Drop MNT_LOCAL flag in corresponding `vfsconflist' fuse(4) entry instead
of cleaning it in fusefs_mount().

ok claudio

Clear MNT_LOCAL flag on FUSE file system. It can be local or remote, but
kernel can't tell the difference.

From Kirill A. Korinsky

ok claudio mpi

Update the remaining SYSCTL_INT_READONLY cases

OK mvs@

Convert fusefs_sysctl to sysctl_bounded_args

OK millert@

Convert struct vfsops initializer to C99 style.
OK visa@

Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Clear MNT_LOCAL flag on FUSE file system. It can be local or remote, but
kernel can't tell the difference.

From Kirill A. Korinsky

ok claudio mpi

Update the remaining SYSCTL_INT_READONLY cases

OK mvs@

Convert fusefs_sysctl to sysctl_bounded_args

OK millert@

Convert struct vfsops initializer to C99 style.
OK visa@

Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Update the remaining SYSCTL_INT_READONLY cases

OK mvs@

Convert fusefs_sysctl to sysctl_bounded_args

OK millert@

Convert struct vfsops initializer to C99 style.
OK visa@

Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Convert fusefs_sysctl to sysctl_bounded_args

OK millert@

Convert struct vfsops initializer to C99 style.
OK visa@

Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Convert struct vfsops initializer to C99 style.
OK visa@

Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Don't send FBT_DESTROY if the FUSE connection is still PENDING. Also
don't attempt to determine the size of the root inode. This is because
we don't need to know the size of directories and FBT_GETATTR will also
cause a deadlock if fuse_unmount(3) is called before the file system
has a chance to process fbufs.

Add corresponding regression test.

ok mpi@

Insert the appropriate uvm_vnp_uncache(9) and uvm_vnp_setsize(9)
kernel calls to ensure that the UVM cache for memory mapped files is
up to date.

ok mpi@

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Do not leak memory and a fp reference when !root passes `allow_other'.

Fix CID 1470236.

ok helg@

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Remove unused fbuf parameter from fuse_device_cleanup().

ok mpi@

Changes the default mount behaviour so only the user that mounts the
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.

ok mpi@

Prevent race condition if file system is accessed before it is
initialised. Rather than failing, requests are now queued.

ok mpi@

Pass size argument to free(9).

ok mpi@

Use memset(3) instead of bzero(3) for consistency and as per POSIX
recommendation.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Move FREF() inside fd_getfile().

ok visa@

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@

basic fh functions. better than panicing!
from Martin Natano

knf

convert from nointr to waitok

primary change: move uvm_vnode out of vnode, keeping only a pointer.
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt

EOPNOTSUPP for quotactl. from Martin Natano

add a size argument to free. will be used soon, but for now default to 0.
after discussions with beck deraadt kettenis.

In fusefs_unmount() we need to send the FBT_DESTROY fusebuf only if
vflush(9) succeed.

Problem reported by Helg Bredow.
OK sthen@

Add -o max_read=XXX support in fuse. This is needed by usmb to have a
working read() and write().

ok tedu@

Unset fuse_mnt in fusefs_unmount after vflushing and freeing fbufs in use.

This way, if fuse unmounts a FS without FBT_DESTROY, the fuse_mnt pointer
is already invalidated. Also, on weird unmount situations with vnodes in
use, vflush() them before doing fuse_device_cleanup().

Tested with ntfs-3g, ok syl@.

use printf(9) consistently in FUSE

Introduce fb_delete() helper and use it in FUSE code.

Make fuse device clonable.

ok tedu@

remove extra whitespace

move fuse sysctl defines up and add _KERNEL. from Sylvestre Gallon

delete a printf, from sylvestre

add a bunch of files for ISC-licensed FUSE support. ok beck deraadt
from Sylvestre Gallon ccna.syl gmail.com. Many thanks to Sylvestre for
all the hard work.

Use RWL_IS_VNODE with locks that are acquired through VOP_LOCK(),
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.

OK mpi@

Syncronize filesystems to disk when suspending. Each mountpoint's vnodes
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.

Do a FREF/FRELE dance after calling fd_getfile().

This should be enought to prevent `fp' to disapear while sleeping in
malloc(9).

ok helg@

In uvm Chuck decided backing store would not be allocated proactively
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.

ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut

Tweak lock inits to make the system runnable with witness(4)
on amd64 and i386.

Fix fuse node lookups. Currently fusefs nodes in the kernel remember the
parent inode number for ".." lookups. This only works until the kernel
starts to reuse vnodes and the parent's vnode is reclaimed and the ino
to path mapping is removed from the userland process by libfuse. Fix
this by using reference counting in libfuse, so that parent mapping are
retained as long as a child uses them. Also, don't free the root node.

This commit resolves following issue:

$ doas fuse-zip ~/Downloads/foo.zip /mnt
$ ls /mnt
openbsd-www
$ grep -IR foo /usr/src > /dev/null # force vfs to reclaim vnodes
$ ls /mnt
ls: /mnt: No such file or directory
$

ok tedu

Use struct stat for storing attributes in fusebufs, because using struct
vattr in userspace is suboptimal as some related helpers are not
available, e.g. VATTR_NULL() and IFTOVT(). The conversion is now done in
the kernel where it belongs. As a side effect the <sys/vnode.h> include
can be removed from libfuse.

tweaks and ok guenther

Neuter fuse_vptofh() and fuse_fhtovp(). I implemented those functions
under the assumption, that fuse_vget() has reasonable semantics, while
this is not the case. fusefs_vget() only functions correctly, if the
file in questions has recently been accessed and is still in the vnode
cache of the userspace daemon associated with the mount point.

As a matter of fact the fuse api doesn't feature a reasonable way to map
inode numbers to a handle at all (see struct fuse_operations).

ok guenther

Kill FUSE_ROOT_ID and use FUSE_ROOTINO instead. Also, remove one (ino_t)
cast from FUSE_ROOTINO, as it is already included in the #define.

ok kettenis

Dedup vnode type information. Fuse stores the vnode type in two places:
vtype in struct fusefs_node and v_type in struct vnode. Given the fact,
that fusefs_node structs are never allocated without an associated vnode
and those two fields are always in sync, one of those locations is
superfluous.

While there remove the unused nlookup field.

ok mpi

Remove the lockmgr() API. It is only used by filesystems, where it is a
trivial change to use rrw locks instead. All it needs is LK_* defines
for the RW_* flags.

tested by naddy and sthen on package building infrastructure
input and ok jmc mpi tedu

The doforce variable isn't modified anywhere. Also, the only filesystem
left using it is fuse. It has been removed from all other filesystems.

ok millert deraadt

Populate all necessary statfs members in .vfs_statfs. cd9660, udf,
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.

ok stefan

When pulling and unmounting an umass USB stick, the file system
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@

Set mnt_data to NULL after freeing the file system specific mount point.
OK krw@ natano@ as part of a larger diff

Replace a usage of ROOTINO ((ufsino_t)2 with FUSE_ROOTINO ((ino_t)1).

The FUSE_ROOTINO define is used everywhere else in fuse, so the mismatch
caused a file handle for the filesystem root to be falsely rejected with
ESTALE.

ok stefan@

fuse doesn't support NFS; prevent a uvm fault caused by claiming otherwise

ok stefan@