d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5cd54324ee
freebsd-dev/sys/kern/kern_conf.c

1159 lines
25 KiB
C
Raw Normal View History

Obtained from: well it has a relationship with the LKM code.. This is a place for all things to do with conf.c and conf.h that are not machine specific. Other things that are at present in i386/isa/conf.c might migrate into here.. It's the first small step in cleaning up the device interface to make it more dynamic and to assist in more modular drivers (i.e. both loadable via LKMs and linked in.. e.g able to add a device without having to edit conf.c) this code is not yet used and the whole thing will be conditionally compiled in for a while till proven useful :)
1995-10-02 09:24:44 +00:00
/*-
Assert my copyright on this file (using the default 2-clause BSD). The vast majority of the contents is from my keyboard and no significant pieces remain of the former copyright holders code.
2002-09-20 22:26:27 +00:00
* Copyright (c) 1999-2002 Poul-Henning Kamp
Obtained from: well it has a relationship with the LKM code.. This is a place for all things to do with conf.c and conf.h that are not machine specific. Other things that are at present in i386/isa/conf.c might migrate into here.. It's the first small step in cleaning up the device interface to make it more dynamic and to assist in more modular drivers (i.e. both loadable via LKMs and linked in.. e.g able to add a device without having to edit conf.c) this code is not yet used and the whole thing will be conditionally compiled in for a while till proven useful :)
1995-10-02 09:24:44 +00:00
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
Assert my copyright on this file (using the default 2-clause BSD). The vast majority of the contents is from my keyboard and no significant pieces remain of the former copyright holders code.
2002-09-20 22:26:27 +00:00
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
Obtained from: well it has a relationship with the LKM code.. This is a place for all things to do with conf.c and conf.h that are not machine specific. Other things that are at present in i386/isa/conf.c might migrate into here.. It's the first small step in cleaning up the device interface to make it more dynamic and to assist in more modular drivers (i.e. both loadable via LKMs and linked in.. e.g able to add a device without having to edit conf.c) this code is not yet used and the whole thing will be conditionally compiled in for a while till proven useful :)
1995-10-02 09:24:44 +00:00
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
Assert my copyright on this file (using the default 2-clause BSD). The vast majority of the contents is from my keyboard and no significant pieces remain of the former copyright holders code.
2002-09-20 22:26:27 +00:00
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
Obtained from: well it has a relationship with the LKM code.. This is a place for all things to do with conf.c and conf.h that are not machine specific. Other things that are at present in i386/isa/conf.c might migrate into here.. It's the first small step in cleaning up the device interface to make it more dynamic and to assist in more modular drivers (i.e. both loadable via LKMs and linked in.. e.g able to add a device without having to edit conf.c) this code is not yet used and the whole thing will be conditionally compiled in for a while till proven useful :)
1995-10-02 09:24:44 +00:00
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
Use __FBSDID().
2003-06-11 00:56:59 +00:00
#include <sys/cdefs.h>
__FBSDID("$FreeBSD$");
Obtained from: well it has a relationship with the LKM code.. This is a place for all things to do with conf.c and conf.h that are not machine specific. Other things that are at present in i386/isa/conf.c might migrate into here.. It's the first small step in cleaning up the device interface to make it more dynamic and to assist in more modular drivers (i.e. both loadable via LKMs and linked in.. e.g able to add a device without having to edit conf.c) this code is not yet used and the whole thing will be conditionally compiled in for a while till proven useful :)
1995-10-02 09:24:44 +00:00
#include <sys/param.h>
Now a dev_t is a pointer to struct specinfo which is shared by all specdev vnodes referencing this device. Details: cdevsw->d_parms has been removed, the specinfo is available now (== dev_t) and the driver should modify it directly when applicable, and the only driver doing so, does so: vn.c. I am not sure the logic in checking for "<" was right before, and it looks even less so now. An intial pool of 50 struct specinfo are depleted during early boot, after that malloc had better work. It is likely that fewer than 50 would do. Hashing is done from udev_t to dev_t with a prime number remainder hash, experiments show no better hash available for decent cost (MD5 is only marginally better) The prime number used should not be close to a power of two, we use 83 for now. Add new checkalias2() to get around the loss of info from dev2udev() in bdevvp(); The aliased vnodes are hung on a list straight of the dev_t, and speclisth[SPECSZ] is unused. The sharing of struct specinfo means that the v_specnext moves into the vnode which grows by 4 bytes. Don't use a VBLK dev_t which doesn't make sense in MFS, now we hang a dummy cdevsw on B/Cmaj 253 so that things look sane. Storage overhead from all of this is O(50k). Bump __FreeBSD_version to 400009 The next step will add the stuff needed so device-drivers can start to hang things from struct specinfo
1999-07-20 09:47:55 +00:00
#include <sys/kernel.h>
actually compiles.. (previous commit was to just get it into the tree)
1995-10-02 10:15:40 +00:00
#include <sys/systm.h>
Add the devctl notifications for the cdev create/destroy events. Based on the submission by: Andriy Gapon <avg icyb net ua> MFC after: 2 weeks
2008-05-14 14:29:54 +00:00
#include <sys/bus.h>
Add a dead_cdevsw which does its best to return ENXIO if at all possible. In devsw() return dead_cdevsw instead of NULL in case the dev_t does not have a si_devsw. This may improve our survival chances with devices which go away unexpectedly.
2003-02-20 15:35:54 +00:00
#include <sys/bio.h>
(Doing that whole test-immediately-after-commit-thing like obrien sez:) Forgot to include lock.h and mutex.h for GIANT_REQUIRED.
2002-02-16 17:44:43 +00:00
#include <sys/lock.h>
#include <sys/mutex.h>
This commit fixes various 64bit portability problems required for FreeBSD/alpha. The most significant item is to change the command argument to ioctl functions from int to u_long. This change brings us inline with various other BSD versions. Driver writers may like to use (__FreeBSD_version == 300003) to detect this change. The prototype FreeBSD/alpha machdep will follow in a couple of days time.
1998-06-07 17:13:14 +00:00
#include <sys/module.h>
Now a dev_t is a pointer to struct specinfo which is shared by all specdev vnodes referencing this device. Details: cdevsw->d_parms has been removed, the specinfo is available now (== dev_t) and the driver should modify it directly when applicable, and the only driver doing so, does so: vn.c. I am not sure the logic in checking for "<" was right before, and it looks even less so now. An intial pool of 50 struct specinfo are depleted during early boot, after that malloc had better work. It is likely that fewer than 50 would do. Hashing is done from udev_t to dev_t with a prime number remainder hash, experiments show no better hash available for decent cost (MD5 is only marginally better) The prime number used should not be close to a power of two, we use 83 for now. Add new checkalias2() to get around the loss of info from dev2udev() in bdevvp(); The aliased vnodes are hung on a list straight of the dev_t, and speclisth[SPECSZ] is unused. The sharing of struct specinfo means that the v_specnext moves into the vnode which grows by 4 bytes. Don't use a VBLK dev_t which doesn't make sense in MFS, now we hang a dummy cdevsw on B/Cmaj 253 so that things look sane. Storage overhead from all of this is O(50k). Bump __FreeBSD_version to 400009 The next step will add the stuff needed so device-drivers can start to hang things from struct specinfo
1999-07-20 09:47:55 +00:00
#include <sys/malloc.h>
Obtained from: well it has a relationship with the LKM code.. This is a place for all things to do with conf.c and conf.h that are not machine specific. Other things that are at present in i386/isa/conf.c might migrate into here.. It's the first small step in cleaning up the device interface to make it more dynamic and to assist in more modular drivers (i.e. both loadable via LKMs and linked in.. e.g able to add a device without having to edit conf.c) this code is not yet used and the whole thing will be conditionally compiled in for a while till proven useful :)
1995-10-02 09:24:44 +00:00
#include <sys/conf.h>
i386/i386/conf.c is no longer needed.. remove it from files.i386 redistribute a few last routines to beter places and shoot the file I haven't act actually 'deleted' the file yet togive people time to have done a config.. I.e. they are likely to have done one in a week or so so I'll remove it then.. it's now empty. makes the question of a USL copyright rather moot.
1995-12-21 20:09:46 +00:00
#include <sys/vnode.h>
Now a dev_t is a pointer to struct specinfo which is shared by all specdev vnodes referencing this device. Details: cdevsw->d_parms has been removed, the specinfo is available now (== dev_t) and the driver should modify it directly when applicable, and the only driver doing so, does so: vn.c. I am not sure the logic in checking for "<" was right before, and it looks even less so now. An intial pool of 50 struct specinfo are depleted during early boot, after that malloc had better work. It is likely that fewer than 50 would do. Hashing is done from udev_t to dev_t with a prime number remainder hash, experiments show no better hash available for decent cost (MD5 is only marginally better) The prime number used should not be close to a power of two, we use 83 for now. Add new checkalias2() to get around the loss of info from dev2udev() in bdevvp(); The aliased vnodes are hung on a list straight of the dev_t, and speclisth[SPECSZ] is unused. The sharing of struct specinfo means that the v_specnext moves into the vnode which grows by 4 bytes. Don't use a VBLK dev_t which doesn't make sense in MFS, now we hang a dummy cdevsw on B/Cmaj 253 so that things look sane. Storage overhead from all of this is O(50k). Bump __FreeBSD_version to 400009 The next step will add the stuff needed so device-drivers can start to hang things from struct specinfo
1999-07-20 09:47:55 +00:00
#include <sys/queue.h>
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
#include <sys/poll.h>
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
#include <sys/sx.h>
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support. If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present". This happily removes an ugly hack from kern/vfs_conf.c. This forces a rename of the eventhandler and the standard clone helper function. Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h> Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
#include <sys/ctype.h>
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
#include <sys/ucred.h>
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
#include <sys/taskqueue.h>
Decommision miscfs/specfs/specdev.h. Most of it goes into <sys/conf.h>, a few lines into <sys/vnode.h>. Add a few fields to struct specinfo, paving the way for the fun part.
1999-08-08 18:43:05 +00:00
#include <machine/stdarg.h>
i386/i386/conf.c is no longer needed.. remove it from files.i386 redistribute a few last routines to beter places and shoot the file I haven't act actually 'deleted' the file yet togive people time to have done a config.. I.e. they are likely to have done one in a week or so so I'll remove it then.. it's now empty. makes the question of a USL copyright rather moot.
1995-12-21 20:09:46 +00:00
Create a new internal .h file to communicate very private stuff from kern_conf.c to devfs. For now just two prototypes, more to come.
2005-08-16 19:08:01 +00:00
#include <fs/devfs/devfs_int.h>
Better descriptions of the cdev malloc class and mutex.
2004-07-11 19:26:43 +00:00
static MALLOC_DEFINE(M_DEVT, "cdev", "cdev storage");
Now a dev_t is a pointer to struct specinfo which is shared by all specdev vnodes referencing this device. Details: cdevsw->d_parms has been removed, the specinfo is available now (== dev_t) and the driver should modify it directly when applicable, and the only driver doing so, does so: vn.c. I am not sure the logic in checking for "<" was right before, and it looks even less so now. An intial pool of 50 struct specinfo are depleted during early boot, after that malloc had better work. It is likely that fewer than 50 would do. Hashing is done from udev_t to dev_t with a prime number remainder hash, experiments show no better hash available for decent cost (MD5 is only marginally better) The prime number used should not be close to a power of two, we use 83 for now. Add new checkalias2() to get around the loss of info from dev2udev() in bdevvp(); The aliased vnodes are hung on a list straight of the dev_t, and speclisth[SPECSZ] is unused. The sharing of struct specinfo means that the v_specnext moves into the vnode which grows by 4 bytes. Don't use a VBLK dev_t which doesn't make sense in MFS, now we hang a dummy cdevsw on B/Cmaj 253 so that things look sane. Storage overhead from all of this is O(50k). Bump __FreeBSD_version to 400009 The next step will add the stuff needed so device-drivers can start to hang things from struct specinfo
1999-07-20 09:47:55 +00:00
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
struct mtx devmtx;
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
static void destroy_devl(struct cdev *dev);
Rev. 1.204 and 1.205 got an erronous version of destroy_dev() that calls destroy_dev_sched() with cdev mutex locked. Commit the code that was actually tested. Pointy hat to: kib Approved by: re (implicit)
2007-07-03 18:18:30 +00:00
static int destroy_dev_sched_cbl(struct cdev *dev,
void (*cb)(void *), void *arg);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
static struct cdev *make_dev_credv(int flags,
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
struct cdevsw *devsw, int unit,
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct ucred *cr, uid_t uid, gid_t gid, int mode, const char *fmt,
va_list ap);
Second half of the dev_t cleanup. The big lines are: NODEV -> NULL NOUDEV -> NODEV udev_t -> dev_t udev2dev() -> findcdev() Various minor adjustments including handling of userland access to kernel space struct cdev etc.
