28 Commits

Author SHA1 Message Date
Gleb Smirnoff
8634e3199c Finish r243882: mechanically substitute flags from historic mbuf
allocator with malloc(9) flags within sys.

Sponsored by:	Nginx, Inc.
2013-03-12 08:59:51 +00:00
Pawel Jakub Dawidek
2609222ab4 Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor
  has set of its own capability rights.

- The cap_new(2) system call is left, but it is no longer documented and
  should not be used in new code.

- The new syscall cap_rights_limit(2) should be used instead of
  cap_new(2), which limits capability rights of the given descriptor
  without creating a new one.

- The cap_getrights(2) syscall is renamed to cap_rights_get(2).

- If CAP_IOCTL capability right is present we can further reduce allowed
  ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
  ioctls can be retrived with cap_ioctls_get(2) syscall.

- If CAP_FCNTL capability right is present we can further reduce fcntls
  that can be used with the new cap_fcntls_limit(2) syscall and retrive
  them with cap_fcntls_get(2).

- To support ioctl and fcntl white-listing the filedesc structure was
  heavly modified.

- The audit subsystem, kdump and procstat tools were updated to
  recognize new syscalls.

- Capability rights were revised and eventhough I tried hard to provide
  backward API and ABI compatibility there are some incompatible changes
  that are described in detail below:

	CAP_CREATE old behaviour:
	- Allow for openat(2)+O_CREAT.
	- Allow for linkat(2).
	- Allow for symlinkat(2).
	CAP_CREATE new behaviour:
	- Allow for openat(2)+O_CREAT.

	Added CAP_LINKAT:
	- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
	- Allow to be target for renameat(2).

	Added CAP_SYMLINKAT:
	- Allow for symlinkat(2).

	Removed CAP_DELETE. Old behaviour:
	- Allow for unlinkat(2) when removing non-directory object.
	- Allow to be source for renameat(2).

	Removed CAP_RMDIR. Old behaviour:
	- Allow for unlinkat(2) when removing directory.

	Added CAP_RENAMEAT:
	- Required for source directory for the renameat(2) syscall.

	Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
	- Allow for unlinkat(2) on any object.
	- Required if target of renameat(2) exists and will be removed by this
	  call.

	Removed CAP_MAPEXEC.

	CAP_MMAP old behaviour:
	- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
	  PROT_WRITE.
	CAP_MMAP new behaviour:
	- Allow for mmap(2)+PROT_NONE.

	Added CAP_MMAP_R:
	- Allow for mmap(PROT_READ).
	Added CAP_MMAP_W:
	- Allow for mmap(PROT_WRITE).
	Added CAP_MMAP_X:
	- Allow for mmap(PROT_EXEC).
	Added CAP_MMAP_RW:
	- Allow for mmap(PROT_READ | PROT_WRITE).
	Added CAP_MMAP_RX:
	- Allow for mmap(PROT_READ | PROT_EXEC).
	Added CAP_MMAP_WX:
	- Allow for mmap(PROT_WRITE | PROT_EXEC).
	Added CAP_MMAP_RWX:
	- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).

	Renamed CAP_MKDIR to CAP_MKDIRAT.
	Renamed CAP_MKFIFO to CAP_MKFIFOAT.
	Renamed CAP_MKNODE to CAP_MKNODEAT.

	CAP_READ old behaviour:
	- Allow pread(2).
	- Disallow read(2), readv(2) (if there is no CAP_SEEK).
	CAP_READ new behaviour:
	- Allow read(2), readv(2).
	- Disallow pread(2) (CAP_SEEK was also required).

	CAP_WRITE old behaviour:
	- Allow pwrite(2).
	- Disallow write(2), writev(2) (if there is no CAP_SEEK).
	CAP_WRITE new behaviour:
	- Allow write(2), writev(2).
	- Disallow pwrite(2) (CAP_SEEK was also required).

