vfs in nature, and therefore it belongs here (can't load a firmware
from a file system without file system support, right?). Rename
rump_cwdi to cwdi0, since firmload depends on that name (naughty
firmload).
which take softnet_lock and might run before the lock is actually
initialized. Also, soinit() itself already calls soinit2(), so no
need to call it twice.
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
Pfsync interface exposes change in the pf(4) over a pseudo-interface, and can
be used to synchronise different pf.
This work was part of my 2009 GSoC
No objection on tech-net@
for orphaned sections to using PROVIDE. What this means is that
unless a rump component internally references that symbol, it will
not be included in the component shared library, and hence cannot
be referenced when the component is loaded. Add a workaround which
works both with 2.16 and 2.19: force a reference to the __start
symbol internally and hence retain it in the resulting library.
since that opens a race window for non-mpsafe code, so do it after.
Additionally, we cannot call mutex_enter() for sleepermtx, since
ltsleep/mtsleep should not block (i.e. release kernel lock) before
actually blocking, so busyloop in mutex_tryenter(). Finally, when
waking up, take kernel lock back only *after* releasing sleepermtx
to avoid deadlock against another thread holding the kernel lock
and wanting sleepermtx.
(yes, it's functionally a device instead of a networking domain,
since it provides and is accessed through /dev/nsmb instead of
being accessed through sockets)
vnode pager.
It would have been nice to keep a separate version:
* it has helped find file system bugs which the kernel pager
treated as non-errors
* it does not contain extra payload unnecessary in userspace
However, getting the details of the pager implementation correct
with all the flags, offsets and block/page size special cases is
*EXTREMELY* difficult (chuq > god).
On the plus side, LFS write now works for file data too instead of
just metadata. Also, maybe being able to singlestep the genfs
vnode pager in the comfort of userspace will allow more people to
understand how the behemoth functions.
Instead of doing actual page remapping, which we can't portably
do in userspace without extensive trickery (read: signals), simply
allocate the kva window with new physical backing, copy page
contents, return, and copy contents back in mapout. Since the
pages are locked during the mapping cycle, we can do this without
hazard.
* add lots of stubbies necessary for new stuff coming soon
introduce a new and improved "etfs" interface, which can be used
to register host files accessible from rump fs namespace. This
new interface is not restriced to block devices, and neither does
it require the same pathname in host namespace and rump namespace.
Therefore, the same host file can be represented both as a char
and block device in rump namespace.
* adjust rumpblk to make the above possible
* improve rumpfs: nodes are now created properly and not implicitly
tied to the vnode lifecycle
are present. This works in userspace as opposed relying in link
sets, which fail miserably. Later, when the networking stack
becomes modularized, we can move to a dynamic scheme like with file
systems.
Also, this change allows us to do proper autoconfig, namely attach
the loopback interface iff it is present.
component, but due to ifdef happiness permeating the sources, it's
a compile decision for now, so netinet pulls in both inet and inet6.
One issue, one single issue: the loopback interface still needs to
be created for IPv6 to work. I have patches to take care of it
automatically if the appropriate component (net) is present, but
they require a bit more testing before commit.
the name to rump_module_init(). Also, adjust the signature to take
a direct pointer to modinfo and allow passing of props. Finally,
provide rump_module_fini().
kernels running in other processes on the same machine or on an
entirely different host. I wrote this a while ago and am now
committing it mainly to avoid losing it. It works, but could do
with a little tuning here and there.
What this will hopefully eventually buy us is the ability to use
standard userland tools to configure rump kernels, e.g. ifconfig(8)
and route(8) could be used to configure the networking stack provided
by a rump kernel. Also some distributed OS implications may apply.
fun fact: a system call which just does copyin/copyout takes >1000x
longer when made over the LAN as compared to when made on the same
machine.
lookups through them. This has two implications:
1) mountpoints can be created directly onto the rump rootfs.
this is benefitial in test programs where we want the same
program to be easily switched between testing against rump and
testing against the host kernel.
2) fakeblk must be used (it used to work implicitly) to register
block devices that should be used from the host fs namespace.
how to do it (e.g. fsync_range)
* hash out O_DIRECT support. it's the fastest method of safely operating
on a file, but we can't currently autodetect support, so it's not
enabled by default
* sprinkle more event counters
entire image.
