aboutsummaryrefslogtreecommitdiff
path: root/sys/ufs
Commit message (Collapse)AuthorAgeFilesLines
* Get rid of qaddr_t.Alfred Perlstein2007-10-161-3/+3
| | | | | | | Requested by: bde Notes: svn path=/head/; revision=172697
* Fix a DIV0 in case a large value for fs_avgfilesize or fs_avgfpdirBjoern A. Zeeb2007-09-101-1/+4
| | | | | | | | | | | | | | | | is given (with newfs or tunefs) and dirsize overflows. In case dirsize is <= 0 because of an overflow set maxcontigdirs to 0 so it will be 1 later. This is what would happen for large fs_avgfilesize. [1] Identified with help from: roberto, pjd Submitted by: pjd [1] Approved by: re (rwatson) MFC after: 8 days Notes: svn path=/head/; revision=172113
* Perform range check before allocating memory when readingCraig Rodrigues2007-07-131-0/+4
| | | | | | | | | | | extended attributes. Reviewed by: kib Approved by: re (hrs) PR: 114389 Notes: svn path=/head/; revision=171437
* Fix an annoying pointer/int cast warning that shows up on 64 bit systems.Peter Wemm2007-07-021-1/+1
| | | | | | | Approved by: re Notes: svn path=/head/; revision=171147
* Fix livelock that could occur when snapshoting UFS with quotas, whereKonstantin Belousov2007-06-222-3/+3
| | | | | | | | | | | | | | | | | | | some quota limit was exceeded. Sequence of UFS_VALLOC()/UFS_VFREE() call there could cause inodeblock to have both freefile and inodedep dependencies without any inode in the block being marked for write. Then, softdep_check_suspend() would return EAGAIN forewer. Force write of inodeblock with allocated freefile softdependency by setting IN_MODIFIED flag in softdep_freefile and unconditionally calling UFS_UPDATE() in ufs_reclaim. Reported by: kris Debug help and tested by: Peter Holm Approved by: re (kensmith) MFC after: 3 weeks Notes: svn path=/head/; revision=170991
* Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); inRobert Watson2007-06-124-32/+16
| | | | | | | | | | | | | | | | | | some cases, move to priv_check() if it was an operation on a thread and no other flags were present. Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c. We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h. Reviewed by: csjp Obtained from: TrustedBSD Project Notes: svn path=/head/; revision=170587
* Commit 14/14 of sched_lock decomposition.Jeff Roberson2007-06-051-9/+15
| | | | | | | | | | | | | | - Use thread_lock() rather than sched_lock for per-thread scheduling sychronization. - Use the per-process spinlock rather than the sched_lock for per-process scheduling synchronization. Tested by: kris, current@ Tested on: i386, amd64, ULE, 4BSD, libthr, libkse, PREEMPTION, etc. Discussed with: kris, attilio, kmacy, jhb, julian, bde (small parts each) Notes: svn path=/head/; revision=170307
* Change the VOP_OPEN(), vn_open() vnode operation and d_fdopen() cdev operationKonstantin Belousov2007-06-011-1/+1
| | | | | | | | | | | argument from being file descriptor index into the pointer to struct file: part 2. Convert calls missed in the first big commit. Noted by: rwatson Pointy hat to: kib Notes: svn path=/head/; revision=170183
* - Move rusage from being per-process in struct pstats to per-thread inJeff Roberson2007-06-012-2/+2
| | | | | | | | | | | | | | | | | | | | | | td_ru. This removes the requirement for per-process synchronization in statclock() and mi_switch(). This was previously supported by sched_lock which is going away. All modifications to rusage are now done in the context of the owning thread. reads proceed without locks. - Aggregate exiting threads rusage in thread_exit() such that the exiting thread's rusage is not lost. - Provide a new routine, rufetch() to fetch an aggregate of all rusage structures from all threads in a process. This routine must be used in any place requiring a rusage from a process prior to it's exit. The exited process's rusage is still available via p_ru. - Aggregate tick statistics only on demand via rufetch() or when a thread exits. Tick statistics are kept in the thread and protected by sched_lock until it exits. Initial patch by: attilio Reviewed by: attilio, bde (some objections), arch (mostly silent) Notes: svn path=/head/; revision=170174
