summaryrefslogtreecommitdiffstats
path: root/sys/fs/devfs/devfs_vnops.c
Commit message (Collapse)AuthorAgeFilesLines
* MFC r301928:kib2016-06-221-13/+20
| | | | Only access vp->v_rdev for VCHR vnodes in devfs_reclaim().
* MFC r298732:pfg2016-05-051-1/+1
| | | | | | | sys/devfs: unsign an index to prevent signed integer overflow. cdp_maxdirent in struct:cdev_priv is of type u_int. Use the same type for the corresponding index in devfs_revoke().
* MFC r293059:kib2016-01-231-3/+3
| | | | | Hide transient EBADF errors caused by the parallel revoke(2) or forced unmount of devfs mounts, by restarting the failed syscall.
* MFC 286974,291653:jhb2016-01-231-1/+1
| | | | | | | | | | | | | | | | 286974: Remove reference to non-existent kern_openat(9). 291653: The cdevpriv_dtr_t typedef was not able to be used in a function prototype like the various d_*_t typedefs since it declared a function pointer rather than a function. Add a new d_priv_dtor_t typedef that declares the function and can be used as a function prototype. The previous typedef wasn't useful outside of the cdevpriv implementation, so retire it. The name d_priv_dtor_t was chosen to be more consistent with cdev methods since it is commonly used in place of d_close_t even though it is not a direct pointer in struct cdevsw.
* MFC r293042:kib2016-01-081-1/+1
| | | | Minor style cleanup.
* MFC r292621:kib2015-12-291-7/+14
| | | | | Keep devfs mount locked for the whole duration of the devfs_setattr(), and ensure that our dirent is instantiated.
* MFC r287033:trasz2015-10-181-1/+2
| | | | | | | After r286237 it should be fine to call vgone(9) on a busy GEOM vnode; remove KASSERT that would prevent forced devfs unmount from working. Sponsored by: The FreeBSD Foundation
* MFC r280308 (by delphij):kib2015-04-081-2/+29
| | | | | | | Disable timestamping on devfs read/write operations by default. MFC r280949: Refine r280308. Use seconds precision for devfs timestamps by default.
* MFC r279362:kib2015-03-061-2/+1
| | | | | | | The VNASSERT in vflush() FORCECLOSE case is trying to panic early to prevent errors from yanking devices out from under filesystems. Only care about special vnodes on devfs, special nodes on other kinds of filesystems do not have special properties.
* MFC r277390:kib2015-01-261-0/+3
| | | | Ignore devfs directory entries for devices being destroyed.
* MFC r273131:kib2014-10-221-7/+16
| | | | | When vnode bypass cannot be performed on the cdev file descriptor for read/write/poll/ioctl, call standard vnode filedescriptor fop.
* MFC r267564:kib2014-06-241-4/+2
| | | | | In msdosfs_setattr(), add a check for result of the utimes(2) permissions test. Refactor the permission checks for utimes(2).
* MFC r256502:kib2013-10-251-0/+4
| | | | | | | | Similar to debug.iosize_max_clamp sysctl, introduce devfs_iosize_max_clamp sysctl, which allows/disables SSIZE_MAX-sized i/o requests on the devfs files. Approved by: re (glebius)
* MFC r256501:kib2013-10-251-4/+4
| | | | | | | Remove two instances of ARGSUSED comment, and wrap lines nearby the code that is to be changed. Approved by: re (glebius)
* Make the seek a method of the struct fileops.kib2013-08-211-0/+1
| | | | | Tested by: pho Sponsored by: The FreeBSD Foundation
* Restore the previous sendfile(2) behaviour on the block devices.kib2013-08-161-0/+1
| | | | | | | Provide valid .fo_sendfile method for several missed struct fileops. Reviewed by: glebius Sponsored by: The FreeBSD Foundation
* Stop translating the ERESTART error from the open(2) into EINTR.kib2013-02-071-1/+4
| | | | | | | | | | | | Posix requires that open(2) is restartable for SA_RESTART. For non-posix objects, in particular, devfs nodes, still disable automatic restart of the opens. The open call to a driver could have significant side effects for the hardware. Noted and reviewed by: jilles Discussed with: bde MFC after: 2 weeks
* Do not force a writer to the devfs file to drain the buffer writes.kib2012-12-231-0/+11
| | | | | Requested and tested by: Ian Lepore <freebsd@damnhippie.dyndns.org> MFC after: 2 weeks
* Streamline use of cdevpriv and correct some corner cases.hselasky2012-08-151-0/+3
