Matthew Dillon [Tue, 29 Aug 2017 21:55:42 +0000 (14:55 -0700)]
hammer2 - Fix critical bulkfree bug, refactor hammer2_io
* The bulkfree scan code was corrupting storage elements allocated beyond
the 512GB mark due to not resetting the bulk duplicate subtree detection
heuristic for each new storage range being evaluated.
Fixed by zeroing out the heuristic in the ranging loop.
* Refactor hammer2_io.c. This module was originally designed for completely
asynchronous operation (with callbacks), but the backend chain code was
subsequently redesigned to use kernel threads for each target device. I/O
operations in the kernel threads were issued synchronously.
Remove all the asynchronous support code, which is like 50% of the module.
Get rid of the IOCB mechanism entirely. Simplify the hammer2_io structure
and flags interactions and simplify the API.
* Add some temporary debugging to the unmount path.
Sepherosa Ziehau [Tue, 29 Aug 2017 06:34:09 +0000 (14:34 +0800)]
poll/select: Use 64bit serial for poll/select's kevent.udata.
This fixes the issue mentioned in this commit:
ce4975442fa0524017fb3c1aef93bbe6880ae770
It takes ~200 years for 2.5Ghz cpu to make the 64bit serial wrap,
even if the cpu's speed were 10 times faster tomorrow, it still
would take two decades to make the 64bit serial wrap.
Suggested-by: dillon@
Sepherosa Ziehau [Tue, 29 Aug 2017 05:51:59 +0000 (13:51 +0800)]
Revert "select: Don't allow unwanted/leftover fds being returned."
This reverts commit
ce4975442fa0524017fb3c1aef93bbe6880ae770.
Matthew Dillon [Mon, 28 Aug 2017 17:30:24 +0000 (10:30 -0700)]
hammer2 - Stabilization
* Key test in hammer2_chain_lookup() against DELETED chains no longer
special-caes a FREEMAP_NODE when trying to find the covering parent
chain for the range.
* hammer2_chain_create_indirect() now re-tests that chain->parent still
matches parent after obtaining the locked chain. There shouldn't be
a race here, but check anyway.
* Do not try to delete empty indirect nodes in the flush code unless
the chain's sub-tree is also empty. Fixes a possible race condition
on an indirect chain vs the kernel writing buffer cache buffers out.
I was also concerned about indirect chains in the INITIAL state tripping
up the test.
* re-test inode flags after inode lock prior to calling
hammer2_inode_chain_sync() as a simple optimization.
Sepherosa Ziehau [Mon, 28 Aug 2017 14:38:25 +0000 (22:38 +0800)]
poll: Fix inverse test
Sepherosa Ziehau [Mon, 28 Aug 2017 13:49:00 +0000 (21:49 +0800)]
select: Don't allow unwanted/leftover fds being returned.
The root cause is that the lwp_kqueue_serial will wrap pretty quickly,
6 seconds on my laptop, if the select(2) is polling, either due to heavy
workload or 0 timeout. The POC test:
https://leaf.dragonflybsd.org/~sephe/select_wrap.c
Fixing this issue by saving the original fd_sets and do additional
kevent filtering before return the fd to userland.
poll(2) suffers the similar issue and will be fixed in later commit.
Reported-by: many
Sascha Wildner [Sun, 27 Aug 2017 20:09:51 +0000 (22:09 +0200)]
libc: Use _ioctl() internally.
Matthew Dillon [Sun, 27 Aug 2017 04:56:14 +0000 (21:56 -0700)]
hammer2 - Fix bulkfree bug, Fix chain->parent bug, refactor dedup a bit
* Fix a bulkfree bug where live->linear was being calculated using
HAMMER2_FREEMAP_BLOCK_SIZE instead of HAMMER2_BMAP_INDEX_SIZE.
This calculation was still block-size-aligned and couldn't cause
any damage. However, the conditional itself was in error and
could prevent bulkfree from correcting an unaligned live->linear
value.
The new code unconditoinally corrects live->linear for now.
Bulkfree doesn't collect sufficiently fine-grained data to set
it properly.
* bulkfree now also requires live->linear to be reasonable when deciding
to skip bitmaps.
* hammer2_chain_modify() needs to know when a dedup has been registered
for a (data) block. We previously cleared the CHAIN_MODIFIED bit to
force a reallocation, but doing so interferes with the flush code
(even though UPDATE remains set).
Fix this by adding a chain flag. Also properly set the flag only if
a dedup has actually been registered, and properly clear the flag once
the underlying storage has been reallocated.
* Refactor hammer2_chain_getparent() and add hammer2_chain_repparent().
Have these functions deal with all chain->parent race conditions
themselves.
This fixes a race condition in two places, most importantly in
hammer2_xop_nrename() (albeit limited to directory-embedded inodes,
which would only be the super-root entries).
* Do a better job protecting the chain->parent field. Require that
chain->core.spin be held for field modifications in addition to
parent->core.spin. This fixes a race against hammer2_chain_setflush()
that could cause the flush code to miss chains.
* Disable TIMER() debugging for now.
Sascha Wildner [Sat, 26 Aug 2017 18:15:05 +0000 (20:15 +0200)]
Don't remove archive.3 via 'make upgrade'.
Imre Vadász [Sat, 26 Aug 2017 10:54:04 +0000 (12:54 +0200)]
vkernel - Fixup previous commit, where some bits got lost during rebaseing.
Imre Vadász [Thu, 24 Aug 2017 20:50:11 +0000 (22:50 +0200)]
vkernel - Avoid unnecessarily short sleeps, when not using precise timers.
* When use_precise_timer is disabled, it doesn't make sense to sleep for
a short time in the systimer thread, since our time measurements wouldn't
have the necessary precision to make use of this in the first place.
* Since the CLOCK_MONOTONIC_FAST timer has a precision corresponding to the
tick period of the host, use 1/10 of this value as the minimum sleep
duration.
Imre Vadász [Fri, 25 Aug 2017 22:09:23 +0000 (00:09 +0200)]
vkernel - Reuse vkernel_timer_get_timecount() for reading clock_gettime().
