diff options
author | pjd <pjd@FreeBSD.org> | 2008-11-17 20:49:29 +0000 |
---|---|---|
committer | pjd <pjd@FreeBSD.org> | 2008-11-17 20:49:29 +0000 |
commit | bbe899b96e388a8b82439f81ed3707e0d9c6070d (patch) | |
tree | 81b89fa4ac6467771d5aa291a97f4665981a6108 /sys/kern/kern_jail.c | |
parent | d2f579595c362ce27b4d87e2c40e1c4e09b929e3 (diff) | |
download | FreeBSD-src-bbe899b96e388a8b82439f81ed3707e0d9c6070d.zip FreeBSD-src-bbe899b96e388a8b82439f81ed3707e0d9c6070d.tar.gz |
Update ZFS from version 6 to 13 and bring some FreeBSD-specific changes.
This bring huge amount of changes, I'll enumerate only user-visible changes:
- Delegated Administration
Allows regular users to perform ZFS operations, like file system
creation, snapshot creation, etc.
- L2ARC
Level 2 cache for ZFS - allows to use additional disks for cache.
Huge performance improvements mostly for random read of mostly
static content.
- slog
Allow to use additional disks for ZFS Intent Log to speed up
operations like fsync(2).
- vfs.zfs.super_owner
Allows regular users to perform privileged operations on files stored
on ZFS file systems owned by him. Very careful with this one.
- chflags(2)
Not all the flags are supported. This still needs work.
- ZFSBoot
Support to boot off of ZFS pool. Not finished, AFAIK.
Submitted by: dfr
- Snapshot properties
- New failure modes
Before if write requested failed, system paniced. Now one
can select from one of three failure modes:
- panic - panic on write error
- wait - wait for disk to reappear
- continue - serve read requests if possible, block write requests
- Refquota, refreservation properties
Just quota and reservation properties, but don't count space consumed
by children file systems, clones and snapshots.
- Sparse volumes
ZVOLs that don't reserve space in the pool.
- External attributes
Compatible with extattr(2).
- NFSv4-ACLs
Not sure about the status, might not be complete yet.
Submitted by: trasz
- Creation-time properties
- Regression tests for zpool(8) command.
Obtained from: OpenSolaris
Diffstat (limited to 'sys/kern/kern_jail.c')
-rw-r--r-- | sys/kern/kern_jail.c | 262 |
1 files changed, 28 insertions, 234 deletions
diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 3afbc91..cee1ca6 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -35,6 +35,7 @@ __FBSDID("$FreeBSD$"); #include <sys/sysctl.h> #include <sys/vnode.h> #include <sys/vimage.h> +#include <sys/osd.h> #include <net/if.h> #include <netinet/in.h> @@ -86,22 +87,6 @@ struct sx allprison_lock; int lastprid = 0; int prisoncount = 0; -/* - * List of jail services. Protected by allprison_lock. - */ -TAILQ_HEAD(prison_services_head, prison_service); -static struct prison_services_head prison_services = - TAILQ_HEAD_INITIALIZER(prison_services); -static int prison_service_slots = 0; - -struct prison_service { - prison_create_t ps_create; - prison_destroy_t ps_destroy; - int ps_slotno; - TAILQ_ENTRY(prison_service) ps_next; - char ps_name[0]; -}; - static void init_prison(void *); static void prison_complete(void *context, int pending); static int sysctl_jail_list(SYSCTL_HANDLER_ARGS); @@ -126,7 +111,6 @@ jail(struct thread *td, struct jail_args *uap) { struct nameidata nd; struct prison *pr, *tpr; - struct prison_service *psrv; struct jail j; struct jail_attach_args jaa; int vfslocked, error, tryprid; @@ -159,12 +143,7 @@ jail(struct thread *td, struct jail_args *uap) pr->pr_ip = j.ip_number; pr->pr_linux = NULL; pr->pr_securelevel = securelevel; - if (prison_service_slots == 0) - pr->pr_slots = NULL; - else { - pr->pr_slots = malloc(sizeof(*pr->pr_slots) * prison_service_slots, - M_PRISON, M_ZERO | M_WAITOK); - } + bzero(&pr->pr_osd, sizeof(pr->pr_osd)); /* Determine next pr_id and add prison to allprison