| | | | | | | | | | | | | | | | | | | | 1) It is not useful to call "devfs_clear_cdevpriv()" from "d_close" callbacks, hence for example read, write, ioctl and so on might be sleeping at the time of "d_close" being called and then then freed private data can still be accessed. Examples: dtrace, linux_compat, ksyms (all fixed by this patch) 2) In sys/dev/drm* there are some cases in which memory will be freed twice, if open fails, first by code in the open routine, secondly by the cdevpriv destructor. Move registration of the cdevpriv to the end of the drm open routines. 3) devfs_clear_cdevpriv() is not called if the "d_open" callback registered cdevpriv data and the "d_open" callback function returned an error. Fix this. Discussed with: phk MFC after: 2 weeks
* Extend the KPI to lock and unlock f_offset member of struct file. Itkib2012-07-021-11/+4
| | | | | | | | | | | | | | | | | | now fully encapsulates all accesses to f_offset, and extends f_offset locking to other consumers that need it, in particular, to lseek() and variants of getdirentries(). Ensure that on 32bit architectures f_offset, which is 64bit quantity, always read and written under the mtxpool protection. This fixes apparently easy to trigger race when parallel lseek()s or lseek() and read/write could destroy file offset. The already broken ABI emulations, including iBCS and SysV, are not converted (yet). Tested by: pho No objections from: jhb MFC after: 3 weeks
* Revert devfs part of r235911. I was unaware about old but unfinishedmav2012-05-241-45/+0
| | | | discussion between kib@ and gibbs@ about it.
* MFprojects/zfsd:mav2012-05-241-0/+45
| | | | | | | | | | | Revamp the CAM enclosure services driver. This updated driver uses an in-kernel daemon to track state changes and publishes physical path location information\for disk elements into the CAM device database. Sponsored by: Spectra Logic Corporation Sponsored by: iXsystems, Inc. Submitted by: gibbs, will, mav
* Fix found places where uio_resid is truncated to int.kib2012-02-211-2/+4
| | | | | | | | | Add the sysctl debug.iosize_max_clamp, enabled by default. Setting the sysctl to zero allows to perform the SSIZE_MAX-sized i/o requests from the usermode. Discussed with: bde, das (previous versions) MFC after: 1 month
* Explicitly use curthread while manipulating td_fpop during last closejhb2011-12-091-3/+7
| | | | | | | | | | | | | of a devfs file descriptor in devfs_close_f(). The passed in td argument may be NULL if the close was invoked by garbage collection of open file descriptors in pending control messages in the socket buffer of a UNIX domain socket after it was closed. PR: kern/151758 Submitted by: Andrey Shidakov andrey shidakov ru Submitted by: Ruben van Staveren ruben verweg com Reviewed by: kib MFC after: 2 weeks
* Existing VOP_VPTOCNP() interface has a fatal flow that is critical forkib2011-11-191-1/+3
| | | | | | | | | | | | | | | | | | | | | nullfs. The problem is that resulting vnode is only required to be held on return from the successfull call to vop, instead of being referenced. Nullfs VOP_INACTIVE() method reclaims the vnode, which in combination with the VOP_VPTOCNP() interface means that the directory vnode returned from VOP_VPTOCNP() is reclaimed in advance, causing vn_fullpath() to error with EBADF or like. Change the interface for VOP_VPTOCNP(), now the dvp must be referenced. Convert all in-tree implementations of VOP_VPTOCNP(), which is trivial, because vhold(9) and vref(9) are similar in the locking prerequisites. Out-of-tree fs implementation of VOP_VPTOCNP(), if any, should have no trouble with the fix. Tested by: pho Reviewed by: mckusick MFC after: 3 weeks (subject of re approval)
* Move the cleanup of f_cdevpriv when the reference count of a devfsjhb2011-11-041-0/+7
| | | | | | | | file descriptor drops to zero out of _fdrop() and into devfs_close_f() as it is only relevant for devfs file descriptors. Reviewed by: kib MFC after: 1 week
* Fix kernel panic when d_fdopen csw method is called for NULL fp.kib2011-11-031-0/+4