	Added convinient defines:

	#define	CAP_PREAD		(CAP_SEEK | CAP_READ)
	#define	CAP_PWRITE		(CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_R		(CAP_MMAP | CAP_SEEK | CAP_READ)
	#define	CAP_MMAP_W		(CAP_MMAP | CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_X		(CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
	#define	CAP_MMAP_RW		(CAP_MMAP_R | CAP_MMAP_W)
	#define	CAP_MMAP_RX		(CAP_MMAP_R | CAP_MMAP_X)
	#define	CAP_MMAP_WX		(CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_MMAP_RWX		(CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_RECV		CAP_READ
	#define	CAP_SEND		CAP_WRITE

	#define	CAP_SOCK_CLIENT \
		(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
		 CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
	#define	CAP_SOCK_SERVER \
		(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
		 CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
		 CAP_SETSOCKOPT | CAP_SHUTDOWN)

	Added defines for backward API compatibility:

	#define	CAP_MAPEXEC		CAP_MMAP_X
	#define	CAP_DELETE		CAP_UNLINKAT
	#define	CAP_MKDIR		CAP_MKDIRAT
	#define	CAP_RMDIR		CAP_UNLINKAT
	#define	CAP_MKFIFO		CAP_MKFIFOAT
	#define	CAP_MKNOD		CAP_MKNODAT
	#define	CAP_SOCK_ALL		(CAP_SOCK_CLIENT | CAP_SOCK_SERVER)

Sponsored by:	The FreeBSD Foundation
Reviewed by:	Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with:	rwatson, benl, jonathan
ABI compatibility discussed with:	kib
2013-03-02 00:53:12 +00:00
Kevin Lo
9823d52705 Revert previous commit...
Pointyhat to:	kevlo (myself)
2012-10-10 08:36:38 +00:00
Kevin Lo
a10cee30c9 Prefer NULL over 0 for pointers 2012-10-09 08:27:40 +00:00
Josh Paetzel
c4d87335a8 Update to version 2.3.1.0
Obtained from:	Daniel Braniss <danny@cs.huji.ac.il>
2012-04-13 18:21:56 +00:00
Ed Schouten
7870adb640 Remove direct access to si_name.
Code should just use the devtoname() function to obtain the name of a
character device. Also add const keywords to pieces of code that need it
to build properly.

MFC after:	2 weeks
2012-02-10 12:35:57 +00:00
Ed Schouten
d745c852be Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
This means that their use is restricted to a single C file.
2011-11-07 06:44:47 +00:00
Ed Schouten
8f80f103b4 Remove MALLOC_DECLAREs of nonexisting malloc-pools.
After careful grepping, it seems none of these pools can be found in our
source tree. They are not in use, nor are they defined.
2011-11-06 20:16:50 +00:00
Konstantin Belousov
8be736b2b3 Do not ignore block offsets.
PR:	kern/160943
Submitted by:	Craig Boston <cb severious net>
Reviewed by:	Danny Braniss <danny cs huji ac il>
MFC after:	1 week
2011-10-10 13:26:53 +00:00
Kenneth D. Merry
1cc052e80f Add descriptor sense support to CAM, and honor sense residuals properly in
CAM.

Desriptor sense is a new sense data format that originated in SPC-3.  Among
other things, it allows for an 8-byte info field, which is necessary to
pass back block numbers larger than 4 bytes.

This change adds a number of new functions to scsi_all.c (and therefore
libcam) that abstract out most access to sense data.

This includes a bump of CAM_VERSION, because the CCB ABI has changed.
Userland programs that use the CAM pass(4) driver will need to be
recompiled.

camcontrol.c:	Change uses of scsi_extract_sense() to use
		scsi_extract_sense_len().

