Commit Graph

115 Commits

Author SHA1 Message Date
Robert Watson
a9d2f8d84f Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
Ed Schouten
7c9669276e Fix whitespace inconsistencies in the TTY layer and its drivers owned by me. 2011-06-26 18:26:20 +00:00
Ed Schouten
5c67885a26 Add ttydisc_rint_simple().
I noticed several drivers in our tree don't actually care about parity
and framing, such as pts(4), snp(4) (and my partially finished console
driver). Instead of duplicating a lot of code, I think we'd better add a
utility function for those drivers to quickly process a buffer of input.

Also change pts(4) and snp(4) to use this function.
2009-08-23 08:04:40 +00:00
Ed Schouten
aa16f86ca5 Keep this line shorter than 80 columns. 2009-05-13 19:29:50 +00:00
Ed Schouten
7fb6f68587 Add macros around the sx operations in snp(4).
As an experiment, I changed snp(4) to use a mutex instead of an sx lock.
We can't enable this right now, because Syscons still picks up Giant.
It's nice to already have the framework there.
2009-05-11 18:52:46 +00:00
Ed Schouten
41ba7e9b13 Slightly improve the design of the TTY buffer.
The TTY buffers used the standard <sys/queue.h> lists. Unfortunately
they have a big shortcoming. If you want to have a double linked list,
but no tail pointer, it's still not possible to obtain the previous
element in the list. Inside the buffers we don't need them. This is why
I switched to custom linked list macros. The macros will also keep track
of the amount of items in the list. Because it doesn't use a sentinel,
we can just initialize the queues with zero.

In its simplest form (the output queue), we will only keep two
references to blocks in the queue, namely the head of the list and the
last block in use. All free blocks are stored behind the last block in
use.

I noticed there was a very subtle bug in the previous code: in a very
uncommon corner case, it would uma_zfree() a block in the queue before
calling memcpy() to extract the data from the block.
2009-02-03 19:58:28 +00:00
Alexander Motin
a9385ad10f Change ttyhook_register() second argument from thread to process pointer.
Thread was not really needed there, while previous ng_tty implementation
that used thread pointer had locking issues (using sx while holding mutex).
2008-12-13 21:17:46 +00:00
Ed Schouten
932ef5b5cd Reintroduce the snp(4) driver.
Because the TTY hooks interface was not finished when I imported the
MPSAFE TTY layer, I had to disconnect the snp(4) driver. This snp(4)
implementation has been sitting in my P4 branch for some time now.
Unfortunately it still doesn't use the same error handling as snp(4)
(returning codes through FIONREAD), but it should already be usable.

I'm committing this to SVN, hoping someone else could polish off its
rough edges. It's always better than having a broken driver sitting in
the tree.
2008-11-05 15:04:03 +00:00
Ed Schouten
873da6a7fa Even though snp(4) in SVN is still broken, remove the unneeded D_NEEDMINOR.
kib@ and I have decided we will MFC the bpf(4)/snp(4) fixes after we've
released 7.1. Make sure the code in HEAD doesn't refer to a flag we
don't need anyway.

snp(4) in the MPSAFE TTY P4 branch already works, but still needs some
polishing before it can be integrated to SVN.
2008-09-19 10:21:30 +00:00
Ed Schouten
2e37c8eacb Convert the snp(4) driver to use cdevpriv.
Now we have a single /dev/snp device node, which can be opened by
watch(8) multiple times. Even though snp(4) will be dead as of next
week, it's nice having this in SVN, because:

- We may want to MFC it to RELENG_7.
- By the time we fix snp(4) again, it's already there, existing watch(8)
  binaries should already work.

Just like bpf(4), I'm adding a symlink from snp0 to snp to remain binary
compatible.
2008-08-15 13:07:07 +00:00
Ed Schouten
29d4cb241b Don't enforce unique device minor number policy anymore.
Except for the case where we use the cloner library (clone_create() and
friends), there is no reason to enforce a unique device minor number
policy. There are various drivers in the source tree that allocate unr
pools and such to provide minor numbers, without using them themselves.

