#
267654 |
|
19-Jun-2014 |
gjb |
Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
250248 |
|
04-May-2013 |
mdf |
MFC r248933:
Use a shared lock for VOP_GETEXTATTR, as it is a read-like operation.
|
#
233353 |
|
23-Mar-2012 |
kib |
MFC r231949: Fix found places where uio_resid is truncated to int.
Add the sysctl debug.iosize_max_clamp, enabled by default. Setting the sysctl to zero allows to perform the SSIZE_MAX-sized i/o requests from the usermode.
MFC r232493: Remove unneeded cast to u_int. The values as small enough to fit into int, beside the use of MIN macro which performs type promotions.
MFC r232494: Instead of incomplete handling of read(2)/write(2) return values that does not fit into registers, declare that we do not support this case using CTASSERT(), and remove endianess-unsafe code to split return value into td_retval.
While there, change the style of the sysctl debug.iosize_max_clamp definition.
MFC r232495: pipe_read(): change the type of size to int, and remove signed clamp. pipe_write(): change the type of desiredsize back to int, its value fits.
|
#
225736 |
|
22-Sep-2011 |
kensmith |
Copy head to stable/9 as part of 9.0-RELEASE release cycle.
Approved by: re (implicit)
|
#
225617 |
|
16-Sep-2011 |
kmacy |
In order to maximize the re-usability of kernel code in user space this patch modifies makesyscalls.sh to prefix all of the non-compatibility calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel entry points and all places in the code that use them. It also fixes an additional name space collision between the kernel function psignal and the libc function of the same name by renaming the kernel psignal kern_psignal(). By introducing this change now we will ease future MFCs that change syscalls.
Reviewed by: rwatson Approved by: re (bz)
|
#
224778 |
|
11-Aug-2011 |
rwatson |
Second-to-last commit implementing Capsicum capabilities in the FreeBSD kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system call code to declare what capabilities are required when an integer file descriptor is converted into an in-kernel struct file *. With options CAPABILITIES compiled into the kernel, this enforces capability protection; without, this change is effectively a no-op.
Some cases require special handling, such as mmap(2), which must preserve information about the maximum rights at the time of mapping in the memory map so that they can later be enforced in mprotect(2) -- this is done by narrowing the rights in the existing max_protection field used for similar purposes with file permissions.
In namei(9), we assert that the code is not reached from within capability mode, as we're not yet ready to enforce namespace capabilities there. This will follow in a later commit.
Update two capability names: CAP_EVENT and CAP_KEVENT become CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they represent.
Approved by: re (bz) Submitted by: jonathan Sponsored by: Google Inc
|
#
210226 |
|
18-Jul-2010 |
trasz |
Revert r210225 - turns out I was wrong; the "/*-" is not license-only thing; it's also used to indicate that the comment should not be automatically rewrapped.
Explained by: cperciva@
|
#
210225 |
|
18-Jul-2010 |
trasz |
The "/*-" comment marker is supposed to denote copyrights. Remove non-copyright occurences from sys/sys/ and sys/kern/.
|
#
195104 |
|
27-Jun-2009 |
rwatson |
Replace AUDIT_ARG() with variable argument macros with a set more more specific macros for each audit argument type. This makes it easier to follow call-graphs, especially for automated analysis tools (such as fxr).
In MFC, we should leave the existing AUDIT_ARG() macros as they may be used by third-party kernel modules.
Suggested by: brooks Approved by: re (kib) Obtained from: TrustedBSD Project MFC after: 1 week
|
#
193511 |
|
05-Jun-2009 |
rwatson |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
|
#
191990 |
|
11-May-2009 |
attilio |
Remove the thread argument from the FSD (File-System Dependent) parts of the VFS. Now all the VFS_* functions and relating parts don't want the context as long as it always refers to curthread.
In some points, in particular when dealing with VOPs and functions living in the same namespace (eg. vflush) which still need to be converted, pass curthread explicitly in order to retain the old behaviour. Such loose ends will be fixed ASAP.
While here fix a bug: now, UFS_EXTATTR can be compiled alone without the UFS_EXTATTR_AUTOSTART option.
VFS KPI is heavilly changed by this commit so thirdy parts modules needs to be recompiled. Bump __FreeBSD_version in order to signal such situation.
|
#
190888 |
|
10-Apr-2009 |
rwatson |
Remove VOP_LEASE and supporting functions. This hasn't been used since the removal of NQNFS, but was left in in case it was required for NFSv4. Since our new NFSv4 client and server can't use it for their requirements, GC the old mechanism, as well as other unused lease- related code and interfaces.
Due to its impact on kernel programming and binary interfaces, this change should not be MFC'd.
Proposed by: jeff Reviewed by: jeff Discussed with: rmacklem, zach loafman @ isilon
|
#
189533 |
|
08-Mar-2009 |
rwatson |
Remove 'uio' argument from MAC Framework and MAC policy entry points for extended attribute get/set; in the case of get an uninitialized user buffer was passed before the EA was retrieved, making it of relatively little use; the latter was simply unused by any policies.
Obtained from: TrustedBSD Project Sponsored by: Google, Inc.
|
#
186896 |
|
08-Jan-2009 |
kib |
Do not call namei() while having another user-controlled vnode locked. Lookup could attempt to recursively lock that vnode.
Do not call vn_start_write(V_WAIT) while vnode is locked, this may result in a deadlock with suspension.
vfs_busy() the mountpoint before dropping vnode lock for vnode that was used to look up the mountpoint, to prevent unmount in between.
Reported and tested by: pho Reviewed by: rwatson MFC after: 3 weeks
|
#
177785 |
|
31-Mar-2008 |
kib |
Add the support for the AT_FDCWD and fd-relative name lookups to the namei(9).
Based on the submission by rdivacky, sponsored by Google Summer of Code 2007 Reviewed by: rwatson, rdivacky Tested by: pho
|
#
175294 |
|
13-Jan-2008 |
attilio |
VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in conjuction with 'thread' argument passing which is always curthread. Remove the unuseful extra-argument and pass explicitly curthread to lower layer functions, when necessary.
KPI results broken by this change, which should affect several ports, so version bumping and manpage update will be further committed.
Tested by: kris, pho, Diego Sardina <siarodx at gmail dot com>
|
#
175202 |
|
09-Jan-2008 |
attilio |
vn_lock() is currently only used with the 'curthread' passed as argument. Remove this argument and pass curthread directly to underlying VOP_LOCK1() VFS method. This modify makes the code cleaner and in particular remove an annoying dependence helping next lockmgr() cleanup. KPI results, obviously, changed.
Manpage and FreeBSD_version will be updated through further commits.
As a side note, would be valuable to say that next commits will address a similar cleanup about VFS methods, in particular vop_lock1 and vop_unlock.
Tested by: Diego Sardina <siarodx at gmail dot com>, Andrea Di Pasquale <whyx dot it at gmail dot com>
|
#
172930 |
|
24-Oct-2007 |
rwatson |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
|
#
165474 |
|
22-Dec-2006 |
rwatson |
Update comments to reflect changes in the extattrctl() code.
Clean up comment formatting.
Obtained from: TrustedBSD Project
|
#
165471 |
|
22-Dec-2006 |
rwatson |
Following a repo-copy of vfs_syscalls.c to vfs_extattr.c, remove non-extattr functions from vfs_extattr.c, and extattr functions from vfs_syscalls.c.
Change copyright/license on vfs_extattr.c to my copyright/license on the extended attribute implementation (from extattr.h).
Clean up includes a bit.
Obtained from: TrustedBSD Project
|
#
165470 |
|
22-Dec-2006 |
rwatson |
Forced commit to recognize the repo-copy of vfs_syscalls.c to vfs_extattr.c. This follows a naming convention similar to the break-out of the extended attribute system calls (etc) in NetBSD.
Thanks to: simon
|
#
164033 |
|
06-Nov-2006 |
rwatson |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
#
163703 |
|
26-Oct-2006 |
kib |
The attempt to rename "." with MAC framework compiled in would cause attempt to twice unlock the vnode. Check that ni_vp and ni_dvp are different before doing second unlock.
Reviewed by: rwatson Approved by: pjd (mentor) MFC after: 1 week
|
#
163606 |
|
22-Oct-2006 |
rwatson |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
#
162649 |
|
26-Sep-2006 |
tegge |
Add mnt_noasync counter to better handle interleaved calls to nmount(), sync() and sync_fsync() without losing MNT_ASYNC. Add MNTK_ASYNC flag which is set only when MNT_ASYNC is set and mnt_noasync is zero, and check that flag instead of MNT_ASYNC before initiating async io.
|
#
162647 |
|
26-Sep-2006 |
tegge |
Use mount interlock to protect all changes to mnt_flag and mnt_kern_flag. This eliminates a race where MNT_UPDATE flag could be lost when nmount() raced against sync(), sync_fsync() or quotactl().
|
#
162459 |
|
20-Sep-2006 |
pjd |
There is no need to set 'sp' to NULL anymore.
|
#
162456 |
|
19-Sep-2006 |
tegge |
Copy stat information from mount structure before it can change identity.
|
#
162383 |
|
17-Sep-2006 |
rwatson |
Declare security and security.bsd sysctl hierarchies in sysctl.h along with other commonly used sysctl name spaces, rather than declaring them all over the place.
MFC after: 1 month Sponsored by: nCircle Network Security, Inc.
|
#
160924 |
|
02-Aug-2006 |
jhb |
Fix some bugs in the previous revision (1.419). Don't perform extra vfs_rel() on the mountpoint if the MAC checks fail in kern_statfs() and kern_fstatfs(). Similarly, don't perform an extra vfs_rel() if we get a doomed vnode in kern_fstatfs(), and handle the case of mp being NULL (for some doomed vnodes) by conditionalizing the vfs_rel() in kern_fstatfs() on mp != NULL.
CID: 1517 Found by: Coverity Prevent (tm) (kern_fstatfs()) Pointy hat to: jhb
|
#
160767 |
|
27-Jul-2006 |
jhb |
Hold the reference on the mountpoint slightly longer in kern_statfs() and kern_fstatfs() so that it is still held when prison_enforce_statfs() is called (since that function likes to poke and prod at the mountpoint structure).
MFC after: 3 days
|
#
160507 |
|
19-Jul-2006 |
jhb |
Call change_dir() instead of duplicating the code in fchdir().
|
#
160276 |
|
11-Jul-2006 |
jhb |
- Add conditional VFS Giant locking to getdents_common() (linux ABIs), ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(), and svr4_sys_getdents64() similar to that in getdirentries(). - Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(), linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and svr4_sys_getdents64() MPSAFE.
|
#
160136 |
|
06-Jul-2006 |
wsalamon |
Audit the remaining parameters to the extattr system calls. Generate the audit records for those calls.
Obtained from: TrustedBSD Project Approved by: rwatson (mentor)
|
#
159260 |
|
05-Jun-2006 |
rwatson |
Audit command, uid arguments for quotactl(). Audit the mode argument to mkfifo(). Audit the target path passed to symlink().
Submitted by: wsalamon Obtained from: TrustedBSD Project
|
#
157325 |
|
31-Mar-2006 |
jeff |
- Release the references acquired by VOP_GETWRITEMOUNT and vfs_getvfs().
Discussed with: tegge Tested by: kris Sponsored by: Isilon Systems, Inc.
|
#
157230 |
|
28-Mar-2006 |
jhb |
Change vn_open() to honor the MPSAFE flag in the passed in nameidata object and use that instead of testing fdidx against -1 to determine if it should release Giant if Giant was locked due to the requested file residing on a non-MPSAFE VFS.
Discussed with: jeff
|
#
156977 |
|
21-Mar-2006 |
jeff |
- Remove explicit calls to lock and unlock Giant and replace them with VFS_LOCK_GIANT/VFS_UNLOCK_GIANT calls. This completely removes Giant acquisition in the syscall path for ffs.
Bug fix to kern_fhstatfs from: Todd Miller <Todd.Miller@sparta.com> Sponsored by: Isilon Systems, Inc.
|
#
156266 |
|
03-Mar-2006 |
ps |
use strlcpy in cvtstatfs and copy_statfs instead of bcopy to ensure the copied strings are properly terminated.
bzero the statfs32 struct in copy_statfs.
|
#
156237 |
|
03-Mar-2006 |
ps |
Don't truncate f_mntfromname & f_mntonname to 16 characters when translating statfs into ostatfs. This allows 4.x binaries making statfs calls to work on 6.x.
|
#
155939 |
|
23-Feb-2006 |
jeff |
- Use vfs_ref/rel to protect a mountpoint from going away while VFS_STATFS is being called. Be sure to grab the ref before we unlock the vnode to prevent the mount from disappearing.
Tested by: kris
|
#
155914 |
|
22-Feb-2006 |
wsalamon |
Add pathname and/or vnode argument auditing for the following system calls: quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo, link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf, readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown, lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync, rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl, extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link, extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
In many cases the pathname and vnode auditing is done within namei lookup instead of directly in the system call.
Audit the remaining arguments to these system calls: fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir, getdirentries.
|
#
155905 |
|
22-Feb-2006 |
jeff |
- Revert r1.406 until a solution can be found that doesn't break nfs. The statfs handler in nfs will lock vnodes which may lead to deadlock or recursion.
Found by: kris Pointy hat to: me
|
#
155900 |
|
22-Feb-2006 |
jeff |
- Hold the vnode used in the statfs related functions until we're done with the VFS_STATFS call to prevent the mount from disappearing while we're stating. - Convert these routines to use MPSAFE namei semantics.
MFC After: 1 week
|
#
155401 |
|
06-Feb-2006 |
jhb |
Add a kern_eaccess() function and use it to implement xenix_eaccess() rather than kern_access().
Suggested by: rwatson
|
#
155385 |
|
06-Feb-2006 |
jeff |
- Don't check v_mount for NULL to determine if a vnode has been recycled. Use the more appropriate VI_DOOMED flag instead.
Sponsored by: Isilon Systems, Inc. MFC After: 1 week
|
#
155257 |
|
03-Feb-2006 |
rwatson |
In fchdir(), Giant must be separately acquired and dropped if the old vnode is from a file system that is not MPSAFE, as vrele() expects Giant to be held when it is called on a non-MPSAFE vnode.
Spotted by: kris Tested by: glebius
|
#
155167 |
|
01-Feb-2006 |
jeff |
- chroot and chdir need to lock giant as appropriate for the outgoing vp as well as the new vp.
Sponsored by: Isilon Systems, Inc. MFC After: 3 days
|
#
155160 |
|
31-Jan-2006 |
jeff |
- Reorder calls to vrele() after calls to vput() when the vrele is a directory. vrele() may lock the passed vnode, which in these cases would give an invalid lock order of child -> parent. These situations are deadlock prone although do not typically deadlock because the vrele is typically not releasing the last reference to the vnode. Users of vrele must consider it as a call to vn_lock() and order it appropriately.
MFC After: 1 week Sponsored by: Isilon Systems, Inc. Tested by: kkenn
|
#
154690 |
|
22-Jan-2006 |
truckman |
Tweak previous vfs_lookup.c commit to return an EINVAL error from lookup() instead of EPERM when a DELETE or RENAME operation is attempted on "..".
In kern_unlink(), remap EINVAL errors returned from namei() to EPERM to match existing (and POSIX required) behaviour.
Discussed with: bde MFC after: 3 days
|
#
154011 |
|
04-Jan-2006 |
dds |
Fix style bug.
Prompted by: bde
|
#
154009 |
|
03-Jan-2006 |
dds |
Replace tv_usec normalization with the return of EINVAL. This addresses two objections to the previous behavior, and unbreaks the alpha tinderbox build.
TODO: update the utimes(2) man page.
|
#
154003 |
|
03-Jan-2006 |
dds |
Normalize the tv_usec part of the utimes(2) arguments to ensure that a file's atime and mtime are only set to correct fractional second values (0-999999000ns with the current interface). Prior to this change users could create files with values outside that range. Moreover, on 32-bit machines tv_usec offsets larger than 4.3s would result in an unnormalized AND wrong timestamp value, due to overflow.
MFC after: 1 week
|
#
153547 |
|
19-Dec-2005 |
pjd |
Reduce Giant scope a bit, as fdrop() is believed to be MPSAFE. The purpose of this change is consistency (not performance improvement:)), as it was hard to tell if fdrop() is MPSAFE or not when I saw it sometimes under the Giant and sometimes without it.
Glanced at by: ssouhlal, kan
|
#
150531 |
|
24-Sep-2005 |
csjp |
Implement new world order in VFS locking for extended attributes. This will remove the unconditional acquisition of Giant for extended attribute related operations. If the file system is set as being MP safe and debug.mpsafevfs is 1, do not pickup Giant.
Mark the following system calls as being MP safe so we no longer pickup Giant in the system call handler:
o extattrctl o extattr_set_file o extattr_get_file o extattr_delete_file o extattr_set_fd o extattr_get_fd o extattr_delete_fd o extattr_set_link o extattr_get_link o extattr_delete_link o extattr_list_file o extattr_list_link o extattr_list_fd
-Pass MPSAFE flags to namei(9) lookup and introduce vfslocked variable which will keep track of any Giant acquisitions. -Wrap any fd operations which manipulate vnodes in VFS_{UN}LOCK_GIANT -Drop VFS_ASSERT_GIANT into function which operate on vnodes to ensure that we are sufficiently protected.
