Commit Graph

1410 Commits

Author SHA1 Message Date
Kirk McKusick
e03486d198 This checkin reimplements the io-request priority hack in a way
that works in the new threaded kernel. It was commented out of
the disksort routine earlier this year for the reasons given in
kern/subr_disklabel.c (which is where this code used to reside
before it moved to kern/subr_disk.c):

----------------------------
revision 1.65
date: 2002/04/22 06:53:20;  author: phk;  state: Exp;  lines: +5 -0
Comment out Kirks io-request priority hack until we can do this in a
civilized way which doesn't cause grief.

The problem is that it is not generally safe to cast a "struct bio
*" to a "struct buf *".  Things like ccd, vinum, ata-raid and GEOM
constructs bio's which are not entrails of a struct buf.

Also, curthread may or may not have anything to do with the I/O request
at hand.

The correct solution can either be to tag struct bio's with a
priority derived from the requesting threads nice and have disksort
act on this field, this wouldn't address the "silly-seek syndrome"
where two equal processes bang the diskheads from one edge to the
other of the disk repeatedly.

Alternatively, and probably better: a sleep should be introduced
either at the time the I/O is requested or at the time it is completed
where we can be sure to sleep in the right thread.

The sleep also needs to be in constant timeunits, 1/hz can be practicaly
any sub-second size, at high HZ the current code practically doesn't
do anything.
----------------------------

As suggested in this comment, it is no longer located in the disk sort
routine, but rather now resides in spec_strategy where the disk operations
are being queued by the thread that is associated with the process that
is really requesting the I/O. At that point, the disk queues are not
visible, so the I/O for positively niced processes is always slowed
down whether or not there is other activity on the disk.

On the issue of scaling HZ, I believe that the current scheme is
better than using a fixed quantum of time. As machines and I/O
subsystems get faster, the resolution on the clock also rises.
So, ten years from now we will be slowing things down for shorter
periods of time, but the proportional effect on the system will
be about the same as it is today. So, I view this as a feature
rather than a drawback. Hence this patch sticks with using HZ.

Sponsored by:	DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@critter.freebsd.dk>
2002-10-22 00:59:49 +00:00
John Baldwin
01a4d0197d Grrr, s/PBP/BPB/ here as well.
Noticed by:	peter
2002-10-21 20:52:51 +00:00
John Baldwin
8a88248d57 Spell the BPB member of the 7.10 bootsector as bsBPB rather than bsPBP to
be like all the other bootsectors.  Apple has done the same it seems.
2002-10-21 19:00:50 +00:00
Robert Watson
e6a5564ee2 Missed a case of _POSIX_MAC_PRESENT -> _PC_MAC_PRESENT rename.
Pointed out by:	phk
2002-10-20 22:50:43 +00:00
Poul-Henning Kamp
ce2fb5776b '&' not used for pointers to functions.
Spotted by:	FlexeLint
2002-10-20 21:31:16 +00:00
Poul-Henning Kamp
659d5e21c7 Remove even more '&' from pointers to functions.
Spotted by:	FlexeLint
2002-10-20 21:30:02 +00:00
Alexander Kabaev
c3f8ce77e0 umap_sync is empty and is identical to vfs_stdsync. Remove it and
use generic function instead.

Approved by:	obrien
2002-10-19 22:22:42 +00:00
Alexander Kabaev
3e8cedc35f style(9)
Approved by:	obrien
2002-10-19 22:12:19 +00:00
Poul-Henning Kamp
bc9d8a9a37 Fix comments and one resulting code confusion about the type of the
"command" argument to VOP_IOCTL.

Spotted by:	FlexeLint.
2002-10-16 08:04:11 +00:00
Poul-Henning Kamp
fcf549422d Be consistent about functions being static.
Spotted by:	FlexeLint
2002-10-16 08:00:32 +00:00
Poul-Henning Kamp
4cfe209335 A better solution to avoiding variable sized structs in DEVFS. 2002-10-16 07:51:18 +00:00
Poul-Henning Kamp
c122d758ca #include "opt_devfs.h" to protect against variable sized structures.
Spotted by:	FlexeLint
2002-10-16 07:16:47 +00:00
Poul-Henning Kamp
65a728a53b Plug an infrequent (I think) memory leak.
Spotted by:	FlexeLint
2002-10-15 18:51:02 +00:00
Kirk McKusick
a5b65058d5 Regularize the vop_stdlock'ing protocol across all the filesystems
that use it. Specifically, vop_stdlock uses the lock pointed to by
vp->v_vnlock. By default, getnewvnode sets up vp->v_vnlock to
reference vp->v_lock. Filesystems that wish to use the default
do not need to allocate a lock at the front of their node structure
(as some still did) or do a lockinit. They can simply start using
vn_lock/VOP_UNLOCK. Filesystems that wish to manage their own locks,
but still use the vop_stdlock functions (such as nullfs) can simply
replace vp->v_vnlock with a pointer to the lock that they wish to
have used for the vnode. Such filesystems are responsible for
setting the vp->v_vnlock back to the default in their vop_reclaim
routine (e.g., vp->v_vnlock = &vp->v_lock).

In theory, this set of changes cleans up the existing filesystem
lock interface and should have no function change to the existing
locking scheme.

Sponsored by:	DARPA & NAI Labs.
2002-10-14 03:20:36 +00:00
Maxime Henrion
15f6504832 - Remove a useless initialization for 'ronly', if it hadn't been
there, we would have noticed that 'ronly' was uninitialized :-).
- Kill a nearby 'register' keyword.
2002-10-13 16:13:11 +00:00
Poul-Henning Kamp
2afdbfe1e6 Pass flags to VOP_CLOSE() corresponding to what was passed to VOP_OPEN().
Submitted by:	"Peter Edwards" <pmedwards@eircom.net>
2002-10-13 16:04:46 +00:00
Mike Barcroft
2b7f24d210 Change iov_base's type from char *' to the standard void *'. All
uses of iov_base which assume its type is `char *' (in order to do
pointer arithmetic) have been updated to cast iov_base to `char *'.
2002-10-11 14:58:34 +00:00
Dima Dorfman
e5d09546b8 Treat the pathptrn field as a real pattern with the aid of fnmatch(). 2002-10-08 04:21:54 +00:00
Maxime Henrion
20c544dbdf Yet another 64 bits warning fix: s/u_int/size_t/. 2002-10-06 12:07:58 +00:00
Maxime Henrion
0b3bf442a1 Fix a warning on 64 bits platforms: copyinstr() takes
a size_t *, not an u_int *.
2002-10-06 11:45:22 +00:00
Maxime Henrion
a8f15ed745 Fix a warning on 64 bits platforms: copystr() takes a size_t *,
not an int *.
2002-10-06 11:42:14 +00:00
Robert Watson
74e62b1b75 Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation of a vnode for the
symlink.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 18:40:10 +00:00
Poul-Henning Kamp
00ab1355ab Plug memoryleaks detected by FlexeLint. 2002-10-05 12:00:11 +00:00
Juli Mallett
1d9c56964d Back our kernel support for reliable signal queues.
Requested by:	rwatson, phk, and many others
2002-10-01 17:15:53 +00:00
Poul-Henning Kamp
2c5e1d1e6f Move the vop-vector declaration into devfs_vnops.c where it belongs. 2002-10-01 10:08:08 +00:00
Juli Mallett
5cd192f4b2 When working with sigset_t's, and needing to perform masking operations based
on a process's pending signals, use the signal queue flattener,
ksiginfo_to_sigset_t, on the process, and on a local sigset_t, and then work
with that as needed.
2002-10-01 02:49:28 +00:00
Juli Mallett
1226f694e6 First half of implementation of ksiginfo, signal queues, and such. This
gets signals operating based on a TailQ, and is good enough to run X11,
GNOME, and do job control.  There are some intricate parts which could be
more refined to match the sigset_t versions, but those require further
evaluation of directions in which our signal system can expand and contract
to fit our needs.

After this has been in the tree for a while, I will make in kernel API
changes, most notably to trapsignal(9) and sendsig(9), to use ksiginfo
more robustly, such that we can actually pass information with our
(queued) signals to the userland.  That will also result in using a
struct ksiginfo pointer, rather than a signal number, in a lot of
kern_sig.c, to refer to an individual pending signal queue member, but
right now there is no defined behaviour for such.

CODAFS is unfinished in this regard because the logic is unclear in
some places.

Sponsored by:	New Gold Technology
Reviewed by:	bde, tjr, jake [an older version, logic similar]
2002-09-30 20:20:22 +00:00
Poul-Henning Kamp
19ebba326b s/struct dev_t */dev_t */ 2002-09-28 21:21:01 +00:00
Poul-Henning Kamp
562c866822 Fix mis-indent. 2002-09-28 17:37:55 +00:00
Poul-Henning Kamp
37c841831f Be consistent about "static" functions: if the function is marked
static in its prototype, mark it static at the definition too.

Inspired by:    FlexeLint warning #512
2002-09-28 17:15:38 +00:00
Poul-Henning Kamp
d241c36453 I misplaced a local variable yesterday. 2002-09-28 13:42:04 +00:00
Poul-Henning Kamp
2e27173fb5 Add a D_NOGIANT flag which can be set in a struct cdevsw to indicate
that a particular device driver is not Giant-challenged.

SPECFS will DROP_GIANT() ... PICKUP_GIANT() around calls to the
driver in question.

Notice that the interrupt path is not affected by this!

