Re: Kerberized NFSv3 incorrect behavior

[Doug Rabson]

On 6 Feb 2010, at 09:44, George Mamalakis wrote:

> Rick Macklem wrote:
>> 
>> 
>> On Fri, 5 Feb 2010, George Mamalakis wrote:
>> 
>>> Dear all,
>>> 
>>> I am running FBSD8-STABLE on an nfsv3 server and an nfsv3 client. My 
>>> configuration is based on 
>>> http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup. My goal 
>>> is to share filesystems securely through kerberos authentication. 
>>> Everything works fine, until I try to kdestroy my tickets or kinit to some 
>>> other user, where the system insists to think that I am the user that 
>>> initially obtained their ticket. To be more extensive, my story is as 
>>> follows:
>>> 
>> [good stuff snipped]
>>> 
>>> 
>>> and both client and server have the correct entries about each other (and 
>>> themselves) in their /etc/hosts, so heimdal works just fine.
>>> 
>>> Both client and server have their respective keytabs stored in 
>>> /etc/krb5.keytab, and I use two users in my example (that both exist in 
>>> both systems with the same uid,gid): mamalos and testakis.
>>> 
>> 
>> Unless you have applied the experimental patch, a keytab entry is
>> meaningless in the client. Without that, it was assumed that "root"
>> would never "kinit" as anyone. Basically, it was assumed that "root"
>> would only do the mount and a user, like "mamalos" or "testakis"
>> would be logged in and kinit'd as that user.
>> 
>> The short answer is that any principal with TGT in the credentials
>> cache for uid==N will be used to authenticate that user. Once
>> authenticated, that "handle" for the user can be used until it
>> expires (up to the server, but usually set to when the TGT that
>> it found in the credential cache is due to expire).
>> 
>>> So, when I mount the exported filesystem on the client giving:
>>> 
>>> # mount -o nvfsv3,sec=krb5 server.example.com:/exports /mnt
>>> # mount
>>> /dev/da0s1a on / (ufs, local, soft-updates)
>>> devfs on /dev (devfs, local, multilabel)
>>> server.example.com:/exports on /mnt (nfs)
>>> 
>>> and try to access the share:
>>> # ls /mnt
>>> ls: mnt: Permission denied
>>> 
>>> I get the error I am expecting, since root does not have any kerberos 
>>> tickets assigned, yet. Let's see what happens when I kinit as mamalos:
>> 
>> Yep, as expected.
>>> # klist
>>> Credentials cache: FILE:/tmp/krb5cc_0
>>> Principal: mama...@example.com
>>> 
>>> Issued Expires Principal
>>> Feb 5 11:20:49 Feb 5 21:20:47 krbtgt/exapmle@example.com
>>> # ls -la /mnt/
>>> total 8
>>> drwxr-xr-x 4 root wheel - 512 4 Feb 19:03 ./
>>> drwxr-xr-x 21 root wheel - 512 3 Feb 11:27 ../
>>> drwx-- 2 mamalos wheel - 512 5 Feb 11:11 mamalos/
>>> drwx-- 2 testakis wheel - 512 4 Feb 19:06 testakis/
>>> # touch /mnt/mamalos/myfile
>>> # ls -la /mnt/mamalos/myfile
>>> rw-r--r-- 1 mamalos wheel - 0 5 Feb 11:22 /mnt/mamalos/myfile
>>> 
>>> Which is the exact behavior that is expected. Now when I kdestroy:
>>> # kdestroy
>>> # klist
>>> klist: No ticket file: /tmp/krb5cc_0
>>> # touch /mnt/mamalos/myfilethatshouldnotbe
>>> # ls -la /mnt/mamalos/myfilethatshouldnotbe
>>> -rw-r--r-- 1 mamalos wheel - 0 5 Feb 11:24 
>>> /mnt/mamalos/myfilethatshouldnotbe
>>> 
>> 
>> Yes, this is a "bug/limitation" in the current implementation. I believe
>> that "kdestroy" should do some sort of system call to inform the NFS
>> client that "credentials for uid==N" should be invalidated. This is not
>> implemented in FreeBSD8 (or Linux for that matter, last I checked).
>> I don't know if dfr@ was planning on doing this and whether or not he
>> thinks it is appropriate to do so?
>> 
>> Without that implemented, the "handle" continues to work until the
>> server expires it, normally when the TGT for "mamalos" would have
>> expired if you hadn't kdestroy'd it.
>> 
>>> And I can do everything in that share as if I were still mamalos, even 
>>> though I kdestroyed my kerberos ticket. The same thing will happen even if 
>>> I kinit to testakis after that. klist shows testakis' ticket this time, but 
>>> I am not allowed to access (rwx) tetakis' files/folders, and I still have 
>>> full control over mamalos' files and folders.
>>> 
>>> In order to be able to do something as testakis, I have to unmount the 
>>> share and remount it while having testakis' ticket (or having no ticket at 
>>> all, and giving kinit testakis after mounting the share).
>>> 
>> 
>> Actually, logging in as "testakis" should allow that user to access the
>> mount as "testakis" once kinit'd as "testakis". The trick is that the
>> credential cache entry needs to be in /tmp/krb5cc_N (where 'N' is the
>> uid assigned to "testakis"). Same would apply to "mamalos" if that
>> user were logged in with a non-0 uid.
>> 
>>> I am not an NFS expert, but I suppose that this behavior is not the one to 
>>> be expected, except if I am missing some fundamental information about 
>>> kerberized NFS that explains it. Even so, it would be quite unwise to 
>>> behave so, since even if the users kdestroys their tickets, they have s

