123500 Commits

Author SHA1 Message Date
phk
6d14bcd43f Overlooked that src.conf was built from here. 2006-04-01 18:34:30 +00:00
phk
7b5362e652 Have WITHOUT_BIND_MTREE imply WITHOUT_BIND_ETC 2006-04-01 18:11:42 +00:00
rwatson
9fa0587a55 White space consistency with kasserts. Minor style tweaks.
MFC after:	3 months
2006-04-01 16:54:37 +00:00
rwatson
5078a28ae8 Update TCP for infrastructural changes to the socket/pcb refcount model,
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, the receive
  code no longer requires the pcbinfo lock, and the send code only
  requires it if building a new connection on an otherwise unconnected
  socket triggered via sendto() with an address.  This should
  significnatly reduce tcbinfo lock contention in the receive and send
  cases.

- In order to support the invariant that so_pcb != NULL, it is now
  necessary for the TCP code to not discard the tcpcb any time a
  connection is dropped, but instead leave the tcpcb until the socket
  is shutdown.  This case is handled by setting INP_DROPPED, to
  substitute for using a NULL so_pcb to indicate that the connection
  has been dropped.  This requires the inpcb lock, but not the pcbinfo
  lock.

- Unlike all other protocols in the tree, TCP may need to retain access
  to the socket after the file descriptor has been closed.  Set
  SS_PROTOREF in tcp_detach() in order to prevent the socket from being
  freed, and add a flag, INP_SOCKREF, so that the TCP code knows whether
  or not it needs to free the socket when the connection finally does
  close.  The typical case where this occurs is if close() is called on
  a TCP socket before all sent data in the send socket buffer has been
  transmitted or acknowledged.  If INP_SOCKREF is found when the
  connection is dropped, we release the inpcb, tcpcb, and socket instead
  of flagging INP_DROPPED.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Annotate the existence of a long-standing race in the TCP timer code,
  in which timers are stopped but not drained when the socket is freed,
  as waiting for drain may lead to deadlocks, or have to occur in a
  context where waiting is not permitted.  This race has been handled
  by testing to see if the tcpcb pointer in the inpcb is NULL (and vice
  versa), which is not normally permitted, but may be true of a inpcb
  and tcpcb have been freed.  Add a counter to test how often this race
  has actually occurred, and a large comment for each instance where
  we compare potentially freed memory with NULL.  This will have to be
  fixed in the near future, but requires is to further address how to
  handle the timer shutdown shutdown issue.

- Several TCP calls no longer potentially free the passed inpcb/tcpcb,
  so no longer need to return a pointer to indicate whether the argument
  passed in is still valid.

- Un-macroize debugging and locking setup for various protocol switch
  methods for TCP, as it lead to more obscurity, and as locking becomes
  more customized to the methods, offers less benefit.

- Assert copyright on tcp_usrreq.c due to significant modifications that
  have been made as part of this work.

These changes significantly modify the memory management and connection
logic of our TCP implementation, and are (as such) High Risk Changes,
and likely to contain serious bugs.  Please report problems to the
current@ mailing list ASAP, ideally with simple test cases, and
optionally, packet traces.

MFC after:	3 months
2006-04-01 16:36:36 +00:00
phk
7f0301fd6c Make WITHOUT_DYNAMICROOT=foo work again: remember to reference
libbsdxml and libsbuf.
2006-04-01 16:34:45 +00:00
rwatson
a7c2bca553 Update in_pcb-derived basic socket types following changes to
pru_abort(), pru_detach(), and in_pcbdetach():

- Universally support and enforce the invariant that so_pcb is
  never NULL, converting dozens of unnecessary NULL checks into
  assertions, and eliminating dozens of unnecessary error handling
  cases in protocol code.

- In some cases, eliminate unnecessary pcbinfo locking, as it is no
  longer required to ensure so_pcb != NULL.  For example, in protocol
  shutdown methods, and in raw IP send.

- Abort and detach protocol switch methods no longer return failures,
  nor attempt to free sockets, as the socket layer does this.

- Invoke in_pcbfree() after in_pcbdetach() in order to free the
  detached in_pcb structure for a socket.

MFC after:	3 months
2006-04-01 16:20:54 +00:00
rwatson
71cc03392b Break out in_pcbdetach() into two functions:
- in_pcbdetach(), which removes the link between an inpcb and its
  socket.

- in_pcbfree(), which frees a detached pcb.

Unlike the previous in_pcbdetach(), neither of these functions will
attempt to conditionally free the socket, as they are responsible only
for managing in_pcb memory.  Mirror these changes into in6_pcbdetach()
by breaking it into in6_pcbdetach() and in6_pcbfree().

