Commit Graph

3006 Commits

Author SHA1 Message Date
Brian Feldman
42ebfbf227 Modify ktrace's general I/O tracing, ktrgenio(), to use a struct uio *
instead of a struct iovec * array and int len.  Get rid of stupidly trying
to allocate all of the memory and copyin()ing the entire iovec[], and
instead just do the proper VOP_WRITE() in ktrwrite() using a copy of
the struct uio that the syscall originally used.

This solves the DoS which could easily be performed; to work around the
DoS, one could also remove "options KTRACE" from the kernel.  This is
a very strong MFC candidate for 4.1.

Found by:	art@OpenBSD.org
2000-07-02 08:08:09 +00:00
Brian S. Dean
c6d3f3bfc1 Fix my own style bugs (use of spaces instead of tabs for indentation).
This is a style-only change.
2000-07-01 02:40:13 +00:00
Archie Cobbs
6c66bbed1a Move the securelevel check before loading KLD's into linker_load_file(),
instead of requiring every caller of linker_load_file() to perform the
check itself. This avoids netgraph loading KLD's when securelevel > 0,
not to mention any future code that may call linker_load_file().

Reviewed by:	dfr
2000-06-29 17:57:04 +00:00
Boris Popov
5badeabaca Move #ifdef to the right place. 2000-06-29 09:26:26 +00:00
Boris Popov
99063cf89e If kernel compiled with INVARIANTS:
On unload, remove references from freelist to memory type defined by module.
Print a warning if module defines and allocate its own memory type, but
didn't free it all on unload.

Reviewed by:	peter
2000-06-29 03:41:30 +00:00
Chris Costello
0e8363eca9 Report a file type (S_IFIFO) in kqueue_stat(). 2000-06-28 19:16:27 +00:00
Alfred Perlstein
1a61fa5e0d don't panic the system when fpathconv is called on an unsupported filetype. 2000-06-27 23:08:36 +00:00
Alfred Perlstein
35b1da8080 remove crufty exec stuff, perl is in the base system
make it work with warnings on (there was some harmless use of uninitialized
variables)
make it work with 'use strict'

Approved by: peter
2000-06-27 19:09:55 +00:00
Poul-Henning Kamp
a8b1f9d2c9 Move prtactive to vfs from ufs. It is used all over the place. 2000-06-27 07:46:22 +00:00
Neil Blakey-Milner
47fdd692c6 Add sysctl descriptions to a few sysctls. Simply "documentation".
PR:		kern/8015
Submitted by:	Stefan Eggers <seggers@semyam.dinoco.de>
2000-06-26 13:52:31 +00:00
Peter Wemm
ce365ee318 Some changes and fixes from Bruce:
Use strtoul(), not strtol() in the hints decoder so that
    'flags 0xa0ffa0ff' is not truncated to 0x7fffffff.
  Use a stack buffer instead of a static 100 byte bss buffer.
  Use \0 for the NUL character.
  Remove some ``excessive'' parens.
2000-06-26 09:53:37 +00:00
Jonathan Lemon
cb5ad9d362 Fix stupid braino in last commit, initialize `vp' before we test vp->v_tag.
Spotted by: dillon
2000-06-25 18:10:45 +00:00
Mark Murray
b6e67f5c7d Remove no-longer-relevant comment. 2000-06-25 10:14:06 +00:00
Mark Murray
4eeb4f04c3 Forgot this earlier; delete the old /dev/random driver, bring in the
header for the new.
Reviewed by:	dfr
2000-06-25 09:35:40 +00:00
Dima Ruban
1a432a2f54 Fix typo (inT -> int) 2000-06-23 07:10:34 +00:00
Alfred Perlstein
c636255150 fix races in the uidinfo subsystem, several problems existed:
1) while allocating a uidinfo struct malloc is called with M_WAITOK,
   it's possible that while asleep another process by the same user
   could have woken up earlier and inserted an entry into the uid
   hash table.  Having redundant entries causes inconsistancies that
   we can't handle.

   fix: do a non-waiting malloc, and if that fails then do a blocking
   malloc, after waking up check that no one else has inserted an entry
   for us already.

2) Because many checks for sbsize were done as "test then set" in a non
   atomic manner it was possible to exceed the limits put up via races.

   fix: instead of querying the count then setting, we just attempt to
   set the count and leave it up to the function to return success or
   failure.

3) The uidinfo code was inlining and repeating, lookups and insertions
   and deletions needed to be in their own functions for clarity.

