Just wanted to chime in and say that this, in combination with https://reviews.freebsd.org/D20523, allows me to pass an add-in USB XHCI controller to a guest. Before this patch, bhyve would abort when passing through the problematic controller.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Advanced Search
Jul 12 2019
Jul 3 2019
Jun 28 2019
Jun 24 2019
Jun 22 2019
Jun 12 2019
Jun 5 2019
Just wanted to chime in that this, in combination with https://reviews.freebsd.org/D20525, allows me to pass through an add-in USB XHCI controller to a guest OS. Before this patch, bhyve would segv.
May 24 2019
I tend to think that neither of these is actually a problem, since in both cases, if the "if" is taken, we return or jump. But the fix seems harmless.
May 22 2019
May 11 2019
May 10 2019
May 9 2019
May 8 2019
In D20163#434567, @jhb wrote:FWIW, my limited testing of IPsec doesn't use if_ipsec, but instead I used setkey. I think having the rc.d scripts for 'ipsec_enable' autoloading ipsec.ko is reasonable. Maybe if there are ports scripts for IKE daemons (raccoon, strongswan?) those rc.d scripts should also try to load modules they need.
May 6 2019
Thank you!
In D20163#434345, @cem wrote:No objection to moving IPSEC out of GENERIC (but continuing to build it as a module). Check with gnn@, as he originally added it.
I agree that teaching ifconfig about ipsec (option 1) seems the most straightforward way to provide compatibility through that interface.
May 5 2019
To make this change less painful for users, it seems like we should enable ifconfig to auto-load ipsec when ifconfig is invoked with ipsecX. ifconfig will currently try to load if_ipsec, and this does not work because the kernel module is ipsec.ko. So it seems like there are 3 obvious workarounds:
May 3 2019
May 2 2019
- Restored the fixes to the manpage formatting and xref's requested by markj (as noticed by bz)
- Updated the date on the manpage as requested by bz (speculative date for now)
- Changed ifdef / { matching as requested by bz
- Changed net.link.lagg.default_use_numa init as requested by bz (i think)
- Fixed printing of USE_NUMA flag in ifconfig, as noticed by me.
May 1 2019
In D20117#433106, @adrian wrote:I see you've done a bit of net80211 checking there; I think I'm going to use this change as motivation to speed up my desire to make rcvif manipulation a bit less insane and error prone.
In D20117#433037, @ae wrote:I'm sorry, I completely missed this change in the past. But it looks like it can break ipfw firewall rules, since rcvif is now union with snd_tag. And this means, rcvif can be initialized for packets that were not actually received on specified interface. ipfw uses rcvif in rules to check that a packet was received on specified interface, and this check was correct even for outgoing packets. Now it looks like such checks can be incorrect.
Apr 30 2019
In D20062#432787, @alc wrote:I think that there is a better approach than what you are attempting here. Once you have the patch that you describe as "My patch to alter the behavior of SO_REUSEPORT_LB listen sockets ...", the thread executing sendfile(2) will be running on the same domain as the socket. Recall Kostik's first comment, "Vm objects can have domain policies assigned, and object policy trumps a thread policy, if present." In other words, if you don't define an object policy, the page allocations will be governed by the thread's policy. A thread policy that says allocate from the local domain should achieve your desired outcome.
In D20062#432560, @kib wrote:I still do not quite understand the benefits of this change.
Apr 29 2019
As alc pointed out (and as I've confirmed), the vm_object will linger with the domain policy set, causing an increase in cross domain traffic for our workload. I've restored the feature from the older patch where we override the current domain policy. This reduces cross domain traffic to previous levels.
I'm going to have to re-test with this
Address comments by markj and kib
- add a comment explaining what is happening
- only replace domain policy when it is NULL
- re-check policy after acquiring object lock
Apr 26 2019
Fix off-by-one error pointed out by hselasky
In D20062#431501, @kib wrote:IMO it is too special-purpose, and potentially affecting other loads.
