Commit Graph

57 Commits

Author SHA1 Message Date
Dag-Erling Smørgrav
8ab2a64d2f Eliminate an unnecessary bcopy(). 2005-08-12 12:22:05 +00:00
Dag-Erling Smørgrav
4cd27a97bc Fix an old pasto. 2005-04-30 16:27:20 +00:00
Jeff Roberson
4585e3ac5a - Change all filesystems and vfs_cache to relock the dvp once the child is
locked in the ISDOTDOT case.  Se vfs_lookup.c r1.79 for details.

Sponsored by:	Isilon Systems, Inc.
2005-04-13 10:59:09 +00:00
Jeff Roberson
eddcb03d02 - We no longer have to bother with PDIRUNLOCK, lookup() handles it for us.
Sponsored by:   Isilon Systems, Inc.
2005-03-28 09:34:36 +00:00
Dag-Erling Smørgrav
0e3b5c73b2 Hook pfs_lookup() up to vfs_cachedlookup_desc instead of vfs_lookup_desc,
as suggested by Matt's comment.  Also fix some style and paranoia issues.

The entire function could benefit from review by a VFS guru.

MFC after:	6 weeks
2005-03-14 16:24:50 +00:00
Dag-Erling Smørgrav
bc593ccd83 Fix two long-standing bugs in pfs_readdir():
Since we used an sbuf of size resid to accumulate dirents, we would end
up returning one byte short when we had enough dirents to fill or exceed
the size of the sbuf (the last byte being lost to bogus NUL termination)
causing the next call to return EINVAL due to an unaligned offset.  This
went undetected for a long time because I did most of my testing in
single-user mode, where there are rarely enough processes to fill the
4096-byte buffer ls(1) uses.  The most common symptom of this bug is that
tab completion of /proc or /compat/linux/proc does not work properly when
many processes are running.

Also, a check near the top would return EINVAL if resid was smaller than
PFS_DELEN, even if it was 0, which is frequently the case and perfectly
allowable.  Change the test so that it returns 0 if resid is 0.

MFC after:	2 weeks
2005-03-14 16:21:32 +00:00
Dag-Erling Smørgrav
cb5abc7d2d If PSEUDOFS_TRACE is defined, create a sysctl knob to enable / disable
pseudofs call tracing.
2005-03-14 16:06:47 +00:00
Dag-Erling Smørgrav
de52d21a02 fbsdidize. 2005-03-14 15:54:11 +00:00
Poul-Henning Kamp
83c6439714 Whitespace in vop_vector{} initializations. 2005-01-13 18:59:48 +00:00
Alexander Kabaev
f6968c4a99 Fix a typo in PFS_TRACE.
PR:		kern/74461
Submitted by:	Craig Rodrigues <rodrigc at crodrigues.org>
2004-12-06 20:07:17 +00:00
Poul-Henning Kamp
aec0fb7b40 Back when VOP_* was introduced, we did not have new-style struct
initializations but we did have lofty goals and big ideals.

Adjust to more contemporary circumstances and gain type checking.

	Replace the entire vop_t frobbing thing with properly typed
	structures.  The only casualty is that we can not add a new
	VOP_ method with a loadable module.  History has not given
	us reason to belive this would ever be feasible in the the
	first place.

	Eliminate in toto VOCALL(), vop_t, VNODEOP_SET() etc.

	Give coda correct prototypes and function definitions for
	all vop_()s.

	Generate a bit more data from the vnode_if.src file:  a
	struct vop_vector and protype typedefs for all vop methods.

	Add a new vop_bypass() and make vop_default be a pointer
	to another struct vop_vector.

	Remove a lot of vfs_init since vop_vector is ready to use
	from the compiler.

	Cast various vop_mumble() to void * with uppercase name,
	for instance VOP_PANIC, VOP_NULL etc.

	Implement VCALL() by making vdesc_offset the offsetof() the
	relevant function pointer in vop_vector.  This is disgusting
	but since the code is generated by a script comparatively
	safe.  The alternative for nullfs etc. would be much worse.

