Commit Graph

622 Commits

Author SHA1 Message Date
Marcel Moolenaar
6d408d58d0 Update for the KDB framework:
o  Make debugging code conditional upon KDB instead of DDB.
2004-07-10 21:21:55 +00:00
Poul-Henning Kamp
e3c5a7a4dd When we traverse the vnodes on a mountpoint we need to look out for
our cached 'next vnode' being removed from this mountpoint.  If we
find that it was recycled, we restart our traversal from the start
of the list.

Code to do that is in all local disk filesystems (and a few other
places) and looks roughly like this:

		MNT_ILOCK(mp);
	loop:
		for (vp = TAILQ_FIRST(&mp...);
		    (vp = nvp) != NULL;
		    nvp = TAILQ_NEXT(vp,...)) {
			if (vp->v_mount != mp)
				goto loop;
			MNT_IUNLOCK(mp);
			...
			MNT_ILOCK(mp);
		}
		MNT_IUNLOCK(mp);

The code which takes vnodes off a mountpoint looks like this:

	MNT_ILOCK(vp->v_mount);
	...
	TAILQ_REMOVE(&vp->v_mount->mnt_nvnodelist, vp, v_nmntvnodes);
	...
	MNT_IUNLOCK(vp->v_mount);
	...
	vp->v_mount = something;

(Take a moment and try to spot the locking error before you read on.)

On a SMP system, one CPU could have removed nvp from our mountlist
but not yet gotten to assign a new value to vp->v_mount while another
CPU simultaneously get to the top of the traversal loop where it
finds that (vp->v_mount != mp) is not true despite the fact that
the vnode has indeed been removed from our mountpoint.

Fix:

Introduce the macro MNT_VNODE_FOREACH() to traverse the list of
vnodes on a mountpoint while taking into account that vnodes may
be removed from the list as we go.  This saves approx 65 lines of
duplicated code.

Split the insmntque() which potentially moves a vnode from one mount
point to another into delmntque() and insmntque() which does just
what the names say.

Fix delmntque() to set vp->v_mount to NULL while holding the
mountpoint lock.
2004-07-04 08:52:35 +00:00
Bruce Evans
82d8695afb Fixed misformatting of code and breaking of a comment in previous commit. 2004-06-20 03:36:31 +00:00
Bruce Evans
addc95fee3 Fixed misformatting in previous commit. 2004-06-20 03:34:21 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Warner Losh
f36cfd49ad Remove advertising clause from University of California Regent's
license, per letter dated July 22, 1999 and email from Peter Wemm,
Alan Cox and Robert Watson.

Approved by: core, peter, alc, rwatson
2004-04-07 20:46:16 +00:00
Poul-Henning Kamp
4d453ef101 Properly vector all bwrite() and BUF_WRITE() calls through the same path
and s/BUF_WRITE()/bwrite()/ since it now does the same as bwrite().
2004-03-11 18:02:36 +00:00
Poul-Henning Kamp
2b348f7429 Remove unused mnt_reservedvnlist field. 2004-03-11 16:59:57 +00:00
Poul-Henning Kamp
651b11eaf2 Remove unused second arg to vfinddev().
Don't call addaliasu() on VBLK nodes.
2004-03-11 16:33:11 +00:00
Tim J. Robbins
3722550aa6 Enforce the file size limit in VOP_WRITE() as well as VOP_TRUNCATE();
pointed out by bde.
2004-02-19 09:06:06 +00:00
Tim J. Robbins
ba122e68e0 Add partial support for large (>4GB) files on ext2 filesystems. This
support is partial in that it will refuse to create large files on
filesystems that haven't been upgraded to EXT2_DYN_REV or that don't
have the EXT2_FEATURE_RO_COMPAT_LARGE_FILE flag set in the superblock.

MFC after:	2 weeks
2004-02-18 14:08:25 +00:00
Bruce Evans
053791db10 Fixed misspellings of "ext2_*" as "ufs_*" and " "ext2fs_*", and of
"independent" as "dependent" Fixed some other relatively minor wording
and formatting errors.
2004-02-15 08:19:42 +00:00
Bruce Evans
175aef1cdb Removed support for the unsupported option READONLY. It just forced
dishonoring of requests for read-write mounts.
2004-02-15 07:15:58 +00:00
Bruce Evans
2211aa126a MFffs (ffs_vfsops.c 1.76 (part of the big soft updates commit): lock
the vnode around calls to vinvalbuf()).  Apparently no one has tested
ext2fs with DEBUG_VOP_LOCKS.  Vnode locking for vinvalbuf() might not
be required in non-soft-updates cases, but it is now asserted.

