FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F10.2 2013-08-15T07:54:31Z 2013-08-15T07:54:31Z Gleb Smirnoff glebius@FreeBSD.org 2013-08-15T07:54:31Z urn:sha1:ca04d21d5fdff6e58af745766024088091fe3d90 vnode backed file descriptors have this method implemented. Reviewed by: kib Sponsored by: Nginx, Inc. Sponsored by: Netflix 2011-08-16T20:07:47Z Konstantin Belousov kib@FreeBSD.org 2011-08-16T20:07:47Z urn:sha1:9c00bb9190391479885cfb14ed23fb7003d10109 to implement fchown(2) and fchmod(2) support for several file types that previously lacked it. Add MAC entries for chown/chmod done on posix shared memory and (old) in-kernel posix semaphores. Based on the submission by: glebius Reviewed by: rwatson Approved by: re (bz) 2011-02-16T21:29:13Z Bjoern A. Zeeb bz@FreeBSD.org 2011-02-16T21:29:13Z urn:sha1:1fb51a12f24a4d5ffd7d105589ed8e002ad67320 VNET socket push back: try to minimize the number of places where we have to switch vnets and narrow down the time we stay switched. Add assertions to the socket code to catch possibly unset vnets as seen in r204147. While this reduces the number of vnet recursion in some places like NFS, POSIX local sockets and some netgraph, .. recursions are impossible to fix. The current expectations are documented at the beginning of uipc_socket.c along with the other information there. Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH Reviewed by: jhb Tested by: zec Tested by: Mikolaj Golub (to.my.trociny gmail.com) MFC after: 2 weeks 2010-06-29T20:44:19Z John Baldwin jhb@FreeBSD.org 2010-06-29T20:44:19Z urn:sha1:7a6f3d789076aa61755ca91481557b6631b2cc0f rather than to the entire process. Reported by: Anit Chakraborty Reviewed by: kib, deischen (concept) MFC after: 1 week 2009-08-01T19:26:27Z Robert Watson rwatson@FreeBSD.org 2009-08-01T19:26:27Z urn:sha1:530c006014fae95c670f4b699fef8bb93034bc6d vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes. Reviewed by: bz Approved by: re (vimage blanket) 2009-06-30T13:38:49Z Ed Maste emaste@FreeBSD.org 2009-06-30T13:38:49Z urn:sha1:2dafac3976b1e65dc6e1fe9aee59191d4cd19af1 easily determine how much space is left in the send queue; they do not need to know the send queue size. NetBSD revisions: sys_socket.c r1.41, 1.42 filio.h r1.9 Obtained from: NetBSD Approved by: re (kensmith) 2009-06-28T11:28:14Z Poul-Henning Kamp phk@FreeBSD.org 2009-06-28T11:28:14Z urn:sha1:bb520069caf7772294f4aa0f1462ac38ea9a3f20 inbound data waiting on a filedescriptor, such as a pipe or a socket, for instance by using select(2), poll(2), kqueue(2), ioctl(FIONREAD) etc. But we have no way of finding out if written data have yet to be disposed of, for instance, transmitted (and ack'ed!) to some remote host, or read by the applicantion at the far end of the pipe. The closest we get, is calling shutdown(2) on a TCP socket in non-blocking mode, but this has the undesirable sideeffect of preventing future communication. Add a complement to FIONREAD, called FIONWRITE, which returns the number of bytes not yet properly disposed of. Implement it for all sockets. Background: A HTTP server will want to time out connections, if no new request arrives within a certain period after the last transmitted response has actually been sent (and ack'ed). For a busy HTTP server, this timeout can be subsecond duration. In order to signal to a load-balancer that the connection is truly dead, TCP_RST will be the preferred method, as this avoids the need for a RTT delay for FIN handshaking, with a client which, surprisingly often, no longer at the remote IP number. If a slow, distant client is being served a response which is big enough to fill the window, but small enough to fit in the socket buffer, the write(2) call will return immediately. If the session timeout is armed at that time, all bytes in the response may not have been transmitted by the time it fires. FIONWRITE allows the timeout to check that no data is outstanding on the connection, before it TCP_RST's it. Input & Idea from: rwatson Approved by: re (kib) 2009-06-05T14:55:22Z Robert Watson rwatson@FreeBSD.org 2009-06-05T14:55:22Z urn:sha1:bcf11e8d0048006ba97cb460a134cc23290428b2 and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include. Discussed with: pjd 2009-06-02T18:26:17Z Robert Watson rwatson@FreeBSD.org 2009-06-02T18:26:17Z urn:sha1:f93bfb23dcb5b1d8a3aa13da522369974fcda39b count of the number of registered policies. Rather than unconditionally locking sockets before passing them into MAC, lock them in the MAC entry points only if mac_policy_count is non-zero. This avoids locking overhead for a number of socket system calls when no policies are registered, eliminating measurable overhead for the MAC Framework for the socket subsystem when there are no active policies. Possibly socket locks should be acquired by policies if they are required for socket labels, which would further avoid locking overhead when there are policies but they don't require labeling of sockets, or possibly don't even implement socket controls. Obtained from: TrustedBSD Project 2009-05-05T10:56:12Z Marko Zec zec@FreeBSD.org 2009-05-05T10:56:12Z urn:sha1:21ca7b57bd9be4aa0b7f4e8d2fb62075319086b6 previously always pointing to the default vnet context, to a dynamically changing thread-local one. The currvnet context should be set on entry to networking code via CURVNET_SET() macros, and reverted to previous state via CURVNET_RESTORE(). Recursions on curvnet are permitted, though strongly discuouraged. This change should have no functional impact on nooptions VIMAGE kernel builds, where CURVNET_* macros expand to whitespace. The curthread->td_vnet (aka curvnet) variable's purpose is to be an indicator of the vnet context in which the current network-related operation takes place, in case we cannot deduce the current vnet context from any other source, such as by looking at mbuf's m->m_pkthdr.rcvif->if_vnet, sockets's so->so_vnet etc. Moreover, so far curvnet has turned out to be an invaluable consistency checking aid: it helps to catch cases when sockets, ifnets or any other vnet-aware structures may have leaked from one vnet to another. The exact placement of the CURVNET_SET() / CURVNET_RESTORE() macros was a result of an empirical iterative process, whith an aim to reduce recursions on CURVNET_SET() to a minimum, while still reducing the scope of CURVNET_SET() to networking only operations - the alternative would be calling CURVNET_SET() on each system call entry. In general, curvnet has to be set in three typicall cases: when processing socket-related requests from userspace or from within the kernel; when processing inbound traffic flowing from device drivers to upper layers of the networking stack, and when executing timer-driven networking functions. This change also introduces a DDB subcommand to show the list of all vnet instances. Approved by: julian (mentor)