2004-06-17 17:16:53 +00:00
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
static struct cdev_priv_list cdevp_free_list =
TAILQ_HEAD_INITIALIZER(cdevp_free_list);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
static SLIST_HEAD(free_cdevsw, cdevsw) cdevsw_gt_post_list =
SLIST_HEAD_INITIALIZER();
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
void
dev_lock(void)
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
{
Move the initialization of the devmtx into the mutex_init() function called during early init before cninit(). Tested on: i386, alpha, sparc64 Reviewed by: phk, imp Reported by: Divacky Roman xdivac02 at stud dot fit dot vutbr dot cz MFC after: 1 week
2005-10-18 18:27:44 +00:00
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
mtx_lock(&devmtx);
}
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
/*
* Free all the memory collected while the cdev mutex was
* locked. Since devmtx is after the system map mutex, free() cannot
* be called immediately and is postponed until cdev mutex can be
* dropped.
*/
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
static void
dev_unlock_and_free(void)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdev_priv_list cdp_free;
struct free_cdevsw csw_free;
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
struct cdev_priv *cdp;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *csw;
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
mtx_assert(&devmtx, MA_OWNED);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
/*
* Make the local copy of the list heads while the dev_mtx is
* held. Free it later.
*/
TAILQ_INIT(&cdp_free);
TAILQ_CONCAT(&cdp_free, &cdevp_free_list, cdp_list);
csw_free = cdevsw_gt_post_list;
SLIST_INIT(&cdevsw_gt_post_list);
mtx_unlock(&devmtx);
while ((cdp = TAILQ_FIRST(&cdp_free)) != NULL) {
TAILQ_REMOVE(&cdp_free, cdp, cdp_list);
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
devfs_free(&cdp->cdp_c);
}
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
while ((csw = SLIST_FIRST(&csw_free)) != NULL) {
SLIST_REMOVE_HEAD(&csw_free, d_postfree_list);
free(csw, M_DEVT);
}
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
}
static void
dev_free_devlocked(struct cdev *cdev)
{
struct cdev_priv *cdp;
mtx_assert(&devmtx, MA_OWNED);
Struct cdev is always the member of the struct cdev_priv. When devfs needed to promote cdev to cdev_priv, the si_priv pointer was followed. Use member2struct() to calculate address of the wrapping cdev_priv. Rename si_priv to __si_reserved. Tested by: pho Reviewed by: ed MFC after: 2 weeks
2008-06-16 17:34:59 +00:00
cdp = cdev2priv(cdev);
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
TAILQ_INSERT_HEAD(&cdevp_free_list, cdp, cdp_list);
}
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
static void
cdevsw_free_devlocked(struct cdevsw *csw)
{
mtx_assert(&devmtx, MA_OWNED);
SLIST_INSERT_HEAD(&cdevsw_gt_post_list, csw, d_postfree_list);
}
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
void
dev_unlock(void)
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
{
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
mtx_unlock(&devmtx);
}
cdev (still) needs per instance uid/gid/mode Add unlocked version of dev_ref() Clean up various stuff in sys/conf.h
2005-03-31 10:29:57 +00:00
void
dev_ref(struct cdev *dev)
{
mtx_assert(&devmtx, MA_NOTOWNED);
mtx_lock(&devmtx);
dev->si_refcount++;
mtx_unlock(&devmtx);
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
void
Rename dev_ref() to dev_refl()
2005-03-31 06:51:54 +00:00
dev_refl(struct cdev *dev)
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
{
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
Make dev_ref() require the dev_lock() to be held and use it from devfs instead of directly frobbing the si_refcount.
2005-02-22 14:41:04 +00:00
mtx_assert(&devmtx, MA_OWNED);
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
dev->si_refcount++;
}
void
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
dev_rel(struct cdev *dev)
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
{
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
int flag = 0;
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
Fix a LOR relating to freeing cdevs.
2004-10-01 06:33:39 +00:00
mtx_assert(&devmtx, MA_NOTOWNED);
dev_lock();
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
dev->si_refcount--;
KASSERT(dev->si_refcount >= 0,
("dev_rel(%s) gave negative count", devtoname(dev)));
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
#if 0
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
if (dev->si_usecount == 0 &&
(dev->si_flags & SI_CHEAPCLONE) && (dev->si_flags & SI_NAMED))
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
;
else
#endif
Minor whitespace cleanup.
2006-01-04 17:40:54 +00:00
if (dev->si_devsw == NULL && dev->si_refcount == 0) {
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
LIST_REMOVE(dev, si_list);
Fix a LOR relating to freeing cdevs.
2004-10-01 06:33:39 +00:00
flag = 1;
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
}
Fix a LOR relating to freeing cdevs.
2004-10-01 06:33:39 +00:00
dev_unlock();
if (flag)
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
devfs_free(dev);
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
}
Fix a LOR relating to freeing cdevs.
2004-10-01 06:33:39 +00:00
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
struct cdevsw *
dev_refthread(struct cdev *dev)
{
struct cdevsw *csw;
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct cdev_priv *cdp;
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
mtx_assert(&devmtx, MA_NOTOWNED);
dev_lock();
csw = dev->si_devsw;
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if (csw != NULL) {
Struct cdev is always the member of the struct cdev_priv. When devfs needed to promote cdev to cdev_priv, the si_priv pointer was followed. Use member2struct() to calculate address of the wrapping cdev_priv. Rename si_priv to __si_reserved. Tested by: pho Reviewed by: ed MFC after: 2 weeks
2008-06-16 17:34:59 +00:00
cdp = cdev2priv(dev);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if ((cdp->cdp_flags & CDP_SCHED_DTR) == 0)
dev->si_threadcount++;
else
csw = NULL;
}
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
dev_unlock();
return (csw);
}
Fix the race between devfs_fp_check and devfs_reclaim. Derefence the vnode' v_rdev and increment the dev threadcount , as well as clear it (in devfs_reclaim) under the dev_lock(). Reviewed by: tegge Approved by: pjd (mentor)
2006-10-20 07:59:50 +00:00
struct cdevsw *
devvn_refthread(struct vnode *vp, struct cdev **devp)
{
struct cdevsw *csw;
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct cdev_priv *cdp;
Fix the race between devfs_fp_check and devfs_reclaim. Derefence the vnode' v_rdev and increment the dev threadcount , as well as clear it (in devfs_reclaim) under the dev_lock(). Reviewed by: tegge Approved by: pjd (mentor)
2006-10-20 07:59:50 +00:00
mtx_assert(&devmtx, MA_NOTOWNED);
csw = NULL;
dev_lock();
*devp = vp->v_rdev;
if (*devp != NULL) {
Struct cdev is always the member of the struct cdev_priv. When devfs needed to promote cdev to cdev_priv, the si_priv pointer was followed. Use member2struct() to calculate address of the wrapping cdev_priv. Rename si_priv to __si_reserved. Tested by: pho Reviewed by: ed MFC after: 2 weeks
2008-06-16 17:34:59 +00:00
cdp = cdev2priv(*devp);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if ((cdp->cdp_flags & CDP_SCHED_DTR) == 0) {
csw = (*devp)->si_devsw;
if (csw != NULL)
(*devp)->si_threadcount++;
}
Fix the race between devfs_fp_check and devfs_reclaim. Derefence the vnode' v_rdev and increment the dev threadcount , as well as clear it (in devfs_reclaim) under the dev_lock(). Reviewed by: tegge Approved by: pjd (mentor)
2006-10-20 07:59:50 +00:00
}
dev_unlock();
return (csw);
}
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
void
dev_relthread(struct cdev *dev)
{
mtx_assert(&devmtx, MA_NOTOWNED);
dev_lock();
Assert that si_threadcount > 0 before decrementing it. This helps catching the improper use of the dev_refthread/dev_relthread. Tested by: pho MFC after: 1 week
2008-05-23 16:38:38 +00:00
KASSERT(dev->si_threadcount > 0,
("%s threadcount is wrong", dev->si_name));
Introduce dev_re[lf]thread() functions. dev_refthread() will return the cdevsw pointer or NULL. If the return value is non-NULL a threadcount is held which much be released with dev_relthread(). If the returned cdevsw is NULL no threadcount is held on the device.
2004-09-24 05:54:32 +00:00
dev->si_threadcount--;
dev_unlock();
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
int
nullop(void)
{
return (0);
}
int
eopnotsupp(void)
{
return (EOPNOTSUPP);
}
Add a dead_cdevsw which does its best to return ENXIO if at all possible. In devsw() return dead_cdevsw instead of NULL in case the dev_t does not have a si_devsw. This may improve our survival chances with devices which go away unexpectedly.
2003-02-20 15:35:54 +00:00
static int
enxio(void)
{
return (ENXIO);
}
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
static int
enodev(void)
{
return (ENODEV);
}
/* Define a dead_cdevsw for use when devices leave unexpectedly. */
Add a dead_cdevsw which does its best to return ENXIO if at all possible. In devsw() return dead_cdevsw instead of NULL in case the dev_t does not have a si_devsw. This may improve our survival chances with devices which go away unexpectedly.
2003-02-20 15:35:54 +00:00
#define dead_open (d_open_t *)enxio
#define dead_close (d_close_t *)enxio
#define dead_read (d_read_t *)enxio
#define dead_write (d_write_t *)enxio
#define dead_ioctl (d_ioctl_t *)enxio
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
#define dead_poll (d_poll_t *)enodev
#define dead_mmap (d_mmap_t *)enodev
Add a dead_cdevsw which does its best to return ENXIO if at all possible. In devsw() return dead_cdevsw instead of NULL in case the dev_t does not have a si_devsw. This may improve our survival chances with devices which go away unexpectedly.
2003-02-20 15:35:54 +00:00
static void
dead_strategy(struct bio *bp)
{
biofinish(bp, NULL, ENXIO);
}
NO_GEOM cleanup: Retire the "d_dump_t" and use the "dumper_t" type instead. Dumper_t takes a void * as first arg which is more general than the dev_t taken by d_dump_t. (Remember: we could have net-dumpers if somebody wrote us one!) Define the convention for GEOM controlled disk devices to be that the first argument to the dumper function is the struct disk pointer. Change device drivers accordingly.
2003-02-21 19:00:48 +00:00
#define dead_dump (dumper_t *)enxio
Add a dead_cdevsw which does its best to return ENXIO if at all possible. In devsw() return dead_cdevsw instead of NULL in case the dev_t does not have a si_devsw. This may improve our survival chances with devices which go away unexpectedly.
2003-02-20 15:35:54 +00:00
#define dead_kqfilter (d_kqfilter_t *)enxio
static struct cdevsw dead_cdevsw = {
Device megapatch 4/6: Introduce d_version field in struct cdevsw, this must always be initialized to D_VERSION. Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
.d_version = D_VERSION,
.d_flags = D_NEEDGIANT, /* XXX: does dead_strategy need this ? */
Gigacommit to improve device-driver source compatibility between branches: Initialize struct cdevsw using C99 sparse initializtion and remove all initializations to default values. This patch is automatically generated and has been tested by compiling LINT with all the fields in struct cdevsw in reverse order on alpha, sparc64 and i386. Approved by: re(scottl)
2003-03-03 12:15:54 +00:00
.d_open = dead_open,
.d_close = dead_close,
.d_read = dead_read,
.d_write = dead_write,
.d_ioctl = dead_ioctl,
.d_poll = dead_poll,
.d_mmap = dead_mmap,
.d_strategy = dead_strategy,
.d_name = "dead",
.d_dump = dead_dump,
.d_kqfilter = dead_kqfilter
Add a dead_cdevsw which does its best to return ENXIO if at all possible. In devsw() return dead_cdevsw instead of NULL in case the dev_t does not have a si_devsw. This may improve our survival chances with devices which go away unexpectedly.