MFffs (uncommitted related and nearby cleanups: don't unlock the vnode
after vinvalbuf() only to have to relock it almost immediately; don't
refer to devices classified by vn_isdisk() as block devices).
2004-02-13 20:23:16 +00:00
Bruce Evans
e7a4845084 Fixed longstanding brokenness of inode updates. The waitfor flag was
dishonored in rev.1.1 by commenting out the code that honored it.  This
gave the worst disadvantages of async mounts in an uncontrollable way.

Honoring the flag costs about 50% in real time in worst cases on a new
but not very fast ATA drive with write caching (probably more on drives
without write caching).  The old misbehavior can be recovered using
async mounts after implementing them in mount_ext2fs(8) (just put the
MNT_ASYNC flag in mount_ext2fs's table of supported options like it
is in mount's table).
2004-02-13 17:49:03 +00:00
Bruce Evans
67406320ff MFffs (ffs_vfsops.c 1.227: clean up open mode bandaid). This reduces
gratuitous differences with ffs a little.
2004-02-12 17:54:58 +00:00
John Baldwin
91d5354a2c Locking for the per-process resource limits structure.
- struct plimit includes a mutex to protect a reference count.  The plimit
  structure is treated similarly to struct ucred in that is is always copy
  on write, so having a reference to a structure is sufficient to read from
  it without needing a further lock.
- The proc lock protects the p_limit pointer and must be held while reading
  limits from a process to keep the limit structure from changing out from
  under you while reading from it.
- Various global limits that are ints are not protected by a lock since
  int writes are atomic on all the archs we support and thus a lock
  wouldn't buy us anything.
- All accesses to individual resource limits from a process are abstracted
  behind a simple lim_rlimit(), lim_max(), and lim_cur() API that return
  either an rlimit, or the current or max individual limit of the specified
  resource from a process.
- dosetrlimit() was renamed to kern_setrlimit() to match existing style of
  other similar syscall helper functions.
- The alpha OSF/1 compat layer no longer calls getrlimit() and setrlimit()
  (it didn't used the stackgap when it should have) but uses lim_rlimit()
  and kern_setrlimit() instead.
- The svr4 compat no longer uses the stackgap for resource limits calls,
  but uses lim_rlimit() and kern_setrlimit() instead.
- The ibcs2 compat no longer uses the stackgap for resource limits.  It
  also no longer uses the stackgap for accessing sysctl's for the
  ibcs2_sysconf() syscall but uses kernel_sysctl() instead.  As a result,
  ibcs2_sysconf() no longer needs Giant.
- The p_rlimit macro no longer exists.

Submitted by:	mtm (mostly, I only did a few cleanups and catchups)
Tested on:	i386
Compiled on:	alpha, amd64
2004-02-04 21:52:57 +00:00
Tim J. Robbins
3215f33192 Copy workaround from FFS: open device for write access even if
the user requests a read-only mount. This is necessary because we
don't do the VOP_OPEN again if they upgrade a read-only mount to
read-write.

