Commit Graph

248 Commits

Author SHA1 Message Date
Mike Pritchard
87aabdc126 Add a VNASSERT to vn_close to detect if v_writecount is going
to become negative.  This will detect the underflow when it
happens, instead of having it discovered when the vnode is
taken off the freelist, long after the offending process is long
gone.
2007-02-12 22:53:01 +00:00
Kip Macy
2f6a774be4 change vop_lock handling to allowing tracking of callers' file and line for
acquisition of lockmgr locks

Approved by: scottl (standing in for mentor rwatson)
2006-11-13 05:51:22 +00:00
Robert Watson
acd3428b7d Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
Robert Watson
aed5570872 Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h
begun with a repo-copy of mac.h to mac_framework.h.  sys/mac.h now
contains the userspace and user<->kernel API and definitions, with all
in-kernel interfaces moved to mac_framework.h, which is now included
across most of the kernel instead.

This change is the first step in a larger cleanup and sweep of MAC
Framework interfaces in the kernel, and will not be MFC'd.

Obtained from:	TrustedBSD Project
Sponsored by:	SPARTA
2006-10-22 11:52:19 +00:00
Pawel Jakub Dawidek
92c0849935 Simplify the code and remove two mutex operations.
MFC after:	2 weeks
2006-06-24 22:55:43 +00:00
Paul Saab
6befa6ae1b Allow concurrent read(2)/readv(2) access to a file.
Lock file offset against multiple read calls.

Submitted by:	ups
Obtained from:	Yahoo!
MFC after:	2 weeks
2006-05-16 07:50:54 +00:00
Pawel Jakub Dawidek
122410eea2 vn_start_write() is called only when v_type != VCHR, so corresponding
vn_finished_write() should also be called only then.

BTW. I fixed two functions here: vn_rdwr() and vn_write(). The latter seems
to be unused.

MFC after:	3 weeks
2006-04-28 21:54:05 +00:00
Jeff Roberson
3bbd6d8ae6 - Release the references acquired by VOP_GETWRITEMOUNT and vfs_getvfs().
Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:54:20 +00:00
John Baldwin
861dab08e7 Change vn_open() to honor the MPSAFE flag in the passed in nameidata object
and use that instead of testing fdidx against -1 to determine if it should
release Giant if Giant was locked due to the requested file residing on a
non-MPSAFE VFS.

Discussed with:	jeff
2006-03-28 21:22:08 +00:00
Jeff Roberson
bacb51fb67 - Remove explicit giant acquires and replace it with VFS_LOCK_GIANT.
Sponsored by:	Isilon Systems, Inc.
2006-03-22 00:00:05 +00:00
Christian S.J. Peron
a19fd0e766 Make sure that we are adding a path token to the audit record in open(2).
Do this by making sure we are using the AUDITVNODE1 mask in the namei flags.

Obtained from:	TrustedBSD Project
2006-03-11 17:14:05 +00:00
Tor Egge
ca2fa80767 Block secondary writes while expunging active unlinked files.
Fix detection of active unlinked files by checking VI_OWEINACT and
VI_DOINGINACT in addition to v_usecount.

Defer inactive handling for unlinked files if the file system is mostly
suspended (secondary writes being blocked).

Perform deferred inactive handling after the file system is resumed.
2006-03-11 01:08:37 +00:00
Tor Egge
791dd2fade Use vn_start_secondary_write() and vn_finished_secondary_write() as a
replacement for vn_write_suspend_wait() to better account for secondary write
processing.

Close race where secondary writes could be started after ffs_sync() returned
but before the file system was marked as suspended.

Detect if secondary writes or softdep processing occurred during vnode sync
loop in ffs_sync() and retry the loop if needed.
2006-03-08 23:43:39 +00:00
Dag-Erling Smørgrav
0430a5e289 Eradicate caddr_t from the VFS API. 2005-12-14 00:49:52 +00:00
Jeff Roberson
e8ddb61d38 - Replace the series of DEBUG_LOCKS hacks which tried to save the vn_lock
caller by saving the stack of the last locker/unlocker in lockmgr.  We
   also put the stack in KTR at the moment.

