272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
271162 |
05-Sep-2014 |
kib |
MFC r270797: Direct access to the quota files, in particular, lookup, causes lock conflict with the quota metadata access. Mark quota vnode lock as recursive and always exclusive to avoid the problem.
Approved by: re (gjb)
|
270695 |
27-Aug-2014 |
kib |
MFC r270204: Do not busy the UFS mount point inside VOP_RENAME().
|
269283 |
30-Jul-2014 |
kib |
MFC r268764: Check for the cross-device cross-link attempt in the VFS, instead of VOP_LINK() implemenations.
|
267816 |
24-Jun-2014 |
kib |
MFC r267564: In msdosfs_setattr(), add a check for result of the utimes(2) permissions test. Refactor the permission checks for utimes(2).
|
264490 |
15-Apr-2014 |
scottl |
MFC r262812
- Gracefully handle truncation failures when trying to shrink directories. This could cause dirhash panics since the dirhash state would be successfully truncated while the directory was not.
Submitted by: jeffr
|
262779 |
05-Mar-2014 |
pfg |
MFC r262678; ufs: small formatting fixes.
Cleanup some extra space. Use of tabs vs. spaces. No functional change.
Reviewed by: mckusick
|
260827 |
17-Jan-2014 |
mckusick |
MFC of 260079:
Properly handle unsigned comparison.
|
260078 |
30-Dec-2013 |
mckusick |
MFC of 256801, 256803, 256808, 256812, 256817, 256845, and 256860. This set of changes puts in place the infrastructure to allow soft updates to be multi-threaded. It introduces no functional changes from its current operation.
MFC of 256860:
Allow kernels without options SOFTUPDATES to build. This should fix the embedded tinderboxes.
Reviewed by: emaste
MFC of 256845:
Fix build problem on ARM (which defaults to building without soft updates).
Reported by: Tinderbox Sponsored by: Netflix
MFC of 256817:
Restructuring of the soft updates code to set it up so that the single kernel-wide soft update lock can be replaced with a per-filesystem soft-updates lock. This per-filesystem lock will allow each filesystem to have its own soft-updates flushing thread rather than being limited to a single soft-updates flushing thread for the entire kernel.
Move soft update variables out of the ufsmount structure and into their own mount_softdeps structure referenced by ufsmount field um_softdep. Eventually the per-filesystem lock will be in this structure. For now there is simply a pointer to the kernel-wide soft updates lock.
Change all instances of ACQUIRE_LOCK and FREE_LOCK to pass the lock pointer in the mount_softdeps structure instead of a pointer to the kernel-wide soft-updates lock.
Replace the five hash tables used by soft updates with per-filesystem copies of these tables allocated in the mount_softdeps structure.
Several functions that flush dependencies when too many are allocated in the kernel used to operate across all filesystems. They are now parameterized to flush dependencies from a specified filesystem. For now, we stick with the round-robin flushing strategy when the kernel as a whole has too many dependencies allocated.
While there are many lines of changes, there should be no functional change in the operation of soft updates.
Tested by: Peter Holm and Scott Long Sponsored by: Netflix
MFC of 256812:
Fourth of several cleanups to soft dependency implementation. Add KASSERTS that soft dependency functions only get called for filesystems running with soft dependencies. Calling these functions when soft updates are not compiled into the system become panic's.
No functional change.
Tested by: Peter Holm and Scott Long Sponsored by: Netflix
MFC of 256808:
Third of several cleanups to soft dependency implementation. Ensure that softdep_unmount() and softdep_setup_sbupdate() only get called for filesystems running with soft dependencies.
No functional change.
Tested by: Peter Holm and Scott Long Sponsored by: Netflix
MFC of 256803:
Second of several cleanups to soft dependency implementation. Delete two unused functions in ffs_sofdep.c.
No functional change.
Tested by: Peter Holm and Scott Long Sponsored by: Netflix
MFC of 256801:
First of several cleanups to soft dependency implementation. Convert three functions exported from ffs_softdep.c to static functions as they are not used outside of ffs_softdep.c.
No functional change.
Tested by: Peter Holm and Scott Long Sponsored by: Netflix
|
259223 |
11-Dec-2013 |
pfg |
MFC r256448, r257029;
Make di_blocks unsigned in UFS1 as is the case already for UFS2. Most of the code between UFS1 and UFS2 is shared so this change is pretty safe. Not only this makes UFS1 and 2 consistent but it also matches what NetBSD and MacOS X have for some years now.
UFS2: make di_extsize unsigned. di_extsize is the EA size and as such it should be unsigned. Adjust related types for consistency.
Reviewed by: mckusick
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
254986 |
28-Aug-2013 |
ivoras |
Take a very small step toward the Century of the Anchovy by increasing the time dirhash entries stay in memory before being considered for eviction to 1 minute.
|
254627 |
21-Aug-2013 |
ken |
Expand the use of stat(2) flags to allow storing some Windows/DOS and CIFS file attributes as BSD stat(2) flags.
This work is intended to be compatible with ZFS, the Solaris CIFS server's interaction with ZFS, somewhat compatible with MacOS X, and of course compatible with Windows.
The Windows attributes that are implemented were chosen based on the attributes that ZFS already supports.
The summary of the flags is as follows:
UF_SYSTEM: Command line name: "system" or "usystem" ZFS name: XAT_SYSTEM, ZFS_SYSTEM Windows: FILE_ATTRIBUTE_SYSTEM
This flag means that the file is used by the operating system. FreeBSD does not enforce any special handling when this flag is set.
UF_SPARSE: Command line name: "sparse" or "usparse" ZFS name: XAT_SPARSE, ZFS_SPARSE Windows: FILE_ATTRIBUTE_SPARSE_FILE
This flag means that the file is sparse. Although ZFS may modify this in some situations, there is not generally any special handling for this flag.
UF_OFFLINE: Command line name: "offline" or "uoffline" ZFS name: XAT_OFFLINE, ZFS_OFFLINE Windows: FILE_ATTRIBUTE_OFFLINE
This flag means that the file has been moved to offline storage. FreeBSD does not have any special handling for this flag.
UF_REPARSE: Command line name: "reparse" or "ureparse" ZFS name: XAT_REPARSE, ZFS_REPARSE Windows: FILE_ATTRIBUTE_REPARSE_POINT
This flag means that the file is a Windows reparse point. ZFS has special handling code for reparse points, but we don't currently have the other supporting infrastructure for them.
UF_HIDDEN: Command line name: "hidden" or "uhidden" ZFS name: XAT_HIDDEN, ZFS_HIDDEN Windows: FILE_ATTRIBUTE_HIDDEN
This flag means that the file may be excluded from a directory listing if the application honors it. FreeBSD has no special handling for this flag.
The name and bit definition for UF_HIDDEN are identical to the definition in MacOS X.
UF_READONLY: Command line name: "urdonly", "rdonly", "readonly" ZFS name: XAT_READONLY, ZFS_READONLY Windows: FILE_ATTRIBUTE_READONLY
This flag means that the file may not written or appended, but its attributes may be changed.
ZFS currently enforces this flag, but Illumos developers have discussed disabling enforcement.
The behavior of this flag is different than MacOS X. MacOS X uses UF_IMMUTABLE to represent the DOS readonly permission, but that flag has a stronger meaning than the semantics of DOS readonly permissions.
UF_ARCHIVE: Command line name: "uarch", "uarchive" ZFS_NAME: XAT_ARCHIVE, ZFS_ARCHIVE Windows name: FILE_ATTRIBUTE_ARCHIVE
The UF_ARCHIVED flag means that the file has changed and needs to be archived. The meaning is same as the Windows FILE_ATTRIBUTE_ARCHIVE attribute, and the ZFS XAT_ARCHIVE and ZFS_ARCHIVE attribute.
msdosfs and ZFS have special handling for this flag. i.e. they will set it when the file changes.
sys/param.h: Bump __FreeBSD_version to 1000047 for the addition of new stat(2) flags.
chflags.1: Document the new command line flag names (e.g. "system", "hidden") available to the user.
ls.1: Reference chflags(1) for a list of file flags and their meanings.
strtofflags.c: Implement the mapping between the new command line flag names and new stat(2) flags.
chflags.2: Document all of the new stat(2) flags, and explain the intended behavior in a little more detail. Explain how they map to Windows file attributes.
Different filesystems behave differently with respect to flags, so warn the application developer to take care when using them.
zfs_vnops.c: Add support for getting and setting the UF_ARCHIVE, UF_READONLY, UF_SYSTEM, UF_HIDDEN, UF_REPARSE, UF_OFFLINE, and UF_SPARSE flags.
All of these flags are implemented using attributes that ZFS already supports, so the on-disk format has not changed.
ZFS currently doesn't allow setting the UF_REPARSE flag, and we don't really have the other infrastructure to support reparse points.
msdosfs_denode.c, msdosfs_vnops.c: Add support for getting and setting UF_HIDDEN, UF_SYSTEM and UF_READONLY in MSDOSFS.
It supported SF_ARCHIVED, but this has been changed to be UF_ARCHIVE, which has the same semantics as the DOS archive attribute instead of inverse semantics like SF_ARCHIVED.
After discussion with Bruce Evans, change several things in the msdosfs behavior:
Use UF_READONLY to indicate whether a file is writeable instead of file permissions, but don't actually enforce it.
Refuse to change attributes on the root directory, because it is special in FAT filesystems, but allow most other attribute changes on directories.
Don't set the archive attribute on a directory when its modification time is updated. Windows and DOS don't set the archive attribute in that scenario, so we are now bug-for-bug compatible.
smbfs_node.c, smbfs_vnops.c: Add support for UF_HIDDEN, UF_SYSTEM, UF_READONLY and UF_ARCHIVE in SMBFS.
This is similar to changes that Apple has made in their version of SMBFS (as of smb-583.8, posted on opensource.apple.com), but not quite the same.
We map SMB_FA_READONLY to UF_READONLY, because UF_READONLY is intended to match the semantics of the DOS readonly flag. The MacOS X code maps both UF_IMMUTABLE and SF_IMMUTABLE to SMB_FA_READONLY, but the immutable flags have stronger meaning than the DOS readonly bit.
stat.h: Add definitions for UF_SYSTEM, UF_SPARSE, UF_OFFLINE, UF_REPARSE, UF_ARCHIVE, UF_READONLY and UF_HIDDEN.
The definition of UF_HIDDEN is the same as the MacOS X definition.
Add commented-out definitions of UF_COMPRESSED and UF_TRACKED. They are defined in MacOS X (as of 10.8.2), but we do not implement them (yet).
ufs_vnops.c: Add support for getting and setting UF_ARCHIVE, UF_HIDDEN, UF_OFFLINE, UF_READONLY, UF_REPARSE, UF_SPARSE, and UF_SYSTEM in UFS. Alphabetize the flags that are supported.
These new flags are only stored, UFS does not take any action if the flag is set.
Sponsored by: Spectra Logic Reviewed by: bde (earlier version)
|
253998 |
06-Aug-2013 |
mckusick |
This bug fix is in a code path in rename taken when there is a collision between a rename and an open system call for the same target file. Here, rename releases its vnode references, waits for the open to finish, and then restarts by reacquiring its needed vnode locks. In this case, rename was unlocking but failing to release its reference to one of its held vnodes. The effect was that even after all the actual references to the vnode had gone, the vnode still showed active references. For files that had been removed, their space was not reclaimed until the filesystem was forcibly unmounted.
This bug manifested itself in the Postgres server which would leak/lose hundreds of files per day amounting to many gigabytes of disk space. This bug required shutting down Postgres, forcibly unmounting its filesystem, remounting its filesystem and restarting Postgres every few days to recover the lost space.
Reported by: Dan Thomas and Palle Girgensohn Bug-fix by: kib Tested by: Dan Thomas and Palle Girgensohn MFC after: 2 weeks
|
253163 |
10-Jul-2013 |
pfg |
Change i_gen in UFS to an unsigned type.
Missing type change from r252435.
This fixes a "Stale NFS file handle" error.
Reported by: Claude Bisson Tested by: Claude Bisson Pointed hat: pfg
|
252438 |
01-Jul-2013 |
gleb |
Don't assume that UFS on-disk format of a directory is the same as defined by <sys/dirent.h>
Always start parsing at DIRBLKSIZ aligned offset, skip first entries if uio_offset is not DIRBLKSIZ aligned. Return EINVAL if buffer is too small for single entry.
Preallocate buffer for cookies. Cookies will be replaced with d_off field in struct dirent at later point.
Skip entries with zero inode number.
Stop mangling dirent in ufs_extattr_iterate_directory().
Reviewed by: kib Sponsored by: Google Summer Of Code 2011
|
252437 |
01-Jul-2013 |
pfg |
Change i_gen in UFS to an unsigned type.
Missed format specifier.
Reported by: mdf MFC after: 4 weeks
|
252435 |
01-Jul-2013 |
pfg |
Change i_gen in UFS to an unsigned type.
In UFS, i_gen is a random generated value and there is not way for it to be negative. Actually, the value of i_gen is just used to match bit patterns and it is of not consequence if the values are signed or not.
Following other filesystems, set it to unsigned and use it as such,
Discussed by: mckusick Reviewed by: mckusick (previous version) MFC after: 4 weeks
|
248561 |
20-Mar-2013 |
mckusick |
When renaming a directory from one parent directory to another, we need to call ufs_checkpath() to walk from our new location to the root of the filesystem to ensure that we do not encounter ourselves along the way. Until now, we accomplished this by reading the ".." entries of each directory in our path until we reached the root (or encountered an error). This change tries to avoid the I/O of reading the ".." entries by first looking them up in the name cache and only doing the I/O when the name cache lookup fails.
Reviewed by: kib Tested by: Peter Holm MFC after: 4 weeks
|
248521 |
19-Mar-2013 |
kib |
UFS support of the unmapped i/o for the user data buffers.
Sponsored by: The FreeBSD Foundation Tested by: pho, scottl, jhb, bf
|
248422 |
17-Mar-2013 |
kib |
Remove negative name cache entry pointing to the target name, which could be instantiated while tdvp was unlocked.
Reported by: Rick Miller <vmiller at hostileadmin com> Tested by: pho MFC after: 1 week
|
247388 |
27-Feb-2013 |
kib |
The softdep freeblks workitem might hold a reference on the dquot. Current dqflush() panics when a dquot with with non-zero refcount is encountered. The situation is possible, because quotas are turned off before softdep workitem queue if flushed, due to the quota file writes might create softdep workitems.
Make the encountering an active dquot in dqflush() not fatal, return the error from quotaoff() instead. Ignore the quotaoff() failures when ffs_flushfiles() is called in the course of softdep_flushfiles() loop, until the last iteration. At the last loop, the quotas must be closed, and because SU workitems should be already flushed, the references to dquot are gone.
Sponsored by: The FreeBSD Foundation Reported and tested by: pho Reviewed by: mckusick MFC after: 2 weeks
|
246562 |
08-Feb-2013 |
pfg |
Remove unused MAXSYMLINKLEN macro.
Reviewed by: mckusick PR: kern/175794 MFC after: 1 week
|
246299 |
03-Feb-2013 |
pfg |
UFS: Remove dead assignment.
Submitted by: Christoph Mallon MFC after: 3 days
|
244239 |
15-Dec-2012 |
kib |
Fix a typo, resulting in the NULL pointer dereference.
Reported and tested by: pho Sponsored by: The FreeBSD Foundation MFC after: 3 days
|
243245 |
18-Nov-2012 |
trasz |
Add UFS writesuspension mechanism, designed to allow userland processes to modify on-disk metadata for filesystems mounted for write.
Reviewed by: kib, mckusick Sponsored by: FreeBSD Foundation
|
242476 |
02-Nov-2012 |
kib |
The r241025 fixed the case when a binary, executed from nullfs mount, was still possible to open for write from the lower filesystem. There is a symmetric situation where the binary could already has file descriptors opened for write, but it can be executed from the nullfs overlay.
Handle the issue by passing one v_writecount reference to the lower vnode if nullfs vnode has non-zero v_writecount. Note that only one write reference can be donated, since nullfs only keeps one use reference on the lower vnode. Always use the lower vnode v_writecount for the checks.
Introduce the VOP_GET_WRITECOUNT to read v_writecount, which is currently always bypassed to the lower vnode, and VOP_ADD_WRITECOUNT to manipulate the v_writecount value, which manages a single bypass reference to the lower vnode. Caling the VOPs instead of directly accessing v_writecount provide the fix described in the previous paragraph.
Tested by: pho MFC after: 3 weeks
|
241896 |
22-Oct-2012 |
kib |
Remove the support for using non-mpsafe filesystem modules.
In particular, do not lock Giant conditionally when calling into the filesystem module, remove the VFS_LOCK_GIANT() and related macros. Stop handling buffers belonging to non-mpsafe filesystems.
The VFS_VERSION is bumped to indicate the interface change which does not result in the interface signatures changes.
Conducted and reviewed by: attilio Tested by: pho
|
241011 |
27-Sep-2012 |
mdf |
Fix up kernel sources to be ready for a 64-bit ino_t.
Original code by: Gleb Kurtsou
|
239359 |
17-Aug-2012 |
mjg |
Remove unused member of struct indir (in_exists) from UFS and EXT2 code.
Reviewed by: mckusick Approved by: trasz (mentor) MFC after: 1 week
|
236044 |
26-May-2012 |
kib |
Implement SEEK_HOLE/SEEK_DATA for UFS.
MFC after: 2 weeks
|
234613 |
23-Apr-2012 |
trasz |
Remove unused thread argument from ufs_extattr_uepm_lock()/ufs_extattr_uepm_unlock().
|
234612 |
23-Apr-2012 |
trasz |
Fix build.
|
234607 |
23-Apr-2012 |
trasz |
Remove unused thread argument to vrecycle().
Reviewed by: kib
|
234605 |
23-Apr-2012 |
trasz |
Remove unused thread argument from vtruncbuf().
Reviewed by: kib
|
234483 |
20-Apr-2012 |
mckusick |
This update uses the MNT_VNODE_FOREACH_ACTIVE interface that loops over just the active vnodes associated with a mount point to replace MNT_VNODE_FOREACH_ALL in the vfs_msync, ffs_sync_lazy, and qsync routines.
The vfs_msync routine is run every 30 seconds for every writably mounted filesystem. It ensures that any files mmap'ed from the filesystem with modified pages have those pages queued to be written back to the file from which they are mapped.
The ffs_lazy_sync and qsync routines are run every 30 seconds for every writably mounted UFS/FFS filesystem. The ffs_lazy_sync routine ensures that any files that have been accessed in the previous 30 seconds have had their access times queued for updating in the filesystem. The qsync routine ensures that any files with modified quotas have those quotas queued to be written back to their associated quota file.
In a system configured with 250,000 vnodes, less than 1000 are typically active at any point in time. Prior to this change all 250,000 vnodes would be locked and inspected twice every minute by the syncer. For UFS/FFS filesystems they would be locked and inspected six times every minute (twice by each of these three routines since each of these routines does its own pass over the vnodes associated with a mount point). With this change the syncer now locks and inspects only the tiny set of vnodes that are active.
Reviewed by: kib Tested by: Peter Holm MFC after: 2 weeks
|
234421 |
18-Apr-2012 |
jh |
The part about exec atime no longer applies in the comment.
Pointed out by: bde
|
234386 |
17-Apr-2012 |
mckusick |
Replace the MNT_VNODE_FOREACH interface with MNT_VNODE_FOREACH_ALL. The primary changes are that the user of the interface no longer needs to manage the mount-mutex locking and that the vnode that is returned has its mutex locked (thus avoiding the need to check to see if its is DOOMED or other possible end of life senarios).
To minimize compatibility issues for third-party developers, the old MNT_VNODE_FOREACH interface will remain available so that this change can be MFC'ed to 9. Following the MFC to 9, MNT_VNODE_FOREACH will be removed in head.
The reason for this update is to prepare for the addition of the MNT_VNODE_FOREACH_ACTIVE interface that will loop over just the active vnodes associated with a mount point (typically less than 1% of the vnodes associated with the mount point).
Reviewed by: kib Tested by: Peter Holm MFC after: 2 weeks
|
234103 |
10-Apr-2012 |
jh |
- Return EPERM from ufs_setattr() when an user without PRIV_VFS_SYSFLAGS privilege attempts to toggle SF_SETTABLE flags. - Use the '^' operator in the SF_SNAPSHOT anti-toggling check.
Flags are now stored to ip->i_flags in one place after all checks.
Submitted by: bde
|
233875 |
04-Apr-2012 |
jh |
Add a check for unsupported file flags to ufs_setattr().
Discussed with: bde MFC after: 2 weeks
|
233817 |
02-Apr-2012 |
mckusick |
A file cannot be deallocated until its last name has been removed and it is no longer referenced by a user process. The inode for a file whose name has been removed, but is still referenced at the time of a crash will still be allocated in the filesystem, but will have no references (e.g., they will have no names referencing them from any directory).
With traditional soft updates these unreferenced inodes will be found and reclaimed when the background fsck is run. When using journaled soft updates, the kernel must keep track of these inodes so that it can find and reclaim them during the cleanup process. Their existence cannot be stored in the journal as the journal only handles short-term events, and they may persist for days. So, they are tracked by keeping them in a linked list whose head pointer is stored in the superblock. The journal tracks them only until their linked list pointers have been commited to disk. Part of the cleanup process involves traversing the list of unreferenced inodes and reclaiming them.
This bug was triggered when confusion arose in the commit steps of keeping the unreferenced-inode linked list coherent on disk. Notably, a race between the link() system call adding a link-count to a file and the unlink() system call removing a link-count to the file. Here if the unlink() ran after link() had looked up the file but before link() had incremented the link-count of the file, the file's link-count would drop to zero before the link() incremented it back up to one. If the file was referenced by a user process, the first transition through zero made it appear that it should be added to the unreferenced-inode list when in fact it should not have been added. If the new name created by link() was deleted within a few seconds (with the file still referenced by a user process) it would legitimately be a candidate for addition to the unreferenced-inode list. The result was that there were two attempts to add the same inode to the unreferenced-inode list which scrambled the unreferenced-inode list's pointers leading to a panic. The fix is to detect and avoid the false attempt at adding it to the unreferenced-inode list by having the link() system call check to see if the link count is zero before it increments it. If it is, the link() fails with ENOENT (showing that it has failed the link()/unlink() race).
While tracking down this bug, we have added additional assertions to detect the problem sooner and also simplified some of the code.
Reported by: Kirk Russell Fix submitted by: Jeff Roberson Tested by: Peter Holm PR: kern/159971 MFC (to 9 only): 2 weeks
|
233787 |
02-Apr-2012 |
jh |
- Use more natural ip->i_flags instead of vap->va_flags in the final flags check. - Add a comment for the immutable/append check done after handling of the flags. - Style improvements.
No functional change intended.
Submitted by: bde MFC after: 2 weeks
|
233608 |
28-Mar-2012 |
kib |
Microoptimize: in qsync loop over mount vnodes, only unlock mount interlock after we committed to try to vget() the vnode.
Submitted by: bde Reviewed by: mckusick Tested by: pho MFC after: 1 week
|
232821 |
11-Mar-2012 |
kib |
Remove fifo.h. The only used function declaration from the header is migrated to sys/vnode.h.
Submitted by: gianni
|
232701 |
08-Mar-2012 |
jhb |
Add KTR_VFS traces to track modifications to a vnode's writecount.
|
232401 |
02-Mar-2012 |
jhb |
Similar to the fixes in 226967 and 226987, purge any name cache entries associated with the previous vnode (if any) associated with the target of a rename(). Otherwise, a lookup of the target pathname concurrent with a rename() could re-add a name cache entry after the namei(RENAME) lookup in kern_renameat() had purged the target pathname.
MFC after: 2 weeks
|
232351 |
01-Mar-2012 |
mckusick |
This change avoids a kernel deadlock on "snaplk" when using snapshots on UFS filesystems running with journaled soft updates. This is the first of several bugs that need to be fixed before removing the restriction added in -r230250 to prevent the use of snapshots on filesystems running with journaled soft updates.
The deadlock occurs when holding the snapshot lock (snaplk) and then trying to flush an inode via ffs_update(). We become blocked by another process trying to flush a different inode contained in the same inode block that we need. It holds the inode block for which we are waiting locked. When it tries to write the inode block, it gets blocked waiting for the our snaplk when it calls ffs_copyonwrite() to see if the inode block needs to be copied in our snapshot.
The most obvious place that this deadlock arises is in the ffs_copyonwrite() routine when it updates critical metadata in a snapshot and tries to write it out before proceeding. The fix here is to write the data and indirect block pointer for the snapshot, but to skip the call to ffs_update() to write the snapshot inode. To ensure that we will never have to update a pointer in the inode itself, the ffs_snapshot() routine that creates the snapshot has to ensure that all the direct blocks are allocated as part of the creation of the snapshot.
A less obvious place that this deadlock occurs is when we hold the snaplk because we are deleting a snapshot. In the course of doing the deletion, we need to allocate various soft update dependency structures and allocate some journal space. If we hit a resource limit while doing this we decrease the resources in use by flushing out an existing dirty file to get it to give up the soft dependency resources that it holds. The flush can cause an ffs_update() to be done on the inode for the file that we have selected to flush resulting in the same deadlock as described above when the inode that we have chosen to flush resides in the same inode block as the snapshot inode that we hold. The fix is to defer cleaning up any time that the inode on which we are operating is a snapshot.
Help and review by: Jeff Roberson Tested by: Peter Holm MFC (to 9 only) after: 2 weeks
|
232003 |
22-Feb-2012 |
kib |
Properly lock DQREF() with dqhlock. Missed locking caused counter corruption.
Assert that the dq reference value is sane before decrementing it.
Reported and tested by: pho MFC after: 1 week
|
231949 |
21-Feb-2012 |
kib |
Fix found places where uio_resid is truncated to int.
Add the sysctl debug.iosize_max_clamp, enabled by default. Setting the sysctl to zero allows to perform the SSIZE_MAX-sized i/o requests from the usermode.
Discussed with: bde, das (previous versions) MFC after: 1 month
|
231122 |
07-Feb-2012 |
kib |
Sprinkle missed calls to asynchronous UFS_UPDATE() in attempt to guarantee that all UFS inode metadata changes results in the dirtiness of the inodeblock. Due to missed inodeblock updates, syncer was required to fsync each mount point' vnode to guarantee periodic metadata flush.
Reviewed by: mckusick Tested by: scottl MFC after: 2 weeks
|
231075 |
06-Feb-2012 |
kib |
Current implementations of sync(2) and syncer vnode fsync() VOP uses mnt_noasync counter to temporary remove MNTK_ASYNC mount option, which is needed to guarantee a synchronous completion of the initiated i/o before syscall or VOP return. Global removal of MNTK_ASYNC option is harmful because not only i/o started from corresponding thread becomes synchronous, but all i/o is synchronous on the filesystem which is initiated during sync(2) or syncer activity.
Instead of removing MNTK_ASYNC from mnt_kern_flag, provide a local thread flag to disable async i/o for current thread only. Use the opportunity to move DOINGASYNC() macro into sys/vnode.h and consistently use it through places which tested for MNTK_ASYNC.
Some testing demonstrated 60-70% improvements in run time for the metadata-intensive operations on async-mounted UFS volumes, but still with great deviation due to other reasons.
Reviewed by: mckusick Tested by: scottl MFC after: 2 weeks
|
230221 |
16-Jan-2012 |
ivoras |
Add a bit of verbosity to the comment.
|
229828 |
08-Jan-2012 |
kib |
Avoid LOR between vfs_busy() lock and covered vnode lock on quotaon(). The vfs_busy() is after covered vnode lock in the global lock order, but since quotaon() does recursive VFS call to open quota file, we usually end up locking covered vnode after mp is busied in sys_quotactl().
Change the interface of VFS_QUOTACTL(), requiring that mp was unbusied by fs code, and do not try to pick up vfs_busy() reference in ufs quotaon, esp. if vfs_busy cannot succeed due to unmount being performed.
Reported and tested by: pho MFC after: 1 week
|
227382 |
09-Nov-2011 |
gleb |
Use implementation independent inoNN_t scalars for on-disk UFS structures
Approved by: mdf (mentor)
|
227267 |
06-Nov-2011 |
ed |
Remove MALLOC_DECLAREs of nonexisting malloc-pools.
After careful grepping, it seems none of these pools can be found in our source tree. They are not in use, nor are they defined.
|
226971 |
31-Oct-2011 |
pho |
Fix the wrong commit log message for r226967: "Added missing cache purge of from argument" and fix the comment.
|
226967 |
31-Oct-2011 |
pho |
The kern_renameat() looks up the fvp using the DELETE flag, which causes the removal of the name cache entry for fvp.
Reported by: Anton Yuzhaninov <citrin citrin ru> In collaboration with: kib MFC after: 1 week
|
225104 |
23-Aug-2011 |
ae |
Fix lock leak.
Reported by: Alex Lyashkov Approved by: re (kib) MFC after: 1 week
|
224503 |
30-Jul-2011 |
mckusick |
Update to -r224294 to ensure that only one of MNT_SUJ or MNT_SOFTDEP is set so that mount can revert back to using MNT_NOWAIT when doing getmntinfo.
Approved by: re (kib)
|
224294 |
24-Jul-2011 |
mckusick |
Move the MNTK_SUJ flag in mnt_kern_flag to MNT_SUJ in mnt_flag so that it is visible to userland programs. This change enables the `mount' command with no arguments to be able to show if a filesystem is mounted using journaled soft updates as opposed to just normal soft updates.
Approved by: re (bz)
|
224061 |
15-Jul-2011 |
mckusick |
Add an FFS specific mount option to allow a filesystem checker (typically fsck_ffs) to register that it wishes to use FFS specific sysctl's to update the filesystem. This ensures that two checkers cannot run on a given filesystem at the same time and that no other process accidentally or maliciously uses the filesystem updating sysctls inappropriately. This functionality is needed by the journaling soft-updates recovery code.
|
223769 |
04-Jul-2011 |
jeff |
- Fix an inode quota leak. We need to decrement the quota once and only once.
Tested by: pho Reviewed by: mckusick
|
223020 |
12-Jun-2011 |
mckusick |
Update to soft updates journaling to properly track freed blocks that get claimed by snapshots.
Submitted by: Jeff Roberson Tested by: Peter Holm
|
222958 |
10-Jun-2011 |
jeff |
Implement fully asynchronous partial truncation with softupdates journaling to resolve errors which can cause corruption on recovery with the old synchronous mechanism.
- Append partial truncation freework structures to indirdeps while truncation is proceeding. These prevent new block pointers from becoming valid until truncation completes and serialize truncations. - On completion of a partial truncate journal work waits for zeroed pointers to hit indirects. - softdep_journal_freeblocks() handles last frag allocation and last block zeroing. - vtruncbuf/ffs_page_remove moved into softdep_*_freeblocks() so it is only implemented in one place. - Block allocation failure handling moved up one level so it does not proceed with buf locks held. This permits us to do more extensive reclaims when filesystem space is exhausted. - softdep_sync_metadata() is broken into two parts, the first executes once at the start of ffs_syncvnode() and flushes truncations and inode dependencies. The second is called on each locked buf. This eliminates excessive looping and rollbacks. - Improve the mechanism in process_worklist_item() that handles acquiring vnode locks for handle_workitem_remove() so that it works more generally and does not loop excessively over the same worklist items on each call. - Don't corrupt directories by zeroing the tail in fsck. This is only done for regular files. - Push a fsync complete record for files that need it so the checker knows a truncation in the journal is no longer valid.
Discussed with: mckusick, kib (ffs_pages_remove and ffs_truncate parts) Tested by: pho
|
222955 |
10-Jun-2011 |
jeff |
- Add support for referencing quota structures without needing the inode pointer for softupdates.
Submitted by: mckusick
|
222954 |
10-Jun-2011 |
jeff |
- If the fsync in ufs_direnter fails SUJ can later panic because we have partially added a name. Allow ufs_direnter() to continue in the hopes that it is a transient error. If it is not, the directory is corrupted already from IO errors and writing this new block is not likely to make things worse.
|
222196 |
22-May-2011 |
rmacklem |
Fix the ufs/ffs file system so that it uses the lock flags argument added to VFS_FHTOVP() by r222167.
Reviewed by: mckusick
|
222167 |
22-May-2011 |
rmacklem |
Add a lock flags argument to the VFS_FHTOVP() file system method, so that callers can indicate the minimum vnode locking requirement. This will allow some file systems to choose to return a LK_SHARED locked vnode when LK_SHARED is specified for the flags argument. This patch only adds the flag. It does not change any file system to use it and all callers specify LK_EXCLUSIVE, so file system semantics are not changed.
Reviewed by: kib
|
220985 |
24-Apr-2011 |
kib |
VFS sometimes is unable to inactivate a vnode when vnode use count goes to zero. E.g., the vnode might be only shared-locked at the time of vput() call. Such vnodes are kept in the hash, so they can be found later.
If ffs_valloc() allocated an inode that has its vnode cached in hash, and still owing the inactivation, then vget() call from ffs_valloc() clears VI_OWEINACT, and then the vnode is reused for the newly allocated inode.
The problem is, the vnode is not reclaimed before it is put to the new use. ffs_valloc() recycles vnode vm object, but this is not enough. In particular, at least v_vflag should be cleared, and several bits of UFS state need to be removed.
It is very inconvenient to call vgone() at this point. Instead, move some parts of ufs_reclaim() into helper function ufs_prepare_reclaim(), and call the helper from VOP_RECLAIM and ffs_valloc().
Reviewed by: mckusick Tested by: pho MFC after: 3 weeks
|
219804 |
20-Mar-2011 |
kib |
Retire opt_ffs_broken_fixme.h. Instead of directly calling ffs_snapgone(), use UFS_SNAPGONE() with usual layering.
Requested by: bde MFC after: 1 week
|
219712 |
17-Mar-2011 |
kib |
Remove the #if defined(FFS) || defined(IFS) braces around the calls to ffs_snapgone(). ufs.ko module is not build with FFS define, causing snapshot inode number slots in superblock never be freed, as well as a reference on the snapshot vnode.
IFS was removed several years ago, and UFS/FFS separation was not maintained for real.
Reported, analyzed and tested by: Yamagi Burmeister <lists yamagi org> MFC after: 3 days
|
219388 |
07-Mar-2011 |
kib |
Simplify uses of the web of pointers.
Reviewed by: mckusick MFC after: 1 week
|
219384 |
07-Mar-2011 |
jhb |
The UFS dirhash code was attempting to update shared state in the dirhash from multiple threads while holding a shared lock during a lookup operation. This could result in incorrect ENOENT failures which could then be permanently stored in the name cache.
Specifically, the dirhash code optimizes the case that a single thread is walking a directory sequentially opening (or stat'ing) each file. It uses state in the dirhash structure to determine if a given lookup is using the optimization. If the optimization fails, it disables it and restarts the lookup. The problem arises when two threads both attempt the optimization and fail. The first thread will restart the loop, but the second thread will incorrectly think that it did not try the optimization and will only examine a subset of the directory entires in its hash chain. As a result, it may fail to find its directory entry and incorrectly fail with ENOENT.
To make this safe for use with shared locks, simplify the state stored in the dirhash and move some of the state (the part that determines if the current thread is trying the optimization) into a local variable. One result is that we will now try the optimization more often. We still update the value under the shared lock, but it is a single atomic store similar to i_diroff that is stored in UFS directory i-nodes for the non-dirhash lookup.
Reviewed by: kib MFC after: 1 week
|
218838 |
19-Feb-2011 |
kib |
v_mountedhere is a member of the union. Check that the vnodes have proper type before using the member.
Reported and tested by: Michael Butler <imb protected-networks net>
|
218513 |
10-Feb-2011 |
netchild |
Wrap long line.
Noticed by: bz
|
218485 |
09-Feb-2011 |
netchild |
Add some FEATURE macros for some UFS features.
SU+J is not included as a FEATURE macro: - it was not in the tree during the GSoC - I do not see an option to en-/disable it in NOTES
Two minor changes where made during the review compared to what was developed during GSoC 2010.
No FreeBSD version bump, the userland application to query the features will be committed last and can serve as an indication of the availablility if needed.
Sponsored by: Google Summer of Code 2010 Submitted by: kibab Reviewed by: kib X-MFC after: to be determined in last commit with code from this project
|
217357 |
13-Jan-2011 |
pluknet |
Embed a quota error message (C string) into uprintf() fmt. While here, fix whitespaces.
Approved by: kib (mentor)
|
216818 |
30-Dec-2010 |
kib |
Handle missing jremrefs when a directory is renamed overtop of another, deleting it. If the directory is removed, UFS always need to remove the .. ref, even if the ultimate ref on the parent would not change. The new directory must have a new journal entry for that ref. Otherwise journal processing would not properly account for the parent's reference since it will belong to a removed directory entry.
Change ufs_rename()'s dotdot rename section to always setup_dotdot_link(). In the tip != NULL case SUJ needs the newref dependency allocated via setup_dotdot_link().
Stop setting isrmdir to 2 for newdirrem() in softdep_setup_remove(). Remove the isdirrem > 1 checks from newdirrem().
Reported by: many Submitted by: jeff Tested by: pho
|
216796 |
29-Dec-2010 |
kib |
Add kernel side support for BIO_DELETE/TRIM on UFS.
The FS_TRIM fs flag indicates that administrator requested issuing of TRIM commands for the volume. UFS will only send the command to disk if the disk reports GEOM::candelete attribute.
Since disk queue is reordered, data block is marked as free in the bitmap only after TRIM command completed. Due to need to sleep waiting for i/o to finish, TRIM bio_done routine schedules taskqueue to set the bitmap bit.
Based on the patch by: mckusick Reviewed by: mckusick, pjd Tested by: pho MFC after: 1 month
|
216792 |
29-Dec-2010 |
kib |
Use a proper type for the variable holding the summary size of the inode data. Otherwise, on 32bit systems, unlinked inode which size is the multiple of 4GB was not truncated, causing corruption.
Reported by: brucec Reviewed by: mckusick Tested by: pho
|
215548 |
19-Nov-2010 |
kib |
Remove prtactive variable and related printf()s in the vop_inactive and vop_reclaim() methods. They seems to be unused, and the reported situation is normal for the forced unmount.
MFC after: 1 week X-MFC-note: keep prtactive symbol in vfs_subr.c
|
215052 |
09-Nov-2010 |
jhb |
Remove unused includes of <sys/mutex.h> and <machine/mutex.h>.
|
214359 |
25-Oct-2010 |
ivoras |
Bring vfs.ufs.dirhash_maxmem into the age of the fruitbat and make it autotuned. It is only an upper bound (the memory is not always allocated) and the system contains a vm_lowmem handler so nothing will crash and burn if it's tuned too high.
Reviewed by: mckusick
|
213664 |
10-Oct-2010 |
kib |
The r184588 changed the layout of struct export_args, causing an ABI breakage for old mount(2) syscall, since most struct <filesystem>_args embed export_args. The mount(2) is supposed to provide ABI compatibility for pre-nmount mount(8) binaries, so restore ABI to pre-r184588.
Requested and reviewed by: bde MFC after: 2 weeks
|
209717 |
06-Jul-2010 |
jeff |
- Handle the truncation of an inode with an effective link count of 0 in the context of the process that reduced the effective count. Previously all truncation as a result of unlink happened in the softdep flush thread. This had the effect of being impossible to rate limit properly with the journal code. Now the process issuing unlinks is suspended when the journal files. This has a side-effect of improving rm performance by allowing more concurrent work. - Handle two cases in inactive, one for effnlink == 0 and another when nlink finally reaches 0. - Eliminate the SPACECOUNTED related code since the truncation is no longer delayed.
Discussed with: mckusick
|
209367 |
20-Jun-2010 |
kib |
Ensure that VOP_ACCESSX is called with exclusively locked vnode for the kernel compiled with QUOTA option. ufs_accessx() upgrades the vdp vnode lock from shared to exclusive to assign the dquot structure to the vnode, and ufs_delete_denied() is called when tvp is locked. Since upgrade drops shared lock when non-blocked upgrade failed, LOR is there.
Reported and tested by: Dmitry Pryanishnikov <lynx.ripe gmail com> Tested by: pho PR: kern/147890 MFC after: 1 week
|
208774 |
03-Jun-2010 |
kib |
Extend the scope of the lock on the quota file vnode in quotaon() to cover the initial read by dqopen(). Assert that vnode is locked in dqopen(). Remove VFS_LOCK_GIANT() from dqopen(), since quotaon() keeps Giant locked if needed around the call.
|
207736 |
07-May-2010 |
mckusick |
Merger of the quota64 project into head.