I've tested these changes with various TrustedBSD MAC policies which use extended attribute a lot on SMP and UP systems (thanks to Scott Long for making some SMP hardware available to me for testing).
Discussed with: jeff Requested by: jhb, rwatson
|
#
150164 |
|
15-Sep-2005 |
csjp |
Improve the MP safeness associated with the creation of symbolic links and the execution of ELF binaries. Two problems were found:
1) The link path wasn't tagged as being MP safe and thus was not properly protected. 2) The ELF interpreter vnode wasnt being locked in namei(9) and thus was insufficiently protected.
This commit makes the following changes:
-Sets the MPSAFE flag in NDINIT for symbolic link paths -Sets the MPSAFE flag in NDINIT and introduce a vfslocked variable which will be used to instruct VFS_UNLOCK_GIANT to unlock Giant if it has been picked up. -Drop in an assertion into vfs_lookup which ensures that if the MPSAFE flag is NOT set, that we have picked up giant. If not panic (if WITNESS compiled into the kernel). This should help us find conditions where vnode operations are in-sufficiently protected.
This is a RELENG_6 candidate.
Discussed with: jeff MFC after: 4 days
|
#
149697 |
|
01-Sep-2005 |
pjd |
In case of mac_check_vnode_rename_from() or vn_start_write() failure, vn_finished_write() should not be called.
Reviewed by: ssouhlal MFC after: 3 days
|
#
147559 |
|
23-Jun-2005 |
pjd |
Actually only protect mount-point if security.jail.enforce_statfs is set to 2. If we don't return statistics about requested file systems, system tools may not work correctly or at all.
Approved by: re (scottl)
|
#
147352 |
|
13-Jun-2005 |
jeff |
- Remove vnode lock asserts at the end of vfs syscalls. These asserts were used to ensure that we weren't exiting the syscall with a lock still held. This wasn't safe, however, because we'd already executed a vput() and on a loaded system the vnode may have been free'd by the time we assert. This functionality is also handled by the td_locks assert in userret, which doesn't tell you what the syscall was, but will at least panic before you deadlock.
Sponsored by: Isilon Systems, Inc. Discovred by: Peter Holm Approved by: re (blanket vfs)
|
#
147309 |
|
12-Jun-2005 |
pjd |
Do not allocate memory while holding a mutex. I introduce a very small race here (some file system can be mounted or unmounted between 'count' calculation and file systems list creation), but it is harmless.
Found by: FreeBSD Kernel Stress Test Suite: http://www.holm.cc/stress/ Reported by: Peter Holm <peter@holm.cc>
|
#
147302 |
|
11-Jun-2005 |
pjd |
Do not allocate memory based on not-checked argument from userland. It can be used to panic the kernel by giving too big value. Fix it by moving allocation and size verification into kern_getfsstat(). This even simplifies kern_getfsstat() consumers, but destroys symmetry - memory is allocated inside kern_getfsstat(), but has to be freed by the caller.
Found by: FreeBSD Kernel Stress Test Suite: http://www.holm.cc/stress/ Reported by: Peter Holm <peter@holm.cc>
|
#
147185 |
|
09-Jun-2005 |
pjd |
Rename sysctl security.jail.getfsstatroot_only to security.jail.enforce_statfs and extend its functionality:
value policy 0 show all mount-points without any restrictions 1 show only mount-points below jail's chroot and show only part of the mount-point's path (if jail's chroot directory is /jails/foo and mount-point is /jails/foo/usr/home only /usr/home will be shown) 2 show only mount-point where jail's chroot directory is placed.
Default value is 2.
Discussed with: rwatson
|
#
147178 |
|
09-Jun-2005 |
pjd |
Avoid code duplication in serval places by introducing universal kern_getfsstat() function.
Obtained from: jhb
|
#
147137 |
|
08-Jun-2005 |
rodrigc |
Initialize uio_iovcnt to 1 in extattr_list_vp() and extattr_get_vp()
PR: kern/79357 Approved by: rwatson
|
#
146715 |
|
28-May-2005 |
rwatson |
Acquire Giant explicitly in quotactl() so that the syscalls.master entry can become MSTD.
|
#
146709 |
|
28-May-2005 |
rwatson |
Acquire Giant explicitly in fhopen(), fhstat(), and kern_fhstatfs(), so that we can start to eliminate the presence of non-MPSAFE system call entries in syscalls.master.
|
#
146694 |
|
27-May-2005 |
pjd |
Remove (now) unused argument 'td' from cvtstatfs().
|
#
146693 |
|
27-May-2005 |
pjd |
Sync locking in freebsd4_getfsstat() with getfsstat(). Giant is probably also needed in kern_fhstatfs().
|
#
146692 |
|
27-May-2005 |
pjd |
Use consistent style in functions I want to modify in the near future.
|
#
146506 |
|
22-May-2005 |
pjd |
Protect fsid in freebsd4_getfsstat() in simlar way as it is done in getfsstat().
|
#
146502 |
|
22-May-2005 |
pjd |
If we need to hide fsid, kern_statfs()/kern_fstatfs() will do it for us, so do not duplicate the code in cvtstatfs(). Note, that we now need to clear fsid in freebsd4_getfsstat().
This moves all security related checks from functions like cvtstatfs() and will allow to add more security related stuff (like statfs(2), etc. protection for jails) a bit easier.
|
#
144898 |
|
11-Apr-2005 |
jeff |
- vput(tvp) before vrele(tdvp) in kern_rename() to avoid lock order issues.
|
#
144834 |
|
09-Apr-2005 |
jeff |
- Remove the namei NOOBJ flag. It is meaningless now.
Sponsored by: Isilon Systems, Inc.
|
#
144055 |
|
24-Mar-2005 |
jeff |
- Pass LK_EXCLUSIVE to VFS_ROOT() to satisfy the new flags argument. For now, all calls to VFS_ROOT() should still acquire exclusive locks.
Sponsored by: Isilon Systems, Inc.
|
#
144049 |
|
24-Mar-2005 |
jeff |
- Remove the #ifdef LOOKUP_SHARED from some calls to NDINIT. The LOCKSHARED flag is simply ignored in namei() if LOOKUP_SHARED is not enabled.
Sponsored by: Isilon Systems, Inc.
|
#
143495 |
|
13-Mar-2005 |
jeff |
- Don't VOP_UNLOCK prior to VOP_REVOKE. The lock is required now.
Sponsored by: Isilon Systems, Inc.
|
#
141533 |
|
08-Feb-2005 |
phk |
Drag another softupdates tentacle back into FFS: Now that FFS's vop_fsync is separate from the internal use we can do the full job there.
|
#
141484 |
|
07-Feb-2005 |
jhb |
Implement a kern_pathconf() wrapper for pathconf() which can take the filename from either a user space or a kernel space pointer.
|
#
141471 |
|
07-Feb-2005 |
jhb |
- Tweak kern_msgctl() to return a copy of the requested message queue id structure in the struct pointed to by the 3rd argument for IPC_STAT and get rid of the 4th argument. The old way returned a pointer into the kernel array that the calling function would then access afterwards without holding the appropriate locks and doing non-lock-safe things like copyout() with the data anyways. This change removes that unsafeness and resulting race conditions as well as simplifying the interface. - Implement kern_foo wrappers for stat(), lstat(), fstat(), statfs(), fstatfs(), and fhstatfs(). Use these wrappers to cut out a lot of code duplication for freebsd4 and netbsd compatability system calls. - Add a new lookup function kern_alternate_path() that looks up a filename under an alternate prefix and determines which filename should be used. This is basically a more general version of linux_emul_convpath() that can be shared by all the ABIs thus allowing for further reduction of code duplication.
|
#
141149 |
|
02-Feb-2005 |
jeff |
- Correct a typo in kern_rename. tvfslocked should be initialized from tond and not fromnd. This could lead us to leak Giant, or unlock it twice, depending on the filesystems involved. renames within a single filesystem would not have caused any problems.
Sponsored by: Isilon Systems, Inc.
|
#
141129 |
|
01-Feb-2005 |
jeff |
- Or MPSAFE with the correct set of flags in stat(). This affected only the LOOKUP_SHARED case.
Spotted by: jhb
|
#
140782 |
|
24-Jan-2005 |
phk |
Don't use VOP_GETVOBJECT, use vp->v_object directly.
|
#
140779 |
|
24-Jan-2005 |
phk |
Don't call VOP_CREATEVOBJECT(), it's the responsibility of the filesystem which owns the vnode.
|
#
140713 |
|
24-Jan-2005 |
jeff |
- Change all vfs syscalls to use VFS_LOCK_GIANT(), and MPSAFE nds. - Move Giant acquisition into the few vfs syscalls that weren't already directly acquiring it.
Sponsored By: Isilon Systems, Inc.
|
#
140181 |
|
13-Jan-2005 |
phk |
Ditch vfs_object_create() and make the callers call VOP_CREATEVOBJECT() directly.
|
#
140048 |
|
11-Jan-2005 |
phk |
Remove the unused credential argument from VOP_FSYNC() and VFS_SYNC().
I'm not sure why a credential was added to these in the first place, it is not used anywhere and it doesn't make much sense:
The credentials for syncing a file (ability to write to the file) should be checked at the system call level.
Credentials for syncing one or more filesystems ("none") should be checked at the system call level as well.
If the filesystem implementation needs a particular credential to carry out the syncing it would logically have to the cached mount credential, or a credential cached along with any delayed write data.
Discussed with: rwatson
|
#
139804 |
|
06-Jan-2005 |
imp |
/* -> /*- for copyright notices, minor format tweaks as necessary
|
#
137767 |
|
16-Nov-2004 |
phk |
Eliminate pointless goto.
|
#
137750 |
|
15-Nov-2004 |
phk |
Forgot to remove now unused variable in last commit.
|
#
137749 |
|
15-Nov-2004 |
phk |
It is not necessary to hold vn_start_write/vn_finished_write around VOP_REVOKE.
|
#
137748 |
|
15-Nov-2004 |
phk |
Next FILEDESC_LOCK properly around FILE_LOCK
|
#
137647 |
|
13-Nov-2004 |
phk |
Introduce an alias for FILEDESC_{UN}LOCK() with the suffix _FAST.
Use this in all the places where sleeping with the lock held is not an issue.
The distinction will become significant once we finalize the exact lock-type to use for this kind of case.
|
#
137355 |
|
07-Nov-2004 |
phk |
Introduce fdclose() which will clean an entry in a filedesc.
Replace homerolled versions with call to fdclose().
Make fdunused() static to kern_descrip.c
|
#
132653 |
|
26-Jul-2004 |
cperciva |
Rename suser_cred()'s PRISON_ROOT flag to SUSER_ALLOWJAIL. This is somewhat clearer, but more importantly allows for a consistent naming scheme for suser_cred flags.
The old name is still defined, but will be removed in a few days (unless I hear any complaints...)
Discussed with: rwatson, scottl Requested by: jhb
|
#
132023 |
|
12-Jul-2004 |
alfred |
Make VFS_ROOT() and vflush() take a thread argument. This is to allow filesystems to decide based on the passed thread which vnode to return. Several filesystems used curthread, they now use the passed thread.
|
#
131063 |
|
24-Jun-2004 |
rwatson |
Don't cuddle else's so much as we removed additional parts of each block.
|
#
131062 |
|
24-Jun-2004 |
rwatson |
Remove temporary API bandage that allowed applications speaking the older API to list attributes on a file (zero-length attribute name) to function. extattr_list_*() are now the only available APIs to use when listing attributes.
|
#
130906 |
|
22-Jun-2004 |
rwatson |
Acquire Giant in link() so that the system call can be marked MPSAFE. Don't want to acquire Giant in kern_link() sync linux compat code performs actions requiring Giant prior to calling kern_link().
|
#
130903 |
|
22-Jun-2004 |
rwatson |
Acquire Giant in link() so that we can mark it as MSTD in syscalls.master. Don't want to do it in kern_link() since the Linux emulation code calls kern_link() after performing other actions requiring Giant.
|
#
130719 |
|
19-Jun-2004 |
phk |
Only initialize f_data and f_ops if nobody else did so already.
|
#
130344 |
|
11-Jun-2004 |
phk |
Deorbit COMPAT_SUNOS.
We inherited this from the sparc32 port of BSD4.4-Lite1. We have neither a sparc32 port nor a SunOS4.x compatibility desire these days.
|
#
130187 |
|
07-Jun-2004 |
pjd |
Remove unused code.
Submitted by: Bjoern A. Zeeb
|
#
130065 |
|
04-Jun-2004 |
tjr |
Remove a stale comment.
|
#
129111 |
|
11-May-2004 |
tjr |
Eliminate a memory leak in kern_symlink() that could occur if vn_start_write() failed.
|
#
128659 |
|
26-Apr-2004 |
pjd |
Always use nd.ni_vp->v_mount as an argument for VFS_QUOTACTL(), just like in RELENG_4.
Pointed out by: Alex Lyashkov <umka@sevinter.net>
|
#
128552 |
|
22-Apr-2004 |
pjd |
Look out! vn_start_write() is able to return 0 and NULL 'mp'.
Submitted by: Alex Lyashkov <shadow@psoft.net>
|
#
127935 |
|
06-Apr-2004 |
bde |
Removed some less than useful comments: - don't say what a small subset of the options includes are for. - don't mark up functions which use all their args with /* ARGSUSED */. The markup should have been removed when the unused retval parameter was removed. - don't comment on what routine suser() checks do. Removed nearby excessive vertical whitespace.
|
#
127911 |
|
05-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999.
Approved by: core
|
#
127890 |
|
05-Apr-2004 |
dfr |
Add lgetfh(2) which is like getfh(2) but doesn't follow symlinks.
|
#
127062 |
|
16-Mar-2004 |
dwmalone |
Nudge Giant as far as I can into kern_open(). Mark open() as MPSAFE. Use kern_open() to implement creat() rather than taking the long route through open(). Mark creat as MPSAFE.
While I'm at it, mark nosys() (syscall 0) as MPSAFE, for all the difference it will make.
|
#
126754 |
|
08-Mar-2004 |
pjd |
Add two new sysctls:
- security.bsd.hardlink_check_uid, when set, means, that unprivileged users are not permitted to create hard links to files not owned by them, - security.bsd.hardlink_check_gid, when set, means, that unprivileged users are not permitted to create hard links to files owned by group they don't belong to.
OK'ed by: rwatson
|
#
125939 |
|
17-Feb-2004 |
dwmalone |
Correct a comment.
Reviewed by: alfred, tanimura
|
#
125804 |
|
14-Feb-2004 |
rwatson |
By default, when a process in jail calls getfsstat(), only return the data for the file system on which the jail's root vnode is located. Previous behavior (show data for all mountpoints) can be restored by setting security.jail.getfsstatroot_only to 0. Note: this also has the effect of hiding other mounts inside a jail, such as /dev, /tmp, and /proc, but errs on the side of leaking less information.
|
#
124548 |
|
15-Jan-2004 |
des |
New file descriptor allocation code, derived from similar code introduced in OpenBSD by Niels Provos. The patch introduces a bitmap of allocated file descriptors which is used to locate available descriptors when a new one is needed. It also moves the task of growing the file descriptor table out of fdalloc(), reducing complexity in both fdalloc() and do_dup().
Debts of gratitude are owed to tjr@ (who provided the original patch on which this work is based), grog@ (for the gdb(4) man page) and rwatson@ (for assistance with pxeboot(8)).
|
#
124393 |
|
11-Jan-2004 |
des |
Mechanical whitespace cleanup; parenthesize return values; other minor style nits. The #ifdefs in this file give me a headache...
|
#
123806 |
|
24-Dec-2003 |
rwatson |
Document that when we are addressing an open()/close() race, the reason we call vn_close() manually rather than letting fdrop() take care of it is that we haven't yet hooked up the various 'struct file' fields.
|
#
122537 |
|
12-Nov-2003 |
mckusick |
Update the statfs structure with 64-bit fields to allow accurate reporting of multi-terabyte filesystem sizes.
You should build and boot a new kernel BEFORE doing a `make world' as the new kernel will know about binaries using the old statfs structure, but an old kernel will not know about the new system calls that support the new statfs structure. Running an old kernel after a `make world' will cause programs such as `df' that do a statfs system call to fail with a bad system call.
Reviewed by: Bruce Evans <bde@zeta.org.au> Reviewed by: Tim Robbins <tjr@freebsd.org> Reviewed by: Julian Elischer <julian@elischer.org> Reviewed by: the hoards of <arch@freebsd.org> Sponsored by: DARPA & NAI Labs.
|
#
121256 |
|
19-Oct-2003 |
dwmalone |
falloc allocates a file structure and adds it to the file descriptor table, acquiring the necessary locks as it works. It usually returns two references to the new descriptor: one in the descriptor table and one via a pointer argument.
As falloc releases the FILEDESC lock before returning, there is a potential for a process to close the reference in the file descriptor table before falloc's caller gets to use the file. I don't think this can happen in practice at the moment, because Giant indirectly protects closes.
To stop the file being completly closed in this situation, this change makes falloc set the refcount to two when both references are returned. This makes life easier for several of falloc's callers, because the first thing they previously did was grab an extra reference on the file.
Reviewed by: iedowse Idea run past: jhb
|
#
119198 |
|
21-Aug-2003 |
rwatson |
Add mac_check_vnode_deleteextattr() and mac_check_vnode_listextattr(): explicit access control checks to delete and list extended attributes on a vnode, rather than implicitly combining with the setextattr and getextattr checks. This reflects EA API changes in the kernel made recently, including the move to explicit VOP's for both of these operations.
