that show the shortcomings of ASLR and disclose
ways to defeat it using various clever means.

> You clearly should mean something useful and much more important than
> that,
> > when stating that FreeBSD made a huge step forward.  So I want to be
> aware
> > of the advance.
>
> Why attack a person who was really happy for the project?
> This DOES sound a agressive, even for a sarcastic joke..
> I am saying this someone who shares the same native language with Mr.
> Belousov,
> it is not a "language/culture" difference thing.
> just your regular user who reads mailing list ocassionally
>

Maybe he'd like to understand how PIE accomplishes better security give the
known ASLR weaknesses. And rather than take a sarcastic tone, he asked for
more details that back up the earlier claims of improved security so we
could all learn something.

Warner
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: HEADS-UP: PIE enabled by default on main

2021-02-27 Thread Ihor Antonov

> 
> But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> any security, except imaginary?  The only purpose of it is to have a
> check-list item ticked green.

I don't know if I should parse this as sarcasm (or any other form of
"humor") or is a serious statement? But this does leave me with a whole
bunch of questions..

If this is really how Konstantin is describing it then is it OK to say
about this to the whole Internet? Why FreeBSD Foundation is paying for
meaningless work then? Why members of the Core team do this work?  Does
this mean that FreeBSD is working to satisfy the silly needs of some fat
customer? What about project independence and not being controlled by
big money?

Where can I read about ASLR and security myths? 
Why not spend time and explain why this does not work?


> You clearly should mean something useful and much more important than that,
> when stating that FreeBSD made a huge step forward.  So I want to be aware
> of the advance.

Why attack a person who was really happy for the project?
This DOES sound a agressive, even for a sarcastic joke..
I am saying this someone who shares the same native language with Mr. Belousov,
it is not a "language/culture" difference thing.

-
just your regular user who reads mailing list ocassionally
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: HEADS-UP: PIE enabled by default on main

2021-02-27 Thread Konstantin Belousov

On Fri, Feb 26, 2021 at 08:32:26PM +0100, Gordon Bergling wrote:
> On Fri, Feb 26, 2021 at 08:57:55PM +0200, Konstantin Belousov wrote:
> > On Fri, Feb 26, 2021 at 07:34:03PM +0100, Gordon Bergling wrote:
> > > On Thu, Feb 25, 2021 at 03:58:07PM -0500, Ed Maste wrote:
> > > > As of 9a227a2fd642 (main-n245052) base system binaries are now built
> > > > as position-independent executable (PIE) by default, for 64-bit
> > > > architectures. PIE executables are used in conjunction with address
> > > > randomization as a mitigation for certain types of security
> > > > vulnerabilities.
> > > > 
> > > > If you track -CURRENT and normally build WITHOUT_CLEAN you'll need to
> > > > do one initial clean build -- either run `make cleanworld` or set
> > > > WITH_CLEAN=yes.
> > > > 
> > > > No significant user-facing changes are expected from this change, but
> > > > there are some minor ones. For example, `file` will indicate that
> > > > binaries are PIE by reporting something like `ELF 64-bit LSB pie
> > > > executable` rather than `ELF 64-bit LSB executable`. Also, for most
> > > > workloads no notable performance impact is expected.
> > > > 
> > > > For almost all ports this should result in no change. There are a
> > > > small number of ports that use base system /usr/share/mk
> > > > infrastructure and thus inherit the base system default, and some of
> > > > those initially failed to build. Those found during an exp-run in
> > > > PR253275 have been addressed or have patches waiting.
> > > > 
> > > > Please watch out for any new issues after you next update the base
> > > > system and/or ports, and report issues via a Bugzilla PR or in reply
> > > > here.
> > > 
> > > Thats a huge step forward in terms on security.
> > Can you explain why?
> > 
> > Thanks.
> 
> I can try. Enabling PIE for every 64bit architecture is in that matter a step
> forward in security as it enables ASLR for further adoption.

But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
any security, except imaginary?  The only purpose of it is to have a
check-list item ticked green.

You clearly should mean something useful and much more important than that,
when stating that FreeBSD made a huge step forward.  So I want to be aware
of the advance.
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Mateusz Guzik

Thanks. I adjusted the namecache. However, the nfs fix provided by
Rick should go in regardless.

On 2/27/21, Juraj Lutter  wrote:
>
>
>> On 27 Feb 2021, at 21:49, Mateusz Guzik  wrote:
>>
>> Can you dump 'struct componentname *cnp'? This should do the trick:
>> f 12
>> p cnp
>>
>> Most notably I want to know if the name to added is a literal dot.
>>
>
> Yes, it is a dot (the directory itself):
>
> cn_nameptr = 0xfe0011428018 ".", cn_namelen = 1
>
> otis
>
>


-- 
Mateusz Guzik 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Juraj Lutter




> On 27 Feb 2021, at 21:49, Mateusz Guzik  wrote:
> 
> Can you dump 'struct componentname *cnp'? This should do the trick:
> f 12
> p cnp
> 
> Most notably I want to know if the name to added is a literal dot.
> 

Yes, it is a dot (the directory itself):

cn_nameptr = 0xfe0011428018 ".", cn_namelen = 1

otis

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Mateusz Guzik

You should be able to just use kgdb on the old kernel and the
crashdump you already collected, provided both are still around.
Alternatively boot with this without the fix:

diff --git a/sys/kern/vfs_cache.c b/sys/kern/vfs_cache.c
index fef1e31d197b..c4d2990b155d 100644
--- a/sys/kern/vfs_cache.c
+++ b/sys/kern/vfs_cache.c
@@ -2266,6 +2266,9 @@ cache_enter_time(struct vnode *dvp, struct vnode
*vp, struct componentname *cnp,
KASSERT(cnp->cn_namelen <= NAME_MAX,
("%s: passed len %ld exceeds NAME_MAX (%d)", __func__,
cnp->cn_namelen,
NAME_MAX));
+   if (dvp == vp) {
+   panic("%s: same vnodes; cnp [%s] len %ld\n", __func__,
cnp->cn_nameptr, cnp->cn_namelen);
+   }
VNPASS(dvp != vp, dvp);
VNPASS(!VN_IS_DOOMED(dvp), dvp);
VNPASS(dvp->v_type != VNON, dvp);


On 2/27/21, Juraj Lutter  wrote:
> I am now running a patched kernel, without problems.
>
> I can boot to unpatched one and see the output of these ddb commands.
>
> otis
>
> —
> Juraj Lutter
> XMPP: juraj (at) lutter.sk
> GSM: +421907986576
>
>> On 27 Feb 2021, at 21:49, Mateusz Guzik  wrote:
>>
>> Can you dump 'struct componentname *cnp'? This should do the trick:
>> f 12
>> p cnp
>>
>
>
>


-- 
Mateusz Guzik 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Juraj Lutter

I am now running a patched kernel, without problems.

