Commit Graph

5463 Commits

Author SHA1 Message Date
Poul-Henning Kamp
8c5d013757 Fix mis-indentation.
Spotted by:	FlexeLint
2002-10-02 09:09:25 +00:00
Scott Long
316ec49abd Some kernel threads try to do significant work, and the default KSTACK_PAGES
doesn't give them enough stack to do much before blowing away the pcb.
This adds MI and MD code to allow the allocation of an alternate kstack
who's size can be speficied when calling kthread_create.  Passing the
value 0 prevents the alternate kstack from being created.  Note that the
ia64 MD code is missing for now, and PowerPC was only partially written
due to the pmap.c being incomplete there.
Though this patch does not modify anything to make use of the alternate
kstack, acpi and usb are good candidates.

Reviewed by:	jake, peter, jhb
2002-10-02 07:44:29 +00:00
Robert Watson
92dbb82a47 Add a new MAC entry point, mac_thread_userret(td), which permits policy
modules to perform MAC-related events when a thread returns to user
space.  This is required for policies that have floating process labels,
as it's not always possible to acquire the process lock at arbitrary
points in the stack during system call processing; process labels might
represent traditional authentication data, process history information,
or other data.

LOMAC will use this entry point to perform the process label update
prior to the thread returning to userspace, when plugged into the MAC
framework.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-02 02:42:38 +00:00
Juli Mallett
1d9c56964d Back our kernel support for reliable signal queues.
Requested by:	rwatson, phk, and many others
2002-10-01 17:15:53 +00:00
John Baldwin
feb2449610 Minor style nits in a comment. 2002-10-01 15:49:32 +00:00
Poul-Henning Kamp
8d3574c7a4 Fix some harmless mis-indents.
Spotted by:	FlexeLint
2002-10-01 15:48:31 +00:00
Poul-Henning Kamp
328048bc56 Remember to include "opt_devfs.h" so we get any relevant changes
to NDEVFSINO before we include devfs.h.

Spotted by:	FlexeLint
2002-10-01 15:24:35 +00:00
John Baldwin
6cae6dacd5 Various style fixups.
Submitted by:	bde (mostly)
2002-10-01 14:16:50 +00:00
John Baldwin
f6ccde8308 Actually clear PS_XCPU in ast() when we handle it.
Submitted by:	bde
Pointy hat to:	jhb
2002-10-01 14:13:13 +00:00
John Baldwin
1d56414515 - Adjust comment noting that handling of CPU limit exhaustion is done in
ast().
- Actually set KEF_ASTPENDING so ast() is called.  I think this is buggy
  for a process with multiple KSE's in that PS_XCPU is not a KSE event,
  it's a process-wide event.  IMO there really should probably be two
  ASTPENDING flags, one for per-process, and one for per-KSE.

Submitted by:	bde
2002-10-01 14:10:08 +00:00
Poul-Henning Kamp
fa15abd8a6 Don't #error if we are lint. 2002-10-01 13:15:11 +00:00
Poul-Henning Kamp
3bb24c35f2 Split MBR and PC98 on-disk sliceformats out from disklabel.h, step 1:
Peter had repocopied sys/disklabel.h to sys/diskpc98.h and sys/diskmbr.h.

These two new copies are still intact copies of disklabel.h and
therefore protected by #ifndef _SYS_DISKLABEL_H_ so #including them
in programs which already include <sys.disklabel.h> is currently a
no-op.

This commit adds a number of such #includes.

Once I have verified that I have fixed all the places which need fixing,
I will commit the updated versions of the three #include files.

Sponsored by:   DARPA & NAI Labs.
2002-10-01 07:24:55 +00:00
Robert Watson
1aa37f5392 Improve locking of pipe mutexes in the context of MAC:
(1) Where previously the pipe mutex was selectively grabbed during
    pipe_ioctl(), now always grab it and then release if if not
    needed.  This protects the call to mac_check_pipe_ioctl() to
    make sure the label remains consistent.  (Note: it looks
    like sigio locking may be incorrect for fgetown() since we
    call it not-by-reference and sigio locking assumes call by
    reference).

