Commit Graph

12420 Commits

Author SHA1 Message Date
Alan Cox
c749c003b8 Eliminate the possibility of 32-bit arithmetic overflow in the calculation
of vm_kmem_size that may occur if the system administrator has specified a
vm.vm_kmem_size tunable value that exceeds the hard cap.

PR:		162741
Submitted by:	Adam McDougall
Reviewed by:	bde@
MFC after:	3 weeks
2011-12-07 07:03:14 +00:00
Konstantin Belousov
93c26de0ad Most users of pipe(2) do not call fstat(2) on the returned pipe descriptors.
Optimize for the case, by lazily allocating the pipe inode number at the
fstat(2) time. If alloc_unr(9) returns failure, do not fail fstat(2), since
uses of inode numbers are even rare then fstat(2), but provide zero inode
forever. Note that alloc_unr() failure is unlikely due to total number
of pipes in the system limited by the number of file descriptors.

Based on the submission by:	gianni
MFC after:	2 weeks
2011-12-06 11:24:03 +00:00
Mikolaj Golub
9e94d5b83f Really protect kern.proc.ps_strings sysctls with p_candebug(). This
was intended to be in r228288.

Spotted by:	many
MFC after:	1 week
2011-12-06 06:40:14 +00:00
Mikolaj Golub
c65932be9d Protect kern.proc.auxv and kern.proc.ps_strings sysctls with p_candebug().
Citing jilles:

If we are ever going to do ASLR, the AUXV information tells an attacker
where the stack, executable and RTLD are located, which defeats much of
the point of randomizing the addresses in the first place.

Given that the AUXV information seems to be used by debuggers only anyway,
I think it would be good to move it to p_candebug() now.

The full virtual memory maps (KERN_PROC_VMMAP, procstat -v) are already
under p_candebug().

Suggested by:	jilles
Discussed with:	rwatson
MFC after:	1 week
2011-12-05 19:34:02 +00:00
Kevin Lo
2b69bb1f27 Add a missing curly bracket 2011-12-05 10:34:52 +00:00
Andriy Gapon
5e27a60372 critical_exit: ignore td_owepreempt if kdb_active is set
calling mi_switch in such a context results in a recursion via
kdb_switch

Suggested by:	jhb
Reviewed by:	jhb
MFC after:	5 weeks
2011-12-04 21:27:41 +00:00
Mikolaj Golub
0f60ecdaa4 In sysctl_kern_proc_ps_strings() there is no much sense in checking
for P_WEXIT and P_SYSTEM flags.

Reviewed by:	kib
2011-12-04 21:24:01 +00:00
Hans Petter Selasky
494b6fec82 Make sure the description of pause() is
equivalent to its implementation.
No code change.

Suggested by:	Bruce Evans
MFC after:	3 days
2011-12-03 15:51:15 +00:00
Eitan Adler
f565f395c6 - Fix typos s/(more|less) then|\1 than/
Submitted by:	Davide Italiano <davide.italiano@gmail.com>
Approved by:	brucec
MFC after:	3 days
2011-12-03 15:41:37 +00:00
Peter Holm
9a1d0cf68f Use umtx_copyin_timeout() to copy and check timeout parameter.
In collaboration with:	kib
MFC after:	1 week
2011-12-03 12:35:13 +00:00
Peter Holm
662ebe9b53 Add umtx_copyin_timeout() and move parameter checks here.
In collaboration with:	kib
MFC after:	1 week
2011-12-03 12:30:58 +00:00
Peter Holm
ff77dfb0c1 Rename copyin_timeout32 to umtx_copyin_timeout32 and move parameter
check here. Include check for negative seconds value.

In collaboration with:	kib
MFC after:	1 week
2011-12-03 12:28:33 +00:00
Marius Strobl
002214d6bb It doesn't make much sense to check whether child is NULL after already
having dereferenced it. We either should generally check the device_t's
supplied to bus functions before using them (which we seem to virtually
never do) or just assume that they are not NULL.
While at it make this code fit 78 columns.

Found with:	Coverity Prevent(tm)
CID:		4230
2011-12-02 22:03:27 +00:00
Marius Strobl
f60d6c2bdf - In device_probe_child(9) check the return value of device_set_driver(9)
when actually setting a driver as especially ENOMEM is fatal in these
  cases.
- Annotate other calls to device_set_devclass(9) and device_set_driver(9)
  without the return value being checked and that are okay to fail.