Reviewed by: green
2000-06-22 22:27:16 +00:00
Jonathan Lemon
c8bea19ee3 Add a hack to fail registration of kq events on a non-ufs filesystem, as
support for those is non-existent at the moment.
2000-06-22 18:41:07 +00:00
Jonathan Lemon
d2693dbbc4 Add code so that the udata field is preserved across a TRACK event.
When re-adding an event, do not reset the event state.  If the event was
pending, it will remain pending.  This allows the user to change the udata
field after the event was registered, while not losing any events which
have already occurred.

Reported by:   jmg
2000-06-22 18:39:31 +00:00
Neil Blakey-Milner
445572c1ed Add 'kern.disks', a sysctl which returns the list of disks from
disk_enumerate(), space delimited.  This allows non-root users to get a
list of disks and will simplify libdisk's Disk_Names().

Reviewed by:	phk
2000-06-22 11:44:43 +00:00
Alfred Perlstein
a79b71281c return of the accept filter part II
accept filters are now loadable as well as able to be compiled into
the kernel.

two accept filters are provided, one that returns sockets when data
arrives the other when an http request is completed (doesn't work
with 0.9 requests)

Reviewed by: jmg
2000-06-20 01:09:23 +00:00
Alfred Perlstein
a72fda7154 backout accept optimizations.
Requested by: jmg, dcs, jdp, nate
2000-06-18 08:49:13 +00:00
Poul-Henning Kamp
7c50d77218 Revert part of my bioops change which implemented panic(8). 2000-06-16 14:32:13 +00:00
Poul-Henning Kamp
a2e7a027a7 Virtualizes & untangles the bioops operations vector.
Ref: Message-ID: <18317.961014572@critter.freebsd.dk> To: current@
2000-06-16 08:48:51 +00:00
Robert Watson
625cc84808 Second of two commits adding capability manipulation syscalls for
processes.

Obtained from:	TrustedBSD Project
2000-06-15 23:27:18 +00:00
Robert Watson
b09b66abf6 Introduce syscalls for process capability manipulation. Currently backs
onto already committed stubs.  Commit one of two.

Reviewed by:	Damned if I can remember.  Many people.
Obtained from:	TrustedBSD Project
2000-06-15 23:08:17 +00:00
Poul-Henning Kamp
4bd02a5609 Add disk_enumerate() for finding names of disks. Vinum and libh will
need this RSN.

Remove a pointless warning in the root device locating code.

Remove the "wd" compatibility name from the "ad" driver.

WARNING: If you have not updated to use /dev/wd* in your /etc/fstab
and modern bootblocks, it would be a very good idea to do so BEFORE
you upgrade your kernel.
2000-06-15 20:30:53 +00:00
Alfred Perlstein
8f4e4aa5f1 add socketoptions DELAYACCEPT and HTTPACCEPT which will not allow an accept()
until the incoming connection has either data waiting or what looks like a
HTTP request header already in the socketbuffer.  This ought to reduce
the context switch time and overhead for processing requests.

The initial idea and code for HTTPACCEPT came from Yahoo engineers and has
been cleaned up and a more lightweight DELAYACCEPT for non-http servers
has been added

Reviewed by: silence on hackers.
2000-06-15 18:18:43 +00:00
Peter Wemm
7d02379e48 As a bit of a gross hack, allow earlier access to both the static and
dynamic hints.  This allows the resource_XXX_value() calls to work
before malloc() has started.  This gets the serial console working as well
as a few other things.
2000-06-15 09:57:20 +00:00
Peter Wemm
690f8fc4c3 Fix a stray debug output. change if (1 || bootverbose) to if (bootverbose) 2000-06-15 04:12:17 +00:00
Bruce Evans
8e8cac5555 sys/malloc.h:
Order the SYSINIT() for MALLOC_DEFINE() correctly so that malloc()
doesn't have to waste time initializing itself.  The
(SI_SUB_KMEM, SI_ORDER_ANY) order was shared with syscons' SYSINIT()
for scmeminit(), and scmeminit() calls malloc(), so malloc()
initialization was not always complete on the first call to malloc().

kern/kern_malloc.c:
- Removed self-initialization in malloc().
- Removed half-baked sanity check in free().  Trust MALLOC_DEFINE().
2000-06-14 18:31:42 +00:00
Peter Wemm
f71c01cc52 Borrow phk's axe and apply the next stage of config(8)'s evolution.
Use Warner Losh's "hint" driver to decode ascii strings to fill the
resource table at boot time.

config(8) no longer generates an ioconf.c table - ie: the configuration
no longer has to be compiled into the kernel.  You can reconfigure your
isa devices with the likes of this at loader(8) time:
  set hint.ed.0.port=0x320

userconfig will be rewritten to use this style interface one day and will
move to /boot/userconfig.4th or something like that.

