NULL, turn warning printf's into panic's, since this call has been
restructured such that a NULL cred would result in a page fault anyway.
There appears to be one case where NULL is explicitly passed in in the
sysctl code, and this is believed to be in error, so will be modified.
Securelevels now always require a credential context so that per-jail
securelevels are properly implemented.
Obtained from: TrustedBSD Project
Sponsored by: NAI Labs
Discussed with: bde
3c996B-T, with the 5701 rev B5 ASIC). One thing that confuses me
still is that the 'link state change' bit in the status block seems
to change state an awful lot. I have a workaround for this in place
now, but it needs more investigation. For the moment though, this
is enough to get the driver to work with this card.
made aware in jail environments. Supposedly something is broken, so
this should be backed out until further investigation proves otherwise,
or a proper fix can be provided.
This increases the number of concurrent outgoing connections from ~4000
to ~16000. Other OSes (Solaris, OS X, NetBSD) and many other NAT
products have already made this change without ill effects, so we
should not run into any problems.
MFC after: 1 week
method-based inter-process security checks. To do this, introduce
a new cr_seeotheruids(u1, u2) function, which encapsulates the
"see_other_uids" logic. Call out to this policy following the
jail security check for all of {debug,sched,see,signal} inter-process
checks. This more consistently enforces the check, and makes the
check easy to modify. Eventually, it may be that this check should
become a MAC policy, loaded via a module.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
soon because it's just getting harder and harder to find switches
that correctly implement the GET ALL NEXT subcommands for the SNS
protocol.
Latch up result out pointer and set a busy flag when we're looking
at the response queue. This allows for a cleaner way to make sure
we don't get multiple CPUs trying to read the same response queue
entries.
Change how isp_handle_other_response returns values (clarity).
Make PORT UNAVAILABLE the same as PORT LOGOUT (force a LIP).
Do some formatting changes.
MFC after: 0 days
Instead of caching the ucred reference, just go ahead and eat the
decerement and increment of the refcount. Now that Giant is pushed down
into crfree(), we no longer have to get Giant in the common case. In the
case when we are actually free'ing the ucred, we would normally free it on
the next kernel entry, so the cost there is not new, just in a different
place. This also removse td_cache_ucred from struct thread. This is
still only done #ifdef DIAGNOSTIC.
[ missed this file in the previous commit ]
Tested on: i386, alpha
Instead of caching the ucred reference, just go ahead and eat the
decerement and increment of the refcount. Now that Giant is pushed down
into crfree(), we no longer have to get Giant in the common case. In the
case when we are actually free'ing the ucred, we would normally free it on
the next kernel entry, so the cost there is not new, just in a different
place. This also removse td_cache_ucred from struct thread. This is
still only done #ifdef DIAGNOSTIC.
Tested on: i386, alpha
- Add a cred_free_thread() function (conditional on DIAGNOSTICS) that drops
a per-thread ucred reference to be used in debugging code when leaving
the kernel.
improvements.
1) If deleting an entry results in a chain of deleted slots ending in an
empty slot, then we can be a bit more aggressive about marking slots as
empty.
2) The last stage of the FNV hash is to xor the last byte of data
into the hash. This means that filenames which differ only in
the last byte will be placed close to one another in the hash
table, which forms longer chains. To work around this common
case, we also hash in the address of the dirhash structure.
news/cancel = news/articles/control/cancel for a tradspool inn server
squid2 = squid level 2 directory (dirs called 00->FF)
squid3 = squid level 3 directory (files called 00001F00->00001FFF)
mean #probes for
home dir mh inbox news/cancel tmp squid2 squid3
old successful 1.02 3.19 4.07 1.10 7.85 2.06
new successful 1.04 1.32 1.27 1.04 1.93 1.17
old unsuccessful 1.08 4.50 5.37 1.17 10.76 2.69
new unsuccessful 1.08 1.73 1.64 1.17 2.89 1.37
Reviewed by: iedowse
MFC after: 2 weeks
against users within a jail attempting to load kernel modules.
- Add a check of securelevel_gt() to vfs_mount() in order to chop some
low hanging fruit for the repair of securelevel checking of linking and
unlinking files from within jails. There is more to be done here.
Reviewed by: rwatson
to are about to expire. This prevents high packet rate flows from
experiencing packet drops at the sender following ARP cache entry
timeout.
