Commit Graph

452 Commits

Author SHA1 Message Date
Robert Watson
aa334e412d Include param.h instead of types.h when using user.h. Otherwise there is
a dependence on ucred.h including audit.h including param.h, which we
would like to eliminate.

MFC after:	3 weeks
2008-12-27 11:12:23 +00:00
Joe Marcus Clarke
6c3b8117ad Initialize the cntp pointer to 0 prior to doing any work so that callers
don't try to iterate through garbage or NULL memory.  Additionally, return
NULL instead of 0 on error.

Reviewed by:	peter
Approved by:	peter
2008-12-19 06:47:59 +00:00
Peter Wemm
ce4a8bcbee Add filler man pages for the kinfo functions I added recently.
While here, hook up the hexdump(3) man page which wasn't being installed.
2008-12-07 03:33:36 +00:00
Peter Wemm
de94a63bd1 Attempt a quick bandaid for arm build breakage. I went to the trouble of
maintaining alignment, but I'm not sure how to tell gcc this.
2008-12-02 10:10:50 +00:00
Peter Wemm
43151ee6cf Merge user/peter/kinfo branch as of r185547 into head.
This changes struct kinfo_filedesc and kinfo_vmentry such that they are
same on both 32 and 64 bit platforms like i386/amd64 and won't require
sysctl wrapping.

Two new OIDs are assigned.  The old ones are available under
COMPAT_FREEBSD7 - but it isn't that simple.  The superceded interface
was never actually released on 7.x.

The other main change is to pack the data passed to userland via the
sysctl.  kf_structsize and kve_structsize are reduced for the copyout.
If you have a process with 100,000+ sockets open, the unpacked records
require a 132MB+ copyout.  With packing, it is "only" ~35MB.  (Still
seriously unpleasant, but not quite as devastating).  A similar problem
exists for the vmentry structure - have lots and lots of shared libraries
and small mmaps and its copyout gets expensive too.

My immediate problem is valgrind.  It traditionally achieves this
functionality by parsing procfs output, in a packed format.  Secondly, when
tracing 32 bit binaries on amd64 under valgrind, it uses a cross compiled
32 bit binary which ran directly into the differing data structures in 32
vs 64 bit mode.  (valgrind uses this to track file descriptor operations
and this therefore affected every single 32 bit binary)

I've added two utility functions to libutil to unpack the structures into
a fixed record length and to make it a little more convenient to use.
2008-12-02 06:50:26 +00:00
Tai-hwa Liang
ca938a2cb1 Fixing !INET6 builds. 2008-11-25 02:15:09 +00:00
Sean Farley
805da51abd Fixed style issues with variable ordering and naming, spacing and
parentheses.

Fixed alignment issue in gr_dup() in its assignment of gr_mem using a
struct to force alignment without performing alignment mathematics.  This
was noticed recently with libutil was built with WARNS=6 on platform such
as sparc64.

Added checks to gr_dup(), gr_equal() and gr_make() to prevent segfaults
when examining struct group's with the struct members pointing to NULL's.

With fix of alignment issue, restore WARNS?=6.

Reviewed by:	des
MFC after:	1 week
2008-11-23 23:26:12 +00:00
Sean Farley
a06717238c style(9) fixes.
MFC after:	1 week
2008-11-11 00:32:55 +00:00
Dag-Erling Smørgrav
31cfde7132 Like many other functions that handle sockaddrs, realhostname_sa() takes a
struct sockaddr * that it casts internally to the appropriate type based on
sa_family.  However, struct sockaddr has very lax alignment requirements,
which causes the compiler to complain when you cast a struct sockaddr * to,
say, a struct sockaddr_in6 *.

I find it reasonable to assume that the pointer we received is in fact
correctly aligned.  Therefore, we can work around the compiler warnings by
casting to void * before casting to the desired type.  For readability's
sake, this is done with macros.

The same technique should prove useful in other parts of the tree that
deal with socket addresses.

MFC after:	3 weeks
2008-11-05 12:13:10 +00:00
Dag-Erling Smørgrav
c5eca3d84d Comment out WARNS. There are too many alignment issues in libutil. 2008-11-05 11:06:10 +00:00
Dag-Erling Smørgrav
b67921fc4b Disconnect gr_util.c from the build. It isn't documented or used anywhere
in the tree, and due to unsafe pointer arithmetic, it will most likely crash
on architectures with strict alignment requirements.
2008-11-05 10:45:39 +00:00
Dag-Erling Smørgrav
5e1a74e82f libutil now builds at WARNS level 6.
MFC after:	3 weeks
2008-11-04 13:51:15 +00:00
Dag-Erling Smørgrav
b4d2cfd941 Add missing header. 2008-11-04 13:50:50 +00:00
Dag-Erling Smørgrav
b8a5cd86e3 Avoid assigning a const char * to a char *.
MFC after:	3 weeks
2008-11-04 13:49:53 +00:00
Ed Schouten
b8cbf1a36a Remove unneeded call to revoke() inside openpty().
As discussed on the commits list, there is no need to call revoke()
inside openpty(). On RELENG_6 and RELENG_7 unlockpt() will call
revoke(). On HEAD we create pseudo-terminals on demand, so there is no
need to revoke the slave device node.