	Fix up all vnode method vectors to remove casts so they
	become typesafe.  (The bulk of this is generated by scripts)
2004-12-01 23:16:38 +00:00
Robert Watson
10b7196db4 Back out pseudo_vnops.c:1.45, which was a workaround for pfind()
returning incompletely initialized processes.  This problem was
eliminated by kern_proc.c:1.215, which causes pfind() not to
return processes in the PRS_NEW state.
2004-09-02 16:04:09 +00:00
Robert Watson
d990378077 Commit a work-around for a more general bug involving process state:
check whether p_ucred is NULL or not in pfs_getattr() before
dereferencing the credential, and return ENOENT if there wasn't one.

This is a symptom of a larger problem, wherein pfind() can return
references to incompletely initialized processes, and we instead ought
to not return them, or check the process state before acting on the
process.

Reported by:	kris
Discussed with:	tjr, others
2004-08-13 20:27:56 +00:00
Dag-Erling Smørgrav
195a6b21e4 Accumulate directory entries in a fixed-length sbuf, and uiomove them in
one go before returning.  This avoids calling uiomove() while holding
allproc_lock.

Don't adjust uio->uio_offset manually, uiomove() does that for us.

Don't drop allproc_lock before calling panic().

Suggested by:	alfred
2004-07-09 11:43:37 +00:00
Jacques Vidrine
a9c2bfa8e9 Fix a panic in pseudofs(9) that could occur when doing an I/O
operation with a large request or large offset.

Reported by:	Joel Ray Holveck <joelh@piquan.org>
Submitted by:	des
2004-02-10 21:06:47 +00:00
Jacques Vidrine
8b7358ca43 Introduce a uiomove_frombuf helper routine that handles computing and
validating the offset within a given memory buffer before handing the
real work off to uiomove(9).

Use uiomove_frombuf in procfs to correct several issues with
integer arithmetic that could result in underflows/overflows.  As a
side-effect, the code is significantly simplified.

Add additional sanity checks when computing a memory allocation size
in pfs_read.

Submitted by:	rwatson  (original uiomove_frombuf -- bugs are mine :-)
Reported by:	Joost Pol <joost@pine.nl>  (integer underflows/overflows)
2003-10-02 15:00:55 +00:00
Dag-Erling Smørgrav
134ce0f9cc Add pfs_visible() checks to pfs_getattr() and pfs_getextattr(). This
also fixes pfs_access() since it relies on VOP_GETATTR() which will call
pfs_getattr().  This prevents jailed processes from discovering the
existence, start time and ownership of processes outside the jail.

PR:		kern/48156
2003-08-19 10:26:41 +00:00
John Baldwin
d49ebea58c Spell the name of the lock right in addition to getting the type right.
Submitted by:	Kim Culhan <kimc@w8hd.org>
2003-08-18 19:23:01 +00:00
John Baldwin
cda369cac4 The allproc lock is a sx lock, not a mutex, so fix the assertion. This
asserts that the sx lock is held, but does not specify if the lock is held
shared or exclusive, thus either type of lock satisfies the assertion.
2003-08-18 18:02:33 +00:00
Dag-Erling Smørgrav
653fae1761 Rework pfs_iterate() a bit to eliminate a bug related to process
directories.  Previously, pfs_iterate() would return -1 when it
reached the end of the process list while processing a process
directory node, even if the parent directory contained further nodes
(which is the case for the linprocfs root directory, where the process
directory node is actually first in the list).  With this patch,
pfs_iterate() will continue to traverse the parent directory's node
list after exhausting the process list (as was the intention all
along).  The code should hopefully be easier to read as well.

While I'm here, have pfs_iterate() assert that the allproc lock is
held.
2003-08-18 13:36:09 +00:00
John-Mark Gurney
efe0afa930 fix grammar in comment 2003-06-20 23:29:04 +00:00
Don Lewis
64820e19bc Don't unlock the parent directory vnode twice if the ISDOTDOT flag
is set.
2003-06-01 09:16:26 +00:00
Dag-Erling Smørgrav
7b726be320 Get rid of caddr_t. 2003-03-02 22:23:45 +00:00
Robert Watson
4273cc51a5 GC an unused reference to vop_refreshlabel_desc; reference to
opt_mac.h was removed previously so it was never compiled in.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-01-21 04:05:37 +00:00
Poul-Henning Kamp
c6e3ae999b Since Jeffr made the std* functions the default in rev 1.63 of
kern/vfs_defaults.c it is wrong for the individual filesystems to use
the std* functions as that prevents override of the default.

