Commit Graph

12083 Commits

Author SHA1 Message Date
Peter Wemm
43151ee6cf Merge user/peter/kinfo branch as of r185547 into head.
This changes struct kinfo_filedesc and kinfo_vmentry such that they are
same on both 32 and 64 bit platforms like i386/amd64 and won't require
sysctl wrapping.

Two new OIDs are assigned.  The old ones are available under
COMPAT_FREEBSD7 - but it isn't that simple.  The superceded interface
was never actually released on 7.x.

The other main change is to pack the data passed to userland via the
sysctl.  kf_structsize and kve_structsize are reduced for the copyout.
If you have a process with 100,000+ sockets open, the unpacked records
require a 132MB+ copyout.  With packing, it is "only" ~35MB.  (Still
seriously unpleasant, but not quite as devastating).  A similar problem
exists for the vmentry structure - have lots and lots of shared libraries
and small mmaps and its copyout gets expensive too.

My immediate problem is valgrind.  It traditionally achieves this
functionality by parsing procfs output, in a packed format.  Secondly, when
tracing 32 bit binaries on amd64 under valgrind, it uses a cross compiled
32 bit binary which ran directly into the differing data structures in 32
vs 64 bit mode.  (valgrind uses this to track file descriptor operations
and this therefore affected every single 32 bit binary)

I've added two utility functions to libutil to unpack the structures into
a fixed record length and to make it a little more convenient to use.
2008-12-02 06:50:26 +00:00
Alexander Kabaev
97df383415 Invoke _rtld_atfork_post earlier, before we reinitialize rtld locks
by switching into single-thread mode.

libthr ignores broken use of lock bitmaps used by default rtld locking
implementation, this in turn turns lock handoff in _rtld_thread_init
into NOP. This in turn makes child processes of forked multi-threaded
programs to run with _thr_signal_block still in effect, with most
signals blocked.

Reported by: phk, kib
2008-12-01 21:00:25 +00:00
Giorgos Keramidas
a294460257 The times(3) function returns the number of CLK_TCKs since the
startup time of FreeBSD, not since the UNIX Epoch.

PR:		docs/122359
Submitted by:	Viktor Štujber
MFC after:	1 week
2008-12-01 15:27:00 +00:00
Ruslan Ermilov
e95f37bb69 Fix fread() to return a correct value on platforms where sizeof(int) !=
sizeof(size_t), i.e. on all 64-bit platforms.

Reported by:	Andrey V. Elsukov
MFC after:	3 days
2008-12-01 14:33:34 +00:00
Jason Evans
d7ba3e423a Fix a lock order reversal bug that could cause deadlock during fork(2).
Reported by:	kib
2008-12-01 10:20:59 +00:00
Ivan Voras
1a2bea865b It's silly to claim recv(2) is to be removed in favour of recvfrom(2)
(at least at this time :) ).

Approved by:	gnn (mentor)
2008-11-30 21:40:01 +00:00
Jason Evans
17daa728ae Adjust an assertion to handle the case where a lock is contested, but
spinning is avoided due to running on a single-CPU system.

Reported by:	stefanf
2008-11-30 19:30:31 +00:00
Jason Evans
93e34865fa Do not spin when trying to lock on a single-CPU system.
Reported by:	davidxu
2008-11-30 05:55:24 +00:00
Konstantin Belousov
e711c6f0d1 Unlock the malloc() locks in the child process after fork(). This gives
us working malloc in the fork child of the multithreaded process.

Although POSIX requires that only async-signal safe functions shall be
operable after fork in multithreaded process, not having malloc lower
the quality of our implementation.

Tested by:	rink
Discussed with:	kan, davidxu
Reviewed by:	kan
MFC after:	1 month
2008-11-29 21:46:28 +00:00
Bjoern A. Zeeb
413628a7e3 MFp4:
Bring in updated jail support from bz_jail branch.

This enhances the current jail implementation to permit multiple
addresses per jail. In addtion to IPv4, IPv6 is supported as well.
Due to updated checks it is even possible to have jails without
an IP address at all, which basically gives one a chroot with
restricted process view, no networking,..

SCTP support was updated and supports IPv6 in jails as well.

Cpuset support permits jails to be bound to specific processor
sets after creation.