Obtained from: TrustedBSD PRoject Sponsored by: DARPA, Network Associates Laboratories
|
#
118620 |
|
07-Aug-2003 |
jhb |
td_dupfd just needs to be less than 0, it does not have to hold the negative value of the index of the new file, so just use -1.
|
#
118452 |
|
04-Aug-2003 |
iedowse |
In the mknod(), mkfifo(), link(), symlink() and undelete() syscalls, use vrele() instead of vput() on the parent directory vnode returned by namei() in the case where it is equal to the target vnode. This handles namei()'s somewhat strange (but documented) behaviour of not locking either vnode when the two vnodes are equal and LOCKPARENT but not LOCKLEAF is specified.
Note that since a vnode double-unlock is not currently fatal, these coding errors were effectively harmless.
Spotted by: Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de> Reviewed by: mckusick
|
#
118131 |
|
28-Jul-2003 |
rwatson |
Rename VOP_RMEXTATTR() to VOP_DELETEEXTATTR() for consistency with the kernel ACL interfaces and system call names.
Break out UFS2 and FFS extattr delete and list vnode operations from setextattr and getextattr to deleteextattr and listextattr, which cleans up the implementations, and makes the results more readable, and makes the APIs more clear.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
118098 |
|
27-Jul-2003 |
phk |
Pass the file descriptor index down to vn_open.
If the method vector was replaced and we got the "special return code" smile and trust that whatever happened below DTRT.
|
#
118094 |
|
27-Jul-2003 |
phk |
Add fdidx argument to vn_open() and vn_open_cred() and pass -1 throughout.
|
#
118047 |
|
26-Jul-2003 |
phk |
Add a "int fd" argument to VOP_OPEN() which in the future will contain the filedescriptor number on opens from userland.
The index is used rather than a "struct file *" since it conveys a bit more information, which may be useful to in particular fdescfs and /dev/fd/*
For now pass -1 all over the place.
|
#
117222 |
|
04-Jul-2003 |
phk |
Use the f_vnode field to tell which file descriptors have a vnode.
|
#
116699 |
|
22-Jun-2003 |
rwatson |
Prefer the vop_rmextattr() vnode operation for removing extended attributes from objects over vop_setextattr() with a NULL uio; if the file system doesn't support the vop_rmextattr() method, fall back to the vop_setextattr() method.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
116678 |
|
22-Jun-2003 |
phk |
Add a f_vnode field to struct file.
Several of the subtypes have an associated vnode which is used for stuff like the f*() functions.
By giving the vnode a speparate field, a number of checks for the specific subtype can be replaced simply with a check for f_vnode != NULL, and we can later free f_data up to subtype specific use.
At this point in time, f_data still points to the vnode, so any code I might have overlooked will still work.
|
#
116601 |
|
20-Jun-2003 |
phk |
Don't (re)initialize f_gcflag to zero.
Move initialization of DTYPE_VNODE specific field f_seqcount into the DTYPE_VNODE specific code.
|
#
116565 |
|
19-Jun-2003 |
truckman |
FILE_LOCK() uses a pool mutex, as does the vnode v_vnlock. Since pool mutexes are supposed to only be used as leaf mutexes, and what appear to be separate pool mutexes could be aliased together, it is bad idea for a thread to attempt to hold two pool mutexes at the same time.
Slightly rearrange the code in kern_open() so that FILE_UNLOCK() is called before calling VOP_GETVOBJECT(), which will grab the v_vnlock mutex.
|
#
116550 |
|
18-Jun-2003 |
phk |
Introduce a new flag on a file descriptor: DFLAG_SEEKABLE and use that rather than assume that only DTYPE_VNODE is seekable.
|
#
116182 |
|
10-Jun-2003 |
obrien |
Use __FBSDID().
|
#
115868 |
|
05-Jun-2003 |
rwatson |
If a system call comes in requesting to retrieve an attribute named "", temporarily map it to a call to extattr_list_vp() to provide compatibility for older applications using the "" API to retrieve EA lists.
Use VOP_LISTEXTATTR() to support extattr_list_vp() rather than VOP_GETEXTATTR(..., "", ...).
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Asssociates Laboratories
|
#
115801 |
|
04-Jun-2003 |
rwatson |
Implementations of extattr_list_fd(), extattr_list_file(), and extattr_list_link() system calls, which return a least of extended attributes defined for a vnode referenced by a file descriptor or path name. Currently, we just invoke VOP_GETEXTATTR() since it will convert a request for an empty name into a query for a name list, which was the old (more hackish) API. At some point in the near future, we'll push the distinction between get and list down to the vnode operation layer, but this provides access to the new API for applications in the short term.
Pointed out by: Dominic Giampaolo <dbg@apple.com> Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
115549 |
|
31-May-2003 |
phk |
Remove unused variable(s).
Found by: FlexeLint
|
#
114216 |
|
29-Apr-2003 |
kan |
Deprecate machine/limits.h in favor of new sys/limits.h. Change all in-tree consumers to include <sys/limits.h>
Discussed on: standards@ Partially submitted by: Craig Rodrigues <rodrigc@attbi.com>
|
#
113955 |
|
24-Apr-2003 |
alc |
- Acquire the vm_object's lock when performing vm_object_page_clean(). - Add a parameter to vm_pageout_flush() that tells vm_pageout_flush() whether its caller has locked the vm_object. (This is a temporary measure to bootstrap vm_object locking.)
|
#
113275 |
|
09-Apr-2003 |
mike |
o In struct prison, add an allprison linked list of prisons (protected by allprison_mtx), a unique prison/jail identifier field, two path fields (pr_path for reporting and pr_root vnode instance) to store the chroot() point of each jail. o Add jail_attach(2) to allow a process to bind to an existing jail. o Add change_root() to perform the chroot operation on a specified vnode. o Generalize change_dir() to accept a vnode, and move namei() calls to callers of change_dir(). o Add a new sysctl (security.jail.list) which is a group of struct xprison instances that represent a snapshot of active jails.
Reviewed by: rwatson, tjr
|
#
111935 |
|
05-Mar-2003 |
rwatson |
Move the initialization of the vattr flags field in setfflags() to before the MAC check so that we pass the flags field into the MAC check properly initialized. This didn't affect any current MAC modules since they didn't care what the flags argument was (as they were primarily interested in the fact that it was a meta-data write, not the contents of the write), but would be relevant to future modules relying on that field.
Submitted by: Mike Halderman <mrh@spawar.navy.mil> Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
111119 |
|
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
#
110976 |
|
16-Feb-2003 |
hsu |
Remove extraneous FILEDESC_LOCK around atomic read.
|
#
110156 |
|
31-Jan-2003 |
rwatson |
Correct handling of locking for chroot() and chdir() cases: rather than having change_dir() release the vnode lock on success, hold the lock so that we can use it later when invoking MAC checks and VOP_ACCESS() in the chroot() code. Update the comment to reflect this calling convention. Update callers to unlock the vnode lock. Correct a typo regarding vnode naming in the MAC case that crept in via the previous patch applied.
|
#
110152 |
|
31-Jan-2003 |
rwatson |
Clean up vnode handling on return from chroot() in certain error cases: we might multiply vrele() a vnode when certain classes of failures occur. This appears to stem from earlier Giant/file descriptor lock pushdown and restructuring.
Submitted by: maxim
|
#
109623 |
|
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
109153 |
|
12-Jan-2003 |
dillon |
Bow to the whining masses and change a union back into void *. Retain removal of unnecessary casts and throw in some minor cleanups to see if anyone complains, just for the hell of it.
|
#
109123 |
|
11-Jan-2003 |
dillon |
Change struct file f_data to un_data, a union of the correct struct pointer types, and remove a huge number of casts from code using it.
Change struct xfile xf_data to xun_data (ABI is still compatible).
If we need to add a #define for f_data and xf_data we can, but I don't think it will be necessary. There are no operational changes in this commit.
|
#
108790 |
|
06-Jan-2003 |
nectar |
Correct file descriptor leaks in lseek and do_dup. The leak in lseek was introduced in vfs_syscalls.c revision 1.218. The leak in do_dup was introduced in kern_descrip.c revision 1.158.
Submitted by: iedowse
|
#
107855 |
|
14-Dec-2002 |
alfred |
unwrap lines made short enough by SCARGS removal
|
#
107850 |
|
14-Dec-2002 |
alfred |
remove syscallarg().
Suggested by: peter
|
#
107849 |
|
13-Dec-2002 |
alfred |
SCARGS removal take II.
|
#
107839 |
|
13-Dec-2002 |
alfred |
Backout removal SCARGS, the code freeze is only "selectively" over.
|
#
107838 |
|
13-Dec-2002 |
alfred |
Remove SCARGS.
Reviewed by: md5
|
#
106064 |
|
27-Oct-2002 |
iedowse |
Fix a case in kern_rename() where a vn_finished_write() call was missed. This bug has been present since the vn_start_write() and vn_finished_write() calls were first added in revision 1.159. When the case is triggered, any attempts to create snapshots on the filesystem will deadlock and also prevent further write activity on that filesystem.
|
#
106057 |
|
27-Oct-2002 |
wollman |
Change the way support for asynchronous I/O is indicated to applications to conform to 1003.1-2001. Make it possible for applications to actually tell whether or not asynchronous I/O is supported.
Since FreeBSD's aio implementation works on all descriptor types, don't call down into file or vnode ops when [f]pathconf() is asked about _PC_ASYNC_IO; this avoids the need for every file and vnode op to know about it.
|
#
105473 |
|
19-Oct-2002 |
rwatson |
Hook up most of the MAC entry points relating to file/directory/node creation, deletion, and rename. There are one or two other stray cases I'll catch in follow-up commits (such as unix domain socket creation); this permits MAC policy modules to limit the ability to perform these operations based on existing UNIX credential / vnode attributes, extended attributes, and security labels. In the rename case using MAC, we now have to lock the from directory and file vnodes for the MAC check, but this is done only in the MAC case, and the locks are immediately released so that the remainder of the rename implementation remains the same. Because the create check takes a vattr to know object type information, we now initialize additional fields in the VATTR passed to VOP_SYMLINK() in the MAC case.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
104776 |
|
10-Oct-2002 |
rwatson |
Incremental style improvements: more consistently avoid assignments in conditionals; remove some excess vertical whitespace; remove a bug in the return handling of the delete_vp() case for MAC.
Spotted by: bde
|
#
104743 |
|
09-Oct-2002 |
rwatson |
Explore new heights in alphabetization for _file and _fd variations on the extended attribute system calls.
|
#
104732 |
|
09-Oct-2002 |
rwatson |
Implement extattr_{delete,get,set}_link() system calls: extended attribute operations that do not follow links. Sync to MAC tree.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
104631 |
|
07-Oct-2002 |
iedowse |
Add back a fdrop() call at the end of kern_open() that got lost in revision 1.218. This bug caused a "struct file" reference to be leaked if VOP_ADVLOCK(), vn_start_write(), or mac_check_vnode_write() failed during the open operation.
PR: kern/43739 Reported by: Arne Woerner <woerner@mediabase-gmbh.de>
|
#
104529 |
|
05-Oct-2002 |
rwatson |
Merge support for mac_check_vnode_link(), a MAC framework/policy entry point that instruments the creation of hard links. Policy implementations to follow.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
104363 |
|
02-Oct-2002 |
phk |
Fix mis-indentation.
Spotted by: FlexeLint
|
#
103932 |
|
25-Sep-2002 |
jeff |
- Properly lock v_vflags in getdirents().
|
#
103636 |
|
19-Sep-2002 |
truckman |
VOP_FSYNC() requires that it's vnode argument be locked, which nfs_link() wasn't doing. Rather than just lock and unlock the vnode around the call to VOP_FSYNC(), implement rwatson's suggestion to lock the file vnode in kern_link() before calling VOP_LINK(), since the other filesystems also locked the file vnode right away in their link methods. Remove the locking and and unlocking from the leaf filesystem link methods.
Reviewed by: rwatson, bde (except for the unionfs_link() changes)
|
#
103180 |
|
10-Sep-2002 |
bde |
vfs_syscalls.c: Changed rename(2) to follow the letter of the POSIX spec. POSIX requires rename() to have no effect if its args "resolve to the same existing file". I think "file" can only reasonably be read as referring to the inode, although the rationale and "resolve" seem to say that sameness is at the level of (resolved) directory entries.
ext2fs_vnops.c, ufs_vnops.c: Replaced code that gave the historical BSD behaviour of removing one link name by checks that this code is now unreachable. This fixes some races. All vnodes needed to be unlocked for the removal, and locking at another level using something like IN_RENAME was not even attempted, so it was possible for rename(x, y) to return with both x and y removed even without any unlink(2) syscalls (one process can remove x using rename(x, y) and another process can remove y using rename(y, x)).
Prodded by: alfred MFC after: 8 weeks PR: 42617
|
#
102779 |
|
01-Sep-2002 |
iedowse |
Split out a number of mostly VFS and signal related syscalls into a kernel-internal kern_*() version and a wrapper that is called via the syscall vector table. For paths and structure pointers, the internal version either takes a uio_seg parameter or requires the caller to copyin() the data to kernel memory as appropiate. This will permit emulation layers to use these syscalls without having to copy out translated arguments to the stack gap.
Discussed on: -arch Review/suggestions: bde, jhb, peter, marcel
|
#
102203 |
|
21-Aug-2002 |
jeff |
- Hold the vnode lock across unlink() so that the v_vflag check is safe. - Fix the long broken error handling for VV_ROOT and VDIR.
|
#
102129 |
|
19-Aug-2002 |
rwatson |
Pass active_cred and file_cred into the MAC framework explicitly for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred when calling these checks with a struct file available. Otherwise, pass NOCRED. All currently MAC policies use active_cred, but could now offer the cached credential semantic used for the base system security model.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
102112 |
|
19-Aug-2002 |
rwatson |
Break out mac_check_vnode_op() into three seperate checks: mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write(). This improves the consistency with other existing vnode checks, and allows policies to avoid implementing switch statements to determine what operations they do and do not want to authorize.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101983 |
|
16-Aug-2002 |
rwatson |
Make similar changes to fo_stat() and fo_poll() as made earlier to fo_read() and fo_write(): explicitly use the cred argument to fo_poll() as "active_cred" using the passed file descriptor's f_cred reference to provide access to the file credential. Add an active_cred argument to fo_stat() so that implementers have access to the active credential as well as the file credential. Generally modify callers of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which was redundantly provided via the fp argument. This set of modifications also permits threads to perform these operations on behalf of another thread without modifying their credential.
Trickle this change down into fo_stat/poll() implementations:
- badfo_poll(), badfo_stat(): modify/add arguments. - kqueue_poll(), kqueue_stat(): modify arguments. - pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to MAC checks rather than td->td_ucred. - soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather than cred to pru_sopoll() to maintain current semantics. - sopoll(): moidfy arguments. - vn_poll(), vn_statfile(): modify/add arguments, pass new arguments to vn_stat(). Pass active_cred to MAC and fp->f_cred to VOP_POLL() to maintian current semantics. - vn_close(): rename cred to file_cred to reflect reality while I'm here. - vn_stat(): Add active_cred and file_cred arguments to vn_stat() and consumers so that this distinction is maintained at the VFS as well as 'struct file' layer. Pass active_cred instead of td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.
- fifofs: modify the creation of a "filetemp" so that the file credential is properly initialized and can be used in the socket code if desired. Pass ap->a_td->td_ucred as the active credential to soo_poll(). If we teach the vnop interface about the distinction between file and active credentials, we would use the active credential here.
Note that current inconsistent passing of active_cred vs. file_cred to VOP's is maintained. It's not clear why GETATTR would be authorized using active_cred while POLL would be authorized using file_cred at the file system level.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101308 |
|
04-Aug-2002 |
jeff |
- Replace v_flag with v_iflag and v_vflag - v_vflag is protected by the vnode lock and is used when synchronization with VOP calls is needed. - v_iflag is protected by interlock and is used for dealing with vnode management issues. These flags include X/O LOCK, FREE, DOOMED, etc. - All accesses to v_iflag and v_vflag have either been locked or marked with mp_fixme's. - Many ASSERT_VOP_LOCKED calls have been added where the locking was not clear. - Many functions in vfs_subr.c were restructured to provide for stronger locking.
Idea stolen from: BSD/OS
|
#
101181 |
|
01-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Invoke appropriate MAC framework entry points to authorize readdir() operations in the native ABI.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101173 |
|
01-Aug-2002 |
rwatson |
Include file cleanup; mac.h and malloc.h at one point had ordering relationship requirements, and no longer do.
Reminded by: bde
|
#
101160 |
|
01-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Invoke appropriate MAC entry points to authorize the following operations:
truncate on open() (write) access() (access) readlink() (readlink) chflags(), lchflags(), fchflags() (setflag) chmod(), fchmod(), lchmod() (setmode) chown(), fchown(), lchown() (setowner) utimes(), lutimes(), futimes() (setutimes) truncate(), ftrunfcate() (write) revoke() (revoke) fhopen() (open) truncate on fhopen() (write) extattr_set_fd, extattr_set_file() (setextattr) extattr_get_fd, extattr_get_file() (getextattr) extattr_delete_fd(), extattr_delete_file() (setextattr)
These entry points permit MAC policies to enforce a variety of protections on vnodes. More vnode checks to come, especially in non-native ABIs.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101135 |
|
01-Aug-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Instrument chdir() and chroot()-related system calls to invoke appropriate MAC entry points to authorize the two operations.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101129 |
|
31-Jul-2002 |
rwatson |
Improve formatting and variable use consistency in extattr system calls.
