#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
232728 |
|
09-Mar-2012 |
mm |
Jail-mount MFC: r231265,r231267,r231269,r232059,r232186,r232247, r232278,r232307,r232342
MFC r231265: Introduce the "ruleset=number" option for devfs(5) mounts. Add support for updating the devfs mount (currently only changing the ruleset number is supported). Check mnt_optnew with vfs_filteropt(9).
This new option sets the specified ruleset number as the active ruleset of the new devfs mount and applies all its rules at mount time. If the specified ruleset doesn't exist, a new empty ruleset is created.
MFC r231267 [1]: Add support for mounting devfs inside jails.
A new jail(8) option "devfs_ruleset" defines the ruleset enforcement for mounting devfs inside jails. A value of -1 disables mounting devfs in jails, a value of zero means no restrictions. Nested jails can only have mounting devfs disabled or inherit parent's enforcement as jails are not allowed to view or manipulate devfs(8) rules.
Utilizes new functions introduced in r231265.
MFC r231269: Allow mounting nullfs(5) inside jails.
This is now possible thanks to r230129.
MFC r232059 [1]: To improve control over the use of mount(8) inside a jail(8), introduce a new jail parameter node with the following parameters:
allow.mount.devfs: allow mounting the devfs filesystem inside a jail
allow.mount.nullfs: allow mounting the nullfs filesystem inside a jail
Both parameters are disabled by default (equals the behavior before devfs and nullfs in jails). Administrators have to explicitly allow mounting devfs and nullfs for each jail. The value "-1" of the devfs_ruleset parameter is removed in favor of the new allow setting.
MFC r232186: Analogous to r232059, add a parameter for the ZFS file system:
allow.mount.zfs: allow mounting the zfs filesystem inside a jail
This way the permssions for mounting all current VFCF_JAIL filesystems inside a jail are controlled wia allow.mount.* jail parameters.
Update sysctl descriptions. Update jail(8) and zfs(8) manpages.
MFC r232247: mdoc(7) stype - start new sentences on new line
MFC r232278 [1]: Add procfs to jail-mountable filesystems.
MFC r232291: Bump .Dd to reflect latest update
MFC r232307: Add "export" to devfs_opts[] and return EOPNOTSUPP if called with it. Fixes mountd warnings.
MFC r232342 (jamie) [2]: Handle the case where a boolean parameter is also a node.
PR: bin/165515 [2] Reviewed by: jamie [1]
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
213725 |
|
12-Oct-2010 |
jh |
Format prototypes to follow style(9) more closely.
Discussed with: kib, phk
|
#
213215 |
|
27-Sep-2010 |
jh |
Add reference counting for devfs paths containing user created symbolic links. The reference counting is needed to be able to determine if a specific devfs path exists. For true device file paths we can traverse the cdevp_list but a separate directory list is needed for user created symbolic links.
Add a new directory entry flag DE_USER to mark entries which should unreference their parent directory on deletion.
A new function to traverse cdevp_list and the directory list will be introduced in a separate commit.
Idea from: kib Reviewed by: kib
|
#
212966 |
|
21-Sep-2010 |
jh |
Modify devfs_fqpn() for future use in devfs path reference counting code:
- Accept devfs_mount and devfs_dirent as the arguments instead of a vnode. This generalizes the function so that it can be used from contexts where vnode references are not available. - Accept NULL cnp argument. No '/' will be appended, if a NULL cnp is provided. - Make the function global and add its prototype to devfs.h.
Reviewed by: kib
|
#
212660 |
|
15-Sep-2010 |
jh |
Remove empty devfs directories automatically.
devfs_delete() now recursively removes empty parent directories unless the DEVFS_DEL_NORECURSE flag is specified. devfs_delete() can't be called anymore with a parent directory vnode lock held because the possible parent directory deletion needs to lock the vnode. Thus we unlock the parent directory vnode in devfs_remove() before calling devfs_delete().
Call devfs_populate_vp() from devfs_symlink() and devfs_vptocnp() as now directories can get removed.
Add a check for DE_DOOMED flag to devfs_populate_vp() because devfs_delete() drops dm_lock before the VI_DOOMED vnode flag gets set. This ensures that devfs_populate_vp() returns an error for directories which are in progress of deletion.
Reviewed by: kib Discussed on: freebsd-current (mostly silence)
|
#
211226 |
|
12-Aug-2010 |
jh |
Allow user created symbolic links to cover device files and directories if the device file appears during or after the link creation.
User created symbolic links are now inserted at the head of the directory entry list after the "." and ".." entries. A new directory entry flag DE_COVERED indicates that an entry is covered by a symbolic link.
PR: kern/114057 Reviewed by: kib Idea from: kib Discussed on: freebsd-current (mostly silence)
|
#
210921 |
|
06-Aug-2010 |
kib |
Enable shared locks for the devfs vnodes. Honor the locking mode requested by lookup(). This should be a nop at the moment.
In collaboration with: pho MFC after: 1 month
|
#
208951 |
|
09-Jun-2010 |
jh |
Add a new function devfs_parent_dirent() for resolving devfs parent directory entry. Use the new function in devfs_fqpn(), devfs_lookupx() and devfs_vptocnp() instead of manually resolving the parent entry.
