on SysV semaphores.
The squeeze of the semaphore array in the kern_semctl() modifies
sem_base for the semaphores with sem_base greater then sem_base of
the removed semaphore, as well as the values of the semaphores,
without locking their mutex. This can lead to (killable) hangs or
unexpected behaviour of the processes performing any sem operations
while other process does IPC_RMID.
The semexit_myhook() eventhandler unlocks SEMUNDO_LOCK() while
accessing *suptr. This allows for IPC_RMID for the sem id to be
performed in parallel with undo hook referenced by the current undo
structure. This leads to the panic("semexit - semid not allocated") [1].
The semaphore creation is protected by Giant, while IPC_RMID is done
while only semaphore mutex is held. This seems to result in invalid
values for semtot, causing random ENOSPC error returns [2].
Redo the locking of the semaphores lifetime cycle. Delegate the
sem_mtx to the sole purpose of protecting semget() and
semctl(IPC_RMID). Introduce new sem_undo_mtx to protect SEM_UNDO
handling. Remove the Giant remnants from the code.
Note that mac_sysvsem_check_semget() and mac_sysvsem_create() are
now called while sem_mtx is held, as well as mac_sysvsem_cleanup() [3].
When semaphore is removed, acquire semaphore locks for all semaphores
with sem_base that is going to be changed by squeeze of the sema
array. The lock order is not important there, because the region is
protected by sem_mtx.
Organize both used and free sem_undo structures into the lists,
protected by sem_undo_mtx. In semexit_myhook(), remove sem_undo
structure that is being processed, from used list, without putting it
onto the free to prevent modifications by other threads. This allows
for sem_undo_lock to be dropped to acquire individial semaphore locks
without violating lock order. Since IPC_RMID may no longer find this
sem_undo, do tolerate references to unallocated semaphores in undo
structure, and check sequential number to not undo unrelated semaphore
with the same id.
While there, convert functions definitions to ANSI C and fix small
style(9) glitches.
Reported by: Omer Faruk Sen <omerfsen gmail com> [1], pho [2]
Reviewed by: rwatson [3]
Tested by: pho
MFC after: 1 month
contrib/openbsm (svn merge) and src/sys/{bsm,security/audit} (manual
merge). Hook up bsm_domain.c and bsm_socket_type.c to the libbsm
build along with man pages, add audit_bsm_domain.c and
audit_bsm_socket_type.c to the kernel environment.
OpenBSM history for imported revisions below for reference.
MFC after: 1 month
Sponsored by: Apple Inc.
Obtained from: TrustedBSD Project
OpenBSM 1.1 alpha 5
- Stub libauditd(3) man page added.
- All BSM error number constants with BSM_ERRNO_.
- Interfaces to convert between local and BSM socket types and protocol
families have been added: au_bsm_to_domain(3), au_bsm_to_socket_type(3),
au_domain_to_bsm(3), and au_socket_type_to_bsm(3), along with definitions
of constants in audit_domain.h and audit_socket_type.h. This improves
interoperability by converting local constant spaces, which vary by OS, to
and from Solaris constants (where available) or OpenBSM constants for
protocol domains not present in Solaris (a fair number). These routines
should be used when generating and interpreting extended socket tokens.
- Fix build warnings with full gcc warnings enabled on most supported
platforms.
- Don't compile error strings into bsm_errno.c when building it in the kernel
environment.
- When started by launchd, use the label com.apple.auditd rather than
org.trustedbsd.auditd.
for jumbo frame.
o Nuke unneeded jlist lock which was used to protect jumbo buffer
management in local allocator.
o Added a new tunable hw.mskc.jumbo_disable to disable jumbo
frame support for the driver. The tunable could be set for
systems that do not need to use jumbo frames and it would
save (9K * number of Rx descriptors) bytes kernel memory.
o Jumbo buffer allocation failure is no longer critical error
for the operation of msk(4). If msk(4) encounter the allocation
failure it just disables jumbo frame support and continues to
work without your intervention.
Using local allocator had several drawbacks such as requirement of
large amount of continuous kernel memory and fixed (small) number
of available buffers. The need for large continuous memory resulted
in failure of loading driver with kldload on running systems.
Also small number of buffer used in local allocator showed poor
performance for some applications.
+ Remove a dead field of a struct. It serves no purpose anymore.
+ Remove a \n at the end of the format string of err(); the err()
function already adds a \n ;
+ remove many unnecessary casts which obfuscate the code.
This file has a huge number of indentation bugs, but I'd rather fix
them when/if we happen to modify the relevant parts of the code.
Submitted by: Christoph Mallon
MFC after: 3 days
to be caused by a metadata corruption that occurs quite often after
unplugging a pendrive during write activity.
Reviewed by: scottl
Approved by: rwatson (mentor)
Sponsored by: FreeBSD Foundation
Add missing set frame data pointer call. The
function call was missed when zero copy was
introduced in UMASS.
Reported by: WATANABE Kazuhiro.
Submitted by: Hans Petter Selasky
Remove dependancy towards the USB config thread in
the USB serial core. Use USB process msignalling
instead. Saves a little memory and hopefully makes
the code more understandable.
Submitted by: Hans Petter Selasky
Remove "vbus_interrupt" method from bus methods and use
a global function instead for the various drivers using it.
The reason for the removal is to simplify the code.
Submitted by: Hans Petter Selasky
Reduce the number of callback processes to 4 per
USB controller. There are two rough categories:
1) Giant locked USB transfers.
2) Non-Giant locked USB transfers.
On a real system with many USB devices plugged in the
number of processes reported by "ps auxw | grep USBPROC"
was reduced from 40 to 18.
Submitted by: Hans Petter Selasky
This change is about removing three fields from "struct usb2_xfer"
which can be reached from "struct usb2_xfer_root" instead and cleaning
up the code after this change. The fields are "xfer->udev",
"xfer->xfer_mtx" and "xfer->usb2_sc". In this process the following
changes were also made:
Rename "usb2_root" to "xroot" which is short for "xfer root".
Rename "priv_mtx" to "xfer_mtx" in USB core.
The USB_XFER_LOCK and USB_XFER_UNLOCK macros should only be used in
the USB core due to dependency towards "xroot". Substitute macros
for the real lock in two USB device drivers.
Submitted by: Hans Petter Selasky
Factor out roothub process into the USB bus structure for
all USB controller drivers. Essentially I am trying to
save some processes on the root HUB and get away
from the config thread pradigm. There will be a follow up
commit where the root HUB control and interrupt callback
will be moved over to run from the roothub process.
Total win: 3 processes become 1 for every USB controller.
Submitted by: Hans Petter Selasky
Usability improvement. Make sure that setting
power mode ON resurrects the device if powered OFF.
Reported by: Alexander Best.
Submitted by: Hans Petter Selasky