Noticed by:	bde
2004-01-24 08:43:06 +00:00
Alexander Kabaev
6bd39fe978 Spell magic '16' number as IO_SEQSHIFT. 2004-01-19 20:03:43 +00:00
David E. O'Brien
076fcd1776 This commit was generated by cvs2svn to compensate for changes in r124361,
which included commits to RCS files with non-trunk default branches.
2004-01-11 03:34:02 +00:00
David E. O'Brien
fbee6927b8 Vendor import emu10k1.h from version 1.0.1 of the ALSA driver.
ftp://ftp.alsa-project.org/pub/driver/alsa-driver-1.0.1.tar.bz2
  or http://www.alsa-project.org/alsa/cvs/alsa-kernel/include/emu10k1.h
2004-01-11 03:34:02 +00:00
David E. O'Brien
2511c244ad Sync with Creative's 8010.h rev 1.51. 2004-01-09 06:38:11 +00:00
David E. O'Brien
a554deb2a8 Dike out some very Linux-specific parts that we can't compile with.
Also protect AC97_MUTE which is also defined in our own ac97.h.
2004-01-09 05:08:32 +00:00
David E. O'Brien
fca6c85647 Vendor import revision 1.9 of ac97_codec.h (we renamed the file) from
http://cvs.sourceforge.net/viewcvs.py/emu10k1/emu10k1/ac97_codec.h
2004-01-09 05:05:04 +00:00
David E. O'Brien
03adcebca3 This commit was generated by cvs2svn to compensate for changes in r124273,
which included commits to RCS files with non-trunk default branches.
2004-01-09 05:05:04 +00:00
Bruce Evans
6e347ed298 Fixed a reference to a nonexistent variable in previous commit. Renaming
of ffs_reload()'s mountp parameter to mp in rev.1.28 of ffs_vnops.c
had not been merged here.

ext2fs_reload() is still missing locking from not merging other changes
to ffs_reload(), but none of these is related to recent locking changes.
2003-11-05 11:56:58 +00:00
Alexander Kabaev
ca430f2e92 Remove mntvnode_mtx and replace it with per-mountpoint mutex.
Introduce two new macros MNT_ILOCK(mp)/MNT_IUNLOCK(mp) to
operate on this mutex transparently.

Eventually new mutex will be protecting more fields in
struct mount, not only vnode list.

Discussed with: jeff
2003-11-05 04:30:08 +00:00
Marcel Moolenaar
63e69c75fb Remove alpha-bitops.h now that it's unused. It's in the attic if
we want it again.
2003-11-03 07:10:53 +00:00
Alexander Kabaev
45d45c6cde Use VOP_UNLOCK/vrele instead of vput. td was erecived as a parameter
and one cannot be sure it is equal to curthread.
2003-11-03 04:46:19 +00:00
Alexander Kabaev
cb9ddc80ae Take care not to call vput if thread used in corresponding vget
wasn't curthread, i.e. when we receive a thread pointer to use
as a function argument. Use VOP_UNLOCK/vrele in these cases.

The only case there td != curthread known at the moment is
boot() calling sync with thread0 pointer.

This fixes the panic on shutdown people have reported.
2003-11-02 04:52:53 +00:00
Alexander Kabaev
492c1e68fb Temporarily undo parts of the stuct mount locking commit by jeff.
It is unsafe to hold a mutex across vput/vrele calls.

This will be redone when a better locking strategy is agreed upon.

Discussed with: jeff
2003-11-01 05:51:54 +00:00
Marcel Moolenaar
3c6441a736 Fix the alpha tinderbox. The alpha specific bitops used by the bitmap
code has the typical branch prediction detour, which creates cross-
section branches. A LINT kernel is apparently large enough nowadays
that the .text and .text2 sections cannot always be layed-out so that
branches between them reach.
The fix is to stop using the alpha-specific bitops and instead use
the portable implementation used by all platforms other than alpha
and i386.
2003-10-29 07:35:53 +00:00
Poul-Henning Kamp
2c18019f14 DuH!
bp->b_iooffset (the spot on the disk), not bp->b_offset (the offset in
the file)
2003-10-18 14:10:28 +00:00
Poul-Henning Kamp
60efe2c932 Initialize bp->b_offset before calling VOP_[SPEC]STRATEGY() 2003-10-18 11:08:04 +00:00
Jeff Roberson
6acdfd69be - File systems that wish to inspect the vnode contents or their private
v_data field before calling vget/vn_lock must check VI_XLOCK manually to
   be sure that v_data is still valid.  Implement this check in two places
   here.
2003-10-05 06:43:03 +00:00
Jeff Roberson
fcde834c1f - Don't cache_purge() in ext2_reclaim. vclean() does it for us so
this is redundant.
2003-10-05 02:44:22 +00:00
Jeff Roberson
80cd3a0804 - Don't use vrecycle() call vgonel() directly after grabing the vnode
interlock.  We do this so that we still hold the interlock when we lock
   the vnode later.  This prevents races with the mnt vnode list.
2003-10-04 16:09:40 +00:00
Jeff Roberson
7637e5854b - Clean-up comments that refer to the use of B_LOCKED. 2003-08-28 00:56:39 +00:00
Jeff Roberson
7abc12de03 - In LCK_BUF() simply change the owner of the buf to the kernel.
- In ULCK_BUF we no longer need to acquire the lock, just write the buf out.
 - The combination of these changes eliminates one more use of B_LOCKED which
   is in the way of making the buffer cache SMP safe.  In the long term
   ext2fs should probably not try to optimize the use of their metadata bufs
   with a private cache.  This will starve the rest of the system for buffers
   in the extreme case.