Reviewed by: kib
|
#
191990 |
|
11-May-2009 |
attilio |
Remove the thread argument from the FSD (File-System Dependent) parts of the VFS. Now all the VFS_* functions and relating parts don't want the context as long as it always refers to curthread.
In some points, in particular when dealing with VOPs and functions living in the same namespace (eg. vflush) which still need to be converted, pass curthread explicitly in order to retain the old behaviour. Such loose ends will be fixed ASAP.
While here fix a bug: now, UFS_EXTATTR can be compiled alone without the UFS_EXTATTR_AUTOSTART option.
VFS KPI is heavilly changed by this commit so thirdy parts modules needs to be recompiled. Bump __FreeBSD_version in order to signal such situation.
|
#
163481 |
|
18-Oct-2006 |
kib |
Properly lock the vnode around vgone() calls.
Unlock the vnode in devfs_close() while calling into the driver d_close() routine.
devfs_revoke() changes by: ups Reviewed and bugfixes by: tegge Tested by: mbr, Peter Holm Approved by: pjd (mentor) MFC after: 1 week
|
#
162398 |
|
18-Sep-2006 |
kib |
Resolve the devfs deadlock caused by LOR between devfs_mount->dm_lock and vnode lock in devfs_allocv. Do this by temporary dropping dm_lock around vnode locking.
For safe operation, add hold counters for both devfs_mount and devfs_dirent, and DE_DOOMED flag for devfs_dirent. The facilities allow to continue after dropping of the dm_lock, by making sure that referenced memory does not disappear.
Reviewed by: tegge Tested by: kris Approved by: kan (mentor) PR: kern/102335
|
#
157685 |
|
12-Apr-2006 |
pjd |
Remove unused prototypes.
|
#
150501 |
|
24-Sep-2005 |
phk |
Make rule zero really magical, that way we don't have to do anything when we mount and get zero cost if no rules are used in a mountpoint.
Add code to deref rules on unmount.
Switch from SLIST to TAILQ.
Drop SYSINIT, use SX_SYSINIT and static initializer of TAILQ instead.
Drop goto, a break will do.
Reduce double pointers to single pointers.
Combine reaping and destroying rulesets.
Avoid memory leaks in a some error cases.
|
#
150342 |
|
19-Sep-2005 |
phk |
Rewamp DEVFS internals pretty severely [1].
Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex.
Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount.
Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in.
This makes RAM the only limit on how many devices we can have.
The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c.
The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h.
Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps.
Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well.
Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint.
Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree.
Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study.
Lots of shuffling of stuff and churn of bits for no good reason[2].
XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here.
XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime.
XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues.
Much testing provided by: Kris Much confusion caused by (races in): md(4)
[1] You are not supposed to understand anything past this point.
[2] This line should simplify life for the peanut gallery.
|
#
150151 |
|
15-Sep-2005 |
phk |
Various minor polishing.
|
#
150149 |
|
15-Sep-2005 |
phk |
Absolve devfs_rule.c from locking responsibility and call it with all necessary locking held.
|
#
150147 |
|
15-Sep-2005 |
phk |
Close a race which could result in unwarranted "ruleset %d already running" panics.
Previously, recursion through the "include" feature was prevented by marking each ruleset as "running" when applied. This doesn't work for the case where two DEVFS instances try to apply the same ruleset at the same time.
Instead introduce the sysctl vfs.devfs.rule_depth (default == 1) which limits how many levels of "include" we will traverse.
Be aware that traversal of "include" is recursive and kernel stack size is limited.
MFC: after 3 days
|
#
149107 |
|
15-Aug-2005 |
phk |
Eliminate effectively unused dm_basedir field from devfs_mount.
|
#
143303 |
|
08-Mar-2005 |
phk |
Remove kernelside support for devfs rules filtering on major numbers.
|
#
142242 |
|
22-Feb-2005 |
phk |
Reap more benefits from DEVFS:
List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev".
Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim().
rename idestroy_dev() to destroy_devl() for consistency.
Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim().
Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone();
Let devfs_reclaim() call dev_rel() instead of vgonel().
Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode.
Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
|
#
130585 |
|
16-Jun-2004 |
phk |
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
|
#
125855 |
|
15-Feb-2004 |
phk |
White-space align a struct definition. Move a SYSINIT to the file where it belongs.
|
#
122524 |
|
12-Nov-2003 |
rwatson |
Modify the MAC Framework so that instead of embedding a (struct label) in various kernel objects to represent security data, we embed a (struct label *) pointer, which now references labels allocated using a UMA zone (mac_label.c). This allows the size and shape of struct label to be varied without changing the size and shape of these kernel objects, which become part of the frozen ABI with 5-STABLE. This opens the door for boot-time selection of the number of label slots, and hence changes to the bound on the number of simultaneous labeled policies at boot-time instead of compile-time. This also makes it easier to embed label references in new objects as required for locking/caching with fine-grained network stack locking, such as inpcb structures.
This change also moves us further in the direction of hiding the structure of kernel objects from MAC policy modules, not to mention dramatically reducing the number of '&' symbols appearing in both the MAC Framework and MAC policy modules, and improving readability.