This joint work of Dag-Erling Smørgrav and myself updates the FFS quota system to support both traditional 32-bit and new 64-bit quotas (for those of you who want to put 2+Tb quotas on your users).
By default quotas are not compiled into the kernel. To include them in your kernel configuration you need to specify:
options QUOTA # Enable FFS quotas
If you are already running with the current 32-bit quotas, they should continue to work just as they have in the past. If you wish to convert to using 64-bit quotas, use `quotacheck -c 64'; if you wish to revert from 64-bit quotas back to 32-bit quotas, use `quotacheck -c 32'.
There is a new library of functions to simplify the use of the quota system, do `man quotafile' for details. If your application is currently using the quotactl(2), it is highly recommended that you convert your application to use the quotafile interface. Note that existing binaries will continue to work.
Special thanks to John Kozubik of rsync.net for getting me interested in pursuing 64-bit quota support and for funding part of my development time on this project.
|
207141 |
24-Apr-2010 |
jeff |
- Merge soft-updates journaling from projects/suj/head into head. This brings in support for an optional intent log which eliminates the need for background fsck on unclean shutdown.
Sponsored by: iXsystems, Yahoo!, and Juniper. With help from: McKusick and Peter Holm
|
206894 |
20-Apr-2010 |
kib |
The cache_enter(9) function shall not be called for doomed dvp. Assert this.
In the reported panic, vdestroy() fired the assertion "vp has namecache for ..", because pseudofs may end up doing cache_enter() with reclaimed dvp, after dotdot lookup temporary unlocked dvp. Similar problem exists in ufs_lookup() for "." lookup, when vnode lock needs to be upgraded.
Verify that dvp is not reclaimed before calling cache_enter().
Reported and tested by: pho Reviewed by: kan MFC after: 2 weeks
|
202971 |
25-Jan-2010 |
trasz |
Return proper error code.
Found with: clang
|
202934 |
24-Jan-2010 |
trasz |
Move out code that does POSIX.1e ACL inheritance into separate routines.
Reviewed by: rwatson
|
202113 |
11-Jan-2010 |
mckusick |
Background:
When renaming a directory it passes through several intermediate states. First its new name will be created causing it to have two names (from possibly different parents). Next, if it has different parents, its value of ".." will be changed from pointing to the old parent to pointing to the new parent. Concurrently, its old name will be removed bringing it back into a consistent state. When fsck encounters an extra name for a directory, it offers to remove the "extraneous hard link"; when it finds that the names have been changed but the update to ".." has not happened, it offers to rewrite ".." to point at the correct parent. Both of these changes were considered unexpected so would cause fsck in preen mode or fsck in background mode to fail with the need to run fsck manually to fix these problems. Fsck running in preen mode or background mode now corrects these expected inconsistencies that arise during directory rename. The functionality added with this update is used by fsck running in background mode to make these fixes.
Solution:
This update adds three new fsck sysctl commands to support background fsck in correcting expected inconsistencies that arise from incomplete directory rename operations. They are:
setcwd(dirinode) - set the current directory to dirinode in the filesystem associated with the snapshot. setdotdot(oldvalue, newvalue) - Verify that the inode number for ".." in the current directory is oldvalue then change it to newvalue. unlink(nameptr, oldvalue) - Verify that the inode number associated with nameptr in the current directory is oldvalue then unlink it.
As with all other fsck sysctls, these new ones may only be used by processes with appropriate priviledge.
Reported by: jeff Security issues: rwatson
|
201717 |
07-Jan-2010 |
mckusick |
KASSERT that condition raised by Coverity cannot happen.
Found by: Coverity Prevent (tm) KASSERT by: sam
|
200796 |
21-Dec-2009 |
trasz |
Implement NFSv4 ACL support for UFS.
Reviewed by: rwatson
|
197408 |
22-Sep-2009 |
rdivacky |
Don't build ufs_gjournal.c at all if UFS_GJOURNAL option is not given instead of building an almost empty C file.
Approved by: pjd Approved by: ed (mentor, implicit)
|
197269 |
17-Sep-2009 |
brooks |
Allocate space for the group array in a static credential used in the quota code. One case was correctly handled in r194498, but this one was missed.
PR: kern/138657 Tested by: PR submitter MFC after: 3 days
|
196987 |
08-Sep-2009 |
trasz |
Remove useless variable assignment.
|
195296 |
02-Jul-2009 |
trasz |
Fix fpathconf(3) on fifos, in effect making ls(1) properly display '+' on them. Taken from kern/125613, with cosmetic changes.
PR: kern/125613 Submitted by: Jaakko Heinonen <jh at saunalahti dot fi> Approved by: re (kib)
|
195003 |
25-Jun-2009 |
snb |
Fix a bug reported by pho@ where one can induce a panic by decreasing vfs.ufs.dirhash_maxmem below the current amount of memory used by dirhash. When ufsdirhash_build() is called with the memory in use greater than dirhash_maxmem, it attempts to free up memory by calling ufsdirhash_recycle(). If successful in freeing enough memory, ufsdirhash_recycle() leaves the dirhash list locked. But at this point in ufsdirhash_build(), the list is not explicitly unlocked after the call(s) to ufsdirhash_recycle(). When we next attempt to lock the dirhash list, we will get a "panic: _mtx_lock_sleep: recursed on non-recursive mutex dirhash list".
Tested by: pho Approved by: dwmalone (mentor) MFC after: 3 weeks
|
194498 |
19-Jun-2009 |
brooks |
Rework the credential code to support larger values of NGROUPS and NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024 and 1023 respectively. (Previously they were equal, but under a close reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member cr_groups from a static array to a pointer. Do the equivalent in kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating a process credential before modifying it and for setting group lists respectively. Both interfaces take care for the details of allocating groups array. crsetgroups() takes care of truncating the group list to the current maximum (NGROUPS) if necessary. In the future, crsetgroups() may be responsible for insuring invariants such as sorting the supplemental groups to allow groupmember() to be implemented as a binary search.
Because we can not change struct xucred without breaking application ABIs, we leave it alone and introduce a new XU_NGROUPS value which is always 16 and is to be used or NGRPS as appropriate for things such as NFS which need to use no more than 16 groups. When feasible, truncate the group list rather than generating an error.
Minor changes: - Reduce the number of hand rolled versions of groupmember(). - Do not assign to both cr_gid and cr_groups[0]. - Modify ipfw to cache ucreds instead of part of their contents since they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation) X-MFC after: never PR: bin/113398 kern/133867
|
194387 |
17-Jun-2009 |
snb |
Keep dirhash tailq locked throughout the entirety of ufsdirhash_destroy() to fix a potential race pointed out by pjd. Also use TAILQ_FOREACH_SAFE to iterate over dirhashes in ufsdirhash_lowmem(), so that we can continue iterating even after a dirhash is destroyed.
Suggested by: pjd Tested by: pho Approved by: dwmalone (mentor)
|
194296 |
16-Jun-2009 |
kib |
Do not use casts (int *)0 and (struct thread *)0 for the arguments of vn_rdwr, use NULL.
Reviewed by: jhb MFC after: 1 week
|
193511 |
05-Jun-2009 |
rwatson |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
|
193375 |
03-Jun-2009 |
snb |
Add vm_lowmem event handler for dirhash. This will cause dirhashes to be deleted when the system is low on memory. This ought to allow an increase to vfs.ufs.dirhash_maxmem on machines that have lots of memory, without degrading performance by having too much memory reserved for dirhash when other things need it. The default value for dirhash_maxmem is being kept at 2MB for now, though.
This work was mostly done during the 2008 Google Summer of Code.
Approved by: dwmalone (mentor), re MFC after: 3 months
|
192895 |
27-May-2009 |
jamie |
Add hierarchical jails. A jail may further virtualize its environment by creating a child jail, which is visible to that jail and to any parent jails. Child jails may be restricted more than their parents, but never less. Jail names reflect this hierarchy, being MIB-style dot-separated strings.
Every thread now points to a jail, the default being prison0, which contains information about the physical system. Prison0's root directory is the same as rootvnode; its hostname is the same as the global hostname, and its securelevel replaces the global securelevel. Note that the variable "securelevel" has actually gone away, which should not cause any problems for code that properly uses securelevel_gt() and securelevel_ge().
Some jail-related permissions that were kept in global variables and set via sysctls are now per-jail settings. The sysctls still exist for backward compatibility, used only by the now-deprecated jail(2) system call.
Approved by: bz (mentor)
|
192586 |
22-May-2009 |
trasz |
Make 'struct acl' larger, as required to support NFSv4 ACLs. Provide compatibility interfaces in both kernel and libc.
Reviewed by: rwatson
|
191990 |
11-May-2009 |
attilio |
Remove the thread argument from the FSD (File-System Dependent) parts of the VFS. Now all the VFS_* functions and relating parts don't want the context as long as it always refers to curthread.
In some points, in particular when dealing with VOPs and functions living in the same namespace (eg. vflush) which still need to be converted, pass curthread explicitly in order to retain the old behaviour. Such loose ends will be fixed ASAP.
While here fix a bug: now, UFS_EXTATTR can be compiled alone without the UFS_EXTATTR_AUTOSTART option.
VFS KPI is heavilly changed by this commit so thirdy parts modules needs to be recompiled. Bump __FreeBSD_version in order to signal such situation.
|
191940 |
09-May-2009 |
kan |
Do not embed struct ucred into larger netcred parent structures.
Credential might need to hang around longer than its parent and be used outside of mnt_explock scope controlling netcred lifetime. Use separate reference-counted ucred allocated separately instead.
While there, extend mnt_explock coverage in vfs_stdexpcheck and clean-up some unused declarations in new NFS code.
Reported by: John Hickey PR: kern/133439 Reviewed by: dfr, kib
|
191564 |
27-Apr-2009 |
rmacklem |
Change the semantics of i_modrev/va_filerev to what is required for the nfsv4 Change attribute. There are 2 changes: 1 - The value now changes on metadata changes as well as data modifications (incremented for IN_CHANGE instead of IN_UPDATE). 2 - It is now saved in spare space in the on-disk i-node so that it survives a crash. Since va_filerev is not passed out into user space, the only current use of va_filerev is in the nfs server, which uses it as the directory cookie verifier. Since this verifier is only passed back to the server by a client verbatim and then the server doesn't check it, changing the semantics should not break anything currently in FreeBSD.
Reviewed by: bde Approved by: kib (mentor)
|
191315 |
20-Apr-2009 |
kib |
In ufs_checkpath(), recheck that '..' still points to the inode with the same inode number after VFS_VGET() and relock of the vp. If '..' changed, redo the lookup. To reduce code duplication, move the code to read '..' dirent into the static helper function ufs_dir_dd_ino().
Supply the source inode number as an argument to ufs_checkpath() instead of the source inode itself. The inode is unlocked, thus it might be reclaimed, causing accesses to the freed memory.
Use vn_vget_ino() to get the '..' vnode by its inode number, instead of directly code VFS_VGET() and relock, to properly busy the mount point while vp lock is dropped.
Noted and reviewed by: tegge Tested by: pho MFC after: 1 month
|
191260 |
19-Apr-2009 |
kib |
When verifying '..' after VFS_VGET() in ufs_lookup(), do not return error if '..' is still there but changed between lookup and check. Start relookup instead. Rename is supposed to change '..' reference atomically, so transient failures introduced by r191137 are wrong.
While rearranging the code to allow lookup restart in ufs_lookup(), remove the comment that only distracts the reader.
Noted and reviewed by: tegge Also reported by: pho MFC after: 1 month
|
191249 |
18-Apr-2009 |
trasz |
Use acl_alloc() and acl_free() instead of using uma(9) directly. This will make switching to malloc(9) easier; also, it would be neccessary to add these routines if/when we implement variable-size ACLs.
|
191137 |
16-Apr-2009 |
kib |
Verify that '..' still exists with the same inode number after VFS_VGET() has returned in ufs_lookup(). If the '..' lookup started immediately before the parent directory was removed, we might return either cleared or unrelated inode otherwise.
Ufs_lookup() is split into new function ufs_lookup_() that either does lookup, or verifies that directory entry exists and references supplied inode number.
Reviewed by: tegge Tested by: pho, Andreas Tobler <andreast-list fgznet ch> (previous version) MFC after: 1 month
|
189737 |
12-Mar-2009 |
kib |
The non-modifying EA VOPs are executed with only shared vnode lock taken. Provide a custom lock around initializing and tearing down EA area, to prevent both memory leaks and double-free of it. Count the number of EA area accessors.
Lock protocol requires either holding exclusive vnode lock to modify i_ea_area, or shared vnode lock and owning IN_EA_LOCKED flag in i_flag.
Noted by: YAMAMOTO, Taku <taku tackymt homeip net> Tested by: pho (previous version) MFC after: 2 weeks
|
187564 |
21-Jan-2009 |
jhb |
Fix a few style bogons.
Submitted by: bde
|
187528 |
21-Jan-2009 |
kib |
Move the code from ufs_lookup.c used to do dotdot lookup, into the helper function. It is supposed to be useful for any filesystem that has to unlock dvp to walk to the ".." entry in lookup routine.
Requested by: jhb Tested by: pho MFC after: 1 month
|
187526 |
21-Jan-2009 |
jhb |
Move the VA_MARKATIME flag for VOP_SETATTR() out into its own VOP: VOP_MARKATIME() since unlike the rest of VOP_SETATTR(), VA_MARKATIME can be performed while holding a shared vnode lock (the same functionality is done internally by VOP_READ which can run with a shared vnode lock). Add missing locking of the vnode interlock to the ufs implementation and remove a special note and test from the NFS client about not supporting the feature.
Inspired by: ups Tested by: pho
|
187474 |
20-Jan-2009 |
jhb |
Add a comment explaining why the "bufwait" / "dirhash" LOR reported by WITNESS will not actually result in a deadlock.
Discussed with: kib MFC after: 1 week
|
186898 |
08-Jan-2009 |
kib |
Lock the uepm_lock around the autostart of extattrs.
Reported and tested by: pho Reviewed by: rwatson MFC after: 3 weeks
|
186278 |
18-Dec-2008 |
kib |
Do not busy twice the mount point where a quota operation is performed.
Tested by: pho MFC after: 1 month
|
186194 |
16-Dec-2008 |
trasz |
According to phk@, VOP_STRATEGY should never, _ever_, return anything other than 0. Make it so. This fixes "panic: VOP_STRATEGY failed bp=0xc320dd90 vp=0xc3b9f648", encountered when writing to an orphaned filesystem. Reason for the panic was the following assert: KASSERT(i == 0, ("VOP_STRATEGY failed bp=%p vp=%p", bp, bp->b_vp)); at vfs_bio:bufstrategy().
Reviewed by: scottl, phk Approved by: rwatson (mentor) Sponsored by: FreeBSD Foundation
|
185761 |
08-Dec-2008 |
kib |
The dqrele() function syncs the dq, then acquires the dqh lock, and then does final drop of the the dq reference to put it onto the free list. There is a possibility that the dq would be found by another thread after sync and before the dqh lock is acquired. If that other thread drops the dq before we have taken the dqh lock, the dirty dq is put on the free list.
Recheck the DQ_MOD after the dqh lock is relocked. Repeat dqsync() if the dq is dirty. This ensures that up to date dq is written in the quota file and fixes assertion in dqget().
Reported and tested by: Frode Nordahl <frode nordahl net> MFC after: 3 days
|
185739 |
07-Dec-2008 |
kib |
Improve usefulness of the panic by printing the pointer to the problematic dquot. In-tree gdb is often unable to get the dq value, so supply it in panic message.
MFC after: 3 days
|
185556 |
02-Dec-2008 |
kib |
Do not lock vnode interlock around reading of v_iflag to check VI_DOOMED. Read of the pointer is atomic, and flag cannot be set while vnode lock is held.
Requested by: jhb MFC after: 1 month
|
185170 |
22-Nov-2008 |
kib |
Busy ufs filesystem around block of code that does ".." lookup. Since mnt_lock is before lock of any vnode on the mp, it uses LK_NOWAIT. Since MNTK_UNMOUNT may be transient, pdp lock is dropped when vfs_busy() failed, and operation is retried after some time. This way, ffs_vget() is not called on the mp that may be in the process of being destroyed by unmount.
Check for the VI_DOOMED flag on pdp after its lock is reacquired, to better detect some situations where directory containing ".." entry is removed during the lookup.
Reviewed by: tegge, attilio (previous version) Tested by: pho MFC after: 1 month
|
185102 |
19-Nov-2008 |
jhb |
Fix typo.
|
184651 |
04-Nov-2008 |
jhb |
Quiet a WITNESS warning with the dirhash sx locks by setting the DUPOK flag. Specifically, if two threads race to create a dirhash for a directory, then one might already have created a private dirhash structure (and locked it) when it realizes the directory now has a structure and tries to lock that one.
|
184629 |
04-Nov-2008 |
trasz |
In UFS, when reading EA that contains ACL fails for some reason, include inode number and filesystem name, so the administrator can fix the problem.
Approved by: rwatson (mentor)
|
184554 |
02-Nov-2008 |
attilio |
Improve VFS locking: - Implement real draining for vfs consumers by not relying on the mnt_lock and using instead a refcount in order to keep track of lock requesters. - Due to the change above, remove the mnt_lock lockmgr because it is now useless. - Due to the change above, vfs_busy() is no more linked to a lockmgr. Change so its KPI by removing the interlock argument and defining 2 new flags for it: MBF_NOWAIT which basically replaces the LK_NOWAIT of the old version (which was unlinked from the lockmgr alredy) and MBF_MNTLSTLOCK which provides the ability to drop the mountlist_mtx once the mnt interlock is held (ability still desired by most consumers). - The stub used into vfs_mount_destroy(), that allows to override the mnt_ref if running for more than 3 seconds, make it totally useless. Remove it as it was thought to work into older versions. If a problem of "refcount held never going away" should appear, we will need to fix properly instead than trust on such hackish solution. - Fix a bug where returning (with an error) from dounmount() was still leaving the MNTK_MWAIT flag on even if it the waiters were actually woken up. Just a place in vfs_mount_destroy() is left because it is going to recycle the structure in any case, so it doesn't matter. - Remove the markercnt refcount as it is useless.
This patch modifies VFS ABI and breaks KPI for vfs_busy() so manpages and __FreeBSD_version will be modified accordingly.
Discussed with: kib Tested by: pho
|
184413 |
28-Oct-2008 |
trasz |
Introduce accmode_t. This is required for NFSv4 ACLs - it will be neccessary to add more V* constants, and the variables changed by this patch were often being assigned to mode_t variables, which is 16 bit.
Approved by: rwatson (mentor)
|
184408 |
28-Oct-2008 |
kib |
Provide an explanation for getinoquota() call in the ufs_access vop.
MFC after: 3 days
|
184214 |
23-Oct-2008 |
des |
Fix a number of style issues in the MALLOC / FREE commit. I've tried to be careful not to fix anything that was already broken; the NFSv4 code is particularly bad in this respect.
|
184205 |
23-Oct-2008 |
des |
Retire the MALLOC and FREE macros. They are an abomination unto style(9).
MFC after: 3 months
|
183280 |
22-Sep-2008 |
jhb |
Close a race between concurrent calls to ufsdirhash_recycle() and ufsdirhash_free() introduced in my last commit by removing the dirhash about to be free'd in ufsdirhash_free() from the global dirhash list before dropping the sx lock.
Tested by: kris
|
183212 |
20-Sep-2008 |
kib |
Initialize va_flags and va_filerev properly in VOP_GETATTR(). Don't initialize va_vaflags and va_spare because they are not part of the VOP_GETATTR() API. Also don't initialize birthtime to ctime or zero.
Submitted by: Jaakko Heinonen <jh saunalahti fi> Reviewed by: bde Discussed on: freebsd-fs MFC after: 1 month
|
183093 |
16-Sep-2008 |
jhb |
Retire the 'i_reclen' field from the in-memory i-node. Previously, during a DELETE lookup operation, lookup would cache the length of the directory entry to be deleted in 'i_reclen'. Later, the actual VOP to remove the directory entry (ufs_remove, ufs_rename, etc.) would call ufs_dirremove() which extended the length of the previous directory entry to "remove" the deleted entry.
However, we always read the entire block containing the directory entry when doing the removal, so we always have the directory entry to be deleted in-memory when doing the update to the directory block. Also, we already have to figure out where the directory entry that is being removed is in the block so that we can pass the component name to the dirhash code to update the dirhash. So, instead of passing 'i_reclen' from ufs_lookup() to the ufs_dirremove() routine, just read the 'd_reclen' field directly out of the entry being removed when updating the length of the previous entry in the block.
This avoids a cosmetic issue of writing to 'i_reclen' while holding a shared vnode lock. It also slightly reduces the amount of side-band data passed from ufs_lookup() to operations updating a directory via the directory's i-node.
Reviewed by: jeff
|
183080 |
16-Sep-2008 |
jhb |
Fix a race with shared lookups on UFS. If the the dirhash code reached the cap on memory usage, then shared LOOKUP operations could start free'ing dirhash structures. Without these fixes, concurrent free's on the same directory could result in one of the threads blocked on a lock in a dirhash structure free'd by the other thread. - Replace the lockmgr lock in the dirhash structure with an sx lock. - Use a reference count managed with ufsdirhash_hold()/drop() to determine when to free the dirhash structures. The directory i-node holds a reference while the dirhash is attached to an i-node. Code that wishes to lock the dirhash while holding a shared vnode lock must first acquire a private reference to the dirhash while holding the vnode interlock before acquiring the dirhash sx lock. After acquiring the sx lock, it drops the private reference after checking to see if the dirhash is still used by the directory i-node.
|
183079 |
16-Sep-2008 |
jhb |
- Only set i_offset in the parent directory's i-node during a lookup for non-LOOKUP operations. - Relax a VOP assertion for a DELETE lookup. rename() uses WANTPARENT instead of LOCKPARENT when looking up the source pathname. ufs_rename() uses a relookup() to lock the parent directory when it decides to finally remove the source path. Thus, it is ok for a DELETE with WANTPARENT set instead of LOCKPARENT to use a shared vnode lock rather than an exclusive vnode lock.
Reported by: kris (2) Reviewed by: jeff
|
183078 |
16-Sep-2008 |
jhb |
vdropl() drops the vnode interlock. Thus, the code in the QUOTA case that upgrades the vnode lock if it is share locked was dropping the interlock before actually checking VI_DOOMED. Fix this by do the vdropl() after the check and relying on it to drop the vnode interlock.
Reported by: pho Reviewed by: kib MFC after: 1 week
|
183070 |
16-Sep-2008 |
kib |
When downgrading the read-write mount to read-only, do_unmount() sets MNT_RDONLY flag before the VFS_MOUNT() is called. In ufs_inactive() and ufs_itimes_locked(), UFS verifies whether the fs is read-only by checking MNT_RDONLY, but this may cause loss of the IN_MODIFIED flag for inode on the fs being remounted rw->ro.
Introduce UFS_RDONLY() struct ufsmount' method that reports the value of the fs_ronly. The later is set to 1 only after the remount is finished.
Reviewed by: tegge In collaboration with: pho MFC after: 1 month
|
182721 |
03-Sep-2008 |
trasz |
When calling extattr_check_cred, use V{READ,WRITE}, not I{READ,WRITE}.
Approved by: rwatson (mentor)
|
182542 |
31-Aug-2008 |
attilio |
Decontextualize vfs_busy(), vfs_unbusy() and vfs_mount_alloc() functions.
Manpages are updated accordingly.
Tested by: Diego Sardina <siarodx at gmail dot com>
|
182371 |
28-Aug-2008 |
attilio |
Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread was always curthread and totally unuseful.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
|
182115 |
24-Aug-2008 |
kib |
Put the relocked variable from the r182111 into the #ifdef QUOTA braces to prevent warning about unused var on the !QUOTA kernels.
Reported by: ed MFC after: 1 week
|
182111 |
24-Aug-2008 |
kib |
Revert the r167541: "Remove unneeded getinoquota() call in the ufs_access()." The call to getinoquota in ufs_access() serves the purpose of instantiating inode dquot from the vn_open(). Since quotas are accounted only for the inodes with already attached dquot, removal of the call prevented opened inodes from participation in the quota calculations.
Since ufs_access() may be called with the vnode being only shared locked, upgrade (and then downgrade) vnode lock if calling getinoquota().
Reported by: simon at optinet com In collaboration with: pho MFC after: 1 week
|
181329 |
05-Aug-2008 |
des |
ufsmount.h uses "struct\tfoo *bar;", except where it doesn't. quota.h uses "struct foo\t*bar;", except where it doesn't. Try to make them both agree with themselves (though not with eachother)
|
181327 |
05-Aug-2008 |
des |
Whitespace, prototypes
|
181018 |
30-Jul-2008 |
jhb |
Whitespace tweak.
|
179159 |
20-May-2008 |
ups |
Allow VM object creation in ufs_lookup. (If vfs.vmiodirenable is set) Directory IO without a VM object will store data in 'malloced' buffers severely limiting caching of the data. Without this change VM objects for directories are only created on an open() of the directory. TODO: Inline test if VM object already exists to avoid locking/function call overhead.
Tested by: kris@ Reviewed by: jeff@ Reported by: David Filo
|
178420 |
22-Apr-2008 |
jeff |
- Use a local variable for i_ino in ufs_lookup. It is only used to communicate between two parts of this one function. This was causing problems with shared lookups as each would trash the ino value in the inode. - Remove the unused i_ino field from the inode structure.
|
178243 |
16-Apr-2008 |
kib |
Move the head of byte-level advisory lock list from the filesystem-specific vnode data to the struct vnode. Provide the default implementation for the vop_advlock and vop_advlockasync. Purge the locks on the vnode reclaim by using the lf_purgelocks(). The default implementation is augmented for the nfs and smbfs. In the nfs_advlock, push the Giant inside the nfs_dolock.
Before the change, the vop_advlock and vop_advlockasync have taken the unlocked vnode and dereferenced the fs-private inode data, racing with with the vnode reclamation due to forced unmount. Now, the vop_getattr under the shared vnode lock is used to obtain the inode size, and later, in the lf_advlockasync, after locking the vnode interlock, the VI_DOOMED flag is checked to prevent an operation on the doomed vnode.
The implementation of the lf_purgelocks() is submitted by dfr.
Reported by: kris Tested by: kris, pho Discussed with: jeff, dfr MFC after: 2 weeks
|
178110 |
11-Apr-2008 |
jeff |
- Use a lockmgr lock rather than a mtx to protect dirhash. This lock may be held for the duration of the various dirhash operations which avoids many complex unlock/lock/revalidate sequences. - Permit shared locks on lookup. To protect the ip->i_dirhash pointer we use the vnode interlock in the shared case. Callers holding the exclusive vnode lock can run without fear of concurrent modification to i_dirhash. - Hold an exclusive dirhash lock when creating the dirhash structure for the first time or when re-creating a dirhash structure which has been recycled.
Tested by: kris, pho
|
178109 |
11-Apr-2008 |
jeff |
- cache dp->i_offset in the local 'i_offset' variable for use in loop indexes so directory lookup becomes shared lock safe. In the modifying cases an exclusive lock is held here so the commit routine may rely on the state of i_offset. - Similarly handle i_diroff by fetching at the start and setting only once the operation is complete. Without the exclusive lock these are only considered hints. - Assert that an exclusive lock is held when we're preparing for a commit routine. - Honor the lock type request from lookup instead of always using exclusive locking.
Tested by: pho, kris
|
177983 |
07-Apr-2008 |
pjd |
Correct function name in panic().
Reported by: kensmith
|
177633 |
26-Mar-2008 |
dfr |
Add the new kernel-mode NFS Lock Manager. To use it instead of the user-mode lock manager, build a kernel with the NFSLOCKD option and add '-k' to 'rpc_lockd_flags' in rc.conf.
Highlights include:
* Thread-safe kernel RPC client - many threads can use the same RPC client handle safely with replies being de-multiplexed at the socket upcall (typically driven directly by the NIC interrupt) and handed off to whichever thread matches the reply. For UDP sockets, many RPC clients can share the same socket. This allows the use of a single privileged UDP port number to talk to an arbitrary number of remote hosts.
* Single-threaded kernel RPC server. Adding support for multi-threaded server would be relatively straightforward and would follow approximately the Solaris KPI. A single thread should be sufficient for the NLM since it should rarely block in normal operation.
* Kernel mode NLM server supporting cancel requests and granted callbacks. I've tested the NLM server reasonably extensively - it passes both my own tests and the NFS Connectathon locking tests running on Solaris, Mac OS X and Ubuntu Linux.
* Userland NLM client supported. While the NLM server doesn't have support for the local NFS client's locking needs, it does have to field async replies and granted callbacks from remote NLMs that the local client has contacted. We relay these replies to the userland rpc.lockd over a local domain RPC socket.
* Robust deadlock detection for the local lock manager. In particular it will detect deadlocks caused by a lock request that covers more than one blocking request. As required by the NLM protocol, all deadlock detection happens synchronously - a user is guaranteed that if a lock request isn't rejected immediately, the lock will eventually be granted. The old system allowed for a 'deferred deadlock' condition where a blocked lock request could wake up and find that some other deadlock-causing lock owner had beaten them to the lock.
* Since both local and remote locks are managed by the same kernel locking code, local and remote processes can safely use file locks for mutual exclusion. Local processes have no fairness advantage compared to remote processes when contending to lock a region that has just been unlocked - the local lock manager enforces a strict first-come first-served model for both local and remote lockers.
Sponsored by: Isilon Systems PR: 95247 107555 115524 116679 MFC after: 2 weeks
|
176797 |
04-Mar-2008 |
rwatson |
Continue on-going campaign to replace lockmgr locks with sx locks where the specific semantics of ockmgr aren't required: update UFS1 extended attributes to protect its data structures using an sx lock.
While here, update comments on lock granularity.
MFC after: 2 weeks
|
176752 |
02-Mar-2008 |
rwatson |
Don't auto-start or allow extattrctl for UFS2 file systems, as UFS2 has native extended attributes. This didn't interfere with the operation of UFS2 extended attributes, but the code shouldn't be running for UFS2.
MFC after: 2 weeks
|
175635 |
24-Jan-2008 |
attilio |
Cleanup lockmgr interface and exported KPI: - Remove the "thread" argument from the lockmgr() function as it is always curthread now - Axe lockcount() function as it is no longer used - Axe LOCKMGR_ASSERT() as it is bogus really and no currently used. Hopefully this will be soonly replaced by something suitable for it. - Remove the prototype for dumplockinfo() as the function is no longer present
Addictionally: - Introduce a KASSERT() in lockstatus() in order to let it accept only curthread or NULL as they should only be passed - Do a little bit of style(9) cleanup on lockmgr.h
KPI results heavilly broken by this change, so manpages and FreeBSD_version will be modified accordingly by further commits.
Tested by: matteo
|
175294 |
13-Jan-2008 |
attilio |
VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in conjuction with 'thread' argument passing which is always curthread. Remove the unuseful extra-argument and pass explicitly curthread to lower layer functions, when necessary.
KPI results broken by this change, which should affect several ports, so version bumping and manpage update will be further committed.
Tested by: kris, pho, Diego Sardina <siarodx at gmail dot com>
|
175202 |
10-Jan-2008 |
attilio |
vn_lock() is currently only used with the 'curthread' passed as argument. Remove this argument and pass curthread directly to underlying VOP_LOCK1() VFS method. This modify makes the code cleaner and in particular remove an annoying dependence helping next lockmgr() cleanup. KPI results, obviously, changed.
Manpage and FreeBSD_version will be updated through further commits.
As a side note, would be valuable to say that next commits will address a similar cleanup about VFS methods, in particular vop_lock1 and vop_unlock.
Tested by: Diego Sardina <siarodx at gmail dot com>, Andrea Di Pasquale <whyx dot it at gmail dot com>
|
173464 |
08-Nov-2007 |
obrien |
Turn most ffs 'DIAGNOSTIC's into INVARIANTS.
|
172930 |
24-Oct-2007 |
rwatson |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
|
171147 |
02-Jul-2007 |
peter |
Fix an annoying pointer/int cast warning that shows up on 64 bit systems.
Approved by: re
|
170991 |
22-Jun-2007 |
kib |
Fix livelock that could occur when snapshoting UFS with quotas, where some quota limit was exceeded. Sequence of UFS_VALLOC()/UFS_VFREE() call there could cause inodeblock to have both freefile and inodedep dependencies without any inode in the block being marked for write. Then, softdep_check_suspend() would return EAGAIN forewer.
Force write of inodeblock with allocated freefile softdependency by setting IN_MODIFIED flag in softdep_freefile and unconditionally calling UFS_UPDATE() in ufs_reclaim.
Reported by: kris Debug help and tested by: Peter Holm Approved by: re (kensmith) MFC after: 3 weeks
|
170587 |
12-Jun-2007 |
rwatson |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in some cases, move to priv_check() if it was an operation on a thread and no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp Obtained from: TrustedBSD Project
|
170183 |
01-Jun-2007 |
kib |
Change the VOP_OPEN(), vn_open() vnode operation and d_fdopen() cdev operation argument from being file descriptor index into the pointer to struct file: part 2. Convert calls missed in the first big commit.
Noted by: rwatson Pointy hat to: kib
|
170174 |
01-Jun-2007 |
jeff |
- Move rusage from being per-process in struct pstats to per-thread in td_ru. This removes the requirement for per-process synchronization in statclock() and mi_switch(). This was previously supported by sched_lock which is going away. All modifications to rusage are now done in the context of the owning thread. reads proceed without locks. - Aggregate exiting threads rusage in thread_exit() such that the exiting thread's rusage is not lost. - Provide a new routine, rufetch() to fetch an aggregate of all rusage structures from all threads in a process. This routine must be used in any place requiring a rusage from a process prior to it's exit. The exited process's rusage is still available via p_ru. - Aggregate tick statistics only on demand via rufetch() or when a thread exits. Tick statistics are kept in the thread and protected by sched_lock until it exits.
Initial patch by: attilio Reviewed by: attilio, bde (some objections), arch (mostly silent)
|
170152 |
31-May-2007 |
kib |
Revert UF_OPENING workaround for CURRENT. Change the VOP_OPEN(), vn_open() vnode operation and d_fdopen() cdev operation argument from being file descriptor index into the pointer to struct file.
Proposed and reviewed by: jhb Reviewed by: daichi (unionfs) Approved by: re (kensmith)
|
170041 |
28-May-2007 |
pjd |
- Remove unnecessary vnode internal locking - v_vflag is protect by vnode's lock (not vnode's interlock). - Simplify code a bit.
|
169898 |
23-May-2007 |
pjd |
Eliminate VI_LOCK()/VI_UNLOCK() pair from getattr and close code paths. It's hard to measure performance improvement on my test machine, but the change won't degrade performance for sure. I can measure slight improvement for debugging kernel and it can also be a win for machines where atomic operation is more expensive.
Reviewed by: kib
|
167543 |
14-Mar-2007 |
kib |
Implement fine-grained locking for UFS quotas.
Each struct dquot gets dq_lock mutex to protect dq_flags and to interlock with DQ_LOCK. qhash, dqfreelist and dq.dq_cnt are protected by global dqhlock mutex.
i_dquot array for inode is protected by lockmgr' vnode lock, corresponding assert added to the dqget(). Access to struct ufsmount quota-related fields (um_quotas and um_qflags) is protected by um_lock.
Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith)
This work were not possible without enormous amount of help given by Tor Egge and Peter Holm. Tor reviewed each version of patch, pointed out numerous errors and provided invaluable suggestions. Peter did tireless testing of the patch as it was developed.
|
167542 |
14-Mar-2007 |
kib |
Call getinoquota() before allocating new block for the directory to properly account for block allocation.
Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith)
|
167541 |
14-Mar-2007 |
kib |
Remove unneeded getinoquota() call in the ufs_access().
Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith)
|
167259 |
06-Mar-2007 |
mckusick |
Move macros describing extended attributes in UFS from <sys/extattr.h> to <ufs/ufs/extattr.h>. Move description of extended attributes in UFS from man9/extattr.9 to man5/fs.5.
Note that restore will not compile until <sys/extattr.h> and <ufs/ufs/extattr.h> have been updated.
Suggested by: Robert Watson
|
167154 |
01-Mar-2007 |
pjd |
Change: "... try to use VADMIN in preference to VADMIN ..." To: "... try to use VADMIN in preference to VWRITE ..."
|
167152 |
01-Mar-2007 |
pjd |
Rename PRIV_VFS_CLEARSUGID to PRIV_VFS_RETAINSUGID, which seems to better describe the privilege.
OK'ed by: rwatson
|
167151 |
01-Mar-2007 |
pjd |
Avoid checking for privileges if there is no need to.
Discussed with: rwatson
|
166832 |
19-Feb-2007 |
rwatson |
Rename three quota privileges from the UFS privilege namespace to the VFS privilege namespace: exceedquota, getquota, and setquota. Leave UFS-specific quota configuration privileges in the UFS name space.
This renumbers VFS and UFS privileges, so requires rebuilding modules if you are using security policies aware of privilege identifiers. This is likely no one at this point since none of the committed MAC policies use the privilege checks.
|
166831 |
19-Feb-2007 |
rwatson |
Limit quota privileges in jail to PRIV_UFS_GETQUOTA and PRIV_UFS_SETQUOTA.
|
166743 |
15-Feb-2007 |
kib |
Style(9).
|
166564 |
08-Feb-2007 |
kib |
Remove not needed acquision of the mount interlock aroung reading of mnt_kern_flags in ufs_itimes().
Suggested by: ssouhlal Confirmed by: tegge MFC after: 2 weeks
|
166487 |
04-Feb-2007 |
mpp |
If quotacheck or edquota reset the block or inode grace time for a user or group, when the kernel first sees this, it will update the grace time value. However, it never flags the quota as modified and the updated value never makes it to the quota data file unless the user actually makes some other change that would write the data out.
Fixed to flag the quota as modified if the soft limit has actually been reached and should be now enforced.
|
166381 |
01-Feb-2007 |
mpp |
Prevent quotactl calls that pass in an id of -1 from incorrectly using the callers UID instead of the GID when performing group operations. This could allow users to determine group quota information for groups they are not a member of in some cases.
Rename the "uid" parameter in ufs_quotactl to "id" to better show that it is used for more than just the uid, and to be more in line with the naming conventions in the other quota routines.
PR: kern/33940
|
166380 |
01-Feb-2007 |
mpp |
Disallow negative UIDs when processing quotactl options.
|
166146 |
20-Jan-2007 |
delphij |
Fix build. chkdquot() should not return anything.
|
166142 |
20-Jan-2007 |
mpp |
Quota system cleanup.
1) Do not do quota accounting for the actual quota data files or for file system snapshot files ("system" files). This prevents a deadlock descibed in PR kern/30958 if the kernel ever has to grow the quota file. Snapshot files were already exempt from the quota checks, but this change generalized the check. 2) Fix a cast that caused extremely large uids/gids to incorrectly write the quota information to the data file at a truncated value for a uint_t32 id value. The incorrect cast caused quota files in this case to be around 4GB in size, with the correct cast they can now be 131GB in size. Also related to PR kern/30958. 3) Check for what appear to be negative UIDs/GIDs and not account for them. This prevents the quota files from becoming 131GB in size and causing quotacheck to run forever at bootup. This could also cause the kernel to try and expand the quota file, which might deadlock due to the issue in #1. kern/30958 and kern/38156 (and some much older closed PR's). 4) With the deadlock problems gone, the kernel can now expand the size of the quota database files if it needs to. 5) Pass in the i-node count change value to chkiq and chkiqchg as an int, like it used to be before the common routine was split up into 2 different routines to increase / decrease the i-node in-use count. Prevents an underflow on the i-node count. Related to PR kern/89247. 6) Prevent the block usage from growing slowly if a file system is full and the write was denied due to that fact. PR kern/89247.
Some of these changes require an updated quotacheck to prevent the creation of huge (131GB) quota data files (item #3).
#1/#4 probably fixes a lot of the random hangs when quotas are enabled, possibly some of the jail hangs.
|
166052 |
16-Jan-2007 |
mpp |
Fix a spelling error. heirarchy -> hierarchy.
Obtained from: OpenBSD
|
165890 |
08-Jan-2007 |
rwatson |
Canonicalize copyright: use a date range rather than comma-delimited list.