Re: lock problem: nfs server on FreeBSD 7-stable, client on linux

[Doug Rabson]

On 6 Apr 2008, at 07:38, Tz-Huan Huang wrote:


On Sun, Apr 6, 2008 at 2:05 PM, Rong-en Fan <[EMAIL PROTECTED]> wrote:
On Sun, Apr 6, 2008 at 1:18 PM, Tz-Huan Huang <[EMAIL PROTECTED]>  
wrote:

Hi,

Thanks for your suggestion, but we don't accept this workaround.

After doing binary searching, I find that this commit break the  
working lockd:


 http://lists.freebsd.org/pipermail/cvs-src/2008-March/089037.html

I have rolled back the lockd.c to 1.20 in our nfs server and it  
works

fine as before.


Add dfr@ to CC list.

I'm curious about this change, could you check what socket bind by
rpc.lockd and rpc.statd before and after lockd. rev 1.21+1.22  
changes?


Ok, following is the output of  sockstat -4l :

Before the changes:
daemon   rpc.lockd  83002 3  udp4   *:677 *:*
daemon   rpc.lockd  83002 4  tcp4   *:946 *:*
daemon   rpc.lockd  83002 7  udp4   *:642 *:*
root rpc.lockd  83001 3  udp4   *:677 *:*
root rpc.lockd  83001 4  tcp4   *:946 *:*
root rpc.lockd  83001 7  udp4   *:642 *:*
root rpc.statd  973   3  udp4   *:964 *:*
root rpc.statd  973   4  tcp4   *:602 *:*

After the changes:
(with -h 140.112.29.133)
daemon   rpc.lockd  82817 4  udp4   127.0.0.1:696 *:*
daemon   rpc.lockd  82817 5  udp4   140.112.29.133:696*:*
daemon   rpc.lockd  82817 6  tcp4   127.0.0.1:696 *:*
daemon   rpc.lockd  82817 7  tcp4   140.112.29.133:696*:*
daemon   rpc.lockd  82817 9  udp4   *:974 *:*
root rpc.lockd  82816 4  udp4   127.0.0.1:696 *:*
root rpc.lockd  82816 5  udp4   140.112.29.133:696*:*
root rpc.lockd  82816 6  tcp4   127.0.0.1:696 *:*
root rpc.lockd  82816 7  tcp4   140.112.29.133:696*:*
root rpc.lockd  82816 9  udp4   *:974 *:*
root rpc.statd  973   3  udp4   *:964 *:*
root rpc.statd  973   4  tcp4   *:602 *:*

(without -h 140.112.29.133)
daemon   rpc.lockd  82541 4  udp4   *:915 *:*
daemon   rpc.lockd  82541 5  tcp4   *:915 *:*
daemon   rpc.lockd  82541 7  udp4   *:713 *:*
root rpc.lockd  82540 4  udp4   *:915 *:*
root rpc.lockd  82540 5  tcp4   *:915 *:*
root rpc.lockd  82540 7  udp4   *:713 *:*
root rpc.statd  973   3  udp4   *:964 *:*
root rpc.statd  973   4  tcp4   *:602 *:*

More information would be provided if necessary.


It would be useful to get a packet trace from tcpdump (e.g. tcpdump -w  
) that shows what happens on the wire when the linux client  
fails to lock a file on the freebsd server.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: lock problem: nfs server on FreeBSD 7-stable, client on linux

[Doug Rabson]

On 6 Apr 2008, at 09:58, Tz-Huan Huang wrote:


On Sun, Apr 6, 2008 at 3:45 PM, Doug Rabson <[EMAIL PROTECTED]> wrote:


It would be useful to get a packet trace from tcpdump (e.g. tcpdump  
-w
) that shows what happens on the wire when the linux client  
fails to

lock a file on the freebsd server.


Since the nfs server is in production now, I have setup another  
machine to

get the packet trace.

Here is the output of tcpdump (I use tcpdump -w host cml8):

  http://w.csie.org/~tzhuan/tmp/tcpdump.raw


Could you possibly try again with 'tcpdump -w  -s 1500' - the  
packets were truncated which made it difficult to analyse.



___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: lock problem: nfs server on FreeBSD 7-stable, client on linux

[Doug Rabson]

On 6 Apr 2008, at 09:58, Tz-Huan Huang wrote:


On Sun, Apr 6, 2008 at 3:45 PM, Doug Rabson <[EMAIL PROTECTED]> wrote:


It would be useful to get a packet trace from tcpdump (e.g. tcpdump  
-w
) that shows what happens on the wire when the linux client  
fails to

lock a file on the freebsd server.


Since the nfs server is in production now, I have setup another  
machine to

get the packet trace.

Here is the output of tcpdump (I use tcpdump -w host cml8):

  http://w.csie.org/~tzhuan/tmp/tcpdump.raw

cml7 is the nfs server (today's 7-stable, i386) and cml8 is debian
linux (amd64).
I use this program (http://w.csie.org/~tzhuan/tmp/lock.c) to test the
file locking
when capturing the packets.  It ran about 1m30s and showed ``lock  
fail''.