PR: kern/25517
Reviewed by: luigi
MFC after: 7 days
use uint_%dt not u_int%dt
Avoid LL suffixed intergers where we can by using explicit casts.
(The last two I don't know how to avoid.)
Add an explanation why truncation rather than rounding is used.
Inspired by: bde
that causes a machine to panic when the kernel PPP / DEFLATE code is used.
1.11 moved a ZFREE to a point after the structural members were clobbered
by stores into a union'd structure.
This commit fixes the bug and adds a big whopping comment to make sure
the code isn't 'cleaned up' again :-)
Ian Dowse came up with the same patch independantly 68 seconds before I
did, talk about Karma!
I would also like to thank Eugene Grosbein for marathon work in tracking the
problem down by udpating his -stable based on date over and over again
to close in on the commit that caused his crashes.
PR: kern/35969
Reviewed by: Ian Dowse <iedowse@maths.tcd.ie>
X-MFC after: immediately
keep gcc-3.1+ happy:
ata-all.c:410: warning: deprecated use of label at end of compound statement
ata-all.c:587: warning: deprecated use of label at end of compound statement
ata-raid.c:99: warning: deprecated use of label at end of compound statement
ata-raid.c:151: warning: deprecated use of label at end of compound statement
a bit before handing it over to the OS. I occasionally have 11
segments with several 8K or so fragments depending on nvram settings and
what I have done under loader(8) before booting. This needs to be
revisited.
a language feature that I do not know about. gcc is complaining about
a left shift >= sizeof type, even when shifting a (cast) 64 bit type left
by 43 bits.
"env name=value ... cmd ..." is just a pessimized way of doing
"name=value ... cmd ..." in real shells. Set the environment
(without using env(1)) before starting xargs so that env(1)
is not needed in "xargs env name=value ... cmd ..."
than %u for printing signed 64-bit types. It fails on different machines,
and has the wrong signdness.
Fixed old printf format error on the same line. %u is not suitable for
printing 32-bit types on all machines.
"Fixed" format printf error in previous commit. This file is not
formatted in KNF. Partially restore bug for bug compatibility: indent
the printf args too much, but don't format them for 160-column terminals.
than %u for printing signed 64-bit types. It fails on different machines,
and has the wrong signdness.
Fixed old printf format error on the same line. %u is not suitable for
printing 32-bit types on all machines.
best path forward now is likely to change the lockmgr locks to simple
sleep mutexes, then see if any extra contention it generates is greater
than removed overhead of managing local locking state information,
cost of extra calls into lockmgr, etc.
Additionally, making the vm_map lock a mutex and respecting it properly
will put us much closer to not needing Giant magic in vm.
all the global bits of ``module'' data. This commit adds a few generic
macros, MOD_SLOCK, MOD_XLOCK, etc., that are meant to be used as ways
of accessing the SX lock. It is also the first step in helping to lock
down the kernel linker and module systems.
Reviewed by: jhb, jake, smp@
as it leaves the nullfs vnode allocated, but with no identity. The
effect is that a null mount can slowly accumulate all the vnodes
in the system, reclaiming them only when it is unmounted. Thus
the null_inactive state instead accelerates the release of the
null vnode by calling vrecycle which will in turn call the
null_reclaim operator. The null_reclaim routine then does the
freeing actions previosuly (incorrectly) done in null_inactive.
# sysctl net.link.ether.bdg_ipf=1
To enable. Just like ipfw(8) bridging, only input packets are filtered
in the bridge. Filtering works just like in the IP layer, ipf(8)
first, then ipfw(8). And just like in the IP layer, both are
independent, one need not be run to use the other. (Note: This will
not work in, but doesn't break, the bridge.ko module. The ipl.ko
module would need to be fixed before that is worth worrying about.)
Reviewed by: luigi
- Bootstrap pvo entries are now allocated by stealing pages.
- Just return if we're pmap_enter'ing a mapping that's already there. Don't
remove it and re-enter it.
modules split across several physical medias. Following is how it works:
The splitfs code, when asked to open "foo" looks for a file "foo.split"
which is a text file containing a list of filenames and media names, e.g.
foo.aa "Kernel floppy 1"
foo.ab "Kernel floppy 2"
foo.ac "Kernel and modules floppy"
For each file segment, the process is:
- try to open the file
- prompt "Insert the disk labelled <whatever> and press any key..."
- try to open the file
- return error if file could not be located
RE team is free to use this feature in the upcoming 5.0-DP1.