MFC after: 3 days
|
164033 |
06-Nov-2006 |
rwatson |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
163841 |
31-Oct-2006 |
pjd |
Add gjournal specific code to the UFS file system: - Add FS_GJOURNAL flag which enables gjournal support on a file system. - Add cg_unrefs field to the cylinder group structure which holds number of unreferenced (orphaned) inodes in the given cylinder group. - Add fs_unrefs field to the super block structure which holds total number of unreferenced (orphaned) inodes. - When file or a directory is orphaned (last reference is removed, but object is still open), increase fs_unrefs and cg_unrefs fields, which is a hint for fsck in which cylinder groups looks for such (orphaned) objects. - When file is last closed, decrease {fs,cg}_unrefs fields. - Add VV_DELETED vnode flag which points at orphaned objects.
Sponsored by: home.pl
|
163606 |
22-Oct-2006 |
rwatson |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
163194 |
10-Oct-2006 |
kib |
Do not translate the IN_ACCESS inode flag into the IN_MODIFIED while filesystem is suspending/suspended. Doing so may result in deadlock. Instead, set the (new) IN_LAZYACCESS flag, that becomes IN_MODIFIED when suspend is lifted.
Change the locking protocol in order to set the IN_ACCESS and timestamps without upgrading shared vnode lock to exclusive (see comments in the inode.h). Before that, inode was modified while holding only shared lock.
Tested by: Peter Holm Reviewed by: tegge, bde Approved by: pjd (mentor) MFC after: 3 weeks
|
162942 |
02-Oct-2006 |
tegge |
Correct check for when IO_SYNC should be set for filesystem not using softupdates when truncating a directory to zero length.
Discussed with: bde
|
162649 |
26-Sep-2006 |
tegge |
Add mnt_noasync counter to better handle interleaved calls to nmount(), sync() and sync_fsync() without losing MNT_ASYNC. Add MNTK_ASYNC flag which is set only when MNT_ASYNC is set and mnt_noasync is zero, and check that flag instead of MNT_ASYNC before initiating async io.
|
162647 |
26-Sep-2006 |
tegge |
Use mount interlock to protect all changes to mnt_flag and mnt_kern_flag. This eliminates a race where MNT_UPDATE flag could be lost when nmount() raced against sync(), sync_fsync() or quotactl().
|
162383 |
17-Sep-2006 |
rwatson |
Declare security and security.bsd sysctl hierarchies in sysctl.h along with other commonly used sysctl name spaces, rather than declaring them all over the place.
MFC after: 1 month Sponsored by: nCircle Network Security, Inc.
|
161473 |
20-Aug-2006 |
pjd |
Correct typo in comment.
|
160859 |
31-Jul-2006 |
obrien |
Rather than print out a nice error message giving details sufficent to fix a 'ufs_dirbad' and then panicing (making it very hard to see the details), put them in the panic message itself.
|
160269 |
11-Jul-2006 |
daichi |
The ufs_lookup.c has a critical bug around the whiteout process. UFS must check a whiteout name when it uses the whiteout, but the current implementation does not check the whileout name, so sometimes UFS writes over a wrong whtieout. UFS *MUST* check the whiteout name to use a corrent whiteout. This bug leads unionfs. panic. This commit fixes this trouble.
Submitted by: Masanori Ozawa <ozawa@ongs.co.jp> (unionfs developer) Reviewed by: tegge & rodrigc (mentor) Approved by: rodrigc (mentor) MFC after: 2 weeks
|
159109 |
31-May-2006 |
maxim |
o Rearrange and remove incorrect comments.
Requested by: bde
|
159102 |
31-May-2006 |
maxim |
o According to POSIX, the result of ftruncate(2) is unspecified for file types other than VREG, VDIR and shared memory objects. We already handle VREG, VLNK and VDIR cases. Silently ignore truncate requests for all the rest. Adjust comments.
PR: kern/98064 Submitted by: bde Security: local DoS Regress. test: regression/fifo/fifo_misc MFC after: 2 weeks
|
158802 |
21-May-2006 |
maxim |
o Fix a comment: ufs2_dinode.di_blocks counts blocks not bytes actually held.
|
158801 |
21-May-2006 |
maxim |
o Fix a comment: directory whiteout type is DT_WHT not DT_W.
|
158382 |
09-May-2006 |
tegge |
Bring the call to softdep_releasefile() within the region protected by vn_start_secondary_write() since it might cause file system write activity (e.g. ffs_snapremove()).
|
158322 |
05-May-2006 |
tegge |
Turn off disk quotas for snapshot files.
|
157447 |
03-Apr-2006 |
tegge |
Eliminate softdep_flush() livelock by accounting for number of worklist items marked as being in progress.
|
156897 |
19-Mar-2006 |
tegge |
Add kludge to avoid deadlock when unlinking snapshot.
|
156560 |
11-Mar-2006 |
tegge |
Block secondary writes while expunging active unlinked files.
Fix detection of active unlinked files by checking VI_OWEINACT and VI_DOINGINACT in addition to v_usecount.
Defer inactive handling for unlinked files if the file system is mostly suspended (secondary writes being blocked).
Perform deferred inactive handling after the file system is resumed.
|
156451 |
08-Mar-2006 |
tegge |
Use vn_start_secondary_write() and vn_finished_secondary_write() as a replacement for vn_write_suspend_wait() to better account for secondary write processing.
Close race where secondary writes could be started after ffs_sync() returned but before the file system was marked as suspended.
Detect if secondary writes or softdep processing occurred during vnode sync loop in ffs_sync() and retry the loop if needed.
|
156418 |
08-Mar-2006 |
tegge |
Don't set IN_CHANGE and IN_UPDATE on inodes for potentially suspended file systems. This could cause deadlocks when creating snapshots.
Reviewed by: jeff
|
156203 |
02-Mar-2006 |
jeff |
- Move softdep from using a global worklist to per-mount worklists. This has many positive effects including improved smp locking, reducing interdependencies between mounts that can lead to deadlocks, etc. - Add the softdep worklist and various counters to the ufsmnt structure. - Add a mount pointer to the workitem and remove mount pointers from the various structures derived from the workitem as they are now redundant. - Remove the poor-man's semaphore protecting softdep_process_worklist and softdep_flushworklist. Several threads may now process the list simultaneously. - Add softdep_waitidle() to block the thread until all pending dependencies being operated on by other threads have been flushed. - Use softdep_waitidle() in unmount and snapshots to block either operation until the fs is stable. - Remove softdep worklist processing from the syncer and move it into the softdep_flush() thread. This thread processes all softdep mounts once each second and when it is called via the new softdep_speedup() when there is a resource shortage. This removes the softdep hook from the kernel and various hacks in header files to support it.
Reviewed by/Discussed with: tegge, truckman, mckusick Tested by: kris
|
155897 |
22-Feb-2006 |
jeff |
- Using LK_NOWAIT in qsync() can get us into infinite loop situations that lead to deadlocks. Remove it.
MFC After: 1 week
|
155572 |
12-Feb-2006 |
rwatson |
In quotaoff(), lock the vnode instead of asserting it when manipulating v_vflags.
MFC after: 1 week Submitted by: Antoine Brodin <antoine at brodin at laposte dot net>
|
155555 |
11-Feb-2006 |
rwatson |
Instead of asserting the vnode lock before manipulating v_vflag, acquire it and drop it afterwards.
Found by: kris MFC after: 1 week
|
155160 |
01-Feb-2006 |
jeff |
- Reorder calls to vrele() after calls to vput() when the vrele is a directory. vrele() may lock the passed vnode, which in these cases would give an invalid lock order of child -> parent. These situations are deadlock prone although do not typically deadlock because the vrele is typically not releasing the last reference to the vnode. Users of vrele must consider it as a call to vn_lock() and order it appropriately.
MFC After: 1 week Sponsored by: Isilon Systems, Inc. Tested by: kkenn
|
154152 |
09-Jan-2006 |
tegge |
Add marker vnodes to ensure that all vnodes associated with the mount point are iterated over when using MNT_VNODE_FOREACH.
Reviewed by: truckman
|
153400 |
14-Dec-2005 |
des |
Eradicate caddr_t from the VFS API.
|
152163 |
07-Nov-2005 |
delphij |
Slightly reorganize to reduce duplicated code.
Reviewed by: rwatson
|
151897 |
31-Oct-2005 |
rwatson |
Normalize a significant number of kernel malloc type names:
- Prefer '_' to ' ', as it results in more easily parsed results in memory monitoring tools such as vmstat.
- Remove punctuation that is incompatible with using memory type names as file names, such as '/' characters.
- Disambiguate some collisions by adding subsystem prefixes to some memory types.
- Generally prefer lower case to upper case.
- If the same type is defined in multiple architecture directories, attempt to use the same name in additional cases.
Not all instances were caught in this change, so more work is required to finish this conversion. Similar changes are required for UMA zone names.
|
151657 |
25-Oct-2005 |
delphij |
Remove an unneeded "a" from comment.
|
151390 |
16-Oct-2005 |
truckman |
Correct the type of the temporary variable used by ufs_lookup.c:1.78 to fix the race condition in the ufs_lookup() ISDOTDOT code.
Noticed by: bde MFC after: 12 days
|
151347 |
14-Oct-2005 |
truckman |
Close a race in the ufs_lookup() code that handles the ISDOTDOT case by saving the value of dp->i_ino before unlocking the vnode for the current directory and passing the saved value to VFS_VGET().
Without this change, another thread can overwrite dp->i_ino after the current directory is unlocked, causing ufs_lookup() to lock and return the wrong vnode in place of the vnode for its parent directory. A deadlock can occur if dp->i_ino was changed to a subdirectory of the current directory because the root to leaf vnode lock ordering will be violated. A vnode lock can be leaked if dp->i_ino was changed to point to the current directory, which causes the current vnode lock for the current directory to be recursed, which confuses lookup() into calling vrele() when it should be calling vput().
The probability of this bug being triggered seems to be quite low unless the sysctl variable debug.vfscache is set to 0.
Reviewed by: jhb MFC after: 2 weeks
|
151258 |
12-Oct-2005 |
rwatson |
When performing a VOP_LOOKUP() as part of UFS1 extended attribute auto-start, set cnp.cn_lkflags to LK_EXCLUSIVE. This flag must now be set so that lockmgr knows what kind of lock to acquire, and it will panic if not specified. This resulted in a panic when using extended attributes on UFS1 as of locking work present in the 6.x branch.
This is a RELENG_6_0 merge candidate.
Reported by: lofi MFC after: 3 days
|
151252 |
12-Oct-2005 |
dds |
Move execve's access time update functionality into a new vfs_mark_atime() function, and use the new function for performing efficient atime updates in mmap().
Reviewed by: bde MFC after: 2 weeks
|
150634 |
27-Sep-2005 |
jhb |
Use the refcount API to manage the reference count for user credentials rather than using pool mutexes.
Tested on: i386, alpha, sparc64
|
150492 |
23-Sep-2005 |
delphij |
Restore a historical ufs_inactive behavior that has been changed in rev. 1.40 of ufs_inode.c, which allows an inode being truncated even when the filesystem itself is marked RDONLY. A subsequent call of UFS_TRUNCATE (ffs_truncate) would panic the system as it asserts that it can only be called when the filesystem is mounted read-write (same changeset, rev. 1.74 of sys/ufs/ffs/ffs_inode.c).
Because ffs_mount() already takes care of sync'ing the filesystem to disk before being downgraded to readonly, it appears to be more desirable that we should not permit this sort of writes to disk.
This change would fix a panic that occours when read-only mounted a corrupted filesystem and doing some file operations.
MT6/5/4 candidate
Reviewed by: mckusick
|
149811 |
06-Sep-2005 |
csjp |
Convert the primary ACL allocator from malloc(9) to using a UMA zone instead. Also introduce an aclinit function which will be used to create the UMA zone for use by file systems at system start up.
MFC after: 1 month Discussed with: rwatson
|
149178 |
17-Aug-2005 |
iedowse |
In the ufsdirhash_build() failure case for corrupted directories or unreadable blocks, make sure to destroy the mutex we created. Also fix an unrelated typo in a comment.
Found by: Peter Holm's stress tests Reviewed by: dwmalone MFC after: 3 days
|
147198 |
09-Jun-2005 |
ssouhlal |
Allow EVFILT_VNODE events to work on every filesystem type, not just UFS by: - Making the pre and post hooks for the VOP functions work even when DEBUG_VFS_LOCKS is not defined. - Moving the KNOTE activations into the corresponding VOP hooks. - Creating a MNTK_NOKNOTE flag for the mnt_kern_flag field of struct mount that permits filesystems to disable the new behavior. - Creating a default VOP_KQFILTER function: vfs_kqfilter()
My benchmarks have not revealed any performance degradation.
Reviewed by: jeff, bde Approved by: rwatson, jmg (kqueue changes), grehan (mentor)
|
146829 |
31-May-2005 |
kensmith |
This patch addresses a standards violation issue. The standards say a file's access time should be updated when it gets executed. A while ago the mechanism used to exec was changed to use a more mmap based mechanism and this behavior was broken as a side-effect of that.
A new vnode flag is added that gets set when the file gets executed, and the VOP_SETATTR() vnode operation gets called. The underlying filesystem is expected to handle it based on its own semantics, some filesystems don't support access time at all. Those that do should handle it in a way that does not block, does not generate I/O if possible, etc. In particular vn_start_write() has not been called. The UFS code handles it the same way as it would normally handle the access time if a file was read - the IN_ACCESS flag gets set in the inode but no other action happens at this point. The actual time update will happen later during a sync (which handles all the necessary locking).
Got me into this: cperciva Discussed with: a lot with bde, a little with kan Showed patches to: phk, jeffr, standards@, arch@ Minor discussion on: arch@
|
146356 |
18-May-2005 |
mckusick |
Allow removal of empty directories with high link counts. These can occur on a filesystem running with soft updates after a crash and before a background fsck has been run. To prevent discrepancies from arising in a background fsck that may already be running, the directory is removed but its inode is not freed and is left with the residual reference count. When encountered by the background fsck it will be reclaimed.
|
145138 |
16-Apr-2005 |
pjd |
- Plug memory leak. - Fix two style nits.
Found by: Coverity Prevent analysis tool Reviewed by: rwatson MFC after: 1 week
|
145006 |
13-Apr-2005 |
jeff |
- Change all filesystems and vfs_cache to relock the dvp once the child is locked in the ISDOTDOT case. Se vfs_lookup.c r1.79 for details.
Sponsored by: Isilon Systems, Inc.
|
144376 |
31-Mar-2005 |
jeff |
- Fix botched LK_NOWAIT removal. I mistakenly thought this compiled as part of GENERIC.
|
144367 |
31-Mar-2005 |
jeff |
- LK_NOPAUSE is a nop now.
Sponsored by: Isilon Systems, Inc.
|
144300 |
29-Mar-2005 |
jeff |
- Remove wantparent, it is no longer necessary. An assert in vfs_lookup.c prevents any callers from doing a modifying op without LOCKPARENT or WANTPARENT. It wasn't even properly used in the CREATE or DELETE cases.
|
144288 |
29-Mar-2005 |
jeff |
- Honor the cn_lkflags passed from namei() when locking the leaf.
Sponsored by: Isilon Systems, Inc.
|
144209 |
28-Mar-2005 |
jeff |
- UFS no longer uses PDIRUNLOCK to track the parent state. Instead, we now rely on ufs to always leave the parent locked except in the ISDOTDOT case. Adjust asserts to deal with these changes.
Sponsored by: Isilon Systems, Inc.
|
144208 |
28-Mar-2005 |
jeff |
- We no longer have to bother with PDIRUNLOCK, lookup() handles it for us.
Sponsored by: Isilon Systems, Inc.
|
144057 |
24-Mar-2005 |
jeff |
- Call VFS_ROOT() with LK_EXCLUSIVE.
Sponsored by: Isilon Systems, Inc.
|
144056 |
24-Mar-2005 |
jeff |
- Update the ufs_root() prototype. - Pass the ufs_root() flags argument to VFS_VGET() to allow callers to specify shared locks.
Sponsored by: Isilon Systems, Inc.
|
143743 |
17-Mar-2005 |
jeff |
- Lock the clearing of v_data in ufs_reclaim() to prevent a pagefault in ffs_lock() when it acesses v_data without the vnlock.
Sponsored by: Isilon Systems, Inc.
|
143666 |
15-Mar-2005 |
phk |
Don't hold a reference on the disk vnode for each inode.
|
143613 |
15-Mar-2005 |
jeff |
- Destroy the vnode object earlier in VOP_RECLAIM as we need more of the vnode valid before the vm flushes pages. - Get rid of some extraneous uses of the vnode interlock.
Sponsored by: Isilon Systems, Inc.
|
143562 |
14-Mar-2005 |
phk |
Use vfs_hash instead of home-rolled.
|
143500 |
13-Mar-2005 |
jeff |
- In ufs_mknod(), hold the lock across the call to vgone() as that is now required. - In ufs_close(), don't do the EAGAIN vrele hack, the top layer now calls vn_start_write before the lock is acquired as it should.
Sponsored by: Isilon Systems, Inc.
|
143499 |
13-Mar-2005 |
jeff |
- Don't drop the lock in ufs_inactive(). - Also in ufs_inactive, don't acquire the vnode interlock where it isn't strictly needed. Also owning the vnode interlock while calling vprint() will cause locking assertions to trip.
Sponsored by: Isilon Systems, Inc.
|
142692 |
27-Feb-2005 |
phk |
Remove debug printout of major/minor numbers, print name instead.
|
142682 |
27-Feb-2005 |
sam |
use uiomove return value instead of always returning 0 when doing a readlink of a fast link
Noticed by: Coverity Prevent analysis tool Reviewed by: phk
|
142079 |
19-Feb-2005 |
phk |
Try to unbreak the vnode locking around vop_reclaim() (based mostly on patch from kan@).
Pull bufobj_invalbuf() out of vinvalbuf() and make g_vfs call it on close. This is not yet a generally safe function, but for this very specific use it is safe. This solves the problem with buffers not being flushed by unmount or after failed mount attempts.
|
141927 |
14-Feb-2005 |
jeff |
- Remove the unused and unsafe ufs_ihashlookup. This function returned a vnode pointer that could not be used since no locks were held.
Sponsored by: Isilon Systems, Inc.
|
141631 |
10-Feb-2005 |
phk |
Make a some SYSCTL_NODEs and some of FFS's VFS_ methods static.
|
141543 |
08-Feb-2005 |
cperciva |
Add a new sysctl, "security.jail.chflags_allowed", which controls the behaviour of chflags within a jail. If set to 0 (the default), then a jailed root user is treated as an unprivileged user; if set to 1, then a jailed root user is treated the same as an unjailed root user.
This is necessary to allow "make installworld" to work inside a jail, since it attempts to manipulate the system immutable flag on certain files.
Discussed with: csjp, rwatson MFC after: 2 weeks
|
141523 |
08-Feb-2005 |
rwatson |
Don't use VOP_LEASE() with operations on extended attribute backing files.
Pointed out by: phk
|
141521 |
08-Feb-2005 |
phk |
For snapshots we need all VOP_LOCKs to be exclusive.
The "business class upgrade" was implemented in UFS's VOP_LOCK implementation ufs_lock() which is the wrong layer, so move it to ffs_lock().
Also, as long as we have not abandonned advanced vfs-stacking we should not preclude it from happening: instead of implementing a copy locally, use the VOP_LOCK_APV(&ufs) to correctly arrive at vop_stdlock() at the bottom.
|
141143 |
02-Feb-2005 |
kensmith |
Back out previous commit, bde@ provided an example of something this breaks.
|
141130 |
02-Feb-2005 |
kensmith |
It was noticed that we do not change a file's access time when it gets executed. This appears to violate most of the UNIX-ish standards. One example quote from:
http://www.opengroup.org/onlinepubs/009695399/functions/exec.html
Upon successful completion, the exec functions shall mark for update the st_atime field of the file. If an exec function failed but was able to locate the process image file, whether the st_atime field is marked for update is unspecified. Should the exec function succeed, the process image file shall be considered to have been opened with open().
This appears to take care of it for ufs filesystems, doing the necessary sanity checks (read-only filesystem, etc) without violating any other standards (setting atime for any open appears to be allowed in any standards I could find).
Noticed by: cperciva Reviewed by: kan, rwatson
|
141085 |
31-Jan-2005 |
imp |
nit in /*-
|
140962 |
29-Jan-2005 |
peadar |
Tell vnode_create_vobject() how big an object to create, rather than having it work it out via the more expensive VOP_GETATTR
Reviewed by: phk@
|
140939 |
28-Jan-2005 |
phk |
Make filesystems get rid of their own vnodes vnode_pager object in VOP_RECLAIM().
|
140936 |
28-Jan-2005 |
phk |
Remove unused argument to vrecycle()
|
140778 |
24-Jan-2005 |
phk |
Create a vnode object when the file is opened. Trust that we did so.
|
140768 |
24-Jan-2005 |
phk |
Create a vp->v_object in VFS_FHTOVP() if we want to be exportable with NFS.
We are moving responsibility for creating the vnode_pager object into the filesystems which own the vnode, and this is one of the places we have to cover.
We call vnode_create_vobject() directly because we own the vnode.
If we can get the size easily, pass it as an argument to save the call to VOP_GETATTR() in vnode_create_vobject()
|
140729 |
24-Jan-2005 |
phk |
Polish style.
|
140700 |
24-Jan-2005 |
jeff |
- Add a mutex to the ufsmount structure. This mutex is used to protect any per-instance global data that is not already protected by a buf or vnode lock. Presently, only fields in ffs's struct fs utilize this lock. - Sort some ufsmount members so that fields used for quotas are grouped together. This is in anticipation of quota locking.
Sponsored By: Isilon Systems, Inc.
|
140181 |
13-Jan-2005 |
phk |
Ditch vfs_object_create() and make the callers call VOP_CREATEVOBJECT() directly.
|
140051 |
11-Jan-2005 |
phk |
Wrap the bufobj operations in macros: BO_STRATEGY() and BO_WRITE()
|
140048 |
11-Jan-2005 |
phk |
Remove the unused credential argument from VOP_FSYNC() and VFS_SYNC().
I'm not sure why a credential was added to these in the first place, it is not used anywhere and it doesn't make much sense:
The credentials for syncing a file (ability to write to the file) should be checked at the system call level.
Credentials for syncing one or more filesystems ("none") should be checked at the system call level as well.
If the filesystem implementation needs a particular credential to carry out the syncing it would logically have to the cached mount credential, or a credential cached along with any delayed write data.
Discussed with: rwatson
|
139825 |
07-Jan-2005 |
imp |
/* -> /*- for license, minor formatting changes
|
138868 |
14-Dec-2004 |
phk |
Implement simpler panics for VOP_{read,write} on fifos.
|
138814 |
13-Dec-2004 |
imp |
LINT defines things which compile in code that as referring to the old a_desc element. change this to the new a_gen.a_desc to reflect changes to vnode_if.h generation.
Noticed by: tinderbox, phk
|
138700 |
11-Dec-2004 |
marcel |
Revert previous commit. The null-pointer function call (a dereference on ia64) was not the result of a change in the vector operations. It was caused by the NFS locking code using a FIFO and those bypassing the vnode. This indirectly caused the panic. The NFS locking code has been changed.
Requested by: phk
|
138411 |
05-Dec-2004 |
marcel |
Fix null-pointer indirect function calls introduced in the previous commit. In the new world order, the transitive closure on the vector operations is not precomputed. As such, it's unsafe to actually use any of the function pointers in an indirect function call. They can be null, and we need to use the default vector in that case. This is mostly a quick fix for the four function pointers that are ed explicitly. A more generic or scalable solution is likely to see the light of day.
No pathos on: current@
|
138290 |
01-Dec-2004 |
phk |
Back when VOP_* was introduced, we did not have new-style struct initializations but we did have lofty goals and big ideals.
Adjust to more contemporary circumstances and gain type checking.
Replace the entire vop_t frobbing thing with properly typed structures. The only casualty is that we can not add a new VOP_ method with a loadable module. History has not given us reason to belive this would ever be feasible in the the first place.
Eliminate in toto VOCALL(), vop_t, VNODEOP_SET() etc.
Give coda correct prototypes and function definitions for all vop_()s.
Generate a bit more data from the vnode_if.src file: a struct vop_vector and protype typedefs for all vop methods.
Add a new vop_bypass() and make vop_default be a pointer to another struct vop_vector.
Remove a lot of vfs_init since vop_vector is ready to use from the compiler.
Cast various vop_mumble() to void * with uppercase name, for instance VOP_PANIC, VOP_NULL etc.
Implement VCALL() by making vdesc_offset the offsetof() the relevant function pointer in vop_vector. This is disgusting but since the code is generated by a script comparatively safe. The alternative for nullfs etc. would be much worse.
Fix up all vnode method vectors to remove casts so they become typesafe. (The bulk of this is generated by scripts)
|
138270 |
01-Dec-2004 |
phk |
Mechanically change prototypes for vnode operations to use the new typedefs.
|
138075 |
25-Nov-2004 |
phk |
Use system wide no-op vfs_start function.
|
137726 |
15-Nov-2004 |
phk |
Make VOP_BMAP return a struct bufobj for the underlying storage device instead of a vnode for it.
The vnode_pager does not and should not have any interest in what the filesystem uses for backend.
(vfs_cluster doesn't use the backing store argument.)
|
137308 |
06-Nov-2004 |
phk |
Properly implement a default version of VOP_GETWRITEMOUNT.
Remove improper access to vop_stdgetwritemount() which should and will instead rely on the VOP default path.
|
137035 |
29-Oct-2004 |
phk |
Move UFS from DEVFS backing to GEOM backing.
This eliminates a bunch of vnode overhead (approx 1-2 % speed improvement) and gives us more control over the access to the storage device.
Access counts on the underlying device are not correctly tracked and therefore it is possible to read-only mount the same disk device multiple times: syv# mount -p /dev/md0 /var ufs rw 2 2 /dev/ad0 /mnt ufs ro 1 1 /dev/ad0 /mnt2 ufs ro 1 1 /dev/ad0 /mnt3 ufs ro 1 1
Since UFS/FFS is not a synchrousely consistent filesystem (ie: it caches things in RAM) this is not possible with read-write mounts, and the system will correctly reject this.
Details:
Add a geom consumer and a bufobj pointer to ufsmount.
Eliminate the vnode argument from softdep_disk_prewrite(). Pick the vnode out of bp->b_vp for now. Eventually we should find it through bp->b_bufobj->b_private.
In the mountcode, use g_vfs_open() once we have used VOP_ACCESS() to check permissions.
When upgrading and downgrading between r/o and r/w do the right thing with GEOM access counts. Remove all the workarounds for not being able to do this with VOP_OPEN().
If we are the root mount, drop the exclusive access count until we upgrade to r/w. This allows fsck of the root filesystem and the MNT_RELOAD to work correctly.
Set bo_private to the GEOM consumer on the device bufobj.
Change the ffs_ops->strategy function to call g_vfs_strategy()
In ufs_strategy() directly call the strategy on the disk bufobj. Same in rawread.
In ffs_fsync() we will no longer see VCHR device nodes, so remove code which synced the filesystem mounted on it, in case we came there. I'm not sure this code made sense in the first place since we would have taken the specfs route on such a vnode.
Redo the highly bogus readblock() function in the snapshot code to something slightly less bogus: Constructing an uio and using physio was really quite a detour. Instead just fill in a bio and ship it down.
|
136988 |
27-Oct-2004 |
phk |
Eliminate unnecessary KASSERTS.
|
136980 |
26-Oct-2004 |
phk |
Replace single case switch() with if().
|
136979 |
26-Oct-2004 |
phk |
Vertically align comment.
|
136969 |
26-Oct-2004 |
phk |
The island council met and voted buf_prewrite() home.
Give ffs it's own bufobj->bo_ops vector and create a private strategy routine, (currently misnamed for forwards compatibility), which is just a copy of the generic bufstrategy routine except we call softdep_disk_prewrite() directly instead of through the buf_prewrite() indirection.
Teach UFS about the need for softdep_disk_prewrite() and call the function directly in FFS.
Remove buf_prewrite() from the default bufstrategy() and from the global bio_ops method vector.
|
136927 |
24-Oct-2004 |
phk |
Move the buffer method vector (buf->b_op) to the bufobj.
Extend it with a strategy method.
Add bufstrategy() which do the usual VOP_SPECSTRATEGY/VOP_STRATEGY song and dance.
Rename ibwrite to bufwrite().
Move the two NFS buf_ops to more sensible places, add bufstrategy to them.
Add inlines for bwrite() and bstrategy() which calls through buf->b_bufobj->b_ops->b_{write,strategy}().
Replace almost all VOP_STRATEGY()/VOP_SPECSTRATEGY() calls with bstrategy().
|
136767 |
22-Oct-2004 |
phk |
Add b_bufobj to struct buf which eventually will eliminate the need for b_vp.
Initialize b_bufobj for all buffers.
Make incore() and gbincore() take a bufobj instead of a vnode.
Make inmem() local to vfs_bio.c
Change a lot of VI_[UN]LOCK(bp->b_vp) to BO_[UN]LOCK(bp->b_bufobj) also VI_MTX() to BO_MTX(),
Make buf_vlist_add() take a bufobj instead of a vnode.
Eliminate other uses of bp->b_vp where bp->b_bufobj will do.
Various minor polishing: remove "register", turn panic into KASSERT, use new function declarations, TAILQ_FOREACH_SAFE() etc.
|
136721 |
20-Oct-2004 |
rwatson |
Explicitly break out NETA license from Berkeley license to clearly indicate license grant, as well as to indicate that NETA is asserting only two clauses, not four clauses.
Requested by: imp
|
135877 |
28-Sep-2004 |
phk |
Remove support for accessing device nodes in UFS/FFS.
Device nodes can still be created and exported with NFS.
|
134899 |
07-Sep-2004 |
phk |
Create simple function init_va_filerev() for initializing a va_filerev field.
Replace three instances of longhaired initialization va_filerev fields.
Added XXX comment wondering why we don't use random bits instead of uptime of the system for this purpose.
|
134143 |
22-Aug-2004 |
csjp |
Currently, if the secure level is low enough, system flags can be manipulated by prison root. In 4.x prison root can not manipulate system flags, regardless of the security level. This behavior should remain consistent to avoid any surprises which could lead to security problems for system administrators which give out privileged access to jails.
This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL to 0. This will prevent prison root from being able to manipulate system flags on files.
This may be a MFC candidate for RELENG_5.
Discussed with: cperciva Reviewed by: rwatson Approved by: bmilekic (mentor) PR: kern/70298
|
133837 |
16-Aug-2004 |
dwmalone |
When looking for some extra data to include in the hash, use the address of the dirhash, rather than the first sizeof(struct dirhash *) bytes of the structure (which, thankfully, seem to be constant).
Submitted by: Ted Unangst <tedu@zeitbombe.org> MFC after: 2 weeks
|
133741 |
15-Aug-2004 |
jmg |
Add locking to the kqueue subsystem. This also makes the kqueue subsystem a more complete subsystem, and removes the knowlege of how things are implemented from the drivers. Include locking around filter ops, so a module like aio will know when not to be unloaded if there are outstanding knotes using it's filter ops.
Currently, it uses the MTX_DUPOK even though it is not always safe to aquire duplicate locks. Witness currently doesn't support the ability to discover if a dup lock is ok (in some cases).
Reviewed by: green, rwatson (both earlier versions)
|
132775 |
28-Jul-2004 |
kan |
Avoid using casts as lvalues. Introduce DIP_SET macro which sets proper inode field based on UFS version. Use DIP ro read values and DIP_SET to modify them throughout FFS code base.
|
132653 |
26-Jul-2004 |
cperciva |
Rename suser_cred()'s PRISON_ROOT flag to SUSER_ALLOWJAIL. This is somewhat clearer, but more importantly allows for a consistent naming scheme for suser_cred flags.
The old name is still defined, but will be removed in a few days (unless I hear any complaints...)
Discussed with: rwatson, scottl Requested by: jhb
|
132023 |
12-Jul-2004 |
alfred |
Make VFS_ROOT() and vflush() take a thread argument. This is to allow filesystems to decide based on the passed thread which vnode to return. Several filesystems used curthread, they now use the passed thread.
|
131551 |
04-Jul-2004 |
phk |
When we traverse the vnodes on a mountpoint we need to look out for our cached 'next vnode' being removed from this mountpoint. If we find that it was recycled, we restart our traversal from the start of the list.
Code to do that is in all local disk filesystems (and a few other places) and looks roughly like this:
MNT_ILOCK(mp); loop: for (vp = TAILQ_FIRST(&mp...); (vp = nvp) != NULL; nvp = TAILQ_NEXT(vp,...)) { if (vp->v_mount != mp) goto loop; MNT_IUNLOCK(mp); ... MNT_ILOCK(mp); } MNT_IUNLOCK(mp);
The code which takes vnodes off a mountpoint looks like this:
MNT_ILOCK(vp->v_mount); ... TAILQ_REMOVE(&vp->v_mount->mnt_nvnodelist, vp, v_nmntvnodes); ... MNT_IUNLOCK(vp->v_mount); ... vp->v_mount = something;
(Take a moment and try to spot the locking error before you read on.)
On a SMP system, one CPU could have removed nvp from our mountlist but not yet gotten to assign a new value to vp->v_mount while another CPU simultaneously get to the top of the traversal loop where it finds that (vp->v_mount != mp) is not true despite the fact that the vnode has indeed been removed from our mountpoint.
Fix:
Introduce the macro MNT_VNODE_FOREACH() to traverse the list of vnodes on a mountpoint while taking into account that vnodes may be removed from the list as we go. This saves approx 65 lines of duplicated code.
Split the insmntque() which potentially moves a vnode from one mount point to another into delmntque() and insmntque() which does just what the names say.
Fix delmntque() to set vp->v_mount to NULL while holding the mountpoint lock.
|
131072 |
24-Jun-2004 |
rwatson |
Annotate that we don't check the returned data length from ufs_readdir() because UFS uses fixed-size directory blocks. When using this code with other file systems, such as HFS+, the value of auio.uio_resid will need to be taken into account.
|
131069 |
24-Jun-2004 |
rwatson |
Remove unnecessary setting of VV_SYSTEM on extended attribute backing files. When this flag is used in our port of this code to Darwin, it caused remarkable pain, and doesn't offer a benefit in FreeBSD.
|
131067 |
24-Jun-2004 |
rwatson |
Protect a non-text comment with a '-'.
|
131066 |
24-Jun-2004 |
rwatson |
White space cleanup: use spaces instead of tabs in variable declarations local to a function. Remove a couple of blank lines in variable declarations.
In one case, explicitly test against NULL rather than using a pointer as a boolean directly.
|
130761 |
20-Jun-2004 |
bde |
Backed out previous commit. The dev_t -> `struct cdev *' changes have lots of errors. Blind substitution of "dev_t foo" by "struct cdev *foo" in comments usually just created an English syntax error (e.g., "struct cdev *changes"), but here it did less than that since the dev_t is a user dev_t.
|
130585 |
16-Jun-2004 |
phk |
Do the dreaded s/dev_t/struct cdev */ Bump __FreeBSD_version accordingly.
|
127975 |
07-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999 and irc message from Robert Watson saying that clause 3 can be removed from those files with an NAI copyright that also have only a University of California copyrights.
Approved by: core, rwatson
|
126858 |
11-Mar-2004 |
phk |
When I was a kid my work table was one cluttered mess an cleaning it up were a rather overwhelming task. I soon learned that if you don't know where you're going to store something, at least try to pile it next to something slightly related in the hope that a pattern emerges.
Apply the same principle to the ffs/snapshot/softupdates code which have leaked into specfs: Add yet a buf-quasi-method and call it from the only two places I can see it can make a difference and implement the magic in ffs_softdep.c where it belongs.
It's not pretty, but at least it's one less layer violated.
|
126853 |
11-Mar-2004 |
phk |
Properly vector all bwrite() and BUF_WRITE() calls through the same path and s/BUF_WRITE()/bwrite()/ since it now does the same as bwrite().
|
126170 |
23-Feb-2004 |
mckusick |
A more accurate test in the new ufs_lock than that in 1.235.
|
126153 |
23-Feb-2004 |
mckusick |
Change UFS from using vop_stdlock to using its own ufs_lock. In ufs_lock, check for attempts to acquire shared locks on snapshot files and change them to be exclusive locks. This change eliminates deadlocks and machine lockups reported in -current since most read requests started using shared lock requests.
Submitted by: Jun Kuriyama <kuriyama@imgsrc.co.jp>
|
126097 |
22-Feb-2004 |
rwatson |
Update my personal copyrights and NETA copyrights in the kernel to use the "year1-year3" format, as opposed to "year1, year2, year3". This seems to make lawyers more happy, but also prevents the lines from getting excessively long as the years start to add up.
Suggested by: imp
|
125854 |
15-Feb-2004 |
dwmalone |
Abstract dirhash's locking using macros. This should make it easier to use the same dirhash code on different branches/platforms.
Reviewed by: Ted Unangst <tedu@zeitbombe.org> Reviewed by: iedowse MFC after: 3 weeks
|
122091 |
05-Nov-2003 |
kan |
Remove mntvnode_mtx and replace it with per-mountpoint mutex. Introduce two new macros MNT_ILOCK(mp)/MNT_IUNLOCK(mp) to operate on this mutex transparently.
Eventually new mutex will be protecting more fields in struct mount, not only vnode list.
Discussed with: jeff
|
121874 |
02-Nov-2003 |
kan |
Take care not to call vput if thread used in corresponding vget wasn't curthread, i.e. when we receive a thread pointer to use as a function argument. Use VOP_UNLOCK/vrele in these cases.
The only case there td != curthread known at the moment is boot() calling sync with thread0 pointer.
This fixes the panic on shutdown people have reported.
|
121847 |
01-Nov-2003 |
kan |
Temporarily undo parts of the stuct mount locking commit by jeff. It is unsafe to hold a mutex across vput/vrele calls.
This will be redone when a better locking strategy is agreed upon.
Discussed with: jeff
|
121205 |
18-Oct-2003 |
phk |
DuH!
bp->b_iooffset (the spot on the disk), not bp->b_offset (the offset in the file)
|
121202 |
18-Oct-2003 |
phk |
Initialize bp->b_offset before calling VOP_[SPEC]STRATEGY()
|
120777 |
05-Oct-2003 |
jeff |
- Don't cache_purge() in ufs_reclaim. vclean() does it for us so this is redundant.
|
120738 |
04-Oct-2003 |
jeff |
- Use the VI_LOCK macro in two places where we directly called mtx_lock() before. Direct calls indicated places that needed review and these have now been reviewed.
|
120737 |
04-Oct-2003 |
jeff |
- Properly acquire the vnode interlock before releasing the mntvnode_mtx. - Use a local variable to store the results of the test to see if the next vnode on the mount list has changed. This is so that we no longer acess the vnode after we vput() it.
|
118969 |
15-Aug-2003 |
phk |
Eliminate the i_devvp field from the incore UFS inodes, we can get the same value from ip->i_ump->um_devvp.
This saves a pointer in the memory copies of inodes, which can easily run into several hundred kilobytes.
The extra indirection is unmeasurable in benchmarks.
Approved by: mckusick
|
118411 |
04-Aug-2003 |
rwatson |
Now that the central POSIX.1e ACL code implements functions to generate the inode mode from a default ACL and creation mask, implement ufs_sync_inode_from_acl() using acl_posix1e_newfilemode().
Since ACL_OVERRIDE_MASK/ACL_PRESERVE_MASK are defined, we no longer need to explicitly pass in a "preserve_mask" field: this is implicit in the use of POSIX.1e semantics.
Note: this change contains a semantic bugfix for new file creation: we now intersect the ACL-generated mode and the cmode requested by the user process. This means permissions on newly created file objects will now be more conservative. In the future, we may want to provide alternative semantics (similar to Solaris and Linux) in which the ACL mask overrides the umask, permitting ACLs to broaden the rights beyond the requested umask.
PR: 50148 Reported by: Ritz, Bruno <bruno_ritz@gmx.ch> Obtained from: TrustedBSD Project
|
118404 |
04-Aug-2003 |
rwatson |
In ufs_chmod(), use privilege only when required in the following cases:
- Setting sticky bit on non-directory - Setting setgid on a file with a group that isn't in the effective or extended groups of the authorizing credential
I.e., test the requirement first, then do the privilege test, rather than doing the privilege test regardless of the need for privilege.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
118131 |
28-Jul-2003 |
rwatson |
Rename VOP_RMEXTATTR() to VOP_DELETEEXTATTR() for consistency with the kernel ACL interfaces and system call names.
