Commit Graph

11079 Commits

Author SHA1 Message Date
jamie
267ea54b44 Move the per-prison Linux MIB from a private one-off pointer to the new
OSD-based jail extensions.  This allows the Linux MIB to accessed via
jail_set and jail_get, and serves as a demonstration of adding jail support
to a module.

Reviewed by:	dchagin, kib
Approved by:	bz (mentor)
2009-05-07 18:36:47 +00:00
kib
78e147b4e4 Eliminate the loop and the call to pause(9) in vfs_vget_ino(). If
vfs_busy(MBF_NOWAIT) failed, unlock the vnode and sleep in vfs_busy().

Suggested and reviewed by:	jeff
Tested by:	pho
MFC after:	3 weeks
2009-05-07 18:14:21 +00:00
ed
2f086e8725 If we have a regular rint handler, never go into rint_bypass mode.
It turns out if we called cfmakeraw() on a TTY with only a rint handler
in place, it could inject data into the TTY, even though it should be
redirected. Always take a look at the hooks before looking at the
termios flags.
2009-05-07 17:39:23 +00:00
zec
d78a1b1a82 Change the curvnet variable from a global const struct vnet *,
previously always pointing to the default vnet context, to a
dynamically changing thread-local one.  The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE().  Recursions
on curvnet are permitted, though strongly discuouraged.

This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.

The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc.  Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.

The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.

This change also introduces a DDB subcommand to show the list of all
vnet instances.

Approved by:	julian (mentor)
2009-05-05 10:56:12 +00:00
jamie
8e4ffe653f Add a constant PR_MAXMETHOD to better define the jail/OSD interface.
Reviewed by:	dchagin, kib
Approved by:	bz (mentor)
2009-05-05 05:49:08 +00:00
ed
fb2908c8ff Remove unneeded check for SESS_LEADER().
We perform the same check ~10 lines above.
2009-05-04 11:11:10 +00:00
jamie
d462264a61 Don't call the OSD destructor if the data slot is NULL
(since it's already not done on unused slots, which are indistinguishable
to the caller).

Approved by:	bz (mentor)
2009-04-30 22:43:21 +00:00
zec
39b6dc8ba2 Permit buiding kernels with options VIMAGE, restricted to only a single
active network stack instance.  Turning on options VIMAGE at compile
time yields the following changes relative to default kernel build:

1) V_ accessor macros for virtualized variables resolve to structure
fields via base pointers, instead of being resolved as fields in global
structs or plain global variables.  As an example, V_ifnet becomes:

    options VIMAGE:          ((struct vnet_net *) vnet_net)->_ifnet
    default build:           vnet_net_0._ifnet
    options VIMAGE_GLOBALS:  ifnet

2) INIT_VNET_* macros will declare and set up base pointers to be used
by V_ accessor macros, instead of resolving to whitespace:

    INIT_VNET_NET(ifp->if_vnet); becomes

    struct vnet_net *vnet_net = (ifp->if_vnet)->mod_data[VNET_MOD_NET];

3) Memory for vnet modules registered via vnet_mod_register() is now
allocated at run time in sys/kern/kern_vimage.c, instead of per vnet
module structs being declared as globals.  If required, vnet modules
can now request the framework to provide them with allocated bzeroed
memory by filling in the vmi_size field in their vmi_modinfo structures.

4) structs socket, ifnet, inpcbinfo, tcpcb and syncache_head are
extended to hold a pointer to the parent vnet.  options VIMAGE builds
will fill in those fields as required.

5) curvnet is introduced as a new global variable in options VIMAGE
builds, always pointing to the default and only struct vnet.

6) struct sysctl_oid has been extended with additional two fields to
store major and minor virtualization module identifiers, oid_v_subs and
oid_v_mod.  SYSCTL_V_* family of macros will fill in those fields
accordingly, and store the offset in the appropriate vnet container
struct in oid_arg1.
In sysctl handlers dealing with virtualized sysctls, the
SYSCTL_RESOLVE_V_ARG1() macro will compute the address of the target
variable and make it available in arg1 variable for further processing.