One thing I did notice is that the client appears to be trying to  
connect to the server on tcp port 751 and the server is rejecting that  
connection. I'm not sure I trust the output of sockstat - could you  
show me the output of rpcinfo and netstat -an.



___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: lock problem: nfs server on FreeBSD 7-stable, client on linux

[Doug Rabson]

On 6 Apr 2008, at 11:30, Tz-Huan Huang wrote:


On Sun, Apr 6, 2008 at 5:21 PM, Doug Rabson <[EMAIL PROTECTED]> wrote:


Could you possibly try again with 'tcpdump -w  -s 1500' - the  
packets

were truncated which made it difficult to analyse.


Sure, it's available here:

http://w.csie.org/~tzhuan/tmp/tcpdump2.raw


Hmm. Somehow the socket which rpc.lockd is supposed to use for  
accepting TCP requests has been closed. Linux tends to use TCP for  
lock requests when the NFS is mounted over TCP. I'll try and reproduce  
this locally.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: lock problem: nfs server on FreeBSD 7-stable, client on linux

[Doug Rabson]

On 6 Apr 2008, at 11:48, Tz-Huan Huang wrote:


On Sun, Apr 6, 2008 at 5:53 PM, Doug Rabson <[EMAIL PROTECTED]> wrote:
One thing I did notice is that the client appears to be trying to  
connect
to the server on tcp port 751 and the server is rejecting that  
connection.
I'm not sure I trust the output of sockstat - could you show me the  
output

of rpcinfo and netstat -an.


Here you are:
http://w.csie.org/~tzhuan/tmp/rpcinfo.txt
http://w.csie.org/~tzhuan/tmp/netstat.txt


This patch should fix the problem. Sorry for the inconvenience.



lockd.diff
Description: Binary data


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: panic with smbfs after MFC of kernel space locking

[Doug Rabson]

On 14 Apr 2008, at 08:19, Oliver Brandmueller wrote:


Hello and good morning,

I upgraded to 7-STABLE after the MFC of the kernel space locking.  
Since

then I experience panics with programs that strongly rely in file
locking on CIFS (smbfs) mounts:

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0x13bf2a8
fault code  = supervisor read data, page not present
instruction pointer = 0x8:0x8023305a
stack pointer   = 0x10:0xc72d7920
frame pointer   = 0x10:0xc72d7950
code segment= base 0x0, limit 0xf, type 0x1b
   = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags= interrupt enabled, resume, IOPL = 0
current process = 42037 (perl)
[thread pid 42037 tid 100124 ]
Stopped at  lf_getblock+0x2a:   cmpq%r12,0x8(%rbx)
db> bt
Tracing pid 42037 tid 100124 td 0xff00037dc350
lf_getblock() at lf_getblock+0x2a
lf_advlockasync() at lf_advlockasync+0x4f5
lf_advlock() at lf_advlock+0x47
smbfs_advlock() at smbfs_advlock+0x19a
flock() at flock+0x150
syscall() at syscall+0x256
Xfast_syscall() at Xfast_syscall+0xab
--- syscall (131, FreeBSD ELF64, flock), rip = 0x800c0a3fc, rsp =
0x7fffecc8, rbp = 0x8325e8 ---

As far as I can see there were changes for all kinds of file systems
with the MFC, but no change in the smbfs filesystem. I also couldn't
find any change in HEAD's smbfs, so it was not a missing MFC, but
probably the fs was missed in the changes at all.

Could anyone with a little better programming skills than me probably
have a look at it? From the diffs of the other filesystems it seems  
like

it's not a real big change, but mainly adding the function.


I added a new vnode operation to support the new lock manager but this  
operation only needs to be implemented on filesystems that can be  
exported via NFS. I assumed that this was not the case for SMBFS.  
Could you find me a line number for lf_getblock+0x2a - something like  
this should do it:


# gdb /boot/kernel/kernel
(gdb) l *(lf_getblock+0x2a)


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: samba build failure on 6-STABLE

[Doug Rabson]

On 1 May 2008, at 15:39, Michael Proto wrote:



Greg Byshenk wrote:
I'm posting this to freebsd-stable even though it is a problem with  
a port,
because the port itself has not changed, but a rebuild fails (on a  
system
and with a configuration that worked before my most recent system  
updates).


Basically my problem is that the current Samba3 (samba-3.0.28,1)  
won't build
on a recent 6-STABLE system (I noticed it with sources csup'd 24  
April, and
it continues with sources csup'd today, 1 May). The strange thing  
is that
this is a version of samba that has previously built successfully,  
on the
machine and with the configuration that is now failing.  (I was  
attempting

to rebuild because I saw some strange library errors.)  This at least
suggests to me that the problem is _not_ due to something changing  
with Samba,

but to some other change that is being reflected in the Samba build.


The system in question is built from sources csup'd today (1 May  
2008), with
all installed ports current as of today.  The same Samba did build  
successfully

with a source and ports tree csup'd on 7 March 2008.