2003-02-20 15:35:54 +00:00
};
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
/* Default methods if driver does not specify method */
#define null_open (d_open_t *)nullop
#define null_close (d_close_t *)nullop
#define no_read (d_read_t *)enodev
#define no_write (d_write_t *)enodev
#define no_ioctl (d_ioctl_t *)enodev
#define no_mmap (d_mmap_t *)enodev
Add locking to the kqueue subsystem. This also makes the kqueue subsystem a more complete subsystem, and removes the knowlege of how things are implemented from the drivers. Include locking around filter ops, so a module like aio will know when not to be unloaded if there are outstanding knotes using it's filter ops. Currently, it uses the MTX_DUPOK even though it is not always safe to aquire duplicate locks. Witness currently doesn't support the ability to discover if a dup lock is ok (in some cases). Reviewed by: green, rwatson (both earlier versions)
2004-08-15 06:24:42 +00:00
#define no_kqfilter (d_kqfilter_t *)enodev
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
static void
no_strategy(struct bio *bp)
{
biofinish(bp, NULL, ENODEV);
}
static int
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
no_poll(struct cdev *dev __unused, int events, struct thread *td __unused)
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
{
/*
* Return true for read/write. If the user asked for something
* special, return POLLNVAL, so that clients have a way of
* determining reliably whether or not the extended
* functionality is present without hard-coding knowledge
* of specific filesystem implementations.
* Stay in sync with vop_nopoll().
*/
if (events & ~POLLSTANDARD)
return (POLLNVAL);
return (events & (POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM));
}
#define no_dump (dumper_t *)enodev
Nudge the axe a bit closer to cdevsw[]: Make it a panic to repeat make_dev() or destroy_dev(), this check should maybe be neutered when -current goes -stable. Whine if devsw() is called on anon dev_t's in a devfs system. Make a hack to avoid our lazy-eval disk code triggering the above whine. Fix the multiple make_dev() in disk code by making ${disk}${unit}s${slice} an alias/symlink to ${disk}${unit}s${slice}c
2001-10-27 17:44:21 +00:00
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
static int
giant_open(struct cdev *dev, int oflags, int devtype, struct thread *td)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_open(dev, oflags, devtype, td);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
Revert UF_OPENING workaround for CURRENT. Change the VOP_OPEN(), vn_open() vnode operation and d_fdopen() cdev operation argument from being file descriptor index into the pointer to struct file. Proposed and reviewed by: jhb Reviewed by: daichi (unionfs) Approved by: re (kensmith)
2007-05-31 11:51:53 +00:00
giant_fdopen(struct cdev *dev, int oflags, struct thread *td, struct file *fp)
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_fdopen(dev, oflags, td, fp);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
giant_close(struct cdev *dev, int fflag, int devtype, struct thread *td)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_close(dev, fflag, devtype, td);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static void
giant_strategy(struct bio *bp)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
struct cdev *dev;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev = bp->bio_dev;
dsw = dev_refthread(dev);
if (dsw == NULL) {
biofinish(bp, NULL, ENXIO);
return;
}
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw->d_gianttrick->d_strategy(bp);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
}
static int
giant_ioctl(struct cdev *dev, u_long cmd, caddr_t data, int fflag, struct thread *td)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Add two missed chunks from the rev. 1.210, for the giant_read() and giant_ioctl(). PR: kern/122287 MFC after: 3 days
2008-04-02 11:11:58 +00:00
retval = dsw->d_gianttrick->d_ioctl(dev, cmd, data, fflag, td);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
giant_read(struct cdev *dev, struct uio *uio, int ioflag)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Add two missed chunks from the rev. 1.210, for the giant_read() and giant_ioctl(). PR: kern/122287 MFC after: 3 days
2008-04-02 11:11:58 +00:00
retval = dsw->d_gianttrick->d_read(dev, uio, ioflag);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
giant_write(struct cdev *dev, struct uio *uio, int ioflag)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_write(dev, uio, ioflag);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
giant_poll(struct cdev *dev, int events, struct thread *td)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_poll(dev, events, td);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
giant_kqfilter(struct cdev *dev, struct knote *kn)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_kqfilter(dev, kn);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
static int
giant_mmap(struct cdev *dev, vm_offset_t offset, vm_paddr_t *paddr, int nprot)
{
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
struct cdevsw *dsw;
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
int retval;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw = dev_refthread(dev);
if (dsw == NULL)
return (ENXIO);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_lock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
retval = dsw->d_gianttrick->d_mmap(dev, offset, paddr, nprot);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
mtx_unlock(&Giant);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_relthread(dev);
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
return (retval);
}
Add the devctl notifications for the cdev create/destroy events. Based on the submission by: Andriy Gapon <avg icyb net ua> MFC after: 2 weeks
2008-05-14 14:29:54 +00:00
static void
notify(struct cdev *dev, const char *ev)
{
static const char prefix[] = "cdev=";
char *data;
int namelen;
if (cold)
return;
namelen = strlen(dev->si_name);
data = malloc(namelen + sizeof(prefix), M_TEMP, M_WAITOK);
memcpy(data, prefix, sizeof(prefix) - 1);
memcpy(data + sizeof(prefix) - 1, dev->si_name, namelen + 1);
devctl_notify("DEVFS", "CDEV", ev, data);
free(data, M_TEMP);
}
static void
notify_create(struct cdev *dev)
{
notify(dev, "CREATE");
}
static void
notify_destroy(struct cdev *dev)
{
notify(dev, "DESTROY");
}
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
static struct cdev *
Remove the global cdev hash and use the cdevsw list instead. Don't remove the now unused element from cdev yet, wait until we have a better reason to bump the version.
2005-03-29 09:56:21 +00:00
newdev(struct cdevsw *csw, int y, struct cdev *si)
Divorce "dev_t" from the "major|minor" bitmap, which is now called udev_t in the kernel but still called dev_t in userland. Provide functions to manipulate both types: major() umajor() minor() uminor() makedev() umakedev() dev2udev() udev2dev() For now they're functions, they will become in-line functions after one of the next two steps in this process. Return major/minor/makedev to macro-hood for userland. Register a name in cdevsw[] for the "filedescriptor" driver. In the kernel the udev_t appears in places where we have the major/minor number combination, (ie: a potential device: we may not have the driver nor the device), like in inodes, vattr, cdevsw registration and so on, whereas the dev_t appears where we carry around a reference to a actual device. In the future the cdevsw and the aliased-from vnode will be hung directly from the dev_t, along with up to two softc pointers for the device driver and a few houskeeping bits. This will essentially replace the current "alias" check code (same buck, bigger bang). A little stunt has been provided to try to catch places where the wrong type is being used (dev_t vs udev_t), if you see something not working, #undef DEVT_FASCIST in kern/kern_conf.c and see if it makes a difference. If it does, please try to track it down (many hands make light work) or at least try to reproduce it as simply as possible, and describe how to do that. Without DEVT_FASCIST I belive this patch is a no-op. Stylistic/posixoid comments about the userland view of the <sys/*.h> files welcome now, from userland they now contain the end result. Next planned step: make all dev_t's refer to the same devsw[] which means convert BLK's to CHR's at the perimeter of the vnodes and other places where they enter the game (bootdev, mknod, sysctl).
1999-05-11 19:55:07 +00:00
{
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
struct cdev *si2;
Second half of the dev_t cleanup. The big lines are: NODEV -> NULL NOUDEV -> NODEV udev_t -> dev_t udev2dev() -> findcdev() Various minor adjustments including handling of userland access to kernel space struct cdev etc.
2004-06-17 17:16:53 +00:00
dev_t udev;
Now a dev_t is a pointer to struct specinfo which is shared by all specdev vnodes referencing this device. Details: cdevsw->d_parms has been removed, the specinfo is available now (== dev_t) and the driver should modify it directly when applicable, and the only driver doing so, does so: vn.c. I am not sure the logic in checking for "<" was right before, and it looks even less so now. An intial pool of 50 struct specinfo are depleted during early boot, after that malloc had better work. It is likely that fewer than 50 would do. Hashing is done from udev_t to dev_t with a prime number remainder hash, experiments show no better hash available for decent cost (MD5 is only marginally better) The prime number used should not be close to a power of two, we use 83 for now. Add new checkalias2() to get around the loss of info from dev2udev() in bdevvp(); The aliased vnodes are hung on a list straight of the dev_t, and speclisth[SPECSZ] is unused. The sharing of struct specinfo means that the v_specnext moves into the vnode which grows by 4 bytes. Don't use a VBLK dev_t which doesn't make sense in MFS, now we hang a dummy cdevsw on B/Cmaj 253 so that things look sane. Storage overhead from all of this is O(50k). Bump __FreeBSD_version to 400009 The next step will add the stuff needed so device-drivers can start to hang things from struct specinfo
1999-07-20 09:47:55 +00:00
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
mtx_assert(&devmtx, MA_OWNED);
Remove the global cdev hash and use the cdevsw list instead. Don't remove the now unused element from cdev yet, wait until we have a better reason to bump the version. There is now no longer any upper limit on how many device drivers a FreeBSD kernel can have.
2005-03-29 11:15:54 +00:00
udev = y;
Don't enforce unique device minor number policy anymore. Except for the case where we use the cloner library (clone_create() and friends), there is no reason to enforce a unique device minor number policy. There are various drivers in the source tree that allocate unr pools and such to provide minor numbers, without using them themselves. Because we still need to support unique device minor numbers for the cloner library, introduce a new flag called D_NEEDMINOR. All cdevsw's that are used in combination with the cloner library should be marked with this flag to make the cloning work. This means drivers can now freely use si_drv0 to store their own flags and state, making it effectively the same as si_drv1 and si_drv2. We still keep the minor() and dev2unit() routines around to make drivers happy. The NTFS code also used the minor number in its hash table. We should not do this anymore. If the si_drv0 field would be changed, it would no longer end up in the same list. Approved by: philip (mentor)
2008-06-11 18:55:19 +00:00
if (csw->d_flags & D_NEEDMINOR) {
/* We may want to return an existing device */
LIST_FOREACH(si2, &csw->d_devs, si_list) {
if (si2->si_drv0 == udev) {
dev_free_devlocked(si);
return (si2);
}
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
}
Now a dev_t is a pointer to struct specinfo which is shared by all specdev vnodes referencing this device. Details: cdevsw->d_parms has been removed, the specinfo is available now (== dev_t) and the driver should modify it directly when applicable, and the only driver doing so, does so: vn.c. I am not sure the logic in checking for "<" was right before, and it looks even less so now. An intial pool of 50 struct specinfo are depleted during early boot, after that malloc had better work. It is likely that fewer than 50 would do. Hashing is done from udev_t to dev_t with a prime number remainder hash, experiments show no better hash available for decent cost (MD5 is only marginally better) The prime number used should not be close to a power of two, we use 83 for now. Add new checkalias2() to get around the loss of info from dev2udev() in bdevvp(); The aliased vnodes are hung on a list straight of the dev_t, and speclisth[SPECSZ] is unused. The sharing of struct specinfo means that the v_specnext moves into the vnode which grows by 4 bytes. Don't use a VBLK dev_t which doesn't make sense in MFS, now we hang a dummy cdevsw on B/Cmaj 253 so that things look sane. Storage overhead from all of this is O(50k). Bump __FreeBSD_version to 400009 The next step will add the stuff needed so device-drivers can start to hang things from struct specinfo
1999-07-20 09:47:55 +00:00
}
Rename cdev->si_udev to cdev->si_drv0 to reflect the new nature of the field.