Submitted by: green Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101128 |
|
31-Jul-2002 |
rwatson |
Simplify the logic to enter VFS_EXTATTRCTL().
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
101005 |
|
30-Jul-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Implement MAC framework access control entry points relating to operations on mountpoints. Currently, this consists only of access control on mountpoint listing using the various statfs() variations. In the future, it might also be desirable to implement checks on mount() and unmount().
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
100961 |
|
30-Jul-2002 |
rwatson |
When referencing nd_cnp after namei(), always pass SAVENAME into NDINIT() operation flags.
Submitted by: green Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
100496 |
|
22-Jul-2002 |
rwatson |
Set VAPPEND in open mode when O_APPEND is specified as an argument to open() of fhopen(). Currently this has no actual affect due to the treatment of VAPPEND in vaccess() and vaccess_acl() as a subset of VWRITE, but when MAC comes in, MAC will distinguish the two. Note: if any file systems are cutting their own permission models, they may wish to now take this into account.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
100207 |
|
17-Jul-2002 |
mckusick |
Change utimes to set the file creation time (for filesystems that support creation times such as UFS2) to the value of the modification time if the value of the modification time is older than the current creation time. See utimes(2) for further details.
Sponsored by: DARPA & NAI Labs.
|
#
100201 |
|
16-Jul-2002 |
mckusick |
Change the name of st_createtime to st_birthtime. This change is made to reduce confusion between st_ctime and st_createtime.
Submitted by: Eric Allman <eric@sendmail.org> Sponsored by: DARPA & NAI Labs.
|
#
99898 |
|
13-Jul-2002 |
jhb |
- Change chroot_refuse_vdir_fds() to require that the passed in struct filedesc is already locked rather than having chroot() unlock the filedesc so chroot_refuse_vdir_fds() can immediately relock it. - Reorder chroot() a bitso that we do the namei lookup before checking the process's struct filedesc. This closes at least one potential race and allows us to only acquire the filedsec lock once in chroot(). - Push down Giant slightly into chroot().
|
#
99264 |
|
02-Jul-2002 |
mux |
Move every code related to mount(2) in a new file, vfs_mount.c. The file vfs_conf.c which was dealing with root mounting has been repo-copied into vfs_mount.c to preserve history. This makes nmount related development easier, and help reducing the size of vfs_syscalls.c, which is still an enormous file.
Reviewed by: rwatson Repo-copy by: peter
|
#
99220 |
|
01-Jul-2002 |
iedowse |
Use indirect function pointer hooks instead of #ifdef SOFTUPDATES direct calls for the two places where the kernel calls into soft updates code. Set up the hooks in softdep_initialize() and NULL them out in softdep_uninitialize(). This change allows soft updates to function correctly when ufs is loaded as a module.
Reviewed by: mckusick
|
#
98992 |
|
28-Jun-2002 |
alfred |
Remove unneeded casts to caddr_t.
|
#
98984 |
|
28-Jun-2002 |
iedowse |
In vn_mkdir(), use vrele() instead of vput() on the parent directory vnode in the case that the target exists and is the same vnode as the parent (i.e. "mkdir ."). The namei() call does not leave the vnode locked in this case even though you might expect it to.
This bug was mostly harmless in practice because unlocking an already unlocked vnode currently does not trigger any panics or warnings.
Reviewed by: jeff
|
#
98734 |
|
24-Jun-2002 |
mckusick |
Use proper size in bzero of stat structure.
Submitted by: Jake Burkholder <jake@locore.ca> Sponsored by: DARPA & NAI Labs.
|
#
98644 |
|
22-Jun-2002 |
mckusick |
This patch fixes a size problem with the stat structure for 64-bit architectures that was introduced in the UFS2 code merge two days ago. The stat structure change that caused the problem was the addition of the file create time.
Submitted by: Bruce Evans <bde@zeta.org.au> Sponsored by: DARPA & NAI Labs.
|
#
98625 |
|
22-Jun-2002 |
mux |
o Remove the initialization of unused fields in the struct uio now that we don't use uiomove() anymore. o Enforce stricter checks on the length of the iov's in nmount(2) since we now malloc() them individually and corrupted iov's could make the kernel crash in malloc() with "kmem_map too small".
Reviewed by: phk
|
#
98542 |
|
21-Jun-2002 |
mckusick |
This commit adds basic support for the UFS2 filesystem. The UFS2 filesystem expands the inode to 256 bytes to make space for 64-bit block pointers. It also adds a file-creation time field, an ability to use jumbo blocks per inode to allow extent like pointer density, and space for extended attributes (up to twice the filesystem block size worth of attributes, e.g., on a 16K filesystem, there is space for 32K of attributes). UFS2 fully supports and runs existing UFS1 filesystems. New filesystems built using newfs can be built in either UFS1 or UFS2 format using the -O option. In this commit UFS1 is the default format, so if you want to build UFS2 format filesystems, you must specify -O 2. This default will be changed to UFS2 when UFS2 proves itself to be stable. In this commit the boot code for reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c) as there is insufficient space in the boot block. Once the size of the boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE. The header file <ufs/ufs/dinode.h> must be included before <ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and ufs_lbn_t.
Still TODO: Verify that the first level bootstraps work for all the architectures. Convert the utility ffsinfo to understand UFS2 and test growfs. Add support for the extended attribute storage. Update soft updates to ensure integrity of extended attribute storage. Switch the current extended attribute interfaces to use the extended attribute storage. Add the extent like functionality (framework is there, but is currently never used).
Sponsored by: DARPA & NAI Labs. Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
|
#
98510 |
|
20-Jun-2002 |
mux |
Change the way we internally store the mount options to a linked list. This is to allow the merging of the mount options in the MNT_UPDATE case, as the current data structure is unsuitable for this.
There are no functional differences in this commit.
Reviewed by: phk
|
#
97400 |
|
28-May-2002 |
mux |
Remove a duplicated vfs_freeopts() that I introduced in last revision.
|
#
97190 |
|
23-May-2002 |
mux |
Style nit, no functional changes.
|
#
97185 |
|
23-May-2002 |
mux |
Slightly change the way we pass mount options to the filesystem VFS_NMOUNT operations.
Reviewed by: phk
|
#
96996 |
|
20-May-2002 |
mux |
Change two vput() that should have been vrele().
Submitted by: iedowse
|
#
96755 |
|
16-May-2002 |
trhodes |
More s/file system/filesystem/g
|
#
96616 |
|
14-May-2002 |
jeff |
Disable the shared locking namei() code for now. It breaks several stacking filesystems. This is on hold until the rest of VFS Locking is reviewed and deemed safe. It can be enabled with 'options LOOKUP_SHARED'.
|
#
96084 |
|
05-May-2002 |
mux |
Add the lchflags(2) syscall.
Reviewed by: rwatson
|
#
96082 |
|
05-May-2002 |
jeff |
Move a KASSERT() in open() prior to unlocking the vnode. It's not safe to call VOP_GETVOBJECT without a lock.
|
#
96040 |
|
04-May-2002 |
mux |
Fix a typo.
Submitted by: dwmalone
|
#
95296 |
|
22-Apr-2002 |
rwatson |
Slightly restructure extattr_get_vp() so that there's only one entry point to VOP_GETEXTATTR(). This simplifies code flow when inserting MAC hooks.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
95093 |
|
19-Apr-2002 |
rwatson |
Improve style consistency of vfs_syscalls.c by converting the style used in various extattr_*() calls to match the rest of the file. Originally, these bits at the end looked more like style(9). This patch was submitted by green by way of the TrustedBSD MAC tree, and I fixed a few problems with it on the way through. Someone with more time on their hands should convert the entire file to style(9); this commit is for diff reduction purposes.
Submitted by: green Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
94903 |
|
16-Apr-2002 |
iedowse |
The recent NFS forced unmount improvements introduced a side-effect where some client operations might be unexpectedly cancelled during an unsuccessful non-forced unmount attempt. This causes problems for amd(8), because it periodically attempts a non-forced unmount to check if the filesystem is still in use.
Fix this by adding a new mountpoint flag MNTK_UNMOUNTF that is set only during the operation of a forced unmount. Use this instead of MNTK_UNMOUNT to trigger the cancellation of hung NFS operations.
Also correct a problem where dounmount() might inadvertently clear the MNTK_UNMOUNT flag.
Reported by: simokawa MFC after: 1 week
|
#
94262 |
|
09-Apr-2002 |
jeff |
Turn #ifdef LOOKUP_SHARED into #ifndef LOOKUP_EXCLUSIVE to enable this behavior by default. Also, change the options line to reflect this.
If there are no problems reported this will become the only behavior and the knob will be removed in a month or so.
Demanded by: obrien
|
#
94241 |
|
08-Apr-2002 |
mux |
The fourth parameter to copystr() is a size_t, not an int.
Approved by: peter
|
#
94090 |
|
07-Apr-2002 |
mux |
o Change kernel_vmount() interface to be more convenient : pass two separate strings instead of passing "foo=bar". o Don't forget to clear the VMOUNT flag on the vnode when vfs_nmount() fails because the fs doesn't implement VFS_NMOUNT (and in vfs_mount() when the fs doesn't implement VFS_MOUNT) ; also decrement the vfs refcount in the !MNT_UPDATE case.
|
#
93721 |
|
03-Apr-2002 |
mux |
Add two forgotten vfs_unbusy() calls, in vfs_mount() and vfs_nmount().
Reviewed by: phk
|
#
93593 |
|
01-Apr-2002 |
jhb |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
#
93339 |
|
28-Mar-2002 |
mux |
- Properly sync vfs_nmount() with changes that have be already done in vfs_mount(), in particular revisions 1.215, 1.227 and 1.240. - flag2 is a low quality variable name, change it to kern_flag. - strncpy NUL-terminates f_fstypename and f_mntonname since the strings have length <= <buffer length> - 1, so the explicit NUL-termination is bogus. - M_ZERO'ing space for fstype and fspath is stupid since we never use the space beyond the end of the string. - Do various style(9) cleanups in both functions.
Submitted by: bde Reviewed by: phk
|
#
93235 |
|
26-Mar-2002 |
arr |
- Fixup a few style nits: - return error -> return (error); - move a declaration to the top of the function. - become bug for bug compatible with if (error) lines.
Submitted by: bde
|
#
93228 |
|
26-Mar-2002 |
mux |
As discussed in -arch, add the new nmount(2) system call and the new vfs_getopt()/vfs_copyopt() API. This is intended to be used later, when there will be filesystems implementing the VFS_NMOUNT operation. The mount(2) system call will disappear when all filesystems will be converted to the new API. Documentation will be committed in a while.
Reviewed by: phk
|
#
93159 |
|
25-Mar-2002 |
arr |
- Recommit the securelevel_gt() calls removed by commits rev. 1.84 of kern_linker.c and rev. 1.237 of vfs_syscalls.c since these are not the source of the recent panics occuring around kldloading file system support modules.
Requested by: rwatson
|
#
92927 |
|
22-Mar-2002 |
arr |
- Back out the commit to make the linker_load_file() securelevel check made aware in jail environments. Supposedly something is broken, so this should be backed out until further investigation proves otherwise, or a proper fix can be provided.
|
#
92884 |
|
21-Mar-2002 |
arr |
- Fix a logic error in checking the securelevel that was introduced in the previous commit.
Pointy hats to: arr, rwatson
|
#
92803 |
|
20-Mar-2002 |
arr |
- Change a check of securelevel to securelevel_gt() call in order to help against users within a jail attempting to load kernel modules. - Add a check of securelevel_gt() to vfs_mount() in order to chop some low hanging fruit for the repair of securelevel checking of linking and unlinking files from within jails. There is more to be done here.
Reviewed by: rwatson
|
#
92751 |
|
20-Mar-2002 |
jeff |
Remove references to vm_zone.h and switch over to the new uma API.
Also, remove maxsockets. If you look carefully you'll notice that the old zone allocator never honored this anyway.
|
#
92723 |
|
19-Mar-2002 |
alfred |
Remove __P.
|
#
92641 |
|
19-Mar-2002 |
alfred |
Close a race when vfs_syscalls.c:checkdirs() runs.
To do this protect the filedesc pointer in the proc with PROC_LOCK in both checkdirs() and kern_descrip.c:fdfree().
|
#
92130 |
|
12-Mar-2002 |
jeff |
This patch adds the "LOCKSHARED" option to namei which causes it to only acquire shared locks on leafs. The stat() and open() calls have been changed to make use of this new functionality. Using shared locks in these cases is sufficient and can significantly reduce their latency if IO is pending to these vnodes. Also, this reduces the number of exclusive locks that are floating around in the system, which helps reduce the number of deadlocks that occur.
A new kernel option "LOOKUP_SHARED" has been added. It defaults to off so this patch can be turned on for testing, and should eventually go away once it is proven to be stable. I have personally been running this patch for over a year now, so it is believed to be fully stable.
Reviewed by: jake, obrien Approved by: jake
|
#
91709 |
|
05-Mar-2002 |
rwatson |
Three p_ucred -> td_ucred's missed in jhb's earlier pass; all appear to be safe.
|
#
91705 |
|
05-Mar-2002 |
rwatson |
The change from td->td_proc->p_ucred to td->td_ucred has shortened some lines: more agressively line wrap under those circumstances.
|
#
91419 |
|
27-Feb-2002 |
jhb |
- Change namei() to use td_ucred instead of p_ucred. - Change the hack in access() that uses a temporary credential to set td_ucred to the temp cred instead of p_ucred.
|
#
91406 |
|
27-Feb-2002 |
jhb |
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
|
#
90486 |
|
10-Feb-2002 |
rwatson |
Make sure to hold vnode lock when calling into VOP_GETATTR().
Discussed with: mckusick, phk
|
#
90480 |
|
10-Feb-2002 |
rwatson |
Make sure to grab vnode lock on a vnode before calling VOP_GETATTR() to perform an ownership test in revoke(). This is also required for MAC hooks so that the vnode lock is held during a call to the MAC framework. Release the lock before calling VOP_REVOKE().
Discussed with: phk, mckusick
|
#
90455 |
|
10-Feb-2002 |
rwatson |
Remove a stray 'const' that slept into extattr_set_vp(), and could result in compiler warnings.
|
#
90448 |
|
10-Feb-2002 |
rwatson |
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so as not to use the scatter gather API (which appeared not to be used by any consumers, and be less portable), rather, accepts 'data' and 'nbytes' in the style of other simple read/write interfaces. This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return a size_t. When performing a read, the number of bytes read will be returned, unless the data pointer is NULL, in which case the number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t argument so as to return the size, if desirable. If set to NULL, the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more portable. More commits to rebuild the system call files, as well as update userland utilities to follow.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
90387 |
|
08-Feb-2002 |
rwatson |
o Merge various recent fixes from the MAC branch relating to extattrctl(): - Fix null-pointer dereference introduced when snapshotting was introduced. This occured because unlike the previous code, vn_start_write() doesn't always return a non-NULL mp, as filesystems may not support the VOP_GETWRITEMOUNT() call. For now, rely on two pointers, so that vn_finished_write() works properly. - Fix locking problems on exit, introduced at some past time, some when snapshots came in, where a vnode might not be unlocked before being vrele'd in various error situations.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
#
90361 |
|
07-Feb-2002 |
julian |
Pre-KSE/M3 commit. this is a low-functionality change that changes the kernel to access the main thread of a process via the linked list of threads rather than assuming that it is embedded in the process. It IS still embeded there but remove all teh code that assumes that in preparation for the next commit which will actually move it out.
Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
|
#
90079 |
|
01-Feb-2002 |
alfred |
Don't recurse on filedesc lock in chroot_refuse_vdir_fds().
Noticed by: Michael Nottebrock <michaelnottebrock@gmx.net>
|
#
89319 |
|
13-Jan-2002 |
alfred |
Replace ffind_* with fget calls.
Make fget MPsafe.
Make fgetvp and fgetsock use the fget subsystem to reduce code bloat.
Push giant down in fpathconf().
|
#
89306 |
|
13-Jan-2002 |
alfred |
SMP Lock struct file, filedesc and the global file list.
Seigo Tanimura (tanimura) posted the initial delta.
I've polished it quite a bit reducing the need for locking and adapting it for KSE.
Locks:
1 mutex in each filedesc protects all the fields. protects "struct file" initialization, while a struct file is being changed from &badfileops -> &pipeops or something the filedesc should be locked.
1 mutex in each struct file protects the refcount fields. doesn't protect anything else. the flags used for garbage collection have been moved to f_gcflag which was the FILLER short, this doesn't need locking because the garbage collection is a single threaded container. could likely be made to use a pool mutex.
1 sx lock for the global filelist.
struct file * fhold(struct file *fp); /* increments reference count on a file */
struct file * fhold_locked(struct file *fp); /* like fhold but expects file to locked */
struct file * ffind_hold(struct thread *, int fd); /* finds the struct file in thread, adds one reference and returns it unlocked */
struct file * ffind_lock(struct thread *, int fd); /* ffind_hold, but returns file locked */
I still have to smp-safe the fget cruft, I'll get to that asap.
|
#
89173 |
|
09-Jan-2002 |
iedowse |
Change dounmount() to return EBUSY in the non-MNT_FORCE case if we can't acquire the mnt_lock without blocking. Normally non-forced unmount attempts return EBUSY quickly if any vnodes are active, so this just extends that behaviour to cover the per-mount mnt_lock too.
|
#
88844 |
|
03-Jan-2002 |
se |
Return EBADF in case some vnode field has been reset to a NULL pointer. (There has been some discussion, whether ENOENT or EBADF is more appropriate. I choose the latter, since the operation is not supported on the file descriptor at that time, even if it was, immediately before.)