* Revert UF_OPENING workaround for CURRENT.Konstantin Belousov2007-05-311-1/+1
| | | | | | | | | | | | Change the VOP_OPEN(), vn_open() vnode operation and d_fdopen() cdev operation argument from being file descriptor index into the pointer to struct file. Proposed and reviewed by: jhb Reviewed by: daichi (unionfs) Approved by: re (kensmith) Notes: svn path=/head/; revision=170152
* - Remove unnecessary vnode internal locking - v_vflag is protect by vnode'sPawel Jakub Dawidek2007-05-281-18/+9
| | | | | | | | lock (not vnode's interlock). - Simplify code a bit. Notes: svn path=/head/; revision=170041
* Eliminate VI_LOCK()/VI_UNLOCK() pair from getattr and close code paths.Pawel Jakub Dawidek2007-05-231-20/+27
| | | | | | | | | | | | It's hard to measure performance improvement on my test machine, but the change won't degrade performance for sure. I can measure slight improvement for debugging kernel and it can also be a win for machines where atomic operation is more expensive. Reviewed by: kib Notes: svn path=/head/; revision=169898
* Since renaming of vop_lock to _vop_lock, pre- and post-conditionKonstantin Belousov2007-05-181-7/+7
| | | | | | | | | function calls are no more generated for vop_lock. Rename _vop_lock to vop_lock1 to satisfy tools/vnode_if.awk assumption about vop naming conventions. This restores pre/post-condition calls. Notes: svn path=/head/; revision=169671
* Add a newline to the printf message.Andrew Thompson2007-05-031-1/+1
| | | | Notes: svn path=/head/; revision=169239
* Fix the NAMEI zone leak when snapshot was successfully created.Konstantin Belousov2007-04-101-0/+1
| | | | | | | | Reported and tested by: Peter Holm MFC after: 2 weeks Notes: svn path=/head/; revision=168576
* Recalculate the NEWBLOCK flag for pagedep structure after the softdepKonstantin Belousov2007-04-101-5/+26
| | | | | | | | | | lock is dropped, since pagedep may be already processed and deallocated. Found and tested by: kris MFC after: 2 weeks Notes: svn path=/head/; revision=168575
* When LK_NOWAIT is passed as argument to process_worklist_item(), thisKonstantin Belousov2007-04-101-1/+4
| | | | | | | | | | | | | does not prevent handle_workitem_remove() from recursing into a blocking version. Add the dirrem to worklist instead of processing it now if this is the case. Reported and tested by: kris Submitted by: tegge MFC after: 2 weeks Notes: svn path=/head/; revision=168574
* Use *_EMPTY macros when appropriate.Xin LI2007-04-044-47/+47
| | | | Notes: svn path=/head/; revision=168353
* Revert rev. 1.205. Replace unconditional acquision of Giant when QUOTAS areKonstantin Belousov2007-03-291-0/+5
| | | | | | | | | | | | defined with VFS_LOCK_GIANT(NULL) call. This shall fix softdep operation when mpsafe_vfs = 0. Reported and tested by: kris Submitted by: tegge MFC after: 1 week Notes: svn path=/head/; revision=168021
* Mark UFS as being MP-Safe in "options QUOTA" case too. Remove no moreKonstantin Belousov2007-03-202-19/+0
| | | | | | | | | | | neccessary Giant acquisions in softdepend processing code. Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith) Notes: svn path=/head/; revision=167737
* When we write extended attributes, assert that the inode hasn'tBrian Somers2007-03-191-0/+3
| | | | | | | | | | | | | already been deleted. The assertion is important to show that we won't end up accounting for extended attribute blocks (using fs_pendingblocks) in our subsequent call to fs_alloc(). Agreed verbally by: mckusick MFC after: 3 weeks Notes: svn path=/head/; revision=167719
* Implement fine-grained locking for UFS quotas.Konstantin Belousov2007-03-143-142/+493