Found by:       src/tools/tools/vop_table
2003-01-04 08:47:19 +00:00
Robert Watson
763bbd2f4f Slightly change the semantics of vnode labels for MAC: rather than
"refreshing" the label on the vnode before use, just get the label
right from inception.  For single-label file systems, set the label
in the generic VFS getnewvnode() code; for multi-label file systems,
leave the labeling up to the file system.  With UFS1/2, this means
reading the extended attribute during vfs_vget() as the inode is
pulled off disk, rather than hitting the extended attributes
frequently during operations later, improving performance.  This
also corrects sematics for shared vnode locks, which were not
previously present in the system.  This chances the cache
coherrency properties WRT out-of-band access to label data, but in
an acceptable form.  With UFS1, there is a small race condition
during automatic extended attribute start -- this is not present
with UFS2, and occurs because EAs aren't available at vnode
inception.  We'll introduce a work around for this shortly.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-26 14:38:24 +00:00
Jeff Roberson
4d93c0be1f - Use vrefcnt() where it is safe to do so instead of doing direct and
unlocked accesses to v_usecount.
 - Lock access to the buf lists in the various sync routines.  interlock
   locking could be avoided almost entirely in leaf filesystems if the
   fsync function had a generic helper.
2002-09-25 02:32:42 +00:00
Robert Watson
dee93f2c52 Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify pseudofs so that it can support synthetic file systems with
the multilabel flag set.  In particular, implement vop_refreshlabel()
as pn_refreshlabel().  Implement pfs_refreshlabel() to invoke this,
and have it fall back to the mount label if the file system does
not implement pn_refreshlabel() for the node.  Otherwise, permit
the file system to determine how the service is provided.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:33:12 +00:00
Jeff Roberson
922b974a44 Lock down pseudofs:
- Initialize lock structure in vncache_alloc
 - Return locked vnodes from vncache_alloc
 - Setup vnode op vectors to use default lock, unlock, and islocked
 - Implement simple locking scheme required for lookup
2002-07-08 01:50:14 +00:00
Dag-Erling Smørgrav
a3d37b1322 Gratuitous whitespace cleanup. 2002-06-06 16:59:24 +00:00
John Baldwin
f44d9e24fb Change p_can{debug,see,sched,signal}()'s first argument to be a thread
pointer instead of a proc pointer and require the process pointed to
by the second argument to be locked.  We now use the thread ucred reference
for the credential checks in p_can*() as a result.  p_canfoo() should now
no longer need Giant.
2002-05-19 00:14:50 +00:00
Dag-Erling Smørgrav
d95ec55335 s/pfs_badop/vop_eopnotsupp/
Submitted by:	phk
2002-05-03 14:58:25 +00:00
John Baldwin
87484be35f Remove stale XXX comment. 2002-04-14 04:12:44 +00:00
Robert Watson
74237f55b0 Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
  as not to use the scatter gather API (which appeared not to be used
  by any consumers, and be less portable), rather, accepts 'data'
  and 'nbytes' in the style of other simple read/write interfaces.
  This changes the API and ABI.

o Modify system call semantics so that extattr_get_{fd,file}() return
  a size_t.  When performing a read, the number of bytes read will
  be returned, unless the data pointer is NULL, in which case the
  number of bytes of data are returned.  This changes the API only.

o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
  argument so as to return the size, if desirable.  If set to NULL,
  the size will not be returned.

o Update various filesystems (pseodofs, ufs) to DTRT.

