Commit Graph

46 Commits

Author SHA1 Message Date
Robert Watson
acd3428b7d Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
Robert Watson
818812244b Rework IPX/SPX socket and pcb reference model:
- Introduce invariant that all IPX/SPX sockets will have valid so_pcb
  pointers to ipxpcb structures, and that for SPX, the control block
  pointer will always be valid.  Don't attempt to free the socket or
  pcb at various odd points, such as disconnect.

- Add a new ipxpcb flag, IPXP_DROPPED, which will be set in place of
  freeing PCB's so that this invariant can be maintained.  This flag
  is now checked instead of a NULL check in various socket protocol
  calls.

- Introduce many assertions that this invariant holds.

- Various pieces of code, such as the SPX timer code, no longer needs
  to jump through hoops in case it frees a PCB while running.

- Break out ipx_pcbfree() from ipx_pcbdetach().  Likewise
  spx_pcbdetach().

- Comment on some SMP-related limitations to the SPX code.

- Update copyrights.

MFC after:	1 month
2006-03-25 17:28:42 +00:00
Robert Watson
b8e00b4cf4 Clean up and style(9) SPX code prior to significant functional changes
being committed:

- Wrap comments more evenly on right border.
- Clean up braces.

Also, along similar lines:

- Assert some pointers are non-NULL before dereferencing them.
- Remove one assertion that looks, on face value, poor.

MFC after:	1 month
2006-03-24 13:58:23 +00:00
Robert Watson
0c3833b6ba Assert or acquire the IPX PCB list lock or IPX PCB locks throughout
the IPX-related PCB routines.  In general, the list lock is required
to iterate the PCB list, either for read or write; the PCB lock is
required to access or modify a PCB.  To change the binding of a PCB,
both locks must be held.

MFC after:	3 weeks
2005-01-09 05:10:43 +00:00
Robert Watson
c2b563b532 Introduce a global mutex, ipxpcb_list_mtx, to protect the global
IPX PCB lists.  Add macros to initialize, destroy, lock, unlock,
and assert the mutex.  Initialize the mutex when IPX is started.

Add per-IPX PCB mutexes, ipxp_mtx in struct ipxpcb, to protect
per-PCB IPX/SPX state.  Add macros to initialize, destroy, lock,
unlock, and assert the mutex.  Initialize the mutex when a new
PCB is allocated; destroy it when the PCB is free'd.

MFC after:	2 weeks
2005-01-09 05:00:41 +00:00
Robert Watson
9d98ffa087 In ipx_setsockaddr(), use M_WAITOK instead of M_NOWAIT so that the
call always succeeds, avoiding causing the caller to return success
even though the returned *sockaddr is NULL.

MFC after:	2 weeks
2005-01-09 04:47:42 +00:00
Warner Losh
c398230b64 /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
Robert Watson
944731d517 Eliminate XXX comments regarding allocation failures when retrieving
the peer address by using M_WAITOK in ipx_setpeeraddr() to prevent
allocation failure.  The socket reference used to reach these calls
will prevent the ipxpcb from being released prematurely.
2005-01-02 15:25:59 +00:00
Robert Watson
928944eeb5 Trim trailing whitespace. 2005-01-02 15:13:59 +00:00
Robert Watson
21275ec3db Use 'NULL' in preference to '0' for pointer comparisons.
MFC after:	2 weeks
2005-01-02 01:51:18 +00:00
Robert Watson
6c56a18747 Use RTFREE() to free route references rather than rtfree(), as rtfree()
expects a locked route reference.  This removes a panic that occurs
when connected ipxpcb is closed and its route free'd, and may have been
present since the route locking took place.

MFC after:	2 weeks
2005-01-02 01:47:56 +00:00
Robert Watson
c2b8a29d33 Prefer rtalloc_ign() API to rtalloc() API. 2005-01-02 01:39:38 +00:00
Robert Watson
86c788d323 Move the definition of ipxpcb_lport_cache from ipx_input.c to ipx_pcb.c,
the only source file where it is actually used.
2005-01-01 22:04:03 +00:00
Robert Watson
96979ee67d Marginally reformat copyright statements to remove an excess ','. 2004-12-31 17:05:37 +00:00
Robert Watson
08e044cb89 Use a global variable, ipxpcb_lport_cache, to cache the most recently
used IPX port number, rather than using the global ipxpcb list head.
2004-12-30 17:54:53 +00:00
Robert Watson
80a4dabe7d Convert netipx to use queue(9) doubly-linked lists instead of home-brew
linked lists for ipxpcb's.
2004-12-30 17:49:40 +00:00
Robert Watson
ffeb1a497a Garbage collect unused (and incompletely implemented) functions:
- ipx_pcbnotify(), which is never called.
- ipx_rtchange(), which is never called, is incomplete inplemented, and
  also #ifdef notdef.
- spx_fixmtu(), which is never called, is incompletely implemented, and
  also #ifdef notdef.
2004-12-30 17:21:07 +00:00
Robert Watson
81158452be Push acquisition of the accept mutex out of sofree() into the caller
(sorele()/sotryfree()):