| | | | | | | | | | | | | | | | | | | | | | Each struct dquot gets dq_lock mutex to protect dq_flags and to interlock with DQ_LOCK. qhash, dqfreelist and dq.dq_cnt are protected by global dqhlock mutex. i_dquot array for inode is protected by lockmgr' vnode lock, corresponding assert added to the dqget(). Access to struct ufsmount quota-related fields (um_quotas and um_qflags) is protected by um_lock. Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith) This work were not possible without enormous amount of help given by Tor Egge and Peter Holm. Tor reviewed each version of patch, pointed out numerous errors and provided invaluable suggestions. Peter did tireless testing of the patch as it was developed. Notes: svn path=/head/; revision=167543
* Call getinoquota() before allocating new block for the directory to properlyKonstantin Belousov2007-03-141-0/+8
| | | | | | | | | | | account for block allocation. Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith) Notes: svn path=/head/; revision=167542
* Remove unneeded getinoquota() call in the ufs_access().Konstantin Belousov2007-03-141-4/+0
| | | | | | | | | Tested by: Peter Holm Reviewed by: tegge Approved by: re (kensmith) Notes: svn path=/head/; revision=167541
* Make insmntque() externally visibile and allow it to fail (e.g. duringTor Egge2007-03-131-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | late stages of unmount). On failure, the vnode is recycled. Add insmntque1(), to allow for file system specific cleanup when recycling vnode on failure. Change getnewvnode() to no longer call insmntque(). Previously, embryonic vnodes were put onto the list of vnode belonging to a file system, which is unsafe for a file system marked MPSAFE. Change vfs_hash_insert() to no longer lock the vnode. The caller now has that responsibility. Change most file systems to lock the vnode and call insmntque() or insmntque1() after a new vnode has been sufficiently setup. Handle failed insmntque*() calls by propagating errors to callers, possibly after some file system specific cleanup. Approved by: re (kensmith) Reviewed by: kib In collaboration with: kib Notes: svn path=/head/; revision=167497
* Move macros describing extended attributes in UFS fromKirk McKusick2007-03-061-0/+49
| | | | | | | | | | | | | | <sys/extattr.h> to <ufs/ufs/extattr.h>. Move description of extended attributes in UFS from man9/extattr.9 to man5/fs.5. Note that restore will not compile until <sys/extattr.h> and <ufs/ufs/extattr.h> have been updated. Suggested by: Robert Watson Notes: svn path=/head/; revision=167259
* Fix build breakage.Pawel Jakub Dawidek2007-03-011-1/+1
| | | | Notes: svn path=/head/; revision=167155
* Change:Pawel Jakub Dawidek2007-03-011-1/+1
| | | | | | | | | "... try to use VADMIN in preference to VADMIN ..." To: "... try to use VADMIN in preference to VWRITE ..." Notes: svn path=/head/; revision=167154
* Rename PRIV_VFS_CLEARSUGID to PRIV_VFS_RETAINSUGID, which seems to betterPawel Jakub Dawidek2007-03-012-3/+4
| | | | | | | | | describe the privilege. OK'ed by: rwatson Notes: svn path=/head/; revision=167152
* Avoid checking for privileges if there is no need to.Pawel Jakub Dawidek2007-03-012-13/+18
| | | | | | | Discussed with: rwatson Notes: svn path=/head/; revision=167151
* Account for di_blocks allocations when IN_SPACECOUNTED is set in anBrian Somers2007-02-232-7/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | inode's i_flag. It's possible that after ufs_infactive() calls softdep_releasefile(), i_nlink stays >0 for a considerable amount of time (> 60 seconds here). During this period, any ffs allocation routines that alter di_blocks must also account for the blocks in the filesystem's fs_pendingblocks value. This change fixes an eventual df/du discrepency that will happen as the result of fs_pendingblocks being reduced to <0. The only manifestation of this that people may recognise is the following message on boot: /somefs: update error: blocks -N files M at which point the negative pending block count is adjusted to zero. Reviewed by: tegge MFC after: 3 weeks Notes: svn path=/head/; revision=166924
