3248 Commits

Author SHA1 Message Date
Bosko Milekic
0eecc42758 Setup and put to use the mutex lock for sf_freelist, the sendfile(2) bufs
freelist. Should now be thread-friendly, in part.

Note: More work is needed in uipc_syscalls.c, but it will have to wait until
the socket locking issues are at least 80% implemented and committed.
2000-11-04 07:16:08 +00:00
Tor Egge
a2d1480cf8 Clear the VFREE flag when the vnode is removed from the free list in
getnewvnode().  Otherwise routines called from VOP_INACTIVE() might
attempt to remove the vnode from a free list the vnode isn't on,
causing corruption.
PR:		18012
2000-11-02 21:42:54 +00:00
Poul-Henning Kamp
1d7e3e42e7 Take VBLK devices further out of their missery.
This should fix the panic I introduced in my previous commit on this topic.
2000-11-02 21:14:13 +00:00
Eivind Eklund
e3c4036b18 Give vop_mmap an untimely death. The opportunity to give it a timely
death timed out in 1996.
2000-11-01 17:57:24 +00:00
Poul-Henning Kamp
a16d0eb2d7 Deprecate devsw->d_bmaj entirely.
This removes support for booting current kernels with very old bootblocks.

Device driver writers: Please remove initializations for the d_bmaj
field in your cdevsw{}.
2000-10-31 10:58:14 +00:00
Jordan K. Hubbard
e7c2b5a51d Add a new ioctl for doing virgin disklabels.
Submitted by:	dillon
2000-10-31 07:05:40 +00:00
Robert Watson
cb1f0db9db o Deny access to System V IPC from within jail by default, as in the
current implementation, jail neither virtualizes the Sys V IPC namespace,
  nor provides inter-jail protections on IPC objects.
o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
  using sysctl.
o This is not the "real fix" which involves virtualizing the System V
  IPC namespace, but prevents processes within jail from influencing those
  outside of jail when not approved by the administrator.

Reported by:	Paulo Fragoso <paulo@nlink.com.br>
2000-10-31 01:34:00 +00:00
Robert Watson
c087a04f6a o Tighten up rules for which processes can't debug which other processes
in the p_candebug() function.  Synchronize with sef's CHECKIO()
  macro from the old procfs, which seems to be a good source of security
  checks.

Obtained from:	TrustedBSD Project
2000-10-30 20:30:03 +00:00
Kenneth D. Merry
2906da29dc Write support for the cd(4) driver.
This allows writing to DVD-RAM, PD and similar drives that probe as CD
devices.  Note that these are randomly writeable devices, not
sequential-only devices like CD-R drives, which are supported by cdrecord.

Add a new flag value for dsopen(), DSO_COMPATLABEL.  The cd(4) driver now
uses this flag instead of the DSO_NOLABELS flag.  The DSO_NOLABELS always
used a "fake" disklabel for the entire disk, provided by the caller.

With the DSO_COMPATLABEL flag, dsopen() will first search the media for a
label, and if it finds a label, it will use that label.  Otherwise it will
use the fake disklabel provided by the caller.  This provides backwards
compatibility, since we will still have labels for ISO9660 media.

It also provides new functionality, since you can now have a regular BSD
disklabel on read-only media, or on writeable media (e.g. DVD-RAM).

Bruce and I both think that we should eventually (in a few years) get
away from using disklabels for ISO9660 media, and just use the whole disk
device (/dev/cd0).  At that point disklabel handling in the cd(4) driver
could follow the "normal" model, as used in the da(4) driver.

Also, clean up the path in a couple of places in cdregister().  (Thanks to
Nick Hibma for catching that bug.)

Reviewed by:	bde
2000-10-30 07:03:00 +00:00
Alan Cox
39b2b25fa0 _aio_aqueue(): Change kevent registration to use its own struct file pointer.
Otherwise, aio_read() and aio_write() on sockets are broken if a kevent is
 registered.  (The code after kevent registration for handling sockets assumes
 that the struct file pointer "fp" still refers to the socket, not the kqueue.)
2000-10-29 21:38:28 +00:00
Poul-Henning Kamp
fe4e324374 Allow all users to access the dev -> devname sysctl. 2000-10-29 19:50:06 +00:00
Poul-Henning Kamp
da936bf80a Remove unneeded <stddef.h> #includes. 2000-10-29 16:57:42 +00:00
Poul-Henning Kamp
cf9fa8e725 Move suser() and suser_xxx() prototypes and a related #define from
<sys/proc.h> to <sys/systm.h>.