Because we still need to support unique device minor numbers for the
cloner library, introduce a new flag called D_NEEDMINOR. All cdevsw's
that are used in combination with the cloner library should be marked
with this flag to make the cloning work.

This means drivers can now freely use si_drv0 to store their own flags
and state, making it effectively the same as si_drv1 and si_drv2. We
still keep the minor() and dev2unit() routines around to make drivers
happy.

The NTFS code also used the minor number in its hash table. We should
not do this anymore. If the si_drv0 field would be changed, it would no
longer end up in the same list.

Approved by:	philip (mentor)
2008-06-11 18:55:19 +00:00
Konstantin Belousov
316d90a37b Move the check for the snp device being already attached after the
fget() call, that is sleeping point, and possibly dropping Giant.

The snp_target == NULL implies the snp_tty == NULL. Remove the code
that is put under snp_target == NULL and snp_tty != NULL clause.

In snpclose(), do the snp_detach() before scheduling the snp device
destruction. Otherwise, after the return from snpclose(), the snp
device is already removed from the snp_list, but tty is still in
snooped state. Any attempt to do i/o on such tty cause panic because
ttytosnp() returns NULL.

Tested by:	Peter Holm
MFC after:	1 week
2007-12-24 13:47:16 +00:00
Konstantin Belousov
6ed4cfc05d Do not allow the SNPSTTY ioctl for the snoop device that has a tty
attached. Otherwise, the snp->snp_tty would be overwritten, while the
tty line discipline still set to the snpdisc. Then snplwrite() causes
panic because ttytosnp() cannot find the snp.

MFC after:	1 week
2007-12-03 14:02:27 +00:00
Konstantin Belousov
542a8db549 Adopt snp to the destroy_dev_sched() KPI after reverting of destroy_dev()
to not call destroy_dev_sched().

Tested by:	Peter Holm
Approved by:	re (kensmith)
2007-07-05 13:07:12 +00:00
Konstantin Belousov
5977b8fee1 Use make_dev_credf(MAKEDEV_REF) instead of make_dev() from snp clone handler.
Drain clone events and cdev destruction from the module unload handler.

Debugging help and testing by:	Peter Holm
Approved by:	re (kensmith)
2007-07-03 17:43:56 +00:00
Craig Rodrigues
7409f6cd91 Switch to ANSI function declarations. 2007-03-23 22:48:44 +00:00
Ruslan Ermilov
6ed0b39d28 Restore the ability to detach from a tty via SIOCSTTY and document
recent changes in a manpage.

Reviewed by:	cognet
2005-09-19 13:48:45 +00:00
Olivier Houchard
30ce1aad9c Slightly change the API for the SNPSTTY ioctl so that the userland now
provides a file descriptor instead of a dev_t.

Discussed with:	phk
MFC after: 3 days
2005-09-18 19:23:35 +00:00
Robert Watson
6a113b3de7 Merge the dev_clone and dev_clone_cred event handlers into a single
event handler, dev_clone, which accepts a credential argument.
Implementors of the event can ignore it if they're not interested,
and most do.  This avoids having multiple event handler types and
fall-back/precedence logic in devfs.

This changes the kernel API for /dev cloning, and may affect third
party packages containg cloning kernel modules.

Requested by:	phk
MFC after:	3 days
2005-08-08 19:55:32 +00:00
Poul-Henning Kamp
f4f6abcb4e Explicitly hold a reference to the cdev we have just cloned. This
closes the race where the cdev was reclaimed before it ever made it
back to devfs lookup.
2005-03-31 12:19:44 +00:00
Poul-Henning Kamp
7649bbb0b0 Disable two users of findcdev. They do the wrong thing now and will
need to be fixed.  In both cases the API should be reengineered to do
something (more) sensible.
2005-03-15 12:39:30 +00:00
Warner Losh
098ca2bda9 Start each of the license/copyright comments with /*-, minor shuffle of lines 2005-01-06 01:43:34 +00:00
Poul-Henning Kamp
1ef0fc1d09 Include fcntl.h not vnode.h.
Include uio.h instead of relying on vnode.h to do so.
Check O_NONBLOCK not IO_NDELAY.
2004-12-22 17:30:38 +00:00
Olivier Houchard
b5128f416a Walk through the snp softc list instead of abusing tp->ts_c to find the
snp attached to a tty.
This fixes the panic that happens when using snp.
2004-11-05 18:32:14 +00:00
Poul-Henning Kamp
969d098b0f Hold thread reference while we frob cdevsw. 2004-09-24 08:12:41 +00:00
Poul-Henning Kamp
672c05d49c Preparation commit for the tty cleanups that will follow in the near
future:

rename ttyopen() -> tty_open() and ttyclose() -> tty_close().

We need the ttyopen() and ttyclose() for the new generic cdevsw
functions for tty devices in order to have consistent naming.
2004-07-15 20:47:41 +00:00
Poul-Henning Kamp
3e019deaed Do a pass over all modules in the kernel and make them return EOPNOTSUPP
for unknown events.

A number of modules return EINVAL in this instance, and I have left
those alone for now and instead taught MOD_QUIESCE to accept this
as "didn't do anything".
2004-07-15 08:26:07 +00:00
Robert Watson
66ea137d89 Switch snoop device to using C99 initialization for struct linesw. 2004-07-14 05:32:55 +00:00
Poul-Henning Kamp
f3732fd15b Second half of the dev_t cleanup.
The big lines are:
	NODEV -> NULL
	NOUDEV -> NODEV
	udev_t -> dev_t
	udev2dev() -> findcdev()

Various minor adjustments including handling of userland access to kernel
space struct cdev etc.
2004-06-17 17:16:53 +00:00
Poul-Henning Kamp
89c9c53da0 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
Poul-Henning Kamp
fe12f24bb0 Add missing <sys/module.h> includes 2004-05-30 20:08:47 +00:00
Poul-Henning Kamp
9397290e76 Add clone_setup() function rather than rely on lazy initialization.
Requested by:	rwatson
2004-03-11 12:58:55 +00:00
Bruce Evans
63a97efcbb Don't set d_flags twice. The second setting clobbered D_NOGIANT. 2004-02-24 04:35:44 +00:00
Poul-Henning Kamp
816d62bbb9 Device megapatch 5/6:
Remove the unused second argument from udev2dev().

Convert all remaining users of makedev() to use udev2dev().  The
semantic difference is that udev2dev() will only locate a pre-existing
dev_t, it will not line makedev() create a new one.

Apart from the tiny well controlled windown in D_PSEUDO drivers,
there should no longer be any "anonymous" dev_t's in the system
now, only dev_t's created with make_dev() and make_dev_alias()
2004-02-21 21:32:15 +00:00
Poul-Henning Kamp
dc08ffec87 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
Poul-Henning Kamp
b0b0334878 Device megapatch 2/6:
This commit adds a couple of functions for pseudodrivers to use for
implementing cloning in a manner we will be able to lock down (shortly).

Basically what happens is that pseudo drivers get a way to ask for
"give me the dev_t with this unit number" or alternatively "give
me a dev_t with the lowest guaranteed free unit number" (there is
unfortunately a lot of non-POLA in the exact numeric value of this
number, just live with it for now)

Managing the unit number space this way removes the need to use
rman(9) to do so in the drivers this greatly simplifies the code in
the drivers because even using rman(9) they still needed to manage
their dev_t's anyway.

I have taken the if_tun, if_tap, snp and nmdm drivers through the
mill, partly because they (ab)used makedev(), but mostly because
together they represent three different problems for device-cloning:

if_tun and snp is the plain case: just give me a device.

if_tap has two kinds of devices, with a flag for device type.

nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
Seigo Tanimura
512824f8f7 - Implement selwakeuppri() which allows raising the priority of a
thread being waken up.  The thread waken up can run at a priority as
  high as after tsleep().

- Replace selwakeup()s with selwakeuppri()s and pass appropriate
  priorities.