2005-03-15 11:33:28 +00:00
si->si_drv0 = udev;
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
si->si_devsw = csw;
Remove the global cdev hash and use the cdevsw list instead. Don't remove the now unused element from cdev yet, wait until we have a better reason to bump the version.
2005-03-29 09:56:21 +00:00
LIST_INSERT_HEAD(&csw->d_devs, si, si_list);
Fixed style bugs near previous commit (mainly formatting errors and missing parentheses). Use default handling (trap to debugger) for udev2dev(x, 1) since it is an error and doesn't happen anywhere in the sys tree except in bogusly commented out code in coda.
2004-02-15 20:14:47 +00:00
return (si);
Divorce "dev_t" from the "major|minor" bitmap, which is now called udev_t in the kernel but still called dev_t in userland. Provide functions to manipulate both types: major() umajor() minor() uminor() makedev() umakedev() dev2udev() udev2dev() For now they're functions, they will become in-line functions after one of the next two steps in this process. Return major/minor/makedev to macro-hood for userland. Register a name in cdevsw[] for the "filedescriptor" driver. In the kernel the udev_t appears in places where we have the major/minor number combination, (ie: a potential device: we may not have the driver nor the device), like in inodes, vattr, cdevsw registration and so on, whereas the dev_t appears where we carry around a reference to a actual device. In the future the cdevsw and the aliased-from vnode will be hung directly from the dev_t, along with up to two softc pointers for the device driver and a few houskeeping bits. This will essentially replace the current "alias" check code (same buck, bigger bang). A little stunt has been provided to try to catch places where the wrong type is being used (dev_t vs udev_t), if you see something not working, #undef DEVT_FASCIST in kern/kern_conf.c and see if it makes a difference. If it does, please try to track it down (many hands make light work) or at least try to reproduce it as simply as possible, and describe how to do that. Without DEVT_FASCIST I belive this patch is a no-op. Stylistic/posixoid comments about the userland view of the <sys/*.h> files welcome now, from userland they now contain the end result. Next planned step: make all dev_t's refer to the same devsw[] which means convert BLK's to CHR's at the perimeter of the vnodes and other places where they enter the game (bootdev, mknod, sysctl).
1999-05-11 19:55:07 +00:00
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
static void
fini_cdevsw(struct cdevsw *devsw)
{
Properly un-giant-trick the cdevsw in fini_cdevsw() Tripped over by: Huang wen hui <huang@gddsn.org.cn>
2005-08-20 12:13:51 +00:00
struct cdevsw *gt;
Remove the global cdev hash and use the cdevsw list instead. Don't remove the now unused element from cdev yet, wait until we have a better reason to bump the version. There is now no longer any upper limit on how many device drivers a FreeBSD kernel can have.
2005-03-29 11:15:54 +00:00
Properly un-giant-trick the cdevsw in fini_cdevsw() Tripped over by: Huang wen hui <huang@gddsn.org.cn>
2005-08-20 12:13:51 +00:00
if (devsw->d_gianttrick != NULL) {
gt = devsw->d_gianttrick;
memcpy(devsw, gt, sizeof *devsw);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
cdevsw_free_devlocked(gt);
Properly un-giant-trick the cdevsw in fini_cdevsw() Tripped over by: Huang wen hui <huang@gddsn.org.cn>
2005-08-20 12:13:51 +00:00
devsw->d_gianttrick = NULL;
}
Fix two oversights here: don't trash the freelist, and properly cleanup the cdevsw{}. Submitted by: tegge
2004-02-23 08:42:55 +00:00
devsw->d_flags &= ~D_INIT;
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
}
static void
prep_cdevsw(struct cdevsw *devsw)
{
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
struct cdevsw *dsw2;
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
mtx_assert(&devmtx, MA_OWNED);
if (devsw->d_flags & D_INIT)
return;
if (devsw->d_flags & D_NEEDGIANT) {
dev_unlock();
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
dsw2 = malloc(sizeof *dsw2, M_DEVT, M_WAITOK);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_lock();
} else
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
dsw2 = NULL;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
if (devsw->d_flags & D_INIT) {
if (dsw2 != NULL)
cdevsw_free_devlocked(dsw2);
return;
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
Prepare for the final onslaught on devices: Move uid/gid/mode from cdev to cdevsw. Add kind field to use for devd(8) later. Bump both D_VERSION and __FreeBSD_version
2005-03-17 12:07:00 +00:00
if (devsw->d_version != D_VERSION_01) {
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
printf(
"WARNING: Device driver \"%s\" has wrong version %s\n",
Novel idea, don't print a string if it is NULL! This protects people from loading _really_ old modules, like say from 5.x to a 6.x or 7.x system, like for instance right after an upgrade.
2006-01-12 19:15:14 +00:00
devsw->d_name == NULL ? "???" : devsw->d_name,
"and is disabled. Recompile KLD module.");
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
devsw->d_open = dead_open;
devsw->d_close = dead_close;
devsw->d_read = dead_read;
devsw->d_write = dead_write;
devsw->d_ioctl = dead_ioctl;
devsw->d_poll = dead_poll;
devsw->d_mmap = dead_mmap;
devsw->d_strategy = dead_strategy;
devsw->d_dump = dead_dump;
devsw->d_kqfilter = dead_kqfilter;
}
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
if (devsw->d_flags & D_NEEDGIANT) {
if (devsw->d_gianttrick == NULL) {
memcpy(dsw2, devsw, sizeof *dsw2);
devsw->d_gianttrick = dsw2;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dsw2 = NULL;
}
Handle device drivers with D_NEEDGIANT in a way which does not penalize the 'good' drivers: Allocate a shadow cdevsw and populate it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
}
#define FIXUP(member, noop, giant) \
do { \
if (devsw->member == NULL) { \
devsw->member = noop; \
} else if (devsw->d_flags & D_NEEDGIANT) \
devsw->member = giant; \
} \
while (0)
FIXUP(d_open, null_open, giant_open);
FIXUP(d_fdopen, NULL, giant_fdopen);
FIXUP(d_close, null_close, giant_close);
FIXUP(d_read, no_read, giant_read);
FIXUP(d_write, no_write, giant_write);
FIXUP(d_ioctl, no_ioctl, giant_ioctl);
FIXUP(d_poll, no_poll, giant_poll);
FIXUP(d_mmap, no_mmap, giant_mmap);
FIXUP(d_strategy, no_strategy, giant_strategy);
FIXUP(d_kqfilter, no_kqfilter, giant_kqfilter);
Introduce no_poll() default method for device drivers. Have it do exactly the same as vop_nopoll() for consistency and put a comment in the two pointing at each other. Retire seltrue() in favour of no_poll(). Create private default functions in kern_conf.c instead of public ones. Change default strategy to return the bio with ENODEV instead of doing nothing which would lead the bio stranded. Retire public nullopen() and nullclose() as well as the entire band of public no{read,write,ioctl,mmap,kqfilter,strategy,poll,dump} funtions, they are the default actions now. Move the final two trivial functions from subr_xxx.c to kern_conf.c and retire the now empty subr_xxx.c
2003-09-27 12:53:33 +00:00
if (devsw->d_dump == NULL) devsw->d_dump = no_dump;
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
LIST_INIT(&devsw->d_devs);
devsw->d_flags |= D_INIT;
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
if (dsw2 != NULL)
cdevsw_free_devlocked(dsw2);
Split the initialization of the cdevsw into a separate function.
2004-02-15 10:35:33 +00:00
}
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct cdev *
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
make_dev_credv(int flags, struct cdevsw *devsw, int unit,
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct ucred *cr, uid_t uid,
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
gid_t gid, int mode, const char *fmt, va_list ap)
Split the initialization of the cdevsw into a separate function.
2004-02-15 10:35:33 +00:00
{
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
struct cdev *dev;
Split the initialization of the cdevsw into a separate function.
2004-02-15 10:35:33 +00:00
int i;
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
dev = devfs_alloc();
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
dev_lock();
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
prep_cdevsw(devsw);
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
dev = newdev(devsw, unit, dev);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if (flags & MAKEDEV_REF)
dev_refl(dev);
Make life a little bit easier for cloning device drivers.
2003-09-27 21:50:00 +00:00
if (dev->si_flags & SI_CHEAPCLONE &&
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
dev->si_flags & SI_NAMED) {
Make life a little bit easier for cloning device drivers.
2003-09-27 21:50:00 +00:00
/*
* This is allowed as it removes races and generally
* simplifies cloning devices.
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
* XXX: still ??
Make life a little bit easier for cloning device drivers.
2003-09-27 21:50:00 +00:00
*/
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
dev_unlock_and_free();
Make life a little bit easier for cloning device drivers.
2003-09-27 21:50:00 +00:00
return (dev);
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
KASSERT(!(dev->si_flags & SI_NAMED),
Remove the global cdev hash and use the cdevsw list instead. Don't remove the now unused element from cdev yet, wait until we have a better reason to bump the version.
2005-03-29 09:56:21 +00:00
("make_dev() by driver %s on pre-existing device (min=%x, name=%s)",
Replace all calls to minor() with dev2unit(). After I removed all the unit2minor()/minor2unit() calls from the kernel yesterday, I realised calling minor() everywhere is quite confusing. Character devices now only have the ability to store a unit number, not a minor number. Remove the confusion by using dev2unit() everywhere. This commit could also be considered as a bug fix. A lot of drivers call minor(), while they should actually be calling dev2unit(). In -CURRENT this isn't a problem, but it turns out we never had any problem reports related to that issue in the past. I suspect not many people connect more than 256 pieces of the same hardware. Reviewed by: kib
2008-09-27 08:51:18 +00:00
devsw->d_name, dev2unit(dev), devtoname(dev)));
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
Implement proper bounds-checking and truncation of device names, this has become an issue now that end-user controlable attributes can become devices names with the geom_vol_ffs class.
2003-02-04 11:04:26 +00:00
i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap);
if (i > (sizeof dev->__si_namebuf - 1)) {
Add a missing '\n'.
2004-08-30 01:10:20 +00:00
printf("WARNING: Device name truncated! (%s)\n",
Implement proper bounds-checking and truncation of device names, this has become an issue now that end-user controlable attributes can become devices names with the geom_vol_ffs class.
2003-02-04 11:04:26 +00:00
dev->__si_namebuf);
}
Get rid of the magic "stash" of cdev structures, we no longer call make_dev() before malloc works.
2004-10-25 13:12:06 +00:00
revent multiple make_dev() calls on the same dev_t and similar bogosities. A couple of new warnings may be emitted during boot if drivers DTWT. Tested by: George Cox <gjvc@gjvc.com>
2000-09-11 17:15:33 +00:00
dev->si_flags |= SI_NAMED;
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
if (cr != NULL)
dev->si_cred = crhold(cr);
else
dev->si_cred = NULL;
cdev (still) needs per instance uid/gid/mode Add unlocked version of dev_ref() Clean up various stuff in sys/conf.h
2005-03-31 10:29:57 +00:00
dev->si_uid = uid;
dev->si_gid = gid;
dev->si_mode = mode;
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
NODEVFS cleanup: Replace devfs_{create,destroy} hooks with direct function calls.
2003-03-02 13:35:30 +00:00
devfs_create(dev);
Since cdev mutex is after system map mutex in global lock order, free() shall not be called while holding cdev mutex. devfs_inos unrhdr has cdev as mutex, thus creating this LOR situation. Postpone calling free() in kern/subr_unit.c:alloc_unr() and nested functions until the unrhdr mutex is dropped. Save the freed items on the ppfree list instead, and provide the clean_unrhdrl() and clean_unrhdr() functions to clean the list. Call clean_unrhdrl() after devfs_create() calls immediately before dropping cdev mutex. devfs_create() is the only user of the alloc_unrl() in the tree. Reviewed by: phk Tested by: Peter Holm LOR: 80 Approved by: re (kensmith)
2007-07-04 06:56:58 +00:00
clean_unrhdrl(devfs_inos);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_unlock_and_free();
Add the devctl notifications for the cdev create/destroy events. Based on the submission by: Andriy Gapon <avg icyb net ua> MFC after: 2 weeks
2008-05-14 14:29:54 +00:00
notify_create(dev);
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
return (dev);
}
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
struct cdev *
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
make_dev(struct cdevsw *devsw, int unit, uid_t uid, gid_t gid, int mode,
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
const char *fmt, ...)