As a test to see if there is some problem with the ports  
dependencies, I've
tried a 'portupgrade -fR samba'; all of the dependencies built  
fine, but then

I got the same error when attempting to build Samba itself. It is not
definitive, but this suggests to me that this is not a ports  
problem (per se),

but a kernel/world problem.

This latter is highlighted by the fact that Samba builds without  
error on a
system with sources csup'd on 17 April.  That is, if I take the  
exact same
system on which the build fails, revert my world/kernel to a build  
from

17 April (leaving everything else exactly the same), then the error
disappears and Samba builds successfully.


The actual error is below. Any ideas are welcome. I have a machine  
that I can

play with if someone would like me to try anything.

-greg


Compiling smbd/oplock_linux.c
smbd/oplock_linux.c: In function `signal_handler':
smbd/oplock_linux.c:73: error: structure has no member named `si_fd'
The following command failed:
cc -I. -I/usr/ports/net/samba3/work/samba-3.0.28/source  -O2 -fno- 
strict-aliasing -pipe -D_SAMBA_BUILD_=3 -I/usr/local/include  -I/ 
usr/ports/net/samba3/work/samba-3.0.28/source/iniparser/src - 
Iinclude -I./include  -I. -I. -I./lib/replace -I./lib/talloc -I./ 
tdb/include -I./libaddns -I./librpc -DHAVE_CONFIG_H  -I/usr/local/ 
include -DLDAP_DEPRECATED-I/usr/ports/net/samba3/work/ 
samba-3.0.28/source/lib -D_SAMBA_BUILD_=3 -fPIC -DPIC -c smbd/ 
oplock_linux.c -o smbd/oplock_linux.o

*** Error code 1

Stop in /usr/ports/net/samba3/work/samba-3.0.28/source.
*** Error code 1

Stop in /usr/ports/net/samba3.
*** Error code 1

Stop in /usr/ports/net/samba3.



I can confirm this on a 6-STABLE system last SUPed (kernel and world
rebuilt) to 20080428 11:23 EDT. samba-3.0.28,1 built fine on this box
when it was 6.3-RELEASE, and now fails in exactly the same place when
trying to rebuild on 6-STABLE.


The attached patch should fix the problem




syscall.diff
Description: Binary data


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: samba build failure on 6-STABLE

[Doug Rabson]

On 3 May 2008, at 18:23, Greg Byshenk wrote:


On Sat, May 03, 2008 at 11:42:14AM +0100, Doug Rabson wrote:

On 1 May 2008, at 15:39, Michael Proto wrote:

Greg Byshenk wrote:


[...] Basically my problem is that the current Samba3  
(samba-3.0.28,1)

won't build on a recent 6-STABLE system (I noticed it with sources
csup'd 24 April, and it continues with sources csup'd today, 1  
May).

The strange thing is that this is a version of samba that has
previously built successfully,  on the machine and with the
configuration that is now failing.  (I was  attempting
to rebuild because I saw some strange library errors.)  This at  
least

suggests to me that the problem is _not_ due to something changing
with Samba, but to some other change that is being reflected in the
Samba build.  [...]



I can confirm this on a 6-STABLE system last SUPed (kernel and world
rebuilt) to 20080428 11:23 EDT. samba-3.0.28,1 built fine on this  
box
when it was 6.3-RELEASE, and now fails in exactly the same place  
when

trying to rebuild on 6-STABLE.



The attached patch should fix the problem.


It appears that it does.

I've applied the patch on a test machine, and Samba now builds  
successfully.
I've also done a reinstall of Samba, and the rebuild version appears  
to be

working properly (though I have not yet done any extensive testing).


Great, thanks for testing.

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: flock incorrectly detects deadlock on 7-stable and current

[Doug Rabson]

On 8 May 2008, at 09:12, Paul Koch wrote:


Hi,

We have been trying to track down a problem with one of our apps which
does a lot of flock(2) calls.  flock returns errno 11 (Resource
deadlock avoided) under certain scenarios.  Our app works fine on
7-Release, but fails on 7-stable and -current.

The problem appears to be when we have at least three processes doing
flock() on a file, and one is trying to upgrade a shared lock to an
exclusive lock but fails with a deadlock avoided.

Attached is a simple flock() test program.

a. Process 1 requests and gets a shared lock
b. Process 2 requests and blocks for an exclusive lock
c. Process 3 requests and gets a shared lock
d. Process 3 requests an upgrade to an exclusive lock but fails (errno
11)

If we change 'd' to
  Process 3 requests unlock, then requests exclusive lock, it works.


Could you possibly try this patch and tell me if it helps:

 //depot/user/dfr/lockd/sys/kern/kern_lockf.c#57 - /tank/projects/ 
lockd/src/sys/kern/kern_lockf.c 

@@ -1370,6 +1370,18 @@
}

/*
+* For flock type locks, we must first remove
+* any shared locks that we hold before we sleep
+* waiting for an exclusive lock.
+*/
+   if ((lock->lf_flags & F_FLOCK) &&
+   lock->lf_type == F_WRLCK) {
+   lock->lf_type = F_UNLCK;
+   lf_activate_lock(state, lock);
+   lock->lf_type = F_WRLCK;
+   }
+
+   /*
 * We are blocked. Create edges to each blocking lock,
 * checking for deadlock using the owner graph. For
 * simplicity, we run deadlock detection for all
@@ -1389,17 +1401,6 @@
}

/*
-* For flock type locks, we must first remove
-* any shared locks that we hold before we sleep
-* waiting for an exclusive lock.
-*/
-   if ((lock->lf_flags & F_FLOCK) &&
-   lock->lf_type == F_WRLCK) {
-   lock->lf_type = F_UNLCK;
-   lf_activate_lock(state, lock);
-   lock->lf_type = F_WRLCK;
-   }
-   /*
 * We have added edges to everything that blocks
 * us. Sleep until they all go away.
 */

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: flock incorrectly detects deadlock on 7-stable and current

[Doug Rabson]

On 9 May 2008, at 07:07, Paul Koch wrote:


On Thu, 8 May 2008 06:37:00 pm Doug Rabson wrote:



Could you possibly try this patch and tell me if it helps:
...