Break out UFS2 and FFS extattr delete and list vnode operations from setextattr and getextattr to deleteextattr and listextattr, which cleans up the implementations, and makes the results more readable, and makes the APIs more clear.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
118094 |
27-Jul-2003 |
phk |
Add fdidx argument to vn_open() and vn_open_cred() and pass -1 throughout.
|
118047 |
26-Jul-2003 |
phk |
Add a "int fd" argument to VOP_OPEN() which in the future will contain the filedescriptor number on opens from userland.
The index is used rather than a "struct file *" since it conveys a bit more information, which may be useful to in particular fdescfs and /dev/fd/*
For now pass -1 all over the place.
|
117221 |
04-Jul-2003 |
phk |
We just cached the inode pointer, no need to call VTOI() again.
|
116412 |
15-Jun-2003 |
phk |
Add the same KASSERT to all VOP_STRATEGY and VOP_SPECSTRATEGY implementations to check that the buffer points to the correct vnode.
|
116384 |
15-Jun-2003 |
rwatson |
Re-implement kernel access control for quotactl() as found in the UFS quota implementation. Push some quite broken access control logic out of ufs_quotactl() into the individual command implementations in ufs_quota.c; fix that logic. Pass in the thread argument to any quotactl command that will need to perform access control.
o quotaon() requires privilege (PRISON_ROOT).
o quotaoff() requires privilege (PRISON_ROOT).
o getquota() requires that:
If the type is USRQUOTA, either the effective uid match the requested quota ID, that the unprivileged_get_quota flag be set, or that the thread be privileged (PRISON_ROOT).
If the type is GRPQUOTA, require that either the thread be a member of the group represented by the requested quota ID, that the unprivileged_get_quota flag be set, or that the thread be privileged (PRISON_ROOT).
o setquota() requires privilege (PRISON_ROOT).
o setuse() requires privilege (PRISON_ROOT).
o qsync() requires no special privilege (consistent with what was present before, but probably not very useful).
Add a new sysctl, security.bsd.unprivileged_get_quota, which when set to a non-zero value, will permit unprivileged users to query user quotas with non-matching uids and gids. Set this to 0 by default to be mostly consistent with the previous behavior (the same for USRQUOTA, but not for GRPQUOTA).
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
116192 |
11-Jun-2003 |
obrien |
Use __FBSDID().
|
115865 |
05-Jun-2003 |
rwatson |
Don't special-case handling of the empty string in the UFS1 extended attribute retrieval code: it's no longer special-cased, and is caught by the normal UFS1 EA validity checks (and, in fact, returns the same error, EINVAL).
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
115526 |
31-May-2003 |
phk |
Remove unused variable.
Found by: FlexeLint
|
115040 |
15-May-2003 |
rwatson |
Jeff added locking assertions that the VV_ flags on vnodes were modified only while holding appropriate vnode locks. This patch slides the lock release for ufs_extattr_enable() to continue to hold the active vnode lock on a backing file until after the flag change; it also acquires a vnode lock when disabling an attribute and hence clearing a flag on the backing vnode. This permits VFS_DEBUG_LOCKS to run UFS1 extended attributes without panicking, as well as preventing a potential race and vnode flag problem.
Approved by: re (jhb) Pointed out by: DEBUG_VFS_LOCKS
|
114293 |
30-Apr-2003 |
markm |
Fix some easy, global, lint warnings. In most cases, this means making some local variables static. In a couple of cases, this means removing an unused variable.
|
112367 |
18-Mar-2003 |
phk |
Including <sys/stdint.h> is (almost?) universally only to be able to use %j in printfs, so put a newsted include in <sys/systm.h> where the printf prototype lives and save everybody else the trouble.
|
111856 |
04-Mar-2003 |
jeff |
- Add a new 'flags' parameter to getblk(). - Define one flag GB_LOCK_NOWAIT that tells getblk() to pass the LK_NOWAIT flag to the initial BUF_LOCK(). This will eventually be used in cases were we want to use a buffer only if it is not currently in use. - Convert all consumers of the getblk() api to use this extra parameter.
Reviwed by: arch Not objected to by: mckusick
|
111841 |
03-Mar-2003 |
njl |
Finish cleanup of vprint() which was begun with changing v_tag to a string. Remove extraneous uses of vop_null, instead defering to the default op. Rename vnode type "vfs" to the more descriptive "syncer". Fix formatting for various filesystems that use vop_print.
|
111748 |
02-Mar-2003 |
des |
More low-hanging fruit: kill caddr_t in calls to wakeup(9) / [mt]sleep(9).
|
111423 |
24-Feb-2003 |
das |
Expand the reference count on struct dquot to 32 bits. This fixes a panic on large systems where a single user may have more than 64K active or inactive vnodes.
PR: 48234 Reviewed by: mike (mentor)
|
111119 |
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
110234 |
02-Feb-2003 |
alfred |
Catch more uses of MIN().
|
109623 |
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
108892 |
07-Jan-2003 |
mckusick |
This patch fixes a problem caused by applications that rapidly and repeatedly truncate the same file. Each time the file is truncated, a buffer is grabbed to store the indirect block numbers that need to be freed. Those blocks cannot be freed until the inode claiming them is written to disk. Thus, the number of buffers being held by soft updates explodes and in extreme cases can run the kernel out of buffers. The problem can be avoided by doing an fsync on the file every debug.maxindirdep truncates (currently defaulted to 50). The fsync causes the inode to be written so that the held buffers can be freed. The check for excessive buffers is checked as part of the existing hook for excessive dependencies (softdep_slowdown) in the truncate code.
Reported by: David Schultz <dschultz@uclink.Berkeley.EDU> Sponsored by: DARPA & NAI Labs. MFC after: 3 weeks
|
108686 |
04-Jan-2003 |
phk |
Temporarily introduce a new VOP_SPECSTRATEGY operation while I try to sort out disk-io from file-io in the vm/buffer/filesystem space.
The intent is to sort VOP_STRATEGY calls into those which operate on "real" vnodes and those which operate on VCHR vnodes. For the latter kind, the call will be changed to VOP_SPECSTRATEGY, possibly conditionally for those places where dual-use happens.
Add a default VOP_SPECSTRATEGY method which will call the normal VOP_STRATEGY. First time it is called it will print debugging information. This will only happen if a normal vnode is passed to VOP_SPECSTRATEGY by mistake.
Add a real VOP_SPECSTRATEGY in specfs, which does what VOP_STRATEGY does on a VCHR vnode today.
Add a new VOP_STRATEGY method in specfs to catch instances where the conversion to VOP_SPECSTRATEGY has not yet happened. Handle the request just like we always did, but first time called print debugging information.
Apart up to two instances of console messages per boot, this amounts to a glorified no-op commit.
If you get any of the messages on your console I would very much like a copy of them mailed to phk@freebsd.org
|
108648 |
04-Jan-2003 |
phk |
Since Jeffr made the std* functions the default in rev 1.63 of kern/vfs_defaults.c it is wrong for the individual filesystems to use the std* functions as that prevents override of the default.
Found by: src/tools/tools/vop_table
|
108589 |
03-Jan-2003 |
phk |
Convert calls to BUF_STRATEGY to VOP_STRATEGY calls. This is a no-op since all BUF_STRATEGY did in the first place was call VOP_STRATEGY.
|
108533 |
01-Jan-2003 |
schweikh |
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, especially in troff files.
|
108313 |
27-Dec-2002 |
phk |
Make ffs_mountfs() static.
Remove the malloctype from the ufs mount structure, instead add a callback to the storage method for freeing inodes: UFS_IFREE().
Add vfs_ifree() method function which frees an inode.
Unvariablelize the malloc type used for allocating inodes.
|
107915 |
15-Dec-2002 |
mckusick |
Update to previous change (1.54) to use an approperly wide inode field so as to work correctly on 64-bit platforms.
Reported-by: Jake Burkholder <jake@locore.ca> Sponsored by: DARPA & NAI Labs. Approved by: Ian Dowse <iedowse@maths.tcd.ie>
|
107868 |
14-Dec-2002 |
iedowse |
Undo the adjustment of the total memory used by dirhash in the case where allocating the dirhash structure fails. Fix a few typos in comments and update copyright.
MFC after: 1 week
|
107848 |
14-Dec-2002 |
mckusick |
Only the most recent snapshot contains the complete list of blocks that were copied in all of the earlier snapshots, thus its precomputed list must be used in the copyonwrite test. Using incomplete lists may lead to deadlock. Also do not include the blocks used for the indirect pointers in the indirect pointers as this may lead to inconsistent snapshots.
Sponsored by: DARPA & NAI Labs. Approved by: re
|
106673 |
08-Nov-2002 |
jhb |
Print daddr_t's with %j and intmax_t.
|
106394 |
04-Nov-2002 |
rwatson |
Update licenses and wording: NAI has authorized the removal of clause three of their BSD-style license; also, carry out the NAI Labs -> Network Associates Laboratories renaming in these files.
|
106058 |
27-Oct-2002 |
wollman |
Implement the new 1003.1-2001 pathconf() keys, including the Advisory Information option. Other filesystem implementations should do something similar.
With advice from: mckusick, phk
|
105988 |
26-Oct-2002 |
rwatson |
Slightly change the semantics of vnode labels for MAC: rather than "refreshing" the label on the vnode before use, just get the label right from inception. For single-label file systems, set the label in the generic VFS getnewvnode() code; for multi-label file systems, leave the labeling up to the file system. With UFS1/2, this means reading the extended attribute during vfs_vget() as the inode is pulled off disk, rather than hitting the extended attributes frequently during operations later, improving performance. This also corrects sematics for shared vnode locks, which were not previously present in the system. This chances the cache coherrency properties WRT out-of-band access to label data, but in an acceptable form. With UFS1, there is a small race condition during automatic extended attribute start -- this is not present with UFS2, and occurs because EAs aren't available at vnode inception. We'll introduce a work around for this shortly.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105572 |
20-Oct-2002 |
rwatson |
Rename _POSIX_FOO_PRESENT and friends from POSIX.1e to _PC_FOO_PRESENT and related friends. This would have been corrected had POSIX.1e progressed to a standard.
Pointed out by: wollman
|
105571 |
20-Oct-2002 |
rwatson |
Implement _POSIX_ACL_PATH_MAX, which returns the maximum number of ACL entries for a file system node using pathconf().
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105567 |
20-Oct-2002 |
rwatson |
Teach UFS to respond to pathconf() tests for _POSIX_ACL_EXTENDED and _POSIX_MAC_PRESENT based on available mount flags, if the services are available.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105456 |
19-Oct-2002 |
rwatson |
Clarify that the UFS1 extended attribute configuration steps do not apply to UFS2 file systems.
Submitted by: jedgar Obtained from: TrustedBSD Project
|
105422 |
18-Oct-2002 |
dillon |
Fix a file-rewrite performance case for UFS[2]. When rewriting portions of a file in chunks that are less then the filesystem block size, if the data is not already cached the system will perform a read-before-write. The problem is that it does this on a block-by-block basis, breaking up the I/Os and making clustering impossible for the writes. Programs such as INN using cyclic file buffers suffer greatly. This problem is only going to get worse as we use larger and larger filesystem block sizes.
The solution is to extend the sequential heuristic so UFS[2] can perform a far larger read and readahead when dealing with this case.
(note: maximum disk write bandwidth is 27MB/sec thru filesystem) (note: filesystem blocksize in test is 8K (1K frag)) dd if=/dev/zero of=test.dat bs=1k count=2m conv=notrunc
Before: (note half of these are reads) tty da0 da1 acd0 cpu tin tout KB/t tps MB/s KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 76 14.21 598 8.30 0.00 0 0.00 0.00 0 0.00 0 0 7 1 92 0 76 14.09 813 11.19 0.00 0 0.00 0.00 0 0.00 0 0 9 5 86 0 76 14.28 821 11.45 0.00 0 0.00 0.00 0 0.00 0 0 8 1 91
After: (note half of these are reads) tty da0 da1 acd0 cpu tin tout KB/t tps MB/s KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 76 63.62 434 26.99 0.00 0 0.00 0.00 0 0.00 0 0 18 1 80 0 76 63.58 424 26.30 0.00 0 0.00 0.00 0 0.00 0 0 17 2 82 0 76 63.82 438 27.32 0.00 0 0.00 0.00 0 0.00 1 0 19 2 79
Reviewed by: mckusick Approved by: re X-MFC after: immediately (was heavily tested in -stable for 4 months)
|
105417 |
18-Oct-2002 |
rwatson |
Update extended attribute readme file to note that no special configuration is required to use EAs with UFS2, and that UFS2 is recommend for EA use for a variety of reasons.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105416 |
18-Oct-2002 |
rwatson |
Update instructions for ACLs given recent tunefs, mount changes. Also note that UFS2 doesn't require explicit extended attribute configuration, and is recommends for this and other reasons if you plan to use ACLs.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105415 |
18-Oct-2002 |
rwatson |
Use 'size_t' instead of 'int' for the result of sizeof().
|
105368 |
18-Oct-2002 |
mckusick |
With the revised single-lock method used in snapshots, the BA_NOWAIT flag is no longer needed.
Sponsored by: DARPA & NAI Labs.
|
105179 |
15-Oct-2002 |
rwatson |
Push most UFS ACL behavior behind a check for MNT_ACLS, permitting ACLs to be administratively disabled as needed on UFS/UFS2 file systems. This also has the effect of preventing the slightly more expensive ACL code from running on non-ACL file systems, avoiding storage allocation for ACLs that may be read from disk. MNT_ACLS may be set at mount-time using mount -o acls, or implicitly by setting the FS_ACLS flag using tunefs. On UFS1, you may also have to configure ACL store.
Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
105136 |
14-Oct-2002 |
mckusick |
When reading or writing the extended attributes of a special device or fifo in UFS2, the normal ufs_strategy routine needs to be used rather than the spec_strategy or fifo_strategy routine. Thus the ffsext_strategy routine is interposed in the ffs_vnops vectors for special devices and fifo's to pick off this special case. Otherwise it simply falls through to the usual spec_strategy or fifo_strategy routine.
Submitted by: Robert Watson <rwatson@FreeBSD.org> Sponsored by: DARPA & NAI Labs.
|
105123 |
14-Oct-2002 |
rwatson |
Fix two memory leaks in error conditions involving the UFS ACL code: if failures occur, make sure that we release both the default ACL and access ACL storage during new object creation.
Spotted by: phk and his pet flexelint Sponsored by: DARPA, Network Associates Laboratories
|
105077 |
14-Oct-2002 |
mckusick |
Regularize the vop_stdlock'ing protocol across all the filesystems that use it. Specifically, vop_stdlock uses the lock pointed to by vp->v_vnlock. By default, getnewvnode sets up vp->v_vnlock to reference vp->v_lock. Filesystems that wish to use the default do not need to allocate a lock at the front of their node structure (as some still did) or do a lockinit. They can simply start using vn_lock/VOP_UNLOCK. Filesystems that wish to manage their own locks, but still use the vop_stdlock functions (such as nullfs) can simply replace vp->v_vnlock with a pointer to the lock that they wish to have used for the vnode. Such filesystems are responsible for setting the vp->v_vnlock back to the default in their vop_reclaim routine (e.g., vp->v_vnlock = &vp->v_lock).
In theory, this set of changes cleans up the existing filesystem lock interface and should have no function change to the existing locking scheme.
Sponsored by: DARPA & NAI Labs.
|
104908 |
11-Oct-2002 |
mike |
Change iov_base's type from `char *' to the standard `void *'. All uses of iov_base which assume its type is `char *' (in order to do pointer arithmetic) have been updated to cast iov_base to `char *'.
|
104702 |
09-Oct-2002 |
mckusick |
When creating a snapshot, create a list of initially allocated blocks. Whenever doing a copy-on-write check, first look in the list of initially allocated blocks to see if it is there. If so, no further check is needed. If not, fall through and do the full check. This change eliminates one of two known deadlocks caused by snapshots. Handling the second deadlock will be the subject of another check-in. This change also reduces the cost of the copy-on-write check by speeding up the verification of frequently checked blocks.
Sponsored by: DARPA & NAI Labs.
|
104364 |
02-Oct-2002 |
phk |
Mark two places where an unsigned number is checked "if (foo < 0)" with an XXX comment.
Somebody[TM] should look at this in some detail.
Spotted by: FlexeLint
|
104346 |
02-Oct-2002 |
dd |
size_t is not a struct (fix mislabelling in a comment).
|
104302 |
01-Oct-2002 |
phk |
Fix some harmless mis-indents.
Spotted by: FlexeLint
|
104094 |
28-Sep-2002 |
phk |
Be consistent about "static" functions: if the function is marked static in its prototype, mark it static at the definition too.
Inspired by: FlexeLint warning #512
|
104052 |
27-Sep-2002 |
phk |
Make it a tad easier to deal with struct inode in userland programs which fondle /dev/kmem by using "struct cdev *" instead of "dev_t".
Requsted by: jake
|
103944 |
25-Sep-2002 |
jeff |
- Lock accesses to v_usecount. - Convert interlock locks to use standard macros.
|
103943 |
25-Sep-2002 |
jeff |
- Don't use the interlock to protect v_writecount.
|
103636 |
19-Sep-2002 |
truckman |
VOP_FSYNC() requires that it's vnode argument be locked, which nfs_link() wasn't doing. Rather than just lock and unlock the vnode around the call to VOP_FSYNC(), implement rwatson's suggestion to lock the file vnode in kern_link() before calling VOP_LINK(), since the other filesystems also locked the file vnode right away in their link methods. Remove the locking and and unlocking from the leaf filesystem link methods.
Reviewed by: rwatson, bde (except for the unionfs_link() changes)
|
103559 |
18-Sep-2002 |
njl |
Remove any VOP_PRINT that redundantly prints the tag. Move lockmgr_printinfo() into vprint() for everyone's benefit.
Suggested by: bde
|
103314 |
14-Sep-2002 |
njl |
Remove all use of vnode->v_tag, replacing with appropriate substitutes. v_tag is now const char * and should only be used for debugging.
Additionally: 1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK 2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.
Suggested by: phk Reviewed by: bde, rwatson (earlier version)
|
103180 |
10-Sep-2002 |
bde |
vfs_syscalls.c: Changed rename(2) to follow the letter of the POSIX spec. POSIX requires rename() to have no effect if its args "resolve to the same existing file". I think "file" can only reasonably be read as referring to the inode, although the rationale and "resolve" seem to say that sameness is at the level of (resolved) directory entries.
ext2fs_vnops.c, ufs_vnops.c: Replaced code that gave the historical BSD behaviour of removing one link name by checks that this code is now unreachable. This fixes some races. All vnodes needed to be unlocked for the removal, and locking at another level using something like IN_RENAME was not even attempted, so it was possible for rename(x, y) to return with both x and y removed even without any unlink(2) syscalls (one process can remove x using rename(x, y) and another process can remove y using rename(y, x)).
Prodded by: alfred MFC after: 8 weeks PR: 42617
|
102991 |
05-Sep-2002 |
phk |
Implement the VOP_OPENEXTATTR() and VOP_CLOSEEXTATTR() methods.
Use extattr_check_cred() to check access to EAs.
This is still a WIP.
Sponsored by: DARPA & NAI Labs.
|
102988 |
05-Sep-2002 |
phk |
Use canonical extattr_check_cred() instead of private implementation of the same policy.
Sponsored by: DARPA & NAI Labs.
|
102985 |
05-Sep-2002 |
phk |
Fix credentials check: do not leak ENOATTR until we know if they're supposed to know.
Sponsored by: DARPA & NAI Labs.
|
102774 |
01-Sep-2002 |
rwatson |
Since we have vp and td cached in local variables, use those instead of derefencing the VOP arguments again when calling the UFS code.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
102412 |
25-Aug-2002 |
charnier |
Replace various spelling with FALLTHROUGH which is lint()able
|
101941 |
15-Aug-2002 |
rwatson |
In order to better support flexible and extensible access control, make a series of modifications to the credential arguments relating to file read and write operations to cliarfy which credential is used for what:
- Change fo_read() and fo_write() to accept "active_cred" instead of "cred", and change the semantics of consumers of fo_read() and fo_write() to pass the active credential of the thread requesting an operation rather than the cached file cred. The cached file cred is still available in fo_read() and fo_write() consumers via fp->f_cred. These changes largely in sys_generic.c.
For each implementation of fo_read() and fo_write(), update cred usage to reflect this change and maintain current semantics:
- badfo_readwrite() unchanged - kqueue_read/write() unchanged pipe_read/write() now authorize MAC using active_cred rather than td->td_ucred - soo_read/write() unchanged - vn_read/write() now authorize MAC using active_cred but VOP_READ/WRITE() with fp->f_cred
Modify vn_rdwr() to accept two credential arguments instead of a single credential: active_cred and file_cred. Use active_cred for MAC authorization, and select a credential for use in VOP_READ/WRITE() based on whether file_cred is NULL or not. If file_cred is provided, authorize the VOP using that cred, otherwise the active credential, matching current semantics.
Modify current vn_rdwr() consumers to pass a file_cred if used in the context of a struct file, and to always pass active_cred. When vn_rdwr() is used without a file_cred, pass NOCRED.
These changes should maintain current semantics for read/write, but avoid a redundant passing of fp->f_cred, as well as making it more clear what the origin of each credential is in file descriptor read/write operations.
Follow-up commits will make similar changes to other file descriptor operations, and modify the MAC framework to pass both credentials to MAC policy modules so they can implement either semantic for revocation.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
101777 |
13-Aug-2002 |
phk |
Introduce typedefs for the member functions of struct vfsops and employ these in the main filesystems. This does not change the resulting code but makes the source a little bit more grepable.
Sponsored by: DARPA and NAI Labs.
|
101744 |
12-Aug-2002 |
rwatson |
Pass IO_NOMACCHECK to vn_rdwr() in the following checks to prevent enforcement of MAC policy on the read or write operations:
- In ext2fs, don't enforce MAC on loop-back reads and writes supporting directory read operations in lookup(), directory modifications in rename(), directory write operations in mkdir(), symlink write operations in symlink().
- In the NFS client locking code, perform vn_rdwr() on the NFS locking socket without enforcing MAC, since the write is done on behalf of the kernel NFS implementation rather than the user process.
- In UFS, don't enforce MAC on loop-back reads and writes supporting directory read operations in lookup(), and symlink write operations in symlink().
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
101720 |
12-Aug-2002 |
phk |
Stop pretending that the FFS file ufs_readwrite.c is a UFS file.
Instead of #including it, pull it into ffs_vnops.c and name things correctly.
Sponsored by: DARPA & NAI Labs.
|
101717 |
12-Aug-2002 |
phk |
Fix a comment.
|
101308 |
04-Aug-2002 |
jeff |
- Replace v_flag with v_iflag and v_vflag - v_vflag is protected by the vnode lock and is used when synchronization with VOP calls is needed. - v_iflag is protected by interlock and is used for dealing with vnode management issues. These flags include X/O LOCK, FREE, DOOMED, etc. - All accesses to v_iflag and v_vflag have either been locked or marked with mp_fixme's. - Many ASSERT_VOP_LOCKED calls have been added where the locking was not clear. - Many functions in vfs_subr.c were restructured to provide for stronger locking.
Idea stolen from: BSD/OS
|
101073 |
31-Jul-2002 |
rwatson |
Introduce support for Mandatory Access Control and extensible kernel access control.
Instrument UFS to support per-inode MAC labels. In particular, invoke MAC framework entry points for generically supporting the backing of MAC labels into extended attributes. This ends up introducing new vnode operation vector entries point at the MAC framework entry points, as well as some explicit entry point invocations for file and directory creation events so that the MAC framework can push labels to disk before the directory names become persistent (this will work better once EAs in UFS2 are hooked into soft updates). The generic EA MAC entry points support executing with the file system in either single label or multilabel operation, and will fall back to the mount label if multilabel is not specified at mount-time.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
100807 |
28-Jul-2002 |
alc |
Lock page queue accesses by vm_page_free().
|
100344 |
19-Jul-2002 |
mckusick |
Add support to UFS2 to provide storage for extended attributes. As this code is not actually used by any of the existing interfaces, it seems unlikely to break anything (famous last words).
The internal kernel interface to manipulate these attributes is invoked using two new IO_ flags: IO_NORMAL and IO_EXT. These flags may be specified in the ioflags word of VOP_READ, VOP_WRITE, and VOP_TRUNCATE. Specifying IO_NORMAL means that you want to do I/O to the normal data part of the file and IO_EXT means that you want to do I/O to the extended attributes part of the file. IO_NORMAL and IO_EXT are mutually exclusive for VOP_READ and VOP_WRITE, but may be specified individually or together in the case of VOP_TRUNCATE. For example, when removing a file, VOP_TRUNCATE is called with both IO_NORMAL and IO_EXT set. For backward compatibility, if neither IO_NORMAL nor IO_EXT is set, then IO_NORMAL is assumed.
Note that the BA_ and IO_ flags have been `merged' so that they may both be used in the same flags word. This merger is possible by assigning the IO_ flags to the low sixteen bits and the BA_ flags the high sixteen bits. This works because the high sixteen bits of the IO_ word is reserved for read-ahead and help with write clustering so will never be used for flags. This merge lets us get away from code of the form:
if (ioflags & IO_SYNC) flags |= BA_SYNC;
For the future, I have considered adding a new field to the vattr structure, va_extsize. This addition could then be exported through the stat structure to allow applications to find out the size of the extended attribute storage and also would provide a more standard interface for truncating them (via VOP_SETATTR rather than VOP_TRUNCATE).
I am also contemplating adding a pathconf parameter (for concreteness, lets call it _PC_MAX_EXTSIZE) which would let an application determine the maximum size of the extended atribute storage.
Sponsored by: DARPA & NAI Labs.
|
100207 |
17-Jul-2002 |
mckusick |
Change utimes to set the file creation time (for filesystems that support creation times such as UFS2) to the value of the modification time if the value of the modification time is older than the current creation time. See utimes(2) for further details.
Sponsored by: DARPA & NAI Labs.
|
100201 |
16-Jul-2002 |
mckusick |
Change the name of st_createtime to st_birthtime. This change is made to reduce confusion between st_ctime and st_createtime.
Submitted by: Eric Allman <eric@sendmail.org> Sponsored by: DARPA & NAI Labs.
|
99101 |
30-Jun-2002 |
iedowse |
Remove the bogus SYSINIT from ufs_dirhash.c and instead add a call to ufsdirhash_init() from ufs_init(). Add uninit() functions corresponding the ufs, dirhash, quota and ihash init() functions.
|
98849 |
26-Jun-2002 |
ken |
At long last, commit the zero copy sockets code.
MAKEDEV: Add MAKEDEV glue for the ti(4) device nodes.
ti.4: Update the ti(4) man page to include information on the TI_JUMBO_HDRSPLIT and TI_PRIVATE_JUMBOS kernel options, and also include information about the new character device interface and the associated ioctls.
man9/Makefile: Add jumbo.9 and zero_copy.9 man pages and associated links.
jumbo.9: New man page describing the jumbo buffer allocator interface and operation.
zero_copy.9: New man page describing the general characteristics of the zero copy send and receive code, and what an application author should do to take advantage of the zero copy functionality.
NOTES: Add entries for ZERO_COPY_SOCKETS, TI_PRIVATE_JUMBOS, TI_JUMBO_HDRSPLIT, MSIZE, and MCLSHIFT.
conf/files: Add uipc_jumbo.c and uipc_cow.c.
conf/options: Add the 5 options mentioned above.
kern_subr.c: Receive side zero copy implementation. This takes "disposable" pages attached to an mbuf, gives them to a user process, and then recycles the user's page. This is only active when ZERO_COPY_SOCKETS is turned on and the kern.ipc.zero_copy.receive sysctl variable is set to 1.
uipc_cow.c: Send side zero copy functions. Takes a page written by the user and maps it copy on write and assigns it kernel virtual address space. Removes copy on write mapping once the buffer has been freed by the network stack.
uipc_jumbo.c: Jumbo disposable page allocator code. This allocates (optionally) disposable pages for network drivers that want to give the user the option of doing zero copy receive.
uipc_socket.c: Add kern.ipc.zero_copy.{send,receive} sysctls that are enabled if ZERO_COPY_SOCKETS is turned on.
Add zero copy send support to sosend() -- pages get mapped into the kernel instead of getting copied if they meet size and alignment restrictions.
uipc_syscalls.c:Un-staticize some of the sf* functions so that they can be used elsewhere. (uipc_cow.c)
if_media.c: In the SIOCGIFMEDIA ioctl in ifmedia_ioctl(), avoid calling malloc() with M_WAITOK. Return an error if the M_NOWAIT malloc fails.
The ti(4) driver and the wi(4) driver, at least, call this with a mutex held. This causes witness warnings for 'ifconfig -a' with a wi(4) or ti(4) board in the system. (I've only verified for ti(4)).
ip_output.c: Fragment large datagrams so that each segment contains a multiple of PAGE_SIZE amount of data plus headers. This allows the receiver to potentially do page flipping on receives.
if_ti.c: Add zero copy receive support to the ti(4) driver. If TI_PRIVATE_JUMBOS is not defined, it now uses the jumbo(9) buffer allocator for jumbo receive buffers.
Add a new character device interface for the ti(4) driver for the new debugging interface. This allows (a patched version of) gdb to talk to the Tigon board and debug the firmware. There are also a few additional debugging ioctls available through this interface.
Add header splitting support to the ti(4) driver.
Tweak some of the default interrupt coalescing parameters to more useful defaults.
Add hooks for supporting transmit flow control, but leave it turned off with a comment describing why it is turned off.
if_tireg.h: Change the firmware rev to 12.4.11, since we're really at 12.4.11 plus fixes from 12.4.13.
Add defines needed for debugging.
Remove the ti_stats structure, it is now defined in sys/tiio.h.
ti_fw.h: 12.4.11 firmware.
ti_fw2.h: 12.4.11 firmware, plus selected fixes from 12.4.13, and my header splitting patches. Revision 12.4.13 doesn't handle 10/100 negotiation properly. (This firmware is the same as what was in the tree previously, with the addition of header splitting support.)
sys/jumbo.h: Jumbo buffer allocator interface.
sys/mbuf.h: Add a new external mbuf type, EXT_DISPOSABLE, to indicate that the payload buffer can be thrown away / flipped to a userland process.
socketvar.h: Add prototype for socow_setup.
tiio.h: ioctl interface to the character portion of the ti(4) driver, plus associated structure/type definitions.
uio.h: Change prototype for uiomoveco() so that we'll know whether the source page is disposable.
ufs_readwrite.c:Update for new prototype of uiomoveco().
vm_fault.c: In vm_fault(), check to see whether we need to do a page based copy on write fault.
vm_object.c: Add a new function, vm_object_allocate_wait(). This does the same thing that vm_object allocate does, except that it gives the caller the opportunity to specify whether it should wait on the uma_zalloc() of the object structre.
This allows vm objects to be allocated while holding a mutex. (Without generating WITNESS warnings.)
vm_object_allocate() is implemented as a call to vm_object_allocate_wait() with the malloc flag set to M_WAITOK.
vm_object.h: Add prototype for vm_object_allocate_wait().
vm_page.c: Add page-based copy on write setup, clear and fault routines.
vm_page.h: Add page based COW function prototypes and variable in the vm_page structure.
Many thanks to Drew Gallatin, who wrote the zero copy send and receive code, and to all the other folks who have tested and reviewed this code over the years.
|
98788 |
25-Jun-2002 |
mckusick |
Force the quota update to be done when an inode is released in ufs_inactive. This avoid a panic when checking a NULL credential in suser_cred().
|
98658 |
23-Jun-2002 |
dillon |
Rename the BALLOC flags from B_* to BA_* to avoid confusion with the struct buf B_ flags.
Approved by: mckusick
|
98542 |
21-Jun-2002 |
mckusick |
This commit adds basic support for the UFS2 filesystem. The UFS2 filesystem expands the inode to 256 bytes to make space for 64-bit block pointers. It also adds a file-creation time field, an ability to use jumbo blocks per inode to allow extent like pointer density, and space for extended attributes (up to twice the filesystem block size worth of attributes, e.g., on a 16K filesystem, there is space for 32K of attributes). UFS2 fully supports and runs existing UFS1 filesystems. New filesystems built using newfs can be built in either UFS1 or UFS2 format using the -O option. In this commit UFS1 is the default format, so if you want to build UFS2 format filesystems, you must specify -O 2. This default will be changed to UFS2 when UFS2 proves itself to be stable. In this commit the boot code for reading UFS2 filesystems is not compiled (see /sys/boot/common/ufsread.c) as there is insufficient space in the boot block. Once the size of the boot block is increased, this code can be defined.
Things to note: the definition of SBSIZE has changed to SBLOCKSIZE. The header file <ufs/ufs/dinode.h> must be included before <ufs/ffs/fs.h> so as to get the definitions of ufs2_daddr_t and ufs_lbn_t.
Still TODO: Verify that the first level bootstraps work for all the architectures. Convert the utility ffsinfo to understand UFS2 and test growfs. Add support for the extended attribute storage. Update soft updates to ensure integrity of extended attribute storage. Switch the current extended attribute interfaces to use the extended attribute storage. Add the extent like functionality (framework is there, but is currently never used).
Sponsored by: DARPA & NAI Labs. Reviewed by: Poul-Henning Kamp <phk@freebsd.org>
|
98425 |
19-Jun-2002 |
dillon |
In rev 1.72 a situation related to write/mmap was fixed which could result in a user process gaining visibility into the 'old' contents of a filesystem block. There were two cases: (1) when uiomove() fails (user process issues illegal write), and (2) when uiomove() overlaps a mmap() of the same file at the same offset (fault -> recursive buffer I/O reads contents of old block).
Unfortunately 1.72 also had the unintended effect of forcing the filesystem to do a read-before-write in the case of a full-block-write (non append case), e.g. 'dd if=/dev/zero of=test.dat bs=1m count=256 conv=notrunc'. This destroys performance.. not only is a read forced for every write, but clustering breaks as well.
The solution is to clear the buffer manually in the full-block case rather then asking BALLOC to do it (BALLOC issues the read-before-write). In the partial-block case we want BALLOC to do it because the read-before-write is necessary. This patch should greatly improve database and news-feed server performance.
Found by: MKI <mki@mozone.net> MFC after: 3 days
|
97724 |
01-Jun-2002 |
alfred |
Backout/modify previous revision: "empty default cases shouldn't be removed, they should have a break; statement added to them."
Requested by: billf
|
97723 |
01-Jun-2002 |
alfred |
Silence warnings, remove some empty 'default' switch cases.
|
97640 |
30-May-2002 |
semenu |
Remove lock from ffs_vget introduced by v1.24. Instead of locking the vnode creation globaly, we allow processes to create vnodes concurently. In case of concurent creation of vnode for the one ino, we allow processes to race and then check who wins.
Assuming that concurent creation of vnode for same ino is really rare case, this is belived to be an improvement, as it just allows concurent creation of vnodes.
Idea by: bp Reviewed by: dillon MFC after: 1 month
|
96876 |
18-May-2002 |
iedowse |
Fix two casts to "daddr_t *" that should have been "ufs_daddr_t *".
|
96874 |
18-May-2002 |
iedowse |
Fix a typo where sizeof(daddr_t) was specified instead of sizeof(doff_t). Now that daddr_t is 64-bit, this caused hash blocks to be allocated twice as large as they need to be.
|
96873 |
18-May-2002 |
iedowse |
Remove um_i_effnlink_valid, i_spare[] and the ufsmount_u and inode_u unions, since these were only necessary when ext2fs used ufs code.
Reviewed by: mckusick
|
96821 |
17-May-2002 |
phk |
Fix ufs_daddr_t/daddr_t type problems.
Sponsored by: DARPA & NAI labs.
|
96820 |
17-May-2002 |
phk |
Call ufs_bmaparray() with right parameter type.
Sponsored by: DARPA & NAI Labs.
|
96755 |
16-May-2002 |
trhodes |
More s/file system/filesystem/g
|
96572 |
14-May-2002 |
phk |
Make daddr_t and u_daddr_t 64bits wide. Retire daddr64_t and use daddr_t instead.
Sponsored by: DARPA & NAI Labs.
|
96506 |
13-May-2002 |
phk |
Remove register keyword.
Sponsored by: DARPA & NAI Labs. Submitted by: mckusick
|
96482 |
12-May-2002 |
phk |
Remove two "register" and a blank line.
Submitted by: mckusick Sponsored by: DARPA & NAI Labs.
|
96095 |
06-May-2002 |
alc |
o Condition the compilation and use of vm_freeze_copyopts() on ENABLE_VFS_IOOPT.
|
96072 |
05-May-2002 |
phk |
Move some UFS related stuff home where it belongs.
|
96010 |
04-May-2002 |
jeff |
Include systm.h so panic(9) is defined when doing DEBUG_ALL_VFS_LOCKS.
|
95974 |
03-May-2002 |
phk |
Name ufs_vop_[gs]etextattr() consistently with the rest of our VOPs and put then in the ufs_vnops where they belong, rather than in the ffs_vnops.
Ok'ed by: rwatson Sponsored by: DARPA & NAI Labs.
|
95945 |
02-May-2002 |
phk |
Use vop_panic() instead of our home-rolled version.
|
93818 |
04-Apr-2002 |
jhb |
Change callers of mtx_init() to pass in an appropriate lock type name. In most cases NULL is passed, but in some cases such as network driver locks (which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.
Tested on: i386, alpha, sparc64
|
93593 |
01-Apr-2002 |
jhb |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
92807 |
20-Mar-2002 |
dwmalone |
Two minor changes to dirhash, which result in some marginal benchmark improvements.
1) If deleting an entry results in a chain of deleted slots ending in an empty slot, then we can be a bit more aggressive about marking slots as empty.
2) The last stage of the FNV hash is to xor the last byte of data into the hash. This means that filenames which differ only in the last byte will be placed close to one another in the hash table, which forms longer chains. To work around this common case, we also hash in the address of the dirhash structure.
news/cancel = news/articles/control/cancel for a tradspool inn server squid2 = squid level 2 directory (dirs called 00->FF) squid3 = squid level 3 directory (files called 00001F00->00001FFF)
mean #probes for home dir mh inbox news/cancel tmp squid2 squid3 old successful 1.02 3.19 4.07 1.10 7.85 2.06 new successful 1.04 1.32 1.27 1.04 1.93 1.17
old unsuccessful 1.08 4.50 5.37 1.17 10.76 2.69 new unsuccessful 1.08 1.73 1.64 1.17 2.89 1.37
Reviewed by: iedowse MFC after: 2 weeks
|
92768 |
20-Mar-2002 |
jeff |
Remove references to vm_zone.h and switch over to the new uma API.
|
92728 |
19-Mar-2002 |
alfred |
Remove __P.
|
92462 |
17-Mar-2002 |
mckusick |
Add a flags parameter to VFS_VGET to pass through the desired locking flags when acquiring a vnode. The immediate purpose is to allow polling lock requests (LK_NOWAIT) needed by soft updates to avoid deadlock when enlisting other processes to help with the background cleanup. For the future it will allow the use of shared locks for read access to vnodes. This change touches a lot of files as it affects most filesystems within the system. It has been well tested on FFS, loopback, and CD-ROM filesystems. only lightly on the others, so if you find a problem there, please let me (mckusick@mckusick.com) know.
|
92363 |
15-Mar-2002 |
mckusick |
Introduce the new 64-bit size disk block, daddr64_t. Change the bio and buffer structures to have daddr64_t bio_pblkno, b_blkno, and b_lblkno fields which allows access to disks larger than a Terabyte in size. This change also requires that the VOP_BMAP vnode operation accept and return daddr64_t blocks. This delta should not affect system operation in any way. It merely sets up the necessary interfaces to allow the development of disk drivers that work with these larger disk block addresses. It also allows for the development of UFS2 which will use 64-bit block addresses.
|
92098 |
11-Mar-2002 |
iedowse |
Fix a bug in ufsdirhash_adjfree() that caused it to incorrectly update the free-space statistics in some cases. The problem affected directory blocks when the free space dropped below the size of the maximum allowed entry size. When this happened, the free-space summary information could claim that there are no further blocks that can fit a maximum-size entry, even if there are.