I can boot to unpatched one and see the output of these ddb commands.

otis

—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

> On 27 Feb 2021, at 21:49, Mateusz Guzik  wrote:
> 
> Can you dump 'struct componentname *cnp'? This should do the trick:
> f 12
> p cnp
> 


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Mateusz Guzik

Can you dump 'struct componentname *cnp'? This should do the trick:
f 12
p cnp

Most notably I want to know if the name to added is a literal dot.

That case is handled if necessary, but the assert was added to start
making the interface stricter. If the name is a dot I'll be inclined
to remove the assert for 13.x to avoid problems with other callers of
the sort.

Otherwise I'll have to check what's going on there.

On 2/27/21, Juraj Lutter  wrote:
> Hi,
>
> thank you for the swift reaction. This patch fixed my problem.
>
> otis
>
> —
> Juraj Lutter
> XMPP: juraj (at) lutter.sk
> GSM: +421907986576
>
>> On 27 Feb 2021, at 16:53, Rick Macklem  wrote:
>>
>> I reproduced the problem and the attached trivial patch
>> seems to fix it. Please test the patch if you can.
>>
>
>

-- 
Mateusz Guzik 
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

LORs in -CURRENT

2021-02-27 Thread Juraj Lutter

I’ve got some LORs:

lock order reversal:
 1st 0xf8008c4f4af0 nfs (nfs, lockmgr) @ /usr/src/sys/kern/vfs_mount.c:1071
 2nd 0xf8008c51a930 zfs (zfs, lockmgr) @ /usr/src/sys/kern/vfs_mount.c:1083
lock order zfs -> nfs established at:
#0 0x80c7bb7d at witness_checkorder+0x46d
#1 0x80bdcf18 at lockmgr_lock_flags+0x188
#2 0x80af1b9c at nfs_lock+0x2c
#3 0x80ce485f at vop_sigdefer+0x2f
#4 0x80d0e5e4 at _vn_lock+0x54
#5 0x80ced6a5 at vfs_domount+0xef5
#6 0x80cebb02 at vfs_donmount+0x872
#7 0x80ceb259 at sys_nmount+0x69
#8 0x810bd00e at amd64_syscall+0x12e
#9 0x8108fdfe at fast_syscall_common+0xf8
lock order nfs -> zfs attempted at:
#0 0x80c7c4dc at witness_checkorder+0xdcc
#1 0x80bde955 at lockmgr_xlock+0x55
#2 0x80d0e5e4 at _vn_lock+0x54
#3 0x80ced6a5 at vfs_domount+0xef5
#4 0x80cebb02 at vfs_donmount+0x872
#5 0x80ceb259 at sys_nmount+0x69
#6 0x810bd00e at amd64_syscall+0x12e
#7 0x8108fdfe at fast_syscall_common+0xf8
lock order reversal:
 1st 0xf8008c6473f0 zfs (zfs, lockmgr) @ /usr/src/sys/kern/vfs_mount.c:1071
 2nd 0xf80035f4dcb0 devfs (devfs, lockmgr) @ 
/usr/src/sys/kern/vfs_mount.c:1083
lock order devfs -> zfs established at:
#0 0x80c7bb7d at witness_checkorder+0x46d
#1 0x80bde955 at lockmgr_xlock+0x55
#2 0x80d0e5e4 at _vn_lock+0x54
#3 0x80ced6a5 at vfs_domount+0xef5
#4 0x80cebb02 at vfs_donmount+0x872
#5 0x80cf01f7 at kernel_mount+0x57
#6 0x80cf2bc1 at parse_mount+0x4a1
#7 0x80cf1027 at vfs_mountroot+0x587
#8 0x80b9a4ff at start_init+0x1f
#9 0x80bc7470 at fork_exit+0x80
#10 0x8109055e at fork_trampoline+0xe
lock order zfs -> devfs attempted at:
#0 0x80c7c4dc at witness_checkorder+0xdcc
#1 0x80bde955 at lockmgr_xlock+0x55
#2 0x80d0e5e4 at _vn_lock+0x54
#3 0x80ced6a5 at vfs_domount+0xef5
#4 0x80cebb02 at vfs_donmount+0x872
#5 0x80ceb259 at sys_nmount+0x69
#6 0x810bd00e at amd64_syscall+0x12e
#7 0x8108fdfe at fast_syscall_common+0xf8
lock order reversal:
 1st 0xf8008c6f7230 nfs (nfs, lockmgr) @ 
/usr/src/sys/kern/vfs_syscalls.c:4135
 2nd 0xfe000ee1dc50 bufwait (bufwait, lockmgr) @ 
/usr/src/sys/kern/vfs_bio.c:1674
 3rd 0xf8008c6f73f0 nfs (nfs, lockmgr) @ /usr/src/sys/kern/vfs_subr.c:2915
lock order nfs -> bufwait established at:
#0 0x80c7bb7d at witness_checkorder+0x46d
#1 0x80bdd5ec at lockmgr_xlock_hard+0x6c
#2 0x80bde303 at __lockmgr_args+0x613
#3 0x80ccf504 at getnewbuf+0x334
#4 0x80ccc839 at getblkx+0x359
#5 0x80ccf1b2 at getblk+0x22
#6 0x80afd3b6 at nfs_getcacheblk+0x46
#7 0x80afcd4b at ncl_bioread+0x58b
#8 0x80af1aff at nfs_readdir+0x18f
#9 0x80ce485f at vop_sigdefer+0x2f
#10 0x81181f38 at VOP_READDIR_APV+0x38
#11 0x80d0b18b at kern_getdirentries+0x1fb
#12 0x80d0b399 at sys_getdirentries+0x29
#13 0x810bd00e at amd64_syscall+0x12e
#14 0x8108fdfe at fast_syscall_common+0xf8
lock order bufwait -> nfs attempted at:
#0 0x80c7c4dc at witness_checkorder+0xdcc
#1 0x80bdcf18 at lockmgr_lock_flags+0x188
#2 0x80af1b9c at nfs_lock+0x2c
#3 0x80ce485f at vop_sigdefer+0x2f
#4 0x80d0e5e4 at _vn_lock+0x54
#5 0x80cf6e0f at vget_finish+0x4f
#6 0x80ce6b3c at vfs_hash_get+0xbc
#7 0x80af9d09 at nfscl_nget+0x119
#8 0x80ae291a at nfsrpc_readdirplus+0xaaa
#9 0x80aed43c at ncl_readdirplusrpc+0xdc
#10 0x80afdbe3 at ncl_doio+0x423
#11 0x80afcd8c at ncl_bioread+0x5cc
#12 0x80af1aff at nfs_readdir+0x18f
#13 0x80ce485f at vop_sigdefer+0x2f
#14 0x81181f38 at VOP_READDIR_APV+0x38
#15 0x80d0b18b at kern_getdirentries+0x1fb
#16 0x80d0b399 at sys_getdirentries+0x29
#17 0x810bd00e at amd64_syscall+0x12e

kernel is GENERIC, stock config.