Unused fields in structs vnet_inet, vnet_inet6 and vnet_ipfw have
been deleted.

Reviewed by:	bz, rwatson
Approved by:	julian (mentor)
2009-04-30 13:36:26 +00:00
jeff
9ff631ca46 - Fix non-SMP build by encapsulating idle spin logic in a macro.
Pointy hat to:	me
2009-04-29 23:04:31 +00:00
jamie
8fbb51e637 Regen for new jail system calls in r191673.
Approved by:	bz (mentor)
2009-04-29 21:50:13 +00:00
jamie
453b86f943 Introduce the extensible jail framework, using the same "name=value"
interface as nmount(2).  Three new system calls are added:
* jail_set, to create jails and change the parameters of existing jails.
  This replaces jail(2).
* jail_get, to read the parameters of existing jails.  This replaces the
  security.jail.list sysctl.
* jail_remove to kill off a jail's processes and remove the jail.
Most jail parameters may now be changed after creation, and jails may be
set to exist without any attached processes.  The current jail(2) system
call still exists, though it is now a stub to jail_set(2).

Approved by:	bz (mentor)
2009-04-29 21:14:15 +00:00
bms
32a71137f0 Bite the bullet, and make the IPv6 SSM and MLDv2 mega-commit:
import from p4 bms_netdev.  Summary of changes:

 * Connect netinet6/in6_mcast.c to build.
   The legacy KAME KPIs are mostly preserved.
 * Eliminate now dead code from ip6_output.c.
   Don't do mbuf bingo, we are not going to do RFC 2292 style
   CMSG tricks for multicast options as they are not required
   by any current IPv6 normative reference.
 * Refactor transports (UDP, raw_ip6) to do own mcast filtering.
   SCTP, TCP unaffected by this change.
 * Add ip6_msource, in6_msource structs to in6_var.h.
 * Hookup mld_ifinfo state to in6_ifextra, allocate from
   domifattach path.
 * Eliminate IN6_LOOKUP_MULTI(), it is no longer referenced.
   Kernel consumers which need this should use in6m_lookup().
 * Refactor IPv6 socket group memberships to use a vector (like IPv4).
 * Update ifmcstat(8) for IPv6 SSM.
 * Add witness lock order for IN6_MULTI_LOCK.
 * Move IN6_MULTI_LOCK out of lower ip6_output()/ip6_input() paths.
 * Introduce IP6STAT_ADD/SUB/INC/DEC as per rwatson's IPv4 cleanup.
 * Update carp(4) for new IPv6 SSM KPIs.
 * Virtualize ip6_mrouter socket.
   Changes mostly localized to IPv6 MROUTING.
 * Don't do a local group lookup in MROUTING.
 * Kill unused KAME prototypes in6_purgemkludge(), in6_restoremkludge().
 * Preserve KAME DAD timer jitter behaviour in MLDv1 compatibility mode.
 * Bump __FreeBSD_version to 800084.
 * Update UPDATING.

NOTE WELL:
 * This code hasn't been tested against real MLDv2 queriers
   (yet), although the on-wire protocol has been verified in Wireshark.
 * There are a few unresolved issues in the socket layer APIs to
   do with scope ID propagation.
 * There is a LOR present in ip6_output()'s use of
   in6_setscope() which needs to be resolved. See comments in mld6.c.
   This is believed to be benign and can't be avoided for the moment
   without re-introducing an indirect netisr.