While here, eliminate undesired checks for NULL inpcb pointers in
sockets, as we will now have as an invariant that sockets will always
have valid so_pcb pointers.

MFC after:	3 months
2006-04-01 16:04:42 +00:00
rwatson
173781a39a In raw and raw-derived socket types, maintain and enforce invariant that
the so_pcb pointer on the socket is always non-NULL.  This eliminates
countless unnecessary error checks, replacing them with assertions.

MFC after:	3 months
2006-04-01 15:55:44 +00:00
ume
5965562ffe fix indent. 2006-04-01 15:53:39 +00:00
rwatson
5479e5d692 Chance protocol switch method pru_detach() so that it returns void
rather than an error.  Detaches do not "fail", they other occur or
the protocol flags SS_PROTOREF to take ownership of the socket.

soclose() no longer looks at so_pcb to see if it's NULL, relying
entirely on the protocol to decide whether it's time to free the
socket or not using SS_PROTOREF.  so_pcb is now entirely owned and
managed by the protocol code.  Likewise, no longer test so_pcb in
other socket functions, such as soreceive(), which have no business
digging into protocol internals.

Protocol detach routines no longer try to free the socket on detach,
this is performed in the socket code if the protocol permits it.

In rts_detach(), no longer test for rp != NULL in detach, and
likewise in other protocols that don't permit a NULL so_pcb, reduce
the incidence of testing for it during detach.

netinet and netinet6 are not fully updated to this change, which
will be in an upcoming commit.  In their current state they may leak
memory or panic.

MFC after:	3 months
2006-04-01 15:42:02 +00:00
rwatson
68ff3be0b3 Annotate uses of fgetsock() with indications that they should rely
on their existing file descriptor references to sockets, rather than
use fgetsock() to retrieve a direct socket reference.

MFC after:	3 months
2006-04-01 15:25:01 +00:00
rwatson
8622e776f9 Change protocol switch pru_abort() API so that it returns void rather
than an int, as an error here is not meaningful.  Modify soabort() to
unconditionally free the socket on the return of pru_abort(), and
modify most protocols to no longer conditionally free the socket,
since the caller will do this.

This commit likely leaves parts of netinet and netinet6 in a situation
where they may panic or leak memory, as they have not are not fully
updated by this commit.  This will be corrected shortly in followup
commits to these components.

MFC after:      3 months
2006-04-01 15:15:05 +00:00
brueffer
6b3805592d Convert the SYNOPSIS section to look like the ones used in other driver
manpages, mention module support.

MFC after:	3 days
2006-04-01 11:21:00 +00:00
rwatson
cbb87d3f67 Add comment to accept1() that it should use getsock() instead of fgetsock()
to avoid additional mutex operations, and also to avoid use of soref/sorele
which are now not preferred.

MFC after:	3 months
2006-04-01 11:14:56 +00:00
rwatson
53d8847cf3 Mark fgetsock() and fputsock() as depcrecated: callers should rely on
the file descriptor reference, rather than paying additional lock
operations to acquire a socket reference from the file descriptor.
This will also help to ensure that file descriptor based socket
requests are not delivered to a socket after close.  Most consumers
have already been converted to this model.

MFC after:	3 months
2006-04-01 11:09:54 +00:00
brueffer
952b01bba9 Convert the SYNOPSIS section to look like the ones used in other driver
manpages, mention module support.
Also add the crypto and cryptodev devices as the drivers are kind of useless
without them.

MFC after:	3 days
2006-04-01 10:56:36 +00:00
brueffer
1621c9cdaa Convert the SYNOPSIS section to look like the ones used in other driver
manpages.

MFC after:	3 days
2006-04-01 10:55:00 +00:00
rwatson
7f08bc3477 Add a comment describing SS_PROTOREF in detail. This will eventually be
in socket(9).

MFC after:	3 months
2006-04-01 10:54:51 +00:00
rwatson
b7a0ed6a86 Assert so->so_pcb is NULL in sodealloc() -- the protocol state should not
be present at this point.  We will eventually remove this assert because
the socket layer should never look at so_pcb, but for now it's a useful
debugging tool.

MFC after:	3 months
2006-04-01 10:45:52 +00:00
rwatson
67815b8633 Add a somewhat sizable comment documenting the semantics of various kernel
socket calls relating to the creation and destruction of sockets.  This
will eventually form the foundation of socket(9), but is currently in too
much flux to do so.

MFC after:	3 months
2006-04-01 10:43:02 +00:00
brueffer
296027ed52 Convert the SYNOPSIS section to look like the ones used in other driver
manpages.  Don't mention the include file, it's not important for the
operation of this driver.