This does _NOT_ work for drivers accessed through cdevsw->d_strategy()
ie drivers for disk(-like), some tapes, maybe others.
2002-09-27 19:47:59 +00:00
Poul-Henning Kamp
ca916247cd Rename struct specinfo to the more appropriate struct cdev.
Agreed on:	jake, rwatson, jhb
2002-09-27 18:27:10 +00:00
Poul-Henning Kamp
48a7c35e51 I hate it when patch gives me .rej files.
Can't we make the pre-commit check refuse if there are .rej files in
the directory ?
2002-09-26 17:25:22 +00:00
Poul-Henning Kamp
c2aee6b42d Return ENOTTY on unhandled ioctls. 2002-09-26 14:11:49 +00:00
Poul-Henning Kamp
1d02d910c1 Return ENOTTY on unrecognized ioctls. 2002-09-26 14:08:37 +00:00
Poul-Henning Kamp
f6b80a4921 Return ENOTTY on incorrect ioctls. 2002-09-26 14:07:43 +00:00
Poul-Henning Kamp
2917ba13f7 Return ENOTTY when we don't recognize an ioctl. 2002-09-26 14:05:36 +00:00
Nate Lawson
5187d555a5 Fix these warns where sizeof(int) != sizeof(void *)
/h/des/src/sys/coda/coda_venus.c: In function `venus_ioctl':
/h/des/src/sys/coda/coda_venus.c:277: warning: cast from pointer to integer of
different size
/h/des/src/sys/coda/coda_venus.c:292: warning: cast from pointer to integer of
different size
/h/des/src/sys/coda/coda_venus.c: In function `venus_readlink':
/h/des/src/sys/coda/coda_venus.c:380: warning: cast from pointer to integer of
different size
/h/des/src/sys/coda/coda_venus.c: In function `venus_readdir':
/h/des/src/sys/coda/coda_venus.c:637: warning: cast from pointer to integer of
different size

Submitted by:	des-alpha-tinderbox
2002-09-26 06:19:31 +00:00
Jeff Roberson
2a96b2d69f - Fix a botch in previous commit; oldvp should not be unconditionally
assigned.
2002-09-26 02:54:30 +00:00
Semen Ustimenko
7dcd8ef946 Fix the problem introduced by vop_stdbmap() usage. The NTFS does not
implement worthful VOP_BMAP() handler, so it expect the blkno not to be
changed by VOP_BMAP(). Otherwise, it'll have to find some tricky way to
determine if bp was VOP_BMAP()ed or not in VOP_STRATEGY().

PR:		kern/42139
2002-09-25 23:55:06 +00:00
Jeff Roberson
37ab0e0d81 - Use vrefcnt() instead of v_usecount. 2002-09-25 02:42:43 +00:00
Jeff Roberson
9026179755 - Use vrefcnt() instead of directly accessing v_usecount. 2002-09-25 02:33:29 +00:00
Jeff Roberson
4d93c0be1f - Use vrefcnt() where it is safe to do so instead of doing direct and
unlocked accesses to v_usecount.
 - Lock access to the buf lists in the various sync routines.  interlock
   locking could be avoided almost entirely in leaf filesystems if the
   fsync function had a generic helper.
2002-09-25 02:32:42 +00:00
Jeff Roberson
c944ebed73 - Lock access to the buf lists in spec_sync()
- Fixup interlock locking in spec_close()
2002-09-25 02:29:49 +00:00
Jeff Roberson
75cabb639a - Hold the vp lock while accessing v_vflags. 2002-09-25 02:28:07 +00:00
Alfred Perlstein
4f492bfab5 use __packed. 2002-09-23 18:54:32 +00:00
Ian Dowse
ac11ad13fb Attempt to fix the error reported by the alpha tinderbox. A pointer
was being cast to an integer as part of a hash function, so just
add an intptr_t cast to silence the warning.
2002-09-22 13:25:57 +00:00
Don Lewis
1c4ccf09cd Fix misspellings, capitalization, and punctuation in comments. Minor
comment phrasing and style changes.
2002-09-22 08:54:17 +00:00
Jake Burkholder
05ba50f522 Use the fields in the sysentvec and in the vm map header in place of the
constants VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK and PS_STRINGS.
This is mainly so that they can be variable even for the native abi, based
on different machine types.  Get stack protections from the sysentvec too.
This makes it trivial to map the stack non-executable for certain abis, on
machines that support it.
2002-09-21 22:07:17 +00:00
Don Lewis
fa288043e2 VOP_FSYNC() requires that it's vnode argument be locked, which nfs_link()
wasn't doing.  Rather than just lock and unlock the vnode around the call
to VOP_FSYNC(), implement rwatson's suggestion to lock the file vnode
in kern_link() before calling VOP_LINK(), since the other filesystems
also locked the file vnode right away in their link methods.  Remove the
locking and and unlocking from the leaf filesystem link methods.

Reviewed by:	rwatson, bde  (except for the unionfs_link() changes)
2002-09-19 13:32:45 +00:00
Nate Lawson
86ed6d45ac Remove any VOP_PRINT that redundantly prints the tag.
Move lockmgr_printinfo() into vprint() for everyone's benefit.

Suggested by: bde
2002-09-18 20:42:04 +00:00
Boris Popov
44f3878ecb Always open file in the DENYNONE mode and let the server to decide what is
good for this file.
This should allow read only access to file which is already opened on server.
2002-09-18 09:54:16 +00:00
Boris Popov
3c2f5c3cc8 Implement additional SMB calls to allow proper update of file size as some
file servers fail to do it in the right way.

New NFLUSHWIRE flag marks pending flush request(s).

NB: not all cases covered by this commit.

Obtained from:	Darwin
2002-09-18 09:27:04 +00:00
Nate Lawson
06be2aaa83 Remove all use of vnode->v_tag, replacing with appropriate substitutes.
v_tag is now const char * and should only be used for debugging.

Additionally:
1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK
2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which
is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.

Suggested by:   phk
Reviewed by:    bde, rwatson (earlier version)
2002-09-14 09:02:28 +00:00
Julian Elischer
71fad9fdee Completely redo thread states.
Reviewed by:	davidxu@freebsd.org
2002-09-11 08:13:56 +00:00
David Xu
1279572a92 s/SGNL/SIG/
s/SNGL/SINGLE/
s/SNGLE/SINGLE/

Fix abbreviation for P_STOPPED_* etc flags, in original code they were
inconsistent and difficult to distinguish between them.

Approved by: julian (mentor)
2002-09-05 07:30:18 +00:00
Ian Dowse
4cf64ccaed Add a missing #include <sys/lockmgr.h>. 2002-09-01 23:02:10 +00:00
Philippe Charnier
93b0017f88 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:23:09 +00:00
Bruce Evans
34bdf0dcbf Fixed printf format errors and style bugs in rev.1.92. This is the version
that should have been committed in rev.1.93.
2002-08-25 02:39:07 +00:00
Bruce Evans
152ffafe85 Oops, the previous commit wasn't the version that I meant to commit (it
does some extra things which are probably harmless).  Back it out.
2002-08-25 02:34:18 +00:00
Bruce Evans
109a8e7c0c Fixed printf format errors and style bugs in previous commit. 2002-08-25 01:08:27 +00:00
Scott Long
3a48fb1bf7 Remove stddef.h from the header list
Prodded by: peter
2002-08-23 14:10:55 +00:00
Tom Rhodes
abe78e9708 Fix a bug where large msdos partitions were not handled correctly, and fix
a few fsck_msdosfs related 'issues'

PR:		28536, 30168
Submitted by:	Jiangyi Liu <jyliu@163.net> && NetBSD
Approved by:	rwatson (mentor)
2002-08-22 22:17:11 +00:00
Scott Long
c8eeea2ffc Remove the possibility of a race condition when reading the . and ..
entries.
2002-08-20 04:46:59 +00:00
Scott Long
95ec5961f6 Don't abuse the stack when translating names. 2002-08-20 04:46:04 +00:00
Robert Watson
b4edfededd Handle one more case of a fifofs filetmp: set filetmp.f_cred to
ap->a_cred, and pass in ap->a_td->td_ucred as the active_cred to
soo_poll().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-20 02:17:59 +00:00
Robert Watson
d49fa1ca6e In continuation of early fileop credential changes, modify fo_ioctl() to
accept an 'active_cred' argument reflecting the credential of the thread
initiating the ioctl operation.

- Change fo_ioctl() to accept active_cred; change consumers of the
  fo_ioctl() interface to generally pass active_cred from td->td_ucred.
- In fifofs, initialize filetmp.f_cred to ap->a_cred so that the
  invocations of soo_ioctl() are provided access to the calling f_cred.
  Pass ap->a_td->td_ucred as the active_cred, but note that this is
  required because we don't yet distinguish file_cred and active_cred
  in invoking VOP's.
- Update kqueue_ioctl() for its new argument.
- Update pipe_ioctl() for its new argument, pass active_cred rather
  than td_ucred to MAC for authorization.
- Update soo_ioctl() for its new argument.
- Update vn_ioctl() for its new argument, use active_cred rather than
  td->td_ucred to authorize VOP_IOCTL() and the associated VOP_GETATTR().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-17 02:36:16 +00:00
Robert Watson
ea6027a8e1 Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential.  Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential.  Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument.  This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.

Trickle this change down into fo_stat/poll() implementations:

- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
  MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
  than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
  to vn_stat().  Pass active_cred to MAC and fp->f_cred to VOP_POLL()
  to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
  and consumers so that this distinction is maintained at the VFS
  as well as 'struct file' layer.  Pass active_cred instead of
  td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.

- fifofs: modify the creation of a "filetemp" so that the file
  credential is properly initialized and can be used in the socket
  code if desired.  Pass ap->a_td->td_ucred as the active
  credential to soo_poll().  If we teach the vnop interface about
  the distinction between file and active credentials, we would use
  the active credential here.

Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained.  It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 12:52:03 +00:00
Tom Rhodes
b5cdbc6dae When a cluster entry for ``.'' is set to 0, msdosfs fails to handle it
correctly.

