Commit Graph

123241 Commits

Author SHA1 Message Date
Poul-Henning Kamp
3586fcede9 Overlooked that src.conf was built from here. 2006-04-01 18:34:30 +00:00
Poul-Henning Kamp
c82053233c Have WITHOUT_BIND_MTREE imply WITHOUT_BIND_ETC 2006-04-01 18:11:42 +00:00
Robert Watson
76666abc12 White space consistency with kasserts. Minor style tweaks.
MFC after:	3 months
2006-04-01 16:54:37 +00:00
Robert Watson
623dce13c6 Update TCP for infrastructural changes to the socket/pcb refcount model,
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, the receive
  code no longer requires the pcbinfo lock, and the send code only
  requires it if building a new connection on an otherwise unconnected
  socket triggered via sendto() with an address.  This should
  significnatly reduce tcbinfo lock contention in the receive and send
  cases.

- In order to support the invariant that so_pcb != NULL, it is now
  necessary for the TCP code to not discard the tcpcb any time a
  connection is dropped, but instead leave the tcpcb until the socket
  is shutdown.  This case is handled by setting INP_DROPPED, to
  substitute for using a NULL so_pcb to indicate that the connection
  has been dropped.  This requires the inpcb lock, but not the pcbinfo
  lock.

- Unlike all other protocols in the tree, TCP may need to retain access
  to the socket after the file descriptor has been closed.  Set
  SS_PROTOREF in tcp_detach() in order to prevent the socket from being
  freed, and add a flag, INP_SOCKREF, so that the TCP code knows whether
  or not it needs to free the socket when the connection finally does
  close.  The typical case where this occurs is if close() is called on
  a TCP socket before all sent data in the send socket buffer has been
  transmitted or acknowledged.  If INP_SOCKREF is found when the
  connection is dropped, we release the inpcb, tcpcb, and socket instead
  of flagging INP_DROPPED.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Annotate the existence of a long-standing race in the TCP timer code,
  in which timers are stopped but not drained when the socket is freed,
  as waiting for drain may lead to deadlocks, or have to occur in a
  context where waiting is not permitted.  This race has been handled
  by testing to see if the tcpcb pointer in the inpcb is NULL (and vice
  versa), which is not normally permitted, but may be true of a inpcb
  and tcpcb have been freed.  Add a counter to test how often this race
  has actually occurred, and a large comment for each instance where
  we compare potentially freed memory with NULL.  This will have to be
  fixed in the near future, but requires is to further address how to
  handle the timer shutdown shutdown issue.

- Several TCP calls no longer potentially free the passed inpcb/tcpcb,
  so no longer need to return a pointer to indicate whether the argument
  passed in is still valid.

- Un-macroize debugging and locking setup for various protocol switch
  methods for TCP, as it lead to more obscurity, and as locking becomes
  more customized to the methods, offers less benefit.

- Assert copyright on tcp_usrreq.c due to significant modifications that
  have been made as part of this work.

These changes significantly modify the memory management and connection
logic of our TCP implementation, and are (as such) High Risk Changes,
and likely to contain serious bugs.  Please report problems to the
current@ mailing list ASAP, ideally with simple test cases, and
optionally, packet traces.

MFC after:	3 months
2006-04-01 16:36:36 +00:00
Poul-Henning Kamp
f07de1474c Make WITHOUT_DYNAMICROOT=foo work again: remember to reference
libbsdxml and libsbuf.
2006-04-01 16:34:45 +00:00
Robert Watson
14ba8add01 Update in_pcb-derived basic socket types following changes to
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, in protocol
  shutdown methods, and in raw IP send.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Invoke in_pcbfree() after in_pcbdetach() in order to free the
  detached in_pcb structure for a socket.

MFC after:	3 months
2006-04-01 16:20:54 +00:00
Robert Watson
4c7c478d0f Break out in_pcbdetach() into two functions:
- in_pcbdetach(), which removes the link between an inpcb and its
  socket.

- in_pcbfree(), which frees a detached pcb.

Unlike the previous in_pcbdetach(), neither of these functions will
attempt to conditionally free the socket, as they are responsible only
for managing in_pcb memory.  Mirror these changes into in6_pcbdetach()
by breaking it into in6_pcbdetach() and in6_pcbfree().

While here, eliminate undesired checks for NULL inpcb pointers in
sockets, as we will now have as an invariant that sockets will always
have valid so_pcb pointers.