The effect of this bug is that the directory may be enlarged even though there is space within the directory for the new entry. This wastes disk space and has a negative impact on performance.
Fix it by correctly computing the dh_firstfree array index, adding a helper macro for clarity. Put an extra sanity check into ufsdirhash_checkblock() to detect the situation in future.
Found by: dwmalone Reviewed by: dwmalone MFC after: 1 week
|
91825 |
07-Mar-2002 |
rwatson |
Update DBA for NAI. We have several. We used the wrong one. :-)
|
91814 |
07-Mar-2002 |
green |
Add new errno ``ENOATTR''.
|
91720 |
06-Mar-2002 |
dillon |
cleanup readability syntax prior to ongoing b_resid work commits.
MFC after: 1 day
|
91406 |
27-Feb-2002 |
jhb |
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
|
91060 |
22-Feb-2002 |
phk |
Replace bowrite() with BUF_WRITE in ufs.
Remove bowrite(), it is now unused.
This is the first step in getting entirely rid of BIO_ORDERED which is a generally accepted evil thing.
Approved by: mckusick
|
90972 |
20-Feb-2002 |
rwatson |
o Minor style fix on #endif, missing '_' in comment.
|
90860 |
18-Feb-2002 |
phk |
Make v_addpollinfo() visible and non-inline. Have callers only call it as needed. Add necessary call in ufs_kqfilter().
Test-case found by: Andrew Gallatin <gallatin@cs.duke.edu>
|
90791 |
17-Feb-2002 |
phk |
Move the stuff related to select and poll out of struct vnode. The use of the zone allocator may or may not be overkill. There is an XXX: over in ufs/ufs/ufs_vnops.c that jlemon may need to revisit.
This shaves about 60 bytes of struct vnode which on my laptop means 600k less RAM used for vnodes.
|
90790 |
17-Feb-2002 |
phk |
Collect the VN_KNOTE() macro definitions on vnode.h
|
90453 |
10-Feb-2002 |
rwatson |
Minor style tweaks.
Remove an unneeded comment and commented out code that won't be needed.
|
90452 |
10-Feb-2002 |
rwatson |
Copyright + license update.
|
90448 |
10-Feb-2002 |
rwatson |
Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so as not to use the scatter gather API (which appeared not to be used by any consumers, and be less portable), rather, accepts 'data' and 'nbytes' in the style of other simple read/write interfaces. This changes the API and ABI.
o Modify system call semantics so that extattr_get_{fd,file}() return a size_t. When performing a read, the number of bytes read will be returned, unless the data pointer is NULL, in which case the number of bytes of data are returned. This changes the API only.
o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t argument so as to return the size, if desirable. If set to NULL, the size will not be returned.
o Update various filesystems (pseodofs, ufs) to DTRT.
These changes should make extended attributes more useful and more portable. More commits to rebuild the system call files, as well as update userland utilities to follow.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
90438 |
10-Feb-2002 |
phk |
Remove di_inumber since LFS is long gone.
|
89384 |
15-Jan-2002 |
mckusick |
When downgrading a filesystem from read-write to read-only, operations involving file removal or file update were not always being fully committed to disk. The result was lost files or corrupted file data. This change ensures that the filesystem is properly synced to disk before the filesystem is down-graded.
This delta also fixes a long standing bug in which a file open for reading has been unlinked. When the last open reference to the file is closed, the inode is reclaimed by the filesystem. Previously, if the filesystem had been down-graded to read-only, the inode could not be reclaimed, and thus was lost and had to be later recovered by fsck. With this change, such files are found at the time of the down-grade. Normally they will result in the filesystem down-grade failing with `device busy'. If a forcible down-grade is done, then the affected files will be revoked causing the inode to be released and the open file descriptors to begin failing on attempts to read.
Submitted by: "Sam Leffler" <sam@errno.com>
|
89213 |
10-Jan-2002 |
phk |
Do not pull quota entries of the cache-list if they have already been removed from the cache-list as part of a previous unmount.
This would result in panics (page fault in dqflush()) during subsequent umounts provided that enough distinct UID's to actually make the hash do something are active.
This can probably explain a number of weird quota related behaviours.
PR: 32331 maybe more. Reproduced by: Søren Schrørder <sch@cybercity.dk>
|
87133 |
30-Nov-2001 |
rwatson |
Use 'mkdir -p /.attribute/system' instead of breaking it into two seperate mkdir targets.
Submitted by: jedgar
|
87132 |
30-Nov-2001 |
rwatson |
Use 'mkdir -p /.attribute/system' instead of breaking it into two seperate mkdir targets.
|
87131 |
30-Nov-2001 |
rwatson |
README.extattr incorrectly specified sample command lines for UFS_EXTATTR_AUTOSTART. Insert the missing 'initattr' arguments to extattrctl.
Noticed by: green
|
86782 |
22-Nov-2001 |
guido |
When mkdir()-ing, the parent dir gets is linkcount increased. Fix VN_KNOTE to reflect that.
Found by: tobez@freebsd.org MFC after: 2 days
|
86350 |
14-Nov-2001 |
iedowse |
Oops, when trying the dirhash sequential-access optimisation, compare the slot offset against the predicted offset, not a boolean flag. This typo effectively disabled the sequential optimisation, but was otherwise harmless.
Not surprisingly, fixing this improves performance in the sequential access case. I am seeing a 7% speedup on one machine here; using dirhash when sequentially looking up directory entries is now about 5% faster instead of 2% slower than the non-dirhash case.
Submitted by: KOIE Hidetaka <koie@suri.co.jp> MFC after: 1 week
|
86089 |
05-Nov-2001 |
dillon |
Implement IO_NOWDRAIN and B_NOWDRAIN - prevents the buffer cache from blocking in wdrain during a write. This flag needs to be used in devices whos strategy routines turn-around and issue another high level I/O, such as when MD turns around and issues a VOP_WRITE to vnode backing store, in order to avoid deadlocking the dirty buffer draining code.
Remove a vprintf() warning from MD when the backing vnode is found to be in-use. The syncer of buf_daemon could be flushing the backing vnode at the time of an MD operation so the warning is not correct.
MFC after: 1 week
|
85845 |
01-Nov-2001 |
rwatson |
o Update copyright dates. o Add reference to TrustedBSD Project in license header. o Update dated comments, including comment in extattr.h claiming that no file systems support extended attributes. o Improve comment consistency.
|
85581 |
27-Oct-2001 |
rwatson |
o Althought this is not specified in POSIX.1e, the UFS ACL implementation coerces the deletion of a default ACL on a directory when no default ACL EA is present to success. Because the UFS EA implementation doesn't disinguish the EA failure modes "that EA name has not been administratively enabled" from "that EA name has no defined data", there's a potential conflict in error return values. Normally, the lack of administratively configured EA support is coerced to EOPNOTSUPP to indicate that ACLs are not available; in this case, it is possible to get a successful return, even if ACLs are not available because EA support for them has not been enabled.
Expand the comment in ufs_setacl() to identify this case.
Obtained from: TrustedBSD Project
|
85580 |
27-Oct-2001 |
rwatson |
o Clarify a comment about the locking condition of the vnode upon exit from ufs_extattr_enable_with_open(). o Print auto-start notifications if (bootverbose). This was previously commented out since it didn't know how to check for bootverbose. o Drop in comments throughout indicating where ENOENT should be replaced with ENOATTR once that is available.
Obtained from: TrustedBSD Project
|
85579 |
27-Oct-2001 |
rwatson |
o The comment about ordering the destruction of the lock and the removal of the flag indicating that the structure was initialized didn't need an XXX, since it didn't need fixing.
Obtained from: TrustedBSD Project
|
85578 |
27-Oct-2001 |
rwatson |
o Wrap a number of long lines of code, many of which were introduced due to KSE-related (p) expansions.
Obtained from: TrustedBSD Project
|
85577 |
27-Oct-2001 |
rwatson |
Since namespace support was added to the UFS extended attribute implementation to replace single-character namespace prefixes, '$' is no longer an invalid attribute name, and the namespace is relevant to validity determination.
o Remove '$' case from ufs_extattr_valid_attrname() o Add attrnamespace argument to ufs_extattr_valid_attrname(), and fill out appropriately.
Currently no decisions are made based on the namespace argument, but may be in the future.
Obtained from: TrustedBSD Project
|
85512 |
25-Oct-2001 |
iedowse |
Default to not performing ufs_dirhash's extensive directory-block sanity check after every directory modification. This check can be re-enabled at any time by setting the sysctl "vfs.ufs.dirhash_docheck" to 1.
This group of sanity tests was there to ensure that any UFS_DIRHASH bugs could be caught by a panic before a potentially corrupted directory block would be written to disk. It has served its main purpose now, so disable it in the interest of performance.
MFC after: 1 week
|
85339 |
23-Oct-2001 |
dillon |
Change the vnode list under the mount point from a LIST to a TAILQ in preparation for an implementation of limiting code for kern.maxvnodes.
MFC after: 3 days
|
84827 |
11-Oct-2001 |
jhb |
Change the kernel's ucred API as follows: - crhold() returns a reference to the ucred whose refcount it bumps. - crcopy() now simply copies the credentials from one credential to another and has no return value. - a new crshared() primitive is added which returns true if a ucred's refcount is > 1 and false (0) otherwise.
|
84811 |
11-Oct-2001 |
jhb |
Add missing includes of sys/lock.h.
|
84642 |
08-Oct-2001 |
dillon |
Remove panics for rename() race conditions. The panics are inappropriate because the IN_RENAME flag only fixes a few of the huge number of race conditions that can result in the source path becoming invalid even prior to the VOP_RENAME() call. The panics created a serious security issue whereby an attacker could fairly easily cause the panic to occur, crashing the machine.
The correct solution requires a great deal of work in the namei path cache code.
MFC after: 0 days
|
84344 |
02-Oct-2001 |
dillon |
Backout the last commit. The problem is actually much worse then I first thought and may require serious work to the VOP_RENAME() api itself. Basically, by the time the VOP_RENAME() function is called, it's already too late.
|
84339 |
02-Oct-2001 |
dillon |
IN_RENAME should only be cleared by the routine that set it. This fixes a rename/rmdir race that has been shown to cause a panic.
Bug reported by: Yevgeniy Aleynikov <eugenea@infospace.com> MFC after: 3 days
|
83992 |
26-Sep-2001 |
rwatson |
o Re-enable support of system file flags in jail() by adding back the PRISON_ROOT to the suser_xxx() check. Since securelevels may now be raised in specific jails, use of system flags can still be restricted in jail(), but in a more configurable way. o Users of jail() expecting system flags (such as schg) to restrict jail()'s should be sure to set the securelevel appropriately in jail()'s. o This fixes activities involving automated system flag removal in jail(), including installkernel and friends.
Obtained from: TrustedBSD Project
|
83987 |
26-Sep-2001 |
rwatson |
o Modify ufs_setattr() so that it uses securelevel_gt() instead of direct variable access.
Obtained from: TrustedBSD Project
|
83924 |
25-Sep-2001 |
rwatson |
o Further clarify comment: ad Udo's request, re-insert the 'if' refering to securelevels; also, update the unprivileged process text to better indicate the scope of actions permittable when any system flags are already set (limited).
Submitted by: Udo Schweigert <udo.schweigert@siemens.com>
|
83918 |
25-Sep-2001 |
rwatson |
o Parallelize the comment on the relationship between privileged un-jailed processes and the actual securelevel check: make the comment use '> 0' instead of inverted '<= 0'.
|
83899 |
24-Sep-2001 |
iedowse |
The addition of i_dirhash to struct inode pushed RELENG_4's sizeof(struct inode) into a new malloc bucket on the i386. This didn't happen in -current due to the removal of i_lock, but it does no harm to apply the workaround to -current first.
Reduce the size of the i_spare[] array in struct inode from 4 to 3 entries, and change ext2fs to use i_din.di_spare[1] so that it does not need i_spare[3].
Reviewed by: bde MFC after: 3 days
|
83366 |
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
82770 |
01-Sep-2001 |
jedgar |
Use ACL_PERM_NONE instead of hardcoding 0 when initializing ACL entry permissions.
Reviewed by: rwatson
|
82395 |
27-Aug-2001 |
peter |
If a file has been completely unlinked, stop automatically syncing the file. ffs will discard any pending dirty pages when it is closed, so we may as well not waste time trying to clean them. This doesn't stop other things from writing it out, eg: pageout, fsync(2) etc.
|
82364 |
26-Aug-2001 |
iedowse |
Stop using dirhash when a directory is removed, and ensure that we never attempt to hash directories once they are deleted. This fixes a problem where operations on a deleted directory could trigger dirhash sanity panics.
|
82334 |
26-Aug-2001 |
iedowse |
When compacting directories, ufs_direnter() always trusted DIRSIZ() to supply the number of bytes to be bcopy()'d to move an entry. If d_ino == 0 however, DIRSIZ() is not guaranteed to return a sensible length, so ufs_direnter could end up corrupting a directory during compaction. In practice I believe this can only happen after fsck_ffs has fixed a previously-corrupted directory.
We now deal with any mid-block unused entries specially to avoid using DIRSIZ() or bcopy() on such entries. We also ensure that the variables 'dsize' and 'spacefree' contain meaningful values at all times. Add a few comments to describe better this intricate piece of code.
The special handling of mid-block unused entries makes the dirhash- specific bugfix in the previous revision (1.53) now uncecessary, so this change removes it.
Reviewed by: mckusick
|
82124 |
22-Aug-2001 |
iedowse |
When compressing directory blocks, the dirhash code didn't check that the directory entry was in use before attempting to find it in the hash structures to change its offset. Normally, unused entries do not need to be moved, but fsck can leave behind some unused entries that do. A dirhash sanity panic resulted when the entry to be moved was not found. Add a check that stops entries with d_ino == 0 from being passed to ufsdirhash_move().
|
81877 |
18-Aug-2001 |
peter |
Sigh. ufs_lookup() calls ffs_snapgone(), meaning that 'options EXT2FS' without 'options FFS' would fail to link.
|
80554 |
29-Jul-2001 |
iedowse |
Two recent commits in sys/ufs/ufs interacted badly with ext2fs because it shares ufs code. In ufs_fhtovp(), the test on i_effnlink is invalid because ext2fs does not maintain this field. In ufs_close(), i_effnlink is also tested, to determines whether or not to call vn_start_write(). The ufs_fhtovp issue breaks NFS exporting of ext2fs filesystems; I believe the other is harmless.
Fix both cases by checking um_i_effnlink_valid in the ufsmount struct, and use i_nlink if necessary.
Noticed by: bde Reviewed by: mckusick, bde
|
80456 |
27-Jul-2001 |
iedowse |
Disable the dirhash sanity check that panics if an unused directory entry (d_ino == 0) is found in a position that is not the start of a DIRBLKSIZ block.
While such entries cannot occur normally (ufs always extends the previous entry to cover the free space instead), they do not cause problems and fsck does not fix them, so panicking is bad.
|
79769 |
16-Jul-2001 |
peter |
Use a fixed type for times in on-disk structures for ufs rather than something that could potentially change like time_t.
|
79690 |
13-Jul-2001 |
iedowse |
Return a locked struct buf from ufsdirhash_lookup() to avoid one extra getblk/brelse sequence for each lookup. We already had this buf in ufsdirhash_lookup(), so there was no point in brelse'ing it only to have the caller immediately reaquire the same buffer.
This should make the case of sequential lookups marginally faster; in my tests, sequential lookups with dirhash enabled are now only around 1% slower than without dirhash.
|
79561 |
10-Jul-2001 |
iedowse |
Bring in dirhash, a simple hash-based lookup optimisation for large directories. When enabled via "options UFS_DIRHASH", in-core hash arrays are maintained for large directories. These allow all directory operations to take place quickly instead of requiring long linear searches. For now anyway, dirhash is not enabled by default.
The in-core hash arrays have a memory requirement that is approximately half the size of the size of the on-disk directory file. A number of new sysctl variables allow control over which directories get hashed and over the maximum amount of memory that dirhash will use:
vfs.ufs.dirhash_minsize The minimum on-disk directory size for which hashing should be used. The default is 2560 (2.5k).
vfs.ufs.dirhash_maxmem The system-wide maximum total memory to be used by dirhash data structures. The default is 2097152 (2MB).
The current amount of memory being used by dirhash is visible through the read-only sysctl variable vfs.ufs.dirhash_maxmem. Finally, some extra sanity checks that are enabled by default, but which may have an impact on performance, can be disabled by setting vfs.ufs.dirhash_docheck to 0.
Discussed on: -fs, -hackers
|
79224 |
04-Jul-2001 |
dillon |
With Alfred's permission, remove vm_mtx in favor of a fine-grained approach (this commit is just the first stage). Also add various GIANT_ macros to formalize the removal of Giant, making it easy to test in a more piecemeal fashion. These macros will allow us to test fine-grained locks to a degree before removing Giant, and also after, and to remove Giant in a piecemeal fashion via sysctl's on those subsystems which the authors believe can operate without Giant.
|
78912 |
28-Jun-2001 |
jhb |
- Fix a mntvnode and vnode interlock reversal. - Protect the mnt_vnode list with the mntvnode lock. - Use queue(9) macros.
|
77847 |
07-Jun-2001 |
tmm |
Call vn_close on the backing file vnode if ufs_extattr_enable failed to avoid leaking it.
Reviewed by: rwatson
|
77822 |
06-Jun-2001 |
jlemon |
Add a wrapper for the fifo kqfilter which falls through to the ufs routine. This permits the fifo to inherit the ufs VNODE kqfilter.
|
77762 |
05-Jun-2001 |
jlemon |
Add a kqueue filter for writing to ufs filesystems which always returns true. This permits better interoperability with programs which register filters on their stdin/stdout handles.
Submitted by: Niels Provos <provos@citi.umich.edu>
|
77437 |
29-May-2001 |
phk |
Remove last vestiges of MFS.
|
77190 |
25-May-2001 |
tmm |
Add a check to determine whether extended attributes have been initialized on the file system before trying to grab the lock of the per-mount extattr structure, as this lock is unitialized in that case. This is needed because ufs_extattr_vnode_inactive is called from ufs_inactive, which is also used by EA-unaware file systems such as ext2fs.
Reviewed by: rwatson
|
77183 |
25-May-2001 |
rwatson |
o Merge contents of struct pcred into struct ucred. Specifically, add the real uid, saved uid, real gid, and saved gid to ucred, as well as the pcred->pc_uidinfo, which was associated with the real uid, only rename it to cr_ruidinfo so as not to conflict with cr_uidinfo, which corresponds to the effective uid. o Remove p_cred from struct proc; add p_ucred to struct proc, replacing original macro that pointed. p->p_ucred to p->p_cred->pc_ucred. o Universally update code so that it makes use of ucred instead of pcred, p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo, cr_{r,sv}{u,g}id instead of p_*, etc. o Remove pcred0 and its initialization from init_main.c; initialize cr_ruidinfo there. o Restruction many credential modification chunks to always crdup while we figure out locking and optimizations; generally speaking, this means moving to a structure like this: newcred = crdup(oldcred); ... p->p_ucred = newcred; crfree(oldcred); It's not race-free, but better than nothing. There are also races in sys_process.c, all inter-process authorization, fork, exec, and exit. o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid; remove comments indicating that the old arrangement was a problem. o Restructure exec1() a little to use newcred/oldcred arrangement, and use improved uid management primitives. o Clean up exit1() so as to do less work in credential cleanup due to pcred removal. o Clean up fork1() so as to do less work in credential cleanup and allocation. o Clean up ktrcanset() to take into account changes, and move to using suser_xxx() instead of performing a direct uid==0 comparision. o Improve commenting in various kern_prot.c credential modification calls to better document current behavior. In a couple of places, current behavior is a little questionable and we need to check POSIX.1 to make sure it's "right". More commenting work still remains to be done. o Update credential management calls, such as crfree(), to take into account new ruidinfo reference. o Modify or add the following uid and gid helper routines: change_euid() change_egid() change_ruid() change_rgid() change_svuid() change_svgid() In each case, the call now acts on a credential not a process, and as such no longer requires more complicated process locking/etc. They now assume the caller will do any necessary allocation of an exclusive credential reference. Each is commented to document its reference requirements. o CANSIGIO() is simplified to require only credentials, not processes and pcreds. o Remove lots of (p_pcred==NULL) checks. o Add an XXX to authorization code in nfs_lock.c, since it's questionable, and needs to be considered carefully. o Simplify posix4 authorization code to require only credentials, not processes and pcreds. Note that this authorization, as well as CANSIGIO(), needs to be updated to use the p_cansignal() and p_cansched() centralized authorization routines, as they currently do not take into account some desirable restrictions that are handled by the centralized routines, as well as being inconsistent with other similar authorization instances. o Update libkvm to take these changes into account.
Obtained from: TrustedBSD Project Reviewed by: green, bde, jhb, freebsd-arch, freebsd-audit
|
77115 |
24-May-2001 |
dillon |
This patch implements O_DIRECT about 80% of the way. It takes a patchset Tor created a while ago, removes the raw I/O piece (that has cache coherency problems), and adds a buffer cache / VM freeing piece.
Essentially this patch causes O_DIRECT I/O to not be left in the cache, but does not prevent it from going through the cache, hence the 80%. For the last 20% we need a method by which the I/O can be issued directly to buffer supplied by the user process and bypass the buffer cache entirely, but still maintain cache coherency.
I also have the code working under -stable but the changes made to sys/file.h may not be MFCable, so an MFC is not on the table yet.
Submitted by: tegge, dillon
|
77037 |
23-May-2001 |
alfred |
ufs_bmaparray() may block on IO, drop vm mutex and aquire Giant when calling it from the pager routine
|
77031 |
23-May-2001 |
ru |
- FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file systems were repo-copied from sys/miscfs to sys/fs.
- Renamed the following file systems and their modules: fdesc -> fdescfs, portal -> portalfs, union -> unionfs.
- Renamed corresponding kernel options: FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.
- Install header files for the above file systems.
- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland Makefiles.
|
76827 |
19-May-2001 |
alfred |
Introduce a global lock for the vm subsystem (vm_mtx).
vm_mtx does not recurse and is required for most low level vm operations.
faults can not be taken without holding Giant.
Memory subsystems can now call the base page allocators safely.
Almost all atomic ops were removed as they are covered under the vm mutex.
Alpha and ia64 now need to catch up to i386's trap handlers.
FFS and NFS have been tested, other filesystems will need minor changes (grabbing the vm lock when twiddling page properties).
Reviewed (partially) by: jake, jhb
|
76724 |
17-May-2001 |
mckusick |
When a new block is allocated to a directory, an fsync of a file whose name is within that block must ensure not only that the block containing the file name has been written, but also that the on-disk directory inode references that block. When a new directory block is created, we allocate a newdirblk structure which is linked to the associated allocdirect (on its ad_newdirblk list). When the allocdirect has been satisfied, the newdirblk structure is moved to the inodedep id_bufwait list of its directory to await the inode being written. When the inode is written, the directory entries are fully committed and can be deleted from their pagedep->id_pendinghd and inodedep->id_pendinghd lists.
|
76557 |
13-May-2001 |
mckusick |
If the effective link count is zero when an NFS file handle request comes in for it, the file is really gone, so return ESTALE.
The problem arises when the last reference to an FFS file is released because soft-updates may delay the actual freeing of the inode for some time. Since there are no filesystem links or open file descriptors referencing the inode, from the point of view of the system, the file is inaccessible. However, if the filesystem is NFS exported, then the remote client can still access the inode via ufs_fhtovp() until the inode really goes away. To prevent this anomoly, it is necessary to begin returning ESTALE at the same time that the file ceases to be accessible to the local filesystem.
Obtained from: Ian Dowse <iedowse@maths.tcd.ie>
|
76357 |
08-May-2001 |
mckusick |
When running with soft updates, track the number of blocks and files that are committed to being freed and reflect these blocks in the counts returned by statfs (and thus also by the `df' command). This change allows programs such as those that do news expiration to know when to stop if they are trying to create a certain percentage of free space. Note that this change does not solve the much harder problem of making this to-be-freed space available to applications that want it (thus on a nearly full filesystem, you may still encounter out-of-space conditions even though the free space will show up eventually). Hopefully this harder problem will be the subject of a future enhancement.
|
76174 |
01-May-2001 |
phk |
Use ufs_bmaparray() rather than VOP_BMAP() on our own vnodes.
|
76167 |
01-May-2001 |
phk |
Implement vop_std{get|put}pages() and add them to the default vop[].
Un-copy&paste all the VOP_{GET|PUT}PAGES() functions which do nothing but the default.
|
76166 |
01-May-2001 |
markm |
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files.
Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files.
Sort sys/*.h includes where possible in affected files.
OK'ed by: bde (with reservations)
|
76132 |
29-Apr-2001 |
phk |
VOP_BALLOC was never really a VOP in the first place, so convert it to UFS_BALLOC like the other "between UFS and FFS function interfaces".
|
76129 |
29-Apr-2001 |
phk |
Call ufs_bmaparray() directly instead of indirectly via VOP_BMAP().
|
76128 |
29-Apr-2001 |
phk |
Remove two unused arguments from ufs_bmaparray().
|
76117 |
29-Apr-2001 |
grog |
Revert consequences of changes to mount.h, part 2.
Requested by: bde
|
75943 |
25-Apr-2001 |
mckusick |
When closing the last reference to an unlinked file, it is freed by the inactive routine. Because the freeing causes the filesystem to be modified, the close must be held up during periods when the filesystem is suspended.
For snapshots to be consistent across crashes, they must write blocks that they copy and claim those written blocks in their on-disk block pointers before the old blocks that they referenced can be allowed to be written.
Close a loophole that allowed unwritten blocks to be skipped when doing ffs_sync with a request to wait for all I/O activity to be completed.
|
75934 |
25-Apr-2001 |
phk |
Move the netexport structure from the fs-specific mountstructure to struct mount.
This makes the "struct netexport *" paramter to the vfs_export and vfs_checkexport interface unneeded.
Consequently that all non-stacking filesystems can use vfs_stdcheckexp().
At the same time, make it a pointer to a struct netexport in struct mount, so that we can remove the bogus AF_MAX and #include <net/radix.h> from <sys/mount.h>
|
75858 |
23-Apr-2001 |
grog |
Correct #includes to work with fixed sys/mount.h.
|
75571 |
17-Apr-2001 |
rwatson |
In my first reading of POSIX.1e, I misinterpreted handling of the ACL_USER_OBJ and ACL_GROUP_OBJ fields, believing that modification of the access ACL could be used by privileged processes to change file/directory ownership. In fact, this is incorrect; ACL_*_OBJ (+ ACL_MASK and ACL_OTHER) should have undefined ae_id fields; this commit attempts to correct that misunderstanding.
o Modify arguments to vaccess_acl_posix1e() to accept the uid and gid associated with the vnode, as those can no longer be extracted from the ACL passed as an argument. Perform all comparisons against the passed arguments. This actually has the effect of simplifying a number of components of this call, as well as reducing the indent level, but now seperates handling of ACL_GROUP_OBJ from ACL_GROUP.
o Modify acl_posix1e_check() to return EINVAL if the ae_id field of any of the ACL_{USER_OBJ,GROUP_OBJ,MASK,OTHER} entries is a value other than ACL_UNDEFINED_ID. As a temporary work-around to allow clean upgrades, set the ae_id field to ACL_UNDEFINED_ID before each check so that this cannot cause a failure in the short term (this work-around will be removed when the userland libraries and utilities are updated to take this change into account).
o Modify ufs_sync_acl_from_inode() so that it forces ACL_{USER_OBJ,GROUP_OBJ,MASK,OTHER} ae_id fields to ACL_UNDEFINED_ID when synchronizing the ACL from the inode.
o Modify ufs_sync_inode_from_acl to not propagate uid and gid information to the inode from the ACL during ACL update. Also modify the masking of permission bits that may be set from ALLPERMS to (S_IRWXU|S_IRWXG|S_IRWXO), as ACLs currently do not carry none-ACCESSPERMS (S_ISUID, S_ISGID, S_ISTXT).
o Modify ufs_getacl() so that when it emulates an access ACL from the inode, it initializes the ae_id fields to ACL_UNDEFINED_ID.
o Clean up ufs_setacl() substantially since it is no longer possible to perform chown/chgrp operations using vop_setacl(), so all the access control for that can be eliminated.
o Modify ufs_access() so that it passes owner uid and gid information into vaccess_acl_posix1e().
Pointed out by: jedger Obtained from: TrustedBSD Project
|
75138 |
03-Apr-2001 |
rwatson |
o Indent sub-section headings to be consistent with README.extattr.
Obtained from: TrustedBSD Project
|
75134 |
03-Apr-2001 |
rwatson |
o Introduce a README file describing briefly how to use access control lists, in the style of FFS README files for soft updates and snapshots.
Obtained from: TrustedBSD Project
|
75133 |
03-Apr-2001 |
rwatson |
o Introduce a README file describing briefly how to use extended attributes, in the style of FFS README files for soft updates and snapshots.
Obtained from: TrustedBSD Project
|
75106 |
03-Apr-2001 |
rwatson |
o Change the default from using IO_SYNC on EA set and delete operations to not using IO_SYNC. Expose a sysctl (debug.ufs_extattr_sync) for enabling the use of IO_SYNC.
- Use of IO_SYNC substantially degrades ACL performance when a default ACL is set on a directory, as there are four synchronous writes initiated to define both supporting EAs for new sub-directories, and to set the data; two for new files. Later, this may be optimized to two writes for sub-directories, one for new files.
- IO_SYNC does not substantially improve consistency properties due to the poor consistency properties of existing permissions (which ACLs are a superset of), due to interaction with soft updates, and due to differences in handling consistency for data and file system meta-data.
- In macro-benchmarks, this reduces the overhead of setting default ACLs down to the same overhead as enabling ACLs on a file system and not using them. Enabling ACLs still introduces a small overhead (I measure 7% on a -j 2 buildworld with pre-allocated EA backing store, but this is not rigorous testing, nor in any way optimized).
- The sysctl will probably change to another administration method (or at least, a better name) in the near future, but consistency properties of EAs are still being worked out. The toggle is defined right now to allow easier performance analysis and exploration of possible guarantees.
Obtained from: TrustedBSD Project
|
75077 |
02-Apr-2001 |
rwatson |
o Correct an ACL implementation bug that could result in a system panic under heavy use when default ACLs were bgin inherited by new files or directories. This is done by removing a bug in default ACL reading, and improving error handling for this failure case:
- Move the setting of the buffer length (len) variable to above the ACL type (ap->a_type) switch rather than having it only for ACL_TYPE_ACCESS. Otherwise, the len variable is unitialized in the ACL_TYPE_DEFAULT case, which generally worked right, but could result in failure.
- Add a check for a short/long read of the ACL_TYPE_DEFAULT type from the underlying EA, resulting in EPERM rather than passing a potentially corrupted ACL back to the caller (resulting "cleaner" failures if the EA is damaged: right now, the caller will almost always panic in the presence of a corrupted EA). This code is similar to code in the ACL_TYPE_ACCESS handling in the previous switch case.
- While I'm fixing this code, remove a redundant bzero() of the ACL reader buffer; it need only be initialized above the acl_type switch.
Obtained from: TrustedBSD Project
|
74822 |
26-Mar-2001 |
rwatson |
Introduce support for POSIX.1e ACLs on UFS-based file systems. This implementation is still experimental, and while fairly broadly tested, is not yet intended for production use. Support for POSIX.1e ACLs on UFS will not be MFC'd to RELENG_4.
This implementation works by providing implementations of VOP_[GS]ETACL() for FFS, as well as modifying the appropriate access control and file creation routines. In this implementation, ACLs are backed into extended attributes; the base ACL (owner, group, other) permissions remain in the inode for performance and compatibility reasons, so only the extended and default ACLs are placed in extended attributes. The logic for ACL evaluation is provided by the fs-independent kern/kern_acl.c.
o Introduce UFS_ACL, a compile-time configuration option that enables support for ACLs on FFS (and potentially other UFS-based file systems). o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which respectively get, set, and check the ACLs on the passed vnode. o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to maintain access control information between inode permissions and extended attribute data. o Modify ufs_access() to load a file access ACL and invoke vaccess_acl_posix1e() if ACLs are available on the file system o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly created directories and files, inheriting from the parent directory's default ACL. o Enable these new vnode operations and conditionally compiled code paths if UFS_ACL is defined.
A few notes:
o This implementation is fairly widely tested, but still should be considered experimental. o Currently, ACLs are not exported via NFS, instead, the summarizing file mode/etc from the inode is. This results in conservative protection behavior, similar to the behavior of ACL-nonaware programs acting locally. o It is possible that underlying binary data formats associated with this implementation may change. Consumers of the implementation should expect to find their local configuration obsoleted in the next few months, resulting in possible loss of ACL data during an upgrade. o The extended attributes interface and implementation is still undergoing modification to address portable interface concerns, as well as performance. o Many applications do not yet correctly handle ACLs. In general, due to the POSIX.1e ACL model, behavior of ACL-unaware applications will be conservative with respects to file protection; some caution is recommended. o Instructions for configuring and maintaining ACLs on UFS will be committed in the near future; in the mean time it is possible to reference the README included in the last UFS ACL distribution placed in the TrustedBSD web site:
http://www.TrustedBSD.org/downloads/
Substantial debugging, hardware, travel, or connectivity support for this project was provided by: BSDi, Safeport Network Services, and NAI Labs. Significant coding contributions were made by Chris Faulhaber. Additional support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.
Reviewed by: jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs Obtained from: TrustedBSD Project
|
74608 |
21-Mar-2001 |
rwatson |
o Remove an unnecessary debugging printf from ufs_extattr_lookup(), which resulted in the output of warning messages at boot if UFS_EXTATTR_AUTOSTART was enabled but ".attribute" and possible sub-directories weren't in a mounted MFS or UFS file systems.
Pointed out by: dcs Obtained from: TrustedBSD Project
|
74548 |
21-Mar-2001 |
mckusick |
Add kernel support for running fsck on active filesystems.
|
74437 |
19-Mar-2001 |
rwatson |
o Rename "namespace" argument to "attrnamespace" as namespace is a C++ reserved word.
Submitted by: jkh Obtained from: TrustedBSD Project
|
74433 |
19-Mar-2001 |
rwatson |
o Change options FFS_EXTATTR and options FFS_EXTATTR_AUTOSTART to options UFS_EXTATTR and UFS_EXTATTR_AUTOSTART respectively. This change reflects the fact that our EA support is implemented entirely at the UFS layer (modulo FFS start/stop/autostart hooks for mount and unmount events). This also better reflects the fact that [shortly] MFS will also support EAs, as well as possibly IFS.
o Consumers of the EA support in FFS are reminded that as a result, they must change kernel config files to reflect the new option names.
Obtained from: TrustedBSD Project
|
74404 |
18-Mar-2001 |
rwatson |
o Caused FFS_EXTATTR_AUTOSTART to scan two sub-directories of ".attribute" off of the file system root: "user" for user attributes, and "system" for system attributes. When the scan occurs, attribute backing files discovered in those directories will be started in the respective namespaces. This re-introduces support for auto-starting of user attributes, which was removed when the "$" prefix for system attributes was replaced with explicit namespacing.
For users of the TrustedBSD UFS POSIX.1e ACL code, you'll need to: mv ${FSROOT}/'$posix1e.acl_access' ${FSROOT}/system/posix1e.acl_access mv ${FSROOT}/'$posix1e.acl_default' ${FSROOT}/system/posix1e.acl_default
For users of the TrustedBSD POSIX.1e Capability code, you'll need to: mv ${FSROOT}/'$posix1e.cap' ${FSROOT}/system/posix1e.cap
For users of the TrustedBSD MAC code, you'll need to: mv ${FSROOT}/'$freebsd.mac' ${FSROOT}/system/freebsd.mac
Updated versions of relevant patches will be released in the near future.
Obtained from: TrustedBSD Project
|
74273 |
15-Mar-2001 |
rwatson |
o Change the API and ABI of the Extended Attribute kernel interfaces to introduce a new argument, "namespace", rather than relying on a first- character namespace indicator. This is in line with more recent thinking on EA interfaces on various mailing lists, including the posix1e, Linux acl-devel, and trustedbsd-discuss forums. Two namespaces are defined by default, EXTATTR_NAMESPACE_SYSTEM and EXTATTR_NAMESPACE_USER, where the primary distinction lies in the access control model: user EAs are accessible based on the normal MAC and DAC file/directory protections, and system attributes are limited to kernel-originated or appropriately privileged userland requests.
o These API changes occur at several levels: the namespace argument is introduced in the extattr_{get,set}_file() system call interfaces, at the vnode operation level in the vop_{get,set}extattr() interfaces, and in the UFS extended attribute implementation. Changes are also introduced in the VFS extattrctl() interface (system call, VFS, and UFS implementation), where the arguments are modified to include a namespace field, as well as modified to advoid direct access to userspace variables from below the VFS layer (in the style of recent changes to mount by adrian@FreeBSD.org). This required some cleanup and bug fixing regarding VFS locks and the VFS interface, as a vnode pointer may now be optionally submitted to the VFS_EXTATTRCTL() call. Updated documentation for the VFS interface will be committed shortly.
o In the near future, the auto-starting feature will be updated to search two sub-directories to the ".attribute" directory in appropriate file systems: "user" and "system" to locate attributes intended for those namespaces, as the single filename is no longer sufficient to indicate what namespace the attribute is intended for. Until this is committed, all attributes auto-started by UFS will be placed in the EXTATTR_NAMESPACE_SYSTEM namespace.
o The default POSIX.1e attribute names for ACLs and Capabilities have been updated to no longer include the '$' in their filename. As such, if you're using these features, you'll need to rename the attribute backing files to the same names without '$' symbols in front.
o Note that these changes will require changes in userland, which will be committed shortly. These include modifications to the extended attribute utilities, as well as to libutil for new namespace string conversion routines. Once the matching userland changes are committed, a buildworld is recommended to update all the necessary include files and verify that the kernel and userland environments are in sync. Note: If you do not use extended attributes (most people won't), upgrading is not imperative although since the system call API has changed, the new userland extended attribute code will no longer compile with old include files.
o Couple of minor cleanups while I'm there: make more code compilation conditional on FFS_EXTATTR, which should recover a bit of space on kernels running without EA's, as well as update copyright dates.
Obtained from: TrustedBSD Project
|
74256 |
14-Mar-2001 |
rwatson |
o In my merge, missed the one-line patch to ufs_vnops.c that removed the static prototype for ufs_readdir(). Note that ufs_readdir() was actually already non-static, the prototype was incorrect.
Submitted by: jedgar
|
74234 |
14-Mar-2001 |
rwatson |
o Implement "options FFS_EXTATTR_AUTOSTART", which depends on "options FFS_EXTATTR". When extended attribute auto-starting is enabled, FFS will scan the .attribute directory off of the root of each file system, as it is mounted. If .attribute exists, EA support will be started for the file system. If there are files in the directory, FFS will attempt to start them as attribute backing files for attributes baring the same name. All attributes are started before access to the file system is permitted, so this permits race-free enabling of attributes. For attributes backing support for security features, such as ACLs, MAC, Capabilities, this is vital, as it prevents the file system attributes from getting out of sync as a result of file system operations between mount-time and the enabling of the extended attribute. The userland extattrctl tool will still function exactly as previously. Files must be placed directly in .attribute, which must be directly off of the file system root: symbolic links are not permitted. FFS_EXTATTR will continue to be able to function without FFS_EXTATTR_AUTOSTART for sites that do not want/require auto-starting. If you're using the UFS_ACL code available from www.TrustedBSD.org, using FFS_EXTATTR_AUTOSTART is recommended.
o This support is implemented by adding an invocation of ufs_extattr_autostart() to ffs_mountfs(). In addition, several new supporting calls are introduced in ufs_extattr.c:
ufs_extattr_autostart(): start EAs on the specified mount ufs_extattr_lookup(): given a directory and filename, return the vnode for the file. ufs_extattr_enable_with_open(): invoke ufs_extattr_enable() after doing the equililent of vn_open() on the passed file. ufs_extattr_iterate_directory(): iterate over a directory, invoking ufs_extattr_lookup() and ufs_extattr_enable_with_open() on each entry.
o This feature is not widely tested, and therefore may contain bugs, caution is advised. Several changes are in the pipeline for this feature, including breaking out of EA namespaces into subdirectories of .attribute (this is waiting on the updated EA API), as well as a per-filesystem flag indicating whether or not EAs should be auto-started. This is required because administrators may not want .attribute auto-started on all file systems, especially if non-administrators have write access to the root of a file system.