otis

—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Juraj Lutter

Hi,

thank you for the swift reaction. This patch fixed my problem.

otis

—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

> On 27 Feb 2021, at 16:53, Rick Macklem  wrote:
> 
> I reproduced the problem and the attached trivial patch
> seems to fix it. Please test the patch if you can.
> 

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: panic: condition seqc_in_modify(_vp->v_seqc) not met at zfs_acl.c:1147 (zfs_acl_chown_setattr)

2021-02-27 Thread Andriy Gapon

On 16/02/2021 22:38, Mateusz Guzik wrote:
> I think for future proofing it would be best if all vnodes going there
> had seqc marked, thus I think this should do the trick:
> 
> diff --git a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> index d5f0da9ecd4b..8172916c4329 100644
> --- a/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> +++ b/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c
> @@ -2756,7 +2756,9 @@ zfs_setattr(znode_t *zp, vattr_t *vap, int
> flags, cred_t *cr)
> err = zfs_acl_chown_setattr(zp);
> ASSERT(err == 0);
> if (attrzp) {
> +   vn_seqc_write_begin(ZTOV(attrzp));
> err = zfs_acl_chown_setattr(attrzp);
> +   vn_seqc_write_end(ZTOV(attrzp));
> ASSERT(err == 0);
> }
> }
> 
> I don't see other calls to the routine.


This patch works perfectly for me.
Thank you!

> On 2/16/21, Andriy Gapon  wrote:
>> On 15/02/2021 11:45, Andriy Gapon wrote:
>>> On 15/02/2021 10:22, Andriy Gapon wrote:

 I've got this panic once when copying a couple of files.
 The system is stable/13 as of 1996360d7338d, a custom kernel
 configuration, but
 no local source code modifications.

 Unread portion of the kernel message buffer:
 VNASSERT failed: ({ seqc_t __seqc = (_vp->v_seqc);
 __builtin_expect((__seqc &
 1), 0); }) not true at
 /usr/devel/git/trant/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c:1147
 (zfs_acl_chown_setattr)
 0xf8013e4e85b8: type VDIR
 usecount 1, writecount 0, refcount 1 seqc users 0 mountedhere 0
 hold count flags ()
 flags ()
 lock type zfs: EXCL by thread 0xfe01dd1cd560 (pid 30747,
 kdeinit5, tid
 159911)
 panic: condition seqc_in_modify(_vp->v_seqc) not met at
 /usr/devel/git/trant/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c:1147
 (zfs_acl_chown_setattr)

 Any ideas, suggestions, hints?
 Thanks!

>>> ...
 #4  0x8036fd21 in zfs_acl_chown_setattr (zp=0xf801ccd203b0)
 at
 /usr/devel/git/trant/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_acl.c:1147
 #5  0x8037e52d in zfs_setattr (zp=0xf8024b04f760,
 vap=vap@entry=0xfe029a36c870, flags=flags@entry=0,
 cr=, cr@entry=0xf8003ecedc00)
 at
 /usr/devel/git/trant/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c:2758
>>>
>>> So, this is actually the second zfs_acl_chown_setattr call here:
>>> err = zfs_acl_chown_setattr(zp);
>>> ASSERT(err == 0);
>>> if (attrzp) {
>>> err = zfs_acl_chown_setattr(attrzp);
>>> ASSERT(err == 0);
>>> }
>>>
>>> I am not sure if the assertion is actually applicable to attrzp (extended
>>> attributes "directory").
>>> At least I do not see any seq calls for it.
>>>
>>
>> So, I think that the problem should be reproducible by simply chown-ing a
>> file
>> with an extended attribute.  The kernel should be compiled with both
>> DEBUG_VFS_LOCKS and INVARIANTS.
>>
>> --
>> Andriy Gapon
>>
> 
> 


-- 
Andriy Gapon
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Rick Macklem

I reproduced the problem and the attached trivial patch
seems to fix it. Please test the patch if you can.

Mateusz, I assume the directory shouldn't try and add
a cache entry for itself?
I don't test NFSv3 much and I don't test "rdirplus"
much, so it slipped through the cracks.

Thanks for reporting it, rick


From: owner-freebsd-curr...@freebsd.org  on 
behalf of Juraj Lutter 
Sent: Saturday, February 27, 2021 9:31 AM
To: freebsd-current
Subject: Re: -CURRENT panics in NFS

CAUTION: This email originated from outside of the University of Guelph. Do not 
click links or open attachments unless you recognize the sender and know the 
content is safe. If in doubt, forward suspicious emails to ith...@uoguelph.ca


And a kgdb backtrace:

(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=textdump@entry=0) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0x804c7b2a in db_dump (dummy=, dummy2=, 
dummy3=, dummy4=) at /usr/src/sys/ddb/db_command.c:575
#3  0x804c78ee in db_command (last_cmdp=, 
cmd_table=, dopager=dopager@entry=1) at 
/usr/src/sys/ddb/db_command.c:482
#4  0x804c762d in db_command_loop () at 
/usr/src/sys/ddb/db_command.c:535
#5  0x804cac36 in db_trap (type=, code=) 
at /usr/src/sys/ddb/db_main.c:270
#6  0x80c59d04 in kdb_trap (type=type@entry=3, code=code@entry=0, 
tf=, tf@entry=0xfe00d01c3d40) at 
/usr/src/sys/kern/subr_kdb.c:727
#7  0x810bc1ee in trap (frame=0xfe00d01c3d40) at 
/usr/src/sys/amd64/amd64/trap.c:576
#8  
#9  kdb_enter (why=0x812accc9 "panic", msg=) at 
/usr/src/sys/kern/subr_kdb.c:506
#10 0x80c0d5d2 in vpanic (fmt=, ap=, 
ap@entry=0xfe00d01c3ea0) at /usr/src/sys/kern/kern_shutdown.c:907
#11 0x80c0d363 in panic (fmt=0x81e9a178  
"\177\256&\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:843
#12 0x80cd6d74 in cache_enter_time (dvp=0xf80079321e00, 
vp=0xf80079321e00, cnp=cnp@entry=0xfe00d01c4030, 
tsp=tsp@entry=0xfe00d01c40e0, dtsp=)
at /usr/src/sys/kern/vfs_cache.c:2274
#13 0x80ae2bd6 in nfsrpc_readdirplus (vp=, 
vp@entry=0xf80079321e00, uiop=, 
uiop@entry=0xfe00d01c4540,
cookiep=cookiep@entry=0xfe00d01c44e0, 
cred=cred@entry=0xf80079307e00, p=, 
p@entry=0xfe00de06be00, nap=nap@entry=0xfe00d01c4400,
attrflagp=0xfe00d01c44f0, eofp=0xfe00d01c44f4, stuff=0x0) at 
/usr/src/sys/fs/nfsclient/nfs_clrpcops.c:3766
#14 0x80aed4ec in ncl_readdirplusrpc (vp=vp@entry=0xf80079321e00, 
uiop=uiop@entry=0xfe00d01c4540, cred=0xf80079307e00, 
td=td@entry=0xfe00de06be00)
at /usr/src/sys/fs/nfsclient/nfs_clvnops.c:2490
#15 0x80afdc93 in ncl_doio (vp=vp@entry=0xf80079321e00, 
bp=bp@entry=0xfe000ee1c610, cr=0xfe00d01c3d00, 
cr@entry=0xf80079307e00, td=td@entry=0xfe00de06be00,
called_from_strategy=called_from_strategy@entry=0) at 
/usr/src/sys/fs/nfsclient/nfs_clbio.c:1686
#16 0x80afce3c in ncl_bioread (vp=, 
vp@entry=0xf80079321e00, uio=, ioflag=ioflag@entry=0, 
cred=)
at /usr/src/sys/fs/nfsclient/nfs_clbio.c:604
#17 0x80af1baf in nfs_readdir (ap=ap@entry=0xfe00d01c4918) at 
/usr/src/sys/fs/nfsclient/nfs_clvnops.c:2383
#18 0x80ce490f in vop_sigdefer (vop=, 
a=0xfe00d01c4918) at /usr/src/sys/kern/vfs_default.c:1471
#19 0x81181f38 in VOP_READDIR_APV (vop=0x81af00d8 
, a=a@entry=0xfe00d01c4918) at vnode_if.c:1939
#20 0x80d0b23b in VOP_READDIR (vp=0xf80079321e00, 
uio=0xfe00d01c48d0, cred=, eofflag=0xfe00d01c48cc, 
ncookies=0x0, cookies=0x0) at ./vnode_if.h:985
#21 kern_getdirentries (td=, fd=, buf=0x801851000 
, count=4096, 
basep=basep@entry=0xfe00d01c49b0,
residp=residp@entry=0x0, bufseg=UIO_USERSPACE) at 
/usr/src/sys/kern/vfs_syscalls.c:4142
#22 0x80d0b449 in sys_getdirentries (td=0x81e9a178 
, uap=0xfe00de06c1e8) at /usr/src/sys/kern/vfs_syscalls.c:4089
#23 0x810bd00e in syscallenter (td=) at 
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#24 amd64_syscall (td=0xfe00de06be00, traced=0) at 
/usr/src/sys/amd64/amd64/trap.c:1156
#25 
#26 0x0008012a83fa in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffd928

—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

> On 27 Feb 2021, at 15:18, Juraj Lutter  wrote:
>
> Reliably reproducible:
>

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


rdirplus.patch
Description: rdirplus.patch
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: KTLS with zfs recv

2021-02-27 Thread Alan Somers

On Sat, Feb 27, 2021 at 7:10 AM Rodney W. Grimes <
freebsd-...@gndrsh.dnsmgr.net> wrote:

> > On Fri, Feb 26, 2021 at 9:24 AM Rodney W. Grimes <
> > freebsd-...@gndrsh.dnsmgr.net> wrote:
> >
> > > > My understanding is that KTLS works very well with OpenSSL for
> sending,
> > > but
> > > > not as well for receiving, because there's nothing like a recvfile
> > > > syscall.  However, it works great for both send and receive with NFS,
> > > where
> > > > all the data remains in the kernel. What about zfs recv?  A very
> common
> > > > pattern is for an application to read from an SSL socket and then
> pipe
> > > the
> > > > data to zfs recv. For example, zrepl does that.  Could zfs recv
> instead
> > > > read directly from the KTLS socket, bypassing userspace?  That could
> > > > potentially save a _lot_ of cycles for a _lot_ of people.
> > >
> > > I did some patches and a short presentation at BSDCan that basically
> > > shoves the whole zfs send and zfs recv process into the kernel, ie
> > > it opens the sockets up, makes the connections, then the socket
> > > is passed into the kernel(s) and it all runs in kernel mode.
> > >
> > >
> > >
> https://www.bsdcan.org/2018/schedule/attachments/479_BSDCan-2018-zfs-send.pdf
> > >
> > > A few things need fixed like reversing who does the listen for
> > > security reasons, but this feature is probably ready for prime
> > > time.
> > >
> > > > -Alan
> > >
> > > --
> > > Rod Grimes
> > > rgri...@freebsd.org
> >
> >
> > That looks potentially useful, but it doesn't use encryption.  Would it
> > work if the socket had been opened by openssl with ktls?
>
> Alan,
> Should I revise the code to meet the state that was discussed
> during the BSDCan talk so that it can be committed?  Matt Aherns said
> at the time he felt if I just reversed the listen/connect relationship
> between send and recv that it addressed enough of the security concern
> to be usable "on a local and well administered" network and would
> probably be safe to import into upstream ZFS.  (This was prior to
> FreeBSD moving to openzfs.)
>
> From other discussion in this thread it does not sound difficult to
> implement the KTLS end of it, but I doubt that would be portable
> enough to upstream, maybe someone can speak to that issue?
>
> --
> Rod Grimes
> rgri...@freebsd.org


Rod, it would be great if we can get that code committed.  I'll try to come
up with a OpenSSL->zfs recv POC program next week.  And I think we should
try to upstream it to OpenZFS, too.  They aren't strict about portability;
plenty of OS-specific features have made it into their repo.
-Alan
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

FreeBSD 13.0-BETA4 Now Available

2021-02-27 Thread Glen Barber

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

The fourth BETA build of the 13.0-RELEASE release cycle is now available.