PR: 32681 Reviewed by: dillon, iedowse, ... Approved by: nectar MFC after: 3 days (pending RE approval)
|
#
86078 |
|
05-Nov-2001 |
phk |
Define a new mount flag "MNT_JAILDEVFS"
Collect the magic combination of flags which can be updated into a macro in sys/mount.h rather than inlining them (twice!) in vfs_syscalls.c
|
#
86037 |
|
04-Nov-2001 |
dillon |
Add mnt_reservedvnlist so we can MFC to 4.x, in order to make all mount structure changes now rather then piecemeal later on. mnt_nvnodelist currently holds all the vnodes under the mount point. This will eventually be split into a 'dirty' and 'clean' list. This way we only break kld's once rather then twice. nvnodelist will eventually turn into the dirty list and should remain compatible with the klds.
|
#
85902 |
|
02-Nov-2001 |
rwatson |
o Remove the local temporary variable "struct proc *p" from vfs_mount() in vfs_syscalls.c. Although it did save some indirection, many of those savings will be obscured with the impending commit of suser() changes, and the result is increased code complexity. Also, once p->p_ucred and td->td_ucred are distinguished, this will make vfs_mount() use the correct thread credential, rather than the process credential.
|
#
85896 |
|
02-Nov-2001 |
phk |
Argh!
patch added the nmount at the bottom first time around.
Take 3!
|
#
85894 |
|
02-Nov-2001 |
phk |
Add empty shell for nmount syscall (take 2!)
|
#
85891 |
|
02-Nov-2001 |
phk |
Add nmount() stub function and regenerate the syscall-glue which should not need to check in generated files.
|
#
85427 |
|
24-Oct-2001 |
dillon |
unwind v_writecount in fhopen() if we are unable to allocate the descriptor.
MFC after: 3 days
|
#
85339 |
|
22-Oct-2001 |
dillon |
Change the vnode list under the mount point from a LIST to a TAILQ in preparation for an implementation of limiting code for kern.maxvnodes.
MFC after: 3 days
|
#
84323 |
|
01-Oct-2001 |
rwatson |
o Complete the migration from suser error checking in the following form in vfs_syscalls.c:
if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid && (error = suser_td(td)) != 0) { unwrap_lots_of_stuff(); return (error); }
to:
if (mp->mnt_stat.f_owner != p->p_ucred->cr_uid) { error = suser_td(td); if (error) { unwrap_lots_of_stuff(); return (error); } }
This makes the code more readable when complex clauses are in use, and minimizes conflicts for large outstanding patchsets modifying the kernel authorization code (of which I have several), especially where existing authorization and context code are combined in the same if() conditional.
Obtained from: TrustedBSD Project
|
#
83809 |
|
22-Sep-2001 |
rwatson |
o vpaccess() -> vn_access() -- Peter reminds me that there is already a convention for vnop helper routines of this sort.
Submitted by: Mr Wemm <peter>
|
#
83795 |
|
21-Sep-2001 |
rwatson |
o Introduce eaccess(2), a version of access(2) that uses the effective credentials rather than the real credentials. This is useful for implementing GUI's which need to modify icons based on access rights, but where use of open(2) is too expensive, use of stat(2) doesn't reflect the file system's real protection model, and use of access() suffers from real/effective credential confusion. This implementation provides the same semantics as the call of the same name on SCO OpenServer. Note: using this call improperly can leave you subject to some of the same races present in the access(2) call. o To implement this, break out the basic logic of access(2) into vpaccess(), which accepts a passed credential to perform the invocation of VOP_ACCESS(). Add eaccess(2) to invoke vpaccess(), and modify access(2) to use vpaccess().
Obtained from: TrustedBSD Project
|
#
83366 |
|
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
#
82515 |
|
29-Aug-2001 |
ache |
lseek: simplify overflow checks
|
#
82346 |
|
26-Aug-2001 |
ache |
Cosmetique & style fixes from bde
|
#
82207 |
|
23-Aug-2001 |
ache |
lseek: fix check for vattr.va_size overflow. Check suggested by bde simple not works with unsigned types.
|
#
82192 |
|
23-Aug-2001 |
ache |
Cosmetique: more <sys/*> into one group, separate include families by blank line
|
#
82098 |
|
21-Aug-2001 |
ache |
Make lseek() POSIXed: for non character special files
1) handle off_t overflow with EOVERFLOW 2) handle negative offsets with EINVAL
Reviewed by: arch discussion
|
#
81993 |
|
20-Aug-2001 |
iedowse |
Avoid sleeping while holding a mutex in dounmount(). This problem has existed for a long time, but I made it worse a few months ago by by adding calls to VFS_ROOT() and checkdirs() in revision 1.179.
Also, remove the LK_REENABLE flag in the lockmgr() call; this flag has been ignored by the lockmgr code for 4 years. This was the only remaining mention of it apart from its definition.
Reviewed by: jhb
|
#
81487 |
|
10-Aug-2001 |
iedowse |
Arbitrarily limit to 64k the number of bytes that can be read at a time using the ogetdirentries() compatibility syscall. This is a hack to ensure that rediculous values don't get passed to MALLOC().
Reviewed by: kris
|
#
79482 |
|
09-Jul-2001 |
des |
Constify the fstype argument to vfs_mount(). This eliminates at least one "call discards qualifier" warning (in sys/compat/linux/linux_file.c).
|
#
79224 |
|
04-Jul-2001 |
dillon |
With Alfred's permission, remove vm_mtx in favor of a fine-grained approach (this commit is just the first stage). Also add various GIANT_ macros to formalize the removal of Giant, making it easy to test in a more piecemeal fashion. These macros will allow us to test fine-grained locks to a degree before removing Giant, and also after, and to remove Giant in a piecemeal fashion via sysctl's on those subsystems which the authors believe can operate without Giant.
|
#
77845 |
|
06-Jun-2001 |
tmm |
Fix an instance of NDINIT in the extattrctl syscall: LOCKLEAF was or'ed to the operation parameter, not to the flags as it should be.
Reviewed by: rwatson
|
#
77183 |
|
25-May-2001 |
rwatson |
o Merge contents of struct pcred into struct ucred. Specifically, add the real uid, saved uid, real gid, and saved gid to ucred, as well as the pcred->pc_uidinfo, which was associated with the real uid, only rename it to cr_ruidinfo so as not to conflict with cr_uidinfo, which corresponds to the effective uid. o Remove p_cred from struct proc; add p_ucred to struct proc, replacing original macro that pointed. p->p_ucred to p->p_cred->pc_ucred. o Universally update code so that it makes use of ucred instead of pcred, p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo, cr_{r,sv}{u,g}id instead of p_*, etc. o Remove pcred0 and its initialization from init_main.c; initialize cr_ruidinfo there. o Restruction many credential modification chunks to always crdup while we figure out locking and optimizations; generally speaking, this means moving to a structure like this: newcred = crdup(oldcred); ... p->p_ucred = newcred; crfree(oldcred); It's not race-free, but better than nothing. There are also races in sys_process.c, all inter-process authorization, fork, exec, and exit. o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid; remove comments indicating that the old arrangement was a problem. o Restructure exec1() a little to use newcred/oldcred arrangement, and use improved uid management primitives. o Clean up exit1() so as to do less work in credential cleanup due to pcred removal. o Clean up fork1() so as to do less work in credential cleanup and allocation. o Clean up ktrcanset() to take into account changes, and move to using suser_xxx() instead of performing a direct uid==0 comparision. o Improve commenting in various kern_prot.c credential modification calls to better document current behavior. In a couple of places, current behavior is a little questionable and we need to check POSIX.1 to make sure it's "right". More commenting work still remains to be done. o Update credential management calls, such as crfree(), to take into account new ruidinfo reference. o Modify or add the following uid and gid helper routines: change_euid() change_egid() change_ruid() change_rgid() change_svuid() change_svgid() In each case, the call now acts on a credential not a process, and as such no longer requires more complicated process locking/etc. They now assume the caller will do any necessary allocation of an exclusive credential reference. Each is commented to document its reference requirements. o CANSIGIO() is simplified to require only credentials, not processes and pcreds. o Remove lots of (p_pcred==NULL) checks. o Add an XXX to authorization code in nfs_lock.c, since it's questionable, and needs to be considered carefully. o Simplify posix4 authorization code to require only credentials, not processes and pcreds. Note that this authorization, as well as CANSIGIO(), needs to be updated to use the p_cansignal() and p_cansched() centralized authorization routines, as they currently do not take into account some desirable restrictions that are handled by the centralized routines, as well as being inconsistent with other similar authorization instances. o Update libkvm to take these changes into account.
Obtained from: TrustedBSD Project Reviewed by: green, bde, jhb, freebsd-arch, freebsd-audit
|
#
77096 |
|
23-May-2001 |
jhb |
Don't release Giant around vm_oject_page_clean() in fsync() as the pager putpages called will need Giant.
|
#
77031 |
|
23-May-2001 |
ru |
- FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file systems were repo-copied from sys/miscfs to sys/fs.
- Renamed the following file systems and their modules: fdesc -> fdescfs, portal -> portalfs, union -> unionfs.
- Renamed corresponding kernel options: FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.
- Install header files for the above file systems.
- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland Makefiles.
|
#
76827 |
|
18-May-2001 |
alfred |
Introduce a global lock for the vm subsystem (vm_mtx).
vm_mtx does not recurse and is required for most low level vm operations.
faults can not be taken without holding Giant.
Memory subsystems can now call the base page allocators safely.
Almost all atomic ops were removed as they are covered under the vm mutex.
Alpha and ia64 now need to catch up to i386's trap handlers.
FFS and NFS have been tested, other filesystems will need minor changes (grabbing the vm lock when twiddling page properties).
Reviewed (partially) by: jake, jhb
|
#
76117 |
|
29-Apr-2001 |
grog |
Revert consequences of changes to mount.h, part 2.
Requested by: bde
|
#
75858 |
|
23-Apr-2001 |
grog |
Correct #includes to work with fixed sys/mount.h.
|
#
75038 |
|
31-Mar-2001 |
rwatson |
o Introduce extattr_{delete,get,set}_fd() to allow extended attribute operations on file descriptors, which complement the existing set of calls, extattr_{delete,get,set}_file() which act on paths. In doing so, restructure the system call implementation such that the two sets of functions share most of the relevant code, rather than duplicating it. This pushes the vnode locking into the shared code, but keeps the copying in of some arguments in the system call code. Allowing access via file descriptors reduces the opportunity for race conditions when managing extended attributes.
Obtained from: TrustedBSD Project
|
#
74927 |
|
28-Mar-2001 |
jhb |
Convert the allproc and proctree locks from lockmgr locks to sx locks.
|
#
74513 |
|
20-Mar-2001 |
bde |
Fixed breakage of access() in rev.1.164. Wrong credentials were used for the final path component.
|
#
74437 |
|
19-Mar-2001 |
rwatson |
o Rename "namespace" argument to "attrnamespace" as namespace is a C++ reserved word.
Submitted by: jkh Obtained from: TrustedBSD Project
|
#
74273 |
|
15-Mar-2001 |
rwatson |
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests.
o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly.
o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
|
#
73909 |
|
07-Mar-2001 |
jhb |
Check to see if p_fd is NULL before derferencing it in checkdirs(). It's possible for us to see a process in the early stages of fork before p_fd has been initialized. Ideally, we wouldn't stick a process on the allproc list until it was fully created however.
|
#
73342 |
|
02-Mar-2001 |
adrian |
Mismatched MFSNAMELEN and MNAMELEN with fstype / fspath.
Submitted by: Naoki Kobayashi <shibata@geo.titech.ac.jp>
|
#
73286 |
|
01-Mar-2001 |
adrian |
Reviewed by: jlemon
An initial tidyup of the mount() syscall and VFS mount code.
This code replaces the earlier work done by jlemon in an attempt to make linux_mount() work.
* the guts of the mount work has been moved into vfs_mount().
* move `type', `path' and `flags' from being userland variables into being kernel variables in vfs_mount(). `data' remains a pointer into userspace.
* Attempt to verify the `type' and `path' strings passed to vfs_mount() aren't too long.
* rework mount() and linux_mount() to take the userland parameters (besides data, as mentioned) and pass kernel variables to vfs_mount(). (linux_mount() already did this, I've just tidied it up a little more.)
* remove the copyin*() stuff for `path'. `data' still requires copyin*() since its a pointer into userland.
* set `mount->mnt_statf_mntonname' in vfs_mount() rather than in each filesystem. This variable is generally initialised with `path', and each filesystem can override it if they want to.
* NOTE: f_mntonname is intiailised with "/" in the case of a root mount.
|
#
73241 |
|
28-Feb-2001 |
iedowse |
The kernel did not hold a vnode reference associated with the `rootvnode' pointer, but vfs_syscalls.c's checkdirs() assumed that it did. This bug reliably caused a panic at reboot time if any filesystem had been mounted directly over /.
The checkdirs() function is called at mount time to find any process fd_cdir or fd_rdir pointers referencing the covered mountpoint vnode. It transfers these to point at the root of the new filesystem. However, this process was not reversed at unmount time, so processes with a cwd/root at a mount point would unexpectedly lose their cwd/root following a mount-unmount cycle at that mountpoint.
This change should fix both of the above issues. Start_init() now holds an extra vnode reference corresponding to `rootvnode', and dounmount() releases this reference when the root filesystem is unmounted just before reboot. Dounmount() now undoes the actions taken by checkdirs() at mount time; any process cdir/rdir pointers that reference the root vnode of the unmounted filesystem are transferred to the now-uncovered vnode.
Reviewed by: bde, phk
|
#
72786 |
|
21-Feb-2001 |
rwatson |
o Move per-process jail pointer (p->pr_prison) to inside of the subject credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use.
Notes:
o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure.
Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
|
#
72537 |
|
16-Feb-2001 |
jlemon |
Introduce copyinfrom and copyinstrfrom, which can copy data from either user or kernel space. This will allow layering of os-compat (e.g.: linux) system calls. Apply the changes to mount.
|
#
72200 |
|
09-Feb-2001 |
bmilekic |
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case.
Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
|
#
69947 |
|
12-Dec-2000 |
jake |
- Change the allproc_lock to use a macro, ALLPROC_LOCK(how), instead of explicit calls to lockmgr. Also provides macros for the flags pased to specify shared, exclusive or release which map to the lockmgr flags. This is so that the use of lockmgr can be easily replaced with optimized reader-writer locks. - Add some locking that I missed the first time.
|
#
69781 |
|
08-Dec-2000 |
dwmalone |
Convert more malloc+bzero to malloc+M_ZERO.
Submitted by: josh@zipperup.org Submitted by: Robert Drehmel <robd@gmx.net>
|
#
69022 |
|
22-Nov-2000 |
jake |
Protect the following with a lockmgr lock:
allproc zombproc pidhashtbl proc.p_list proc.p_hash nextpid
Reviewed by: jhb Obtained from: BSD/OS and netbsd
|
#
68883 |
|
18-Nov-2000 |
dillon |
This patchset fixes a large number of file descriptor race conditions. Pre-rfork code assumed inherent locking of a process's file descriptor array. However, with the advent of rfork() the file descriptor table could be shared between processes. This patch closes over a dozen serious race conditions related to one thread manipulating the table (e.g. closing or dup()ing a descriptor) while another is blocked in an open(), close(), fcntl(), read(), write(), etc...
PR: kern/11629 Discussed with: Alexander Viro <viro@math.psu.edu>
|
#
68259 |
|
02-Nov-2000 |
phk |
Take VBLK devices further out of their missery.
This should fix the panic I introduced in my previous commit on this topic.
|
#
67365 |
|
20-Oct-2000 |
jhb |
Catch up to moving headers: - machine/ipl.h -> sys/ipl.h - machine/mutex.h -> sys/mutex.h
|
#
66615 |
|
03-Oct-2000 |
jasone |
Convert lockmgr locks from using simple locks to using mutexes.
Add lockdestroy() and appropriate invocations, which corresponds to lockinit() and must be called to clean up after a lockmgr lock is no longer needed.
|
#
65851 |
|
14-Sep-2000 |
eivind |
Add function comments for functions missing them
|
#
65847 |
|
14-Sep-2000 |
eivind |
Blow away COMPAT_43 support for mount
|
#
65770 |
|
12-Sep-2000 |
bp |
Add three new VOPs: VOP_CREATEVOBJECT, VOP_DESTROYVOBJECT and VOP_GETVOBJECT. They will be used by nullfs and other stacked filesystems to support full cache coherency.
Reviewed in general by: mckusick, dillon
|
#
65461 |
|
05-Sep-2000 |
rwatson |
o Remove commented out code which modified return values from extattr_{get,set} syscalls in the face of partial reads or writes.
Obtained from: TrustedBSD Project
|
#
65367 |
|
02-Sep-2000 |
truckman |
access() shouldn't diddle with the contents of a potentially shared credential. Create a temporary copy of the current credential and modify the copy.