(2) In pipe_stat(), lock the pipe if MAC is compiled in so that
    the call to mac_check_pipe_stat() gets a locked pipe to
    protect label consistency.  We still release the lock before
    returning actual stat() data, risking inconsistency, but
    apparently our pipe locking model accepts that risk.

(3) In various pipe MAC authorization checks, assert that the pipe
    lock is held.

(4) Grab the lock when performing a pipe relabel operation, and
    assert it a little deeper in the stack.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-01 04:30:19 +00:00
Robert Watson
6be0c25e4e Push 'security.mac.debug_label_fallback' behind options MAC_DEBUG.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-10-01 03:24:20 +00:00
Juli Mallett
7bf2a42fd5 Until I find a way to release arbitrary locks held when sending signals (there
really should not be some), use the M_NOWAIT flag to malloc(9), and panic(9)
if malloc(9) fails.
2002-10-01 03:19:49 +00:00
Robert Watson
d0bd8ced91 Regen. 2002-10-01 02:37:35 +00:00
Robert Watson
4499985ef2 Reserve system call numbers for the following system calls:
__mac_get_pid		Retrieve MAC label of a process by pid

Similar to __mac_get_proc() except that the target process of
the operation is explicitly specified rather than assuming
curthread.

__mac_get_link		Retrieve MAC label of a path with NOFOLLOW
__mac_set_link		Set MAC label of a path with NOFOLLOW
extattr_set_link	Set EAs on a path with NOFOLLOW
extattr_get_link	Retrieve EAs on a path with NOFOLLOW
extattr_delete_link	Delete EAs on a path with NOFOLLOW

These calls are similar to __mac_get_file(), __mac_set_file(),
extattr_set_file(), extattr_get_file(), and extattr_delete_file(),
except that they do not follow symlinks.  The distinction between
these calls is similar to lchown() vs chown().

Implementations to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-01 02:35:59 +00:00
Juli Mallett
a88b260a86 Back out code changes that snuck into the previous forced commit. 2002-10-01 00:16:17 +00:00
Juli Mallett
226e1171e1 (Forced commit, to clarify previous commit of ksiginfo/signal queue code.)
I've added a structure, kernel-private, to represent a pending or in-delivery
signal, called `ksiginfo'.  It is roughly analogous to the basic information
that is exported by the POSIX interface 'siginfo_t', but more basic.  I've
added functions to allocate these structures, and further to wrap all signal
operations using them.

Once the operations are wrapped, I've added a TailQ (see queue(3)) of these
structures to 'struct proc', and all pending signals are in that TailQ.  When
a signal is being delivered, it is dequeued from the list.  Once I finish
the spreading of ksiginfo throughout the tree, the dequeued structure will be
delivered to the process in question, whereas currently and normally, the
signal number is what is used.
2002-10-01 00:07:28 +00:00
John Baldwin
dc183990ca - Add a new per-process flag PS_XCPU to indicate that at least one thread
has exceeded its CPU time limit.
- In mi_switch(), set PS_XCPU when the CPU time limit is exceeded.
- Perform actual CPU time limit exceeded work in ast() when PS_XCPU is set.

Requested by:	many
2002-09-30 21:13:54 +00:00
John Baldwin
f4cd8f9ff4 Change p_cpulimit to be in seconds instead of microseconds. Since
p_runtime now is a bintime, it is no longer an optimization to store
p_cpulimit as microseconds.