Obtained from: TrustedBSD Project
|
73942 |
07-Mar-2001 |
mckusick |
Fixes to track snapshot copy-on-write checking in the specinfo structure rather than assuming that the device vnode would reside in the FFS filesystem (which is obviously a broken assumption with the device filesystem).
|
73929 |
07-Mar-2001 |
jhb |
Grab the process lock while calling psignal and before calling psignal.
|
72956 |
23-Feb-2001 |
jlemon |
Add a NOTE_REVOKE flag for vnodes, which is triggered from within vclean(). Use this to tell a filter attached to a vnode that the underlying vnode is no longer valid, by returning EV_EOF.
PR: kern/25309, kern/25206
|
72953 |
23-Feb-2001 |
jlemon |
Use correct list pointer when detaching knote from list.
|
72521 |
15-Feb-2001 |
jlemon |
Extend kqueue down to the device layer.
Backwards compatible approach suggested by: peter
|
72200 |
09-Feb-2001 |
bmilekic |
Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:
mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)
similarily, for releasing a lock, we now have:
mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument.
The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind.
Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two:
MTX_QUIET and MTX_NOSWITCH
The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers:
mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively.
Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case.
Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled.
Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those.
Finally, caught up to the interface changes in all sys code.
Contributors: jake, jhb, jasone (in no particular order)
|
72012 |
04-Feb-2001 |
phk |
Another round of the <sys/queue.h> FOREACH transmogriffer.
Created with: sed(1) Reviewed by: md5(1)
|
71999 |
04-Feb-2001 |
phk |
Mechanical change to use <sys/queue.h> macro API instead of fondling implementation details.
Created with: sed(1) Reviewed by: md5(1)
|
71998 |
04-Feb-2001 |
phk |
Use <sys/queue.h> macro API.
|
71993 |
04-Feb-2001 |
phk |
Remove a DIAGNOSTIC check which belongs in <sys/queue.h> if anyplace at all.
|
71976 |
04-Feb-2001 |
iedowse |
Extend the sanity checks in ufs_lookup to ensure that each directory entry fits within its DIRBLKSIZ block. The surrounding code is extremely fragile with respect to corruption of the directory entry 'd_reclen' field; if directory corruption occurs, it can blindly scan forward beyond the end of the filesystem block. Usually this results in a 'fault on nofault entry' panic.
Directory corruption is now much more likely to be detected, resulting in a 'ufs_dirbad' panic. If the filesystem is read-only, it will simply print a warning message, and skip the corrupted block.
Reviewed by: mckusick
|
71968 |
03-Feb-2001 |
iedowse |
Use the correct flags field when checking for a read-only filesystem in ufs_dirbad(). The mnt_stat.f_flags field is only updated by the syscalls *statfs and getfsstat, so mnt_flag should be used instead.
This only affects whether or not a panic is generated on detection of certain types of directory corruption.
Reviewed by: mckusick
|
71576 |
24-Jan-2001 |
jasone |
Convert all simplelocks to mutexes and remove the simplelock implementations.
|
70776 |
07-Jan-2001 |
rwatson |
o Commit reems of style(9) changes, whitespace improvements, and comment cleanups.
Obtained from: TrustedBSD Project
|
70774 |
07-Jan-2001 |
rwatson |
o Zero the ufs_extattr_header length field (not necessary, but not a bad idea either) in ufs_extattr_rm. o More completely fill out the local_aio structure when writing out the zero'd extended attribute in ufs_extattr_rm -- previoulsy, this worked fine, but probably should not have. This corrects extraneous warnings about inconsistent inodes following file deletion.
Reviewed by: jedgar
|
70773 |
07-Jan-2001 |
rwatson |
o Add an additional EA inconsistency reporting opportunity in ufs_extattr_rm. o Make both reporting locations report the function name where the inconsistency is discovered, as well as the inode number in question.
Reviewed by: jedgar
|
70767 |
07-Jan-2001 |
rwatson |
o Make call to ufs_extattr_rm() in ufs_extattr_vnode_inactive() use NULL as the credential, not 0, so as to make it more clear what's going on.
Obtained from: TrustedBSD Project
|
70764 |
07-Jan-2001 |
rwatson |
o Remove unnecessary sanity check involving requested offset of extended attribute read--the offset is required to be 0 by an earlier check, meaning that it will always be within the scope of the attribute data. This change should have no impact on executed code paths other than removing the unnecessary check: please report if any new failures start to occur as a result.
Obtained from: TrustedBSD Project
|
70374 |
26-Dec-2000 |
dillon |
This implements a better launder limiting solution. There was a solution in 4.2-REL which I ripped out in -stable and -current when implementing the low-memory handling solution. However, maxlaunder turns out to be the saving grace in certain very heavily loaded systems (e.g. newsreader box). The new algorithm limits the number of pages laundered in the first pageout daemon pass. If that is not sufficient then suceessive will be run without any limit.
Write I/O is now pipelined using two sysctls, vfs.lorunningspace and vfs.hirunningspace. This prevents excessive buffered writes in the disk queues which cause long (multi-second) delays for reads. It leads to more stable (less jerky) and generally faster I/O streaming to disk by allowing required read ops (e.g. for indirect blocks and such) to occur without interrupting the write stream, amoung other things.
NOTE: eventually, filesystem write I/O pipelining needs to be done on a per-device basis. At the moment it is globalized.
|
70183 |
19-Dec-2000 |
mckusick |
Several small but important fixes for snapshots:
1) Be more tolerant of missing snapshot files by only trying to decrement their reference count if they are registered as active.
2) Fix for snapshots of filesystems with block sizes larger than 8K (from Ollivier Robert <roberto@eurocontrol.fr>).
3) Fix to avoid losing last block in snapshot file when calculating blocks that need to be copied (from Don Coleman <coleman@coleman.org>).
|
70131 |
17-Dec-2000 |
dillon |
Avoid a data-consistency race between write() and mmap() by ensuring that newly allocated blocks are zerod. The race can occur even in the case where the write covers the entire block.
Reported by: Sven Berkvens <sven@berkvens.net>, Marc Olzheim <zlo@zlo.nu>
|
69967 |
13-Dec-2000 |
mckusick |
Preventing runaway kernel soft updates memory, take three. Previously, the syncer process was the only process in the system that could process the soft updates background work list. If enough other processes were adding requests to that list, it would eventually grow without bound. Because some of the work list requests require vnodes to be locked, it was not generally safe to let random processes process the work list while they already held vnodes locked. By adding a flag to the work list queue processing function to indicate whether the calling process could safely lock vnodes, it becomes possible to co-opt other processes into helping out with the work list. Now when the worklist gets too large, other processes can safely help out by picking off those work requests that can be handled without locking a vnode, leaving only the small number of requests requiring a vnode lock for the syncer process. With this change, it appears possible to keep even the nastiest workloads under control.
Submitted by: Paul Saab <ps@yahoo-inc.com>
|
69781 |
08-Dec-2000 |
dwmalone |
Convert more malloc+bzero to malloc+M_ZERO.
Submitted by: josh@zipperup.org Submitted by: Robert Drehmel <robd@gmx.net>
|
69686 |
06-Dec-2000 |
dillon |
Add necessary bwillwrite() in writev() entry point.
Deal with excessive dirty buffers when msync() syncs non-contiguous dirty buffers by checking for the case in UFS *before* checking for clusterability.
|
68885 |
18-Nov-2000 |
dillon |
Implement a low-memory deadlock solution.
Removed most of the hacks that were trying to deal with low-memory situations prior to now.
The new code is based on the concept that I/O must be able to function in a low memory situation. All major modules related to I/O (except networking) have been adjusted to allow allocation out of the system reserve memory pool. These modules now detect a low memory situation but rather then block they instead continue to operate, then return resources to the memory pool instead of cache them or leave them wired.
Code has been added to stall in a low-memory situation prior to a vnode being locked.
Thus situations where a process blocks in a low-memory condition while holding a locked vnode have been reduced to near nothing. Not only will I/O continue to operate, but many prior deadlock conditions simply no longer exist.
Implement a number of VFS/BIO fixes
(found by Ian): in biodone(), bogus-page replacement code, the loop was not properly incrementing loop variables prior to a continue statement. We do not believe this code can be hit anyway but we aren't taking any chances. We'll turn the whole section into a panic (as it already is in brelse()) after the release is rolled.
In biodone(), the foff calculation was incorrectly clamped to the iosize, causing the wrong foff to be calculated for pages in the case of an I/O error or biodone() called without initiating I/O. The problem always caused a panic before. Now it doesn't. The problem is mainly an issue with NFS.
Fixed casts for ~PAGE_MASK. This code worked properly before only because the calculations use signed arithmatic. Better to properly extend PAGE_MASK first before inverting it for the 64 bit masking op.
In brelse(), the bogus_page fixup code was improperly throwing away the original contents of 'm' when it did the j-loop to fix the bogus pages. The result was that it would potentially invalidate parts of the *WRONG* page(!), leading to corruption.
There may still be cases where a background bitmap write is being duplicated, causing potential corruption. We have identified a potentially serious bug related to this but the fix is still TBD. So instead this patch contains a KASSERT to detect the problem and panic the machine rather then continue to corrupt the filesystem. The problem does not occur very often.. it is very hard to reproduce, and it may or may not be the cause of the corruption people have reported.
Review by: (VFS/BIO: mckusick, Ian Dowse <iedowse@maths.tcd.ie>) Testing by: (VM/Deadlock) Paul Saab <ps@yahoo-inc.com>
|
68307 |
04-Nov-2000 |
bde |
Fixed breakage of mknod() in rev.1.48 of ext2_vnops.c and rev.1.126 of ufs_vnops.c:
1) i_ino was confused with i_number, so the inode number passed to VFS_VGET() was usually wrong (usually 0U). 2) ip was dereferenced after vgone() freed it, so the inode number passed to VFS_VGET() was sometimes not even wrong.
Bug (1) was usually fatal in ext2_mknod(), since ext2fs doesn't have space for inode 0 on the disk; ino_to_fsba() subtracts 1 from the inode number, so inode number 0U gives a way out of bounds array index. Bug(1) was usually harmless in ufs_mknod(); ino_to_fsba() doesn't subtract 1, and VFS_VGET() reads suitable garbage (all 0's?) from the disk for the invalid inode number 0U; ufs_mknod() returns a wrong vnode, but most callers just vput() it; the correct vnode is eventually obtained by an implicit VFS_VGET() just like it used to be.
Bug (2) usually doesn't happen.
|
68186 |
01-Nov-2000 |
eivind |
Give vop_mmap an untimely death. The opportunity to give it a timely death timed out in 1996.
|
68003 |
30-Oct-2000 |
phk |
Add a missing <sys/systm.h>
|
67893 |
29-Oct-2000 |
phk |
Move suser() and suser_xxx() prototypes and a related #define from <sys/proc.h> to <sys/systm.h>.
Correctly document the #includes needed in the manpage.
Add one now needed #include of <sys/systm.h>. Remove the consequent 48 unused #includes of <sys/proc.h>.
|
67882 |
29-Oct-2000 |
phk |
Remove unneeded #include <sys/proc.h> lines.
|
67309 |
19-Oct-2000 |
rwatson |
o Introduce new VOP_ACCESS() flag VADMIN, allowing file systems to perform "administrative" authorization checks. In most cases, the VADMIN test checks to make sure the credential effective uid is the same as the file owner. o Modify vaccess() to set VADMIN as an available right if the uid is appropriate. o Modify references to uid-based access control operations such that they now always invoke VOP_ACCESS() instead of using hard-coded policy checks. o This allows alternative UFS policies to be implemented by replacing only ufs_access() (such as mandatory system policies). o VOP_ACCESS() requires the caller to hold an exclusive vnode lock on the vnode: I believe that new invocations of VOP_ACCESS() are always called with the lock held. o Some direct checks of the uid remain, largely associated with the QUOTA and SUIDDIR code.
Reviewed by: eivind Obtained from: TrustedBSD Project
|
66893 |
09-Oct-2000 |
rwatson |
o Sanity check was inverted, resulting in a possible spurious panic during unmount if extended attributes were in use. Correct by removing an unneeded (and undesirable) '!'.
|
66616 |
04-Oct-2000 |
rwatson |
o Correct use of lockdestroy() by adding a new ufs_extattr_uepm_destroy() call, which should be the last thing down to a per-mount extattr management structure, after ufs_extattr_stop() on the file system. This currently has the effect only of destroying the per-mount lock on extended attributes, and clearing appropriate flags. o Remove inappropriate invocation in ufs_extattr_vnode_inactive().
|
66615 |
04-Oct-2000 |
jasone |
Convert lockmgr locks from using simple locks to using mutexes.
Add lockdestroy() and appropriate invocations, which corresponds to lockinit() and must be called to clean up after a lockmgr lock is no longer needed.
|
66355 |
25-Sep-2000 |
bp |
Add a lock structure to vnode structure. Previously it was either allocated separately (nfs, cd9660 etc) or keept as a first element of structure referenced by v_data pointer(ffs). Such organization leads to known problems with stacked filesystems.
From this point vop_no*lock*() functions maintain only interlock lock. vop_std*lock*() functions maintain built-in v_lock structure using lockmgr(). vop_sharedlock() is compatible with vop_stdunlock(), but maintains a shared lock on vnode.
If filesystem wishes to export lockmgr compatible lock, it can put an address of this lock to v_vnlock field. This indicates that the upper filesystem can take advantage of it and use single lock structure for entire (or part) of stack of vnodes. This field shouldn't be examined or modified by VFS code except for initialization purposes.
Reviewed in general by: mckusick
|
66041 |
18-Sep-2000 |
rwatson |
o Disallow privileged processes in jail() from directly accessing system namespace extended attributes. o Document privilege/jail() interaction relating to extended attributes.
Obtained from: TrustedBSD Project
|
66040 |
18-Sep-2000 |
rwatson |
o Allow privileged processes in jail() to override sticky bit behavior on directories. o Allow privileged processes in jail() to create inodes with the setgid bit set even if they are not a member of the group denoted by the file creation gid. This occurs due to inherited gid's from parent directories on file creation, allowing a user to create a file with a gid that is not in the creating process's credentials.
Obtained from: TrustedBSD Project
|
66039 |
18-Sep-2000 |
rwatson |
o Add a comment clarifying interaction between jail(), privileged processes, and UFS file flags. Here's what the comment says, for reference:
Privileged processes in jail() are permitted to modify arbitrary user flags on files, but are not permitted to modify system flags.
In other words, privilege does allow a process in jail to modify user flags for objects that the process does not own, but privilege will not permit the setting of system flags on the file.
Obtained from: TrustedBSD Project
|
66038 |
18-Sep-2000 |
rwatson |
o Add missing PRISON_ROOT allowing a privileged process in a jail() to not remove the setuid/setgid bits by virtue of a change to a file with those bits set, even if the process doesn't own the file, or isn't a group member of the file's gid.
Obtained from: TrustedBSD Project
|
66033 |
18-Sep-2000 |
rwatson |
o Substitute suser() calls for direct credential checks, which is now safe as suser() no longer sets ASU. o Note that in some cases, the PRISON_ROOT flag is used even though no process structure is passed, to indicate that if a process structure (and hence jail) was available, it would be ok. In the long run, the jail identifier should probably be moved to ucred, as the uidinfo information was. o Some uid 0 checks remain relating to the quota code, which I'll leave for another day.
Reviewed by: phk, eivind Obtained from: TrustedBSD Project
|
65973 |
17-Sep-2000 |
bp |
Add new flag PDIRUNLOCK to the component.cn_flags which should be set by filesystem lookup() routine if it unlocks parent directory. This flag should be carefully tracked by filesystems if they want to work properly with nullfs and other stacked filesystems.
VFS takes advantage of this flag to perform symantically correct usage of vrele() instead of vput() if parent directory already unlocked.
If filesystem fails to track this flag then previous codepath in VFS left unchanged.
Convert UFS code to set PDIRUNLOCK flag if necessary. Other filesystmes will be changed after some period of testing.
Reviewed in general by: mckusick, dillon, adrian Obtained from: NetBSD
|
65928 |
16-Sep-2000 |
phk |
Remove a pointless casting of a gid_t to a gid_t.
|
65768 |
12-Sep-2000 |
rwatson |
o Variety of extended attribute fixes - In ufs_extattr_enable(), return EEXIST instead of EOPNOTSUPP if the caller tries to configure an attribute name that is already configured - Throughout, add IO_NODELOCKED to VOP_{READ,WRITE} calls to indicate lock status of passed vnode. Apparently not a problem, but worth fixing. - For all writes, make use of IO_SYNC consistent. Really, IO_UNIT and combining of VOP_WRITE's should happen, but I don't have that tested. At least with this, it's consistent usage. (pointed out by: bde) - In ufs_extattr_get(), fixed nested locking of backing vnode (fine due to recursive lock support, but make it more consistent with other code) - In ufs_extattr_get(), clean up return code to set uio_resid more consistently with other pieces of code (worked fine, this is just a cleanup) - Fix ufs_extattr_rm(), which was broken--effectively a nop. - Minor comment and whitespace fixes.
Obtained from: TrustedBSD Project
|
65721 |
11-Sep-2000 |
jhb |
Fix a 64-bitism. Use size_t instead of int for 4th argument to copyinstr.
Approved by: rwatson
|
65557 |
07-Sep-2000 |
jasone |
Major update to the way synchronization is done in the kernel. Highlights include:
* Mutual exclusion is used instead of spl*(). See mutex(9). (Note: The alpha port is still in transition and currently uses both.)
* Per-CPU idle processes.
* Interrupts are run in their own separate kernel threads and can be preempted (i386 only).
Partially contributed by: BSDi (BSD/OS) Submissions by (at least): cp, dfr, dillon, grog, jake, jhb, sheldonh
|
65377 |
02-Sep-2000 |
rwatson |
Modify extended attribute protection model to authorize based on attribute namespace and DAC protection on file: - Attribute names beginning with '$' are in the system namespace - The attribute name "$" is reserved - System namespace attributes may only be read/set by suser() or by kernel (cred == NULL) - Other attribute names are in the application namespace - The attribute name "" is reserved - Application namespace attributes are protected in the manner of the target file permission
o Kernel changes - Add ufs_extattr_valid_attrname() to check whether the requested attribute "set" or "enable" is appropriate (i.e., non-reserved) - Modify ufs_extattr_credcheck() to accept target file vnode, not to take inode uid - Modify ufs_extattr_credcheck() to check namespace, then enforce either kernel/suser for system namespace, or vaccess() for application namespace o EA backing file format changes - Remove permission fields from extended attribute backing file header - Bump extended attribute backing file header version to 3 o Update extattrctl.c and extattrctl.8 - Remove now deprecated -r and -w arguments to initattr, as permissions are now implicit - (unrelated) fix error reporting and unlinking during failed initattr to remove duplicate/inaccurate error messages, and to only unlink if the failure wasn't in the backing file open()
Obtained from: TrustedBSD Project
|
65200 |
29-Aug-2000 |
rwatson |
o Restructure vaccess() so as to check for DAC permission to modify the object before falling back on privilege. Make vaccess() accept an additional optional argument, privused, to determine whether privilege was required for vaccess() to return 0. Add commented out capability checks for reference. Rename some variables to make it more clear which modes/uids/etc are associated with the object, and which with the access mode. o Update file system use of vaccess() to pass NULL as the optional privused argument. Once additional patches are applied, suser() will no longer set ASU, so privused will permit passing of privilege information up the stack to the caller.
Reviewed by: bde, green, phk, -security, others Obtained from: TrustedBSD Project
|
65119 |
26-Aug-2000 |
rwatson |
o Correct spelling of ufs_exttatr_find_attr -> ufs_extattr_find_attr o Add "const" qualifier to attrname argument of various calls to remove warnings
Obtained from: TrustedBSD Project
|
64865 |
20-Aug-2000 |
phk |
Centralize the canonical vop_access user/group/other check in vaccess().
Discussed with: bde
|
63976 |
28-Jul-2000 |
peter |
Minor tweak - removed unused variable 'struct mount *mp';
|
63897 |
26-Jul-2000 |
mckusick |
Clean up the snapshot code so that it no longer depends on the use of the SF_IMMUTABLE flag to prevent writing. Instead put in explicit checking for the SF_SNAPSHOT flag in the appropriate places. With this change, it is now possible to rename and link to snapshot files. It is also possible to set or clear any of the owner, group, or other read bits on the file, though none of the write or execute bits can be set. There is also an explicit test to prevent the setting or clearing of the SF_SNAPSHOT flag via chflags() or fchflags(). Note also that the modify time cannot be changed as it needs to accurately reflect the time that the snapshot was taken.
Submitted by: Robert Watson <rwatson@FreeBSD.org>
|
63788 |
24-Jul-2000 |
mckusick |
This patch corrects the first round of panics and hangs reported with the new snapshot code.
Update addaliasu to correctly implement the semantics of the old checkalias function. When a device vnode first comes into existence, check to see if an anonymous vnode for the same device was created at boot time by bdevvp(). If so, adopt the bdevvp vnode rather than creating a new vnode for the device. This corrects a problem which caused the kernel to panic when taking a snapshot of the root filesystem.
Change the calling convention of vn_write_suspend_wait() to be the same as vn_start_write().
Split out softdep_flushworklist() from softdep_flushfiles() so that it can be used to clear the work queue when suspending filesystem operations.
Access to buffers becomes recursive so that snapshots can recursively traverse their indirect blocks using ffs_copyonwrite() when checking for the need for copy on write when flushing one of their own indirect blocks. This eliminates a deadlock between the syncer daemon and a process taking a snapshot.
Ensure that softdep_process_worklist() can never block because of a snapshot being taken. This eliminates a problem with buffer starvation.
Cleanup change in ffs_sync() which did not synchronously wait when MNT_WAIT was specified. The result was an unclean filesystem panic when doing forcible unmount with heavy filesystem I/O in progress.
Return a zero'ed block when reading a block that was not in use at the time that a snapshot was taken. Normally, these blocks should never be read. However, the readahead code will occationally read them which can cause unexpected behavior.
Clean up the debugging code that ensures that no blocks be written on a filesystem while it is suspended. Snapshots must explicitly label the blocks that they are writing during the suspension so that they do not cause a `write on suspended filesystem' panic.
Reorganize ffs_copyonwrite() to eliminate a deadlock and also to prevent a race condition that would permit the same block to be copied twice. This change eliminates an unexpected soft updates inconsistency in fsck caused by the double allocation.
Use bqrelse rather than brelse for buffers that will be needed soon again by the snapshot code. This improves snapshot performance.
|
63099 |
14-Jul-2000 |
rwatson |
o Marius pointed out an unusually inconvenient upper bound on extended attribute data size. o Fortunately it turned out to be an unused constant left over from an earlier implementation, and is therefore being removed so as not to confuse casual observers.
Submitted by: mbendiks@eunet.no
|
62976 |
11-Jul-2000 |
mckusick |
Add snapshots to the fast filesystem. Most of the changes support the gating of system calls that cause modifications to the underlying filesystem. The gating can be enabled by any filesystem that needs to consistently suspend operations by adding the vop_stdgetwritemount to their set of vnops. Once gating is enabled, the function vfs_write_suspend stops all new write operations to a filesystem, allows any filesystem modifying system calls already in progress to complete, then sync's the filesystem to disk and returns. The function vfs_write_resume allows the suspended write operations to begin again. Gating is not added by default for all filesystems as for SMP systems it adds two extra locks to such critical kernel paths as the write system call. Thus, gating should only be added as needed.
Details on the use and current status of snapshots in FFS can be found in /sys/ufs/ffs/README.snapshot so for brevity and timelyness is not included here. Unless and until you create a snapshot file, these changes should have no effect on your system (famous last words).
|
62907 |
10-Jul-2000 |
phk |
Finish repo-copy:
Move ufs/ufs/ufs_disksubr.c to kern/subr_disklabel.c.
These functions are not UFS specific and are in fact used all over the place.
|
62550 |
04-Jul-2000 |
mckusick |
Move the truncation code out of vn_open and into the open system call after the acquisition of any advisory locks. This fix corrects a case in which a process tries to open a file with a non-blocking exclusive lock. Even if it fails to get the lock it would still truncate the file even though its open failed. With this change, the truncation is done only after the lock is successfully acquired.
Obtained from: BSD/OS
|
62148 |
27-Jun-2000 |
phk |
Move prtactive to vfs from ufs. It is used all over the place.
|
61281 |
05-Jun-2000 |
rwatson |
o Remove unneeded off_t variable to clean up compile warning
Obtained from: TrustedBSD Project
|
60938 |
26-May-2000 |
jake |
Back out the previous change to the queue(3) interface. It was not discussed and should probably not happen.
Requested by: msmith and others
|
60833 |
23-May-2000 |
jake |
Change the way that the queue(3) structures are declared; don't assume that the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk Reviewed by: phk Approved by: mdodd
|
60041 |
05-May-2000 |
phk |
Separate the struct bio related stuff out of <sys/buf.h> into <sys/bio.h>.
<sys/bio.h> is now a prerequisite for <sys/buf.h> but it shall not be made a nested include according to bdes teachings on the subject of nested includes.
Diskdrivers and similar stuff below specfs::strategy() should no longer need to include <sys/buf.> unless they need caching of data.
Still a few bogus uses of struct buf to track down.
Repocopy by: peter
|
59913 |
03-May-2000 |
rwatson |
Don't allow VOP_GETEXTATTR to set uio->uio_offset != 0, as we don't provide locking over extended attribute operations, requiring that individual operations be atomic. Allowing non-zero starting offsets permits applications/etc to put themselves at risk for inconsistent behavior. As VOP_SETEXTATTR already prohibited non-zero write offsets, this makes sense.
Suggested by: Andreas Gruenbacher <a.gruenbacher@bestbits.at>
|
59794 |
30-Apr-2000 |
phk |
Remove unneeded #include <vm/vm_zone.h>
Generated by: src/tools/tools/kerninclude
|
59762 |
29-Apr-2000 |
phk |
s/biowait/bufwait/g
Prodded by: several.
|
59721 |
28-Apr-2000 |
mckusick |
When files are given to users by root, the quota system failed to reset their grace timer as their ownership crossed the soft limit threshhold. Thus if they had been over their limit in the past, they were suddenly penalized as if they had been over their limit ever since. The fix is to check when root gives away files, that when the receiving user crosses their soft limit, their grace timer is reset. See the PR report for a detailed method of reproducing the bug.
PR: kern/17128 Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> Reviewed by: Kirk McKusick <mckusick@mckusick.com>
|
59400 |
19-Apr-2000 |
rwatson |
o Introduce an extended attribute backing file header magic number o Introduce an extended attribute backing file header version number
|
59391 |
19-Apr-2000 |
phk |
Remove ~25 unneeded #include <sys/conf.h> Remove ~60 unneeded #include <sys/malloc.h>
|
59388 |
19-Apr-2000 |
rwatson |
o Cause attribute data writes to use IO_SYNC since this improves the chances of consistency with other file/directory meta-data in a write. In the current set of extended attribute applications, this does not hurt much. This should be discussed again later when it comes time to optimize performance of attributes.
o Include an inode generation number in the per-attribute header information. This allows consistency verification to catch when a crash occurs, or an inode is recycled while attributes are not properly configured. For now, an irritating error message is displayed when an inconsistency occurs. At some point, may introduce an ``extattrctl check ...'' which catches these before attributes are enabled. Not today. If you get this message, it means you somehow managed to get your attribute backing file out of synch with the file system. When this occurs, attribute not found is returned (== undefined). Writes will overwrite the value there correcting the problem. Might want to think about introducing a new errno or two to handle this kind of situation.
Discussed with: kris
|
59363 |
18-Apr-2000 |
phk |
Retire bufqdisksort(), all drivers use bioqdisksort now.
|
59308 |
17-Apr-2000 |
jlemon |
Remove unneeded cast.
|
59289 |
16-Apr-2000 |
jlemon |
Replace the POLLEXTEND extensions with the kqueue() mechanism.
|
59268 |
16-Apr-2000 |
rwatson |
Fix two bugs in extended attribute support for UFS/FFS:
o Put back in {} removed during over-zealous cleanup of gratuitous debugging output during preparation for the commit. Due to the missing {}, writes on extended attributes always silently failed. Doh.
o Don't unlock the target vnode if it's the backing vnode, as we don't lock the target vnode if it's the backing vnode.
|
59249 |
15-Apr-2000 |
phk |
Complete the bio/buf divorce for all code below devfs::strategy
Exceptions: Vinum untouched. This means that it cannot be compiled. Greg Lehey is on the case.
CCD not converted yet, casts to struct buf (still safe)
atapi-cd casts to struct buf to examine B_PHYS
|
59241 |
15-Apr-2000 |
rwatson |
Introduce extended attribute support for FFS, allowing arbitrary (name, value) pairs to be associated with inodes. This support is used for ACLs, MAC labels, and Capabilities in the TrustedBSD security extensions, which are currently under development.
In this implementation, attributes are backed to data vnodes in the style of the quota support in FFS. Support for FFS extended attributes may be enabled using the FFS_EXTATTR kernel option (disabled by default). Userland utilities and man pages will be committed in the next batch. VFS interfaces and man pages have been in the repo since 4.0-RELEASE and are unchanged.
o ufs/ufs/extattr.h: UFS-specific extattr defines o ufs/ufs/ufs_extattr.c: bulk of support routines o ufs/{ufs,ffs,mfs}/*.[ch]: hooks and extattr.h includes o contrib/softupdates/ffs_softdep.c: extattr.h includes o conf/options, conf/files, i386/conf/LINT: added FFS_EXTATTR
o coda/coda_vfsops.c: XXX required extattr.h due to ufsmount.h (This should not be the case, and will be fixed in a future commit)
Currently attributes are not supported in MFS. This will be fixed.
Reviewed by: adrian, bp, freebsd-fs, other unthanked souls Obtained from: TrustedBSD Project
|
58942 |
02-Apr-2000 |
phk |
Clone bio versions of certain bits of infrastructure: devstat_end_transaction_bio() bioq_* versions of bufq_* incl bioqdisksort() the corresponding "buf" versions will disappear when no longer used.
Move b_offset, b_data and b_bcount to struct bio.
Add BIO_FORMAT as a hack for fd.c etc.
We are now largely ready to start converting drivers to use struct bio instead of struct buf.
|
58934 |
02-Apr-2000 |
phk |
Move B_ERROR flag to b_ioflags and call it BIO_ERROR.
(Much of this done by script)
Move B_ORDERED flag to b_ioflags and call it BIO_ORDERED.
Move b_pblkno and b_iodone_chain to struct bio while we transition, they will be obsoleted once bio structs chain/stack.
Add bio_queue field for struct bio aware disksort.
Address a lot of stylistic issues brought up by bde.
|
58909 |
02-Apr-2000 |
dillon |
Change the write-behind code to take more care when starting async I/O's. The sequential read heuristic has been extended to cover writes as well. We continue to call cluster_write() normally, thus blocks in the file will still be reallocated for large (but still random) I/O's, but I/O will only be initiated for truely sequential writes.
This solves a number of annoying situations, especially with DBM (hash method) writes, and also has the side effect of fixing a number of (stupid) benchmarks.
Reviewed-by: mckusick
|
58365 |
20-Mar-2000 |
phk |
diff, patch and cvs didn't like these three last time around, try again.
|
58349 |
20-Mar-2000 |
phk |
Rename the existing BUF_STRATEGY() to DEV_STRATEGY()
substitute BUF_WRITE(foo) for VOP_BWRITE(foo->b_vp, foo)
substitute BUF_STRATEGY(foo) for VOP_STRATEGY(foo->b_vp, foo)
This patch is machine generated except for the ccd.c and buf.h parts.
|
58345 |
20-Mar-2000 |
phk |
Remove B_READ, B_WRITE and B_FREEBUF and replace them with a new field in struct buf: b_iocmd. The b_iocmd is enforced to have exactly one bit set.
B_WRITE was bogusly defined as zero giving rise to obvious coding mistakes.
Also eliminate the redundant struct buf flag B_CALL, it can just as efficiently be done by comparing b_iodone to NULL.
Should you get a panic or drop into the debugger, complaining about "b_iocmd", don't continue. It is likely to write on your disk where it should have been reading.
This change is a step in the direction towards a stackable BIO capability.
A lot of this patch were machine generated (Thanks to style(9) compliance!)
Vinum users: Greg has not had time to test this yet, be careful.
|
58088 |
15-Mar-2000 |
mckusick |
Bug fixes for currently harmless bugs that could rise to bite the unwary if the code were called in slightly different ways.
1) In ufs_bmaparray() the code for calculating 'runb' will stop one block short of the first entry in an indirect block. i.e. if an indirect block contains N block numbers b[0]..b[N-1] then the code will never check if b[0] and b[1] are sequential. For reference, compare with the equivalent code that deals with direct blocks.
2) In ufs_lookup() there is an off-by-one error in the test that checks if dp->i_diroff is outside the range of the the current directory size. This is completely harmless, since the following while-loop condition 'dp->i_offset < endsearch' is never met, so the code immediately does a second pass starting at dp->i_offset = 0.
3) Again in ufs_lookup(), the condition in a sanity check is wrong for directories that are longer than one block. This bug means that the sanity check is only effective for small directories.
Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
|
57869 |
09-Mar-2000 |
dillon |
In the 'found' case for ufs_lookup() the underlying bp's data was being accessed after the bp had been releaed. A simple move of the brelse() solves the problem.
Approved by: jkh Submitted by: Ian Dowse <iedowse@maths.tcd.ie>
|
57387 |
22-Feb-2000 |
rwatson |
After much consulting with bde, concluded that this fix was the best fix to the current jail/chflags interactions. This fix conditionalizes ``root behavior'' in the chflags() case on not being in jail, so attempts to perform a chflags in a jail are limited to what a normal user could do. For example, this does allow setting of user flags as appropriate, but prohibits changing of system flags.
Reviewed by: bde
|
57347 |
20-Feb-2000 |
rwatson |
Disable chflags() from within jail() so that root within jail can't make a mess in securelevel environments. Results in one warning during /etc/rc as it attempts to remove file flags, but this is harmless.
Approved by: High Lord Hubbard
|
55697 |
10-Jan-2000 |
mckusick |
Several performance improvements for soft updates have been added: 1) Fastpath deletions. When a file is being deleted, check to see if it was so recently created that its inode has not yet been written to disk. If so, the delete can proceed to immediately free the inode. 2) Background writes: No file or block allocations can be done while the bitmap is being written to disk. To avoid these stalls, the bitmap is copied to another buffer which is written thus leaving the original available for futher allocations. 3) Link count tracking. Constantly track the difference in i_effnlink and i_nlink so that inodes that have had no change other than i_effnlink need not be written. 4) Identify buffers with rollback dependencies so that the buffer flushing daemon can choose to skip over them.
|
55206 |
29-Dec-1999 |
peter |
Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL" is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
|
54655 |
15-Dec-1999 |
eivind |
Introduce NDFREE (and remove VOP_ABORTOP)
|
53131 |
13-Nov-1999 |
eivind |
Remove WILLRELE from VOP_SYMLINK
Note: Previous commit to these files (except coda_vnops and devfs_vnops) that claimed to remove WILLRELE from VOP_RENAME actually removed it from VOP_MKNOD.
|
53101 |
12-Nov-1999 |
eivind |
Remove WILLRELE from VOP_RENAME
|
52838 |
03-Nov-1999 |
bde |
Quick fix for breakage of ext2fs link counts as reported by stat(2) by the soft updates changes: only report the link count to be i_effnlink in ufs_getattr() for file systems that maintain i_effnlink.
Tested by: Mike Dracopoulos <mdraco@math.uoa.gr>
|
52641 |
30-Oct-1999 |
dillon |
Add sysctl debug.dircheck to allow directory sanity checking to be turned on with a sysctl.
Fix two bugs in ufs_lookup that can cause deadlocks due to out-of-order locking. This fix was tested for a few days prior to commit.
|
51797 |
29-Sep-1999 |
phk |
Remove v_maxio from struct vnode.
Replace it with mnt_iosize_max in struct mount.
Nits from: bde
|
51486 |
20-Sep-1999 |
dillon |
More removals of vnode->v_lastr, replaced by preexisting seqcount heuristic to detect sequential operation.
VM-related forced clustering code removed from ufs in preparation for a commit to vm/vm_fault.c that does it more generally.
Reviewed by: David Greenman <dg@root.com>, Alan Cox <alc@cs.rice.edu>
|
51483 |
20-Sep-1999 |
phk |
Fix a harmless bug I introduced, simplify a bit more while here.
|
51479 |
20-Sep-1999 |
phk |
Step one of replacing devsw->d_maxio with si_bsize_max.
Rename dev->si_bsize_max to si_iosize_max and set it in spec_open if the device didn't.
Set vp->v_maxio from dev->si_bsize_max in spec_open rather than in ufs_bmap.c
|
51226 |
13-Sep-1999 |
bde |
Removed diskerr()'s unused d_name arg and updated callers. This fixes warnings caused by the arg having the wrong type (not const enough). The arg was also wrong (a full name instead of a short one) for calls from from subr_diskmbr.c and pc98/diskslice_machdep.c.
|
51138 |
11-Sep-1999 |
alfred |
Seperate the export check in VFS_FHTOVP, exports are now checked via VFS_CHECKEXP.
Add fh(open|stat|stafs) syscalls to allow userland to query filesystems based on (network) filehandle.
Obtained from: NetBSD
|
50521 |
28-Aug-1999 |
phk |
remove unused variables.
|
50511 |
28-Aug-1999 |
phk |
We don't need to pass the diskname argument all over the diskslice/label code, we can find the name from any convenient dev_t
|
50477 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
50405 |
26-Aug-1999 |
phk |
Simplify the handling of VCHR and VBLK vnodes using the new dev_t:
Make the alias list a SLIST.
Drop the "fast recycling" optimization of vnodes (including the returning of a prexisting but stale vnode from checkalias). It doesn't buy us anything now that we don't hardlimit vnodes anymore.
Rename checkalias2() and checkalias() to addalias() and addaliasu() - which takes dev_t and udev_t arg respectively.
Make the revoke syscalls use vcount() instead of VALIASED.
Remove VALIASED flag, we don't need it now and it is faster to traverse the much shorter lists than to maintain the flag.
vfs_mountedon() can check the dev_t directly, all the vnodes point to the same one.
Print the devicename in specfs/vprint().
Remove a couple of stale LFS vnode flags.
Remove unimplemented/unused LK_DRAINED;
|
50253 |
23-Aug-1999 |
bde |
Use devtoname() to print dev_t's instead of casting them to long or u_long for misprinting in %lx format.
|
50137 |
22-Aug-1999 |
jdp |
Support full-precision file timestamps. Until now, only the seconds have been maintained, and that is still the default. A new sysctl variable "vfs.timestamp_precision" can be used to enable higher levels of precision:
0 = seconds only; nanoseconds zeroed (default). 1 = seconds and nanoseconds, accurate within 1/HZ. 2 = seconds and nanoseconds, truncated to microseconds. >=3 = seconds and nanoseconds, maximum precision.
Level 1 uses getnanotime(), which is fast but can be wrong by up to 1/HZ. Level 2 uses microtime(). It might be desirable for consistency with utimes() and friends, which take timeval structures rather than timespecs. Level 3 uses nanotime() for the higest precision.
I benchmarked levels 0, 1, and 3 by copying a 550 MB tree with "cpio -pdu". There was almost negligible difference in the system times -- much less than 1%, and less than the variation among multiple runs at the same level. Bruce Evans dreamed up a torture test involving 1-byte reads with intervening fstat() calls, but the cpio test seems more realistic to me.
This feature is currently implemented only for the UFS (FFS and MFS) filesystems. But I think it should be easy to support it in the others as well.
An earlier version of this was reviewed by Bruce. He's not to blame for any breakage I've introduced since then.
Reviewed by: bde (an earlier version of the code)
|
49945 |
17-Aug-1999 |
alc |
Add the (inline) function vm_page_undirty for clearing the dirty bitmask of a vm_page.
Use it.
Submitted by: dillon
|
49771 |
14-Aug-1999 |
phk |
Spring cleaning around strategy and disklabels/slices:
Introduce BUF_STRATEGY(struct buf *, int flag) macro, and use it throughout. please see comment in sys/conf.h about the flag argument.
