Commit Graph

133 Commits

Author SHA1 Message Date
Robert Drehmel
75e8f2dad8 - Use strlcpy() rather than strncpy() to copy NUL terminated
strings.
 - Pass the correct buffer size to getcredhostname().
2002-10-17 22:00:30 +00:00
Juli Mallett
1d9c56964d Back our kernel support for reliable signal queues.
Requested by:	rwatson, phk, and many others
2002-10-01 17:15:53 +00:00
Juli Mallett
1226f694e6 First half of implementation of ksiginfo, signal queues, and such. This
gets signals operating based on a TailQ, and is good enough to run X11,
GNOME, and do job control.  There are some intricate parts which could be
more refined to match the sigset_t versions, but those require further
evaluation of directions in which our signal system can expand and contract
to fit our needs.

After this has been in the tree for a while, I will make in kernel API
changes, most notably to trapsignal(9) and sendsig(9), to use ksiginfo
more robustly, such that we can actually pass information with our
(queued) signals to the userland.  That will also result in using a
struct ksiginfo pointer, rather than a signal number, in a lot of
kern_sig.c, to refer to an individual pending signal queue member, but
right now there is no defined behaviour for such.

CODAFS is unfinished in this regard because the logic is unclear in
some places.

Sponsored by:	New Gold Technology
Reviewed by:	bde, tjr, jake [an older version, logic similar]
2002-09-30 20:20:22 +00:00
Jeff Roberson
0fa89fc7d9 - Hold the vn lock over vm_mmap(). 2002-09-25 02:42:04 +00:00
Matthew N. Dodd
c5afa58784 Pass flags to msync() accounting for differences in the definition of
MS_SYNC on FreeBSD and Linux.

Submitted by:	 Christian Zander <zander@minion.de>
2002-09-19 19:02:54 +00:00
Bruce Evans
367797e031 Do not cast from a pointer to an integer of a possibly different size.
This fixes a warning on i386's with 64-bit longs.
2002-09-05 12:30:54 +00:00
Bruce Evans
85422e62d3 Include <sys/malloc.h> instead of depending on namespace pollution 2
layers deep in <sys/proc.h> or <sys/vnode.h>.

Removed unused includes.  Sorted includes.
2002-09-05 08:13:20 +00:00
Ian Dowse
206a5d3a0c Use the new kern_* functions to avoid the need to store arguments
in the stack gap. This converts most VFS and signal related system
calls, as well as select().

Discussed on:	-arch
Approved by:	marcel
2002-09-01 22:30:27 +00:00
Jeff Roberson
e6e370a7fe - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
Robert Watson
eddc160e00 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC entry points for a number of VFS-related
operations in the Linux ABI module.  In particular, handle uselib
in a manner similar to open() (more work is probably needed here),
as well as handle statfs(), and linux readdir()-like calls.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:23:02 +00:00
Robert Watson
fa3b8ffb32 Add a comment about how we should use vn_open() here instead of directly
invoking VOP_OPEN().  This would reduce code redundancy with the rest
of the kernel, and also is required for MAC to work properly.
2002-06-14 07:24:01 +00:00
Jens Schweikhardt
21dc7d4f57 Fix typo in the BSD copyright: s/withough/without/
Spotted and suggested by:	des
MFC after:	3 weeks
2002-06-02 20:05:59 +00:00
Peter Wemm
4924b9dd80 Zap some stale unused headers, including one machine/psl.h (which is
a stub on alpha).  Compile tested on alpha and x86.
2002-05-01 02:17:33 +00:00
Robert Watson
b099af16dd Add an XXX: linux_uselib() should be using vn_open() rather than invoking
VOP_OPEN() and doing lots of manual checking.  This would further
centralize use of the name functions, and once the MAC code is integrated,
meaning few extraneous MAC checks scattered all over the place.  I don't
have time to fix this now, but want to make sure it doesn't get
forgotten.  Anyone interested in fixing this should feel free.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-04-20 14:43:34 +00:00
John Baldwin
094a945562 Rework logic of syscalls that modify process credentials as described in
rev 1.152 of sys/kern/kern_prot.c.
2002-04-13 23:11:23 +00:00
John Baldwin
0af24d5151 Use td_ucred in a few spots. 2002-04-11 21:00:05 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Jeff Roberson
851031501a Remove references to vm_zone.h and switch over to the new uma API. 2002-03-20 10:35:22 +00:00
John Baldwin
a854ed9893 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
Robert Drehmel
668ae58863 Use the updated getcredhostname() function. 2002-02-27 16:47:27 +00:00
Robert Drehmel
5597f0ccf2 Use the getcredhostname function to fill the hostname into
the linux_newuname_args structure.  This should fix the case
of jailed linux processes not using the jail's hostname.

