1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
Commit Graph

4751 Commits

Author SHA1 Message Date
John Baldwin
bdd67d483c - Change namei() to use td_ucred instead of p_ucred.
- Change the hack in access() that uses a temporary credential to set
  td_ucred to the temp cred instead of p_ucred.
2002-02-27 19:15:29 +00:00
John Baldwin
6f105b3444 - Change unp_listen() to accept a thread rather than a proc as its second
argument.
- Use td_ucred in unp_listen() instead of p_ucred.
2002-02-27 19:14:01 +00:00
John Baldwin
4a7d6cd251 Fix Giant leakage in several error cases in __semctl(). 2002-02-27 19:12:14 +00:00
John Baldwin
6bd7ad69a1 Add a comment about an unlocked access to p_ucred that will go away in
the near future.
2002-02-27 19:10:50 +00:00
Alfred Perlstein
9f01374de5 kill __P. 2002-02-27 18:51:53 +00:00
Alfred Perlstein
566c1313a3 add assertions in the places where giant is required to catch when
the pipe is locked and shouldn't be.

initialize pipe->pipe_mtxp to NULL when creating pipes in order not
to trip the above assertions.

swap pipe lock with giant around calls to pipe_destroy_write_buffer()

pipe_destroy_write_buffer issue noticed by: jhb
2002-02-27 18:49:58 +00:00
John Baldwin
a854ed9893 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
John Baldwin
65e3406d28 Temporarily lock Giant while we update td_ucred. The proc lock doesn't
fully protect p_ucred yet so Giant is needed until all the p_ucred
locking is done.  This is the original reason td_ucred was not used
immediately after its addition.  Unfortunately, not using td_ucred is
not enough to avoid problems.  Since p_ucred could be stale, we could
actually be dereferencing a stale pointer to dink with the refcount, so
we really need Giant to avoid foot-shooting.  This allows td_ucred to
be safely used as well.
2002-02-27 18:30:01 +00:00
Alfred Perlstein
21dbcfd500 Fix a NULL deref panic in pipe_write, we can't blindly lock
pipe->pipe_peer->pipe_mtxp because it may be NULL, so lock the
passed in pipe's mutex instead.
2002-02-27 17:23:16 +00:00
Robert Drehmel
ad1ff0997e Make getcredhostname() take a buffer and the buffer's size
as arguments.  The correct hostname is copied into the buffer
while having the prison's lock acquired in a jailed process'
case.

Reviewed by:	jhb, rwatson
2002-02-27 16:43:20 +00:00
Robert Drehmel
9484d0c0e8 Add a function which returns the correct hostname for a given
credential.

Reviewed by:	phk
2002-02-27 14:58:32 +00:00
Alfred Perlstein
ffddaaeeeb MPsafe fixes:
use SYSINIT to initialize pipe_zone.
use PIPE_LOCK to protect kevent ops.
2002-02-27 11:27:48 +00:00
Seigo Tanimura
2f9325870d Return ESRCH if the target process is not inferior to the curproc.
Spotted by:	HIROSHI OOTA <oota@LSi.nec.co.jp>
2002-02-27 10:38:14 +00:00
Alfred Perlstein
e6be967434 Don't hardcode /sys when making tags, instead use ${.CURDIR}/.. this
fixes a problem where one tries to make tags when the source isn't in
/sys.

Submitted by: Jihui Yang <yangjihui@yahoo.com>
2002-02-27 10:07:15 +00:00
Peter Wemm
d1693e1701 Back out all the pmap related stuff I've touched over the last few days.
There is some unresolved badness that has been eluding me, particularly
affecting uniprocessor kernels.  Turning off PG_G helped (which is a bad
sign) but didn't solve it entirely.  Userland programs still crashed.
2002-02-27 09:51:33 +00:00
Alfred Perlstein
f81b04d96c First rev at making pipe(2) pipe's MPsafe.
Both ends of the pipe share a pool_mutex, this makes allocation
and deadlock avoidance easy.

Remove some un-needed FILE_LOCK ops while I'm here.

There are some issues wrt to select and the f{s,g}etown code that
we'll have to deal with, I think we may also need to move the calls
to vfs_timestamp outside of the sections covered by PIPE_LOCK.
2002-02-27 07:35:59 +00:00
Dima Dorfman
76183f3453 Introduce a version field to `struct xucred' in place of one of the
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being).  Accordingly, change users of
xucred to set and check this field as appropriate.  In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former.  This also has the pleasant sideaffect of removing some
duplicate code.

Reviewed by:	rwatson
2002-02-27 04:45:37 +00:00
Peter Wemm
bd1e3a0f89 Jake further reduced IPI shootdowns on sparc64 in loops by using ranged
shootdowns in a couple of key places.  Do the same for i386.  This also
hides some physical addresses from higher levels and has it use the
generic vm_page_t's instead.  This will help for PAE down the road.

Obtained from:	jake (MI code, suggestions for MD part)
2002-02-27 02:14:58 +00:00
Matthew Dillon
181df8c9d4 revert last commit temporarily due to whining on the lists. 2002-02-26 20:33:41 +00:00
Matthew Dillon
f96ad4c223 STAGE-1 of 3 commit - allow (but do not require) interrupts to remain
enabled in critical sections and streamline critical_enter() and
critical_exit().

This commit allows an architecture to leave interrupts enabled inside
critical sections if it so wishes.  Architectures that do not wish to do
this are not effected by this change.

This commit implements the feature for the I386 architecture and provides
a sysctl, debug.critical_mode, which defaults to 1 (use the feature).  For
now you can turn the sysctl on and off at any time in order to test the
architectural changes or track down bugs.

This commit is just the first stage.  Some areas of the code, specifically
the MACHINE_CRITICAL_ENTER #ifdef'd code, is strictly temporary and will
be cleaned up in the STAGE-2 commit when the critical_*() functions are
moved entirely into MD files.

The following changes have been made:

	* critical_enter() and critical_exit() for I386 now simply increment
	  and decrement curthread->td_critnest.  They no longer disable
	  hard interrupts.  When critical_exit() decrements the counter to
	  0 it effectively calls a routine to deal with whatever interrupts
	  were deferred during the time the code was operating in a critical
	  section.

	  Other architectures are unaffected.

	* fork_exit() has been conditionalized to remove MD assumptions for
	  the new code.  Old code will still use the old MD assumptions
	  in regards to hard interrupt disablement.  In STAGE-2 this will
	  be turned into a subroutine call into MD code rather then hardcoded
	  in MI code.

	  The new code places the burden of entering the critical section
	  in the trampoline code where it belongs.

	* I386: interrupts are now enabled while we are in a critical section.
	  The interrupt vector code has been adjusted to deal with the fact.
	  If it detects that we are in a critical section it currently defers
	  the interrupt by adding the appropriate bit to an interrupt mask.

	* In order to accomplish the deferral, icu_lock is required.  This
	  is i386-specific.  Thus icu_lock can only be obtained by mainline
	  i386 code while interrupts are hard disabled.  This change has been
	  made.

	* Because interrupts may or may not be hard disabled during a
	  context switch, cpu_switch() can no longer simply assume that
	  PSL_I will be in a consistent state.  Therefore, it now saves and
	  restores eflags.

	* FAST INTERRUPT PROVISION.  Fast interrupts are currently deferred.
	  The intention is to eventually allow them to operate either while
	  we are in a critical section or, if we are able to restrict the
	  use of sched_lock, while we are not holding the sched_lock.

	* ICU and APIC vector assembly for I386 cleaned up.  The ICU code
	  has been cleaned up to match the APIC code in regards to format
	  and macro availability.  Additionally, the code has been adjusted
	  to deal with deferred interrupts.

	* Deferred interrupts use a per-cpu boolean int_pending, and
	  masks ipending, spending, and fpending.  Being per-cpu variables
	  it is not currently necessary to lock; bus cycles modifying them.

	  Note that the same mechanism will enable preemption to be
	  incorporated as a true software interrupt without having to
	  further hack up the critical nesting code.

	* Note: the old critical_enter() code in kern/kern_switch.c is
	  currently #ifdef to be compatible with both the old and new
	  methodology.  In STAGE-2 it will be moved entirely to MD code.

Performance issues:

	One of the purposes of this commit is to enhance critical section
	performance, specifically to greatly reduce bus overhead to allow
	the critical section code to be used to protect per-cpu caches.
	These caches, such as Jeff's slab allocator work, can potentially
	operate very quickly making the effective savings of the new
	critical section code's performance very significant.

	The second purpose of this commit is to allow architectures to
	enable certain interrupts while in a critical section.  Specifically,
	the intention is to eventually allow certain FAST interrupts to
	operate rather then defer.

	The third purpose of this commit is to begin to clean up the
	critical_enter()/critical_exit()/cpu_critical_enter()/
	cpu_critical_exit() API which currently has serious cross pollution
	in MI code (in fork_exit() and ast() for example).

	The fourth purpose of this commit is to provide a framework that
	allows kernel-preempting software interrupts to be implemented
	cleanly.  This is currently used for two forward interrupts in I386.
	Other architectures will have the choice of using this infrastructure
	or building the functionality directly into critical_enter()/
	critical_exit().

	Finally, this commit is designed to greatly improve the flexibility
	of various architectures to manage critical section handling,
	software interrupts, preemption, and other highly integrated
	architecture-specific details.
2002-02-26 17:06:21 +00:00
Bruce Evans
ffe4d2f7c7 Fixed 3 regressions in rev.1.99 (clobbering of the English fix in rev.1.98,
and 2 unformattings).
2002-02-26 16:17:45 +00:00
Søren Schmidt
ed57cfc480 Hide "bla bla exists, skipping it" behind bootverbose. 2002-02-26 10:38:33 +00:00
Poul-Henning Kamp
c91f7a7332 Cast the variable, not the constant to 64 bits. 2002-02-26 09:27:39 +00:00
Poul-Henning Kamp
0f5c7c4b1c Fix warning in !SMP case.
Submitted by:	 Maxime Henrion <mux@mu.org>
2002-02-26 09:21:52 +00:00
Poul-Henning Kamp
1634e90817 Remove unused variable. 2002-02-26 09:16:27 +00:00
Peter Wemm
e2256f43ed Fix warning. s/microuptime()/binuptime()/ for switchtime initial value. 2002-02-26 01:03:39 +00:00
Peter Wemm
bd47bef5aa Fix a warning. Do not assume pointer == long. 2002-02-26 00:55:27 +00:00
Peter Wemm
6bd95d70db Work-in-progress commit syncing up pmap cleanups that I have been working
on for a while:
- fine grained TLB shootdown for SMP on i386
- ranged TLB shootdowns.. eg: specify a range of pages to shoot down with
  a single IPI, since the IPI is very expensive.  Adjust some callers
  that used to trigger this inside tight loops to do a ranged shootdown
  at the end instead.
- PG_G support for SMP on i386 (options ENABLE_PG_G)
- defer PG_G activation till after we decide what we are going to do with
  PSE and the 4MB pages at the start of the kernel.  This should solve
  some rumored strangeness about stale PG_G entries getting stuck
  underneath the 4MB pages.
- add some instrumentation for the fine TLB shootdown
- convert some asm instruction wrappers from functions to inlines.  gcc
  seems to do a fair bit better with this.
- [temporarily!] pessimize the tlb shootdown IPI handlers.  I will fix
  this again shortly.

