Age | Commit message (Collapse) | Author |
|
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.
ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut
|
|
In particular, this allows SIOCGIF* requests to run in parallel.
lots of help & ok mpi, ok visa, sashan
|
|
invalid. But the compiler cannot know whether it has changed in
the meantime, so in the else case a bunch of variables would not
be initialized. Add a panic() there to change the compiler's
assumptions, the code should not be reached anyway.
found by clang -Wuninitialized; OK deraadt@
|
|
Finally protect the last `so_rcv' and `so_snd' accesses with the socket
lock.
ok visa@, bluhm@
|
|
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
|
being brewed.
ok beck
|
|
an if vs the condition itself. weird contortions because of course the
lines want to be like 900 columns wide, but i think it's better now.
|
|
also move checks up sooner to prevent a (root) panic.
ok bluhm
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
ok phessler@, visa@, bluhm@
|
|
Protect the fields modifieds by sosetopt() and simplify the dance
with the stars.
ok bluhm@
|
|
As a side effect, soconnect() and soconnect2() now expect a locked socket,
so update all the callers.
ok bluhm@
|
|
this mbuf was allocated by the first call. Fixes possible memory leak.
Found by Ilja Van Sprundel
OK bluhm@ deraadt@
|
|
While here document an abuse of parent socket's lock.
Problem reported by krw@, analysis and ok bluhm@
|
|
buffers.
This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.
Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.
Tested by Hrvoje Popovski.
ok claudio@, bluhm@, mikeb@
|
|
bugs could easily result in use-after-free or double free. Introduce
m_freemp() which automatically resets the pointer before freeing
it. So we have less dangling pointers in the kernel.
OK krw@ mpi@ claudio@
|
|
Outside of USB, no code is executed in a softnet interrupt context. So
what's protecting NFS data structures is the KERNEL_LOCK().
But more importantly, since r1.114 of nfs_socket.c, the 'softnet' thread
is no longer executing NFS code.
ok visa@
|
|
ok bluhm@
|
|
Always defere soreceive() to an nfsd(8) process instead of doing it in
the 'softnet' thread. Avoiding this recursion ensure that we do not
introduce a new sleeping point by releasing and grabbing the netlock.
Tested by many, committing now in order to find possible performance
regression.
|
|
"good work" deraadt@, ok visa@
|
|
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
|
This will allow us to keep locking simple as soon as we trade
splsoftnet() for a rwlock.
ok bluhm@
|
|
PRU_SEND.
|
|
|
|
ok mpi@ deraadt@
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
ok natano@
|
|
ok kettenis@ krw@ natano@ dlg@ espie@
|
|
stale reference and lock, while it shouldn't hold either.
"makes sense to me" beck@
|
|
|
|
1) turn NDINITAT into a function and make the macros point to it
with the later goal of getting rid of them.
2) Sweep the kernel for places where people make a struct nameidata manually
on the stack and fill in what they hope are the required fields and count
on prayer and clean living to always get them right. Instead use NDINIT
everywhere. NFS was especially bad for this and there have likely
been things lurking there for a while.
3) Add a couple of strategic KASSERT's to catch future offenders.
ok krw@ sthen@ deraadt@
|
|
msdosfs and nfsv2 don't set f_namemax. ntfs and ext2fs don't set
f_namemeax and f_favail. fusefs doesn't set f_mntfromspec, f_favail and
f_iosize. Also, make all filesystems use copy_statfs_info(), so that all
statfs information is filled in correctly for the (sb != &mp->mnt-stat)
case.
ok stefan
|
|
torture tested on amd64, i386 and macppc
ok beck mpi stefan
"the change looks right" deraadt
|
|
OK krw@ natano@ as part of a larger diff
|
|
|
|
ok tedu@, with a slight tweak
|
|
|
|
needed. Found by henning@ - thanks!
ok deraadt@
|
|
ok deraadt@
|
|
From David Hill; OK mpi@; tested kspillner@; tweaks bluhm@
|
|
because the nfsm_strsiz() macro sneakily modifies a parameter!
ok beck
|
|
|
|
|
|
everywhere to avoid passing around pointers to uninitialized stack
memory. While there, fix the call to in6_recoverscope() in
fill_drlist().
OK deraadt@ mpi@
|
|
From David Hill; OK mpi@
|
|
ok stsp mpi
|
|
ok bluhm@, claudio@, dlg@
|
|
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
|
|
|
logic from the rest of the kernel that deals with filename
lookups.
In snaps for some time.
Initially found by jsg@
Prodded by deraadt@
|