{
struct cdev *dev;
va_list ap;
va_start(ap, fmt);
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
dev = make_dev_credv(0, devsw, unit, NULL, uid, gid, mode, fmt, ap);
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
va_end(ap);
return (dev);
}
struct cdev *
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
make_dev_cred(struct cdevsw *devsw, int unit, struct ucred *cr, uid_t uid,
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
gid_t gid, int mode, const char *fmt, ...)
{
struct cdev *dev;
va_list ap;
va_start(ap, fmt);
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
dev = make_dev_credv(0, devsw, unit, cr, uid, gid, mode, fmt, ap);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
va_end(ap);
return (dev);
}
struct cdev *
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
make_dev_credf(int flags, struct cdevsw *devsw, int unit,
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct ucred *cr, uid_t uid,
gid_t gid, int mode, const char *fmt, ...)
{
struct cdev *dev;
va_list ap;
va_start(ap, fmt);
Rename the `minor' argument of make_dev(9) to `unit'. To prevent any further confusion about device minor and unit numbers, we'd better just refer to device unit numbers. Many people still think the numbers we show inside devfs have any relation to the numbers passed to make_dev(9), which is not the case. Discussed with: kib
2008-09-26 14:31:24 +00:00
dev = make_dev_credv(flags, devsw, unit, cr, uid, gid, mode,
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
fmt, ap);
When devfs cloning takes place, provide access to the credential of the process that caused the clone event to take place for the device driver creating the device. This allows cloned device drivers to adapt the device node based on security aspects of the process, such as the uid, gid, and MAC label. - Add a cred reference to struct cdev, so that when a device node is instantiated as a vnode, the cloning credential can be exposed to MAC. - Add make_dev_cred(), a version of make_dev() that additionally accepts the credential to stick in the struct cdev. Implement it and make_dev() in terms of a back-end make_dev_credv(). - Add a new event handler, dev_clone_cred, which can be registered to receive the credential instead of dev_clone, if desired. - Modify the MAC entry point mac_create_devfs_device() to accept an optional credential pointer (may be NULL), so that MAC policies can inspect and act on the label or other elements of the credential when initializing the skeleton device protections. - Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(), so that the pty clone credential is exposed to the MAC Framework. While currently primarily focussed on MAC policies, this change is also a prerequisite for changes to allow ptys to be instantiated with the UID of the process looking up the pty. This requires further changes to the pty driver -- in particular, to immediately recycle pty nodes on last close so that the credential-related state can be recreated on next lookup. Submitted by: Andrew Reisse <andrew.reisse@sparta.com> Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA MFC after: 1 week MFC note: Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
va_end(ap);
return (dev);
}
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
static void
dev_dependsl(struct cdev *pdev, struct cdev *cdev)
Create a general facility for making dev_t's depend on another dev_t. The dev_depends(dev_t, dev_t) function is for tying them to each other. When destroy_dev() is called on a dev_t, all dev_t's depending on it will also be destroyed (depth first order). Rewrite the make_dev_alias() to use this dependency facility. kern/subr_disk.c: Make the disk mini-layer use dependencies to make sure all relevant dev_t's are removed when the disk disappears. Make the disk mini-layer precreate some magic sub devices which the disk/slice/label code expects to be there. kern/subr_disklabel.c: Remove some now unneeded variables. kern/subr_diskmbr.c: Remove some ancient, commented out code. kern/subr_diskslice.c: Minor cleanup. Use name from dev_t instead of dsname()
2001-05-26 08:27:58 +00:00
{
cdev->si_parent = pdev;
cdev->si_flags |= SI_CHILD;
LIST_INSERT_HEAD(&pdev->si_children, cdev, si_siblings);
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
}
void
dev_depends(struct cdev *pdev, struct cdev *cdev)
{
dev_lock();
dev_dependsl(pdev, cdev);
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
dev_unlock();
Create a general facility for making dev_t's depend on another dev_t. The dev_depends(dev_t, dev_t) function is for tying them to each other. When destroy_dev() is called on a dev_t, all dev_t's depending on it will also be destroyed (depth first order). Rewrite the make_dev_alias() to use this dependency facility. kern/subr_disk.c: Make the disk mini-layer use dependencies to make sure all relevant dev_t's are removed when the disk disappears. Make the disk mini-layer precreate some magic sub devices which the disk/slice/label code expects to be there. kern/subr_disklabel.c: Remove some now unneeded variables. kern/subr_diskmbr.c: Remove some ancient, commented out code. kern/subr_diskslice.c: Minor cleanup. Use name from dev_t instead of dsname()
2001-05-26 08:27:58 +00:00
}
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
struct cdev *
make_dev_alias(struct cdev *pdev, const char *fmt, ...)
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
{
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
struct cdev *dev;
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
va_list ap;
int i;
Make it atomic for the devfs_populate_loop() to see the setting of SI_ALIAS flag and initialization of the si_parent when alias is created. Assert that supplied parent device is not NULL. Both situations could cause NULL dereference in the devfs_populate_loop() when creating a symlink for SI_ALIAS'ed device. Namely, cdp->cdp_c.si_parent may be NULL. Reported by: mav MFC after: 2 weeks
2008-07-11 11:22:19 +00:00
KASSERT(pdev != NULL, ("NULL pdev"));
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
dev = devfs_alloc();
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
dev_lock();
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
dev->si_flags |= SI_ALIAS;
revent multiple make_dev() calls on the same dev_t and similar bogosities. A couple of new warnings may be emitted during boot if drivers DTWT. Tested by: George Cox <gjvc@gjvc.com>
2000-09-11 17:15:33 +00:00
dev->si_flags |= SI_NAMED;
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
va_start(ap, fmt);
Implement proper bounds-checking and truncation of device names, this has become an issue now that end-user controlable attributes can become devices names with the geom_vol_ffs class.
2003-02-04 11:04:26 +00:00
i = vsnrprintf(dev->__si_namebuf, sizeof dev->__si_namebuf, 32, fmt, ap);
if (i > (sizeof dev->__si_namebuf - 1)) {
Add a missing '\n'.
2004-08-30 01:10:20 +00:00
printf("WARNING: Device name truncated! (%s)\n",
Implement proper bounds-checking and truncation of device names, this has become an issue now that end-user controlable attributes can become devices names with the geom_vol_ffs class.
2003-02-04 11:04:26 +00:00
dev->__si_namebuf);
}
Remove all traces of Julians DEVFS (incl from kern/subr_diskslice.c) Remove old DEVFS support fields from dev_t. Make uid, gid & mode members of dev_t and set them in make_dev(). Use correct uid, gid & mode in make_dev in disk minilayer. Add support for registering alias names for a dev_t using the new function make_dev_alias(). These will show up as symlinks in DEVFS. Use makedev() rather than make_dev() for MFSs magic devices to prevent DEVFS from noticing this abuse. Add a field for DEVFS inode number in dev_t. Add new DEVFS in fs/devfs. Add devfs cloning to: disk minilayer (ie: ad(4), sd(4), cd(4) etc etc) md(4), tun(4), bpf(4), fd(4) If DEVFS add -d flag to /sbin/inits args to make it mount devfs. Add commented out DEVFS to GENERIC
2000-08-20 21:34:39 +00:00
va_end(ap);
First small steps at merging DEVFS and PHK's Dev_t stuff.
1999-08-20 20:25:00 +00:00
NODEVFS cleanup: Replace devfs_{create,destroy} hooks with direct function calls.
2003-03-02 13:35:30 +00:00
devfs_create(dev);
Make it atomic for the devfs_populate_loop() to see the setting of SI_ALIAS flag and initialization of the si_parent when alias is created. Assert that supplied parent device is not NULL. Both situations could cause NULL dereference in the devfs_populate_loop() when creating a symlink for SI_ALIAS'ed device. Namely, cdp->cdp_c.si_parent may be NULL. Reported by: mav MFC after: 2 weeks
2008-07-11 11:22:19 +00:00
dev_dependsl(pdev, dev);
Since cdev mutex is after system map mutex in global lock order, free() shall not be called while holding cdev mutex. devfs_inos unrhdr has cdev as mutex, thus creating this LOR situation. Postpone calling free() in kern/subr_unit.c:alloc_unr() and nested functions until the unrhdr mutex is dropped. Save the freed items on the ppfree list instead, and provide the clean_unrhdrl() and clean_unrhdr() functions to clean the list. Call clean_unrhdrl() after devfs_create() calls immediately before dropping cdev mutex. devfs_create() is the only user of the alloc_unrl() in the tree. Reviewed by: phk Tested by: Peter Holm LOR: 80 Approved by: re (kensmith)
2007-07-04 06:56:58 +00:00
clean_unrhdrl(devfs_inos);
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
dev_unlock();
Add the devctl notifications for the cdev create/destroy events. Based on the submission by: Andriy Gapon <avg icyb net ua> MFC after: 2 weeks
2008-05-14 14:29:54 +00:00
notify_create(dev);
Decommision miscfs/specfs/specdev.h. Most of it goes into <sys/conf.h>, a few lines into <sys/vnode.h>. Add a few fields to struct specinfo, paving the way for the fun part.
1999-08-08 18:43:05 +00:00
return (dev);
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
static void
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
destroy_devl(struct cdev *dev)
Add dev_t freeing code. Controlled by sysctl debug.free_devt, default is off.
1999-08-29 09:09:12 +00:00
{
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
struct cdevsw *csw;
Implement the per-open file data for the cdev. The patch does not change the cdevsw KBI. Management of the data is provided by the functions int devfs_set_cdevpriv(void *priv, cdevpriv_dtr_t dtr); int devfs_get_cdevpriv(void **datap); void devfs_clear_cdevpriv(void); All of the functions are supposed to be called from the cdevsw method contexts. - devfs_set_cdevpriv assigns the priv as private data for the file descriptor which is used to initiate currently performed driver operation. dtr is the function that will be called when either the last refernce to the file goes away, the device is destroyed or devfs_clear_cdevpriv is called. - devfs_get_cdevpriv is the obvious accessor. - devfs_clear_cdevpriv allows to clear the private data for the still open file. Implementation keeps the driver-supplied pointers in the struct cdev_privdata, that is referenced both from the struct file and struct cdev, and cannot outlive any of the referee. Man pages will be provided after the KPI stabilizes. Reviewed by: jhb Useful suggestions from: jeff, antoine Debugging help and tested by: pho MFC after: 1 month
2008-05-21 09:31:44 +00:00
struct cdev_privdata *p, *p1;
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
mtx_assert(&devmtx, MA_OWNED);
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
KASSERT(dev->si_flags & SI_NAMED,
Replace all calls to minor() with dev2unit(). After I removed all the unit2minor()/minor2unit() calls from the kernel yesterday, I realised calling minor() everywhere is quite confusing. Character devices now only have the ability to store a unit number, not a minor number. Remove the confusion by using dev2unit() everywhere. This commit could also be considered as a bug fix. A lot of drivers call minor(), while they should actually be calling dev2unit(). In -CURRENT this isn't a problem, but it turns out we never had any problem reports related to that issue in the past. I suspect not many people connect more than 256 pieces of the same hardware. Reviewed by: kib
2008-09-27 08:51:18 +00:00
("WARNING: Driver mistake: destroy_dev on %d\n", dev2unit(dev)));
Minor whitespace cleanup.
2006-01-04 17:40:54 +00:00
NODEVFS cleanup: Replace devfs_{create,destroy} hooks with direct function calls.