PR:		24393
Submitted by:	semenu
Approved by:	rwatson (mentor)
MFC after:	1 week
2002-08-16 05:13:42 +00:00
Jake Burkholder
e4f5294e18 Fixed 64bit big endian bugs relating to abuse of ioctl argument passing.
This makes truss work on sparc64.
2002-08-15 06:16:10 +00:00
Scott Long
4576293d3e Clean up comments that are no longer relevant. 2002-08-15 03:50:06 +00:00
Scott Long
1703656a17 Factor out some ugle code that's shared by udf_readdir and udf_lookup.
Significantly de-obfuscate udf_lookup

Inspired By: tes@sgi.com
2002-08-15 00:43:43 +00:00
Poul-Henning Kamp
9bf1a75697 Introduce typedefs for the member functions of struct vfsops and employ
these in the main filesystems.  This does not change the resulting code
but makes the source a little bit more grepable.

Sponsored by:	DARPA and NAI Labs.
2002-08-13 10:05:50 +00:00
Pierre Beyssac
f7a91b49b7 Fix typo in vnode flags causing deadlock in msdosfs_fsync().
Reviewed by:	jeff
2002-08-05 21:07:30 +00:00
Mike Barcroft
2dd3656781 Fix typo in the last revision.
Noticed by:	i386 tinderbox
2002-08-04 19:34:38 +00:00
Scott Long
2bbe0d3617 Simplify the handling of a fragmented file_id descriptor. Also
de-obfuscate the file_char flags.
2002-08-04 16:42:20 +00:00
Jeff Roberson
e6e370a7fe - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
Scott Long
8db4c2f20c Calculate the correct physical block number for files that are
embedded into their file_entry descriptor.  This is more for
correctness, since these files cannot be bmap'ed/mmap'ed anyways.
Enforce this restriction.

Submitted by:	tes@sgi.com
2002-08-02 06:22:20 +00:00
Scott Long
678d5effd3 Check for deleted files in udf_lookup(), not just udf_readdir().
Submitted by:	tes@sgi.com
2002-08-02 06:19:43 +00:00
Alan Cox
1e7ce68ff4 o Lock page queue accesses in nwfs and smbfs.
o Assert that the page queues lock is held in vm_page_deactivate().
2002-08-02 05:23:58 +00:00
Robert Watson
67d722ed73 Introduce support for Mandatory Access Control and extensible
kernel access control.

Teach devfs how to respond to pathconf() _POSIX_MAC_PRESENT queries,
allowing it to indicate to user processes that individual vnode labels
are available.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 03:12:40 +00:00
Robert Watson
bdc2cd1318 Hook up devfs_pathconf() for specfs devfs nodes, not just regular
devfs nodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:27:57 +00:00
Robert Watson
c1ff2d9baf Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify procfs so that (when mounted multilabel) it exports process MAC
labels as the vnode labels of procfs vnodes associated with processes.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 02:03:21 +00:00
Robert Watson
dee93f2c52 Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify pseudofs so that it can support synthetic file systems with
the multilabel flag set.  In particular, implement vop_refreshlabel()
as pn_refreshlabel().  Implement pfs_refreshlabel() to invoke this,
and have it fall back to the mount label if the file system does
not implement pn_refreshlabel() for the node.  Otherwise, permit
the file system to determine how the service is provided.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:33:12 +00:00
Robert Watson
6742f32809 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument devfs to support per-dirent MAC labels.  In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries.  Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store.  This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 15:45:16 +00:00
Semen Ustimenko
b0c1faefdd Fix a problem with sendfile() syscall by always doing I/O via bread() in
ntfs_read(). This guarantee that requested cache pages will be valid if
UIO_NOCOPY specifed.

PR:		bin/34072, bin/36189
MFC after:	1 week
2002-07-31 00:42:57 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Julian Elischer
1d7b9ed2e6 Create a new thread state to describe threads that would be ready to run
except for the fact tha they are presently swapped out. Also add a process
flag to indicate that the process has started the struggle to swap
back in. This will be  needed for the case where multiple threads
start the swapin action top a collision. Also add code to stop
a process fropm being swapped out if one of the threads in this
process is actually off running on another CPU.. that might hurt...

Submitted by:	Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
2002-07-29 18:33:32 +00:00
Dima Dorfman
ec7e38fb22 Correct misindentation of DRA_UID. 2002-07-28 06:57:57 +00:00
Dima Dorfman
af13e3abb9 Unimplement panic(8) by making sure that we don't recurse into a
ruleset.  If we do, that means there's a ruleset loop (10 includes 20
include 30 includes 10), which will quickly cause a double fault due
to stack overflow (since "include" is implemented by recursion).
(Previously, we only checked that X didn't include X.)
2002-07-28 03:52:44 +00:00
Jeff Roberson
17f888f15f - Explicitly state that specfs does not support locking by using
vop_no{lock,unlock,islocked}.  This should be the only vnode opv that does
   so.
2002-07-27 05:14:59 +00:00
Alan Cox
eb13174a6b o Lock page queue accesses by vm_page_activate() and vm_page_deactivate(). 2002-07-27 05:08:49 +00:00
Dima Dorfman
a1dc209638 Introduce the DEVFS "rule" subsystem. DEVFS rules permit the
administrator to define certain properties of new devfs nodes before
they become visible to the userland.  Both static (e.g., /dev/speaker)
and dynamic (e.g., /dev/bpf*, some removable devices) nodes are
supported.  Each DEVFS mount may have a different ruleset assigned to
it, permitting different policies to be implemented for things like
jails.

Approved by:	phk
2002-07-17 01:46:48 +00:00
Mark Murray
fa860c783c Unbreak LINT; sort the includes so that functions are explicitly
declared. Remove duplicate includes.
2002-07-16 09:33:33 +00:00
Jeff Roberson
ad70122060 - Change all LK_SHARE locks to LK_EXCLUSIVE. Shared locks aren't quite safe
yet
 - Use vop_std{lock,unlock,islocked}.
2002-07-09 19:43:39 +00:00
Jeff Roberson
922b974a44 Lock down pseudofs:
- Initialize lock structure in vncache_alloc
 - Return locked vnodes from vncache_alloc
 - Setup vnode op vectors to use default lock, unlock, and islocked
 - Implement simple locking scheme required for lookup
2002-07-08 01:50:14 +00:00
Julian Elischer
e602ba25fd Part 1 of KSE-III
The ability to schedule multiple threads per process
(one one cpu) by making ALL system calls optionally asynchronous.
to come: ia64 and power-pc patches, patches for gdb, test program (in tools)

Reviewed by:	Almost everyone who counts
	(at various times, peter, jhb, matt, alfred, mini, bernd,
	and a cast of thousands)

	NOTE: this is still Beta code, and contains lots of debugging stuff.
	expect slight instability in signals..
2002-06-29 17:26:22 +00:00
Maxime Henrion
4ce86ffd17 nmount'ify unionfs further by using separate options instead
of passing a flags mount options.  This removes the include of
sys/fs/unionfs/union.h in mount_unionfs as it should be.

Reviewed by:	phk
2002-06-15 22:48:14 +00:00
Maxime Henrion
c3210a83c0 Convert UDF to nmount.
Reviewed by:	scottl
2002-06-15 22:40:13 +00:00
Semen Ustimenko
1cfdefbb9f Fix a race during null node creation between relookuping the hash and
adding vnode to hash. The fix is to use atomic hash-lookup-and-add-if-
not-found operation. The odd thing is that this race can't happen
actually because the lowervp vnode is locked exclusively now during the
whole process of null node creation. This must be thought as a step
toward shared lookups.

Also remove vp->v_mount checks when looking for a match in the hash,
as this is the vestige.

Also add comments and cosmetic changes.
2002-06-13 21:49:09 +00:00
Semen Ustimenko
1542003115 Change null_hashlock into null_hashmtx, because there is no need for
lockmgr and this helps to vget() vnode from hash without a race.

Reviewed by:	bp
MFC after:	2 weeks
2002-06-13 20:18:50 +00:00
Semen Ustimenko
08720e34b0 Fix the "error" path (when dropping not fully initialized vnode).
Also move hash operations out of null_vnops.c and explicitly initialize
v_lock in null_node_alloc (to set wmesg).

Reviewed by:	bp
MFC after:	2 weeks
2002-06-13 18:25:06 +00:00
Semen Ustimenko
ebe0bdddac Fix wrong locking in null_inactive and null_reclaim. This makes nullfs
relatively working back.

Reviewed by:	mckusick, bp
2002-06-13 17:30:40 +00:00
Dag-Erling Smørgrav
a3d37b1322 Gratuitous whitespace cleanup. 2002-06-06 16:59:24 +00:00
Semen Ustimenko
c83fca1f1f Make devfs to give honour to PDIRUNLOCK flag.
Reviewed by:	jeff
MFC after:	1 week
2002-06-01 09:17:43 +00:00
Seigo Tanimura
4cc20ab1f0 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
Maxime Henrion
a9f5c04aae Convert unionfs to nmount. 2002-05-24 00:44:44 +00:00
Maxime Henrion
23bb7c1425 Fix comments. 2002-05-24 00:16:13 +00:00
Maxime Henrion
9fcc512cd6 Convert nullfs to nmount. 2002-05-23 23:07:27 +00:00
Bruce Evans
fba2e6106f Quick fix for non-unique inode numbers for hard links. We use the
byte offset of the directory entry for the inode number for all types
of files except directories, although this breaks hard links for
non-directories even if it doesn't cause overflow.  Just ignore this
broken inode number for stat() and readdir() and return a less broken
one (the block offset of the file), so that applications normally can't
see the brokenness.