This change should never be MFC'd, because the implementation we have in
RELENG_6 and RELENG_7 should work flawlessly with older versions of
libc.

Discussed with:	jhb
MFC after:	never
2008-10-28 06:00:13 +00:00
Dag-Erling Smørgrav
0e25c55a95 Diff reduction against Varnish, including one important fix: use a shared
lock if the file is opened with O_RDONLY.
2008-10-20 18:11:30 +00:00
Dag-Erling Smørgrav
80de06ed6b Reimplement flopen(3) using fcntl(2) locks instead of flock(2) locks. 2008-10-20 18:02:16 +00:00
Dag-Erling Smørgrav
cb7cd07a07 pidfile(3) uses flopen(3) - don't make any assumptions about how the
latter is implemented.
2008-10-20 18:00:11 +00:00
Dag-Erling Smørgrav
51e75198fa There is no point in releasing a lock on a file which we've unlinked and
are about to close, so don't.  As a bonus, pidfile_remove(3) will now
work with an fcntl(2)-based flopen(3).
2008-10-20 17:41:08 +00:00
Dag-Erling Smørgrav
b1720f52d3 Since in_lt() and in_lts() are not static, assume that they are intended to
be part of the public API.  Accordingly, add prototypes and document them.
2008-10-20 17:17:58 +00:00
Dag-Erling Smørgrav
532045df2e Additional style and whitespace fixes. 2008-10-20 17:09:50 +00:00
Dag-Erling Smørgrav
734413889e Style and whitespace 2008-10-20 17:07:50 +00:00
Dag-Erling Smørgrav
a4578a3c98 Unbreak 2008-10-20 17:04:57 +00:00
Dag-Erling Smørgrav
92657d3cbd Since setclasscpumask() is not static, assume that it is intended to be
part of the public API.  Accordingly, add a prototype and document it.
2008-10-20 17:03:05 +00:00
Dag-Erling Smørgrav
93b5982b3c Style and whitespace. 2008-10-20 16:54:53 +00:00
Dag-Erling Smørgrav
2d057ca68c Parenthesize return values. 2008-10-20 16:51:43 +00:00
Dag-Erling Smørgrav
7cc027a3dc include and whitespace cleanup. 2008-10-20 16:48:18 +00:00
Xin LI
0ea291e221 Use strlcpy() when we mean it. 2008-10-17 21:21:14 +00:00
Ed Schouten
8d333b3c85 Small cleanups to openpty().
- Pass O_NOCTTY to posix_openpt(2). This makes the implementation work
  consistently on implementations that make the PTY the controlling TTY
  by default.

- Call unlockpt() before opening the slave device. POSIX mentions that
  de slave device should only be opened after grantpt() and unlockpt()
  have been called.

- Replace some redundant code by a label.

In theory we could remove a lot of code from openpty() on FreeBSD
-CURRENT, because grantpt(), unlockpt() and revoke() are not needed in
our implementation. We'd better keep them there. This makes the code
still work with older FreeBSD releases and even makes it work on other
non-BSD operating systems.

I've compiled openpty() on Linux. You only need to remove the revoke()
call, because revoke() on Linux always returns -1. Apart from that, it
seems to work like it should.

Reviewed by:	jhb
2008-10-03 09:42:50 +00:00
Ed Schouten
bc093719ca Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
Brooks Davis
d84c42924c Add support for a new login capability, cpumask which allows login
sessions to be pinned to cpus by login class.
2008-07-25 19:58:14 +00:00
Konstantin Belousov
2db44b8410 Add #include <inttypes.h> for the strtoimax().
Submitted by:	Jilles Tjoelker <jilles stack nl>
MFC after:	3 days
2008-07-07 12:20:34 +00:00
John Baldwin
e1355b07ee Merge hexdump(9) to userland as hexdump(3) in libutil. I'm tired of doing
this by hand in userland utilities.

MFC after:	1 month
2008-07-01 22:30:57 +00:00
Sean Farley
0b5e889911 Add four utility functions related to struct grp processing modeled in-part
after similar calls related to struct pwd in libutil/pw_util.c:
  - gr_equal()
    Perform a deep comparison of two struct grp's.  It does a thorough, yet
    unoptimized comparison of all the members regardless of order.

  - gr_make()
    Create a string (see group(5)) from a struct grp.

  - gr_dup()
    Duplicate a struct grp.  Returns a value that is a single contiguous
    block of memory.

