Commit Graph

1195 Commits

Author SHA1 Message Date
Daniel Gerzo
a28d1439d8 - add missing include
- fix struct memeber's name [1]

PR:		docs/130413 [1]
Submitted by:	Thomas Mueller <tmueller@sysgo.com> [1]
MFC after:	3 days
2009-01-12 13:12:02 +00:00
Bjoern A. Zeeb
73de1e8395 Document the special loopback address behaviour of jails.
PR:		kern/103464
Submitted by:	brueffer (correct markup)
Reviewed by:	brueffer
MFC after:	2 weeks
2009-01-06 18:10:17 +00:00
Tom Rhodes
f3cac808e9 Note that the protocol argument can be set to 0.
PR:		127890
Reviewed by:	rwatson
2009-01-05 12:18:46 +00:00
Tom Rhodes
eaca7c7bc4 Document that kldunloadf can return EINVAL.
PR:		125639
2008-12-25 09:15:31 +00:00
Ivan Voras
1a2bea865b It's silly to claim recv(2) is to be removed in favour of recvfrom(2)
(at least at this time :) ).

Approved by:	gnn (mentor)
2008-11-30 21:40:01 +00:00
Bjoern A. Zeeb
413628a7e3 MFp4:
Bring in updated jail support from bz_jail branch.

This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..

SCTP support was updated and supports IPv6 in jails as well.

Cpuset support permits jails to be bound to specific processor
sets after creation.

Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.

DDB 'show jails' command was added to aid debugging.

Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.

Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.

Bump __FreeBSD_version for the afore mentioned and in kernel changes.

Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
  and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
  help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
  suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
  on cluster machines as well as all the testers and people
  who provided feedback the last months on freebsd-jail and
  other channels.
- My employer, CK Software GmbH, for the support so I could work on this.

Reviewed by:	(see above)
MFC after:	3 months (this is just so that I get the mail)
X-MFC Before:   7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
Ed Schouten
ab0d10f68e Several cleanups related to pipe(2).
- Use `fildes[2]' instead of `*fildes' to make more clear that pipe(2)
  fills an array with two descriptors.

- Remove EFAULT from the manual page. Because of the current calling
  convention, pipe(2) raises a segmentation fault when an invalid
  address is passed.

- Introduce kern_pipe() to make it easier for binary emulations to
  implement pipe(2).

- Make Linux binary emulation use kern_pipe(), which means we don't have
  to recover td_retval after calling the FreeBSD system call.

Approved by:	rdivacky
Discussed on:	arch
2008-11-11 14:55:59 +00:00
Edward Tomasz Napierala
7968104d73 Add one more EACCES clause to rename.2.
Approved by:	rwatson (mentor)
2008-11-07 15:01:40 +00:00
Doug Rabson
a9148abd9d Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
Alan Cox
5584732fa2 Finish what revision 1.40 started. Revision 1.40 removed a false statement
from the description but not the errors section.  This revision removes it
from the errors statement.

Add a statement about the non-portability of non-page-aligned offsets.
2008-10-24 14:40:13 +00:00
John Baldwin
338b0cb957 Support for CPU sets is going to appear in 7.1 before 8.0.
MFC after:	3 days
2008-09-29 15:44:48 +00:00
Konstantin Belousov
cbc158449b Implement WNOWAIT flag for wait4(2). It specifies that process whose status
is returned shall be kept in the waitable state.
Add WSTOPPED as an alias for WUNTRACED.

