| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
"Kernel release date" - userland version is in /usr/include/osreldate.h
|
| |
|
|
|
|
|
|
|
|
|
| |
explicit access control checks to delete and list extended attributes
on a vnode, rather than implicitly combining with the setextattr and
getextattr checks. This reflects EA API changes in the kernel made
recently, including the move to explicit VOP's for both of these
operations.
Obtained from: TrustedBSD PRoject
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
| |
MAC_DEBUG_COUNTER_INC() and MAC_DEBUG_COUNTER_DEC() to maintain
debugging counter values rather than #ifdef'ing the atomic
operations to MAC_DEBUG.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
| |
represents the pruely stylistic changes and should have no net impact
on the rest of the code.
bde's more substantive changes will follow in a separate commit once
we've come to closure on them.
Submitted by: bde
|
| |
|
|
|
|
|
|
|
|
|
| |
ntp_update_second twice when we have a large step in case that step
goes across a scheduled leap second. The only way this could happen
would be if we didn't call tc_windup over the end of day on the day of
a leap second, which would only happen if timeouts were delayed for
seconds. While it is an edge case, it is an important one to get
right for my employer.
Sponsored by: Timing Solutions Corporation
|
| |
|
|
|
| |
use CALLOUT_MPSAFE instead of "1" for the second parameter. This
does not change the behaviour; it just makes the intent more clear.
|
| |
|
|
| |
generation number and start it from one instead of zero.
|
| |
|
|
|
|
|
| |
variable. This makes changing the size of an mbuf or cluster for
testing/debugging/whatever purposes easier.
Submitted by: sam
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
prototypes of cpu_halt(), cpu_reset() and swi_vm() from md_var.h to
cpu.h. This affects db_command.c and kern_shutdown.c.
ia64: move all MD prototypes from cpu.h to md_var.h. This affects
madt.c, interrupt.c and mp_machdep.c. Remove is_physical_memory().
It's not used (vm_machdep.c).
alpha: the MD prototypes have been left in cpu.h with a comment
that they should be there. Moving them is left for later. It was
expected that the impact would be significant enough to be done in
a seperate commit.
powerpc: MD prototypes left in cpu.h. Comment added.
Suggested by: bde
Tested with: make universe (pc98 incomplete)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A timecounter will be selected when registered if its quality is
not negative and no less than the current timecounters.
Add a sysctl to report all available timecounters and their qualities.
Give the dummy timecounter a solid negative quality of minus a million.
Give the i8254 zero and the ACPI 1000.
The TSC gets 800, unless APM or SMP forces it negative.
Other timecounters default to zero quality and thereby retain current
selection behaviour.
|
| |
|
|
|
|
|
|
|
| |
- Update some stale comments.
- Sort a couple of includes.
- Only set 'newcpu' in updatepri() if we use it.
- No functional changes.
Obtained from: bde (via an old diff I got a long time ago)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
check for permissions, do it for all requests, not the known requests.
Later when we actually service the request we deal with the invalid
requests we previously caught earlier.
This commit changes the behaviour of the ptrace(2) interface for
boundary cases such as an unknown request without proper permissions.
Previously we would return EINVAL. Now we return EBUSY or EPERM.
Platforms need to define __HAVE_PTRACE_MACHDEP when they have MD
requests. This makes the prototype of cpu_ptrace() visible and
introduces a call to this function for all requests greater or
equal to PT_FIRSTMACH.
Silence on: audit
|
| |
|
|
|
|
|
| |
sane result of EPIPE.
Reported by: nCircle dev team
MFC after: 3 day
|
| |
|
|
|
|
|
|
|
| |
kobj global method table; also kassert that the table has not overflowed
when defining a new method.
there are indications that the table is being overflowed in certain
situations as we gain more kobj consumers- this will allow us to check
whether kobj is at fault. symptoms would be incorrect methods being called.
|
| |
|
|
| |
for cpu_throw() and cpu_switch().
|
| |
|
|
|
| |
- Check for successful initialization of pipe_zone in pipeinit()
rather than every call to pipe(2).
|
| |
|
|
|
|
| |
copyrighted files.
Approved by: Matt Dillon
|
| | |
|
| |
|
|
|
|
|
|
| |
cpu_switch() where both the old and new threads are passed in as
arguments. Only powerpc uses the old conventions now.
- Update comments in the Alpha swtch.s to reflect KSE changes.
Tested by: obrien, marcel
|
| | |
|
| |
|
|
| |
leaking the Giant on the syscall exit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- All those diffs to syscalls.master for each architecture *are*
necessary. This needed clarification; the stub code generation for
mlockall() was disabled, which would prevent applications from
linking to this API (suggested by mux)
- Giant has been quoshed. It is no longer held by the code, as
the required locking has been pushed down within vm_map.c.
- Callers must specify VM_MAP_WIRE_HOLESOK or VM_MAP_WIRE_NOHOLES
to express their intention explicitly.
- Inspected at the vmstat, top and vm pager sysctl stats level.
Paging-in activity is occurring correctly, using a test harness.
- The RES size for a process may appear to be greater than its SIZE.
This is believed to be due to mappings of the same shared library
page being wired twice. Further exploration is needed.
- Believed to back out of allocations and locks correctly
(tested with WITNESS, MUTEX_PROFILING, INVARIANTS and DIAGNOSTIC).
PR: kern/43426, standards/54223
Reviewed by: jake, alc
Approved by: jake (mentor)
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
From alc:
Move pageable pipe memory to a seperate kernel submap to avoid awkward
vm map interlocking issues. (Bad explanation provided by me.)
From me:
Rework pipespace accounting code to handle this new layout, and adjust
our default values to account for the fact that we now have a solid
limit on allocations.