- Add cv_broadcastpri() which raises the priority of the broadcast
  threads.  Used by selwakeuppri() if collision occurs.

Not objected in:	-arch, -current
2003-11-09 09:17:26 +00:00
David E. O'Brien
945ff31afa Use __FBSDID().
Also some minor style cleanups.
2003-08-24 18:03:45 +00:00
Poul-Henning Kamp
7ac40f5f59 Gigacommit to improve device-driver source compatibility between
branches:

Initialize struct cdevsw using C99 sparse initializtion and remove
all initializations to default values.

This patch is automatically generated and has been tested by compiling
LINT with all the fields in struct cdevsw in reverse order on alpha,
sparc64 and i386.

Approved by:    re(scottl)
2003-03-03 12:15:54 +00:00
Dag-Erling Smørgrav
521f364b80 More low-hanging fruit: kill caddr_t in calls to wakeup(9) / [mt]sleep(9). 2003-03-02 16:54:40 +00:00
Poul-Henning Kamp
e4d0d8c84a msg 2003-02-26 20:53:28 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
Thomas Moestl
20207b60a8 Declare the snp ioctl()s to work on udev_t, since that is what they
really do and dev_t is defined differently in kernel and userland.
Return a correctly formed udev from SNPGTTY.

Reviewed by:	dd
2002-11-11 10:45:31 +00:00
Dima Dorfman
f4c5dfbb9a Treat input on the snp device as an `unsigned char'. According to the
submitter, this permits Russian (and probably other locales') characters
to be entered via watch(8).

PR:		35636
Submitted by:	Gleb Smirnoff <glebius@rinet.ru>
2002-04-10 03:51:49 +00:00
Alfred Perlstein
e51a25f850 Remove __P. 2002-03-20 02:08:01 +00:00
Alfred Perlstein
85f190e4d1 Fixes to make select/poll mpsafe.
Problem:
  selwakeup required calling pfind which would cause lock order
  reversals with the allproc_lock and the per-process filedesc lock.
Solution:
  Instead of recording the pid of the select()'ing process into the
  selinfo structure, actually record a pointer to the thread.  To
  avoid dereferencing a bad address all the selinfo structures that
  are in use by a thread are kept in a list hung off the thread
  (protected by sellock).  When a selwakeup occurs the selinfo is
  removed from that threads list, it is also removed on the way out
  of select or poll where the thread will traverse its list removing
  all the selinfos from its own list.

Problem:
  Previously the PROC_LOCK was used to provide the mutual exclusion
  needed to ensure proper locking, this couldn't work because there
  was a single condvar used for select and poll and condvars can
  only be used with a single mutex.
Solution:
  Introduce a global mutex 'sellock' which is used to provide mutual
  exclusion when recording events to wait on as well as performing
  notification when an event occurs.

Interesting note:
  schedlock is required to manipulate the per-thread TDF_SELECT
  flag, however if given its own field it would not need schedlock,
  also because TDF_SELECT is only manipulated under sellock one
  doesn't actually use schedlock for syncronization, only to protect
  against corruption.

Proc locks are no longer used in select/poll.

Portions contributed by: davidc
2002-03-14 01:32:30 +00:00
Dima Dorfman
cdd530ca19 Make the diagnostics printfs less ugly. 2002-03-11 03:48:32 +00:00
Dima Dorfman
2c1a6f2178 Check the return value of tsleep() in snpread(). This may be
important, since our sleep is interruptable (PCATCH flag).

PR:		30985
Discovered by:	Vladimir Jakovenko <vovik@lucky.net>
Submitted by:	Valentin Nechayev <netch@segfault.kiev.ua>
2001-11-24 15:59:46 +00:00
Dima Dorfman
2c9fb90995 Return EBUSY if we try to attach to a tty that is already being
snooped on.  This causes all kinds of Bad Things(tm) to happen since
closing one session will clobber state that's needed for the other
one.  This could theoretically be supported if the code was careful,
but until somebody implements that, preventing this will stop people
from unknowingly shooting themselves in the foot.
2001-11-24 15:34:18 +00:00