Submitted by:	Jukka Ukkonen <jau at iki fi>
PR:	standards/116221
MFC after:	2 weeks
2008-08-26 12:37:16 +00:00
Konstantin Belousov
eaad109973 When calculating arguments to the interpreter for the shebang script
executed by fexecve(2), imgp->args->fname is NULL. Moreover, there is
no way to recover the path to the script being executed.
Do what some other U*ixes do unconditionally, namely supply /dev/fd/n
as the script path when called from fexecve(). Document requirement of
having fdescfs mounted as caveat.
2008-08-26 10:53:32 +00:00
Ed Schouten
bc093719ca Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
Xin LI
cb752f1da5 Add prototype defination for setfib(2) to sys/socket.h. 2008-08-08 22:40:04 +00:00
Tom Rhodes
20425850a4 Add EPERM to the ERRORS section.
PR:		125746
2008-08-04 22:22:17 +00:00
Tom Rhodes
fcae37c9eb Add EAGAIN to the ERRORS list, as found in kern_jail.c.
PR:		125253
Submitted by:	Mateusz Guzik <mjguzik@gmail.com> (original version)
2008-08-03 21:56:58 +00:00
Remko Lodder
372e9a288d remove whitespace bug (8 spaces into one tab)
Submitted by:	ed
2008-08-02 13:49:12 +00:00
Julian Elischer
d12d2ae7a2 Fix cut-n-paste-o
Submitted by:	Kostik Belousov
2008-07-25 01:09:36 +00:00
Daniel Gerzo
a624bb23e3 Update the definition of modspecific structure
PR:		docs/125630
2008-07-15 10:06:37 +00:00
Remko Lodder
5f65888ab9 Update the ktr_header structure, which changed over time.
PR:		125546
Submitted by:	Mateusz Guzik <mjguzik at gmail dot com>
MFC after:	3 days
2008-07-13 13:42:52 +00:00
Brooks Davis
6b794ce8ef Put the _cpuset* symbols in FBSDprivate_1.0 instead of trying to put
nonexistant __cpuset* there.
2008-07-11 15:17:06 +00:00
Daniel Gerzo
345f9e9dc7 - Forgot to bump a date after last change 2008-06-30 08:46:09 +00:00
David Schultz
6b2bbb0465 Make it clearer that it is possible to disable the generation of
SIGPIPE for individual sockets (PR: kern/118626).

While here, s/insure/ensure/.
2008-06-29 17:17:14 +00:00
Daniel Gerzo
aa2a33b4fa - add description of the MLINK error
PR:		docs/123019
MFC after:	3 days
2008-06-26 12:15:38 +00:00
Poul-Henning Kamp
20067a6892 Add Xr to getsockname(2) 2008-06-20 14:47:06 +00:00
Tony Finch
0cf1d3bf73 Make it clearer that privilege is needed to reduce as well as
increase group membership.
2008-06-16 14:50:21 +00:00
Wojciech A. Koszek
98fbfcd632 Bring missing getsockopt(2) options: SO_LABEL SO_PEERLABEL SO_LISTENQLIMIT
SO_LISTENQLEN SO_LISTENINCQLEN to the manual page.

Till now those were only present in sys/socket.h file.

Reviewed by:	rwatson, gnn, keramida (with mdoc hat)
2008-06-12 22:58:35 +00:00
Doug Rabson
cd7d66a21f Call the fcntl compatiblity wrapper from the thread library fcntl wrappers
so that they get the benefit of the (limited) forward ABI compatibility.

MFC after: 1 week
2008-05-30 14:47:42 +00:00
Doug Rabson
2da0808aec Make fcntl() a weak symbol so that it can be overridden by thread libraries.
MFC after: 2 days
2008-05-27 14:03:32 +00:00
Christian Brueffer
2e462358ed Misc mdoc improvements and a typo fix. 2008-05-10 07:31:34 +00:00
Julian Elischer
4ba9fdc4a6 Add setfib.2 to the list of man pages to add 2008-05-09 23:09:56 +00:00
Julian Elischer
23c3fd9e62 setfib.2 got left out of the last commit 2008-05-09 23:08:40 +00:00
Julian Elischer
65cb6b6834 Add code to allow the system to handle multiple routing tables.
This particular implementation is designed to be fully backwards compatible
and to be MFC-able to 7.x (and 6.x)

Currently the only protocol that can make use of the multiple tables is IPv4
Similar functionality exists in OpenBSD and Linux.

From my notes:

-----

One thing where FreeBSD has been falling behind, and which by chance I
have some time to work on is "policy based routing", which allows
different
packet streams to be routed by more than just the destination address.

Constraints:
------------

I want to make some form of this available in the 6.x tree
(and by extension 7.x) , but FreeBSD in general needs it so I might as
well do it in -current and back port the portions I need.

One of the ways that this can be done is to have the ability to
instantiate multiple kernel routing tables (which I will now
refer to as "Forwarding Information Bases" or "FIBs" for political
correctness reasons). Which FIB a particular packet uses to make
the next hop decision can be decided by a number of mechanisms.
The policies these mechanisms implement are the "Policies" referred
to in "Policy based routing".