Reviewed by: msmith, dcs
lint, so this is turned off by default. Setting WANT_LINT will turn
on generation of lint libraries for /usr/libdata/lint/*.ln.
Reviewd by: silence in -audit.
the motivation for saving and restoring the map->hint in useracc() is gone.
(The same tests that motivated this change in revision 1.57 now show that
there is no performance loss from removing it.) This was really a hack and
some day we would have had to add new synchronization here on map->hint
to maintain it.
to copy the sigframe to the user's stack. Useracc() takes a non-trivial
amount of time. Eliminating it speeds up signal delivery by 15% or more.
o Update some comments.
Submitted by: bde
the user mappings from the tlb due to the context numbers rolling over. The
store to the internal mmu register must be followed by a membar #Sync before
much else happens to "avoid data corruption", so we use special inlines which
both disable interrupts and ensure that the compiler will not insert extra
instructions between the two. Also, load the tte tag and check if the context
is nucleus context, rather than relying on the priviledged bit which doesn't
actually serve any purpose in our design, and check the lock bit too for
sanity.
locking flags when acquiring a vnode. The immediate purpose is
to allow polling lock requests (LK_NOWAIT) needed by soft updates
to avoid deadlock when enlisting other processes to help with
the background cleanup. For the future it will allow the use of
shared locks for read access to vnodes. This change touches a
lot of files as it affects most filesystems within the system.
It has been well tested on FFS, loopback, and CD-ROM filesystems.
only lightly on the others, so if you find a problem there, please
let me (mckusick@mckusick.com) know.
pmap_qremove. pmap_kenter is not safe to use in MI code because it is not
guaranteed to flush the mapping from the tlb on all cpus. If the process
in question is preempted and migrates cpus between the call to pmap_kenter
and pmap_kremove, the original cpu will be left with stale mappings in its
tlb. This is currently not a problem for i386 because we do not use PG_G on
SMP, and thus all mappings are flushed from the tlb on context switches, not
just user mappings. This is not the case on all architectures, and if PG_G
is to be used with SMP on i386 it will be a problem. This was committed by
peter earlier as part of his fine grained tlb shootdown work for i386, which
was backed out for other reasons.
Reviewed by: peter
older PCI BIOSes hate this and this leads to panics when it is done. Also,
assume that a uniquely routed interrupt is already routed. This also
seems to help some older laptops with feable BIOSes cope.
o Add exerpimental support for identifying lucent cards. All of mine
come back with ID of 1, but NetBSD committed code for 5. So accept
both.
o rename wi_prism2_ver to wi_firmware_ver so that we could, if necessary,
do special things for lucent cards too.
o Bring in a small part of the changes from airtools: The wi_cmd function
now takes two additional arguments. I didn't bring in their ioctls yet.
o eliminate the use of LE16TOH, and remove its define.
o Print the firmware as if there were 100 versions instead of 10. This means
that 6.1 and 6.10 aren't confusing to people. We now print 6.01 in the
former case.
# A good junior hacker project would be to merge the NetBSD, FreeBSD, and
# OpenBSD drivers into one source base.
ohcivar.h (1.22), uhcivar.h (1.29):
============================================================
date: 2000/04/25 09:20:55; author: augustss;
Move the size of the mapped bus_space region into the bus
independent softc.
============================================================
ohci.c (1.88), uhci.c (1.112):
============================================================
date: 2000/04/25 14:28:13; author: augustss;
Insert (very conservative!) bus_space_barrier() calls at
all register accesses.
The bus_space(9) man page says you've gotta have them...
============================================================
usbdi.c (1.61):
===================================================================
revision 1.61
date: 2000/01/31 20:13:07; author: augustss; lines: +20 -4
Change the way the HC done method is invoked a little.
===================================================================
usbdi.c (1.65):
===================================================================
revision 1.65
date: 2000/03/08 15:34:10; author: augustss; lines: +4 -2
Get the status right when a polled transfer times out.
===================================================================
ohci.c (1.79), uhci.c (1.89), uhcivar.h (1.24), usb_port.h (1.22),
usbdivar.h (1.48):
===================================================================
date: 2000/03/23 07:01:46; author: thorpej;
New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
resource allocation.
- Insertion and removal of callouts is constant time, important as
this facility is used quite a lot in the kernel.
The old timeout()/untimeout() API has been removed from the kernel.