Matthew Dillon [Sat, 26 Aug 2017 04:37:00 +0000 (21:37 -0700)]
hammer2 - Fix hammer2_chain and dedup issues
* Fix races in hammer2_chain_drop(). A concurrent re-reference of the
chain can race the dio teardown and generally cause havoc. Generally
fixed by acquiring the chain's mutex during the teardown.
* Due to mechanics changes in recent commits, chain data will always
be dropped prior to the last ref drop, so replace checks in the
lastdrop code with assertions that the chain data has already been
dropped. (Chain data is always dropped on the last unlock in order
to be able to release the struct buf).
* The last dedup change closed one timing hole but opened up another one.
There are two timing issues. One is the time gap between the allocation
of a block verses setting of bits in the DIO that indicate the block is
good for dedup. The second is the time gap between setting the bits and
actually populating the DIO with the de-dup data.
What could happen is that another thread could sneak in after the bits
are set but before the data is populated and match a dedup against old
previously freed data. The old data then gets wiped away by the new
data and the filesystem becomes corrupted.
Fixed by adding a second bitmap to the DIO. One indicates that the DIO
is valid from an allocation perspective, the second indicates that the
DIO is valid from a dedup perspective. The dedup is not allowed unless
both bitmaps indicate validity.
* Remove DIO dedup deletions in situations where a modified chain is
discarded or replaced. For example, if a file is deleted. The data,
in fact, is still perfectly dedupable since the underlying block
allocation remains intact.
Imre Vadász [Fri, 25 Aug 2017 19:44:41 +0000 (21:44 +0200)]
vkernel - Mention -t option for precise timer in usage() output.
Matthew Dillon [Fri, 25 Aug 2017 05:25:02 +0000 (22:25 -0700)]
kernel - Implement a more comprehensive low-memory deadlock solution
* Low memory deadlocks occur when the pageout daemon needs memory
resources that the kernel cannot provide. The pageout daemon itself
is given more of an emergency reserve than other threads, but this
is not sufficient.
The complex nature of VFS's, particularly sohpisticated filesystems,
can create situations where the pageout daemon gets stuck on locks
held by filesystem related threads which themselves are stuck waiting
for memory.
* Try to solve this problem by having two kernel pageout daemons. The
main daemon works as usual. The second daemon monitors the first
one looking for stalls and takes over if it detects one.
The second daemon will skip problematic vnodes and only pageout
anonymous memory. At some point the main daemon will unstick and
be able to resume normal operating.
* Paging anonymous memory is far less resource intensive than paging
through a vnode, so it is far more likely that the emergency daemon
will be able to make progress to resolve the low memory situation
when the primary daemon gets stuck.
Matthew Dillon [Fri, 25 Aug 2017 05:16:34 +0000 (22:16 -0700)]
kernel - wakeup() lfence -> mfence
* wakeup() needs to use a mfence() before loading from the global cpumasks
array. lfence() is not sufficient.
* Issue arises where the mutex code sets a variable non-atomically and
then calls wakeup(). If the write to the variable is reordered around
wakeup()'s read of the global cpumask, then wakeup() can race the mutex
link wait setup and cause the mutex to stall.
Matthew Dillon [Fri, 25 Aug 2017 05:15:59 +0000 (22:15 -0700)]
kernel - Remove mutex debug counters
* Remove contention counters which, as globals themselves, create
a lot of unnecessary cache line bouncing.
Matthew Dillon [Thu, 24 Aug 2017 22:52:45 +0000 (15:52 -0700)]
hammer2 - Work on concurrent bulkfree stability
* The dedup bits in the DIO structure must be set atomically with
the setting of the bitmap bits in the freemap to avoid racing
bulkfree.
* dedup bits are normally deleted on the 11->10 transition in bulkfree,
and asserted to be deleted on the 10->00 transition. Also delete
dedup bits when a modified chain with no parent is destroyed, and
for a chain's prior data reference when it is being replaced by a
new data reference.
* Clean up the DIO dedup management code.
* Clean up the DIO allocation code.
* Cap the size of the DIO cache to 100000 elements for now, if nbuf * 2
is greater.
Sascha Wildner [Thu, 24 Aug 2017 16:59:13 +0000 (18:59 +0200)]
sshlockout.8: Use comment syntax.
Sascha Wildner [Thu, 24 Aug 2017 16:58:35 +0000 (18:58 +0200)]
kcollect.8: Remove unneeded .Pp
Sascha Wildner [Thu, 24 Aug 2017 16:58:15 +0000 (18:58 +0200)]
libarchive: Add an archive.3 MLINK.
Occasionally used in FreeBSD manual pages.
Matthew Dillon [Thu, 24 Aug 2017 16:47:00 +0000 (09:47 -0700)]
hammer2 - Fix persist_refs race on chain IPC
* The chain->lockcnt and chain->persist_refs mechanism was poorly
implemented and had a race which could leave chain->data intact
on the last unlock and/or cause memory corruption.
* Fold persist_refs into lockcnt and remove persist_refs. Obtain or
upgrade the mutex to exclusive BEFORE doing the 1->0 transition.
Still not perfect, but shouldn't have any more holes.
Matthew Dillon [Thu, 24 Aug 2017 10:38:37 +0000 (03:38 -0700)]
hammer2 - Refactor dedup, fixes, optimizations
* Refactor the dedup code, reducing tracking complexity. Also note that
we cannot really depend on VM page caching for dedup tests. Document why
using bread() is better.
* Use a larger dedup heuristic table to improve dedup matching.
* Improve hammer2_io_getquick(), fix a bug where the dedup_delete code
was improperly using it and could sometimes miss a dio structure due
to the underlying buffer not being fully cached.
* Cap out at 16KB indirect blocks, instead of 64KB indirect blocks. This
significantly reduces meta-data overheads.
* For now remove IO invalidation, it was causing corruption due to bugs.
This means that deleted meta-data will be flushed. However, a certain
amount of meta-data does not get immediately instantiated and file data
chains are not instantiated unless the buffer cache gets flushed, so
temporary files are still pretty cheap.
* Try to improve DIO's LRU recycling.
* Fix a brelse() that was supposed to be a bqrelse(). This improves
meta-data caching which is desirable for dedup.
* Implement the 'always_compress' sysctl which disables the H2 compression
heuristic that tries to detect uncompressable data. If set, H2 will always
try to compress.