This work was mostly derived from the IGMPv3 implementation, and
has been sponsored by a third party.
2009-04-29 19:19:13 +00:00
jamie
51a4d1c4a3 Some non-functional changes: whitespace, KASSERT strings, declaration order.
Approved by:	bz (mentor)
2009-04-29 18:41:08 +00:00
jeff
fe5d856f47 - Fix the FBSDID line. 2009-04-29 03:26:30 +00:00
jeff
88a1cd92bb - Remove the bogus idle thread state code. This may have a race in it
and it only optimized out an ipi or mwait in very few cases.
 - Skip the adaptive idle code when running on SMT or HTT cores.  This
   just wastes cpu time that could be used on a busy thread on the same
   core.
 - Rename CG_FLAG_THREAD to CG_FLAG_SMT to be more descriptive.  Re-use
   CG_FLAG_THREAD to mean SMT or HTT.

Sponsored by:   Nokia
2009-04-29 03:15:43 +00:00
bz
1507f5bd4d Prevent a superuser inside a jail from modifying the dedicated
root cpuset of that jail.
Processes inside the jail will still be able to change child sets.
A superuser outside of a jail will still be able to change the jail cpuset
and thus limit the number of cpus available to the jail.

Problem reported by: 000.fbsd@quip.cz (Miroslav Lachman)
PR:		kern/134050
Reviewed by:	jeff
MFC after:	3 weeks
X-MFC:		backout r191596
2009-04-28 21:00:50 +00:00
rwatson
fb89496678 Improve approximation of style(9). 2009-04-26 21:16:03 +00:00
zec
71a3c7baca Extend the vnet module registration / initialization framework
first introduced @ r190909 with a vnet module deregistration
service.

kldunloadable modules, which are currently using vnet_mod_register()
to attach their per-vnet initialization routines to the vnet
initialization framework, should call vnet_mod_deregister() before
acknowledging MOD_UNLOAD requests in their mod_event handlers.  Such
changes to the existing code base will follow in subsequent commits.

vnet_mod_deregister() does not check whether departing vnet modules
are registered as prerequisites for another module(s), so it should
be used with care.  Currently I'm only aware of vnet modules which
are leafs on module dependency graphs that are kldunloadable.

This change also introduces per-vnet module destructor handler, which
calls vnet's module cleanup function, which (if required) has to be
registered in vnet module's vnet_modinfo_t structure .vmi_idetach
field.  Once options VIMAGE becomes operational, the framework will
take care that module's cleanup function become invoked for each
active vnet instance, and that the memory allocated for each instance
gets freed.  Currently calls to destructor handlers must always
succeed.
2009-04-26 07:09:39 +00:00
ed
b8d7cb1963 Turn MAXPTSDEVS into a sysctl tunable.
This allows users to increase the maximum amount of pseudo-terminals
without changing any source code. Users must increase UT_LINESIZE before
attempting to increase kern.pts_maxdev.
2009-04-25 10:05:55 +00:00
bz
cb075fbf99 Correct a comment: the function name given had never existed in any
(relevant) version of this file orany of my patches.

MFC after:	1 month
2009-04-22 20:49:54 +00:00
emax
08708b99cb Fix sbappendrecord_locked().
The main problem is that sbappendrecord_locked() relies on sbcompress()
to set sb_mbtail. This will not happen if sbappendrecord_locked() is
called with mbuf chain made of exactly one mbuf (i.e. m0->m_next == NULL).
In this case sbcompress() will be called with m == NULL and will do
nothing. I'm not entirely sure if m == NULL is a valid argument for
sbcompress(), and, it rather pointless to call it like that, but keep
calling it so it can do SBLASTMBUFCHK().

The problem is triggered by the SOCKBUF_DEBUG kernel option that
enables SBLASTRECORDCHK() and SBLASTMBUFCHK() checks.

PR:			kern/126742
Investigated by:	pluknet < pluknet -at- gmail -dot- com >
No response from:	freebsd-current@, freebsd-bluetooth@
MFC after:		3 days
2009-04-21 19:14:13 +00:00
kib
76ae16d421 Fix typo.
Noted by:	jhb
MFC after:	2 weeks
2009-04-20 15:10:03 +00:00
kib
32441d8ae9 On the exit of the child process which parent either set SA_NOCLDWAIT
or ignored SIGCHLD, unconditionally wake up the parent instead of doing
this only when the child is a last child.