It is still possible to statically compile in a set of hints into a kernel
if you do not wish to use loader(8).  See the "hints" directive in GENERIC
as an example.

All device wiring has been moved out of config(8).  There is a set of
helper scripts (see i386/conf/gethints.pl, and the same for alpha and pc98)
that extract the 'at isa? port foo irq bar' from the old files and produces
a hints file.  If you install this file as /boot/device.hints (and update
/boot/defaults/loader.conf - You can do a build/install in sys/boot) then
loader will load it automatically for you.  You can also compile in the
hints directly with:  hints "device.hints"  as well.

There are a few things that I'm not too happy with yet.  Under this scheme,
things like LINT would no longer be useful as "documentation" of settings.
I have renamed this file to 'NOTES' and stored the example hints strings
in it.  However... this is not something that config(8) understands, so
there is a script that extracts the build-specific data from the
documentation file (NOTES) to produce a LINT that can be config'ed and
built.  A stack of man4 pages will need updating. :-/

Also, since there is no longer a difference between 'device' and
'pseudo-device' I collapsed the two together, and the resulting 'device'
takes a 'number of units' for devices that still have it statically
allocated.  eg:  'device fe 4' will compile the fe driver with NFE set
to 4.  You can then set hints for 4 units (0 - 3).  Also note that
'device fe0' will be interpreted as "zero units of 'fe'" which would be
bad, so there is a config warning for this.  This is only needed for
old drivers that still have static limits on numbers of units.
All the statically limited drivers that I could find were marked.

Please exercise EXTREME CAUTION when transitioning!

Moral support by: phk, msmith, dfr, asmodai, imp, and others
2000-06-13 22:28:50 +00:00
Jeroen Ruigrok van der Werven
3b43fd626a Fix panic by moving the prp == 0 check up the order of sanity checks.
Submitted by:	Bart Thate <freebsd@1st.dudi.org> on -current
Approved by:	rwatson
2000-06-13 15:44:04 +00:00
Alfred Perlstein
8757e5bbc5 unstatic getfp() so that other subsystems can use it.
make sendfile() use it.

Approved by: dg
2000-06-12 18:06:12 +00:00
Bruce Evans
0477138dad Fixed allocation of unit numbers. Allocate the amount of space actually
required (rounded up a little) instead of twice the previous amount (or
a fixed amount for the first allocation).

The bug caused memory corruption when a new unit number for a devclass
was more than about twice the previous maximum one (or more than 3 for
the first one), so it corrupted memory (which happened to be the atkbdc
port resource list) in the reporter's configuration with sio unit
numbers { 0, 25, 1, 2, ... }.

Reviewed by:	dfr
Reported by:	Leonid Lukiyanets <stalwar78@hotmail.com>
2000-06-11 07:19:20 +00:00
Poul-Henning Kamp
c27f4d3c50 fix a typo 2000-06-10 19:21:20 +00:00
Peter Wemm
53cc6add2a Unused include: #include "pty.h" 2000-06-10 07:12:40 +00:00
Jonathan Lemon
d36cb22369 malloc(..., M_WAITOK) will not return NULL, so remove the error
handling for this case (which was slightly broken anyway)

Fix up some whitespace problems while I'm here too.

Submitted by:  alfred   (in a slightly different form)
2000-06-10 01:51:18 +00:00
Robert Watson
e812e4917d Dammit.
Trimmed an extra sysctl when I moved kern.suser_permitted from kern_mib.c
to kern_prot.c.  This commit should restore it, as well as fix the
resulting build problems.

Submitted by:	asmodai
2000-06-07 18:54:41 +00:00
Robert Watson
a996141f6e Introduce additional POSIX.1e-related stubs
o options CAPABILITIES
o kern/kern_cap.c -- syscall stubs returning ENOSYS

syscalls.master changes to follow

Obtained from:	TrustedBSD Project
2000-06-07 04:53:49 +00:00
Robert Watson
579f4eb4cd o bde suggested moving the SYSCTL from kern_mib to the more appropriate
kern_prot, which cleans up some namespace issues
o Don't need a special handler to limit un-setting, as suser is used to
  protect suser_permitted, making it one-way by definition.

