detrunc()'s proc pointer argument may be passed to vinvalbuf(9), which
under certain conditions will pass the given proc pointer to
VOP_FSYNC(9), which always asserts that the given proc pointer is
equal to curproc.
msdosfs_write(), msdosfs_inactive(), createde(), and deextend() all
pass NULL for detrunc()'s proc pointer argument. I have no idea why.
If these detrunc() calls ever reach VOP_FSYNC(9) the kernel will
panic.
So, for example, any user with write access to an msdosfs partition
can panic the kernel by writing to the partition until they cause
ENOSPC. That particular panic looks like this:
panic: kernel diagnostic assertion "p == curproc" failed: file "/usr/src/sys/kern/vfs_vops.c", line 305
Stopped at db_enter+0xa: popq %rbp
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*500294 8955 0 0x100003 0 1K ksh
db_enter() at db_enter+0xa
panic(ffffffff81f1b0cf) at panic+0xc4
__assert(ffffffff81fa361c,ffffffff81ee8329,131,ffffffff81f7229b) at assert+0x3b
VOP_FSYNC(fffffd8449a78b30,ffffffffffffffff,1,0) at VOP_FSYNC+Oxd6
vinvalbuf(fffffd8449a78b30,3,ffffffffffffffff,0,0,ffffffffffffffff) at vinvalbuf+0xd5
detrunc(ffff80000186f900,1fe,0,ffffffffffffffff,0) at detrunc+0x239
msdosfs_write(ffff800055774b98) at msdosf_write+0x4a4
VOP_WRITE(fffffd8449a78b30,ffff800055774d10,3,fffffd8370e8d5d0) at VOP_WRITE+0x59
vn_write(fffffd83c723b860,ffff800055774d10,0) at vn_write+0xc0
dofilewritev(ffff8000556ecfc0,1,ffff800055774d10,0.ffff800055774dc0) at dofilewritev+0x14d
sys_write(ffff8000556ecfc0,ffff800055774dd0,ffff800055774dc0) at sys_write+0x6a
syscall(ffff800055774e70) at syscall+0x39b
Xsyscall() at Xsyscall+0x128
end of kernel
end trace frame: 0x7f7ffffd8bf0, count: 2
This patch tweaks all the detrunc() calls in the aforementioned
msdosfs functions to pass curproc instead of a NULL pointer to
detrunc(). We don't appear to have curproc stashed anywhere in
msdosfs_write() or deextend(), so for those calls we explicitly pass
curproc.
This might have unforseen consequences I can't anticipate. However,
with this patch I can no longer panic the kernel by filling an msdosfs
partition, which seems like an improvement.
With advice from gnezdo@.
ok gnezdo@
Pass the device vnode as a parameter to VOP_STRATEGY() to allow calling
the correct vop_strategy callback. Now the vnode is also available
in the callback.
OK mpi@
These days, 8.3 filenames are often a problem, filesystems containing
firmware with long names must not truncate them -- it's also a sane default
as portable file system between OSes, anyway.
Altough undocumented in mount_msdos(8), the default for FAT32 already is to
use long filenames: ever since its import from NetBSD in 1998.
Previously, mount_msdos would ignore long filenames and default to short
filenames unless a flag was used or long ones were found on the filesystem
prior to mounting it.
Just always mount with support for long filenames (unless `-s' is used).
As various install media use FAT filesystems, adjust the remaining ones to
also pass explicit mount option reflecting the previous default.
OK deraadt
Rename klist_{insert,remove}() to klist_{insert,remove}_locked().
These functions assume that the caller has locked the klist. The current
state of locking remains intact because the kernel lock is still used
with all klists.
Add new functions klist_insert() and klist_remove() that lock the klist
internally. This allows some code simplification.
OK mpi@
reverts changes from msdosfs_vfsops.c rev 1.7
Prompted by a patch from John Carmack to add an an error path when exFAT
is detected on mount to give a more helpful error message.
Returning EINVAL in the existing sanity checks will make mount_msdos(8)
print "not an MSDOS filesystem" when attempting to mount exFAT and
matches historic and documented behaviour.
ok kn@
Adapt FS kqfilters to always return true when the flag is set and bypass
the polling mechanism of the NFS thread.