| | | | | | | This may happen when kernel consumer calls VOP_OPEN(). Reported by: Tavis Ormandy <taviso cmpxchg8b com> through delphij MFC after: 3 days
* Add the fo_chown and fo_chmod methods to struct fileops and use themkib2011-08-161-0/+2
| | | | | | | | | | to implement fchown(2) and fchmod(2) support for several file types that previously lacked it. Add MAC entries for chown/chmod done on posix shared memory and (old) in-kernel posix semaphores. Based on the submission by: glebius Reviewed by: rwatson Approved by: re (bz)
* While fixing the looping of a thread while devfs vnode is reclaimed,kib2011-07-131-6/+12
| | | | | | | | | | | | | | | | | | | r179247 introduced a possibility of devfs_allocv() returning spurious ENOENT. If the vnode is selected by vnlru daemon for reclamation, then devfs_allocv() can get ENOENT from vget() due to devfs_close() dropping vnode lock around the call to cdevsw d_close method. Use LK_RETRY in the vget() call, and do some part of the devfs_reclaim() work in devfs_allocv(), clearing vp->v_data and de->de_vnode. Retry the allocation of the vnode, now with de->de_vnode == NULL. The check vp->v_data == NULL at the start of devfs_close() cannot be affected by the change, since vnode lock must be held while VI_DOOMED is set, and only dropped after the check. Reported and tested by: Kohji Okuno <okuno.kohji jp panasonic com> Reviewed by: attilio MFC after: 3 weeks
* Don't allow user created symbolic links to cover another entries markedjh2010-12-151-0/+5
| | | | | | | with DE_USER. If a devfs rule hid such entry, it was possible to create infinite number of symbolic links with the same name. Reviewed by: kib
* - Assert that dm_lock is exclusively held in devfs_rules_apply() andjh2010-12-151-0/+1
| | | | | | | | in devfs_vmkdir() while adding the entry to de_list of the parent. - Apply devfs rules to newly created directories and symbolic links. PR: kern/125034 Submitted by: Mateusz Guzik (original version)
* Add reference counting for devfs paths containing user created symbolicjh2010-09-271-0/+2
| | | | | | | | | | | | | | | | links. The reference counting is needed to be able to determine if a specific devfs path exists. For true device file paths we can traverse the cdevp_list but a separate directory list is needed for user created symbolic links. Add a new directory entry flag DE_USER to mark entries which should unreference their parent directory on deletion. A new function to traverse cdevp_list and the directory list will be introduced in a separate commit. Idea from: kib Reviewed by: kib
* Modify devfs_fqpn() for future use in devfs path reference countingjh2010-09-211-14/+19
| | | | | | | | | | | | | code: - Accept devfs_mount and devfs_dirent as the arguments instead of a vnode. This generalizes the function so that it can be used from contexts where vnode references are not available. - Accept NULL cnp argument. No '/' will be appended, if a NULL cnp is provided. - Make the function global and add its prototype to devfs.h. Reviewed by: kib
* Remove empty devfs directories automatically.jh2010-09-151-8/+31
| | | | | | | | | | | | | | | | | | | | devfs_delete() now recursively removes empty parent directories unless the DEVFS_DEL_NORECURSE flag is specified. devfs_delete() can't be called anymore with a parent directory vnode lock held because the possible parent directory deletion needs to lock the vnode. Thus we unlock the parent directory vnode in devfs_remove() before calling devfs_delete(). Call devfs_populate_vp() from devfs_symlink() and devfs_vptocnp() as now directories can get removed. Add a check for DE_DOOMED flag to devfs_populate_vp() because devfs_delete() drops dm_lock before the VI_DOOMED vnode flag gets set. This ensures that devfs_populate_vp() returns an error for directories which are in progress of deletion. Reviewed by: kib Discussed on: freebsd-current (mostly silence)
* Set de_dir for user created symbolic links. This will be needed to bejh2010-08-261-0/+1
| | | | able to resolve their parent directories.
* Call devfs_populate_vp() from devfs_getattr(). It was possible thatjh2010-08-251-1/+9
| | | | fstat(2) returned stale information through an open file descriptor.