This brings us in line with other U**xes that support SA_NOCLDWAIT. If
the parent called waitpid(childpid), then exit of the child should wake
up the parent immediately instead of forcing it to wait for all children
to exit.

Reported by:	Alan Ferrency <alan pair com>
Submitted by:	Jilles Tjoelker <jilles stack nl>
PR:	108390
MFC after:	2 weeks
2009-04-20 14:34:55 +00:00
rwatson
f15ded690a Lock the interface address list while iterating a network interface's
address list when searching for a link-layer address to use during uuid
generation.

MFC after:	2 weeks
2009-04-19 21:36:18 +00:00
rwatson
367054e0a3 struct malloc_type has had a 'magic' field statically initialized to
M_MAGIC by MALLOC_DEFINE() for a long time; add assertions that
malloc_type's passed to malloc(), free(), etc have that magic set.

MFC after:	2 weeks
2009-04-19 12:41:37 +00:00
trasz
128b961224 When allocating 'struct acl' instances, use malloc(9) instead of uma(9).
This struct will get much bigger soon, and we don't want to waste too much
memory on UMA caches.

Reviewed by:	rwatson
2009-04-19 09:56:30 +00:00
trasz
858b10f6e2 Use acl_alloc() and acl_free() instead of using uma(9) directly.
This will make switching to malloc(9) easier; also, it would be
neccessary to add these routines if/when we implement variable-size
ACLs.
2009-04-18 16:47:33 +00:00
kan
06ed41c4fa Undo private changes that should never have been committed. 2009-04-17 18:34:11 +00:00
kan
febc8407e1 More fallout from negative dotdot caching. Negative entries should
be removed from and reinserted to proper ncneg list.

Reported by:  pho
Submitted by: kib
2009-04-17 18:11:11 +00:00
kib
c6f7194967 In flushbufqueues(), do not allocate sentinel buffer on the stack,
struct buf is large. Use sleeping malloc(9) call, and zero the allocated
buf as a debugging feature.
2009-04-16 09:37:48 +00:00
kib
0f76607a29 Export the number of times bufdaemon got help from the normal threads. 2009-04-16 09:33:52 +00:00
ed
244e1ecdbf Remove dead code from devtoname().
In the good old days it was possible to have dev_t's that referred to
nonexistent devices. In these cases devtoname() automatically generated
names. This is no longer possible, so remove this dead code.

Discussed with:	kib
2009-04-15 20:43:12 +00:00
ed
46ae43e7c6 Remove unneeded variable and casting from newdev().
Remove the `udev' variable, which has a different type than the original
function argument and si_drv0. The `udev' name is also misleading,
because it is not the number returned by dev2udev(). Rename this
argument to `unit'. It is the same number as returned by dev2unit().
2009-04-15 20:15:36 +00:00
ed
6df1ef4d2f Don't use si_drv0 directly.
We should still access si_drv0 using dev2unit(). Also change the
KASSERT() to really print the udev instead of the unit number. I suspect
it's still useful to print the unit number, especially for devices that
use clone lists, so keep the unit number in the panic string.
2009-04-15 20:08:26 +00:00
jhb
a66490b889 Update comment above _fget() for earlier change to FWRITE failures return
EBADF rather than EINVAL.

Submitted by:	Jaakko Heinonen  jh saunalahti fi
MFC after:	1 month
2009-04-15 19:10:37 +00:00
kan
9761044c2f Redo previous change using simpler patch that happens to be also
more correct.

Submitted by: tor
2009-04-14 23:56:48 +00:00
kan
3d27e1410d Fix yet another negative dotodot entry fallout.
Reported by: pho
2009-04-14 23:46:57 +00:00
kmacy
de9c351c80 - use a shared lock for reads
- remove stale comment

Reviewed by:	jeffr
2009-04-13 23:09:44 +00:00
davidxu
87940a2686 Make UMTX_OP_WAIT_UINT actually wait for an unsigned integer on 64-bits
machine.