While this results in minimal performance change with MAC enabled, it will observably shrink the size of a number of critical kernel data structures for the !MAC case, and should have a small (but measurable) performance benefit (i.e., struct vnode, struct socket) do to memory conservation and reduced cost of zeroing memory.
NOTE: Users of MAC must recompile their kernel and all MAC modules as a result of this change. Because this is an API change, third party MAC modules will also need to be updated to make less use of the '&' symbol.
Suggestions from: bmilekic Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
107698 |
|
09-Dec-2002 |
rwatson |
Remove dm_root entry from struct devfs_mount. It's never set, and is unused. Replace it with a dm_mount back-pointer to the struct mount that the devfs_mount is associated with. Export that pointer to MAC Framework entry points, where all current policies don't use the pointer. This permits the SEBSD port of SELinux's FLASK/TE to compile out-of-the-box on 5.0-CURRENT with full file system labeling support.
Approved by: re (murray) Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
105212 |
|
16-Oct-2002 |
phk |
Fix comments and one resulting code confusion about the type of the "command" argument to VOP_IOCTL.
Spotted by: FlexeLint.
|
#
105210 |
|
16-Oct-2002 |
phk |
A better solution to avoiding variable sized structs in DEVFS.
|
#
105209 |
|
16-Oct-2002 |
phk |
#include "opt_devfs.h" to protect against variable sized structures.
Spotted by: FlexeLint
|
#
104278 |
|
01-Oct-2002 |
phk |
Move the vop-vector declaration into devfs_vnops.c where it belongs.
|
#
100994 |
|
30-Jul-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Label devfs directory entries, permitting labels to be maintained on device nodes in devfs instances persistently despite vnode recycling.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
100804 |
|
28-Jul-2002 |
dd |
Correct misindentation of DRA_UID.
|
#
100206 |
|
16-Jul-2002 |
dd |
Introduce the DEVFS "rule" subsystem. DEVFS rules permit the administrator to define certain properties of new devfs nodes before they become visible to the userland. Both static (e.g., /dev/speaker) and dynamic (e.g., /dev/bpf*, some removable devices) nodes are supported. Each DEVFS mount may have a different ruleset assigned to it, permitting different policies to be implemented for things like jails.
Approved by: phk
|
#
95212 |
|
21-Apr-2002 |
bde |
Don't attempt to decvlare M_DEVFS whern MALLOC_DECLARE is not defined. This fixes warnings that should be errors in fstat.
Reminded by: alpha tinderbox
Fixed some style bugs (ones near BOF and EOF; there are many more).
|
#
83366 |
|
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
#
77050 |
|
23-May-2001 |
phk |
Change the way deletes are managed in DEVFS.
This fixes a number of warnings relating to removed cloned devices.
It also makes it possible to recreate deleted devices with mknod(2). The major/minor arguments are ignored.
|
#
69767 |
|
08-Dec-2000 |
phk |
staticize.
|
#
65515 |
|
06-Sep-2000 |
phk |
Add refcounts to the "global" DEVFS inode slots, this allows us to recycle inodes after a destroy_dev() but not until all mounts have picked up the change.
Add support for an overflow table for DEVFS inodes. The static table defaults to 1024 inodes, if that fills, an overflow table of 32k inodes is allocated. Both numbers can be changed at compile time, the size of the overflow table also with the sysctl vfs.devfs.noverflow.
Use atomic instructions to barrier between make_dev()/destroy_dev() and the mounts.
Add lockmgr() locking of directories for operations accessing or modifying the directory TAILQs.
Various nitpicking here and there.
|
#
65374 |
|
02-Sep-2000 |
phk |
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support.
If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present".
This happily removes an ugly hack from kern/vfs_conf.c.
This forces a rename of the eventhandler and the standard clone helper function.
Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h>
Remove all #includes of opt_devfs.h they no longer matter.
|
#
65132 |
|
27-Aug-2000 |
phk |
Reorder vop's alphabetically. Smarter use of devfs_allocv() (from bp@) Introduce devfs_find() ".." fixes to devfs_lookup (from bp@)
|
#
65051 |
|
24-Aug-2000 |
phk |
Fix panic when removing open device (found by bp@) Implement subdirs. Build the full "devicename" for cloning functions. Fix panic when deleted device goes away. Collaps devfs_dir and devfs_dirent structures. Add proper cloning to the /dev/fd* "device-"driver. Fix a bug in make_dev_alias() handling which made aliases appear multiple times. Use devfs_clone to implement getdiskbyname() Make specfs maintain the stat(2) timestamps per dev_t
|
#
64880 |
|
20-Aug-2000 |
phk |
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c)
Remove old DEVFS support fields from dev_t.
Make uid, gid & mode members of dev_t and set them in make_dev().
Use correct uid, gid & mode in make_dev in disk minilayer.
Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS.
Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse.
Add a field for DEVFS inode number in dev_t.
Add new DEVFS in fs/devfs.
Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4)
If DEVFS add -d flag to /sbin/inits args to make it mount devfs.
Add commented out DEVFS to GENERIC
|