Commit Graph

1350 Commits

Author SHA1 Message Date
njoly
973e485533 Start making fs read(2) fail with EISDIR if the implementation does
not allow read on directories (kernfs, rumpfs, ptyfs and sysvbfs).
Adjust man page accordingly, and add a small corresponding vfs
testcase.
2011-12-12 19:11:21 +00:00
hannken
1ebfe67c9f The union file system is as stable as other layered file systems so
no longer print a warning to the console.

Gnats is waiting ...
2011-12-05 11:12:10 +00:00
hannken
ea1a52c704 When union_allocvp() finds a node being cleaned out and the caller holds
a lock, ignore the node and continue.  To allow the cleaning to succeed
the current threadmust make progress.
For a brief time the cache may contain more than one vnode referring to
a lower node.

Don't unlock the hash mutex if getnewvnode fails -- we don't hold it.
2011-11-25 11:19:10 +00:00
hannken
035b1022bb Use hashinit() / hashdone() to create the union node hash list.
Cleanup the hash lookup in union_allocvp().

Needs more work as there is still a possible deadlock between
union_allocvp() and vclean().
2011-11-23 19:39:11 +00:00
hannken
4e825063cf Replace flag based union node locking with generic vnode lock, support
shared and nowait locks and protect un_uppervp and un_*sz with mutex.

Mark file system MPSAFE.
2011-11-21 18:29:22 +00:00
hannken
026265a4d0 Add missing fstrans_done().
Should fix PR #45635 (KASSERT "fli->fli_trans_cnt == 0" failed)
2011-11-21 10:46:56 +00:00
tls
3afd44cf08 First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.
2011-11-19 22:51:18 +00:00
christos
d11ea3ea81 Obey MNT_RELATIME, the only addition is that mkdir in ufs sets IN_ACCESS too. 2011-11-18 21:18:50 +00:00
hannken
7c028d0f99 VOP_ABORTOP() has no specific lock requirements so there is no need
to force locked vnodes here.  It should be impossible to come here
with a nil upper node.

Relock the directory vnode after copyup.  A locked union node with an
unlocked upper vnode can no longer exist so make FIXUP() an assertion.
2011-11-14 18:42:57 +00:00
hannken
3e29235de5 Remove a needless vnode lock/unlock dance. This is a leftover from the
removal of VOP_LEASE().

Function union_removed_upper() always works on unlocked upper vnodes so
remove the test-and-unlock and add an assertion.
2011-11-14 18:38:13 +00:00
hannken
d84a65dd80 VOP_OPEN() needs a locked vnode. All these copy-and-pasted xxxfs_mount()
implementations need more review.
2011-11-14 18:35:12 +00:00
christos
1058c21f81 use getdisksize() 2011-11-13 23:08:47 +00:00
christos
3cc8e640ed remove unused call to DIOCGPART that was only used for debugging.
malloc M_WAITOK, does not fail.
2011-11-13 23:07:11 +00:00
christos
05bbfb83a3 use getdisksize() 2011-11-13 23:03:55 +00:00
christos
3aa8e3d303 use getdisksize, M_ZERO, and malloc M_WAITOK doesn't fai. 2011-11-13 18:29:08 +00:00
dholland
0b69cddad2 Avoid panic on error path, from PR 45607. The error path is exercised
because this is using DIOCGPART to get the volume size, which doesn't
work on wedges. It should be calling getdisksize() instead.
2011-11-13 17:22:51 +00:00
hannken
405b01b248 Add a comment that pn_sizemtx should be useless as VOP_GETATTR now
needs a shared lock at least.
2011-10-30 13:24:13 +00:00
hannken
113be15313 VOP_GETATTR() needs a shared lock at least. 2011-10-23 08:42:06 +00:00
manu
399ad65db5 Remove #ifdef DIAGNOSTIC guards around KASSERT, as the macro contains them 2011-10-19 01:39:29 +00:00
hannken
7e4dd4325b VOP_GETATTR() needs a shared lock at least.
While here fix a typo (fvp -> tvp).
2011-10-18 20:20:29 +00:00
manu
bd77be0ce7 Make sure pagedaemon does not sleep for memory in puffs_vnop_sleep.
Add KASSERT on any sleeping memory allocation to check it cannot happen again.
2011-10-18 15:39:09 +00:00
hannken
749d77682d VOP_GETATTR() needs a shared lock at least. 2011-10-18 09:22:53 +00:00
manu
7f182e39c1 Roll back the change that forced kernel threads to not sleep in PUFFS.
The change does not make consensus, since only pagedaemon should need it.
Other threads will tolerate sleeping, and problems here are only symptoms
that something is going wrong in memory management. The cause, not the
symptoms, need to be fixed.
2011-10-17 23:54:01 +00:00
hannken
2083e28d1f VOP_GETATTR() needs a shared lock at least.
While here fix a typo (fvp -> tvp).
2011-10-16 12:41:45 +00:00
hannken
34f54c83be As vnalloc() always allocates with PR_WAITOK there is no longer the need
to test its result for NULL.
2011-10-07 09:35:04 +00:00
christos
8b0d7f915b rename SMBFS_MAXFNAMELEN to SMBFS_MAXNAMLEN for consistency 2011-09-27 02:05:10 +00:00
christos
d4bb8ac2b1 don't get affected by the NAME_MAX bump. Use the same constant as the
rest of the extrattr code.
2011-09-27 01:48:57 +00:00
christos
1e439c8185 define NILFS_MAXNAMLEN and use it. 2011-09-27 01:34:41 +00:00
christos
2fcd0204c6 return UDF_MAXNAMLEN instead of NAME_MAX 2011-09-27 01:33:30 +00:00
christos
367fc9326f return TMPFS_MAXNAMLEN instead of NAME_MAX 2011-09-27 01:32:21 +00:00
christos
5377c21fee use ISO_MAXNAMLEN instead of NAME_MAX 2011-09-27 01:27:44 +00:00
christos
d30021427a use NAME_MAX instead of MAXNAMLEN 2011-09-27 01:14:47 +00:00
christos
3a8df9f090 - rename UDF_MAX_NAMELEN -> UDF_MAXNAMLEN
- use NAME_MAX instead of MAXNAMLEN
2011-09-27 01:13:16 +00:00
christos
a00d98eb66 define and use TMPFS_MAXNAMLEN instead of MAXNAMLEN 2011-09-27 01:10:43 +00:00
christos
4fa49ab869 define and use ISO_MAXNAMLEN instead of MAXNAMLEN 2011-09-27 01:01:43 +00:00
manu
38de55a5dd Fix the build that was broken by struct lwp *updateproc reference in
RUMP-visible code. Instead of checking that updateproc (aka ioflush,
aka syncer) will not sleep in PUFFS code, I check for any kernel thread:
after all none of them are designed to hang awaiting for a remote filesystem
operation to complete.
2011-09-23 01:57:32 +00:00
manu
da3795c23e Make sure ioflush does not sleep in PUFFS code path, waiting for a mutex,
a memory allocation, or a response from the filesystem.

