#
95ee2897 |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
sys: Remove $FreeBSD$: two-line .h pattern Remove /^\s*\*\n \*\s+\$FreeBSD\$$\n/
|
#
4d846d26 |
|
10-May-2023 |
Warner Losh <imp@FreeBSD.org> |
spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch up to that fact and revert to their recommended match of BSD-2-Clause. Discussed with: pfg MFC After: 3 days Sponsored by: Netflix
|
#
ea37efb7 |
|
07-Dec-2020 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Allow sys/refcount.h to be used by standalone builds. No functional change. MFC after: 1 week Sponsored by: Mellanox Technologies // NVIDIA Networking
|
#
e8900461 |
|
04-Nov-2020 |
Mark Johnston <markj@FreeBSD.org> |
refcount(9): Add refcount_release_if_last() and refcount_load() The former is intended for use in vmspace_exit(). The latter is to encourage use of explicit loads rather than relying on the volatile qualifier. This works better with kernel sanitizers, which can intercept atomic(9) calls, and makes tricky lockless code easier to read by not forcing the reader to remember which variables are declared volatile. Reviewed by: kib, mjg, mmel MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D27056
|
#
1a297ee5 |
|
27-Oct-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
refcount: make it atomic-clean While here consistently use 'old' in all places. Tested by: pho
|
#
defa7daf |
|
04-Mar-2020 |
Mark Johnston <markj@FreeBSD.org> |
Remove an #include erroneously added in r358432. Reported by: erj
|
#
c99d0c58 |
|
28-Feb-2020 |
Mark Johnston <markj@FreeBSD.org> |
Add a blocking counter KPI. refcount(9) was recently extended to support waiting on a refcount to drop to zero, as this was needed for a lockless VM object paging-in-progress counter. However, this adds overhead to all uses of refcount(9) and doesn't really match traditional refcounting semantics: once a counter has dropped to zero, the protected object may be freed at any point and it is not safe to dereference the counter. This change removes that extension and instead adds a new set of KPIs, blockcount_*, for use by VM object PIP and busy. Reviewed by: jeff, kib, mjg Tested by: pho Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D23723
|
#
d8a84f08 |
|
16-Feb-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
refcount: update comments about fencing when releasing counts after r357989 Requested by: kib Reviewed by: kib Differential Revision: https://reviews.freebsd.org/D23719
|
#
89061128 |
|
15-Feb-2020 |
Mateusz Guzik <mjg@FreeBSD.org> |
refcount: add missing release fence to refcount_release_if_gt The CPU succeeding in releasing the not last reference can still have pending stores to the object protected by the affected counter. This opens a time window where another CPU can release the last reference and free the object, resulting in use-after-free. On top of that this prevents the compiler from generating more accesses to the object regardless of how atomic_fcmpset_rel_int is implemented (of course as long as it provides the release semantic). Reviewed by: markj
|
#
811d05fc |
|
19-Jan-2020 |
Jeff Roberson <jeff@FreeBSD.org> |
Provide an API for interlocked refcount sleeps. Reviewed by: kib, markj Differential Revision: https://reviews.freebsd.org/D22908
|
#
a67d5408 |
|
26-Nov-2019 |
Jeff Roberson <jeff@FreeBSD.org> |
Use atomics in more cases for object references. We now can completely omit the object lock if we are above a certain threshold. Hold only a single vnode reference when the vnode object has any ref > 0. This allows us to only lock the object and vnode on 0-1 and 1-0 transitions. Differential Revision: https://reviews.freebsd.org/D22452
|
#
51df5321 |
|
29-Oct-2019 |
Jeff Roberson <jeff@FreeBSD.org> |
Use atomics and a shared object lock to protect the object reference count. Certain consumers still need to guarantee a stable reference so we can not switch entirely to atomics yet. Exclusive lock holders can still modify and examine the refcount without using the ref api. Reviewed by: kib Tested by: pho Sponsored by: Netflix, Intel Differential Revision: https://reviews.freebsd.org/D21598
|
#
40617291 |
|
12-Sep-2019 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Use %u instead of %d to print unsigned integer. While at it remove an empty line. MFC after: 1 week Sponsored by: Mellanox Technologies
|
#
fd077665 |
|
12-Sep-2019 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Fix for undefined behaviour. Left shift of 1 by 31 places cannot be represented in type 'int'. MFC after: 1 week Sponsored by: Mellanox Technologies
|
#
33205c60 |
|
18-Aug-2019 |
Jeff Roberson <jeff@FreeBSD.org> |
Add a blocking wait bit to refcount. This allows refs to be used as a simple barrier. Reviewed by: markj, kib Discussed with: jhb Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D21254
|
#
0b21d894 |
|
30-Jul-2019 |
Mark Johnston <markj@FreeBSD.org> |
Handle refcount(9) wraparound. Attempt to mitigate the security risks around refcount overflows by introducing a "saturated" state for the counter. Once a counter reaches INT_MAX+1, subsequent acquire and release operations will blindly set the counter value to INT_MAX + INT_MAX/2, ensuring that the protected resource will not be freed; instead, it will merely be leaked. The approach introduces a small race: if a refcount value reaches INT_MAX+1, a subsequent release will cause the releasing thread to set the counter to the saturation value after performing the decrement. If in the intervening window INT_MAX refcount releases are performed by a different thread, a use-after-free is possible. This is very difficult to trigger in practice, and any situation where it could be triggered would likely be vulnerable to reference count wraparound problems to begin with. An alternative would be to use atomic_cmpset to acquire and release references, but this would introduce a larger performance penalty, particularly when the counter is contended. Note that refcount_acquire_checked(9) maintains its previous behaviour; code which must accurately track references should use it instead of refcount_acquire(9). Reviewed by: kib, mjg MFC after: 3 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D21089
