Re: fix for use-after-free problem in 10.x

2016-10-09 Thread Julian Elischer

On 8/10/2016 5:36 AM, Oliver Pinter wrote:

On 10/5/16, Julian Elischer  wrote:

In 11 and 12 the taskqueue code has been rewritten in this area but
under 10 this bug still occurs.

On our appliances this bug stops the system from mounting the ZFS
root, so it is quite severe.
Basically while the thread is sleeping during the ZFS mount of root
(in the while loop), another thread can free the 'task' item it is
checking in that while loop and it can be reused or filled with
'deadcode' etc., with the waiting code unaware of the change.. The fix
is to refetch the item at the end of the queue each time around the loop.
I don't really want to do the bigger change of MFCing the change in
11, as it is more extensive, though if someone else does, that's ok by
me. (If it's ABI compatible)

Any comments or suggestions?

Yes, please commit them. This patch fixes the ZFS + GELI + INVARIANTS
problem for us.
There is the FreeBSD PR about the issue:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209580


I committed a slightly better version to stable/10
should I ask for a merge to releng/10.3?






here's the fix in diff form:


[robot@porridge /usr/src]$ p4 diff -du ...
--- //depot/pbranches/jelischer/FreeBSD-PZ/10.3/sys/kern/subr_taskqueue.c
2016-09-27 09:14:59.0 -0700
+++ /usr/src/sys/kern/subr_taskqueue.c  2016-09-27 09:14:59.0 -0700
@@ -441,9 +441,10 @@

  TQ_LOCK(queue);
  task = STAILQ_LAST(&queue->tq_queue, task, ta_link);
-   if (task != NULL)
-   while (task->ta_pending != 0)
-   TQ_SLEEP(queue, task, &queue->tq_mutex, PWAIT, "-",
0);
+   while (task != NULL && task->ta_pending != 0) {
+   TQ_SLEEP(queue, task, &queue->tq_mutex, PWAIT, "-", 0);
+   task = STAILQ_LAST(&queue->tq_queue, task, ta_link);
+   }
  taskqueue_drain_running(queue);
  KASSERT(STAILQ_EMPTY(&queue->tq_queue),
  ("taskqueue queue is not empty after draining"));

___
freebsd-hack...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"



___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: possible regression on i386

2016-10-09 Thread Nathan Lay
If your problem is anything like mine was, buildworld is trying to link
with /usr/lib/librt.so rather than the new one built during the buildworld
build. As per a recent commit, the new librt will have the additional
mq_getfd_np() symbol while the original /usr/lib/librt.so will not. That
causes those unresolved reference errors for new code trying to use the
mq_getfd_np() function.

Try building and installing librt manually:
cd /usr/src/lib/librt
make && make install

Then try buildworld again.

Reference:
https://svnweb.freebsd.org/base?view=revision&revision=306905

Best regards,
Nathan Lay


On Sun, Oct 9, 2016 at 4:57 PM, Marek Zarychta <
zarych...@plan-b.pwste.edu.pl> wrote:

> Dear Developers,
>
> I really appreciate your work for the project so it makes me really
> sorry to complain about the code, but probably commit r306905 breaks
> builds on i386 machines.
> I have been running  11.0-PRERELEASE on i386 machine for a few days.
> Upgrade from 9.3-STABLE through 10.3-STABLE went without an issue last
> week. Today I have tried to upgrade this system running on old Xeon
> without LM feature to latest version, but buildworld fails (see attached
> txt file). It is a quite old machine, where FreeBSD was installed 14
> years ago, but regularly upgraded and always running supported branch.
> After reversion to r306777 world builds flawlessly.
>
> Best regards,
> --
> Marek Zarychta
>
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: Failing to upgrade from 10.1-RELEASE to 10.3-STABLE

2016-10-09 Thread jungle Boogie
  If I decide to upgrade from 10.3-RELEASE to 10.3-STABLE
> later on, should I expect that to work?   -- George
> _

No. Freebsd-update is only for binary updates. Stable and head are where
you build from source and therefore, freebsd-update doesn't work.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: Failing to upgrade from 10.1-RELEASE to 10.3-STABLE

2016-10-09 Thread George Mitchell
On 10/09/16 15:57, Kurt Jaeger wrote:
> Hi!
> 
>> What am I doing wrong?  (I get the same failure attempting to upgrade
>> to 10.1-RELEASE and 10.2-RELEASE.) -- George
> 
> Ah, one thing:
> 
> Please do update to the latest 10.1-REL patch level, first.
> 
After upgrading to the latest 10.1-RELEASE:

I can update to 10.3-RELEASE, and that will probably do for now.
Should it have worked to update from 10.1-RELEASE to 10.3-STABLE
directly?  If I decide to upgrade from 10.3-RELEASE to 10.3-STABLE
later on, should I expect that to work?   -- George
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


possible regression on i386

2016-10-09 Thread Marek Zarychta
Dear Developers,

I really appreciate your work for the project so it makes me really
sorry to complain about the code, but probably commit r306905 breaks
builds on i386 machines.
I have been running  11.0-PRERELEASE on i386 machine for a few days.
Upgrade from 9.3-STABLE through 10.3-STABLE went without an issue last
week. Today I have tried to upgrade this system running on old Xeon
without LM feature to latest version, but buildworld fails (see attached
txt file). It is a quite old machine, where FreeBSD was installed 14
years ago, but regularly upgraded and always running supported branch.
After reversion to r306777 world builds flawlessly.

Best regards,
-- 
Marek Zarychta
--- all_subdir_usr.sbin ---
--- all_subdir_usr.sbin/devctl ---
--- .depend ---
echo devctl.full: /usr/obj/usr/src/tmp/usr/lib/libc.a 
/usr/obj/usr/src/tmp/usr/lib/libdevctl.a >> .depend
--- devctl.o ---
clang -O2 -pipe -fno-strict-aliasing -march=pentium4  -g -MD  
-MF.depend.devctl.o -MTdevctl.o -std=gnu99 -fstack-protector-strong 
-Wsystem-headers -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations 
-Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable 
 -Qunused-arguments  -c /usr/src/usr.sbin/devctl/devctl.c -o devctl.o
--- all_subdir_lib ---
--- test_archive_digest.o ---
clang -O2 -pipe -fno-strict-aliasing -I/usr/src/lib/libarchive 
-I/usr/obj/usr/src/lib/libarchive/tests 
-I/usr/src/contrib/libarchive/libarchive 
-I/usr/src/contrib/libarchive/test_utils -DHAVE_LIBLZMA=1 -DHAVE_LZMA_H=1 
-march=pentium4  -g -MD  -MF.depend.libarchive_test.test_archive_digest.o 
-MTtest_archive_digest.o -std=gnu99 -fstack-protector-strong
-Qunused-arguments  -c 
/usr/src/contrib/libarchive/libarchive/test/test_archive_digest.c -o 
test_archive_digest.o
--- all_subdir_tests ---
--- mqtest2.debug ---
objcopy --only-keep-debug mqtest2.full mqtest2.debug
--- mqtest2 ---
objcopy --strip-debug --add-gnu-debuglink=mqtest2.debug  mqtest2.full mqtest2
--- mqtest3 ---
(cd /usr/src/tests/sys/mqueue &&  DEPENDFILE=.depend.mqtest3  NO_SUBDIR=1 make 
-f /usr/src/tests/sys/mqueue/Makefile _RECURSING_PROGS=t  PROG=mqtest3 )
--- all_subdir_usr.sbin ---
--- all_subdir_usr.sbin/devinfo ---
===> usr.sbin/devinfo (all)
--- all_subdir_tests ---
--- .depend.mqtest3 ---
echo mqtest3.full: /usr/obj/usr/src/tmp/usr/lib/libc.a 
/usr/obj/usr/src/tmp/usr/lib/librt.a >> .depend.mqtest3
--- mqtest3.o ---
clang -O2 -pipe -fno-strict-aliasing -I/usr/src/tests -march=pentium4  -g -MD  
-MF.depend.mqtest3.mqtest3.o -MTmqtest3.o -std=gnu99 -fstack-protector-strong 
-Wsystem-headers -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations 
-Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable 
 -Qunused-arguments  -c /usr/src/tests/sys/mqueue/mqtest3.c -o mqtest3.o
/usr/src/tests/sys/mqueue/mqtest3.c:65:11: warning: implicit declaration of 
function 'mq_getfd_np' is invalid in C99 [-Wimplicit-function-declaration]
FD_SET(mq_getfd_np(mq), &set);
   ^
--- all_subdir_usr.sbin ---
--- .depend ---
echo devinfo.full: /usr/obj/usr/src/tmp/usr/lib/libc.a 
/usr/obj/usr/src/tmp/usr/lib/libdevinfo.a >> .depend
--- devinfo.o ---
clang -O2 -pipe -fno-strict-aliasing -march=pentium4  -g -MD  
-MF.depend.devinfo.o -MTdevinfo.o -std=gnu99 -fstack-protector-strong 
-Wsystem-headers -Wall -Wno-format-y2k -W -Wno-unused-parameter 
-Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type 
-Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wcast-align 
-Wchar-subscripts -Winline -Wnested-externs -Wredundant-decls 
-Wold-style-definition -Wno-pointer-sign -Wmissing-variable-declarations 
-Wthread-safety -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable 
 -Qunused-arguments  -c /usr/src/usr.sbin/devinfo/devinfo.c -o devinfo.o
--- all_subdir_lib ---
--- test_archive_getdate.o ---
clang -O2 -pipe -fno-strict-aliasing -I/usr/src/lib/libarchive 
-I/usr/obj/usr/src/lib/libarchive/tests 
-I/usr/src/contrib/libarchive/libarchive 
-I/usr/src/contrib/libarchive/test_utils -DHAVE_LIBLZMA=1 -DHAVE_LZMA_H=1 
-march=pentium4  -g -MD  -MF.depend.libarchive_test.test_archive_getdate.o 
-MTtest_archive_getdate.o -std=gnu99 -fstack-protector-strong
-Qunused-arguments  -c 
/usr/src/contrib/libarchive/libarchive/test/test_archive_getdate.c -o 
test_archive_getdate.o
--- all_subdir_tests ---
1 warning generated.
--- mqte