This leaves at least the following brokenness:
- extra inodes, vnodes and caching for hard links.
- various overflow bugs.  cd9660 supports 64-bit block numbers, but we
  silently ignore the top 32 bits in isonum_733() and then drop another
  10 bits for our broken inode numbers.  We may also have sign extension
  bugs from storing 32-bit extents in ints and longs even if ints are
  32-bits.  These bugs affect DVDs.  mkisofs apparently limits them
  by writing directory entries first.

Inode numbers were broken mainly in 4.4BSD-Lite2.  FreeBSD-1.1.5 seems
to have a correct implementation modulo the overflow bugs.  We need
to look up directory entries from inodes for symlinks only.  FreeBSD-1.1.5
use separate fields (iso_parent_extent, iso_parent) to point to the
directory entry.  4.4BSD-Lite doesn't have these, and abuses i_ino to
point to the directory entry.  Correct pointers are impossible for
hard links, but symlinks can't be hard links.
2002-05-22 08:50:18 +00:00
Semen Ustimenko
96b825e7ca Fix null_lock() not unlocking vp->v_interlock if LK_THISLAYER.
Reviewed by:	bp@FreeBSD.org
MFC after:	1 week
2002-05-21 18:07:33 +00:00
Seigo Tanimura
102638407c Lock the writer socket across sorwakeup(fip->fi_writesock).
Spotted by:	peter
2002-05-21 02:37:56 +00:00
Seigo Tanimura
243917fe3b Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
John Baldwin
f44d9e24fb Change p_can{debug,see,sched,signal}()'s first argument to be a thread
pointer instead of a proc pointer and require the process pointed to
by the second argument to be locked.  We now use the thread ucred reference
for the credential checks in p_can*() as a result.  p_canfoo() should now
no longer need Giant.
2002-05-19 00:14:50 +00:00
Poul-Henning Kamp
17b5825d7e Remove a check of blocknumbers/offsets which will be pointless with
64 bit daddr_t.

Sponsored by: DARPA & NAI Labs.
2002-05-18 09:32:56 +00:00
Tom Rhodes
d394511de3 More s/file system/filesystem/g 2002-05-16 21:28:32 +00:00
Maxime Henrion
fc6f338fd2 In VOP_LOOKUP, don't assume that the final pathname component
will be in the same filesystem than the one where the current
component is.

Approved by:	scottl
2002-05-16 19:22:39 +00:00
Poul-Henning Kamp
98b0c78978 Make daddr_t and u_daddr_t 64bits wide.
Retire daddr64_t and use daddr_t instead.

Sponsored by:	DARPA & NAI Labs.
2002-05-14 11:09:43 +00:00
Maxime Henrion
8eee3a3d58 Fix several bugs in devfs_lookupx(). When we check the nameiop to
make sure it's a correct operation for devfs, do it only in the
ISLASTCN case.  If we don't, we are assuming that the final file will
be in devfs, which is not true if another partition is mounted on top
of devfs or with special filenames (like /dev/net/../../foo).

Reviewed by:	phk
2002-05-10 15:41:14 +00:00
Jeff Roberson
441271159e Include systm.h for panic(9) so that DEBUG_ALL_VFS_LOCKS compiles. 2002-05-04 02:37:00 +00:00
Poul-Henning Kamp
1ed91802ee HPFS picks up the vop_stdgetpages and vop_stdputpages member functions
via the default entry and the default vop vector.
2002-05-03 18:23:29 +00:00
Dag-Erling Smørgrav
d95ec55335 s/pfs_badop/vop_eopnotsupp/
Submitted by:	phk
2002-05-03 14:58:25 +00:00
Maxime Henrion
6dbde1fe23 Convert devfs to nmount.
Reviewed by:	phk
2002-05-02 20:27:42 +00:00
Maxime Henrion
8392a47923 Convert the pseudofs framework to nmount (thus procfs and linprocfs).
Reviewed by:	des (some time ago), phk
2002-05-02 20:25:55 +00:00
Maxime Henrion
4d8b916946 Convert fdescfs to nmount.
Reviewed by:	phk
2002-05-02 20:24:50 +00:00
Scott Long
1347b4e84f Don't reference vop_std* since they are already implicitly
referenced through the VOP_DEFAULT vector

Submitted by:	phk
2002-05-02 20:23:47 +00:00
Poul-Henning Kamp
ef41ad17bd Use vop_panic() instead of rolling our own. 2002-05-02 19:13:44 +00:00
Scott Long
cd1b1a1d35 In udf_bmap(), return the physical block number, not the logical
block number.  This fixes things like cp (ouch!) which use mmap.
2002-05-02 05:01:14 +00:00
Scott Long
d1def83b54 Fix udf_read(). Honor the uio_resid when determining the size of
the block to read and copy out.  This removes the hack in
udf_readatoffset() for only reading one block at a time.  WooHoo!
Remove a redundant test for fragmented fids in both udf_readdir()
and udf_lookup().  Add comment to both as to why the test is
written the way it is.  Add a few more safety checks for brelse().

Thanks to Timothy Shimmin <tes@boing.melbourne.sgi.com> for pointing
out these problems.
2002-04-30 05:05:05 +00:00
Seigo Tanimura
960ed29c4b Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
Robert Watson
a12cfddc0f Use vnode locking with devfs; permit VFS locking assertions to make
sense for devfs vnodes, and reduce/remove potential races in the devfs
code.

Submitted by:	iadowse
Approved by:	phk
2002-04-29 20:00:39 +00:00
Boris Popov
b88157559d UIO_NOCOPY is not supported for now, so refuse read opeartion if this flag
is set. The full emulation of bio are on its way...
2002-04-26 03:49:02 +00:00
Boris Popov
959b83b921 Track nfs's getpages() changes:
Properly count v_vnodepgsin.
    Do not reread page if is already valid.
    Properly handle partially filled pages.
2002-04-23 14:30:43 +00:00
Boris Popov
3f36e6f21a Get rid from extra #ifdefs. 2002-04-23 13:55:14 +00:00
Bruce Evans
4cc6241557 Don't attempt to decvlare M_DEVFS whern MALLOC_DECLARE is not defined.
This fixes warnings that should be errors in fstat.

Reminded by:	alpha tinderbox

Fixed some style bugs (ones near BOF and EOF; there are many more).
2002-04-21 15:47:03 +00:00
Bruce Evans
54a4c5bf21 Include <sys/systm.h> for (at least) the definition of atomic functions
which are sometimes used by the macros in <sys/mutex.h>; don't depend
on not-quite-necessary namespace pollution in <sys/mutex.h>.
2002-04-21 15:35:54 +00:00
Marcel Moolenaar
5ce9299f05 Don't put a line break in string literals. GCC 3.1 complains and GCC
3.2 drops the ball.
2002-04-20 01:42:56 +00:00
Robert Watson
d51ed1a04a Spelling fix for comment. 2002-04-20 01:14:25 +00:00
Alfred Perlstein
7858dcd629 Cleanup of logic, flow and comments.
Submitted by: bde
2002-04-18 14:47:34 +00:00
John Baldwin
ba626c1db2 Lock proctree_lock instead of pgrpsess_lock. 2002-04-16 17:11:34 +00:00
Jeroen Ruigrok van der Werven
c2d6947d14 Sync with UDF p4 tree: Use POSIX integer types instead of BSD types. 2002-04-15 19:49:15 +00:00
Scott Long
51a7b740a1 Actually add the UDF files! 2002-04-14 16:52:14 +00:00
John Baldwin
87484be35f Remove stale XXX comment. 2002-04-14 04:12:44 +00:00
John Baldwin
a92e7c792a - Change procfs_control()'s first argument to be a thread pointer instead
of a process pointer.
- Move the p_candebug() at the start of procfs_control() a bit to make
  locking feasible.  We still perform the access check before doing
  anything, we just now perform it after acquiring locks.
- Don't lock the sched_lock for TRACE_WAIT_P() and when checking to see if
  p_stat is SSTOP.  We lock the process while setting p_stat to SSTOP
  so locking the process is sufficient to do a read to see if p_stat is
  SSTOP or not.
2002-04-13 23:19:13 +00:00
John Baldwin
ce5aaf4554 Lock the target process for p_candebug(). 2002-04-13 23:15:28 +00:00
John Baldwin
ff7299d998 Lock the target process in procfs_doproc*regs() for p_candebug and while
reading/writing the registers.
2002-04-13 23:14:08 +00:00
John Baldwin
590ae816c2 - p_cansee() needs the target process locked.
- We need the proc lock held for more of procfs_doprocstatus().
2002-04-13 23:09:41 +00:00
Boris Popov
6e8681aa50 Check write permissions before creating anything.
PR:		kern/27883
MFC after:	1 week
2002-04-13 15:33:26 +00:00
Poul-Henning Kamp
a1f1e35d8b Remove 3 instances of vm_zone.h inclusion. 2002-04-08 08:12:46 +00:00
Jeff Roberson
8396dd9eaa Change the vm_zone calls over to uma calls. Remove the reference to the
vm_zone header.
2002-04-08 06:57:43 +00:00
Bruce Evans
11257f4d1a Fixed assorted bugs in setting of timestamps in devfs_setattr().
Setting of timestamps on devices had no effect visible to userland
because timestamps for devices were set in places that are never used.
This broke:
- update of file change time after a change of an attribute
- setting of file access and modification times.

The VA_UTIMES_NULL case did not work.  Revs 1.31-1.32 were supposed to
fix this by copying correct bits from ufs, but had little or no effect
because the old checks were not removed.
2002-04-05 15:16:08 +00:00
Bruce Evans
32a95d83f9 Fixed a very old bug in setting timestamps using utimes(2) on msdosfs
files.  We didn't clear the update marks when we set the times, so
some of the settings were sometimes clobbered with the current time a
little later.  This caused cp -p even by root to almost always fail
to preserve any times despite not reporting any errors in attempting
to preserve them.