These changes should make extended attributes more useful and more
portable.  More commits to rebuild the system call files, as well
as update userland utilities to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
Robert Watson
416031dcb8 Change EPERM to EOPNOTSUPP when failing pseudofs_setattr() arbitrarily.
Quoth the alfred:	The latter would be better.
2002-02-04 18:21:59 +00:00
Robert Watson
dfe5fa8eb7 Return EPERM instead of 0 in the un-implemented pseudofs_setattr().
Conceivably, it should even return EOPNOTSUPP.
2002-02-04 18:09:29 +00:00
Matthew Dillon
08f3c74981 Pseudofs was leaking VFS cache entries badly due to its cache and use of
the wrong VOP descriptor.  This misuse caused VFS-cached vnodes to be
re-cached, resulting in the leak.  This commit is an interim fix until DES
has a chance to rework the code involved.
2001-12-19 23:58:09 +00:00
Brian Feldman
41a35633ba Add VOP_GETEXTATTR(9) passthrough support to pseudofs.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-12-11 20:48:20 +00:00
Dag-Erling Smørgrav
c07f9fc134 Fix an incorrect PFS_TRACE. Also, use __func__ instead of __FUNCTION__. 2001-12-09 00:28:12 +00:00
Dag-Erling Smørgrav
98c7e22c50 Add support for a last-close handler.
Revert the module version bumps; they're quite pointless as long as the
only pseudofs consumer is linprocfs, which is in the tree.
2001-11-27 13:26:27 +00:00
Dag-Erling Smørgrav
1831900053 Add VOP_IOCTL support, and fix a bug that would cause a panic if a file or
symlink lacked a filler function.
2001-10-26 18:52:47 +00:00
Dag-Erling Smørgrav
33802b9eff Switch to dynamic rather than static initialization.
This makes it possible (in theory) for nodes to be added and / or removed
from pseudofs filesystems at runtime.
2001-10-19 01:43:06 +00:00
Dag-Erling Smørgrav
b84ce33438 Add a PFS_DISABLED flag; pfs_visible() automatically returns 0 if it is set
on the node in question.  Also add two API functions for setting and clearing
this flag; setting it also reclaims all vnodes associated with the node.
2001-10-02 22:22:42 +00:00
Dag-Erling Smørgrav
198bc14b1d YA pseudofs megacommit, part 1:
- Add a third callback to the pfs_node structure.  This one simply returns
   non-zero if the specified requesting process is allowed to access the
   specified node for the specified target process.  This is used in
   addition to the usual permission checks, e.g. when certain files don't
   make sense for certain (system) processes.

 - Make sure that pfs_lookup() and pfs_readdir() don't yap about files
   which aren't pfs_visible().  Also check pfs_visible() before performing
   reads and writes, to prevent the kind of races reported in SA-00:77 and
   SA-01:55 (fork a child, open /proc/child/ctl, have that child fork a
   setuid binary, and assume control of it).

 - Add some more trace points.
2001-10-01 04:22:20 +00:00
Dag-Erling Smørgrav
7d8f809f00 pseudofs.h:
- Rearrange the flag constants a little to simplify specifying and testing
    for readability and writeability.

pseudofs_vnops.c:

  - Track the aforementioned change.

  - Add checks to pfs_open() to prevent opening read-only files for writing
    or vice versa (pfs_{read,write} would block the actual reads and writes,
    but it's still a bug to allow the open() to succeed).  Also, return
    EOPNOTSUPP if the caller attempts to lock the file.

  - Add more trace points.
2001-09-30 19:41:29 +00:00
Dag-Erling Smørgrav
80a3cef87d Pseudofs take 2:
- Remove hardcoded uid, gid, mode from struct pfs_node; make pfs_getattr()
   smart enough to get it right most of the time, and allow for callbacks
   to handle the remaining cases.  Rework the definition macros to match.

 - Add lots of (conditional) debugging output.

 - Fix a long-standing bug inherited from procfs: don't pretend to be a
   read-only file system.  Instead, return EOPNOTSUPP for operations we
   truly can't support and allow others to fail silently.  In particular,
   pfs_lookup() now treats CREATE as LOOKUP.  This may need more work.

 - In pfs_lookup(), if the parent node is process-dependent, check that
   the process in question still exists.

 - Implement pfs_open() - its only current function is to check that the
   process opening the file can see the process it belongs to.

 - Finish adding support for writeable nodes.

 - Bump module version number.

 - Introduce lots of new bugs.
2001-09-29 00:49:29 +00:00
Dag-Erling Smørgrav
b4056ade84 The previous commit introduced some references to "curproc" which should have
been references to "curthread".  Correct this.
2001-09-28 12:36:54 +00:00
Dag-Erling Smørgrav
8712e867e1 Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit.  This goes some way towards adding support for
writeable files (needed by procfs).
2001-09-25 13:25:30 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Dag-Erling Smørgrav
56fe60b131 #if 0 out pfs_null() to silence the warning about it not being referenced. 2001-06-15 12:30:46 +00:00