One of the constraints I have if I try to back port this work to
6.x is that it must be implemented as a EXTENSION to the existing
ABIs in 6.x so that third party applications do not need to be
recompiled in timespan of the branch.

This first version will not have some of the bells and whistles that
will come with later versions. It will, for example, be limited to 16
tables in the first commit.
Implementation method, Compatible version. (part 1)
-------------------------------
For this reason I have implemented a "sufficient subset" of a
multiple routing table solution in Perforce, and back-ported it
to 6.x. (also in Perforce though not  always caught up with what I
have done in -current/P4). The subset allows a number of FIBs
to be defined at compile time (8 is sufficient for my purposes in 6.x)
and implements the changes needed to allow IPV4 to use them. I have not
done the changes for ipv6 simply because I do not need it, and I do not
have enough knowledge of ipv6 (e.g. neighbor discovery) needed to do it.

Other protocol families are left untouched and should there be
users with proprietary protocol families, they should continue to work
and be oblivious to the existence of the extra FIBs.

To understand how this is done, one must know that the current FIB
code starts everything off with a single dimensional array of
pointers to FIB head structures (One per protocol family), each of
which in turn points to the trie of routes available to that family.

The basic change in the ABI compatible version of the change is to
extent that array to be a 2 dimensional array, so that
instead of protocol family X looking at rt_tables[X] for the
table it needs, it looks at rt_tables[Y][X] when for all
protocol families except ipv4 Y is always 0.
Code that is unaware of the change always just sees the first row
of the table, which of course looks just like the one dimensional
array that existed before.

The entry points rtrequest(), rtalloc(), rtalloc1(), rtalloc_ign()
are all maintained, but refer only to the first row of the array,
so that existing callers in proprietary protocols can continue to
do the "right thing".
Some new entry points are added, for the exclusive use of ipv4 code
called in_rtrequest(), in_rtalloc(), in_rtalloc1() and in_rtalloc_ign(),
which have an extra argument which refers the code to the correct row.

In addition, there are some new entry points (currently called
rtalloc_fib() and friends) that check the Address family being
looked up and call either rtalloc() (and friends) if the protocol
is not IPv4 forcing the action to row 0 or to the appropriate row
if it IS IPv4 (and that info is available). These are for calling
from code that is not specific to any particular protocol. The way
these are implemented would change in the non ABI preserving code
to be added later.

One feature of the first version of the code is that for ipv4,
the interface routes show up automatically on all the FIBs, so
that no matter what FIB you select you always have the basic
direct attached hosts available to you. (rtinit() does this
automatically).

You CAN delete an interface route from one FIB should you want
to but by default it's there. ARP information is also available
in each FIB. It's assumed that the same machine would have the
same MAC address, regardless of which FIB you are using to get
to it.

This brings us as to how the correct FIB is selected for an outgoing
IPV4 packet.

Firstly, all packets have a FIB associated with them. if nothing
has been done to change it, it will be FIB 0. The FIB is changed
in the following ways.

Packets fall into one of a number of classes.

1/ locally generated packets, coming from a socket/PCB.
   Such packets select a FIB from a number associated with the
   socket/PCB. This in turn is inherited from the process,
   but can be changed by a socket option. The process in turn
   inherits it on fork. I have written a utility call setfib
   that acts a bit like nice..

       setfib -3 ping target.example.com # will use fib 3 for ping.

   It is an obvious extension to make it a property of a jail
   but I have not done so. It can be achieved by combining the setfib and
   jail commands.

2/ packets received on an interface for forwarding.
   By default these packets would use table 0,
   (or possibly a number settable in a sysctl(not yet)).
   but prior to routing the firewall can inspect them (see below).
   (possibly in the future you may be able to associate a FIB
   with packets received on an interface..  An ifconfig arg, but not yet.)

3/ packets inspected by a packet classifier, which can arbitrarily
   associate a fib with it on a packet by packet basis.
   A fib assigned to a packet by a packet classifier
   (such as ipfw) would over-ride a fib associated by
   a more default source. (such as cases 1 or 2).

4/ a tcp listen socket associated with a fib will generate
   accept sockets that are associated with that same fib.

5/ Packets generated in response to some other packet (e.g. reset
   or icmp packets). These should use the FIB associated with the
   packet being reponded to.