|
#
13ff4eb1 |
|
21-Jul-2019 |
Konstantin Belousov <kib@FreeBSD.org> |
Switch the rest of the refcount(9) functions to bool return type. There are some explicit comparisions of refcount_release(9) result with 0/1, which are fine. Reviewed by: markj, mjg Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D21014
|
#
10040398 |
|
21-Jul-2019 |
Konstantin Belousov <kib@FreeBSD.org> |
Fix userspace build after r350199. Sponsored by: The FreeBSD Foundation MFC after: 1 week
|
#
f1cf2b9d |
|
21-Jul-2019 |
Konstantin Belousov <kib@FreeBSD.org> |
Check and avoid overflow when incrementing fp->f_count in fget_unlocked() and fhold(). On sufficiently large machine, f_count can be legitimately very large, e.g. malicious code can dup same fd up to the per-process filedescriptors limit, and then fork as much as it can. On some smaller machine, I see kern.maxfilesperproc: 939132 kern.maxprocperuid: 34203 which already overflows u_int. More, the malicious code can create transient references by sending fds over unix sockets. I realized that this check is missed after reading https://secfault-security.com/blog/FreeBSD-SA-1902.fd.html Reviewed by: markj (previous version), mjg Tested by: pho (previous version) Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D20947
|
#
2e43efd0 |
|
06-Mar-2019 |
John Baldwin <jhb@FreeBSD.org> |
Drop "All rights reserved" from my copyright statements. Reviewed by: rgrimes MFC after: 1 month Differential Revision: https://reviews.freebsd.org/D19485
|
#
f07c942d |
|
07-Dec-2018 |
Mateusz Guzik <mjg@FreeBSD.org> |
refcount: remove a stale comment about conditional ref/unref routines It was there for vfs-specific variants and was copied over when it should not. Sponsored by: The FreeBSD Foundation
|
#
127a9d73 |
|
22-Oct-2018 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Make sure returned value is checked and assert a valid refcount. While at it fix a print: Unsigned types cannot be negative. Reviewed by: kib, mjg Differential revision: https://reviews.freebsd.org/D17616 MFC after: 1 week Sponsored by: Mellanox Technologies
|
#
f4043145 |
|
28-Mar-2018 |
Andriy Gapon <avg@FreeBSD.org> |
ZFS vn_rele_async: catch up with the use of refcount(9) for the vnode use count It's not sufficient nor required to use the vnode interlock when checking if we are going to drop the last use count as the code in vputx() uses refcount (atomic) operations for both checking and decrementing the use code. Apply the same method to vn_rele_async(). While here, remove vn_rele_inactive(), a wrapper around vrele() that didn't add any value. Also, the change required making vfs_refcount_release_if_not_last() public. I've made vfs_refcount_acquire_if_not_zero() public as well. They are in sys/refcount.h now. While making the move I've dropped the vfs_ prefix. Reviewed by: mjg MFC after: 2 weeks Sponsored by: Panzura Differential Revision: https://reviews.freebsd.org/D14869
|
#
c4e20cad |
|
27-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
sys/sys: further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 2-Clause license, however the tool I was using misidentified many licenses so this was mostly a manual - error prone - task. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts.
|
#
157d5e6d |
|
30-Jun-2017 |
Konstantin Belousov <kib@FreeBSD.org> |
Correct fences for sys/refcount.h. The acq barrier in refcount_acquire() has no use, constructor must ensure that the changes are visible before publication by other means. Last release must sync/with the constructor and all updaters. This is based on the refcount/shared_ptr analysis I heard at the Hans Boehm and Herb Sutter talks about C++ atomics. Reviewed by: alc, jhb, markj Sponsored by: The FreeBSD Foundation MFC after: 2 weeks Differential revision: https://reviews.freebsd.org/D11270
|
#
e432d5f6 |
|
05-Feb-2014 |
John Baldwin <jhb@FreeBSD.org> |
Drop the 3rd clause from all 3 clause BSD licenses where I am the sole holder to convert them to 2 clause BSD licenses. MFC after: 1 week
|
#
be6ab406 |
|
27-Jul-2012 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Add assertion for refcount overflow. Submitted by: Andrey Zonov <andrey zonov.org> Reviewed by: kib
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
b39cb07c |
|
23-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Remove debugging cruft.
|
#
75f31a5f |
|
23-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
pjd@'s r180759 was intended to revert r180755 due to ipfilter breakage, but removed too much, breaking the build in other places instead. Now that the ipfilter issue has been fixed (or hacked around), address the second issue by restoring r180755, with one small change. I don't feel comfortable using assert(3) in a header that will be included in userland code that may or may not already have an assertion mechanism in place, so KASSERT() evaluates to a no-op in the !_KERNEL case.
|
#
72b60ff8 |
|
23-Jul-2008 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Back out this change, as it breaks the build and I don't have time for a better fix today.
|
#
a16ab3b0 |
|
23-Jul-2008 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Check for negative reference count. Reviewed by: des
|
#
d6fe50b6 |
|
27-Sep-2005 |
John Baldwin <jhb@FreeBSD.org> |
Add a simple reference count API that is simply a thin wrapper API around atomic operations on ints. Reviewed by: arch@ MFC after: 1 week
|