Age | Commit message (Collapse) | Author |
|
|
|
vnode's mount point. this makes it impossible for a user to bypass the
noexec protection of a mount point by null-mounting it on top of itself.
ok tedu@ millert@
|
|
|
|
testing for quite some time by brad + otto
|
|
from Patrick Latifi <patrick.l@hermes.usherb.ca>
ok jason@ tedu@
|
|
argument. old cred only calls user suser_ucred. this will allow future
work to more flexibly implement the idea of a root process. looks like
something i saw in freebsd, but a little different.
use of suser_ucred vs suser in file system code should be looked at again,
for the moment semantics remain unchanged.
review and input from art@ testing and further review miod@
|
|
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
won't always work, but it's the best we can do for now. this covers
at least some of the failure cases the previous commit to vfs_lookup.c
checks for.
ok weingart@
|
|
ok and input csapuntz@
|
|
vfs_subr.c:
add a missing simple_lock_init for vnode interlock
try to avoid reclaiming locked or layered vnodes
initialize vnlock pointer to NULL
remove old code to free vnlock, never used
lockinit the new vnode lock
vfs_syscalls.c:
support for VLAYER flag
vnode_if.sh:
support for splitting VDESC flags
vnode_if.src:
split VDESC flags
WILLPUT is the combination of WILLRELE and WILLUNLOCK
most uses for WILLRELE become WILLPUT
vnode.h:
add v_lock to struct vnode
add VLAYER flag
update for new VDESC flags
|
|
|
|
|
|
ok deraadt@ and art@
|
|
on the returned file, do the FREF inside getvnode so that people can't
get away with avoiding FREF and FRELE.
Eyeballed by various people.
|
|
to get shared locks for lookup and get the exclusive lock only with
LK_DRAIN on unmount and do the real exclusive locking with flags in
mnt_flags, we now use shared locks for lookup and an exclusive lock for
unmount.
This is accomplished by slightly changing the semantics of vfs_busy.
Old vfs_busy behavior:
- with LK_NOWAIT set in flags, a shared lock was obtained if the
mountpoint wasn't being unmounted, otherwise we just returned an error.
- with no flags, a shared lock was obtained if the mountpoint was being
unmounted, otherwise we slept until the unmount was done and returned
an error.
LK_NOWAIT was used for sync(2) and some statistics code where it isn't really
critical that we get the correct results.
0 was used in fchdir and lookup where it's critical that we get the right
directory vnode for the filesystem root.
After this change vfs_busy keeps the same behavior for no flags and LK_NOWAIT.
But if some other flags are passed into it, they are passed directly
into lockmgr (actually LK_SLEEPFAIL is always added to those flags because
if we sleep for the lock, that means someone was holding the exclusive lock
and the exclusive lock is only held when the filesystem is being unmounted.
More changes:
dounmount must now be called with the exclusive lock held. (before this
the caller was supposed to hold the vfs_busy lock, but that wasn't always
true).
Zap some (now) unused mount flags.
And the highlight of this change:
Add some vfs_busy calls to match some vfs_unbusy calls, especially in
sys_mount. (lockmgr doesn't detect the case where we release a lock noone
holds (it will do that soon)).
If you've seen hangs on reboot with mfs this should solve it (I repeat this
for the fourth time now, but this time I spent two months fixing and
redesigning this and reading the code so this time I must have gotten
this right).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
the same semantics as NetBSD anyway, so it's good to avoid name collissions.
- Always fdremove before freeing the file, not the other way around.
- falloc FREFs the file.
- have FILE_SET_MATURE FRELE the file (It feels like a good ortogonality to
falloc FREFing the file).
- Use closef as much as possible instead of ffree in error paths of
falloc:ing functions. closef is much more careful with the fd and can
deal with the fd being forcibly closed by dup2. Also try to avoid
manually calling *fo_close when closef can do that for us (this makes
some error paths mroe complicated (sys_socketpair and sys_pipe), but
others become simpler (sys_open)).
|
|
from fd tables and other long-lived objects). This is to avoid races between
using a file descriptor and having another process (with shared fd table)
close it. We use a separate refence count so that error values from close(2)
will be correctly returned to the caller of close(2).
The macros for those reference counts are FILE_USE(fp) and FILE_UNUSE(fp).
Make sure that the cases where closef can be called "incorrectly" (most notably
dup2(2)) are handled.
Right now only callers of closef (and {,p}read) use FILE_{,UN}USE correctly,
more fixes incoming soon.
|
|
In some cases that could cause dupfdopen->fd_getfile to access freed memory
setting fd_ofiles[fd] to NULL is not a solution because that would cause
a race condition.
Free the new file after dupfdopen and use closef (because it will be necessary
in the future.
XXX - consider more cleanup of the code around dupfdopen.
|
|
to detect whether the path passed in from userland is too long.
Based on a patch from peterw AT ifost.org.au.
|
|
|
|
machines or some configurations or in some phase of the moon (we actually
don't know when or why) files disappeared. Since we've not been able to
track down the problem in two weeks intense debugging and we need -current
to be stable, back out everything to a state it had before UBC.
We apologise for the inconvenience.
|
|
code is written mostly by Chuck Silvers <chuq@chuq.com>/<chs@netbsd.org>.
Tested for the past few weeks by many developers, should be in a pretty stable
state, but will require optimizations and additional cleanups.
|
|
(Look ma, I might have broken the tree)
|
|
any anyone. Every caller of falloc matures the fd when it's usable.
- Since every lookup in the fd table must now check this flag and all of
them do the same thing, move all the necessary checks into a function -
fd_getfile.
|
|
A simple mknod at causes a kernel panic (uvm_fault).
|
|
refed, so that the caller can actually use it. update callers and
file systems that implement these vnode operations
ok'd by art
|
|
|
|
|
|
|
|
Create COMPAT_23 and move __osemctl, omsgctl, oshmctl there.
|
|
kern_ipc_10.c for other compat modules.
|
|
|
|
|
|
consistency with syscallargs.h as well as sys_lseek.
|
|
and otherwise are disabled.
art@ ok.
|
|
|
|
Snapshot-related code has been commented out.
|
|
|
|
fsync; art@ ok.
|
|
|
|
|
|
|
|
(sys_fhopen, sys_fhstat, sys_fhstatfs): new system calls that use file
handles instead of file names. largely based on NetBSD
|