Jails can have an unrestricted (no duplicate protection, etc.) name
in addition to the hostname. The jail name cannot be changed from
within a jail and is considered to be used for management purposes
or as audit-token in the future.

DDB 'show jails' command was added to aid debugging.

Proper compat support permits 32bit jail binaries to be used on 64bit
systems to manage jails. Also backward compatibility was preserved where
possible: for jail v1 syscalls, as well as with user space management
utilities.

Both jail as well as prison version were updated for the new features.
A gap was intentionally left as the intermediate versions had been
used by various patches floating around the last years.

Bump __FreeBSD_version for the afore mentioned and in kernel changes.

Special thanks to:
- Pawel Jakub Dawidek (pjd) for his multi-IPv4 patches
  and Olivier Houchard (cognet) for initial single-IPv6 patches.
- Jeff Roberson (jeff) and Randall Stewart (rrs) for their
  help, ideas and review on cpuset and SCTP support.
- Robert Watson (rwatson) for lots and lots of help, discussions,
  suggestions and review of most of the patch at various stages.
- John Baldwin (jhb) for his help.
- Simon L. Nielsen (simon) as early adopter testing changes
  on cluster machines as well as all the testers and people
  who provided feedback the last months on freebsd-jail and
  other channels.
- My employer, CK Software GmbH, for the support so I could work on this.

Reviewed by:	(see above)
MFC after:	3 months (this is just so that I get the mail)
X-MFC Before:   7.2-RELEASE if possible
2008-11-29 14:32:14 +00:00
Konstantin Belousov
cb5c4b10ba Add two rtld exported symbols, _rtld_atfork_pre and _rtld_atfork_post.
Threading library calls _pre before the fork, allowing the rtld to
lock itself to ensure that other threads of the process are out of
dynamic linker. _post releases the locks.

This allows the rtld to have consistent state in the child. Although
child may legitimately call only async-safe functions, the call may
need plt relocation resolution, and this requires working rtld.

Reported and debugging help by:	rink
Reviewed by:	kan, davidxu
MFC after:	1 month (anyway, not before 7.1 is out)
2008-11-27 11:27:59 +00:00
Joseph Koshy
d95afe050e Update description of an event.
Submitted by:	"Verplanke, Edwin" <edwin dot verplanke at intel dot com>
2008-11-27 09:21:37 +00:00
Joseph Koshy
0cfab8ddc1 - Add support for PMCs in Intel CPUs of Family 6, model 0xE (Core Solo
and Core Duo), models 0xF (Core2), model 0x17 (Core2Extreme) and
  model 0x1C (Atom).

  In these CPUs, the actual numbers, kinds and widths of PMCs present
  need to queried at run time.  Support for specific "architectural"
  events also needs to be queried at run time.

  Model 0xE CPUs support programmable PMCs, subsequent CPUs
  additionally support "fixed-function" counters.

- Use event names that are close to vendor documentation, taking in
  account that:
  - events with identical semantics on two or more CPUs in this family
    can have differing names in vendor documentation,
  - identical vendor event names may map to differing events across
    CPUs,
  - each type of CPU supports a different subset of measurable
    events.

  Fixed-function and programmable counters both use the same vendor
  names for events.  The use of a class name prefix ("iaf-" or
  "iap-" respectively) permits these to be distinguished.

- In libpmc, refactor pmc_name_of_event() into a public interface
  and an internal helper function, for use by log handling code.

- Minor code tweaks: staticize a global, freshen a few comments.

Tested by:	gnn
2008-11-27 09:00:47 +00:00
Joseph Koshy
d5ec7b69ec Fix buglets. 2008-11-26 03:48:20 +00:00
Alfred Perlstein
6fda742dfe src/lib/libusb20/libusb20_compat01.c
Fix some issues about re-scanning of the devices.

src/lib/libusb20/libusb20_ugen20.c

Fix issue about libusb20 having to release the
USB transfers before doing a SET_CONFIG, else
the kernel will kill the file handle.

src/sys/dev/usb2/core/usb2_device.
src/sys/dev/usb2/core/usb2_generic.c
src/sys/dev/usb2/core/usb2_generic.h

Add support for U3G devices.
Improve and cleanup FIFO free handling.
Improve device re-enumeration.

src/sys/dev/usb2/core/usb2_msctest.c
src/sys/dev/usb2/core/usb2_msctest.h

Fix some problems in the USB Mass Storage Test.
Add Huawei vendor specific quirks.