  - gr_scan()
    Create a struct grp from a string (as produced by gr_make()).

MFC after:	3 weeks
2008-04-23 00:49:13 +00:00
Antoine Brodin
6044f112a6 Merge changes from NetBSD on humanize_number.c, 1.8 -> 1.13
Significant changes:
- rev. 1.11: Use PRId64 instead of a cast to long long and %lld to print
an int64_t.
- rev. 1.12: Fix a bug that humanize_number() produces "1000" where it
should be "1.0G" or "1.0M".  The bug reported by Greg Troxel.

PR:		118461
PR:		102694
Approved by:	rwatson (mentor)
Obtained from:	NetBSD
MFC after:	1 month
2008-03-08 21:55:59 +00:00
John Baldwin
c50897c392 Put back the openpty(3) and ptsname(3) fixes but don't disable ptsname(3)
on pts(4) devices this time.  This fixes the issues while leaving pts(4)
enabled on HEAD.
2008-01-15 15:36:23 +00:00
Colin Percival
d3f576839b Back out last commit, since it accidentally broke pts.
The security fix will be re-committed soon, hopefully without breaking
anything.
2008-01-15 13:59:13 +00:00
John Baldwin
16fd04e88e Update the manpage for openpty(3) to account for the recent fixes.
Specifically, remove the BUGS section and note that openpty(3) now always
does the various security-related steps.  Also, update the error return
value section.  The PR below is for the original bug rather than the doc
updates.

MFC after:	1 week
PR:		bin/9770
2008-01-14 23:49:56 +00:00
Colin Percival
160e76972a Fix issues which allow snooping on ptys. [08:01]
Fix an off-by-one error in inet_network(3). [08:02]

Security: FreeBSD-SA-08:01.pty
Security: FreeBSD-SA-08:02.libc
2008-01-14 22:56:05 +00:00
John Baldwin
889befc455 Invoke revoke(2) on the slave pty in the pts(4) case (new_openpty()) to
kick off any other users on the device line before using it since
openpty(3) is documented to do this.  Note that grantpt(3) does not
call revoke(2), it only adjusts permissions and ownership.

MFC after:	3 days
2007-12-20 21:10:06 +00:00
John Baldwin
790c2471b9 Bump up the number of ttys supported by pty(4) to 512 by making use of
[pt]ty[lmnoLMNO][0-9a-v].

MFC after:	3 days
Reviewed by:	rwatson
2007-11-19 20:49:42 +00:00
John Birrell
26fc37307b Constify the first argument to expand_number() so that it can
be called with a const without the compiler grisling.
2007-11-18 02:20:02 +00:00
Simon L. B. Nielsen
3dca093960 Minor mdoc cleanup: Every sentence should start on its own line. 2007-10-13 11:09:45 +00:00
Konstantin Belousov
fefc6803cf When pidfile is already locked and has zero length, do not return
success and zero pid from pidfile_read(). Return EAGAIN instead. Sleep
up to three times for 5 ms while waiting for pidfile to be written.

mount(8) does the kill(mountpid, SIGHUP). If mountd pidfile is truncated,
that would result in the SIGHUP delivered to the mount' process group
instead of the mountd.

Found and analyzed by:	Peter Holm
Tested by:	Peter Holm, kris
Reviewed by:	pjd
MFC after:	1 week
2007-10-12 10:38:05 +00:00
David E. O'Brien
61881b5283 Adjust history.
Approved by:	re(ken)
2007-09-28 15:31:44 +00:00
Pawel Jakub Dawidek
c0a6ac3ff0 - Fix strange for loop.
Reported by:	phk

- While here, check the unit before calculating the actually number.
  This way we can return EINVAL for invalid unit instead of ERANGE.

Approved by:	re (kensmith)
2007-09-05 14:27:13 +00:00
Pawel Jakub Dawidek
c2fc8cebdd Point expand_number(3) at humanize_number(3) and nive versa.
Suggested by:	trhodes
Approved by:	re (kensmith)
2007-09-05 14:25:16 +00:00
Pawel Jakub Dawidek
bd35b57de2 Implement expand_number(3), which is the opposite of humanize_number(3), ie.
a number in human-readable form is converted to int64_t, for example:
123b -> 123
10k -> 10240
16G -> 17179869184

First version submitted by:	Eric Anderson <anderson@freebsd.org>
Approved by:	re (bmah)
2007-09-01 06:19:11 +00:00
Dag-Erling Smørgrav
062044ebbe Back out previous commit until I figure out why my regression test fails.
Approved by:	re (kensmith)
2007-08-03 09:20:28 +00:00
Dag-Erling Smørgrav
7eb198c642 Use fcntl(2)-style locks instead of less-portable flock(2)-style locks.
Approved by:	re (kensmith)
2007-08-03 06:32:45 +00:00