MFC after:	3 days
2006-04-01 10:37:35 +00:00
brueffer
7426a2a8f4 Add a standard boilerplate to the SYNOPSIS section that mentions how
to load a kernel module.

MFC after:	3 days
2006-04-01 10:10:36 +00:00
brueffer
83cdc2ae52 Mention the module in the synopsis. 2006-04-01 09:55:37 +00:00
mjacob
75222e0f67 Fix some of the previus changes 'better'.
There's something strange going on with async events. They seem
to be be treated differently for different Fusion implementations.
Some will really tell you when it's okay to free the request that
started them.  Some won't. Very disconcerting.

This is particularily bad when the chip (FC in this case) tells you
in the reply that it's not a continuation reply, which means you
can free the request that its associated with. However, if you do
that, I've found that additional async event replies come back for
that message context after you freed it. Very Bad Things Happen.

Put in a reply register debounce. Warn about out of range context
indices. Use more MPILIB defines where possible. Replace bzero with
memset. Add tons more KASSERTS. Do a *lot* more request free list
auditting and serial number usages. Get rid of the warning about
the short IOC Facts Reply.  Go back to 16 bits of context index.

Do a lot more target state auditting as well. Make a tag out
of not only the ioindex but the request index as well and worry
less about keeping a full serial number.
2006-04-01 07:12:18 +00:00
marcel
4769ea007e Build the scc(4) module with EBus and SBus attachments for sparc64
only and build the scc(4) module with MacIO attachment for powerpc.
2006-04-01 04:54:47 +00:00
marcel
79ffa0f57b Add the MacIO attachment for scc(4). 2006-04-01 04:53:08 +00:00
marcel
cb5c5e62f7 Add a MacIO bus attachment. The Z8530 as present in the Mac needs
a different register shift and is fed by a different clock than
we use for UltraSPARC hardware. To deal with this, the regshft and
rclk fields in the class structure are removed and bus frontends
now pass the right regshft and rclk to the probe function where
they're put in the BAS and passed in to subordinate drivers.
2006-04-01 04:51:56 +00:00
deischen
db7df4904a Add __gdtoa to the list of FreeBSD private symbols. Unfortunately,
this is used by some 3rd party applications when {e,f,g}cvt() are
not found.  POSIX defines the xcvt() funtions but says they are
deprecated in favor or sprintf().  We'll import these functions
from OpenBSD and remove __gdtoa() from the exported interfaces
when libc version is bumped.
2006-04-01 02:56:09 +00:00
jeff
9fb762d231 - Busy the filesystem in nfs_statfs to prevent us from creating a new
vnode after vflush() has succeeded.  This would cause a dangling vnode
   panic at unmount time otherwise.  Other filesystems may have this problem
   via their VFS_VGET() routines.

Found by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-04-01 01:15:23 +00:00
jeff
db0836bdc3 - Add an assert to vgone. It is illegal to call vgone without a reference
to the vnode.  Without a reference the vnode will never be vdestroy'd
   and the memory will never be reclaimed.

Sponsored by:	Isilon Systems, Inc.
2006-03-31 23:39:26 +00:00
jeff
e943e141d5 - When there are dangling vnodes at unmount print them before we panic.
Sponsored by:	Isilon Systems, Inc.
2006-03-31 23:38:15 +00:00
jeff
158187fcb0 - Add a bogus vhold/vdrop around vgone() in devfs_revoke. Without this
the vnode is never recycled.  It is bogus because the reference really
   should be associated with the devfs dirent.
2006-03-31 23:37:29 +00:00
emax
f245d640bb Add kbdmux(4) to GENERIC on amd64
Requested by:	scottl
Tested by:	scottl
2006-03-31 23:04:48 +00:00
marcel
ba3b8f1ee2 Fix cut-n-paste braino in previous commit: s/puc/scc/g
Pointy hat: marcel@
2006-03-31 21:55:53 +00:00
scottl
9b1a80ce37 Remove the USB keyboard hack now that KBDMUX is enabled by default. Allow
it to be disabled if Safe Mode is selected.
2006-03-31 21:36:17 +00:00
emax
bce2a6b523 Add kbdmux(4) to GENERIC
Requested by:	scottl
2006-03-31 19:03:37 +00:00
marcel
af78fcb5cc Add a DRIVER_MODULE declaration for fhc(4) as this attachement is
also used for the FHC bus.