Contributed by:		Antoine Brodin <antoine.brodin@laposte.net>
2005-08-03 04:48:22 +00:00
Jeff Roberson
dbb3ec5ce3 - Remove vnode lock asserts at the end of vfs syscalls. These asserts were
used to ensure that we weren't exiting the syscall with a lock still
   held.  This wasn't safe, however, because we'd already executed a vput()
   and on a loaded system the vnode may have been free'd by the time we
   assert.  This functionality is also handled by the td_locks assert in
   userret, which doesn't tell you what the syscall was, but will at least
   panic before you deadlock.

Sponsored by:   Isilon Systems, Inc.
Discovred by:   Peter Holm
Approved by:	re (blanket vfs)
2005-06-14 01:14:40 +00:00
Jeff Roberson
d598b04d44 - It has long been my suspicion that we don't actually need a loop in
vn_lock().  Add an assert that will help me gain more confidence that this
   is correct.

Sponsored by:	Isilon Systems, Inc.
2005-06-13 00:47:29 +00:00
Jeff Roberson
549817334a - Stop checking vxthread, we've asserted that it was useless for several
weeks.
2005-04-27 09:17:11 +00:00
Jeff Roberson
7625cbf3cc - Pass the ISOPEN flag to namei so filesystems will know we're about to
open them or otherwise access the data.
2005-04-27 09:05:19 +00:00
Jeff Roberson
1b19c74d73 - Assert that we're no longer doing recursive vn_locks in inactive/reclaim
as I'd like to get rid of the vxthread.
 - Handle lock requests which don't actually want a lock as this is a
   much more convenient place to handle this condition than in vget().
   These requests simply want to know that VI_DOOMED isn't set.
 - Correct a test at the end of vn_lock, if error !=0 should be
   if error == 0, this has been broken since I comitted the VI_DOOMED
   changes, but no one ran into it because vget() duplicated this
   functionality.

Sponsored by:	Isilon Systems, Inc.
2005-04-11 09:23:56 +00:00
Christian S.J. Peron
f3e89267c0 Assert that the vnode is locked. This is meant to catch bugs or
mis-use of the vnode API in conditions where IO_NODELOCKED has been
used without the vnode actually being locked.
2005-04-05 01:11:43 +00:00
Jeff Roberson
f247a5240d - LK_NOPAUSE is a nop now.
Sponsored by:   Isilon Systems, Inc.
2005-03-31 04:37:09 +00:00
Jeff Roberson
3e6bcad375 - Remove some long dead LOOKUP_SHARED code that tracked the lock state.
- Always pass LOCKSHARED and rely on namei() to ignore it when
   LOOKUP_SHARED is not set.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:04:35 +00:00
Jeff Roberson
0463dc9ef1 - Do a vn_start_write in vn_close, we may write if this is the last ref
on an unlinked file.  We can't know if this is the case until after we
   have the lock.
 - Lock the vnode in vn_close, many filesystems had code which was unsafe
   without the lock held, and holding it greatly simplifies vgone().
 - Adjust vn_lock() to check for the VI_DOOMED flag where appropriate.

Sponsored by:	Isilon Systems, Inc.
2005-03-13 11:56:28 +00:00
Christian S.J. Peron
cd13819433 Add locking assertions into vn_extattr_set, vn_extattr_get and
vn_extattr_rm. This is meant to catch conditions where IO_NODELOCKED
has been specified without the vnode being locked.