Imre Vadász [Sat, 19 Aug 2017 19:50:28 +0000 (21:50 +0200)]
kqueue: Make EVFILT_USER event behaviour more consistent.
* Stop abusing the kn->kn_sfflags value for storing the current state of
the EVFILT_USER filter. Instead use kn->kn_fflags like other filters.
Similarly store the data value in kn->kn_data instead of kn->kn_sdata.
This means that the fflags value gets reset when EV_CLEAR was specified
when adding the event, and the event is received by userspace. This
behaviour is consistent with existing kqueue filters, and allows using
EVFILT_USER properly as an edge-triggered event when using the fflags,
and not just level-triggered.
* Don't clear kn->kn_fflags when the event is modified with EV_CLEAR. Doing
this wasn't affecting the actual state of the EVFILT_USER event before
this change (since the state was kept in kn->kn_sfflags instead).
* All this also avoids blindly copying the fflags value that was specified
when adding the event. Instead the NOTE_FFLAGSMASK mask is applied, and
the NOTE_FF* options are used, so the returned fflags value should now
always only have the lower 24 bits set.
* Make setting the fflags and data value when adding the event work as
might be expected.
Matthew Dillon [Wed, 23 Aug 2017 16:28:50 +0000 (09:28 -0700)]
kernel - Fix SMP tsleep_interlock() vs wakeup() race
* Problem triggered by kern_mutex.c, probably only triggered by mutexes.
The mutex sets state non-atomically and calls wakeup() with no
intervening atomic op. wakeup() loads the cpumask to wakeup
non-atomically. This can cause the wakeup() code to miss an
interaction with the cpumask set by another cpu.
cpu A:
set state <-- sets state
wakeup() <-- loads cpu mask non-atomically
cpu B:
tsleep_interlock() <-- sets cpu mask atomically
if (checkstate failed) <-- checks state
tsleep()
* Fix the problem by add a lfence() in the wakeup() code prior to
loading the cpumask. Even though I'm fairly sure only the kern_mutex.c
code can causing this problem, putting the lfence in wakeup() is the
safest mechanic.
Matthew Dillon [Wed, 23 Aug 2017 04:27:21 +0000 (21:27 -0700)]
hammer2 - Cleanup
* Cleanup two debug messages that are no longer needed.
Matthew Dillon [Tue, 22 Aug 2017 23:44:41 +0000 (16:44 -0700)]
hammer2 - Clean DIO invalidation flags in more cases
* DIO invalidation state allows a (64KB) buffer to be allocated from disk
without reading it, retaining this knowledge across a freemap allocation
into the chain. It is primarily used by the freemap allocator when
digging into new (previously fully unallocated) 64KB blocks to avoid
unnecessary disk I/O.
* Clear DIO invalidation flags for data blocks being adjusted by
bulkfree for any transition rather than just for the 11->10 transition.
This is an attempt to cleanup corruption which can occur during heavy
I/O + concurrent bulkfree operation.
* When clearing DIO invalidation state, clear both flags rather than just
one flag.
Matthew Dillon [Tue, 22 Aug 2017 23:43:11 +0000 (16:43 -0700)]
hammer2 - limit show command output when crc error
* When a CRC error check fails on a recursive chain during the debugging
'show' command output, limit recursion down that chain to one level.
This allows the potentially corrupted data record to be dissected but
does not attempt further indirection through it.
Matthew Dillon [Tue, 22 Aug 2017 16:26:27 +0000 (09:26 -0700)]
kernel - Fix callout race and panic (2)
* Previous fix couldn't handle a callout_stop() vs callout_reset() race
on different cpus. When this race occurred, the callout_stop() would
get stuck waiting for the ARMED bit to clear, which it never would
because a new callout_reset() re-armed it.
* Refactor the callout code to clean it up. Remove the ARMED flag, instead
a callout is considered ARMED if the IPI_MASK counter bits are not zero
or PENDING is set. Use these rules to lock-in the owning cpu with an
atomic op
* Integrate all flags settings in IPIs with the atomic decrement of the
IPI_MASK count, rather than as separate operations.
* callout_stop() now just waits for the IPI sequence to end. callout_reset()
now re-tests whether the callout is still armed or not after callout_stop()
returns (since it needs to know for sure) before it tries to take over
the callout. This fixes the race.
Matthew Dillon [Tue, 22 Aug 2017 04:04:14 +0000 (21:04 -0700)]
hammer2 - Try a different approach to bulkfree
* Attempt to fix an issue in the previous version where some dirty chains
could slip through the gaps and prevent bulkfree from working properly.
* Do a full filesystem sync instead of a partial sync.
* Use the post-sync hmp->volsync structure to obtain the blockref array,
interlocked against the sync.
Matthew Dillon [Tue, 22 Aug 2017 04:02:16 +0000 (21:02 -0700)]
hammer2 - Cleanup manual page, add help, remove bulkfree-async
* Remove bulkfree-async. Just stick with the synchronous bulkfree for
now.
Matthew Dillon [Mon, 21 Aug 2017 00:09:27 +0000 (17:09 -0700)]
kernel - Fix callout race and panic
* Fix race (found by ivadasz) related to the IPI/WAIT code unblocking
before the IPI is able to finish adjusting the knode and callout.
The wait code was only waiting for the IPI counter to reach 0 via
IPI_MASK, it also had to wait for the ARMED bit to get cleared.
* Avoid retesting c->c_flags to handle WAITING bit change races. Instead,
fully integrate the test-and-clear of the WAITING bit into
callout_unpend_disarm().
* Fix an issue where callout_terminate() fails to IPI the remote cpu
due to the function dispatch code clearing the ARMED bit. No
longer clear the ARMED bit. This ensures that a termination or stop
waits for the callout to return.
This change means that synchronous callout operations to other cpus will
be more expensive. However, the kernel generally does not do cross-cpu
callouts any more so its generally non-problem.
* Remove the now unused callout_maybe_clear_armed() inline.
* Also clear kn->kn_hook for EVFILT_TIMER when removing a callout, as
a safety.
