Commit Graph

915 Commits

Author SHA1 Message Date
John Baldwin
bd78cece5d Change the kernel's ucred API as follows:
- crhold() returns a reference to the ucred whose refcount it bumps.
- crcopy() now simply copies the credentials from one credential to
  another and has no return value.
- a new crshared() primitive is added which returns true if a ucred's
  refcount is > 1 and false (0) otherwise.
2001-10-11 23:38:17 +00:00
John Baldwin
7106ca0d1a Add missing includes of sys/lock.h. 2001-10-11 17:52:20 +00:00
Dag-Erling Smørgrav
3da3249106 Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested.  Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.

This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().

It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
Dag-Erling Smørgrav
080cf92b85 Remove some useless preprocesor paranoia. 2001-10-07 19:41:19 +00:00
Dag-Erling Smørgrav
8d5f9fac24 In procfs_readdir(), when the directory being read was a process directory,
the target process was being held locked during the uiomove() call.  If the
process calling readdir() was the same as the target process (for instance
'ls /proc/curproc/'), and uiomove() caused a page fault, the result would
be a proc lock recursion.  I have no idea how long this has been broken -
possibly ever since pfind() was changed to lock the process it returns.

Also replace the one and only call to procfs_findtextvp() with a direct
test of td->td_proc->p_textvp.
2001-10-07 19:37:13 +00:00
Dag-Erling Smørgrav
b84ce33438 Add a PFS_DISABLED flag; pfs_visible() automatically returns 0 if it is set
on the node in question.  Also add two API functions for setting and clearing
this flag; setting it also reclaims all vnodes associated with the node.
2001-10-02 22:22:42 +00:00
Dag-Erling Smørgrav
b7004390b3 Only print "XXX (un)registered" message if bootverbose. 2001-10-02 22:21:07 +00:00
Dag-Erling Smørgrav
24efa9d3fa [the previous commit to pseudofs_vncache.c got the wrong log message]
YA pseudofs megacommit, part 2:

 - Merge the pfs_vnode and pfs_vdata structures, and make the vnode cache
   a doubly-linked list.  This eliminates the need to walk the list in
   pfs_vncache_free().

 - Add an exit callout which revokes vnodes associated with the process
   that just exited.  Since it needs to lock the cache when it does this,
   pfs_vncache_mutex needs MTX_RECURSE.
2001-10-01 04:26:33 +00:00
Dag-Erling Smørgrav
198bc14b1d YA pseudofs megacommit, part 1:
- Add a third callback to the pfs_node structure.  This one simply returns
   non-zero if the specified requesting process is allowed to access the
   specified node for the specified target process.  This is used in
   addition to the usual permission checks, e.g. when certain files don't
   make sense for certain (system) processes.

 - Make sure that pfs_lookup() and pfs_readdir() don't yap about files
   which aren't pfs_visible().  Also check pfs_visible() before performing
   reads and writes, to prevent the kind of races reported in SA-00:77 and
   SA-01:55 (fork a child, open /proc/child/ctl, have that child fork a
   setuid binary, and assume control of it).

 - Add some more trace points.
2001-10-01 04:22:20 +00:00
Dag-Erling Smørgrav
7d8f809f00 pseudofs.h:
- Rearrange the flag constants a little to simplify specifying and testing
    for readability and writeability.

pseudofs_vnops.c:

  - Track the aforementioned change.

  - Add checks to pfs_open() to prevent opening read-only files for writing
    or vice versa (pfs_{read,write} would block the actual reads and writes,
    but it's still a bug to allow the open() to succeed).  Also, return
    EOPNOTSUPP if the caller attempts to lock the file.

  - Add more trace points.
2001-09-30 19:41:29 +00:00
Poul-Henning Kamp
40739c02ae The behaviour of whiteout'ing symlinks were too confusing, instead
remove them when asked to.
2001-09-30 08:43:33 +00:00
Dag-Erling Smørgrav
80a3cef87d Pseudofs take 2:
- Remove hardcoded uid, gid, mode from struct pfs_node; make pfs_getattr()
   smart enough to get it right most of the time, and allow for callbacks
   to handle the remaining cases.  Rework the definition macros to match.

 - Add lots of (conditional) debugging output.

 - Fix a long-standing bug inherited from procfs: don't pretend to be a
   read-only file system.  Instead, return EOPNOTSUPP for operations we
   truly can't support and allow others to fail silently.  In particular,
   pfs_lookup() now treats CREATE as LOOKUP.  This may need more work.