Submitted by: tegge
|
#
64445 |
|
08-Aug-2000 |
tegge |
Don't set flags on the mount structure before all permission checks have been done.
Don't allow multiple mount operations with MNT_UPDATE at the same time on the same mount point. When the first mount operation completed, MNT_UPDATE was cleared in the mount structure, causing the second to complete as if it was a no-update mount operation with the following bad side effects:
- mount structure inserted multiple times onto the mountlist - vp->v_mountedhere incorrectly set, causing next namei operation walking into the mountpoint to crash with a locking against myself panic.
Plug a vnode leak in case vinvalbuf fails.
|
#
63967 |
|
28-Jul-2000 |
rwatson |
o Modify extattr_{set,get}() syscalls so that partial reads and writes with an error condition such as EINTR, EWOULDBLOCK, and ERESTART, are reported to the application, not silently conceal. This behavior was copied from the {read,write}v() syscalls, and is appropriate there but not here. o Correct a bug in extattr_delete() wherein the LOCKLEAF flag is passed to the wrong argument in namei(), resulting in some unexpected errors during name resolution, and passing in an unlocked vnode.
Obtained from: TrustedBSD Project
|
#
63893 |
|
26-Jul-2000 |
rwatson |
o Lock vnode before calling extattr_* VOP's, and modify vnode spec to allow for that. o Remember to call NDFREE() if exiting as a result of a failed vn_start_write() when snapshotting.
Reviewed by: mckusick Obtained from: TrustedBSD Project
|
#
63830 |
|
25-Jul-2000 |
mckusick |
Do not need vrele(nd.ni_vp) as that is done by NDFREE(&nd, 0);
Submitted by: Peter Holm <pho@freebsd.org>
|
#
62976 |
|
11-Jul-2000 |
mckusick |
Add snapshots to the fast filesystem. Most of the changes support the gating of system calls that cause modifications to the underlying filesystem. The gating can be enabled by any filesystem that needs to consistently suspend operations by adding the vop_stdgetwritemount to their set of vnops. Once gating is enabled, the function vfs_write_suspend stops all new write operations to a filesystem, allows any filesystem modifying system calls already in progress to complete, then sync's the filesystem to disk and returns. The function vfs_write_resume allows the suspended write operations to begin again. Gating is not added by default for all filesystems as for SMP systems it adds two extra locks to such critical kernel paths as the write system call. Thus, gating should only be added as needed.
Details on the use and current status of snapshots in FFS can be found in /sys/ufs/ffs/README.snapshot so for brevity and timelyness is not included here. Unless and until you create a snapshot file, these changes should have no effect on your system (famous last words).
|
#
62550 |
|
04-Jul-2000 |
mckusick |
Move the truncation code out of vn_open and into the open system call after the acquisition of any advisory locks. This fix corrects a case in which a process tries to open a file with a non-blocking exclusive lock. Even if it fails to get the lock it would still truncate the file even though its open failed. With this change, the truncation is done only after the lock is successfully acquired.
Obtained from: BSD/OS
|
#
62469 |
|
03-Jul-2000 |
phk |
Make the two calls from kern/* into softupdates #ifdef SOFTUPDATES, that is way cleaner than using the softupdates_stub stunt, which should be killed when convenient.
Discussed with: mckusick
|
#
62261 |
|
29-Jun-2000 |
archie |
Move the securelevel check before loading KLD's into linker_load_file(), instead of requiring every caller of linker_load_file() to perform the check itself. This avoids netgraph loading KLD's when securelevel > 0, not to mention any future code that may call linker_load_file().
Reviewed by: dfr
|
#
61730 |
|
16-Jun-2000 |
phk |
Revert part of my bioops change which implemented panic(8).
|
#
61724 |
|
16-Jun-2000 |
phk |
Virtualizes & untangles the bioops operations vector.
Ref: Message-ID: <18317.961014572@critter.freebsd.dk> To: current@
|
#
60041 |
|
05-May-2000 |
phk |
Separate the struct bio related stuff out of <sys/buf.h> into <sys/bio.h>.
<sys/bio.h> is now a prerequisite for <sys/buf.h> but it shall not be made a nested include according to bdes teachings on the subject of nested includes.
Diskdrivers and similar stuff below specfs::strategy() should no longer need to include <sys/buf.> unless they need caching of data.
Still a few bogus uses of struct buf to track down.
Repocopy by: peter
|
#
58717 |
|
28-Mar-2000 |
dillon |
Commit major SMP cleanups and move the BGL (big giant lock) in the syscall path inward. A system call may select whether it needs the MP lock or not (the default being that it does need it).
A great deal of conditional SMP code for various deadended experiments has been removed. 'cil' and 'cml' have been removed entirely, and the locking around the cpl has been removed. The conditional separately-locked fast-interrupt code has been removed, meaning that interrupts must hold the CPL now (but they pretty much had to anyway). Another reason for doing this is that the original separate-lock for interrupts just doesn't apply to the interrupt thread mechanism being contemplated.
Modifications to the cpl may now ONLY occur while holding the MP lock. For example, if an otherwise MP safe syscall needs to mess with the cpl, it must hold the MP lock for the duration and must (as usual) save/restore the cpl in a nested fashion.
This is precursor work for the real meat coming later: avoiding having to hold the MP lock for common syscalls and I/O's and interrupt threads. It is expected that the spl mechanisms and new interrupt threading mechanisms will be able to run in tandem, allowing a slow piecemeal transition to occur.
This patch should result in a moderate performance improvement due to the considerable amount of code that has been removed from the critical path, especially the simplification of the spl*() calls. The real performance gains will come later.
Approved by: jkh Reviewed by: current, bde (exception.s) Some work taken from: luoqi's patch
|
#
55696 |
|
09-Jan-2000 |
mckusick |
Add bwillwrite to all system calls that create things in the filesystem. Benchmarks that create huge trees of empty files overwhelm the buffer cache.
|
#
54803 |
|
19-Dec-1999 |
rwatson |
Second pass commit to introduce new ACL and Extended Attribute system calls, vnops, vfsops, both in /kern, and to individual file systems that require a vfsop_ array entry.
Reviewed by: eivind
|
#
54655 |
|
15-Dec-1999 |
eivind |
Introduce NDFREE (and remove VOP_ABORTOP)
|
#
54469 |
|
12-Dec-1999 |
dillon |
Remove accidental pollution unrelated to previous commit. The issue here is real but has not yet been discussed with Eivind.
|
#
54467 |
|
12-Dec-1999 |
dillon |
Add MAP_NOSYNC feature to mmap(), and MADV_NOSYNC and MADV_AUTOSYNC to madvise().
This feature prevents the update daemon from gratuitously flushing dirty pages associated with a mapped file-backed region of memory. The system pager will still page the memory as necessary and the VM system will still be fully coherent with the filesystem. Modifications made by other means to the same area of memory, for example by write(), are unaffected. The feature works on a page-granularity basis.
MAP_NOSYNC allows one to use mmap() to share memory between processes without incuring any significant filesystem overhead, putting it in the same performance category as SysV Shared memory and anonymous memory.
Reviewed by: julian, alc, dg
|
#
53452 |
|
20-Nov-1999 |
phk |
struct mountlist and struct mount.mnt_list have no business being a CIRCLEQ. Change them to TAILQ_HEAD and TAILQ_ENTRY respectively.
This removes ugly mp != (void*)&mountlist comparisons.
Requested by: phk Submitted by: Jake Burkholder jake@checker.org PR: 14967
|
#
53350 |
|
18-Nov-1999 |
dillon |
Ensure that garbage from the kernel stack does not wind up being returned to user mode in the spare fields of the stat structure.
PR: kern/14966 Reviewed by: dillon@freebsd.org Submitted by: Kelly Yancey kbyanc@posi.net
|
#
53225 |
|
16-Nov-1999 |
phk |
Commit the remaining part of PR14914:
Alot of the code in sys/kern directly accesses the *Q_HEAD and *Q_ENTRY structures for list operations. This patch makes all list operations in sys/kern use the queue(3) macros, rather than directly accessing the *Q_{HEAD,ENTRY} structures.
Reviewed by: phk Submitted by: Jake Burkholder <jake@checker.org> PR: 14914
|
#
53131 |
|
13-Nov-1999 |
eivind |
Remove WILLRELE from VOP_SYMLINK
Note: Previous commit to these files (except coda_vnops and devfs_vnops) that claimed to remove WILLRELE from VOP_RENAME actually removed it from VOP_MKNOD.
|
#
53122 |
|
13-Nov-1999 |
eivind |
Fix style bugs from last commit
|
#
53101 |
|
12-Nov-1999 |
eivind |
Remove WILLRELE from VOP_RENAME
|
#
52735 |
|
01-Nov-1999 |
julian |
Most modern OSs have the ability to flag certain mounts as ones to be ignored by default by the df(1) program. This is used mostly to avoid stat()-ing entries that do not represent "real" disk mount points (such as those made by an automounter such as amd.) It is also useful not to have to stat() these entries because it takes longer to report them that for other file systems, being that these mount points are served by a user-level file server and resulting in several context switches. Worse, if the automounter is down unexpectedly, a causal df(1) will hang in an interruptible way.
PR: kern/9764 Submitted by: Erez Zadok <ezk@cs.columbia.edu>
|
#
52128 |
|
11-Oct-1999 |
peter |
Trim unused options (or #ifdef for undoc options).
Submitted by: phk
|
#
51906 |
|
03-Oct-1999 |
phk |
Before we start to mess with the VFS name-cache clean things up a little bit: Isolate the namecache in its own file, and give it a dedicated malloc type.
|
#
51797 |
|
29-Sep-1999 |
phk |
Remove v_maxio from struct vnode.
Replace it with mnt_iosize_max in struct mount.
Nits from: bde
|
#
51649 |
|
25-Sep-1999 |
phk |
Fix a hole in jail(2).
Noticed by: Alexander Bezroutchko <abb@zenon.net>
|
#
51138 |
|
10-Sep-1999 |
alfred |
Seperate the export check in VFS_FHTOVP, exports are now checked via VFS_CHECKEXP.
Add fh(open|stat|stafs) syscalls to allow userland to query filesystems based on (network) filehandle.
Obtained from: NetBSD
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
50405 |
|
26-Aug-1999 |
phk |
Simplify the handling of VCHR and VBLK vnodes using the new dev_t:
Make the alias list a SLIST.
Drop the "fast recycling" optimization of vnodes (including the returning of a prexisting but stale vnode from checkalias). It doesn't buy us anything now that we don't hardlimit vnodes anymore.
Rename checkalias2() and checkalias() to addalias() and addaliasu() - which takes dev_t and udev_t arg respectively.
Make the revoke syscalls use vcount() instead of VALIASED.
Remove VALIASED flag, we don't need it now and it is faster to traverse the much shorter lists than to maintain the flag.
vfs_mountedon() can check the dev_t directly, all the vnodes point to the same one.
Print the devicename in specfs/vprint().
Remove a couple of stale LFS vnode flags.
Remove unimplemented/unused LK_DRAINED;
|
#
50165 |
|
22-Aug-1999 |
jdp |
Go back to using microtime() to get the timestamps for {f,l,}utimes(path, NULL) for now. Bruce says I jumped the gun with my change in revision 1.131, or maybe it should use nanotime(), or maybe it shouldn't be decided in the VFS layer at all. I'm leaving it with the old behavior until the Trans-Pacific Internet Vulcan Mind Meld yields fuller understanding.
|
#
50140 |
|
21-Aug-1999 |
jdp |
Use the new vfs_timestamp() function to create the timestamps used by utimes(path, NULL). This gives them the same precision as the timestamps produced by write operations. Do likewise for lutimes() and futimes().
Suggested by bde.
|
#
49664 |
|
12-Aug-1999 |
alfred |
Replace a redundant vfs_object_create() call (already done in vn_open) with a KASSERT.
Reviewed by: Eivind, Alan Cox
|
#
49413 |
|
04-Aug-1999 |
green |
Fix fd race conditions (during shared fd table usage.) Badfileops is now used in f_ops in place of NULL, and modifications to the files are more carefully ordered. f_ops should also be set to &badfileops upon "close" of a file.
This does not fix other problems mentioned in this PR than the first one.
PR: 11629 Reviewed by: peter
|
#
49400 |
|
04-Aug-1999 |
imp |
o Typo in prior version kept it from compiling (blush).
Noticed by: Nobody!
o Add comment about why we restrict chflags to root for devices. o nit noticed by bde wrt return values.
|
#
49397 |
|
03-Aug-1999 |
imp |
brucify: o use suser_xxx rather than suser to support JAIL code. o KNF comment convention o use vp->type rather than vaddr.type and eliminate call to VOP_GETATTR. Bruce says that vp->type is valid at this point.
Submitted by: bde.
Not fixed: o return (value) o Comment needs to be longer and more explicit. It will be after the advisory.
|
#
49386 |
|
02-Aug-1999 |
imp |
Only allow root to set file flags on devices.
|
#
49221 |
|
29-Jul-1999 |
green |
lutimes() bug: FOLLOW should be NOFOLLOW for this one.
Submitted by: Dan Nelson <dnelson@emsphone.com>
|
#
49101 |
|
26-Jul-1999 |
alc |
Add sysctl and support code to allow directories to be VMIO'd. The default setting for the sysctl is OFF, which is the historical operation.
Submitted by: dillon
|
#
46155 |
|
28-Apr-1999 |
phk |
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname.
Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|
#
46112 |
|
27-Apr-1999 |
phk |
Suser() simplification:
1: s/suser/suser_xxx/
2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with later.
There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
|
#
44973 |
|
23-Mar-1999 |
phk |
Add a sysctl variable which can help stop chroot(2) escapes.
kern.chroot_allow_open_directories = 0 chroot(2) fails if there are open directories.
kern.chroot_allow_open_directories = 1 (default) chroot(2) fails if there are open directories and the process is subject of a previous chroot(2).
kern.chroot_allow_open_directories = anything else filedescriptors are not checked. (old behaviour).
I'm very interested in reports about software which breaks when running with the default setting.
|
#
44439 |
|
03-Mar-1999 |
julian |
Slight cleanup of code resurected for union mounts.. Submitted by: Tony Finch <dot@dotat.at>
|
#
44314 |
|
27-Feb-1999 |
julian |
Fix code for union mounts Accidentally deleted by peter when he extracted the unionfs stuff in 1.109
Submitted by: Tony Finch <dot@dotat.at>
|
#
44272 |
|
25-Feb-1999 |
bde |
Added a used #include (don't depend on "vnode_if.h" including <sys/buf.h>).
|
#
44078 |
|
16-Feb-1999 |
dfr |
* Change sysctl from using linker_set to construct its tree using SLISTs. This makes it possible to change the sysctl tree at runtime.
* Change KLD to find and register any sysctl nodes contained in the loaded file and to unregister them when the file is unloaded.
Reviewed by: Archie Cobbs <archie@whistle.com>, Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
|
#
43428 |
|
30-Jan-1999 |
phk |
Use suser() to determine super-user-ness. Collapse some duplicated checks.
Reviewed by: bde
|
#
43351 |
|
28-Jan-1999 |
dillon |
Fix warnings related to -Wall -Wcast-qual
|
#
43301 |
|
27-Jan-1999 |
dillon |
Fix warnings in preparation for adding -Wall -Wcast-qual to the kernel compile
|
#
43141 |
|
24-Jan-1999 |
bde |
Go back to only supporting revoke() for bdevs and cdevs. It is very buggy for fifos, and no one seems to have investigated its behaviour on other types of files. It has been broken since the Lite2 merge in rev.1.54.
Nagged about by: Brian Feldman (green@unixhelp.org)
|
#
42315 |
|
05-Jan-1999 |
eivind |
Remove the 'waslocked' parameter to vfs_object_create().
|
#
41700 |
|
12-Dec-1998 |
dillon |
PR: kern/8965 Obtained from: Stephen Clawson <sclawson@cs.utah.edu>
Wakeup anyone waiting on a mount point prior to returning from umount, whether an error occurs or not. Fixes a stat/NFS-umount race and other potential future problems. Fix taken from bug/pr which also indicated that the same fix has already been applied to OpenBSD and NetBSD.
|
#
40862 |
|
03-Nov-1998 |
peter |
make mount(2) automatically kldload modules if the requested filesystem isn't present.
|
#
40852 |
|
03-Nov-1998 |
peter |
Change the #ifdef UNION code into a callable hook. Arrange to have this set up when unionfs is present, either statically or as a kld module.
|
#
40777 |
|
31-Oct-1998 |
peter |
The last argument to vm_object_page_clean() are now bit flags, rather than the old true/false.
While here, have vfs_msync() only call vm_object_page_clean() with OBJPC_SYNC if called with MNT_WAIT flags. vfs_msync() is called at unmount time (with MNT_WAIT) and from the syncer process (formerly update). This should make dirty mmap writebacks a little less nasty.