Suggested by:	phk
2002-09-30 21:08:38 +00:00
Robert Watson
0626774f08 Move vnode MAC label initialization to after the release of the vnode
interlock in getnewvnode() to avoid possible sleeps while holding
the mutex.  Note that the warning from Witness is a slight false
positive since we know there will be no contention on the interlock
since we haven't made the vnode available for use yet, but the theory
is not a bad one.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-09-30 20:51:48 +00:00
Robert Watson
c031391bd5 Add tunables for the existing sysctl twiddles for pipe and vm
enforcement so they can be disabled prior to kernel start.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-09-30 20:50:00 +00:00
Juli Mallett
1226f694e6 First half of implementation of ksiginfo, signal queues, and such. This
gets signals operating based on a TailQ, and is good enough to run X11,
GNOME, and do job control.  There are some intricate parts which could be
more refined to match the sigset_t versions, but those require further
evaluation of directions in which our signal system can expand and contract
to fit our needs.

After this has been in the tree for a while, I will make in kernel API
changes, most notably to trapsignal(9) and sendsig(9), to use ksiginfo
more robustly, such that we can actually pass information with our
(queued) signals to the userland.  That will also result in using a
struct ksiginfo pointer, rather than a signal number, in a lot of
kern_sig.c, to refer to an individual pending signal queue member, but
right now there is no defined behaviour for such.

CODAFS is unfinished in this regard because the logic is unclear in
some places.

Sponsored by:	New Gold Technology
Reviewed by:	bde, tjr, jake [an older version, logic similar]
2002-09-30 20:20:22 +00:00
Poul-Henning Kamp
50c2233141 Plug memory leaks.
Detected by:	FlexeLint
Approved by:	jhb
2002-09-30 19:19:47 +00:00
Julian Elischer
2735483034 uh, commit all of the patch 2002-09-29 23:28:58 +00:00
Julian Elischer
e081731767 commit the version I actually tested..
Submitted by:	davidxu
2002-09-29 23:23:25 +00:00
Julian Elischer
9eb1fdea37 Implement basic KSE loaning. This stops a hread that is blocked in BOUND mode
from stopping another thread from completing a syscall, and this allows it to
release its resources etc. Probably more related commits to follow (at least
one I know of)

Initial concept by: julian, dillon
Submitted by:	davidxu
2002-09-29 23:04:34 +00:00
David E. O'Brien
21b68415cd Fix style nit where conditionally compiled code was unconditionalized,
but style(9) was consulted.

Submitted by:	bde
2002-09-29 04:47:41 +00:00
Julian Elischer
0cd3964f6d lock proc while calling psignal
(plus related cleanups)

Submitted by:	davidxu
2002-09-29 02:48:37 +00:00
Poul-Henning Kamp
651dde1b81 Move includ of <sys/bus_priate.h> later to get semantic identity of
device_t the same throughout kernel.

This is a very fine point of C which fortunatly does not make any
difference in normal circumstances but which due to the pervasiveness
of device_t in the kernel can make a lint barf a lot.
2002-09-28 21:38:35 +00:00
Poul-Henning Kamp
2f9752e95e Change a return to a break so the local buffers get properly freeed.
Spotte by:	FlexeLint

Reviewed by:	rwatson
2002-09-28 21:34:31 +00:00
Poul-Henning Kamp
53cc479393 Remove unused includes.
Clarify the intention of a while();
Move a local variable to avoid potential name-confusion.
2002-09-28 17:46:30 +00:00
Poul-Henning Kamp
37c841831f Be consistent about "static" functions: if the function is marked
static in its prototype, mark it static at the definition too.

Inspired by:    FlexeLint warning #512
2002-09-28 17:15:38 +00:00
Poul-Henning Kamp
54286a04c5 Correctly order VI_UNLOCK(), local variables and block comment. 2002-09-28 12:15:44 +00:00
Julian Elischer
165d2b993c Rewrite the kse_create() function to better aproach the semantics we
have specified in the design.
2002-09-28 08:44:31 +00:00
Jake Burkholder
169d513cb4 Add a workaround for what seems to be confusion between binutils and the
sparc v9 ABI.  The Elf_Rela records for local symbols appear to already
have the symbol's value added in to the addend field, even though the ABI
specifies we need to lookup the symbol and add its value too.  This breaks
text relocations in klds because the symbol's value is added twice, and
the resulting address points off into nowhere land, so for now just use
the addend.

