| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched
- sys/mbuf.h edited manually
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In particular, do not lock Giant conditionally when calling into the
filesystem module, remove the VFS_LOCK_GIANT() and related
macros. Stop handling buffers belonging to non-mpsafe filesystems.
The VFS_VERSION is bumped to indicate the interface change which does
not result in the interface signatures changes.
Conducted and reviewed by: attilio
Tested by: pho
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to pull vm_param.h was removed. Other big dependency of vm_page.h on
vm_param.h are PA_LOCK* definitions, which are only needed for
in-kernel code, because modules use KBI-safe functions to lock the
pages.
Stop including vm_param.h into vm_page.h. Include vm_param.h
explicitely for the kernel code which needs it.
Suggested and reviewed by: alc
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 1 month
|
| |
|
|
|
|
| |
Reviewed by: tuexen
Approved by: trasz (mentor)
MFC after: 3 days
|
| | |
|
| |
|
|
| |
Submitted by: ru
|
| |
|
|
|
|
|
|
|
|
| |
m_cat(), storing pointer to last mbuf in chain in local variable and
attaching new mbuf to the end of chain.
Submitter reports that CPU load dropped for > 10% on a web server
serving large files with this optimisation.
Submitted by: Sergey Budnevitch <sb nginx.com>
|
| |
|
|
|
|
| |
used with an sctp_ system-call which expects an SCTP socket.
MFC after: 3 days.
|
| |
|
|
|
|
|
|
|
| |
Add the sysctl debug.iosize_max_clamp, enabled by default. Setting the
sysctl to zero allows to perform the SSIZE_MAX-sized i/o requests from
the usermode.
Discussed with: bde, das (previous versions)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
patch modifies makesyscalls.sh to prefix all of the non-compatibility
calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel
entry points and all places in the code that use them. It also
fixes an additional name space collision between the kernel function
psignal and the libc function of the same name by renaming the kernel
psignal kern_psignal(). By introducing this change now we will ease future
MFCs that change syscalls.
Reviewed by: rwatson
Approved by: re (bz)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *. With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.
Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.
In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.
Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.
Approved by: re (bz)
Submitted by: jonathan
Sponsored by: Google Inc
|
| |
|
|
|
|
|
| |
more explicit comments about what's going on and what future maintainers
need to do when e.g. adding a new operation to a sys_machdep.c.
Approved by: mentor(rwatson), re(bz)
|
| |
|
|
|
|
| |
via ktrace.
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
and remove the falloc() version that lacks flag argument. This is done
to reduce the KPI bloat.
Requested by: jhb
X-MFC-note: do not
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
VNET socket push back:
try to minimize the number of places where we have to switch vnets
and narrow down the time we stay switched. Add assertions to the
socket code to catch possibly unset vnets as seen in r204147.
While this reduces the number of vnet recursion in some places like
NFS, POSIX local sockets and some netgraph, .. recursions are
impossible to fix.
The current expectations are documented at the beginning of
uipc_socket.c along with the other information there.
Sponsored by: The FreeBSD Foundation
Sponsored by: CK Software GmbH
Reviewed by: jhb
Tested by: zec
Tested by: Mikolaj Golub (to.my.trociny gmail.com)
MFC after: 2 weeks
|
| |
|
|
|
|
|
| |
r90944, which introduced a general mechanism for handling the freeing
of held pages.
Reviewed by: kib@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
each of the threads needs more while current pool of the buffers is
exhausted, then neither thread can make progress.
Switch to nowait allocations after we got first buffer already.
Reported by: az
Reviewed by: alc (previous version)
Tested by: pho
MFC after: 1 week
|
| | |
|
| |
|
|
|
|
| |
sendinfo for SCTP send calls.
MFC after: 4 weeks.
|
| |
|
|
|
|
|
|
| |
rather than to the entire process.
Reported by: Anit Chakraborty
Reviewed by: kib, deischen (concept)
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
not providing a destination address and using ktrace.
* Do not copy out kernel memory when providing sinfo for sctp_recvmsg().
Both bug where reported by Valentin Nechayev.
The first bug results in a kernel panic.
MFC after: 3 days.
|
| |
|
|
|
|
| |
There are only about 100 occurences of the BSD-specific u_int*_t
datatypes in sys/kern. The ISO C99 integer types are used here more
often.
|
| |
|
|
|
|
| |
lock now suffices.
Fix a couple nearby style violations.
|
| |
|
|
|
|
|
|
|
|
| |
kern_sendfile() is running, the file's vm object can't be destroyed
because kern_sendfile() increments the vm object's reference count. (Once
kern_sendfile() decrements the reference count and returns, the vm object
can, however, be destroyed. So, sf_buf_mext() must handle the case where
the vm object is destroyed.)
Reviewed by: kib
|
| |
|
|
|
|
| |
access to the page's wire_count from the page queues lock to the page lock.
Submitted by: kmacy
|
| |
|
|
| |
Reviewed by: alc
|
| |
|
|
|
|
|
| |
take iov.