I have tested this a little with SOFTUPDATES enabled, but I don't normally use it since I've been badly burned too many times.
|
#
39623 |
|
24-Sep-1998 |
luoqi |
Eliminate a race in VOP_FSYNC() when softupdates is enabled. Submitted by: Kirk McKusick <mckusick@McKusick.COM> Two minor changes are also included, 1. Remove gratuitious checks for error return from vn_lock with LK_RETRY set, vn_lock should always succeed in these cases. 2. Back out change rev. 1.36->1.37, which unnecessarily makes async mount a little more unstable. It also keeps us in sync with other BSDs. Suggested by: Bruce Evans <bde@zeta.org.au>
|
#
39036 |
|
10-Sep-1998 |
tegge |
Don't keep the underlying directory locked while performing the file system specific VFS_MOUNT operation. PR: 1067
|
#
37649 |
|
15-Jul-1998 |
bde |
Cast pointers to uintptr_t/intptr_t instead of to u_long/long, respectively. Most of the longs should probably have been u_longs, but this changes is just to prevent warnings about casts between pointers and integers of different sizes, not to fix poorly chosen types.
|
#
37346 |
|
03-Jul-1998 |
dg |
Reset MNT_ASYNC flag if needed if unmount() should fail. Submitted by: Paul Saab <paul@mu.org>
|
#
36773 |
|
08-Jun-1998 |
dyson |
Remove some junk left over from a previous commit. Submitted by: phk
|
#
36735 |
|
07-Jun-1998 |
dfr |
This commit fixes various 64bit portability problems required for FreeBSD/alpha. The most significant item is to change the command argument to ioctl functions from int to u_long. This change brings us inline with various other BSD versions. Driver writers may like to use (__FreeBSD_version == 300003) to detect this change.
The prototype FreeBSD/alpha machdep will follow in a couple of days time.
|
#
35938 |
|
11-May-1998 |
dyson |
Fix the futimes/undelete/utrace conflict with other BSD's. Note that the only common usage of utrace (the possible problem with this commit) is with malloc, so this should be a real problem. Add the various NetBSD syscalls that allow full emulation of their development environment.
|
#
35823 |
|
07-May-1998 |
msmith |
In the words of the submitter:
--------- Make callers of namei() responsible for releasing references or locks instead of having the underlying filesystems do it. This eliminates redundancy in all terminal filesystems and makes it possible for stacked transport layers such as umapfs or nullfs to operate correctly.
Quality testing was done with testvn, and lat_fs from the lmbench suite.
Some NFS client testing courtesy of Patrik Kudo.
vop_mknod and vop_symlink still release the returned vpp. vop_rename still releases 4 vnode arguments before it returns. These remaining cases will be corrected in the next set of patches. ---------
Submitted by: Michael Hancock <michaelh@cet.co.jp>
|
#
35315 |
|
19-Apr-1998 |
des |
Backed out lseek changes.
|
#
35275 |
|
18-Apr-1998 |
des |
Return EINVAL and do not change file pointer if resulting offset is negative. PR: kern/6184
|
#
35105 |
|
08-Apr-1998 |
wosch |
New mount option nosymfollow. If enabled, the kernel lookup() function will not follow symbolic links on the mounted file system and return EACCES (Permission denied).
|
#
34951 |
|
29-Mar-1998 |
dyson |
Correct a significant problem with the softupdates port. Allow fsync to work properly within the softupdates framework, and thereby eliminate some unfortunate panics.
|
#
34266 |
|
08-Mar-1998 |
julian |
Reviewed by: dyson@freebsd.org (john Dyson), dg@root.com (david greenman) Submitted by: Kirk McKusick (mcKusick@mckusick.com) Obtained from: WHistle development tree
|
#
34206 |
|
07-Mar-1998 |
dyson |
This mega-commit is meant to fix numerous interrelated problems. There has been some bitrot and incorrect assumptions in the vfs_bio code. These problems have manifest themselves worse on NFS type filesystems, but can still affect local filesystems under certain circumstances. Most of the problems have involved mmap consistancy, and as a side-effect broke the vfs.ioopt code. This code might have been committed seperately, but almost everything is interrelated.
1) Allow (pmap_object_init_pt) prefaulting of buffer-busy pages that are fully valid. 2) Rather than deactivating erroneously read initial (header) pages in kern_exec, we now free them. 3) Fix the rundown of non-VMIO buffers that are in an inconsistent (missing vp) state. 4) Fix the disassociation of pages from buffers in brelse. The previous code had rotted and was faulty in a couple of important circumstances. 5) Remove a gratuitious buffer wakeup in vfs_vmio_release. 6) Remove a crufty and currently unused cluster mechanism for VBLK files in vfs_bio_awrite. When the code is functional, I'll add back a cleaner version. 7) The page busy count wakeups assocated with the buffer cache usage were incorrectly cleaned up in a previous commit by me. Revert to the original, correct version, but with a cleaner implementation. 8) The cluster read code now tries to keep data associated with buffers more aggressively (without breaking the heuristics) when it is presumed that the read data (buffers) will be soon needed. 9) Change to filesystem lockmgr locks so that they use LK_NOPAUSE. The delay loop waiting is not useful for filesystem locks, due to the length of the time intervals. 10) Correct and clean-up spec_getpages. 11) Implement a fully functional nfs_getpages, nfs_putpages. 12) Fix nfs_write so that modifications are coherent with the NFS data on the server disk (at least as well as NFS seems to allow.) 13) Properly support MS_INVALIDATE on NFS. 14) Properly pass down MS_INVALIDATE to lower levels of the VM code from vm_map_clean. 15) Better support the notion of pages being busy but valid, so that fewer in-transit waits occur. (use p->busy more for pageouts instead of PG_BUSY.) Since the page is fully valid, it is still usable for reads. 16) It is possible (in error) for cached pages to be busy. Make the page allocation code handle that case correctly. (It should probably be a printf or panic, but I want the system to handle coding errors robustly. I'll probably add a printf.) 17) Correct the design and usage of vm_page_sleep. It didn't handle consistancy problems very well, so make the design a little less lofty. After vm_page_sleep, if it ever blocked, it is still important to relookup the page (if the object generation count changed), and verify it's status (always.) 18) In vm_pageout.c, vm_pageout_clean had rotted, so clean that up. 19) Push the page busy for writes and VM_PROT_READ into vm_pageout_flush. 20) Fix vm_pager_put_pages and it's descendents to support an int flag instead of a boolean, so that we can pass down the invalidate bit.
|
#
33360 |
|
15-Feb-1998 |
dyson |
Make the rootdir handling more consistent. Now, processes always have a root vnode associated with them, and no special checks for the null case are needed. Submitted by: terry@freebsd.org
|
#
33168 |
|
07-Feb-1998 |
dyson |
Fix a problem with vn_lock in fsync.
|
#
33134 |
|
06-Feb-1998 |
eivind |
Back out DIAGNOSTIC changes.
|
#
33108 |
|
04-Feb-1998 |
eivind |
Turn DIAGNOSTIC into a new-style option.
|
#
32286 |
|
06-Jan-1998 |
dyson |
Make our v_usecount vnode reference count work identically to the original BSD code. The association between the vnode and the vm_object no longer includes reference counts. The major difference is that vm_object's are no longer freed gratuitiously from the vnode, and so once an object is created for the vnode, it will last as long as the vnode does.
When a vnode object reference count is incremented, then the underlying vnode reference count is incremented also. The two "objects" are now more intimately related, and so the interactions are now much less complex.
When vnodes are now normally placed onto the free queue with an object still attached. The rundown of the object happens at vnode rundown time, and happens with exactly the same filesystem semantics of the original VFS code. There is absolutely no need for vnode_pager_uncache and other travesties like that anymore.
A side-effect of these changes is that SMP locking should be much simpler, the I/O copyin/copyout optimizations work, NFS should be more ponderable, and further work on layered filesystems should be less frustrating, because of the totally coherent management of the vnode objects and vnodes.
Please be careful with your system while running this code, but I would greatly appreciate feedback as soon a reasonably possible.
|
#
32071 |
|
28-Dec-1997 |
dyson |
Lots of improvements, including restructring the caching and management of vnodes and objects. There are some metadata performance improvements that come along with this. There are also a few prototypes added when the need is noticed. Changes include:
1) Cleaning up vref, vget. 2) Removal of the object cache. 3) Nuke vnode_pager_uncache and friends, because they aren't needed anymore. 4) Correct some missing LK_RETRY's in vn_lock. 5) Correct the page range in the code for msync.
Be gentle, and please give me feedback asap.
|
#
32011 |
|
27-Dec-1997 |
bde |
Unspammed nested include of <vm/vm_zone.h>.
|
#
31778 |
|
16-Dec-1997 |
eivind |
Make COMPAT_43 and COMPAT_SUNOS new-style options.
|
#
31482 |
|
02-Dec-1997 |
bde |
Cleaned up __getcwd(). This should be cosmetic except disabled calls are now counted.
Reviewed by: phk
|
#
31349 |
|
22-Nov-1997 |
bde |
Staticized.
Use OID_AUTO instead of a magic number for the debug.syncprt sysctl. (This sysctl doesn't actually work. FreeBSD nuked it, but parts of it were mismerged from Lite2. It is not very good, but better than nothing.)
|
#
31345 |
|
22-Nov-1997 |
bde |
Fixed rev.1.81. mp->mnt_kern_flag was restored in the non-error case of `mount -u'. This only matters for `mount -u' competing with unmounts. If I understand the locking correctly: if mount() blocks, then unmount() may run and set mp->kern_flag for the same mp. Then unmount() blocks waiting for mount() to finish. When unmount() continues, its MNTK flags (MNTK_UNMOUNT and MNTK_MWAIT) may have been clobbered.
Didn't fix old bugs: - restoring mp->mnt_kern_flag is wrong for the same reasons in the error case. - the error case of unmount() seems to be broken too: (a) MNTK_UNMOUNT gets clobbered, although another unmount() may have set it. Perhaps it shouldn't be set until after the full lock is aquired. (b) MNTK_MWAIT isn't honoured.
Fixed a nearby style bug.
|
#
31144 |
|
12-Nov-1997 |
julian |
Reviewed by: hackers@freebsd.org in general Obtained from: Whistle Communications tree
Add an option to the way UFS works dependent on the SUID bit of directories This changes makes things a whole lot simpler on systems running as fileservers for PCs and MACS. to enable the new code you must 1/ enable option SUIDDIR on the kernel. 2/ mount the filesystem with option suiddir. hopefully this makes it difficult enough for people to do this accidentally. see the new chmod(2) man page for detailed info.
|
#
31132 |
|
12-Nov-1997 |
julian |
Reviewed by: various.
Ever since I first say the way the mount flags were used I've hated the fact that modes, and events, internal and exported, and short-term and long term flags are all thrown together. Finally it's annoyed me enough.. This patch to the entire FreeBSD tree adds a second mount flag word to the mount struct. it is not exported to userspace. I have moved some of the non exported flags over to this word. this means that we now have 8 free bits in the mount flags. There are another two that might well move over, but which I'm not sure about. The only user visible change would have been in pstat -v, except that davidg has disabled it anyhow. I'd still like to move the state flags and the 'command' flags apart from each other.. e.g. MNT_FORCE really doesn't have the same semantics as MNT_RDONLY, but that's left for another day.
|
#
30994 |
|
06-Nov-1997 |
phk |
Move the "retval" (3rd) parameter from all syscall functions and put it in struct proc instead.
This fixes a boatload of compiler warning, and removes a lot of cruft from the sources.
I have not removed the /*ARGSUSED*/, they will require some looking at.
libkvm, ps and other userland struct proc frobbing programs will need recompiled.
|
#
30803 |
|
28-Oct-1997 |
bde |
Fixed style bugs in open() fix.
|
#
30667 |
|
23-Oct-1997 |
kato |
Disallow non-root mount. If you want to allow non-root mount, change vfs.usermount into 1 with sysctl.
|
#
30644 |
|
22-Oct-1997 |
joerg |
Reject attempts to call open() with an illegal combination of O_RDONLY, O_WRONLY, O_RDWR.
|
#
30354 |
|
12-Oct-1997 |
phk |
Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them.
A couple of finer points by: bde
|
#
29913 |
|
28-Sep-1997 |
phk |
Fix handling of nested mountpoints in __getcwd()
Detected by: Simon Shapiro <Shimon@i-Connect.Net>
|
#
29888 |
|
27-Sep-1997 |
kato |
Clustered read and write are switched at mount-option level.
1. Clustered I/O is switched by the MNT_NOCLUSTERR and MNT_NOCLUSTERW bits of the mnt_flag. The sysctl variables, vfs.foo.doclusterread and vfs.foo.doclusterwrite are deleted. Only mount option can control clustered I/O from userland. 2. When foofs_mount mounts block device, foofs_mount checks D_CLUSTERR and D_CLUSTERW bits of the d_flags member in the block device switch table. If D_NOCLUSTERR / D_NOCLUSTERW are set, MNT_NOCLUSTERR / MNT_NOCLUSTERW bits will be set. In this case, MNT_NOCLUSTERR and MNT_NOCLUSTERW cannot be cleared from userland. 3. Vnode driver disables both clustered read and write. 4. Union filesystem disables clutered write.
Reviewed by: bde
|
#
29788 |
|
24-Sep-1997 |
phk |
A couple of handles to tweak, more statistics.
|
#
29653 |
|
21-Sep-1997 |
dyson |
Change the M_NAMEI allocations to use the zone allocator. This change plus the previous changes to use the zone allocator decrease the useage of malloc by half. The Zone allocator will be upgradeable to be able to use per CPU-pools, and has more intelligent usage of SPLs. Additionally, it has reasonable stats gathering capabilities, while making most calls inline.
|
#
29495 |
|
16-Sep-1997 |
phk |
Don't leak memory, from sef. Stylistic nits and a blunder, from bde.
|
#
29477 |
|
15-Sep-1997 |
phk |
Solve race-condition, return path in normal order. A couple of stylistic nits from Bruce.
If your libc contains version 1.11 or 1.12 of getcwd.c, (ie: if you recompiled libc one of the last couple of days): >>> Recompile LIBC before you boot a new kernel <<< A new libc will deal with both old and new kernels.
|
#
29463 |
|
15-Sep-1997 |
phk |
Deal more correctly with mountpoints.
|
#
29391 |
|
14-Sep-1997 |
phk |
Add a __getcwd() syscall. This is intentionally undocumented, but all it does is to try to figure the pwd out from the vfs namecache, and return a reversed string to it. libc:getcwd() is responsible for flipping it back.
|
#
29041 |
|
02-Sep-1997 |
bde |
Removed unused #includes.
|
#
27473 |
|
17-Jul-1997 |
dfr |
Merge WebNFS support from NetBSD
Obtained from: NetBSD
|
#
24625 |
|
04-Apr-1997 |
dfr |
[Previous comment was incorrect for these files] Added calls to VFS lock debugging macros to make fixing filesystems' locking easier.
|
#
24624 |
|
04-Apr-1997 |
dfr |
Add a function vop_sharedlock which a copy of vop_nolock without the implementation #ifdef out. This can be used for now by NFS. As soon as all the other filesystems' locking is fixed, this can go away.
Print the vnode address in vprint for easier debugging.
|
#
24441 |
|
31-Mar-1997 |
peter |
Code to do lchown(2), copied from chown(2) except it's NOFOLLOW in ND_INIT instead of FOLLOW.
|
#
24438 |
|
31-Mar-1997 |
peter |
Treat symlinks as first class citizens with their own uid/gid rather than as shadows of their containing directory. This should solve the problem of users not being able to delete their symlinks from /tmp once and for all.
Symlinks do not have modes though, they are accessable to everything that can read the directory (as before). They are made to show this fact at lstat time (they appear as mode 0777 always, since that's how the the lookup routines in the kernel treat them).
More commits will follow, eg: add a real lchown() syscall and man pages.
|
#
24149 |
|
23-Mar-1997 |
guido |
Add generation number randomization. Newly created filesystems wil now automatically have random generation numbers. The kenel way of handling those also changed. Further it is advised to run fsirand on all your nfs exported filesystems. the code is mostly copied from OpenBSD, with the randomization chanegd to use /dev/urandom Reviewed by: Garrett Obtained from: OpenBSD
|
#
24131 |
|
23-Mar-1997 |
bde |
Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined. Fixed everything that depended on getting fcntl.h stuff from the wrong place. Most things don't depend on file.h stuff at all.
|
#
23387 |
|
04-Mar-1997 |
msmith |
Check that vp->v_mount is non-null in fsync() before dereferencing it to obtain the mountpoint's MNT_ASYNC flag.
This is a Very Definite Last-Minute 2.2 Bugfix Candidate.
Reviewed by: sef
|
#
22975 |
|
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
22604 |
|
12-Feb-1997 |
mpp |
Don't depend on FIFO being defined to enable mkfifo. It is now always compiled.
Submitted by: bde
|
#
22582 |
|
12-Feb-1997 |
mpp |
Add function protypes for the new Lite2 unionfs functions.
|
#
22578 |
|
12-Feb-1997 |
mpp |
Comment out a call to the #ifdef DIAGNOSTIC routine vfs_bufstats(). This routine was not imported in the Lite2 merge.
|
#
22521 |
|
10-Feb-1997 |
dyson |
This is the kernel Lite/2 commit. There are some requisite userland changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes.
The system boots and can mount UFS filesystems.
Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed.
Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
20691 |
|
19-Dec-1996 |
bde |
Fixed lseek() on named pipes. It always succeeded but should always fail. Broke locking on named pipes in the same way as locking on non-vnodes (wrong errno). This will be fixed later.
The fix involves negative logic. Named pipes are now distinguished from other types of files with vnodes, and there is additional code to handle vnodes and named pipes in the same way only where that makes sense (not for lseek, locking or TIOCSCTTY).
|
#
18397 |
|
19-Sep-1996 |
nate |
In sys/time.h, struct timespec is defined as:
/* * Structure defined by POSIX.4 to be like a timeval. */ struct timespec { time_t ts_sec; /* seconds */ long ts_nsec; /* and nanoseconds */ };
The correct names of the fields are tv_sec and tv_nsec.