Reported-by: ivadasz (Imre Vadasz)
Matthew Dillon [Sun, 20 Aug 2017 06:00:03 +0000 (23:00 -0700)]
hammer2 - Fix improper bzero length in rename code
* When renaming to a long filename the data buffer is sized according
to chain->bytes. sizeof(chain->data->buf) is too much. Fix the
bzero.
* Fixes a panic.
Matthew Dillon [Sun, 20 Aug 2017 01:37:31 +0000 (18:37 -0700)]
build - Add /home to the mtree
* It is reasonable to create a /home directory in the base system
template.
Matthew Dillon [Sun, 20 Aug 2017 01:27:52 +0000 (18:27 -0700)]
hammer2 - Remove LOCK* debugging
* Remove LOCKSTART, LOCKSTOP and friends. This debugging code was used to
check lock counts on entry and exit from VOPs and is no longer needed.
Matthew Dillon [Sun, 20 Aug 2017 01:23:55 +0000 (18:23 -0700)]
hammer2 - Flesh out kqueue support
* Do a quick run through and add missing KNOTE's. The support now matches
H1.
* Quickly tested via the monitor utility, appears to work.
Imre Vadász [Sat, 19 Aug 2017 22:52:59 +0000 (00:52 +0200)]
kqueue.2: Improve explanation of EV_EOF for fifos.
* The EV_EOF flag can't be cleared with EV_CLEAR. For Fifos it will be
cleared when a new reader (for EVFILT_WRITE) or writer (for EVFILT_READ)
connects.
Matthew Dillon [Sat, 19 Aug 2017 22:51:48 +0000 (15:51 -0700)]
hammer2 - cleanup
* Cleanup some of the SPAN debug messages
Imre Vadász [Sat, 19 Aug 2017 22:27:23 +0000 (00:27 +0200)]
kqueue.2: Mention EV_NODATA flag, which may be set in addition to EV_EOF.
* The EV_NODATA flag was added in
3bcb6e5e80cb05cecaddd866d4b15b428334b9aa.
Imre Vadász [Sat, 19 Aug 2017 17:03:32 +0000 (19:03 +0200)]
kqueue: Fix typo in filt_userattach function: kn_fflags vs. kn_sfflags.
* This typo meant that adding an EVFILT_USER event with NOTE_TRIGGER already
set, would fail to trigger the user event.
* So far I didn't find any EVFILT_USER usages in opensource code, where
the NOTE_TRIGGER flag is set when adding the EVFILT_USER event, so this
fix seems to be a cornercase in practice.
Matthew Dillon [Sat, 19 Aug 2017 19:10:09 +0000 (12:10 -0700)]
hammer2 - Fix snapshots and multi-label mounts
* Allow the same /dev/blah@DIFFERENTLABEL to be specified in a mount
command, so multiple labels from the same device can be mounted.
* Devfs can throw different vnodes for the same device. When matching
up hammer2_dev, check devvp->v_rdev for a match as well.
* Fix a number of bugs in the snapshot code that left a hammer2_inode
structure hanging and caused a panic.
* Fix races in admin thread flag messaging that could lead to 60-second
delays during umount.
Matthew Dillon [Sat, 19 Aug 2017 19:08:44 +0000 (12:08 -0700)]
hammer2 - revamp comments
* Adjust a few comments
Matthew Dillon [Sat, 19 Aug 2017 19:06:48 +0000 (12:06 -0700)]
hammer2 - Refactor snapshot frontend
* We can no longer snapshot a subdirectory (due to inodes being indexed
under the root and no longer embedded in directories), so simply
snapshot naming.
* Name snapshots only after their PFS label plus the date and time.
* Flesh out command help
Matthew Dillon [Sat, 19 Aug 2017 09:16:38 +0000 (02:16 -0700)]
hammer2 - Fix root remount for hammer2 root
* mount_hammer2 should not fail in early boot trying to remount /
if it is unable to connect to the cluster controller, as it might not
be able to start it due to lo0 not being configured yet.
Matthew Dillon [Sat, 19 Aug 2017 08:44:25 +0000 (01:44 -0700)]
hammer2 - Fix ro -> rw mount upgrade
* Fix panic when upgrading a ro mount to rw.
Matthew Dillon [Sat, 19 Aug 2017 08:08:30 +0000 (01:08 -0700)]
hammer2 - Fix bug in comp:autozero mode
* comp:autozero mode did not properly set the check code in the live
de-dup case, resulting in I/O errors later on.
* Fixes issues installing /boot (newfs_hammer2 on an 'a' partition uses
comp:autozero by default in order to disable compression, so the boot
loader can read the files without needing decompression code).
Matthew Dillon [Sat, 19 Aug 2017 05:36:23 +0000 (22:36 -0700)]
hammer2 - Fix bulkfree bugs
* Fix a bug where the HAMMER2_CHAIN_ONFLUSH flag could become desynchronized,
preventing some modifications from chaining the flag to the root.
This caused the bulkfree's flush to miss some chains and thus free
blocks that should not have been freed.
With this fix concurrent bulkfree and modifying operations appear to
work properly.
* For now do two quick flush passes in the bulkfree code. We probably
need only one.
Note on the bulkfree code: This code operates by flushing currently
modified chains and then taking a snapshot of the vchain blockmap.
The bulkfree code can then operate on the snapshot concurrent with
active filesystem operations, without interfering with or being
interfered with by those operations.
The bulkfree code does not have to flush modified in-memory inodes or
buffer cache buffers, it need only flush modified hammer2_chain structures
which may have done allocations, in order to properly account for those
allocations. Bulkfree runs in two stages precisely in order to allow
concurrency.
* Adjust hammer2.h so userland kvm debugging programs can access it.
* Add a debug program called h2chains.c which dumps the chain and
checks flag consistency via kvm given a hammer2 hmp root address.
Matthew Dillon [Fri, 18 Aug 2017 23:00:54 +0000 (16:00 -0700)]
hammer2 - Add kernel-thread-based async bulk free
* Add an async bulk-free feature and a kernel thread to allow the hammer2
vfs itself to run bulk frees.
* Revamp the hammer2 thread management code a bit to support the new use,
and clean-up the API.
Matthew Dillon [Fri, 18 Aug 2017 07:53:40 +0000 (00:53 -0700)]
hammer2 - buildworld components, boot2 and loader support
* Compile hammer2 components unconditionally in buildworld now.