Reviewed by:	yongari (slightly earlier version)
2011-12-02 21:19:14 +00:00
John Baldwin
593dd43eee When changing the user priority of a thread, change the real priority
in addition to the user priority for threads whose current real priority
is equal to the previous user priority or if the new priority is a
real-time priority.  This allows priority changes of other threads to
have an immediate effect.

MFC after:	2 weeks
2011-12-02 19:59:46 +00:00
Konstantin Belousov
5ed954efd1 If alloc_unr() call in the pipe_create() failed, then pipe->pipe_ino is
-1. But, because ino_t is unsigned, this case was not covered by the
test ino > 0 in pipeclose(), leading to the free_unr(-1). Fix it by
explicitely comparing with 0 and -1. [1]

Do no access freed memory, the inode number was cached to prevent access
to cpipe after it possibly was freed, but I failed to commit the right
patch.

Noted by:	gianni [1]
Pointy hat to:	kib
MFC after:	3 days
2011-12-01 11:36:41 +00:00
Lawrence Stewart
66dcfed32a Revise the sysctl handling code and restructure the hierarchy of sysctls
introduced when feed-forward clock support is enabled in the kernel:

- Rename the "choice" variable to "available".

- Streamline the implementation of the "active" variable's sysctl handler
  function.

- Create a kern.sysclock sysctl node for general sysclock related configuration
  options. Place the "available" and "active" variables under this node.

- Create a kern.sysclock.ffclock sysctl node for feed-forward clock specific
  configuration options. Place the "version" and "ffcounter_bypass" variables
  under this node.

- Tweak some of the description strings.

Discussed with:	Julien Ridoux (jridoux at unimelb edu au)
2011-12-01 07:19:13 +00:00
Konstantin Belousov
dc874f9881 Rename vm_page_set_valid() to vm_page_set_valid_range().
The vm_page_set_valid() is the most reasonable name for the m->valid
accessor.

Reviewed by:	attilio, alc
2011-11-30 17:39:00 +00:00
Lawrence Stewart
6f83fc5112 Make sysclock_active publicly available to external consumers.
Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Discussed with:	Julien Ridoux (jridoux at unimelb edu au)
Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-29 08:43:04 +00:00
Lawrence Stewart
88394fe42c Do away with the somewhat clunky sysclock_ops structure and associated code,
reimplementing the [get]{bin,nano,micro}[up]time() wrapper functions in terms of
the new "fromclock" API instead.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Discussed with:	Julien Ridoux (jridoux at unimelb edu au)
Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-29 08:33:40 +00:00
Lawrence Stewart
e977bac333 Make the fbclock_[get]{bin,nano,micro}[up]time() function prototypes public so
that new APIs with some performance sensitivity can be built on top of them.
These functions should not be called directly except in special circumstances.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Discussed with:	Julien Ridoux (jridoux at unimelb edu au)
Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-29 06:53:36 +00:00
Lawrence Stewart
c2a4ee9906 Fix an oversight in r227747 by calling fbclock_bin{up}time() directly from the
fbclock_{nanouptime|microuptime|bintime|nanotime|microtime}() functions to avoid
indirecting through a sysclock_ops wrapper function.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-29 06:12:19 +00:00
Mikolaj Golub
9732458f35 Add sysctl to retrieve ps_strings structure location of another process.
Suggested by:	kib
Reviewed by:	kib
2011-11-27 17:05:26 +00:00
Mikolaj Golub
4fd6053b43 In sysctl_kern_proc_auxv the process was released too early: we still
need to hold it when checking process sv_flags.

MFC after:	2 weeks
2011-11-27 16:56:01 +00:00
Lawrence Stewart
66761af34f Export the "ffclock" feature for kernels compiled with feed-forward clock
support.

Suggested by:	netchild
Reviewed by:	netchild
2011-11-26 01:44:37 +00:00
Mikolaj Golub
9e7d058351 Add sysctl to get process resource limits.
Reviewed by:	kib
MFC after:	2 weeks
2011-11-24 20:43:37 +00:00
Konstantin Belousov
561984be06 Fix a race between getvnode() dereferencing half-constructed file
and dupfdopen().

Reported and tested by:	pho
MFC after:	3 days
2011-11-24 20:34:06 +00:00
Mikolaj Golub
7ad9baae41 Fix build without INVARIANTS.
Discussed with:	kib
2011-11-23 08:11:04 +00:00
Hans Petter Selasky
3b12bdb58f Rename device_delete_all_children() into device_delete_children().
Suggested by:	jhb @ and marius @
MFC after:	1 week
2011-11-22 21:56:55 +00:00
Hans Petter Selasky
5b288d2abf Style change.
Suggested by:	jhb @ and marius @
MFC after:	1 week
2011-11-22 21:53:19 +00:00
Mikolaj Golub
c5cfcb1c19 Add new sysctls, KERN_PROC_ENV and KERN_PROC_AUXV, to return
environment strings and ELF auxiliary vectors from a process stack.