Reviewed by: tuexen
MFC after: 2 weeks
|
| |
|
|
|
| |
Reviewed by: tuexen
MFC after: 2 weeks
|
| |
|
|
| |
MFC after: 2 weeks
|
| | |
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
prepared bytes and next portion of transfer, inner loop of kern_sendfile()
aborts, not preparing next mbuf for socket buffer, and not modifying
any outer loop invariants. The thread loops in the outer loop forever.
Instead of breaking from inner loop, prepare only bytes that fit into
the socket buffer space.
In collaboration with: pho
Reviewed by: bz
PR: kern/138999
MFC after: 2 weeks
|
| | |
|
| |
|
|
|
|
|
| |
that the vnode is not reclaimed.
Noted by: Igor Sysoev <is rambler-co ru>
MFC after: 1 week
|
| |
|
|
|
|
| |
Contains code from bz.
Approved by: rrs (mentor)
MFC after: 1 month.
|
| |
|
|
|
|
|
|
|
|
| |
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks. Minor cleanups are done in the process,
and comments updated to reflect these changes.
Reviewed by: bz
Approved by: re (vimage blanket)
|
| |
|
|
|
| |
Approved by: re (audit argument blanket)
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
capture the domain, type, and protocol arguments to socket(2)
and socketpair(2).
Approved by: re (audit argument blanket)
MFC after: 3 days
|
| |
|
|
|
|
|
|
| |
So properly hide the already #ifdef SCTP code with
#if defined(INET) || defined(INET6) as well to get us
closer to a non-INET/INET6 kernel.
Discussed with: tuexen [1]
|
| |
|
|
|
|
|
|
| |
and used in a large number of files, but also because an increasing number
of incorrect uses of MAC calls were sneaking in due to copy-and-paste of
MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
|
| |
be used by kernel consumers and socketpair() itself.
Approved by: kib (mentor)
MFC after: 1 month
|
| |
|
|
|
|
|
|
|
|
|
|
| |
fget_unlocked().
- Save old file descriptor tables created on expansion until
the entire descriptor table is freed so that pointers may be
followed without regard for expanders.
- Mark the file zone as NOFREE so we may attempt to reference
potentially freed files.
- Convert several fget_locked() users to fget_unlocked(). This
requires us to manage reference counts explicitly but reduces
locking overhead in the common case.
|
| |
|
|
|
|
|
| |
into r191816.
Spotted by: bz
Approved by: julian (mentor) (an earlier version of the diff)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
previously always pointing to the default vnet context, to a
dynamically changing thread-local one. The currvnet context
should be set on entry to networking code via CURVNET_SET() macros,
and reverted to previous state via CURVNET_RESTORE(). Recursions
on curvnet are permitted, though strongly discuouraged.
This change should have no functional impact on nooptions VIMAGE
kernel builds, where CURVNET_* macros expand to whitespace.
The curthread->td_vnet (aka curvnet) variable's purpose is to be an
indicator of the vnet context in which the current network-related
operation takes place, in case we cannot deduce the current vnet
context from any other source, such as by looking at mbuf's
m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so
far curvnet has turned out to be an invaluable consistency checking
aid: it helps to catch cases when sockets, ifnets or any other
vnet-aware structures may have leaked from one vnet to another.
The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros
was a result of an empirical iterative process, whith an aim to
reduce recursions on CURVNET_SET() to a minimum, while still reducing
the scope of CURVNET_SET() to networking only operations - the
alternative would be calling CURVNET_SET() on each system call entry.
In general, curvnet has to be set in three typicall cases: when
processing socket-related requests from userspace or from within the
kernel; when processing inbound traffic flowing from device drivers
to upper layers of the networking stack, and when executing
timer-driven networking functions.
This change also introduces a DDB subcommand to show the list of all
vnet instances.
Approved by: julian (mentor)
|
| |
|
|
| |
Reviewed by: ups, jeffr
|
| |
|
|
| |
MFC after: 3 months
|
| |
|
|
|
|
|
|
|
|
|
| |
argument, call mac_socket_check_connect() on that address before
proceeding with the send. Otherwise policies instrumenting the
connect entry point for the purposes of checking destination
addresses will not have the opportunity to check implicit
connect requests.
MFC after: 3 weeks
Sponsored by: nCircle Network Security, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
while holding the socket buffer lock. These leads to an
immediate panic due to recursing the socket buffer lock. This
bug was introduced in uipc_syscalls.c:1.240, but masked by
another bug until that was fixed in uipc_syscalls.c:1.269.
Note that the current fix isn't perfect, but better than
panicking: normally we guarantee that simultaneous invocations
of a system call to write on a stream socket won't be
interlaced, which is ensured by use of the socket buffer sleep
lock. This is guaranteed for the sendfile headers, but not
trailers. In practice, this is likely not a problem, but
should be fixed.
MFC after: 3 days
Pointy hat to: andre (1.240), cperciva (1.269)
|