While here implement a write filter for NFS.
ok visa@
- ufs_chown() & ufs_chmod()
- ufs_reclaim()
- ext2fs_chown() & ext2fs_chmod()
- ntfs_ntget() & ntfs_ntput()
- ntfs_vgetex(), ntfs_ntlookup() & ntfs_ntlookupfile()
While here use `ap->a_p' directly when it is only required to re-enter
the VFS layer in order to help reducing the loop.
ok visa@
This support is undocumented, only works if you're using the kernel
timezone, and breaks during a DST shift. It also preferences file systems
managed by a Windows installation: many implementations, like ours, use
UTC by default (think: phones, digital cameras).
No complaints on tech@.
"good riddance" tedu@, "Yep." deraadt@
serializing both read/write operations using the existing file mutex.
The vnode lock still grants exclusive write access to the offset; the
mutex is only used to make the actual write atomic and prevent any
concurrent reader from observing intermediate values.
ok mpi@ visa@
as part of the effort to unlock the kernel. Instead of relying on the
vnode lock, introduce a dedicated lock per file. Exclusive write access
is granted using the new foffset_enter and foffset_leave API. A
convenience function foffset_get is also available for threads that only
need to read the current offset.
The lock acquisition order in vn_write has been changed to match the one
in vn_read in order to avoid a potential deadlock. This change also gets
rid of a documented race in vn_read().
Inspired by the FreeBSD implementation.
With help and ok mpi@ visa@
structure allows for better tracking of pending lock operations which is
essential in order to prevent a use-after-free once the underlying vnode is
gone.
Inspired by the lockf implementation in FreeBSD.
ok visa@
Reported-by: syzbot+d5540a236382f50f1dac@syzkaller.appspotmail.com
to appease WITNESS. ext2fs and ffs already use the flag. The same
locking pattern appears with other file systems too, so this patch
addresses the remaining cases.
OK mpi@
are pushed to disk. Dangling vnodes (unlinked files still in use) and
vnodes undergoing change by long-running syscalls are identified -- and
such filesystems are marked dirty on-disk while we are suspended (in case
power is lost, a fsck will be required). Filesystems without dangling or
busy vnodes are marked clean, resulting in faster boots following
"battery died" circumstances.
Tested by numerous developers, thanks for the feedback.
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.
ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut
(forgot to commit fat.h)
Add new CLUST_END and use it as parameter to pcbmap() when searching
for end cluster, instead of explicitly passing 0xffff. This fixes potential
problem for FAT32, where cluster number may be legally bigger than 0xffff.
Also change clusteralloc() so that fillwith is not explicitly passed by caller
anymore (there is no need to use anything other than CLUST_EOFE).
From NetBSD commit by jdolecek@NetBSD.org
ok tb@ mpi@
Add new CLUST_END and use it as parameter to pcbmap() when searching
for end cluster, instead of explicitly passing 0xffff. This fixes potential
problem for FAT32, where cluster number may be legally bigger than 0xffff.
Also change clusteralloc() so that fillwith is not explicitly passed by caller
anymore (there is no need to use anything other than CLUST_EOFE).
From NetBSD commit by jdolecek@NetBSD.org
ok tb@ mpi@
This is the reverted commit by mpi@ from msdosfs_vnops.c 1.105 plus some
additional tweaks to fix some cluster/block number confusion that lead
to regressions when seeking past the end of a file.
The original commit message was:
The logic used in msdosfs_bmap() to loop calling pcbmap() comes from
FreeBSD and is not really efficient but it is good enough since it is
only called when generating I/O.
With this diff I get a 100% improvement when reading big files from a
crappy USB stick.
With this and bread_cluster(9) modified to not re-fetch B_CACHED buffers,
reading large contiguous files with chunk sizes of MAXPHYS is almost as
fast as physio(9) on the same device.
For a 'real world' example, when copying music files from a USB stick I
see a speed jump from 15MB/s on -current to 24Mb/s with this diff.
While here rename some 'lbn' variables into 'cn' to better reflect what
we're dealing with.
Tested by Mathieu, with support from deraadt@
ok mpi@
cheloha
jsg
visa
kn
mpi
krw
tedu
claudio
bluhm
anton
solene
deraadt
guenther
sf