 - In pfs_lookup(), if the parent node is process-dependent, check that
   the process in question still exists.

 - Implement pfs_open() - its only current function is to check that the
   process opening the file can see the process it belongs to.

 - Finish adding support for writeable nodes.

 - Bump module version number.

 - Introduce lots of new bugs.
2001-09-29 00:49:29 +00:00
Dag-Erling Smørgrav
b4056ade84 The previous commit introduced some references to "curproc" which should have
been references to "curthread".  Correct this.
2001-09-28 12:36:54 +00:00
Robert Watson
f86cf763ef o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:18:26 +00:00
Bill Fenner
bd5b9e17b0 Fix (typo? pasteo?): panic("ffs_mountroot..." -> panic("ntfs_mountroot...") 2001-09-26 00:36:33 +00:00
Dag-Erling Smørgrav
8712e867e1 Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit.  This goes some way towards adding support for
writeable files (needed by procfs).
2001-09-25 13:25:30 +00:00
Mike Barcroft
3273a63ed9 A process name may contain whitespace and unprintable characters,
so convert those characters to octal notation.  Also convert
backslashes to octal notation to avoid confusion.

Reviewed by:	des
MFC after:	1 week
2001-09-25 04:42:40 +00:00
John Baldwin
bce94723a4 Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:26:51 +00:00
Robert Watson
3f9e888ebe o Remove redundant securelevel/pid1 check in procfs_rw() -- this
protection is enforced at the invidual method layer using
  p_candebug().

Obtained from:	TrustedBSD Project
2001-09-18 19:53:10 +00:00
Julian Elischer
7405406837 fix typo
pointed out by: jhb
2001-09-13 21:59:40 +00:00
John Baldwin
f1cbf4f92c Restore these files to being portable:
- Use some simple #define's at the top of the files for proc -> thread
  changes instead of having lots of needless #ifdef's in the code.
- Don't try to use struct thread in !FreeBSD code.
- Don't use a few struct lwp's in some of the NetBSD code since it isn't
  in their HEAD.
The new diff relative to before KSE is now signficantly smaller and easier
to maintain.
2001-09-12 23:39:36 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Kris Kennaway
bf61e26696 Fix some signed/unsigned integer confusion, and add bounds checking of
arguments to some functions.

Obtained from:	NetBSD
Reviewed by:	peter
MFC after:	2 weeks
2001-09-10 11:28:07 +00:00
Semen Ustimenko
cc6b9b02be Stole unicode translation table from mount_msdos. Add kernel code
to support this translation.

MFC after:	2 weeks
2001-09-08 23:03:52 +00:00
Semen Ustimenko
0895d6c389 Fix opening particular file's attributes (as described in man page).
This is useful for debug purposes.

MFC after:	2 weeks
2001-09-08 22:59:12 +00:00
Semen Ustimenko
ebcc9d9c8c Reference devvp on ntnode creation and dereference on removal. Previous
code  lead to page faults becouse i_devvp went zero after VOP_RECLAIM, but
ntnode was reused (not reclaimed).

MFC after:	2 weeks
2001-09-08 22:57:03 +00:00
Semen Ustimenko
831aac011e Fix errors and warnings when compiling with NTFS_DEBUG > 1
MFC after:	2 weeks
2001-09-08 22:53:27 +00:00
Andrey A. Chernov
159247784c smbfs_advlock: simplify overflow checks (copy from kern_lockf.c)
minor formatting issues to minimize differences
2001-08-29 18:59:04 +00:00
Andrey A. Chernov
fcbe9614ef Cosmetique & style fixes from bde 2001-08-26 10:28:58 +00:00
Andrey A. Chernov
5215e1ea12 Copy from kern_lockf.c: remove extra check 2001-08-24 10:22:16 +00:00
Andrey A. Chernov
2a31175b6e Copy yet one check for SEEK_END overflow 2001-08-23 17:12:42 +00:00
Andrey A. Chernov
ea4313e351 Copy my newly introduced l_len<0 'oops' fix from kern_lockf.c 2001-08-23 16:06:14 +00:00
Andrey A. Chernov
e3e2c03de3 Copy POSIX l_len<0 handling from kern_lockf.c 2001-08-23 15:44:24 +00:00
Andrey A. Chernov
bbf6984cec Cosmetique: correct English in comments
non-cosmetique: add missing break; - original code was broken here
2001-08-23 14:45:31 +00:00
Andrey A. Chernov
fb2f187058 Move <machine/*> after <sys/*>
Pointed by:	bde
2001-08-23 13:27:58 +00:00
Andrey A. Chernov
4779017439 adv. lock:
copy EOVERFLOW handling code from main variant
fix type of 'size' arg
2001-08-23 08:54:22 +00:00
Boris Popov
798bb23e93 Use proper endian conversion.
Obtained from:	Mac OS X
MFC after:		1 week
2001-08-21 08:27:47 +00:00
Boris Popov
3419dc99dd Return proper length of _PC_NAME_MAX value if long names support is enabled.
Obtained from:	Mac OS X
MFC after:	1 week
2001-08-21 08:25:09 +00:00
Poul-Henning Kamp
12d1aec26f linux ls fails on DEVFS /dev because linux_getdents fails because
linux_getdents uses VOP_READDIR( ..., &ncookies, &cookies ) instead of
     VOP_READDIR( ..., NULL, NULL ) because it seems to need the offsets for
     linux_dirent and sizeof(dirent) != sizeof(linux_dirent)...

