Don't panic if a resource is allocated twice. Instead, print a warning and
fail the allocation request. Allocations of "reserved" resources such as
PCI BARs already fail the request instead of panic'ing in this case.
Prepare fget_unlocked for reading fd table only once.
Some capsicum functions accept fdp + fd and lookup fde based on that.
Add variants which accept fde.
===============================
Add sequence counters with memory barriers.
Current implementation is somewhat simplistic and hackish,
will be improved later after possible memory barrier overhaul.
===============================
Plug capability races.
fp and appropriate capability lookups were not atomic, which could result in
improper capabilities being checked.
This could result either in protection bypass or in a spurious ENOTCAPABLE.
Make fp + capability check atomic with the help of sequence counters.
===============================
Put and #ifdef _KERNEL around the #include for opt_capsicum.h to
hopefully allow the build to finish after r272505.
===============================
filedesc: fix up breakage introduced in 272505
Include sequence counter supports incoditionally [1]. This fixes reprted build
problems with e.g. nvidia driver due to missing opt_capsicum.h.
Replace fishy looking sizeof with offsetof. Make fde_seq the last member in
order to simplify calculations.
===============================
Keep struct filedescent comments within 80-char limit.
===============================
seq_t needs to be visible to userspace
In kern_linkat() and kern_renameat(), do not call namei(9) while
holding a write reference on the filesystem. Try to get write
reference in unblocked way after all vnodes are resolved; if failed,
drop all locks and retry after waiting for suspension end.
Fix up proc_realparent to always return correct process.
Prior to the change it would always return initproc for non-traced processes.
This fixes a regression in inferior().
Approved by: re (marius)
Keep tty_makedev as a function to preserve the KBI on 10-stable
(it is a macro in CURRENT). The changes for this are direct
commits to 10-stable.
r259549 (glebius):
- Rename tty_makedev() into tty_makedevf() and make it capable
to fail and return error.
- Use make_dev_p() in tty_makedevf() instead of make_dev_cred().
- Always pass MAKEDEV_CHECKNAME flag.
- Optionally pass MAKEDEV_REF flag.
- Provide macro for compatibility with old API.
This fixes races with simultaneous creation and desctruction of
ttys, and makes it possible to call tty_makedevf() from device
cloners.
A race in tty_watermarks() still exist, since the latter drops
lock for M_WAITOK allocation. This will be addressed in separate
commit.
r259663 (glebius):
Move list of ttys handling from the allocating procedures, to the
device creation stage. A device creation can fail, and in that case
an entry already on the list will be freed.
KBI issue pointed out by: kib
Reviewed by: kib (KBI addition)
Approved by: re (kib)
SVN revisions in this MFC:
269779 270705 270706 271180 271250 271253 271682 271684
Detailed commit list:
r269779:
fbd: Fix a bug where vt_fb_attach() success would be considered a failure
vt_fb_attach() currently always returns 0, but it could return a code
defined in errno.h. However, it doesn't return a CN_* code. So checking
its return value against CN_DEAD (which is 0) is incorrect, and in this
case, a success becomes a failure.
The consequence was unimportant, because the caller (drm_fb_helper.c)
would only log an error message in this case. The console would still
work.
Approved by: nwhitehorn
r270705:
vt(4): Add cngrab() and cnungrab() callbacks
They are used when a panic occurs or when entering a DDB session for
instance.
cngrab() forces a vt-switch to the console window, no matter if the
original window is another terminal or an X session. However, cnungrab()
doesn't vt-switch back to the original window currently.
r270706:
drm: Don't "taskqueue" vt-switch if under DDB/panic situation
If DDB is active, we can't use a taskqueue thread to switch away from
the X window, because this thread can't run.
Reviewed by: ray@
Approved by: ray@
r271180:
vt_vga: vd_setpixel_t and vd_drawrect_t are noop in text mode
r271250:
vt(4): Change the terminal and buffer sizes, even without a font
This fixes a bug where scroll lock would not work for tty #0 when using
vt_vga's textmode. The reason was that this window is created with a
static 256x100 buffer, larger than the real size of 80x25.
Now, in vt_change_font() and vt_compute_drawable_area(), we still
perform operations even of the window has no font loaded (this is the
case in textmode here vw->vw_font == NULL). One of these operation
resizes the buffer accordingly.
In vt_compute_drawable_area(), we take the terminal size as is (ie.
80x25) for the drawable area.
The font argument to vt_set_border() is removed (it was never used) and
the code now uses the computed drawable area instead of re-doing its own
calculation.
Reported by: Harald Schmalzbauer <h.schmalzbauer_omnilan.de>
Tested by: Harald Schmalzbauer <h.schmalzbauer_omnilan.de>
r271253:
pause_sbt(): Take the cold path (ie. use DELAY()) if KDB is active
This fixes a panic in the i915 driver when one uses debug.kdb.enter=1
under vt(4).
PR: 193269
Reported by: emaste@
Submitted by: avg@
r271682:
vt(4): Fix a LOR which occurs during a call to vt_upgrade()
Reported by: kib@
Review: https://reviews.freebsd.org/D785
Reviewed by: ray@
Approved by: ray@
r271684:
vt(4): Use vt_fb_drawrect() and vt_fb_setpixel() in all vt_fb-derivative
Review: https://reviews.freebsd.org/D789
Reviewed by: nwhitehorn
Approved by: nwhitehorn
Approved by: re (gjb)
Add couple memory barriers to order tdq_cpu_idle and tdq_load accesses.