Installation images are available for:

o 13.0-BETA4 amd64 GENERIC
o 13.0-BETA4 i386 GENERIC
o 13.0-BETA4 powerpc GENERIC
o 13.0-BETA4 powerpc64 GENERIC64
o 13.0-BETA4 powerpc64le GENERIC64LE
o 13.0-BETA4 powerpcspe MPC85XXSPE
o 13.0-BETA4 armv6 RPI-B
o 13.0-BETA4 armv7 GENERICSD
o 13.0-BETA4 aarch64 GENERIC
o 13.0-BETA4 aarch64 RPI
o 13.0-BETA4 aarch64 PINE64
o 13.0-BETA4 aarch64 PINE64-LTS
o 13.0-BETA4 aarch64 PINEBOOK
o 13.0-BETA4 aarch64 ROCK64
o 13.0-BETA4 aarch64 ROCKPRO64
o 13.0-BETA4 riscv64 GENERIC
o 13.0-BETA4 riscv64 GENERICSD

Note regarding arm SD card images: For convenience for those without
console access to the system, a freebsd user with a password of
freebsd is available by default for ssh(1) access.  Additionally,
the root user password is set to root.  It is strongly recommended
to change the password for both users after gaining access to the
system.

Installer images and memory stick images are available here:

https://download.freebsd.org/ftp/releases/ISO-IMAGES/13.0/

The image checksums follow at the end of this e-mail.

If you notice problems you can report them through the Bugzilla PR
system or on the -stable mailing list.

If you would like to use Git to do a source based update of an existing
system, use the "releng/13.0" branch.

A summary of changes since 13.0-BETA3 includes:

o A possible race between jail_remove(2) and fork(2) had been fixed.

o An issue with the pf(4) osfp configuration had been fixed.

o An update to the ena(4) driver had been added.

o A bug fix to flex(1) had been addressed.

o Fixes for FreeBSD-SA-21:06.xen and FreeBSD-SA-21:03.pam_login_access
  had been addressed.

o A fix to ZFS to address a potential system crash if scrubbing after
  removing a slog device had been addressed.

o And other miscellaneous fixes.

A list of changes since 12.2-RELEASE is available in the releng/13.0
release notes:

https://www.freebsd.org/releases/13.0R/relnotes.html

Please note, the release notes page is not yet complete, and will be
updated on an ongoing basis as the 13.0-RELEASE cycle progresses.

=== Virtual Machine Disk Images ===

VM disk images are available for the amd64, i386, and aarch64
architectures.  Disk images may be downloaded from the following URL
(or any of the FreeBSD download mirrors):

https://download.freebsd.org/ftp/releases/VM-IMAGES/13.0-BETA4/

The partition layout is:

~ 16 kB - freebsd-boot GPT partition type (bootfs GPT label)
~ 1 GB  - freebsd-swap GPT partition type (swapfs GPT label)
~ 20 GB - freebsd-ufs GPT partition type (rootfs GPT label)

The disk images are available in QCOW2, VHD, VMDK, and raw disk image
formats.  The image download size is approximately 135 MB and 165 MB
respectively (amd64/i386), decompressing to a 21 GB sparse image.

Note regarding arm64/aarch64 virtual machine images: a modified QEMU EFI
loader file is needed for qemu-system-aarch64 to be able to boot the
virtual machine images.  See this page for more information:

https://wiki.freebsd.org/arm64/QEMU

To boot the VM image, run:

% qemu-system-aarch64 -m 4096M -cpu cortex-a57 -M virt  \
-bios QEMU_EFI.fd -serial telnet::,server -nographic \
-drive if=none,file=VMDISK,id=hd0 \
-device virtio-blk-device,drive=hd0 \
-device virtio-net-device,netdev=net0 \
-netdev user,id=net0

Be sure to replace "VMDISK" with the path to the virtual machine image.

BASIC-CI images can be found at:

https://download.freebsd.org/ftp/snapshots/CI-IMAGES/

=== Amazon EC2 AMI Images ===

FreeBSD/amd64 EC2 AMIs are available in the following regions:

  af-south-1 region: ami-018ff0bbb489cc147
  eu-north-1 region: ami-0d254e869c98cee4c
  ap-south-1 region: ami-0fbf06953c56b6f0d
  eu-west-3 region: ami-052a22f0481d6b334
  eu-west-2 region: ami-015353db614403879
  eu-south-1 region: ami-00846500ffe1975b8
  eu-west-1 region: ami-0b515b56fa3b7332b
  ap-northeast-2 region: ami-06803a95877671551
  me-south-1 region: ami-08de3623ff267603a
  ap-northeast-1 region: ami-05161601758e32a63
  sa-east-1 region: ami-0d06cd4055c68ba45
  ca-central-1 region: ami-0d0388a8a169d558f
  ap-east-1 region: ami-0451191bad1ef9693
  ap-southeast-1 region: ami-0ebd0fd4279e33ec8
  ap-southeast-2 region: ami-05ade971900f558c0
  eu-central-1 region: ami-0ad78f12e0a41a4b0
  us-east-1 region: ami-0d05110d430079833
  us-east-2 region: ami-02da8e14277738938
  us-west-1 region: ami-01f37e43b49871d73
  us-west-2 region: ami-0f07edd632e38b962

FreeBSD/aarch64 EC2 AMIs are available in the following regions:

  af-south-1 region: ami-0967dd10e7b2b5dff
  eu-north-1 region: ami-09fb93f6c2c7109e5
  ap-south-1 region: ami-0034cc6c0c95e6f1c
  eu-west-3 region: ami-01b1667281c168197
  eu-west-2 region: ami-02ecf0f64094a745c
  eu-south-1 region: ami-07481931ee179e035
  eu-west-1 region: ami-07b117d18ce82445e
  ap-northeast-2

Re: -CURRENT panics in NFS

2021-02-27 Thread Juraj Lutter

And a kgdb backtrace:

