o Change the default from using IO_SYNC on EA set and delete operations
to not using IO_SYNC. Expose a sysctl (debug.ufs_extattr_sync) for
enabling the use of IO_SYNC.
- Use of IO_SYNC substantially degrades ACL performance when a
default ACL is set on a directory, as there are four synchronous
writes initiated to define both supporting EAs for new
sub-directories, and to set the data; two for new files. Later, this
may be optimized to two writes for sub-directories, one for new
files.
- IO_SYNC does not substantially improve consistency properties due
to the poor consistency properties of existing permissions (which
ACLs are a superset of), due to interaction with soft updates,
and due to differences in handling consistency for data and file
system meta-data.
- In macro-benchmarks, this reduces the overhead of setting default
ACLs down to the same overhead as enabling ACLs on a file system
and not using them. Enabling ACLs still introduces a small
overhead (I measure 7% on a -j 2 buildworld with pre-allocated
EA backing store, but this is not rigorous testing, nor in any way
optimized).
- The sysctl will probably change to another administration method
(or at least, a better name) in the near future, but consistency
properties of EAs are still being worked out. The toggle is defined
right now to allow easier performance analysis and exploration
of possible guarantees.
alfred [Tue, 3 Apr 2001 03:15:11 +0000 (03:15 +0000)]
Use only one mutex for the entire mbuf subsystem.
Don't use atomic operations for the stats updating, instead protect
the counts with the mbuf mutex. Most twiddling of the stats was
done right before or after releasing a mutex. By doing this we
reduce the number of locked ops needed as well as allow a sysctl
to gain a consitant view of the entire stats structure.
In the future...
This will allow us to chain common mbuf operations that would
normally need to aquire/release 2 or 3 of the locks to build an
mbuf with a cluster or external data attached into a single op
requiring only one lock.
Simplify the per-cpu locks that are planned.
There's also some if (1) code that should check if the "how"
operation specifies blocking/non-blocking behavior, we _could_ make
it so that we hold onto the mutex through calls into kmem_alloc
when non-blocking requests are made, but for safety reasons we
currently drop and reaquire the mutex around the calls.
Also, note that calling kmem_alloc is rare and only happens during
a shortage so drop/re-getting the mutex will not be a common
occurance.
Remove some #define's that seemed to obfuscate the code to me.
Change stop() to require the sched_lock as well as p's process lock to
avoid silly lock contention on sched_lock since in 2 out of the 3 places
that we call stop(), we get sched_lock right after calling it and we were
locking sched_lock inside of stop() anyways.
Change the order in which /etc files are copied into place; copy
default first, then network-specific files, then host-specific files.
I think this was the original intent, as Matt indicated the previous
code appeared to be a bug.
Move the #includes of reentrant.h to after the `#include "namespace.h"',
so that the underscored versions of the pthread functions get
declared. This removes around 300 lines of 'implicit declaration
of XXX' warnings from the output of a libc build with -Wall.
Fix ABOUT.TXT to be consistent with LAYOUT.TXT with respect to
the size of an unpacked ports collection (the stated 100MB
is a bit of an overestimate, but better to be conservative).
- Move the second stop() of process 'p' in issignal() to be after we send
SIGCHLD to our parent process. Otherwise, we could block while obtaining
the process lock for our parent process and switch out while we were
in SSTOP. Even worse, when we try to resume from the mutex being blocked
on our p_stat will be SRUN, not SSTOP.
- Fix a comment above stop() to indicate that it requires that the proc lock
be held, not a proctree lock.
Allow enabling soft updates (with -U) on a new filesystem.
[I first added this functionality, and thought to check prior art. Seeing
OpenBSD had already done this, I changed my addition to reduce the diffs
between the two and went with their option letter.]
Obtained from: OpenBSD
o Correct an ACL implementation bug that could result in a system panic
under heavy use when default ACLs were bgin inherited by new files
or directories. This is done by removing a bug in default ACL
reading, and improving error handling for this failure case:
- Move the setting of the buffer length (len) variable to above the
ACL type (ap->a_type) switch rather than having it only for
ACL_TYPE_ACCESS. Otherwise, the len variable is unitialized in
the ACL_TYPE_DEFAULT case, which generally worked right, but could
result in failure.
- Add a check for a short/long read of the ACL_TYPE_DEFAULT type from
the underlying EA, resulting in EPERM rather than passing a
potentially corrupted ACL back to the caller (resulting "cleaner"
failures if the EA is damaged: right now, the caller will almost
always panic in the presence of a corrupted EA). This code is similar
to code in the ACL_TYPE_ACCESS handling in the previous switch case.
- While I'm fixing this code, remove a redundant bzero() of the ACL
reader buffer; it need only be initialized above the acl_type
switch.
brian [Sun, 1 Apr 2001 22:39:17 +0000 (22:39 +0000)]
Don't assume challenges and responses don't contain embedded '\0's.
Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
Try to untangle some of the #ifdef spaghetti.
Also, looking to the future, don't assume all the world is an i386 and all
its disk layout brain damage will be repeated by other platforms. So all
the diking out if we are an Alpha, becomes adding in if we are an i386.
Add back <err.h> for warn().
(of course it's pretty stupid to call it, as printf doesn't work w/in
sysinstall, and sysinstall is the only consumer of libdisk)
Add back <err.h> for warn().
(of course it's pretty stupid to call it, as printf doesn't work w/in
sysinstall, and sysinstall is the only consumer of libdisk)
Make an attempt to get the asr driver to compile on Alpha by fixing some i386
specific bogons. Compile with -O0, as anything higher gives the compiler
a fit. No idea if this driver will actually work on Alpha, though.
Change ahc_update_pending_scbs() so that it safe to be called
even if the controller is not paused. This prevents SCB list
corruption that was introduced in the last checkin.
ache [Sat, 31 Mar 2001 20:45:21 +0000 (20:45 +0000)]
- Back out the last (wrong) commit, and readd a modified version
of pingnfsserver(). The pingnfsport() function is now called everytime.
If we don't get RPC_SUCCESS or RPC_PROGVERSMISMATCH back, there's
something wrong with the NFS server and we just exit.
- Fix cfs mount on IPv4-only machines
- Fixed the looping when we did not run background mode.
- Fixed a getnameinfo() call with uninitialized adress.
This is a NetBSD bug I didn't notified :-( Thanks Ian !
- Added some #ifdef NFSKERB
- Removed some unused variables.
- Fixed idention
- Remove unnecessary ":" in openlog ident
Submitted by: Martin Blapp <mb@imp.ch>
Reviewed by: Ian Dowse <iedowse@maths.tcd.ie>
rwatson [Sat, 31 Mar 2001 16:20:05 +0000 (16:20 +0000)]
o Introduce extattr_{delete,get,set}_fd() to allow extended attribute
operations on file descriptors, which complement the existing set of
calls, extattr_{delete,get,set}_file() which act on paths. In doing
so, restructure the system call implementation such that the two sets
of functions share most of the relevant code, rather than duplicating
it. This pushes the vnode locking into the shared code, but keeps
the copying in of some arguments in the system call code. Allowing
access via file descriptors reduces the opportunity for race
conditions when managing extended attributes.
adrian [Sat, 31 Mar 2001 15:19:58 +0000 (15:19 +0000)]
Quoting from the email thrown around between kirk, bde and iedowse@..
<QUOTE>
Overflow of cg_niblk causes spurious "SUMMARY INFORMATION BAD" warnings
prompts in fsck_ffs. cg_niblk has type int16_t, but it is (ab)used
to hold the number of inodes per group (it has nothing to do with the
number of inode blocks in the cg as claimed in ffs/fs.h), and there
can be lots of inodes per group. E.g.,
newfs -i 8192 -b 16384 -f 16384 -c 255 ...
gives 0xA900 inodes/group. Assignment of this to cg_niblk gives
-0x5700. This is mostly harmless (ufs/ffs doesn't use cg_niblk, and
bug-for-bug compatible overflow occurs in newfs), but in
fsck_ffs/pass5.c, negative values of cg_niblk limit cg_irotor to 0
and the summary info appears to be bad.
</QUOTE>
Submitted by: Bruce Evans <bde@zeta.org.au>
Obtained from: Kirk McKusick <mckusick@mckusick.com>
obrien [Sat, 31 Mar 2001 07:02:02 +0000 (07:02 +0000)]
Add libiberty. This is needed on the Alpha by the iprobe port.
I have held this back for over a year, as we will always have to wrestle
with the question of "*which* libiberty sources to use". Sigh, if only
the GNU people would treat it as a totally separate library from GCC, et al.
and release it as such...
wosch [Fri, 30 Mar 2001 10:31:46 +0000 (10:31 +0000)]
* A comment in apropos.sh contains the misspelled word
"locailzed"; it should read "localized".
* The "test" operator can be a bit dangerous (e.g., if
a newbie writes a script named "test" and has it call
"apropos", which calls "test, ...).
* In its use as "whatis", apropos formats the first
line of the output differently than the following
lines. Specifically, it leaves out all but one of
the spaces that precede the dash in the first line.
peter [Fri, 30 Mar 2001 10:25:40 +0000 (10:25 +0000)]
Integrate the IPv6 entries with the rest of them to avoid things getting
out of sync. A similar change was made by itojun on the OpenBSD tree
a few weeks ago. This should stop people disabling one server and
forgetting the other one (eg: ftp and/or telnet)
ru [Fri, 30 Mar 2001 08:04:25 +0000 (08:04 +0000)]
`buildopts' may affect the selection of object files.
Make sure we pass $(BUILDOPTS) to the `clean' target
so that `make clean' works on the same set of object
files. Otherwise, we may end up with an incorrectly
built and up-to-date object file.