6/ Packets generated during encapsulation.
   gif, tun and other tunnel interfaces will encapsulate using the FIB
   that was in effect withthe proces that set up the tunnel.
   thus setfib 1 ifconfig gif0 [tunnel instructions]
   will set the fib for the tunnel to use to be fib 1.

Routing messages would be associated with their
process, and thus select one FIB or another.
messages from the kernel would be associated with the fib they
refer to and would only be received by a routing socket associated
with that fib. (not yet implemented)

In addition Netstat has been edited to be able to cope with the
fact that the array is now 2 dimensional. (It looks in system
memory using libkvm (!)). Old versions of netstat see only the first FIB.

In addition two sysctls are added to give:
a) the number of FIBs compiled in (active)
b) the default FIB of the calling process.

Early testing experience:
-------------------------

Basically our (IronPort's) appliance does this functionality already
using ipfw fwd but that method has some drawbacks.

For example,
It can't fully simulate a routing table because it can't influence the
socket's choice of local address when a connect() is done.

Testing during the generating of these changes has been
remarkably smooth so far. Multiple tables have co-existed
with no notable side effects, and packets have been routes
accordingly.

ipfw has grown 2 new keywords:

setfib N ip from anay to any
count ip from any to any fib N

In pf there seems to be a requirement to be able to give symbolic names to the
fibs but I do not have that capacity. I am not sure if it is required.

SCTP has interestingly enough built in support for this, called VRFs
in Cisco parlance. it will be interesting to see how that handles it
when it suddenly actually does something.

Where to next:
--------------------

After committing the ABI compatible version and MFCing it, I'd
like to proceed in a forward direction in -current. this will
result in some roto-tilling in the routing code.

Firstly: the current code's idea of having a separate tree per
protocol family, all of the same format, and pointed to by the
1 dimensional array is a bit silly. Especially when one considers that
there is code that makes assumptions about every protocol having the
same internal structures there. Some protocols don't WANT that
sort of structure. (for example the whole idea of a netmask is foreign
to appletalk). This needs to be made opaque to the external code.

My suggested first change is to add routing method pointers to the
'domain' structure, along with information pointing the data.
instead of having an array of pointers to uniform structures,
there would be an array pointing to the 'domain' structures
for each protocol address domain (protocol family),
and the methods this reached would be called. The methods would have
an argument that gives FIB number, but the protocol would be free
to ignore it.

When the ABI can be changed it raises the possibilty of the
addition of a fib entry into the "struct route". Currently,
the structure contains the sockaddr of the desination, and the resulting
fib entry. To make this work fully, one could add a fib number
so that given an address and a fib, one can find the third element, the
fib entry.

Interaction with the ARP layer/ LL layer would need to be
revisited as well. Qing Li has been working on this already.

This work was sponsored by Ironport Systems/Cisco

PR:
Reviewed by:	several including rwatson, bz and mlair (parts each)
Approved by:
Obtained from:	Ironport systems/Cisco
MFC after:
Security:

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
Security:
2008-05-09 23:00:21 +00:00
Robert Watson
7ee52b008a Correct minor typos in SCTP man pages.
MFC after:	3 days
2008-04-28 16:57:56 +00:00
Sean Farley
4bc1fa7662 Have the man page catch up with the namespace pollution cleanup that
occurred between 2001-2003.  Thanks to bde for the history lesson[1]
concerning sys/types.h and the many system calls that at one time
(pre-2001) were required by POSIX to include it.

1. http://lists.freebsd.org/pipermail/freebsd-arch/2008-April/008126.html

MFC after:	3 days
2008-04-26 02:33:53 +00:00
Antoine Brodin
88ff5136d1 Document that you must include <sys/param.h> before <sys/cpuset.h>.
Approved by:	rwatson (mentor)
2008-04-20 15:51:56 +00:00
Ruslan Ermilov
96e5e69a4a Sort MAN and MLINKS. 2008-04-16 14:57:40 +00:00
Ruslan Ermilov
878f6086e3 Connect newly added manpages to the build.
Submitted by:	kib
2008-04-16 14:44:43 +00:00
Konstantin Belousov
a141af6930 Man pages for the openat(2), fexecve(2) and related syscalls.
Reviewed by:	ru
2008-04-16 13:03:12 +00:00
Daniel Eischen
fc9299dd1b Move the cpuset functions from FBSD_1.0 to FBSD_1.1. All symbols added
to 8.0 belong in the FBSD_1.1 symbol namespace.
2008-04-07 13:53:51 +00:00
Doug Rabson
aea15cbc62 Add some compatibility code so that software which is built to use the new
struct flock with l_sysid member can work properly on an an old kernel which
doesn't support l_sysid.