===================================================================
uhci.c (1.80), usbdi.c (1.66):
===================================================================
date: 2000/03/23 18:59:10; author: thorpej;
Shake out some bugs from the callout changes.
===================================================================
ohci.c (1.80), uhci.c (1.91), uhcivar.h (1.25), usb_port.h (1.23),
usbdi.c (1.67), usbdivar.h (1.49):
===================================================================
date: 2000/03/24 22:03:30; author: augustss;
Some cleanup and renaming of the callouts used in USB drivers.
===================================================================
uhci.c (1.92), uhcivar.h (1.26):
===================================================================
date: 2000/03/24 22:57:58; author: augustss;
Two major changes:
Make each xfer have its own intr_info. This is necessary if we want
to queue multiple xfers on an endpoint. This should get rid of the
(mostly harmless) DIAGNOSTICs about intr_infos (not) being done.
Change (again!) how xfers are aborted. Aborting a TD is a nightmare
on the braindead UHCI controller. (Unless you stop the HC, thereby
losing isoc traffic.) Hopefully I got it right this time.
===================================================================
usbdivar.h (1.50):
===================================================================
revision 1.50
date: 2000/03/25 00:10:19; author: augustss; lines: +4 -2
GC an unsued field and add some DIAGNOSTIC in xfer.
===================================================================
ums.c: Use the callout functions instead of the timeout ones.
uhci.c (1.93):
===================================================================
revision 1.93
date: 2000/03/25 00:11:21; author: augustss;
lines: +26 -1
Add more DIAGNOSTIC when aborting isoc.
===================================================================
uhci.c (1.94), usbdivar.h (1.51):
===================================================================
date: 2000/03/25 07:13:05; author: augustss;
More DIAGNOSTIC.
Initialize a callout handle I forgot.
===================================================================
uhci.c (1.95):
===================================================================
revision 1.95
date: 2000/03/25 07:23:12; author: augustss;
Exp; lines: +24 -7
Improve uhci_dump_ii().
===================================================================
ohci.c (1.81), uhci.c (1.96), uhcivar.h (1.27), usb_subr.c (1.68),
usbdi.c (1.68), usbdivar.h (1.52):
===================================================================
date: 2000/03/25 18:02:33; author: augustss;
Rename and move around callout handles to make it more sane.
Add some DIAGNOSTIC.
Fix buglet in isoc abort on UHCI.
===================================================================
uhci.c (1.98):
===================================================================
revision 1.98
date: 2000/03/27 07:39:48; author: augustss; lines: +12 -4
Make it compile without DIAGNOSTIC.
===================================================================
uhci.c (1.99):
===================================================================
revision 1.99
date: 2000/03/27 08:01:09; author: augustss; lines: +1 -5
Remove some debug nonsense.
===================================================================
uhci.c (1.100):
===================================================================
revision 1.100
date: 2000/03/27 09:41:36; author: augustss; lines: +13 -3
Don't mess with QH in bulk abort for the moment.
===================================================================
uhci.c (1.102):
===================================================================
revision 1.102
date: 2000/03/27 22:42:57; author: augustss; lines: +66 -26
Be a little more careful when aborting.
Preallocate some TDs for large buffers.
===================================================================
uhci.c (1.103):
===================================================================
date: 2000/03/28 09:47:10; author: augustss; lines: +11 -1
Another patch for xfer abort...
XXX The current xfer queueing and aborting semantics should really
XXX be changed. It cannot be implemented in a sane way on UHCI.
XXX One day when I have lots of time I'll redesign it...
===================================================================
uhci.c (1.104): Correct a debug message.
uhci.c (1.105): Be more defensive in a DIAGNOSTIC test.
uhci.c (1.106):
===================================================================
revision 1.106
date: 2000/03/29 01:49:13; author: augustss; lines: +14 -309
*SIGH* Revert back to the old method of aborting xfers.
I had tested the new stuff for two months now, but as soon as I commited
it the problems started to appear. Murphy, no doubt...
===================================================================
usb_subr.c (1.70), usbdi.c (1.71), usbdivar.h (1.53):
===================================================================
revision 1.70
date: 2000/03/29 01:45:20; author: augustss; lines: +2 -1
Do not accept new xfers for queuing while a pipe is aborting.
===================================================================
to put the device into 8 bit mode a second time. This appears to have
no ill effects on other devices, and appears to be necessary for the
xircom modem.
Submitted by: gwk@sgi.com, many others that found his patch in the archives.