src/sys/dev/usb2/core/usb2_request.c

Improve device re-enumeration.

src/sys/dev/usb2/ethernet/if_aue2.c
src/sys/dev/usb2/include/usb2_devid.h
src/sys/dev/usb2/include/usb2_devtable.h
src/sys/dev/usb2/quirk/usb2_quirk.c

Integrate changes from the old USB driver.

src/sys/dev/usb2/include/usb2_standard.h

Add definition of USB3.0 structures from USB.org.

src/sys/dev/usb2/serial/u3g2.c
src/sys/dev/usb2/serial/ugensa2.c
src/sys/modules/usb2/Makefile
src/sys/modules/usb2/serial_3g/Makefile

Import U3G driver.

Submitted by:	Hans Petter Selasky (usb4bsd)
2008-11-25 08:04:40 +00:00
Tai-hwa Liang
ca938a2cb1 Fixing !INET6 builds. 2008-11-25 02:15:09 +00:00
Joseph Koshy
ebf07c3e19 Correction: these PMCs do not support a "umask" modifier. 2008-11-24 08:14:01 +00:00
Joseph Koshy
0f7668cbae - Document the rules used to determine when spellings of events
are equivalent.
- Reorder text to make the manual page more coherent.
2008-11-24 08:11:33 +00:00
Sean Farley
805da51abd Fixed style issues with variable ordering and naming, spacing and
parentheses.

Fixed alignment issue in gr_dup() in its assignment of gr_mem using a
struct to force alignment without performing alignment mathematics.  This
was noticed recently with libutil was built with WARNS=6 on platform such
as sparc64.

Added checks to gr_dup(), gr_equal() and gr_make() to prevent segfaults
when examining struct group's with the struct members pointing to NULL's.

With fix of alignment issue, restore WARNS?=6.

Reviewed by:	des
MFC after:	1 week
2008-11-23 23:26:12 +00:00
Luigi Rizzo
24d96d62cc use the correct variable in a debug message. 2008-11-21 09:14:29 +00:00
Alfred Perlstein
6f0e1ffd07 src/sys/dev/usb2/controller/uss820dci_pccard.c
src/sys/dev/usb2/core/usbdevs
src/sys/dev/usb2/include/urio2_ioctl.h
src/sys/dev/usb2/storage/ustorage2_fs.h

These files are not used any more.

src/usr.sbin/Makefile
src/etc/mtree/BSD.include.dist
src/include/Makefile
src/lib/Makefile
src/share/man/man7/hier.7
src/share/mk/bsd.libnames.mk
src/etc/mtree/BSD.include.dist

Make "usbconfig" and "libusb20" a part of the default build.

src/sys/dev/usb/rio500_usb.h
src/sys/dev/usb2/storage/urio2.c

Use common include file.

src/sys/dev/usb2/bluetooth/ng_ubt2.c

Make USB bluetooth depend on "ng_hci" module.

src/sys/dev/usb2/controller/ehci2.c
src/sys/dev/usb2/controller/ehci2.h

Patches for Marvell EHCI.

src/sys/dev/usb2/core/usb2_busdma.c

Bugfix for 64-bit platforms. Need to unload the previously loaded DMA
map and some cleanup regarding some corner cases.

src/sys/dev/usb2/core/usb2_core.h
src/sys/dev/usb2/core/usb2_dev.c
src/sys/dev/usb2/core/usb2_dev.h

Bugfix for libusb filesystem interface.

New feature: Add support for filtering device data at the expense of the
userland process.

Add some more comments.

Some minor code styling.

Remove unused function, usb2_fifo_get_data_next().

Fix an issue about "fifo_index" being used instead of "ep_index".

src/sys/dev/usb2/core/usb2_device.c
src/sys/dev/usb2/core/usb2_generic.c

Bugfix for Linux USB compat layer. Do not free non-generic FIFOs when
doing an alternate setting.

Cleanup USB IOCTL and USB reference handling.
Fix a corner case where USB-FS was left initialised after
setting a new configuration or alternate setting.

src/sys/dev/usb2/core/usb2_hub.c

Improvement: Check all USB HUB ports by default at least one time.

src/sys/dev/usb2/core/usb2_request.c

Bugfix: Make sure destination ASCII string is properly zero terminated
in all cases.