- This permits the caller to acquire the accept mutex before the socket
  mutex, avoiding sofree() having to drop the socket mutex and re-order,
  which could lead to races permitting more than one thread to enter
  sofree() after a socket is ready to be free'd.

- This also covers clearing of the so_pcb weak socket reference from
  the protocol to the socket, preventing races in clearing and
  evaluation of the reference such that sofree() might be called more
  than once on the same socket.

This appears to close a race I was able to easily trigger by repeatedly
opening and resetting TCP connections to a host, in which the
tcp_close() code called as a result of the RST raced with the close()
of the accepted socket in the user process resulting in simultaneous
attempts to de-allocate the same socket.  The new locking increases
the overhead for operations that may potentially free the socket, so we
will want to revise the synchronization strategy here as we normalize
the reference counting model for sockets.  The use of the accept mutex
in freeing of sockets that are not listen sockets is primarily
motivated by the potential need to remove the socket from the
incomplete connection queue on its parent (listen) socket, so cleaning
up the reference model here may allow us to substantially weaken the
synchronization requirements.

RELENG_5_3 candidate.

MFC after:	3 days
Reviewed by:	dwhite
Discussed with:	gnn, dwhite, green
Reported by:	Marc UBM Bocklet <ubm at u-boot-man dot de>
Reported by:	Vlad <marchenko at gmail dot com>
2004-10-18 22:19:43 +00:00
Robert Watson
395a08c904 Extend coverage of SOCK_LOCK(so) to include so_count, the socket
reference count:

- Assert SOCK_LOCK(so) macros that directly manipulate so_count:
  soref(), sorele().

- Assert SOCK_LOCK(so) in macros/functions that rely on the state of
  so_count: sofree(), sotryfree().

- Acquire SOCK_LOCK(so) before calling these functions or macros in
  various contexts in the stack, both at the socket and protocol
  layers.

- In some cases, perform soisdisconnected() before sotryfree(), as
  this could result in frobbing of a non-present socket if
  sotryfree() actually frees the socket.

- Note that sofree()/sotryfree() will release the socket lock even if
  they don't free the socket.

Submitted by:	sam
Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS
2004-06-12 20:47:32 +00:00
Robert Watson
746e5bf09b Rename dup_sockaddr() to sodupsockaddr() for consistency with other
functions in kern_socket.c.

Rename the "canwait" field to "mflags" and pass M_WAITOK and M_NOWAIT
in from the caller context rather than "1" or "0".

Correct mflags pass into mac_init_socket() from previous commit to not
include M_ZERO.

Submitted by:	sam
2004-03-01 03:14:23 +00:00
David E. O'Brien
ab0de15baf Use __FBSDID(). 2003-06-11 05:37:42 +00:00
Seigo Tanimura
4cc20ab1f0 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
Seigo Tanimura
243917fe3b Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Matthew Dillon
b1e4abd246 Give struct socket structures a ref counting interface similar to
vnodes.  This will hopefully serve as a base from which we can
expand the MP code.  We currently do not attempt to obtain any
mutex or SX locks, but the door is open to add them when we nail
down exactly how that part of it is going to work.
2001-11-17 03:07:11 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
David Malone
7cc0979fd6 Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
Poul-Henning Kamp
cf9fa8e725 Move suser() and suser_xxx() prototypes and a related #define from
<sys/proc.h> to <sys/systm.h>.

Correctly document the #includes needed in the manpage.