This has been working fairly well for me for a while, but I have tweaked
it again prior to commit since my last major testing round.  The only
outstanding problem that I know of is PG_G related, which is why there
is an option for it (not on by default for SMP).  I have seen a world
speedups by a few percent (as much as 4 or 5% in one case) but I have
*not* accurately measured this - I am a bit sceptical of these numbers.
2002-02-25 23:49:51 +00:00
Ian Dowse
ddb7d629f1 Sockets passed into uipc_abort() have been allocated by sonewconn()
but never accept'ed, so they must be destroyed. Originally, unp_drop()
detected this situation by checking if so->so_head is non-NULL.
However, since revision 1.54 of uipc_socket.c (Feb 1999), so->so_head
is set to NULL before calling soabort(), so any unix-domain sockets
waiting to be accept'ed are leaked if the server socket is closed.

Resolve this by moving the socket destruction code into uipc_abort()
itself, and making it unconditional (the other caller of unp_drop()
never needs the socket to be destroyed). Use unp_detach() to avoid
the original code duplication when destroying the socket.

PR:		kern/17895
Reviewed by:	dwmalone (an earlier version of the patch)
MFC after:	1 week
2002-02-25 00:03:34 +00:00
Poul-Henning Kamp
5b7d8efa8d Add a generation number to timecounters and spin if it changes under
our feet when we look inside timecounter structures.

Make the "sync_other" code more robust by never overwriting the
tc_next field.

Add counters for the bin[up]time functions.

Call tc_windup() in tc_init() and switch_timecounter() to make sure
we all the fields set right.
2002-02-24 20:04:07 +00:00
Poul-Henning Kamp
e9be968e95 Fix a typo (?) in previous commit told ttyprintf() to print the integer
part of the user-time as a 64bit quantity.  This resulted in weird
output from SIGINFO.
2002-02-24 19:56:41 +00:00
Seigo Tanimura
f591779bb5 Lock struct pgrp, session and sigio.
New locks are:

- pgrpsess_lock which locks the whole pgrps and sessions,
- pg_mtx which protects the pgrp members, and
- s_mtx which protects the session members.

Please refer to sys/proc.h for the coverage of these locks.

Changes on the pgrp/session interface:

- pgfind() needs the pgrpsess_lock held.

- The caller of enterpgrp() is responsible to allocate a new pgrp and
  session.

- Call enterthispgrp() in order to enter an existing pgrp.

- pgsignal() requires a pgrp lock held.

Reviewed by:	jhb, alfred
Tested on:	cvsup.jp.FreeBSD.org
		(which is a quad-CPU machine running -current)
2002-02-23 11:12:57 +00:00
Jake Burkholder
39dda4e363 Make this compile.
Pointy hat to:	julian
2002-02-23 01:42:13 +00:00
Julian Elischer
77c4066424 Add some DIAGNOSTIC code.
While in userland, keep the thread's ucred reference in a shadow
field so that the usual place to store it is NULL.
If DIAGNOSTIC is not set, the thread ucred is kept valid until the next
kernel entry, at which time it is checked against the process cred
and possibly corrected. Produces a BIG speedup in
kernels with INVARIANTS set. (A previous commit corrected it
for the non INVARIANTS case already)

Reviewed by:	dillon@freebsd.org
2002-02-22 23:58:22 +00:00
Andrew R. Reiter
e68baa7073 - Whitespace fixes leftover from previous commit.
Submitted by:	bde
2002-02-22 13:43:56 +00:00
Andrew R. Reiter
54c94c8a35 - Whitespace fixup left over from previous commit.
- Remove bogus cast.

Submitted by:	bde
2002-02-22 13:33:10 +00:00
Poul-Henning Kamp
1cbb9c3b03 Convert p->p_runtime and PCPU(switchtime) to bintime format. 2002-02-22 13:32:01 +00:00
Poul-Henning Kamp
4e2befc031 Use better scaling factor for NTPs correction.
Explain the magic.
2002-02-22 12:59:20 +00:00
Poul-Henning Kamp
57c10583aa GC: BIO_ORDERED, various infrastructure dealing with BIO_ORDERED. 2002-02-22 09:26:35 +00:00
Poul-Henning Kamp
986066d065 Replace bowrite() with BUF_WRITE in ufs.
Remove bowrite(), it is now unused.

This is the first step in getting entirely rid of BIO_ORDERED which is
a generally accepted evil thing.

Approved by:	mckusick
2002-02-22 09:03:00 +00:00
Andrew R. Reiter
8e92b63c6f - Massive style fixup.
Reviewed by: mike
Approved by: dfr
2002-02-22 04:14:49 +00:00
Boris Popov
cebcee2e9e Add support for iovcnt greater than 1. This should resolve problems
with some applications.

Obtained from:	Darwin project
MFC after:	2 weeks
2002-02-21 16:23:38 +00:00
Bruce Evans
19610b66d8 Fixed some style bugs. Added a comment about a bug in PT_SSTEP.
Approved by:	des
2002-02-21 04:47:38 +00:00
Bruce Evans
4b1aa58b5f Recover bits that were lost in transition in rev.1.76:
- P_INMEM checks in all the functions.  P_INMEM must be checked because
  PHOLD() is broken.  The old bits had bogus locking (using sched_lock)
  to lock P_INMEM.  After removing the P_INMEM checks, we were left with
  just the bogus locking.
- large comments.  They were too large, but better than nothing.

Remove obfuscations that were gained in transition in rev.1.76:
- PROC_REG_ACTION() is even more of an obfuscation than PROC_ACTION().

The change copies procfs_machdep.c rev.1.22 of i386/procfs_machdep.c
verbatim except for "fixing" the old-style function headers and adjusting
function names and comments.  It doesn't remove the bogus locking.

Approved by:	des
2002-02-21 04:37:55 +00:00
Julian Elischer
fd21c2b51c Oops, used wrong error value for unimplemented syscalls. 2002-02-20 22:27:09 +00:00
Peter Wemm
114730b0a8 Tidy up some unused variables 2002-02-20 21:25:44 +00:00
Andrew R. Reiter
b65420f968 - Fix style further by adding parentheses around return values so that
they look like:
	return (val);  instead of:  return val;
2002-02-20 16:05:30 +00:00
Andrew R. Reiter
287698b4f1 - Style.9 formatting fix; this commit is mostly white space related with
the next commit actually doing the:
	return val; -> return (val);
  changes.  This commit was done in preparation for getting ``struct
  modules'' locked down.

Reviewed by: bde
Approved by: dfr
2002-02-20 14:30:02 +00:00
Robert Watson
ec20f901a2 More cleanups relating to vm object allocation failure: make sure we
call VOP_CLOSE() with vp unlocked; clean up the return path a little,
in as much as our namei/vnode operation return paths can be cleared
up.  For a return case that was apparently never taken, this sure
is ugly.

Reviewed by:	jeffr
2002-02-20 00:11:57 +00:00
Mike Silbersack
cc6712ea04 A few misc forkbomb defenses:
- Leave 10 processes for root-only use, the previous
  value of 1 was insufficient to run ps ax | more.
- Remove the printing of "proc: table full".  When the table
  really is full, this would flood the screen/logs, making
  the problem tougher to deal with.
- Force any process trying to fork beyond its user's maximum
  number of processes to sleep for .5 seconds before returning
  failure.  This turns 2000 rampaging fork monsters into 2000
  harmlessly snoozing fork monsters.

Reviewed by:	dillon, peter
MFC after:	1 week
2002-02-19 03:15:28 +00:00
Julian Elischer
c28841c1da Add stub syscalls and definitions for KSE calls.
"Book'em Danno"
2002-02-19 02:40:31 +00:00
Julian Elischer
8a2c87e7c7 Add 5 KSE syscalls. Two will be implemented with the next KSE
step and the others are reservations for coming code.
All will be stubbed in this kernel in the next commit.
This will allow people to easily make KSE binaries for userland testing
(the syscalls will be in libc) but they will still need a real KSE kernel
to test it. (libc looks in /sys to decide what it should add stubs for).
2002-02-19 02:19:36 +00:00
Matthew Dillon
3e1ce344ba Load the current timecounter into tc. The timecounter global can change
at any time and we do not want to call one timercounter's function with
another timecounter's structural pointer.

MFC after:	3 days
2002-02-18 19:49:30 +00:00
Matthew Dillon
735da6de88 Add kern_giant_ucred to instrument Giant around ucred related operations
such a getgid(), setgid(), etc...
2002-02-18 17:51:47 +00:00
Poul-Henning Kamp
68edc1b939 Make v_addpollinfo() visible and non-inline.
Have callers only call it as needed.
Add necessary call in ufs_kqfilter().

