summaryrefslogtreecommitdiffstats
path: root/sys/kern/sys_generic.c
Commit message (Collapse)AuthorAgeFilesLines
* Back out M_* changes, per decision of the TRB.imp2003-02-191-7/+7
| | | | Approved by: trb
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-211-7/+7
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* SCARGS removal take II.alfred2002-12-141-6/+6
|
* Backout removal SCARGS, the code freeze is only "selectively" over.alfred2002-12-131-6/+6
|
* Remove SCARGS.alfred2002-12-131-6/+6
| | | | Reviewed by: md5
* Be consistent about "static" functions: if the function is markedphk2002-09-281-1/+1
| | | | | | static in its prototype, mark it static at the definition too. Inspired by: FlexeLint warning #512
* We don't need the <sys/disklabel.h> include for alpha anymore.phk2002-09-201-3/+0
| | | | Sponsored by: DARPA & NAI Labs.
* Completely redo thread states.julian2002-09-111-4/+3
| | | | Reviewed by: davidxu@freebsd.org
* Split out a number of mostly VFS and signal related syscalls intoiedowse2002-09-011-21/+38
| | | | | | | | | | | | a kernel-internal kern_*() version and a wrapper that is called via the syscall vector table. For paths and structure pointers, the internal version either takes a uio_seg parameter or requires the caller to copyin() the data to kernel memory as appropiate. This will permit emulation layers to use these syscalls without having to copy out translated arguments to the stack gap. Discussed on: -arch Review/suggestions: bde, jhb, peter, marcel
* Move the TAILQ_INIT(&td->td_selq) before the retry: label. Otherwise inpeter2002-08-231-4/+2
| | | | | | | | | some circumstances when we get a select collision, we can end up with cases where we do not clear some sip->si_thread on the way out, leading to page faults in selwakeup(). This should solve the problem where postfix can crash the kernel during select collisions. Reviewed by: alfred
* In continuation of early fileop credential changes, modify fo_ioctl() torwatson2002-08-171-3/+3
| | | | | | | | | | | | | | | | | | | | | | accept an 'active_cred' argument reflecting the credential of the thread initiating the ioctl operation. - Change fo_ioctl() to accept active_cred; change consumers of the fo_ioctl() interface to generally pass active_cred from td->td_ucred. - In fifofs, initialize filetmp.f_cred to ap->a_cred so that the invocations of soo_ioctl() are provided access to the calling f_cred. Pass ap->a_td->td_ucred as the active_cred, but note that this is required because we don't yet distinguish file_cred and active_cred in invoking VOP's. - Update kqueue_ioctl() for its new argument. - Update pipe_ioctl() for its new argument, pass active_cred rather than td_ucred to MAC for authorization. - Update soo_ioctl() for its new argument. - Update vn_ioctl() for its new argument, use active_cred rather than td->td_ucred to authorize VOP_IOCTL() and the associated VOP_GETATTR(). Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Make similar changes to fo_stat() and fo_poll() as made earlier torwatson2002-08-161-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | fo_read() and fo_write(): explicitly use the cred argument to fo_poll() as "active_cred" using the passed file descriptor's f_cred reference to provide access to the file credential. Add an active_cred argument to fo_stat() so that implementers have access to the active credential as well as the file credential. Generally modify callers of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which was redundantly provided via the fp argument. This set of modifications also permits threads to perform these operations on behalf of another thread without modifying their credential. Trickle this change down into fo_stat/poll() implementations: - badfo_poll(), badfo_stat(): modify/add arguments. - kqueue_poll(), kqueue_stat(): modify arguments. - pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to MAC checks rather than td->td_ucred. - soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather than cred to pru_sopoll() to maintain current semantics. - sopoll(): moidfy arguments. - vn_poll(), vn_statfile(): modify/add arguments, pass new arguments to vn_stat(). Pass active_cred to MAC and fp->f_cred to VOP_POLL() to maintian current semantics. - vn_close(): rename cred to file_cred to reflect reality while I'm here. - vn_stat(): Add active_cred and file_cred arguments to vn_stat() and consumers so that this distinction is maintained at the VFS as well as 'struct file' layer. Pass active_cred instead of td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics. - fifofs: modify the creation of a "filetemp" so that the file credential is properly initialized and can be used in the socket code if desired. Pass ap->a_td->td_ucred as the active credential to soo_poll(). If we teach the vnop interface about the distinction between file and active credentials, we would use the active credential here. Note that current inconsistent passing of active_cred vs. file_cred to VOP's is maintained. It's not clear why GETATTR would be authorized using active_cred while POLL would be authorized using file_cred at the file system level. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* In order to better support flexible and extensible access control,rwatson2002-08-151-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make a series of modifications to the credential arguments relating to file read and write operations to cliarfy which credential is used for what: - Change fo_read() and fo_write() to accept "active_cred" instead of "cred", and change the semantics of consumers of fo_read() and fo_write() to pass the active credential of the thread requesting an operation rather than the cached file cred. The cached file cred is still available in fo_read() and fo_write() consumers via fp->f_cred. These changes largely in sys_generic.c. For each implementation of fo_read() and fo_write(), update cred usage to reflect this change and maintain current semantics: - badfo_readwrite() unchanged - kqueue_read/write() unchanged pipe_read/write() now authorize MAC using active_cred rather than td->td_ucred - soo_read/write() unchanged - vn_read/write() now authorize MAC using active_cred but VOP_READ/WRITE() with fp->f_cred Modify vn_rdwr() to accept two credential arguments instead of a single credential: active_cred and file_cred. Use active_cred for MAC authorization, and select a credential for use in VOP_READ/WRITE() based on whether file_cred is NULL or not. If file_cred is provided, authorize the VOP using that cred, otherwise the active credential, matching current semantics. Modify current vn_rdwr() consumers to pass a file_cred if used in the context of a struct file, and to always pass active_cred. When vn_rdwr() is used without a file_cred, pass NOCRED. These changes should maintain current semantics for read/write, but avoid a redundant passing of fp->f_cred, as well as making it more clear what the origin of each credential is in file descriptor read/write operations. Follow-up commits will make similar changes to other file descriptor operations, and modify the MAC framework to pass both credentials to MAC policy modules so they can implement either semantic for revocation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Attempt to clarify comment in selrecord.alfred2002-07-241-4/+8
|
* remove caddr_t from fo_ioctl callsalfred2002-07-221-2/+2
|
* remove caddr_talfred2002-07-221-9/+8
|
* Part 1 of KSE-IIIjulian2002-06-291-1/+1
| | | | | | | | | | | | | The ability to schedule multiple threads per process (one one cpu) by making ALL system calls optionally asynchronous. to come: ia64 and power-pc patches, patches for gdb, test program (in tools) Reviewed by: Almost everyone who counts (at various times, peter, jhb, matt, alfred, mini, bernd, and a cast of thousands) NOTE: this is still Beta code, and contains lots of debugging stuff. expect slight instability in signals..
* Implement SO_NOSIGPIPE option for sockets. This allows one to request thatalfred2002-06-201-1/+2
| | | | | | | an EPIPE error return not generate SIGPIPE on sockets. Submitted by: lioux Inspired by: Darwin
* Remove the compat bits for the mis-aligned struct disklabel on alpha,phk2002-06-191-22/+0
| | | | | | people got three times longer than I promised. Sponsored by: DARPA & NAI Labs.
* Make nselcol, the number of select collisions since boot, unsigned askbyanc2002-06-121-6/+6
| | | | | | | negative collisions simply doesn't make sense. PR: (one small part of) 19720 Approved by: alfred
* Catch up to changes in ktrace API.jhb2002-06-071-10/+8
|
* o Correct an error made in revision 1.65: In readv(), if uap->iovcnt isalc2002-05-091-9/+6
| | | | | | | out-of-range, drop the file reference before returning. (This error also exists in the RELENG_4 branch.) o Eliminate the acquisition and release of Giant in readv() now that malloc() and free() are callable without Giant.
* As promised make the hack for sizeof(struct disklabel) on alpha annoying.phk2002-05-021-3/+14
| | | | | | Run make world (or recompile whatever program whines) to get rid of warning. Compat bits will be removed entirely in about two weeks.
* Change callers of mtx_init() to pass in an appropriate lock type name. Injhb2002-04-041-1/+1
| | | | | | | most cases NULL is passed, but in some cases such as network driver locks (which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used. Tested on: i386, alpha, sparc64
* Delete the bogus d_boot[01] fields from struct disklabel.phk2002-04-041-0/+14
| | | | | | | | | | | | | This shrinks the size 4 bytes on alpha, down to the same 276 bytes as all other platforms. Construct a hack to make old ioctls work on new kernels. Once world is recompiled only the new and correct sysctls will be used. This hack will become annoying around 1st of may to make people rebuild their worlds and it will be gone before 5.0.