Improvement: Skip invalid characters instead of replacing with a dot.

src/sys/dev/usb2/core/usb2_util.c
src/sys/dev/usb2/image/uscanner2.c

Spelling.

src/sys/dev/usb2/include/Makefile

Share "usbdevs" with the old USB stack.

src/sys/dev/usb2/include/usb2_devid.h
src/sys/dev/usb2/include/usb2_devtable.h

Regenerate files.

Alfred: Please fix the RCS tag at the top.

src/sys/dev/usb2/include/usb2_ioctl.h

Fix compilation of "kdump".

src/sys/dev/usb2/serial/ubsa2.c
src/sys/dev/usb2/serial/ugensa2.c

Remove device ID's which will end up in a new 3G driver.

src/sys/dev/usb2/sound/uaudio2.c

Correct a debug printout.

src/sys/dev/usb2/storage/umass2.c

Sync with old USB stack.

src/lib/libusb20/libusb20.3

Add more documentation.

src/lib/libusb20/libusb20.c

Various bugfixes and improvements.

src/usr.sbin/usbconfig/dump.c
src/usr.sbin/usbconfig/usbconfig.c

New commands for dumping strings and doing custom USB requests from
the command line.

Remove keyword requirements from generated files:
 "head/sys/dev/usb2/include/usb2_devid.h"
 "head/sys/dev/usb2/include/usb2_devtable.h"
2008-11-19 08:56:35 +00:00
Xin LI
d57af1ab1d Obey signedness flag in %z case.
MFC after:	2 months
2008-11-18 00:01:16 +00:00
Tim Kientzle
9fe9800cb5 When running on a filesystem that lacks ACL support,
just SKIP the test, don't report a test failure.
2008-11-17 21:06:17 +00:00
Pawel Jakub Dawidek
1ba4a712dd Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:

- Delegated Administration

	Allows regular users to perform ZFS operations, like file system
	creation, snapshot creation, etc.

- L2ARC

	Level 2 cache for ZFS - allows to use additional disks for cache.
	Huge performance improvements mostly for random read of mostly
	static content.

- slog

	Allow to use additional disks for ZFS Intent Log to speed up
	operations like fsync(2).

- vfs.zfs.super_owner

	Allows regular users to perform privileged operations on files stored
	on ZFS file systems owned by him. Very careful with this one.

- chflags(2)

	Not all the flags are supported. This still needs work.

- ZFSBoot

	Support to boot off of ZFS pool. Not finished, AFAIK.

	Submitted by:	dfr

- Snapshot properties

- New failure modes

	Before if write requested failed, system paniced. Now one
	can select from one of three failure modes:
	- panic - panic on write error
	- wait - wait for disk to reappear
	- continue - serve read requests if possible, block write requests

- Refquota, refreservation properties

	Just quota and reservation properties, but don't count space consumed
	by children file systems, clones and snapshots.

- Sparse volumes

	ZVOLs that don't reserve space in the pool.

- External attributes

	Compatible with extattr(2).

- NFSv4-ACLs

	Not sure about the status, might not be complete yet.

	Submitted by:	trasz

- Creation-time properties

- Regression tests for zpool(8) command.

Obtained from:	OpenSolaris
2008-11-17 20:49:29 +00:00
Peter Wemm
9b16c7add1 On i386, the primary function that SYSCALL() generates is with the
__sys_ prefix.  Make END() match.  This didn't cause a compile error, but
the function size is attached to the .weak symbol, not the real one.
2008-11-15 22:23:07 +00:00
Joseph Koshy
944e20faf5 - Document the class name prefix for these PMCs.
- Document the "anythread" qualifier, available on Atom CPUs.
- Add examples.
2008-11-15 11:34:30 +00:00
Rong-En Fan
5d08fb1f77 - Update ncurses to 5.7-20081102 (5.7 release) and build glue
- This also removes $FreeBSD$ from two now unmodifed source files
  ncurses/tinfo/lib_raw.c and ncurses/tinfo/lib_baudrate.c

