Commit Graph

51 Commits

Author SHA1 Message Date
Mike Barcroft
2b7f24d210 Change iov_base's type from char *' to the standard void *'. All
uses of iov_base which assume its type is `char *' (in order to do
pointer arithmetic) have been updated to cast iov_base to `char *'.
2002-10-11 14:58:34 +00:00
Robert Watson
74e62b1b75 Integrate a devfs/MAC fix from the MAC tree: avoid a race condition during
devfs VOP symlink creation by introducing a new entry point to determine
the label of the devfs_dirent prior to allocation of a vnode for the
symlink.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-05 18:40:10 +00:00
Poul-Henning Kamp
2c5e1d1e6f Move the vop-vector declaration into devfs_vnops.c where it belongs. 2002-10-01 10:08:08 +00:00
Poul-Henning Kamp
562c866822 Fix mis-indent. 2002-09-28 17:37:55 +00:00
Nate Lawson
86ed6d45ac Remove any VOP_PRINT that redundantly prints the tag.
Move lockmgr_printinfo() into vprint() for everyone's benefit.

Suggested by: bde
2002-09-18 20:42:04 +00:00
Nate Lawson
06be2aaa83 Remove all use of vnode->v_tag, replacing with appropriate substitutes.
v_tag is now const char * and should only be used for debugging.

Additionally:
1. All users of VT_NTS now check vfsconf->vf_type VFCF_NETWORK
2. The user of VT_PROCFS now checks for the new flag VV_PROCDEP, which
is propagated by pseudofs to all child vnodes if the fs sets PFS_PROCDEP.

Suggested by:   phk
Reviewed by:    bde, rwatson (earlier version)
2002-09-14 09:02:28 +00:00
Jeff Roberson
e6e370a7fe - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
Robert Watson
67d722ed73 Introduce support for Mandatory Access Control and extensible
kernel access control.

Teach devfs how to respond to pathconf() _POSIX_MAC_PRESENT queries,
allowing it to indicate to user processes that individual vnode labels
are available.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 03:12:40 +00:00
Robert Watson
bdc2cd1318 Hook up devfs_pathconf() for specfs devfs nodes, not just regular
devfs nodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:27:57 +00:00
Robert Watson
6742f32809 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument devfs to support per-dirent MAC labels.  In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries.  Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store.  This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 15:45:16 +00:00
Dima Dorfman
a1dc209638 Introduce the DEVFS "rule" subsystem. DEVFS rules permit the
administrator to define certain properties of new devfs nodes before
they become visible to the userland.  Both static (e.g., /dev/speaker)
and dynamic (e.g., /dev/bpf*, some removable devices) nodes are
supported.  Each DEVFS mount may have a different ruleset assigned to
it, permitting different policies to be implemented for things like
jails.

Approved by:	phk
2002-07-17 01:46:48 +00:00
Semen Ustimenko
c83fca1f1f Make devfs to give honour to PDIRUNLOCK flag.
Reviewed by:	jeff
MFC after:	1 week
2002-06-01 09:17:43 +00:00
Maxime Henrion
8eee3a3d58 Fix several bugs in devfs_lookupx(). When we check the nameiop to
make sure it's a correct operation for devfs, do it only in the
ISLASTCN case.  If we don't, we are assuming that the final file will
be in devfs, which is not true if another partition is mounted on top
of devfs or with special filenames (like /dev/net/../../foo).

Reviewed by:	phk
2002-05-10 15:41:14 +00:00
Robert Watson
a12cfddc0f Use vnode locking with devfs; permit VFS locking assertions to make
sense for devfs vnodes, and reduce/remove potential races in the devfs
code.

Submitted by:	iadowse
Approved by:	phk
2002-04-29 20:00:39 +00:00
Bruce Evans
11257f4d1a Fixed assorted bugs in setting of timestamps in devfs_setattr().
Setting of timestamps on devices had no effect visible to userland
because timestamps for devices were set in places that are never used.
This broke:
- update of file change time after a change of an attribute
- setting of file access and modification times.

The VA_UTIMES_NULL case did not work.  Revs 1.31-1.32 were supposed to
fix this by copying correct bits from ufs, but had little or no effect
because the old checks were not removed.
2002-04-05 15:16:08 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Alfred Perlstein
11caded34f Remove __P. 2002-03-19 22:20:14 +00:00
Maxim Konovalov
e9fc9230a6 Be consistent with UFS in a way how devfs_setattr() checks credentials
for chmod(2), chown(2) and utimes(2) with respect to jail(2).

Reviewed by:		rwatson, ru
Not objected by:	phk
Approved by:		ru
2002-03-14 11:18:42 +00:00
Dima Dorfman
2ab80ed8cf Address two minor issues: implement the _PC_NAME_MAX and _PC_PATH_MAX
pathconf() variables for directories, and set st_size and st_blocks
(of struct stat) for directories as appropriate.  Note that st_size is
always set to DEV_BSIZE, since the size of the directories is not
currently kept.

