Commit Graph

1154 Commits

Author SHA1 Message Date
Guido van Rooij
8f89943eda Add generation number randomization. Newly created filesystems wil now
automatically have random generation numbers. The kenel way of handling those
also changed. Further it is advised to run fsirand on all your nfs exported
filesystems. the code is mostly copied from OpenBSD, with the randomization
chanegd to use /dev/urandom
Reviewed by:	Garrett
Obtained from: OpenBSD
1997-03-23 20:08:22 +00:00
Bruce Evans
3ac4d1ef0c Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined.
Fixed everything that depended on getting fcntl.h stuff from the wrong
place.  Most things don't depend on file.h stuff at all.
1997-03-23 03:37:54 +00:00
Mike Pritchard
9a8f4a4c93 Restore Bruce's original comment. It seems that "iff" = if and only if,
and is not a typo.  It is used other places in the kernel, too.
1997-03-22 20:34:21 +00:00
Mike Pritchard
269ebc8621 Fix a typo in a comment of a recent commit. 1997-03-22 16:52:19 +00:00
Bruce Evans
774fce94c0 Removed volatile' from declaration of time', and removed the resulting
null casts.  `time' is nonvolatile for accesses within a region locked
by splclock()/splx().  Accesses outside such a region are invalid, and
splx() must have the side effect of potentially changing all global
variables (since there are hundreds of sort of volatile variables like
`time'), so declaring `time' as volatile didn't have any real benefits.
1997-03-22 08:03:51 +00:00
Bruce Evans
3c81694426 Fixed some invalid (non-atomic) accesses to `time', mostly ones of the
form `tv = time'.  Use a new function gettime().  The current version
just forces atomicicity without fixing precision or efficiency bugs.
Simplified some related valid accesses by using the central function.
1997-03-22 06:53:45 +00:00
Bill Paul
0b788fa1da Add support to sendmsg()/recvmsg() for passing credentials between
processes using AF_LOCAL sockets. This hack is going to be used with
Secure RPC to duplicate a feature of STREAMS which has no real counterpart
in sockets (with STREAMS/TLI, you can apparently use t_getinfo() to learn
UID of a local process on the other side of a transport endpoint).

What happens is this: the client sets up a sendmsg() call with ancillary
data using the SCM_CREDS socket-level control message type. It does not
need to fill in the structure. When the kernel notices the data,
unp_internalize() fills in the cmesgcred structure with the sending
process' credentials (UID, EUID, GID, and ancillary groups). This data
is later delivered to the receiving process. The receiver can then
perform the follwing tests:

- Did the client send ancillary data?
	o Yes, proceed.
	o No, refuse to authenticate the client.

- The the client send data of type SCM_CREDS?
	o Yes, proceed.
	o No, refuse to authenticate the client.

- Is the cmsgcred structure the right size?
	o Yes, proceed.
	o No, signal a possible error.

The receiver can now inspect the credential information and use it to
authenticate the client.
1997-03-21 16:12:32 +00:00
Bruce Evans
444f003cca Fixed null pointer panic in devtotty(). Fixed bounds checking in
devtotty().  devtotty() must check its arg carefully since the arg is
supplied as ioctl data.  This should fix PR3004.

Renamed devtotty() to snpdevtotty().
1997-03-16 19:11:40 +00:00
Bruce Evans
d8d6519c63 Fixed the hash formula. Lite2 doesn't have phashinit(), so Lite2's hash
formula uses `& nchash'.  This is very broken when nchash is a prime
number instead of 1 less than a power of 2, but the Lite2 formula was
merged in.

Merged some cosmetic changes from Lite2, rev.1.21 and Lite1.  The merge
was difficult because the Lite2 code is essentially ours (phk's) except
where Lite2 improved or broke it.

Summary of the Lite2 changes:
- in the copyright, phk's rights have been transferred to the Regents.
  This change should be reviewed.
- nchENOENT went away; the "no" vnode is now simply 0.
- comments were improved.
- style was "improved".
- goto instead of Fanatism (sic) was considered bad :-).
- there are some small changes to support whiteouts.
- new cache entries are added in more cases.  More work is required
  near here to change the hash table size if kern.desiredvnodes is
  changed using sysctl.
- rescanning of the hash bucket in cache_purgevfs() was removed.  This
  change should be reviewed.
1997-03-08 15:22:14 +00:00
Guido van Rooij
dfd0621acc Fix style bugs and other bugs in the NFS fix. 1997-03-08 15:14:30 +00:00
John Dyson
d6faa36b42 Remove unnecessary check for vp->v_mount being null. Pointed
out by BDE.
1997-03-07 14:40:54 +00:00
Gary Palmer
324d42ad57 Fix (I hope) the NFS hole. This is only compile tested.
Submitted by:	(partly) davids@SECNET.COM via BUGTRAQ
1997-03-07 07:42:41 +00:00
Bruce Evans
c68fa33937 Try a no-wait malloc first in clist_alloc_cblocks(). If this fails, then
complain and blunder on.