(kgdb) bt
#0  __curthread () at /usr/src/sys/amd64/include/pcpu_aux.h:55
#1  doadump (textdump=textdump@entry=0) at /usr/src/sys/kern/kern_shutdown.c:399
#2  0x804c7b2a in db_dump (dummy=, dummy2=, 
dummy3=, dummy4=) at /usr/src/sys/ddb/db_command.c:575
#3  0x804c78ee in db_command (last_cmdp=, 
cmd_table=, dopager=dopager@entry=1) at 
/usr/src/sys/ddb/db_command.c:482
#4  0x804c762d in db_command_loop () at 
/usr/src/sys/ddb/db_command.c:535
#5  0x804cac36 in db_trap (type=, code=) 
at /usr/src/sys/ddb/db_main.c:270
#6  0x80c59d04 in kdb_trap (type=type@entry=3, code=code@entry=0, 
tf=, tf@entry=0xfe00d01c3d40) at 
/usr/src/sys/kern/subr_kdb.c:727
#7  0x810bc1ee in trap (frame=0xfe00d01c3d40) at 
/usr/src/sys/amd64/amd64/trap.c:576
#8  
#9  kdb_enter (why=0x812accc9 "panic", msg=) at 
/usr/src/sys/kern/subr_kdb.c:506
#10 0x80c0d5d2 in vpanic (fmt=, ap=, 
ap@entry=0xfe00d01c3ea0) at /usr/src/sys/kern/kern_shutdown.c:907
#11 0x80c0d363 in panic (fmt=0x81e9a178  
"\177\256&\201\377\377\377\377") at /usr/src/sys/kern/kern_shutdown.c:843
#12 0x80cd6d74 in cache_enter_time (dvp=0xf80079321e00, 
vp=0xf80079321e00, cnp=cnp@entry=0xfe00d01c4030, 
tsp=tsp@entry=0xfe00d01c40e0, dtsp=)
at /usr/src/sys/kern/vfs_cache.c:2274
#13 0x80ae2bd6 in nfsrpc_readdirplus (vp=, 
vp@entry=0xf80079321e00, uiop=, 
uiop@entry=0xfe00d01c4540,
cookiep=cookiep@entry=0xfe00d01c44e0, 
cred=cred@entry=0xf80079307e00, p=, 
p@entry=0xfe00de06be00, nap=nap@entry=0xfe00d01c4400,
attrflagp=0xfe00d01c44f0, eofp=0xfe00d01c44f4, stuff=0x0) at 
/usr/src/sys/fs/nfsclient/nfs_clrpcops.c:3766
#14 0x80aed4ec in ncl_readdirplusrpc (vp=vp@entry=0xf80079321e00, 
uiop=uiop@entry=0xfe00d01c4540, cred=0xf80079307e00, 
td=td@entry=0xfe00de06be00)
at /usr/src/sys/fs/nfsclient/nfs_clvnops.c:2490
#15 0x80afdc93 in ncl_doio (vp=vp@entry=0xf80079321e00, 
bp=bp@entry=0xfe000ee1c610, cr=0xfe00d01c3d00, 
cr@entry=0xf80079307e00, td=td@entry=0xfe00de06be00,
called_from_strategy=called_from_strategy@entry=0) at 
/usr/src/sys/fs/nfsclient/nfs_clbio.c:1686
#16 0x80afce3c in ncl_bioread (vp=, 
vp@entry=0xf80079321e00, uio=, ioflag=ioflag@entry=0, 
cred=)
at /usr/src/sys/fs/nfsclient/nfs_clbio.c:604
#17 0x80af1baf in nfs_readdir (ap=ap@entry=0xfe00d01c4918) at 
/usr/src/sys/fs/nfsclient/nfs_clvnops.c:2383
#18 0x80ce490f in vop_sigdefer (vop=, 
a=0xfe00d01c4918) at /usr/src/sys/kern/vfs_default.c:1471
#19 0x81181f38 in VOP_READDIR_APV (vop=0x81af00d8 
, a=a@entry=0xfe00d01c4918) at vnode_if.c:1939
#20 0x80d0b23b in VOP_READDIR (vp=0xf80079321e00, 
uio=0xfe00d01c48d0, cred=, eofflag=0xfe00d01c48cc, 
ncookies=0x0, cookies=0x0) at ./vnode_if.h:985
#21 kern_getdirentries (td=, fd=, buf=0x801851000 
, count=4096, 
basep=basep@entry=0xfe00d01c49b0,
residp=residp@entry=0x0, bufseg=UIO_USERSPACE) at 
/usr/src/sys/kern/vfs_syscalls.c:4142
#22 0x80d0b449 in sys_getdirentries (td=0x81e9a178 
, uap=0xfe00de06c1e8) at /usr/src/sys/kern/vfs_syscalls.c:4089
#23 0x810bd00e in syscallenter (td=) at 
/usr/src/sys/amd64/amd64/../../kern/subr_syscall.c:189
#24 amd64_syscall (td=0xfe00de06be00, traced=0) at 
/usr/src/sys/amd64/amd64/trap.c:1156
#25 
#26 0x0008012a83fa in ?? ()
Backtrace stopped: Cannot access memory at address 0x7fffd928

—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

> On 27 Feb 2021, at 15:18, Juraj Lutter  wrote:
> 
> Reliably reproducible:
> 

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: -CURRENT panics in NFS

2021-02-27 Thread Juraj Lutter

Reliably reproducible:

VNASSERT failed: dvp != vp not true at /usr/src/sys/kern/vfs_cache.c:2269 
(cache_enter_time)
0xf80079321e00: type VDIR
usecount 4, writecount 0, refcount 3 seqc users 0 mountedhere 0
hold count flags ()
flags (VV_ROOT|VV_VMSIZEVNLOCK)
v_object 0xf801eeaf1d68 ref 0 pages 2 cleanbuf 1 dirtybuf 0
lock type nfs: SHARED (count 1)
fileid 34 fsid 0x3a3a00ff02
panic: condition dvp != vp not met at /usr/src/sys/kern/vfs_cache.c:2269 
(cache_enter_time)
cpuid = 1
time = 1614435453
KDB: stack backtrace:
db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame 0xfe00d01c3e10
vpanic() at vpanic+0x181/frame 0xfe00d01c3e60
panic() at panic+0x43/frame 0xfe00d01c3ec0
cache_enter_time() at cache_enter_time+0x1574/frame 0xfe00d01c3fa0
nfsrpc_readdirplus() at nfsrpc_readdirplus+0xcb6/frame 0xfe00d01c43d0
ncl_readdirplusrpc() at ncl_readdirplusrpc+0xdc/frame 0xfe00d01c4520
ncl_doio() at ncl_doio+0x423/frame 0xfe00d01c45b0
ncl_bioread() at ncl_bioread+0x5cc/frame 0xfe00d01c4740
nfs_readdir() at nfs_readdir+0x18f/frame 0xfe00d01c4850
vop_sigdefer() at vop_sigdefer+0x2f/frame 0xfe00d01c4880
VOP_READDIR_APV() at VOP_READDIR_APV+0x38/frame 0xfe00d01c48a0
kern_getdirentries() at kern_getdirentries+0x1fb/frame 0xfe00d01c4990
sys_getdirentries() at sys_getdirentries+0x29/frame 0xfe00d01c49c0
amd64_syscall() at amd64_syscall+0x12e/frame 0xfe00d01c4af0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfe00d01c4af0
--- syscall (554, FreeBSD ELF64, sys_getdirentries), rip = 0x8012a83fa, rsp = 
0x7fffd928, rbp = 0x7fffd960 ---
KDB: enter: panic
[ thread pid 1879 tid 101207 ]
Stopped at  kdb_enter+0x37: movq$0,0x128bdde(%rip)
db>