list. */ sx_xlock(&allprison_lock); @@ -186,11 +165,7 @@ next: pr->pr_id = jaa.jid = lastprid = tryprid; LIST_INSERT_HEAD(&allprison, pr, pr_list); prisoncount++; - sx_downgrade(&allprison_lock); - TAILQ_FOREACH(psrv, &prison_services, ps_next) { - psrv->ps_create(psrv, pr); - } - sx_sunlock(&allprison_lock); + sx_xunlock(&allprison_lock); error = jail_attach(td, &jaa); if (error) @@ -204,14 +179,8 @@ e_dropprref: sx_xlock(&allprison_lock); LIST_REMOVE(pr, pr_list); prisoncount--; - sx_downgrade(&allprison_lock); - TAILQ_FOREACH(psrv, &prison_services, ps_next) { - psrv->ps_destroy(psrv, pr); - } - sx_sunlock(&allprison_lock); + sx_xunlock(&allprison_lock); e_dropvnref: - if (pr->pr_slots != NULL) - free(pr->pr_slots, M_PRISON); vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount); vrele(pr->pr_root); VFS_UNLOCK_GIANT(vfslocked); @@ -311,10 +280,10 @@ prison_find(int prid) } void -prison_free(struct prison *pr) +prison_free_locked(struct prison *pr) { - mtx_lock(&pr->pr_mtx); + mtx_assert(&pr->pr_mtx, MA_OWNED); pr->pr_ref--; if (pr->pr_ref == 0) { mtx_unlock(&pr->pr_mtx); @@ -325,10 +294,17 @@ prison_free(struct prison *pr) mtx_unlock(&pr->pr_mtx); } +void +prison_free(struct prison *pr) +{ + + mtx_lock(&pr->pr_mtx); + prison_free_locked(pr); +} + static void prison_complete(void *context, int pending) { - struct prison_service *psrv; struct prison *pr; int vfslocked; @@ -337,13 +313,10 @@ prison_complete(void *context, int pending) sx_xlock(&allprison_lock); LIST_REMOVE(pr, pr_list); prisoncount--; - sx_downgrade(&allprison_lock); - TAILQ_FOREACH(psrv, &prison_services, ps_next) { - psrv->ps_destroy(psrv, pr); - } - sx_sunlock(&allprison_lock); - if (pr->pr_slots != NULL) - free(pr->pr_slots, M_PRISON); + sx_xunlock(&allprison_lock); + + /* Free all OSD associated to this jail. */ + osd_jail_exit(pr); vfslocked = VFS_LOCK_GIANT(pr->pr_root->v_mount); vrele(pr->pr_root); @@ -356,13 +329,21 @@ prison_complete(void *context, int pending) } void -prison_hold(struct prison *pr) +prison_hold_locked(struct prison *pr) { - mtx_lock(&pr->pr_mtx); + mtx_assert(&pr->pr_mtx, MA_OWNED); KASSERT(pr->pr_ref > 0, ("Trying to hold dead prison (id=%d).", pr->pr_id)); pr->pr_ref++; +} + +void +prison_hold(struct prison *pr) +{ + + mtx_lock(&pr->pr_mtx); + prison_hold_locked(pr); mtx_unlock(&pr->pr_mtx); } @@ -762,193 +743,6 @@ prison_priv_check(struct ucred *cred, int priv) } } -/* - * Register jail service. Provides 'create' and 'destroy' methods. - * 'create' method will be called for every existing jail and all - * jails in the future as they beeing created. - * 'destroy' method will be called for every jail going away and - * for all existing jails at the time of service deregistration. - */ -struct prison_service * -prison_service_register(const char *name, prison_create_t create, - prison_destroy_t destroy) -{ - struct prison_service *psrv, *psrv2; - struct prison *pr; - int reallocate = 1, slotno = 0; - void **slots, **oldslots; - - psrv = malloc(sizeof(*psrv) + strlen(name) + 1, M_PRISON, - M_WAITOK | M_ZERO); - psrv->ps_create = create; - psrv->ps_destroy = destroy; - strcpy(psrv->ps_name, name); - /* - * Grab the allprison_lock here, so we won't miss any jail - * creation/destruction. - */ - sx_xlock(&allprison_lock); -#ifdef INVARIANTS - /* - * Verify if service is not already registered. - */ - TAILQ_FOREACH(psrv2, &prison_services, ps_next) { - KASSERT(strcmp(psrv2->ps_name, name) != 0, - ("jail service %s already registered", name)); - } -#endif - /* - * Find free slot. When there is no existing free slot available, - * allocate one at the end. - */ - TAILQ_FOREACH(psrv2, &prison_services, ps_next) { - if (psrv2->ps_slotno != slotno) { - KASSERT(slotno < psrv2->ps_slotno, - ("Invalid slotno (slotno=%d >= ps_slotno=%d", - slotno, psrv2->ps_slotno)); - /* We found free slot. */ - reallocate = 0; - break; - } - slotno++; - } - psrv->ps_slotno = slotno; - /* - * Keep the list sorted by slot number. - */ - if (psrv2 != NULL) { - KASSERT(reallocate == 0, ("psrv2 != NULL && reallocate != 0")); - TAILQ_INSERT_BEFORE(psrv2, psrv, ps_next); - } else { - KASSERT(reallocate == 1, ("psrv2 == NULL && reallocate == 0")); - TAILQ_INSERT_TAIL(&prison_services, psrv, ps_next); - } - prison_service_slots++; - sx_downgrade(&allprison_lock); - /* - * Allocate memory for new slot if we didn't found empty one. - * Do not use realloc(9), because pr_slots is protected with a mutex, - * so we can't sleep. - */ - LIST_FOREACH(pr, &allprison, pr_list) { - if (reallocate) { - /* First allocate memory with M_WAITOK. */ - slots = malloc(sizeof(*slots) * prison_service_slots, - M_PRISON, M_WAITOK); - /* Now grab the mutex and replace pr_slots. */ - mtx_lock(&pr->pr_mtx); - oldslots = pr->pr_slots; - if (psrv->ps_slotno > 0) { - bcopy(oldslots, slots, - sizeof(*slots) * (prison_service_slots - 1)); - } - slots[psrv->ps_slotno] = NULL; - pr->pr_slots = slots; - mtx_unlock(&pr->pr_mtx); - if (oldslots != NULL) - free(oldslots, M_PRISON); - } - /* - * Call 'create' method for each existing jail. - */ - psrv->ps_create(psrv, pr); - } - sx_sunlock(&allprison_lock); - - return (psrv); -} - -void -prison_service_deregister(struct prison_service *psrv) -{ - struct prison *pr; - void **slots, **oldslots; - int last = 0; - - sx_xlock(&allprison_lock); - if (TAILQ_LAST(&prison_services, prison_services_head) == psrv) - last = 1; - TAILQ_REMOVE(&prison_services, psrv, ps_next); - prison_service_slots--; - sx_downgrade(&allprison_lock); - LIST_FOREACH(pr, &allprison, pr_list) { - /* - * Call 'destroy' method for every currently existing jail. - */ - psrv->ps_destroy(psrv, pr); - /* - * If this is the last slot, free the memory allocated for it. - */ - if (last) { - if (prison_service_slots == 0) - slots = NULL; - else { - slots = malloc(sizeof(*slots) * prison_service_slots, - M_PRISON, M_WAITOK); - } - mtx_lock(&pr->pr_mtx); - oldslots = pr->pr_slots; - /* - * We require setting slot to NULL after freeing it, - * this way we can check for memory leaks here. - */ - KASSERT(oldslots[psrv->ps_slotno] == NULL, - ("Slot %d (service %s, jailid=%d) still contains data?", - psrv->ps_slotno, psrv->ps_name, pr->pr_id)); - if (psrv->ps_slotno > 0) { - bcopy(oldslots, slots, - sizeof(*slots) * prison_service_slots); - } - pr->pr_slots = slots; - mtx_unlock(&pr->pr_mtx); - KASSERT(oldslots != NULL, ("oldslots == NULL")); - free(oldslots, M_PRISON); - } - } - sx_sunlock(&allprison_lock); - free(psrv, M_PRISON); -} - -/* - * Function sets data for the given jail in slot assigned for the given - * jail service. - */ -void -prison_service_data_set(struct prison_service *psrv, struct prison *pr, - void *data) -{ - - mtx_assert(&pr->pr_mtx, MA_OWNED); - pr->pr_slots[psrv->ps_slotno] = data; -} - -/* - * Function clears slots assigned for the given jail service in the given - * prison structure and returns current slot data. - */ -void * -prison_service_data_del(struct prison_service *psrv, struct prison *pr) -{ - void *data; - - mtx_assert(&pr->pr_mtx, MA_OWNED); - data = pr->pr_slots[psrv->ps_slotno]; - pr->pr_slots[psrv->ps_slotno] = NULL; - return (data); -} - -/* - * Function returns current data from the slot assigned to the given jail - * service for the given jail. - */ -void * -prison_service_data_get(struct prison_service *psrv, struct prison *pr) -{ - - mtx_assert(&pr->pr_mtx, MA_OWNED); - return (pr->pr_slots[psrv->ps_slotno]); -} - static int sysctl_jail_list(SYSCTL_HANDLER_ARGS) { |