Add one now needed #include of <sys/systm.h>.
Remove the consequent 48 unused #includes of <sys/proc.h>.
2000-10-29 16:06:56 +00:00
John Hay
01d3efc077 Get rid of the old XNS checksum code and implement it the IPX way.
PR:		13374
Submitted by:	Boris Popov <bp@butya.kz>
1999-08-28 18:21:55 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
John Hay
23b29a7c5e Make it possible to use lo0 as an internal IPX network. This is usefull
for mars_nwe server and nwfs.
PR:		9871
Submitted by:	Boris Popov <bp@butya.kz>
1999-02-06 10:48:11 +00:00
Eivind Eklund
303b270b0a Staticize. 1998-02-09 06:11:36 +00:00
Bruce Evans
55b211e3af Removed unused #includes. 1997-10-28 15:59:26 +00:00
Bruce Evans
4d1d4912ae Added used #include - don't depend on <sys/mbuf.h> including
<sys/malloc.h> (unless we only use the bogusly shared M*WAIT flags).
1997-09-02 01:19:47 +00:00
Garrett Wollman
57bf258e3d Fix all areas of the system (or at least all those in LINT) to avoid storing
socket addresses in mbufs.  (Socket buffers are the one exception.)  A number
of kernel APIs needed to get fixed in order to make this happen.  Also,
fix three protocol families which kept PCBs in mbufs to not malloc them
instead.  Delete some old compatibility cruft while we're at it, and add
some new routines in the in_cksum family.
1997-08-16 19:16:27 +00:00
John Hay
8f65b5944d Removed the #ifdef IPXERRORMSGS'ed code. Fix a lot of style errors that I
introduced with the previous commit.
Style fixes Submitted by:	Bruce Evans <bde@FreeBSD.ORG>
1997-06-26 19:36:03 +00:00
John Hay
8c7e2b93a0 Mega IPX commit.
Use the MAC address of an interface for the host part of an IPX address
and not the MAC address of the first interface for every IPX address.
This is more inline with the way others like Novell do it.
Mostly Submitted by: "Serge A. Babkin" <babkin@hq.icb.chel.su>

Take out the error messages (the ip icmp equivalent) with #ifdef IPXERRORMSGS.
This is bogus and as far as I could figure out IPX don't have anything like
it. This is a leftover from its XNS heritage. If nobody complains, I will
take it out completely in a few weeks.

Add some more ipxstat statistics counters.

Make ipxprintfs a sysctl variable and off by default.

Add IPX Netbios "routing" support. This is off by default and can be
switched on with a sysctl knob.

General code cleanup to at least use the same style throughout the IPX
code, but also be more style(9) conformant. Also make a lot of functions
static.

If I don't get any complaints I'll bring all of this over to the 2.2 tree
in a few weeks.
1997-05-10 09:58:58 +00:00
John Hay
a6eb92a6a4 Make ipx compile again after the network interface changes. 1997-05-01 06:21:31 +00:00
Peter Wemm
6875d25465 Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not
ready for it yet.
1997-02-22 09:48:43 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
David Greenman
2ee45d7d28 Move or add #include <queue.h> in preparation for upcoming struct socket
changes.
1996-03-11 15:13:58 +00:00
Bruce Evans
530e1829ef Added #include <sys/queue.h>. This will be required when I move
the (inline) implementations of insque() and remque() from
<machine/cpufunc.h> to <sys/queue.h>.
1995-11-24 12:01:08 +00:00
Julian Elischer
bc71ecdfc9 Suggested by: bde
clear up some confusion about Id: lines on behalf of the author
1995-11-04 09:03:47 +00:00
Julian Elischer
1b3f472e51 Submitted by: Mike Mitchell (mitchell@ref.tfs.com)
these patches bring the ipx code up to the point that it compiles cleanly with
the -W arguments suggested by bruce.
1995-10-31 23:36:47 +00:00
Julian Elischer
cc6a66f20e Reviewed by: julian and jhay@mikom.csir.co.za
Submitted by:	Mike Mitchell, supervisor@alb.asctmd.com

This is a bulk mport of Mike's IPX/SPX protocol stacks and all the
related gunf that goes with it..
it is not guaranteed to work 100% correctly at this time
but as we had several people trying to work on it
I figured it would be better to get it checked in so
they could all get teh same thing to work on..

Mikes been using it for a year or so
but on 2.0

more changes and stuff will be merged in from other developers now that this is in.

Mike Mitchell, Network Engineer
AMTECH Systems Corporation, Technology and Manufacturing
8600 Jefferson Street, Albuquerque, New Mexico 87113 (505) 856-8000
supervisor@alb.asctmd.com
1995-10-26 20:31:59 +00:00