—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

> On 27 Feb 2021, at 15:10, Juraj Lutter  wrote:
> 
> - poudriere data stored on NFS
> - NFS server 12-STABLE
> - NFS client (that panicked) 14-CURRENT
> - Panic string:
> 
> condition dvp != vp not met at /usr/src/sys/kern/vfs_cache.c:2269 
> (cache_enter_time)
> 
> backtrace:
> 
> Tracing pid 27294 tid 100893 td 0xfe00ea1a3500
> kdb_enter() at kdb_enter+0x37/frame 0xfe00ea3dee10
> vpanic() at vpanic+0x1b2/frame 0xfe00ea3dee60
> panic() at panic+0x43/frame 0xfe00ea3deec0
> cache_enter_time() at cache_enter_time+0x1574/frame 0xfe00ea3defa0
> nfsrpc_readdirplus() at nfsrpc_readdirplus+0xcb6/frame 0xfe00ea3df3d0
> ncl_readdirplusrpc() at ncl_readdirplusrpc+0xdc/frame 0xfe00ea3df520
> ncl_doio() at ncl_doio+0x423/frame 0xfe00ea3df5b0
> ncl_bioread() at ncl_bioread+0x5cc/frame 0xfe00ea3df740
> nfs_readdir() at nfs_readdir+0x18f/frame 0xfe00ea3df850
> vop_sigdefer() at vop_sigdefer+0x2f/frame 0xfe00ea3df880
> VOP_READDIR_APV() at VOP_READDIR_APV+0x38/frame 0xfe00ea3df8a0
> kern_getdirentries() at kern_getdirentries+0x1fb/frame 0xfe00ea3df990
> sys_getdirentries() at sys_getdirentries+0x29/frame 0xfe00ea3df9c0
> amd64_syscall() at amd64_syscall+0x12e/frame 0xfe00ea3dfaf0
> fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfe00ea3dfaf0
> 
> 
> running processes:
> 
> 27295 27179 27179 0  S+  piperd  0xf800090b4ba0  xargs
> 27294 27179 27179 0  R+  CPU 1   find
> 27179   816 27179 0  S+  wait0xf80181b69528  sh
> 
> Dump header from device: /dev/vtbd0p3
>  Architecture: amd64
>  Architecture Version: 2
>  Dump Length: 1860571136
>  Blocksize: 512
>  Compression: none
>  Dumptime: 2021-02-27 14:59:59 +0100
>  Hostname: b14.builder.wilbury.net
>  Magic: FreeBSD Kernel Dump
>  Version String: FreeBSD 14.0-CURRENT #0 main-n245107-172f2fc11cc: Fri Feb 26 
> 15:20:00 CET 2021
>r...@b14.builder.wilbury.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
>  Panic String: condition dvp != vp not met at 
> /usr/src/sys/kern/vfs_cache.c:2269 (cache_enter_time)
>  Dump Parity: 1481068399
>  Bounds: 0
>  Dump Status: good
> 
> —
> Juraj Lutter
> XMPP: juraj (at) lutter.sk
> GSM: +421907986576
> 
> ___
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: KTLS with zfs recv

2021-02-27 Thread Rodney W. Grimes

> On Fri, Feb 26, 2021 at 9:24 AM Rodney W. Grimes <
> freebsd-...@gndrsh.dnsmgr.net> wrote:
> 
> > > My understanding is that KTLS works very well with OpenSSL for sending,
> > but
> > > not as well for receiving, because there's nothing like a recvfile
> > > syscall.  However, it works great for both send and receive with NFS,
> > where
> > > all the data remains in the kernel. What about zfs recv?  A very common
> > > pattern is for an application to read from an SSL socket and then pipe
> > the
> > > data to zfs recv. For example, zrepl does that.  Could zfs recv instead
> > > read directly from the KTLS socket, bypassing userspace?  That could
> > > potentially save a _lot_ of cycles for a _lot_ of people.
> >
> > I did some patches and a short presentation at BSDCan that basically
> > shoves the whole zfs send and zfs recv process into the kernel, ie
> > it opens the sockets up, makes the connections, then the socket
> > is passed into the kernel(s) and it all runs in kernel mode.
> >
> >
> > https://www.bsdcan.org/2018/schedule/attachments/479_BSDCan-2018-zfs-send.pdf
> >
> > A few things need fixed like reversing who does the listen for
> > security reasons, but this feature is probably ready for prime
> > time.
> >
> > > -Alan
> >
> > --
> > Rod Grimes
> > rgri...@freebsd.org
> 
> 
> That looks potentially useful, but it doesn't use encryption.  Would it
> work if the socket had been opened by openssl with ktls?

Alan,
Should I revise the code to meet the state that was discussed
during the BSDCan talk so that it can be committed?  Matt Aherns said
at the time he felt if I just reversed the listen/connect relationship
between send and recv that it addressed enough of the security concern
to be usable "on a local and well administered" network and would
probably be safe to import into upstream ZFS.  (This was prior to
FreeBSD moving to openzfs.)

>From other discussion in this thread it does not sound difficult to
implement the KTLS end of it, but I doubt that would be portable
enough to upstream, maybe someone can speak to that issue?

-- 
Rod Grimes rgri...@freebsd.org
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

-CURRENT panics in NFS

2021-02-27 Thread Juraj Lutter

- poudriere data stored on NFS
- NFS server 12-STABLE
- NFS client (that panicked) 14-CURRENT
- Panic string:

condition dvp != vp not met at /usr/src/sys/kern/vfs_cache.c:2269 
(cache_enter_time)

backtrace:

Tracing pid 27294 tid 100893 td 0xfe00ea1a3500
kdb_enter() at kdb_enter+0x37/frame 0xfe00ea3dee10
vpanic() at vpanic+0x1b2/frame 0xfe00ea3dee60
panic() at panic+0x43/frame 0xfe00ea3deec0
cache_enter_time() at cache_enter_time+0x1574/frame 0xfe00ea3defa0
nfsrpc_readdirplus() at nfsrpc_readdirplus+0xcb6/frame 0xfe00ea3df3d0
ncl_readdirplusrpc() at ncl_readdirplusrpc+0xdc/frame 0xfe00ea3df520
ncl_doio() at ncl_doio+0x423/frame 0xfe00ea3df5b0
ncl_bioread() at ncl_bioread+0x5cc/frame 0xfe00ea3df740
nfs_readdir() at nfs_readdir+0x18f/frame 0xfe00ea3df850
vop_sigdefer() at vop_sigdefer+0x2f/frame 0xfe00ea3df880
VOP_READDIR_APV() at VOP_READDIR_APV+0x38/frame 0xfe00ea3df8a0
kern_getdirentries() at kern_getdirentries+0x1fb/frame 0xfe00ea3df990
sys_getdirentries() at sys_getdirentries+0x29/frame 0xfe00ea3df9c0
amd64_syscall() at amd64_syscall+0x12e/frame 0xfe00ea3dfaf0
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfe00ea3dfaf0


running processes:

27295 27179 27179 0  S+  piperd  0xf800090b4ba0  xargs
27294 27179 27179 0  R+  CPU 1   find
27179   816 27179 0  S+  wait0xf80181b69528  sh

Dump header from device: /dev/vtbd0p3
  Architecture: amd64
  Architecture Version: 2
  Dump Length: 1860571136
  Blocksize: 512
  Compression: none
  Dumptime: 2021-02-27 14:59:59 +0100
  Hostname: b14.builder.wilbury.net
  Magic: FreeBSD Kernel Dump
  Version String: FreeBSD 14.0-CURRENT #0 main-n245107-172f2fc11cc: Fri Feb 26 
15:20:00 CET 2021
r...@b14.builder.wilbury.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC
  Panic String: condition dvp != vp not met at 
/usr/src/sys/kern/vfs_cache.c:2269 (cache_enter_time)
  Dump Parity: 1481068399
  Bounds: 0
  Dump Status: good

—
Juraj Lutter
XMPP: juraj (at) lutter.sk
GSM: +421907986576

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: cardbus panic

2021-02-27 Thread Warner Losh

Great. Committed as c01da939b0998f8de068a23c9016c377e761255e. As you might
have guessed, I don't have a current cardbus system, though I need to bring
one up to finish the removal of PC Card support.

Warner

On Sat, Feb 27, 2021 at 1:13 AM Steve Kargl <
s...@troutmask.apl.washington.edu> wrote:

> That fixes the problem.  Thanks for the quick response.
>
> --
> steve
>
> On Sat, Feb 27, 2021 at 12:02:54AM -0700, Warner Losh wrote:
> > What does https://reviews.freebsd.org/D28963 do for you?
> >
> > Warner
> >
> > On Fri, Feb 26, 2021 at 9:48 PM Steve Kargl <
> > s...@troutmask.apl.washington.edu> wrote:
> >
> > > Ejecting a D-Link DWL-G630 AirPlus G NIC leads to
> > >
> > > panic: mutex Giant not owned at /usr/src/sys/kern/subr_bus.c:3001
> > > cpuid = 1
> > > time = 1614400775
> > > KDB: stack backtrace:
> > > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > > 0xfe0062fc3b40
> > > vpanic() at vpanic+0x181/frame 0xfe0062fc3b90
> > > panic() at panic+0x43/frame 0xfe0062fc3bf0
> > > __mtx_assert() at __mtx_assert+0xb0/frame 0xfe0062fc3c00
> > > device_detach() at device_detach+0x2e/frame 0xfe0062fc3c40
> > > bus_generic_detach() at bus_generic_detach+0x38/frame
> 0xfe0062fc3c60
> > > cardbus_detach_card() at cardbus_detach_card+0xf/frame
> 0xfe0062fc3c80
> > > cbb_event_thread() at cbb_event_thread+0x1be/frame 0xfe0062fc3cf0
> > > fork_exit() at fork_exit+0x80/frame 0xfe0062fc3d30
> > > fork_trampoline() at fork_trampoline+0xe/frame 0xfe0062fc3d30
> > > --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> > > KDB: enter: panic
> > >
>
> --
> Steve
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: cardbus panic

2021-02-27 Thread Steve Kargl

That fixes the problem.  Thanks for the quick response.

-- 
steve

On Sat, Feb 27, 2021 at 12:02:54AM -0700, Warner Losh wrote:
> What does https://reviews.freebsd.org/D28963 do for you?
> 
> Warner
> 
> On Fri, Feb 26, 2021 at 9:48 PM Steve Kargl <
> s...@troutmask.apl.washington.edu> wrote:
> 
> > Ejecting a D-Link DWL-G630 AirPlus G NIC leads to
> >
> > panic: mutex Giant not owned at /usr/src/sys/kern/subr_bus.c:3001
> > cpuid = 1
> > time = 1614400775
> > KDB: stack backtrace:
> > db_trace_self_wrapper() at db_trace_self_wrapper+0x2b/frame
> > 0xfe0062fc3b40
> > vpanic() at vpanic+0x181/frame 0xfe0062fc3b90
> > panic() at panic+0x43/frame 0xfe0062fc3bf0
> > __mtx_assert() at __mtx_assert+0xb0/frame 0xfe0062fc3c00
> > device_detach() at device_detach+0x2e/frame 0xfe0062fc3c40
> > bus_generic_detach() at bus_generic_detach+0x38/frame 0xfe0062fc3c60
> > cardbus_detach_card() at cardbus_detach_card+0xf/frame 0xfe0062fc3c80
> > cbb_event_thread() at cbb_event_thread+0x1be/frame 0xfe0062fc3cf0
> > fork_exit() at fork_exit+0x80/frame 0xfe0062fc3d30
> > fork_trampoline() at fork_trampoline+0xe/frame 0xfe0062fc3d30
> > --- trap 0, rip = 0, rsp = 0, rbp = 0 ---
> > KDB: enter: panic
> >

-- 
Steve
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: HEADS-UP: PIE enabled by default on main

Re: HEADS-UP: PIE enabled by default on main

Re: HEADS-UP: PIE enabled by default on main

Re: HEADS-UP: PIE enabled by default on main

Re: -CURRENT panics in NFS

Re: -CURRENT panics in NFS

Re: -CURRENT panics in NFS

Re: -CURRENT panics in NFS

Re: -CURRENT panics in NFS

LORs in -CURRENT

Re: -CURRENT panics in NFS

Re: panic: condition seqc_in_modify(_vp->v_seqc) not met at zfs_acl.c:1147 (zfs_acl_chown_setattr)

Re: -CURRENT panics in NFS

Re: KTLS with zfs recv

FreeBSD 13.0-BETA4 Now Available

Re: -CURRENT panics in NFS

Re: -CURRENT panics in NFS

Re: KTLS with zfs recv

-CURRENT panics in NFS

Re: cardbus panic

Re: cardbus panic

21 matches

Site Navigation

Mail list logo

Footer information