		Use scsi_get_sks() instead of accessing sense key specific
		data directly.

scsi_modes:	Update the control mode page to the latest version (SPC-4).

scsi_cmds.c,
scsi_target.c:	Change references to struct scsi_sense_data to struct
		scsi_sense_data_fixed.  This should be changed to allow the
		user to specify fixed or descriptor sense, and then use
		scsi_set_sense_data() to build the sense data.

ps3cdrom.c:	Use scsi_set_sense_data() instead of setting sense data
		manually.

cam_periph.c:	Use scsi_extract_sense_len() instead of using
		scsi_extract_sense() or accessing sense data directly.

cam_ccb.h:	Bump the CAM_VERSION from 0x15 to 0x16.  The change of
		struct scsi_sense_data from 32 to 252 bytes changes the
		size of struct ccb_scsiio, but not the size of union ccb.
		So the version must be bumped to prevent structure
		mis-matches.

scsi_all.h:	Lots of updated SCSI sense data and other structures.

		Add function prototypes for the new sense data functions.

		Take out the inline implementation of scsi_extract_sense().
		It is now too large to put in a header file.

		Add macros to calculate whether fields are present and
		filled in fixed and descriptor sense data

scsi_all.c:	In scsi_op_desc(), allow the user to pass in NULL inquiry
		data, and we'll assume a direct access device in that case.

		Changed the SCSI RESERVED sense key name and description
		to COMPLETED, as it is now defined in the spec.

		Change the error recovery action for a number of read errors
		to prevent lots of retries when the drive has said that the
		block isn't accessible.  This speeds up reconstruction of
		the block by any RAID software running on top of the drive
		(e.g. ZFS).

		In scsi_sense_desc(), allow for invalid sense key numbers.
		This allows calling this routine without checking the input
		values first.

		Change scsi_error_action() to use scsi_extract_sense_len(),
		and handle things when invalid asc/ascq values are
		encountered.

		Add a new routine, scsi_desc_iterate(), that will call the
		supplied function for every descriptor in descriptor format
		sense data.

		Add scsi_set_sense_data(), and scsi_set_sense_data_va(),
		which build descriptor and fixed format sense data.  They
		currently default to fixed format sense data.

		Add a number of scsi_get_*() functions, which get different
		types of sense data fields from either fixed or descriptor
		format sense data, if the data is present.

		Add a number of scsi_*_sbuf() functions, which print
		formatted versions of various sense data fields.  These
		functions work for either fixed or descriptor sense.

		Add a number of scsi_sense_*_sbuf() functions, which have a
		standard calling interface and print the indicated field.
		These functions take descriptors only.

		Add scsi_sense_desc_sbuf(), which will print a formatted
		version of the given sense descriptor.

		Pull out a majority of the scsi_sense_sbuf() function and
		put it into scsi_sense_only_sbuf().  This allows callers
		that don't use struct ccb_scsiio to easily utilize the
		printing routines.  Revamp that function to handle
		descriptor sense and use the new sense fetching and
		printing routines.

		Move scsi_extract_sense() into scsi_all.c, and implement it
		in terms of the new function, scsi_extract_sense_len().
		The _len() version takes a length (which should be the
		sense length - residual) and can indicate which fields are
		present and valid in the sense data.

		Add a couple of new scsi_get_*() routines to get the sense
		key, asc, and ascq only.

mly.c:		Rename struct scsi_sense_data to struct
		scsi_sense_data_fixed.

sbp_targ.c:	Use the new sense fetching routines to get sense data
		instead of accessing it directly.

sbp.c:		Change the firewire/SCSI sense data transformation code to
		use struct scsi_sense_data_fixed instead of struct
		scsi_sense_data.  This should be changed later to use
		scsi_set_sense_data().

ciss.c:		Calculate the sense residual properly.  Use
		scsi_get_sense_key() to fetch the sense key.

mps_sas.c,
mpt_cam.c:	Set the sense residual properly.

iir.c:		Use scsi_set_sense_data() instead of building sense data by
		hand.

iscsi_subr.c:	Use scsi_extract_sense_len() instead of grabbing sense data
		directly.

umass.c:	Use scsi_set_sense_data() to build sense data.