Test-case found by:	Andrew Gallatin <gallatin@cs.duke.edu>
2002-02-18 16:18:02 +00:00
Robert Watson
b541b65d91 Rehash of 1.43: simply remove the comment, since it's highly redundant
and only partially correct.
2002-02-18 16:02:24 +00:00
Ian Dowse
b01bcf4c74 Add the braces missed by revision 1.131.
Pointy hat to:	rwatson
2002-02-18 12:46:18 +00:00
Poul-Henning Kamp
21dcdb38e1 Take the common case of gettimeofday(&tv, NULL) out from under Giant. 2002-02-18 08:40:28 +00:00
Poul-Henning Kamp
90737495aa Remove yet a redundant VN_KNOTE() macro. 2002-02-18 08:24:48 +00:00
Matthew Dillon
5638baf0c6 The ICANON flag is an lflag, not an iflag.
Submitted by:	Neelkanth Natu <neelnatu@yahoo.com>
MFC after:	3 days
2002-02-18 06:07:11 +00:00
Robert Watson
4729fbd85f When vn_open() is failing because it cannot allocate a vm object, call
VOP_CLOSE() on the vnode, so that VOP_OPEN() and VOP_CLOSE() calls
are symmetric in all failure cases.  This prevents an 'open' reference
from being leaked in that unlikely failure scenario.
2002-02-18 00:26:10 +00:00
Robert Watson
3056874a81 style(9) prefers formatted comments in '/*' ... '*/' as opposed to
#if 0'd.
2002-02-18 00:23:44 +00:00
Robert Watson
eae1306746 Per discussion at BSDCon, note that the vop_getattr locking protocol
should require a shared lock, rather than an exclusive lock, which can
improve performance.  No actual code change here, since a number of
VFS locking fixes are in the works.
2002-02-18 00:22:57 +00:00
Poul-Henning Kamp
4b55dbe36b Move the stuff related to select and poll out of struct vnode.
The use of the zone allocator may or may not be overkill.
There is an XXX: over in ufs/ufs/ufs_vnops.c that jlemon may need
to revisit.

This shaves about 60 bytes of struct vnode which on my laptop means
600k less RAM used for vnodes.
2002-02-17 21:15:36 +00:00
Poul-Henning Kamp
362912ebcc Remove cache_purgeleafdirs(), it has been #if 0 for quite some time. 2002-02-17 20:40:29 +00:00
Daniel Eischen
1e599eee20 Regenerate these files after change to syscalls.master. 2002-02-17 17:42:47 +00:00
Daniel Eischen
bc874287e9 Fix prototype to sigreturn to use struct __ucontext instead of ucontext_t. 2002-02-17 17:41:28 +00:00
Matthew Dillon
e1bca29fae replace the embedded cr_mtx in the ucred structure with cr_mtxp (a mutex
pointer), and use the mutex pool routines.  This greatly reduces the size
of the ucred structure.
2002-02-17 07:30:34 +00:00
Julian Elischer
2eb927e2bb If the credential on an incoming thread is correct, don't bother
reaquiring it. In the same vein, don't bother dropping the thread cred
when goinf ot userland. We are guaranteed to nned it when we come back,
(which we are guaranteed to do).

Reviewed by:	jhb@freebsd.org, bde@freebsd.org (slightly different version)
2002-02-17 01:09:56 +00:00
Brian Feldman
1b56782026 (Doing that whole test-immediately-after-commit-thing like obrien sez:)
Forgot to include lock.h and mutex.h for GIANT_REQUIRED.
2002-02-16 17:44:43 +00:00
Brian Feldman
1fd9f8f438 Add revoke_and_destroy_dev(), to be used by devices which decide when
they choose to destroy themselves without regard to whether or not
they are open.
2002-02-16 17:35:05 +00:00
Bruce Evans
8c3d74f4bf Fixed a typo in rev.1.65 that gave a reference to a nonexistent variable.
This was not detected by LINT because LINT is missing COMPAT_SUNOS.
2002-02-15 03:54:01 +00:00
Luigi Rizzo
e522304423 Make this compile after changes to kse structures.
This escaped because DEVICE_POLLING is disabled in LINT being
not compatible with SMP. In fact, it is only a runtime problem,
so if we could recognize that we are building a LINT kernel
we could as well disable the check for SMP being defined.

Reported-by: Joe Clarke
2002-02-15 02:50:07 +00:00
Alan Cox
9fbd7ccf00 o Clearing p/td_retval[0] after aio_newproc() is unnecessary. (We stopped
calling rfork() to create aio threads in revision 1.46.)
 o Don't recompute the FILE * when it's already stored in the kernel's AIOCB.
2002-02-12 17:40:41 +00:00
Alan Cox
96347d1e6d The previous commit included a change to fill_kinfo_proc() that results
in a NULL pointer dereference.  Repair this mistake.
2002-02-12 04:21:28 +00:00
Luigi Rizzo
daccb6386b MFS: synchronize the code with the version in -stable, specifically:
+ SYSCTL_ULONG -> SYSCTL_UINT
 + some procedure renaming and variable rearrangement
 + fix the 'interface going deaf' problem same as in -stable.
2002-02-11 23:56:18 +00:00
Julian Elischer
2c1007663f In a threaded world, differnt priorirites become properties of
different entities.  Make it so.

Reviewed by:	jhb@freebsd.org (john baldwin)
2002-02-11 20:37:54 +00:00
David E. O'Brien
952539e39a Allow one to specify the AWK used in the environment(commandline).
Gawk is blowing up when run natively on the sparc64 -- leading to totally
bogus kernel values (all "0x0").  Good ole BWK awk works fine however.
2002-02-11 03:54:30 +00:00
Poul-Henning Kamp
d9888e41d5 GC the unused einval()
Obtained from:	~bde/sys.dif.gz
2002-02-10 22:07:41 +00:00
Poul-Henning Kamp
58a24f7938 Style(9) nits.
Obtained from:	~bde/sys.dif.gz
2002-02-10 22:04:44 +00:00
Robert Watson
1745909176 Add a comment indicating that the locking protocol should be updated
to be 'L L L' for vop_getattr().  Don't update it yet, because there
are still many offenders.
2002-02-10 21:46:16 +00:00
Robert Watson
5da271f5a6 Add a comment indicating that VOP_GETATTR() is called without appropriate
locking in the core dump code.  This should be fixed.
2002-02-10 21:45:16 +00:00
Robert Watson
1ea030d8fe Make sure to hold vnode lock when calling into VOP_GETATTR().
Discussed with:	mckusick, phk
2002-02-10 21:44:30 +00:00
Robert Watson
894c9fe04e Add a comment indicating that the vnode locking in this section of the
kernel linker code may be wrong: it fails to hold a lock across the
call to VOP_GETATTR(), and vn_rdwr() with IO_NODELOCKED.
2002-02-10 21:29:02 +00:00
Robert Watson
c0a9dc83c8 Make sure to grab vnode lock on a vnode before calling VOP_GETATTR()
to perform an ownership test in revoke().  This is also required for
MAC hooks so that the vnode lock is held during a call to the MAC
framework.  Release the lock before calling VOP_REVOKE().

Discussed with:	phk, mckusick
2002-02-10 20:45:43 +00:00
Robert Watson
56e04d01c0 Remove a stray 'const' that slept into extattr_set_vp(), and could
result in compiler warnings.
2002-02-10 05:31:55 +00:00
Robert Watson
1aa1d02a98 Part II: Update system calls for extended attributes. Rebuild of
generated files.
2002-02-10 04:44:37 +00:00
Robert Watson
74237f55b0 Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
  as not to use the scatter gather API (which appeared not to be used
  by any consumers, and be less portable), rather, accepts 'data'
  and 'nbytes' in the style of other simple read/write interfaces.
  This changes the API and ABI.

o Modify system call semantics so that extattr_get_{fd,file}() return
  a size_t.  When performing a read, the number of bytes read will
  be returned, unless the data pointer is NULL, in which case the
  number of bytes of data are returned.  This changes the API only.

o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
  argument so as to return the size, if desirable.  If set to NULL,
  the size will not be returned.

o Update various filesystems (pseodofs, ufs) to DTRT.

These changes should make extended attributes more useful and more
portable.  More commits to rebuild the system call files, as well
as update userland utilities to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
Julian Elischer
237a8a02da Replace accidentally removed setrunqueue()
solves problem with machines failing to sync in booting.
Submitted by: Tor.Egge@cvsup.no.freebsd.org
2002-02-09 01:38:16 +00:00
John Baldwin
18fc2ba9ff Use the mtx_owner() macro in one spot in _mtx_lock_sleep() to make the
code easier to read.
2002-02-09 00:12:53 +00:00
Thomas Moestl
2333d112fb Fix a bug introduced in r. 1.28: when copy{in,out} would fail for an
iovec that was not the last one in the uio, the error would be ignored
silently.

Bug found and fix proposed by:	jhb
2002-02-08 20:19:44 +00:00
Peter Wemm
1037bbb195 Fix broken Giant locking protocol introduced in rev 1.114. You cannot
unlock Giant if it is not locked in the first place.  This make the
nfstat(2) syscall (#278) a nice panic(2) implementation.
2002-02-08 09:16:57 +00:00
Peter Wemm
fe0d0493ac Bah, I managed to turn cosmetic things into real bugs. Fix shadowed
variable declarations. :-(  Definately not my day today.
2002-02-08 08:56:01 +00:00
Robert Watson
143bb598d0 o Merge various recent fixes from the MAC branch relating to extattrctl():
- Fix null-pointer dereference introduced when snapshotting
	  was introduced.  This occured because unlike the previous code,
	  vn_start_write() doesn't always return a non-NULL mp, as
	  filesystems may not support the VOP_GETWRITEMOUNT() call.  For
	  now, rely on two pointers, so that vn_finished_write() works
	  properly.
	- Fix locking problems on exit, introduced at some past time,
	  some when snapshots came in, where a vnode might not be
	  unlocked before being vrele'd in various error situations.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-02-08 05:58:41 +00:00
Peter Wemm
de9ac44a24 Fix a fatal trap when using ksched_setscheduler() (eg: mozilla, netscape
etc) which use:  td->td_last_kse->ke_flags |= KEF_NEEDRESCHED;
2002-02-08 02:56:10 +00:00
Julian Elischer
045e854101 remove superfluous blank line 2002-02-08 01:38:32 +00:00
Peter Wemm
2b8a08af6b Fix a couple of style bugs introduced (or touched by) previous commit. 2002-02-07 23:06:26 +00:00
Peter Wemm
2d008b444d Fix a whole bunch of long lines introduced by previous commit by using
td = FIRST_THREAD_IN_PROC(p) once, after we have identified the process
that we are operating on.
2002-02-07 23:05:40 +00:00
Poul-Henning Kamp
2028c0cdb9 Revise timercounters to use binary fixed point format internally.
The binary format "bintime" is a 32.64 format, it will go to 64.64
when time_t does.

The bintime format is available to consumers of time in the kernel,
and is preferable where timeintervals needs to be accumulated.

This change simplifies much of the magic math inside the timecounters
and improves the frequency and time precision by a couple of bits.

I have not been able to measure a performance difference which was not
a tiny fraction of the standard deviation on the measurements.
2002-02-07 21:21:55 +00:00
Julian Elischer
079b7badea Pre-KSE/M3 commit.
this is a low-functionality change that changes the kernel to access the main
thread of a process via the linked list of threads rather than
assuming that it is embedded in the process. It IS still embeded there
but remove all teh code that assumes that in preparation for the next commit
which will actually move it out.

Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
2002-02-07 20:58:47 +00:00
John Baldwin
78a1485fd1 Fixes for alpha pmap on SMP machines:
- Create a private list of active pmaps rather than abusing the list of all
  processes when we need to look up pmaps.  The process list needs a sx lock
  and we can't be getting sx locks in the middle of cpu_switch()
  (pmap_activate() can call pmap_get_asn() from cpu_switch()).  Instead, we
  protect the list with a spinlock.  This also means the list is shorter
  since a pmap can be used by more than one process and we could (at least
  in thoery) dink with pmap's more than once, but now we only touch each
  pmap once when we have to update all of them.
- Wrap pmap_activate()'s code to get a new ASN in an explicit critical section
  so that when it is called while doing an exec() we can't get preempted.
- Replace splhigh() in pmap_growkernel() with a critical section to prevent
  preemption while we are adjusting the kernel page tables.
- Fixes abuse of PCPU_GET(), which doesn't return an L-value.
- Also adds some slight cleanups to the ASN handling by adding some macros
  instead of magic numbers in relation to the ASN and ASN generations.

Reviewed by:	dfr
2002-02-06 04:30:26 +00:00
Matthew Dillon
0b94a0e9f9 Allow the kern.maxusers boot tuneable to be set to 0 (previously only
the kernel config's maxusers could be set to 0 for autosizing to work).
Reviewed by:	rwatson, imp
MFC after:	3 days
2002-02-06 01:19:19 +00:00
Alfred Perlstein
582ec34cd8 Fix a race with free'ing vmspaces at process exit when vmspaces are
shared.

Also introduce vm_endcopy instead of using pointer tricks when
initializing new vmspaces.

The race occured because of how the reference was utilized:
  test vmspace reference,
  possibly block,
  decrement reference

When sharing a vmspace between multiple processes it was possible
for two processes exiting at the same time to test the reference
count, possibly block and neither one free because they wouldn't
see the other's update.

Submitted by: green
2002-02-05 21:23:05 +00:00
Poul-Henning Kamp
a305896436 Let the number of timecounters follow hz, otherwise people with
HZ=BIGNUM will strain the assumptions behind timecounters to the
point where they break.

This may or may not help people seeing microuptime() backwards messages.

Make the global timecounter variable volatile, it makes no difference in
the code GCC generates, but it makes represents the intent correctly.

Thanks to:	jdp
MFC after:	2 weeks
2002-02-05 20:44:56 +00:00
Matthew Dillon
ecde8f7c29 Get rid of the twisted MFREE() macro entirely.
Reviewed by:	dg, bmilekic
MFC after:	3 days
2002-02-05 02:00:56 +00:00
Robert Watson
4e1123c738 o Scatter vn_start_write() and vn_finished_write() through ACL code so
that it interacts properly with snapshotting.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-02-04 17:58:15 +00:00
Robert Watson
eccbb13cb5 Note that Kirk apparently missed adding vn_start_write() and friends
to kern_acl.c when he added snapshotting.  This will need to be added
at some point.
2002-02-04 16:41:59 +00:00
Kirk McKusick
64011154e5 In the routines vrele() and vput(), we must lock the vnode and
call VOP_INACTIVE before placing the vnode back on the free list.
Otherwise there is a race condition on SMP machines between
getnewvnode() locking the vnode to reclaim it and vrele()
locking the vnode to inactivate it. This window of vulnerability
becomes exaggerated in the presence of filesystems that have
been suspended as the inactive routine may need to temporarily
release the lock on the vnode to avoid deadlock with the syncer
process.
2002-02-02 01:49:18 +00:00
Alfred Perlstein
3865fa138b Remove bogus assertion in dup2 that can lead to panics when kernel
threads race for a file slot.

dup2(2) incorrectly assumes that if it needs to grow the ofiles
array that it will get what it wants.  This assertion was valid
before we allowed shared filedescriptor tables but is now incorrect.

The assertion can trigger superfolous panics if the thread doing a
dup2 looses a race with another thread while possibly blocked in
the MALLOC call in fdalloc.  Another thread may grab the slot we
are requesting which makes fdalloc return something other than what
we asked for, this will triggering the bogus assertion.

MFC after: 2 weeks
Reviewed by: phk
2002-02-01 19:25:36 +00:00
Alfred Perlstein
2b39743941 Avoid lock order reversal filedesc/Giant when calling FREE() in fdalloc
by unlocking the filedesc before calling FREE().

Submitted by: bde
2002-02-01 19:19:54 +00:00
Alfred Perlstein
b7184973ed Don't recurse on filedesc lock in chroot_refuse_vdir_fds().
Noticed by: Michael Nottebrock <michaelnottebrock@gmx.net>
2002-02-01 18:27:16 +00:00
Bruce Evans
b6fe6a5d88 Regenerate to make osigreturn standard. 2002-02-01 17:41:45 +00:00
Bruce Evans
860965f144 Made osigreturn(2) standard so that SYS_osigreturn can be used in the
signal trampoline for old signals.  The arches that support old signals
currently abuse sigreturn(2) instead.  This mainly complicates things
and slightly breaks the the new sigreturn(2).

COMPAT is too limited to support the correct configuration of osigreturn,
and this commit doesn't attempt to fix it; it just moves the bogusness:
osigreturn() must now be provided unconditionally even on arches that
don't really need it; previously it had to be provided under the bogus
condition defined(COMPAT_43).
2002-02-01 17:27:14 +00:00
Matthew Dillon
027df6bdd7 GC P_BUFEXHAUST leftovers, we've had a new mechanism to avoid buffer
cache lockups for over a year now.

MFC after:		0 days
2002-01-31 18:39:44 +00:00
Alfred Perlstein
4658f926c0 Remove unused variables in select(2) from previous delta.
Pointed out by: bde
2002-01-30 19:48:25 +00:00
Bruce Evans
9a7f62c577 Oops, fix previous commit to not generate a C comment in syscall.mk. 2002-01-30 15:12:12 +00:00
Bruce Evans
581cad5a9c Regenerate _after_ the commit to syscalls.master. 2002-01-30 10:29:12 +00:00
Bruce Evans
0878983ab4 Escape $FreeBSD$ in a different way to avoid using the bogus escapes \$
and \F.  Awk just started warning about these.
2002-01-30 10:22:05 +00:00
Alfred Perlstein
eb20931127 Attempt to fixup select(2) and poll(2), this should fix some races with
other threads as well as speed up the interfaces.

To fix the race and accomplish the speedup, remove selholddrop and
pollholddrop.  The entire concept is somewhat bogus because holding
the individual struct file pointers offers us no guarantees that
another thread context won't close it on us thereby removing our
access to our own reference.

Selholddrop and pollholddrop also would do multiple locks and unlocks
of mutexes _per-file_ in the fd arrays to be scanned, this needed to
be sped up.

Instead of using selholddrop and pollholddrop, simply hold the
filedesc lock over the selscan and pollscan functions.  This should
protect us against close(2)'s on the files as reduce the multiple
lock/unlock pairs per fd into a single lock over the filedesc.
2002-01-29 22:54:19 +00:00
Alfred Perlstein
5980a85f08 Backout 1.120, EINVAL isn't a proper error return when the passed fd is
negative, the 'pointer' referred to by the manpage is actually the
struct file's f_offset field.

Pointed out by: bde
2002-01-29 17:12:10 +00:00
Poul-Henning Kamp
05a2f79888 Be more conservative about interrupt latency, it aint getting better it seems. 2002-01-25 21:22:34 +00:00
Poul-Henning Kamp
3e72822404 Make st_blksize default to PAGE_SIZE instead of zero. 2002-01-25 16:39:57 +00:00
Matthew Dillon
4fbd563eb8 Make the 'maxusers 0' auto-sizing code slightly more conservative. Change
from 1 megabyte of ram per user to 2 megabytes of ram per user, and
reduce the cap from 512 to 384.  512 leaves around 240 MB of KVM available
while 384 leaves 270 MB of KVM available.  Available KVM is important
in order to deal with zalloc and kernel malloc area growth.

Reviewed by:	mckusick
MFC: either before 4.5 if re's agree, or after 4.5
2002-01-25 01:54:16 +00:00
Poul-Henning Kamp
9118ec5a27 Yet a bug with extensible sbufs being marked as OVERFLOWED. This time
because of a signed/unsigned problem.

Approved by:	DES
2002-01-24 20:57:56 +00:00
Jonathan Lemon
cd75bfa75f Add entry for EVFILT_NETDEV, which was inadverdently omitted back in Sept. 2002-01-24 17:20:55 +00:00
Alfred Perlstein
095f670d4e in fget() return EINVAL when the descriptor requested is negative. 2002-01-23 08:40:35 +00:00
Alfred Perlstein
97fa4397d3 make pread use fget_read instead of holdfp. 2002-01-23 08:22:59 +00:00
David Greenman
7228268aaa Fixed bug in calculation of amount of file to send when nbytes !=0 and
headers or trailers are supplied. Reported by Vladislav Shabanov
<vs@rambler-co.ru>.

PR:		33771
Submitted by:	Maxim Konovalov <maxim@macomnet.ru>
MFC after:	3 days
2002-01-22 17:32:10 +00:00
Poul-Henning Kamp
1a25c86b3b In certain cases sbuf_printf() and sbuf_vprintf() could mistakely
make extendable sbufs as overflowed.

Approved by:	des
2002-01-22 11:22:55 +00:00
Maxim Sobolev
dcd7d9b7b7 Allow dump device be configured as early as possible using loader(8) tunable.
This allows obtaining crash dumps from the panics occured during late stages
of kernel initialisation before system enters into single-user mode.

MFC after:	2 weeks
2002-01-21 01:16:11 +00:00
Alfred Perlstein
767567d3c2 use mutex pools for "struct file" locking.
fix indentation of FILE_LOCK/UNLOCK macros while I'm here.
2002-01-20 22:58:08 +00:00
Alfred Perlstein
547ce823ef use mutex pool mutexes for uidinfo locking.
replace mutex_lock calls on uidinfo with macro calls:
  mtx_lock(&uidp->ui_mtx) -> UIDINFO_LOCK(uidp)

Terry Lambert <tlambert2@mindspring.com> helped with this.
2002-01-20 22:48:49 +00:00
Alan Cox
c3869e4bf1 o Remove the unused vestiges of JOBST_JOBQPROC and
the per-thread jobtorun queue.
 o Use TAILQ_EMPTY() instead of TAILQ_FIRST(...) == NULL.
2002-01-20 18:59:58 +00:00
Alan Cox
12f63f1741 o Revision 1.99 ("KSE Milestone 2") left the aio daemons
sleeping on a process object but changed the corresponding
   wakeup()s to the thread object.  The result was that non-raw
   aio ops waited for an aio daemon to timeout before action
   was taken.  Now, we sleep on the thread object.