Make sysctl_kern_proc_args to read not cached arguments from the
process stack.

Export proc_getargv() and proc_getenvv() so they can be reused by
procfs and linprocfs.

Suggested by:	kib
Reviewed by:	kib
Discussed with:	kib, rwatson, jilles
Tested by:	pho
MFC after:	2 weeks
2011-11-22 20:40:18 +00:00
Lawrence Stewart
65e359a15c - Add Pulse-Per-Second timestamping using raw ffcounter and corresponding
ffclock time in seconds.

- Add IOCTL to retrieve ffclock timestamps from userland.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-21 13:34:29 +00:00
Attilio Rao
9fde98bba3 Introduce the same mutex-wise fix in r227758 for sx locks.
The functions that offer file and line specifications are:
- sx_assert_
- sx_downgrade_
- sx_slock_
- sx_slock_sig_
- sx_sunlock_
- sx_try_slock_
- sx_try_xlock_
- sx_try_upgrade_
- sx_unlock_
- sx_xlock_
- sx_xlock_sig_
- sx_xunlock_

Now vm_map locking is fully converted and can avoid to know specifics
about locking procedures.
Reviewed by:	kib
MFC after:	1 month
2011-11-21 12:59:52 +00:00
Sergey Kandaurov
ca4aa8c363 Remove no more relevant XXXRW comments since accessing the vmspace is now
properly done with the acquired vmspace reference.

Pointed out by:		kib
2011-11-21 12:21:00 +00:00
Sergey Kandaurov
18be8527e9 Use the acquired reference to the vmspace instead of direct dereferencing
of p->p_vmspace like it is done in sysctl_kern_proc_vmmap().
2011-11-21 10:36:57 +00:00
Lawrence Stewart
cf13a58510 - Add the ffclock_getcounter(), ffclock_getestimate() and ffclock_setestimate()
system calls to provide feed-forward clock management capabilities to
  userspace processes. ffclock_getcounter() returns the current value of the
  kernel's feed-forward clock counter. ffclock_getestimate() returns the current
  feed-forward clock parameter estimates and ffclock_setestimate() updates the
  feed-forward clock parameter estimates.

- Document the syscalls in the ffclock.2 man page.

- Regenerate the script-derived syscall related files.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-21 01:26:10 +00:00
Attilio Rao
ccdf233323 Introduce macro stubs in the mutex implementation that will be always
defined and will allow consumers, willing to provide options, file and
line to locking requests, to not worry about options redefining the
interfaces.
This is typically useful when there is the need to build another
locking interface on top of the mutex one.

The introduced functions that consumers can use are:
- mtx_lock_flags_
- mtx_unlock_flags_
- mtx_lock_spin_flags_
- mtx_unlock_spin_flags_
- mtx_assert_
- thread_lock_flags_

Spare notes:
- Likely we can get rid of all the 'INVARIANTS' specification in the
  ppbus code by using the same macro as done in this patch (but this is
  left to the ppbus maintainer)
- all the other locking interfaces may require a similar cleanup, where
  the most notable case is sx which will allow a further cleanup of
  vm_map locking facilities
- The patch should be fully compatible with older branches, thus a MFC
  is previewed (infact it uses all the underlying mechanisms already
  present).

Comments review by:	eadler, Ben Kaduk
Discussed with:		kib, jhb
MFC after:	1 month
2011-11-20 16:33:09 +00:00
Hans Petter Selasky
9e3ae31c7a Given that the typical usage of pause() is pause("zzz", hz / N), where N can
be greater than hz in some cases, simply ignore a timeout value of zero.

Suggested by:	Bruce Evans
MFC after:	1 week
2011-11-20 08:36:18 +00:00
Hans Petter Selasky
f1a1612fc2 Minor style change:
Simplify the description of pause() and shorten the KASSERT message in pause.
Also add a clamp for the timo argument in the non-KASSERT case.