* The functions that set and delete external attributes must checkKirk McKusick2007-02-211-0/+9
| | | | | | | | | | that the filesystem is not mounted read-only before proceeding. Reported by: Ryan Beasley <ryanb@FreeBSD.org> MFC after: 1 week Notes: svn path=/head/; revision=166864
* Rename three quota privileges from the UFS privilege namespace to theRobert Watson2007-02-191-5/+5
| | | | | | | | | | | | | VFS privilege namespace: exceedquota, getquota, and setquota. Leave UFS-specific quota configuration privileges in the UFS name space. This renumbers VFS and UFS privileges, so requires rebuilding modules if you are using security policies aware of privilege identifiers. This is likely no one at this point since none of the committed MAC policies use the privilege checks. Notes: svn path=/head/; revision=166832
* Limit quota privileges in jail to PRIV_UFS_GETQUOTA andRobert Watson2007-02-191-12/+3
| | | | | | | PRIV_UFS_SETQUOTA. Notes: svn path=/head/; revision=166831
* This README file is obsolete. The cited problems were fixed long agoKirk McKusick2007-02-171-58/+0
| | | | | | | | and the code is installed by default so no longer requires action by the administrator to be included. Notes: svn path=/head/; revision=166799
* Move vnode-to-file-handle translation from vfs_vptofh to vop_vptofh method.Pawel Jakub Dawidek2007-02-152-22/+28
| | | | | | | | | | | | | | | | | | | This way we may support multiple structures in v_data vnode field within one file system without using black magic. Vnode-to-file-handle should be VOP in the first place, but was made VFS operation to keep interface as compatible as possible with SUN's VFS. BTW. Now Solaris also implements vnode-to-file-handle as VOP operation. VFS_VPTOFH() was left for API backward compatibility, but is marked for removal before 8.0-RELEASE. Approved by: mckusick Discussed with: many (on IRC) Tested with: ufs, msdosfs, cd9660, nullfs and zfs Notes: svn path=/head/; revision=166774
* Style(9).Konstantin Belousov2007-02-151-5/+11
| | | | Notes: svn path=/head/; revision=166743
* Remove not needed acquision of the mount interlock aroung reading ofKonstantin Belousov2007-02-081-12/+5
| | | | | | | | | | | mnt_kern_flags in ufs_itimes(). Suggested by: ssouhlal Confirmed by: tegge MFC after: 2 weeks Notes: svn path=/head/; revision=166564
* Call pbgetvp() and pbrelvp() instead of setting b_vp directly.Tor Egge2007-02-041-3/+9
| | | | | | | PR: kern/108151 Notes: svn path=/head/; revision=166506
* If quotacheck or edquota reset the block or inode grace time forMike Pritchard2007-02-041-2/+10
| | | | | | | | | | | | | | a user or group, when the kernel first sees this, it will update the grace time value. However, it never flags the quota as modified and the updated value never makes it to the quota data file unless the user actually makes some other change that would write the data out. Fixed to flag the quota as modified if the soft limit has actually been reached and should be now enforced. Notes: svn path=/head/; revision=166487
* Prevent quotactl calls that pass in an id of -1 from incorrectlyMike Pritchard2007-02-011-7/+20
| | | | | | | | | | | | | | | using the callers UID instead of the GID when performing group operations. This could allow users to determine group quota information for groups they are not a member of in some cases. Rename the "uid" parameter in ufs_quotactl to "id" to better show that it is used for more than just the uid, and to be more in line with the naming conventions in the other quota routines. PR: kern/33940 Notes: svn path=/head/; revision=166381
* Disallow negative UIDs when processing quotactl options.Mike Pritchard2007-02-011-0/+5
| | | | Notes: svn path=/head/; revision=166380
* Cylinder group bitmaps and blocks containing inode for a snapshotKonstantin Belousov2007-01-233-0/+120