Don't forget to set the archive attribute when we set the read-only
attribute.  We should only set the archive attribute if we actually
change something, but we mostly don't bother avoiding setting it
elsewhere, so don't bother here yet.

MFC after:	1 week
2002-04-05 14:01:04 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
Bruce Evans
79065dba2a Moved signal handling and rescheduling from userret() to ast() so that
they aren't in the usual path of execution for syscalls and traps.
The main complication for this is that we have to set flags to control
ast() everywhere that changes the signal mask.

Avoid locking in userret() in most of the remaining cases.

Submitted by:	luoqi (first part only, long ago, reorganized by me)
Reminded by:	dillon
2002-04-04 17:49:48 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Bruce Evans
0508986cce In ffs_mountffs(), set mnt_iosize_max to si_iosize_max unconditionally
provided the latter is nonzero.  At this point, the former is a fairly
arbitrary default value (DFTPHYS), so changing it to any reasonable
value specified by the device driver is safe.  Using the maximum of
these limits broke ffs clustered i/o for devices whose si_iosize_max
is < DFLTPHYS.  Using the minimum would break device drivers' ability
to increase the active limit from DFTLPHYS up to MAXPHYS.

Copied the code for this and the associated (unnecessary?) fixup of
mp_iosize_max to all other filesystems that use clustering (ext2fs and
msdosfs).  It was completely missing.

PR:		36309
MFC-after:	1 week
2002-03-30 15:12:57 +00:00
Alfred Perlstein
e9b192b758 Protect proc struct (p_args and p_comm) when doing procfs IO that pulls
data from it.

Submitted by: Jonathan Mini <mini@haikugeek.com>
2002-03-29 19:12:40 +00:00
Bruce Evans
69c59d8703 Fixed some style bugs in the removal of __P(()). Continuation lines
were not outdented to preserve non-KNF lining up of code with parentheses.
Switch to KNF formatting in some cases.
2002-03-24 04:35:23 +00:00
Bruce Evans
b76d0b3217 Fixed some style bugs in the removal of __P(()). Continuation lines
were not outdented to preserve non-KNF lining up of code with parentheses.
Switch to KNF formatting.
2002-03-23 12:38:05 +00:00
Jeff Roberson
2684b6af7a Remove references to vm_zone.h and switch over to the new uma API. 2002-03-20 10:17:00 +00:00
Alfred Perlstein
89c9a48352 Remove __P. 2002-03-20 07:51:46 +00:00
Alfred Perlstein
aa075405f6 Remove __P. 2002-03-20 05:00:21 +00:00
Alfred Perlstein
11caded34f Remove __P. 2002-03-19 22:20:14 +00:00
Kirk McKusick
b70428b2f0 Cannot release vnode underlying the nullfs vnode in null_inactive
as it leaves the nullfs vnode allocated, but with no identity. The
effect is that a null mount can slowly accumulate all the vnodes
in the system, reclaiming them only when it is unmounted. Thus
the null_inactive state instead accelerates the release of the
null vnode by calling vrecycle which will in turn call the
null_reclaim operator. The null_reclaim routine then does the
freeing actions previosuly (incorrectly) done in null_inactive.
2002-03-18 05:39:04 +00:00
Kirk McKusick
a0595d0249 Add a flags parameter to VFS_VGET to pass through the desired
locking flags when acquiring a vnode. The immediate purpose is
to allow polling lock requests (LK_NOWAIT) needed by soft updates
to avoid deadlock when enlisting other processes to help with
the background cleanup. For the future it will allow the use of
shared locks for read access to vnodes. This change touches a
lot of files as it affects most filesystems within the system.
It has been well tested on FFS, loopback, and CD-ROM filesystems.
only lightly on the others, so if you find a problem there, please
let me (mckusick@mckusick.com) know.
2002-03-17 01:25:47 +00:00
Kirk McKusick
0d2af52141 Introduce the new 64-bit size disk block, daddr64_t. Change
the bio and buffer structures to have daddr64_t bio_pblkno,
b_blkno, and b_lblkno fields which allows access to disks
larger than a Terabyte in size. This change also requires
that the VOP_BMAP vnode operation accept and return daddr64_t
blocks. This delta should not affect system operation in
any way. It merely sets up the necessary interfaces to allow
the development of disk drivers that work with these larger
disk block addresses. It also allows for the development of
UFS2 which will use 64-bit block addresses.
2002-03-15 18:49:47 +00:00
Maxim Konovalov
e9fc9230a6 Be consistent with UFS in a way how devfs_setattr() checks credentials
for chmod(2), chown(2) and utimes(2) with respect to jail(2).

Reviewed by:		rwatson, ru
Not objected by:	phk
Approved by:		ru
2002-03-14 11:18:42 +00:00
Poul-Henning Kamp
26facaeb4d If in strategy we find that we have no devsw on the device anymore we
are probably talking about some disk-device which wente away, so
return ENXIO instead of panicing.
2002-03-05 13:25:57 +00:00
John Baldwin
a854ed9893 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
Thomas Moestl
d2d45a4aa5 Fix LINT breakage by adding a missing include. 2002-02-23 22:55:47 +00:00
Seigo Tanimura
f591779bb5 Lock struct pgrp, session and sigio.
New locks are:

- pgrpsess_lock which locks the whole pgrps and sessions,
- pg_mtx which protects the pgrp members, and
- s_mtx which protects the session members.

Please refer to sys/proc.h for the coverage of these locks.

Changes on the pgrp/session interface:

- pgfind() needs the pgrpsess_lock held.

- The caller of enterpgrp() is responsible to allocate a new pgrp and
  session.

- Call enterthispgrp() in order to enter an existing pgrp.

- pgsignal() requires a pgrp lock held.

Reviewed by:	jhb, alfred
Tested on:	cvsup.jp.FreeBSD.org
		(which is a quad-CPU machine running -current)
2002-02-23 11:12:57 +00:00
Dag-Erling Smørgrav
cd9e3b208c Paranoia: if the process is setugid, set all sensitive files mode 0. 2002-02-18 21:41:11 +00:00
Poul-Henning Kamp
76b82a7ffb Don't even think about using v_id for magic tricks, v_id is giving
us enough trouble as it is for SMPng.
2002-02-17 20:39:42 +00:00
Bruce Evans
a21759a1a9 FIxed the following style bugs:
- clobbering of jsp's $Id$ by FreeBSD's old $Id$.
- long lines in recent KSE changes (procfs_ctl.c).
- other style bugs in KSE changes (most related to an shadowed variable
  in procfs_status.c -- the td in the outer scope is obfuscated by
  PFS_FILL_ARGS).

Approved by:	des
2002-02-16 05:59:26 +00:00
Bruce Evans
a76d60f014 FIxed the following style bugs:
- clobbering of jsp's $Id$ by FreeBSD's old $Id$.
- lost Berkeley id in procfs_dbregs.c
- long lines in recent KSE changes.
- various gratuitous differences between procfs_*regs.c.
2002-02-16 05:38:07 +00:00
Bruce Evans
ff3741f519 Fixed missing PHOLD()/PRELE().
Obtained from:	procfs_dbregs.c
Approved by:	des
2002-02-16 04:05:32 +00:00
Poul-Henning Kamp
40f7b5a9cc Various nit-picking, mostly of style(9) character.
Obtained from:	~bde/sys.dif.gz
2002-02-10 22:00:20 +00:00
Robert Watson
74237f55b0 Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
  as not to use the scatter gather API (which appeared not to be used
  by any consumers, and be less portable), rather, accepts 'data'
  and 'nbytes' in the style of other simple read/write interfaces.
  This changes the API and ABI.

o Modify system call semantics so that extattr_get_{fd,file}() return
  a size_t.  When performing a read, the number of bytes read will
  be returned, unless the data pointer is NULL, in which case the
  number of bytes of data are returned.  This changes the API only.

o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
  argument so as to return the size, if desirable.  If set to NULL,
  the size will not be returned.

o Update various filesystems (pseodofs, ufs) to DTRT.

These changes should make extended attributes more useful and more
portable.  More commits to rebuild the system call files, as well
as update userland utilities to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
Julian Elischer
079b7badea Pre-KSE/M3 commit.
this is a low-functionality change that changes the kernel to access the main
thread of a process via the linked list of threads rather than
assuming that it is embedded in the process. It IS still embeded there
but remove all teh code that assumes that in preparation for the next commit
which will actually move it out.

Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
2002-02-07 20:58:47 +00:00
Robert Watson
416031dcb8 Change EPERM to EOPNOTSUPP when failing pseudofs_setattr() arbitrarily.
Quoth the alfred:	The latter would be better.
2002-02-04 18:21:59 +00:00
Robert Watson
dfe5fa8eb7 Return EPERM instead of 0 in the un-implemented pseudofs_setattr().
Conceivably, it should even return EOPNOTSUPP.
2002-02-04 18:09:29 +00:00
Alfred Perlstein
468485b8d2 Fix select on fifos.
Backout revision 1.56 and 1.57 of fifo_vnops.c.

Introduce a new poll op "POLLINIGNEOF" that can be used to ignore
EOF on a fifo, POLLIN/POLLRDNORM is converted to POLLINIGNEOF within
the FIFO implementation to effect the correct behavior.

This should allow one to view a fifo pretty much as a data source
rather than worry about connections coming and going.

Reviewed by: bde
2002-01-14 22:03:48 +00:00
Semen Ustimenko
8a87e8a94f Commit a know fix for hpfs to use vop_defaultop plug instead of wrong
hpfs_bypass() routine.