PR:		35336
Reviewed by:	phk
2002-02-27 15:06:33 +00:00
Andrew Gallatin
21e06996e4 Linux/alpha uses the same BSDish return mechanism we do for
getpid, getuid, getgid and pipe, since they bootstrapped from
OSF/1 and never cleaned up.  Switch to the native syscalls
on alpha so that the above functions work

MFC after: 7 days
2002-01-23 22:46:14 +00:00
Robert Watson
011376308f o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
  pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
  so as to enforce these protections, in particular, in kern_mib.c
  protection sysctl access to the hostname and securelevel, as well as
  kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
  mib entries (osname, osrelease, osversion) so that they don't return
  a pointer to the text in the struct linux_prison, rather, a copy
  to an array passed into the calls.  Likewise, update linprocfs to
  use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
  accessing struct prison.

Reviewed by:	jhb
2001-12-03 16:12:27 +00:00
Dag-Erling Smørgrav
c798b36242 Revert incorrect KSEfication: realitexpire expects a struct proc *, not a
struct thread *.
2001-11-24 14:09:50 +00:00
Paul Saab
cbc89bfbfe Make MAXTSIZ, DFLDSIZ, MAXDSIZ, DFLSSIZ, MAXSSIZ, SGROWSIZ loader
tunable.

Reviewed by:	peter
MFC after:	2 weeks
2001-10-10 23:06:54 +00:00
Marcel Moolenaar
9b130a99cf Remove linux_getpgid(). We map the syscall natively now.
PR: kern/21402
2001-09-28 01:40:51 +00:00
Michael Reifenberger
b8febfd1f2 Add a wrapper for linux_getsid -> getsid Syscall. 2001-09-15 09:57:30 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Marcel Moolenaar
5002a60f9b Round of cleanups and enhancements. These include (in random order):
o  Introduce private types for use in linux syscalls for two reasons:
   1. establish type independence for ease in porting and,
   2. provide a visual queue as to which syscalls have proper
      prototypes to further cleanup the i386/alpha split.
   Linuxulator types are prefixed by 'l_'. void and char have not
   been "virtualized".

o  Provide dummy functions for all syscalls and remove dummy functions
   or implementations of truely obsolete syscalls.

o  Sanitize the shm*, sem* and msg* syscalls.

o  Make a first attempt to implement the linux_sysctl syscall. At this
   time it only returns one MIB (KERN_VERSION), but most importantly,
   it tells us when we need to add additional sysctls :-)

o  Bump the kenel version up to 2.4.2 (this is not the same as the
   KERN_VERSION MIB, BTW).

o  Implement new syscalls, of which most are specific to i386. Our
   syscall table is now up to date with Linux 2.4.2. Some highlights:
   -  Implement the 32-bit uid_t and gid_t bases syscalls.
   -  Implement a couple of 64-bit file size/offset bases syscalls.

o  Fix or improve numerous syscalls and prototypes.

o  Reduce style(9) violations while I'm here. Especially indentation
   inconsistencies within the same file are addressed. Re-indenting
   did not obfuscate actual changes to the extend that it could not
   be combined.

NOTE: I spend some time testing these changes and found that if there
      were regressions, they were not caused by these changes AFAICT.
      It was observed that installing a RH 7.1 runtime environment
      did make matters worse. Hangs and/or reboots have been observed
      with and without these changes, so when it failed to make life
      better in cases it doesn't look like it made it worse.
2001-09-08 19:07:04 +00:00
Jim Pirzyk
814c95264f Added the linux_sysinfo function to implement sysinfo(2).
PR:		kern/27759
Reviewed by:	marcel
Approved by:	marcel
MFC after:	1 week
2001-07-23 06:22:10 +00:00
Peter Wemm
2e17a05929 Fix warning:
413: warning: long unsigned int format, vm_offset_t arg (arg 2)
2001-06-15 07:46:18 +00:00
Robert Watson
b1fc0ec1a7 o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
  pcred->pc_uidinfo, which was associated with the real uid, only rename
  it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
  corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
  original macro that pointed.
  p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
  p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
  cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
  cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
  we figure out locking and optimizations; generally speaking, this
  means moving to a structure like this:
        newcred = crdup(oldcred);
        ...
        p->p_ucred = newcred;
        crfree(oldcred);
  It's not race-free, but better than nothing.  There are also races
  in sys_process.c, all inter-process authorization, fork, exec, and
  exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
  remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
  use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
  pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
  allocation.
o Clean up ktrcanset() to take into account changes, and move to using
  suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
  calls to better document current behavior.  In a couple of places,
  current behavior is a little questionable and we need to check
  POSIX.1 to make sure it's "right".  More commenting work still
  remains to be done.
o Update credential management calls, such as crfree(), to take into
  account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
      change_euid()
      change_egid()
      change_ruid()
      change_rgid()
      change_svuid()
      change_svgid()
  In each case, the call now acts on a credential not a process, and as
  such no longer requires more complicated process locking/etc.  They
  now assume the caller will do any necessary allocation of an
  exclusive credential reference.  Each is commented to document its
  reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
  and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
  questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
  processes and pcreds.  Note that this authorization, as well as
  CANSIGIO(), needs to be updated to use the p_cansignal() and
  p_cansched() centralized authorization routines, as they currently
  do not take into account some desirable restrictions that are handled
  by the centralized routines, as well as being inconsistent with other
  similar authorization instances.
o Update libkvm to take these changes into account.

