file: Add a fdclose method

Consider a program that creates a unix socket pair, transmits both
sockets from one to the other using an SCM_RIGHTS message, and then
closes both sockets without external

file: Add a fdclose method

Consider a program that creates a unix socket pair, transmits both
sockets from one to the other using an SCM_RIGHTS message, and then
closes both sockets without externalizing the message. unp_gc() is
supposed to handle cleanup, but it is only triggered by uipc_detach(),
which runs when a unix socket is destroyed. Because the two sockets are
internalized, their refcounts are positive, so uipc_detach() isn't
called.

As a result, a userspace program can create an unbounded amount of
garbage without triggering reclaim. Let's trigger garbage collection
whenever a unix socket is close()d. To implement this, add new a
fdclose file op and protocol op, and implement them accordingly. Since
mqueuefs has a hack to hook into the file close path, convert it to use
the new op as well.

Now, userspace can't create garbage without triggering reclamation.

Reviewed by: glebius, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D53744

show more ...

knotes: kqueue: handle copy for trivial filters

Reviewed by: markj
Tested by: pho
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
Differential revision: https://reviews.freebsd.org/D52045

vfs: retire the VREF macro

It is defined as a plain use of vref.

Churn generated with coccinelle:
@@
expression vp;
@@

- VREF(vp)
+ vref(vp)

vfs: retire the NULLVP macro

The kernel was already mostly using plain NULL, just whack it and be
doen with the legacy.

Churn generated with coccinelle:
@@
@@

- NULLVP
+ NULL

namei: Fix cn_flags width in various places

This truncation is mostly harmless today, but fix it anyway to avoid
pain later down the road.

Reviewed by: olce, kib
MFC after: 2 weeks
Differential Rev

namei: Fix cn_flags width in various places

This truncation is mostly harmless today, but fix it anyway to avoid
pain later down the road.

Reviewed by: olce, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50417

show more ...

file: Qualify pointers to capsicum rights as const

File descriptor lookup routines typically take a set of capsicum rights
as input to the lookup, so that the fd's rights can be atomically
checked.

file: Qualify pointers to capsicum rights as const

File descriptor lookup routines typically take a set of capsicum rights
as input to the lookup, so that the fd's rights can be atomically
checked. This set should be qualified with const.

No functional change intended.

Reviewed by: olce, oshogbo, brooks, kib
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D50419

show more ...

kern: Make fileops and filterops tables const where possible

No functional change intended.

MFC after: 1 week

mqueue: Introduce kern_kmq_timedreceive & kern_kmq_timedsend

Reviewed by: imp, kib
Pull Request: https://github.com/freebsd/freebsd-src/pull/1248

mqueue: Export some functions to be used by Linuxulator

Reviewed by: imp, kib
Pull Request: https://github.com/freebsd/freebsd-src/pull/1248

mqueuefs: Relax restriction that path must begin with a slash

This is needed to support Linux implementation which discards the leading slash when calling mq_open(2)

Reviewed by: imp, kib
Pull Requ

mqueuefs: Relax restriction that path must begin with a slash

This is needed to support Linux implementation which discards the leading slash when calling mq_open(2)

Reviewed by: imp, kib
Pull Request: https://github.com/freebsd/freebsd-src/pull/1248

show more ...

mqueue: Add sysctl for default_maxmsg & default_msgsize and fix descriptions

Reviewed by: imp, kib
Pull Request: https://github.com/freebsd/freebsd-src/pull/1248

mqueuefs: mark newly allocated vnode as constructed, under the lock

Sponsored by: The FreeBSD Foundation
MFC after: 1 week

mqueuefs: uma_zfree() can be postponed until mqfs sx mi_lock is dropped

Sponsored by: The FreeBSD Foundation
MFC after: 1 week

mqueuefs: minor style pass

Also remove not needed inclusion of sys/cdefs.h.

Sponsored by: The FreeBSD Foundation
MFC after: 1 week

mqueuefs: fix statfs report to not signal file system full

Synthetic file systems that do not actually allocate file system
blocks or inodes should report that they have space available and
that the

mqueuefs: fix statfs report to not signal file system full

Synthetic file systems that do not actually allocate file system
blocks or inodes should report that they have space available and
that they provide 0 inodes, in order to prevent capacity monitoring
tools from warning about resource exhaustion.