MFC after:	1 day
2002-01-14 20:13:42 +00:00
Alfred Perlstein
3fc6a31403 don't initialize the mutex in the temporary struct file, the soo_*
functions just grab f_data and don't muck with anything else so this
should be ok.

this fixes a panic with invariants where it thinks we've doubly initialized
the filetmp mutex even though all we've done is neglect to bzero it.
2002-01-14 02:18:59 +00:00
Alfred Perlstein
a4db49537b Replace ffind_* with fget calls.
Make fget MPsafe.

Make fgetvp and fgetsock use the fget subsystem to reduce code bloat.

Push giant down in fpathconf().
2002-01-14 00:13:45 +00:00
Alfred Perlstein
6c697c900f remove unused socket pointer 2002-01-13 22:15:18 +00:00
Alfred Perlstein
9e209b124a Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
2002-01-13 21:37:49 +00:00
Alfred Perlstein
426da3bcfb SMP Lock struct file, filedesc and the global file list.
Seigo Tanimura (tanimura) posted the initial delta.

I've polished it quite a bit reducing the need for locking and
adapting it for KSE.

Locks:

1 mutex in each filedesc
   protects all the fields.
   protects "struct file" initialization, while a struct file
     is being changed from &badfileops -> &pipeops or something
     the filedesc should be locked.

1 mutex in each struct file
   protects the refcount fields.
   doesn't protect anything else.
   the flags used for garbage collection have been moved to
     f_gcflag which was the FILLER short, this doesn't need
     locking because the garbage collection is a single threaded
     container.
  could likely be made to use a pool mutex.

1 sx lock for the global filelist.

struct file *	fhold(struct file *fp);
        /* increments reference count on a file */

struct file *	fhold_locked(struct file *fp);
        /* like fhold but expects file to locked */

struct file *	ffind_hold(struct thread *, int fd);
        /* finds the struct file in thread, adds one reference and
                returns it unlocked */

struct file *	ffind_lock(struct thread *, int fd);
        /* ffind_hold, but returns file locked */

I still have to smp-safe the fget cruft, I'll get to that asap.
2002-01-13 11:58:06 +00:00
Mike Smith
a7489fe56f Add a new sysinit SI_SUB_DEVFS. Devfs hooks into the kernel at SI_ORDER_FIRST,
and devices can be created anytime after that.

Print a warning if an atttempt is made to create a device too early.
2002-01-09 04:58:49 +00:00
Mike Smith
92fef27d97 Use a sysinit to initialise the devfs hooks in kern_conf.c rather than common
variables.

Reviewed by:	phk (in principle)
2002-01-09 01:00:20 +00:00
Mike Smith
eeff042fb3 Staticise the coda vfsop pointer. 2002-01-08 19:33:51 +00:00
Mike Smith
7577116e1e Staticise pfs_vncache, it's not used anywhere else.
Reviewed by:	des
2002-01-08 11:15:57 +00:00
Seigo Tanimura
233beff278 Do not derefer null.
Reviewed by:	des
2002-01-04 01:03:46 +00:00
Robert Watson
9c4d63da6d o Make the credential used by socreate() an explicit argument to
socreate(), rather than getting it implicitly from the thread
  argument.

o Make NFS cache the credential provided at mount-time, and use
  the cached credential (nfsmount->nm_cred) when making calls to
  socreate() on initially connecting, or reconnecting the socket.

This fixes bugs involving NFS over TCP and ipfw uid/gid rules, as well
as bugs involving NFS and mandatory access control implementations.

Reviewed by:	freebsd-arch
2001-12-31 17:45:16 +00:00
Matthew Dillon
23b590188f Fix a BUF_TIMELOCK race against BUF_LOCK and fix a deadlock in vget()
against VM_WAIT in the pageout code.  Both fixes involve adjusting
the lockmgr's timeout capability so locks obtained with timeouts do not
interfere with locks obtained without a timeout.

Hopefully MFC: before the 4.5 release
2001-12-20 22:42:27 +00:00
Boris Popov
d9d8c8172d Previous commit was intented to silence a warning, not to change codepath. 2001-12-20 15:56:45 +00:00
Sheldon Hearn
5bd80fc519 Silence harmless "smbfs_closel: Negative opencount" messages at
unmount time.

Thanks to iedowse for the background information.

Submitted by:	bp
2001-12-20 11:23:49 +00:00
Matthew Dillon
08f3c74981 Pseudofs was leaking VFS cache entries badly due to its cache and use of
the wrong VOP descriptor.  This misuse caused VFS-cached vnodes to be
re-cached, resulting in the leak.  This commit is an interim fix until DES
has a chance to rework the code involved.
2001-12-19 23:58:09 +00:00
Sheldon Hearn
53f09e7248 Add module dependency on libmchain.
With this change, mounting an smb share (using mount_smb, which is not
yet included in the tree) without any of smbfs, libiconv or libmchain
compiled into the kernel or loaded works.
2001-12-13 13:08:34 +00:00
Alfred Perlstein
118fdf009f Fix select on named pipes without a reader.
PR: kern/19871
MFC after: 1 month
2001-12-12 09:35:33 +00:00
Brian Feldman
41a35633ba Add VOP_GETEXTATTR(9) passthrough support to pseudofs.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-12-11 20:48:20 +00:00
Dag-Erling Smørgrav
40e7a740c9 Remove an obsolete prototype for procfs_kmemaccess().
Submitted by:	rwatson
2001-12-11 19:07:10 +00:00
David E. O'Brien
6e551fb628 Update to C99, s/__FUNCTION__/__func__/,
also don't use ANSI string concatenation.
2001-12-10 08:09:49 +00:00
Dag-Erling Smørgrav
50cb89eed2 Fix various bugs in the debugging code and reenable it. 2001-12-09 00:35:30 +00:00
Dag-Erling Smørgrav
c07f9fc134 Fix an incorrect PFS_TRACE. Also, use __func__ instead of __FUNCTION__. 2001-12-09 00:28:12 +00:00
Dag-Erling Smørgrav
4aac2aa96c Fix a KSEfication brain-o in procfs_doprocfile(): return the path of the target process,
not the calling process.  While we're here, also unstaticize procfs_doprocfile() and
procfs_docurproc() so linprocfs can call them directly instead of duplicating them.

Submitted by:	Dominic Mitchell <dom@semantico.com>
2001-12-08 22:34:14 +00:00
Dag-Erling Smørgrav
3a669c52a8 Pseudofsize procfs(5). 2001-12-04 01:35:06 +00:00
Robert Watson
011376308f o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
  pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
  so as to enforce these protections, in particular, in kern_mib.c
  protection sysctl access to the hostname and securelevel, as well as
  kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
  mib entries (osname, osrelease, osversion) so that they don't return
  a pointer to the text in the struct linux_prison, rather, a copy
  to an array passed into the calls.  Likewise, update linprocfs to
  use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
  accessing struct prison.

Reviewed by:	jhb
2001-12-03 16:12:27 +00:00
Boris Popov
b1c996c40b Catch up with KSE changes.
Submitted by:	Max Khon <fjoe@iclub.nsu.ru>
2001-12-02 08:56:58 +00:00
John Baldwin
88736e1d37 Fix indentation after removing GEMDOS support. Whitespace changes only. 2001-11-28 18:29:16 +00:00
John Baldwin
5a7f3ebb94 Use suser_td() instead of explicitly checking cr_uid against 0.
PR:		kern/21809
Submitted by:	<mbendiks@eunet.no>
Reviewed by:	rwatson
2001-11-28 18:25:39 +00:00
John Baldwin
d3990d589f Axe more unused GEMDOS code that was #ifdef atari.
PR:		kern/21809
Submitted by:	<mbendiks@eunet.no>
2001-11-28 16:56:42 +00:00
John Baldwin
64bf8541f0 Remove GEMDOS support from msdosfs. I don't think anyone is going to
port FreeBSD to Atari machines any time soon.
2001-11-27 21:00:15 +00:00
Dag-Erling Smørgrav
98c7e22c50 Add support for a last-close handler.
Revert the module version bumps; they're quite pointless as long as the
only pseudofs consumer is linprocfs, which is in the tree.
2001-11-27 13:26:27 +00:00
Kenneth D. Merry
94a0557ad7 Fix mounting root from a ISO9660 filesystem on a SCSI CDROM.
The problem was that the ISO9660 code wasn't opening the device prior to
issuing ioctl calls.  In particular, the device must be open before
iso_get_ssector() is called in iso_mountroot().

If the device isn't opened first, the disk layer blows up due to an
uninitialized variable.

The solution was to open the device, call iso_get_ssector() and then close
it again.

The ATAPI CDROM driver doesn't have this problem because it doesn't use the
disk layer, and evidently doesn't mind if someone issues an ioctl without
first issuing an open call.

Thanks to phk for pointing me at the source of this problem.

Tested by:	dirk
MFC after:	1 week
2001-11-27 03:55:43 +00:00
John Baldwin
d2cb9f715f Replace 'p' with 'td' as appropriate. 2001-11-27 00:34:13 +00:00
John Baldwin
c5c6ef2c27 GC compat macros HASHINIT, VOP__LOCK, VOP__UNLOCK, VGET, and VN_LOCK. 2001-11-27 00:18:33 +00:00
John Baldwin
b2ba87cec3 Expand LOCKMGR() compat macro. 2001-11-27 00:08:04 +00:00
John Baldwin
cfaffc10b5 GC some KSE compatiblity macros that were somehow still here. 2001-11-26 23:52:35 +00:00
John Baldwin
8a918adb2b GC non-FreeBSD code that didn't work anyways. 2001-11-26 23:45:12 +00:00
Dima Dorfman
2ab80ed8cf Address two minor issues: implement the _PC_NAME_MAX and _PC_PATH_MAX
pathconf() variables for directories, and set st_size and st_blocks
(of struct stat) for directories as appropriate.  Note that st_size is
always set to DEV_BSIZE, since the size of the directories is not
currently kept.