Obtained from:	TrustedBSD Project
Reviewed by:	green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 16:59:11 +00:00
Mark Murray
fb919e4d5a Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
other "system" header files.

Also help the deprecation of lockmgr.h by making it a sub-include of
sys/lock.h and removing sys/lockmgr.h form kernel .c files.

Sort sys/*.h includes where possible in affected files.

OK'ed by:	bde (with reservations)
2001-05-01 08:13:21 +00:00
Robert Watson
c7e1887023 o Change a suser() call to a suser_xxx(..., PRISON_ROOT) call in the
linuxulator so as to allow privileged processes within a jail() to
  invoke the Linux initgroups() system call.  This allows the Linux
  "su" to work properly (better) when running a complete Linux
  environment under jail().  This problem was reported by Attila
  Nagy <bra@fsn.hu>.

Reviewed by:	marcel
2001-04-24 19:08:53 +00:00
John Baldwin
33a9ed9d0e Change the pfind() and zpfind() functions to lock the process that they
find before releasing the allproc lock and returning.

Reviewed by:	-smp, dfr, jake
2001-04-24 00:51:53 +00:00
Alan Cox
21c8cdfb96 Add linux_sched_get_priority_max() and linux_sched_get_priority_min(): The
policy parameter requires translation.
2001-04-01 06:37:40 +00:00
Andrew Gallatin
6d4aa00ac1 fix linux_times() to take into account linux's value of CLK_TCK on the alpha.
Previously, results were off by a factor of 10

Tested by: Yoriaki FUJIMORI <fujimori@grafin.fujimori.cache.waseda.ac.jp>
2001-03-23 19:22:21 +00:00
Jonathan Lemon
2459336973 Allow debugging output to be controlled on a per-syscall granularity.
Also clean up debugging output in a slightly more uniform fashion.

The default behavior remains the same (all debugging output is turned on)
2001-02-16 16:40:43 +00:00
Jonathan Lemon
705deb78a3 Add mount syscall to linux emulation. Also improve emulation of reboot. 2001-02-16 14:42:11 +00:00
Bosko Milekic
9ed346bab0 Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:

mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)

similarily, for releasing a lock, we now have:

mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.

The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.

Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:

MTX_QUIET and MTX_NOSWITCH

The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:

mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.

Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.

Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.

Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.

Finally, caught up to the interface changes in all sys code.

Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
John Baldwin
ba88dfc733 Back out proc locking to protect p_ucred for obtaining additional
references along with the actual obtaining of additional references.
2001-01-27 00:01:31 +00:00
John Baldwin
fb29c3e083 Protect calcru() with sched_lock. 2001-01-23 20:50:40 +00:00
John Baldwin
216af8221e Lock access to proc members.
Glanced over by:	marcel
2000-12-15 19:41:27 +00:00
Marcel Moolenaar
b4c6727a3a Don't auto-generate the syscalls. 2000-12-03 01:30:31 +00:00
Jake Burkholder
4f55983606 Use callout_reset instead of timeout(9). Most callouts are statically
allocated, 2 have been added to struct proc for setitimer and sleep.

Reviewed by:	jhb, jlemon
2000-11-27 22:52:31 +00:00
Marcel Moolenaar
ebea866055 Revert auto-generation. The Alpha port is broken.
Syncing with it is wrong.
2000-11-10 21:30:19 +00:00
Marcel Moolenaar
2da829a0c8 Sync with Alpha:
Do not use sysent.c, proto.h and syscall.h in source tree;
use auto-generated versions.
2000-11-09 07:27:55 +00:00
David E. O'Brien
5231fb2059 The MI/MD split wasn't perfect and the MI files need hacks for the
AlphaLinux compat bits.  This will be better cleaned up soon.

Agreed to what ever was necessary by:	marcel
2000-11-01 19:48:35 +00:00
Marcel Moolenaar
4a22d85023 Fix bug in previous commit. We need to trim the limits to fit
the datatype (= long). Use ULONG_MAX and LONG_MAX to avoid
creating MD code.
2000-08-26 05:08:10 +00:00
Marcel Moolenaar
eebc2a071f Re-implement linux_{g|s}etrlimit in terms of {g|s}etrlimit
instead of the o{g|s}etrlimit so that the dependency on
COMPAT_43 is removed.
2000-08-26 02:18:41 +00:00