This has been fixed in all other synthetic file systems in base in
commit 88a795e80c0, but this file was overlooked since its name does
not indicate that it also provides a file system.

MFC after: 1 month

show more ...

kcmp(2): implement for generic file types

Reviewed by: brooks, markj
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D43518

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

vfs: always retain path buffer after lookup

This removes some of the complexity needed to maintain HASBUF and
allows for removing injecting SAVENAME by filesystems.

Reviewed by: kib (previous versi

vfs: always retain path buffer after lookup

This removes some of the complexity needed to maintain HASBUF and
allows for removing injecting SAVENAME by filesystems.

Reviewed by: kib (previous version)
Differential Revision: https://reviews.freebsd.org/D36542

show more ...

fd: rename fget*_locked to fget*_noref

This gets rid of the error prone naming where fget_unlocked returns with
a ref held, while fget_locked requires a lock but provides nothing in
terms of making

fd: rename fget*_locked to fget*_noref

This gets rid of the error prone naming where fget_unlocked returns with
a ref held, while fget_locked requires a lock but provides nothing in
terms of making sure the file lives past unlock.

No functional changes.

show more ...

Change VOP_READDIR's cookies argument to a **uint64_t

The cookies argument is only used by the NFS server. NFSv2 defines the
cookie as 32 bits on the wire, but NFSv3 increased it to 64 bits. Our
V

Change VOP_READDIR's cookies argument to a **uint64_t

The cookies argument is only used by the NFS server. NFSv2 defines the
cookie as 32 bits on the wire, but NFSv3 increased it to 64 bits. Our
VOP_READDIR, however, has always defined it as u_long, which is 32 bits
on some architectures. Change it to 64 bits on all architectures. This
doesn't matter for any in-tree file systems, but it matters for some
FUSE file systems that use 64-bit directory cookies.

PR: 260375
Reviewed by: rmacklem
Differential Revision: https://reviews.freebsd.org/D33404

show more ...

vfs: remove thread argument from VOP_STAT

and fo_stat.

vfs: remove cn_thread

It is always curthread.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D32453

jail: Change the locking around pr_ref and pr_uref

Require both the prison mutex and allprison_lock when pr_ref or
pr_uref go to/from zero. Adding a non-first or removing a non-last
reference remai

jail: Change the locking around pr_ref and pr_uref

Require both the prison mutex and allprison_lock when pr_ref or
pr_uref go to/from zero. Adding a non-first or removing a non-last
reference remain lock-free. This means that a shared hold on
allprison_lock is sufficient for prison_isalive() to be useful, which
removes a number of cases of lock/check/unlock on the prison mutex.

Expand the locking in kern_jail_set() to keep allprison_lock held
exclusive until the new prison is valid, thus making invalid prisons
invisible to any thread holding allprison_lock (except of course the
one creating or destroying the prison). This renders prison_isvalid()
nearly redundant, now used only in asserts.

Differential Revision: https://reviews.freebsd.org/D28419
Differential Revision: https://reviews.freebsd.org/D28458

show more ...

jail: Add prison_isvalid() and prison_isalive()

prison_isvalid() checks if a prison record can be used at all, i.e.
pr_ref > 0. This filters out prisons that aren't fully created, and
those that ar

jail: Add prison_isvalid() and prison_isalive()

prison_isvalid() checks if a prison record can be used at all, i.e.
pr_ref > 0. This filters out prisons that aren't fully created, and
those that are either in the process of being dismantled, or will be
at the next opportunity. While the check for pr_ref > 0 is simple
enough to make without a convenience function, this prepares the way
for other measures of prison validity.

prison_isalive() checks not only validity as far as the useablity of
the prison structure, but also whether the prison is visible to user
space. It replaces a test for pr_uref > 0, which is currently only
used within kern_jail.c, and not often there.

Both of these functions also assert that either the prison mutex or
allprison_lock is held, since it's generally the case that unlocked
prisons aren't guaranteed to remain useable for any length of time.
This isn't entirely true, for example a thread can assume its own
prison is good, but most exceptions will exist inside of kern_jail.c.

show more ...