		Grab the sense key using scsi_get_sense_key().

		Calculate the sense residual properly.

isp_freebsd.h:	Use scsi_get_*() routines to grab asc, ascq, and sense key
		values.

		Calculate and set the sense residual.

MFC after:	3 days
Sponsored by:	Spectra Logic Corporation
2011-10-03 20:32:55 +00:00
Kip Macy
8451d0dd78 In order to maximize the re-usability of kernel code in user space this
patch modifies makesyscalls.sh to prefix all of the non-compatibility
calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel
entry points and all places in the code that use them. It also
fixes an additional name space collision between the kernel function
psignal and the libc function of the same name by renaming the kernel
psignal kern_psignal(). By introducing this change now we will ease future
MFCs that change syscalls.

Reviewed by:	rwatson
Approved by:	re (bz)
2011-09-16 13:58:51 +00:00
Robert Watson
a9d2f8d84f Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
Matthew D Fleming
5bc0787f29 Specify a CTLTYPE_FOO so that a future sysctl(8) change does not need
to rely on the format string.
2011-01-18 21:14:23 +00:00
Matthew D Fleming
6dc7dc9a3e sysctl(9) cleanup checkpoint: amd64 GENERIC builds cleanly.
Commit the rest of the devices.
2011-01-12 19:53:56 +00:00
Dag-Erling Smørgrav
2cd149f045 Remove the freelist, which simply duplicates some of the zone allocator's
functionality.

Submitted by:	Daniel Braniss <danny@cs.huji.ac.il>
MFC after:	3 weeks
2010-09-02 14:13:43 +00:00
John Baldwin
9f6eb14c88 Do not use %z to print a time_t. Fixes build on architectures where time_t
and size_t are different types.
2010-08-11 16:56:38 +00:00
Dag-Erling Smørgrav
c201d4532c - Add full support for header / data digests.
- Increase target limit from 4 to 64; this limit will be removed entirely
  at a later time.
- Improve recovery from lost network connections.
- Fix some potential deadlocks and a serious memory leak.
- Fix incorrect use of MH_ALIGN (instead of M_ALIGN), which makes no
  practical difference, but triggers a KASSERT with INVARIANTS.
- Fix some warnings in iscontrol(8) and improve the man page somewhat.

Submitted by:	Daniel Braniss <danny@cs.huji.ac.il>
Sponsored by:	Dansk Scanning A/S, Data Robotics Inc.
2010-08-09 12:36:36 +00:00
Martin Blapp
c2ede4b379 Remove extraneous semicolons, no functional changes.
Submitted by:	Marc Balmer <marc@msys.ch>
MFC after:	1 week
2010-01-07 21:01:37 +00:00
Alexander Motin
33ea30fed7 Fix iSCSI initiator and vpo driver operation, broken by CAM changes.
Reviewed by:	scottl, Danny Braniss
Approved by:	re (rwatson)
2009-08-18 08:46:54 +00:00
Konstantin Belousov
9f80ce043d Change the type of uio_resid member of struct uio from int to ssize_t.
Note that this does not actually enable full-range i/o requests for
64 architectures, and is done now to update KBI only.

Tested by:	pho
Reviewed by:	jhb, bde (as part of the review of the bigger patch)
2009-06-25 18:46:30 +00:00
Randall Stewart
eef9e53e55 This commit fixes the issue with alias_sctp.c. No
longer do we require SCTP to be in the kernel for the
lib to be able to handle SCTP. We do this by moving
the CRC32c checksum into libkern/crc32.c and then adjusting
all routines to use the common methods. Note that this
will improve the performance of iSCSI since they were
using the old single 256 bit table lookup versus the
slicing 8 algorithm (which gives a 4x speed up in
CRC32c calculation :-D)

Reviewed by:rwatson, gnn, scottl, paolo
MFC after:	4 week? (assuming we MFC the alias_sctp changes)
2009-02-14 11:34:57 +00:00
Scott Long
3f3137fee5 Big update to the iSCSI initiator code. Highlights include IPv6 support,
many bugs fixes, many more performance improvements.