| | | | | | | | | | | | | | | | | | | | | | | | file are after snaplock, while other ffs device buffers are before snaplock in global lock order. By itself, this could cause deadlock when bdwrite() tries to flush dirty buffers on snapshotted ffs. If, during the flush, COW activity for snapshot needs to allocate block and ffs_alloccg() selects the cylinder group that is being written by bdwrite(), then kernel would panic due to recursive buffer lock acquision. Avoid dealing with buffers in bdwrite() that are from other side of snaplock divisor in the lock order then the buffer being written. Add new BOP, bop_bdwrite(), to do dirty buffer flushing for same vnode in the bdwrite(). Default implementation, bufbdflush(), refactors the code from bdwrite(). For ffs device buffers, specialized implementation is used. Reviewed by: tegge, jeff, Russell Cattelan (cattelan xfs org, xfs changes) Tested by: Peter Holm X-MFC after: 3 weeks (if ever: it changes ABI) Notes: svn path=/head/; revision=166193
* Fix build. chkdquot() should not return anything.Xin LI2007-01-201-1/+1
| | | | Notes: svn path=/head/; revision=166146
* Quota system cleanup.Mike Pritchard2007-01-204-30/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Do not do quota accounting for the actual quota data files or for file system snapshot files ("system" files). This prevents a deadlock descibed in PR kern/30958 if the kernel ever has to grow the quota file. Snapshot files were already exempt from the quota checks, but this change generalized the check. 2) Fix a cast that caused extremely large uids/gids to incorrectly write the quota information to the data file at a truncated value for a uint_t32 id value. The incorrect cast caused quota files in this case to be around 4GB in size, with the correct cast they can now be 131GB in size. Also related to PR kern/30958. 3) Check for what appear to be negative UIDs/GIDs and not account for them. This prevents the quota files from becoming 131GB in size and causing quotacheck to run forever at bootup. This could also cause the kernel to try and expand the quota file, which might deadlock due to the issue in #1. kern/30958 and kern/38156 (and some much older closed PR's). 4) With the deadlock problems gone, the kernel can now expand the size of the quota database files if it needs to. 5) Pass in the i-node count change value to chkiq and chkiqchg as an int, like it used to be before the common routine was split up into 2 different routines to increase / decrease the i-node in-use count. Prevents an underflow on the i-node count. Related to PR kern/89247. 6) Prevent the block usage from growing slowly if a file system is full and the write was denied due to that fact. PR kern/89247. Some of these changes require an updated quotacheck to prevent the creation of huge (131GB) quota data files (item #3). #1/#4 probably fixes a lot of the random hangs when quotas are enabled, possibly some of the jail hangs. Notes: svn path=/head/; revision=166142
* Fix a spelling error. heirarchy -> hierarchy.Mike Pritchard2007-01-161-1/+1
| | | | | | | Obtained from: OpenBSD Notes: svn path=/head/; revision=166052
* Fix a spelling error in some comments. heirarchy -> hierarchy.Mike Pritchard2007-01-161-2/+2
| | | | | | | Obtained from: OpenBSD Notes: svn path=/head/; revision=166051
* Canonicalize copyright: use a date range rather than comma-delimitedRobert Watson2007-01-081-1/+1
| | | | | | | | | list. MFC after: 3 days Notes: svn path=/head/; revision=165890
* change vop_lock handling to allowing tracking of callers' file and line forKip Macy2006-11-131-9/+11
| | | | | | | | | acquisition of lockmgr locks Approved by: scottl (standing in for mentor rwatson) Notes: svn path=/head/; revision=164248
* Sweep kernel replacing suser(9) calls with priv(9) calls, assigningRobert Watson2006-11-066-43/+84
| | | | | | | | | | | | | | | | specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net> Notes: svn path=/head/; revision=164033
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-25 07:31:44 +0000