PR:		kern/34016
2002-01-20 00:52:44 +00:00
Matthew Dillon
c73df808a0 Remove 'VXLOCK: interlock avoided' warnings. This can now occur in normal
operation.  The vgonel() code has always called vclean() but until we
started proactively freeing vnodes it would never actually be called with
a dirty vnode, so this situation did not occur prior to the vnlru() code.
Now that we proactively free vnodes when kern.maxvnodes is hit, however,
vclean() winds up with work to do and improperly generates the warnings.

Reviewed by:	peter
Approved by:	re (for MFC)
MFC after:	1 day
2002-01-19 02:14:45 +00:00
Alfred Perlstein
aa11a498ff undo a bit of the Giant pushdown.
fdrop isn't SMP safe as it may call into the file's close routine which
definetly is not SMP safe right now, so we hold Giant over calls to
fdrop now.
2002-01-19 01:03:54 +00:00
Nik Clayton
422702e9a8 Explain that the admin can safely power down the system as well as
rebooting.
2002-01-18 22:45:29 +00:00
Seigo Tanimura
98bf25aae1 Invert the test of sx_xholder for SX_LOCKED. We need to warn if a
thread other than the curthread holds an sx.

While I am here, break a line at the end of warning.
2002-01-18 09:21:15 +00:00
Bruce Evans
e58b5938ea Uninlined most of the bloated inline functions in <sys/disklabel.h>. Some
of them need to become even larger to support devfs.
2002-01-17 18:33:18 +00:00
Bruce Evans
e744f30933 Changed the type of pcb_flags from u_char to u_int and adjusted things.
This removes the only atomic operation on a char type in the entire
kernel.
2002-01-17 17:49:23 +00:00
Alan Cox
825ce531a6 o Eliminate an unused parameter from aio_fphysio(). 2002-01-17 17:19:40 +00:00
Alfred Perlstein
b5c93a560d Fix giant handling in pwrite(2), I forgot to release it when finishing
the syscall.
2002-01-16 21:33:41 +00:00
Andrew R. Reiter
d0615c64a5 - Attempt to help declutter kern. sysctl by moving security out from
beneath it.

Reviewed by: rwatson
2002-01-16 06:55:30 +00:00
John Baldwin
bf07c922ac Bump the limits for determining if we've held a spinlock too long as they
seem to be too short for the 500 Mhz DS20 I'm testing on.  The rather
arbitrary numbers are rather bogus anyways.  We should probably have
variables for these limits that are calibrated in the MD startup code
somehow.
2002-01-15 14:20:33 +00:00
Kirk McKusick
cd6005961f When downgrading a filesystem from read-write to read-only, operations
involving file removal or file update were not always being fully
committed to disk. The result was lost files or corrupted file data.
This change ensures that the filesystem is properly synced to disk
before the filesystem is down-graded.

This delta also fixes a long standing bug in which a file open for
reading has been unlinked. When the last open reference to the file
is closed, the inode is reclaimed by the filesystem. Previously,
if the filesystem had been down-graded to read-only, the inode could
not be reclaimed, and thus was lost and had to be later recovered
by fsck.  With this change, such files are found at the time of the
down-grade.  Normally they will result in the filesystem down-grade
failing with `device busy'. If a forcible down-grade is done, then
the affected files will be revoked causing the inode to be released
and the open file descriptors to begin failing on attempts to read.

Submitted by:	"Sam Leffler" <sam@errno.com>
2002-01-15 07:17:12 +00:00
Alfred Perlstein
74aac58b52 Push down Giant in dup(2) and dup2(2), Giant is only needed when
calling closef() in the case of dup2(2) duping over a descriptor
and when fdalloc must grow or free a filedesc.
2002-01-15 00:58:40 +00:00
Alfred Perlstein
468485b8d2 Fix select on fifos.
Backout revision 1.56 and 1.57 of fifo_vnops.c.

Introduce a new poll op "POLLINIGNEOF" that can be used to ignore
EOF on a fifo, POLLIN/POLLRDNORM is converted to POLLINIGNEOF within
the FIFO implementation to effect the correct behavior.

This should allow one to view a fifo pretty much as a data source
rather than worry about connections coming and going.

Reviewed by: bde
2002-01-14 22:03:48 +00:00
Alfred Perlstein
55e8d28c0e Remove a bogus FILEDESC_UNLOCK.
Submitted by: tanimura
2002-01-14 19:45:03 +00:00
Alan Cox
c6c191b26f o Correct the initialization of aiolio_zone: Each entry was 16 times larger
than necessary.
 o Move a rarely-used goto label inside a critical section so that we don't
   perform an splnet() for which there is no corresponding splx().
 o Remove unnecessary splnet()/splx() around accesses to kaioinfo::kaio_jobdone
   in aio_return().
 o Use TAILQ_FOREACH for simple cases of iteration over kaioinfo::kaio_jobdone.
2002-01-14 07:26:33 +00:00
Alfred Perlstein
a4db49537b Replace ffind_* with fget calls.
Make fget MPsafe.

Make fgetvp and fgetsock use the fget subsystem to reduce code bloat.

Push giant down in fpathconf().
2002-01-14 00:13:45 +00:00
Alfred Perlstein
9e209b124a Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
2002-01-13 21:37:49 +00:00
Alan Cox
6f5dafea75 o Call the functions registered with at_exec() from exec_new_vmspace()
instead of execve().  Otherwise, the possibility still exists
   for a pending AIO to modify the new address space.

Reviewed by:	alfred
2002-01-13 19:36:35 +00:00
Alfred Perlstein
ba868b0da2 Comment fdrop and fdrop_locked functions. 2002-01-13 12:58:14 +00:00
Alfred Perlstein
c2824dd49b Implement ffind_hold using ffind_lock.
Recommended by: jhb
2002-01-13 12:57:02 +00:00
Alfred Perlstein
426da3bcfb SMP Lock struct file, filedesc and the global file list.
Seigo Tanimura (tanimura) posted the initial delta.

I've polished it quite a bit reducing the need for locking and
adapting it for KSE.

Locks:

1 mutex in each filedesc
   protects all the fields.
   protects "struct file" initialization, while a struct file
     is being changed from &badfileops -> &pipeops or something
     the filedesc should be locked.

1 mutex in each struct file
   protects the refcount fields.
   doesn't protect anything else.
   the flags used for garbage collection have been moved to
     f_gcflag which was the FILLER short, this doesn't need
     locking because the garbage collection is a single threaded
     container.
  could likely be made to use a pool mutex.

1 sx lock for the global filelist.

struct file *	fhold(struct file *fp);
        /* increments reference count on a file */

struct file *	fhold_locked(struct file *fp);
        /* like fhold but expects file to locked */

struct file *	ffind_hold(struct thread *, int fd);
        /* finds the struct file in thread, adds one reference and
                returns it unlocked */

struct file *	ffind_lock(struct thread *, int fd);
        /* ffind_hold, but returns file locked */

I still have to smp-safe the fget cruft, I'll get to that asap.
2002-01-13 11:58:06 +00:00
Kirk McKusick
715b7b8445 Fix typo so that the delay code introduced in revision 1.60 actually
does something.

Submitted by:	John Baldwin <john@baldwin.cx>
2002-01-12 02:04:15 +00:00
Matthew Dillon
e61ab5fce9 Add vlruvp() routine - implements LRU operation for vnode recycling.
We calculate a trigger point that both guarentees we will find a
sufficient number of vnodes to recycle and prevents us from recycling
vnodes with lots of resident pages.  This particular section of
code is designed to recycle vnodes, not do unnecessary frees of
cached VM pages.
2002-01-10 18:31:53 +00:00
Ian Dowse
1f493270a1 Change dounmount() to return EBUSY in the non-MNT_FORCE case if we
can't acquire the mnt_lock without blocking. Normally non-forced
unmount attempts return EBUSY quickly if any vnodes are active, so
this just extends that behaviour to cover the per-mount mnt_lock
too.
2002-01-10 01:59:30 +00:00
Robert Watson
2b87b6d4f4 o Revert kern_sig.c#1.143, as cr_cansignal() doesn't currently permit
a number of desirable cases in which SIGIO/SIGURG are delivered.  We'll
  keep tweaking.

Reported by:	Alexander Kabaev <ak03@gte.com>
2002-01-10 01:25:35 +00:00
Kelly Yancey
2bbe1e9d6c Replace spaces after #defines with tabs; this makes all #defines
consistent in their adherence with style(9).
2002-01-09 07:29:28 +00:00
Alan Cox
7d17bbd0e6 o Correct a 32/64-bit error in the initialization of aiol_zone, specifically,
sizeof(int) is not the size of a pointer.
2002-01-09 06:40:45 +00:00
Mike Smith
a7489fe56f Add a new sysinit SI_SUB_DEVFS. Devfs hooks into the kernel at SI_ORDER_FIRST,
and devices can be created anytime after that.

Print a warning if an atttempt is made to create a device too early.
2002-01-09 04:58:49 +00:00
Mike Silbersack
fdba8cf430 GC fast_vfork; it's not actually referenced anywhere.
MFC after:	3 weeks
2002-01-09 04:51:21 +00:00
Alfred Perlstein
078a4e8939 Sockets are called 'so' not 'sp'. 2002-01-09 02:47:00 +00:00
Mike Silbersack
9f5193ca0b Revert 1.81; 1.19 fixed this already in a different way. 2002-01-09 01:45:17 +00:00
Alan Cox
48dac05955 o Add missing synchronization (splnet()/splx()) in aio_free_entry().
o Move the definition of struct aiocblist from sys/aio.h to kern/vfs_aio.c.
 o Make aio_swake_cb() static.
2002-01-06 21:03:39 +00:00
Kelly Yancey
7195eb40f9 * Implement SBUF_AUTOEXTEND flag; sbufs created with this flag are
automatically extended to prevent overflow.
 * Added sbuf_vprintf(); sbuf_printf() is now just a wrapper around
   sbuf_vprintf().
 * Include <stdio.h> and <string.h> when building libsbuf to silence
   WARNS=4 warnings.