Leave conditionals commented out for the moment, they will be
removed entirely later on.
* Finish revamping the boot code to properly handle H2 DIRENTs.
The boot code can now boot from a HAMMER2 'a' partition if desired.
UFS is no longer required.
* Change newfs_hammer2, mount_hammer2, and the hammer2 vfs to supply
a default super-root label if none specified. Supply "@BOOT" when
mounting from the 'a' partition, "@ROOT" when mounting from the 'd'
partition, and "@DATA" when mounting from any other partition.
mount_hammer2 no longer defaults to using @LOCAL for the label when
none is specified. Instead we want hammer2 mounts that fail to supply
a label to behave in a manner that is more likely to be expected by
the superuser.
* Do not yet include hammer2 in X86_64_GENERIC. At the moment it must
be supplied in /boot/loader.conf if the user wishes to boot from it.
Sascha Wildner [Thu, 17 Aug 2017 20:17:18 +0000 (22:17 +0200)]
Update the pciconf(8) database.
August 10, 2017 snapshot from http://pciids.sourceforge.net/
Sascha Wildner [Thu, 17 Aug 2017 19:59:34 +0000 (21:59 +0200)]
<sys/uio.h>: Clean up the namespace.
Sascha Wildner [Thu, 17 Aug 2017 18:57:53 +0000 (20:57 +0200)]
kernel/msdosfs: Add additional sanity checks before mounting.
This is FreeBSD revisions 113979 and 206098.
Taken-from: FreeBSD
Reported-by: <open.source@ribose.com>
Dragonfly-bug: <https://bugs.dragonflybsd.org/issues/3050>
Matthew Dillon [Wed, 16 Aug 2017 04:23:14 +0000 (21:23 -0700)]
kernel - More high-process-count fixes
* The recent tsleep/wakeup work allows multiple cpumasks to associate with
the same pcpu sleep queue. This created a degenerate condition where
the cpu bit would not get cleared in all masks, causing spurious IPIs
to be sent to the cpu.
Fixed by ensuring that the bit is cleared after receiving an IPI, if the
queue is found to be empty. That is, we allow spurious IPIs to happen,
but ensure that the condition is cleared so the same driving event does
not cause additional ones.
* Remove debugging kprintf()s from usched_dfly that were not intended to
be committed.
* Cleanup the csprng code style a bit and add some missing parenthesis.
Matthew Dillon [Wed, 16 Aug 2017 03:29:06 +0000 (20:29 -0700)]
kernel - Fix uload calculation in usched_dfly
* When a very large number of processes are runnable (greater than 32767),
the uload rollup field in dfly_pcpu[] can overflow. In addition, the
delta calculation for individual processes can also overflow.
Fix both cases.
* Symptoms: one cpu starts getting an excessive percentage of the process
load as the system attempts to continuously rebalance into it.
Matthew Dillon [Tue, 15 Aug 2017 21:19:51 +0000 (14:19 -0700)]
install - Fix a few issues
* sleep 1 second before [re]surveying drives to give devfs time to
[re]probe the drive.
* fn_subpart_hammer was apparently trying to check the capacity of the
current slice when there is no current slice. Check the disk capacity
instead.
Matthew Dillon [Mon, 14 Aug 2017 21:13:41 +0000 (14:13 -0700)]
test - Add various 900,000 process tests (2)
* Connect tests to Makefile
Matthew Dillon [Mon, 14 Aug 2017 21:03:57 +0000 (14:03 -0700)]
test - Add various 900,000 process tests
Add tests involving a large number of user processes. These tests default
to creating 900,000 user processes and require a machine with at least
128GB of ram. The machine must be booted with kern.maxproc=4000000 in
/boot/loader.conf.
These test kernel resource management in the face of a large number of
processes. scheduler, pipe kvm, concurrent fork and exec, general kernel
handling of large numbers of processes, callout, tsleep, and wakeup.
Also concurrent teardown for 900,000 processes when you hit ^C.
* loop900k - Fork/exec's 900,000 processes which sleep 80 seconds and
then go into an infinite loop.
Tests the scheduler and kernel resource management.
* pipe900k - Fork/exec's 900,000 processes which chain 900,000 pipe()s
between them and runs an end-to-end test.
Tests pipe chaining, kernel pipe resource creation and
teardown, and kernel resource management.
* sleep900k - Fork/exec's 900,000 processes which sleep 60 seconds and
then go into an infinite loop with a 1/10 second sleep.
Tests callout / tsleep / wakeup, and kernel resource
management.
Generally speaking these programs require about 80 seconds to stabilize
once all 900,000 processes have forked. Fork speed will depend on numerous
factors but should scale fairly well with cpu threads. Initial forking
usually takes around 30 seconds. When you ^C, the machine may take upwards
of 10 seconds for basic teardown, and will continue clean up additional memory
and exit handling for the next 60 seconds or so.
Machine should stay responsive through all stages in all tests except for
a few seconds just after hitting ^C.
Sascha Wildner [Mon, 14 Aug 2017 17:21:36 +0000 (19:21 +0200)]
installer: Change fn_mapper_name() to subpartition_get_mapper_name().
Similar to subpartition_get_device_name(). It also helps cleaning up
long lines.
Matthew Dillon [Mon, 14 Aug 2017 06:17:27 +0000 (23:17 -0700)]
kernel - Increase flock() / posix-lock limit
* Change the scaling for kern.maxposixlocksperuid to be based on maxproc
instead of maxusers.
* Increase the default cap to approximately 4 * maxproc. This can lead
to what may seem to be large numbers, but certain applications might use
posix locks heavily and overhead is low. We generally want the cap to
be large enough that it never has to be overridden.
Matthew Dillon [Mon, 14 Aug 2017 06:15:39 +0000 (23:15 -0700)]
doc - Update build(7) and tuning(7)
* Further modernization, adjust tuning to reflect the new reality.
Matthew Dillon [Mon, 14 Aug 2017 03:43:55 +0000 (20:43 -0700)]
kernel - Increase default mbufs
* Increase default mbuf clusters by 4x
* Increase default mbuf jclusters by 2x
* Change the minimum (for now) to a smaller portion of the total mbuf
capacity.