Reminded by: James Drobina <jdrobina@infinet.com>
|
#
18020 |
|
03-Sep-1996 |
bde |
Eliminated nested include of <sys/unistd.h> in <sys/file.h> in the kernel. Include it directly in the few places where it is used.
Reduced some #includes of <sys/file.h> to #includes of <sys/fcntl.h> or nothing.
|
#
18006 |
|
03-Sep-1996 |
dg |
Implemented kernel side of MNT_NOATIME mount option. This option disables the file access time update on reads and can be useful in reducing filesystem overhead in cases where the access time is not important (like Usenet news spools).
|
#
15897 |
|
24-May-1996 |
peter |
Dont allow directories to be link()ed or unlink()ed, even for root (returns EPERM always, the errno is specified by POSIX).
If you really have a desperate need to link or unlink a directory, you can use fsdb. :-)
This should stop any chance of ftpd, rdist, "rm -rf", etc from bugging out and damaging the filesystem structure or loosing races with malicious users.
Reviewed by: davidg, bde
|
#
15729 |
|
11-May-1996 |
bde |
Hide options for emulators and static file systems in opt_dontuse.h. These options only apply at config time. Using them at compile time would break the corresponding lkms.
|
#
13463 |
|
16-Jan-1996 |
dg |
Make sure the mountpoint is marked busy before doing operations on it. This fixes a panic that freefall suffered last night.
Obtained partially from 4.4-lite2, but minus the new bug that it introduced
|
#
13257 |
|
05-Jan-1996 |
wollman |
convert FDESC, KERNFS, NULLFS, PORTAL, UMAPFS, and UNION to the new style of options.
|
#
12913 |
|
17-Dec-1995 |
phk |
Staticize. Unstaticize a function in scsi/scsi_base that was used, with an undocumented option. My last count on the LINT kernel shows: Total symbols: 3647 unref symbols: 463 undef symbols: 4 1 ref symbols: 1751 2 ref symbols: 485 Approaching the pain threshold now.
|
#
12767 |
|
11-Dec-1995 |
dyson |
Changes to support 1Tb filesizes. Pages are now named by an (object,index) pair instead of (object,offset) pair.
|
#
12662 |
|
07-Dec-1995 |
dg |
Untangled the vm.h include file spaghetti.
|
#
12372 |
|
18-Nov-1995 |
bde |
Fixed the errno returned by rename("dir1", "dir2/."). It was EISDIR (duh); translate it to EINVAL which is the errno for other renames to ".".
|
#
12283 |
|
14-Nov-1995 |
phk |
Change some of the debug sysctl vars. The semantics of these will change.
|
#
12252 |
|
13-Nov-1995 |
bde |
Fixed a cast in olseek().
Fixed confusing order of declarations of getvnode()'s args.
|
#
12221 |
|
12-Nov-1995 |
bde |
Included <sys/sysproto.h> to get central declarations for syscall args structs and prototypes for syscalls.
Ifdefed duplicated decentralized declarations of args structs. It's convenient to have this visible but they are hard to maintain. Some are already different from the central declarations. 4.4lite2 puts them in comments in the function headers but I wanted to avoid the large changes for that.
|
#
12111 |
|
05-Nov-1995 |
dyson |
Make MNT_ASYNC more effective for UFS. It should not be too much more dangerous than the original MNT_ASYNC. There might be some minor security considerations due to data writes not being posted as promptly as before. Meta-data operations are still not quite as fast as Linux, but streaming I/O is still higher.
|
#
12061 |
|
04-Nov-1995 |
bde |
Prototype getvnode() in the right place (where ibcs2_stat.c can see it).
|
#
11644 |
|
22-Oct-1995 |
dg |
Moved the filesystem read-only check out of the syscalls and into the filesystem layer, as was done in lite-2. Merged in some other cosmetic changes while I was at it. Rewrote most of msdosfs_access() to be more like ufs_access() and to include the FS read-only check.
Obtained from: partially from 4.4BSD-lite2
|
#
11332 |
|
07-Oct-1995 |
swallace |
Remove prototype definitions from <sys/systm.h>. Prototypes are located in <sys/sysproto.h>.
Add appropriate #include <sys/sysproto.h> to files that needed protos from systm.h.
Add structure definitions to appropriate files that relied on sys/systm.h, right before system call definition, as in the rest of the kernel source.
In kern_prot.c, instead of using the dummy structure "args", create individual dummy structures named <syscall>_args. This makes life easier for prototype generation.
|
#
10358 |
|
28-Aug-1995 |
julian |
Reviewed by: julian with quick glances by bruce and others Submitted by: terry (terry lambert) This is a composite of 3 patch sets submitted by terry. they are: New low-level init code that supports loadbal modules better some cleanups in the namei code to help terry in 16-bit character support some changes to the mount-root code to make it a little more modular..
NOTE: mounting root off cdrom or NFS MIGHT be broken as I haven't been able to test those cases..
certainly mounting root of disk still works just fine.. mfs should work but is untested. (tomorrows task)
The low level init stuff includes a total rewrite of init_main.c to make it possible for new modules to have an init phase by simply adding an entry to a TEXT_SET (or is it DATA_SET) list. thus a new module can be added to the kernel without editing any other files other than the 'files' file.
|
#
10093 |
|
17-Aug-1995 |
bde |
The `cred' and `proc' args were missing for some VOP_OPEN() and VOP_CLOSE() calls.
Found by: gcc -Wstrict-prototypes after I supplied some of the 5000+ missing prototypes. Now I have 9000+ lines of warnings and errors about bogus conversions of function pointers.
|
#
10027 |
|
11-Aug-1995 |
dg |
Converted mountlist to a CIRCLEQ.
Partially obtained from: 4.4BSD-Lite2
|
#
9842 |
|
01-Aug-1995 |
dg |
Removed my special-case hack for VOP_LINK and fixed the problem with the wrong vp's ops vector being used by changing the VOP_LINK's argument order. The special-case hack doesn't go far enough and breaks the generic bypass routine used in some non-leaf filesystems. Pointed out by Kirk McKusick.
|
#
9804 |
|
30-Jul-1995 |
bde |
Ignore trailing slashes in pathnames that "refer to a directory", as is required to be POSIXLY_CORRECT and "right". I interpret "referring to a directory" as being a directory or becoming a directory. E.g., the trailing slashes in mkdir("/nonesuch/"), rename("/tmp", /nonesuch/") and link("/tmp", "/root_can_like_dirs/") are ignored because the target will become a directory if the syscall succeeds. A trailing slash on a symlink causes the symlink to be followed (this is a bug if the symlink doesn't point to a directory; fix later).
|
#
9507 |
|
13-Jul-1995 |
dg |
NOTE: libkvm, w, ps, 'top', and any other utility which depends on struct proc or any VM system structure will have to be rebuilt!!!
Much needed overhaul of the VM system. Included in this first round of changes:
1) Improved pager interfaces: init, alloc, dealloc, getpages, putpages, haspage, and sync operations are supported. The haspage interface now provides information about clusterability. All pager routines now take struct vm_object's instead of "pagers".
2) Improved data structures. In the previous paradigm, there is constant confusion caused by pagers being both a data structure ("allocate a pager") and a collection of routines. The idea of a pager structure has escentially been eliminated. Objects now have types, and this type is used to index the appropriate pager. In most cases, items in the pager structure were duplicated in the object data structure and thus were unnecessary. In the few cases that remained, a un_pager structure union was created in the object to contain these items.
3) Because of the cleanup of #1 & #2, a lot of unnecessary layering can now be removed. For instance, vm_object_enter(), vm_object_lookup(), vm_object_remove(), and the associated object hash list were some of the things that were removed.
4) simple_lock's removed. Discussion with several people reveals that the SMP locking primitives used in the VM system aren't likely the mechanism that we'll be adopting. Even if it were, the locking that was in the code was very inadequate and would have to be mostly re-done anyway. The locking in a uni-processor kernel was a no-op but went a long way toward making the code difficult to read and debug.
5) Places that attempted to kludge-up the fact that we don't have kernel thread support have been fixed to reflect the reality that we are really dealing with processes, not threads. The VM system didn't have complete thread support, so the comments and mis-named routines were just wrong. We now use tsleep and wakeup directly in the lock routines, for instance.
6) Where appropriate, the pagers have been improved, especially in the pager_alloc routines. Most of the pager_allocs have been rewritten and are now faster and easier to maintain.
7) The pagedaemon pageout clustering algorithm has been rewritten and now tries harder to output an even number of pages before and after the requested page. This is sort of the reverse of the ideal pagein algorithm and should provide better overall performance.
8) Unnecessary (incorrect) casts to caddr_t in calls to tsleep & wakeup have been removed. Some other unnecessary casts have also been removed.
9) Some almost useless debugging code removed.
10) Terminology of shadow objects vs. backing objects straightened out. The fact that the vm_object data structure escentially had this backwards really confused things. The use of "shadow" and "backing object" throughout the code is now internally consistent and correct in the Mach terminology.
11) Several minor bug fixes, including one in the vm daemon that caused 0 RSS objects to not get purged as intended.
12) A "default pager" has now been created which cleans up the transition of objects to the "swap" type. The previous checks throughout the code for swp->pg_data != NULL were really ugly. This change also provides the rudiments for future backing of "anonymous" memory by something other than the swap pager (via the vnode pager, for example), and it allows the decision about which of these pagers to use to be made dynamically (although will need some additional decision code to do this, of course).
13) (dyson) MAP_COPY has been deprecated and the corresponding "copy object" code has been removed. MAP_COPY was undocumented and non- standard. It was furthermore broken in several ways which caused its behavior to degrade to MAP_PRIVATE. Binaries that use MAP_COPY will continue to work correctly, but via the slightly different semantics of MAP_PRIVATE.
14) (dyson) Sharing maps have been removed. It's marginal usefulness in a threads design can be worked around in other ways. Both #12 and #13 were done to simplify the code and improve readability and maintain- ability. (As were most all of these changes)
TODO:
1) Rewrite most of the vnode pager to use VOP_GETPAGES/PUTPAGES. Doing this will reduce the vnode pager to a mere fraction of its current size.
2) Rewrite vm_fault and the swap/vnode pagers to use the clustering information provided by the new haspage pager interface. This will substantially reduce the overhead by eliminating a large number of VOP_BMAP() calls. The VOP_BMAP() filesystem interface should be improved to provide both a "behind" and "ahead" indication of contiguousness.
3) Implement the extended features of pager_haspage in swap_pager_haspage(). It currently just says 0 pages ahead/behind.
4) Re-implement the swap device (swstrategy) in a more elegant way, perhaps via a much more general mechanism that could also be used for disk striping of regular filesystems.
5) Do something to improve the architecture of vm_object_collapse(). The fact that it makes calls into the swap pager and knows too much about how the swap pager operates really bothers me. It also doesn't allow for collapsing of non-swap pager objects ("unnamed" objects backed by other pagers).
|
#
9356 |
|
28-Jun-1995 |
dg |
1) Converted v_vmdata to v_object. 2) Removed unnecessary vm_object_lookup()/pager_cache(object, TRUE) pairs after vnode_pager_alloc() calls - the object is already guaranteed to be persistent. 3) Removed some gratuitous casts.
|
#
9354 |
|
28-Jun-1995 |
dg |
Fixed VOP_LINK argument order botch.
|
#
8692 |
|
21-May-1995 |
dg |
Changes to fix the following bugs:
1) Files weren't properly synced on filesystems other than UFS. In some cases, this lead to lost data. Most likely would be noticed on NFS. The fix is to make the VM page sync/object_clean general rather than in each filesystem. 2) Mixing regular and mmaped file I/O on NFS was very broken. It caused chunks of files to end up as zeroes rather than the intended contents. The fix was to fix several race conditions and to kludge up the "b_dirtyoff" and "b_dirtyend" that NFS relies upon - paying attention to page modifications that occurred via the mmapping.
Reviewed by: David Greenman Submitted by: John Dyson
|
#
8530 |
|
15-May-1995 |
dg |
Fixed incompleteness that would allow dirty filesystems to get mounted when the single user shell was terminated. These changes disallow mounting or R/W upgrading filesystems that are dirty unless "-f" (force) option is used with mount. /etc/rc has been modified to abort the startup if one or more non-nfs partitions fail to mount.
Reviewed by: Poul-Henning Kamp, Rod Grimes
|
#
8220 |
|
02-May-1995 |
dg |
Removed unused variable caused by last commit.
|
#
8219 |
|
02-May-1995 |
dg |
Fix for sync() to close a potential panic with accessing a mount struct that had been freed.
Submitted by: John Dyson
|
#
7464 |
|
29-Mar-1995 |
dg |
Added a set of braces to make the compiler happy.
|
#
7158 |
|
19-Mar-1995 |
dg |
Moved call to vnode_pager_uncache in rename() to before the VOP_RENAME. It was previously after the VOP_RENAME and the reference and lock on the vnode had already been lost, allowing interesting internel inconsistencies. This is one of the two reasons why freefall was crashing every hour or two (the other being nullfs bugs). Don't call vnode_pager_uncache in revoke(). revoke() is only allowed on VCHR and VBLK vnodes.
|
#
7090 |
|
16-Mar-1995 |
bde |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
#
6785 |
|
28-Feb-1995 |
dg |
Do a vnode_pager_uncache after the VOP_RENAME to lose the remaining reference to the old vnode.
Suggested by: Bruce Evans
|
#
6343 |
|
13-Feb-1995 |
dg |
In sync(), don't dereference the proc pointer if it's NULL. Should fix most or all of the problems with calling sync() without a curproc (which can happen in machdep.c during a panic sync).
|
#
4140 |
|
04-Nov-1994 |
dg |
From tim@cs.city.ac.uk (Tim Wilkinson):
Find enclosed a short bugfix to get the union filesystem up and running in FreeBSD-current. We don't think we've got all the problems yet but these fixes sort out the major ones (which mostly concert bad locking of vnodes), no doubt we'll post others as necessary. Known problems include the inability of the umount command (not the system call) to unmount unions in certain circumstances (this is due the way "realpath" works), and the failure of direntries to always get all available files in unioned subdirectories. We are, as they say, working on it.
Submitted by: tim@cs.city.ac.uk (Tim Wilkinson)
|
#
3745 |
|
20-Oct-1994 |
wollman |
Make my ALLDEVS kernel compile (basically, LINT minus a lot of options).
This involves fixing a few things I broke last time.
|
#
3602 |
|
15-Oct-1994 |
phk |
Fix the problem with panics when mounting on nonexistant directories. Probably my fault in the first place...
|
#
3511 |
|
11-Oct-1994 |
sos |
Removed static declaration of getvnode() (used in ibcs2)
|
#
3441 |
|
08-Oct-1994 |
phk |
Cosmetics: added ()'s and fixed prinf-formats to make gcc silent.
|
#
3374 |
|
05-Oct-1994 |
dg |
Stuff object into v_vmdata rather than pager. Not important which at the moment, but will be in the future. Other changes mostly cosmetic, but are made for future VMIO considerations.
Submitted by: John Dyson
|
#
3308 |
|
02-Oct-1994 |
phk |
All of this is cosmetic. prototypes, #includes, printfs and so on. Makes GCC a lot more silent.
|
#
3167 |
|
28-Sep-1994 |
dfr |
Make NFS ask the filesystems for directory cookies instead of making them itself.
|
#
2979 |
|
22-Sep-1994 |
wollman |
More loadable VFS changes:
- Make a number of filesystems work again when they are statically compiled (blush)
- FIFOs are no longer optional; ``options FIFO'' removed from distributed config files.
|
#
2946 |
|
21-Sep-1994 |
wollman |
Implemented loadable VFS modules, and made most existing filesystems loadable. (NFS is a notable exception.)
|
#
2459 |
|
02-Sep-1994 |
dg |
Disallow truncating to negative file sizes. Doing so causes ffs_truncate() and perhaps other fs truncate's to go crazy and panic the machine or worse. This fixes the truncate bug reported by Michael Class.
|
#
2456 |
|
02-Sep-1994 |
dg |
Make olstat() consistent with lstat() - so they both return the same owner..
Submitted by: Kirk McKusick
|
#
2152 |
|
20-Aug-1994 |
dg |
Implemented filesystem clean bit via:
machdep.c: Changed printf's a little and call vfs_unmountall() if the sync was successful.
cd9660_vfsops.c, ffs_vfsops.c, nfs_vfsops.c, lfs_vfsops.c: Allow dismount of root FS. It is now disallowed at a higher level.
vfs_conf.c: Removed unused rootfs global.
vfs_subr.c: Added new routines vfs_unmountall and vfs_unmountroot. Filesystems are now dismounted if the machine is properly rebooted.
ffs_vfsops.c: Toggle clean bit at the appropriate places. Print warning if an unclean FS is mounted.
ffs_vfsops.c, lfs_vfsops.c: Fix bug in selecting proper flags for VOP_CLOSE().
vfs_syscalls.c: Disallow dismounting root FS via umount syscall.
|
#
1817 |
|
02-Aug-1994 |
dg |
Added $Id$
|
#
1549 |
|
25-May-1994 |
rgrimes |
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
|
#
1541 |
|
24-May-1994 |
rgrimes |
BSD 4.4 Lite Kernel Sources
|