Should be in 2.2, preferably with a better fix.
1997-03-05 16:45:01 +00:00
David Greenman
2f2160da3b Fixed splbio problems in vinvalbuf. Closes PR#2875, although fixed
differently by me.
1997-03-05 04:54:54 +00:00
Mike Smith
3a558f83dd Check that vp->v_mount is non-null in fsync() before dereferencing it to
obtain the mountpoint's MNT_ASYNC flag.

This is a Very Definite Last-Minute 2.2 Bugfix Candidate.

Reviewed by:	sef
1997-03-05 01:42:14 +00:00
Bruce Evans
4a8b966013 Attach vfs_sysctl() one level lower so that only the levels below
VFS_GENERIC aren't done in the FreeBSD way.  The previous commit
broke the nfs sysctls.
1997-03-04 18:31:56 +00:00
Andrey A. Chernov
53490b7634 Oops, fix typo. 1997-03-03 23:02:43 +00:00
Andrey A. Chernov
30cf3ac460 Don't copy more than MAXLOGNAME bytes in getlogin() syscall,
it is stricter than padded s_login size check was there.
1997-03-03 22:46:16 +00:00
Bruce Evans
3a76a5949b Merged Lite2's vfs_sysctl(). It doesn't fit very well into FreeBSD's
(phk's) sysctl framework, and I needed special code to disambiguate
the VFS_GENERIC node from the VFS_VFSCONF leaf, so I only converted
the leaves to the FreeBSD framework.  The error handling isn't quite
right.  CSRGS's sysctls seem to return ENOTDIR too much and FreeBSD's
sysctls don't agree with the man page.
1997-03-03 12:58:20 +00:00
Andrey A. Chernov
964ca0caee Use MAXLOGNAME for stricter size check in setlogin() syscall instead of
sizeof of padded s_login array
1997-03-03 10:15:48 +00:00
Bruce Evans
dc91a89e83 Restored some pre-Lite2-merge source-level compatibility to the mount()
and getvfsbyname() interfaces.  The new interfaces are now hidden from
applications unless _NEW_VFSCONF is defined.  The new vfsconf interfaces
don't work yet.
1997-03-02 17:53:37 +00:00
Bruce Evans
a896f0256c Moved vfs sysctls to where Lite2 put them. No code changes yet. 1997-03-02 11:06:22 +00:00
Wolfram Schneider
6faaa756b5 Include copyright message from <sys/copyright.h> 1997-03-01 17:49:09 +00:00
Bruce Evans
93437134e2 Added a copyright and restored order. 1997-02-28 10:14:24 +00:00
Bruce Evans
a1ab34e3d0 Wrapped mi_switch() with splstatclock()/splx(). This fixes excessive
interrupt latency for certain cases involving for restarting stopped
processes.
1997-02-27 18:03:48 +00:00
Bruce Evans
886ee0aa9f Fixed loading of vfs's. The Lite2 merge added unnecessary compatibility
cruft and resulted in loading usually following a null pointer.  Use
something closer to the pre-Lite2 code, including not making a copy of
the new filesystem's config info.  Not making a copy also fixes a race
for loading and a memory leak for unloading.

Fixed unloading of vfs's.  maxvfsconf wasn't maintained.

Look up the vfs to unload by name instead of by number.  The numbers
should go away as soon as all mount utilities are converted.
1997-02-27 16:40:20 +00:00
Bruce Evans
b98afd0d00 Fixed Lite2 merge of spechash simplelocking. It was misplaced in
checkalias() and missing in vfinddev() and vcount().
1997-02-27 16:08:43 +00:00
John Dyson
fd7f690f94 Fix the previous simple_lock fix breakage in the combined
vput/vrele routine.  Fix a panic message.  Fix the vop_nounlock
routine so that "special" filesystems that use it work correctly.
1997-02-27 05:28:58 +00:00
John Dyson
0d955f71a1 Fix the simple_lock problem with the physical I/O buffer code, and
also fix the missing simple_unlock in vrele, and improve vrele/vput
by merging them into one routine.  BDE pointed these problems out.
1997-02-27 02:57:03 +00:00
Bruce Evans
7c1557c4af Fixed unmounting of the root fs. vfs_unmountroot() wasn't fully updated
to do Lite2 locking and vfs_unmountall() wasn't as simple as the Lite2
version.
1997-02-26 15:35:42 +00:00
Bruce Evans
c35e283a80 Merged some missing locking from Lite2:
- getnewvnode() and vref() were missing one simple_unlock() each.
- the Lite2 locking changes weren't merged at all in
  printlockedvnodes() or sysctl_vnode().  Merging these undid
  some KNF style regressions.
1997-02-25 19:33:23 +00:00
Garrett Wollman
639acc13e2 Create a new branch of the kernel MIB, kern.ipc, to store
all of the configurables and instrumentation related to
inter-process communication mechanisms.  Some variables,
like mbuf statistics, are instrumented here for the first
time.