Also, remove the "maxpipes" limit, as it no longer has a purpose.
(The limit on kva usage solves the problem of having two many pipes.)
|
| |
|
|
|
|
|
|
|
|
| |
application could cause a wired page to be freed. In general,
vm_page_hold() should be preferred for ephemeral kernel mappings of pages
borrowed from a user-level address space. (vm_page_wire() should really be
reserved for indefinite duration pinning by the "owner" of the page.)
Discussed with: silby
Submitted by: tegge
|
| |
|
|
|
|
|
|
| |
psignal()/tdsignal(). The test was historically in psignal(). It was
changed into a KASSERT, and then later moved to tdsignal() when the
latter was introduced.
Reviewed by: iedowse, jhb
|
| |
|
|
|
|
|
|
|
| |
ioctls.
In the particular case of ptrace(), this commit more-or-less reverts
revision 1.53 of sys_process.c, which appears to have been erroneous.
Reviewed by: iedowse, jhb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a reference to the containing object. The purpose of the reference
being to prevent the destruction of the object and an attempt to free
the wired page. (Wired pages can't be freed.) Unfortunately, this
approach does not work. Some operations, like fork(2) that call
vm_object_split(), can move the wired page to a difference object,
thereby making the reference pointless and opening the possibility
of the wired page being freed.
A solution is to use vm_page_hold() in place of vm_page_wire(). Held
pages can be freed. They are moved to a special hold queue until the
hold is released.
Submitted by: tegge
|
| |
|
|
| |
- Remove a duplicate initialization from pipe_create().
|
| |
|
|
| |
in the mailbox.
|
| |
|
|
| |
negative value of the index of the new file, so just use -1.
|
| |
|
|
|
| |
Add an explicit range check to those same arguments to reduce risk of
cardiac arrest in future code readers.
|
| |
|
|
|
|
|
| |
ushort. In most of these files, there was a mixture of both styles and
this change just makes them self-consistent.
Requested by: bde (kern_ktrace.c)
|
| |
|
|
|
|
|
| |
semaphore and doing so can lead to a possible reversal. WITNESS would have
caught this if semaphores were used more often in the kernel.
Submitted by: Ted Unangst <tedu@stanford.edu>, Dawson Engler
|
| |
|
|
|
| |
- Remove the acquisition and release of Giant around pipe_kmem_free() and
uma_zfree() in pipeclose().
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
connection is to be established asynchronously, behave as in the
case of non-blocking mode:
- keep the SS_ISCONNECTING bit set thus indicating that
the connection establishment is in progress, which is the case
(clearing the bit in this case was just a bug);
- return EALREADY, instead of the confusing and unreasonable
EADDRINUSE, upon further connect(2) attempts on this socket
until the connection is established (this also brings our
connect(2) into accord with IEEE Std 1003.1.)
|
| | |
|
| |
|
|
|
|
|
| |
than i386 or AMD64, TP register points to thread mailbox, and they can not
atomically clear km_curthread in kse mailbox, in this case, thread retrieves
its thread pointer from TP register and sets flag TMF_NOUPCALL in its thread
mailbox to indicate a critical region.
|
| |
|
|
|
|
| |
simplify the upcoming PIM patches.
Submitted by: Pavlin Radoslavov <pavlin@icir.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
use vrele() instead of vput() on the parent directory vnode returned
by namei() in the case where it is equal to the target vnode. This
handles namei()'s somewhat strange (but documented) behaviour of
not locking either vnode when the two vnodes are equal and LOCKPARENT
but not LOCKLEAF is specified.
Note that since a vnode double-unlock is not currently fatal, these
coding errors were effectively harmless.
Spotted by: Juergen Hannken-Illjes <hannken@eis.cs.tu-bs.de>
Reviewed by: mckusick
|
| |
|
|
|
|
|
|
|
| |
malloc and mbuf allocation all not requiring Giant.
1) ostat, fstat and nfstat don't need Giant until they call fo_stat.
2) accept can copyin the address length without grabbing Giant.
3) sendit doesn't need Giant, so don't bother grabbing it until kern_sendit.
4) move Giant grabbing from each indivitual recv* syscall to recvit.
|
| |
|
|
| |
specific perspective.
|
| |
|
|
|
|
|
| |
MI values. This ensures that td_critnest for a newly fork'd thread is
always valid.
Requested by: bde (a long time ago)
|
| |
|
|
| |
Reported by: kris
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
support routines in kern_acl.c:
- Define ACL_OVERRIDE_MASK and ACL_PRESERVE_MASK centrally in acl.h: the
mode bits that are (and aren't) stored in the ACL.
- Add acl_posix1e_acl_to_mode(): given a POSIX.1e extended ACL, generate
a compatibility mode (only the bits supported by the POSIX.1e ACL).
- acl_posix1e_newfilemode(): Given a requested creation mode and default
ACL, calculate the mode for the new file system object (only the bits
supported by the POSIX.1e ACL).
PR: 50148
Reported by: Ritz, Bruno <bruno_ritz@gmx.ch>
Obtained from: TrustedBSD Project
|
| |
|
|
| |
left behind.
|
| |
|
|
|
|
| |
See revision 1.140 of kern/sys_pipe.c for a detailed rationale.
Submitted by: tegge
|
| |
|
|
|
| |
This only protects the "struct buf" consumers (ie: DEV_STRATEGY()),
but does not protect BIO_STRATEGY() users.
|
| | |
|
| |
|
|
|
|
| |
by using VM_ALLOC_NOOBJ to allocate the bogus page.
Reviewed by: tegge
|
| |
|
|
|
|
| |
(See revision 1.140 of kern/sys_pipe.c for a detailed rationale.)
Submitted by: tegge
|