Reviewed by:	des
2002-01-06 08:38:23 +00:00
Mike Silbersack
5213c50d83 Reorder a calculation in sbreserve so that it does not overflow
with multi-megabyte socket buffer sizes.

PR:		7420
MFC after:	3 weeks
2002-01-06 06:50:54 +00:00
Robert Watson
f8efde8991 - Teach SIGIO code to use cr_cansignal() instead of a custom CANSIGIO()
macro.  As a result, mandatory signal delivery policies will be
  applied consistently across the kernel.

- Note that this subtly changes the protection semantics, and we should
  watch out for any resulting breakage.  Previously, delivery of SIGIO
  in this circumstance was limited to situations where the subject was
  privileged, or where one of the subject's (ruid, euid) matched one
  of the object's (ruid, euid).  In the new scenario, subject (ruid, euid)
  are matched against the object's (ruid, svuid), and the object uid's
  must be a subset of the subject uid's.  Likewise, jail now affects
  delivery, and special handling for P_SUGID of the object is present.
  This change can always be reversed or tweaked if it proves to disrupt
  application behavior substantially.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-01-06 00:54:46 +00:00
Robert Watson
c83f8015fa - Push much of the logic for p_cansignal() behind cr_cansignal, which
authorized based on a subject credential rather than a subject process.
  This will permit the same logic to be reused in situations where only
  the credential generating the signal is available, such as in the
  delivery of SIGIO.
- Because of two clauses, the automatic success against curproc,
  and the session semantics for SIGCONT, not all logic can be pushed
  into cr_cansignal(), but those cases should not apply for most other
  consumers of cr_cansignal().
- This brings the base system inter-process authorization code more
  into line with the MAC implementation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-01-06 00:20:12 +00:00
David Malone
ee42d0a965 Release text vnode in exit() rather than wait(). Occasionally
fifesystem problems could prevent the release from completing and
this could result in init being blocked indefinitely.

This was looked over by Matt ages ago.

Approved by:	dillon
2002-01-05 21:47:58 +00:00
John Baldwin
b8e6bf1ed6 Fix a bug where the mutex name wasn't always displayed for processes in
SMTX in utils such as ps and top.  The KI_CTTY flag was assigned to
kinfo_proc->ki_kiflag rather than or'd into the flag, thus clobbering
any flags set earlier, including KI_MTXBLOCK.

Prodding by:	peter
2002-01-05 17:18:59 +00:00
Peter Wemm
d5c6775903 Fix forward_roundrobin(). It was mistakenly using the cpu number as
though it was a mask.  As a result, we sent AST IPI's to the wrong
cpu and/or left out some.

Spotted by: jake
2002-01-05 09:38:47 +00:00
Peter Wemm
ab8061d84c Add a per-cpu variable, cpumask, the preshifted equivalent of 1 << cpuid.
We use this around the place a lot.
2002-01-05 09:35:50 +00:00
John Baldwin
c86b6ff551 Change the preemption code for software interrupt thread schedules and
mutex releases to not require flags for the cases when preemption is
not allowed:

The purpose of the MTX_NOSWITCH and SWI_NOSWITCH flags is to prevent
switching to a higher priority thread on mutex releease and swi schedule,
respectively when that switch is not safe.  Now that the critical section
API maintains a per-thread nesting count, the kernel can easily check
whether or not it should switch without relying on flags from the
programmer.  This fixes a few bugs in that all current callers of
swi_sched() used SWI_NOSWITCH, when in fact, only the ones called from
fast interrupt handlers and the swi_sched of softclock needed this flag.
Note that to ensure that swi_sched()'s in clock and fast interrupt
handlers do not switch, these handlers have to be explicitly wrapped
in critical_enter/exit pairs.  Presently, just wrapping the handlers is
sufficient, but in the future with the fully preemptive kernel, the
interrupt must be EOI'd before critical_exit() is called.  (critical_exit()
can switch due to a deferred preemption in a fully preemptive kernel.)

I've tested the changes to the interrupt code on i386 and alpha.  I have
not tested ia64, but the interrupt code is almost identical to the alpha
code, so I expect it will work fine.  PowerPC and ARM do not yet have
interrupt code in the tree so they shouldn't be broken.  Sparc64 is
broken, but that's been ok'd by jake and tmm who will be fixing the
interrupt code for sparc64 shortly.

Reviewed by:	peter
Tested on:	i386, alpha
2002-01-05 08:47:13 +00:00
John Baldwin
422f61655f Remove brain damaged code in witness_lock(). We could have easily
just used PCPU_GET(spinlocks) w/o needing the w_mtx held.  It is more
correct to just check td_critnest now though.
2002-01-05 08:29:54 +00:00
John Baldwin
9d234f99f7 Axe a stale comment. Holding sched_lock across both setrunqueue() and
mi_switch() is sufficient.
2002-01-04 10:55:51 +00:00
Mike Silbersack
a262ae8267 Throw the $FreeBSD$s back in, properly escaping them. 2002-01-04 05:27:47 +00:00
Mike Silbersack
91ea78c52a Remove $FreeBSD$s from previous commit; perl thinks that they're
something to be interpreted.  Urk.
2002-01-04 01:40:50 +00:00
Mike Silbersack
cd6fdcb9ac Solve vnode_if.pl's identity crisis; make sure that it refers to itself
as vnode_if.pl instead of vnode_if.sh.

PR:		33509
MFC after:	3 weeks
2002-01-03 21:53:09 +00:00
Stefan Eßer
10cc6dff87 Return EBADF in case some vnode field has been reset to a NULL pointer.
(There has been some discussion, whether ENOENT or EBADF is more
appropriate. I choose the latter, since the operation is not supported
on the file descriptor at that time, even if it was, immediately before.)

PR:		32681
Reviewed by:	dillon, iedowse, ...
Approved by:	nectar
MFC after:	3 days
		(pending RE approval)
2002-01-03 09:54:24 +00:00
Alan Cox
23f139432e o Properly check the file descriptor passed to aio_cancel(2). (Previously,
no out-of-bounds check was performed on the file descriptor.)
 o Eliminate some excessive white space from aio_cancel(2).
2002-01-02 07:04:38 +00:00
Jake Burkholder
5e8af3b31d Print parm6 too in the !KTR_EXTEND case. 2002-01-01 21:47:38 +00:00
Alan Cox
eae43d0e56 o Some style(9)-motivated changes to white space. 2002-01-01 00:40:29 +00:00
Robert Watson
9c4d63da6d o Make the credential used by socreate() an explicit argument to
socreate(), rather than getting it implicitly from the thread
  argument.

o Make NFS cache the credential provided at mount-time, and use
  the cached credential (nfsmount->nm_cred) when making calls to
  socreate() on initially connecting, or reconnecting the socket.

This fixes bugs involving NFS over TCP and ipfw uid/gid rules, as well
as bugs involving NFS and mandatory access control implementations.

Reviewed by:	freebsd-arch
2001-12-31 17:45:16 +00:00
Alan Cox
5ca50a4bc9 o Correct an off-by-one error in aio_suspend(2).
PR:		18350
2001-12-31 03:13:24 +00:00
Alan Cox
516d256401 o Use "td->td_proc" instead of "curproc" where possible.
o Eliminate the unnecessary initialization of several static variables
   to zero.
2001-12-31 02:03:39 +00:00
Alan Cox
477b78a0df Eliminate semexit_hook using at_exit(9) and rm_at_exit(9).
Reviewed by:	alfred
2001-12-30 18:55:09 +00:00
Jake Burkholder
c9f4877d7c Change traces in hardclock and statclock to use the KTR_CLK trace
facility, rather than KTR_INTR.
2001-12-29 08:39:57 +00:00
Alfred Perlstein
21d56e9c33 Make AIO a loadable module.
Remove the explicit call to aio_proc_rundown() from exit1(), instead AIO
will use at_exit(9).

Add functions at_exec(9), rm_at_exec(9) which function nearly the
same as at_exec(9) and rm_at_exec(9), these functions are called
on behalf of modules at the time of execve(2) after the image
activator has run.

Use a modified version of tegge's suggestion via at_exec(9) to close
an exploitable race in AIO.

Fix SYSCALL_MODULE_HELPER such that it's archetecuterally neutral,
the problem was that one had to pass it a paramater indicating the
number of arguments which were actually the number of "int".  Fix
it by using an inline version of the AS macro against the syscall
arguments.  (AS should be available globally but we'll get to that
later.)

Add a primative system for dynamically adding kqueue ops, it's really
not as sophisticated as it should be, but I'll discuss with jlemon when
he's around.
2001-12-29 07:13:47 +00:00
Bruce Evans
25bf7324c8 Fixed an apparent typo ("-" before ":") and an English error (comma
splice) in the "already exists" message.

Fixed some minor style bugs (KNFization to "return (foo)" had rotted
in 2 out of 177 cases).
2001-12-28 18:32:13 +00:00
Alfred Perlstein
58e5d6695d brace by itself after function declaration.
Mandated by: style(9)
Pointed out by: rwatson
2001-12-27 20:16:21 +00:00
Matthew Dillon
9dd4281db8 Fix type-o in previous commit (tsleep was using wrong rendezvous point) 2001-12-25 01:23:25 +00:00
Bosko Milekic
56b602dd6a On the first day of Christmas bde gave to me:
A [hopefully] conforming style(9) revamp of mb_alloc and related code.
(This was possible due to bde's remarkable patience.)

Submitted by: (in large part) bde
Reviewed by: (the other part) bde
2001-12-23 22:04:08 +00:00
Bosko Milekic
4878b75e6c Move prototype of _mext_free to mbuf.h, where it belongs, because it is
used in MEXTFREE and needs to be in scope for external MEXTFREE users.

Pointed out by: Chad David <davidc@acns.ab.ca>
Confirmed by: bde
2001-12-22 20:09:08 +00:00
Thomas Moestl
87b1520ae4 Add a generic __BUS_ACCESSOR macro to construct ivar accessor functions,
and a generic resource_list_print_type() function to print all resouces
of a certain type in a resource list.
Use ulmin()/ulmax() instead of min()/max() in two places to handle
u_longs correctly.
2001-12-21 21:45:09 +00:00
Thomas Moestl
13fb665772 Add a rman_reserve_resource_bound() function that takes an additional
argument specifying the boundary for the resource allocation.
Use ulmin()/ulmax() instead of min()/max() in some places to correctly
deal with the u_long resource range specifications.
2001-12-21 21:40:55 +00:00
Peter Wemm
205b2b6107 Avoid an interaction between syncache and accept filters. The syncache
code only passed up the connection to the tcp stack when it was complete,
so it went directly into the so_comp (complete) queue.  However, with
accept filters, there is an additional phase before calling it "complete".