MFC after:	3 months
2006-04-01 16:04:42 +00:00
Robert Watson
0154484bef In raw and raw-derived socket types, maintain and enforce invariant that
the so_pcb pointer on the socket is always non-NULL.  This eliminates
countless unnecessary error checks, replacing them with assertions.

MFC after:	3 months
2006-04-01 15:55:44 +00:00
Hajimu UMEMOTO
3c3c80e4c8 fix indent. 2006-04-01 15:53:39 +00:00
Robert Watson
bc725eafc7 Chance protocol switch method pru_detach() so that it returns void
rather than an error.  Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF.  so_pcb is now entirely owned and
managed by the protocol code.  Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit.  In their current state they may leak
memory or panic.

MFC after:	3 months
2006-04-01 15:42:02 +00:00
Robert Watson
f7f45ac8e2 Annotate uses of fgetsock() with indications that they should rely
on their existing file descriptor references to sockets, rather than
use fgetsock() to retrieve a direct socket reference.

MFC after:	3 months
2006-04-01 15:25:01 +00:00
Robert Watson
ac45e92ff2 Change protocol switch pru_abort() API so that it returns void rather
than an int, as an error here is not meaningful.  Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.

This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit.  This will be corrected shortly in followup
commits to these components.

MFC after:      3 months
2006-04-01 15:15:05 +00:00
Christian Brueffer
c66235a6ab Convert the SYNOPSIS section to look like the ones used in other driver
manpages, mention module support.

MFC after:	3 days
2006-04-01 11:21:00 +00:00
Robert Watson
fa4c5373ce Add comment to accept1() that it should use getsock() instead of fgetsock()
to avoid additional mutex operations, and also to avoid use of soref/sorele
which are now not preferred.

MFC after:	3 months
2006-04-01 11:14:56 +00:00
Robert Watson
197b35d717 Mark fgetsock() and fputsock() as depcrecated: callers should rely on
the file descriptor reference, rather than paying additional lock
operations to acquire a socket reference from the file descriptor.
This will also help to ensure that file descriptor based socket
requests are not delivered to a socket after close.  Most consumers
have already been converted to this model.

MFC after:	3 months
2006-04-01 11:09:54 +00:00
Christian Brueffer
449e2f5c77 Convert the SYNOPSIS section to look like the ones used in other driver
manpages, mention module support.
Also add the crypto and cryptodev devices as the drivers are kind of useless
without them.

MFC after:	3 days
2006-04-01 10:56:36 +00:00
Christian Brueffer
1f12b08ab4 Convert the SYNOPSIS section to look like the ones used in other driver
manpages.

MFC after:	3 days
2006-04-01 10:55:00 +00:00
Robert Watson
c43a4e8a83 Add a comment describing SS_PROTOREF in detail. This will eventually be
in socket(9).

MFC after:	3 months
2006-04-01 10:54:51 +00:00
Robert Watson
7f689de232 Assert so->so_pcb is NULL in sodealloc() -- the protocol state should not
be present at this point.  We will eventually remove this assert because
the socket layer should never look at so_pcb, but for now it's a useful
debugging tool.

MFC after:	3 months
2006-04-01 10:45:52 +00:00
Robert Watson
220c1357ed Add a somewhat sizable comment documenting the semantics of various kernel
socket calls relating to the creation and destruction of sockets.  This
will eventually form the foundation of socket(9), but is currently in too
much flux to do so.

MFC after:	3 months
2006-04-01 10:43:02 +00:00
Christian Brueffer
7573f75456 Convert the SYNOPSIS section to look like the ones used in other driver
manpages.  Don't mention the include file, it's not important for the
operation of this driver.

MFC after:	3 days
2006-04-01 10:37:35 +00:00
Christian Brueffer
c541fe558c Add a standard boilerplate to the SYNOPSIS section that mentions how
to load a kernel module.

MFC after:	3 days
2006-04-01 10:10:36 +00:00
Christian Brueffer
7bffbceefe Mention the module in the synopsis. 2006-04-01 09:55:37 +00:00
Matt Jacob
5e073106d5 Fix some of the previus changes 'better'.
There's something strange going on with async events. They seem
to be be treated differently for different Fusion implementations.
Some will really tell you when it's okay to free the request that
started them.  Some won't. Very disconcerting.

This is particularily bad when the chip (FC in this case) tells you
in the reply that it's not a continuation reply, which means you
can free the request that its associated with. However, if you do
that, I've found that additional async event replies come back for
that message context after you freed it. Very Bad Things Happen.