Failing to upgrade from 10.1-RELEASE to 10.3-STABLE

2016-10-09 Thread George Mitchell
# freebsd-update -r 10.3-STABLE upgrade
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update5.freebsd.org...
done.
Fetching metadata index... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic src/src world/base world/lib32

The following components of FreeBSD do not seem to be installed:
world/doc world/games

Does this look reasonable (y/n)? y

Fetching metadata signature for 10.3-STABLE from update5.freebsd.org...
failed.
Fetching metadata signature for 10.3-STABLE from update4.freebsd.org...
failed.
Fetching metadata signature for 10.3-STABLE from update6.freebsd.org...
failed.
Fetching metadata signature for 10.3-STABLE from update3.freebsd.org...
failed.
No mirrors remaining, giving up.

What am I doing wrong?  (I get the same failure attempting to upgrade
to 10.1-RELEASE and 10.2-RELEASE.) -- George
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"


Re: FreeBSD 11.0-stable buildworld failured, maybe it's broken by r305866

2016-10-09 Thread k simon

Ok, I solved it by copy those headers from /usr/src to /usr/include.


Simon K.
20161009


P.S.  It's a quite old machine, it has not HPET device.



Simon
20161004


 2016/10/4 20:40, k simon write:

Hi,Lists,

   This is full source based "make buildworld" failure to r306669.


clang  -O2 -pipe -fno-omit-frame-pointer -march=core2
-I/usr/src/lib/libc/include -I/usr/src/lib/libc/../../include
-I/usr/src/lib/libc/amd64 -DNLS  -D__DBINTERFACE_PRIVATE
-I/usr/src/lib/libc/../../contrib/gdtoa
-I/usr/src/lib/libc/../../contrib/libc-vis -DINET6
-I/usr/obj/usr/src/lib/libc -I/usr/src/lib/libc/resolv -D_ACL_PRIVATE
-DPOSIX_MISTAKE -I/usr/src/lib/libc/../libmd
-I/usr/src/lib/libc/../../contrib/jemalloc/include -DMALLOC_PRODUCTION
-I/usr/src/lib/libc/../../contrib/tzcode/stdtime
-I/usr/src/lib/libc/stdtime -I/usr/src/lib/libc/locale -DBROKEN_DES
-DPORTMAP -DDES_BUILTIN -I/usr/src/lib/libc/rpc -DYP -DNS_CACHING
-DSYMBOL_VERSIONING -MD  -MF.depend.__vdso_gettimeofday.o
-MT__vdso_gettimeofday.o -std=gnu99 -fstack-protector-strong
-Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized
-Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int
-Wno-unused-const-variable -Wno-tautological-compare -Wno-unused-value
-Wno-parentheses-equality -Wno-unused-function -Wno-enum-conversion
-Wno-unused-local-typedef -Wno-switch -Wno-switch-enum
-Wno-knr-promoted-parameter  -Qunused-arguments  -I/usr/src/lib/libutil
-I/usr/src/lib/msun/amd64 -I/usr/src/lib/msun/x86
-I/usr/src/lib/msun/src -c /usr/src/lib/libc/sys/__vdso_gettimeofday.c
-o __vdso_gettimeofday.o
/usr/src/lib/libc/sys/__vdso_gettimeofday.c:43:27: error: too many
arguments to function call, expected single argument 'vdso_th', have 2
arguments
error = __vdso_gettc(th, &tc);
 ^~~
/usr/include/sys/vdso.h:65:1: note: '__vdso_gettc' declared here
u_int __vdso_gettc(const struct vdso_timehands *vdso_th);
^
1 error generated.
*** Error code 1

Stop.
make[4]: stopped in /usr/src/lib/libc
*** Error code 1



 Maybe it's broken by r305866.




Simon
20161004

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"