Pointed out by: marius@
2006-03-31 17:39:49 +00:00
ru
f41f274b63 Sort bootstrap-tools entries. 2006-03-31 14:10:35 +00:00
julian
44c3768939 Amazing.. two screwups in one commit.
I'm piling on thise pointy hats on top of each other.
At least they nest..
2006-03-31 12:54:17 +00:00
julian
bce212e4e5 I can't believe that no-one noticed that I broke ipfw table del
for over a month!
put {}  around if clause with multiple statements
2006-03-31 12:40:09 +00:00
ariff
063f9c01c6 MEGA Fixes / Cleanup
--------------------

- Seal the fate of long standing memory leak (4 years, 7 months) during
  pcm_unregister(). While destroying cdevs, scan / detect possible
  children and free its SLIST placeholder properly.
- Optimize channel allocation / numbering even further. Do brute cyclic
  checking only if the channel numbering screwed.
- Mega vchan create/destroy cleanup:
  o Implement pcm_setvchans() so everybody can use it freely instead
    of implementing their own, be it through sysctl or channel auto
    allocation.
  o Increase vchan creation/destruction resiliency:
    + it's possible to increase/decrease total vchans even during
      busy playback/recording. Busy channel will be left alone, untouched.
      Abusive test sample:
      # play whatever...
      #
         while : ; do
           sysctl hw.snd.pcm0.vchans=1
           sysctl hw.snd.pcm0.vchans=10
           sysctl hw.snd.pcm0.vchans=100
           sysctl hw.snd.pcm0.vchans=200
         done
      # Play something else, leave above loop running frantically.
    + Seal another 4 years old bug where it is possible to destroy (virtual)
      channel even when its cdevs being referenced by other process.
      The "First Come First Served" nature of dsp_clone() is the main
      culprit of this issue, and usually manifest itself as dangling
      channel <-> process association. Ensure that all of its cdevs
      are free from being referenced before destroying it (through
      ORPHAN_CDEVT() macross).

All these fixes (including previous fixes) will be MFCed, later.
2006-03-31 10:36:36 +00:00
ariff
1aa8a677cc - Increase snddev refcount earlier while accessing through sysctl interface
to avoid possible device unregister race (impossible to reproduce, yet
  possible).
- Extra sanity check to ensure proper parent channel is being selected.
- Reset parent channel once all of its children gone.
2006-03-31 10:27:47 +00:00
sos
69fb696b65 Make the ATAPI sense data accessible when using the ioctl interface
MFC candidate.
2006-03-31 08:09:05 +00:00
jeff
32b1878006 - Release the references acquired by VOP_GETWRITEMOUNT and vfs_getvfs().
Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:54:20 +00:00
jeff
b9e82e7fef - Hold a reference from the time vfs_busy starts until vfs_unbusy is
called.
 - vfs_getvfs has to return a reference to prevent the returned mountpoint
   from changing identities.
 - Release references acquired via vfs_getvfs.

Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:53:25 +00:00
jeff
d018a9a820 - GETWRITEMOUNT now returns a referenced mountpoint to prevent its
identity from changing.  This is possible now that mounts are not freed.

Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:52:24 +00:00
jeff
1a43943ef6 - Allocate mounts from a uma zone that uses UMA_ZONE_NOFREE to prevent
mount memory from being reclaimed.  This resolves a number of race
   conditions described in vfs_default.c and introduced with the
   VFS_LOCK_GIANT macros.
 - Let the mtx and lock remain valid after the mount structure has been
   freed by using init and fini calls.  Technically fini will never be
   called but is included for completeness.
 - Consistently use lockmgr directly rather than lockmgr to lock and
   vfs_unbusy to unlock.

Discussed with:	tegge
Tested by:	kris
Sponsored by:	Isilon Systems, Inc.
2006-03-31 03:49:51 +00:00
jeff
316b7aa6fb - Define mnt_startzero and mnt_endzero as a range that excludes mnt_mtx
and mnt_lock so that the mountpoint can be explicitly zeroed on
   creation.

Discussed with: tegge
Tested by:      kris
Sponsored by:   Isilon Systems, Inc.
2006-03-31 03:49:16 +00:00
jeff
73f46586c6 - LK_RETRY means nothing when passed to VOP_LOCK. Call vn_lock instead.
- Move the vn_lock of the dvp until after we've unbusied the filesystem
   to avoid a LOR with the mount point lock.
 - In the v_mountedhere while loop we acquire a new instance of giant each
   time through without releasing the first.  This would cause us to leak
   Giant.

Sponsored by:	Isilon Systems, Inc.
2006-03-31 02:59:23 +00:00
jeff
2086f279cf - Add the B_NEEDSGIANT flag which is only set if the vnode that owns a buf
requires Giant.  It is set in bgetvp and cleared in brelvp.
 - Create QUEUE_DIRTY_GIANT for dirty buffers that require giant.
 - In the buf daemon, only grab giant when processing QUEUE_DIRTY_GIANT and
   only if we think there are buffers in that queue.

Sponsored by:	Isilon Systems, Inc.
2006-03-31 02:56:30 +00:00