Correctly document the #includes needed in the manpage.

Add one now needed #include of <sys/systm.h>.
Remove the consequent 48 unused #includes of <sys/proc.h>.
2000-10-29 16:06:56 +00:00
Poul-Henning Kamp
53ce36d17a Remove unneeded #include <sys/proc.h> lines. 2000-10-29 13:57:19 +00:00
Don Lewis
19c34d1596 Nuke a bit of dead code. 2000-10-29 01:00:36 +00:00
Alan Cox
4a71feb71c Add missing call to knote_fdclose() in setugidsafety() and fdcloseexec().
Reviewed by:	jlemon
2000-10-28 20:27:32 +00:00
Poul-Henning Kamp
46aa3347cb Convert all users of fldoff() to offsetof(). fldoff() is bad
because it only takes a struct tag which makes it impossible to
use unions, typedefs etc.

Define __offsetof() in <machine/ansi.h>

Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h>

Remove myriad of local offsetof() definitions.

Remove includes of <stddef.h> in kernel code.

NB: Kernelcode should *never* include from /usr/include !

Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API.

Deprecate <struct.h> with a warning.  The warning turns into an error on
01-12-2000 and the file gets removed entirely on 01-01-2001.

Paritials reviews by:   various.
Significant brucifications by:  bde
2000-10-27 11:45:49 +00:00
John Baldwin
a5a96a1978 - Use MUTEX_DECLARE() and MTX_COLD for the WITNESS code's internal mutex so
it can function before malloc(9) is up and running.
- Add two new options WITNESS_DDB and WITNESS_SKIPSPIN.  If WITNESS_SKIPSPIN
  is enabled, then spin mutexes are ignored by the WITNESS code.  If
  WITNESS_DDB is turned on and DDB is compiled into the kernel, then the
  kernel will drop into DDB when either a lock hierarchy violation occurs
  or mutexes are held when going to sleep.
- Add some new sysctls:
  debug.witness_ddb is a read-write sysctl that corresponds to WITNESS_DDB.
     The kernel option merely changes the default value to on at boot.
  debug.witness_skipspin is a read-only sysctl that one can use to determine
     if the kernel was compiled with WITNESS_SKIPSPIN.
- Wipe out the BSD/OS-specific lock order lists.  We get to build our own
  lists now as we add mutexes to the kernel.
2000-10-27 02:59:30 +00:00
Andrew Gallatin
810bfc8ea1 unstaticize change_ruid() because it is needed by osf1_setuid() 2000-10-26 15:49:35 +00:00
John Baldwin
8088699f79 - Overhaul the software interrupt code to use interrupt threads for each
type of software interrupt.  Roughly, what used to be a bit in spending
  now maps to a swi thread.  Each thread can have multiple handlers, just
  like a hardware interrupt thread.
- Instead of using a bitmask of pending interrupts, we schedule the specific
  software interrupt thread to run, so spending, NSWI, and the shandlers
  array are no longer needed.  We can now have an arbitrary number of
  software interrupt threads.  When you register a software interrupt
  thread via sinthand_add(), you get back a struct intrhand that you pass
  to sched_swi() when you wish to schedule your swi thread to run.
- Convert the name of 'struct intrec' to 'struct intrhand' as it is a bit
  more intuitive.  Also, prefix all the members of struct intrhand with
  'ih_'.
- Make swi_net() a MI function since there is now no point in it being
  MD.

Submitted by:	cp
2000-10-25 05:19:40 +00:00
John Baldwin
3127162743 Quite some warnings. 2000-10-25 04:37:54 +00:00
John Baldwin
d543796f86 - Make the eventhandler_mutex mutex a private variable in
subr_eventhandler.c
- Move the extra #include's in sys/eventhandler.h to be protected by
  the #ifndef SYS_EVENTHANDLER/#endif
2000-10-25 00:01:39 +00:00
Warner Losh
bbfe025461 Cleanup the rman_make_alignment_flags function to be much clearer and shorter
than the prior version.
2000-10-22 04:48:11 +00:00
John Baldwin
b67a3e6e85 Propogate the 'const'ness of mutex descriptions to the witness code to
quiet warnings.
2000-10-20 22:45:01 +00:00
John Baldwin
78f0da0373 Actually enable the witness code if the WITNESS kernel option is enabled. 2000-10-20 21:58:11 +00:00
John Baldwin
f5271ebc2f Doh. Fix a 64-bit-ism by using uintptr_t for a temporary lock variable
instead of int.
2000-10-20 20:24:40 +00:00
Poul-Henning Kamp
1921a06d6a Introduce the M_ZERO flag to malloc(9)
Instead of:

        foo = malloc(sizeof(foo), M_WAIT);
        bzero(foo, sizeof(foo));