Reviewed by: jlemon
2001-12-21 04:30:49 +00:00
John Baldwin
98f9879242 Introduce a standard name for the lock protecting an interrupt controller
and it's associated state variables: icu_lock with the name "icu".  This
renames the imen_mtx for x86 SMP, but also uses the lock to protect
access to the 8259 PIC on x86 UP.  This also adds an appropriate lock to
the various Alpha chipsets which fixes problems with Alpha SMP machines
dropping interrupts with an SMP kernel.
2001-12-20 23:48:31 +00:00
Matthew Dillon
23b590188f Fix a BUF_TIMELOCK race against BUF_LOCK and fix a deadlock in vget()
against VM_WAIT in the pageout code.  Both fixes involve adjusting
the lockmgr's timeout capability so locks obtained with timeouts do not
interfere with locks obtained without a timeout.

Hopefully MFC: before the 4.5 release
2001-12-20 22:42:27 +00:00
Matthew Dillon
a57094a011 Calculate whether the sbuf is dynamic *before* bzero()ing the
structure.  This fixes a serious memory leak in the sbuf code.

MFC after:	3 days
2001-12-19 19:04:57 +00:00
Peter Wemm
9f2f52d695 Do not initialize static/global variables to 0. Use bss instead of
taking up space in the data section.
2001-12-19 01:35:18 +00:00
Peter Wemm
8f0d41d324 Use a different mechanism to get the vnlru process to wake up and notice
the shutdown request at reboot/halt time.
Disable the printf 'vnlru process getting nowhere, pausing...' and instead
export the count to the debug.vnlru_nowhere sysctl.
2001-12-19 01:31:12 +00:00
Luigi Rizzo
d105c784d5 Complete the device polling support by adding a thread in charge
of polling interfaces at the lowest possible priority
(this might result in softnetisr being scheduled, but there is
no risk of livelock because they have a higher priority than
this thread).
2001-12-19 00:53:24 +00:00
John Baldwin
885ccc61f2 Return EINVAL if kernel only flags are passed to the rfork syscall rather
than silently masking them.
2001-12-19 00:53:23 +00:00
Matthew Dillon
fdb33f08ef This is a forward port of Peter's vlrureclaim() fix, with some minor mods
by me to make it more efficient.  The original code had serious balancing
problems and could also deadlock easily.  This code relegates the vnode
reclamation to its own kproc and relaxes the vnode reclamation requirements
to better maintain kern.maxvnodes.  This code still doesn't balance as well
as it could, but it does a much better job then the original code.

Approved by:	re@freebsd.org
Obtained from:	ps, peter, dillon
MFS Assuming:	Assuming no problems crop up in Yahoo testing
MFC after:	7 days
2001-12-18 20:48:54 +00:00
John Baldwin
48fd1f38ee - Change all callers of addupc_task() to check PS_PROFIL explicitly and
remove the check from addupc_task().  It would need sched_lock while
  testing the flag anyways.
- Always read sticks while holding sched_lock using a temporary variable
  where needed.
- Always init prticks to 0 in ast() to quiet a warning.
2001-12-18 09:06:10 +00:00
John Baldwin
7e1f6dfe9d Modify the critical section API as follows:
- The MD functions critical_enter/exit are renamed to start with a cpu_
  prefix.
- MI wrapper functions critical_enter/exit maintain a per-thread nesting
  count and a per-thread critical section saved state set when entering
  a critical section while at nesting level 0 and restored when exiting
  to nesting level 0.  This moves the saved state out of spin mutexes so
  that interlocking spin mutexes works properly.
- Most low-level MD code that used critical_enter/exit now use
  cpu_critical_enter/exit.  MI code such as device drivers and spin
  mutexes use the MI wrappers.  Note that since the MI wrappers store
  the state in the current thread, they do not have any return values or
  arguments.
- mtx_intr_enable() is replaced with a constant CRITICAL_FORK which is
  assigned to curthread->td_savecrit during fork_exit().

Tested on:	i386, alpha
2001-12-18 00:27:18 +00:00
Mark Peek
bf43c504c9 Remove whitespace at end of line. 2001-12-16 17:21:16 +00:00
Luigi Rizzo
af1408e33f Add/correct description for some sysctl variables where it was missing.
The description field is unused in -stable, so the MFC there is equivalent
to a comment. It can be done at any time, i am just setting a reminder
in 45 days when hopefully we are past 4.5-release.

MFC after: 45 days
2001-12-16 16:07:20 +00:00
Luigi Rizzo
6105f81565 Add code to export and print the description associated to sysctl
variables. Use the -d flag in sysctl(8) to see this information.

Possible extensions to sysctl:
 + report variables that do not have a description
 + given a name, report the oid it maps to.

Note to developers: have a look at your code, there are a number of
	variables which do not have a description.

Note to developers: do we want this in 4.5 ? It is a very small change
	and very useful for documentation purposes.

Suggested by: Orion Hodson
2001-12-16 02:55:41 +00:00
John Baldwin
201b0ea8fd Fix some nits in fork_exit() so it more properly duplicates the backend
of mi_switch:
- Set the oncpu value for the current thread.
- Always set switchticks, not just in the SMP case.
- Add a KTR entry for fork_exit that is the same as the "new proc"
  entry in mi_switch().
- Release sched_lock a bit later like we do with mi_switch().
2001-12-14 23:37:35 +00:00
Jonathan Lemon
2b846bd3a5 When removing kqueue descriptors from the descriptor table during a fork,
update fd_freefile and fd_lastfile as well, to keep things in sync.

Pointed out by: Debbie Chu <dchu@juniper.net>
2001-12-14 19:02:57 +00:00
Luigi Rizzo
e4fc250c15 Device Polling code for -current.
Non-SMP, i386-only, no polling in the idle loop at the moment.

To use this code you must compile a kernel with

        options DEVICE_POLLING

and at runtime enable polling with

        sysctl kern.polling.enable=1

The percentage of CPU reserved to userland can be set with

        sysctl kern.polling.user_frac=NN (default is 50)

while the remainder is used by polling device drivers and netisr's.
These are the only two variables that you should need to touch. There
are a few more parameters in kern.polling but the default values
are adequate for all purposes. See the code in kern_poll.c for
more details on them.

Polling in the idle loop will be implemented shortly by introducing
a kernel thread which does the job. Until then, the amount of CPU
dedicated to polling will never exceed (100-user_frac).
The equivalent (actually, better) code for -stable is at

	http://info.iet.unipi.it/~luigi/polling/

and also supports polling in the idle loop.

NOTE to Alpha developers:
There is really nothing in this code that is i386-specific.
If you move the 2 lines supporting the new option from
sys/conf/{files,options}.i386 to sys/conf/{files,options} I am
pretty sure that this should work on the Alpha as well, just that
I do not have a suitable test box to try it. If someone feels like
trying it, I would appreciate it.

NOTE to other developers:
sure some things could be done better, and as always I am open to
constructive criticism, which a few of you have already given and
I greatly appreciated.
However, before proposing radical architectural changes, please
take some time to possibly try out this code, or at the very least
read the comments in kern_poll.c, especially re. the reason why I
am using a soft netisr and cannot (I believe) replace it with a
simple timeout.

Quick description of files touched by this commit:

sys/conf/files.i386
        new file kern/kern_poll.c
sys/conf/options.i386
        new option
sys/i386/i386/trap.c
        poll in trap (disabled by default)
sys/kern/kern_clock.c
        initialization and hardclock hooks.
sys/kern/kern_intr.c
        minor swi_net changes
sys/kern/kern_poll.c
        the bulk of the code.
sys/net/if.h
        new flag
sys/net/if_var.h
        declaration for functions used in device drivers.
sys/net/netisr.h
        NETISR_POLL
sys/dev/fxp/if_fxp.c
sys/dev/fxp/if_fxpvar.h
sys/pci/if_dc.c
sys/pci/if_dcreg.h
sys/pci/if_sis.c
sys/pci/if_sisreg.h
        device driver modifications
2001-12-14 17:56:12 +00:00
Peter Wemm
f6916f666c Proper fix for old config setting maxusers to 8. 2001-12-14 09:39:29 +00:00
Matthew Dillon
873a490449 A slightly different version of the vlrureclaim fix.
Reported by: peter, ps
2001-12-14 07:18:31 +00:00
Kirk McKusick
d8bddaa85d Add disk I/O scheduling for positively niced processes.
When a positively niced process requests a disk I/O, make
it wait for its nice value of ticks before scheduling its
I/O request if there are any other processes with I/O
requests in the disk queue. For all the gory details, see
the ``Running fsck in the Background'' paper in the Usenix
BSDCon 2002 Conference Proceedings, pages 55-64.
2001-12-14 05:50:44 +00:00
Matthew Dillon
7ca592e093 Too many people are compiling kernels with maxusers set to 0 without the new
config.  Hack the kernel to force auto-sizing if the old config is used.
2001-12-14 04:01:08 +00:00
Matthew Dillon
3ebeaf5984 This fixes a large number of bugs in our NFS client side code. A recent
commit by Kirk also fixed a softupdates bug that could easily be triggered
by server side NFS.

	* An edge case with shared R+W mmap()'s and truncate whereby
	  the system would inappropriately clear the dirty bits on
	  still-dirty data.  (applicable to all filesystems)

	  THIS FIX TEMPORARILY DISABLED PENDING FURTHER TESTING.
	  see vm/vm_page.c line 1641

	* The straddle case for VM pages and buffer cache buffers when
	  truncating.  (applicable to NFS client side)

	* Possible SMP database corruption due to vm_pager_unmap_page()
	  not clearing the TLB for the other cpu's.  (applicable to NFS
	  client side but could effect all filesystems).  Note: not
	  considered serious since the corruption occurs beyond the file
	  EOF.