2003-03-02 13:35:30 +00:00
devfs_destroy(dev);
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
/* Remove name marking */
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
dev->si_flags &= ~SI_NAMED;
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
/* If we are a child, remove us from the parents list */
Create a general facility for making dev_t's depend on another dev_t. The dev_depends(dev_t, dev_t) function is for tying them to each other. When destroy_dev() is called on a dev_t, all dev_t's depending on it will also be destroyed (depth first order). Rewrite the make_dev_alias() to use this dependency facility. kern/subr_disk.c: Make the disk mini-layer use dependencies to make sure all relevant dev_t's are removed when the disk disappears. Make the disk mini-layer precreate some magic sub devices which the disk/slice/label code expects to be there. kern/subr_disklabel.c: Remove some now unneeded variables. kern/subr_diskmbr.c: Remove some ancient, commented out code. kern/subr_diskslice.c: Minor cleanup. Use name from dev_t instead of dsname()
2001-05-26 08:27:58 +00:00
if (dev->si_flags & SI_CHILD) {
LIST_REMOVE(dev, si_siblings);
dev->si_flags &= ~SI_CHILD;
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
/* Kill our children */
Create a general facility for making dev_t's depend on another dev_t. The dev_depends(dev_t, dev_t) function is for tying them to each other. When destroy_dev() is called on a dev_t, all dev_t's depending on it will also be destroyed (depth first order). Rewrite the make_dev_alias() to use this dependency facility. kern/subr_disk.c: Make the disk mini-layer use dependencies to make sure all relevant dev_t's are removed when the disk disappears. Make the disk mini-layer precreate some magic sub devices which the disk/slice/label code expects to be there. kern/subr_disklabel.c: Remove some now unneeded variables. kern/subr_diskmbr.c: Remove some ancient, commented out code. kern/subr_diskslice.c: Minor cleanup. Use name from dev_t instead of dsname()
2001-05-26 08:27:58 +00:00
while (!LIST_EMPTY(&dev->si_children))
Reap more benefits from DEVFS: List devfs_dirents rather than vnodes off their shared struct cdev, this saves a pointer field in the vnode at the expense of a field in the devfs_dirent. There are often 100 times more vnodes so this is bargain. In addition it makes it harder for people to try to do stypid things like "finding the vnode from cdev". Since DEVFS handles all VCHR nodes now, we can do the vnode related cleanup in devfs_reclaim() instead of in dev_rel() and vgonel(). Similarly, we can do the struct cdev related cleanup in dev_rel() instead of devfs_reclaim(). rename idestroy_dev() to destroy_devl() for consistency. Add LIST_ENTRY de_alias to struct devfs_dirent. Remove v_specnext from struct vnode. Change si_hlist to si_alist in struct cdev. String new devfs vnodes' devfs_dirent on si_alist when we create them and take them off in devfs_reclaim(). Fix devfs_revoke() accordingly. Also don't clear fields devfs_reclaim() will clear when called from vgone(); Let devfs_reclaim() call dev_rel() instead of vgonel(). Move the usecount tracking from dev_rel() to devfs_reclaim(), and let dev_rel() take a struct cdev argument instead of vnode. Destroy SI_CHEAPCLONE devices in dev_rel() (instead of devfs_reclaim()) when they are no longer used. (This should maybe happen in devfs_close() instead.)
2005-02-22 15:51:07 +00:00
destroy_devl(LIST_FIRST(&dev->si_children));
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
/* Remove from clone list */
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
if (dev->si_flags & SI_CLONELIST) {
LIST_REMOVE(dev, si_clone);
dev->si_flags &= ~SI_CLONELIST;
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
Wait for thread count to reach zero in destroy_devl() even when no purge method is defined, to avoid memory being modified after free. Temporarily increase refcount in destroy_devl() to avoid a double free if dev_rel() is called while waiting for thread count to reach zero.
2006-10-13 20:49:24 +00:00
dev->si_refcount++; /* Avoid race with dev_rel() */
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
csw = dev->si_devsw;
Account for alias devices when tearing them down in destroy_dev() so we don't panic on a NULL cdev->si_devsw.
2004-09-29 16:38:38 +00:00
dev->si_devsw = NULL; /* already NULL for SI_ALIAS */
while (csw != NULL && csw->d_purge != NULL && dev->si_threadcount) {
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
csw->d_purge(dev);
msleep(csw, &devmtx, PRIBIO, "devprg", hz/10);
Make the printfs relating to purging threads from a device less intrusive.
2006-05-17 06:37:14 +00:00
if (dev->si_threadcount)
printf("Still %lu threads in %s\n",
dev->si_threadcount, devtoname(dev));
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
}
Wait for thread count to reach zero in destroy_devl() even when no purge method is defined, to avoid memory being modified after free. Temporarily increase refcount in destroy_devl() to avoid a double free if dev_rel() is called while waiting for thread count to reach zero.
2006-10-13 20:49:24 +00:00
while (dev->si_threadcount != 0) {
/* Use unique dummy wait ident */
msleep(&csw, &devmtx, PRIBIO, "devdrn", hz / 10);
}
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
Implement the per-open file data for the cdev. The patch does not change the cdevsw KBI. Management of the data is provided by the functions int devfs_set_cdevpriv(void *priv, cdevpriv_dtr_t dtr); int devfs_get_cdevpriv(void **datap); void devfs_clear_cdevpriv(void); All of the functions are supposed to be called from the cdevsw method contexts. - devfs_set_cdevpriv assigns the priv as private data for the file descriptor which is used to initiate currently performed driver operation. dtr is the function that will be called when either the last refernce to the file goes away, the device is destroyed or devfs_clear_cdevpriv is called. - devfs_get_cdevpriv is the obvious accessor. - devfs_clear_cdevpriv allows to clear the private data for the still open file. Implementation keeps the driver-supplied pointers in the struct cdev_privdata, that is referenced both from the struct file and struct cdev, and cannot outlive any of the referee. Man pages will be provided after the KPI stabilizes. Reviewed by: jhb Useful suggestions from: jeff, antoine Debugging help and tested by: pho MFC after: 1 month
2008-05-21 09:31:44 +00:00
dev_unlock();
Add the devctl notifications for the cdev create/destroy events. Based on the submission by: Andriy Gapon <avg icyb net ua> MFC after: 2 weeks
2008-05-14 14:29:54 +00:00
notify_destroy(dev);
Implement the per-open file data for the cdev. The patch does not change the cdevsw KBI. Management of the data is provided by the functions int devfs_set_cdevpriv(void *priv, cdevpriv_dtr_t dtr); int devfs_get_cdevpriv(void **datap); void devfs_clear_cdevpriv(void); All of the functions are supposed to be called from the cdevsw method contexts. - devfs_set_cdevpriv assigns the priv as private data for the file descriptor which is used to initiate currently performed driver operation. dtr is the function that will be called when either the last refernce to the file goes away, the device is destroyed or devfs_clear_cdevpriv is called. - devfs_get_cdevpriv is the obvious accessor. - devfs_clear_cdevpriv allows to clear the private data for the still open file. Implementation keeps the driver-supplied pointers in the struct cdev_privdata, that is referenced both from the struct file and struct cdev, and cannot outlive any of the referee. Man pages will be provided after the KPI stabilizes. Reviewed by: jhb Useful suggestions from: jeff, antoine Debugging help and tested by: pho MFC after: 1 month
2008-05-21 09:31:44 +00:00
mtx_lock(&cdevpriv_mtx);
Struct cdev is always the member of the struct cdev_priv. When devfs needed to promote cdev to cdev_priv, the si_priv pointer was followed. Use member2struct() to calculate address of the wrapping cdev_priv. Rename si_priv to __si_reserved. Tested by: pho Reviewed by: ed MFC after: 2 weeks
2008-06-16 17:34:59 +00:00
LIST_FOREACH_SAFE(p, &cdev2priv(dev)->cdp_fdpriv, cdpd_list, p1) {
Implement the per-open file data for the cdev. The patch does not change the cdevsw KBI. Management of the data is provided by the functions int devfs_set_cdevpriv(void *priv, cdevpriv_dtr_t dtr); int devfs_get_cdevpriv(void **datap); void devfs_clear_cdevpriv(void); All of the functions are supposed to be called from the cdevsw method contexts. - devfs_set_cdevpriv assigns the priv as private data for the file descriptor which is used to initiate currently performed driver operation. dtr is the function that will be called when either the last refernce to the file goes away, the device is destroyed or devfs_clear_cdevpriv is called. - devfs_get_cdevpriv is the obvious accessor. - devfs_clear_cdevpriv allows to clear the private data for the still open file. Implementation keeps the driver-supplied pointers in the struct cdev_privdata, that is referenced both from the struct file and struct cdev, and cannot outlive any of the referee. Man pages will be provided after the KPI stabilizes. Reviewed by: jhb Useful suggestions from: jeff, antoine Debugging help and tested by: pho MFC after: 1 month
2008-05-21 09:31:44 +00:00
devfs_destroy_cdevpriv(p);
mtx_lock(&cdevpriv_mtx);
}
mtx_unlock(&cdevpriv_mtx);
dev_lock();
Add the devctl notifications for the cdev create/destroy events. Based on the submission by: Andriy Gapon <avg icyb net ua> MFC after: 2 weeks
2008-05-14 14:29:54 +00:00
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
dev->si_drv1 = 0;
dev->si_drv2 = 0;
bzero(&dev->__si_u, sizeof(dev->__si_u));
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
if (!(dev->si_flags & SI_ALIAS)) {
/* Remove from cdevsw list */
LIST_REMOVE(dev, si_list);
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
/* If cdevsw has no more struct cdev *'s, clean it */
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if (LIST_EMPTY(&csw->d_devs)) {
Used cached cdevsw pointer.
2004-09-27 06:34:30 +00:00
fini_cdevsw(csw);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
wakeup(&csw->d_devs);
}
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
}
revent multiple make_dev() calls on the same dev_t and similar bogosities. A couple of new warnings may be emitted during boot if drivers DTWT. Tested by: George Cox <gjvc@gjvc.com>
2000-09-11 17:15:33 +00:00
dev->si_flags &= ~SI_ALIAS;
Wait for thread count to reach zero in destroy_devl() even when no purge method is defined, to avoid memory being modified after free. Temporarily increase refcount in destroy_devl() to avoid a double free if dev_rel() is called while waiting for thread count to reach zero.
2006-10-13 20:49:24 +00:00
dev->si_refcount--; /* Avoid race with dev_rel() */
Add cdevsw->d_purge() support. This device method shall wake up any threads sleeping in the device driver and make the depart the drivers code for good.
2004-09-27 06:18:25 +00:00
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
if (dev->si_refcount > 0) {
LIST_INSERT_HEAD(&dead_cdevsw.d_devs, dev, si_list);
} else {
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
dev_free_devlocked(dev);
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
}
}
void
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
destroy_dev(struct cdev *dev)
Device megapatch 6/6: This is what we came here for: Hang dev_t's from their cdevsw, refcount cdevsw and dev_t and generally keep track of things a lot better than we used to: Hold a cdevsw reference around all entrances into the device driver, this will be necessary to safely determine when we can unload driver code. Hold a dev_t reference while the device is open. KASSERT that we do not enter the driver on a non-referenced dev_t. Remove old D_NAG code, anonymous dev_t's are not a problem now. When destroy_dev() is called on a referenced dev_t, move it to dead_cdevsw's list. When the refcount drops, free it. Check that cdevsw->d_version is correct. If not, set all methods to the dead_*() methods to prevent entrance into driver. Print warning on console to this effect. The device driver may still explode if it is also incompatible with newbus, but in that case we probably didn't get this far in the first place.
2004-02-21 21:57:26 +00:00
{
Do not refcount the cdevsw, but rather maintain a cdev->si_threadcount of the number of threads which are inside whatever is behind the cdevsw for this particular cdev. Make the device mutex visible through dev_lock() and dev_unlock(). We may want finer granularity later. Replace spechash_mtx use with dev_lock()/dev_unlock().
2004-09-23 07:17:41 +00:00
dev_lock();
Revert destroy_dev() to the state before destroy_dev_sched() was introduced. Attempt to spawn destroy_dev_sched() from it causes inadmissible races. Requested by: tegge Approved by: re (kensmith)
2007-07-05 13:04:59 +00:00
destroy_devl(dev);
dev_unlock_and_free();
Add dev_t freeing code. Controlled by sysctl debug.free_devt, default is off.