MFC after: 1 week
2009-04-13 05:21:17 +00:00
kmacy
0cb01ac4ef sendfile doesn't modify the vnode - acquire vnode lock shared
Reviewed by:	ups, jeffr
2009-04-12 05:19:35 +00:00
rwatson
90c1837110 Remove conditionally compiled time counter statistics; tools like
DTrace, kernel profiling, etc, can provide this information without
the overhead.

MFC after:	3 days
Suggested by:	bde
2009-04-11 22:01:40 +00:00
kan
cae135c489 Fix v_cache_dd handling for negative entries. v_cache_dd pointer was
not populated in parent directory if negative entry was being
created, yet entry itself was added to the nc_neg list. It was
possible for parent vnode to get discarded later, leaving negative
entry pointing to now unused memory block.

Reported by:	dho
Revewed by:	kib
2009-04-11 20:23:08 +00:00
kib
9260481d50 When zapping v_cache_dd for !MAKEENTRY case in cache_lookup(), we shall
lock cache as writer.

Reviewed by:	kan
2009-04-11 16:12:20 +00:00
zec
b39b54e6de Introduce vnet module registration / initialization framework with
dependency tracking and ordering enforcement.

With this change, per-vnet initialization functions introduced with
r190787 are no longer directly called from traditional initialization
functions (which cc in most cases inlined to pre-r190787 code), but are
instead registered via the vnet framework first, and are invoked only
after all prerequisite modules have been initialized.  In the long run,
this framework should allow us to both initialize and dismantle
multiple vnet instances in a correct order.

The problem this change aims to solve is how to replay the
initialization sequence of various network stack components, which
have been traditionally triggered via different mechanisms (SYSINIT,
protosw).  Note that this initialization sequence was and still can be
subtly different depending on whether certain pieces of code have been
statically compiled into the kernel, loaded as modules by boot
loader, or kldloaded at run time.

The approach is simple - we record the initialization sequence
established by the traditional mechanisms whenever vnet_mod_register()
is called for a particular vnet module.  The vnet_mod_register_multi()
variant allows a single initializer function to be registered multiple
times but with different arguments - currently this is only used in
kern/uipc_domain.c by net_add_domain() with different struct domain *
as arguments, which allows for protosw-registered initialization
routines to be invoked in a correct order by the new vnet
initialization framework.

For the purpose of identifying vnet modules, each vnet module has to
have a unique ID, which is statically assigned in sys/vimage.h.
Dynamic assignment of vnet module IDs is not supported yet.

A vnet module may specify a single prerequisite module at registration
time by filling in the vmi_dependson field of its vnet_modinfo struct
with the ID of the module it depends on.  Unless specified otherwise,
all vnet modules depend on VNET_MOD_NET (container for ifnet list head,
rt_tables etc.), which thus has to and will always be initialized
first.  The framework will panic if it detects any unresolved
dependencies before completing system initialization.  Detection of
unresolved dependencies for vnet modules registered after boot
(kldloaded modules) is not provided.

Note that the fact that each module can specify only a single
prerequisite may become problematic in the long run.  In particular,
INET6 depends on INET being already instantiated, due to TCP / UDP
structures residing in INET container.  IPSEC also depends on INET,
which will in turn additionally complicate making INET6-only kernel
configs a reality.

The entire registration framework can be compiled out by turning on the
VIMAGE_GLOBALS kernel config option.

Reviewed by:	bz
Approved by:	julian (mentor)
2009-04-11 05:58:58 +00:00
rwatson
fba90f2e03 Remove VOP_LEASE and supporting functions. This hasn't been used since
the removal of NQNFS, but was left in in case it was required for NFSv4.
Since our new NFSv4 client and server can't use it for their
requirements, GC the old mechanism, as well as other unused lease-
related code and interfaces.

Due to its impact on kernel programming and binary interfaces, this
change should not be MFC'd.