Discussed with:	bde (A long time ago..)
Tested on:	md disk/x86
2003-08-28 00:52:23 +00:00
Marcel Moolenaar
cc56683de7 Change of plans: Add ext2_bitops.h with generic and portable
implementations. Use those on platforms that don't have MD
headers. Remove the ia64 MD header. We're going to use the C
implementation there.

Suggested by: bde
2003-08-25 01:39:47 +00:00
Marcel Moolenaar
fcf18c7375 Add compilation support for extfs on ia64, primarily to support LINT.
The functions in ia64-bitops.h merely call panic() for now. They need
to be implemented some day, just not today.
2003-08-23 03:58:11 +00:00
Poul-Henning Kamp
a8d43c90af Add a "int fd" argument to VOP_OPEN() which in the future will
contain the filedescriptor number on opens from userland.

The index is used rather than a "struct file *" since it conveys a bit
more information, which may be useful to in particular fdescfs and /dev/fd/*

For now pass -1 all over the place.
2003-07-26 07:32:23 +00:00
Peter Wemm
a35b33869d Initiate de-orbit burn for fpu-less operation. 386+387 is still
theoretically supportable, but you'd really be happier with FreeBSD 2.1.8
on it.
2003-07-22 08:11:17 +00:00
Poul-Henning Kamp
cefb5754dd Add the same KASSERT to all VOP_STRATEGY and VOP_SPECSTRATEGY implementations
to check that the buffer points to the correct vnode.
2003-06-15 18:53:00 +00:00
Poul-Henning Kamp
7652131bee Initialize struct vfsops C99-sparsely.
Submitted by:   hmp
Reviewed by:	phk
2003-06-12 20:48:38 +00:00
David E. O'Brien
dfbebb8f61 Vendor import emu10k1.h from version 0.9.4 of the ALSA driver (which
includes some needed Audigy support).  This can be found at
ftp://ftp.alsa-project.org/pub/driver/alsa-driver-0.9.4.tar.bz2
and http://www.alsa-project.org/alsa/cvs/alsa-kernel/include/emu10k1.h
2003-06-07 20:54:30 +00:00
David E. O'Brien
1021f44ab9 This commit was generated by cvs2svn to compensate for changes in r115990,
which included commits to RCS files with non-trunk default branches.
2003-06-07 20:54:30 +00:00
Poul-Henning Kamp
5eed219cef Remove extra ';'
Found by:       FlexeLint
2003-05-31 18:52:38 +00:00
David E. O'Brien
318444e86f Vendor import revision 1.8 of ac97_codec.h (we renamed the file) from
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/emu10k1/emu10k1/ac97_codec.h
2003-04-21 02:27:52 +00:00
David E. O'Brien
915dbb90f2 This commit was generated by cvs2svn to compensate for changes in r113778,
which included commits to RCS files with non-trunk default branches.
2003-04-21 02:27:52 +00:00
David E. O'Brien
b18e94c0ba Vendor import revision 1.51 of 8010.h (we renamed the file) from
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/emu10k1/emu10k1/8010.h.
This includes some Audigy support.
2003-04-18 04:17:08 +00:00
David E. O'Brien
aca6bb0d8c Sync with Creative's 8010.h rev 1.39. 2003-04-18 04:13:38 +00:00
David E. O'Brien
11e9b2d70a Vendor import revision 1.39 of 8010.h (we renamed the file) from
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/emu10k1/emu10k1/8010.h.
Rev 1.39 best matches our rev 1.3.
2003-04-18 03:57:22 +00:00
John Baldwin
8804bf6b03 Use local struct proc variables to reduce repeated td->td_proc dereferences
and improve readability.
2003-04-17 22:02:47 +00:00
Jeff Roberson
f5f0dee483 - Lock the buf before clearing flags. 2003-03-13 07:07:16 +00:00
Jeff Roberson
7261f5f68e - Add a new 'flags' parameter to getblk().
- Define one flag GB_LOCK_NOWAIT that tells getblk() to pass the LK_NOWAIT
   flag to the initial BUF_LOCK().  This will eventually be used in cases
   were we want to use a buffer only if it is not currently in use.
 - Convert all consumers of the getblk() api to use this extra parameter.