MFC after:	2 months (after 7.1 and 6.4 are released)
2008-11-15 09:23:48 +00:00
Joseph Koshy
0b4dcce33e Tweak -mdoc usage. 2008-11-13 16:32:20 +00:00
Joseph Koshy
9275b7fce8 Document UMASK values, fix errors. 2008-11-13 10:40:13 +00:00
Joseph Koshy
f21fb297ad Fix typos, document UMASK values. 2008-11-13 10:21:56 +00:00
Joseph Koshy
63653d3956 Remove duplicates, fix errors and document UMASK values. 2008-11-13 09:53:53 +00:00
Joseph Koshy
6c292c4db6 Document the alternate event names supported for "architectural" PMC events. 2008-11-12 17:43:37 +00:00
Joseph Koshy
06209c4453 Use spellings that are close to vendor documentation. 2008-11-12 17:38:23 +00:00
Ed Schouten
ab0d10f68e Several cleanups related to pipe(2).
- Use `fildes[2]' instead of `*fildes' to make more clear that pipe(2)
  fills an array with two descriptors.

- Remove EFAULT from the manual page. Because of the current calling
  convention, pipe(2) raises a segmentation fault when an invalid
  address is passed.

- Introduce kern_pipe() to make it easier for binary emulations to
  implement pipe(2).

- Make Linux binary emulation use kern_pipe(), which means we don't have
  to recover td_retval after calling the FreeBSD system call.

Approved by:	rdivacky
Discussed on:	arch
2008-11-11 14:55:59 +00:00
Sean Farley
a06717238c style(9) fixes.
MFC after:	1 week
2008-11-11 00:32:55 +00:00
Ed Schouten
a1b5a8955e Mark uname(), getdomainname() and setdomainname() with COMPAT_FREEBSD4.
Looking at our source code history, it seems the uname(),
getdomainname() and setdomainname() system calls got deprecated
somewhere after FreeBSD 1.1, but they have never been phased out
properly. Because we don't have a COMPAT_FREEBSD1, just use
COMPAT_FREEBSD4.

Also fix the Linuxolator to build without the setdomainname() routine by
just making it call userland_sysctl on kern.domainname. Also replace the
setdomainname()'s implementation to use this approach, because we're
duplicating code with sysctl_domainname().

I wasn't able to keep these three routines working in our
COMPAT_FREEBSD32, because that would require yet another keyword for
syscalls.master (COMPAT4+NOPROTO). Because this routine is probably
unused already, this won't be a problem in practice. If it turns out to
be a problem, we'll just restore this functionality.

Reviewed by:	rdivacky, kib
2008-11-09 10:45:13 +00:00
Edward Tomasz Napierala
7968104d73 Add one more EACCES clause to rename.2.
Approved by:	rwatson (mentor)
2008-11-07 15:01:40 +00:00
Rafal Jaworowski
c38116e6bb Eliminate dead declarations in libstand. 2008-11-06 16:30:32 +00:00
Rafal Jaworowski
8e321b7943 Support kernel crash mini dumps on ARM architecture.
Obtained from:	Juniper Networks, Semihalf
2008-11-06 16:20:27 +00:00
Craig Rodrigues
820e067933 Merge latest DTrace changes from Perforce.
Update libproc API to reflect new changes.

Approved by:	jb
2008-11-05 19:35:43 +00:00
Dag-Erling Smørgrav
31cfde7132 Like many other functions that handle sockaddrs, realhostname_sa() takes a
struct sockaddr * that it casts internally to the appropriate type based on
sa_family.  However, struct sockaddr has very lax alignment requirements,
which causes the compiler to complain when you cast a struct sockaddr * to,
say, a struct sockaddr_in6 *.

I find it reasonable to assume that the pointer we received is in fact
correctly aligned.  Therefore, we can work around the compiler warnings by
casting to void * before casting to the desired type.  For readability's
sake, this is done with macros.

The same technique should prove useful in other parts of the tree that
deal with socket addresses.

MFC after:	3 weeks
2008-11-05 12:13:10 +00:00
Dag-Erling Smørgrav
c5eca3d84d Comment out WARNS. There are too many alignment issues in libutil. 2008-11-05 11:06:10 +00:00
Dag-Erling Smørgrav
b67921fc4b Disconnect gr_util.c from the build. It isn't documented or used anywhere
in the tree, and due to unsafe pointer arithmetic, it will most likely crash
on architectures with strict alignment requirements.
2008-11-05 10:45:39 +00:00
Dag-Erling Smørgrav
5e1a74e82f libutil now builds at WARNS level 6.
MFC after:	3 weeks
2008-11-04 13:51:15 +00:00
Dag-Erling Smørgrav
b4d2cfd941 Add missing header. 2008-11-04 13:50:50 +00:00
Dag-Erling Smørgrav
b8a5cd86e3 Avoid assigning a const char * to a char *.
MFC after:	3 weeks
2008-11-04 13:49:53 +00:00
Alfred Perlstein
eabe30fc9c Bring in USB4BSD, Hans Petter Selasky rework of the USB stack
that includes significant features and SMP safety.