Sepherosa Ziehau [Mon, 14 Aug 2017 03:25:01 +0000 (11:25 +0800)]
ipfw: Use SEQ_GEQ
Matthew Dillon [Mon, 14 Aug 2017 02:48:28 +0000 (19:48 -0700)]
kernel - Remove bottlenecks related to mass pipe closures
* These changes fix teardown latencies involved with destroying a large
number of pipe()s at the same time, for example when a large number
of processes are killed simultaneously. Testing with 900,000 processes
chaining 900,000 pipe()s, the system could become unusable for upwards
of an hour when the test is killed with ^C prior to these changes.
After these changes the system balks for less than 30 seconds in the
900,000 process case.
* Wrap pipe teardowns in a pcpu mutex. Such teardowns only occur when the
normal pcpu pipe cache / hysteresis gets blown out due to a large number
of closures occurring simultaneously and are not typically in the
critical path.
The pcpu mutex allows good concurrency while also limiting the number of
processes which can be tearing down pipe KVM at the same time. If
we have say 900,000 processes all exiting, this mechanism limits the
teardown to (ncpus) concurrent processes.
The mutex uses a queued lock (whereas the lockmgr spams wakeup()s),
so we use a mutex to avoid a degenerate O(N^2) wakeup situation.
This removes an enormous amount of overhead during the teardown.
* When removing areas from the kernel_map, issue a pmap_remove() call
on the kernel_pmap before cleaning up the underlying VM object just as
we do for other types of maps. This was originally not done because the
kernel_pmap can be extremely sparse and iteration could be inefficient.
However, the current pmap implementation handles sparse pmaps just
fine. Removing the pages in bulk reduces the number of global IPIs
that wind up being issued during the removal, greatly improving
performance when a large volume of kernel resource is being destroyed
all at once.
* Increase the zalloc burst from 4 pages to 32 pages. When adding pages,
use more relaxed vm_page_alloc() flags after the 4th page to try to
avoid blowing up the emergency free page cache.
Sepherosa Ziehau [Fri, 11 Aug 2017 04:02:09 +0000 (12:02 +0800)]
ethernet: ether_output should only run in the first netisr_ncpus netisrs
Sepherosa Ziehau [Tue, 8 Aug 2017 09:18:29 +0000 (17:18 +0800)]
route: Routes should only be accessed from the first netisr_ncpus netisrs.
Replicate routes to the first netisr_ncpus CPUs, instead of all CPUs.
Sascha Wildner [Sun, 13 Aug 2017 17:09:11 +0000 (19:09 +0200)]
kernel/acpica: Name a variable more appropriately (from FreebSD).
Sascha Wildner [Sun, 13 Aug 2017 11:18:06 +0000 (13:18 +0200)]
i386 removal, part 62/x: Fix per-architecture config file naming in truss.
Sascha Wildner [Sun, 13 Aug 2017 10:08:23 +0000 (12:08 +0200)]
installer: Don't add an entry for 'root' to /etc/crypttab.
It is not necessary and will in fact generate a 'Device root already
exists.' warning because root has already been configured and mounted
at this point.
Sascha Wildner [Sun, 13 Aug 2017 09:54:42 +0000 (11:54 +0200)]
installer: Fix mapper name generation for encrypted installation.
fn_mapper_name() is supposed to take the mountpoint name, not the
device name.
This actually broke the install in environments where no /dev/serno/...
device was available and both root and /build were selected for
encrypting because the device name would never contain a '/' and so
the mapper name 'root' was returned for both.
Sascha Wildner [Sun, 13 Aug 2017 09:43:21 +0000 (11:43 +0200)]
<sys/sysvipc.h>: Remove another no longer used header file.
It should have been removed in
0951a8e1611f221f03c7cb219aae011dbca8a17d.
Matthew Dillon [Sun, 13 Aug 2017 06:35:47 +0000 (23:35 -0700)]
kernel - Scale tsleep() performance vs many (thousands) of processes
* In situations where a huge number of processes or threads are present
and sleeping (that is, more than a few thousand), the global cpumask hash
table used by tsleep() would saturate and effectively cause any wakeup()
call to broadcast to all CPUs.
* Refactor the tsleep initialization code to allow the global cpumask
hash table and the pcpu hash tables to be dynamically allocated.
* Allocate a MUCH larger global cpumask hash table, and significantly
smaller pcpu hash tables. The global cpumask hash table is now
sized to approximate 2 * maxproc, greatly reducing cpumask collisions
when large numbers of processes exist in the system.
The pcpu hash tables can be smaller without effecting performance. This
will simply result in more entries in each queue which are trivially
iterated.
Nominal maxproc ~32,000 -> in the noise (normal desktop system)
Nominal maxproc ~250,000 -> 16MB worth of hash tables (on a 128G box)
Maximal maxproc ~2,000,000 -> 122MB worth of hash tables (on a 128G box)
* Remove the unused sched_quantum sysctl and variable.
* Tested with running a pipe() chain through 900,000 processes, the
end-to-end latency dropped from 25 seconds to 10 seconds and the
pcpu IPI rate dropped from 60,000 IPIs/cpu to 5000 IPIs/cpu. This
is still a bit more than ideal, but much better than before.
* Fix a low-memory panic in zalloc(). A possible infinite recursion
was not being properly handled.
Matthew Dillon [Sat, 12 Aug 2017 20:44:54 +0000 (13:44 -0700)]
kernel - Change maxproc cap calculation
* Increase the calculation for the maxproc cap based on physical ram.
This allows a machine with 128GB of ram to maxproc past a million,
though it should be noted that PIDs are only 6-digits, so for now
a million processes is the actual limit.
Matthew Dillon [Sat, 12 Aug 2017 19:24:16 +0000 (12:24 -0700)]
kernel - Break up scheduler and loadavg callout
* Change the scheduler and loadavg callouts from cpu 0 to all cpus, and
adjust the allproc_scan() and alllwp_scan() to segment the hash table
when asked.
Every cpu is now tasked with handling the nominal scheduler recalc and
nominal load calculation for a portion of the process list. The portion
is unrelated to which cpu(s) the processes are actually scheduled on,
it is strictly a way to spread the work around, split up by hash range.