1999-08-29 09:09:12 +00:00
}
Const'ify devtoname() and d_name. This exposes some errors (2 non-benign). Handle negative minor numbers properly in devtoname().
1999-09-13 12:29:32 +00:00
const char *
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
devtoname(struct cdev *dev)
Welcome devtoname(), to most likely be used when printing information about a dev_t. printf("%x", dev) now becomes printf("%s", devtoname(dev)) because printing actual information about the device is much more useful then printing a pointer to an address that would never help the developer debug. Submitted by: phk, bde
1999-08-17 20:25:50 +00:00
{
Add dev_t freeing code. Controlled by sysctl debug.free_devt, default is off.
1999-08-29 09:09:12 +00:00
char *p;
Hold threadref while we throb cdevsw in devtoname()
2004-09-24 06:29:23 +00:00
struct cdevsw *csw;
Const'ify devtoname() and d_name. This exposes some errors (2 non-benign). Handle negative minor numbers properly in devtoname().
1999-09-13 12:29:32 +00:00
int mynor;
Add dev_t freeing code. Controlled by sysctl debug.free_devt, default is off.
1999-08-29 09:09:12 +00:00
if (dev->si_name[0] == '#' || dev->si_name[0] == '\0') {
p = dev->si_name;
Hold threadref while we throb cdevsw in devtoname()
2004-09-24 06:29:23 +00:00
csw = dev_refthread(dev);
if (csw != NULL) {
sprintf(p, "(%s)", csw->d_name);
dev_relthread(dev);
}
Add dev_t freeing code. Controlled by sysctl debug.free_devt, default is off.
1999-08-29 09:09:12 +00:00
p += strlen(p);
Replace all calls to minor() with dev2unit(). After I removed all the unit2minor()/minor2unit() calls from the kernel yesterday, I realised calling minor() everywhere is quite confusing. Character devices now only have the ability to store a unit number, not a minor number. Remove the confusion by using dev2unit() everywhere. This commit could also be considered as a bug fix. A lot of drivers call minor(), while they should actually be calling dev2unit(). In -CURRENT this isn't a problem, but it turns out we never had any problem reports related to that issue in the past. I suspect not many people connect more than 256 pieces of the same hardware. Reviewed by: kib
2008-09-27 08:51:18 +00:00
mynor = dev2unit(dev);
Const'ify devtoname() and d_name. This exposes some errors (2 non-benign). Handle negative minor numbers properly in devtoname().
1999-09-13 12:29:32 +00:00
if (mynor < 0 || mynor > 255)
Hold threadref while we throb cdevsw in devtoname()
2004-09-24 06:29:23 +00:00
sprintf(p, "/%#x", (u_int)mynor);
Const'ify devtoname() and d_name. This exposes some errors (2 non-benign). Handle negative minor numbers properly in devtoname().
1999-09-13 12:29:32 +00:00
else
Hold threadref while we throb cdevsw in devtoname()
2004-09-24 06:29:23 +00:00
sprintf(p, "/%d", mynor);
Add dev_t freeing code. Controlled by sysctl debug.free_devt, default is off.
1999-08-29 09:09:12 +00:00
}
Welcome devtoname(), to most likely be used when printing information about a dev_t. printf("%x", dev) now becomes printf("%s", devtoname(dev)) because printing actual information about the device is much more useful then printing a pointer to an address that would never help the developer debug. Submitted by: phk, bde
1999-08-17 20:25:50 +00:00
return (dev->si_name);
}
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support. If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present". This happily removes an ugly hack from kern/vfs_conf.c. This forces a rename of the eventhandler and the standard clone helper function. Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h> Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
int
Make the proposed name arg to dev_stdclone() const.
2002-03-10 10:50:05 +00:00
dev_stdclone(char *name, char **namep, const char *stem, int *unit)
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support. If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present". This happily removes an ugly hack from kern/vfs_conf.c. This forces a rename of the eventhandler and the standard clone helper function. Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h> Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
{
int u, i;
i = strlen(stem);
Call strlen() once instead of twice.
2001-04-14 21:33:58 +00:00
if (bcmp(stem, name, i) != 0)
return (0);
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support. If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present". This happily removes an ugly hack from kern/vfs_conf.c. This forces a rename of the eventhandler and the standard clone helper function. Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h> Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
if (!isdigit(name[i]))
return (0);
u = 0;
Reject leading zeros in dev_stdclone(). PR: 32019 Submitted by: fenner
2001-11-16 17:05:07 +00:00
if (name[i] == '0' && isdigit(name[i+1]))
return (0);
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support. If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present". This happily removes an ugly hack from kern/vfs_conf.c. This forces a rename of the eventhandler and the standard clone helper function. Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h> Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
while (isdigit(name[i])) {
u *= 10;
u += name[i++] - '0';
}
Don't allow dev_stdclone(9) to accept minors larger than the system is able to handle (0xffffff).
2002-10-05 17:10:28 +00:00
if (u > 0xffffff)
return (0);
Avoid the modules madness I inadvertently introduced by making the cloning infrastructure standard in kern_conf. Modules are now the same with or without devfs support. If you need to detect if devfs is present, in modules or elsewhere, check the integer variable "devfs_present". This happily removes an ugly hack from kern/vfs_conf.c. This forces a rename of the eventhandler and the standard clone helper function. Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include like <sys/queue.h> Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
*unit = u;
if (namep)
*namep = &name[i];
if (name[i])
return (2);
return (1);
}
Add code to devname(3) so it can find the names of devices which were not present when dev_mkdb(8) was run. First the dev_mkdb(8) database is searched, this caters for non-DEVFS cases where people have renamed a device. If that fails we ask the kernel using sysctl kern.devname if the device driver has put a name in the dev_t. This covers DEVFS cloned devices. If that also fails we format a string which isn't entirely useless.
2000-09-09 11:39:59 +00:00
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
/*
* Helper functions for cloning device drivers.
*
* The objective here is to make it unnecessary for the device drivers to
* use rman or similar to manage their unit number space. Due to the way
* we do "on-demand" devices, using rman or other "private" methods
* will be very tricky to lock down properly once we lock down this file.
*
Fix a few spelling mistakes in comments and clean them up a bit.
2004-06-22 20:22:24 +00:00
* Instead we give the drivers these routines which puts the struct cdev *'s
* that are to be managed on their own list, and gives the driver the ability
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
* to ask for the first free unit number or a given specified unit number.
*
* In addition these routines support paired devices (pty, nmdm and similar)
* by respecting a number of "flag" bits in the minor number.
*
*/
struct clonedevs {
LIST_HEAD(,cdev) head;
};
Add clone_setup() function rather than rely on lazy initialization. Requested by: rwatson
2004-03-11 12:58:55 +00:00
void
clone_setup(struct clonedevs **cdp)
{
*cdp = malloc(sizeof **cdp, M_DEVBUF, M_WAITOK | M_ZERO);
LIST_INIT(&(*cdp)->head);
}
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
int
Use int instead of u_int for the 'extra' argument to the clone_create() KPI. This fixes a signedness bug in unit number comparisons. Submitted by: imp, Landon Fuller PR: kern/105228 MFC after: 2 weeks
2007-02-02 22:27:45 +00:00
clone_create(struct clonedevs **cdp, struct cdevsw *csw, int *up, struct cdev **dp, int extra)
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
{
struct clonedevs *cd;
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
struct cdev *dev, *ndev, *dl, *de;
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
int unit, low, u;
Add clone_setup() function rather than rely on lazy initialization. Requested by: rwatson
2004-03-11 12:58:55 +00:00
KASSERT(*cdp != NULL,
("clone_setup() not called in driver \"%s\"", csw->d_name));
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
KASSERT(!(extra & CLONE_UNITMASK),
Add clone_setup() function rather than rely on lazy initialization. Requested by: rwatson
2004-03-11 12:58:55 +00:00
("Illegal extra bits (0x%x) in clone_create", extra));
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
KASSERT(*up <= CLONE_UNITMASK,
Add clone_setup() function rather than rely on lazy initialization. Requested by: rwatson
2004-03-11 12:58:55 +00:00
("Too high unit (0x%x) in clone_create", *up));
Don't enforce unique device minor number policy anymore. Except for the case where we use the cloner library (clone_create() and friends), there is no reason to enforce a unique device minor number policy. There are various drivers in the source tree that allocate unr pools and such to provide minor numbers, without using them themselves. Because we still need to support unique device minor numbers for the cloner library, introduce a new flag called D_NEEDMINOR. All cdevsw's that are used in combination with the cloner library should be marked with this flag to make the cloning work. This means drivers can now freely use si_drv0 to store their own flags and state, making it effectively the same as si_drv1 and si_drv2. We still keep the minor() and dev2unit() routines around to make drivers happy. The NTFS code also used the minor number in its hash table. We should not do this anymore. If the si_drv0 field would be changed, it would no longer end up in the same list. Approved by: philip (mentor)
2008-06-11 18:55:19 +00:00
KASSERT(csw->d_flags & D_NEEDMINOR,
("clone_create() on cdevsw without minor numbers"));
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
/*
* Search the list for a lot of things in one go:
* A preexisting match is returned immediately.
* The lowest free unit number if we are passed -1, and the place
* in the list where we should insert that new element.
* The place to insert a specified unit number, if applicable
* the end of the list.
*/
unit = *up;
Rewamp DEVFS internals pretty severely [1]. Give DEVFS a proper inode called struct cdev_priv. It is important to keep in mind that this "inode" is shared between all DEVFS mountpoints, therefore it is protected by the global device mutex. Link the cdev_priv's into a list, protected by the global device mutex. Keep track of each cdev_priv's state with a flag bit and of references from mountpoints with a dedicated usecount. Reap the benefits of much improved kernel memory allocator and the generally better defined device driver APIs to get rid of the tables of pointers + serial numbers, their overflow tables, the atomics to muck about in them and all the trouble that resulted in. This makes RAM the only limit on how many devices we can have. The cdev_priv is actually a super struct containing the normal cdev as the "public" part, and therefore allocation and freeing has moved to devfs_devs.c from kern_conf.c. The overall responsibility is (to be) split such that kern/kern_conf.c is the stuff that deals with drivers and struct cdev and fs/devfs handles filesystems and struct cdev_priv and their private liason exposed only in devfs_int.h. Move the inode number from cdev to cdev_priv and allocate inode numbers properly with unr. Local dirents in the mountpoints (directories, symlinks) allocate inodes from the same pool to guarantee against overlaps. Various other fields are going to migrate from cdev to cdev_priv in the future in order to hide them. A few fields may migrate from devfs_dirent to cdev_priv as well. Protect the DEVFS mountpoint with an sx lock instead of lockmgr, this lock also protects the directory tree of the mountpoint. Give each mountpoint a unique integer index, allocated with unr. Use it into an array of devfs_dirent pointers in each cdev_priv. Initially the array points to a single element also inside cdev_priv, but as more devfs instances are mounted, the array is extended with malloc(9) as necessary when the filesystem populates its directory tree. Retire the cdev alias lists, the cdev_priv now know about all the relevant devfs_dirents (and their vnodes) and devfs_revoke() will pick them up from there. We still spelunk into other mountpoints and fondle their data without 100% good locking. It may make better sense to vector the revoke event into the tty code and there do a destroy_dev/make_dev on the tty's devices, but that's for further study. Lots of shuffling of stuff and churn of bits for no good reason[2]. XXX: There is still nothing preventing the dev_clone EVENTHANDLER from being invoked at the same time in two devfs mountpoints. It is not obvious what the best course of action is here. XXX: comment out an if statement that lost its body, until I can find out what should go there so it doesn't do damage in the meantime. XXX: Leave in a few extra malloc types and KASSERTS to help track down any remaining issues. Much testing provided by: Kris Much confusion caused by (races in): md(4) [1] You are not supposed to understand anything past this point. [2] This line should simplify life for the peanut gallery.