This commit includes a more or less complete rewrite of the *BSD USB
stack, including Host Controller and Device Controller drivers and
updating all existing USB drivers to use the new USB API:

1) A brief feature list:

  - A new and mutex enabled USB API.

  - Many USB drivers are now running Giant free.

  - Linux USB kernel compatibility layer.

  - New UGEN backend and libusb library, finally solves the "driver
    unloading" problem. The new BSD licensed libusb20 library is fully
    compatible with libusb-0.1.12 from sourceforge.

  - New "usbconfig" utility, for easy configuration of USB.

  - Full support for Split transactions, which means you can use your
    full speed USB audio device on a high speed USB HUB.

  - Full support for HS ISOC transactions, which makes writing drivers
    for various HS webcams possible, for example.

  - Full support for USB on embedded platforms, mostly cache flushing
    and buffer invalidating stuff.

  - Safer parsing of USB descriptors.

  - Autodetect of annoying USB install disks.

  - Support for USB device side mode, also called USB gadget mode,
    using the same API like the USB host side. In other words the new
    USB stack is symmetric with regard to host and device side.

  - Support for USB transfers like I/O vectors, means more throughput
    and less interrupts.

  - ... see the FreeBSD quarterly status reports under "USB project"

2) To enable the driver in the default kernel build:

2.a) Remove all existing USB device options from your kernel config
file.

2.b) Add the following USB device options to your kernel configuration
file:

# USB core support
device          usb2_core

# USB controller support
device		usb2_controller
device		usb2_controller_ehci
device		usb2_controller_ohci
device		usb2_controller_uhci

# USB mass storage support
device		usb2_storage
device		usb2_storage_mass

# USB ethernet support, requires miibus
device		usb2_ethernet
device		usb2_ethernet_aue
device		usb2_ethernet_axe
device		usb2_ethernet_cdce
device		usb2_ethernet_cue
device		usb2_ethernet_kue
device		usb2_ethernet_rue
device		usb2_ethernet_dav

# USB wireless LAN support
device		usb2_wlan
device		usb2_wlan_rum
device		usb2_wlan_ral
device		usb2_wlan_zyd

# USB serial device support
device		usb2_serial
device		usb2_serial_ark
device		usb2_serial_bsa
device		usb2_serial_bser
device		usb2_serial_chcom
device		usb2_serial_cycom
device		usb2_serial_foma
device		usb2_serial_ftdi
device		usb2_serial_gensa
device		usb2_serial_ipaq
device		usb2_serial_lpt
device		usb2_serial_mct
device		usb2_serial_modem
device		usb2_serial_moscom
device		usb2_serial_plcom
device		usb2_serial_visor
device		usb2_serial_vscom

# USB bluetooth support
device		usb2_bluetooth
device		usb2_bluetooth_ng

# USB input device support
device		usb2_input
device		usb2_input_hid
device		usb2_input_kbd
device		usb2_input_ms

# USB sound and MIDI device support
device		usb2_sound

2) To enable the driver at runtime:

2.a) Unload all existing USB modules. If USB is compiled into the
kernel then you might have to build a new kernel.

2.b) Load the "usb2_xxx.ko" modules under /boot/kernel having the same
base name like the kernel device option.

Submitted by: Hans Petter Selasky hselasky at c2i dot net
Reviewed by: imp, alfred
2008-11-04 02:31:03 +00:00
Warner Losh
68b2399298 Replace the non-standard disclaimer with the standard one from /COPYRIGHT
Approved by:	jedgar@
2008-11-04 00:20:43 +00:00
Jason Evans
b74d3e0c37 Revert to preferring mmap(2) over sbrk(2) when mapping memory, due to
potential extreme contention in the kernel for multi-threaded applications
on SMP systems.

Reported by:	kris
2008-11-03 21:17:18 +00:00
Doug Rabson
a9148abd9d Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00