You can now (and please do) use:

        foo = malloc(sizeof(foo), M_WAIT | M_ZERO);

In the future this will enable us to do idle-time pre-zeroing of
malloc-space.
2000-10-20 17:54:55 +00:00
John Baldwin
35e0e5b311 Catch up to moving headers:
- machine/ipl.h -> sys/ipl.h
- machine/mutex.h -> sys/mutex.h
2000-10-20 07:58:15 +00:00
John Baldwin
700bfa750f - GC some #if 0'd code regarding the non-existant safepri variable.
- Don't dink with the witness state of Giant unless we actually own it
  during mi_switch().
2000-10-20 07:52:10 +00:00
John Baldwin
eec258d257 - machine/mutex.h -> sys/mutex.h
- Use MUTEX_DECLARE() and MTX_COLD for the malloc_mtx mutex
2000-10-20 07:29:16 +00:00
John Baldwin
d8881ca31d - machine/mutex.h -> sys/mutex.h
- The initial lock_mtx mutex used in the lockmgr code is initialized very
  early, so use MUTEX_DECLARE() and MTX_COLD.
2000-10-20 07:28:00 +00:00
John Baldwin
36412d79b4 - Make the mutex code almost completely machine independent. This greatly
reducues the maintenance load for the mutex code.  The only MD portions
  of the mutex code are in machine/mutex.h now, which include the assembly
  macros for handling mutexes as well as optionally overriding the mutex
  micro-operations.  For example, we use optimized micro-ops on the x86
  platform #ifndef I386_CPU.
- Change the behavior of the SMP_DEBUG kernel option.  In the new code,
  mtx_assert() only depends on INVARIANTS, allowing other kernel developers
  to have working mutex assertiions without having to include all of the
  mutex debugging code.  The SMP_DEBUG kernel option has been renamed to
  MUTEX_DEBUG and now just controls extra mutex debugging code.
- Abolish the ugly mtx_f hack.  Instead, we dynamically allocate
  seperate mtx_debug structures on the fly in mtx_init, except for mutexes
  that are initiated very early in the boot process.   These mutexes
  are declared using a special MUTEX_DECLARE() macro, and use a new
  flag MTX_COLD when calling mtx_init.  This is still somewhat hackish,
  but it is less evil than the mtx_f filler struct, and the mtx struct is
  now the same size with and without mutex debugging code.
- Add some micro-micro-operation macros for doing the actual atomic
  operations on the mutex mtx_lock field to make it easier for other archs
  to override/optimize mutex ops if needed.  These new tiny ops also clean
  up the code in some places by replacing long atomic operation function
  calls that spanned 2-3 lines with a short 1-line macro call.
- Don't call mi_switch() from mtx_enter_hard() when we block while trying
  to obtain a sleep mutex.  Calling mi_switch() would bogusly release
  Giant before switching to the next process.  Instead, inline most of the
  code from mi_switch() in the mtx_enter_hard() function.  Note that when
  we finally kill Giant we can back this out and go back to calling
  mi_switch().
2000-10-20 07:26:37 +00:00
John Baldwin
d8f831678d Reparent a kernel thread to init during kthread_exit() so that the zombie
can be reaped.
2000-10-19 19:53:44 +00:00
Robert Watson
47460a23a0 o Introduce new VOP_ACCESS() flag VADMIN, allowing file systems to perform
"administrative" authorization checks.  In most cases, the VADMIN test
  checks to make sure the credential effective uid is the same as the file
  owner.
o Modify vaccess() to set VADMIN as an available right if the uid is
  appropriate.
o Modify references to uid-based access control operations such that they
  now always invoke VOP_ACCESS() instead of using hard-coded policy checks.
o This allows alternative UFS policies to be implemented by replacing only
  ufs_access() (such as mandatory system policies).
o VOP_ACCESS() requires the caller to hold an exclusive vnode lock on the
  vnode: I believe that new invocations of VOP_ACCESS() are always called
  with the lock held.
o Some direct checks of the uid remain, largely associated with the QUOTA
  and SUIDDIR code.

Reviewed by:	eivind
Obtained from:	TrustedBSD Project
2000-10-19 07:53:59 +00:00
John Baldwin
dc13e6dfbb Axe the idle_event eventhandler, and add a MD cpu_idle function used
for things such as halting CPU's, idling CPU's, etc.

