all-sink and make sure each separate thread in rump has its own
lwp. Happy-go-lucky callers will get scheduled a temporary lwp
on entry, while true lwp connoisseurs may request a stable lwp
for their purposes. Some more love may be required later down the
road, but for now different threads will stepping on each others
toes.
for kernel code which has been written to avoid MP contention by
using cpu-local storage (most prominently, select and pool_cache).
Instead of always assuming rump_cpu, the scheduler must now be run
(and unrun) on all entry points into rump. Likewise, rumpuser
unruns and re-runs the scheduler around each potentially blocking
operation. As an optimization, I modified some locking primitives
to try to get the lock without blocking before releasing the cpu.
Also, ltsleep was modified to assume that it is never called without
the biglock held and made to use the biglock as the sleep interlock.
Otherwise there is just too much drama with deadlocks. If some
kernel code wants to call ltsleep without the biglock, then, *snif*,
it's no longer supported and rump and should be modified to support
newstyle locks anyway.
of the external interfaces and namespacing the internal ones to
"rumppriv", put the external ones in a "rump_pub" namespace. While
this requires adjusting all of the external callers of these
interfaces, it is the right thing to do in the long run, since it
clarifies the structure.
us to control and wrap all entry points from "userspace" into rump.
This in turn is necessary for the upcoming rump cpu scheduler.
For each interface "foo" a public wrapper called "rump_foo" is
created. It calls the internal implementation "rumppriv_foo". In
case foo is to be called from inside of rump kernel space, the
private interface "rumppriv_foo" is used -- the userspace wrapper
prototypes are not even exported into the rump kernel namespace.
Needless to say, the rump kernel internal interfaces are not exported
for users.
Now, three classes of interfaces fight for control of rump:
+ the noble local control interfaces (which this commit addresses)
+ the insidious rump system calls (which are generated from syscalls.master)
+ and the evil vnode interfaces (which are generated from vnode_if.src)
reference counting and not release nodes based just on puffs'
impression of if they are free.
This also allows us to reclaim vnodes already in inactive if the
file system so desires. Some file systems, most notably ffs, change
file state already in inactive. This could lead to a deadlock in
the middle of inactive and reclaim if some other puffs operation
was processed in between (as exposed by haad's open(at) test
program).
Also, properly thread the componentname from lookup to the actual
vnode operation. This required the changes the rump componentname
routines. Yes, the rename case is truly mindbogglingly disgusting.
Puke for yourself.
since ltsleep abuses "while (!mutex_tryenter()) continue;" for NOT
releasing the kernel biglock before sleeping, we cannot do a normal
mutex_enter() in the wakeup path, or otherwise we might be a
situation where the sleeper holds the kernel lock and wants the
sleepermutex (and will not back down) and the wakeupper holds the
sleepermutex and wants the kernel lock. So introduce kernel lock
backdown to the wakeup path.
vfs in nature, and therefore it belongs here (can't load a firmware
from a file system without file system support, right?). Rename
rump_cwdi to cwdi0, since firmload depends on that name (naughty
firmload).
which take softnet_lock and might run before the lock is actually
initialized. Also, soinit() itself already calls soinit2(), so no
need to call it twice.
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