Put in a reply register debounce. Warn about out of range context
indices. Use more MPILIB defines where possible. Replace bzero with
memset. Add tons more KASSERTS. Do a *lot* more request free list
auditting and serial number usages. Get rid of the warning about
the short IOC Facts Reply.  Go back to 16 bits of context index.

Do a lot more target state auditting as well. Make a tag out
of not only the ioindex but the request index as well and worry
less about keeping a full serial number.
2006-04-01 07:12:18 +00:00
Marcel Moolenaar
a75b305ac6 Build the scc(4) module with EBus and SBus attachments for sparc64
only and build the scc(4) module with MacIO attachment for powerpc.
2006-04-01 04:54:47 +00:00
Marcel Moolenaar
2825701d6c Add the MacIO attachment for scc(4). 2006-04-01 04:53:08 +00:00
Marcel Moolenaar
ffc08b2147 Add a MacIO bus attachment. The Z8530 as present in the Mac needs
a different register shift and is fed by a different clock than
we use for UltraSPARC hardware. To deal with this, the regshft and
rclk fields in the class structure are removed and bus frontends
now pass the right regshft and rclk to the probe function where
they're put in the BAS and passed in to subordinate drivers.
2006-04-01 04:51:56 +00:00
Daniel Eischen
9fe1984e64 Add __gdtoa to the list of FreeBSD private symbols. Unfortunately,
this is used by some 3rd party applications when {e,f,g}cvt() are
not found.  POSIX defines the xcvt() funtions but says they are
deprecated in favor or sprintf().  We'll import these functions
from OpenBSD and remove __gdtoa() from the exported interfaces
when libc version is bumped.
2006-04-01 02:56:09 +00:00
Jeff Roberson
b2282f9a3f - Busy the filesystem in nfs_statfs to prevent us from creating a new
vnode after vflush() has succeeded.  This would cause a dangling vnode
   panic at unmount time otherwise.  Other filesystems may have this problem
   via their VFS_VGET() routines.

Found by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-04-01 01:15:23 +00:00
Jeff Roberson
0af2472199 - Add an assert to vgone. It is illegal to call vgone without a reference
to the vnode.  Without a reference the vnode will never be vdestroy'd
   and the memory will never be reclaimed.

Sponsored by:	Isilon Systems, Inc.
2006-03-31 23:39:26 +00:00
Jeff Roberson
ba5eb429e3 - When there are dangling vnodes at unmount print them before we panic.
Sponsored by:	Isilon Systems, Inc.
2006-03-31 23:38:15 +00:00
Jeff Roberson
23b77994f2 - Add a bogus vhold/vdrop around vgone() in devfs_revoke. Without this
the vnode is never recycled.  It is bogus because the reference really
   should be associated with the devfs dirent.
2006-03-31 23:37:29 +00:00
Maksim Yevmenkin
b643101293 Add kbdmux(4) to GENERIC on amd64
Requested by:	scottl
Tested by:	scottl
2006-03-31 23:04:48 +00:00
Marcel Moolenaar
19ef0b1184 Fix cut-n-paste braino in previous commit: s/puc/scc/g
Pointy hat: marcel@
2006-03-31 21:55:53 +00:00
Scott Long
c2e1d5d04c Remove the USB keyboard hack now that KBDMUX is enabled by default. Allow
it to be disabled if Safe Mode is selected.
2006-03-31 21:36:17 +00:00
Maksim Yevmenkin
9216fccdd9 Add kbdmux(4) to GENERIC
Requested by:	scottl
2006-03-31 19:03:37 +00:00
Marcel Moolenaar
1b0c333020 Add a DRIVER_MODULE declaration for fhc(4) as this attachement is
also used for the FHC bus.

Pointed out by: marius@
2006-03-31 17:39:49 +00:00
Ruslan Ermilov
d6acfaf5e6 Sort bootstrap-tools entries. 2006-03-31 14:10:35 +00:00
Julian Elischer
905c41b537 Amazing.. two screwups in one commit.
I'm piling on thise pointy hats on top of each other.
At least they nest..
2006-03-31 12:54:17 +00:00
Julian Elischer
dbadd6b028 I can't believe that no-one noticed that I broke ipfw table del
for over a month!
put {}  around if clause with multiple statements
2006-03-31 12:40:09 +00:00
Ariff Abdullah
a1d444e140 MEGA Fixes / Cleanup
--------------------