Manually applied the patch to stable kern_lockf.c  1.57.2.1.  Ran the
flock_test program on many of our architectures and it works fine.

Have also been testing our app on a single core i386 machine today  
with
no locking problems.  Just setup a quad core -stable amd64 build and  
it

also appears to be running fine now.


Thanks for that. I'll get the patch committed to current today - it  
will turn up in 7-stable in a couple of days.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Buildworld Fails RELENG_7

[Doug Rabson]

This symbol has been added to fcntl.h recently. It appears as if your  
build is picking up the installed header rather than the one from the  
source tree. Are you using 'make buildworld'?


On 19 May 2008, at 16:17, Dave Uhring wrote:


Sources checked out yesterday, updated this morning using cvsup and
repository at cvsup12.freebsd.org.  The build fails in /usr/src/lib/ 
libc


/usr/bin/gcc -O2 -fno-strict-aliasing -pipe -m32 -march=athlon-mp -I/ 
usr/src/lib/libc/include -I/usr/src/lib/libc/../../include -I/usr/ 
src/lib/libc/i386 -D__DBINTERFACE_PRIVATE -I/usr/src/lib/libc/../../ 
contrib/gdtoa -DINET6 -I/usr/obj/usr/src/lib/libc -I/usr/src/lib/ 
libc/resolv -DPOSIX_MISTAKE -I/usr/src/lib/libc/locale -DBROKEN_DES - 
DPORTMAP -DDES_BUILTIN -I/usr/src/lib/libc/rpc -DYP -DNS_CACHING - 
DSYMBOL_VERSIONING -Wsystem-headers -Wall -Wno-format-y2k -Wno- 
uninitialized -Wno-pointer-sign -c /usr/src/lib/libc/sys/fcntl.c

/usr/src/lib/libc/sys/fcntl.c: In function 'fcntl':
/usr/src/lib/libc/sys/fcntl.c:42: error: storage size of 'ofl' isn't  
known
/usr/src/lib/libc/sys/fcntl.c:67: error: 'F_OGETLK' undeclared  
(first use in this function)
/usr/src/lib/libc/sys/fcntl.c:67: error: (Each undeclared identifier  
is reported only once
/usr/src/lib/libc/sys/fcntl.c:67: error: for each function it  
appears in.)
/usr/src/lib/libc/sys/fcntl.c:74: error: 'struct flock' has no  
member named 'l_sysid'
/usr/src/lib/libc/sys/fcntl.c:79: error: 'F_OSETLK' undeclared  
(first use in this function)
/usr/src/lib/libc/sys/fcntl.c:82: error: 'F_OSETLKW' undeclared  
(first use in this function)

/usr/src/lib/libc/sys/fcntl.c:42: warning: unused variable 'ofl'
*** Error code 1

Stop in /usr/src/lib/libc.
*** Error code 1

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED] 
"


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Buildworld Fails RELENG_7

[Doug Rabson]

On 19 May 2008, at 17:38, Dave Uhring wrote:


On Mon, May 19, 2008 at 05:07:08PM +0100, Doug Rabson wrote:
This symbol has been added to fcntl.h recently. It appears as if  
your build
is picking up the installed header rather than the one from the  
source

tree. Are you using 'make buildworld'?


Yes, although at this point is it 'make -DNO_CLEAN buildworld' until  
I get a clean

build.

The header files in /usr/include/sys are those from 7.0 RELEASE,  
however, and I
have had to copy 3 files (so far) from /usr/src/sys/sys to get the  
build to

continue.


You should never have to copy any header files to /usr/include to get  
a buildworld to work. Try without the -DNO_CLEAN and if that still  
fails, clean your /usr/obj (e.g. with rm -rf /usr/obj/*).


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Buildworld Fails RELENG_7

[Doug Rabson]

On 19 May 2008, at 17:58, Dave Uhring wrote:


On Mon, May 19, 2008 at 09:42:21AM -0700, Jeremy Chadwick wrote:


Is there some reason you're using -DNO_CLEAN, and haven't just nuked
/usr/obj/* and done buildworld normally?  I can't reproduce any of  
this

behaviour on any of our RELENG_7 systems.


I have repeately nuked /usr/obj.  That is not going to put updated  
header files

where they need to be.

I'm using -DNO_CLEAN in order to get the system to a point where a  
build just
might succeed without -DNO_CLEAN and I'm not getting there without  
some header

files being in the right place.