Remove strategy argument from all the diskslice/label/bad144 implementations, it should be found from the dev_t.
Remove bogus and unused strategy1 routines.
Remove open/close arguments from dssize(). Pick them up from dev_t.
Remove unused and unfinished setgeom support from diskslice/label/bad144 code.
|
49682 |
13-Aug-1999 |
phk |
Move the special-casing of stat(2)->st_blksize for device files from UFS to the generic level. For chr/blk devices we don't care about the blocksize of the filesystem, we want what the device asked for.
|
49679 |
13-Aug-1999 |
phk |
The bdevsw() and cdevsw() are now identical, so kill the former.
|
49678 |
13-Aug-1999 |
phk |
s/v_specinfo/v_rdev/
|
49535 |
08-Aug-1999 |
phk |
Decommision miscfs/specfs/specdev.h. Most of it goes into <sys/conf.h>, a few lines into <sys/vnode.h>.
Add a few fields to struct specinfo, paving the way for the fun part.
|
49338 |
01-Aug-1999 |
alc |
Move the memory access behavior information provided by madvise from the vm_object to the vm_map.
Submitted by: dillon
|
49073 |
25-Jul-1999 |
bde |
Fixed access timestamp bugs:
Set IN_ACCESS for successful reads of 0 bytes (except for requests to read 0 bytes). This was broken in rev.1.42. PR: misc/10148
Don't set IN_ACCESS for requests to read 0 bytes.
Don't set IN_ACCESS for unsuccessful reads.
|
48801 |
13-Jul-1999 |
mckusick |
Create the macro DOINGASYNC to check whether the MNT_ASYNC flag has been set for a mount point. Insert missing checks to ensure that all write operations are done asynchronously when the MNT_ASYNC option has been requested.
Submitted by: Craig A Soules <soules+@andrew.cmu.edu> Reviewed by: Kirk McKusick <mckusick@mckusick.com>
|
48677 |
08-Jul-1999 |
mckusick |
These changes appear to give us benefits with both small (32MB) and large (1G) memory machine configurations. I was able to run 'dbench 32' on a 32MB system without bring the machine to a grinding halt.
* buffer cache hash table now dynamically allocated. This will have no effect on memory consumption for smaller systems and will help scale the buffer cache for larger systems.
* minor enhancement to pmap_clearbit(). I noticed that all the calls to it used constant arguments. Making it an inline allows the constants to propogate to deeper inlines and should produce better code.
* removal of inherent vfs_ioopt support through the emplacement of appropriate #ifdef's, with John's permission. If we do not find a use for it by the end of the year we will remove it entirely.
* removal of getnewbufloops* counters & sysctl's - no longer necessary for debugging, getnewbuf() is now optimal.
* buffer hash table functions removed from sys/buf.h and localized to vfs_bio.c
* VFS_BIO_NEED_DIRTYFLUSH flag and support code added ( bwillwrite() ), allowing processes to block when too many dirty buffers are present in the system.
* removal of a softdep test in bdwrite() that is no longer necessary now that bdwrite() no longer attempts to flush dirty buffers.
* slight optimization added to bqrelse() - there is no reason to test for available buffer space on B_DELWRI buffers.
* addition of reverse-scanning code to vfs_bio_awrite(). vfs_bio_awrite() will attempt to locate clusterable areas in both the forward and reverse direction relative to the offset of the buffer passed to it. This will probably not make much of a difference now, but I believe we will start to rely on it heavily in the future if we decide to shift some of the burden of the clustering closer to the actual I/O initiation.
* Removal of the newbufcnt and lastnewbuf counters that Kirk added. They do not fix any race conditions that haven't already been fixed by the gbincore() test done after the only call to getnewbuf(). getnewbuf() is a static, so there is no chance of it being misused by other modules. ( Unless Kirk can think of a specific thing that this code fixes. I went through it very carefully and didn't see anything ).
* removal of VOP_ISLOCKED() check in flushbufqueues(). I do not think this check is necessary, the buffer should flush properly whether the vnode is locked or not. ( yes? ).
* removal of extra arguments passed to getnewbuf() that are not necessary.
* missed cluster_wbuild() that had to be a cluster_wbuild_wb() in vfs_cluster.c
* vn_write() now calls bwillwrite() *PRIOR* to locking the vnode, which should greatly aid flushing operations in heavy load situations - both the pageout and update daemons will be able to operate more efficiently.
* removal of b_usecount. We may add it back in later but for now it is useless. Prior implementations of the buffer cache never had enough buffers for it to be useful, and current implementations which make more buffers available might not benefit relative to the amount of sophistication required to implement a b_usecount. Straight LRU should work just as well, especially when most things are VMIO backed. I expect that (even though John will not like this assumption) directories will become VMIO backed some point soon.
Submitted by: Matthew Dillon <dillon@backplane.com> Reviewed by: Kirk McKusick <mckusick@mckusick.com>
|
48225 |
26-Jun-1999 |
mckusick |
Convert buffer locking from using the B_BUSY and B_WANTED flags to using lockmgr locks. This commit should be functionally equivalent to the old semantics. That is, all buffer locking is done with LK_EXCLUSIVE requests. Changes to take advantage of LK_SHARED and LK_RECURSIVE will be done in future commits.
|
47964 |
16-Jun-1999 |
mckusick |
Add a vnode argument to VOP_BWRITE to get rid of the last vnode operator special case. Delete special case code from vnode_if.sh, vnode_if.src, umap_vnops.c, and null_vnops.c.
|
47028 |
11-May-1999 |
phk |
Divorce "dev_t" from the "major|minor" bitmap, which is now called udev_t in the kernel but still called dev_t in userland.
Provide functions to manipulate both types: major() umajor() minor() uminor() makedev() umakedev() dev2udev() udev2dev()
For now they're functions, they will become in-line functions after one of the next two steps in this process.
Return major/minor/makedev to macro-hood for userland.
Register a name in cdevsw[] for the "filedescriptor" driver.
In the kernel the udev_t appears in places where we have the major/minor number combination, (ie: a potential device: we may not have the driver nor the device), like in inodes, vattr, cdevsw registration and so on, whereas the dev_t appears where we carry around a reference to a actual device.
In the future the cdevsw and the aliased-from vnode will be hung directly from the dev_t, along with up to two softc pointers for the device driver and a few houskeeping bits. This will essentially replace the current "alias" check code (same buck, bigger bang).
A little stunt has been provided to try to catch places where the wrong type is being used (dev_t vs udev_t), if you see something not working, #undef DEVT_FASCIST in kern/kern_conf.c and see if it makes a difference. If it does, please try to track it down (many hands make light work) or at least try to reproduce it as simply as possible, and describe how to do that.
Without DEVT_FASCIST I belive this patch is a no-op.
Stylistic/posixoid comments about the userland view of the <sys/*.h> files welcome now, from userland they now contain the end result.
Next planned step: make all dev_t's refer to the same devsw[] which means convert BLK's to CHR's at the perimeter of the vnodes and other places where they enter the game (bootdev, mknod, sysctl).
|
46676 |
08-May-1999 |
phk |
I got tired of seeing all the cdevsw[major(foo)] all over the place.
Made a new (inline) function devsw(dev_t dev) and substituted it.
Changed to the BDEV variant to this format as well: bdevsw(dev_t dev)
DEVFS will eventually benefit from this change too.
|
46635 |
07-May-1999 |
phk |
Continue where Julian left off in July 1998:
Virtualize bdevsw[] from cdevsw. bdevsw() is now an (inline) function.
Join CDEV_MODULE and BDEV_MODULE to DEV_MODULE (please pay attention to the order of the cmaj/bmaj arguments!)
Join CDEV_DRIVER_MODULE and BDEV_DRIVER_MODULE to DEV_DRIVER_MODULE (ditto!)
(Next step will be to convert all bdev dev_t's to cdev dev_t's before they get to do any damage^H^H^H^H^H^Hwork in the kernel.)
|
46349 |
02-May-1999 |
alc |
The VFS/BIO subsystem contained a number of hacks in order to optimize piecemeal, middle-of-file writes for NFS. These hacks have caused no end of trouble, especially when combined with mmap(). I've removed them. Instead, NFS will issue a read-before-write to fully instantiate the struct buf containing the write. NFS does, however, optimize piecemeal appends to files. For most common file operations, you will not notice the difference. The sole remaining fragment in the VFS/BIO system is b_dirtyoff/end, which NFS uses to avoid cache coherency issues with read-merge-write style operations. NFS also optimizes the write-covers-entire-buffer case by avoiding the read-before-write. There is quite a bit of room for further optimization in these areas.
The VM system marks pages fully-valid (AKA vm_page_t->valid = VM_PAGE_BITS_ALL) in several places, most noteably in vm_fault. This is not correct operation. The vm_pager_get_pages() code is now responsible for marking VM pages all-valid. A number of VM helper routines have been added to aid in zeroing-out the invalid portions of a VM page prior to the page being marked all-valid. This operation is necessary to properly support mmap(). The zeroing occurs most often when dealing with file-EOF situations. Several bugs have been fixed in the NFS subsystem, including bits handling file and directory EOF situations and buf->b_flags consistancy issues relating to clearing B_ERROR & B_INVAL, and handling B_DONE.
getblk() and allocbuf() have been rewritten. B_CACHE operation is now formally defined in comments and more straightforward in implementation. B_CACHE for VMIO buffers is based on the validity of the backing store. B_CACHE for non-VMIO buffers is based simply on whether the buffer is B_INVAL or not (B_CACHE set if B_INVAL clear, and vise-versa). biodone() is now responsible for setting B_CACHE when a successful read completes. B_CACHE is also set when a bdwrite() is initiated and when a bwrite() is initiated. VFS VOP_BWRITE routines (there are only two - nfs_bwrite() and bwrite()) are now expected to set B_CACHE. This means that bowrite() and bawrite() also set B_CACHE indirectly.
There are a number of places in the code which were previously using buf->b_bufsize (which is DEV_BSIZE aligned) when they should have been using buf->b_bcount. These have been fixed. getblk() now clears B_DONE on return because the rest of the system is so bad about dealing with B_DONE.
Major fixes to NFS/TCP have been made. A server-side bug could cause requests to be lost by the server due to nfs_realign() overwriting other rpc's in the same TCP mbuf chain. The server's kernel must be recompiled to get the benefit of the fixes.
Submitted by: Matthew Dillon <dillon@apollo.backplane.com>
|
46155 |
28-Apr-1999 |
phk |
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname.
Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|
46112 |
27-Apr-1999 |
phk |
Suser() simplification:
1: s/suser/suser_xxx/
2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with later.
There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
|
45347 |
05-Apr-1999 |
julian |
Catch a case spotted by Tor where files mmapped could leave garbage in the unallocated parts of the last page when the file ended on a frag but not a page boundary. Delimitted by tags PRE_MATT_MMAP_EOF and POST_MATT_MMAP_EOF, in files alpha/alpha/pmap.c i386/i386/pmap.c nfs/nfs_bio.c vm/pmap.h vm/vm_page.c vm/vm_page.h vm/vnode_pager.c miscfs/specfs/spec_vnops.c ufs/ufs/ufs_readwrite.c kern/vfs_bio.c
Submitted by: Matt Dillon <dillon@freebsd.org> Reviewed by: Alan Cox <alc@freebsd.org>
|
44512 |
06-Mar-1999 |
bde |
Don't depend on <ufs/ufs/quota.h> or another (old) prerequisite including <sys/queue.h>. This fixes my recent breakage of biosboot by unpolluting <ufs/ufs/quota.h> in the !KERNEL case.
|
44480 |
05-Mar-1999 |
bde |
Moved kernel declarations inside the KERNEL ifdef, and removed include of <sys/queue.h> in the !KERNEL case. The prerequisites for <ufs/ufs/quota.h> were broken in Lite2 by converting some of the kernel declarations to use queue macros without including <sys/queue.h>. <sys/queue.h> was included in applications in /usr/src instead. We polluted this file instead of merging the changes in the applications.
Include <sys/queue.h> in the KERNEL case, and forward-declare all structs that are used in prototypes, so that this file is almost self-sufficient even in the kernel.
Obtained from: mostly from NetBSD
|
44474 |
05-Mar-1999 |
bde |
Changed the type of quotactl()'s 4th arg from `char *' to `void *' so that non-sloppy applications can call it without using disgusting casts to avoid warnings. The 4th arg is sort of varargs -- it must sometimes represent a filename, sometimes a struct pointer, and is sometimes unused. The arg type is still caddr_t in the kernel.
Obtained from: mostly from NetBSD
|
44395 |
02-Mar-1999 |
imp |
Merge patch to ufs_vnops.c's ufs_rename to the copy of ufs_rename that lives in ext2_vnops.c for ext2fs. Also remove cast from comparision. Bruce pointed out that it was bogus since we'd force a signed comparision when we really wanted an unsigned comparison.
|
44291 |
26-Feb-1999 |
imp |
Fix last commit based on feedback from Guido, Bruce and Terry.
Specifically, the test was in the wrong place, lacked a cast, didn't unlock the node, and exited to bad rather than abortit. Now we don't allow renaming of a file with LINK_MAX references. Move the test to earlier in the code as it is closer to where ip is obtained, as that is the style of the rest of the function.
Didn't fix the problems bruce pointed out in the rename man page to include EMLINK, nor address his complaints about how the whole idea of incrementing the link count during a rename is potentially asking for trouble.
Also didn't try to correct potential problem Terry pointed out with decrements not being similarly protected against underflow.
|
44253 |
25-Feb-1999 |
imp |
Add missing check for LINK_MAX in ufs_rename. Since ip->i_effnlink and ip->nlink were different types, there was a masked overflow.
Reported by: Mark Slemco <marcs@znep.com>
|
44248 |
25-Feb-1999 |
dillon |
Update ufs_vnops code to use new specinfo fields rather then guess. This is part of general specinfo / d_parms() commit.
|
43958 |
13-Feb-1999 |
dillon |
Remove XXX comment in regarsd to why NFS doesn't use VOP_ABORT(). NFS is being fixed now.
|
43311 |
28-Jan-1999 |
dillon |
Fix warnings in preparation for adding -Wall -Wcast-qual to the kernel compile
|
42957 |
21-Jan-1999 |
dillon |
This is a rather large commit that encompasses the new swapper, changes to the VM system to support the new swapper, VM bug fixes, several VM optimizations, and some additional revamping of the VM code. The specific bug fixes will be documented with additional forced commits. This commit is somewhat rough in regards to code cleanup issues.
Reviewed by: "John S. Dyson" <root@dyson.iquest.net>, "David Greenman" <dg@root.com>
|
42374 |
07-Jan-1999 |
bde |
Don't pass unused unused timestamp args to UFS_UPDATE() or waste time initializing them. This almost finishes centralizing (in-core) timestamp updates in ufs_itimes().
|
42248 |
02-Jan-1999 |
bde |
Ifdefed conditionally used simplock variables.
|
42042 |
24-Dec-1998 |
bde |
Fixed null pointer panics which I introduced in rev.1.86. Vnodes may be revoked, so vnop routines must be careful about accessing the vnode if they may have blocked.
Fixed marking for update after successfully reading or writing 0 bytes. In this case, POSIX.1 specifies marking if and only if the requested count is nonzero, but rev.1.86 never marked.
|
41954 |
20-Dec-1998 |
dfr |
In ufs_setattr(), if only one of va_atime or va_mtime are != VNOVAL, then the code set the other field in the inode to VNOVAL. This can happen sometimes on an NFS server.
|
41809 |
15-Dec-1998 |
julian |
Add comments to code that I was trying to understand. Hopefully will save others time.
Someone who understands this better might check for correctness.
|
41765 |
14-Dec-1998 |
dillon |
Fix -Wuninitialized warning regarding zero-length var-args ctl element. ( this isn't really an error, but I think it is important to fix the warning ).
|
41610 |
09-Dec-1998 |
eivind |
Make compare correct with unsigned types. (Problem introduced by Lite/2).
|
41059 |
10-Nov-1998 |
peter |
add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()
|
40672 |
27-Oct-1998 |
bde |
Oops, the redundant tests for major numbers weren't redundant here. They checked for the magic major number for the "device" behind mfs mount points. Use a more obvious check for this device.
Debugged by: Andrew Gallatin <gallatin@cs.duke.edu>
|
40660 |
26-Oct-1998 |
bde |
Removed redundant bitrotted checks for major numbers instead of updating them.
|
40469 |
17-Oct-1998 |
bde |
Use only the correct raw partition for writing labels. Don't use the partition that the label ioctl is being done on just because it has offset 0, since there is no guarantee that such a partition is large enough to contain the label. Don't use the wrong raw partition (0 instead of RAW_PART).
This fixes problems rewriting bizarre labels (with a nonzero offset for the 'a' partition) in newfs(8). Such labels shouldn't normally be used, but creating them was allowed if the ioctl was done on the raw partition, and sysinstall creates them if the root partition isn't allocated first.
Note that allowing write access to a partition other than the one that has been checked for write access doesn't increase security holes significantly, since write access to any partition already allows changing the in-core label.
This fix should be in 3.0R. Rev.1.26 of newfs/newfs.c shouldn't be in 3.0R.
|
40448 |
16-Oct-1998 |
jkh |
fixup for alpha.
|
40304 |
13-Oct-1998 |
bde |
Fixed bloatage of `struct inode'. We used 5 "spare" fields for ext2fs, but when i_effnlink was added to support soft updates, there was only room for 4 spares. The number of spares was not reduced, so the inode size became 260 (on i386's), or 512 after rounding up by malloc(). Use one spare field in `struct dinode' instead of the 5th spare field in the inode and reduced to 4 spares in the inode so that the size is 256 again.
Changed the types of the spares in the inode from int to u_int32_t so that the inode size has more chance of being <= 256 under other arches, and downdated ext2fs to match (it was broken to use ints before rev.1.1).
|
40038 |
07-Oct-1998 |
luoqi |
Use vm_page_xxx() inline functions to manipulate vm_page::flags, vm_page::busy. As a side effect, a few wakeup() calls are added, which might fix some of the missing vm_page wakeups people have been seeing.
Reviewed by: Doug Rabson <dfr@nlsystems.com>
|
39796 |
30-Sep-1998 |
mckusick |
Do not allow a mounted on directory to be rmdir'ed. This removal can happen when an NFS exported filesystem tries to remove a locally mounted on directory. PR: kern/7272 Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
|
39238 |
15-Sep-1998 |
gibbs |
When a buffer is removed from a buffer queue, remember it's block number and use it as "the currently active" buffer in doing disk sort calculations.
|
38907 |
07-Sep-1998 |
bde |
Put the zombie ffs sysctl node in "notyet" state together with its few remaining children. Prepare it for MOUNT_UFS going away.
|
38418 |
18-Aug-1998 |
bde |
Quick fix for breakage of read clustering on non-IDE drives. Read clustering is obsolescent technology so hardly anyone noticed. On a DORS 32160 SCSI drive with 4 tags, read clustering makes very little difference even for huge sequential reads. However, on a ZIP SCSI drive with 0 tags, the minimum overhead per block is about 40 msec, so very large clusters must be used to get anywhere near the maximum transfer rate. Using clusters consisting of 1 8K block reduces the transfer rate to about 250K/sec. Under msdosfs, missing read clustering is normal and a cluster size of 1 512 byte block reduces the transfer rate to about 25K/sec.
Broken in: rev.1.18
|
38292 |
12-Aug-1998 |
msmith |
"The releaseing of the reference and lock is not temporary and belongs where it is. The reference and lock(s) are acquired just above the code in VREF() and relookup()."
Submitted by: Michael Hancock <michaelh@cet.co.jp>
|
38291 |
12-Aug-1998 |
julian |
Handle the case of moving a directory onto the top of a sibling's child of the same name.
Submitted by: Kirk Mckusick with fixes from luoqi Chen Obtained from: Whistle test tree.
|
37922 |
28-Jul-1998 |
bde |
Used daddr_t's, not ints, to store disk block numbers. Updated printf formats and args to match. Fixed old printf format errors (all related; most were hidden by calling printf indirectly).
This change somehow avoids compiler bugs for 64-bit longs on i386's, although it increases the number of 64-bit calculations.
|
37887 |
27-Jul-1998 |
bde |
Made lazy syncing of timestamps for special files non-optional.
|
37649 |
15-Jul-1998 |
bde |
Cast pointers to uintptr_t/intptr_t instead of to u_long/long, respectively. Most of the longs should probably have been u_longs, but this changes is just to prevent warnings about casts between pointers and integers of different sizes, not to fix poorly chosen types.
|
37555 |
11-Jul-1998 |
bde |
Fixed printf format errors.
|
37539 |
10-Jul-1998 |
julian |
Add code missed in the initial Soft updates integration. Make the unallocated parts of a directry have a know state in case we need it later.
|
37490 |
08-Jul-1998 |
julian |
Catch a few corner cases where FreeBSD differs enough from BSD 4.4 to confuse Soft updates.. Should solve several "dangling deps" panics.
|
37384 |
04-Jul-1998 |
julian |
VOP_STRATEGY grows an (struct vnode *) argument as the value in b_vp is often not really what you want. (and needs to be frobbed). more cleanups will follow this. Reviewed by: Bruce Evans <bde@freebsd.org>
|
37364 |
03-Jul-1998 |
bde |
Restored revs.1.89-1.90 which I somehow clobbered in rev.1.91.
|
37363 |
03-Jul-1998 |
bde |
Sync timestamp changes for inodes of special files to disk as late as possible (when the inode is reclaimed). Temporarily only do this if option UFS_LAZYMOD configured and softupdates aren't enabled. UFS_LAZYMOD is intentionally left out of /sys/conf/options.
This is mainly to avoid almost useless disk i/o on battery powered machines. It's silly to write to disk (on the next sync or when the inode becomes inactive) just because someone hit a key or something wrote to the screen or /dev/null.
PR: 5577 Previous version reviewed by: phk
|
37362 |
03-Jul-1998 |
bde |
Centralized in-core inode update. Update the in-core inode directly in ufs_setattr() so that there is no need to pass timestamps to UFS_UPDATE() (everything else just needs the current time). Ignore the passed-in timestamps in UFS_UPDATE() and always call ufs_itimes() (was: itimes()) to do the update. The timestamps are still passed so that all the callers don't need to be changed yet.
|
37182 |
27-Jun-1998 |
phk |
Make vprint() print dev_t in hex also.
|
37181 |
27-Jun-1998 |
phk |
Report the type from the inode, not the vnode.
|
37094 |
21-Jun-1998 |
bde |
Removed unused includes.
|
36779 |
08-Jun-1998 |
julian |
The version of the softdep changes in FreeBSD broke the (doingdirectory && !newparent) case of ufs_rename(). rename("D1/X/", "D2/Y/") gives a wrong link count for D2.
Submitted by: Bruce Evans <bde@zeta.org.au> Reviewed by: Kirk McKusick <mckusick@McKusick.COM>
|
36723 |
07-Jun-1998 |
bde |
Null change. Forgot to mention in previous log message that MNT_NOATIME is now ignored for special files, so that mounting root with option noatime doesn't break reporting of idle times in programs like `w'. The problem of execessive disk updates just to stamp atimes will be handled for special files by only writing atimes to disk when inodes become active. This works well because special files are relatively uncommon and their atimes are even more disposable at panic time than regular files' atimes.
|
36721 |
07-Jun-1998 |
bde |
Fixed some longstanding timestamp bugs: 1. mark atimes and mtimes of special files and fifos for update upon successful completion of non-null i/o, not at the beginning of the syscall. 2. never update file times for readonly filesystems. They were updated for stats and closes but not for syncs. The updates were of course only in-core and were thrown away when the inode was uncached, so the times sometimes appeared to go backwards.
Improved comments in code related to (1) (mostly by removing them).
Unmacroized ITIMES(). The test in (2) bloated it even more. Don't call getmicrotime() in the function version of it when we only need the time in seconds.
|
36645 |
04-Jun-1998 |
dfr |
If the filesystem blocksize is less than the VM page size, use the generic getpages code. This happens for filesystems with 4k pages on the alpha since the normal alpha pagesize is 8k.
|
36644 |
04-Jun-1998 |
dfr |
Don't cast a pointer to an int in DQHASH.
|
36119 |
17-May-1998 |
phk |
s/nanoruntime/nanouptime/g s/microruntime/microuptime/g
Reviewed by: bde
|
35823 |
07-May-1998 |
msmith |
In the words of the submitter:
--------- Make callers of namei() responsible for releasing references or locks instead of having the underlying filesystems do it. This eliminates redundancy in all terminal filesystems and makes it possible for stacked transport layers such as umapfs or nullfs to operate correctly.
Quality testing was done with testvn, and lat_fs from the lmbench suite.
Some NFS client testing courtesy of Patrik Kudo.
vop_mknod and vop_symlink still release the returned vpp. vop_rename still releases 4 vnode arguments before it returns. These remaining cases will be corrected in the next set of patches. ---------
Submitted by: Michael Hancock <michaelh@cet.co.jp>
|
35256 |
17-Apr-1998 |
des |
Seventy-odd "its" / "it's" typos in comments fixed as per kern/6108.
|
35205 |
15-Apr-1998 |
bde |
Fixed bitrot in the non-softdep case of ufs_dirremove(): - restored async mount support. The first entry in a block is still always written synchronously, although it probably shouldn't be in the async case. - restored use of BWRITE() instead of bowrite() for the DOWHITEOUT case, although bowrite() is probably better.
Broken by: merge of softdep changes (rev.1.22). Found by: lmbench2 delete-file benchmarks.
|
35084 |
06-Apr-1998 |
peter |
Back this out, allowing users to get a fd connected to a symlink is just too dangerous.
|
35083 |
06-Apr-1998 |
peter |
Don't panic if a VOP_READ() gets through on a short link, Just Do It (because we can :-). This means you can open a link file (or pseudo-file in the case of short links where the data is stored in the inode rather than disk blocks) and read the contents. However, trap any writes from the user as it's difficult to do the right thing in all cases. A link may be short and the user may be trying to extend it beyond the limit and so on. Although.. being able to re-target a symlink without deleting it first might have been nice. This stuff is a bit perverse since symlink() and readlink() calls can end up actually being implemented as read/write vnode ops.
Reviewed by: phk
|
35029 |
04-Apr-1998 |
phk |
Time changes mark 2:
* Figure out UTC relative to boottime. Four new functions provide time relative to boottime.
* move "runtime" into struct proc. This helps fix the calcru() problem in SMP.
* kill mono_time.
* add timespec{add|sub|cmp} macros to time.h. (XXX: These may change!)
* nanosleep, select & poll takes long sleeps one day at a time
Reviewed by: bde Tested by: ache and others
|
34961 |
30-Mar-1998 |
phk |
Eradicate the variable "time" from the kernel, using various measures. "time" wasn't a atomic variable, so splfoo() protection were needed around any access to it, unless you just wanted the seconds part.
Most uses of time.tv_sec now uses the new variable time_second instead.
gettime() changed to getmicrotime(0.
Remove a couple of unneeded splfoo() protections, the new getmicrotime() is atomic, (until Bruce sets a breakpoint in it).
A couple of places needed random data, so use read_random() instead of mucking about with time which isn't random.
Add a new nfs_curusec() function.
Mark a couple of bogosities involving the now disappeard time variable.
Update ffs_update() to avoid the weird "== &time" checks, by fixing the one remaining call that passwd &time as args.
Change profiling in ncr.c to use ticks instead of time. Resolution is the same.
Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call hzto() which subtracts time" sequences.
Reviewed by: bde
|
34901 |
26-Mar-1998 |
phk |
Add two new functions, get{micro|nano}time.
They are atomic, but return in essence what is in the "time" variable. gettime() is now a macro front for getmicrotime().
Various patches to use the two new functions instead of the various hacks used in their absence.
Some puntuation and grammer patches from Bruce.
A couple of XXX comments.
|
34441 |
09-Mar-1998 |
dyson |
Correct a problem with the ffs_getpages routine that manifest's itself during the tail command. The amount to read is incorrectly calculated. Submitted by: Tor Egge
|
34266 |
08-Mar-1998 |
julian |
Reviewed by: dyson@freebsd.org (john Dyson), dg@root.com (david greenman) Submitted by: Kirk McKusick (mcKusick@mckusick.com) Obtained from: WHistle development tree
|
34206 |
07-Mar-1998 |
dyson |
This mega-commit is meant to fix numerous interrelated problems. There has been some bitrot and incorrect assumptions in the vfs_bio code. These problems have manifest themselves worse on NFS type filesystems, but can still affect local filesystems under certain circumstances. Most of the problems have involved mmap consistancy, and as a side-effect broke the vfs.ioopt code. This code might have been committed seperately, but almost everything is interrelated.
1) Allow (pmap_object_init_pt) prefaulting of buffer-busy pages that are fully valid. 2) Rather than deactivating erroneously read initial (header) pages in kern_exec, we now free them. 3) Fix the rundown of non-VMIO buffers that are in an inconsistent (missing vp) state. 4) Fix the disassociation of pages from buffers in brelse. The previous code had rotted and was faulty in a couple of important circumstances. 5) Remove a gratuitious buffer wakeup in vfs_vmio_release. 6) Remove a crufty and currently unused cluster mechanism for VBLK files in vfs_bio_awrite. When the code is functional, I'll add back a cleaner version. 7) The page busy count wakeups assocated with the buffer cache usage were incorrectly cleaned up in a previous commit by me. Revert to the original, correct version, but with a cleaner implementation. 8) The cluster read code now tries to keep data associated with buffers more aggressively (without breaking the heuristics) when it is presumed that the read data (buffers) will be soon needed. 9) Change to filesystem lockmgr locks so that they use LK_NOPAUSE. The delay loop waiting is not useful for filesystem locks, due to the length of the time intervals. 10) Correct and clean-up spec_getpages. 11) Implement a fully functional nfs_getpages, nfs_putpages. 12) Fix nfs_write so that modifications are coherent with the NFS data on the server disk (at least as well as NFS seems to allow.) 13) Properly support MS_INVALIDATE on NFS. 14) Properly pass down MS_INVALIDATE to lower levels of the VM code from vm_map_clean. 15) Better support the notion of pages being busy but valid, so that fewer in-transit waits occur. (use p->busy more for pageouts instead of PG_BUSY.) Since the page is fully valid, it is still usable for reads. 16) It is possible (in error) for cached pages to be busy. Make the page allocation code handle that case correctly. (It should probably be a printf or panic, but I want the system to handle coding errors robustly. I'll probably add a printf.) 17) Correct the design and usage of vm_page_sleep. It didn't handle consistancy problems very well, so make the design a little less lofty. After vm_page_sleep, if it ever blocked, it is still important to relookup the page (if the object generation count changed), and verify it's status (always.) 18) In vm_pageout.c, vm_pageout_clean had rotted, so clean that up. 19) Push the page busy for writes and VM_PROT_READ into vm_pageout_flush. 20) Fix vm_pager_put_pages and it's descendents to support an int flag instead of a boolean, so that we can pass down the invalidate bit.
|
33847 |
26-Feb-1998 |
msmith |
In the author's words:
These diffs implement the first stage of a VOP_{GET|PUT}PAGES pushdown for local media FS's.
See ffs_putpages in /sys/ufs/ufs/ufs_readwrite.c for implementation details for generic *_{get|put}pages for local media FS's. Support is trivial to add for any FS that formerly relied on the default behaviour of the vnode_pager in in EOPNOTSUPP cases (just copy the ffs_getpages() code for the FS in question's *_{get|put}pages).
Obviously, it would be better if each local media FS implemented a more optimal method, instead of calling an exported interface from the /sys/vm/vnode_pager.c, but this is a necessary first step in getting the FS's to a point where they can be supplied with better implementations on a case-by-case basis.
Obviously, the cd9660_putpages() can be rather trivial (since it is a read-only FS type 8-)).
A slight (temporary) modification is made to print a diagnostic message in the case where the underlying filesystem attempts to engage in the previous behaviour. Failure is likely to be ungraceful.
Submitted by: terry@freebsd.org (Terry Lambert)
|
33678 |
20-Feb-1998 |
bde |
Don't depend on "implicit int".
|
33181 |
09-Feb-1998 |
eivind |
Staticize.
|
33134 |
06-Feb-1998 |
eivind |
Back out DIAGNOSTIC changes.
|
33109 |
05-Feb-1998 |
dyson |
1) Start using a cleaner and more consistant page allocator instead of the various ad-hoc schemes. 2) When bringing in UPAGES, the pmap code needs to do another vm_page_lookup. 3) When appropriate, set the PG_A or PG_M bits a-priori to both avoid some processor errata, and to minimize redundant processor updating of page tables. 4) Modify pmap_protect so that it can only remove permissions (as it originally supported.) The additional capability is not needed. 5) Streamline read-only to read-write page mappings. 6) For pmap_copy_page, don't enable write mapping for source page. 7) Correct and clean-up pmap_incore. 8) Cluster initial kern_exec pagin. 9) Removal of some minor lint from kern_malloc. 10) Correct some ioopt code. 11) Remove some dead code from the MI swapout routine. 12) Correct vm_object_deallocate (to remove backing_object ref.) 13) Fix dead object handling, that had problems under heavy memory load. 14) Add minor vm_page_lookup improvements. 15) Some pages are not in objects, and make sure that the vm_page.c can properly support such pages. 16) Add some more page deficit handling. 17) Some minor code readability improvements.
|
33108 |
04-Feb-1998 |
eivind |
Turn DIAGNOSTIC into a new-style option.
|
32944 |
31-Jan-1998 |
julian |
Serves me right for not puting SUIDDIR in LINT. it got bitrot. This should stop complaints about it not working for people.
|
32889 |
30-Jan-1998 |
phk |
Retire LFS.
If you want to play with it, you can find the final version of the code in the repository the tag LFS_RETIREMENT.
If somebody makes LFS work again, adding it back is certainly desireable, but as it is now nobody seems to care much about it, and it has suffered considerable bitrot since its somewhat haphazard integration.
R.I.P
|
32724 |
24-Jan-1998 |
dyson |
Add better support for larger I/O clusters, including larger physical I/O. The support is not mature yet, and some of the underlying implementation needs help. However, support does exist for IDE devices now.
|
32702 |
22-Jan-1998 |
dyson |
VM level code cleanups.
1) Start using TSM. Struct procs continue to point to upages structure, after being freed. Struct vmspace continues to point to pte object and kva space for kstack. u_map is now superfluous. 2) vm_map's don't need to be reference counted. They always exist either in the kernel or in a vmspace. The vmspaces are managed by reference counts. 3) Remove the "wired" vm_map nonsense. 4) No need to keep a cache of kernel stack kva's. 5) Get rid of strange looking ++var, and change to var++. 6) Change more data structures to use our "zone" allocator. Added struct proc, struct vmspace and struct vnode. This saves a significant amount of kva space and physical memory. Additionally, this enables TSM for the zone managed memory. 7) Keep ioopt disabled for now. 8) Remove the now bogus "single use" map concept. 9) Use generation counts or id's for data structures residing in TSM, where it allows us to avoid unneeded restart overhead during traversals, where blocking might occur. 10) Account better for memory deficits, so the pageout daemon will be able to make enough memory available (experimental.) 11) Fix some vnode locking problems. (From Tor, I think.) 12) Add a check in ufs_lookup, to avoid lots of unneeded calls to bcmp. (experimental.) 13) Significantly shrink, cleanup, and make slightly faster the vm_fault.c code. Use generation counts, get rid of unneded collpase operations, and clean up the cluster code. 14) Make vm_zone more suitable for TSM.
This commit is partially as a result of discussions and contributions from other people, including DG, Tor Egge, PHK, and probably others that I have forgotten to attribute (so let me know, if I forgot.)
This is not the infamous, final cleanup of the vnode stuff, but a necessary step. Vnode mgmt should be correct, but things might still change, and there is still some missing stuff (like ioopt, and physical backing of non-merged cache files, debugging of layering concepts.)
|
32286 |
06-Jan-1998 |
dyson |
Make our v_usecount vnode reference count work identically to the original BSD code. The association between the vnode and the vm_object no longer includes reference counts. The major difference is that vm_object's are no longer freed gratuitiously from the vnode, and so once an object is created for the vnode, it will last as long as the vnode does.
When a vnode object reference count is incremented, then the underlying vnode reference count is incremented also. The two "objects" are now more intimately related, and so the interactions are now much less complex.
When vnodes are now normally placed onto the free queue with an object still attached. The rundown of the object happens at vnode rundown time, and happens with exactly the same filesystem semantics of the original VFS code. There is absolutely no need for vnode_pager_uncache and other travesties like that anymore.
A side-effect of these changes is that SMP locking should be much simpler, the I/O copyin/copyout optimizations work, NFS should be more ponderable, and further work on layered filesystems should be less frustrating, because of the totally coherent management of the vnode objects and vnodes.
Please be careful with your system while running this code, but I would greatly appreciate feedback as soon a reasonably possible.
|
32072 |
29-Dec-1997 |
dyson |
Fix the decl of vfs_ioopt, allow LFS to compile again, fix a minor problem with the object cache removal.
|
32011 |
27-Dec-1997 |
bde |
Unspammed nested include of <vm/vm_zone.h>.
|
31920 |
21-Dec-1997 |
dyson |
I added vfs_ioopt prematurely, disabled.
|
31853 |
19-Dec-1997 |
dyson |
Some performance improvements, and code cleanups (including changing our expensive OFF_TO_IDX to btoc whenever possible.)
|
31788 |
16-Dec-1997 |
eivind |
Make LINT compile again after wollman introduced poll() here.
Overlooked by: wollman
|
31749 |
15-Dec-1997 |
eivind |
Convert SUIDDIR fully to a new-style option.
Forgotten by: julian
|
31727 |
15-Dec-1997 |
wollman |
Add support for poll(2) on files. vop_nopoll() now returns POLLNVAL if one of the new poll types is requested; hopefully this will not break any existing code. (This is done so that programs have a dependable way of determining whether a filesystem supports the extended poll types or not.)
The new poll types added are:
POLLWRITE - file contents may have been modified POLLNLINK - file was linked, unlinked, or renamed POLLATTRIB - file's attributes may have been changed POLLEXTEND - file was extended
Note that the internal operation of poll() means that it is impossible for two processes to reliably poll for the same event (this could be fixed but may not be worth it), so it is not possible to rewrite `tail -f' to use poll at this time.
|
31699 |
13-Dec-1997 |
bde |
Restored ufs_pathconf() from rev.1.61. vop_stdpathconf() is too general to be of much use. Using it here broke the _PC_NAME_MAX, _PC_NO_TRUNC and _PC_PATH_MAX cases, and weakened the _PC_MAX_CANON, _PC_MAX_INPUT and _PC_VDISABLE cases.
|
31683 |
12-Dec-1997 |
peter |
Fix(?) some style consistancy breakage and do some other nit-picking on the SUIDDIR changes.
|
31561 |
05-Dec-1997 |
bde |
Don't include <sys/lock.h> in headers when only `struct simplelock' is required. Fixed everything that depended on the pollution.
|
31557 |
05-Dec-1997 |
jkh |
Needs to include <sys/lock.h> if we're using struct lock.
|
31486 |
02-Dec-1997 |
bde |
`nextgennumber' can go away now that is no longer (ab)used by foreign fs's.
|
31394 |
24-Nov-1997 |
bde |
Fixed overflow in ufs_getblns(). For ufs on systems with 32-bit ints, triple indirect blocks only worked for block sizes of 4K, since MNINDIR(ump)**3 overflows for larger block sizes (e.g., (8192/4)**3 = 2**33 > INT_MAX). This fix is not the obvious one of changing some types to 64 bits. It rearranges the code to avoid some unnecessary 64-bit calculations.
Reviewed by: Kirk McKusick <mckusick@McKusick.COM>
|
31312 |
20-Nov-1997 |
bde |
Fixed marking of access time for special files and fifos (don't do it if the file system is mounted noatime). Not fixed: the access time is marked at the start of a read() and not marked on successful completion. I think this should be handled at the vfs level.
Print a better panic message for missing vops. Don't use printf() before panic(), since the printf()ed part isn't shown by gdb. This actually loses a little with the current gdb, since gdb just prints the fmt arg to panic, so %'s aren't expanded. gdb should fetch the full message from the message buffer if possible.
Fixed default vop function for vop_getpages_desc. It needs to just return EOPNOTSUPP so that the vnode pager can get the pages in using a general method. Panicing broke exec'ing of files on ext2fs file systems. ffs works because it doesn't use the default.