Vm objects can have domain policies assigned, and object policy trumps a thread policy, if present. I would prefer that we added infrastructure to assign policy to the file' vm_object, e.g. using some new ioctl on file descriptor, and userspace did the job of explicitly stating the desired policy.
I've updated the patch to remove my hand-plumbed path down to vm_page_alloc_domain_after(), and changed to setting the domain policy on the object.
In D20062#431501, @kib wrote:IMO it is too special-purpose, and potentially affecting other loads.
Vm objects can have domain policies assigned, and object policy trumps a thread policy, if present. I would prefer that we added infrastructure to assign policy to the file' vm_object, e.g. using some new ioctl on file descriptor, and userspace did the job of explicitly stating the desired policy.
Fix style issues pointed out by markj in the ifconfig man page change, and add cross-references to the numa(4) man page, as he suggests.
Apr 25 2019
Apr 24 2019
Apr 23 2019
Apr 22 2019
shurd: I have been waiting for you to test with bnxt & jumbo frames, but I think this is approaching a reasonable timeout (almost 2 weeks since the last feedback). I plan to commit in the next day or so unless I hear from you.
Apr 18 2019
Removed redundant parens around bus_get_domain() call as pointed out by markj
Apr 17 2019
Address kib's feedback
- remove unneeded _domainset.h include
- re-write if_alloc_dev() to be more concise
- Added if_alloc_dev() and changed example mlx5en and cxgbe code to use them, as suggested by kib.
- Added links to if_alloc_domain and if_alloc_dev for man pages
- Fixed style issues pointed out by kib
In D19930#428329, @kib wrote:I wonder if a KPI of the format
struct ifnet *if_alloc_dev(u_char type, dev_t device);would be more useful. It would hide all NUMA/non-NUMA/bus_get_domain() failed details that driver authors will copy/paste ad infinitum.
I do not propose to not add if_alloc_domain(), just think that if_alloc_dev() should be the primari KPI. Also it might allow to get more device_t context in if_alloc().
Apr 16 2019
Apr 15 2019
Apr 9 2019
Mar 28 2019
Address review feedback from marius & shurd
Mar 27 2019
YES! Death to M_DEVBUF!
Mar 19 2019
Fixed comments, as pointed out by ejg
Mar 18 2019
Mar 16 2019
Mar 14 2019
Mar 13 2019
I think this is a mostly theoretical issue, as you'll have had a chain which was impossible to send (eg, far too large, etc) even after defrag.
Mar 10 2019
- Use new pfil_mem2mbuf() to avoid unaligned access of mbuf pointer
- Remove unneeded breaks
Feb 25 2019
Much cleaner, as usual, than the hack I gave you to start with.
Feb 21 2019
Guard against null pfil at device detach by deregistering pfil hook later. While here, check for a null pfil hook and cache it in a local to make the code easier to read.
Feb 15 2019
Feb 14 2019
I understand the missing FILTER_STRAY.
Feb 8 2019
Updated to truncate the length passed to pfil for multi-segment jumbo frames to just the length of the first segment.
Feb 7 2019
Any high performance interface will look similar to this and be similarly invasive.
The reason to have this in the driver is for performance. The plan for pfil is to eventually just use a pointer to a memory blob for filtering. The current fake mbuf stuff is a step in that direction.
Feb 6 2019
- moved rv declaration to top of function
- entered CURVNET to prevent panic from null curvnet when VIMAGE is compiled in Note placing this at the top of the rx function is a trade off between tiny overhead in the common case (nothing hooked) and a bit larger overhead in the case when something is hooked, and entering/restoring the VNET each time we call into the filter.
- Addressed all possible return values from pfil_run_hooks Note that PFIL_REALLOCED was tested by hacking pfil.c to copy packets
- Added a label to jump to when PFIL_REALLOCED is returned, and we need to send up an mbuf allocated by the filter.