Remember I'm starting from a RELEASE userland.  This is just about  
as bad as

jumping from one full release to the next :(


The thing is that a working buildworld doesn't depend on headers from / 
usr/include. One of the first thing it does is install a set of new  
headers in somewhere like /usr/obj/usr/src/tmp. At this point, it  
might be useful to see a log of a failed buildworld attempt to see  
what is going wrong.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Buildworld Fails RELENG_7

[Doug Rabson]

On 20 May 2008, at 01:02, Dave Uhring wrote:


On Mon, May 19, 2008 at 06:46:41PM -0500, Jeffrey Goldberg wrote:

On May 19, 2008, at 1:21 PM, Dave Uhring wrote:

In any case, that problem has been solved by putting the updated  
header

files
in /usr/include/sys and will be properly fixed when I can finally  
make

installworld.


I did not have to manually move or copy any header files.


*default release=cvs tag=RELENG_7


My build on that, csupped just after seeing your first message in  
this

thread, has just completed.  make buildworld worked just fine without
error.  I'm also on athlon64.  All the headers that I needed were  
in the

right places in /usr/src


Did you start from a RELEASE source tree and userland?

So all I can say is that things worked for me.  I really suspect  
that you

got /usr/src and /usr/obj into some sort of inconsistent state.


I completely removed both, cvsupped a new RELENG_7 source tree,  
removed

/etc/make.conf and got this:

/usr/bin/gcc -fpic -DPIC   -DTERMIOS -DANSI_SOURCE -I/usr/src/secure/ 
lib/libcrypto/../../../crypto/openssl -I/usr/src/secure/lib/ 
libcrypto/../../../crypto/openssl/crypto -I/usr/obj/usr/src/secure/ 
lib/libcrypto -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H - 
DOPENSSL_NO_IDEA -DL_ENDIAN -DNO_IDEA -std=gnu89  -c /usr/src/secure/ 
lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_openssl.c -o  
eng_openssl.So
/usr/bin/gcc -fpic -DPIC   -DTERMIOS -DANSI_SOURCE -I/usr/src/secure/ 
lib/libcrypto/../../../crypto/openssl -I/usr/src/secure/lib/ 
libcrypto/../../../crypto/openssl/crypto -I/usr/obj/usr/src/secure/ 
lib/libcrypto -DOPENSSL_THREADS -DDSO_DLFCN -DHAVE_DLFCN_H - 
DOPENSSL_NO_IDEA -DL_ENDIAN -DNO_IDEA -std=gnu89  -c /usr/src/secure/ 
lib/libcrypto/../../../crypto/openssl/crypto/engine/eng_padlock.c -o  
eng_padlock.So
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/ 
eng_padlock.c: In function 'padlock_xcrypt_ecb':
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/ 
eng_padlock.c:445: error: can't find a register in class  
'GENERAL_REGS' while reloading 'asm'
/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/engine/ 
eng_padlock.c:445: error: 'asm' operand has impossible constraints


In this, your build is explicitly using '/usr/bin/gcc' for the build  
which is not the way buildworld normally works. In normal operation,  
buildworld first builds a compiler from source and then uses that  
compiler by adding to $PATH and building with just 'cc'. Are you  
overriding $CC in your environment?


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Buildworld Fails RELENG_7

[Doug Rabson]

On 20 May 2008, at 14:31, Dave Uhring wrote:


On Tue, May 20, 2008 at 12:54:59PM +0100, Doug Rabson wrote:


On 20 May 2008, at 12:25, Dave Uhring wrote:


On Tue, May 20, 2008 at 08:50:14AM +0100, Doug Rabson wrote:


In this, your build is explicitly using '/usr/bin/gcc' for the  
build

which
is not the way buildworld normally works. In normal operation,  
buildworld
first builds a compiler from source and then uses that compiler  
by adding
to $PATH and building with just 'cc'. Are you overriding $CC in  
your

environment?


I did not even have $CC in my environment.  My environment had  
absolutely
nothing involving the compiler and the compiler was the one  
shipped with

FreeBSD-7.0-RELEASE.  It is the *only* compiler on the system.



Odd. Could you please send me the complete log of a failed build  
attempt.


I did not maintain such a log.  On that last build everything  
proceeded

normally until it broke in an inline assembler piece of code.  But I
published not only the error but also the previous 4 or 5 compile  
lines.


I'm building again with a virgin clean cvsupped source tree from
cvsup4.freebsd.org, a clean /usr/obj, and I have reverted to /bin/ 
csh for
my root shell if that can possibly matter.  /etc/make.conf sets the  
build

shell as /bin/sh.

This time I started the build using script.  The entire log will be
available.


Excellent. Thanks for your help tracking this down.

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: nfs buildworld blocked by rpc.lockd ?

[Doug Rabson]

On 28 May 2008, at 20:57, Arno J. Klaassen wrote:



Hello,

my buildworld on a 7-stable-amd64 blocks on the following line :

TERM=dumb TERMCAP=dumb: ex - /files/bsd/src7/share/termcap/ 
termcap.src < /files/bsd/src7/share/termcap/reorder


ex(1) stays in lockd state, and is unkillable, either by Ctl-C or
kill -9

/files/bsd is nfs-mounted as follows :

 push:/raid1/bsd/files/bsd nfs  
rw,bg,soft,nfsv3,intr,noconn,noauto,-r=32768,-w=32768  0   0


I can provide tcpdumps on server and client if helpful.