The detection code in this method is written so that it should work on
all architectures which means that you can plug a Sun disk into a i386
now and access the partitions.
We still need an endian-agnostic ufs/ffs before this is really
interresting, but the main focus was to get sparc64 onto the GEOM
trail.
the bio and buffer structures to have daddr64_t bio_pblkno,
b_blkno, and b_lblkno fields which allows access to disks
larger than a Terabyte in size. This change also requires
that the VOP_BMAP vnode operation accept and return daddr64_t
blocks. This delta should not affect system operation in
any way. It merely sets up the necessary interfaces to allow
the development of disk drivers that work with these larger
disk block addresses. It also allows for the development of
UFS2 which will use 64-bit block addresses.
kern/kern_descrip.c:
Aquire Giant in fdrop_locked when file refcount hits zero, this removes
the requirement for the caller to own Giant for the most part.
kern/kern_ktrace.c:
Aquire Giant in ktrgenio, simplifies locking in upper read/write syscalls.
kern/vfs_bio.c:
Aquire Giant in bwillwrite if needed.
kern/sys_generic.c
Giant pushdown, remove Giant for:
read, pread, write and pwrite.
readv and writev aren't done yet because of the possible malloc calls
for iov to uio processing.
kern/sys_socket.c
Grab giant in the socket fo_read/write functions.
kern/vfs_vnops.c
Grab giant in the vnode fo_read/write functions.
Missed a place where the pipe sleep lock was needed in order to safely grab
Giant, fix it and add an assertion to make sure this doesn't happen again.
Fix typos in the PIPE_GET_GIANT/PIPE_DROP_GIANT that could cause the
wrong mutex to get passed to PIPE_LOCK/PIPE_UNLOCK.
Fix a location where the wrong pipe was being passed to
PIPE_GET_GIANT/PIPE_DROP_GIANT.
lose if a process is preempted while pmap is temporarily switched to
another pmap.
* For SMP, drop the high-fp state when a thread is switched away from
so that if another cpu resumes that thread, it doesn't have to play
games with IPI to get ahold of the correct register values.
* Don't call ast() from interrupt() - if we switch, then we will miss
writing cr.eoi which will prevent the current cpu from receiving
interrupts until the current thread is resumed. The call to ast()
happens magically in exception_restore where it is safe.
* Add DDB 'show irq' command to examine interrupt hardware state.
* Use ptc.g instead of ptc.l so that TLB shootdowns are broadcast to the
coherence domain.
* Use smp_rendezvous for pmap_invalidate_all to ensure it happens on all
cpus.
* Dike out a DIAGNOSTIC printf which didn't compile.
* Protect the internals of pmap_install with cpu_critical_enter/exit.
Problem:
selwakeup required calling pfind which would cause lock order
reversals with the allproc_lock and the per-process filedesc lock.
Solution:
Instead of recording the pid of the select()'ing process into the
selinfo structure, actually record a pointer to the thread. To
avoid dereferencing a bad address all the selinfo structures that
are in use by a thread are kept in a list hung off the thread
(protected by sellock). When a selwakeup occurs the selinfo is
removed from that threads list, it is also removed on the way out
of select or poll where the thread will traverse its list removing
all the selinfos from its own list.
Problem:
Previously the PROC_LOCK was used to provide the mutual exclusion
needed to ensure proper locking, this couldn't work because there
was a single condvar used for select and poll and condvars can
only be used with a single mutex.
Solution:
Introduce a global mutex 'sellock' which is used to provide mutual
exclusion when recording events to wait on as well as performing
notification when an event occurs.
Interesting note:
schedlock is required to manipulate the per-thread TDF_SELECT
flag, however if given its own field it would not need schedlock,
also because TDF_SELECT is only manipulated under sellock one
doesn't actually use schedlock for syncronization, only to protect
against corruption.
Proc locks are no longer used in select/poll.
Portions contributed by: davidc
While doing this, move it earlier in the sysinit boot process so that the
VM system can use it.
After that, the system is now able to use sx locks instead of lockmgr
locks in the VM system. To accomplish this, some of the more
questionable uses of the locks (such as testing whether they are
owned or not, as well as allowing shared+exclusive recursion) are
removed, and simpler logic throughout is used so locks should also be
easier to understand.
This has been tested on my laptop for months, and has not shown any
problems on SMP systems, either, so appears quite safe. One more
user of lockmgr down, many more to go :)