For mbuf statistics: also keep track of m_copym() and
m_pullup() failures, and provide for the user's inspection
the compiled-in values of MSIZE, MHLEN, MCLBYTES, and MINCLSIZE.
1997-02-24 20:30:58 +00:00
Peter Wemm
d050e1a8a0 Regenerate to include correct Id string 1997-02-22 12:52:35 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Mike Pritchard
77bf994fe8 Support the installation of character devices via an lkm.
Closes PR# 1716

Submitted by:	jpt@magic.net
1997-02-22 01:20:57 +00:00
Bruce Evans
d5e4d7e154 Improved select():
- avoid malloc() if the number of fds is small.
- pack the bits better so that `small' is quite large.
- don't waste time generating zero bits for null fd_set pointers or
  scanning these bits.

Possibly improved select():
- free malloc()ed storage before returning.  This is simpler and I
  think huge select()s aren't worth optimizing since they are rare,
  relative gain would be small and there would be tiny costs for all
  selects().

Reviewed by:	ache (first version by him too)
1997-02-20 11:51:52 +00:00
Garrett Wollman
b1396a353b Make the operation of sonewconn1() a bit clearer by calling
pru_attach() before putting the new connection on the
connection queue.
1997-02-19 19:15:43 +00:00
David Greenman
e47bda0730 Fix from PR #2757:
execve() clears the P_SUGID process flag in execve() if the binary
executed does not have suid or sgid permission bits set.

This also happens when the effective uid is different from the real
uid or the effective gid is different from the real gid. Under
these circumstances, the process still has set id privileges and
the P_SUGID flag should not be cleared.

Submitted by:	Tor Egge <Tor.Egge@idt.ntnu.no>
1997-02-19 03:51:34 +00:00
Garrett Wollman
d8392c6c39 uipc_mbuf.c: do a better job of counting how often we have to wait
for memory, or are denied a cluster.

uipc_socket2.c: define some generic ``operation-not-supported'' entry points
for pr_usrreqs.
1997-02-18 20:43:07 +00:00
Bruce Evans
a8687b6dcd Added some ufs #includes so that this compiles with option LOCKF_DEBUG.
Moving this all from ufs wasn't a good move.  At least the debugging
routines depend on the file system.

Cleaned up the LOCKF_DEBUG #includes.
1997-02-18 14:37:26 +00:00
Bruce Evans
78fd7b3d49 Fixed namei caching for LOOKUPs. It was broken for lstat() and olstat().
Successful lstat()s purged an existing entry as well as not caching the
result.

This bug was introduced in Lite1 by setting the LOCKPARENT flag for
[o]lstat() in order to support the inherit-attributes-from-parent-
directory misfeature for symlinks.  LOCKPARENT was previously only set
for CREATEs and DELETEs.  It is now set for LOOKUPs, but only for
[o]lstat(), so the problem wasn't very noticeable.
1997-02-18 06:46:41 +00:00
Bruce Evans
25ed2ac223 Changed #ifdef COMPAT_PRELITE2' to #ifndef NO_COMPAT_PRELITE2' so that
the old VFS_VFSCONF sysctl is enabled by default.

Initialize the vfc_vfsops field to non-NULL in sysctl_ovfs_conf()
so that the old VFS_VFSCONF sysctl actually works.  The old (still
current) getvfsent.c uses this "kernel-only" field to decide which
vfs's are configured (the old implementation returned null entries
for unconfigured vfs's).
1997-02-18 04:58:11 +00:00
David Greenman
70e534e78f Pass P_SUGID on to the child of a fork(). It was possible to get rlogin
to coredump previously since it (somewhat uniquely) is setuid and forks
without execing, and thus without passing P_SUGID the child could
coredump and possibly divulge sensitive information (such as encrypted
passwords from the passwd database).
1997-02-17 10:58:46 +00:00
Garrett Wollman
30f700e9c7 Provide an alternative mbuf cluster allocator which permits use of
clusters greater than one page in length by calling contigmalloc1().
This uses a helper process `mclalloc' to do the allocation if
the system runs out at interrupt time to avoid calling contigmalloc
at high spl.  It is not yet clear to me whether this works.
1997-02-13 19:41:40 +00:00
Garrett Wollman
5bee01c83f For large values of sb_max or MCLBYTES, it was possible for the expression
sb_max * MCLBYTES / (MSIZE + MCLBYTES)
used in sbreserve() to overflow, causing all socket creation attempts
to fail.  Force the calculation to use u_quad_t's, which makes overflow
less likely.
1997-02-13 18:05:46 +00:00
Mike Pritchard
61f84e5b27 Don't depend on FIFO being defined to enable mkfifo.
It is now always compiled.

Submitted by:	bde
1997-02-12 16:55:32 +00:00
Bruce Evans
b52748bee5 Restored some lost function return types. 1997-02-12 14:00:00 +00:00
Mike Pritchard
72a5ee14de Add function protypes for the new Lite2 unionfs functions. 1997-02-12 07:54:22 +00:00
Mike Pritchard
820d8cf44a Comment out a call to the #ifdef DIAGNOSTIC routine
vfs_bufstats().  This routine was not imported in the
Lite2 merge.
1997-02-12 06:46:11 +00:00
Garrett Wollman
1e49bd9cd3 Fix spelling of net.inet.ip.forwarding.
Add ARP_PROXYALL to defunct options.
1997-02-10 19:19:16 +00:00