I would very much like to see tcpdumps (from either client or server).  
This problem is often caused by the fact that unless you use the '-p'  
flag, rpc.lockd isn't wired down to any particular port number. Since  
it is started at boot time, it will usually end up with the same one  
each time but the new kernel implementation in 7-stable typically ends  
up with a different port number to the old userland implementation.  
Quirks of the locking protocol make it difficult for the server to  
notice this without a lengthy timeout.


Workarounds include using '-p' to wire it down to a consistent port  
(port 4045 is reserved for this) or restarting rpc.lockd on the server.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: default dns config change causing major poolpah

[Doug Rabson]

On Wed, 2007-08-01 at 18:04 -1000, Randy Bush wrote:
> > in addition nowhere does it state in RFC2870 that the root-servers have to
> > accept AXFR's as part of their service.
> 
> in fact, the opposite
> 
>2.7 Root servers SHOULD NOT answer AXFR, or other zone transfer,
>queries from clients other than other root servers.  This
>restriction is intended to, among other things, prevent
>unnecessary load on the root servers as advice has been heard
>such as "To avoid having a corruptible cache, make your server a
>stealth secondary for the root zone."  The root servers MAY put
>the root zone up for ftp or other access on one or more less
>critical servers.

I think this makes it completely clear that we should not be trying to
use the AXFR service from any of the root servers. Expert users can do
what they like but making our default configuration use a service which
is documented in the current best practices document as being
unsupported seems foolish.



___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: ZFS boot on zfs mirror

[Doug Rabson]

On Tue, 26 May 2009 19:57:03 +0300, Andriy Gapon  wrote:
> on 26/05/2009 19:42 George Hartzell said the following:
>> I'm still confused about the two parts of zfsboot and what's magical
>> about seeking to 1024.
> 
> Can't help with answer to this, but cc-ing the one who can (I think).
> I am interested too :-)

This is due to the primitive DOS boot sequence. Basically the BIOS loads
the first sector of the partition and executes it. For zfsboot, that is the
first 512 bytes of /boot/zfsboot. The next stage of the bootstrap is tucked
away in a convenient hole in the ZFS on-disk formwat which is located just
after the ZFS metadata - this is the seek=1024 part. The first 512 byte
part is a tiny assembler program that loads the rest into memory and
executes it. The second part is large enough and smart enough to understand
the ZFS filesystem format directly and it loads /boot/loader directly from
the filesystem and transfers control to that. The third stage
(/boot/loader) is what puts up the boot menu and loads the kernel etc.

___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: /boot/loader can't load kernel if too many pool/devices

[Doug Rabson]

On 1 Jun 2009, at 11:22, Henri Hennebert wrote:


Hello,

During my tests (succesful) to directly boot from ZFS (with zfsboot  
and gptzfsboot) I encounter the error "can't boot 'kernel'" if too  
many devices/pools are connected to the machine. In my case:


2 SAS disks with 2 pools
2 SATA disks with 2 pools
1 USB key with one pool

`heap` command:

Active Allocations: 171/173
536576 bytes reserved 527800 bytes allocated

`ls` command:

open '/' failed: too many open files

If I reboot without the USB key all is OK.

If I reboot from the USB key after disconnecting 2 disks all is OK.

By the way, the /boot/loader in 7.2-STABLE don't work, complains  
about forth not found.


The previous tests were made with 7.2-STABLE (May 31) with /boot/ 
loader from 8.0-CURRENT.


I recently increased the number of file descriptors available for / 
boot/loader. Could you rebuild and try again please. Make sure you  
rebuild libstand.a as well as /boot/loader.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: AMD64 + Nvidia Display Card

[Doug Rabson]

On Wednesday 13 July 2005 22:43, Brett Wildermoth wrote:
> On Thu, 14 Jul 2005 04:18 am, [EMAIL PROTECTED] wrote:
> > On Wednesday 13 July 2005 10:26 am, Kenneth Culver wrote:
> > > Quoting Brett Wildermoth <[EMAIL PROTECTED]>:
> > > > To all my fellow FreeBSD users,
> > > >
> > > > I assume I am not the only one who is in this predicament. I
> > > > have just bought seven AMD 64s with NVIDIA PCI-X graphics. With
> > > > 5.4 I can get everything bar the network and X to work, with
> > > > 6.0 I can get the network to work also. However no matter what
> > > > I do I can't get X to work.
> > > >
> > > > Why doesn't NVIDIA make a graphics driver for FreeBSD AMD64.
> > > > They make one for
> > > > Linux x86-64 and one for FreeBSD-x86.
> > > >
> > > > Perhaps would could all post a message on nvforum. I see some
> > > > people already have.
> > > >
> > > > Perhaps NVIDIA think FreeBSD is just a hobby OS..
> > >
> > > Last I heard, nvidia had no plans to make a FreeBSD amd64 driver.
> > > Just post that
> > > you're pissed about it like the rest of us are... maybe they'll
> > > reconsider.
> >
> > Not true.  FreeBSD's kernel doesn't provide some things needed for
> > an amd64 driver to be feasible.
>
> Like what what are these features? and if they are really
> important why aren't they on the cards to be included into
> FreeBSD..