Suggested by:	Bruce Evans
MFC after:	1 week
2011-11-20 08:29:23 +00:00
Lawrence Stewart
9bce0f05fe - Provide a sysctl interface to change the active system clock at runtime.
- Wrap [get]{bin,nano,micro}[up]time() functions of sys/time.h to allow
  requesting time from either the feedback or the feed-forward clock. If a
  feedback (e.g. ntpd) and feed-forward (e.g. radclock) daemon are both running
  on the system, both kernel clocks are updated but only one serves time.

- Add similar wrappers for the feed-forward difference clock.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-20 05:32:12 +00:00
Lawrence Stewart
f464c5ccb5 Provide high-level functions to access the feed-forward absolute and difference
clocks. Each routine can output an upper bound on the absolute time or time
interval requested. Different flavours of absolute time can be requested, for
example with or without leap seconds, monotonic or not, etc.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-20 01:20:50 +00:00
Lawrence Stewart
b0fdc83713 Core structure and functions to support a feed-forward clock within the kernel.
Implement ffcounter, a monotonically increasing cumulative counter on top of the
active timecounter. Provide low-level functions to read the ffcounter and
convert it to absolute time or a time interval in seconds using the current
ffclock estimates, which track the drift of the oscillator. Add a ring of
fftimehands to track passing of time on each kernel tick and pick up updates of
ffclock estimates.

Committed on behalf of Julien Ridoux and Darryl Veitch from the University of
Melbourne, Australia, as part of the FreeBSD Foundation funded "Feed-Forward
Clock Synchronization Algorithms" project.

For more information, see http://www.synclab.org/radclock/

Submitted by:	Julien Ridoux (jridoux at unimelb edu au)
2011-11-19 14:10:16 +00:00
Hans Petter Selasky
3ddd1777d5 Simplify the usb_pause_mtx() function by factoring out the generic parts
to the kernel's pause() function. The pause() function can now be used
when cold != 0. Also assert that the timeout in system ticks must be
positive.

Suggested by:	Bruce Evans
MFC after:	1 week
2011-11-19 11:17:27 +00:00
Hans Petter Selasky
11bcf702f4 Move the device_delete_all_children() function from usb_util.c
to kern/subr_bus.c. Simplify this function so that it no longer
depends on malloc() to execute. Identify a few other places where
it makes sense to use device_delete_all_children().

MFC after:	1 week
2011-11-19 10:11:50 +00:00
Konstantin Belousov
f82360acf2 Existing VOP_VPTOCNP() interface has a fatal flow that is critical for
nullfs.  The problem is that resulting vnode is only required to be
held on return from the successfull call to vop, instead of being
referenced.

Nullfs VOP_INACTIVE() method reclaims the vnode, which in combination
with the VOP_VPTOCNP() interface means that the directory vnode
returned from VOP_VPTOCNP() is reclaimed in advance, causing
vn_fullpath() to error with EBADF or like.

Change the interface for VOP_VPTOCNP(), now the dvp must be
referenced. Convert all in-tree implementations of VOP_VPTOCNP(),
which is trivial, because vhold(9) and vref(9) are similar in the
locking prerequisites. Out-of-tree fs implementation of VOP_VPTOCNP(),
if any, should have no trouble with the fix.

Tested by:	pho
Reviewed by:	mckusick
MFC after:	3 weeks (subject of re approval)
2011-11-19 07:50:49 +00:00
Ed Schouten
51cfb9474f Regenerate system call tables. 2011-11-19 06:36:11 +00:00
Ed Schouten
d3a993d46b Improve *access*() parameter name consistency.
The current code mixes the use of `flags' and `mode'. This is a bit
confusing, since the faccessat() function as a `flag' parameter to store
the AT_ flag.

Make this less confusing by using the same name as used in the POSIX
specification -- `amode'.
2011-11-19 06:35:15 +00:00
Navdeep Parhar
059d10c7b6 Do not increment the parent firmware's reference count when any other
firmware image in the module is registered.  Instead, do it when the
other image is itself referenced.

This allows a module with multiple firmware images to be automatically
unloaded when none of the firmware images are in use.

Discussed with:	jhb@ (on -hackers)
2011-11-19 00:20:28 +00:00
Peter Holm
7bbcd22d38 Added check for negative seconds value. Found by syscall() fuzzing.
MFC after:	1 week
2011-11-18 19:14:42 +00:00
Konstantin Belousov
7b5190779b Consistently use process spin lock for protection of the
p->p_boundary_count. Race could cause the execve(2) from the threaded
process to hung since thread boundary counter was incorrect and
single-threading never finished.

Reported by:	pluknet, pho
Tested by:	pho
MFC after:	1 week
2011-11-18 09:12:26 +00:00