Fixed nearby style bugs.
|
31269 |
18-Nov-1997 |
phk |
unifdef -UEXT2FS
|
31147 |
13-Nov-1997 |
julian |
oops, fix left out semicolon in code I patched by hand.
|
31144 |
13-Nov-1997 |
julian |
Reviewed by: hackers@freebsd.org in general Obtained from: Whistle Communications tree
Add an option to the way UFS works dependent on the SUID bit of directories This changes makes things a whole lot simpler on systems running as fileservers for PCs and MACS. to enable the new code you must 1/ enable option SUIDDIR on the kernel. 2/ mount the filesystem with option suiddir. hopefully this makes it difficult enough for people to do this accidentally. see the new chmod(2) man page for detailed info.
|
31016 |
07-Nov-1997 |
phk |
Remove a bunch of variables which were unused both in GENERIC and LINT.
Found by: -Wunused
|
30780 |
27-Oct-1997 |
bde |
Removed unused #includes. The need for most of them went away with recent changes (docluster* and vfs improvements).
|
30779 |
27-Oct-1997 |
bde |
Forward declare precisely the structs that are actually used in this header.
|
30743 |
26-Oct-1997 |
phk |
VFS interior redecoration.
Rename vn_default_error to vop_defaultop all over the place. Move vn_bwrite from vfs_bio.c to vfs_default.c and call it vop_stdbwrite. Use vop_null instead of nullop. Move vop_nopoll from vfs_subr.c to vfs_default.c Move vop_sharedlock from vfs_subr.c to vfs_default.c Move vop_nolock from vfs_subr.c to vfs_default.c Move vop_nounlock from vfs_subr.c to vfs_default.c Move vop_noislocked from vfs_subr.c to vfs_default.c Use vop_ebadf instead of *_ebadf. Add vop_defaultop for getpages on master vnode in MFS.
|
30513 |
17-Oct-1997 |
phk |
Make a set of VOP standard lock, unlock & islocked VOP operators, which depend on the lock being located at vp->v_data. Saves 3x3 identical vop procs, more as the other filesystems becomes lock aware.
|
30492 |
16-Oct-1997 |
phk |
Another VFS cleanup "kilo commit"
1. Remove VOP_UPDATE, it is (also) an UFS/{FFS,LFS,EXT2FS,MFS} intereface function, and now lives in the ufsmount structure.
2. Remove VOP_SEEK, it was unused.
3. Add mode default vops:
VOP_ADVLOCK vop_einval VOP_CLOSE vop_null VOP_FSYNC vop_null VOP_IOCTL vop_enotty VOP_MMAP vop_einval VOP_OPEN vop_null VOP_PATHCONF vop_einval VOP_READLINK vop_einval VOP_REALLOCBLKS vop_eopnotsupp
And remove identical functionality from filesystems
4. Add vop_stdpathconf, which returns the canonical stuff. Use it in the filesystems. (XXX: It's probably wrong that specfs and fifofs sets this vop, shouldn't it come from the "host" filesystem, for instance ufs or cd9660 ?)
5. Try to make system wide VOP functions have vop_* names.
6. Initialize the um_* vectors in LFS.
(Recompile your LKMS!!!)
|
30476 |
16-Oct-1997 |
phk |
Staticize the ufs vnops member functions.
|
30474 |
16-Oct-1997 |
phk |
VFS mega cleanup commit (x/N)
1. Add new file "sys/kern/vfs_default.c" where default actions for VOPs go. Implement proper defaults for ABORTOP, BWRITE, LEASE, POLL, REVOKE and STRATEGY. Various stuff spread over the entire tree belongs here.
2. Change VOP_BLKATOFF to a normal function in cd9660.
3. Kill VOP_BLKATOFF, VOP_TRUNCATE, VOP_VFREE, VOP_VALLOC. These are private interface functions between UFS and the underlying storage manager layer (FFS/LFS/MFS/EXT2FS). The functions now live in struct ufsmount instead.
4. Remove a kludge of VOP_ functions in all filesystems, that did nothing but obscure the simplicity and break the expandability. If a filesystem doesn't implement VOP_FOO, it shouldn't have an entry for it in its vnops table. The system will try to DTRT if it is not implemented. There are still some cruft left, but the bulk of it is done.
5. Fix another VCALL in vfs_cache.c (thanks Bruce!)
|
30439 |
15-Oct-1997 |
phk |
vnops megacommit
1. Use the default function to access all the specfs operations. 2. Use the default function to access all the fifofs operations. 3. Use the default function to access all the ufs operations. 4. Fix VCALL usage in vfs_cache.c 5. Use VOCALL to access specfs functions in devfs_vnops.c 6. Staticize most of the spec and fifofs vnops functions. 7. Make UFS panic if it lacks bits of the underlying storage handling.
|
30428 |
15-Oct-1997 |
bde |
IN_HASHED goes in the in-core flags ip->i_flag, not in the on-disk flags ip->i_flags.
Rev.1.18 completely broke ufs. My root directory went away about 10 seconds after booting. I think file system damage was null, since IN_HASHED = 0x80 is not used in the disk flags (it would probably be UF_SOMETHING if it were used).
|
30419 |
14-Oct-1997 |
phk |
Reset the flag right away, could catch a bogon someday.
|
30418 |
14-Oct-1997 |
phk |
I think my previous change may have opened a race conditio. This patch does the same thing, with no change in semantics.
|
30402 |
14-Oct-1997 |
phk |
ufs_ihashrem() should not be called from the UFS layer, but from the lower layer (LFS/FFS/?) like the rest of the ihash functions. Otherwise it is impossible to make a lower layer that doesn't use the ihash facility.
|
30354 |
12-Oct-1997 |
phk |
Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them.
A couple of finer points by: bde
|
30309 |
11-Oct-1997 |
phk |
Distribute and statizice a lot of the malloc M_* types.
Substantial input from: bde
|
30285 |
10-Oct-1997 |
phk |
Make ufs_reclaim free the underlying inode.
|
29888 |
27-Sep-1997 |
kato |
Clustered read and write are switched at mount-option level.
1. Clustered I/O is switched by the MNT_NOCLUSTERR and MNT_NOCLUSTERW bits of the mnt_flag. The sysctl variables, vfs.foo.doclusterread and vfs.foo.doclusterwrite are deleted. Only mount option can control clustered I/O from userland. 2. When foofs_mount mounts block device, foofs_mount checks D_CLUSTERR and D_CLUSTERW bits of the d_flags member in the block device switch table. If D_NOCLUSTERR / D_NOCLUSTERW are set, MNT_NOCLUSTERR / MNT_NOCLUSTERW bits will be set. In this case, MNT_NOCLUSTERR and MNT_NOCLUSTERW cannot be cleared from userland. 3. Vnode driver disables both clustered read and write. 4. Union filesystem disables clutered write.
Reviewed by: bde
|
29725 |
22-Sep-1997 |
joerg |
Make MFS a supported option, finally.
|
29685 |
21-Sep-1997 |
gibbs |
Convert tqdisksort to bufqdisksort. Honor the B_ORDERED buffer flag so that meta-data writes go out to the device in the right order.
|
29653 |
21-Sep-1997 |
dyson |
Change the M_NAMEI allocations to use the zone allocator. This change plus the previous changes to use the zone allocator decrease the useage of malloc by half. The Zone allocator will be upgradeable to be able to use per CPU-pools, and has more intelligent usage of SPLs. Additionally, it has reasonable stats gathering capabilities, while making most calls inline.
|
29362 |
14-Sep-1997 |
peter |
Convert select -> poll. Delete 'always succeed' select/poll handlers, replaced with generic call. Flag missing vnode op table entries.
|
29287 |
10-Sep-1997 |
phk |
Update the comment and remove checks now done centrally.
|
29041 |
02-Sep-1997 |
bde |
Removed unused #includes.
|
28787 |
26-Aug-1997 |
phk |
Uncut&paste cache_lookup().
This unifies several times in theory indentical 50 lines of code.
The filesystems have a new method: vop_cachedlookup, which is the meat of the lookup, and use vfs_cache_lookup() for their vop_lookup method. vfs_cache_lookup() will check the namecache and pass on to the vop_cachedlookup method in case of a miss.
It's still the task of the individual filesystems to populate the namecache with cache_enter().
Filesystems that do not use the namecache will just provide the vop_lookup method as usual.
|
28774 |
26-Aug-1997 |
dyson |
Back out some incorrect changes that was worse than the original bug.
|
28701 |
25-Aug-1997 |
kato |
Renamed doclusterread/write to unique names (ffs_doclusterread/write), and staticize them. Move the #include of <sys/sysctl.h> to the top of the file.
Pointed out by: Bruce Evans <bde@zeta.org.au>
|
28598 |
22-Aug-1997 |
dyson |
Fix the "remove optimization" by removing it. Sorry for the trouble.
|
28558 |
22-Aug-1997 |
dyson |
This is a trial improvement for the vnode reference count while on the vnode free list problem. Also, the vnode age flag is no longer used by the vnode pager. (It is actually incorrect to use then.) Constructive feedback welcome -- just be kind.
|
28466 |
21-Aug-1997 |
dyson |
Performance improvment to minimize delayed write output of files that have been deleted. Submitted by: Peter M. Chen <pmchen@eecs.umich.edu>
|
28270 |
16-Aug-1997 |
wollman |
Fix all areas of the system (or at least all those in LINT) to avoid storing socket addresses in mbufs. (Socket buffers are the one exception.) A number of kernel APIs needed to get fixed in order to make this happen. Also, fix three protocol families which kept PCBs in mbufs to not malloc them instead. Delete some old compatibility cruft while we're at it, and add some new routines in the in_cksum family.
|
27845 |
02-Aug-1997 |
bde |
Removed unused #includes.
|
27378 |
13-Jul-1997 |
bde |
Always mark st_ctime for update upon successful completion of chown(). Previously, it wasn't marked for null chown()'s. We permit null chown()s as a special case of "appropriate privilege" - everyone has enough priviilege to not change ids (this is a better argument than the one I gave for rev.1.13, that null changes aren't really changes). However, POSIX.1 requires the update independently of whether anything has changed.
Clear both the setuid and the setgid bits upon successful completion of non-null chown()s by non-root. Previously, the setuid bit was only changed for non-null changes of the uid, etc. POSIX.1 requires clearing both unless the call was made by a process with "appropriate privilege", in which case altering the bits is implementation-defined. We define appropriate privilege as `process is root, or the change is null', and the implementation-defined behaviour as not altering the bits. There is no interpretation that permits clearing only one of the bits.
Reviewed by: jdp
|
27377 |
13-Jul-1997 |
bde |
Use the correct size for a sector in the search for a label in readdisklabel(). Sectors may be larger than DEV_BSIZE.
|
27376 |
13-Jul-1997 |
bde |
Removed semicolon from the end of a #define.
|
27375 |
13-Jul-1997 |
bde |
Fixed comment about i_spare.
|
26360 |
02-Jun-1997 |
julian |
Submitted by: Whistle Communications (archie Cobbs)
These changes add the ability to specify that a UFS file/directory cannot be unlinked. This is basically a scaled back version of the IMMUTABLE flag. The reason is to allow an administrator to create a directory hierarchy that a group of users can arbitrarily add/delete files from, but that the hierarchy itself is safe from removal by them. If the NOUNLINK definition is set to 0 then this results in no change to what happens normally. (and results in identical binary (in the kernel)). It can be proven that if this bit is never set by the admin, no new behaviour is introduced.. Several "good idea" comments from reviewers plus one grumble about creeping featurism.
This code is in production in 2.2 based systems
|
26001 |
22-May-1997 |
phk |
Shrink struct inode by 20 bytes, so that malloc wastes less space.
Pointed out by: bde
|
25877 |
17-May-1997 |
phk |
Remove redundant check for vp == dvp (done in VFS before calling).
|
24477 |
01-Apr-1997 |
bde |
Removed nested include of <ufs/ufs/dir.h>. Use the pre-Lite2 hack of defining doff_t both here and in <ufs/ufs/dir.h> so that this file is independent of <ufs/ufs/dir.h>. It still has old prerequisites <sys/param.h> and <ufs/ufs/quota.h>, and a new Lite2 prerequisite of <sys/lock.h>, sigh.
This might fix lsof, which was broken by namespace pollution giving conflicting definitions of DIRBLKSIZ.
|
24438 |
31-Mar-1997 |
peter |
Treat symlinks as first class citizens with their own uid/gid rather than as shadows of their containing directory. This should solve the problem of users not being able to delete their symlinks from /tmp once and for all.
Symlinks do not have modes though, they are accessable to everything that can read the directory (as before). They are made to show this fact at lstat time (they appear as mode 0777 always, since that's how the the lookup routines in the kernel treat them).
More commits will follow, eg: add a real lchown() syscall and man pages.
|
24131 |
23-Mar-1997 |
bde |
Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined. Fixed everything that depended on getting fcntl.h stuff from the wrong place. Most things don't depend on file.h stuff at all.
|
24101 |
22-Mar-1997 |
bde |
Fixed some invalid (non-atomic) accesses to `time', mostly ones of the form `tv = time'. Use a new function gettime(). The current version just forces atomicicity without fixing precision or efficiency bugs. Simplified some related valid accesses by using the central function.
|
23998 |
18-Mar-1997 |
peter |
MAXDIRSIZE is (or would be) used in fsck. It's a sanity check.
|
23562 |
09-Mar-1997 |
mpp |
Update a number of routines to reflect the actual name of the routine that caused the panic.
|
23347 |
03-Mar-1997 |
bde |
Removed unused flag IN_RECURSE and unused struct member i_lockcount.
|
23346 |
03-Mar-1997 |
bde |
Removed useless setting of IN_RECURSE. The (anti) locking for this needs to be done in a different way, if at all.
|
22975 |
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
22881 |
18-Feb-1997 |
bde |
This now uses queue macros. Include <sys/queue.h> if !KERNEL to preserve the documented interface.
|
22619 |
13-Feb-1997 |
bde |
Removed FIFO ifdef again (see rev.1.5).
|
22579 |
12-Feb-1997 |
mpp |
Add function prototypes for most of the new Lite2 functions. Also made a few of the miscfs routines static to be consistent. Some modules simply required some additional #includes to remove -Wall warnings.
|
22521 |
10-Feb-1997 |
dyson |
This is the kernel Lite/2 commit. There are some requisite userland changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes.
The system boots and can mount UFS filesystems.
Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed.
Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
21002 |
29-Dec-1996 |
dyson |
This commit is the embodiment of some VFS read clustering improvements. Firstly, now our read-ahead clustering is on a file descriptor basis and not on a per-vnode basis. This will allow multiple processes reading the same file to take advantage of read-ahead clustering. Secondly, there previously was a problem with large reads still using the ramp-up algorithm. Of course, that was bogus, and now we read the entire "chunk" off of the disk in one operation. The read-ahead clustering algorithm should use less CPU than the previous also (I hope :-)).
NOTE: THAT LKMS MUST BE REBUILT!!!
|
20311 |
11-Dec-1996 |
dyson |
Significant performance improvement for mmap'ed files. This commit makes MADV_SEQUENTIAL much more effective. I suggest that we start using MADV_SEQUENTIAL on system utilities that mmap their input files, and the I/O is predominantely sequential. Below is a test with 'cmp' on two relatively large binary files, where the files are so large that the caching is ineffective:
+ ls -l t1.xxx t2.xxx -rw-r--r-- 1 root wheel 65598384 Dec 10 12:13 t1.xxx -rw-r--r-- 1 root wheel 65598384 Dec 10 12:14 t2.xxx
+ time cmp t1.xxx t2.xxx 3.78user 0.70system 1:33.43elapsed 4%CPU
+ time cmpmadv t1.xxx t2.xxx 4.21user 1.05system 0:30.93elapsed 17%CPU
This change is as a result of an observation made by BDE.
|
20070 |
01-Dec-1996 |
bde |
Removed all references to b_cylinder (aka b_cylin). It was evil and hasn't been used for a year or two since disksort() started sorting on b_pblkno.
|
20061 |
01-Dec-1996 |
sos |
This update adds the support for != 512 byte sector SCSI devices to the sd & od drivers. There is also slight changes to fdisk & newfs in order to comply with different sectorsizes. Currently sectors of size 512, 1024 & 2048 are supported, the only restriction beeing in fdisk, which hunts for the sectorsize of the device. This is based on patches to od.c and the other system files by John Gumb & Barry Scott, minor changes and the sd.c patches by me. There also exist some patches for the msdos filesys code, but I havn't been able to test those (yet).
John Gumb (john@talisker.demon.co.uk) Barry Scott (barry@scottb.demon.co.uk)
|
19388 |
04-Nov-1996 |
bde |
Fixed some races and misleading comments in ufs_rename().
1. When a directory is renamed to an existing (empty) directory, it is possible for the target vnode to become the source vnode underneath you (because another process may complete the same rename). It was assumed that this can't happen, and the bogus errno EINVAL was returned. This was fairly harmless.
Fix: return ENOENT instead, as if the source directory was renamed a little earlier.
2. The same metamorphosis is possible for non-directories. It was assumed that this can't happen, and the code for handling "just removing a link name" happened to be used. This would have worked except for fatal bugs in the link name removal - the link name was assumed to still be there, and a null pointer was followed.
Fix: check the result of relookup(). This fixes PR 1930.
Notes:
(a) POSIX seems to say that removing link names shall have no effect. BSD (4.4Lite2 at least) does something reasonable instead.
(b) The relookup() may find a file unrelated to the original. Removing this isn't correct. Consider 3 existing files A, B and C, and concurrent renames: AB = rename(A, B), another AB, and CA = rename("c", "a"). If rename() is atomic, then only the following results are possible:
AB, AB (fails), CA: A = original C, B = original A, C = gone AB, CA, AB: A = gone, B = original C, C = gone CA, AB, AB (fails): A = gone, B = original C, C = gone
but ufs_rename() can give:
A,AB,CA,B (sorta): A = gone, B = original A, C = gone
This usually doesn't matter, since getting into a race is usually an error. ---
These fixes should be in 2.1.6 and 2.2.
|
18429 |
20-Sep-1996 |
bde |
Don't include <sys/conf.h> for the kernel in disk-related headers. It is needed for implementation details but very little of it is needed for the interface. Include it in the few places that didn't already include it.
Include <sys/ioccom.h> in <sys/disklabel.h> (as already in <sys/diskslice.h>) so that all the disk-related headers are almost self-sufficient.
|
18397 |
19-Sep-1996 |
nate |
In sys/time.h, struct timespec is defined as:
/* * Structure defined by POSIX.4 to be like a timeval. */ struct timespec { time_t ts_sec; /* seconds */ long ts_nsec; /* and nanoseconds */ };
The correct names of the fields are tv_sec and tv_nsec.
Reminded by: James Drobina <jdrobina@infinet.com>
|
18069 |
06-Sep-1996 |
gibbs |
Use bowrite instead of VOP_BWRITE in a few cases. This can probably be taken further.
|
18020 |
03-Sep-1996 |
bde |
Eliminated nested include of <sys/unistd.h> in <sys/file.h> in the kernel. Include it directly in the few places where it is used.
Reduced some #includes of <sys/file.h> to #includes of <sys/fcntl.h> or nothing.
|
18006 |
03-Sep-1996 |
dg |
Implemented kernel side of MNT_NOATIME mount option. This option disables the file access time update on reads and can be useful in reducing filesystem overhead in cases where the access time is not important (like Usenet news spools).
|
17040 |
09-Jul-1996 |
wollman |
Quiet a couple of -Wunused warnings.
|
16681 |
25-Jun-1996 |
dg |
Fixed end condition for clustered reads.
Submitted by: Kirk McKusick via Lite-2 and email
|
15680 |
08-May-1996 |
gpalmer |
Clean up various compiler warnings. Most (if not all) were benign
Reviewed by: bde
|
15576 |
03-May-1996 |
phk |
disksort() is gone, all drivers now use tqdisksort().
|
15493 |
01-May-1996 |
bde |
Removed bogus _BEGIN_DECLS/_END_DECLS.
Removed unused struct tag declarations in cloned code.
Added or cleaned up idempotency ifdefs.
|
15315 |
19-Apr-1996 |
bde |
Yet more b_flags fixes. The previous ones broke the clearing of B_DONE and B_READ before writing. This was was fatal. They also broke the clearing of B_INVAL before doing i/o. This didn't actually matter.
Submitted by: mostly by joerg
|
14909 |
29-Mar-1996 |
bde |
Fixed reference counting related to relookup(). relookup() must be called with the directory referenced, and this reference will be dropped iff relookup() fails, so the value returned must not be ignored.
Reviewed by: davidg
|
14315 |
02-Mar-1996 |
dyson |
More b_flags fixes.
|
14312 |
01-Mar-1996 |
dyson |
Fix a bug that b_flags was getting unnecessarily modified by the slice code. The effect up to now has been insignficant, but improved buffer allocation code will break with this problem.
|
14279 |
27-Feb-1996 |
mpp |
Add a prototype for the quotactl system call.
|
13765 |
30-Jan-1996 |
mpp |
Fix a bunch of spelling errors in the comment fields of a bunch of system include files.
|
13490 |
19-Jan-1996 |
dyson |
Eliminated many redundant vm_map_lookup operations for vm_mmap. Speed up for vfs_bio -- addition of a routine bqrelse to greatly diminish overhead for merged cache. Efficiency improvement for vfs_cluster. It used to do alot of redundant calls to cluster_rbuild. Correct the ordering for vrele of .text and release of credentials. Use the selective tlb update for 486/586/P6. Numerous fixes to the size of objects allocated for files. Additionally, fixes in the various pagers. Fixes for proper positioning of vnode_pager_setsize in msdosfs and ext2fs. Fixes in the swap pager for exhausted resources. The pageout code will not as readily thrash. Change the page queue flags (PG_ACTIVE, PG_INACTIVE, PG_FREE, PG_CACHE) into page queue indices (PQ_ACTIVE, PQ_INACTIVE, PQ_FREE, PQ_CACHE), thereby improving efficiency of several routines. Eliminate even more unnecessary vm_page_protect operations. Significantly speed up process forks. Make vm_object_page_clean more efficient, thereby eliminating the pause that happens every 30seconds. Make sequential clustered writes B_ASYNC instead of B_DELWRI even in the case of filesystems mounted async. Fix a panic with busy pages when write clustering is done for non-VMIO buffers.
|
13309 |
07-Jan-1996 |
phk |
The second cast wasn't needed. Submitted by: bde
|
13273 |
06-Jan-1996 |
phk |
Fix the asami&phk bug. This was a sign-extension bug, where a long got multiplied by a constant before being upgraded to long long. This should fix kern/104 and possibly kern/105. Thanks to: dyson & asami.
|
13260 |
05-Jan-1996 |
wollman |
Convert QUOTA to new-style option.
|
13122 |
30-Dec-1995 |
peter |
recording cvs-1.6 file death
|
12971 |
22-Dec-1995 |
phk |
Staticize.
|
12767 |
11-Dec-1995 |
dyson |
Changes to support 1Tb filesizes. Pages are now named by an (object,index) pair instead of (object,offset) pair.
|
12500 |
28-Nov-1995 |
bde |
Removed bogus __BEGIN_DECS/__END_DECLS.
|
12460 |
23-Nov-1995 |
dyson |
Update the wd.c driver to use the new TAILQ scheme for device buffer queue. Also, create a new subroutine 'tqdisksort' that is an improved version of the original disksort that also uses TAILQs.
|
12453 |
21-Nov-1995 |
bde |
Completed function declarations and/or added prototypes.
|
12424 |
20-Nov-1995 |
phk |
Fix compiler warnings.
|
12399 |
19-Nov-1995 |
dyson |
Change incorrect '#if EXT2FS' to '#ifdef EXT2FS'
|
12158 |
09-Nov-1995 |
bde |
Introduced a type `vop_t' for vnode operation functions and used it 1138 times (:-() in casts and a few more times in declarations. This change is null for the i386.
The type has to be `typedef int vop_t(void *)' and not `typedef int vop_t()' because `gcc -Wstrict-prototypes' warns about the latter. Since vnode op functions are called with args of different (struct pointer) types, neither of these function types is any use for type checking of the arg, so it would be preferable not to use the complete function type, especially since using the complete type requires adding 1138 casts to avoid compiler warnings and another 40+ casts to reverse the function pointer conversions before calling the functions.
|
12120 |
06-Nov-1995 |
dyson |
This commit causes UFS to perform at Linux EXT2FS metadata rates. After earlier discussions with DG, and a recent email exchange with SEF, I decided to allow UFS to run wide-open on an experimental basis. We will probably support eventually multiple async modes, and this is the fastest the we can expect. Just use the -o async flag on the UFS mount. Good luck...
|
12117 |
05-Nov-1995 |
dyson |
Changes to existing files for ext2fs support. The UFS mods need rework in the future as they are a bit crufty -- but at least the stuff is in the tree now.
|
12114 |
05-Nov-1995 |
dyson |
Fix ufs_bmap so that triple indirect blocks might work. Submitted by: Godmar Back <gback@facility.cs.utah.edu>
|
12111 |
05-Nov-1995 |
dyson |
Make MNT_ASYNC more effective for UFS. It should not be too much more dangerous than the original MNT_ASYNC. There might be some minor security considerations due to data writes not being posted as promptly as before. Meta-data operations are still not quite as fast as Linux, but streaming I/O is still higher.
|
11701 |
23-Oct-1995 |
dyson |
Finalize GETPAGES layering scheme. Move the device GETPAGES interface into specfs code. No need at this point to modify the PUTPAGES stuff except in the layered-type (NULL/UNION) filesystems.
|
11644 |
22-Oct-1995 |
dg |
Moved the filesystem read-only check out of the syscalls and into the filesystem layer, as was done in lite-2. Merged in some other cosmetic changes while I was at it. Rewrote most of msdosfs_access() to be more like ufs_access() and to include the FS read-only check.
Obtained from: partially from 4.4BSD-lite2
|
11297 |
07-Oct-1995 |
bde |
Return EINVAL instead of panicing for rename("dir1", "dir2/..").
Fixes part of PR 760.
This bug seems to be very old.
|
11264 |
06-Oct-1995 |
phk |
use roundup2 to avoid a bunch of 64bit divides.
|
10823 |
16-Sep-1995 |
bde |
Remove transitory labelling code. Labels are now handled by essentially the original 4.4lite code. Machine Specific Partitions are now handled separately.
|
10675 |
11-Sep-1995 |
bde |
Fix benign type mismatch in a call to VOP_BMAP().
|
10646 |
09-Sep-1995 |
julian |
Obtained from:4.4lite2 fix a change where a shortcut resulted in teh wrong answer..
e.g. touch a touch b mv a b resulted in b being removed and a being moved to b
in the shortcut.. touch a ln a b mv a b the wrong link was removed.. leaving a instead of b, giving a different result to when both files were separate.
|
10597 |
07-Sep-1995 |
dyson |
Correct a case in the ffs_getpages where a page is not found in a sparse file and the page is zeroed but not set valid, clean.
|
10577 |
06-Sep-1995 |
dyson |
Added new ffs_getpages routine. It isn't optimized yet, but FFS now does it's own getpage -- instead of using the default routine in vnode_pager.c.
|
10552 |
04-Sep-1995 |
dyson |
Correct prototype for ufs_bmaparray()
|
10551 |
04-Sep-1995 |
dyson |
Added VOP_GETPAGES/VOP_PUTPAGES and also the "backwards" block count for VOP_BMAP. Updated affected filesystems...
|
10389 |
28-Aug-1995 |
bde |
Fix correct_writedisklabel() and writedisklabel(). Their setting of bp->b_flags has been broken for many years: a) they didn't set B_BUSY for doing i/o. This has been fatal since 1995/07/25 when biodone() started checking that B_BUSY is set. b) they didn't set B_INVAL for releasing the buffer. This at best just put a useless buffer in the LRU queue for a little while.
Fix a couple of spelling errors and complete a couple of function pointer declarations.
|
10358 |
28-Aug-1995 |
julian |
Reviewed by: julian with quick glances by bruce and others Submitted by: terry (terry lambert) This is a composite of 3 patch sets submitted by terry. they are: New low-level init code that supports loadbal modules better some cleanups in the namei code to help terry in 16-bit character support some changes to the mount-root code to make it a little more modular..
NOTE: mounting root off cdrom or NFS MIGHT be broken as I haven't been able to test those cases..
certainly mounting root of disk still works just fine.. mfs should work but is untested. (tomorrows task)
The low level init stuff includes a total rewrite of init_main.c to make it possible for new modules to have an init phase by simply adding an entry to a TEXT_SET (or is it DATA_SET) list. thus a new module can be added to the kernel without editing any other files other than the 'files' file.
|
10269 |
25-Aug-1995 |
bde |
Don't call VOP_UPDATE() with volatile timestamps.
|
9984 |
07-Aug-1995 |
dg |
On closer inspection, it turns out that all of the callers of disksort are already at splbio()...so back out the last change to disksort.
|
9982 |
07-Aug-1995 |
dg |
Since buffers can be pulled off of the disk queue at interrupt time and disksort is called at non-interrupt time and can be actively traversing the list when that happens, there is a very small window of vulnerability. Close it by protecting disksort with splbio().
|
9842 |
01-Aug-1995 |
dg |
Removed my special-case hack for VOP_LINK and fixed the problem with the wrong vp's ops vector being used by changing the VOP_LINK's argument order. The special-case hack doesn't go far enough and breaks the generic bypass routine used in some non-leaf filesystems. Pointed out by Kirk McKusick.
|
9759 |
29-Jul-1995 |
bde |
Eliminate sloppy common-style declarations. There should be none left for the LINT configuation.
|
9354 |
28-Jun-1995 |
dg |
Fixed VOP_LINK argument order botch.
|
8876 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
8529 |
15-May-1995 |
dg |
From Bruce Evans: I ran into another manifestation of the problem reported in PR 211 and fixed it. Try this:
as non-root: cd /tmp; mkdir x y x/z as root: chown root /tmp/x/z as non-root: cd /tmp/x; mv z ../y # EACCES as expected as root: cd /tmp/x; mv z ../y # EINVAL NOT as expected
This is because ufs_rename() sets IN_RENAME and fails to clear it.
Reviewed by: davidg Submitted by: bde
|
8053 |
25-Apr-1995 |
dyson |
Fixed the mmap hang fix previously committed so that it works with options DIAGNOSTIC, and clear up an additional reference count problem.
|
8041 |
24-Apr-1995 |
dyson |
Changes to get rid of ufslk2 hangs when doing read/write to/from mmap regions that are in the same file as the read/write.
|
7695 |
09-Apr-1995 |
dg |
Changes from John Dyson and myself:
Fixed remaining known bugs in the buffer IO and VM system.
vfs_bio.c: Fixed some race conditions and locking bugs. Improved performance by removing some (now) unnecessary code and fixing some broken logic. Fixed process accounting of # of FS outputs. Properly handle NFS interrupts (B_EINTR).
(various) Replaced calls to clrbuf() with calls to an optimized routine called vfs_bio_clrbuf().
(various FS sync) Sync out modified vnode_pager backed pages.
ffs_vnops.c: Do two passes: Sync out file data first, then indirect blocks.
vm_fault.c: Fixed deadly embrace caused by acquiring locks in the wrong order.
vnode_pager.c: Changed to use buffer I/O system for writing out modified pages. This should fix the problem with the modification date previous not getting updated. Also dramatically simplifies the code. Note that this is going to change in the future and be implemented via VOP_PUTPAGES().
vm_object.c: Fixed a pile of bugs related to cleaning (vnode) objects. The performance of vm_object_page_clean() is terrible when dealing with huge objects, but this will change when we implement a binary tree to keep the object pages sorted.
vm_pageout.c: Fixed broken clustering of pageouts. Fixed race conditions and other lockup style bugs in the scanning of pages. Improved performance.
|
7430 |
28-Mar-1995 |
bde |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) that I didn't notice when I fixed "all" such warnings before.
|
7169 |
19-Mar-1995 |
dg |
Backed out change to panic call: As Chris just pointed out to me, panic() does indeed work like printf(). gdb gets the string untranslated for some reason.
|
7156 |
19-Mar-1995 |
dg |
Fix a call to panic: panic doesn't do token substitution on the panic string.
|
7133 |
18-Mar-1995 |
dg |
Woops, add back that #define...it's used later in the file.
|
7126 |
18-Mar-1995 |
dg |
Fixed comments and removed b_cylinder #define.
|
7125 |
18-Mar-1995 |
dg |
Integrated change from 1.1.5: Fixed broken disksort to sort by pblkno rather than by cylinder.
|
7090 |
16-Mar-1995 |
bde |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
7018 |
12-Mar-1995 |
bde |
Finish the previous change. The device name got lost in diskerr().
|
7006 |
11-Mar-1995 |
dg |
Removed gratuitous and *extremely* evil setting of OBJ_INTERNAL. This caused a cascade of problems including kernel memory corruption, file corruption, system hangs, and panics.
|
6992 |
10-Mar-1995 |
dg |
Patch to fix quota panic from Mike Karels:
allow Q_SYNC regardless of "target" uid, we allow it with -1; fix bug that caused all ops to refer to user quotas, not group.
Submitted by: Mike Karels
|
6875 |
04-Mar-1995 |
dg |
Removed obsolete vtrace() remnants.
|
6640 |
22-Feb-1995 |
bde |
Use dsname() to get consistent names.
|
6505 |
16-Feb-1995 |
bde |
Adjust slice names in diskerr() for the rearranged slice numbers. The mapping from numbers to names is messy for backwards compatibility. E.g., for driver "sd", unit "0":
slice 0: omit the slice number for compatibility; names are sd0[a-h]. slice 1: omit the partition letter 'c' because the whole disk device shouldn't have anything to do with partitions; sd0 is the only name. slices 2-31: subtract 1 from slice number to compensate for the compatibility slice 0; names are sd0s[1-30][a-h].
|
6357 |
14-Feb-1995 |
phk |
YF fix.
|
5840 |
24-Jan-1995 |
dg |
Removed some unused/obsolete code.
Submitted by: John Dyson
|
5455 |
09-Jan-1995 |
dg |
These changes embody the support of the fully coherent merged VM buffer cache, much higher filesystem I/O performance, and much better paging performance. It represents the culmination of over 6 months of R&D.
The majority of the merged VM/cache work is by John Dyson.
The following highlights the most significant changes. Additionally, there are (mostly minor) changes to the various filesystem modules (nfs, msdosfs, etc) to support the new VM/buffer scheme.
vfs_bio.c: Significant rewrite of most of vfs_bio to support the merged VM buffer cache scheme. The scheme is almost fully compatible with the old filesystem interface. Significant improvement in the number of opportunities for write clustering.
vfs_cluster.c, vfs_subr.c Upgrade and performance enhancements in vfs layer code to support merged VM/buffer cache. Fixup of vfs_cluster to eliminate the bogus pagemove stuff.
vm_object.c: Yet more improvements in the collapse code. Elimination of some windows that can cause list corruption.
vm_pageout.c: Fixed it, it really works better now. Somehow in 2.0, some "enhancements" broke the code. This code has been reworked from the ground-up.
vm_fault.c, vm_page.c, pmap.c, vm_object.c Support for small-block filesystems with merged VM/buffer cache scheme.
pmap.c vm_map.c Dynamic kernel VM size, now we dont have to pre-allocate excessive numbers of kernel PTs.
vm_glue.c Much simpler and more effective swapping code. No more gratuitous swapping.
proc.h Fixed the problem that the p_lock flag was not being cleared on a fork.
swap_pager.c, vnode_pager.c Removal of old vfs_bio cruft to support the past pseudo-coherency. Now the code doesn't need it anymore.
machdep.c Changes to better support the parameter values for the merged VM/buffer cache scheme.
machdep.c, kern_exec.c, vm_glue.c Implemented a seperate submap for temporary exec string space and another one to contain process upages. This eliminates all map fragmentation problems that previously existed.
ffs_inode.c, ufs_inode.c, ufs_readwrite.c Changes for merged VM/buffer cache. Add "bypass" support for sneaking in on busy buffers.
Submitted by: John Dyson and David Greenman
|
5392 |
04-Jan-1995 |
gibbs |
Change panic messges that are ffs_blah functions to say they are ffs not ufs functions.
|
5247 |
27-Dec-1994 |
bde |
Use the same current time throughout ITIMES(). I want all current timestamps for an atomic operation such as rename() on a local file system to be identical.
Uniformize yet another idempotency ifdef. The comment nesting was bogus.
|
5185 |
22-Dec-1994 |
bde |
Print `slicename' and not a bogus pointer in diskerr()
|
5126 |
16-Dec-1994 |
bde |
Duplicate readdisklabel() and writedisklabel() and remove DOS stuff from from the copies to create correct_readdisklabel() and correct_writedisklabel().
Print the slice number in diskerr() if it is nonzero.
|
4827 |
26-Nov-1994 |
bde |
Submitted by: Kirk McKusick
Allow chown() to return success if the gid isn't changed even if the gid is not the caller's. Such gids are normal for files created in world-writable directories sucj as /tmp. This "fixes" annoying error messages for mv'ing files created in /tmp to another file system. mv still preserves the foreign gid of /tmp, but now does it silently.
|
4464 |
14-Nov-1994 |
bde |
Remove unused `struct disklabel' (the declarations that used it went away).
Uniformize idempotency ifdef.
|
3940 |
27-Oct-1994 |
jkh |
Julian Elischer's disklabel fixes.
|
3745 |
21-Oct-1994 |
wollman |
Make my ALLDEVS kernel compile (basically, LINT minus a lot of options).
This involves fixing a few things I broke last time.
|
3653 |
17-Oct-1994 |
phk |
This basically allows you to stick a disklabel on any partition.
For it to be useful, you must stick your disklabel on the partition which starts where the MBR says FreeBSD lives. If you don't do that, you might get a bad day.
Oh, that probably also means that putting swap there is a bad idea...
|
3605 |
15-Oct-1994 |
ache |
Add back variable declaration removed by wrong previous cleanups
|
3604 |
15-Oct-1994 |
ache |
Add back variable declaration removed by wrong prevous cleanups.
|
3487 |
10-Oct-1994 |
phk |
Cosmetics. make gcc less noisy. Still some way to go here.
|
3427 |
08-Oct-1994 |
phk |
POSSIBLE BOGUS CODE found, (related to dos-partitions) in ufs_disksubr.c, look for CC_WALL. Cosmetics, a couple of unused vars.
|
3420 |
08-Oct-1994 |
phk |
Cosmetics.
|
3396 |
06-Oct-1994 |
dg |
Use tsleep() rather than sleep so that 'ps' is more informative about the wait.
|
3167 |
28-Sep-1994 |
dfr |
Make NFS ask the filesystems for directory cookies instead of making them itself.
|
3148 |
27-Sep-1994 |
phk |
Moved the "relookup" routine into vfs_lookup.c from ufs/ufs/ufs_vnops.c. Several FS's use this, so it doesn't belong in ufs. (unionfs, msdosfs and ufs)
|
2979 |
22-Sep-1994 |
wollman |
More loadable VFS changes:
- Make a number of filesystems work again when they are statically compiled (blush)
- FIFOs are no longer optional; ``options FIFO'' removed from distributed config files.
|
2177 |
21-Aug-1994 |
paul |
Made idempotent Reviewed by: Submitted by:
|
2112 |
18-Aug-1994 |
wollman |
Fix up some sloppy coding practices:
- Delete redundant declarations. - Add -Wredundant-declarations to Makefile.i386 so they don't come back. - Delete sloppy COMMON-style declarations of uninitialized data in header files. - Add a few prototypes. - Clean up warnings resulting from the above.
NB: ioconf.c will still generate a redundant-declaration warning, which is unavoidable unless somebody volunteers to make `config' smarter.
|
1960 |
08-Aug-1994 |
dg |
Made lockf advisory locking code generic (rather than ufs specific), and use it in NFS. This is required both for diskless support and for POSIX compliance. Note: the support in NFS is only for the local node.
Submitted by: based on work originally done by Yuval Yurom
|
1937 |
08-Aug-1994 |
dg |
Changed B_AGE policy to work correctly in a world with relatively large buffer caches. The old policy generally ended up caching nothing.
|
1817 |
02-Aug-1994 |
dg |
Added $Id$
|
1549 |
25-May-1994 |
rgrimes |
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
|
1542 |
24-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1541, which included commits to RCS files with non-trunk default branches.
|