Sponsored by:	Isilon Systems
2008-04-04 09:43:03 +00:00
Kevin Lo
6cec2e4b55 style(9) cleanup 2008-04-03 02:41:54 +00:00
Konstantin Belousov
ba2983e5b3 Add the libc glue and headers definitions for the *at() syscalls.
Based on the submission by rdivacky,
	sponsored by Google Summer of Code 2007
Reviewed by:	rwatson, rdivacky
Tested by:	pho
2008-03-31 12:14:04 +00:00
Jeff Roberson
d1317e00b8 - Add a man page for cpuset_getaffinity() and cpuset_setaffinity() and
hook it up to the build.

Reviewed by:	brueffer (skeleton and formatting assistance)
2008-03-29 10:26:29 +00:00
Jeff Roberson
329356f9f2 - Add a man page for cpuset(), cpuset_setid(), and cpuset_getid() and hook
it up to the build.

Reviewed by:	brueffer (skeleton and formatting assistance)
2008-03-29 10:06:30 +00:00
Paul Saab
6e7534b8c8 Add support to mincore for detecting whether a page is part of a
"super" page or not.

Reviewed by:	alc, ups
2008-03-28 04:29:27 +00:00
Doug Rabson
dfdcada31e Add the new kernel-mode NFS Lock Manager. To use it instead of the
user-mode lock manager, build a kernel with the NFSLOCKD option and
add '-k' to 'rpc_lockd_flags' in rc.conf.

Highlights include:

* Thread-safe kernel RPC client - many threads can use the same RPC
  client handle safely with replies being de-multiplexed at the socket
  upcall (typically driven directly by the NIC interrupt) and handed
  off to whichever thread matches the reply. For UDP sockets, many RPC
  clients can share the same socket. This allows the use of a single
  privileged UDP port number to talk to an arbitrary number of remote
  hosts.

* Single-threaded kernel RPC server. Adding support for multi-threaded
  server would be relatively straightforward and would follow
  approximately the Solaris KPI. A single thread should be sufficient
  for the NLM since it should rarely block in normal operation.

* Kernel mode NLM server supporting cancel requests and granted
  callbacks. I've tested the NLM server reasonably extensively - it
  passes both my own tests and the NFS Connectathon locking tests
  running on Solaris, Mac OS X and Ubuntu Linux.

* Userland NLM client supported. While the NLM server doesn't have
  support for the local NFS client's locking needs, it does have to
  field async replies and granted callbacks from remote NLMs that the
  local client has contacted. We relay these replies to the userland
  rpc.lockd over a local domain RPC socket.

* Robust deadlock detection for the local lock manager. In particular
  it will detect deadlocks caused by a lock request that covers more
  than one blocking request. As required by the NLM protocol, all
  deadlock detection happens synchronously - a user is guaranteed that
  if a lock request isn't rejected immediately, the lock will
  eventually be granted. The old system allowed for a 'deferred
  deadlock' condition where a blocked lock request could wake up and
  find that some other deadlock-causing lock owner had beaten them to
  the lock.

* Since both local and remote locks are managed by the same kernel
  locking code, local and remote processes can safely use file locks
  for mutual exclusion. Local processes have no fairness advantage
  compared to remote processes when contending to lock a region that
  has just been unlocked - the local lock manager enforces a strict
  first-come first-served model for both local and remote lockers.

Sponsored by:	Isilon Systems
PR:		95247 107555 115524 116679
MFC after:	2 weeks
2008-03-26 15:23:12 +00:00
Ruslan Ermilov
53bbf5aa35 Fix bugs in previous revision (missing comma, misspelled syscall name). 2008-03-13 10:33:24 +00:00
Jeff Roberson
7d4cbc3607 - Remove kse syscall symbols and man pages. 2008-03-12 10:12:22 +00:00