2005-09-19 19:56:48 +00:00
ndev = devfs_alloc();
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
dev_lock();
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
prep_cdevsw(csw);
Correctly account for extra bits in unit numbers when looking for next free unit.
2004-03-11 14:11:02 +00:00
low = extra;
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
de = dl = NULL;
Add clone_setup() function rather than rely on lazy initialization. Requested by: rwatson
2004-03-11 12:58:55 +00:00
cd = *cdp;
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
LIST_FOREACH(dev, &cd->head, si_clone) {
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
KASSERT(dev->si_flags & SI_CLONELIST,
("Dev %p(%s) should be on clonelist", dev, dev->si_name));
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
u = dev2unit(dev);
if (u == (unit | extra)) {
*dp = dev;
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
dev_unlock();
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
devfs_free(ndev);
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
return (0);
}
if (unit == -1 && u == low) {
low++;
de = dev;
continue;
Make sure the clone lists are sorted in the right order. Explosion triggered by: pjd MFC: 3 days
2005-10-01 19:21:03 +00:00
} else if (u < (unit | extra)) {
de = dev;
continue;
} else if (u > (unit | extra)) {
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
dl = dev;
break;
}
}
if (unit == -1)
Correctly account for extra bits in unit numbers when looking for next free unit.
2004-03-11 14:11:02 +00:00
unit = low & CLONE_UNITMASK;
Remove unit2minor() use from kernel code. When I changed kern_conf.c three months ago I made device unit numbers equal to (unneeded) device minor numbers. We used to require bitshifting, because there were eight bits in the middle that were reserved for a device major number. Not very long after I turned dev2unit(), minor(), unit2minor() and minor2unit() into macro's. The unit2minor() and minor2unit() macro's were no-ops. We'd better not remove these four macro's from the kernel, because there is a lot of (external) code that may still depend on them. For now it's harmless to remove all invocations of unit2minor() and minor2unit(). Reviewed by: kib
2008-09-26 14:19:52 +00:00
dev = newdev(csw, unit | extra, ndev);
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
if (dev->si_flags & SI_CLONELIST) {
printf("dev %p (%s) is on clonelist\n", dev, dev->si_name);
Make sure the clone lists are sorted in the right order. Explosion triggered by: pjd MFC: 3 days
2005-10-01 19:21:03 +00:00
printf("unit=%d, low=%d, extra=0x%x\n", unit, low, extra);
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
LIST_FOREACH(dev, &cd->head, si_clone) {
printf("\t%p %s\n", dev, dev->si_name);
}
panic("foo");
}
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
KASSERT(!(dev->si_flags & SI_CLONELIST),
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
("Dev %p(%s) should not be on clonelist", dev, dev->si_name));
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
if (dl != NULL)
LIST_INSERT_BEFORE(dl, dev, si_clone);
else if (de != NULL)
LIST_INSERT_AFTER(de, dev, si_clone);
else
LIST_INSERT_HEAD(&cd->head, dev, si_clone);
dev->si_flags |= SI_CLONELIST;
*up = unit;
devfs_free() calls free_unr(), that may sleep. Postpone call to devfs_free() after cdev mutex is dropped. Reuse cdp_list link for queuing devices awaiting deletion in the cdevp_free_list. Reported by: Hans Petter Selasky <hselasky c2i net> Tested by: Peter Holm Approved by: re (kensmith) MFC after: 2 weeks
2007-06-19 13:19:23 +00:00
dev_unlock_and_free();
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
return (1);
}
/*
* Kill everything still on the list. The driver should already have
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
* disposed of any softc hung of the struct cdev *'s at this time.
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
*/
void
clone_cleanup(struct clonedevs **cdp)
{
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
struct cdev *dev;
struct cdev_priv *cp;
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
struct clonedevs *cd;
cd = *cdp;
if (cd == NULL)
return;
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
dev_lock();
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
while (!LIST_EMPTY(&cd->head)) {
dev = LIST_FIRST(&cd->head);
LIST_REMOVE(dev, si_clone);
Fix a list corruption issue in cloning device management using the western strategy ("allocate first, ask questions later") so we can extend the devmtx coverage to the clone list.
2005-01-24 12:44:56 +00:00
KASSERT(dev->si_flags & SI_CLONELIST,
("Dev %p(%s) should be on clonelist", dev, dev->si_name));
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
dev->si_flags &= ~SI_CLONELIST;
Struct cdev is always the member of the struct cdev_priv. When devfs needed to promote cdev to cdev_priv, the si_priv pointer was followed. Use member2struct() to calculate address of the wrapping cdev_priv. Rename si_priv to __si_reserved. Tested by: pho Reviewed by: ed MFC after: 2 weeks
2008-06-16 17:34:59 +00:00
cp = cdev2priv(dev);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if (!(cp->cdp_flags & CDP_SCHED_DTR)) {
cp->cdp_flags |= CDP_SCHED_DTR;
KASSERT(dev->si_flags & SI_NAMED,
("Driver has goofed in cloning underways udev %x", dev->si_drv0));
destroy_devl(dev);
}
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
}
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_unlock_and_free();
Device megapatch 2/6: This commit adds a couple of functions for pseudodrivers to use for implementing cloning in a manner we will be able to lock down (shortly). Basically what happens is that pseudo drivers get a way to ask for "give me the dev_t with this unit number" or alternatively "give me a dev_t with the lowest guaranteed free unit number" (there is unfortunately a lot of non-POLA in the exact numeric value of this number, just live with it for now) Managing the unit number space this way removes the need to use rman(9) to do so in the drivers this greatly simplifies the code in the drivers because even using rman(9) they still needed to manage their dev_t's anyway. I have taken the if_tun, if_tap, snp and nmdm drivers through the mill, partly because they (ab)used makedev(), but mostly because together they represent three different problems for device-cloning: if_tun and snp is the plain case: just give me a device. if_tap has two kinds of devices, with a flag for device type. nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
free(cd, M_DEVBUF);
*cdp = NULL;
}
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
static TAILQ_HEAD(, cdev_priv) dev_ddtr =
TAILQ_HEAD_INITIALIZER(dev_ddtr);
static struct task dev_dtr_task;
static void
destroy_dev_tq(void *ctx, int pending)
{
struct cdev_priv *cp;
struct cdev *dev;
void (*cb)(void *);
void *cb_arg;
dev_lock();
while (!TAILQ_EMPTY(&dev_ddtr)) {
cp = TAILQ_FIRST(&dev_ddtr);
dev = &cp->cdp_c;
KASSERT(cp->cdp_flags & CDP_SCHED_DTR,
("cdev %p in dev_destroy_tq without CDP_SCHED_DTR", cp));
TAILQ_REMOVE(&dev_ddtr, cp, cdp_dtr_list);
cb = cp->cdp_dtr_cb;
cb_arg = cp->cdp_dtr_cb_arg;
destroy_devl(dev);
Fix two races in the handling of the d_gianttrick for the D_NEEDGIANT drivers. In the giant_XXX wrappers for the device methods of the D_NEEDGIANT drivers, do not dereference the cdev->si_devsw. It is racing with the destroy_devl() clearing of the si_devsw. Instead, use the dev_refthread() and return ENXIO for the destroyed device. [1] The check for the D_INIT in the prep_cdevsw() was not synchronized with the call of the fini_cdevsw() in destroy_devl(), that under rapid device creation/destruction may result in the use of uninitialized cdevsw [2]. Change the protocol for the prep_cdevsw(), requiring it to be called under dev_mtx, where the check for D_INIT is done. Do not free the memory allocated for the gianttrick cdevsw while holding the dev_mtx, put it into the free list to be freed later. Reuse the d_gianttrick pointer to keep the size and layout of the struct cdevsw (requested by phk). Free the memory in the dev_unlock_and_free(), and do all the free after the dev_mtx is dropped (suggested by jhb). Reported by: bsdimp + many [1], pho [2] Reviewed by: phk, jhb Tested by: pho MFC after: 1 week
2008-03-17 13:17:10 +00:00
dev_unlock_and_free();
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
dev_rel(dev);
if (cb != NULL)
cb(cb_arg);
dev_lock();
}
dev_unlock();
}
Rev. 1.204 and 1.205 got an erronous version of destroy_dev() that calls destroy_dev_sched() with cdev mutex locked. Commit the code that was actually tested. Pointy hat to: kib Approved by: re (implicit)
2007-07-03 18:18:30 +00:00
/*
* devmtx shall be locked on entry. devmtx will be unlocked after
* function return.
*/
static int
destroy_dev_sched_cbl(struct cdev *dev, void (*cb)(void *), void *arg)
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
{
struct cdev_priv *cp;
Rev. 1.204 and 1.205 got an erronous version of destroy_dev() that calls destroy_dev_sched() with cdev mutex locked. Commit the code that was actually tested. Pointy hat to: kib Approved by: re (implicit)
2007-07-03 18:18:30 +00:00
mtx_assert(&devmtx, MA_OWNED);
Struct cdev is always the member of the struct cdev_priv. When devfs needed to promote cdev to cdev_priv, the si_priv pointer was followed. Use member2struct() to calculate address of the wrapping cdev_priv. Rename si_priv to __si_reserved. Tested by: pho Reviewed by: ed MFC after: 2 weeks
2008-06-16 17:34:59 +00:00
cp = cdev2priv(dev);
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
if (cp->cdp_flags & CDP_SCHED_DTR) {
dev_unlock();
return (0);
}
dev_refl(dev);
cp->cdp_flags |= CDP_SCHED_DTR;
cp->cdp_dtr_cb = cb;
cp->cdp_dtr_cb_arg = arg;
TAILQ_INSERT_TAIL(&dev_ddtr, cp, cdp_dtr_list);
dev_unlock();
taskqueue_enqueue(taskqueue_swi_giant, &dev_dtr_task);
return (1);
}
Rev. 1.204 and 1.205 got an erronous version of destroy_dev() that calls destroy_dev_sched() with cdev mutex locked. Commit the code that was actually tested. Pointy hat to: kib Approved by: re (implicit)
2007-07-03 18:18:30 +00:00
int
destroy_dev_sched_cb(struct cdev *dev, void (*cb)(void *), void *arg)
{
dev_lock();
return (destroy_dev_sched_cbl(dev, cb, arg));
}
Since rev. 1.199 of sys/kern/kern_conf.c, the thread that calls destroy_dev() from d_close() cdev method would self-deadlock. devfs_close() bump device thread reference counter, and destroy_dev() sleeps, waiting for si_threadcount to reach zero for cdev without d_purge method. destroy_dev_sched() could be used instead from d_close(), to schedule execution of destroy_dev() in another context. The destroy_dev_sched_drain() function can be used to drain the scheduled calls to destroy_dev_sched(). Similarly, drain_dev_clone_events() drains the events clone to make sure no lingering devices are left after dev_clone event handler deregistered. make_dev_credf(MAKEDEV_REF) function should be used from dev_clone event handlers instead of make_dev()/make_dev_cred() to ensure that created device has reference counter bumped before cdev mutex is dropped inside make_dev(). Reviewed by: tegge (early versions), njl (programming interface) Debugging help and testing by: Peter Holm Approved by: re (kensmith)
2007-07-03 17:42:37 +00:00
int
destroy_dev_sched(struct cdev *dev)
{
return (destroy_dev_sched_cb(dev, NULL, NULL));
}
void
destroy_dev_drain(struct cdevsw *csw)
{
dev_lock();
while (!LIST_EMPTY(&csw->d_devs)) {
msleep(&csw->d_devs, &devmtx, PRIBIO, "devscd", hz/10);
}
dev_unlock();
}
void
drain_dev_clone_events(void)
{
sx_xlock(&clone_drain_lock);
sx_xunlock(&clone_drain_lock);
}
static void
devdtr_init(void *dummy __unused)
{
TASK_INIT(&dev_dtr_task, 0, destroy_dev_tq, NULL);
}
SYSINIT(devdtr, SI_SUB_DEVFS, SI_ORDER_SECOND, devdtr_init, NULL);
Reference in New Issue Copy Permalink