- Seal the fate of long standing memory leak (4 years, 7 months) during
  pcm_unregister(). While destroying cdevs, scan / detect possible
  children and free its SLIST placeholder properly.
- Optimize channel allocation / numbering even further. Do brute cyclic
  checking only if the channel numbering screwed.
- Mega vchan create/destroy cleanup:
  o Implement pcm_setvchans() so everybody can use it freely instead
    of implementing their own, be it through sysctl or channel auto
    allocation.
  o Increase vchan creation/destruction resiliency:
    + it's possible to increase/decrease total vchans even during
      busy playback/recording. Busy channel will be left alone, untouched.
      Abusive test sample:
      # play whatever...
      #
         while : ; do
           sysctl hw.snd.pcm0.vchans=1
           sysctl hw.snd.pcm0.vchans=10
           sysctl hw.snd.pcm0.vchans=100
           sysctl hw.snd.pcm0.vchans=200
         done
      # Play something else, leave above loop running frantically.
    + Seal another 4 years old bug where it is possible to destroy (virtual)
      channel even when its cdevs being referenced by other process.
      The "First Come First Served" nature of dsp_clone() is the main
      culprit of this issue, and usually manifest itself as dangling
      channel <-> process association. Ensure that all of its cdevs
      are free from being referenced before destroying it (through
      ORPHAN_CDEVT() macross).

All these fixes (including previous fixes) will be MFCed, later.
2006-03-31 10:36:36 +00:00
Ariff Abdullah
9c271eba78 - Increase snddev refcount earlier while accessing through sysctl interface
to avoid possible device unregister race (impossible to reproduce, yet
  possible).
- Extra sanity check to ensure proper parent channel is being selected.
- Reset parent channel once all of its children gone.
2006-03-31 10:27:47 +00:00
Søren Schmidt
cd8a592bb3 Make the ATAPI sense data accessible when using the ioctl interface
MFC candidate.
2006-03-31 08:09:05 +00:00
Jeff Roberson
3bbd6d8ae6 - Release the references acquired by VOP_GETWRITEMOUNT and vfs_getvfs().
Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:54:20 +00:00
Jeff Roberson
94bc95db3c - Hold a reference from the time vfs_busy starts until vfs_unbusy is
called.
 - vfs_getvfs has to return a reference to prevent the returned mountpoint
   from changing identities.
 - Release references acquired via vfs_getvfs.

Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:53:25 +00:00
Jeff Roberson
c5fcce21c5 - GETWRITEMOUNT now returns a referenced mountpoint to prevent its
identity from changing.  This is possible now that mounts are not freed.

Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:52:24 +00:00
Jeff Roberson
a218edceb2 - Allocate mounts from a uma zone that uses UMA_ZONE_NOFREE to prevent
mount memory from being reclaimed.  This resolves a number of race
   conditions described in vfs_default.c and introduced with the
   VFS_LOCK_GIANT macros.
 - Let the mtx and lock remain valid after the mount structure has been
   freed by using init and fini calls.  Technically fini will never be
   called but is included for completeness.
 - Consistently use lockmgr directly rather than lockmgr to lock and
   vfs_unbusy to unlock.

Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:49:51 +00:00
Jeff Roberson
9eee260594 - Define mnt_startzero and mnt_endzero as a range that excludes mnt_mtx
and mnt_lock so that the mountpoint can be explicitly zeroed on
   creation.

Discussed with: tegge
Tested by:      kris
Sponsored by:   Isilon Systems, Inc.
2006-03-31 03:49:16 +00:00
Jeff Roberson
fdf86b2dcd - LK_RETRY means nothing when passed to VOP_LOCK. Call vn_lock instead.
- Move the vn_lock of the dvp until after we've unbusied the filesystem
   to avoid a LOR with the mount point lock.
 - In the v_mountedhere while loop we acquire a new instance of giant each
   time through without releasing the first.  This would cause us to leak
   Giant.

Sponsored by:	Isilon Systems, Inc.
2006-03-31 02:59:23 +00:00
Jeff Roberson
084d64ac21 - Add the B_NEEDSGIANT flag which is only set if the vnode that owns a buf
requires Giant.  It is set in bgetvp and cleared in brelvp.
 - Create QUEUE_DIRTY_GIANT for dirty buffers that require giant.
 - In the buf daemon, only grab giant when processing QUEUE_DIRTY_GIANT and
   only if we think there are buffers in that queue.

Sponsored by:	Isilon Systems, Inc.
2006-03-31 02:56:30 +00:00