Reviewed by:	phk, bde
2001-11-25 21:00:38 +00:00
Poul-Henning Kamp
d018a84cbc Fix "echo > /dev/null" for non-root users which broke in previous commit. 2001-11-04 19:12:59 +00:00
Poul-Henning Kamp
9607027339 Use vfs_timestamp() instead of getnanotime().
Add magic stuff copied from ufs_setattr().

Instructed by:	bde
2001-11-03 17:00:02 +00:00
Bruce Evans
c95b982aed Backed out vestiges of the quick fixes for the transient breakage of
<sys/mount.h> in rev.1.106 of the latter (don't include <sys/socket.h>
just to work around bugs in <sys/mount.h>).
2001-10-13 06:41:41 +00:00
Poul-Henning Kamp
40739c02ae The behaviour of whiteout'ing symlinks were too confusing, instead
remove them when asked to.
2001-09-30 08:43:33 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Poul-Henning Kamp
12d1aec26f linux ls fails on DEVFS /dev because linux_getdents fails because
linux_getdents uses VOP_READDIR( ..., &ncookies, &cookies ) instead of
     VOP_READDIR( ..., NULL, NULL ) because it seems to need the offsets for
     linux_dirent and sizeof(dirent) != sizeof(linux_dirent)...

PR:	29467
Submitted by:	Michael Reifenberger <root@nihil.plaut.de>
Reviewed by:	phk
2001-08-14 06:42:32 +00:00
Brian Somers
51716196a4 Support /dev/tun cloning. Ansify if_tun.c while I'm there.
Only tun0 -> tun32767 may now be opened as struct ifnet's if_unit
is a short.

It's now possible to open /dev/tun and get a handle back for an available
tun device (use devname to find out what you got).

The implementation uses rman by popular demand (and against my judgement)
to track opened devices and uses the new dev_depends() to ensure that
all make_dev()d devices go away before the module is unloaded.

Reviewed by:	phk
2001-06-01 15:51:10 +00:00
Poul-Henning Kamp
e33457d7eb Don't copy the trailing zero in readlink, it confuses namei().
PR:		27656
2001-05-26 20:07:57 +00:00
Poul-Henning Kamp
5a9300c451 Change the way deletes are managed in DEVFS.
This fixes a number of warnings relating to removed cloned devices.

It also makes it possible to recreate deleted devices with
mknod(2).  The major/minor arguments are ignored.
2001-05-23 17:48:20 +00:00
Poul-Henning Kamp
f73cbde4cf After a successfull poll of the cloning functions, match on the
returned dev_t rather than the original name.

This allows cloning from one name to another which is useful for
/dev/tty and later for the pty's.
2001-05-14 08:20:46 +00:00
Poul-Henning Kamp
ab9f3b292e Convert DEVFS from an "opt-in" to an "opt-out" option.
If for some reason DEVFS is undesired, the "NODEVFS" option is
needed now.

Pending any significant issues, DEVFS will be made mandatory in
-current on july 1st so that we can start reaping the full
benefits of having it.
2001-05-13 20:52:40 +00:00
Poul-Henning Kamp
6bd2ea83ef Remove unneeded devfs_badop()
Noticed by:	rwatson
2001-05-06 17:40:34 +00:00
Mark Murray
fb919e4d5a Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
other "system" header files.

Also help the deprecation of lockmgr.h by making it a sub-include of
sys/lock.h and removing sys/lockmgr.h form kernel .c files.

Sort sys/*.h includes where possible in affected files.

OK'ed by:	bde (with reservations)
2001-05-01 08:13:21 +00:00
Poul-Henning Kamp
b7ebffbc08 Add a vop_stdbmap(), and make it part of the default vop vector.
Make 7 filesystems which don't really know about VOP_BMAP rely
on the default vector, rather than more or less complete local
vop_nopbmap() implementations.
2001-04-29 11:48:41 +00:00
Matt Jacob
3be6e0c249 add this ridiculous include foo so it will compile again 2001-04-23 18:14:41 +00:00
Poul-Henning Kamp
3e8bea9634 Remove a debug printf. 2001-02-18 09:16:49 +00:00
Poul-Henning Kamp
4b1c62b3f2 At the point in time where most devices are created, we don't know what
time it is because boottime is not yet initialized.  Finagle the relevant
fields when we get the chance.
2001-02-02 22:54:41 +00:00
Poul-Henning Kamp
ecde9a6dae Only superuser can create symlinks.
Give symlinks mode 755 by default to avoid triggering alert eyes.
(the mode isn't use on symlinks)
2001-02-02 18:35:29 +00:00
Poul-Henning Kamp
aadf265525 Fix two minor nits.
Existences revealed, but no details offered by: bp
2001-01-30 08:39:52 +00:00
Poul-Henning Kamp
2a0436783d staticize. 2000-12-08 15:07:24 +00:00
Poul-Henning Kamp
cf9fa8e725 Move suser() and suser_xxx() prototypes and a related #define from
<sys/proc.h> to <sys/systm.h>.