Reviwed by:	arch
Not objected to by:	mckusick
2003-03-04 00:04:44 +00:00
Nate Lawson
99648386d3 Finish cleanup of vprint() which was begun with changing v_tag to a string.
Remove extraneous uses of vop_null, instead defering to the default op.
Rename vnode type "vfs" to the more descriptive "syncer".
Fix formatting for various filesystems that use vop_print.
2003-03-03 19:15:40 +00:00
Dag-Erling Smørgrav
8994a245e0 Clean up whitespace, s/register //, refrain from strong urge to ANSIfy. 2003-03-02 15:56:49 +00:00
Dag-Erling Smørgrav
c952458814 uiomove-related caddr_t -> void * (just the low-hanging fruit) 2003-03-02 15:50:23 +00:00
Jeff Roberson
17661e5ac4 - Add an interlock argument to BUF_LOCK and BUF_TIMELOCK.
- Remove the buftimelock mutex and acquire the buf's interlock to protect
   these fields instead.
 - Hold the vnode interlock while locking bufs on the clean/dirty queues.
   This reduces some cases from one BUF_LOCK with a LK_NOWAIT and another
   BUF_LOCK with a LK_TIMEFAIL to a single lock.

Reviewed by:	arch, mckusick
2003-02-25 03:37:48 +00:00
David E. O'Brien
71655cc2c9 This commit was generated by cvs2svn to compensate for changes in r111368,
which included commits to RCS files with non-trunk default branches.
2003-02-23 21:58:31 +00:00
David E. O'Brien
e242322ffe Import Linux's linux/include/asm-sparc64/bitopts.h.
This is taken from the 2.4.3 Linux sources as shipped on Red Hat 7.1 Alpha.
2003-02-23 21:58:31 +00:00
David E. O'Brien
068bd9b1d9 Import Linux's linux/include/asm-sparc64/bitopts.h.
This is taken from the 2.4.3 Linux sources as shipped on Red Hat 7.1 Alpha.
2003-02-23 21:58:31 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Jeff Roberson
c10a177610 - Use the new vop_stdfsync instead of recreating our own. 2003-02-09 12:28:51 +00:00
Poul-Henning Kamp
a439334437 Use VOP_SPECSTRATEGY() instead of VOP_STRATEGY(). 2003-01-28 21:46:21 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Poul-Henning Kamp
c6e3ae999b Since Jeffr made the std* functions the default in rev 1.63 of
kern/vfs_defaults.c it is wrong for the individual filesystems to use
the std* functions as that prevents override of the default.

Found by:       src/tools/tools/vop_table
2003-01-04 08:47:19 +00:00
Poul-Henning Kamp
862702306b Convert calls to BUF_STRATEGY to VOP_STRATEGY calls. This is a no-op since
all BUF_STRATEGY did in the first place was call VOP_STRATEGY.
2003-01-03 06:32:15 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Jens Schweikhardt
d64ada501a Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.
2002-12-30 21:18:15 +00:00
Bruce Evans
eb5b0bc42e MFufs 1.33:
In the 'found' case for ext2_lookup() the underlying bp's data was
    being accessed after the bp had been releaed.  A simple move of the
    brelse() solves the problem.

The PR reports that this caused panics running the GDB testsuite unless
NO_GEOM is configured.

PR:		44060
Reported by:	Mark Kettenis <kettenis@chello.nl>
MFC after:	3 days
2002-10-18 21:41:41 +00:00
Poul-Henning Kamp
3899c8a38f Be consistent about functions being static.
Fix misindentation.