* Remove __P.alfred2002-03-191-1/+1
|
* Giant pushdown for read/write/pread/pwrite syscalls.alfred2002-03-151-8/+0
| | | | | | | | | | | | | | | | | | | | | | | | kern/kern_descrip.c: Aquire Giant in fdrop_locked when file refcount hits zero, this removes the requirement for the caller to own Giant for the most part. kern/kern_ktrace.c: Aquire Giant in ktrgenio, simplifies locking in upper read/write syscalls. kern/vfs_bio.c: Aquire Giant in bwillwrite if needed. kern/sys_generic.c Giant pushdown, remove Giant for: read, pread, write and pwrite. readv and writev aren't done yet because of the possible malloc calls for iov to uio processing. kern/sys_socket.c Grab giant in the socket fo_read/write functions. kern/vfs_vnops.c Grab giant in the vnode fo_read/write functions.
* Fixes to make select/poll mpsafe.alfred2002-03-141-114/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Problem: selwakeup required calling pfind which would cause lock order reversals with the allproc_lock and the per-process filedesc lock. Solution: Instead of recording the pid of the select()'ing process into the selinfo structure, actually record a pointer to the thread. To avoid dereferencing a bad address all the selinfo structures that are in use by a thread are kept in a list hung off the thread (protected by sellock). When a selwakeup occurs the selinfo is removed from that threads list, it is also removed on the way out of select or poll where the thread will traverse its list removing all the selinfos from its own list. Problem: Previously the PROC_LOCK was used to provide the mutual exclusion needed to ensure proper locking, this couldn't work because there was a single condvar used for select and poll and condvars can only be used with a single mutex. Solution: Introduce a global mutex 'sellock' which is used to provide mutual exclusion when recording events to wait on as well as performing notification when an event occurs. Interesting note: schedlock is required to manipulate the per-thread TDF_SELECT flag, however if given its own field it would not need schedlock, also because TDF_SELECT is only manipulated under sellock one doesn't actually use schedlock for syncronization, only to protect against corruption. Proc locks are no longer used in select/poll. Portions contributed by: davidc
* Remove __Palfred2002-03-091-6/+6
|
* Remove unused variables in select(2) from previous delta.alfred2002-01-301-2/+1
| | | | Pointed out by: bde
* Attempt to fixup select(2) and poll(2), this should fix some races withalfred2002-01-291-122/+9
| | | | | | | | | | | | | | | | | | | other threads as well as speed up the interfaces. To fix the race and accomplish the speedup, remove selholddrop and pollholddrop. The entire concept is somewhat bogus because holding the individual struct file pointers offers us no guarantees that another thread context won't close it on us thereby removing our access to our own reference. Selholddrop and pollholddrop also would do multiple locks and unlocks of mutexes _per-file_ in the fd arrays to be scanned, this needed to be sped up. Instead of using selholddrop and pollholddrop, simply hold the filedesc lock over the selscan and pollscan functions. This should protect us against close(2)'s on the files as reduce the multiple lock/unlock pairs per fd into a single lock over the filedesc.
* make pread use fget_read instead of holdfp.alfred2002-01-231-27/+2
|
* undo a bit of the Giant pushdown.alfred2002-01-191-5/+9
| | | | | | fdrop isn't SMP safe as it may call into the file's close routine which definetly is not SMP safe right now, so we hold Giant over calls to fdrop now.
* Fix giant handling in pwrite(2), I forgot to release it when finishingalfred2002-01-161-1/+2
| | | | the syscall.
* Replace ffind_* with fget calls.alfred2002-01-141-6/+4
| | | | | | | | Make fget MPsafe. Make fgetvp and fgetsock use the fget subsystem to reduce code bloat. Push giant down in fpathconf().
* SMP Lock struct file, filedesc and the global file list.alfred2002-01-131-37/+96
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Seigo Tanimura (tanimura) posted the initial delta. I've polished it quite a bit reducing the need for locking and adapting it for KSE. Locks: 1 mutex in each filedesc protects all the fields. protects "struct file" initialization, while a struct file is being changed from &badfileops -> &pipeops or something the filedesc should be locked. 1 mutex in each struct file protects the refcount fields. doesn't protect anything else. the flags used for garbage collection have been moved to f_gcflag which was the FILLER short, this doesn't need locking because the garbage collection is a single threaded container. could likely be made to use a pool mutex. 1 sx lock for the global filelist. struct file * fhold(struct file *fp); /* increments reference count on a file */ struct file * fhold_locked(struct file *fp); /* like fhold but expects file to locked */ struct file * ffind_hold(struct thread *, int fd); /* finds the struct file in thread, adds one reference and returns it unlocked */ struct file * ffind_lock(struct thread *, int fd); /* ffind_hold, but returns file locked */ I still have to smp-safe the fget cruft, I'll get to that asap.