Discussed with:	msmith
2000-10-19 07:47:16 +00:00
Peter Wemm
5d391f75d6 EVENTHANDLER_INVOKE() takes two arguments. 2000-10-18 17:56:06 +00:00
John Baldwin
86bc23af90 Don't needlessly pass the diagnostic counter to the idle_event event
handlers.
2000-10-18 08:10:25 +00:00
Matthew N. Dodd
0cb53e2487 Add new bus method 'GET_RESOURCE_LIST' and appropriate generic
implementation.

Add bus_generic_rl_{get,set,delete,release,alloc}_resource() functions
which provide generic operations for devices using resource list style
resource management.

This should simplify a number of bus drivers.  Further commits to follow.
2000-10-18 05:15:40 +00:00
John Baldwin
3650b37578 - Wrap the sanity checks for staying in the idle loop for absurdly long
amounts of time in #ifdef DIAGNOSTIC
- Call vm_page_zero_idle() during the idle loop.
2000-10-17 23:12:37 +00:00
Warner Losh
85d693f9d8 Implement resource alignment as discussed in arch@ a long time ago.
This was implemented by Shigeru YAMAMOTO-san and Jonathan Chen.  I've
cleaned them up somewhat and they seem to work well enough to boot
current (but given current's state it can be hard to tell).  Doug
Rabson also reviewed the design and signed off on it.
2000-10-17 22:08:03 +00:00
Nick Hibma
d686268728 Put the header section in the header file not the c file.
Submitted by:	Jonathan Chen <jon@spock.org>
PR:		21982
2000-10-15 15:19:35 +00:00
Poul-Henning Kamp
db7e3af111 Remove unneeded #include <machine/clock.h> 2000-10-15 14:19:01 +00:00
Bosko Milekic
181d2a1564 Add nmbcnt sysctl and make it tunable at boottime; nmbcnt is the
number of ext_buf counters that are possibly allocatable.

Do this because:

  (i) It will make it easier to influence EXT_COUNTERS for if_sk,
      if_ti (or similar) users where the driver allocates its own
      ext_bufs and where it is important for the mbuf system to take
      it into account when reserving necessary space for counters.

  (ii) Facilitate some percentile calculation for netstat(1)
2000-10-15 06:24:07 +00:00
John W. De Boskey
2ec40c9aac Remove the signal value check from the PT_STEP codepath. It
can cause an bogus failure.

Reviewed by:    Sean Eric Fagan <sef@kithrup.com>
                and no other response to the review request.
2000-10-14 03:56:01 +00:00
Peter Wemm
ac5f943c37 savectx() is now used exclusively by the crash dump system. Move the
i386 specific gunk (copy %cr3 to the pcb) from the MI dumpsys() to the
MD savectx().
2000-10-13 22:03:29 +00:00
Paul Saab
16a011f973 Do not allocate a callout for all crashdumps, not just when you panic. 2000-10-13 21:49:19 +00:00
Robert Watson
ab024bb02e o Simplify capability types away from an array of ints to a single
u_int64_t flag field, bounding the number of capabilities at 64,
  but substantially cleaning up capability logic (there are currently
  43 defined capabilities).

o Heads up to anyone actually using capabilities: the constant
  assignments for various capabilities have been redone, so any
  persistent binary capability stores (i.e., '$posix1e.cap' EA
  backing files) must be recreated.  If you have one of these,
  you'll know about it, so if you have no idea what this means,
  don't worry.

o Update libposix1e to reflect this new definition, fixing the
  exposed functions that directly manipulate the flags fields.

Obtained from:	TrustedBSD Project
2000-10-13 17:12:58 +00:00
Jason Evans
9722d88fba For lockmgr mutex protection, use an array of mutexes that are allocated
and initialized during boot.  This avoids bloating sizeof(struct lock).
As a side effect, it is no longer necessary to enforce the assumtion that
lockinit()/lockdestroy() calls are paired, so the LK_VALID flag has been
removed.

Idea taken from:	BSD/OS.
2000-10-12 22:37:28 +00:00
Doug Rabson
63c47a5ca0 Add a gross hack for ia64 to allocate the backing store for a new program. 2000-10-12 14:24:03 +00:00
Eivind Eklund
7eb9fca557 Blow away the v_specmountpoint define, replacing it with what it was
defined as (rdev->si_mountpoint)
2000-10-09 17:31:39 +00:00