	* When flusing a dirty buffer due to B_CACHE getting cleared,
	  we were accidently setting B_CACHE again (that is, bwrite() sets
	  B_CACHE), when we really want it to stay clear after the write
	  is complete.  This resulted in a corrupt buffer.  (applicable
	  to all filesystems but probably only triggered by NFS)

	* We have to call vtruncbuf() when ftruncate()ing to remove
	  any buffer cache buffers.  This is still tentitive, I may
	  be able to remove it due to the second bug fix.  (applicable
	  to NFS client side)

	* vnode_pager_setsize() race against nfs_vinvalbuf()... we have
	  to set n_size before calling nfs_vinvalbuf or the NFS code
	  may recursively vnode_pager_setsize() to the original value
	  before the truncate.  This is what was causing the user mmap
	  bus faults in the nfs tester program.  (applicable to NFS
	  client side)

	* Fix to softupdates (see ufs/ffs/ffs_inode.c 1.73, commit made
	  by Kirk).

Testing program written by: Avadis Tevanian, Jr.
Testing program supplied by: jkh / Apple (see Dec2001 posting to freebsd-hackers with Subject 'NFS: How to make FreeBS fall on its face in one easy step')
MFC after:	1 week
2001-12-14 01:16:57 +00:00
Robert Watson
48f1ba5b0d o Wording fix in comment.
Submitted by:	tanimura via p4
2001-12-14 00:38:01 +00:00
Peter Wemm
9446b36bab If we were called to allocate a vnode that is not associated with a
mount point, do not dereference the NULL mp argument.
2001-12-13 23:46:01 +00:00
Robert Watson
f8cf411e49 o Back out portions of 1.50 and 1.47, eliminating sonewconn3() and
always deriving the credential for a newly accepted connection from
  the listen socket.  Previously, the selection of the credential
  depended on the protocol: UNIX domain sockets would use the
  connecting process's credential, and protocols supporting a creation
  of the socket before the receiving end called accept() would use
  the listening socket.  After this change, it is always the listening
  credential.

Reviewed by:	green
2001-12-13 22:09:37 +00:00
Mike Silbersack
ebacce5e99 Limit maxprocperuid to 9/10 maxproc, and limit maxfilesperproc to 9/10
maxfiles.  This should make local resource exhaustion attacks easier
to handle with a non-tweaked setup.

MFC after:	3 days
2001-12-13 20:00:45 +00:00
John Baldwin
69e9495750 Use a per-thread variable for keeping state when a thread is processing
a KTR log entry.  Any KTR requests made while working on an entry are
ignored/discarded to prevent recursion.  This is a better fix for the
hack to futz with the CPU mask and call getnanotime() if KTR_LOCK or
KTR_WITNESS was on.  It also covers the actual formatting of the log entry
including dumping it to the display which the earlier hacks did not.
2001-12-13 10:33:20 +00:00
Andrew R. Reiter
83aee5a8d5 - Move _jail sysctl node underneath _kern_security in order to standardize
where our security related sysctl tuneables are located.  Also, this
  will help if/when we move _security node out from under _kern as to help
  make _kern less cluttered.

Approved by:	rwatson
Review by:	rwatson
2001-12-12 05:23:20 +00:00
John Baldwin
0bbc882680 Overhaul the per-CPU support a bit:
- The MI portions of struct globaldata have been consolidated into a MI
  struct pcpu.  The MD per-CPU data are specified via a macro defined in
  machine/pcpu.h.  A macro was chosen over a struct mdpcpu so that the
  interface would be cleaner (PCPU_GET(my_md_field) vs.
  PCPU_GET(md.md_my_md_field)).
- All references to globaldata are changed to pcpu instead.  In a UP kernel,
  this data was stored as global variables which is where the original name
  came from.  In an SMP world this data is per-CPU and ideally private to each
  CPU outside of the context of debuggers.  This also included combining
  machine/globaldata.h and machine/globals.h into machine/pcpu.h.
- The pointer to the thread using the FPU on i386 was renamed from
  npxthread to fpcurthread to be identical with other architectures.
- Make the show pcpu ddb command MI with a MD callout to display MD
  fields.
- The globaldata_register() function was renamed to pcpu_init() and now
  init's MI fields of a struct pcpu in addition to registering it with
  the internal array and list.
- A pcpu_destroy() function was added to remove a struct pcpu from the
  internal array and list.

Tested on:	alpha, i386
Reviewed by:	peter, jake
2001-12-11 23:33:44 +00:00
Guido van Rooij
f4029c1446 Fix boot -p for DDBless kernels
Pointed out by: John Hay <jhay@icomtek.csir.co.za>
2001-12-11 10:21:26 +00:00
Peter Wemm
b21d3f5c61 Wrap Dangerously Dedicated printf under if (bootverbose) 2001-12-11 05:35:43 +00:00
David E. O'Brien
071087f3d7 Missed an assignment of arg6 in previous commit. 2001-12-10 20:58:39 +00:00
David E. O'Brien
b45df7b4ae Adjust for the addition of CTR6. 2001-12-10 20:18:17 +00:00
Guido van Rooij
28703190c5 Add new boot flag to i386 boot: -p.
This flag adds a pausing utility. When ran with -p, during the kernel
probing phase, the kernel will pause after each line of output.
This pausing can be ended with the '.' key, and is automatically
suspended when entering ddb.

This flag comes in handy at systems without a serial port that either hang
during booting or reser.
Reviewed by:	(partly by jlemon)
MFC after:	1 week
2001-12-10 20:02:22 +00:00
David E. O'Brien
a48740b6c5 Update to C99, s/__FUNCTION__/__func__/. 2001-12-10 05:51:45 +00:00
David E. O'Brien
91f9161737 Repeat after me -- "Use of ANSI string concatenation can be bad."
In this case, C99's __func__ is properly defined as:

	static const char __func__[] = "function-name";

and GCC 3.1 will not allow it to be used in bogus string concatenation.
2001-12-10 05:40:12 +00:00
Alan Cox
604035c5f2 o Eliminate compilation warnings on 64-bit architectures. 2001-12-10 03:34:06 +00:00
Alan Cox
91369fc768 o Eliminate unnecessary synchronization from filt_aiodetach().
o The manual page for kevent says that EVFILT_AIO returns under the same
   conditions as aio_error().  With that in mind, set the data field
   of the returned struct kevent to the value that would be returned
   by aio_error().
 o Fix two compilation warnings.
2001-12-09 08:16:36 +00:00
Matthew Dillon
66a11b9fb1 Allow maxusers to be specified as 0 in the kernel config, which will
cause the system to auto-size to between 32 and 512 depending on the
amount of memory.

MFC after:	1 week
2001-12-09 01:57:09 +00:00
Matthew Dillon
a4233d5dc3 The nbuf calculation was assuming that PAGE_SIZE = 4096 bytes, which is
bogus.  The calculation has been adjusted to use units of kilobytes.

Noticed by: Chad David <davidc@acns.ab.ca>
MFC after:	1 week
2001-12-08 20:37:08 +00:00
Chad David
995a2227c5 Update the comment about System initialization to reflect the use of
DOMAIN_SET(9) instead of SYSINIT for adding domains at startup.

Reviewed by: alfred
2001-12-08 04:20:54 +00:00
Robert Watson
5a92ee3c00 o A few more minor whitespace and other style fixes.
Submitted by:	bde
2001-12-06 21:58:47 +00:00
Robert Watson
9147519a91 o Remove unnecessary inclusion of opt_global.h.
Submitted by:	bde
2001-12-06 21:55:41 +00:00
Robert Watson
65bbadfbbc o Make kern.security.bsd.suser_enabled TUNABLE.
Requested by:	green
2001-12-05 18:49:20 +00:00
Kirk McKusick
dd58224e31 Update pathnames for creation of tags file. 2001-12-05 01:23:21 +00:00
Robert Watson
5d476e73ce o Update an instance of 'unprivileged_procdebug_permitted' missed
in the previous commit: the comment should also call it
  'unprivileged_proc_debug'.
2001-12-03 19:10:21 +00:00
Robert Watson
011376308f o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
  pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
  so as to enforce these protections, in particular, in kern_mib.c
  protection sysctl access to the hostname and securelevel, as well as
  kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
  mib entries (osname, osrelease, osversion) so that they don't return
  a pointer to the text in the struct linux_prison, rather, a copy
  to an array passed into the calls.  Likewise, update linprocfs to
  use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
  accessing struct prison.

Reviewed by:	jhb
2001-12-03 16:12:27 +00:00
Robert Watson
4f5a4612d3 o Uniformly copy uap arguments into local variables before grabbing
giant, and make whitespace more consistent around giant-frobbing.
2001-12-02 15:22:56 +00:00
Robert Watson
f605567c24 o Remove KSE race in setuid() in which oldcred was preserved before giant
was grabbed.  This was introduced in 1.101 when the giant pushdown
  for kern_prot.c was originally performed.
2001-12-02 15:15:29 +00:00
Robert Watson
eb725b4e6a o General style, formatting, etc, improvements:
- uid's -> uids
	- whitespace improvements, linewrap improvements
	- reorder copyright more appropriately
	- remove redundant MP SAFE comments, add one "NOT MPSAFE?"
	  for setgroups(), which seems to be the sole un-changed system
	  call in the file.
	- clean up securelevel_g?() functions, improve comments.

Largely submitted by:	bde
2001-12-02 15:07:10 +00:00
Alfred Perlstein
59aff5fcf3 make LOCKF_DEBUG kernel option work (sorta)
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
PR: kern/32267
2001-12-02 12:47:25 +00:00
Luigi Rizzo
60363fb9f7 vm/vm_kern.c: rate limit (to once per second) diagnostic printf when
you run out of mbuf address space.

kern/subr_mbuf.c: print a warning message when mb_alloc fails, again
	rate-limited to at most once per second. This covers other
	cases of mbuf allocation failures. Probably it also overlaps the
	one handled in vm/vm_kern.c, so maybe the latter should go away.

This warning will let us gradually remove the printf that are scattered
across most network drivers to report mbuf allocation failures.
Those are potentially dangerous, in that they are not rate-limited and
can easily cause systems to panic.

Unless there is disagreement (which does not seem to be the case
judging from the discussion on -net so far), and because this is
sort of a safety bugfix, I plan to commit a similar change to STABLE
during the weekend (it affects kern/uipc_mbuf.c there).

Discussed-with: jlemon, silby and -net
2001-12-01 00:21:30 +00:00
Robert Watson
6f3933fa6f o Introduce kern.security.bsd.unprivileged_read_msgbuf, which allows
the administrator to restrict access to the kernel message buffer.
  It defaults to '1', which permits access, but if set to '0', requires
  that the process making the sysctl() have appropriate privilege.
o Note that for this to be effective, access to this data via system
  logs derived from /dev/klog must also be limited.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:40:52 +00:00