Proposed by:    jeff
Reviewed by:    jeff
Discussed with: rmacklem, zach loafman @ isilon
2009-04-10 10:52:19 +00:00
kib
a5ecda6fd6 Cache_lookup() for DOTDOT drops dvp vnode lock, allowing dvp to be reclaimed.
Check the condition and return ENOENT then.

In nfs_lookup(), respect ENOENT return from cache_lookup() when it is caused
by dvp reclaim.

Reported and tested by:	pho
2009-04-10 10:22:44 +00:00
thompsa
39714cb212 Revert r190676,190677
The geom and CAM changes for root_hold are the wrong solution for USB design
quirks.

Requested by:	scottl
2009-04-10 04:08:34 +00:00
ed
df0bd942fb Fix tty_wait_background() to comply with standards.
It turns out my handling of SIGTTOU and SIGTTIN didn't entirely comply
to the standards. It is true that in the SIGTTOU case we should not
return EIO when the signal is ignored/blocked, but in the SIGTTIN case
we must.

See also:	POSIX issue 7 section 11.1.4
2009-04-08 15:56:50 +00:00
rwatson
b2a611f93a Nul-terminate strings in the VFS name cache, which negligibly change
the size and cost of name cache entries, but make adding debugging
and tracing easier.

Add SDT DTrace probes for various namecache events:

  vfs:namecache:enter:done - new entry in the name cache, passed parent
    directory vnode pointer, name added to the cache, and child vnode
    pointer.

  vfs:namecache:enter_negative:done - new negative entry in the name cache,
    passed parent vnode pointer, name added to the cache.

  vfs:namecache:fullpath:enter - call to vn_fullpath1() is made, passed
    the vnode to resolve to a name.

  vfs:namecache:fullpath:hit - vn_fullpath1() successfully resolved a
    search for the parent of an object using the namecache, passed the
    discovered parent directory vnode pointer, name, and child vnode
    pointer.

  vfs:namecache:fullpath:miss - vn_fullpath1() failed to resolve a search
    for the parent of an object using the namecache, passed the child
    vnode pointer.

  vfs:namecache:fullpath:return - vn_fullpath1() has completed, passed the
    error number, and if that is zero, the vnode to resolve, and the
    returned path.

  vfs:namecache:lookup:hit - postive name cache entry hit, passed the
    parent directory vnode pointer, name, and child vnode pointer.

  vfs:namecache:lookup:hit_negative - negative name cache entry hit,
    passed the parent directory vnode pointer and name.

  vfs:namecache:lookup:miss - name cache miss, passed the parent directory
    pointer and the full remaining component name (not terminated after the
    cache miss component).

  vfs:namecache:purge:done - name cache purge for a vnode, passed the vnode
    pointer to purge.

  vfs:namecache:purge_negative:done - name cache purge of negative entries
    for children of a vnode, passed the vnode pointer to purge.

  vfs:namecache:purgevfs - name cache purge for a mountpoint, passed the
    mount pointer.  Separate probes will also be invoked for each cache
    entry zapped.

  vfs:namecache:zap:done - name cache entry zapped, passed the parent
    directory vnode pointer, name, and child vnode pointer.

  vfs:namecache:zap_negative:done - negative name cache entry zapped,
    passed the parent directory vnode pointer and name.

For any probes involving an extant name cache entry (enter, hit, zapp),
we use the nul-terminated string for the name component.  For misses,
the remainder of the path, including later components, is provided as
an argument instead since there is no handy nul-terminated version of
the string around.  This is arguably a bug.

MFC after:      1 month
Sponsored by:   Google, Inc.
Reviewed by:	jhb, kan, kib (earlier version)
2009-04-07 20:58:56 +00:00
rwatson
f775cac272 Add SDT DTrace probes for namei():
vfs:namei:lookup:entry takes parent directory vnode pointer, path to
    look up, and lookup flags.
  vfs:namei:lookup:return takes an error value, and if successful, the
    returned vnode pointer.

MFC after:      1 month
2009-04-06 10:32:40 +00:00