Correctly document the #includes needed in the manpage.

Add one now needed #include of <sys/systm.h>.
Remove the consequent 48 unused #includes of <sys/proc.h>.
2000-10-29 16:06:56 +00:00
Poul-Henning Kamp
8abea41d80 Don't hold an extra reference to vnodes. Devfs vnodes are sufficiently
cheap to setup that it doesn't really matter that we recycle device
vnodes at kleenex speed.

Implement first cut try at killing cloned devices when they are
not needed anymore.  For now only the bpf driver is involved in
this experiment.  Cloned devices can set the SI_CHEAPCLONE flag
which allows us to destroy_dev() it when the vcount() drops to zero
and the vnode is reclaimed.  For now it's a requirement that the
driver doesn't keep persistent state from close to (re)open.

Some whitespace changes.
2000-10-09 14:18:07 +00:00
Poul-Henning Kamp
eb7ba7f95c Ignore attempts to set flags to zero. This quenches a syslog warning
from login(1).
2000-09-18 09:40:01 +00:00
Poul-Henning Kamp
c80d29139c Add canonical checks to devfs_setattr(). 2000-09-16 12:06:58 +00:00
Poul-Henning Kamp
93bcdfe270 Add refcounts to the "global" DEVFS inode slots, this allows us
to recycle inodes after a destroy_dev() but not until all mounts
have picked up the change.

Add support for an overflow table for DEVFS inodes.  The static
table defaults to 1024 inodes, if that fills, an overflow table
of 32k inodes is allocated.  Both numbers can be changed at
compile time, the size of the overflow table also with the
sysctl vfs.devfs.noverflow.

Use atomic instructions to barrier between make_dev()/destroy_dev()
and the mounts.

Add lockmgr() locking of directories for operations accessing or
modifying the directory TAILQs.

Various nitpicking here and there.
2000-09-06 11:26:43 +00:00
Poul-Henning Kamp
db90128160 Avoid the modules madness I inadvertently introduced by making the
cloning infrastructure standard in kern_conf.  Modules are now
the same with or without devfs support.

If you need to detect if devfs is present, in modules or elsewhere,
check the integer variable "devfs_present".

This happily removes an ugly hack from kern/vfs_conf.c.

This forces a rename of the eventhandler and the standard clone
helper function.

Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include
like <sys/queue.h>

Remove all #includes of opt_devfs.h they no longer matter.
2000-09-02 19:17:34 +00:00
Robert Watson
012c643d3e o Restructure vaccess() so as to check for DAC permission to modify the
object before falling back on privilege.  Make vaccess() accept an
  additional optional argument, privused, to determine whether
  privilege was required for vaccess() to return 0.  Add commented
  out capability checks for reference.  Rename some variables to make
  it more clear which modes/uids/etc are associated with the object,
  and which with the access mode.
o Update file system use of vaccess() to pass NULL as the optional
  privused argument.  Once additional patches are applied, suser()
  will no longer set ASU, so privused will permit passing of
  privilege information up the stack to the caller.

Reviewed by:	bde, green, phk, -security, others
Obtained from:	TrustedBSD Project
2000-08-29 14:45:49 +00:00
Poul-Henning Kamp
c32d0a1dcd Reorder vop's alphabetically.
Smarter use of devfs_allocv() (from bp@)
 Introduce devfs_find()
 ".." fixes to devfs_lookup (from bp@)
2000-08-27 14:46:36 +00:00
Poul-Henning Kamp
749e1537ec Minor cleanups tp devfs_readdir();
Add devfs_read() for directories.  (inspired by bp@)
2000-08-26 16:20:57 +00:00
Poul-Henning Kamp
a481b90b82 Fix panic when removing open device (found by bp@)
Implement subdirs.
 Build the full "devicename" for cloning functions.
 Fix panic when deleted device goes away.
 Collaps devfs_dir and devfs_dirent structures.
 Add proper cloning to the /dev/fd* "device-"driver.
 Fix a bug in make_dev_alias() handling which made aliases appear
  multiple times.
 Use devfs_clone to implement getdiskbyname()
 Make specfs maintain the stat(2) timestamps per dev_t
2000-08-24 15:36:55 +00:00
Poul-Henning Kamp
fcc9b84ca5 Fix devfs_access() bug on directories.
Remove unused #includes.

Bug spotted by:	markm
2000-08-21 14:45:19 +00:00