Suggested by:	bde
2000-06-05 18:30:55 +00:00
Robert Watson
0309554711 o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx()
returning anything but EPERM.
o suser is enabled by default; once disabled, cannot be reenabled
o To be used in alternative security models where uid0 does not connote
  additional privileges
o Should be noted that uid0 still has some additional powers as it
  owns many important files and executables, so suffers from the same
  fundamental security flaws as securelevels.  This is fixed with
  MAC integrity protection code (in progress)
o Not safe for consumption unless you are *really* sure you don't want
  things like shutdown to work, et al :-)

Obtained from:	TrustedBSD Project
2000-06-05 14:53:55 +00:00
Robert Watson
7cadc2663e o Modify jail to limit creation of sockets to UNIX domain sockets,
TCP/IP (v4) sockets, and routing sockets.  Previously, interaction
  with IPv6 was not well-defined, and might be inappropriate for some
  environments.  Similarly, sysctl MIB entries providing interface
  information also give out only addresses from those protocol domains.

  For the time being, this functionality is enabled by default, and
  toggleable using the sysctl variable jail.socket_unixiproute_only.
  In the future, protocol domains will be able to determine whether or
  not they are ``jail aware''.

o Further limitations on process use of getpriority() and setpriority()
  by jailed processes.  Addresses problem described in kern/17878.

Reviewed by:	phk, jmg
2000-06-04 04:28:31 +00:00
Bruce Evans
f47f0edde4 Use "nm | awk ..." instead of genassym(1) to generate symbol value headers.
Symbol values are now represented using array sizes (4 arrays per symbol
so that 16-bit machines can represent 64-bit values) instead of being raw
binary values.

Reviewed by:	marcel
2000-06-02 09:27:48 +00:00
Mike Smith
c3c50c4e3a Further fixes for multiple-IO-APIC systems from Tor Egge:
Further experimentation showed that some Dell 2450 machines with the
prevention kludge installed still got T_RESERVED traps.  CPU interrupt
vector 0x7A was observed to be triggered.  This might have been the
bitwise OR of two different vectors sent from each of the IOAPICs at
the same time.

	IOAPIC #0: 0x68 --> irq 8: RTC timer interrupt
	IOAPIC #1: 0x32 --> irq 18: scsi host adapter or network interface
		   ----
		   0x7a --> T_RESERVED

Both IOAPICs had ID 0.

Appendix B.3 in the MP spec indicates that the operating system is
responsible for assigning unique IDs to the IOAPICs.

The enclosed patch programs the IOAPIC IDs according to the IOAPIC
entries in the MP table.

Submitted by:	tegge
2000-05-31 21:37:28 +00:00
Matthew Dillon
8b03c8ed5e This is a cleanup patch to Peter's new OBJT_PHYS VM object type
and sysv shared memory support for it.  It implements a new
    PG_UNMANAGED flag that has slightly different characteristics
    from PG_FICTICIOUS.

    A new sysctl, kern.ipc.shm_use_phys has been added to enable the
    use of physically-backed sysv shared memory rather then swap-backed.
    Physically backed shm segments are not tracked with PV entries,
    allowing programs which use a large shm segment as a rendezvous
    point to operate without eating an insane amount of KVM in the
    PV entry management.  Read: Oracle.

    Peter's OBJT_PHYS object will also allow us to eventually implement
    page-table sharing and/or 4MB physical page support for such segments.
    We're half way there.
2000-05-29 22:40:54 +00:00
Doug Rabson
ca2e05343b Add taskqueue system for easy-to-use SWIs among other things.
Reviewed by: arch
2000-05-28 15:45:30 +00:00
Søren Schmidt
d5f65fcbd7 If devclass_alloc_unit() is called with a wired unit #, and this is
buzy, only search upwards for a free slot to use..

This broke unit numbering on ATA systems where PCI attached controllers
come before the mainboard ones...

Reviewed by: dfr
2000-05-26 13:59:05 +00:00
Jake Burkholder
e39756439c Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by:		msmith and others
2000-05-26 02:09:24 +00:00
Jake Burkholder
740a1973a6 Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
2000-05-23 20:41:01 +00:00
Mike Smith
b38f58db69 Make a trip to Pointy-Hats-R-Us and actually include the header that
defines ROOTDEVNAME.

Submitted by:	"Jeffrey S. Sharp" <jss@subatomix.com>
2000-05-22 17:25:47 +00:00