Discussed with:	rwatson
MFC after:	1 week
2005-02-24 00:13:16 +00:00
Poul-Henning Kamp
4d8ac58b05 Introduce vx_wait{l}() and use it instead of home-rolled versions. 2005-02-17 10:49:51 +00:00
Poul-Henning Kamp
dcff5b1440 Don't call VOP_CREATEVOBJECT(), it's the responsibility of the
filesystem which owns the vnode.
2005-01-24 23:53:54 +00:00
Jeff Roberson
f50a2d5e2d - Remove GIANT_REQUIRED where giant is no longer required.
- Protect access to mnt_kern_flag with the mountpoint mutex.
 - Use the appropriate nd flags to deal with giant in vn_open_cred().
   We currently determine whether the caller is mpsafe by checking
   for a valid fdidx.  Any caller coming from user-space is now
   mpsafe and supplies a valid fd.  No kenrel callers have been
   converted to mpsafe, so this check is sufficient for now.
 - Use VFS_LOCK_GIANT instead of manual giant acquisition where
   appropriate.

Sponsored By:	Isilon Systems, Inc.
2005-01-24 10:31:42 +00:00
Poul-Henning Kamp
e39db32ab0 Ditch vfs_object_create() and make the callers call VOP_CREATEVOBJECT()
directly.
2005-01-13 12:25:19 +00:00
Poul-Henning Kamp
8df6bac4c7 Remove the unused credential argument from VOP_FSYNC() and VFS_SYNC().
I'm not sure why a credential was added to these in the first place, it is
not used anywhere and it doesn't make much sense:

	The credentials for syncing a file (ability to write to the
	file) should be checked at the system call level.

	Credentials for syncing one or more filesystems ("none")
	should be checked at the system call level as well.

	If the filesystem implementation needs a particular credential
	to carry out the syncing it would logically have to the
	cached mount credential, or a credential cached along with
	any delayed write data.

Discussed with:	rwatson
2005-01-11 07:36:22 +00:00
Warner Losh
9454b2d864 /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
Poul-Henning Kamp
18dc737317 Ok, first blunder: ioctls are not entirely unused on vnodes anymore :-)
Add dropped call to VOP_IOCTL().
2004-11-18 17:15:04 +00:00
Poul-Henning Kamp
a0fbccc9e7 Push Giant down through ioctl.
Don't grab Giant in the upper syscall/wrapper code

NET_LOCK_GIANT in the socket code (sockets/fifos).

mtx_lock(&Giant) in the vnode code.

mtx_lock(&Giant) in the opencrypto code.  (This may actually not be
needed, but better safe than sorry).

Devfs grabs Giant if the driver is marked as needing Giant.
2004-11-17 09:09:55 +00:00
Poul-Henning Kamp
db446e30cc Push Giant down through select and poll.
Don't grab Giant in the upper syscall/wrapper code

NET_LOCK_GIANT in the socket code (sockets/fifos).

mtx_lock(&Giant) in the vnode code.

Devfs grabs Giant if the driver is marked as needing Giant.
2004-11-17 08:01:10 +00:00
Poul-Henning Kamp
f608397595 Give vn_poll single exit point (to make it easier to insert
"mtx_unlock(&Giant)" real soon now).
2004-11-15 21:56:42 +00:00
Poul-Henning Kamp
c5b846fe8e Slim vnodes by another four bytes by eliminating the (now) unused field
v_cachedid.
2004-11-10 07:31:06 +00:00
Poul-Henning Kamp
b797084e48 Remove vnode->v_cachedfs.
It was only used for the highly dangerous "export all vnodes with a sysctl"
function.
2004-11-09 22:51:03 +00:00
Poul-Henning Kamp
5d9d81e7ea Put the I/O block size in bufobj->bo_bsize.
We keep si_bsize_phys around for now as that is the simplest way to pull
the number out of disk device drivers in devfs_open().  The correct solution
would be to do an ioctl(DIOCGSECTORSIZE), but the point is probably mooth
when filesystems sit on GEOM, so don't bother for now.
2004-10-26 07:39:12 +00:00
Poul-Henning Kamp
9b7cc97f6c Remove unused si_bsize_best field from struct cdev. 2004-10-26 06:53:00 +00:00
Poul-Henning Kamp
6e8d420249 Hold dev_lock and check for NULL devsw pointer when we service FIODTYPE ioctl. 2004-09-24 06:16:48 +00:00
Poul-Henning Kamp
90a660e199 If a vnode has no v_rdev we cannot hope to answer FIODTYPE ioctl. 2004-09-21 08:33:05 +00:00
John-Mark Gurney
ad3b9257c2 Add locking to the kqueue subsystem. This also makes the kqueue subsystem
a more complete subsystem, and removes the knowlege of how things are
implemented from the drivers.  Include locking around filter ops, so a
module like aio will know when not to be unloaded if there are outstanding
knotes using it's filter ops.