Benefits:
* the whole image does not need to fit into VA
* a core dump is not of gargantuan proportions
Performance is pretty close to one whopping mmap. I'll finetune
the parameters later, although the current ones seem pretty good
in initial testing.
call in addition to the old rump_mnt_mount(). Some issues remain
(but require more deeprooted changes):
* it is possible to mount only to /
* unmount needs MNT_FORCE due to the new fs being root and having
a bonus reference
* cwdi is not set (since there is no concept of a process)
with arraysize instead of arraysize-1. Previously there was one
inconsistency in the code. This might fix a crash reported by apb.
Also, g/c outdated comment.
PR kern/16942 panic with softdep and quotas
PR kern/19565 panic: softdep_write_inodeblock: indirect pointer #1 mismatch
PR kern/26274 softdep panic: allocdirect_merge: ...
PR kern/26374 Long delay before non-root users can write to softdep partitions
PR kern/28621 1.6.x "vp != NULL" panic in ffs_softdep.c:4653 while unmounting a softdep (+quota) filesystem
PR kern/29513 FFS+Softdep panic with unfsck-able file-corruption
PR kern/31544 The ffs softdep code appears to fail to write dirty bits to disk
PR kern/31981 stopping scsi disk can cause panic (softdep)
PR kern/32116 kernel panic in softdep (assertion failure)
PR kern/32532 softdep_trackbufs deadlock
PR kern/37191 softdep: locking against myself
PR kern/40474 Kernel panic after remounting raid root with softdep
Retire softdep, pass 2. As discussed and later formally announced on the
mailing lists.
by setting RUMP_BLKFAIL to control the frequency and optionally
RUMP_BLKFAIL_SEED, which seeds the "random" number generator. Feel
free to extend the code if you want something "a little more" for
your purposes.
relative time. This prevents drifting. Also, keep track of time
within userspace, so we do not have to make a syscall to get the
clock value. This is approximately 7 times cheaper, but on the
negative side is limited to the clock interrupt frequency.
except keep my feet warm by consuming an insane amount of cpu
cycles -- in rump our current "cpu" context is never interrupted
& we have MULTIPROCESSOR.
(itch i'm scratching: it made the networking stack 10-20% slower.
this is one of the places where fast code actually matters)
* do not panic if VOP_STRATEGY fails. it's someone else's problem
* return the actual number of pages we provided, not just the ones
which contain data
* sprinkle some debug prints
io descriptors, just allocate an array statically and be happy.
Fixes a problem found by Arnaud Ysmal where a descriptor would be
allocated using kmem_alloc(9) and free'd using free(3).
return EINVAL and result in not protecting what they are supposed
to protect. This results in the counter value getting corrupted
and asserts firing.
Problem reported by Arnaud Ysmal.
While debugging this, take the opportunity to remove explicit
pthread_t comparisons and put everything under pthread_equal().
sources instead of homegrown allocators. Default to "on", even
though they appear to be a few percent slower at least on short
jobs (e.g. untar to tmpfs).
for some reason. Because I don't have time to descends into the
depths to figure out why, give an alternative rumpuser_pth module,
which allows to link rump completely without pthreads. Naturally,
this means that no threads can be used, but it's enough to get
profiling done in some cases.
made to fail. Specifically, change
.ifdef(SYMBOL) -> .ifdef SYMBOL or .if defined(SYMBOL),
and corresponding for .ifndef.
Also correct one error in lib/libm/Makefile (.ifdef (${MKCOMPLEX} != "no")?!?).
lacking special instructions. We always use the spinlocked version
(could use RAS on UP NetBSD host, but it's not portable).
* Add platform-based symbol quirk tables for selectively not renaming
toolchain symbols for some platforms. Although, this should really
depend on the (toolchain,platform)-tuple and not just the platform.
This allows arm, hppa, mips and sh3 to build succesfully with an
isolated rump kernel namespace. ... now, one arch remains: vax.
you must compile vax. then, only then will you MI be.
really be autogenerated, but seems it's generally not required by
stuff in rump and guessing the location of the appropriate genassym.cf
is difficult without a major consultation.
Thanks to Havard for spotting the build failure.
* revert rev 1.68 of emul.c: delay() is hopelessly MD and needs
whipping (not the fun kind)
* #undef DELAY in cpu.h
This will hopefully fix build for all archs and give me time to
hop through our 46521 fine archs and edit the headers.
magic libc symbol. This also allows to bid farewell to subr_prf2.c
and merge the contents back to subr_prf.c. The host kernel bridging
is now done via rumpuser_putchar().
pooka