Tested by:	rwatson
2002-09-27 23:12:53 +00:00
Poul-Henning Kamp
ca916247cd Rename struct specinfo to the more appropriate struct cdev.
Agreed on:	jake, rwatson, jhb
2002-09-27 18:27:10 +00:00
Julian Elischer
3d0586d4f2 Redo how completing threads pass their state to userland
if they are not going to cross over themselves. Also change how the list of
completed user threads is tracked and passed to the KSE. This is not
a change in design but rather the implementation of what was originally
envisionned.
2002-09-27 07:11:11 +00:00
Poul-Henning Kamp
3c275c19c4 Under DIAGNOSTIC, complain if ENOIOCTL leaks out through VOP_IOCTL(). 2002-09-26 21:21:13 +00:00
Poul-Henning Kamp
089cf428da Make biowait() check bio_error before the BIO_ERROR flag, to propery
catch internal GEOM use of bio_error.

Sponsored by:	DARPA & NAI Labs.
2002-09-26 16:32:14 +00:00
Jeff Roberson
a414302f90 - Export the alq daemon thread pointer.
- Don't log ktr events from the alq daemon.
2002-09-26 07:38:56 +00:00
Jeff Roberson
6423c9433c - Move ASSERT_VOP_*LOCK* functionality into functions in vfs_subr.c
- Make the VI asserts more orthogonal to the rest of the asserts by using a
   new, common vfs_badlock() function and adding a 'str' arg.
 - Adjust generated ASSERTS to match the new prototype.
 - Adjust explicit ASSERTS to match the new prototype.
2002-09-26 04:48:44 +00:00
Jeff Roberson
6fc15f9bdf - We don't need any automated lock checking for vop_islocked. 2002-09-26 00:31:16 +00:00
Archie Cobbs
89def71cbd Make the following name changes to KSE related functions, etc., to better
represent their purpose and minimize namespace conflicts:

	kse_fn_t		-> kse_func_t
	struct thread_mailbox	-> struct kse_thr_mailbox
	thread_interrupt()	-> kse_thr_interrupt()
	kse_yield()		-> kse_release()
	kse_new()		-> kse_create()

Add missing declaration of kse_thr_interrupt() to <sys/kse.h>.
Regenerate the various generated syscall files. Minor style fixes.

Reviewed by:	julian
2002-09-25 18:10:42 +00:00
Bruce Evans
ac0653dcc8 Round up instead of towards 0 in clock_getres() so that a resolution of
0 is never returned.

PR:		41781
MFC after:	3 days
2002-09-25 12:00:38 +00:00
Jeff Roberson
6cb8bf2027 - Lock down the syncer with sync_mtx.
- Enable vfs_badlock_mutex by default.
 - Assert that the vp is locked in VOP_UNLOCK.
 - Use standard interlock macros in remaining code.
 - Correct a race in getnewvnode().
 - Lock access to v_numoutput with interlock.
 - Lock access to buf lists and splay tree with interlock.
 - Add VOP and VI asserts.
 - Lock b_vnbufs with the vnode interlock.
 - Add vrefcnt() for callers who want to retreive the vnode ref without
   holding a lock.  Add a comment that describes when this is safe.
 - Add vholdl() and vdropl() so that callers who already own the interlock
   can avoid race conditions and unnecessary unlocking.
 - Move the VOP_GETATTR() in vflush() into the WRITECLOSE conditional case.
 - Hold the interlock before droping the mntlist_mtx in vflush() to avoid
   a race.
 - Fix locking in vfs_msync().
2002-09-25 02:22:21 +00:00
Jeff Roberson
d40a8125f5 - Properly lock v_vflags in getdirents(). 2002-09-25 02:13:38 +00:00
Jeff Roberson
d64370cb30 - Use incore() where no other interlock locking is necessary.
- Lock access to numoutput.
2002-09-25 02:12:32 +00:00
Jeff Roberson
b7227b7712 - Lock accesses to v_numoutput.
- Lock calls to gbincore.
2002-09-25 02:11:37 +00:00