Reviewed by:	phk, bde
2001-11-25 21:00:38 +00:00
Matthew Dillon
0dbd8b1b08 convert holdsock() to fget(). Add XXX reminder for future socket locking. 2001-11-24 18:28:22 +00:00
Peter Wemm
bc5f905080 Missing KSE s/curproc/curthread/ 2001-11-17 01:09:53 +00:00
Alfred Perlstein
d25c683ad5 Switch behavior of fifos to more closely match what goes on in other OSes.
Basically FIFOs become a real pain to abuse as a rendevous point without
this change because you can't really select(2) on them because they always
return ready even though there is no writer (to signal EOF).

Obtained from: BSD/os
2001-11-08 10:28:32 +00:00
Peter Wemm
4ff021c699 Fix printf format bugs introduced in rev 1.34 for printing times.
quad_t cannot be printed with %lld on 64 bit systems.

Dont waste cpu to round user and system times up to long long, it is
highly improbable that a process will have accumulated 68 years of
user or system cpu time (not wall clock time) before a reboot or
process restart.
2001-11-07 02:51:25 +00:00
Brian Feldman
4228024de2 Correctly unlock the target process if /proc/$foo/mem is open()ed by
another process which cannot p_candebug() it.  The bug was introduced
in rev. 1.100.

Approved by:	des
2001-11-06 17:00:40 +00:00
Matthew Dillon
67fa60faa8 Fix the fix. BIO_ERROR must be set in b_ioflags, not b_flags 2001-11-04 23:52:49 +00:00
Poul-Henning Kamp
d018a84cbc Fix "echo > /dev/null" for non-root users which broke in previous commit. 2001-11-04 19:12:59 +00:00
Matthew Dillon
6b8bd2efc1 Add mnt_reservedvnlist so we can MFC to 4.x, in order to make all mount
structure changes now rather then piecemeal later on.  mnt_nvnodelist
currently holds all the vnodes under the mount point.  This will eventually
be split into a 'dirty' and 'clean' list.  This way we only break kld's once
rather then twice.  nvnodelist will eventually turn into the dirty list
and should remain compatible with the klds.
2001-11-04 18:55:42 +00:00
Poul-Henning Kamp
d7c95b6e27 B_ERROR is BIO_ERROR on -current.
Now it compiles, I don't know if it works.
2001-11-04 08:53:38 +00:00
Matthew Dillon
aa454a4b53 Fix a bug in CD9660 when vmiodirenable is turned on. CD9660 was assuming
that a buffer's b_blkno would be valid.  This is true when vmiodirenable
is turned off because the B_MALLOC'd buffer's data is invalidated when
the buffer is destroyed.  But when vmiodirenable is turned on a buffer
can be reconstituted from its VMIO backing store.  The reconstituted buffer
will have no knowledge of the physical block translation and the result is
serious directory corruption of the CDROM.

The solution is to fix cd9660_blkatoff() to always BMAP the buffer if
b_lblkno == b_blkno.

MFC after:	0 days
2001-11-04 06:18:55 +00:00
Poul-Henning Kamp
9607027339 Use vfs_timestamp() instead of getnanotime().
Add magic stuff copied from ufs_setattr().

Instructed by:	bde
2001-11-03 17:00:02 +00:00
Poul-Henning Kamp
93432a92a4 Use vfs_timestamp() instead of getnanotime() directly.
Fix some modes on directories and symlinks.

Instructed by:	bde
2001-11-03 16:53:24 +00:00
Dag-Erling Smørgrav
41aa8697b5 Reduce the number of #include dependencies by declaring some of the structs
used in pseudofs.h as opaque structs.
2001-11-03 03:07:09 +00:00
Matthew Dillon
0e9fe2127c Adjust printfs to be time_t agnostic. 2001-10-28 22:53:45 +00:00
Dag-Erling Smørgrav
1831900053 Add VOP_IOCTL support, and fix a bug that would cause a panic if a file or
symlink lacked a filler function.
2001-10-26 18:52:47 +00:00
Matthew Dillon
c72ccd014d Change the vnode list under the mount point from a LIST to a TAILQ
in preparation for an implementation of limiting code for kern.maxvnodes.

MFC after:	3 days
2001-10-23 01:21:29 +00:00
Dag-Erling Smørgrav
c193b945eb No, you may not /* FALLTHROUGH */. Not only will you return an incorrect
result, but you'd corrupt the kernel malloc() arena if it weren't for a
small but life-saving optimization in ioctl().

MFC after:	1 week
2001-10-22 16:13:38 +00:00
Dag-Erling Smørgrav
7c62990641 Move procfs_* from procfs_machdep.c into sys_process.c, and rename them to
proc_* in the process; procfs_machdep.c is no longer needed.

Run-tested on i386, build-tested on Alpha, untested on other platforms.
2001-10-21 23:57:24 +00:00
John Baldwin
dee2bb2540 Assert that a ucred is unshared before we remap its ids. 2001-10-20 03:30:34 +00:00
Dag-Erling Smørgrav
32c798f806 Argh! I updated the version number in the MODULE_DEPEND() thingamagook but
not in the actual MODULE_VERSION().  Pass me the pointy hat.
2001-10-19 18:23:51 +00:00
Dag-Erling Smørgrav
33802b9eff Switch to dynamic rather than static initialization.
This makes it possible (in theory) for nodes to be added and / or removed
from pseudofs filesystems at runtime.
2001-10-19 01:43:06 +00:00
Bruce Evans
4e567de4ae Fixed bitrot in a banal comment by removing the comment. 2001-10-13 06:57:59 +00:00
Bruce Evans
c95b982aed Backed out vestiges of the quick fixes for the transient breakage of
<sys/mount.h> in rev.1.106 of the latter (don't include <sys/socket.h>
just to work around bugs in <sys/mount.h>).
2001-10-13 06:41:41 +00:00
John Baldwin
bd78cece5d Change the kernel's ucred API as follows:
- crhold() returns a reference to the ucred whose refcount it bumps.
- crcopy() now simply copies the credentials from one credential to
  another and has no return value.
- a new crshared() primitive is added which returns true if a ucred's
  refcount is > 1 and false (0) otherwise.
2001-10-11 23:38:17 +00:00
John Baldwin
7106ca0d1a Add missing includes of sys/lock.h. 2001-10-11 17:52:20 +00:00
Dag-Erling Smørgrav
3da3249106 Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested.  Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.

This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().

It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
Dag-Erling Smørgrav
080cf92b85 Remove some useless preprocesor paranoia. 2001-10-07 19:41:19 +00:00
Dag-Erling Smørgrav
8d5f9fac24 In procfs_readdir(), when the directory being read was a process directory,
the target process was being held locked during the uiomove() call.  If the
process calling readdir() was the same as the target process (for instance
'ls /proc/curproc/'), and uiomove() caused a page fault, the result would
be a proc lock recursion.  I have no idea how long this has been broken -
possibly ever since pfind() was changed to lock the process it returns.

Also replace the one and only call to procfs_findtextvp() with a direct
test of td->td_proc->p_textvp.
2001-10-07 19:37:13 +00:00
Dag-Erling Smørgrav
b84ce33438 Add a PFS_DISABLED flag; pfs_visible() automatically returns 0 if it is set
on the node in question.  Also add two API functions for setting and clearing
this flag; setting it also reclaims all vnodes associated with the node.
2001-10-02 22:22:42 +00:00
Dag-Erling Smørgrav
b7004390b3 Only print "XXX (un)registered" message if bootverbose. 2001-10-02 22:21:07 +00:00
Dag-Erling Smørgrav
24efa9d3fa [the previous commit to pseudofs_vncache.c got the wrong log message]
YA pseudofs megacommit, part 2:

 - Merge the pfs_vnode and pfs_vdata structures, and make the vnode cache
   a doubly-linked list.  This eliminates the need to walk the list in
   pfs_vncache_free().

 - Add an exit callout which revokes vnodes associated with the process
   that just exited.  Since it needs to lock the cache when it does this,
   pfs_vncache_mutex needs MTX_RECURSE.
2001-10-01 04:26:33 +00:00
Dag-Erling Smørgrav
198bc14b1d YA pseudofs megacommit, part 1:
- Add a third callback to the pfs_node structure.  This one simply returns
   non-zero if the specified requesting process is allowed to access the
   specified node for the specified target process.  This is used in
   addition to the usual permission checks, e.g. when certain files don't
   make sense for certain (system) processes.

 - Make sure that pfs_lookup() and pfs_readdir() don't yap about files
   which aren't pfs_visible().  Also check pfs_visible() before performing
   reads and writes, to prevent the kind of races reported in SA-00:77 and
   SA-01:55 (fork a child, open /proc/child/ctl, have that child fork a
   setuid binary, and assume control of it).

 - Add some more trace points.
2001-10-01 04:22:20 +00:00
Dag-Erling Smørgrav
7d8f809f00 pseudofs.h:
- Rearrange the flag constants a little to simplify specifying and testing
    for readability and writeability.

pseudofs_vnops.c:

  - Track the aforementioned change.

  - Add checks to pfs_open() to prevent opening read-only files for writing
    or vice versa (pfs_{read,write} would block the actual reads and writes,
    but it's still a bug to allow the open() to succeed).  Also, return
    EOPNOTSUPP if the caller attempts to lock the file.

  - Add more trace points.
2001-09-30 19:41:29 +00:00
Poul-Henning Kamp
40739c02ae The behaviour of whiteout'ing symlinks were too confusing, instead
remove them when asked to.
2001-09-30 08:43:33 +00:00
Dag-Erling Smørgrav
80a3cef87d Pseudofs take 2:
- Remove hardcoded uid, gid, mode from struct pfs_node; make pfs_getattr()
   smart enough to get it right most of the time, and allow for callbacks
   to handle the remaining cases.  Rework the definition macros to match.