There are a few missing VM features that any high-performance graphics 
card driver would require for decent performance with PCI Express. John 
is working on adding those features - have patience.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: AMD64 + Nvidia Display Card

[Doug Rabson]

On 14 Jul 2005, at 11:06, Brett Wildermoth wrote:


On Thu, 14 Jul 2005 07:07 pm, [EMAIL PROTECTED] wrote:


On Wednesday 13 July 2005 22:43, Brett Wildermoth wrote:

On Thu, 14 Jul 2005 04:18 am, [EMAIL PROTECTED]  
wrote:



On Wednesday 13 July 2005 10:26 am, Kenneth Culver wrote:


Quoting Brett Wildermoth <[EMAIL PROTECTED]>:


To all my fellow FreeBSD users,

I assume I am not the only one who is in this predicament. I
have just bought seven AMD 64s with NVIDIA PCI-X graphics. With
5.4 I can get everything bar the network and X to work, with
6.0 I can get the network to work also. However no matter what
I do I can't get X to work.

Why doesn't NVIDIA make a graphics driver for FreeBSD AMD64.
They make one for
Linux x86-64 and one for FreeBSD-x86.

Perhaps would could all post a message on nvforum. I see some
people already have.

Perhaps NVIDIA think FreeBSD is just a hobby OS..



Last I heard, nvidia had no plans to make a FreeBSD amd64 driver.
Just post that
you're pissed about it like the rest of us are... maybe they'll
reconsider.



Not true.  FreeBSD's kernel doesn't provide some things needed for
an amd64 driver to be feasible.



Like what what are these features? and if they are really
important why aren't they on the cards to be included into
FreeBSD..



There are a few missing VM features that any high-performance  
graphics
card driver would require for decent performance with PCI Express.  
John

is working on adding those features - have patience.
___
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current- 
[EMAIL PROTECTED]"




I guess these feature are provided in FreeBSD x86, as a NVIDIA  
graphics driver
is available for FreeBSD x86. Is FreeBSD x86-64 VM subsystem  
different to

FreeBSD x86. Is the VM subsystem that low-level?

(Pardon my ignorance, have quite got around to reading the FreeBSD  
kernel book

the publisher comped me yet)


Actually I think that the feature we are talking about (PAT) is  
relevant to both amd64 and i386. Proper support for PAT is required  
for decent PCI Express performance, as I understand it.


___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Valgrind for FreeBSD

[Doug Rabson]

On Fri, 2004-04-23 at 16:13, David O'Brien wrote:
> On Fri, Apr 23, 2004 at 05:00:30PM +0200, Simon Barner wrote:
> > After consultation with Doug Rabson, I have created ports for valgrind
> > (stable version and a more ``bleeding edge'' development version).
> > 
> > Until they hit the tree (probably after the ports freeze), you can get them
> > at:
> > 
> > http://home.leo.org/~barner/freebsd/valgrind/
> 
> Please rename "valgrind-devel-port" to "valgrind-snapshot-port".

I think I suggested the name valgrind-devel but I have no idea what the
latest port naming conventions are. If valgrind-snapshot is more
consistent, then thats the name it should have.


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: pnpparse.c

[Doug Rabson]

On Sat, 1 Apr 2000, kibbet wrote:

> Hi Doug,
> 
> On 31-Mar-00 Doug Rabson wrote:
> > On Sat, 1 Apr 2000, kibbet wrote:
> > 
> >> Hi all,
> >> 
> >> The sys/isa/pnpparse.c MFC today seems to have broken things
> >> here with my AWE64, things were happy before the MFC, apart
> >> from an odd message during boot
> > 
> > Sorry about that. Can you try with the latest pnpparse.c.
> > 
> 
> hehe, no probs, its all in the name of advancement :)
> 
> So now I get;
> 
> isa0: too many dependant configs (8)
> isa0: unexpected small tag 14
> 
> 
> Which dosen't bother me - it dosen't panic and I get sound, yay
> 

Ok, I have another report of this and I think I know the right fix.

> 
> Now I just gotta fix XFree 4 and shmat()... what fun :)

:-)

--
Doug Rabson Mail:  [EMAIL PROTECTED]
Nonlinear Systems Ltd.  Phone: +44 181 442 9037




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

Re: agp and 3dfx

[Doug Rabson]

On Wed, 26 Jul 2000, Mike Muir wrote:

> [EMAIL PROTECTED] wrote:
> > 
> > Hello,
> > 
> > We will need more than the basic X-server to use any new graphics board, as
> > their main selling point is 3D, and the basic drivers of X are way behind.
> > 
> > The main issue is in establishing FreeBSD as a "credible" platform
> > (how many users of FreeBSD want to pay for a 3D-optimized A|W application ?)
> 
> Quite the opposite -- it won't be users of FreeBSD who will be buying a
> $50,000+ software package -- It is those Animators whom should choose to
> use FreeBSD!

I'm planning to run the Linux version of Maya on FreeBSD as soon as I can
get a copy. It isn't that expensive any more - the PC version is about
$10,000-$12,000 per seat but its probably the best modelling package for
soft skinned characters around.

-- 
Doug Rabson Mail:  [EMAIL PROTECTED]
Nonlinear Systems Ltd.  Phone: +44 20 8348 3944




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message