* Introduce and use devfs_populate_vp() to unlock a vnode before callingjh2010-08-221-26/+56
| | | | | | | devfs_populate(). This is a prerequisite for the automatic removal of empty directories which will be committed in the future. Reviewed by: kib (previous version)
* Add dedicated routines to toggle lockmgr flags such as LK_NOSHARE andjhb2010-08-201-1/+1
| | | | | | | | | | | | LK_CANRECURSE after a lock is created. Use them to implement macros that otherwise manipulated the flags directly. Assert that the associated lockmgr lock is exclusively locked by the current thread when manipulating these flags to ensure the flag updates are safe. This last change required some minor shuffling in a few filesystems to exclusively lock a brand new vnode slightly earlier. Reviewed by: kib MFC after: 3 days
* Call dev_rel() in error paths.jh2010-08-191-0/+3
| | | | | | Reported by: kib Reviewed by: kib MFC after: 2 weeks
* Allow user created symbolic links to cover device files and directoriesjh2010-08-121-5/+22
| | | | | | | | | | | | | | if the device file appears during or after the link creation. User created symbolic links are now inserted at the head of the directory entry list after the "." and ".." entries. A new directory entry flag DE_COVERED indicates that an entry is covered by a symbolic link. PR: kern/114057 Reviewed by: kib Idea from: kib Discussed on: freebsd-current (mostly silence)
* Add new make_dev_p(9) flag MAKEDEV_ETERNAL to inform devfs that createdkib2010-08-061-27/+30
| | | | | | | | | cdev will never be destroyed. Propagate the flag to devfs vnodes as VV_ETERNVALDEV. Use the flags to avoid acquiring devmtx and taking a thread reference on such nodes. In collaboration with: pho MFC after: 1 month
* Enable shared locks for the devfs vnodes. Honor the locking modekib2010-08-061-15/+18
| | | | | | | requested by lookup(). This should be a nop at the moment. In collaboration with: pho MFC after: 1 month
* Initialize VV_ISTTY vnode flag on the devfs vnode creation instead ofkib2010-08-061-4/+5
| | | | | | | doing it on each open. In collaboration with: pho MFC after: 1 month
* Add a new function devfs_parent_dirent() for resolving devfs parentjh2010-06-091-9/+11
| | | | | | | directory entry. Use the new function in devfs_fqpn(), devfs_lookupx() and devfs_vptocnp() instead of manually resolving the parent entry. Reviewed by: kib
* Don't try to call cdevsw d_close() method when devfs_close() is calledjh2010-06-011-0/+7
| | | | | | | because of insmntque1() failure. Found with: stress2 Suggested and reviewed by: kib
* Let access overriding to TTYs depend on the cdev_priv, not the vnode.ed2009-12-191-7/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Basically this commit changes two things, which improves access to TTYs in exceptional conditions. Basically the problem was that when you ran jexec(8) to attach to a jail, you couldn't use /dev/tty (well, also the node of the actual TTY, e.g. /dev/pts/X). This is very inconvenient if you want to attach to screens quickly, use ssh(1), etc. The fixes: - Cache the cdev_priv of the controlling TTY in struct session. Change devfs_access() to compare against the cdev_priv instead of the vnode. This allows you to bypass UNIX permissions, even across different mounts of devfs. - Extend devfs_prison_check() to unconditionally expose the device node of the controlling TTY, even if normal prison nesting rules normally don't allow this. This actually allows you to interact with this device node. To be honest, I'm not really happy with this solution. We now have to store three pointers to a controlling TTY (s_ttyp, s_ttyvp, s_ttydp). In an ideal world, we should just get rid of the latter two and only use s_ttyp, but this makes certian pieces of code very impractical (e.g. devfs, kern_exit.c). Reported by: Many people
* Improve nested jail awareness of devfs by handling credentials.ed2009-06-201-0/+22
| | | | | | | | | | | | | | | | | | Now that we start to use credentials on character devices more often (because of MPSAFE TTY), move the prison-checks that are in place in the TTY code into devfs. Instead of strictly comparing the prisons, use the more common prison_check() function to compare credentials. This means that pseudo-terminals are only visible in devfs by processes within the same jail and parent jails. Even though regular users in parent jails can now interact with pseudo-terminals from child jails, this seems to be the right approach. These processes are also capable of interacting with the jailed processes anyway, through signals for example. Reviewed by: kib, rwatson (older version)
* VOP_IOCTL takes unlocked vnode as an argument. Due to this, v_data maykib2009-06-101-2/+10
| | | | | | | | | | | | be NULL or derefenced memory may become free at arbitrary moment. Lock the vnode in cd9660, devfs and pseudofs implementation of VOP_IOCTL to prevent reclaim; check whether the vnode was already reclaimed after the lock is granted. Reported by: georg at dts su Reviewed by: des (pseudofs) MFC after: 2 weeks
* Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERICrwatson2009-06-051-2/+0
| | | | | | | | and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include. Discussed with: pjd
* Devfs replaces file ops vector with devfs-specific one in devfs_open(),kib2009-05-151-1/+3
| | | | | | | | | | | | | before the struct file is fully initialized in vn_open(), in particular, fp->f_vnode is NULL. Other thread calling file operation before f_vnode is set results in NULL pointer dereference in devvn_refthread(). Initialize f_vnode before calling d_fdopen() cdevsw method, that might set file ops too. Reported and tested by: Chris Timmons <cwt networks cwu edu> (RELENG_7 version) MFC after: 3 days
OpenPOWER on IntegriCloud