This avoids deadlocks in the following situations:
1) when memory is low: ioflush waits the fileystem, the fielsystem waits
   for memory
2) when the filesystem does not respond (e.g.: network outage ona
   distributed filesystem)
2011-09-21 15:36:33 +00:00
christos
025e844498 don't update access/change times on open. 2011-09-16 18:43:44 +00:00
plunky
7f3d4048d7 NULL does not need a cast 2011-08-31 18:31:02 +00:00
manu
96c935e33b Add a mutex for operations that touch size (setattr, getattr, write, fsync).
This is required to avoid data corruption bugs, where a getattr slices
itself within a setattr operation, and sets the size to the stall value
it got from the filesystem. That value is smaller than the one set by
setattr, and the call to uvm_vnp_setsize() trigged a spurious truncate.
The result is a chunk of zeroed data in the file.

Such a situation can easily happen when the ioflush thread issue a
VOP_FSYNC/puffs_vnop_sync/flushvncache/dosetattrn while andother process
do a sys_stat/VOP_GETATTR/puffs_vnop_getattr.

This mutex on size operation can be removed the day we decide VOP_GETATTR
has to operated on a locked vnode, since the other operations that touch
size already require that.
2011-08-29 04:12:45 +00:00
hannken
8dc51ab7d8 Print the warning message on mount once.
Should fix PR #42795 (patch to make mounting union filesystems less obnoxious)
2011-08-28 08:27:57 +00:00
hannken
f68873a343 Finish and enable whiteout support for tmpfs:
- Enable VOP tmpfs_whiteout().
- Support ISWHITEOUT in tmpfs_alloc_file().
- Support DOWHITEOUT in tmpfs_remove() and tmpfs_rmdir().
- Make rmdir on a directory containing whiteouts working.

Should fix PR #35112 (tmpfs doesn't play well with unionfs).
2011-08-27 15:32:28 +00:00
hannken
f937bd97b7 Stop abusing relookup() to prepare the creation of new nodes
in the upper layer.
Replace union_relookup() with union_do_lookup() that prepares
a component, calls VOP_LOOKUP() and does the EEXIST test.
2011-08-23 07:39:37 +00:00
riastradh
b4d52ac6e6 Fix tmpfs_rename locking.
Fixes PR kern/36681.  tmpfs now survives dirconc, all our vfs/tmpfs
tests and rename races in atf, and a bunch of hand-written tests
that I'd commit if atf didn't find them highly indigestible.

ok dholland
2011-08-18 21:42:18 +00:00
mbalmer
0813ba11d0 Fix some typos. 2011-08-16 14:29:16 +00:00
apb
464d645aeb Rename all static functions to have "v7fs_" prefix. Fixes a problem
in the tools build, where the static link() and unlink() functions
conflicted with those declared in <unistd.h>.
2011-08-14 09:02:07 +00:00
hannken
1147247693 Use mutexes to protect the hash lists instead of tsleep/wakeup. 2011-08-13 10:48:14 +00:00
hannken
94fc281af2 Change some #ifdef DIAGNOSTIC' to KASSERT'.
Instead of a `pid_t' use a `lwp_t *' for locking diagnostics.

No functional changes intended.
2011-08-12 17:41:17 +00:00
hannken
b8e5efdc84 Add missing parts to mount devices from a union file system:
- union_close()    has to lock/unlock the lower vnode.
- union_fsync()    has to call spec_fsync() for the union vnode.
- union_strategy() must allow writes to devices on the lower file system.
- union_bwrite()   was completely missing.
2011-08-12 14:36:29 +00:00
hannken
7b19d6d068 When creating a union node representing a device initialize
the spec_node to make vrele() happy.
2011-08-12 06:40:10 +00:00