* Significantly reduces cpu 0 stalls when a large number of user processes
or threads are present (that is, in the tens of thousands or more). In
the test below, before this change, cpu 0 was straining under 40%+
interupt load (from the callout). After this change the load is spread
across all cpus, approximately 1.5% per cpu.
* Tested with 400,000 running user processes on a 32-thread dual-socket
xeon (yes, these numbers are real):
12:27PM up 8 mins, 3 users, load avg: 395143.28, 270541.13, 132638.33
12:33PM up 14 mins, 3 users, load avg: 399496.57, 361405.54, 225669.14
* NOTE: There are still a number of other non-segmented allproc scans in
the system, particularly related to paging and swapping.
* NOTE: Further spreading-out of the work may be needed, by using a more
frequent callout and smaller hash index range for each.
Matthew Dillon [Sat, 12 Aug 2017 18:40:30 +0000 (11:40 -0700)]
kernel - Bump wakeup hash size a little
* Bump from 4001 to 8191 entries to reduce chain length to help situations
where a large numbers of user threads are in a wait state (in the tens or
hundreds of thousands of threads).
Matthew Dillon [Sat, 12 Aug 2017 18:16:26 +0000 (11:16 -0700)]
kernel - loadavg structure 32->64 bit fields
* The loadavg structure overflows when a large number of processes
are running. Yes, I in fact got it to overflow. Change the load
fields from 32 to 64 bits.
* Tested to 400,000 runnable processes.
Matthew Dillon [Sat, 12 Aug 2017 17:26:17 +0000 (10:26 -0700)]
kernel - Fix bottlenecks that develop when many processes are running
* When a large number of processes or threads are running (in the tens of
thousands or more), a number of O(n) or O(ncpus) bottlenecks can develop.
These bottlenecks do not develop when only a few thousand threads
are present.
By fixing these bottlenecks, and assuming kern.maxproc is autoconfigured
or manually set high enough, DFly can now handle hundreds of thousands
of active processes running, polling, sleeping, whatever.
Tested to around 400,000 discrete processes (no shared VM pages) on
a 32-thread dual-socket Xeon system. Each process is placed in a
1/10 second sleep loop using umtx timeouts:
baseline - (before changes), system bottlenecked starting
at around the 30,000 process mark, eating all
available cpu, high IPI rate from hash
collisions, and other unrelated user processes
bogged down due to the scheduling overhead.
200,000 processes - System settles down to 45% idle, and low IPI
rate.
220,000 processes - System 30% idle and low IPI rate
250,000 processes - System 0% idle and low IPI rate
300,000 processes - System 0% idle and low IPI rate.
400,000 processes - Scheduler begins to bottleneck again after the
350,000 while the process test is still in its
fork/exec loop.
Once all 400,000 processes are settled down,
system behaves fairly well. 0% idle, modest
IPI rate averaging 300 IPI/sec/cpu (due to
hash collisions in the wakeup code).
* More work will be needed to better handle processes with massively
shared VM pages.
It should also be noted that the system does a *VERY* good job
allocating and releasing kernel resources during this test using
discrete processes. It can kill 400,000 processes in a few seconds
when I ^C the test.
* Change lwkt_enqueue()'s linear td_runq scan into a double-ended scan.
This bottleneck does not arise when large numbers of processes are
running in usermode, because typically only one user process per cpu
will be scheduled to LWKT.
However, this bottleneck does arise when large numbers of threads
are woken up in-kernel. While in-kernel, a thread schedules directly
to LWKT. Round-robin operation tends to result in appends to the tail
of the queue, so this optimization saves an enormous amount of cpu
time when large numbers of threads are present.
* Limit ncallout to ~5 minutes worth of ring. The calculation code is
primarily designed to allocate less space on low-memory machines,
but will also cause an excessively-sized ring to be allocated on
large-memory machines. 512MB was observed on a 32-way box.
* Remove vm_map->hint, which had basically stopped functioning in a
useful manner. Add a new vm_map hinting mechanism that caches up to
four (size, align) start addresses for vm_map_findspace(). This cache
is used to quickly index into the linear vm_map_entry list before
entering the linear search phase.
This fixes a serious bottleneck that arises due to vm_map_findspace()'s
linear scan if the vm_map_entry list when the kernel_map becomes
fragmented, typically when the machine is managing a large number of
processes or threads (in the tens of thousands or more).
This will also reduce overheads for processes with highly fragmented
vm_maps.
* Dynamically size the action_hash[] array in vm/vm_page.c. This array
is used to record blocked umtx operations. The limited size of the
array could result in an excessive number of hash entries when a large
number of processes/threads are present in the system. Again, the
effect is noticed as the number of threads exceeds a few tens of
thousands.
Matthew Dillon [Thu, 10 Aug 2017 05:20:52 +0000 (22:20 -0700)]
kernel - Lower VM_MAX_USER_ADDRESS to finalize work-around for Ryzen bug
* Reduce VM_MAX_USER_ADDRESS by 2MB, effectively making the top 2MB of the
user address space unmappable. The user stack now starts 2MB down from
where it did before. Theoretically we only need to reduce the top of
the user address space by 4KB, but doing it by 2MB may be more useful for
future page table optimizations.
* As per AMD, Ryzen has an issue when the instruction pre-fetcher crosses
from canonical to non-canonical address space. This can only occur at
the top of the user stack.
In DragonFlyBSD, the signal trampoline resides at the top of the user stack
and an IRETQ into it can cause a Ryzen box to lockup and destabilize due
to this action. The bug case was, basically two cpu threads on the same
core, one in a cpu-bound loop of some sort while the other takes a normal
UNIX signal (causing the IRETQ into the signal trampoline). The IRETQ
microcode freezes until the cpu-bound loop terminates, preventing the
cpu thread from being able to take any interrupt or IPI whatsoever for
the duration, and the cpu may destabilize afterwords as well.
* The pre-fetcher is somewhat heuristical, so just moving the trampoline
down is no guarantee if the top 4KB of the user stack is mapped or mappable.
It is better to make the boundary unmappable by userland.
* Bug first tracked down by myself in early 2017. AMD validated the bug
and determined that unmapping the boundary page completely solves the
issue.
* Also retain the code which places the signal trampoline in its own page
so we can maintain separate protection settings for the code, and make it
read-only (R+X).