PR:	29467
Submitted by:	Michael Reifenberger <root@nihil.plaut.de>
Reviewed by:	phk
2001-08-14 06:42:32 +00:00
Robert Watson
7d69e57088 Remove dangling prototype for the now defunct procfs_kmemaccess()
call.

Obtained from:	TrustedBSD Project
2001-08-03 17:51:05 +00:00
Robert Watson
436b89d434 Collapse a Pmem case in with the other debugging files case for procfs,
as there are now "unusual" protection properties to Pmem that differ
from the other files.  While I'm at it, introduce proc locking for
the other files, which was previously present only in the Pmem case.

Obtained from:	TrustedBSD Project
2001-08-03 17:20:34 +00:00
Robert Watson
57de737e82 Remove read permission for group on the /proc/*/mem file, since kmem
no longer requires access.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:15:40 +00:00
Robert Watson
f2e6be5865 Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group.  With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.

This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:13:23 +00:00
Assar Westerlund
ac01ecd9fb remove support for creating files and directories from msdosfs_mknod 2001-07-19 19:15:42 +00:00
John Baldwin
7063595315 Grab the process lock around psignal().
Noticed by:	tanimura
2001-07-18 19:17:36 +00:00
Robert Watson
a0f75161f9 o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx().
The p_can(...) construct was a premature (and, it turns out,
  awkward) abstraction.  The individual calls to p_canxxx() better
  reflect differences between the inter-process authorization checks,
  such as differing checks based on the type of signal.  This has
  a side effect of improving code readability.
o Replace direct credential authorization checks in ktrace() with
  invocation of p_candebug(), while maintaining the special case
  check of KTR_ROOT.  This allows ktrace() to "play more nicely"
  with new mandatory access control schemes, as well as making its
  authorization checks consistent with other "debugging class"
  checks.
o Eliminate "privused" construct for p_can*() calls which allowed the
  caller to determine if privilege was required for successful
  evaluation of the access control check.  This primitive is currently
  unused, and as such, serves only to complicate the API.

Approved by:	({procfs,linprocfs} changes) des
Obtained from:	TrustedBSD Project
2001-07-05 17:10:46 +00:00
John Baldwin
4a370459cc - Update the vmmeter statistics for vnode pageins and pageouts in
getpages/putpages.
- Use vm_page_undirty() instead of messing with pages' dirty fields
  directly.
2001-07-04 19:55:01 +00:00
Matthew Dillon
0cddd8f023 With Alfred's permission, remove vm_mtx in favor of a fine-grained approach
(this commit is just the first stage).  Also add various GIANT_ macros to
formalize the removal of Giant, making it easy to test in a more piecemeal
fashion. These macros will allow us to test fine-grained locks to a degree
before removing Giant, and also after, and to remove Giant in a piecemeal
fashion via sysctl's on those subsystems which the authors believe can
operate without Giant.
2001-07-04 16:20:28 +00:00
John Baldwin
797c3dba25 Fix a mntvnode and vnode interlock reversal. 2001-06-28 03:52:04 +00:00
John Baldwin
805d90f763 Protect the mnt_vnode list with the mntvnode lock. 2001-06-28 03:50:17 +00:00