Currently, it uses the MTX_DUPOK even though it is not always safe to
aquire duplicate locks.  Witness currently doesn't support the ability
to discover if a dup lock is ok (in some cases).

Reviewed by:	green, rwatson (both earlier versions)
2004-08-15 06:24:42 +00:00
Robert Watson
db532b63c2 Flag a broad range of VFS operations as GIANT_REQUIRED in order to
catch leaking into VFS without Giant.

Inch Giant a little lower in several file descriptor operations on
vnodes to cover only VFS operations that need it, rather than file
flag reading, etc.
2004-08-06 22:25:35 +00:00
Robert Watson
a6719c82b1 Push Giant acquisition down into fo_stat() from most callers. Acquire
Giant conditional on debug.mpsafenet in the socket soo_stat() routine,
unconditionally in vn_statfile() for VFS, and otherwise don't acquire
Giant.  Accept an unlocked read in kqueue_stat(), and cryptof_stat() is
a no-op.  Don't acquire Giant in fstat() system call.

Note: in fdescfs, fo_stat() is called while holding Giant due to the VFS
stack sitting on top, and therefore there will still be Giant recursion
in this case.
2004-07-22 20:40:23 +00:00
Robert Watson
1c1ce9253f Push acquisition of Giant from fdrop_closed() into fo_close() so that
individual file object implementations can optionally acquire Giant if
they require it:

- soo_close(): depends on debug.mpsafenet
- pipe_close(): Giant not acquired
- kqueue_close(): Giant required
- vn_close(): Giant required
- cryptof_close(): Giant required (conservative)

Notes:

  Giant is still acquired in close() even when closing MPSAFE objects
  due to kqueue requiring Giant in the calling closef() code.
  Microbenchmarks indicate that this removal of Giant cuts 3%-3% off
  of pipe create/destroy pairs from user space with SMP compiled into
  the kernel.

  The cryptodev and opencrypto code appears MPSAFE, but I'm unable to
  test it extensively and so have left Giant over fo_close().  It can
  probably be removed given some testing and review.
2004-07-22 18:35:43 +00:00
Marcel Moolenaar
32240d082c Update for the KDB framework:
o  Call kdb_enter() instead of Debugger().
2004-07-10 21:47:53 +00:00
Tim J. Robbins
f99619a0dc Change the types of vn_rdwr_inchunks()'s len and aresid arguments to
size_t and size_t *, respectively. Update callers for the new interface.
This is a better fix for overflows that occurred when dumping segments
larger than 2GB to core files.
2004-06-05 02:18:28 +00:00
Robert Watson
f3d055b6de Rather than assert f_type==DTYPE_VNODE, conditionally perform the
file lock release based on f_type==DTYPE_VNODE.  vn_closefile() is
used by non-vnode types as well (fifo).
2004-06-01 23:36:47 +00:00
Robert Watson
63732dce22 Push the VOP_ADVLOCK() call to release advisory locks on vnode file
descriptors out of fdrop_locked() and into vn_closefile().  This
removes all knowledge of vnodes from fdrop_locked(), since the lock
behavior was specific to vnodes.  This also removes the specific
requirement for Giant in fdrop_locked(), it's now only required by
code that it calls into.

Add GIANT_REQUIRED to vn_closefile() since VFS requires Giant.
2004-06-01 18:03:20 +00:00
Robert Watson
e79962dbce Assert Giant in vn_start_write() and vn_finished_write(). 2004-05-31 20:56:10 +00:00