Submitted by:	Danny Braniss

M    sbin/iscontrol/iscsi.conf.5
M    sbin/iscontrol/iscontrol.8
M    sbin/iscontrol/iscontrol.h
M    sbin/iscontrol/config.c
M    sbin/iscontrol/fsm.c
M    sbin/iscontrol/login.c
M    sbin/iscontrol/pdu.c
M    sbin/iscontrol/misc.c
M    sbin/iscontrol/auth_subr.c
M    sbin/iscontrol/iscontrol.c
M    sys/dev/iscsi/initiator/isc_cam.c
M    sys/dev/iscsi/initiator/iscsi.h
M    sys/dev/iscsi/initiator/isc_soc.c
M    sys/dev/iscsi/initiator/iscsi_subr.c
M    sys/dev/iscsi/initiator/iscsivar.h
M    sys/dev/iscsi/initiator/isc_subr.c
M    sys/dev/iscsi/initiator/iscsi.c
M    sys/dev/iscsi/initiator/isc_sm.c
2008-11-25 07:17:11 +00:00
Ed Schouten
6bfa9a2d66 Replace all calls to minor() with dev2unit().
After I removed all the unit2minor()/minor2unit() calls from the kernel
yesterday, I realised calling minor() everywhere is quite confusing.
Character devices now only have the ability to store a unit number, not
a minor number. Remove the confusion by using dev2unit() everywhere.

This commit could also be considered as a bug fix. A lot of drivers call
minor(), while they should actually be calling dev2unit(). In -CURRENT
this isn't a problem, but it turns out we never had any problem reports
related to that issue in the past. I suspect not many people connect
more than 256 pieces of the same hardware.

Reviewed by:	kib
2008-09-27 08:51:18 +00:00
Antoine Brodin
f578431cc4 Record the dependency of the iscsi initiator on cam.
PR:		116745
Submitted by:	OISHI Masakuni
Approved by:	rwatson (mentor)
MFC after:	1 month
2008-04-20 15:56:59 +00:00
Ruslan Ermilov
ea26d58729 Replaced the misleading uses of a historical artefact M_TRYWAIT with M_WAIT.
Removed dead code that assumed that M_TRYWAIT can return NULL; it's not true
since the advent of MBUMA.

Reviewed by:	arch

There are ongoing disputes as to whether we want to switch to directly using
UMA flags M_WAITOK/M_NOWAIT for mbuf(9) allocation.
2008-03-25 09:39:02 +00:00
Poul-Henning Kamp
cf827063a9 Give MEXTADD() another argument to make both void pointers to the
free function controlable, instead of passing the KVA of the buffer
storage as the first argument.

Fix all conventional users of the API to pass the KVA of the buffer
as the first argument, to make this a no-op commit.

Likely break the only non-convetional user of the API, after informing
the relevant committer.

Update the mbuf(9) manual page, which was already out of sync on
this point.

Bump __FreeBSD_version to 800016 as there is no way to tell how
many arguments a CPP macro needs any other way.

This paves the way for giving sendfile(9) a way to wait for the
passed storage to have been accessed before returning.

This does not affect the memory layout or size of mbufs.

Parental oversight by:	sam and rwatson.

No MFC is anticipated.
2008-02-01 19:36:27 +00:00
Julian Elischer
3745c395ec Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0  so that we can eventually MFC the
new kthread_xxx() calls.
2007-10-20 23:23:23 +00:00
Scott Long
c5933b2086 Introduce Danny Braniss' iSCSI initiator, version 2.0.99. Please read the
included man pages on how to use it.  This code is still somewhat experimental
but has been successfully tested on a number of targets.  Many thanks to
Danny for contributing this.

Approved by: re
2007-07-24 15:35:02 +00:00