Matthew Dillon [Wed, 9 Aug 2017 00:14:18 +0000 (17:14 -0700)]
kcollect - Fix grammar
* gunplot -> gnuplot
Reported-by: Steve Horan <steve@horan.net.au>
Sepherosa Ziehau [Tue, 8 Aug 2017 07:29:29 +0000 (15:29 +0800)]
mbuf: Minor style change.
Sepherosa Ziehau [Mon, 7 Aug 2017 09:43:54 +0000 (17:43 +0800)]
netisr: Simplify assertion related bits
Sepherosa Ziehau [Mon, 7 Aug 2017 08:45:26 +0000 (16:45 +0800)]
stf: Make route per-cpu. And it should run in the first netisr_ncpus netisrs.
Sepherosa Ziehau [Mon, 7 Aug 2017 07:57:06 +0000 (15:57 +0800)]
gre: Rework routing facilities.
- Make route per-cpu.
- Make sure that all routing related operation happens in the first
netisr_ncpus netisrs.
Sepherosa Ziehau [Fri, 4 Aug 2017 12:12:16 +0000 (20:12 +0800)]
route: Minor cleanup
Sepherosa Ziehau [Fri, 4 Aug 2017 12:06:18 +0000 (20:06 +0800)]
route: Delete ortentry, SIOC{ADD,DEL}RT and RTM_OLD{ADD,DEL}
They have not been used for more than a decade.
Sepherosa Ziehau [Fri, 4 Aug 2017 11:07:30 +0000 (19:07 +0800)]
gif: It should only run in the first netisr_ncpus netisrs
Sepherosa Ziehau [Fri, 4 Aug 2017 11:03:19 +0000 (19:03 +0800)]
route: Add rtfree_async.
This prepares to run rtalloc/lookup/free in the first netisr_ncpus
netisrs. This function is only intended to be used on slow path;
e.g. detach.
Sascha Wildner [Sun, 6 Aug 2017 22:45:23 +0000 (00:45 +0200)]
ps(1): Remove -I${.CURDIR}/../../sys from the Makefile.
FreeBSD did that in 2001 (r76812). It's not a bootstrap tool, so there
is no reason to mix up include paths.
Matthew Dillon [Sun, 6 Aug 2017 03:07:34 +0000 (20:07 -0700)]
kernel - Move sigtramp even lower
* Attempt to work around a Ryzen cpu bug by moving sigtramp even lower than
we have already.
Sascha Wildner [Sat, 5 Aug 2017 23:54:29 +0000 (01:54 +0200)]
kdump(8): Add more support for printing flag etc. names.
* New support for: eaccess() modes, faccessat() modes and atflag,
fchmodat() atflag, fchownat() atflag, fstatat() atflag,
linkat() atflag, unlinkat() atflag, utimensat() atflag,
getvfsstat() flags, lchflags() flags, chflagsat() flags and atflag,
kenv() actions, usched_set() commands, sys_checkpoint() types,
procctl() commands, mountctl() operations, and varsym_{list,set}()
levels.
* Fix flags printing in chflags() and fchflags().
* Better separate mount() and getfsstat() flags definitions.
* Adjust grepping for fcntl() commands send/recvmsg() etc. flags to
include flags with more than one underscore in their name, like
F_DUPFD_CLOEXEC.
Still missing: extexit()'s 'how' argument.
Sascha Wildner [Sat, 5 Aug 2017 12:22:24 +0000 (14:22 +0200)]
kdump(1): Oops, remove forgotten include.
Sascha Wildner [Sat, 5 Aug 2017 12:13:42 +0000 (14:13 +0200)]
kdump(1): Remove unused ptraceopname(). ptrace ops are handled specially.
Matthew Dillon [Sat, 5 Aug 2017 04:47:23 +0000 (21:47 -0700)]
procfs - Fix blocked lock condition
* Two procfs races can result in a lock being blocked forever. Rip out
the old single-variable global procfs lock and per-node lock and replace
with a normal lockmgr lock.
* The original lock existed from a time when all of procfs was wrapped with
a global lock. This is no longer the case.
Matthew Dillon [Sat, 5 Aug 2017 04:38:10 +0000 (21:38 -0700)]
kernel - Fix serious permissions bug for sticky directories
* An optimization improperly bypassed the sticky-bit test, creating
a security issue with /tmp and /var/tmp.
* Fix by disabling the optimization for the second-to-last path component.
Any prior components retain the optimization, so long directory paths
are still well-optimized.
Sascha Wildner [Sat, 5 Aug 2017 00:51:05 +0000 (02:51 +0200)]
kdump(1): Add pathconf(2) variable name printing.
Sascha Wildner [Sat, 5 Aug 2017 00:01:41 +0000 (02:01 +0200)]
kdump(1): Add clockid_t name printing.
Sascha Wildner [Fri, 4 Aug 2017 23:40:13 +0000 (01:40 +0200)]
kdump(1): Allow auto switch funcs to not have an 'invalid' default case.
Sascha Wildner [Fri, 4 Aug 2017 20:00:11 +0000 (22:00 +0200)]
<sys/un.h>: Clean up namespace.
Sascha Wildner [Fri, 4 Aug 2017 19:59:39 +0000 (21:59 +0200)]
Remove some no longer used header files.
* <sys/device_port.h>: Kernel only, last consumer was scsi_low which was
removed in
075c6d38244abd0b0c8dc9b2974ef574b9180bf5 in January.
* <sys/ieee754.h>: NetBSD header that is supposed to be included from
the implementation's ieee.h header, which ours no longer does, so
it's a leftover from some earlier state of our libm.
* <nlist_aout.h>: Last consumer was removed in 2009 when a.out support
was dropped from modules (
70eee1c9363092cae6ef68466a44ad68fa22e183).
Sascha Wildner [Fri, 4 Aug 2017 11:43:57 +0000 (13:43 +0200)]
/boot/defaults/loader.conf: Fix typo.
Sepherosa Ziehau [Fri, 4 Aug 2017 08:48:28 +0000 (16:48 +0800)]
ipid: Call ip_randomid() on all CPUs.
- Remove unnecessary crit sections.
- Remove unapplied comment.
- Minor style fixes.