 - Add lots of (conditional) debugging output.

 - Fix a long-standing bug inherited from procfs: don't pretend to be a
   read-only file system.  Instead, return EOPNOTSUPP for operations we
   truly can't support and allow others to fail silently.  In particular,
   pfs_lookup() now treats CREATE as LOOKUP.  This may need more work.

 - In pfs_lookup(), if the parent node is process-dependent, check that
   the process in question still exists.

 - Implement pfs_open() - its only current function is to check that the
   process opening the file can see the process it belongs to.

 - Finish adding support for writeable nodes.

 - Bump module version number.

 - Introduce lots of new bugs.
2001-09-29 00:49:29 +00:00
Dag-Erling Smørgrav
b4056ade84 The previous commit introduced some references to "curproc" which should have
been references to "curthread".  Correct this.
2001-09-28 12:36:54 +00:00
Robert Watson
f86cf763ef o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:18:26 +00:00
Bill Fenner
bd5b9e17b0 Fix (typo? pasteo?): panic("ffs_mountroot..." -> panic("ntfs_mountroot...") 2001-09-26 00:36:33 +00:00
Dag-Erling Smørgrav
8712e867e1 Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit.  This goes some way towards adding support for
writeable files (needed by procfs).
2001-09-25 13:25:30 +00:00
Mike Barcroft
3273a63ed9 A process name may contain whitespace and unprintable characters,
so convert those characters to octal notation.  Also convert
backslashes to octal notation to avoid confusion.

Reviewed by:	des
MFC after:	1 week
2001-09-25 04:42:40 +00:00
John Baldwin
bce94723a4 Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:26:51 +00:00
Robert Watson
3f9e888ebe o Remove redundant securelevel/pid1 check in procfs_rw() -- this
protection is enforced at the invidual method layer using
  p_candebug().

Obtained from:	TrustedBSD Project
2001-09-18 19:53:10 +00:00
Julian Elischer
7405406837 fix typo
pointed out by: jhb
2001-09-13 21:59:40 +00:00
John Baldwin
f1cbf4f92c Restore these files to being portable:
- Use some simple #define's at the top of the files for proc -> thread
  changes instead of having lots of needless #ifdef's in the code.
- Don't try to use struct thread in !FreeBSD code.
- Don't use a few struct lwp's in some of the NetBSD code since it isn't
  in their HEAD.
The new diff relative to before KSE is now signficantly smaller and easier
to maintain.
2001-09-12 23:39:36 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Kris Kennaway
bf61e26696 Fix some signed/unsigned integer confusion, and add bounds checking of
arguments to some functions.

Obtained from:	NetBSD
Reviewed by:	peter
MFC after:	2 weeks
2001-09-10 11:28:07 +00:00
Semen Ustimenko
cc6b9b02be Stole unicode translation table from mount_msdos. Add kernel code
to support this translation.

MFC after:	2 weeks
2001-09-08 23:03:52 +00:00
Semen Ustimenko
0895d6c389 Fix opening particular file's attributes (as described in man page).
This is useful for debug purposes.

MFC after:	2 weeks
2001-09-08 22:59:12 +00:00
Semen Ustimenko
ebcc9d9c8c Reference devvp on ntnode creation and dereference on removal. Previous
code  lead to page faults becouse i_devvp went zero after VOP_RECLAIM, but
ntnode was reused (not reclaimed).

MFC after:	2 weeks
2001-09-08 22:57:03 +00:00
Semen Ustimenko
831aac011e Fix errors and warnings when compiling with NTFS_DEBUG > 1
MFC after:	2 weeks
2001-09-08 22:53:27 +00:00
Andrey A. Chernov
159247784c smbfs_advlock: simplify overflow checks (copy from kern_lockf.c)
minor formatting issues to minimize differences
2001-08-29 18:59:04 +00:00
Andrey A. Chernov
fcbe9614ef Cosmetique & style fixes from bde 2001-08-26 10:28:58 +00:00
Andrey A. Chernov
5215e1ea12 Copy from kern_lockf.c: remove extra check 2001-08-24 10:22:16 +00:00
Andrey A. Chernov
2a31175b6e Copy yet one check for SEEK_END overflow 2001-08-23 17:12:42 +00:00
Andrey A. Chernov
ea4313e351 Copy my newly introduced l_len<0 'oops' fix from kern_lockf.c 2001-08-23 16:06:14 +00:00
Andrey A. Chernov
e3e2c03de3 Copy POSIX l_len<0 handling from kern_lockf.c 2001-08-23 15:44:24 +00:00
Andrey A. Chernov
bbf6984cec Cosmetique: correct English in comments
non-cosmetique: add missing break; - original code was broken here
2001-08-23 14:45:31 +00:00
Andrey A. Chernov
fb2f187058 Move <machine/*> after <sys/*>
Pointed by:	bde
2001-08-23 13:27:58 +00:00
Andrey A. Chernov
4779017439 adv. lock:
copy EOVERFLOW handling code from main variant
fix type of 'size' arg
2001-08-23 08:54:22 +00:00
Boris Popov
798bb23e93 Use proper endian conversion.
Obtained from:	Mac OS X
MFC after:		1 week
2001-08-21 08:27:47 +00:00
Boris Popov
3419dc99dd Return proper length of _PC_NAME_MAX value if long names support is enabled.
Obtained from:	Mac OS X
MFC after:	1 week
2001-08-21 08:25:09 +00:00
Poul-Henning Kamp
12d1aec26f linux ls fails on DEVFS /dev because linux_getdents fails because
linux_getdents uses VOP_READDIR( ..., &ncookies, &cookies ) instead of
     VOP_READDIR( ..., NULL, NULL ) because it seems to need the offsets for
     linux_dirent and sizeof(dirent) != sizeof(linux_dirent)...

PR:	29467
Submitted by:	Michael Reifenberger <root@nihil.plaut.de>
Reviewed by:	phk
2001-08-14 06:42:32 +00:00
Robert Watson
7d69e57088 Remove dangling prototype for the now defunct procfs_kmemaccess()
call.

Obtained from:	TrustedBSD Project
2001-08-03 17:51:05 +00:00
Robert Watson
436b89d434 Collapse a Pmem case in with the other debugging files case for procfs,
as there are now "unusual" protection properties to Pmem that differ
from the other files.  While I'm at it, introduce proc locking for
the other files, which was previously present only in the Pmem case.

Obtained from:	TrustedBSD Project
2001-08-03 17:20:34 +00:00
Robert Watson
57de737e82 Remove read permission for group on the /proc/*/mem file, since kmem
no longer requires access.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:15:40 +00:00
Robert Watson
f2e6be5865 Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group.  With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.

This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:13:23 +00:00
Assar Westerlund
ac01ecd9fb remove support for creating files and directories from msdosfs_mknod 2001-07-19 19:15:42 +00:00
John Baldwin
7063595315 Grab the process lock around psignal().
Noticed by:	tanimura
2001-07-18 19:17:36 +00:00
Robert Watson
a0f75161f9 o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx().
The p_can(...) construct was a premature (and, it turns out,
  awkward) abstraction.  The individual calls to p_canxxx() better
  reflect differences between the inter-process authorization checks,
  such as differing checks based on the type of signal.  This has
  a side effect of improving code readability.
o Replace direct credential authorization checks in ktrace() with
  invocation of p_candebug(), while maintaining the special case
  check of KTR_ROOT.  This allows ktrace() to "play more nicely"
  with new mandatory access control schemes, as well as making its
  authorization checks consistent with other "debugging class"
  checks.
o Eliminate "privused" construct for p_can*() calls which allowed the
  caller to determine if privilege was required for successful
  evaluation of the access control check.  This primitive is currently
  unused, and as such, serves only to complicate the API.

Approved by:	({procfs,linprocfs} changes) des
Obtained from:	TrustedBSD Project
2001-07-05 17:10:46 +00:00
John Baldwin
4a370459cc - Update the vmmeter statistics for vnode pageins and pageouts in
getpages/putpages.
- Use vm_page_undirty() instead of messing with pages' dirty fields
  directly.
2001-07-04 19:55:01 +00:00
Matthew Dillon
0cddd8f023 With Alfred's permission, remove vm_mtx in favor of a fine-grained approach
(this commit is just the first stage).  Also add various GIANT_ macros to
formalize the removal of Giant, making it easy to test in a more piecemeal
fashion. These macros will allow us to test fine-grained locks to a degree
before removing Giant, and also after, and to remove Giant in a piecemeal
fashion via sysctl's on those subsystems which the authors believe can
operate without Giant.
2001-07-04 16:20:28 +00:00
John Baldwin
797c3dba25 Fix a mntvnode and vnode interlock reversal. 2001-06-28 03:52:04 +00:00
John Baldwin
805d90f763 Protect the mnt_vnode list with the mntvnode lock. 2001-06-28 03:50:17 +00:00
Dag-Erling Smørgrav
56fe60b131 #if 0 out pfs_null() to silence the warning about it not being referenced. 2001-06-15 12:30:46 +00:00
Peter Wemm
70439d2750 Fix warning: 568: warning: `portal_badop' defined but not used 2001-06-15 00:38:03 +00:00
Peter Wemm
f14f48a226 Fix warning (exposed NetBSD code):
94: warning: `ntfs_bmap' declared `static' but never defined
2001-06-15 00:32:07 +00:00
Peter Wemm
e75a45be56 Fix warnings (mostly harmless, due to struct bio being embedded in buf):
738: warning: passing arg 1 of `biodone' from incompatible pointer type
745: warning: passing arg 1 of `biodone' from incompatible pointer type
2001-06-15 00:30:27 +00:00
Peter Wemm
42c187b77e Fix warning: 552: warning: `fdesc_badop' defined but not used 2001-06-15 00:27:21 +00:00