Spotted by:	DARPA & NAI Labs.
2002-10-16 10:14:34 +00:00
Kirk McKusick
a5b65058d5 Regularize the vop_stdlock'ing protocol across all the filesystems
that use it. Specifically, vop_stdlock uses the lock pointed to by
vp->v_vnlock. By default, getnewvnode sets up vp->v_vnlock to
reference vp->v_lock. Filesystems that wish to use the default
do not need to allocate a lock at the front of their node structure
(as some still did) or do a lockinit. They can simply start using
vn_lock/VOP_UNLOCK. Filesystems that wish to manage their own locks,
but still use the vop_stdlock functions (such as nullfs) can simply
replace vp->v_vnlock with a pointer to the lock that they wish to
have used for the vnode. Such filesystems are responsible for
setting the vp->v_vnlock back to the default in their vop_reclaim
routine (e.g., vp->v_vnlock = &vp->v_lock).

In theory, this set of changes cleans up the existing filesystem
lock interface and should have no function change to the existing
locking scheme.

Sponsored by:	DARPA & NAI Labs.
2002-10-14 03:20:36 +00:00
Jeff Roberson
431886406c - Lock access to the buf lists.
- Use vrefcnt() where appropriate.
2002-09-25 02:34:56 +00:00
Don Lewis
fa288043e2 VOP_FSYNC() requires that it's vnode argument be locked, which nfs_link()
wasn't doing.  Rather than just lock and unlock the vnode around the call
to VOP_FSYNC(), implement rwatson's suggestion to lock the file vnode
in kern_link() before calling VOP_LINK(), since the other filesystems
also locked the file vnode right away in their link methods.  Remove the
locking and and unlocking from the leaf filesystem link methods.

Reviewed by:	rwatson, bde  (except for the unionfs_link() changes)
2002-09-19 13:32:45 +00:00
Nate Lawson
86ed6d45ac Remove any VOP_PRINT that redundantly prints the tag.
Move lockmgr_printinfo() into vprint() for everyone's benefit.

Suggested by: bde
2002-09-18 20:42:04 +00:00
Nate Lawson
06be2aaa83 Remove all use of vnode->v_tag, replacing with appropriate substitutes.
v_tag is now const char * and should only be used for debugging.

Additionally:
1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK
2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which
is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.

Suggested by:   phk
Reviewed by:    bde, rwatson (earlier version)
2002-09-14 09:02:28 +00:00
Bruce Evans
d3a7b5e70e vfs_syscalls.c:
Changed rename(2) to follow the letter of the POSIX spec.  POSIX
requires rename() to have no effect if its args "resolve to the same
existing file".  I think "file" can only reasonably be read as referring
to the inode, although the rationale and "resolve" seem to say that
sameness is at the level of (resolved) directory entries.

ext2fs_vnops.c, ufs_vnops.c:
Replaced code that gave the historical BSD behaviour of removing one
link name by checks that this code is now unreachable.  This fixes
some races.  All vnodes needed to be unlocked for the removal, and
locking at another level using something like IN_RENAME was not even
attempted, so it was possible for rename(x, y) to return with both x
and y removed even without any unlink(2) syscalls (one process can
remove x using rename(x, y) and another process can remove y using
rename(y, x)).

Prodded by:	alfred
MFC after:	8 weeks
PR:		42617
2002-09-10 11:09:13 +00:00
Robert Watson
9ca435893b In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
Robert Watson
c08b677fb5 Pass IO_NOMACCHECK to vn_rdwr() in the following checks to prevent
enforcement of MAC policy on the read or write operations:

- In ext2fs, don't enforce MAC on loop-back reads and writes supporting
  directory read operations in lookup(), directory modifications in
  rename(), directory write operations in mkdir(), symlink write
  operations in symlink().

- In the NFS client locking code, perform vn_rdwr() on the NFS locking
  socket without enforcing MAC, since the write is done on behalf of
  the kernel NFS implementation rather than the user process.