This change fixes transient performance drops in some of my benchmarks,
vanishing as soon as I am trying to collect any stats from the scheduler.
It looks like reordered access to those variables sometimes caused loss of
IPI_PREEMPT, that delayed thread execution until some later interrupt.
Approved by: re (marius)
Avoid unlocking unlocked mutex in RCTL jail code. Specific test case
is attached to PR.
PR: 193457
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Use a unit number allocator to provide suitable st_dev and st_ino values
for POSIX shared memory descriptors. The implementation is similar to
that used for pipes.
Approved by: re (gjb for 10)
Delay the return from thread_single(SINGLE_EXIT) until all threads are
really destroyed by thread_stash() after the last switch out.
MFC r271007:
Retire thread_unthread().
MFC r271008:
Style.
Approved by: re (marius)
Restore pre-r239157 handling of sched_yield(), when thread time slice
was aborted, allowing other threads to run. Without this change thread
is just rescheduled again, that was illustrated by provided test tool.
PR: 192926
Submitted by: eric@vangyzen.net
Approved by: re (marius)
r268158: Prefer vt(4) for UEFI boot
The UEFI framebuffer driver vt_efifb requires vt(4), so add a
mechanism for the startup routine to set the preferred console.
This change is ugly because console init happens very early in the
boot, making a cleaner interface difficult. This change is intended
only to facilitate the sc(4) / vt(4) transition, and can be reverted
once vt(4) is the default.
r268160: Fix typos in VTY constant names from r268158
r268982: Don't pass null kmdp to preload_search_info
On Xen PVH guests kmdp == NULL.
Sponsored by: The FreeBSD Foundation
Bring in the new automounter, similar to what's provided in most other
UNIX systems, eg. MacOS X and Solaris. It uses Sun-compatible map format,
has proper kernel support, and LDAP integration.
There are still a few outstanding problems; they will be fixed shortly.
Reviewed by: allanjude@, emaste@, kib@, wblock@ (earlier versions)
Phabric: D523
Relnotes: yes
Sponsored by: The FreeBSD Foundation
Re-instate UMA cached backend for 4K - 64K allocations. New consumers
like geli(4) uses malloc(9) to allocate temporary buffers that gets
free'ed shortly, causing frequent TLB shootdown as observed in hwpmc
supported flame graph.
Add a new loader tunable, vm.kmem_zmax which allows a system administrator
to limit the maximum allocation size that malloc(9) would consider using
the UMA cache allocator as backend.
Ensure that sigaction flags for signal, which disposition is reset to
ignored or default, are not leaking.
MFC r270504:
Revert the handling of all siginfo sa_flags except SA_SIGINFO to the
pre-r270321 state.
Implement and use proc_realparent(9).
MFC r270024 (by markj):
Correct the order of arguments passed to LIST_INSERT_AFTER().
For merge, the p_treeflag member of struct proc was moved to the end
of the structure, to keep KBI intact.
Fix an overflow in getsockopt(). optval isn't big enough to hold
sbintime_t.
Re-introduce r255030 behaviour capping socket timeouts to INT_32
if they're too large.
Add support for multi-threading of soft updates.
Replace a single soft updates thread with a thread per FFS-filesystem
mount point. The threads are associated with the bufdaemon process.
Reviewed by: kib
Tested by: Peter Holm and Scott Long
MFC after: 2 weeks
Sponsored by: Netflix
MFC of 269853 (by kib):
Revision r269457 removed the Giant around mount and unmount code, but
r269533, which was tested before r269457 was committed, implicitely
relied on the Giant to protect the manipulations of the softdepmounts
list. Use softdep global lock consistently to guarantee the list
structure now.
Insert the new struct mount_softdeps into the softdepmounts only after
it is sufficiently initialized, to prevent softdep_speedup() from
accessing bare memory. Similarly, remove struct mount_softdeps for
the unmounted filesystem from the tailq before destroying structure
rwlock.
Reported and tested by: pho
Reviewed by: mckusick
Sponsored by: The FreeBSD Foundation
Cosmetic changes to unp_internalize
Don't throw away the result of fget_unlocked.
Move fdp increment to for loop to make it consistent with similar code
elsewhere.
r264114 by davidxu:
Fix SIGIO delivery. Use fsetown() to handle file descriptor owner
ioctl and use pgsigio() to send SIGIO.
r264310 by davidxu:
Add kqueue support for devctl.
r268570:
Clear nonblock and async on devctl close instaed of open.
This is a purely cosmetic change.
proc exit: don't take PROC_LOCK while freeing rlimits
Code wishing to check rlimits of some process should check whether it
is exiting first, which current consumers do.
Avoid relocking filedesc lock when closing fds during fdp destruction.
Don't call bzero nor fdunused from fdfree for such cases. It would do
unnecessary work and complain that the lock is not taken.
=======
Don't zero fd_nfiles during fdp destruction.
Code trying to take a look has to check fd_refcnt and it is 0 by that time.
This is a follow up to r268505, without this the code would leak memory for
tables bigger than the default.
Perform a lockless check in sigacts_shared.
It is used only during execve (i.e. singlethreaded), so there is no fear
of returning 'not shared' which soon becomes 'shared'.
While here reorganize the code a little to avoid proc lock/unlock in
shared case.
Split up sys_ktimer_getoverrun() into a sys_ and a kern_ variant
and export the kern_ version needed by an upcoming linuxolator change.
Sponsored by: DARPA,AFRL