* remove holdfp()dillon2001-11-141-56/+32
| | | | | | | | | | | | | | | | | | | Replace uses of holdfp() with fget*() or fgetvp*() calls as appropriate introduce fget(), fget_read(), fget_write() - these functions will take a thread and file descriptor and return a file pointer with its ref count bumped. introduce fgetvp(), fgetvp_read(), fgetvp_write() - these functions will take a thread and file descriptor and return a vref()'d vnode. *_read() requires that the file pointer be FREAD, *_write that it be FWRITE. This continues the cleanup of struct filedesc and struct file access routines which, when are all through with it, will allow us to then make the API calls MP safe and be able to move Giant down into the fo_* functions.
* The P_SELECT flag was moved from p->p_flag to td->td_flags, but p_flagjhb2001-09-211-2/+20
| | | | | | | | | was locked by the proc lock and td_flags is locked by the sched_lock. The places that read, set, and cleared TDF_SELECT weren't updated, so they read and modified td_flags w/o holding the sched_lock, meaning that they could corrupt the per-thread flags field. As an immediate band-aid, grab sched_lock while reading and manipulating td_flags in relation to TDF_SELECT. This will probably be cleaned up some later on.
* KSE Milestone 2julian2001-09-121-153/+177
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Giant Pushdown:dillon2001-09-011-40/+120
| | | | | read() pread() readv() write () pwrite() writev() ioctl() select () poll() openbsd_poll()
* Back out scanning file descriptors with holding a process lock.tanimura2001-05-151-2/+34
| | | | | selrecord() requires allproc sx in pfind(), resulting in lock order reversal between allproc and a process lock.
* - Convert msleep(9) in select(2) and poll(2) to cv_*wait*(9).tanimura2001-05-141-40/+131
| | | | | | | | | | | | | - Since polling should not involve sleeping, keep holding a process lock upon scanning file descriptors. - Hold a reference to every file descriptor prior to entering polling loop in order to avoid lock order reversal between lockmgr and p_mtx upon calling fdrop() in fo_poll(). (NOTE: this work has not been done for netncp and netsmb yet because a socket itself has no reference counts.) Reviewed by: jhb
* Change the pfind() and zpfind() functions to lock the process that theyjhb2001-04-241-6/+5
| | | | | | find before releasing the allproc lock and returning. Reviewed by: -smp, dfr, jake
* Grab the process lock while calling psignal and before calling psignal.jhb2001-03-071-2/+8
|
* Correctly declare variables as u_int rather than doing typecasts.jlemon2001-02-271-7/+7
| | | | | | Kill some register declarations while I'm here. Submitted by: bde (1)
* Cast nfds to u_int before range checking it in order to catch negativejlemon2001-02-271-1/+2
| | | | | | values. PR: 25393
* poll(2) array limits (take 2) - after some input from bde.peter2001-02-091-8/+7
|
* Change and clean the mutex lock interface.bmilekic2001-02-091-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | mtx_enter(lock, type) becomes: mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks) mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized) similarily, for releasing a lock, we now have: mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN. We change the caller interface for the two different types of locks because the semantics are entirely different for each case, and this makes it explicitly clear and, at the same time, it rids us of the extra `type' argument. The enter->lock and exit->unlock change has been made with the idea that we're "locking data" and not "entering locked code" in mind. Further, remove all additional "flags" previously passed to the lock acquire/release routines with the exception of two: MTX_QUIET and MTX_NOSWITCH The functionality of these flags is preserved and they can be passed to the lock/unlock routines by calling the corresponding wrappers: mtx_{lock, unlock}_flags(lock, flag(s)) and mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN locks, respectively. Re-inline some lock acq/rel code; in the sleep lock case, we only inline the _obtain_lock()s in order to ensure that the inlined code fits into a cache line. In the spin lock case, we inline recursion and actually only perform a function call if we need to spin. This change has been made with the idea that we generally tend to avoid spin locks and that also the spin locks that we do have and are heavily used (i.e. sched_lock) do recurse, and therefore in an effort to reduce function call overhead for some architectures (such as alpha), we inline recursion for this case. Create a new malloc type for the witness code and retire from using the M_DEV type. The new type is called M_WITNESS and is only declared if WITNESS is enabled. Begin cleaning up some machdep/mutex.h code - specifically updated the "optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently need those. Finally, caught up to the interface changes in all sys code. Contributors: jake, jhb, jasone (in no particular order)
* The code I picked up from NetBSD in '97 had a nasty bug. It limitedpeter2001-02-071-7/+15
| | | | | | | the index of the pollfd array to the number of fd's currently open, not the maximum number of fd's. ie: if you had 0,1,2 open, you could not use pollfd slots higher than 20. The specs say we only have to support OPEN_MAX [64] entries but we allow way more than that.
* - Catch up to proc flag changes.jhb2001-01-241-14/+35
| | | | - Add proc locking for selwakeup() and selrecord().
OpenPOWER on IntegriCloud