- In UFS, don't enforce MAC on loop-back reads and writes supporting
  directory read operations in lookup(), and symlink write operations
  in symlink().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-12 16:43:04 +00:00
Jeff Roberson
e6e370a7fe - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
Ian Dowse
efdc5c8a0f Use hashdestroy() now that it exists. 2002-06-30 03:01:44 +00:00
Peter Wemm
e8aef1d3b5 Use suword16/fuword16 instead of susword/fusword - this has two different
definitions so far.. 16 bit on x86 and appears to be 32 bit on sparc64.
Be explicit to avoid suprises.
2002-06-20 07:23:08 +00:00
Maxime Henrion
ad841cb9b2 Convert ext2fs to nmount(2). 2002-05-24 17:38:01 +00:00
Ian Dowse
6a681d9a3c Add an ext2_uninit() routine that undoes the actions performed by
ext2_init(). This permits the ext2fs module to be unloaded without
causing panics and leaking memory.
2002-05-18 22:18:17 +00:00
Ian Dowse
ca305f613f Fix two off-by-one errors when sanity-checking inode numbers. In
ext2fs, inode numbers start at 1, so the maximum valid inode number
is (s_inodes_per_group * s_groups_count), not one less. This is
just a minimal change to avoid unnecessary panics and errors; some
other related bugs that Bruce Evans mentioned to me are not addressed.

Reviewed by:	bde (ages ago)
2002-05-18 21:33:07 +00:00
Ian Dowse
39e24f84ac Use explicitly-sized types where necessary to make ext2fs work again
after the change to a 64-bit daddr_t.
2002-05-18 19:12:38 +00:00
Ian Dowse
79af20a81c Give ext2fs its own static "dirchk" variable instead of using ufs's
variable. Make this accessible as the sysctl vfs.e2fs.dirchk.
2002-05-16 20:53:04 +00:00
Ian Dowse
13a263882f Remove register keyword. 2002-05-16 19:43:28 +00:00
Ian Dowse
9504abaad7 Complete the separation of ext2fs from ufs by copying the remaining
shared code and converting all ufs references. Originally it may
have made sense to share common features between the two filesystems,
but recently it has only caused problems, the UFS2 work being the
final straw.

All UFS_* indirect calls are now direct calls to ext2_* functions,
and ext2fs-specific mount and inode structures have been introduced.
2002-05-16 19:08:03 +00:00
Ian Dowse
cf6b7c4adc Following a repo-copy from src/sys/ufs/ufs, rename functions and
structures etc. to ext2fs-specific names, and remove ufs-specific
code that is no longer required. As a first stage, the code will
still convert back and forth between the on-disk format and struct
inode, so the struct dinode fields have been added to struct inode
for now.

Note that these files are not yet connected to the build.
2002-05-14 17:14:01 +00:00
Poul-Henning Kamp
98b0c78978 Make daddr_t and u_daddr_t 64bits wide.
Retire daddr64_t and use daddr_t instead.

Sponsored by:	DARPA & NAI Labs.
2002-05-14 11:09:43 +00:00
Bruce Evans
a8fae7e580 Fixed syntax errors (tokens after #endif). 2002-05-13 12:55:30 +00:00
Bruce Evans
a10e4c9532 Fixed syntax errors (garbage after #endif; just editing errors in this
case).  These errors and related style bugs swere cloned from ufs
shortly after they were committed to ufs.  They were mostly fixed in
ufs long ago.
2002-05-13 12:39:46 +00:00
Poul-Henning Kamp
05f4ff5da1 Remove register keyword.
Sponsored by:	DARPA & NAI Labs.
Submitted by:	mckusick
2002-05-13 09:22:31 +00:00
Poul-Henning Kamp
7110af7577 ARGH! SBLOCK is not unused. Try to get this right.
BBSIZE belongs in <sys/disklabel.h> (but shouldn't be a constant).

Define SBLOCK again, using the right math.

Sponsored by: DARPA & NAI Labs.
2002-05-12 20:21:40 +00:00
Poul-Henning Kamp
7cb71b749c Remove #define for BBOFF, it is assumed == 0 so many places that we might
as well forget about it.  In fact the only thing which used it was the
SBOFF macro.

Sponsored by: DARPA & NAI Labs.
2002-05-12 20:00:21 +00:00
Poul-Henning Kamp
16910634dd Remove unused BBLOCK and SBLOCK #defines.
Sponsored by: DARPA & NAI Labs.
2002-05-12 19:56:31 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00