Various minor whitespace cleanups

Accumulated along the way.

kernel: No need to handle mbuf allocation failures if use M_WAITOK

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel - Refactor in-kernel system call API to remove bcopy()

* Change the in-kernel system call prototype to take the
system call arguments as a separate pointer, and make the
contents read-onl

kernel - Refactor in-kernel system call API to remove bcopy()

* Change the in-kernel system call prototype to take the
system call arguments as a separate pointer, and make the
contents read-only.

int sy_call_t (void *);
int sy_call_t (struct sysmsg *sysmsg, const void *);

* System calls with 6 arguments or less no longer need to copy
the arguments from the trapframe to a holding structure. Instead,
we simply point into the trapframe.

The L1 cache footprint will be a bit smaller, but in simple tests
the results are not noticably faster... maybe 1ns or so
(roughly 1%).

show more ...

kernel - per-thread fd cache, p_fd lock bypass

* Implement a per-thread (fd,fp) cache. Cache hits can keep fp's
in a held state (avoiding the need to fhold()/fdrop() the ref count),
and bypasse

kernel - per-thread fd cache, p_fd lock bypass

* Implement a per-thread (fd,fp) cache. Cache hits can keep fp's
in a held state (avoiding the need to fhold()/fdrop() the ref count),
and bypasses the p_fd spinlock. This allows the file pointer structure
to generally be shared across cpu caches.

* Can cache up to four descriptors in each thread, LRU. This is the common
case. Highly threaded programs tend to focus work on a distinct
file descriptors in each thread.

* One file descriptor can be cached in up to four threads. This is
a significant limitation, though relatively uncommon. On a cache miss
the code drops into the normal shared p_fd spinlock lookup.

show more ...

kernel: Simplify various redundant conditions.

Found-by: cppcheck

One was reported by dcb in <https://bugs.dragonflybsd.org/issues/3078>.

libkern: Make inet_ntoa MPSAFE by passing string buffer to it.

kernel: Use fhold() instead of increasing f_count manually

Remove remaining OSI protocol support.

These were just leftovers.

kernel - Major mtx lock cleanup

* Integrate the ident into the mtx structure, remove the ident parameter from
all locking calls.

* Rename some of the functions, shortening them.

* Add a few new

kernel - Major mtx lock cleanup

* Integrate the ident into the mtx structure, remove the ident parameter from
all locking calls.

* Rename some of the functions, shortening them.

* Add a few new functions which hammer2 will use.

show more ...

kernel - Refactor kern_mutex (mtx* functions)

* Refactor kern_mutex in order to support asynchronous lock requests,
which hammer2 is going to need. kern_mutex already supports abortable
locks.

kernel - Refactor kern_mutex (mtx* functions)

* Refactor kern_mutex in order to support asynchronous lock requests,
which hammer2 is going to need. kern_mutex already supports abortable
locks.

* Add callback fields to the mtx_link structure.

* Use the mtx_link structure for shared locks in addition to exclusive locks,
allowing asynchronous callbacks for shared locks and exclusive locks.

* Make the locking flags more deterministic.

* Redo the typedefs to be more like hammer2. Typedef the structures rather
than pointers so the typedef names can be used for structural embedding.

show more ...

kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.

The main reason is that our having to use the MB_WAIT and MB_DONTWAIT
flags was a recurring issue when porting drivers from FreeBSD

kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.

The main reason is that our having to use the MB_WAIT and MB_DONTWAIT
flags was a recurring issue when porting drivers from FreeBSD because
it tended to get forgotten and the code would compile anyway with the
wrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflags
for an objcache_get() or objcache_reclaimlist call (which use M_WAITOK
and M_NOWAIT), it was just one big converting back and forth with some
sanitization in between.

This commit allows M_* again for the mbuf functions and keeps the
sanitizing as it was before: when M_WAITOK is among the passed flags,
objcache functions will be called with M_WAITOK and when it is absent,
they will be called with M_NOWAIT. All other flags are scrubbed by the
MB_OCFLAG() macro which does the same as the former MBTOM().

Approved-by: dillon

show more ...

kernel - turn off auto-socket sizing

* Turn off automatic socket sizing for NFS sockets. Otherwise the socket
buffer might be reduced to the point where the mbuf interface refuses
to queue w/EM

kernel - turn off auto-socket sizing

* Turn off automatic socket sizing for NFS sockets. Otherwise the socket
buffer might be reduced to the point where the mbuf interface refuses
to queue w/EMSGSIZE.

TODO: We need a better fix.

show more ...

kernel - Fix nfs server-side shutdown race

* Fix issues where slp->ns_so is being accessed during or after the socket
has been zapped. The zap code actually closes the fp and destroys the
socke

kernel - Fix nfs server-side shutdown race

* Fix issues where slp->ns_so is being accessed during or after the socket
has been zapped. The zap code actually closes the fp and destroys the
socket so this race results in a use-after-free and can cause a panic
on the NFS server.

* Zapping now shuts the socket down but does not close/destroy it. The
socket will be destroyed when the last ref on slp (aka nfssvc_sock)
is dropped.

* Re-check SLP_VALID in a few more places after potentially blocking.
Other situations that might block are handled by the change in the
zap code.

show more ...

Remove a bunch of unnecessary semicolons.

kernel - Change time_second to time_uptime for all expiration calculations

* Vet the entire kernel and change use cases for expiration calculations
using time_second to use time_uptime instead.

*

kernel - Change time_second to time_uptime for all expiration calculations

* Vet the entire kernel and change use cases for expiration calculations
using time_second to use time_uptime instead.

* Protects these expiration calculations from step changes in the wall time,
particularly needed for route table entries.

* Probably requires further variable type adjustments but the use of
time_uptime instead if time_second is highly unlikely to ever overrun
any demotions to int still present.

show more ...

kernel: Remove some #include duplicates in vfs/ and vm/

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Apparently everyone's doing it:
http://svnweb.freebsd.org/base?view=revision&revision=251069

Submitted-by: "Eitan Adler" <lists at eitanadl

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Apparently everyone's doing it:
http://svnweb.freebsd.org/base?view=revision&revision=251069

Submitted-by: "Eitan Adler" <lists at eitanadler.com>

show more ...

Remove advertising clause from all that isn't contrib or userland bin.

By: Eitan Adler <lists@eitanadler.com>

kernel/vfs: Remove some unused variables.

kernel - Adjust NFS server for new allocvnode() code

* Adjust the NFS server to check for LWP_MP_VNLRU garbage collection
requests and act on them.

This prevents excessive allocation of vnodes

kernel - Adjust NFS server for new allocvnode() code

* Adjust the NFS server to check for LWP_MP_VNLRU garbage collection
requests and act on them.

This prevents excessive allocation of vnodes by the nfsd's.

show more ...

kernel: Use NULL for pointers.

kernel/nfs: Fix a bug due to missing braces.

The lwkt_reltoken() was added in c6b43e93a6cf0a70bde32cd141057a0df9860e13
but it was forgotten to put braces around the if's body (now having
lwkt_reltok

kernel/nfs: Fix a bug due to missing braces.

The lwkt_reltoken() was added in c6b43e93a6cf0a70bde32cd141057a0df9860e13
but it was forgotten to put braces around the if's body (now having
lwkt_reltoken() and the return()).

show more ...

kernel: Replace all usage of MALLOC()/FREE() with kmalloc()/kfree().

Initial import of binutils 2.22 on the new vendor branch

Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.